void
udp_input(struct mbuf *m, ...)
{
struct ip *ip;
struct udphdr *uh;
struct inpcb *inp = NULL;
struct mbuf *opts = NULL;
struct ip save_ip;
int iphlen, len;
va_list ap;
u_int16_t savesum;
union {
struct sockaddr sa;
struct sockaddr_in sin;
#ifdef INET6
struct sockaddr_in6 sin6;
#endif /* INET6 */
} srcsa, dstsa;
#ifdef INET6
struct ip6_hdr *ip6;
#endif /* INET6 */
#ifdef IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct tdb *tdb;
int error, s;
#endif /* IPSEC */
va_start(ap, m);
iphlen = va_arg(ap, int);
va_end(ap);
udpstat.udps_ipackets++;
switch (mtod(m, struct ip *)->ip_v) {
case 4:
ip = mtod(m, struct ip *);
#ifdef INET6
ip6 = NULL;
#endif /* INET6 */
srcsa.sa.sa_family = AF_INET;
break;
#ifdef INET6
case 6:
ip = NULL;
ip6 = mtod(m, struct ip6_hdr *);
srcsa.sa.sa_family = AF_INET6;
break;
#endif /* INET6 */
default:
goto bad;
}
IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr));
if (!uh) {
udpstat.udps_hdrops++;
return;
}
/* Check for illegal destination port 0 */
if (uh->uh_dport == 0) {
udpstat.udps_noport++;
goto bad;
}
/*
* Make mbuf data length reflect UDP length.
* If not enough data to reflect UDP length, drop.
*/
len = ntohs((u_int16_t)uh->uh_ulen);
if (ip) {
if (m->m_pkthdr.len - iphlen != len) {
if (len > (m->m_pkthdr.len - iphlen) ||
len < sizeof(struct udphdr)) {
udpstat.udps_badlen++;
goto bad;
}
m_adj(m, len - (m->m_pkthdr.len - iphlen));
}
}
#ifdef INET6
else if (ip6) {
/* jumbograms */
if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff)
len = m->m_pkthdr.len - iphlen;
if (len != m->m_pkthdr.len - iphlen) {
udpstat.udps_badlen++;
goto bad;
}
}
#endif
else /* shouldn't happen */
goto bad;
/*
* Save a copy of the IP header in case we want restore it
* for sending an ICMP error message in response.
*/
if (ip)
save_ip = *ip;
/*
* Checksum extended UDP header and data.
* from W.R.Stevens: check incoming udp cksums even if
* udpcksum is not set.
*/
savesum = uh->uh_sum;
#ifdef INET6
if (ip6) {
/* Be proactive about malicious use of IPv4 mapped address */
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
/* XXX stat */
goto bad;
}
/*
* In IPv6, the UDP checksum is ALWAYS used.
*/
if (uh->uh_sum == 0) {
udpstat.udps_nosum++;
goto bad;
}
if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) {
if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) {
udpstat.udps_badsum++;
udpstat.udps_inhwcsum++;
goto bad;
}
if ((uh->uh_sum = in6_cksum(m, IPPROTO_UDP,
iphlen, len))) {
udpstat.udps_badsum++;
goto bad;
}
} else {
m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK;
udpstat.udps_inhwcsum++;
}
} else
#endif /* INET6 */
if (uh->uh_sum) {
if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) {
if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) {
udpstat.udps_badsum++;
udpstat.udps_inhwcsum++;
m_freem(m);
return;
}
if ((uh->uh_sum = in4_cksum(m, IPPROTO_UDP,
iphlen, len))) {
udpstat.udps_badsum++;
m_freem(m);
return;
}
} else {
m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK;
udpstat.udps_inhwcsum++;
}
} else
udpstat.udps_nosum++;
#ifdef IPSEC
if (udpencap_enable && udpencap_port &&
uh->uh_dport == htons(udpencap_port)) {
u_int32_t spi;
int skip = iphlen + sizeof(struct udphdr);
if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) {
/* packet too short */
m_freem(m);
return;
}
m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi);
/*
* decapsulate if the SPI is not zero, otherwise pass
* to userland
*/
if (spi != 0) {
if ((m = m_pullup2(m, skip)) == NULL) {
udpstat.udps_hdrops++;
return;
}
/* remove the UDP header */
bcopy(mtod(m, u_char *),
mtod(m, u_char *) + sizeof(struct udphdr), iphlen);
m_adj(m, sizeof(struct udphdr));
skip -= sizeof(struct udphdr);
espstat.esps_udpencin++;
ipsec_common_input(m, skip, offsetof(struct ip, ip_p),
srcsa.sa.sa_family, IPPROTO_ESP, 1);
return;
}
}
/*
* IPsec input callback, called by the transform callback. Takes care of
* filtering and other sanity checks on the processed packet.
*/
int
ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff,
struct m_tag *mt)
{
int af, sproto;
u_char prot;
#if NBPFILTER > 0
struct ifnet *encif;
#endif
#ifdef INET
struct ip *ip, ipn;
#endif /* INET */
#ifdef INET6
struct ip6_hdr *ip6, ip6n;
#endif /* INET6 */
struct m_tag *mtag;
struct tdb_ident *tdbi;
af = tdbp->tdb_dst.sa.sa_family;
sproto = tdbp->tdb_sproto;
tdbp->tdb_last_used = time_second;
/* Sanity check */
if (m == NULL) {
/* The called routine will print a message if necessary */
IPSEC_ISTAT(espstat.esps_badkcr, ahstat.ahs_badkcr,
ipcompstat.ipcomps_badkcr);
return EINVAL;
}
#ifdef INET
/* Fix IPv4 header */
if (af == AF_INET) {
if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
"for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return ENOBUFS;
}
ip = mtod(m, struct ip *);
ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
prot = ip->ip_p;
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ipn will now contain the inner IPv4 header */
m_copydata(m, skip, sizeof(struct ip),
(caddr_t) &ipn);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET &&
tdbp->tdb_proxy.sin.sin_addr.s_addr !=
INADDR_ANY &&
ipn.ip_src.s_addr !=
tdbp->tdb_proxy.sin.sin_addr.s_addr) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET, &ipn.ip_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#ifdef INET6
/* IPv6-in-IP encapsulation. */
if (prot == IPPROTO_IPV6) {
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ip6n will now contain the inner IPv6 header. */
m_copydata(m, skip, sizeof(struct ip6_hdr),
(caddr_t) &ip6n);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET6 &&
!IN6_IS_ADDR_UNSPECIFIED(&tdbp->tdb_proxy.sin6.sin6_addr) &&
!IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src,
&tdbp->tdb_proxy.sin6.sin6_addr)) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET6 &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET6_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET6, &ip6n.ip6_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#endif /* INET6 */
}
#endif /* INET */
#ifdef INET6
/* Fix IPv6 header */
if (af == AF_INET6)
{
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
"for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EACCES;
}
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - skip);
/* Save protocol */
m_copydata(m, protoff, 1, (caddr_t) &prot);
#ifdef INET
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ipn will now contain the inner IPv4 header */
m_copydata(m, skip, sizeof(struct ip), (caddr_t) &ipn);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET &&
tdbp->tdb_proxy.sin.sin_addr.s_addr !=
INADDR_ANY &&
ipn.ip_src.s_addr !=
tdbp->tdb_proxy.sin.sin_addr.s_addr) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET, &ipn.ip_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#endif /* INET */
/* IPv6-in-IP encapsulation */
if (prot == IPPROTO_IPV6) {
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ip6n will now contain the inner IPv6 header. */
m_copydata(m, skip, sizeof(struct ip6_hdr),
(caddr_t) &ip6n);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET6 &&
!IN6_IS_ADDR_UNSPECIFIED(&tdbp->tdb_proxy.sin6.sin6_addr) &&
!IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src,
&tdbp->tdb_proxy.sin6.sin6_addr)) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET6 &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET6_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET6, &ip6n.ip6_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
}
#endif /* INET6 */
/*
* Fix TCP/UDP checksum of UDP encapsulated transport mode ESP packet.
* (RFC3948 3.1.2)
*/
if ((af == AF_INET || af == AF_INET6) &&
(tdbp->tdb_flags & TDBF_UDPENCAP) &&
(tdbp->tdb_flags & TDBF_TUNNELING) == 0) {
u_int16_t cksum;
switch (prot) {
case IPPROTO_UDP:
if (m->m_pkthdr.len < skip + sizeof(struct udphdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
cksum = 0;
m_copyback(m, skip + offsetof(struct udphdr, uh_sum),
sizeof(cksum), &cksum, M_NOWAIT);
#ifdef INET6
if (af == AF_INET6) {
cksum = in6_cksum(m, IPPROTO_UDP, skip,
m->m_pkthdr.len - skip);
m_copyback(m, skip + offsetof(struct udphdr,
uh_sum), sizeof(cksum), &cksum, M_NOWAIT);
}
#endif
break;
case IPPROTO_TCP:
if (m->m_pkthdr.len < skip + sizeof(struct tcphdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
cksum = 0;
m_copyback(m, skip + offsetof(struct tcphdr, th_sum),
sizeof(cksum), &cksum, M_NOWAIT);
if (af == AF_INET)
cksum = in4_cksum(m, IPPROTO_TCP, skip,
m->m_pkthdr.len - skip);
#ifdef INET6
else if (af == AF_INET6)
cksum = in6_cksum(m, IPPROTO_TCP, skip,
m->m_pkthdr.len - skip);
#endif
m_copyback(m, skip + offsetof(struct tcphdr, th_sum),
sizeof(cksum), &cksum, M_NOWAIT);
break;
}
