2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Copyright (c) 2010-2011 Juniper Networks, Inc.
8 * Portions of this software were developed by Robert N. M. Watson under
9 * contract to Juniper Networks, Inc.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the project nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $KAME: in6_pcb.c,v 1.31 2001/05/21 05:45:10 jinmei Exp $
39 * Copyright (c) 1982, 1986, 1991, 1993
40 * The Regents of the University of California. All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
69 #include <sys/cdefs.h>
70 __FBSDID("$FreeBSD$");
73 #include "opt_inet6.h"
74 #include "opt_ipsec.h"
75 #include "opt_route.h"
79 #include <sys/param.h>
80 #include <sys/systm.h>
81 #include <sys/malloc.h>
83 #include <sys/domain.h>
84 #include <sys/protosw.h>
85 #include <sys/socket.h>
86 #include <sys/socketvar.h>
87 #include <sys/sockio.h>
88 #include <sys/errno.h>
97 #include <net/if_var.h>
98 #include <net/if_llatbl.h>
99 #include <net/if_types.h>
100 #include <net/route.h>
101 #include <net/route/nhop.h>
103 #include <netinet/in.h>
104 #include <netinet/in_var.h>
105 #include <netinet/in_systm.h>
106 #include <netinet/ip6.h>
107 #include <netinet/ip_var.h>
109 #include <netinet6/ip6_var.h>
110 #include <netinet6/nd6.h>
111 #include <netinet/in_pcb.h>
112 #include <netinet/in_pcb_var.h>
113 #include <netinet6/in6_pcb.h>
114 #include <netinet6/in6_fib.h>
115 #include <netinet6/scope6_var.h>
118 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
120 struct socket *so = inp->inp_socket;
122 int error, lookupflags = 0;
124 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
127 INP_WLOCK_ASSERT(inp);
128 INP_HASH_WLOCK_ASSERT(pcbinfo);
130 error = prison_local_ip6(cred, laddr,
131 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
135 /* XXX: this is redundant when called from in6_pcbbind */
136 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT|SO_REUSEPORT_LB)) == 0)
137 lookupflags = INPLOOKUP_WILDCARD;
139 inp->inp_flags |= INP_ANONPORT;
141 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
145 inp->inp_lport = lport;
146 if (in_pcbinshash(inp) != 0) {
147 inp->in6p_laddr = in6addr_any;
156 in6_pcbbind(struct inpcb *inp, struct sockaddr *nam,
159 struct socket *so = inp->inp_socket;
160 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)NULL;
161 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
163 int error, lookupflags = 0;
164 int reuseport = (so->so_options & SO_REUSEPORT);
167 * XXX: Maybe we could let SO_REUSEPORT_LB set SO_REUSEPORT bit here
168 * so that we don't have to add to the (already messy) code below.
170 int reuseport_lb = (so->so_options & SO_REUSEPORT_LB);
172 INP_WLOCK_ASSERT(inp);
173 INP_HASH_WLOCK_ASSERT(pcbinfo);
175 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
177 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT|SO_REUSEPORT_LB)) == 0)
178 lookupflags = INPLOOKUP_WILDCARD;
180 if ((error = prison_local_ip6(cred, &inp->in6p_laddr,
181 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
184 sin6 = (struct sockaddr_in6 *)nam;
185 KASSERT(sin6->sin6_family == AF_INET6,
186 ("%s: invalid address family for %p", __func__, sin6));
187 KASSERT(sin6->sin6_len == sizeof(*sin6),
188 ("%s: invalid address length for %p", __func__, sin6));
190 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
193 if ((error = prison_local_ip6(cred, &sin6->sin6_addr,
194 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
197 lport = sin6->sin6_port;
198 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
200 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast;
201 * allow compepte duplication of binding if
202 * SO_REUSEPORT is set, or if SO_REUSEADDR is set
203 * and a multicast address is bound on both
204 * new and duplicated sockets.
206 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) != 0)
207 reuseport = SO_REUSEADDR|SO_REUSEPORT;
209 * XXX: How to deal with SO_REUSEPORT_LB here?
210 * Treat same as SO_REUSEPORT for now.
212 if ((so->so_options &
213 (SO_REUSEADDR|SO_REUSEPORT_LB)) != 0)
214 reuseport_lb = SO_REUSEADDR|SO_REUSEPORT_LB;
215 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
216 struct epoch_tracker et;
219 sin6->sin6_port = 0; /* yech... */
221 if ((ifa = ifa_ifwithaddr((struct sockaddr *)sin6)) ==
223 (inp->inp_flags & INP_BINDANY) == 0) {
225 return (EADDRNOTAVAIL);
229 * XXX: bind to an anycast address might accidentally
230 * cause sending a packet with anycast source address.
231 * We should allow to bind to a deprecated address, since
232 * the application dares to use it.
235 ((struct in6_ifaddr *)ifa)->ia6_flags &
236 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED)) {
238 return (EADDRNOTAVAIL);
246 if (ntohs(lport) <= V_ipport_reservedhigh &&
247 ntohs(lport) >= V_ipport_reservedlow &&
248 priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT))
250 if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr) &&
251 priv_check_cred(inp->inp_cred, PRIV_NETINET_REUSEPORT) != 0) {
252 t = in6_pcblookup_local(pcbinfo,
253 &sin6->sin6_addr, lport,
254 INPLOOKUP_WILDCARD, cred);
256 ((inp->inp_flags2 & INP_BINDMULTI) == 0) &&
257 (so->so_type != SOCK_STREAM ||
258 IN6_IS_ADDR_UNSPECIFIED(&t->in6p_faddr)) &&
259 (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
260 !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) ||
261 (t->inp_flags2 & INP_REUSEPORT) ||
262 (t->inp_flags2 & INP_REUSEPORT_LB) == 0) &&
263 (inp->inp_cred->cr_uid !=
264 t->inp_cred->cr_uid))
268 * If the socket is a BINDMULTI socket, then
269 * the credentials need to match and the
270 * original socket also has to have been bound
273 if (t && (! in_pcbbind_check_bindmulti(inp, t)))
277 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0 &&
278 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
279 struct sockaddr_in sin;
281 in6_sin6_2_sin(&sin, sin6);
282 t = in_pcblookup_local(pcbinfo,
284 INPLOOKUP_WILDCARD, cred);
286 ((inp->inp_flags2 & INP_BINDMULTI) == 0) &&
287 (so->so_type != SOCK_STREAM ||
288 ntohl(t->inp_faddr.s_addr) ==
290 (inp->inp_cred->cr_uid !=
291 t->inp_cred->cr_uid))
294 if (t && (! in_pcbbind_check_bindmulti(inp, t)))
299 t = in6_pcblookup_local(pcbinfo, &sin6->sin6_addr,
300 lport, lookupflags, cred);
301 if (t && (reuseport & inp_so_options(t)) == 0 &&
302 (reuseport_lb & inp_so_options(t)) == 0) {
306 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0 &&
307 IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
308 struct sockaddr_in sin;
310 in6_sin6_2_sin(&sin, sin6);
311 t = in_pcblookup_local(pcbinfo, sin.sin_addr,
312 lport, lookupflags, cred);
314 (reuseport & inp_so_options(t)) == 0 &&
315 (reuseport_lb & inp_so_options(t)) == 0 &&
316 (ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
317 (t->inp_vflag & INP_IPV6PROTO) != 0)) {
323 inp->in6p_laddr = sin6->sin6_addr;
326 if ((error = in6_pcbsetport(&inp->in6p_laddr, inp, cred)) != 0) {
327 /* Undo an address bind that may have occurred. */
328 inp->in6p_laddr = in6addr_any;
332 inp->inp_lport = lport;
333 if (in_pcbinshash(inp) != 0) {
334 inp->in6p_laddr = in6addr_any;
343 * Transform old in6_pcbconnect() into an inner subroutine for new
344 * in6_pcbconnect(): Do some validity-checking on the remote
345 * address (in mbuf 'nam') and then determine local host address
346 * (i.e., which interface) to use to access that remote host.
348 * This preserves definition of in6_pcbconnect(), while supporting a
349 * slightly different version for T/TCP. (This is more than
350 * a bit of a kludge, but cleaning up the internal interfaces would
351 * have forced minor changes in every protocol).
354 in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6,
355 struct in6_addr *plocal_addr6)
358 int scope_ambiguous = 0;
359 struct in6_addr in6a;
360 struct epoch_tracker et;
362 INP_WLOCK_ASSERT(inp);
363 INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo); /* XXXRW: why? */
365 if (sin6->sin6_port == 0)
366 return (EADDRNOTAVAIL);
368 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone)
370 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
373 if (!CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) {
375 * If the destination address is UNSPECIFIED addr,
376 * use the loopback addr, e.g ::1.
378 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
379 sin6->sin6_addr = in6addr_loopback;
381 if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0)
385 error = in6_selectsrc_socket(sin6, inp->in6p_outputopts,
386 inp, inp->inp_cred, scope_ambiguous, &in6a, NULL);
392 * Do not update this earlier, in case we return with an error.
394 * XXX: this in6_selectsrc_socket result might replace the bound local
395 * address with the address specified by setsockopt(IPV6_PKTINFO).
396 * Is it the intended behavior?
398 *plocal_addr6 = in6a;
401 * Don't do pcblookup call here; return interface in
403 * and exit to caller, that will do the lookup.
411 * Connect from a socket to a specified address.
412 * Both address and port must be specified in argument sin.
413 * If don't have a local address for this socket yet,
417 in6_pcbconnect_mbuf(struct inpcb *inp, struct sockaddr *nam,
418 struct ucred *cred, struct mbuf *m, bool rehash)
420 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
421 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
422 struct sockaddr_in6 laddr6;
425 KASSERT(sin6->sin6_family == AF_INET6,
426 ("%s: invalid address family for %p", __func__, sin6));
427 KASSERT(sin6->sin6_len == sizeof(*sin6),
428 ("%s: invalid address length for %p", __func__, sin6));
430 bzero(&laddr6, sizeof(laddr6));
431 laddr6.sin6_family = AF_INET6;
433 INP_WLOCK_ASSERT(inp);
434 INP_HASH_WLOCK_ASSERT(pcbinfo);
437 if (CALC_FLOWID_OUTBOUND) {
438 uint32_t hash_type, hash_val;
440 hash_val = fib6_calc_software_hash(&inp->in6p_laddr,
441 &sin6->sin6_addr, 0, sin6->sin6_port,
442 inp->inp_socket->so_proto->pr_protocol, &hash_type);
443 inp->inp_flowid = hash_val;
444 inp->inp_flowtype = hash_type;
448 * Call inner routine, to assign local interface address.
449 * in6_pcbladdr() may automatically fill in sin6_scope_id.
451 if ((error = in6_pcbladdr(inp, sin6, &laddr6.sin6_addr)) != 0)
454 if (in6_pcblookup_hash_locked(pcbinfo, &sin6->sin6_addr,
456 IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)
457 ? &laddr6.sin6_addr : &inp->in6p_laddr,
458 inp->inp_lport, 0, NULL, M_NODOM) != NULL) {
461 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
462 if (inp->inp_lport == 0) {
464 * rehash was required to be true in the past for
465 * this case; retain that convention. However,
466 * we now call in_pcb_lport_dest rather than
467 * in6_pcbbind; the former does not insert into
468 * the hash table, the latter does. Change rehash
469 * to false to do the in_pcbinshash below.
471 KASSERT(rehash == true,
472 ("Rehashing required for unbound inps"));
474 error = in_pcb_lport_dest(inp,
475 (struct sockaddr *) &laddr6, &inp->inp_lport,
476 (struct sockaddr *) sin6, sin6->sin6_port, cred,
481 inp->in6p_laddr = laddr6.sin6_addr;
483 inp->in6p_faddr = sin6->sin6_addr;
484 inp->inp_fport = sin6->sin6_port;
485 /* update flowinfo - draft-itojun-ipv6-flowlabel-api-00 */
486 inp->inp_flow &= ~IPV6_FLOWLABEL_MASK;
487 if (inp->inp_flags & IN6P_AUTOFLOWLABEL)
489 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
501 in6_pcbconnect(struct inpcb *inp, struct sockaddr *nam, struct ucred *cred)
504 return (in6_pcbconnect_mbuf(inp, nam, cred, NULL, true));
508 in6_pcbdisconnect(struct inpcb *inp)
511 INP_WLOCK_ASSERT(inp);
512 INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
514 bzero((caddr_t)&inp->in6p_faddr, sizeof(inp->in6p_faddr));
516 /* clear flowinfo - draft-itojun-ipv6-flowlabel-api-00 */
517 inp->inp_flow &= ~IPV6_FLOWLABEL_MASK;
522 in6_sockaddr(in_port_t port, struct in6_addr *addr_p)
524 struct sockaddr_in6 *sin6;
526 sin6 = malloc(sizeof *sin6, M_SONAME, M_WAITOK);
527 bzero(sin6, sizeof *sin6);
528 sin6->sin6_family = AF_INET6;
529 sin6->sin6_len = sizeof(*sin6);
530 sin6->sin6_port = port;
531 sin6->sin6_addr = *addr_p;
532 (void)sa6_recoverscope(sin6); /* XXX: should catch errors */
534 return (struct sockaddr *)sin6;
538 in6_v4mapsin6_sockaddr(in_port_t port, struct in_addr *addr_p)
540 struct sockaddr_in sin;
541 struct sockaddr_in6 *sin6_p;
543 bzero(&sin, sizeof sin);
544 sin.sin_family = AF_INET;
545 sin.sin_len = sizeof(sin);
547 sin.sin_addr = *addr_p;
549 sin6_p = malloc(sizeof *sin6_p, M_SONAME,
551 in6_sin_2_v4mapsin6(&sin, sin6_p);
553 return (struct sockaddr *)sin6_p;
557 in6_getsockaddr(struct socket *so, struct sockaddr **nam)
560 struct in6_addr addr;
564 KASSERT(inp != NULL, ("in6_getsockaddr: inp == NULL"));
567 port = inp->inp_lport;
568 addr = inp->in6p_laddr;
571 *nam = in6_sockaddr(port, &addr);
576 in6_getpeeraddr(struct socket *so, struct sockaddr **nam)
579 struct in6_addr addr;
583 KASSERT(inp != NULL, ("in6_getpeeraddr: inp == NULL"));
586 port = inp->inp_fport;
587 addr = inp->in6p_faddr;
590 *nam = in6_sockaddr(port, &addr);
595 in6_mapped_sockaddr(struct socket *so, struct sockaddr **nam)
601 KASSERT(inp != NULL, ("in6_mapped_sockaddr: inp == NULL"));
604 if ((inp->inp_vflag & (INP_IPV4 | INP_IPV6)) == INP_IPV4) {
605 error = in_getsockaddr(so, nam);
607 in6_sin_2_v4mapsin6_in_sock(nam);
611 /* scope issues will be handled in in6_getsockaddr(). */
612 error = in6_getsockaddr(so, nam);
619 in6_mapped_peeraddr(struct socket *so, struct sockaddr **nam)
625 KASSERT(inp != NULL, ("in6_mapped_peeraddr: inp == NULL"));
628 if ((inp->inp_vflag & (INP_IPV4 | INP_IPV6)) == INP_IPV4) {
629 error = in_getpeeraddr(so, nam);
631 in6_sin_2_v4mapsin6_in_sock(nam);
634 /* scope issues will be handled in in6_getpeeraddr(). */
635 error = in6_getpeeraddr(so, nam);
641 * Pass some notification to all connections of a protocol
642 * associated with address dst. The local address and/or port numbers
643 * may be specified to limit the search. The "usual action" will be
644 * taken, depending on the ctlinput cmd. The caller must filter any
645 * cmds that are uninteresting (e.g., no error in the map).
646 * Call the protocol specific routine (if any) to report
647 * any errors for each matching socket.
650 inp_match6(const struct inpcb *inp, void *v __unused)
653 return ((inp->inp_vflag & INP_IPV6) != 0);
657 in6_pcbnotify(struct inpcbinfo *pcbinfo, struct sockaddr_in6 *sa6_dst,
658 u_int fport_arg, const struct sockaddr_in6 *src, u_int lport_arg,
659 int errno, void *cmdarg,
660 struct inpcb *(*notify)(struct inpcb *, int))
662 struct inpcb_iterator inpi = INP_ITERATOR(pcbinfo, INPLOOKUP_WLOCKPCB,
665 struct sockaddr_in6 sa6_src;
666 u_short fport = fport_arg, lport = lport_arg;
669 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr))
673 * note that src can be NULL when we get notify by local fragmentation.
675 sa6_src = (src == NULL) ? sa6_any : *src;
676 flowinfo = sa6_src.sin6_flowinfo;
678 while ((inp = inp_next(&inpi)) != NULL) {
679 INP_WLOCK_ASSERT(inp);
681 * If the error designates a new path MTU for a destination
682 * and the application (associated with this socket) wanted to
683 * know the value, notify.
684 * XXX: should we avoid to notify the value to TCP sockets?
686 if (errno == EMSGSIZE && cmdarg != NULL)
687 ip6_notify_pmtu(inp, sa6_dst, *(uint32_t *)cmdarg);
690 * Detect if we should notify the error. If no source and
691 * destination ports are specified, but non-zero flowinfo and
692 * local address match, notify the error. This is the case
693 * when the error is delivered with an encrypted buffer
694 * by ESP. Otherwise, just compare addresses and ports
697 if (lport == 0 && fport == 0 && flowinfo &&
698 inp->inp_socket != NULL &&
699 flowinfo == (inp->inp_flow & IPV6_FLOWLABEL_MASK) &&
700 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, &sa6_src.sin6_addr))
702 else if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
703 &sa6_dst->sin6_addr) ||
704 inp->inp_socket == 0 ||
705 (lport && inp->inp_lport != lport) ||
706 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) &&
707 !IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
708 &sa6_src.sin6_addr)) ||
709 (fport && inp->inp_fport != fport)) {
715 (*notify)(inp, errno);
720 * Lookup a PCB based on the local address and port. Caller must hold the
721 * hash lock. No inpcb locks or references are acquired.
724 in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr,
725 u_short lport, int lookupflags, struct ucred *cred)
728 int matchwild = 3, wildcard;
730 KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD)) == 0,
731 ("%s: invalid lookup flags %d", __func__, lookupflags));
733 INP_HASH_LOCK_ASSERT(pcbinfo);
735 if ((lookupflags & INPLOOKUP_WILDCARD) == 0) {
736 struct inpcbhead *head;
738 * Look for an unconnected (wildcard foreign addr) PCB that
739 * matches the local address and port we're looking for.
741 head = &pcbinfo->ipi_hashbase[INP_PCBHASH_WILD(lport,
742 pcbinfo->ipi_hashmask)];
743 CK_LIST_FOREACH(inp, head, inp_hash) {
744 /* XXX inp locking */
745 if ((inp->inp_vflag & INP_IPV6) == 0)
747 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) &&
748 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
749 inp->inp_lport == lport) {
751 if (prison_equal_ip6(cred->cr_prison,
752 inp->inp_cred->cr_prison))
761 struct inpcbporthead *porthash;
762 struct inpcbport *phd;
763 struct inpcb *match = NULL;
765 * Best fit PCB lookup.
767 * First see if this local port is in use by looking on the
770 porthash = &pcbinfo->ipi_porthashbase[INP_PCBPORTHASH(lport,
771 pcbinfo->ipi_porthashmask)];
772 CK_LIST_FOREACH(phd, porthash, phd_hash) {
773 if (phd->phd_port == lport)
778 * Port is in use by one or more PCBs. Look for best
781 CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
783 if (!prison_equal_ip6(cred->cr_prison,
784 inp->inp_cred->cr_prison))
786 /* XXX inp locking */
787 if ((inp->inp_vflag & INP_IPV6) == 0)
789 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr))
791 if (!IN6_IS_ADDR_UNSPECIFIED(
793 if (IN6_IS_ADDR_UNSPECIFIED(laddr))
795 else if (!IN6_ARE_ADDR_EQUAL(
796 &inp->in6p_laddr, laddr))
799 if (!IN6_IS_ADDR_UNSPECIFIED(laddr))
802 if (wildcard < matchwild) {
804 matchwild = wildcard;
815 in6_multi_match(const struct inpcb *inp, void *v __unused)
818 if ((inp->inp_vflag & INP_IPV6) && inp->in6p_moptions != NULL)
825 in6_pcbpurgeif0(struct inpcbinfo *pcbinfo, struct ifnet *ifp)
827 struct inpcb_iterator inpi = INP_ITERATOR(pcbinfo, INPLOOKUP_RLOCKPCB,
828 in6_multi_match, NULL);
830 struct in6_multi *inm;
831 struct in6_mfilter *imf;
832 struct ip6_moptions *im6o;
834 IN6_MULTI_LOCK_ASSERT();
836 while ((inp = inp_next(&inpi)) != NULL) {
837 INP_RLOCK_ASSERT(inp);
839 im6o = inp->in6p_moptions;
841 * Unselect the outgoing ifp for multicast if it
844 if (im6o->im6o_multicast_ifp == ifp)
845 im6o->im6o_multicast_ifp = NULL;
847 * Drop multicast group membership if we joined
848 * through the interface being detached.
851 IP6_MFILTER_FOREACH(imf, &im6o->im6o_head) {
852 if ((inm = imf->im6f_in6m) == NULL)
854 if (inm->in6m_ifp != ifp)
856 ip6_mfilter_remove(&im6o->im6o_head, imf);
857 in6_leavegroup_locked(inm, NULL);
858 ip6_mfilter_free(imf);
865 * Check for alternatives when higher level complains
866 * about service problems. For now, invalidate cached
867 * routing information. If the route was created dynamically
868 * (by a redirect), time to try a default gateway again.
871 in6_losing(struct inpcb *inp)
874 RO_INVALIDATE_CACHE(&inp->inp_route6);
878 * After a routing change, flush old routing
879 * and allocate a (hopefully) better one.
882 in6_rtchange(struct inpcb *inp, int errno __unused)
885 RO_INVALIDATE_CACHE(&inp->inp_route6);
890 in6_pcblookup_lb_numa_match(const struct inpcblbgroup *grp, int domain)
892 return (domain == M_NODOM || domain == grp->il_numa_domain);
895 static struct inpcb *
896 in6_pcblookup_lbgroup(const struct inpcbinfo *pcbinfo,
897 const struct in6_addr *laddr, uint16_t lport, const struct in6_addr *faddr,
898 uint16_t fport, int lookupflags, uint8_t domain)
900 const struct inpcblbgrouphead *hdr;
901 struct inpcblbgroup *grp;
902 struct inpcblbgroup *jail_exact, *jail_wild, *local_exact, *local_wild;
904 INP_HASH_LOCK_ASSERT(pcbinfo);
906 hdr = &pcbinfo->ipi_lbgrouphashbase[
907 INP_PCBPORTHASH(lport, pcbinfo->ipi_lbgrouphashmask)];
910 * Search for an LB group match based on the following criteria:
911 * - prefer jailed groups to non-jailed groups
912 * - prefer exact source address matches to wildcard matches
913 * - prefer groups bound to the specified NUMA domain
915 jail_exact = jail_wild = local_exact = local_wild = NULL;
916 CK_LIST_FOREACH(grp, hdr, il_list) {
920 if (!(grp->il_vflag & INP_IPV6))
923 if (grp->il_lport != lport)
926 injail = prison_flag(grp->il_cred, PR_IP6) != 0;
927 if (injail && prison_check_ip6_locked(grp->il_cred->cr_prison,
931 if (IN6_ARE_ADDR_EQUAL(&grp->il6_laddr, laddr)) {
934 if (in6_pcblookup_lb_numa_match(grp, domain))
935 /* This is a perfect match. */
937 } else if (local_exact == NULL ||
938 in6_pcblookup_lb_numa_match(grp, domain)) {
941 } else if (IN6_IS_ADDR_UNSPECIFIED(&grp->il6_laddr) &&
942 (lookupflags & INPLOOKUP_WILDCARD) != 0) {
944 if (jail_wild == NULL ||
945 in6_pcblookup_lb_numa_match(grp, domain))
947 } else if (local_wild == NULL ||
948 in6_pcblookup_lb_numa_match(grp, domain)) {
954 if (jail_exact != NULL)
956 else if (jail_wild != NULL)
958 else if (local_exact != NULL)
965 return (grp->il_inp[INP6_PCBLBGROUP_PKTHASH(faddr, lport, fport) %
970 * Lookup PCB in hash list. Used in in_pcb.c as well as here.
973 in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
974 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg,
975 int lookupflags, struct ifnet *ifp, uint8_t numa_domain)
977 struct inpcbhead *head;
978 struct inpcb *inp, *tmpinp;
979 u_short fport = fport_arg, lport = lport_arg;
981 KASSERT((lookupflags & ~(INPLOOKUP_WILDCARD)) == 0,
982 ("%s: invalid lookup flags %d", __func__, lookupflags));
984 INP_HASH_LOCK_ASSERT(pcbinfo);
987 * First look for an exact match.
990 head = &pcbinfo->ipi_hashbase[INP6_PCBHASH(faddr, lport, fport,
991 pcbinfo->ipi_hashmask)];
992 CK_LIST_FOREACH(inp, head, inp_hash) {
993 /* XXX inp locking */
994 if ((inp->inp_vflag & INP_IPV6) == 0)
996 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) &&
997 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
998 inp->inp_fport == fport &&
999 inp->inp_lport == lport) {
1001 * XXX We should be able to directly return
1002 * the inp here, without any checks.
1003 * Well unless both bound with SO_REUSEPORT?
1005 if (prison_flag(inp->inp_cred, PR_IP6))
1015 * Then look for a wildcard match, if requested.
1017 if ((lookupflags & INPLOOKUP_WILDCARD) != 0) {
1018 struct inpcb *local_wild = NULL, *local_exact = NULL;
1019 struct inpcb *jail_wild = NULL;
1023 * First see if an LB group matches the request before scanning
1024 * all sockets on this port.
1026 inp = in6_pcblookup_lbgroup(pcbinfo, laddr, lport, faddr,
1027 fport, lookupflags, numa_domain);
1032 * Order of socket selection - we always prefer jails.
1033 * 1. jailed, non-wild.
1035 * 3. non-jailed, non-wild.
1036 * 4. non-jailed, wild.
1038 head = &pcbinfo->ipi_hashbase[INP_PCBHASH_WILD(lport,
1039 pcbinfo->ipi_hashmask)];
1040 CK_LIST_FOREACH(inp, head, inp_hash) {
1041 /* XXX inp locking */
1042 if ((inp->inp_vflag & INP_IPV6) == 0)
1045 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) ||
1046 inp->inp_lport != lport) {
1050 injail = prison_flag(inp->inp_cred, PR_IP6);
1052 if (prison_check_ip6_locked(
1053 inp->inp_cred->cr_prison, laddr) != 0)
1056 if (local_exact != NULL)
1060 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr)) {
1065 } else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
1071 } /* LIST_FOREACH */
1073 if (jail_wild != NULL)
1075 if (local_exact != NULL)
1076 return (local_exact);
1077 if (local_wild != NULL)
1078 return (local_wild);
1079 } /* if ((lookupflags & INPLOOKUP_WILDCARD) != 0) */
1088 * Lookup PCB in hash list, using pcbinfo tables. This variation locks the
1089 * hash list lock, and will return the inpcb locked (i.e., requires
1090 * INPLOOKUP_LOCKPCB).
1092 static struct inpcb *
1093 in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
1094 u_int fport, struct in6_addr *laddr, u_int lport, int lookupflags,
1095 struct ifnet *ifp, uint8_t numa_domain)
1099 smr_enter(pcbinfo->ipi_smr);
1100 inp = in6_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport,
1101 lookupflags & INPLOOKUP_WILDCARD, ifp, numa_domain);
1103 if (__predict_false(inp_smr_lock(inp,
1104 (lookupflags & INPLOOKUP_LOCKMASK)) == false))
1107 smr_exit(pcbinfo->ipi_smr);
1113 * Public inpcb lookup routines, accepting a 4-tuple, and optionally, an mbuf
1114 * from which a pre-calculated hash value may be extracted.
1117 in6_pcblookup(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, u_int fport,
1118 struct in6_addr *laddr, u_int lport, int lookupflags, struct ifnet *ifp)
1121 KASSERT((lookupflags & ~INPLOOKUP_MASK) == 0,
1122 ("%s: invalid lookup flags %d", __func__, lookupflags));
1123 KASSERT((lookupflags & (INPLOOKUP_RLOCKPCB | INPLOOKUP_WLOCKPCB)) != 0,
1124 ("%s: LOCKPCB not set", __func__));
1126 return (in6_pcblookup_hash(pcbinfo, faddr, fport, laddr, lport,
1127 lookupflags, ifp, M_NODOM));
1131 in6_pcblookup_mbuf(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
1132 u_int fport, struct in6_addr *laddr, u_int lport, int lookupflags,
1133 struct ifnet *ifp, struct mbuf *m)
1136 KASSERT((lookupflags & ~INPLOOKUP_MASK) == 0,
1137 ("%s: invalid lookup flags %d", __func__, lookupflags));
1138 KASSERT((lookupflags & (INPLOOKUP_RLOCKPCB | INPLOOKUP_WLOCKPCB)) != 0,
1139 ("%s: LOCKPCB not set", __func__));
1141 return (in6_pcblookup_hash(pcbinfo, faddr, fport, laddr, lport,
1142 lookupflags, ifp, m->m_pkthdr.numa_domain));
1146 init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m, int srcordst)
1150 ip = mtod(m, struct ip6_hdr *);
1151 bzero(sin6, sizeof(*sin6));
1152 sin6->sin6_len = sizeof(*sin6);
1153 sin6->sin6_family = AF_INET6;
1154 sin6->sin6_addr = srcordst ? ip->ip6_dst : ip->ip6_src;
1156 (void)sa6_recoverscope(sin6); /* XXX: should catch errors... */
projects / FreeBSD / FreeBSD.git / blob