2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Copyright (c) 2010-2011 Juniper Networks, Inc.
6 * Copyright (c) 2014 Kevin Lo
9 * Portions of this software were developed by Robert N. M. Watson under
10 * contract to Juniper Networks, Inc.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the project nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
24 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $
37 * $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $
41 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
42 * The Regents of the University of California.
43 * All rights reserved.
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
48 * 1. Redistributions of source code must retain the above copyright
49 * notice, this list of conditions and the following disclaimer.
50 * 2. Redistributions in binary form must reproduce the above copyright
51 * notice, this list of conditions and the following disclaimer in the
52 * documentation and/or other materials provided with the distribution.
53 * 3. Neither the name of the University nor the names of its contributors
54 * may be used to endorse or promote products derived from this software
55 * without specific prior written permission.
57 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
58 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
59 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
60 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
61 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
62 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
63 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
65 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
66 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
69 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
72 #include <sys/cdefs.h>
73 __FBSDID("$FreeBSD$");
76 #include "opt_inet6.h"
77 #include "opt_ipsec.h"
80 #include <sys/param.h>
82 #include <sys/kernel.h>
87 #include <sys/protosw.h>
89 #include <sys/signalvar.h>
90 #include <sys/socket.h>
91 #include <sys/socketvar.h>
93 #include <sys/sysctl.h>
94 #include <sys/syslog.h>
95 #include <sys/systm.h>
98 #include <net/if_var.h>
99 #include <net/if_types.h>
100 #include <net/route.h>
101 #include <net/rss_config.h>
103 #include <netinet/in.h>
104 #include <netinet/in_kdtrace.h>
105 #include <netinet/in_pcb.h>
106 #include <netinet/in_systm.h>
107 #include <netinet/in_var.h>
108 #include <netinet/ip.h>
109 #include <netinet/ip6.h>
110 #include <netinet/icmp6.h>
111 #include <netinet/ip_var.h>
112 #include <netinet/udp.h>
113 #include <netinet/udp_var.h>
114 #include <netinet/udplite.h>
116 #include <netinet6/ip6protosw.h>
117 #include <netinet6/ip6_var.h>
118 #include <netinet6/in6_pcb.h>
119 #include <netinet6/in6_rss.h>
120 #include <netinet6/udp6_var.h>
121 #include <netinet6/scope6_var.h>
123 #include <netipsec/ipsec_support.h>
125 #include <security/mac/mac_framework.h>
128 * UDP protocol implementation.
129 * Per RFC 768, August, 1980.
132 extern struct protosw inetsw[];
133 static void udp6_detach(struct socket *so);
136 udp6_append(struct inpcb *inp, struct mbuf *n, int off,
137 struct sockaddr_in6 *fromsa)
140 struct mbuf *opts = NULL, *tmp_opts;
143 INP_LOCK_ASSERT(inp);
146 * Engage the tunneling protocol.
149 if (up->u_tun_func != NULL) {
152 (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&fromsa[0],
155 return (in_pcbrele_rlocked(inp));
157 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
158 /* Check AH/ESP integrity. */
159 if (IPSEC_ENABLED(ipv6)) {
160 if (IPSEC_CHECK_POLICY(ipv6, n, inp) != 0) {
167 if (mac_inpcb_check_deliver(inp, n) != 0) {
173 if (inp->inp_flags & INP_CONTROLOPTS ||
174 inp->inp_socket->so_options & SO_TIMESTAMP)
175 ip6_savecontrol(inp, n, &opts);
176 if ((inp->inp_vflag & INP_IPV6) && (inp->inp_flags2 & INP_ORIGDSTADDR)) {
177 tmp_opts = sbcreatecontrol((caddr_t)&fromsa[1],
178 sizeof(struct sockaddr_in6), IPV6_ORIGDSTADDR, IPPROTO_IPV6);
181 tmp_opts->m_next = opts;
188 m_adj(n, off + sizeof(struct udphdr));
190 so = inp->inp_socket;
191 SOCKBUF_LOCK(&so->so_rcv);
192 if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)&fromsa[0], n,
194 SOCKBUF_UNLOCK(&so->so_rcv);
198 UDPSTAT_INC(udps_fullsock);
200 sorwakeup_locked(so);
205 udp6_input(struct mbuf **mp, int *offp, int proto)
207 struct mbuf *m = *mp;
212 struct inpcbinfo *pcbinfo;
217 struct epoch_tracker et;
218 struct sockaddr_in6 fromsa[2];
219 struct m_tag *fwd_tag;
223 ifp = m->m_pkthdr.rcvif;
225 if (m->m_len < off + sizeof(struct udphdr)) {
226 m = m_pullup(m, off + sizeof(struct udphdr));
228 IP6STAT_INC(ip6s_exthdrtoolong);
230 return (IPPROTO_DONE);
233 ip6 = mtod(m, struct ip6_hdr *);
234 uh = (struct udphdr *)((caddr_t)ip6 + off);
236 UDPSTAT_INC(udps_ipackets);
239 * Destination port of 0 is illegal, based on RFC768.
241 if (uh->uh_dport == 0)
244 plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
245 ulen = ntohs((u_short)uh->uh_ulen);
248 cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0;
249 if (nxt == IPPROTO_UDPLITE) {
250 /* Zero means checksum over the complete packet. */
255 if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) {
256 /* XXX: What is the right UDPLite MIB counter? */
259 if (uh->uh_sum == 0) {
260 /* XXX: What is the right UDPLite MIB counter? */
264 if ((ulen < sizeof(struct udphdr)) || (plen != ulen)) {
265 UDPSTAT_INC(udps_badlen);
268 if (uh->uh_sum == 0) {
269 UDPSTAT_INC(udps_nosum);
274 if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) &&
276 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
277 uh_sum = m->m_pkthdr.csum_data;
279 uh_sum = in6_cksum_pseudo(ip6, ulen, nxt,
280 m->m_pkthdr.csum_data);
283 uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen);
286 UDPSTAT_INC(udps_badsum);
291 * Construct sockaddr format source address.
293 init_sin6(&fromsa[0], m, 0);
294 fromsa[0].sin6_port = uh->uh_sport;
295 init_sin6(&fromsa[1], m, 1);
296 fromsa[1].sin6_port = uh->uh_dport;
298 pcbinfo = udp_get_inpcbinfo(nxt);
299 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
301 struct inpcbhead *pcblist;
302 struct ip6_moptions *imo;
304 INP_INFO_RLOCK_ET(pcbinfo, et);
306 * In the event that laddr should be set to the link-local
307 * address (this happens in RIPng), the multicast address
308 * specified in the received packet will not match laddr. To
309 * handle this situation, matching is relaxed if the
310 * receiving interface is the same as one specified in the
311 * socket and if the destination multicast address matches
312 * one of the multicast groups specified in the socket.
316 * KAME note: traditionally we dropped udpiphdr from mbuf
317 * here. We need udphdr for IPsec processing so we do that
320 pcblist = udp_get_pcblist(nxt);
322 CK_LIST_FOREACH(inp, pcblist, inp_list) {
323 if ((inp->inp_vflag & INP_IPV6) == 0)
325 if (inp->inp_lport != uh->uh_dport)
327 if (inp->inp_fport != 0 &&
328 inp->inp_fport != uh->uh_sport)
330 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
331 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
335 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
336 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
338 inp->inp_fport != uh->uh_sport)
343 * XXXRW: Because we weren't holding either the inpcb
344 * or the hash lock when we checked for a match
345 * before, we should probably recheck now that the
346 * inpcb lock is (supposed to be) held.
350 * Handle socket delivery policy for any-source
351 * and source-specific multicast. [RFC3678]
353 imo = inp->in6p_moptions;
354 if (imo && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
355 struct sockaddr_in6 mcaddr;
359 if (__predict_false(inp->inp_flags2 & INP_FREED)) {
364 bzero(&mcaddr, sizeof(struct sockaddr_in6));
365 mcaddr.sin6_len = sizeof(struct sockaddr_in6);
366 mcaddr.sin6_family = AF_INET6;
367 mcaddr.sin6_addr = ip6->ip6_dst;
369 blocked = im6o_mc_filter(imo, ifp,
370 (struct sockaddr *)&mcaddr,
371 (struct sockaddr *)&fromsa[0]);
372 if (blocked != MCAST_PASS) {
373 if (blocked == MCAST_NOTGMEMBER)
374 IP6STAT_INC(ip6s_notmember);
375 if (blocked == MCAST_NOTSMEMBER ||
376 blocked == MCAST_MUTED)
377 UDPSTAT_INC(udps_filtermcast);
378 INP_RUNLOCK(inp); /* XXX */
387 if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) !=
390 if (__predict_true(last->inp_flags2 & INP_FREED) == 0) {
391 if (nxt == IPPROTO_UDPLITE)
392 UDPLITE_PROBE(receive, NULL, last,
395 UDP_PROBE(receive, NULL, last,
397 if (udp6_append(last, n, off, fromsa)) {
398 /* XXX-BZ do we leak m here? */
408 * Don't look for additional matches if this one does
409 * not have either the SO_REUSEPORT or SO_REUSEADDR
410 * socket options set. This heuristic avoids
411 * searching through all pcbs in the common case of a
412 * non-shared port. It assumes that an application
413 * will never clear these options after setting them.
415 if ((last->inp_socket->so_options &
416 (SO_REUSEPORT|SO_REUSEPORT_LB|SO_REUSEADDR)) == 0)
422 * No matching pcb found; discard datagram. (No need
423 * to send an ICMP Port Unreachable for a broadcast
424 * or multicast datgram.)
426 UDPSTAT_INC(udps_noport);
427 UDPSTAT_INC(udps_noportmcast);
431 if (__predict_true(last->inp_flags2 & INP_FREED) == 0) {
432 if (nxt == IPPROTO_UDPLITE)
433 UDPLITE_PROBE(receive, NULL, last, ip6, last, uh);
435 UDP_PROBE(receive, NULL, last, ip6, last, uh);
436 if (udp6_append(last, m, off, fromsa) == 0)
441 INP_INFO_RUNLOCK_ET(pcbinfo, et);
443 return (IPPROTO_DONE);
446 * Locate pcb for datagram.
450 * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
452 if ((m->m_flags & M_IP6_NEXTHOP) &&
453 (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
454 struct sockaddr_in6 *next_hop6;
456 next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
459 * Transparently forwarded. Pretend to be the destination.
460 * Already got one like this?
462 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
463 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
464 INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m);
467 * It's new. Try to find the ambushing socket.
468 * Because we've rewritten the destination address,
469 * any hardware-generated hash is ignored.
471 inp = in6_pcblookup(pcbinfo, &ip6->ip6_src,
472 uh->uh_sport, &next_hop6->sin6_addr,
473 next_hop6->sin6_port ? htons(next_hop6->sin6_port) :
474 uh->uh_dport, INPLOOKUP_WILDCARD |
475 INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif);
477 /* Remove the tag from the packet. We don't need it anymore. */
478 m_tag_delete(m, fwd_tag);
479 m->m_flags &= ~M_IP6_NEXTHOP;
481 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
482 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
483 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
484 m->m_pkthdr.rcvif, m);
486 if (V_udp_log_in_vain) {
487 char ip6bufs[INET6_ADDRSTRLEN];
488 char ip6bufd[INET6_ADDRSTRLEN];
491 "Connection attempt to UDP [%s]:%d from [%s]:%d\n",
492 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
494 ip6_sprintf(ip6bufs, &ip6->ip6_src),
495 ntohs(uh->uh_sport));
497 if (nxt == IPPROTO_UDPLITE)
498 UDPLITE_PROBE(receive, NULL, NULL, ip6, NULL, uh);
500 UDP_PROBE(receive, NULL, NULL, ip6, NULL, uh);
501 UDPSTAT_INC(udps_noport);
502 if (m->m_flags & M_MCAST) {
503 printf("UDP6: M_MCAST is set in a unicast packet.\n");
504 UDPSTAT_INC(udps_noportmcast);
509 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
511 return (IPPROTO_DONE);
513 INP_RLOCK_ASSERT(inp);
516 if (up->u_rxcslen == 0 || up->u_rxcslen > ulen) {
520 return (IPPROTO_DONE);
523 if (nxt == IPPROTO_UDPLITE)
524 UDPLITE_PROBE(receive, NULL, inp, ip6, inp, uh);
526 UDP_PROBE(receive, NULL, inp, ip6, inp, uh);
527 if (udp6_append(inp, m, off, fromsa) == 0)
530 return (IPPROTO_DONE);
533 INP_INFO_RUNLOCK_ET(pcbinfo, et);
538 return (IPPROTO_DONE);
542 udp6_common_ctlinput(int cmd, struct sockaddr *sa, void *d,
543 struct inpcbinfo *pcbinfo)
549 struct ip6ctlparam *ip6cp = NULL;
550 const struct sockaddr_in6 *sa6_src = NULL;
552 struct inpcb *(*notify)(struct inpcb *, int) = udp_notify;
553 struct udp_portonly {
558 if (sa->sa_family != AF_INET6 ||
559 sa->sa_len != sizeof(struct sockaddr_in6))
562 if ((unsigned)cmd >= PRC_NCMDS)
564 if (PRC_IS_REDIRECT(cmd))
565 notify = in6_rtchange, d = NULL;
566 else if (cmd == PRC_HOSTDEAD)
568 else if (inet6ctlerrmap[cmd] == 0)
571 /* if the parameter is from icmp6, decode it. */
573 ip6cp = (struct ip6ctlparam *)d;
575 ip6 = ip6cp->ip6c_ip6;
576 off = ip6cp->ip6c_off;
577 cmdarg = ip6cp->ip6c_cmdarg;
578 sa6_src = ip6cp->ip6c_src;
588 * XXX: We assume that when IPV6 is non NULL,
589 * M and OFF are valid.
592 /* Check if we can safely examine src and dst ports. */
593 if (m->m_pkthdr.len < off + sizeof(*uhp))
596 bzero(&uh, sizeof(uh));
597 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh);
599 if (!PRC_IS_REDIRECT(cmd)) {
600 /* Check to see if its tunneled */
602 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_dst,
603 uh.uh_dport, &ip6->ip6_src, uh.uh_sport,
604 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
605 m->m_pkthdr.rcvif, m);
610 if (up->u_icmp_func) {
613 (*up->u_icmp_func)(cmd, (struct sockaddr *)ip6cp->ip6c_src,
622 (void)in6_pcbnotify(pcbinfo, sa, uh.uh_dport,
623 (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd,
626 (void)in6_pcbnotify(pcbinfo, sa, 0,
627 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify);
631 udp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
634 return (udp6_common_ctlinput(cmd, sa, d, &V_udbinfo));
638 udplite6_ctlinput(int cmd, struct sockaddr *sa, void *d)
641 return (udp6_common_ctlinput(cmd, sa, d, &V_ulitecbinfo));
645 udp6_getcred(SYSCTL_HANDLER_ARGS)
648 struct sockaddr_in6 addrs[2];
652 error = priv_check(req->td, PRIV_NETINET_GETCRED);
656 if (req->newlen != sizeof(addrs))
658 if (req->oldlen != sizeof(struct xucred))
660 error = SYSCTL_IN(req, addrs, sizeof(addrs));
663 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 ||
664 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) {
667 inp = in6_pcblookup(&V_udbinfo, &addrs[1].sin6_addr,
668 addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port,
669 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
671 INP_RLOCK_ASSERT(inp);
672 if (inp->inp_socket == NULL)
675 error = cr_canseesocket(req->td->td_ucred,
678 cru2x(inp->inp_cred, &xuc);
683 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
687 SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0,
688 0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection");
692 #define UH_UNLOCKED 0
694 udp6_output(struct socket *so, int flags_arg, struct mbuf *m,
695 struct sockaddr *addr6, struct mbuf *control, struct thread *td)
697 struct inpcbinfo *pcbinfo;
701 struct in6_addr *laddr, *faddr, in6a;
702 struct ip6_pktopts *optp, opt;
703 struct sockaddr_in6 *sin6, tmp;
704 struct epoch_tracker et;
705 int cscov_partial, error, flags, hlen, scope_ambiguous;
706 u_int32_t ulen, plen;
709 uint8_t nxt, unlock_inp, unlock_udbinfo;
711 /* addr6 has been validated in udp6_send(). */
712 sin6 = (struct sockaddr_in6 *)addr6;
715 * In contrast to to IPv4 we do not validate the max. packet length
716 * here due to IPv6 Jumbograms (RFC2675).
721 /* Protect *addr6 from overwrites. */
726 * Application should provide a proper zone ID or the use of
727 * default zone IDs should be enabled. Unfortunately, some
728 * applications do not behave as it should, so we need a
729 * workaround. Even if an appropriate ID is not determined,
730 * we'll see if we can determine the outgoing interface. If we
731 * can, determine the zone ID based on the interface below.
733 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone)
735 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) {
744 KASSERT(inp != NULL, ("%s: inp == NULL", __func__));
746 * In the following cases we want a write lock on the inp for either
747 * local operations or for possible route cache updates in the IPv6
749 * - on connected sockets (sin6 is NULL) for route cache updates,
750 * - when we are not bound to an address and source port (it is
751 * in6_pcbsetport() which will require the write lock).
754 if (sin6 == NULL || (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
755 inp->inp_lport == 0)) {
758 * In case we lost a race and another thread bound addr/port
759 * on the inp we cannot keep the wlock (which still would be
760 * fine) as further down, based on these values we make
761 * decisions for the pcbinfo lock. If the locks are not in
762 * synch the assertions on unlock will fire, hence we go for
766 (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ||
767 inp->inp_lport != 0)) {
771 unlock_inp = UH_WLOCKED;
774 unlock_inp = UH_RLOCKED;
776 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
777 IPPROTO_UDP : IPPROTO_UDPLITE;
780 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
784 hasv4addr = (inp->inp_vflag & INP_IPV4);
786 hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)
789 struct pr_usrreqs *pru;
792 * XXXRW: We release UDP-layer locks before calling
793 * udp_send() in order to avoid recursion. However,
794 * this does mean there is a short window where inp's
795 * fields are unstable. Could this lead to a
796 * potential race in which the factors causing us to
797 * select the UDPv4 output routine are invalidated?
799 if (unlock_inp == UH_WLOCKED)
804 in6_sin6_2_sin_in_sock((struct sockaddr *)sin6);
805 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
806 /* addr will just be freed in sendit(). */
807 return ((*pru->pru_send)(so, flags_arg, m,
808 (struct sockaddr *)sin6, control, td));
812 if (sin6 && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
814 * Given this is either an IPv6-only socket or no INET is
815 * supported we will fail the send if the given destination
816 * address is a v4mapped address.
818 if (unlock_inp == UH_WLOCKED)
826 if ((error = ip6_setpktopts(control, &opt,
827 inp->in6p_outputopts, td->td_ucred, nxt)) != 0) {
828 if (unlock_inp == UH_WLOCKED)
832 ip6_clearpktopts(&opt, -1);
840 optp = inp->in6p_outputopts;
842 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
844 IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && inp->inp_lport == 0) {
845 INP_HASH_WLOCK(pcbinfo);
846 unlock_udbinfo = UH_WLOCKED;
847 } else if (sin6 != NULL &&
848 (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr) ||
849 IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ||
850 inp->inp_lport == 0)) {
851 INP_HASH_RLOCK_ET(pcbinfo, et);
852 unlock_udbinfo = UH_RLOCKED;
854 unlock_udbinfo = UH_UNLOCKED;
859 * Since we saw no essential reason for calling in_pcbconnect,
860 * we get rid of such kind of logic, and call in6_selectsrc
861 * and in6_pcbsetport in order to fill in the local address
862 * and the local port.
864 if (sin6->sin6_port == 0) {
865 error = EADDRNOTAVAIL;
869 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
870 /* how about ::ffff:0.0.0.0 case? */
876 * Given we handle the v4mapped case in the INET block above
877 * assert here that it must not happen anymore.
879 KASSERT(!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr),
880 ("%s: sin6(%p)->sin6_addr is v4mapped which we "
881 "should have handled.", __func__, sin6));
883 /* This only requires read-locking. */
884 error = in6_selectsrc_socket(sin6, optp, inp,
885 td->td_ucred, scope_ambiguous, &in6a, NULL);
890 if (inp->inp_lport == 0) {
892 INP_WLOCK_ASSERT(inp);
893 error = in6_pcbsetport(laddr, inp, td->td_ucred);
895 /* Undo an address bind that may have occurred. */
896 inp->in6p_laddr = in6addr_any;
900 faddr = &sin6->sin6_addr;
901 fport = sin6->sin6_port; /* allow 0 port */
904 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
908 laddr = &inp->in6p_laddr;
909 faddr = &inp->in6p_faddr;
910 fport = inp->inp_fport;
913 ulen = m->m_pkthdr.len;
914 plen = sizeof(struct udphdr) + ulen;
915 hlen = sizeof(struct ip6_hdr);
918 * Calculate data length and get a mbuf
919 * for UDP and IP6 headers.
921 M_PREPEND(m, hlen + sizeof(struct udphdr), M_NOWAIT);
928 * Stuff checksum and output datagram.
930 cscov = cscov_partial = 0;
931 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
932 udp6->uh_sport = inp->inp_lport; /* lport is always set in the PCB */
933 udp6->uh_dport = fport;
934 if (nxt == IPPROTO_UDPLITE) {
938 cscov = up->u_txcslen;
941 udp6->uh_ulen = htons(cscov);
943 * For UDP-Lite, checksum coverage length of zero means
944 * the entire UDPLite packet is covered by the checksum.
946 cscov_partial = (cscov == 0) ? 0 : 1;
947 } else if (plen <= 0xffff)
948 udp6->uh_ulen = htons((u_short)plen);
953 ip6 = mtod(m, struct ip6_hdr *);
954 ip6->ip6_flow = inp->inp_flow & IPV6_FLOWINFO_MASK;
955 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
956 ip6->ip6_vfc |= IPV6_VERSION;
957 ip6->ip6_plen = htons((u_short)plen);
959 ip6->ip6_hlim = in6_selecthlim(inp, NULL);
960 ip6->ip6_src = *laddr;
961 ip6->ip6_dst = *faddr;
964 mac_inpcb_create_mbuf(inp, m);
968 if ((udp6->uh_sum = in6_cksum_partial(m, nxt,
969 sizeof(struct ip6_hdr), plen, cscov)) == 0)
970 udp6->uh_sum = 0xffff;
972 udp6->uh_sum = in6_cksum_pseudo(ip6, plen, nxt, 0);
973 m->m_pkthdr.csum_flags = CSUM_UDP_IPV6;
974 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
980 uint32_t hash_val, hash_type;
983 pr = inp->inp_socket->so_proto->pr_protocol;
985 * Calculate an appropriate RSS hash for UDP and
988 * The called function will take care of figuring out
989 * whether a 2-tuple or 4-tuple hash is required based
990 * on the currently configured scheme.
992 * Later later on connected socket values should be
993 * cached in the inpcb and reused, rather than constantly
996 * UDP Lite is a different protocol number and will
997 * likely end up being hashed as a 2-tuple until
998 * RSS / NICs grow UDP Lite protocol awareness.
1000 if (rss_proto_software_hash_v6(faddr, laddr, fport,
1001 inp->inp_lport, pr, &hash_val, &hash_type) == 0) {
1002 m->m_pkthdr.flowid = hash_val;
1003 M_HASHTYPE_SET(m, hash_type);
1007 * Don't override with the inp cached flowid.
1009 * Until the whole UDP path is vetted, it may actually
1012 flags |= IP_NODEFAULTFLOWID;
1016 UDPSTAT_INC(udps_opackets);
1017 if (unlock_udbinfo == UH_WLOCKED)
1018 INP_HASH_WUNLOCK(pcbinfo);
1019 else if (unlock_udbinfo == UH_RLOCKED)
1020 INP_HASH_RUNLOCK_ET(pcbinfo, et);
1021 if (nxt == IPPROTO_UDPLITE)
1022 UDPLITE_PROBE(send, NULL, inp, ip6, inp, udp6);
1024 UDP_PROBE(send, NULL, inp, ip6, inp, udp6);
1025 error = ip6_output(m, optp,
1026 (unlock_inp == UH_WLOCKED) ? &inp->inp_route6 : NULL, flags,
1027 inp->in6p_moptions, NULL, inp);
1028 if (unlock_inp == UH_WLOCKED)
1034 ip6_clearpktopts(&opt, -1);
1040 if (unlock_udbinfo == UH_WLOCKED) {
1041 KASSERT(unlock_inp == UH_WLOCKED, ("%s: excl udbinfo lock, "
1042 "non-excl inp lock: pcbinfo %p %#x inp %p %#x",
1043 __func__, pcbinfo, unlock_udbinfo, inp, unlock_inp));
1044 INP_HASH_WUNLOCK(pcbinfo);
1046 } else if (unlock_udbinfo == UH_RLOCKED) {
1047 KASSERT(unlock_inp == UH_RLOCKED, ("%s: non-excl udbinfo lock, "
1048 "excl inp lock: pcbinfo %p %#x inp %p %#x",
1049 __func__, pcbinfo, unlock_udbinfo, inp, unlock_inp));
1050 INP_HASH_RUNLOCK_ET(pcbinfo, et);
1052 } else if (unlock_inp == UH_WLOCKED)
1057 ip6_clearpktopts(&opt, -1);
1066 udp6_abort(struct socket *so)
1069 struct inpcbinfo *pcbinfo;
1071 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1072 inp = sotoinpcb(so);
1073 KASSERT(inp != NULL, ("udp6_abort: inp == NULL"));
1077 if (inp->inp_vflag & INP_IPV4) {
1078 struct pr_usrreqs *pru;
1081 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
1082 IPPROTO_UDP : IPPROTO_UDPLITE;
1084 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1085 (*pru->pru_abort)(so);
1090 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1091 INP_HASH_WLOCK(pcbinfo);
1092 in6_pcbdisconnect(inp);
1093 inp->in6p_laddr = in6addr_any;
1094 INP_HASH_WUNLOCK(pcbinfo);
1095 soisdisconnected(so);
1101 udp6_attach(struct socket *so, int proto, struct thread *td)
1104 struct inpcbinfo *pcbinfo;
1107 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1108 inp = sotoinpcb(so);
1109 KASSERT(inp == NULL, ("udp6_attach: inp != NULL"));
1111 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
1112 error = soreserve(so, udp_sendspace, udp_recvspace);
1116 INP_INFO_WLOCK(pcbinfo);
1117 error = in_pcballoc(so, pcbinfo);
1119 INP_INFO_WUNLOCK(pcbinfo);
1122 inp = (struct inpcb *)so->so_pcb;
1123 inp->inp_vflag |= INP_IPV6;
1124 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
1125 inp->inp_vflag |= INP_IPV4;
1126 inp->in6p_hops = -1; /* use kernel default */
1127 inp->in6p_cksum = -1; /* just to be sure */
1130 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
1131 * because the socket may be bound to an IPv6 wildcard address,
1132 * which may match an IPv4-mapped IPv6 address.
1134 inp->inp_ip_ttl = V_ip_defttl;
1136 error = udp_newudpcb(inp);
1140 INP_INFO_WUNLOCK(pcbinfo);
1144 INP_INFO_WUNLOCK(pcbinfo);
1149 udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
1152 struct inpcbinfo *pcbinfo;
1156 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1157 inp = sotoinpcb(so);
1158 KASSERT(inp != NULL, ("udp6_bind: inp == NULL"));
1161 INP_HASH_WLOCK(pcbinfo);
1162 vflagsav = inp->inp_vflag;
1163 inp->inp_vflag &= ~INP_IPV4;
1164 inp->inp_vflag |= INP_IPV6;
1165 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
1166 struct sockaddr_in6 *sin6_p;
1168 sin6_p = (struct sockaddr_in6 *)nam;
1170 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr))
1171 inp->inp_vflag |= INP_IPV4;
1173 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) {
1174 struct sockaddr_in sin;
1176 in6_sin6_2_sin(&sin, sin6_p);
1177 inp->inp_vflag |= INP_IPV4;
1178 inp->inp_vflag &= ~INP_IPV6;
1179 error = in_pcbbind(inp, (struct sockaddr *)&sin,
1186 error = in6_pcbbind(inp, nam, td->td_ucred);
1191 inp->inp_vflag = vflagsav;
1192 INP_HASH_WUNLOCK(pcbinfo);
1198 udp6_close(struct socket *so)
1201 struct inpcbinfo *pcbinfo;
1203 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1204 inp = sotoinpcb(so);
1205 KASSERT(inp != NULL, ("udp6_close: inp == NULL"));
1209 if (inp->inp_vflag & INP_IPV4) {
1210 struct pr_usrreqs *pru;
1213 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
1214 IPPROTO_UDP : IPPROTO_UDPLITE;
1216 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1217 (*pru->pru_disconnect)(so);
1221 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1222 INP_HASH_WLOCK(pcbinfo);
1223 in6_pcbdisconnect(inp);
1224 inp->in6p_laddr = in6addr_any;
1225 INP_HASH_WUNLOCK(pcbinfo);
1226 soisdisconnected(so);
1232 udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
1235 struct inpcbinfo *pcbinfo;
1236 struct sockaddr_in6 *sin6;
1240 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1241 inp = sotoinpcb(so);
1242 sin6 = (struct sockaddr_in6 *)nam;
1243 KASSERT(inp != NULL, ("udp6_connect: inp == NULL"));
1246 * XXXRW: Need to clarify locking of v4/v6 flags.
1250 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
1251 struct sockaddr_in sin;
1253 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0) {
1257 if ((inp->inp_vflag & INP_IPV4) == 0) {
1258 error = EAFNOSUPPORT;
1261 if (inp->inp_faddr.s_addr != INADDR_ANY) {
1265 in6_sin6_2_sin(&sin, sin6);
1266 error = prison_remote_ip4(td->td_ucred, &sin.sin_addr);
1269 vflagsav = inp->inp_vflag;
1270 inp->inp_vflag |= INP_IPV4;
1271 inp->inp_vflag &= ~INP_IPV6;
1272 INP_HASH_WLOCK(pcbinfo);
1273 error = in_pcbconnect(inp, (struct sockaddr *)&sin,
1275 INP_HASH_WUNLOCK(pcbinfo);
1277 * If connect succeeds, mark socket as connected. If
1278 * connect fails and socket is unbound, reset inp_vflag
1283 else if (inp->inp_laddr.s_addr == INADDR_ANY &&
1284 inp->inp_lport == 0)
1285 inp->inp_vflag = vflagsav;
1288 if ((inp->inp_vflag & INP_IPV6) == 0) {
1289 error = EAFNOSUPPORT;
1294 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1298 error = prison_remote_ip6(td->td_ucred, &sin6->sin6_addr);
1301 vflagsav = inp->inp_vflag;
1302 inp->inp_vflag &= ~INP_IPV4;
1303 inp->inp_vflag |= INP_IPV6;
1304 INP_HASH_WLOCK(pcbinfo);
1305 error = in6_pcbconnect(inp, nam, td->td_ucred);
1306 INP_HASH_WUNLOCK(pcbinfo);
1308 * If connect succeeds, mark socket as connected. If
1309 * connect fails and socket is unbound, reset inp_vflag
1314 else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
1315 inp->inp_lport == 0)
1316 inp->inp_vflag = vflagsav;
1323 udp6_detach(struct socket *so)
1326 struct inpcbinfo *pcbinfo;
1329 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1330 inp = sotoinpcb(so);
1331 KASSERT(inp != NULL, ("udp6_detach: inp == NULL"));
1333 INP_INFO_WLOCK(pcbinfo);
1335 up = intoudpcb(inp);
1336 KASSERT(up != NULL, ("%s: up == NULL", __func__));
1339 INP_INFO_WUNLOCK(pcbinfo);
1344 udp6_disconnect(struct socket *so)
1347 struct inpcbinfo *pcbinfo;
1349 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1350 inp = sotoinpcb(so);
1351 KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL"));
1355 if (inp->inp_vflag & INP_IPV4) {
1356 struct pr_usrreqs *pru;
1359 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
1360 IPPROTO_UDP : IPPROTO_UDPLITE;
1362 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1363 (void)(*pru->pru_disconnect)(so);
1368 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1373 INP_HASH_WLOCK(pcbinfo);
1374 in6_pcbdisconnect(inp);
1375 inp->in6p_laddr = in6addr_any;
1376 INP_HASH_WUNLOCK(pcbinfo);
1378 so->so_state &= ~SS_ISCONNECTED; /* XXX */
1385 udp6_send(struct socket *so, int flags, struct mbuf *m,
1386 struct sockaddr *addr, struct mbuf *control, struct thread *td)
1391 if (addr->sa_len != sizeof(struct sockaddr_in6)) {
1395 if (addr->sa_family != AF_INET6) {
1396 error = EAFNOSUPPORT;
1401 return (udp6_output(so, flags, m, addr, control, td));
1410 struct pr_usrreqs udp6_usrreqs = {
1411 .pru_abort = udp6_abort,
1412 .pru_attach = udp6_attach,
1413 .pru_bind = udp6_bind,
1414 .pru_connect = udp6_connect,
1415 .pru_control = in6_control,
1416 .pru_detach = udp6_detach,
1417 .pru_disconnect = udp6_disconnect,
1418 .pru_peeraddr = in6_mapped_peeraddr,
1419 .pru_send = udp6_send,
1420 .pru_shutdown = udp_shutdown,
1421 .pru_sockaddr = in6_mapped_sockaddr,
1422 .pru_soreceive = soreceive_dgram,
1423 .pru_sosend = sosend_dgram,
1424 .pru_sosetlabel = in_pcbsosetlabel,
1425 .pru_close = udp6_close