int
udp6_output(struct in6pcb *in6p, struct mbuf *m, struct sockaddr *addr6,
struct mbuf *control, struct thread *td)
{
u_int32_t ulen = m->m_pkthdr.len;
u_int32_t plen = sizeof(struct udphdr) + ulen;
struct ip6_hdr *ip6;
struct udphdr *udp6;
struct in6_addr *laddr, *faddr;
u_short fport;
int error = 0;
struct ip6_pktopts opt, *stickyopt = in6p->in6p_outputopts;
int priv;
int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
int flags;
struct sockaddr_in6 tmp;
priv = !priv_check(td, PRIV_ROOT); /* 1 if privileged, 0 if not */
if (control) {
if ((error = ip6_setpktoptions(control, &opt,
in6p->in6p_outputopts,
IPPROTO_UDP, priv)) != 0)
goto release;
in6p->in6p_outputopts = &opt;
}
if (addr6) {
/*
* IPv4 version of udp_output calls in_pcbconnect in this case,
* which needs splnet and affects performance.
* Since we saw no essential reason for calling in_pcbconnect,
* we get rid of such kind of logic, and call in6_selectsrc
* and in6_pcbsetport in order to fill in the local address
* and the local port.
*/
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr6;
if (sin6->sin6_port == 0) {
error = EADDRNOTAVAIL;
goto release;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
/* how about ::ffff:0.0.0.0 case? */
error = EISCONN;
goto release;
}
if (!prison_remote_ip(td, addr6)) {
error = EAFNOSUPPORT; /* IPv4 only jail */
goto release;
}
/* protect *sin6 from overwrites */
tmp = *sin6;
sin6 = &tmp;
faddr = &sin6->sin6_addr;
fport = sin6->sin6_port; /* allow 0 port */
if (IN6_IS_ADDR_V4MAPPED(faddr)) {
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
/*
* I believe we should explicitly discard the
* packet when mapped addresses are disabled,
* rather than send the packet as an IPv6 one.
* If we chose the latter approach, the packet
* might be sent out on the wire based on the
* default route, the situation which we'd
* probably want to avoid.
* (20010421 [email protected])
*/
error = EINVAL;
goto release;
} else
af = AF_INET;
}
/* KAME hack: embed scopeid */
if (in6_embedscope(&sin6->sin6_addr, sin6, in6p, NULL) != 0) {
error = EINVAL;
goto release;
}
if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
laddr = in6_selectsrc(sin6, in6p->in6p_outputopts,
in6p->in6p_moptions,
&in6p->in6p_route,
&in6p->in6p_laddr, &error, NULL);
} else
laddr = &in6p->in6p_laddr; /* XXX */
if (laddr == NULL) {
if (error == 0)
error = EADDRNOTAVAIL;
goto release;
}
if (in6p->in6p_lport == 0 &&
(error = in6_pcbsetport(laddr, in6p, td)) != 0)
goto release;
} else {
if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
error = ENOTCONN;
goto release;
}
if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) {
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
/*
* XXX: this case would happen when the
* application sets the V6ONLY flag after
* connecting the foreign address.
* Such applications should be fixed,
* so we bark here.
*/
log(LOG_INFO, "udp6_output: IPV6_V6ONLY "
"option was set for a connected socket\n");
error = EINVAL;
goto release;
} else
af = AF_INET;
}
laddr = &in6p->in6p_laddr;
faddr = &in6p->in6p_faddr;
fport = in6p->in6p_fport;
}
if (af == AF_INET)
hlen = sizeof(struct ip);
/*
* Calculate data length and get a mbuf
* for UDP and IP6 headers.
*/
M_PREPEND(m, hlen + sizeof(struct udphdr), MB_DONTWAIT);
if (m == NULL) {
error = ENOBUFS;
goto release;
}
/*
* Stuff checksum and output datagram.
*/
udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */
udp6->uh_dport = fport;
if (plen <= 0xffff)
udp6->uh_ulen = htons((u_short)plen);
else
udp6->uh_ulen = 0;
udp6->uh_sum = 0;
switch (af) {
case AF_INET6:
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
#if 0 /* ip6_plen will be filled in ip6_output. */
ip6->ip6_plen = htons((u_short)plen);
#endif
ip6->ip6_nxt = IPPROTO_UDP;
ip6->ip6_hlim = in6_selecthlim(in6p,
in6p->in6p_route.ro_rt ?
in6p->in6p_route.ro_rt->rt_ifp : NULL);
ip6->ip6_src = *laddr;
ip6->ip6_dst = *faddr;
if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP,
sizeof(struct ip6_hdr), plen)) == 0) {
udp6->uh_sum = 0xffff;
}
flags = 0;
udp6stat.udp6s_opackets++;
error = ip6_output(m, in6p->in6p_outputopts, &in6p->in6p_route,
flags, in6p->in6p_moptions, NULL, in6p);
break;
case AF_INET:
error = EAFNOSUPPORT;
goto release;
}
goto releaseopt;
release:
m_freem(m);
releaseopt:
if (control) {
ip6_clearpktopts(in6p->in6p_outputopts, -1);
in6p->in6p_outputopts = stickyopt;
m_freem(control);
}
return (error);
}
/*
* IPsec input callback, called by the transform callback. Takes care of
* filtering and other sanity checks on the processed packet.
*/
int
ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff,
struct m_tag *mt)
{
int af, sproto;
u_char prot;
#if NBPFILTER > 0
struct ifnet *encif;
#endif
#ifdef INET
struct ip *ip, ipn;
#endif /* INET */
#ifdef INET6
struct ip6_hdr *ip6, ip6n;
#endif /* INET6 */
struct m_tag *mtag;
struct tdb_ident *tdbi;
af = tdbp->tdb_dst.sa.sa_family;
sproto = tdbp->tdb_sproto;
tdbp->tdb_last_used = time_second;
/* Sanity check */
if (m == NULL) {
/* The called routine will print a message if necessary */
IPSEC_ISTAT(espstat.esps_badkcr, ahstat.ahs_badkcr,
ipcompstat.ipcomps_badkcr);
return EINVAL;
}
#ifdef INET
/* Fix IPv4 header */
if (af == AF_INET) {
if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
"for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return ENOBUFS;
}
ip = mtod(m, struct ip *);
ip->ip_len = htons(m->m_pkthdr.len);
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
prot = ip->ip_p;
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ipn will now contain the inner IPv4 header */
m_copydata(m, skip, sizeof(struct ip),
(caddr_t) &ipn);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET &&
tdbp->tdb_proxy.sin.sin_addr.s_addr !=
INADDR_ANY &&
ipn.ip_src.s_addr !=
tdbp->tdb_proxy.sin.sin_addr.s_addr) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET, &ipn.ip_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#ifdef INET6
/* IPv6-in-IP encapsulation. */
if (prot == IPPROTO_IPV6) {
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ip6n will now contain the inner IPv6 header. */
m_copydata(m, skip, sizeof(struct ip6_hdr),
(caddr_t) &ip6n);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET6 &&
!IN6_IS_ADDR_UNSPECIFIED(&tdbp->tdb_proxy.sin6.sin6_addr) &&
!IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src,
&tdbp->tdb_proxy.sin6.sin6_addr)) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET6 &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET6_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET6, &ip6n.ip6_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#endif /* INET6 */
}
#endif /* INET */
#ifdef INET6
/* Fix IPv6 header */
if (af == AF_INET6)
{
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
"for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EACCES;
}
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - skip);
/* Save protocol */
m_copydata(m, protoff, 1, (caddr_t) &prot);
#ifdef INET
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ipn will now contain the inner IPv4 header */
m_copydata(m, skip, sizeof(struct ip), (caddr_t) &ipn);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET &&
tdbp->tdb_proxy.sin.sin_addr.s_addr !=
INADDR_ANY &&
ipn.ip_src.s_addr !=
tdbp->tdb_proxy.sin.sin_addr.s_addr) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET, &ipn.ip_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
#endif /* INET */
/* IPv6-in-IP encapsulation */
if (prot == IPPROTO_IPV6) {
if (m->m_pkthdr.len - skip < sizeof(struct ip6_hdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
/* ip6n will now contain the inner IPv6 header. */
m_copydata(m, skip, sizeof(struct ip6_hdr),
(caddr_t) &ip6n);
/*
* Check that the inner source address is the same as
* the proxy address, if available.
*/
if ((tdbp->tdb_proxy.sa.sa_family == AF_INET6 &&
!IN6_IS_ADDR_UNSPECIFIED(&tdbp->tdb_proxy.sin6.sin6_addr) &&
!IN6_ARE_ADDR_EQUAL(&ip6n.ip6_src,
&tdbp->tdb_proxy.sin6.sin6_addr)) ||
(tdbp->tdb_proxy.sa.sa_family != AF_INET6 &&
tdbp->tdb_proxy.sa.sa_family != 0)) {
#if ENCDEBUG
char addr[INET6_ADDRSTRLEN];
#endif
DPRINTF(("ipsec_common_input_cb(): inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08x\n",
inet_ntop(AF_INET6, &ip6n.ip6_src,
addr, sizeof(addr)),
ipsp_address(tdbp->tdb_proxy),
ipsp_address(tdbp->tdb_dst),
ntohl(tdbp->tdb_spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
ahstat.ahs_pdrops,
ipcompstat.ipcomps_pdrops);
return EACCES;
}
}
}
#endif /* INET6 */
/*
* Fix TCP/UDP checksum of UDP encapsulated transport mode ESP packet.
* (RFC3948 3.1.2)
*/
if ((af == AF_INET || af == AF_INET6) &&
(tdbp->tdb_flags & TDBF_UDPENCAP) &&
(tdbp->tdb_flags & TDBF_TUNNELING) == 0) {
u_int16_t cksum;
switch (prot) {
case IPPROTO_UDP:
if (m->m_pkthdr.len < skip + sizeof(struct udphdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
cksum = 0;
m_copyback(m, skip + offsetof(struct udphdr, uh_sum),
sizeof(cksum), &cksum, M_NOWAIT);
#ifdef INET6
if (af == AF_INET6) {
cksum = in6_cksum(m, IPPROTO_UDP, skip,
m->m_pkthdr.len - skip);
m_copyback(m, skip + offsetof(struct udphdr,
uh_sum), sizeof(cksum), &cksum, M_NOWAIT);
}
#endif
break;
case IPPROTO_TCP:
if (m->m_pkthdr.len < skip + sizeof(struct tcphdr)) {
m_freem(m);
IPSEC_ISTAT(espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return EINVAL;
}
cksum = 0;
m_copyback(m, skip + offsetof(struct tcphdr, th_sum),
sizeof(cksum), &cksum, M_NOWAIT);
if (af == AF_INET)
cksum = in4_cksum(m, IPPROTO_TCP, skip,
m->m_pkthdr.len - skip);
#ifdef INET6
else if (af == AF_INET6)
cksum = in6_cksum(m, IPPROTO_TCP, skip,
m->m_pkthdr.len - skip);
#endif
m_copyback(m, skip + offsetof(struct tcphdr, th_sum),
sizeof(cksum), &cksum, M_NOWAIT);
break;
}
void
udp_input(struct mbuf *m, ...)
{
struct ip *ip;
struct udphdr *uh;
struct inpcb *inp = NULL;
struct mbuf *opts = NULL;
struct ip save_ip;
int iphlen, len;
va_list ap;
u_int16_t savesum;
union {
struct sockaddr sa;
struct sockaddr_in sin;
#ifdef INET6
struct sockaddr_in6 sin6;
#endif /* INET6 */
} srcsa, dstsa;
#ifdef INET6
struct ip6_hdr *ip6;
#endif /* INET6 */
#ifdef IPSEC
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct tdb *tdb;
int error, s;
#endif /* IPSEC */
va_start(ap, m);
iphlen = va_arg(ap, int);
va_end(ap);
udpstat.udps_ipackets++;
switch (mtod(m, struct ip *)->ip_v) {
case 4:
ip = mtod(m, struct ip *);
#ifdef INET6
ip6 = NULL;
#endif /* INET6 */
srcsa.sa.sa_family = AF_INET;
break;
#ifdef INET6
case 6:
ip = NULL;
ip6 = mtod(m, struct ip6_hdr *);
srcsa.sa.sa_family = AF_INET6;
break;
#endif /* INET6 */
default:
goto bad;
}
IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr));
if (!uh) {
udpstat.udps_hdrops++;
return;
}
/* Check for illegal destination port 0 */
if (uh->uh_dport == 0) {
udpstat.udps_noport++;
goto bad;
}
/*
* Make mbuf data length reflect UDP length.
* If not enough data to reflect UDP length, drop.
*/
len = ntohs((u_int16_t)uh->uh_ulen);
if (ip) {
if (m->m_pkthdr.len - iphlen != len) {
if (len > (m->m_pkthdr.len - iphlen) ||
len < sizeof(struct udphdr)) {
udpstat.udps_badlen++;
goto bad;
}
m_adj(m, len - (m->m_pkthdr.len - iphlen));
}
}
#ifdef INET6
else if (ip6) {
/* jumbograms */
if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff)
len = m->m_pkthdr.len - iphlen;
if (len != m->m_pkthdr.len - iphlen) {
udpstat.udps_badlen++;
goto bad;
}
}
#endif
else /* shouldn't happen */
goto bad;
/*
* Save a copy of the IP header in case we want restore it
* for sending an ICMP error message in response.
*/
if (ip)
save_ip = *ip;
/*
* Checksum extended UDP header and data.
* from W.R.Stevens: check incoming udp cksums even if
* udpcksum is not set.
*/
savesum = uh->uh_sum;
#ifdef INET6
if (ip6) {
/* Be proactive about malicious use of IPv4 mapped address */
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
/* XXX stat */
goto bad;
}
/*
* In IPv6, the UDP checksum is ALWAYS used.
*/
if (uh->uh_sum == 0) {
udpstat.udps_nosum++;
goto bad;
}
if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) {
if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) {
udpstat.udps_badsum++;
udpstat.udps_inhwcsum++;
goto bad;
}
if ((uh->uh_sum = in6_cksum(m, IPPROTO_UDP,
iphlen, len))) {
udpstat.udps_badsum++;
goto bad;
}
} else {
m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK;
udpstat.udps_inhwcsum++;
}
} else
#endif /* INET6 */
if (uh->uh_sum) {
if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) {
if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) {
udpstat.udps_badsum++;
udpstat.udps_inhwcsum++;
m_freem(m);
return;
}
if ((uh->uh_sum = in4_cksum(m, IPPROTO_UDP,
iphlen, len))) {
udpstat.udps_badsum++;
m_freem(m);
return;
}
} else {
m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK;
udpstat.udps_inhwcsum++;
}
} else
udpstat.udps_nosum++;
#ifdef IPSEC
if (udpencap_enable && udpencap_port &&
uh->uh_dport == htons(udpencap_port)) {
u_int32_t spi;
int skip = iphlen + sizeof(struct udphdr);
if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) {
/* packet too short */
m_freem(m);
return;
}
m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi);
/*
* decapsulate if the SPI is not zero, otherwise pass
* to userland
*/
if (spi != 0) {
if ((m = m_pullup2(m, skip)) == NULL) {
udpstat.udps_hdrops++;
return;
}
/* remove the UDP header */
bcopy(mtod(m, u_char *),
mtod(m, u_char *) + sizeof(struct udphdr), iphlen);
m_adj(m, sizeof(struct udphdr));
skip -= sizeof(struct udphdr);
espstat.esps_udpencin++;
ipsec_common_input(m, skip, offsetof(struct ip, ip_p),
srcsa.sa.sa_family, IPPROTO_ESP, 1);
return;
}
}
static int ndisc_send_unspec(int oif, const struct in6_addr *dest,
uint8_t *hdr, int hdrlen, struct iovec *optv,
size_t optvlen)
{
struct {
struct ip6_hdr ip;
struct icmp6_hdr icmp;
uint8_t data[1500];
} frame;
struct msghdr msgh;
struct cmsghdr *cmsg;
struct in6_pktinfo *pinfo;
struct sockaddr_in6 dst;
char cbuf[CMSG_SPACE(sizeof(*pinfo))];
struct iovec iov;
uint8_t *data = (uint8_t *)(&frame.icmp);
int type, fd, ret, remlen, datalen = 0, written = 0, v = 1;
if (hdr == NULL || hdrlen < 0 ||
(size_t)hdrlen < sizeof(struct icmp6_hdr) ||
(size_t)hdrlen > (sizeof(frame) - sizeof(struct ip6_hdr)))
return -EINVAL;
if ((fd = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW)) < 0)
return -1;
if (setsockopt(fd, IPPROTO_IPV6, IP_HDRINCL, &v, sizeof(v)) < 0) {
dbg("cannot set IP_HDRINCL: %s\n", strerror(errno));
close(fd);
return -errno;
}
memset(&frame, 0, sizeof(frame));
memset(&dst, 0, sizeof(dst));
dst.sin6_addr = *dest;
/* Copy ICMPv6 header and update various length values */
memcpy(data, hdr, hdrlen);
data += hdrlen;
datalen += hdrlen;
remlen = sizeof(frame) - sizeof(struct ip6_hdr) - hdrlen;
/* Prepare for csum: write trailing options by linearizing iov */
if ((iov_linearize(data, remlen, optv, optvlen, &written) != 0) ||
(written & 0x1)) /* Ensure length is even for csum() */
return -1;
datalen += written;
/* Fill in the IPv6 header */
frame.ip.ip6_vfc = 0x60;
frame.ip.ip6_plen = htons(datalen);
frame.ip.ip6_nxt = IPPROTO_ICMPV6;
frame.ip.ip6_hlim = 255;
frame.ip.ip6_dst = *dest;
/* all other fields are already set to zero */
frame.icmp.icmp6_cksum = in6_cksum(&in6addr_any, dest, &frame.icmp,
datalen, IPPROTO_ICMPV6);
iov.iov_base = &frame;
iov.iov_len = sizeof(frame.ip) + datalen;
dst.sin6_family = AF_INET6;
msgh.msg_name = &dst;
msgh.msg_namelen = sizeof(dst);
msgh.msg_iov = &iov;
msgh.msg_iovlen = 1;
msgh.msg_flags = 0;
memset(cbuf, 0, CMSG_SPACE(sizeof(*pinfo)));
cmsg = (struct cmsghdr *)cbuf;
pinfo = (struct in6_pktinfo *)CMSG_DATA(cmsg);
pinfo->ipi6_ifindex = oif;
cmsg->cmsg_len = CMSG_LEN(sizeof(*pinfo));
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg->cmsg_type = IPV6_PKTINFO;
msgh.msg_control = cmsg;
msgh.msg_controllen = cmsg->cmsg_len;
ret = sendmsg(fd, &msgh, 0);
if (ret < 0)
dbg("sendmsg: %s\n", strerror(errno));
close(fd);
type = hdr[0];
if (type == ND_NEIGHBOR_SOLICIT) {
statistics_inc(&mipl_stat, MIPL_STATISTICS_OUT_NS_UNSPEC);
} else if (type == ND_ROUTER_SOLICIT) {
statistics_inc(&mipl_stat, MIPL_STATISTICS_OUT_RS_UNSPEC);
}
return ret;
}
udp6_output(struct in6pcb *in6p, struct mbuf *m, struct mbuf *addr6,
struct mbuf *control)
#endif
{
u_int32_t plen = sizeof(struct udphdr) + m->m_pkthdr.len;
struct ip6_hdr *ip6;
struct udphdr *udp6;
struct in6_addr *laddr6 = NULL, *faddr6 = NULL;
struct sockaddr_in6 *fsa6 = NULL;
struct ifnet *oifp = NULL;
int scope_ambiguous = 0;
#ifndef __FreeBSD__
struct sockaddr_in6 lsa6_mapped; /* XXX ugly */
#endif
u_int16_t fport;
int error = 0;
struct ip6_pktopts *optp, opt;
int priv;
int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
#ifdef INET
#if defined(__NetBSD__)
struct ip *ip;
struct udpiphdr *ui;
#endif
#endif
int flags = 0;
struct sockaddr_in6 tmp;
#if defined(__OpenBSD__)
struct proc *p = curproc; /* XXX */
#endif
priv = 0;
#if defined(__NetBSD__)
if (p && !suser(p->p_ucred, &p->p_acflag))
priv = 1;
#elif defined(__FreeBSD__)
if (p && !suser(p))
priv = 1;
#else
if ((in6p->in6p_socket->so_state & SS_PRIV) != 0)
priv = 1;
#endif
if (addr6) {
#ifdef __FreeBSD__
/* addr6 has been validated in udp6_send(). */
fsa6 = (struct sockaddr_in6 *)addr6;
#else
fsa6 = mtod(addr6, struct sockaddr_in6 *);
if (addr6->m_len != sizeof(*fsa6))
return (EINVAL);
if (fsa6->sin6_family != AF_INET6)
return (EAFNOSUPPORT);
#endif
/* protect *sin6 from overwrites */
tmp = *fsa6;
fsa6 = &tmp;
/*
* Application should provide a proper zone ID or the use of
* default zone IDs should be enabled. Unfortunately, some
* applications do not behave as it should, so we need a
* workaround. Even if an appropriate ID is not determined,
* we'll see if we can determine the outgoing interface. If we
* can, determine the zone ID based on the interface below.
*/
if (fsa6->sin6_scope_id == 0 && !ip6_use_defzone)
scope_ambiguous = 1;
if ((error = sa6_embedscope(fsa6, ip6_use_defzone)) != 0)
return (error);
}
if (control) {
if ((error = ip6_setpktopts(control, &opt,
in6p->in6p_outputopts, priv, IPPROTO_UDP)) != 0)
goto release;
optp = &opt;
} else
optp = in6p->in6p_outputopts;
if (fsa6) {
faddr6 = &fsa6->sin6_addr;
/*
* IPv4 version of udp_output calls in_pcbconnect in this case,
* which needs splnet and affects performance.
* Since we saw no essential reason for calling in_pcbconnect,
* we get rid of such kind of logic, and call in6_selectsrc
* and in6_pcbsetport in order to fill in the local address
* and the local port.
*/
if (fsa6->sin6_port == 0) {
error = EADDRNOTAVAIL;
goto release;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
/* how about ::ffff:0.0.0.0 case? */
error = EISCONN;
goto release;
}
fport = fsa6->sin6_port; /* allow 0 port */
if (IN6_IS_ADDR_V4MAPPED(faddr6)) {
#ifdef __OpenBSD__ /* does not support mapped addresses */
if (1)
#else
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY))
#endif
{
/*
* I believe we should explicitly discard the
* packet when mapped addresses are disabled,
* rather than send the packet as an IPv6 one.
* If we chose the latter approach, the packet
* might be sent out on the wire based on the
* default route, the situation which we'd
* probably want to avoid.
* (20010421 [email protected])
*/
error = EINVAL;
goto release;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) &&
!IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)) {
/*
* when remote addr is an IPv4-mapped address,
* local addr should not be an IPv6 address,
* since you cannot determine how to map IPv6
* source address to IPv4.
*/
error = EINVAL;
goto release;
}
af = AF_INET;
}
if (!IN6_IS_ADDR_V4MAPPED(faddr6)) {
laddr6 = in6_selectsrc(fsa6, optp,
in6p->in6p_moptions, &in6p->in6p_route,
&in6p->in6p_laddr, &oifp, &error);
if (oifp && scope_ambiguous &&
(error = in6_setscope(&fsa6->sin6_addr,
oifp, NULL))) {
goto release;
}
} else {
#ifndef __FreeBSD__
/*
* XXX: freebsd[34] does not have in_selectsrc, but
* we can omit the whole part because freebsd4 calls
* udp_output() directly in this case, and thus we'll
* never see this path.
*/
if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) {
struct sockaddr_in *sinp, sin_dst;
bzero(&sin_dst, sizeof(sin_dst));
sin_dst.sin_family = AF_INET;
sin_dst.sin_len = sizeof(sin_dst);
bcopy(&fsa6->sin6_addr.s6_addr[12],
&sin_dst.sin_addr,
sizeof(sin_dst.sin_addr));
sinp = in_selectsrc(&sin_dst,
(struct route *)&in6p->in6p_route,
in6p->in6p_socket->so_options,
NULL, &error);
if (sinp == NULL) {
if (error == 0)
error = EADDRNOTAVAIL;
goto release;
}
bzero(&lsa6_mapped, sizeof(lsa6_mapped));
lsa6_mapped.sin6_family = AF_INET6;
lsa6_mapped.sin6_len = sizeof(lsa6_mapped);
/* ugly */
lsa6_mapped.sin6_addr.s6_addr16[5] = 0xffff;
bcopy(&sinp->sin_addr,
&lsa6_mapped.sin6_addr.s6_addr[12],
sizeof(sinp->sin_addr));
laddr6 = &lsa6_mapped.sin6_addr;
} else
#endif /* !freebsd */
{
laddr6 = &in6p->in6p_laddr;
}
}
if (laddr6 == NULL) {
if (error == 0)
error = EADDRNOTAVAIL;
goto release;
}
if (in6p->in6p_lport == 0 &&
(error = in6_pcbsetport(laddr6, in6p,
#ifdef __FreeBSD__
p->td_ucred
#else
p
#endif
)) != 0)
goto release;
} else {
if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
error = ENOTCONN;
goto release;
}
if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) {
#ifdef __OpenBSD__ /* does not support mapped addresses */
if (1)
#else
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY))
#endif
{
/*
* XXX: this case would happen when the
* application sets the V6ONLY flag after
* connecting the foreign address.
* Such applications should be fixed,
* so we bark here.
*/
log(LOG_INFO, "udp6_output: IPV6_V6ONLY "
"option was set for a connected socket\n");
error = EINVAL;
goto release;
} else
af = AF_INET;
}
laddr6 = &in6p->in6p_laddr;
faddr6 = &in6p->in6p_faddr;
fport = in6p->in6p_fport;
}
if (af == AF_INET)
hlen = sizeof(struct ip);
/*
* Calculate data length and get a mbuf
* for UDP and IP6 headers.
*/
M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT);
if (m == 0) {
error = ENOBUFS;
goto release;
}
/*
* Stuff checksum and output datagram.
*/
udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */
udp6->uh_dport = fport;
if (plen <= 0xffff)
udp6->uh_ulen = htons((u_int16_t)plen);
else
udp6->uh_ulen = 0;
udp6->uh_sum = 0;
switch (af) {
case AF_INET6:
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
#if 0 /* ip6_plen will be filled in ip6_output. */
ip6->ip6_plen = htons((u_int16_t)plen);
#endif
ip6->ip6_nxt = IPPROTO_UDP;
ip6->ip6_hlim = in6_selecthlim(in6p, oifp);
ip6->ip6_src = *laddr6;
ip6->ip6_dst = *faddr6;
if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP,
sizeof(struct ip6_hdr), plen)) == 0) {
udp6->uh_sum = 0xffff;
}
udp6stat.udp6s_opackets++;
#ifdef IPSEC
if (ipsec_setsocket(m, in6p->in6p_socket) != 0) {
error = ENOBUFS;
goto release;
}
#endif /* IPSEC */
#ifdef __FreeBSD__
error = ip6_output(m, optp, &in6p->in6p_route,
flags, in6p->in6p_moptions, NULL, NULL);
#elif defined(__NetBSD__)
error = ip6_output(m, optp, &in6p->in6p_route,
flags, in6p->in6p_moptions, in6p->in6p_socket, NULL);
#else
error = ip6_output(m, optp, &in6p->in6p_route,
flags, in6p->in6p_moptions, NULL);
#endif
break;
case AF_INET:
#if defined(INET) && defined(__NetBSD__)
/* can't transmit jumbogram over IPv4 */
if (plen > 0xffff) {
error = EMSGSIZE;
goto release;
}
ip = mtod(m, struct ip *);
ui = (struct udpiphdr *)ip;
bzero(ui->ui_x1, sizeof ui->ui_x1);
ui->ui_pr = IPPROTO_UDP;
ui->ui_len = htons(plen);
bcopy(&laddr6->s6_addr[12], &ui->ui_src, sizeof(ui->ui_src));
ui->ui_ulen = ui->ui_len;
#ifdef __NetBSD__
flags = (in6p->in6p_socket->so_options &
(SO_DONTROUTE | SO_BROADCAST));
bcopy(&fsa6->sin6_addr.s6_addr[12],
&ui->ui_dst, sizeof(ui->ui_dst));
udp6->uh_sum = in_cksum(m, hlen + plen);
#endif
if (udp6->uh_sum == 0)
udp6->uh_sum = 0xffff;
ip->ip_len = hlen + plen;
ip->ip_ttl = in6_selecthlim(in6p, NULL); /* XXX */
ip->ip_tos = 0; /* XXX */
ip->ip_len = hlen + plen; /* XXX */
udpstat.udps_opackets++;
#ifdef IPSEC
(void)ipsec_setsocket(m, NULL); /* XXX */
#endif /* IPSEC */
#ifdef __NetBSD__
error = ip_output(m, NULL, &in6p->in6p_route, flags /* XXX */);
#endif
break;
#else
error = EAFNOSUPPORT;
goto release;
#endif
}
goto releaseopt;
release:
m_freem(m);
releaseopt:
if (control) {
ip6_clearpktopts(&opt, -1);
m_freem(control);
}
return (error);
}
int
udp6_input(struct mbuf **mp, int *offp, int proto)
{
struct mbuf *m = *mp;
struct ip6_hdr *ip6;
struct udphdr *uh;
struct inpcb *in6p;
struct mbuf *opts = NULL;
int off = *offp;
int plen, ulen;
struct sockaddr_in6 udp_in6;
struct socket *so;
struct inpcbinfo *pcbinfo = &udbinfo[0];
IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
ip6 = mtod(m, struct ip6_hdr *);
if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) {
/* XXX send icmp6 host/port unreach? */
m_freem(m);
return IPPROTO_DONE;
}
udp_stat.udps_ipackets++;
plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
uh = (struct udphdr *)((caddr_t)ip6 + off);
ulen = ntohs((u_short)uh->uh_ulen);
if (plen != ulen) {
udp_stat.udps_badlen++;
goto bad;
}
/*
* Checksum extended UDP header and data.
*/
if (uh->uh_sum == 0)
udp_stat.udps_nosum++;
else if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) {
udp_stat.udps_badsum++;
goto bad;
}
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct inpcb *last, *marker;
/*
* Deliver a multicast datagram to all sockets
* for which the local and remote addresses and ports match
* those of the incoming datagram. This allows more than
* one process to receive multicasts on the same port.
* (This really ought to be done for unicast datagrams as
* well, but that would cause problems with existing
* applications that open both address-specific sockets and
* a wildcard socket listening to the same port -- they would
* end up receiving duplicates of every unicast datagram.
* Those applications open the multiple sockets to overcome an
* inadequacy of the UDP socket interface, but for backwards
* compatibility we avoid the problem here rather than
* fixing the interface. Maybe 4.5BSD will remedy this?)
*/
/*
* In a case that laddr should be set to the link-local
* address (this happens in RIPng), the multicast address
* specified in the received packet does not match with
* laddr. To cure this situation, the matching is relaxed
* if the receiving interface is the same as one specified
* in the socket and if the destination multicast address
* matches one of the multicast groups specified in the socket.
*/
/*
* Construct sockaddr format source address.
*/
init_sin6(&udp_in6, m); /* general init */
udp_in6.sin6_port = uh->uh_sport;
/*
* KAME note: traditionally we dropped udpiphdr from mbuf here.
* We need udphdr for IPsec processing so we do that later.
*/
/*
* Locate pcb(s) for datagram.
* (Algorithm copied from raw_intr().)
*/
last = NULL;
marker = in_pcbmarker(mycpuid);
GET_PCBINFO_TOKEN(pcbinfo);
LIST_INSERT_HEAD(&pcbinfo->pcblisthead, marker, inp_list);
while ((in6p = LIST_NEXT(marker, inp_list)) != NULL) {
LIST_REMOVE(marker, inp_list);
LIST_INSERT_AFTER(in6p, marker, inp_list);
if (in6p->inp_flags & INP_PLACEMARKER)
continue;
if (!INP_ISIPV6(in6p))
continue;
if (in6p->in6p_lport != uh->uh_dport)
continue;
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) {
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr,
&ip6->ip6_dst) &&
!in6_mcmatch(in6p, &ip6->ip6_dst,
m->m_pkthdr.rcvif))
continue;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr,
&ip6->ip6_src) ||
in6p->in6p_fport != uh->uh_sport)
continue;
}
if (last != NULL) {
struct mbuf *n;
#ifdef IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject_so(m, last->inp_socket))
ipsec6stat.in_polvio++;
/* do not inject data into pcb */
else
#endif /* IPSEC */
#ifdef FAST_IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject(m, last))
;
else
#endif /* FAST_IPSEC */
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
/*
* KAME NOTE: do not
* m_copy(m, offset, ...) above.
* ssb_appendaddr() expects M_PKTHDR,
* and m_copy() will copy M_PKTHDR
* only if offset is 0.
*/
so = last->in6p_socket;
if ((last->in6p_flags & IN6P_CONTROLOPTS) ||
(so->so_options & SO_TIMESTAMP)) {
ip6_savecontrol(last, &opts,
ip6, n);
}
m_adj(n, off + sizeof(struct udphdr));
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv,
(struct sockaddr *)&udp_in6,
n, opts) == 0) {
m_freem(n);
if (opts)
m_freem(opts);
udp_stat.udps_fullsock++;
} else {
sorwakeup(so);
}
lwkt_reltoken(&so->so_rcv.ssb_token);
opts = NULL;
}
}
last = in6p;
/*
* Don't look for additional matches if this one does
* not have either the SO_REUSEPORT or SO_REUSEADDR
* socket options set. This heuristic avoids searching
* through all pcbs in the common case of a non-shared
* port. It assumes that an application will never
* clear these options after setting them.
*/
if ((last->in6p_socket->so_options &
(SO_REUSEPORT | SO_REUSEADDR)) == 0)
break;
}
LIST_REMOVE(marker, inp_list);
REL_PCBINFO_TOKEN(pcbinfo);
if (last == NULL) {
/*
* No matching pcb found; discard datagram.
* (No need to send an ICMP Port Unreachable
* for a broadcast or multicast datgram.)
*/
udp_stat.udps_noport++;
udp_stat.udps_noportmcast++;
goto bad;
}
#ifdef IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject_so(m, last->inp_socket)) {
ipsec6stat.in_polvio++;
goto bad;
}
#endif /* IPSEC */
#ifdef FAST_IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject(m, last)) {
goto bad;
}
#endif /* FAST_IPSEC */
if (last->in6p_flags & IN6P_CONTROLOPTS
|| last->in6p_socket->so_options & SO_TIMESTAMP)
ip6_savecontrol(last, &opts, ip6, m);
m_adj(m, off + sizeof(struct udphdr));
so = last->in6p_socket;
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv, (struct sockaddr *)&udp_in6,
m, opts) == 0) {
udp_stat.udps_fullsock++;
lwkt_reltoken(&so->so_rcv.ssb_token);
goto bad;
}
sorwakeup(so);
lwkt_reltoken(&so->so_rcv.ssb_token);
return IPPROTO_DONE;
}
/*
* Locate pcb for datagram.
*/
in6p = in6_pcblookup_hash(pcbinfo, &ip6->ip6_src, uh->uh_sport,
&ip6->ip6_dst, uh->uh_dport, 1,
m->m_pkthdr.rcvif);
if (in6p == NULL) {
if (log_in_vain) {
char buf[INET6_ADDRSTRLEN];
strcpy(buf, ip6_sprintf(&ip6->ip6_dst));
log(LOG_INFO,
"Connection attempt to UDP [%s]:%d from [%s]:%d\n",
buf, ntohs(uh->uh_dport),
ip6_sprintf(&ip6->ip6_src), ntohs(uh->uh_sport));
}
udp_stat.udps_noport++;
if (m->m_flags & M_MCAST) {
kprintf("UDP6: M_MCAST is set in a unicast packet.\n");
udp_stat.udps_noportmcast++;
goto bad;
}
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
return IPPROTO_DONE;
}
#ifdef IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject_so(m, in6p->in6p_socket)) {
ipsec6stat.in_polvio++;
goto bad;
}
#endif /* IPSEC */
#ifdef FAST_IPSEC
/*
* Check AH/ESP integrity.
*/
if (ipsec6_in_reject(m, in6p)) {
goto bad;
}
#endif /* FAST_IPSEC */
/*
* Construct sockaddr format source address.
* Stuff source address and datagram in user buffer.
*/
init_sin6(&udp_in6, m); /* general init */
udp_in6.sin6_port = uh->uh_sport;
if (in6p->in6p_flags & IN6P_CONTROLOPTS
|| in6p->in6p_socket->so_options & SO_TIMESTAMP)
ip6_savecontrol(in6p, &opts, ip6, m);
m_adj(m, off + sizeof(struct udphdr));
so = in6p->in6p_socket;
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv, (struct sockaddr *)&udp_in6,
m, opts) == 0) {
udp_stat.udps_fullsock++;
lwkt_reltoken(&so->so_rcv.ssb_token);
goto bad;
}
sorwakeup(so);
lwkt_reltoken(&so->so_rcv.ssb_token);
return IPPROTO_DONE;
bad:
if (m)
m_freem(m);
if (opts)
m_freem(opts);
return IPPROTO_DONE;
}
static int
build_udp_packet_v6(uint8_t *buf, int payloadlen, int *off)
{
struct ether_header *eh = (struct ether_header *)buf;
struct ip6_hdr *ip6 = (struct ip6_hdr *)(eh + 1);
struct ip6_frag *ip6f = (struct ip6_frag *)(ip6 + 1);
struct udphdr *udp;
char *data;
int plen, pktsize = 0;
static int ident = 0;
plen = min(payloadlen - *off, MAXPAYLOADLEN);
pktsize += plen;
/* Just fake an address */
eh->ether_shost[0] = 0x01;
eh->ether_shost[1] = 0xbd;
eh->ether_shost[2] = 0xbc;
eh->ether_shost[3] = 0x4d;
eh->ether_shost[4] = 0xfb;
eh->ether_shost[5] = 0xfb;
memcpy(eh->ether_dhost, tapif_ether, ETHER_ADDR_LEN);
eh->ether_type = htons(ETHERTYPE_IPV6);
pktsize += sizeof(*eh);
ip6->ip6_flow = 0;
ip6->ip6_nxt = IPPROTO_UDP;
ip6->ip6_hlim = 0xff;
ip6->ip6_vfc |= IPV6_VERSION;
ip6->ip6_dst = tapif_ip6;
ip6->ip6_src = ip6_src;
pktsize += sizeof(*ip6);
if (*off == 0) {
if (plen == payloadlen && !force_fragment) {
ip6->ip6_plen = htons(plen + sizeof(*udp));
udp = (struct udphdr *)(ip6 + 1);
} else {
ip6->ip6_plen = htons(plen + sizeof(*udp) + sizeof(*ip6f));
udp = (struct udphdr *)(ip6f + 1);
}
udp->uh_sport = htons(src_port);
udp->uh_dport = htons(SERVER_PORT);
udp->uh_ulen = htons(payloadlen + sizeof(*udp));
pktsize += sizeof(*udp);
data = (char *)(udp + 1);
memcpy(data, payload, payloadlen);
udp->uh_sum = 0;
udp->uh_sum = in6_cksum((u_int8_t *)ip6, IPPROTO_UDP,
(char *)udp - (char *)ip6, payloadlen + sizeof(*udp));
if (plen == payloadlen && !force_fragment)
goto out;
} else
ip6->ip6_plen = htons(plen + sizeof(*ip6f));
ip6->ip6_nxt = IPPROTO_FRAGMENT;
ip6f->ip6f_nxt = IPPROTO_UDP;
ip6f->ip6f_reserved = 0;
if (*off == 0)
ip6f->ip6f_offlg = 0;
else {
ip6f->ip6f_offlg = sizeof(*udp) + *off;
assert((ip6f->ip6f_offlg & 0x7) == 0);
ip6f->ip6f_offlg = htons(ip6f->ip6f_offlg);
}
if (*off + plen < payloadlen)
ip6f->ip6f_offlg |= IP6F_MORE_FRAG;
if (*off == 0)
ident++;
ip6f->ip6f_ident = ident;
pktsize += sizeof(*ip6f);
if (*off != 0)
data = (char *)(ip6f + 1);
memcpy(data, &payload[*off], plen);
out:
*off += plen;
return (pktsize);
}
int
udp6_output(struct in6pcb *in6p, struct mbuf *m, struct sockaddr *addr6,
struct mbuf *control, struct thread *td)
{
u_int32_t ulen = m->m_pkthdr.len;
u_int32_t plen = sizeof(struct udphdr) + ulen;
struct ip6_hdr *ip6;
struct udphdr *udp6;
struct in6_addr *laddr, *faddr;
u_short fport;
int error = 0;
struct ip6_pktopts opt, *stickyopt = in6p->in6p_outputopts;
int priv;
int hlen = sizeof(struct ip6_hdr);
struct sockaddr_in6 tmp;
priv = !priv_check(td, PRIV_ROOT); /* 1 if privileged, 0 if not */
if (control) {
if ((error = ip6_setpktoptions(control, &opt,
in6p->in6p_outputopts,
IPPROTO_UDP, priv)) != 0)
goto release;
in6p->in6p_outputopts = &opt;
}
if (addr6) {
/*
* IPv4 version of udp_output calls in_pcbconnect in this case,
* which needs splnet and affects performance.
* Since we saw no essential reason for calling in_pcbconnect,
* we get rid of such kind of logic, and call in6_selectsrc
* and in6_pcbsetlport in order to fill in the local address
* and the local port.
*/
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr6;
/* Caller should have rejected the v4-mapped address */
KASSERT(!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr),
("v4-mapped address"));
if (sin6->sin6_port == 0) {
error = EADDRNOTAVAIL;
goto release;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
/* how about ::ffff:0.0.0.0 case? */
error = EISCONN;
goto release;
}
if (!prison_remote_ip(td, addr6)) {
error = EAFNOSUPPORT; /* IPv4 only jail */
goto release;
}
/* protect *sin6 from overwrites */
tmp = *sin6;
sin6 = &tmp;
faddr = &sin6->sin6_addr;
fport = sin6->sin6_port; /* allow 0 port */
/* KAME hack: embed scopeid */
if (in6_embedscope(&sin6->sin6_addr, sin6, in6p, NULL) != 0) {
error = EINVAL;
goto release;
}
laddr = in6_selectsrc(sin6, in6p->in6p_outputopts,
in6p->in6p_moptions,
&in6p->in6p_route,
&in6p->in6p_laddr, &error, NULL);
if (laddr == NULL) {
if (error == 0)
error = EADDRNOTAVAIL;
goto release;
}
if (in6p->in6p_lport == 0 &&
(error = in6_pcbsetlport(laddr, in6p, td)) != 0)
goto release;
} else {
if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
error = ENOTCONN;
goto release;
}
/* Connection to v4-mapped address should have been rejected */
KASSERT(!IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr),
("bound to v4-mapped address"));
laddr = &in6p->in6p_laddr;
faddr = &in6p->in6p_faddr;
fport = in6p->in6p_fport;
}
/*
* Calculate data length and get a mbuf
* for UDP and IP6 headers.
*/
M_PREPEND(m, hlen + sizeof(struct udphdr), M_NOWAIT);
if (m == NULL) {
error = ENOBUFS;
goto release;
}
/*
* Stuff checksum and output datagram.
*/
udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */
udp6->uh_dport = fport;
if (plen <= 0xffff)
udp6->uh_ulen = htons((u_short)plen);
else
udp6->uh_ulen = 0;
udp6->uh_sum = 0;
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
#if 0 /* ip6_plen will be filled in ip6_output. */
ip6->ip6_plen = htons((u_short)plen);
#endif
ip6->ip6_nxt = IPPROTO_UDP;
ip6->ip6_hlim = in6_selecthlim(in6p,
in6p->in6p_route.ro_rt ?
in6p->in6p_route.ro_rt->rt_ifp : NULL);
ip6->ip6_src = *laddr;
ip6->ip6_dst = *faddr;
if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP,
sizeof(struct ip6_hdr), plen)) == 0) {
udp6->uh_sum = 0xffff;
}
udp6stat.udp6s_opackets++;
error = ip6_output(m, in6p->in6p_outputopts, &in6p->in6p_route, 0,
in6p->in6p_moptions, NULL, in6p);
goto releaseopt;
release:
m_freem(m);
releaseopt:
if (control) {
ip6_clearpktopts(in6p->in6p_outputopts, -1);
in6p->in6p_outputopts = stickyopt;
m_freem(control);
}
return (error);
}
