2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2004 The FreeBSD Foundation
5 * Copyright (c) 2004-2006 Robert N. M. Watson
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
35 * Comments on the socket life cycle:
37 * soalloc() sets of socket layer state for a socket, called only by
38 * socreate() and sonewconn(). Socket layer private.
40 * sdealloc() tears down socket layer state for a socket, called only by
41 * sofree() and sonewconn(). Socket layer private.
43 * pru_attach() associates protocol layer state with an allocated socket;
44 * called only once, may fail, aborting socket allocation. This is called
45 * from socreate() and sonewconn(). Socket layer private.
47 * pru_detach() disassociates protocol layer state from an attached socket,
48 * and will be called exactly once for sockets in which pru_attach() has
49 * been successfully called. If pru_attach() returned an error,
50 * pru_detach() will not be called. Socket layer private.
52 * socreate() creates a socket and attaches protocol state. This is a public
53 * interface that may be used by socket layer consumers to create new
56 * sonewconn() creates a socket and attaches protocol state. This is a
57 * public interface that may be used by protocols to create new sockets when
58 * a new connection is received and will be available for accept() on a
61 * soclose() destroys a socket after possibly waiting for it to disconnect.
62 * This is a public interface that socket consumers should use to close and
63 * release a socket when done with it.
65 * soabort() destroys a socket without waiting for it to disconnect (used
66 * only for incoming connections that are already partially or fully
67 * connected). This is used internally by the socket layer when clearing
68 * listen socket queues (due to overflow or close on the listen socket), but
69 * is also a public interface protocols may use to abort connections in
70 * their incomplete listen queues should they no longer be required. Sockets
71 * placed in completed connection listen queues should not be aborted.
73 * sofree() will free a socket and its protocol state if all references on
74 * the socket have been released, and is the public interface to attempt to
75 * free a socket when a reference is removed. This is a socket layer private
78 * NOTE: In addition to socreate() and soclose(), which provide a single
79 * socket reference to the consumer to be managed as required, there are two
80 * calls to explicitly manage socket references, soref(), and sorele().
81 * Currently, these are generally required only when transitioning a socket
82 * from a listen queue to a file descriptor, in order to prevent garbage
83 * collection of the socket at an untimely moment. For a number of reasons,
84 * these interfaces are not preferred, and should be avoided.
86 * XXXRW: The behavior of sockets after soclose() but before the last
87 * sorele() is poorly defined. We can probably entirely eliminate them with
88 * a little work, since consumers are managing references anyway.
91 #include <sys/cdefs.h>
92 __FBSDID("$FreeBSD$");
97 #include "opt_compat.h"
99 #include <sys/param.h>
100 #include <sys/systm.h>
101 #include <sys/fcntl.h>
102 #include <sys/limits.h>
103 #include <sys/lock.h>
105 #include <sys/malloc.h>
106 #include <sys/mbuf.h>
107 #include <sys/mutex.h>
108 #include <sys/domain.h>
109 #include <sys/file.h> /* for struct knote */
110 #include <sys/kernel.h>
111 #include <sys/event.h>
112 #include <sys/eventhandler.h>
113 #include <sys/poll.h>
114 #include <sys/proc.h>
115 #include <sys/protosw.h>
116 #include <sys/socket.h>
117 #include <sys/socketvar.h>
118 #include <sys/resourcevar.h>
119 #include <sys/signalvar.h>
120 #include <sys/sysctl.h>
122 #include <sys/jail.h>
127 #include <sys/mount.h>
128 #include <compat/freebsd32/freebsd32.h>
130 extern struct sysentvec ia32_freebsd_sysvec;
133 static int soreceive_rcvoob(struct socket *so, struct uio *uio,
136 static void filt_sordetach(struct knote *kn);
137 static int filt_soread(struct knote *kn, long hint);
138 static void filt_sowdetach(struct knote *kn);
139 static int filt_sowrite(struct knote *kn, long hint);
140 static int filt_solisten(struct knote *kn, long hint);
142 static struct filterops solisten_filtops =
143 { 1, NULL, filt_sordetach, filt_solisten };
144 static struct filterops soread_filtops =
145 { 1, NULL, filt_sordetach, filt_soread };
146 static struct filterops sowrite_filtops =
147 { 1, NULL, filt_sowdetach, filt_sowrite };
149 uma_zone_t socket_zone;
150 so_gen_t so_gencnt; /* generation count for sockets */
154 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
155 MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
157 static int somaxconn = SOMAXCONN;
158 static int somaxconn_sysctl(SYSCTL_HANDLER_ARGS);
159 /* XXX: we dont have SYSCTL_USHORT */
160 SYSCTL_PROC(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLTYPE_UINT | CTLFLAG_RW,
161 0, sizeof(int), somaxconn_sysctl, "I", "Maximum pending socket connection "
163 static int numopensockets;
164 SYSCTL_INT(_kern_ipc, OID_AUTO, numopensockets, CTLFLAG_RD,
165 &numopensockets, 0, "Number of open sockets");
166 #ifdef ZERO_COPY_SOCKETS
167 /* These aren't static because they're used in other files. */
168 int so_zero_copy_send = 1;
169 int so_zero_copy_receive = 1;
170 SYSCTL_NODE(_kern_ipc, OID_AUTO, zero_copy, CTLFLAG_RD, 0,
171 "Zero copy controls");
172 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, receive, CTLFLAG_RW,
173 &so_zero_copy_receive, 0, "Enable zero copy receive");
174 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, send, CTLFLAG_RW,
175 &so_zero_copy_send, 0, "Enable zero copy send");
176 #endif /* ZERO_COPY_SOCKETS */
179 * accept_mtx locks down per-socket fields relating to accept queues. See
180 * socketvar.h for an annotation of the protected fields of struct socket.
182 struct mtx accept_mtx;
183 MTX_SYSINIT(accept_mtx, &accept_mtx, "accept", MTX_DEF);
186 * so_global_mtx protects so_gencnt, numopensockets, and the per-socket
189 static struct mtx so_global_mtx;
190 MTX_SYSINIT(so_global_mtx, &so_global_mtx, "so_glabel", MTX_DEF);
192 SYSCTL_NODE(_kern, KERN_IPC, ipc, CTLFLAG_RW, 0, "IPC");
195 sysctl_maxsockets(SYSCTL_HANDLER_ARGS)
197 int error, newmaxsockets;
199 newmaxsockets = maxsockets;
200 error = sysctl_handle_int(oidp, &newmaxsockets, sizeof(int), req);
201 if (error == 0 && req->newptr) {
202 if (newmaxsockets > maxsockets) {
203 maxsockets = newmaxsockets;
204 if (maxsockets > ((maxfiles / 4) * 3)) {
205 maxfiles = (maxsockets * 5) / 4;
206 maxfilesperproc = (maxfiles * 9) / 10;
208 EVENTHANDLER_INVOKE(maxsockets_change);
215 SYSCTL_PROC(_kern_ipc, OID_AUTO, maxsockets, CTLTYPE_INT|CTLFLAG_RW,
216 &maxsockets, 0, sysctl_maxsockets, "IU",
217 "Maximum number of sockets avaliable");
220 * Initialise maxsockets
222 static void init_maxsockets(void *ignored)
224 TUNABLE_INT_FETCH("kern.ipc.maxsockets", &maxsockets);
225 maxsockets = imax(maxsockets, imax(maxfiles, nmbclusters));
227 SYSINIT(param, SI_SUB_TUNABLES, SI_ORDER_ANY, init_maxsockets, NULL);
230 * Socket operation routines.
231 * These routines are called by the routines in
232 * sys_socket.c or from a system process, and
233 * implement the semantics of socket operations by
234 * switching out to the protocol specific routines.
238 * Get a socket structure from our zone, and initialize it.
239 * Note that it would probably be better to allocate socket
240 * and PCB at the same time, but I'm not convinced that all
241 * the protocols can be easily modified to do this.
243 * soalloc() returns a socket with a ref count of 0.
245 static struct socket *
250 so = uma_zalloc(socket_zone, mflags | M_ZERO);
254 if (mac_init_socket(so, mflags) != 0) {
255 uma_zfree(socket_zone, so);
259 SOCKBUF_LOCK_INIT(&so->so_snd, "so_snd");
260 SOCKBUF_LOCK_INIT(&so->so_rcv, "so_rcv");
261 TAILQ_INIT(&so->so_aiojobq);
262 mtx_lock(&so_global_mtx);
263 so->so_gencnt = ++so_gencnt;
265 mtx_unlock(&so_global_mtx);
270 sodealloc(struct socket *so)
273 KASSERT(so->so_count == 0, ("sodealloc(): so_count %d", so->so_count));
274 KASSERT(so->so_pcb == NULL, ("sodealloc(): so_pcb != NULL"));
276 mtx_lock(&so_global_mtx);
277 so->so_gencnt = ++so_gencnt;
278 mtx_unlock(&so_global_mtx);
279 if (so->so_rcv.sb_hiwat)
280 (void)chgsbsize(so->so_cred->cr_uidinfo,
281 &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
282 if (so->so_snd.sb_hiwat)
283 (void)chgsbsize(so->so_cred->cr_uidinfo,
284 &so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
286 /* remove acccept filter if one is present. */
287 if (so->so_accf != NULL)
288 do_setopt_accept_filter(so, NULL);
291 mac_destroy_socket(so);
294 SOCKBUF_LOCK_DESTROY(&so->so_snd);
295 SOCKBUF_LOCK_DESTROY(&so->so_rcv);
296 uma_zfree(socket_zone, so);
297 mtx_lock(&so_global_mtx);
299 mtx_unlock(&so_global_mtx);
303 * socreate returns a socket with a ref count of 1. The socket should be
304 * closed with soclose().
307 socreate(dom, aso, type, proto, cred, td)
320 prp = pffindproto(dom, proto, type);
322 prp = pffindtype(dom, type);
324 if (prp == NULL || prp->pr_usrreqs->pru_attach == NULL ||
325 prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
326 return (EPROTONOSUPPORT);
328 if (jailed(cred) && jail_socket_unixiproute_only &&
329 prp->pr_domain->dom_family != PF_LOCAL &&
330 prp->pr_domain->dom_family != PF_INET &&
331 prp->pr_domain->dom_family != PF_ROUTE) {
332 return (EPROTONOSUPPORT);
335 if (prp->pr_type != type)
337 so = soalloc(M_WAITOK);
341 TAILQ_INIT(&so->so_incomp);
342 TAILQ_INIT(&so->so_comp);
344 so->so_cred = crhold(cred);
347 mac_create_socket(cred, so);
349 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
351 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
354 error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);
364 static int regression_sonewconn_earlytest = 1;
365 SYSCTL_INT(_regression, OID_AUTO, sonewconn_earlytest, CTLFLAG_RW,
366 ®ression_sonewconn_earlytest, 0, "Perform early sonewconn limit test");
370 * When an attempt at a new connection is noted on a socket
371 * which accepts connections, sonewconn is called. If the
372 * connection is possible (subject to space constraints, etc.)
373 * then we allocate a new structure, propoerly linked into the
374 * data structure of the original socket, and return this.
375 * Connstatus may be 0, or SO_ISCONFIRMING, or SO_ISCONNECTED.
377 * note: the ref count on the socket is 0 on return
380 sonewconn(head, connstatus)
381 register struct socket *head;
384 register struct socket *so;
388 over = (head->so_qlen > 3 * head->so_qlimit / 2);
391 if (regression_sonewconn_earlytest && over)
396 so = soalloc(M_NOWAIT);
399 if ((head->so_options & SO_ACCEPTFILTER) != 0)
402 so->so_type = head->so_type;
403 so->so_options = head->so_options &~ SO_ACCEPTCONN;
404 so->so_linger = head->so_linger;
405 so->so_state = head->so_state | SS_NOFDREF;
406 so->so_proto = head->so_proto;
407 so->so_timeo = head->so_timeo;
408 so->so_cred = crhold(head->so_cred);
411 mac_create_socket_from_socket(head, so);
414 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
416 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
418 if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) ||
419 (*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
423 so->so_state |= connstatus;
426 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
427 so->so_qstate |= SQ_COMP;
431 * Keep removing sockets from the head until there's room for
432 * us to insert on the tail. In pre-locking revisions, this
433 * was a simple if(), but as we could be racing with other
434 * threads and soabort() requires dropping locks, we must
435 * loop waiting for the condition to be true.
437 while (head->so_incqlen > head->so_qlimit) {
439 sp = TAILQ_FIRST(&head->so_incomp);
440 TAILQ_REMOVE(&head->so_incomp, sp, so_list);
442 sp->so_qstate &= ~SQ_INCOMP;
448 TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
449 so->so_qstate |= SQ_INCOMP;
455 wakeup_one(&head->so_timeo);
463 struct sockaddr *nam;
467 return ((*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td));
471 * solisten() transitions a socket from a non-listening state to a listening
472 * state, but can also be used to update the listen queue depth on an
473 * existing listen socket. The protocol will call back into the sockets
474 * layer using solisten_proto_check() and solisten_proto() to check and set
475 * socket-layer listen state. Call backs are used so that the protocol can
476 * acquire both protocol and socket layer locks in whatever order is required
479 * Protocol implementors are advised to hold the socket lock across the
480 * socket-layer test and set to avoid races at the socket layer.
483 solisten(so, backlog, td)
489 return ((*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td));
493 solisten_proto_check(so)
497 SOCK_LOCK_ASSERT(so);
499 if (so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
506 solisten_proto(so, backlog)
511 SOCK_LOCK_ASSERT(so);
513 if (backlog < 0 || backlog > somaxconn)
515 so->so_qlimit = backlog;
516 so->so_options |= SO_ACCEPTCONN;
520 * Attempt to free a socket. This should really be sotryfree().
522 * sofree() will succeed if:
524 * - There are no outstanding file descriptor references or related consumers
527 * - The socket has been closed by user space, if ever open (SS_NOFDREF).
529 * - The protocol does not have an outstanding strong reference on the socket
532 * - The socket is not in a completed connection queue, so a process has been
533 * notified that it is present. If it is removed, the user process may
534 * block in accept() despite select() saying the socket was ready.
536 * Otherwise, it will quietly abort so that a future call to sofree(), when
537 * conditions are right, can succeed.
545 ACCEPT_LOCK_ASSERT();
546 SOCK_LOCK_ASSERT(so);
548 if ((so->so_state & SS_NOFDREF) == 0 || so->so_count != 0 ||
549 (so->so_state & SS_PROTOREF) || (so->so_qstate & SQ_COMP)) {
557 KASSERT((so->so_qstate & SQ_COMP) != 0 ||
558 (so->so_qstate & SQ_INCOMP) != 0,
559 ("sofree: so_head != NULL, but neither SQ_COMP nor "
561 KASSERT((so->so_qstate & SQ_COMP) == 0 ||
562 (so->so_qstate & SQ_INCOMP) == 0,
563 ("sofree: so->so_qstate is SQ_COMP and also SQ_INCOMP"));
564 TAILQ_REMOVE(&head->so_incomp, so, so_list);
566 so->so_qstate &= ~SQ_INCOMP;
569 KASSERT((so->so_qstate & SQ_COMP) == 0 &&
570 (so->so_qstate & SQ_INCOMP) == 0,
571 ("sofree: so_head == NULL, but still SQ_COMP(%d) or SQ_INCOMP(%d)",
572 so->so_qstate & SQ_COMP, so->so_qstate & SQ_INCOMP));
576 SOCKBUF_LOCK(&so->so_snd);
577 so->so_snd.sb_flags |= SB_NOINTR;
578 (void)sblock(&so->so_snd, M_WAITOK);
580 * socantsendmore_locked() drops the socket buffer mutex so that it
581 * can safely perform wakeups. Re-acquire the mutex before
584 socantsendmore_locked(so);
585 SOCKBUF_LOCK(&so->so_snd);
586 sbunlock(&so->so_snd);
587 sbrelease_locked(&so->so_snd, so);
588 SOCKBUF_UNLOCK(&so->so_snd);
590 knlist_destroy(&so->so_rcv.sb_sel.si_note);
591 knlist_destroy(&so->so_snd.sb_sel.si_note);
596 * Close a socket on last file table reference removal.
597 * Initiate disconnect if connected.
598 * Free socket when disconnect complete.
600 * This function will sorele() the socket. Note that soclose() may be
601 * called prior to the ref count reaching zero. The actual socket
602 * structure will not be freed until the ref count reaches zero.
610 KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
612 funsetown(&so->so_sigio);
613 if (so->so_options & SO_ACCEPTCONN) {
616 while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) {
617 TAILQ_REMOVE(&so->so_incomp, sp, so_list);
619 sp->so_qstate &= ~SQ_INCOMP;
625 while ((sp = TAILQ_FIRST(&so->so_comp)) != NULL) {
626 TAILQ_REMOVE(&so->so_comp, sp, so_list);
628 sp->so_qstate &= ~SQ_COMP;
636 if (so->so_state & SS_ISCONNECTED) {
637 if ((so->so_state & SS_ISDISCONNECTING) == 0) {
638 error = sodisconnect(so);
642 if (so->so_options & SO_LINGER) {
643 if ((so->so_state & SS_ISDISCONNECTING) &&
644 (so->so_state & SS_NBIO))
646 while (so->so_state & SS_ISCONNECTED) {
647 error = tsleep(&so->so_timeo,
648 PSOCK | PCATCH, "soclos", so->so_linger * hz);
656 (*so->so_proto->pr_usrreqs->pru_detach)(so);
659 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
660 so->so_state |= SS_NOFDREF;
666 * soabort() allows the socket code or protocol code to detach a socket that
667 * has been in an incomplete or completed listen queue, but has not yet been
670 * This interface is tricky, because it is called on an unreferenced socket,
671 * and must be called only by a thread that has actually removed the socket
672 * from the listen queue it was on, or races with other threads are risked.
674 * This interface will call into the protocol code, so must not be called
675 * with any socket locks held. Protocols do call it while holding their own
676 * recursible protocol mutexes, but this is something that should be subject
677 * to review in the future.
679 * XXXRW: Why do we maintain a distinction between pru_abort() and
688 * In as much as is possible, assert that no references to this
689 * socket are held. This is not quite the same as asserting that the
690 * current thread is responsible for arranging for no references, but
691 * is as close as we can get for now.
693 KASSERT(so->so_count == 0, ("soabort: so_count"));
694 KASSERT((so->so_state & SS_PROTOREF) == 0, ("soabort: SS_PROTOREF"));
695 KASSERT(so->so_state & SS_NOFDREF, ("soabort: !SS_NOFDREF"));
696 KASSERT((so->so_state & SQ_COMP) == 0, ("soabort: SQ_COMP"));
697 KASSERT((so->so_state & SQ_INCOMP) == 0, ("soabort: SQ_INCOMP"));
699 (*so->so_proto->pr_usrreqs->pru_abort)(so);
708 struct sockaddr **nam;
713 KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
714 so->so_state &= ~SS_NOFDREF;
716 error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam);
721 soconnect(so, nam, td)
723 struct sockaddr *nam;
728 if (so->so_options & SO_ACCEPTCONN)
731 * If protocol is connection-based, can only connect once.
732 * Otherwise, if connected, try to disconnect first.
733 * This allows user to disconnect by connecting to, e.g.,
736 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) &&
737 ((so->so_proto->pr_flags & PR_CONNREQUIRED) ||
738 (error = sodisconnect(so)))) {
742 * Prevent accumulated error from previous connection
746 error = (*so->so_proto->pr_usrreqs->pru_connect)(so, nam, td);
758 return ((*so1->so_proto->pr_usrreqs->pru_connect2)(so1, so2));
767 if ((so->so_state & SS_ISCONNECTED) == 0)
769 if (so->so_state & SS_ISDISCONNECTING)
771 error = (*so->so_proto->pr_usrreqs->pru_disconnect)(so);
775 #ifdef ZERO_COPY_SOCKETS
776 struct so_zerocopy_stats{
781 struct so_zerocopy_stats so_zerocp_stats = {0,0,0};
782 #include <netinet/in.h>
783 #include <net/route.h>
784 #include <netinet/in_pcb.h>
786 #include <vm/vm_page.h>
787 #include <vm/vm_object.h>
788 #endif /*ZERO_COPY_SOCKETS*/
791 * sosend_copyin() accepts a uio and prepares an mbuf chain holding part or
792 * all of the data referenced by the uio. If desired, it uses zero-copy.
793 * *space will be updated to reflect data copied in.
795 * NB: If atomic I/O is requested, the caller must already have checked that
796 * space can hold resid bytes.
798 * NB: In the event of an error, the caller may need to free the partial
799 * chain pointed to by *mpp. The contents of both *uio and *space may be
800 * modified even in the case of an error.
803 sosend_copyin(struct uio *uio, struct mbuf **retmp, int atomic, long *space,
806 struct mbuf *m, **mp, *top;
809 #ifdef ZERO_COPY_SOCKETS
816 resid = uio->uio_resid;
819 #ifdef ZERO_COPY_SOCKETS
821 #endif /* ZERO_COPY_SOCKETS */
822 if (resid >= MINCLSIZE) {
823 #ifdef ZERO_COPY_SOCKETS
825 MGETHDR(m, M_TRYWAIT, MT_DATA);
831 m->m_pkthdr.rcvif = NULL;
833 MGET(m, M_TRYWAIT, MT_DATA);
839 if (so_zero_copy_send &&
842 uio->uio_iov->iov_len>=PAGE_SIZE) {
843 so_zerocp_stats.size_ok++;
844 so_zerocp_stats.align_ok++;
845 cow_send = socow_setup(m, uio);
849 MCLGET(m, M_TRYWAIT);
850 if ((m->m_flags & M_EXT) == 0) {
854 len = min(min(MCLBYTES, resid),
858 #else /* ZERO_COPY_SOCKETS */
860 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
862 m->m_pkthdr.rcvif = NULL;
864 m = m_getcl(M_TRYWAIT, MT_DATA, 0);
865 len = min(min(MCLBYTES, resid), *space);
866 #endif /* ZERO_COPY_SOCKETS */
869 m = m_gethdr(M_TRYWAIT, MT_DATA);
871 m->m_pkthdr.rcvif = NULL;
873 len = min(min(MHLEN, resid), *space);
875 * For datagram protocols, leave room
876 * for protocol headers in first mbuf.
878 if (atomic && m && len < MHLEN)
881 m = m_get(M_TRYWAIT, MT_DATA);
882 len = min(min(MLEN, resid), *space);
891 #ifdef ZERO_COPY_SOCKETS
895 #endif /* ZERO_COPY_SOCKETS */
896 error = uiomove(mtod(m, void *), (int)len, uio);
897 resid = uio->uio_resid;
900 top->m_pkthdr.len += len;
906 top->m_flags |= M_EOR;
909 } while (*space > 0 && atomic);
915 #define SBLOCKWAIT(f) (((f) & MSG_DONTWAIT) ? M_NOWAIT : M_WAITOK)
918 sosend_dgram(so, addr, uio, top, control, flags, td)
920 struct sockaddr *addr;
923 struct mbuf *control;
928 int clen = 0, error, dontroute;
929 int atomic = sosendallatonce(so) || top;
931 KASSERT(so->so_type == SOCK_DGRAM, ("sodgram_send: !SOCK_DGRAM"));
932 KASSERT(so->so_proto->pr_flags & PR_ATOMIC,
933 ("sodgram_send: !PR_ATOMIC"));
936 resid = uio->uio_resid;
938 resid = top->m_pkthdr.len;
940 * In theory resid should be unsigned.
941 * However, space must be signed, as it might be less than 0
942 * if we over-committed, and we must use a signed comparison
943 * of space and resid. On the other hand, a negative resid
944 * causes us to loop sending 0-length segments to the protocol.
946 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
947 * type sockets since that's an error.
955 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0;
957 td->td_proc->p_stats->p_ru.ru_msgsnd++;
959 clen = control->m_len;
961 SOCKBUF_LOCK(&so->so_snd);
962 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
963 SOCKBUF_UNLOCK(&so->so_snd);
968 error = so->so_error;
970 SOCKBUF_UNLOCK(&so->so_snd);
973 if ((so->so_state & SS_ISCONNECTED) == 0) {
975 * `sendto' and `sendmsg' is allowed on a connection-
976 * based socket if it supports implied connect.
977 * Return ENOTCONN if not connected and no address is
980 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
981 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
982 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
983 !(resid == 0 && clen != 0)) {
984 SOCKBUF_UNLOCK(&so->so_snd);
988 } else if (addr == NULL) {
989 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
992 error = EDESTADDRREQ;
993 SOCKBUF_UNLOCK(&so->so_snd);
999 * Do we need MSG_OOB support in SOCK_DGRAM? Signs here may be a
1000 * problem and need fixing.
1002 space = sbspace(&so->so_snd);
1003 if (flags & MSG_OOB)
1006 if (resid > space) {
1010 SOCKBUF_UNLOCK(&so->so_snd);
1013 if (flags & MSG_EOR)
1014 top->m_flags |= M_EOR;
1016 error = sosend_copyin(uio, &top, atomic, &space, flags);
1019 resid = uio->uio_resid;
1021 KASSERT(resid == 0, ("sosend_dgram: resid != 0"));
1023 * XXXRW: Frobbing SO_DONTROUTE here is even worse without sblock
1028 so->so_options |= SO_DONTROUTE;
1032 * XXX all the SBS_CANTSENDMORE checks previously
1033 * done could be out of date. We could have recieved
1034 * a reset packet in an interrupt or maybe we slept
1035 * while doing page faults in uiomove() etc. We could
1036 * probably recheck again inside the locking protection
1037 * here, but there are probably other places that this
1038 * also happens. We must rethink this.
1040 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1041 (flags & MSG_OOB) ? PRUS_OOB :
1043 * If the user set MSG_EOF, the protocol
1044 * understands this flag and nothing left to
1045 * send then use PRU_SEND_EOF instead of PRU_SEND.
1047 ((flags & MSG_EOF) &&
1048 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1051 /* If there is more to send set PRUS_MORETOCOME */
1052 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1053 top, addr, control, td);
1056 so->so_options &= ~SO_DONTROUTE;
1065 if (control != NULL)
1072 * If send must go all at once and message is larger than
1073 * send buffering, then hard error.
1074 * Lock against other senders.
1075 * If must go all at once and not enough room now, then
1076 * inform user that this would block and do nothing.
1077 * Otherwise, if nonblocking, send as much as possible.
1078 * The data to be sent is described by "uio" if nonzero,
1079 * otherwise by the mbuf chain "top" (which must be null
1080 * if uio is not). Data provided in mbuf chain must be small
1081 * enough to send all at once.
1083 * Returns nonzero on error, timeout or signal; callers
1084 * must check for short counts if EINTR/ERESTART are returned.
1085 * Data and control buffers are freed on return.
1087 #define snderr(errno) { error = (errno); goto release; }
1089 sosend(so, addr, uio, top, control, flags, td)
1091 struct sockaddr *addr;
1094 struct mbuf *control;
1099 int clen = 0, error, dontroute;
1100 int atomic = sosendallatonce(so) || top;
1103 resid = uio->uio_resid;
1105 resid = top->m_pkthdr.len;
1107 * In theory resid should be unsigned.
1108 * However, space must be signed, as it might be less than 0
1109 * if we over-committed, and we must use a signed comparison
1110 * of space and resid. On the other hand, a negative resid
1111 * causes us to loop sending 0-length segments to the protocol.
1113 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
1114 * type sockets since that's an error.
1116 if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) {
1122 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 &&
1123 (so->so_proto->pr_flags & PR_ATOMIC);
1125 td->td_proc->p_stats->p_ru.ru_msgsnd++;
1126 if (control != NULL)
1127 clen = control->m_len;
1129 SOCKBUF_LOCK(&so->so_snd);
1131 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1132 error = sblock(&so->so_snd, SBLOCKWAIT(flags));
1136 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1137 if (so->so_snd.sb_state & SBS_CANTSENDMORE)
1140 error = so->so_error;
1144 if ((so->so_state & SS_ISCONNECTED) == 0) {
1146 * `sendto' and `sendmsg' is allowed on a connection-
1147 * based socket if it supports implied connect.
1148 * Return ENOTCONN if not connected and no address is
1151 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1152 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1153 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1154 !(resid == 0 && clen != 0))
1156 } else if (addr == NULL)
1157 snderr(so->so_proto->pr_flags & PR_CONNREQUIRED ?
1158 ENOTCONN : EDESTADDRREQ);
1160 space = sbspace(&so->so_snd);
1161 if (flags & MSG_OOB)
1163 if ((atomic && resid > so->so_snd.sb_hiwat) ||
1164 clen > so->so_snd.sb_hiwat)
1166 if (space < resid + clen &&
1167 (atomic || space < so->so_snd.sb_lowat || space < clen)) {
1168 if ((so->so_state & SS_NBIO) || (flags & MSG_NBIO))
1169 snderr(EWOULDBLOCK);
1170 sbunlock(&so->so_snd);
1171 error = sbwait(&so->so_snd);
1176 SOCKBUF_UNLOCK(&so->so_snd);
1181 if (flags & MSG_EOR)
1182 top->m_flags |= M_EOR;
1184 error = sosend_copyin(uio, &top, atomic,
1187 SOCKBUF_LOCK(&so->so_snd);
1190 resid = uio->uio_resid;
1194 so->so_options |= SO_DONTROUTE;
1198 * XXX all the SBS_CANTSENDMORE checks previously
1199 * done could be out of date. We could have recieved
1200 * a reset packet in an interrupt or maybe we slept
1201 * while doing page faults in uiomove() etc. We could
1202 * probably recheck again inside the locking protection
1203 * here, but there are probably other places that this
1204 * also happens. We must rethink this.
1206 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1207 (flags & MSG_OOB) ? PRUS_OOB :
1209 * If the user set MSG_EOF, the protocol
1210 * understands this flag and nothing left to
1211 * send then use PRU_SEND_EOF instead of PRU_SEND.
1213 ((flags & MSG_EOF) &&
1214 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1217 /* If there is more to send set PRUS_MORETOCOME */
1218 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1219 top, addr, control, td);
1222 so->so_options &= ~SO_DONTROUTE;
1229 SOCKBUF_LOCK(&so->so_snd);
1232 } while (resid && space > 0);
1233 SOCKBUF_LOCK(&so->so_snd);
1237 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1238 sbunlock(&so->so_snd);
1240 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1241 SOCKBUF_UNLOCK(&so->so_snd);
1245 if (control != NULL)
1252 * The part of soreceive() that implements reading non-inline out-of-band
1253 * data from a socket. For more complete comments, see soreceive(), from
1254 * which this code originated.
1256 * Note that soreceive_rcvoob(), unlike the remainder of soreceive(), is
1257 * unable to return an mbuf chain to the caller.
1260 soreceive_rcvoob(so, uio, flags)
1265 struct protosw *pr = so->so_proto;
1269 KASSERT(flags & MSG_OOB, ("soreceive_rcvoob: (flags & MSG_OOB) == 0"));
1271 m = m_get(M_TRYWAIT, MT_DATA);
1274 error = (*pr->pr_usrreqs->pru_rcvoob)(so, m, flags & MSG_PEEK);
1278 #ifdef ZERO_COPY_SOCKETS
1279 if (so_zero_copy_receive) {
1282 if ((m->m_flags & M_EXT)
1283 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1288 error = uiomoveco(mtod(m, void *),
1289 min(uio->uio_resid, m->m_len),
1292 #endif /* ZERO_COPY_SOCKETS */
1293 error = uiomove(mtod(m, void *),
1294 (int) min(uio->uio_resid, m->m_len), uio);
1296 } while (uio->uio_resid && error == 0 && m);
1304 * Following replacement or removal of the first mbuf on the first mbuf chain
1305 * of a socket buffer, push necessary state changes back into the socket
1306 * buffer so that other consumers see the values consistently. 'nextrecord'
1307 * is the callers locally stored value of the original value of
1308 * sb->sb_mb->m_nextpkt which must be restored when the lead mbuf changes.
1309 * NOTE: 'nextrecord' may be NULL.
1311 static __inline void
1312 sockbuf_pushsync(struct sockbuf *sb, struct mbuf *nextrecord)
1315 SOCKBUF_LOCK_ASSERT(sb);
1317 * First, update for the new value of nextrecord. If necessary, make
1318 * it the first record.
1320 if (sb->sb_mb != NULL)
1321 sb->sb_mb->m_nextpkt = nextrecord;
1323 sb->sb_mb = nextrecord;
1326 * Now update any dependent socket buffer fields to reflect the new
1327 * state. This is an expanded inline of SB_EMPTY_FIXUP(), with the
1328 * addition of a second clause that takes care of the case where
1329 * sb_mb has been updated, but remains the last record.
1331 if (sb->sb_mb == NULL) {
1332 sb->sb_mbtail = NULL;
1333 sb->sb_lastrecord = NULL;
1334 } else if (sb->sb_mb->m_nextpkt == NULL)
1335 sb->sb_lastrecord = sb->sb_mb;
1340 * Implement receive operations on a socket.
1341 * We depend on the way that records are added to the sockbuf
1342 * by sbappend*. In particular, each record (mbufs linked through m_next)
1343 * must begin with an address if the protocol so specifies,
1344 * followed by an optional mbuf or mbufs containing ancillary data,
1345 * and then zero or more mbufs of data.
1346 * In order to avoid blocking network interrupts for the entire time here,
1347 * we splx() while doing the actual copy to user space.
1348 * Although the sockbuf is locked, new data may still be appended,
1349 * and thus we must maintain consistency of the sockbuf during that time.
1351 * The caller may receive the data as a single mbuf chain by supplying
1352 * an mbuf **mp0 for use in returning the chain. The uio is then used
1353 * only for the count in uio_resid.
1356 soreceive(so, psa, uio, mp0, controlp, flagsp)
1358 struct sockaddr **psa;
1361 struct mbuf **controlp;
1364 struct mbuf *m, **mp;
1365 int flags, len, error, offset;
1366 struct protosw *pr = so->so_proto;
1367 struct mbuf *nextrecord;
1369 int orig_resid = uio->uio_resid;
1374 if (controlp != NULL)
1377 flags = *flagsp &~ MSG_EOR;
1380 if (flags & MSG_OOB)
1381 return (soreceive_rcvoob(so, uio, flags));
1384 if ((pr->pr_flags & PR_WANTRCVD) && (so->so_state & SS_ISCONFIRMING)
1386 (*pr->pr_usrreqs->pru_rcvd)(so, 0);
1388 SOCKBUF_LOCK(&so->so_rcv);
1390 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1391 error = sblock(&so->so_rcv, SBLOCKWAIT(flags));
1395 m = so->so_rcv.sb_mb;
1397 * If we have less data than requested, block awaiting more
1398 * (subject to any timeout) if:
1399 * 1. the current count is less than the low water mark, or
1400 * 2. MSG_WAITALL is set, and it is possible to do the entire
1401 * receive operation at once if we block (resid <= hiwat).
1402 * 3. MSG_DONTWAIT is not set
1403 * If MSG_WAITALL is set but resid is larger than the receive buffer,
1404 * we have to do the receive in sections, and thus risk returning
1405 * a short count if a timeout or signal occurs after we start.
1407 if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
1408 so->so_rcv.sb_cc < uio->uio_resid) &&
1409 (so->so_rcv.sb_cc < so->so_rcv.sb_lowat ||
1410 ((flags & MSG_WAITALL) && uio->uio_resid <= so->so_rcv.sb_hiwat)) &&
1411 m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
1412 KASSERT(m != NULL || !so->so_rcv.sb_cc,
1413 ("receive: m == %p so->so_rcv.sb_cc == %u",
1414 m, so->so_rcv.sb_cc));
1418 error = so->so_error;
1419 if ((flags & MSG_PEEK) == 0)
1423 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1424 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1430 for (; m != NULL; m = m->m_next)
1431 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
1432 m = so->so_rcv.sb_mb;
1435 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
1436 (so->so_proto->pr_flags & PR_CONNREQUIRED)) {
1440 if (uio->uio_resid == 0)
1442 if ((so->so_state & SS_NBIO) ||
1443 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
1444 error = EWOULDBLOCK;
1447 SBLASTRECORDCHK(&so->so_rcv);
1448 SBLASTMBUFCHK(&so->so_rcv);
1449 sbunlock(&so->so_rcv);
1450 error = sbwait(&so->so_rcv);
1457 * From this point onward, we maintain 'nextrecord' as a cache of the
1458 * pointer to the next record in the socket buffer. We must keep the
1459 * various socket buffer pointers and local stack versions of the
1460 * pointers in sync, pushing out modifications before dropping the
1461 * socket buffer mutex, and re-reading them when picking it up.
1463 * Otherwise, we will race with the network stack appending new data
1464 * or records onto the socket buffer by using inconsistent/stale
1465 * versions of the field, possibly resulting in socket buffer
1468 * By holding the high-level sblock(), we prevent simultaneous
1469 * readers from pulling off the front of the socket buffer.
1471 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1473 uio->uio_td->td_proc->p_stats->p_ru.ru_msgrcv++;
1474 KASSERT(m == so->so_rcv.sb_mb, ("soreceive: m != so->so_rcv.sb_mb"));
1475 SBLASTRECORDCHK(&so->so_rcv);
1476 SBLASTMBUFCHK(&so->so_rcv);
1477 nextrecord = m->m_nextpkt;
1478 if (pr->pr_flags & PR_ADDR) {
1479 KASSERT(m->m_type == MT_SONAME,
1480 ("m->m_type == %d", m->m_type));
1483 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
1485 if (flags & MSG_PEEK) {
1488 sbfree(&so->so_rcv, m);
1489 so->so_rcv.sb_mb = m_free(m);
1490 m = so->so_rcv.sb_mb;
1491 sockbuf_pushsync(&so->so_rcv, nextrecord);
1496 * Process one or more MT_CONTROL mbufs present before any data mbufs
1497 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we
1498 * just copy the data; if !MSG_PEEK, we call into the protocol to
1499 * perform externalization (or freeing if controlp == NULL).
1501 if (m != NULL && m->m_type == MT_CONTROL) {
1502 struct mbuf *cm = NULL, *cmn;
1503 struct mbuf **cme = &cm;
1506 if (flags & MSG_PEEK) {
1507 if (controlp != NULL) {
1508 *controlp = m_copy(m, 0, m->m_len);
1509 controlp = &(*controlp)->m_next;
1513 sbfree(&so->so_rcv, m);
1514 so->so_rcv.sb_mb = m->m_next;
1517 cme = &(*cme)->m_next;
1518 m = so->so_rcv.sb_mb;
1520 } while (m != NULL && m->m_type == MT_CONTROL);
1521 if ((flags & MSG_PEEK) == 0)
1522 sockbuf_pushsync(&so->so_rcv, nextrecord);
1523 while (cm != NULL) {
1526 if (pr->pr_domain->dom_externalize != NULL) {
1527 SOCKBUF_UNLOCK(&so->so_rcv);
1528 error = (*pr->pr_domain->dom_externalize)
1530 SOCKBUF_LOCK(&so->so_rcv);
1531 } else if (controlp != NULL)
1535 if (controlp != NULL) {
1537 while (*controlp != NULL)
1538 controlp = &(*controlp)->m_next;
1542 if (so->so_rcv.sb_mb)
1543 nextrecord = so->so_rcv.sb_mb->m_nextpkt;
1549 if ((flags & MSG_PEEK) == 0) {
1550 KASSERT(m->m_nextpkt == nextrecord,
1551 ("soreceive: post-control, nextrecord !sync"));
1552 if (nextrecord == NULL) {
1553 KASSERT(so->so_rcv.sb_mb == m,
1554 ("soreceive: post-control, sb_mb!=m"));
1555 KASSERT(so->so_rcv.sb_lastrecord == m,
1556 ("soreceive: post-control, lastrecord!=m"));
1560 if (type == MT_OOBDATA)
1563 if ((flags & MSG_PEEK) == 0) {
1564 KASSERT(so->so_rcv.sb_mb == nextrecord,
1565 ("soreceive: sb_mb != nextrecord"));
1566 if (so->so_rcv.sb_mb == NULL) {
1567 KASSERT(so->so_rcv.sb_lastrecord == NULL,
1568 ("soreceive: sb_lastercord != NULL"));
1572 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1573 SBLASTRECORDCHK(&so->so_rcv);
1574 SBLASTMBUFCHK(&so->so_rcv);
1577 * Now continue to read any data mbufs off of the head of the socket
1578 * buffer until the read request is satisfied. Note that 'type' is
1579 * used to store the type of any mbuf reads that have happened so far
1580 * such that soreceive() can stop reading if the type changes, which
1581 * causes soreceive() to return only one of regular data and inline
1582 * out-of-band data in a single socket receive operation.
1586 while (m != NULL && uio->uio_resid > 0 && error == 0) {
1588 * If the type of mbuf has changed since the last mbuf
1589 * examined ('type'), end the receive operation.
1591 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1592 if (m->m_type == MT_OOBDATA) {
1593 if (type != MT_OOBDATA)
1595 } else if (type == MT_OOBDATA)
1598 KASSERT(m->m_type == MT_DATA,
1599 ("m->m_type == %d", m->m_type));
1600 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
1601 len = uio->uio_resid;
1602 if (so->so_oobmark && len > so->so_oobmark - offset)
1603 len = so->so_oobmark - offset;
1604 if (len > m->m_len - moff)
1605 len = m->m_len - moff;
1607 * If mp is set, just pass back the mbufs.
1608 * Otherwise copy them out via the uio, then free.
1609 * Sockbuf must be consistent here (points to current mbuf,
1610 * it points to next record) when we drop priority;
1611 * we must note any additions to the sockbuf when we
1612 * block interrupts again.
1615 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1616 SBLASTRECORDCHK(&so->so_rcv);
1617 SBLASTMBUFCHK(&so->so_rcv);
1618 SOCKBUF_UNLOCK(&so->so_rcv);
1619 #ifdef ZERO_COPY_SOCKETS
1620 if (so_zero_copy_receive) {
1623 if ((m->m_flags & M_EXT)
1624 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1629 error = uiomoveco(mtod(m, char *) + moff,
1633 #endif /* ZERO_COPY_SOCKETS */
1634 error = uiomove(mtod(m, char *) + moff, (int)len, uio);
1635 SOCKBUF_LOCK(&so->so_rcv);
1639 uio->uio_resid -= len;
1640 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1641 if (len == m->m_len - moff) {
1642 if (m->m_flags & M_EOR)
1644 if (flags & MSG_PEEK) {
1648 nextrecord = m->m_nextpkt;
1649 sbfree(&so->so_rcv, m);
1653 so->so_rcv.sb_mb = m = m->m_next;
1656 so->so_rcv.sb_mb = m_free(m);
1657 m = so->so_rcv.sb_mb;
1659 sockbuf_pushsync(&so->so_rcv, nextrecord);
1660 SBLASTRECORDCHK(&so->so_rcv);
1661 SBLASTMBUFCHK(&so->so_rcv);
1664 if (flags & MSG_PEEK)
1670 if (flags & MSG_DONTWAIT)
1671 copy_flag = M_DONTWAIT;
1673 copy_flag = M_TRYWAIT;
1674 if (copy_flag == M_TRYWAIT)
1675 SOCKBUF_UNLOCK(&so->so_rcv);
1676 *mp = m_copym(m, 0, len, copy_flag);
1677 if (copy_flag == M_TRYWAIT)
1678 SOCKBUF_LOCK(&so->so_rcv);
1681 * m_copym() couldn't allocate an mbuf.
1682 * Adjust uio_resid back (it was adjusted
1683 * down by len bytes, which we didn't end
1684 * up "copying" over).
1686 uio->uio_resid += len;
1692 so->so_rcv.sb_cc -= len;
1695 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1696 if (so->so_oobmark) {
1697 if ((flags & MSG_PEEK) == 0) {
1698 so->so_oobmark -= len;
1699 if (so->so_oobmark == 0) {
1700 so->so_rcv.sb_state |= SBS_RCVATMARK;
1705 if (offset == so->so_oobmark)
1709 if (flags & MSG_EOR)
1712 * If the MSG_WAITALL flag is set (for non-atomic socket),
1713 * we must not quit until "uio->uio_resid == 0" or an error
1714 * termination. If a signal/timeout occurs, return
1715 * with a short count but without error.
1716 * Keep sockbuf locked against other readers.
1718 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
1719 !sosendallatonce(so) && nextrecord == NULL) {
1720 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1721 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE)
1724 * Notify the protocol that some data has been
1725 * drained before blocking.
1727 if (pr->pr_flags & PR_WANTRCVD) {
1728 SOCKBUF_UNLOCK(&so->so_rcv);
1729 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1730 SOCKBUF_LOCK(&so->so_rcv);
1732 SBLASTRECORDCHK(&so->so_rcv);
1733 SBLASTMBUFCHK(&so->so_rcv);
1734 error = sbwait(&so->so_rcv);
1737 m = so->so_rcv.sb_mb;
1739 nextrecord = m->m_nextpkt;
1743 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1744 if (m != NULL && pr->pr_flags & PR_ATOMIC) {
1746 if ((flags & MSG_PEEK) == 0)
1747 (void) sbdroprecord_locked(&so->so_rcv);
1749 if ((flags & MSG_PEEK) == 0) {
1752 * First part is an inline SB_EMPTY_FIXUP(). Second
1753 * part makes sure sb_lastrecord is up-to-date if
1754 * there is still data in the socket buffer.
1756 so->so_rcv.sb_mb = nextrecord;
1757 if (so->so_rcv.sb_mb == NULL) {
1758 so->so_rcv.sb_mbtail = NULL;
1759 so->so_rcv.sb_lastrecord = NULL;
1760 } else if (nextrecord->m_nextpkt == NULL)
1761 so->so_rcv.sb_lastrecord = nextrecord;
1763 SBLASTRECORDCHK(&so->so_rcv);
1764 SBLASTMBUFCHK(&so->so_rcv);
1766 * If soreceive() is being done from the socket callback, then
1767 * don't need to generate ACK to peer to update window, since
1768 * ACK will be generated on return to TCP.
1770 if (!(flags & MSG_SOCALLBCK) &&
1771 (pr->pr_flags & PR_WANTRCVD)) {
1772 SOCKBUF_UNLOCK(&so->so_rcv);
1773 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1774 SOCKBUF_LOCK(&so->so_rcv);
1777 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1778 if (orig_resid == uio->uio_resid && orig_resid &&
1779 (flags & MSG_EOR) == 0 && (so->so_rcv.sb_state & SBS_CANTRCVMORE) == 0) {
1780 sbunlock(&so->so_rcv);
1787 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1788 sbunlock(&so->so_rcv);
1790 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1791 SOCKBUF_UNLOCK(&so->so_rcv);
1800 struct protosw *pr = so->so_proto;
1802 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR))
1808 return ((*pr->pr_usrreqs->pru_shutdown)(so));
1816 struct sockbuf *sb = &so->so_rcv;
1817 struct protosw *pr = so->so_proto;
1821 * XXXRW: This is quite ugly. Previously, this code made a copy of
1822 * the socket buffer, then zero'd the original to clear the buffer
1823 * fields. However, with mutexes in the socket buffer, this causes
1824 * problems. We only clear the zeroable bits of the original;
1825 * however, we have to initialize and destroy the mutex in the copy
1826 * so that dom_dispose() and sbrelease() can lock t as needed.
1829 sb->sb_flags |= SB_NOINTR;
1830 (void) sblock(sb, M_WAITOK);
1832 * socantrcvmore_locked() drops the socket buffer mutex so that it
1833 * can safely perform wakeups. Re-acquire the mutex before
1836 socantrcvmore_locked(so);
1840 * Invalidate/clear most of the sockbuf structure, but leave
1841 * selinfo and mutex data unchanged.
1843 bzero(&asb, offsetof(struct sockbuf, sb_startzero));
1844 bcopy(&sb->sb_startzero, &asb.sb_startzero,
1845 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1846 bzero(&sb->sb_startzero,
1847 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1850 SOCKBUF_LOCK_INIT(&asb, "so_rcv");
1851 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
1852 (*pr->pr_domain->dom_dispose)(asb.sb_mb);
1853 sbrelease(&asb, so);
1854 SOCKBUF_LOCK_DESTROY(&asb);
1858 * Perhaps this routine, and sooptcopyout(), below, ought to come in
1859 * an additional variant to handle the case where the option value needs
1860 * to be some kind of integer, but not a specific size.
1861 * In addition to their use here, these functions are also called by the
1862 * protocol-level pr_ctloutput() routines.
1865 sooptcopyin(sopt, buf, len, minlen)
1866 struct sockopt *sopt;
1874 * If the user gives us more than we wanted, we ignore it,
1875 * but if we don't get the minimum length the caller
1876 * wants, we return EINVAL. On success, sopt->sopt_valsize
1877 * is set to however much we actually retrieved.
1879 if ((valsize = sopt->sopt_valsize) < minlen)
1882 sopt->sopt_valsize = valsize = len;
1884 if (sopt->sopt_td != NULL)
1885 return (copyin(sopt->sopt_val, buf, valsize));
1887 bcopy(sopt->sopt_val, buf, valsize);
1892 * Kernel version of setsockopt(2)/
1893 * XXX: optlen is size_t, not socklen_t
1896 so_setsockopt(struct socket *so, int level, int optname, void *optval,
1899 struct sockopt sopt;
1901 sopt.sopt_level = level;
1902 sopt.sopt_name = optname;
1903 sopt.sopt_dir = SOPT_SET;
1904 sopt.sopt_val = optval;
1905 sopt.sopt_valsize = optlen;
1906 sopt.sopt_td = NULL;
1907 return (sosetopt(so, &sopt));
1913 struct sockopt *sopt;
1924 if (sopt->sopt_level != SOL_SOCKET) {
1925 if (so->so_proto && so->so_proto->pr_ctloutput)
1926 return ((*so->so_proto->pr_ctloutput)
1928 error = ENOPROTOOPT;
1930 switch (sopt->sopt_name) {
1932 case SO_ACCEPTFILTER:
1933 error = do_setopt_accept_filter(so, sopt);
1939 error = sooptcopyin(sopt, &l, sizeof l, sizeof l);
1944 so->so_linger = l.l_linger;
1946 so->so_options |= SO_LINGER;
1948 so->so_options &= ~SO_LINGER;
1955 case SO_USELOOPBACK:
1963 error = sooptcopyin(sopt, &optval, sizeof optval,
1969 so->so_options |= sopt->sopt_name;
1971 so->so_options &= ~sopt->sopt_name;
1979 error = sooptcopyin(sopt, &optval, sizeof optval,
1985 * Values < 1 make no sense for any of these
1986 * options, so disallow them.
1993 switch (sopt->sopt_name) {
1996 if (sbreserve(sopt->sopt_name == SO_SNDBUF ?
1997 &so->so_snd : &so->so_rcv, (u_long)optval,
1998 so, curthread) == 0) {
2005 * Make sure the low-water is never greater than
2009 SOCKBUF_LOCK(&so->so_snd);
2010 so->so_snd.sb_lowat =
2011 (optval > so->so_snd.sb_hiwat) ?
2012 so->so_snd.sb_hiwat : optval;
2013 SOCKBUF_UNLOCK(&so->so_snd);
2016 SOCKBUF_LOCK(&so->so_rcv);
2017 so->so_rcv.sb_lowat =
2018 (optval > so->so_rcv.sb_hiwat) ?
2019 so->so_rcv.sb_hiwat : optval;
2020 SOCKBUF_UNLOCK(&so->so_rcv);
2028 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2029 struct timeval32 tv32;
2031 error = sooptcopyin(sopt, &tv32, sizeof tv32,
2033 CP(tv32, tv, tv_sec);
2034 CP(tv32, tv, tv_usec);
2037 error = sooptcopyin(sopt, &tv, sizeof tv,
2042 /* assert(hz > 0); */
2043 if (tv.tv_sec < 0 || tv.tv_sec > INT_MAX / hz ||
2044 tv.tv_usec < 0 || tv.tv_usec >= 1000000) {
2048 /* assert(tick > 0); */
2049 /* assert(ULONG_MAX - INT_MAX >= 1000000); */
2050 val = (u_long)(tv.tv_sec * hz) + tv.tv_usec / tick;
2051 if (val > INT_MAX) {
2055 if (val == 0 && tv.tv_usec != 0)
2058 switch (sopt->sopt_name) {
2060 so->so_snd.sb_timeo = val;
2063 so->so_rcv.sb_timeo = val;
2070 error = sooptcopyin(sopt, &extmac, sizeof extmac,
2074 error = mac_setsockopt_label(sopt->sopt_td->td_ucred,
2082 error = ENOPROTOOPT;
2085 if (error == 0 && so->so_proto != NULL &&
2086 so->so_proto->pr_ctloutput != NULL) {
2087 (void) ((*so->so_proto->pr_ctloutput)
2095 /* Helper routine for getsockopt */
2097 sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
2105 * Documented get behavior is that we always return a value,
2106 * possibly truncated to fit in the user's buffer.
2107 * Traditional behavior is that we always tell the user
2108 * precisely how much we copied, rather than something useful
2109 * like the total amount we had available for her.
2110 * Note that this interface is not idempotent; the entire answer must
2111 * generated ahead of time.
2113 valsize = min(len, sopt->sopt_valsize);
2114 sopt->sopt_valsize = valsize;
2115 if (sopt->sopt_val != NULL) {
2116 if (sopt->sopt_td != NULL)
2117 error = copyout(buf, sopt->sopt_val, valsize);
2119 bcopy(buf, sopt->sopt_val, valsize);
2127 struct sockopt *sopt;
2137 if (sopt->sopt_level != SOL_SOCKET) {
2138 if (so->so_proto && so->so_proto->pr_ctloutput) {
2139 return ((*so->so_proto->pr_ctloutput)
2142 return (ENOPROTOOPT);
2144 switch (sopt->sopt_name) {
2146 case SO_ACCEPTFILTER:
2147 error = do_getopt_accept_filter(so, sopt);
2152 l.l_onoff = so->so_options & SO_LINGER;
2153 l.l_linger = so->so_linger;
2155 error = sooptcopyout(sopt, &l, sizeof l);
2158 case SO_USELOOPBACK:
2170 optval = so->so_options & sopt->sopt_name;
2172 error = sooptcopyout(sopt, &optval, sizeof optval);
2176 optval = so->so_type;
2181 optval = so->so_error;
2187 optval = so->so_snd.sb_hiwat;
2191 optval = so->so_rcv.sb_hiwat;
2195 optval = so->so_snd.sb_lowat;
2199 optval = so->so_rcv.sb_lowat;
2204 optval = (sopt->sopt_name == SO_SNDTIMEO ?
2205 so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
2207 tv.tv_sec = optval / hz;
2208 tv.tv_usec = (optval % hz) * tick;
2210 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2211 struct timeval32 tv32;
2213 CP(tv, tv32, tv_sec);
2214 CP(tv, tv32, tv_usec);
2215 error = sooptcopyout(sopt, &tv32, sizeof tv32);
2218 error = sooptcopyout(sopt, &tv, sizeof tv);
2223 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2227 error = mac_getsockopt_label(sopt->sopt_td->td_ucred,
2231 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2239 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2243 error = mac_getsockopt_peerlabel(
2244 sopt->sopt_td->td_ucred, so, &extmac);
2247 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2253 case SO_LISTENQLIMIT:
2254 optval = so->so_qlimit;
2258 optval = so->so_qlen;
2261 case SO_LISTENINCQLEN:
2262 optval = so->so_incqlen;
2266 error = ENOPROTOOPT;
2273 /* XXX; prepare mbuf for (__FreeBSD__ < 3) routines. */
2275 soopt_getm(struct sockopt *sopt, struct mbuf **mp)
2277 struct mbuf *m, *m_prev;
2278 int sopt_size = sopt->sopt_valsize;
2280 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2283 if (sopt_size > MLEN) {
2284 MCLGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT);
2285 if ((m->m_flags & M_EXT) == 0) {
2289 m->m_len = min(MCLBYTES, sopt_size);
2291 m->m_len = min(MLEN, sopt_size);
2293 sopt_size -= m->m_len;
2298 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2303 if (sopt_size > MLEN) {
2304 MCLGET(m, sopt->sopt_td != NULL ? M_TRYWAIT :
2306 if ((m->m_flags & M_EXT) == 0) {
2311 m->m_len = min(MCLBYTES, sopt_size);
2313 m->m_len = min(MLEN, sopt_size);
2315 sopt_size -= m->m_len;
2322 /* XXX; copyin sopt data into mbuf chain for (__FreeBSD__ < 3) routines. */
2324 soopt_mcopyin(struct sockopt *sopt, struct mbuf *m)
2326 struct mbuf *m0 = m;
2328 if (sopt->sopt_val == NULL)
2330 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2331 if (sopt->sopt_td != NULL) {
2334 error = copyin(sopt->sopt_val, mtod(m, char *),
2341 bcopy(sopt->sopt_val, mtod(m, char *), m->m_len);
2342 sopt->sopt_valsize -= m->m_len;
2343 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2346 if (m != NULL) /* should be allocated enoughly at ip6_sooptmcopyin() */
2347 panic("ip6_sooptmcopyin");
2351 /* XXX; copyout mbuf chain data into soopt for (__FreeBSD__ < 3) routines. */
2353 soopt_mcopyout(struct sockopt *sopt, struct mbuf *m)
2355 struct mbuf *m0 = m;
2358 if (sopt->sopt_val == NULL)
2360 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2361 if (sopt->sopt_td != NULL) {
2364 error = copyout(mtod(m, char *), sopt->sopt_val,
2371 bcopy(mtod(m, char *), sopt->sopt_val, m->m_len);
2372 sopt->sopt_valsize -= m->m_len;
2373 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2374 valsize += m->m_len;
2378 /* enough soopt buffer should be given from user-land */
2382 sopt->sopt_valsize = valsize;
2390 if (so->so_sigio != NULL)
2391 pgsigio(&so->so_sigio, SIGURG, 0);
2392 selwakeuppri(&so->so_rcv.sb_sel, PSOCK);
2396 sopoll(struct socket *so, int events, struct ucred *active_cred,
2401 SOCKBUF_LOCK(&so->so_snd);
2402 SOCKBUF_LOCK(&so->so_rcv);
2403 if (events & (POLLIN | POLLRDNORM))
2405 revents |= events & (POLLIN | POLLRDNORM);
2407 if (events & POLLINIGNEOF)
2408 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat ||
2409 !TAILQ_EMPTY(&so->so_comp) || so->so_error)
2410 revents |= POLLINIGNEOF;
2412 if (events & (POLLOUT | POLLWRNORM))
2413 if (sowriteable(so))
2414 revents |= events & (POLLOUT | POLLWRNORM);
2416 if (events & (POLLPRI | POLLRDBAND))
2417 if (so->so_oobmark || (so->so_rcv.sb_state & SBS_RCVATMARK))
2418 revents |= events & (POLLPRI | POLLRDBAND);
2422 (POLLIN | POLLINIGNEOF | POLLPRI | POLLRDNORM |
2424 selrecord(td, &so->so_rcv.sb_sel);
2425 so->so_rcv.sb_flags |= SB_SEL;
2428 if (events & (POLLOUT | POLLWRNORM)) {
2429 selrecord(td, &so->so_snd.sb_sel);
2430 so->so_snd.sb_flags |= SB_SEL;
2434 SOCKBUF_UNLOCK(&so->so_rcv);
2435 SOCKBUF_UNLOCK(&so->so_snd);
2440 soo_kqfilter(struct file *fp, struct knote *kn)
2442 struct socket *so = kn->kn_fp->f_data;
2445 switch (kn->kn_filter) {
2447 if (so->so_options & SO_ACCEPTCONN)
2448 kn->kn_fop = &solisten_filtops;
2450 kn->kn_fop = &soread_filtops;
2454 kn->kn_fop = &sowrite_filtops;
2462 knlist_add(&sb->sb_sel.si_note, kn, 1);
2463 sb->sb_flags |= SB_KNOTE;
2469 filt_sordetach(struct knote *kn)
2471 struct socket *so = kn->kn_fp->f_data;
2473 SOCKBUF_LOCK(&so->so_rcv);
2474 knlist_remove(&so->so_rcv.sb_sel.si_note, kn, 1);
2475 if (knlist_empty(&so->so_rcv.sb_sel.si_note))
2476 so->so_rcv.sb_flags &= ~SB_KNOTE;
2477 SOCKBUF_UNLOCK(&so->so_rcv);
2482 filt_soread(struct knote *kn, long hint)
2486 so = kn->kn_fp->f_data;
2487 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2489 kn->kn_data = so->so_rcv.sb_cc - so->so_rcv.sb_ctl;
2490 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2491 kn->kn_flags |= EV_EOF;
2492 kn->kn_fflags = so->so_error;
2494 } else if (so->so_error) /* temporary udp error */
2496 else if (kn->kn_sfflags & NOTE_LOWAT)
2497 return (kn->kn_data >= kn->kn_sdata);
2499 return (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat);
2503 filt_sowdetach(struct knote *kn)
2505 struct socket *so = kn->kn_fp->f_data;
2507 SOCKBUF_LOCK(&so->so_snd);
2508 knlist_remove(&so->so_snd.sb_sel.si_note, kn, 1);
2509 if (knlist_empty(&so->so_snd.sb_sel.si_note))
2510 so->so_snd.sb_flags &= ~SB_KNOTE;
2511 SOCKBUF_UNLOCK(&so->so_snd);
2516 filt_sowrite(struct knote *kn, long hint)
2520 so = kn->kn_fp->f_data;
2521 SOCKBUF_LOCK_ASSERT(&so->so_snd);
2522 kn->kn_data = sbspace(&so->so_snd);
2523 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2524 kn->kn_flags |= EV_EOF;
2525 kn->kn_fflags = so->so_error;
2527 } else if (so->so_error) /* temporary udp error */
2529 else if (((so->so_state & SS_ISCONNECTED) == 0) &&
2530 (so->so_proto->pr_flags & PR_CONNREQUIRED))
2532 else if (kn->kn_sfflags & NOTE_LOWAT)
2533 return (kn->kn_data >= kn->kn_sdata);
2535 return (kn->kn_data >= so->so_snd.sb_lowat);
2540 filt_solisten(struct knote *kn, long hint)
2542 struct socket *so = kn->kn_fp->f_data;
2544 kn->kn_data = so->so_qlen;
2545 return (! TAILQ_EMPTY(&so->so_comp));
2549 socheckuid(struct socket *so, uid_t uid)
2554 if (so->so_cred->cr_uid != uid)
2560 somaxconn_sysctl(SYSCTL_HANDLER_ARGS)
2566 error = sysctl_handle_int(oidp, &val, sizeof(int), req);
2567 if (error || !req->newptr )
2570 if (val < 1 || val > USHRT_MAX)