int
ncp_sock_send(struct socket *so, struct mbuf *top, struct ncp_rq *rqp)
{
struct thread *td = curthread; /* XXX */
struct sockaddr *to = 0;
struct ncp_conn *conn = rqp->nr_conn;
struct mbuf *m;
int error, flags=0;
for (;;) {
m = m_copym(top, 0, M_COPYALL, M_WAIT);
/* NCPDDEBUG(m);*/
error = sosend(so, to, 0, m, 0, flags, td);
if (error == 0 || error == EINTR || error == ENETDOWN)
break;
if (rqp->rexmit == 0) break;
rqp->rexmit--;
pause("ncprsn", conn->li.timeout * hz);
error = ncp_chkintr(conn, td);
if (error == EINTR) break;
}
if (error) {
log(LOG_INFO, "ncp_send: error %d for server %s", error, conn->li.server);
}
return error;
}
/* Manipulation */
errno_t
mbuf_copym(const mbuf_t src, size_t offset, size_t len,
mbuf_how_t how, mbuf_t *new_mbuf)
{
/* Must set *mbuf to NULL in failure case */
*new_mbuf = m_copym(src, offset, len, how);
return (*new_mbuf == NULL ? ENOMEM : 0);
}
int
raw_bind(struct socket *so, struct mbuf *nam)
{
struct sockaddr *addr = mtod(nam, struct sockaddr *);
register struct rawcb *rp;
if (ifnet == 0)
return (EADDRNOTAVAIL);
rp = sotorawcb(so);
nam = m_copym(nam, 0, M_COPYALL, M_TRYWAIT);
rp->rcb_laddr = mtod(nam, struct sockaddr *);
return (0);
}
int
raw_bind(struct socket *so, struct mbuf *nam)
{
struct sockaddr *addr = mtod(nam, struct sockaddr *);
struct rawcb *rp;
if (ifnet == 0)
return (EADDRNOTAVAIL);
rp = sotorawcb(so);
nam = m_copym(nam, 0, M_COPYALL, M_WAITOK);
if (nam == NULL)
return ENOBUFS;
rp->rcb_laddr = mtod(nam, struct sockaddr *);
return (0);
}
/*
* Extract data [offset,count] from mtop and add to mdp.
*/
static int
smb_t2_placedata(mblk_t *mtop, u_int16_t offset, u_int16_t count,
struct mdchain *mdp)
{
mblk_t *n;
n = m_copym(mtop, offset, count, M_WAITOK);
if (n == NULL)
return (EBADRPC);
if (mdp->md_top == NULL) {
md_initm(mdp, n);
} else
m_cat(mdp->md_top, n);
return (0);
}
/* Update a request cache entry after the rpc has been done */
void
nfsrv_updatecache(struct nfsrv_descript *nd, int repvalid,
struct mbuf *repmbuf)
{
struct nfsrvcache *rp;
if (!nd->nd_nam2)
return;
rp = nfsrv_lookupcache(nd);
if (rp) {
nfsrv_cleanentry(rp);
rp->rc_state = RC_DONE;
/*
* If we have a valid reply update status and save
* the reply for non-idempotent rpc's.
*/
if (repvalid && nonidempotent[nd->nd_procnum]) {
if ((nd->nd_flag & ND_NFSV3) == 0 &&
nfsv2_repstat[nfsv2_procid[nd->nd_procnum]]) {
rp->rc_status = nd->nd_repstat;
rp->rc_flag |= RC_REPSTATUS;
} else {
rp->rc_reply = m_copym(repmbuf, 0, M_COPYALL,
M_WAIT);
rp->rc_flag |= RC_REPMBUF;
}
}
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup(rp);
}
return;
}
}
/*
* ensure that [off, off + len) is contiguous on the mbuf chain "m".
* packet chain before "off" is kept untouched.
* if offp == NULL, the target will start at <retval, 0> on resulting chain.
* if offp != NULL, the target will start at <retval, *offp> on resulting chain.
*
* on error return (NULL return value), original "m" will be freed.
*
* XXX M_TRAILINGSPACE/M_LEADINGSPACE on shared cluster (sharedcluster)
*/
struct mbuf *
m_pulldown(struct mbuf *m, int off, int len, int *offp)
{
struct mbuf *n, *o;
int hlen, tlen, olen;
int sharedcluster;
#if defined(PULLDOWN_STAT) && defined(INET6)
static struct mbuf *prev = NULL;
int prevlen = 0, prevmlen = 0;
#endif
/* check invalid arguments. */
if (m == NULL)
panic("m == NULL in m_pulldown()");
if (len > MCLBYTES) {
m_freem(m);
return NULL; /* impossible */
}
#if defined(PULLDOWN_STAT) && defined(INET6)
ip6stat.ip6s_pulldown++;
#endif
#if defined(PULLDOWN_STAT) && defined(INET6)
/* statistics for m_pullup */
ip6stat.ip6s_pullup++;
if (off + len > MHLEN)
ip6stat.ip6s_pullup_fail++;
else {
int dlen, mlen;
dlen = (prev == m) ? prevlen : m->m_len;
mlen = (prev == m) ? prevmlen : m->m_len + M_TRAILINGSPACE(m);
if (dlen >= off + len)
ip6stat.ip6s_pullup--; /* call will not be made! */
else if ((m->m_flags & M_EXT) != 0) {
ip6stat.ip6s_pullup_alloc++;
ip6stat.ip6s_pullup_copy++;
} else {
if (mlen >= off + len)
ip6stat.ip6s_pullup_copy++;
else {
ip6stat.ip6s_pullup_alloc++;
ip6stat.ip6s_pullup_copy++;
}
}
prevlen = off + len;
prevmlen = MHLEN;
}
/* statistics for m_pullup2 */
ip6stat.ip6s_pullup2++;
if (off + len > MCLBYTES)
ip6stat.ip6s_pullup2_fail++;
else {
int dlen, mlen;
dlen = (prev == m) ? prevlen : m->m_len;
mlen = (prev == m) ? prevmlen : m->m_len + M_TRAILINGSPACE(m);
prevlen = off + len;
prevmlen = mlen;
if (dlen >= off + len)
ip6stat.ip6s_pullup2--; /* call will not be made! */
else if ((m->m_flags & M_EXT) != 0) {
ip6stat.ip6s_pullup2_alloc++;
ip6stat.ip6s_pullup2_copy++;
prevmlen = (off + len > MHLEN) ? MCLBYTES : MHLEN;
} else {
if (mlen >= off + len)
ip6stat.ip6s_pullup2_copy++;
else {
ip6stat.ip6s_pullup2_alloc++;
ip6stat.ip6s_pullup2_copy++;
prevmlen = (off + len > MHLEN) ? MCLBYTES
: MHLEN;
}
}
}
prev = m;
#endif
#ifdef PULLDOWN_DEBUG
{
struct mbuf *t;
printf("before:");
for (t = m; t; t = t->m_next)
printf(" %d", t->m_len);
printf("\n");
}
#endif
n = m;
while (n != NULL && off > 0) {
if (n->m_len > off)
break;
off -= n->m_len;
n = n->m_next;
}
/* be sure to point non-empty mbuf */
while (n != NULL && n->m_len == 0)
n = n->m_next;
if (!n) {
m_freem(m);
return NULL; /* mbuf chain too short */
}
/*
* the target data is on <n, off>.
* if we got enough data on the mbuf "n", we're done.
*/
if ((off == 0 || offp) && len <= n->m_len - off)
goto ok;
#if defined(PULLDOWN_STAT) && defined(INET6)
ip6stat.ip6s_pulldown_copy++;
#endif
/*
* when len < n->m_len - off and off != 0, it is a special case.
* len bytes from <n, off> sits in single mbuf, but the caller does
* not like the starting position (off).
* chop the current mbuf into two pieces, set off to 0.
*/
if (len < n->m_len - off) {
o = m_copym(n, off, n->m_len - off, M_DONTWAIT);
if (o == NULL) {
m_freem(m);
return NULL; /* ENOBUFS */
}
n->m_len = off;
o->m_next = n->m_next;
n->m_next = o;
n = n->m_next;
off = 0;
goto ok;
}
/*
* we need to take hlen from <n, off> and tlen from <n->m_next, 0>,
* and construct contiguous mbuf with m_len == len.
* note that hlen + tlen == len, and tlen > 0.
*/
hlen = n->m_len - off;
tlen = len - hlen;
/*
* ensure that we have enough trailing data on mbuf chain.
* if not, we can do nothing about the chain.
*/
olen = 0;
for (o = n->m_next; o != NULL; o = o->m_next)
olen += o->m_len;
if (hlen + olen < len) {
m_freem(m);
return NULL; /* mbuf chain too short */
}
/*
* easy cases first.
* we need to use m_copydata() to get data from <n->m_next, 0>.
*/
if ((n->m_flags & M_EXT) == 0)
sharedcluster = 0;
else {
if (n->m_ext.ext_free)
sharedcluster = 1;
else if (m_mclhasreference(n))
sharedcluster = 1;
else
sharedcluster = 0;
}
if ((off == 0 || offp) && M_TRAILINGSPACE(n) >= tlen
&& !sharedcluster) {
m_copydata(n->m_next, 0, tlen, mtod(n, caddr_t) + n->m_len);
n->m_len += tlen;
m_adj(n->m_next, tlen);
goto ok;
}
if ((off == 0 || offp) && M_LEADINGSPACE(n->m_next) >= hlen
&& !sharedcluster) {
n->m_next->m_data -= hlen;
n->m_next->m_len += hlen;
bcopy(mtod(n, caddr_t) + off, mtod(n->m_next, caddr_t), hlen);
n->m_len -= hlen;
n = n->m_next;
off = 0;
goto ok;
}
/*
* now, we need to do the hard way. don't m_copy as there's no room
* on both end.
*/
#if defined(PULLDOWN_STAT) && defined(INET6)
ip6stat.ip6s_pulldown_alloc++;
#endif
MGET(o, M_DONTWAIT, m->m_type);
if (o == NULL) {
m_freem(m);
return NULL; /* ENOBUFS */
}
if (len > MHLEN) { /* use MHLEN just for safety */
MCLGET(o, M_DONTWAIT);
if ((o->m_flags & M_EXT) == 0) {
m_freem(m);
m_free(o);
return NULL; /* ENOBUFS */
}
}
/* get hlen from <n, off> into <o, 0> */
o->m_len = hlen;
bcopy(mtod(n, caddr_t) + off, mtod(o, caddr_t), hlen);
n->m_len -= hlen;
/* get tlen from <n->m_next, 0> into <o, hlen> */
m_copydata(n->m_next, 0, tlen, mtod(o, caddr_t) + o->m_len);
o->m_len += tlen;
m_adj(n->m_next, tlen);
o->m_next = n->m_next;
n->m_next = o;
n = o;
off = 0;
ok:
#ifdef PULLDOWN_DEBUG
{
struct mbuf *t;
printf("after:");
for (t = m; t; t = t->m_next)
printf("%c%d", t == n ? '*' : ' ', t->m_len);
printf(" (off=%d)\n", off);
}
#endif
if (offp)
*offp = off;
return n;
}
/*
* This will broadcast the type 20 (Netbios) packet to all the interfaces
* that have ipx configured and isn't in the list yet.
*/
int
ipx_output_type20(struct mbuf *m)
{
struct ipx *ipx;
union ipx_net *nbnet;
struct ipx_ifaddr *ia, *tia = NULL;
int error = 0;
struct mbuf *m1;
int i;
struct ifnet *ifp;
struct sockaddr_ipx dst;
/*
* We have to get to the 32 bytes after the ipx header also, so
* that we can fill in the network address of the receiving
* interface.
*/
if ((m->m_flags & M_EXT || m->m_len < (sizeof(struct ipx) + 32)) &&
(m = m_pullup(m, sizeof(struct ipx) + 32)) == NULL) {
ipxstat.ipxs_toosmall++;
return (0);
}
ipx = mtod(m, struct ipx *);
nbnet = (union ipx_net *)(ipx + 1);
if (ipx->ipx_tc >= 8)
goto bad;
/*
* Now see if we have already seen this.
*/
for (ia = ipx_ifaddr; ia != NULL; ia = ia->ia_next)
if(ia->ia_ifa.ifa_ifp == m->m_pkthdr.rcvif) {
if(tia == NULL)
tia = ia;
for (i=0;i<ipx->ipx_tc;i++,nbnet++)
if(ipx_neteqnn(ia->ia_addr.sipx_addr.x_net,
*nbnet))
goto bad;
}
/*
* Don't route the packet if the interface where it come from
* does not have an IPX address.
*/
if(tia == NULL)
goto bad;
/*
* Add our receiving interface to the list.
*/
nbnet = (union ipx_net *)(ipx + 1);
nbnet += ipx->ipx_tc;
*nbnet = tia->ia_addr.sipx_addr.x_net;
/*
* Increment the hop count.
*/
ipx->ipx_tc++;
ipxstat.ipxs_forward++;
/*
* Send to all directly connected ifaces not in list and
* not to the one it came from.
*/
m->m_flags &= ~M_BCAST;
bzero(&dst, sizeof(dst));
dst.sipx_family = AF_IPX;
dst.sipx_len = 12;
dst.sipx_addr.x_host = ipx_broadhost;
for (ia = ipx_ifaddr; ia != NULL; ia = ia->ia_next)
if(ia->ia_ifa.ifa_ifp != m->m_pkthdr.rcvif) {
nbnet = (union ipx_net *)(ipx + 1);
for (i=0;i<ipx->ipx_tc;i++,nbnet++)
if(ipx_neteqnn(ia->ia_addr.sipx_addr.x_net,
*nbnet))
goto skip_this;
/*
* Insert the net address of the dest net and
* calculate the new checksum if needed.
*/
ifp = ia->ia_ifa.ifa_ifp;
dst.sipx_addr.x_net = ia->ia_addr.sipx_addr.x_net;
ipx->ipx_dna.x_net = dst.sipx_addr.x_net;
if(ipx->ipx_sum != 0xffff)
ipx->ipx_sum = ipx_cksum(m, ntohs(ipx->ipx_len));
m1 = m_copym(m, 0, M_COPYALL, MB_DONTWAIT);
if(m1) {
error = ifp->if_output(ifp, m1,
(struct sockaddr *)&dst, NULL);
/* XXX ipxstat.ipxs_localout++; */
}
skip_this: ;
}
bad:
m_freem(m);
return (error);
}
int
udp6_input(struct mbuf **mp, int *offp, int proto)
{
struct mbuf *m = *mp;
struct ifnet *ifp;
struct ip6_hdr *ip6;
struct udphdr *uh;
struct inpcb *inp;
struct inpcbinfo *pcbinfo;
struct udpcb *up;
int off = *offp;
int cscov_partial;
int plen, ulen;
struct sockaddr_in6 fromsa;
struct m_tag *fwd_tag;
uint16_t uh_sum;
uint8_t nxt;
ifp = m->m_pkthdr.rcvif;
ip6 = mtod(m, struct ip6_hdr *);
#ifndef PULLDOWN_TEST
IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
ip6 = mtod(m, struct ip6_hdr *);
uh = (struct udphdr *)((caddr_t)ip6 + off);
#else
IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh));
if (!uh)
return (IPPROTO_DONE);
#endif
UDPSTAT_INC(udps_ipackets);
/*
* Destination port of 0 is illegal, based on RFC768.
*/
if (uh->uh_dport == 0)
goto badunlocked;
plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
ulen = ntohs((u_short)uh->uh_ulen);
nxt = proto;
cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0;
if (nxt == IPPROTO_UDPLITE) {
/* Zero means checksum over the complete packet. */
if (ulen == 0)
ulen = plen;
if (ulen == plen)
cscov_partial = 0;
if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) {
/* XXX: What is the right UDPLite MIB counter? */
goto badunlocked;
}
if (uh->uh_sum == 0) {
/* XXX: What is the right UDPLite MIB counter? */
goto badunlocked;
}
} else {
if ((ulen < sizeof(struct udphdr)) || (plen != ulen)) {
UDPSTAT_INC(udps_badlen);
goto badunlocked;
}
if (uh->uh_sum == 0) {
UDPSTAT_INC(udps_nosum);
goto badunlocked;
}
}
if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) &&
!cscov_partial) {
if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
uh_sum = m->m_pkthdr.csum_data;
else
uh_sum = in6_cksum_pseudo(ip6, ulen, nxt,
m->m_pkthdr.csum_data);
uh_sum ^= 0xffff;
} else
uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen);
if (uh_sum != 0) {
UDPSTAT_INC(udps_badsum);
goto badunlocked;
}
/*
* Construct sockaddr format source address.
*/
init_sin6(&fromsa, m);
fromsa.sin6_port = uh->uh_sport;
pcbinfo = udp_get_inpcbinfo(nxt);
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct inpcb *last;
struct inpcbhead *pcblist;
struct ip6_moptions *imo;
INP_INFO_RLOCK(pcbinfo);
/*
* In the event that laddr should be set to the link-local
* address (this happens in RIPng), the multicast address
* specified in the received packet will not match laddr. To
* handle this situation, matching is relaxed if the
* receiving interface is the same as one specified in the
* socket and if the destination multicast address matches
* one of the multicast groups specified in the socket.
*/
/*
* KAME note: traditionally we dropped udpiphdr from mbuf
* here. We need udphdr for IPsec processing so we do that
* later.
*/
pcblist = udp_get_pcblist(nxt);
last = NULL;
LIST_FOREACH(inp, pcblist, inp_list) {
if ((inp->inp_vflag & INP_IPV6) == 0)
continue;
if (inp->inp_lport != uh->uh_dport)
continue;
if (inp->inp_fport != 0 &&
inp->inp_fport != uh->uh_sport)
continue;
if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
&ip6->ip6_dst))
continue;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
&ip6->ip6_src) ||
inp->inp_fport != uh->uh_sport)
continue;
}
/*
* XXXRW: Because we weren't holding either the inpcb
* or the hash lock when we checked for a match
* before, we should probably recheck now that the
* inpcb lock is (supposed to be) held.
*/
/*
* Handle socket delivery policy for any-source
* and source-specific multicast. [RFC3678]
*/
imo = inp->in6p_moptions;
if (imo && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct sockaddr_in6 mcaddr;
int blocked;
INP_RLOCK(inp);
bzero(&mcaddr, sizeof(struct sockaddr_in6));
mcaddr.sin6_len = sizeof(struct sockaddr_in6);
mcaddr.sin6_family = AF_INET6;
mcaddr.sin6_addr = ip6->ip6_dst;
blocked = im6o_mc_filter(imo, ifp,
(struct sockaddr *)&mcaddr,
(struct sockaddr *)&fromsa);
if (blocked != MCAST_PASS) {
if (blocked == MCAST_NOTGMEMBER)
IP6STAT_INC(ip6s_notmember);
if (blocked == MCAST_NOTSMEMBER ||
blocked == MCAST_MUTED)
UDPSTAT_INC(udps_filtermcast);
INP_RUNLOCK(inp); /* XXX */
continue;
}
INP_RUNLOCK(inp);
}
if (last != NULL) {
struct mbuf *n;
if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) !=
NULL) {
INP_RLOCK(last);
UDP_PROBE(receive, NULL, last, ip6,
last, uh);
if (udp6_append(last, n, off, &fromsa))
goto inp_lost;
INP_RUNLOCK(last);
}
}
last = inp;
/*
* Don't look for additional matches if this one does
* not have either the SO_REUSEPORT or SO_REUSEADDR
* socket options set. This heuristic avoids
* searching through all pcbs in the common case of a
* non-shared port. It assumes that an application
* will never clear these options after setting them.
*/
if ((last->inp_socket->so_options &
(SO_REUSEPORT|SO_REUSEADDR)) == 0)
break;
}
if (last == NULL) {
/*
* No matching pcb found; discard datagram. (No need
* to send an ICMP Port Unreachable for a broadcast
* or multicast datgram.)
*/
UDPSTAT_INC(udps_noport);
UDPSTAT_INC(udps_noportmcast);
goto badheadlocked;
}
INP_RLOCK(last);
INP_INFO_RUNLOCK(pcbinfo);
UDP_PROBE(receive, NULL, last, ip6, last, uh);
if (udp6_append(last, m, off, &fromsa) == 0)
INP_RUNLOCK(last);
inp_lost:
return (IPPROTO_DONE);
}
/*
* Locate pcb for datagram.
*/
/*
* Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
*/
if ((m->m_flags & M_IP6_NEXTHOP) &&
(fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
struct sockaddr_in6 *next_hop6;
next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
/*
* Transparently forwarded. Pretend to be the destination.
* Already got one like this?
*/
inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m);
if (!inp) {
/*
* It's new. Try to find the ambushing socket.
* Because we've rewritten the destination address,
* any hardware-generated hash is ignored.
*/
inp = in6_pcblookup(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &next_hop6->sin6_addr,
next_hop6->sin6_port ? htons(next_hop6->sin6_port) :
uh->uh_dport, INPLOOKUP_WILDCARD |
INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif);
}
/* Remove the tag from the packet. We don't need it anymore. */
m_tag_delete(m, fwd_tag);
m->m_flags &= ~M_IP6_NEXTHOP;
} else
inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
m->m_pkthdr.rcvif, m);
if (inp == NULL) {
if (udp_log_in_vain) {
char ip6bufs[INET6_ADDRSTRLEN];
char ip6bufd[INET6_ADDRSTRLEN];
log(LOG_INFO,
"Connection attempt to UDP [%s]:%d from [%s]:%d\n",
ip6_sprintf(ip6bufd, &ip6->ip6_dst),
ntohs(uh->uh_dport),
ip6_sprintf(ip6bufs, &ip6->ip6_src),
ntohs(uh->uh_sport));
}
UDPSTAT_INC(udps_noport);
if (m->m_flags & M_MCAST) {
printf("UDP6: M_MCAST is set in a unicast packet.\n");
UDPSTAT_INC(udps_noportmcast);
goto badunlocked;
}
if (V_udp_blackhole)
goto badunlocked;
if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
goto badunlocked;
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
return (IPPROTO_DONE);
}
INP_RLOCK_ASSERT(inp);
up = intoudpcb(inp);
if (cscov_partial) {
if (up->u_rxcslen == 0 || up->u_rxcslen > ulen) {
INP_RUNLOCK(inp);
m_freem(m);
return (IPPROTO_DONE);
}
}
UDP_PROBE(receive, NULL, inp, ip6, inp, uh);
if (udp6_append(inp, m, off, &fromsa) == 0)
INP_RUNLOCK(inp);
return (IPPROTO_DONE);
badheadlocked:
INP_INFO_RUNLOCK(pcbinfo);
badunlocked:
if (m)
m_freem(m);
return (IPPROTO_DONE);
}
int
raw_usrreq(struct socket *so,
int req,
struct mbuf *m,
struct mbuf *nam,
struct mbuf *control)
{
register struct rawcb *rp = sotorawcb(so);
register int error = 0;
int len;
if (req == PRU_CONTROL)
return (EOPNOTSUPP);
if (control && control->m_len) {
error = EOPNOTSUPP;
goto release;
}
if (rp == 0) {
error = EINVAL;
goto release;
}
switch (req) {
/*
* Allocate a raw control block and fill in the
* necessary info to allow packets to be routed to
* the appropriate raw interface routine.
*/
case PRU_ATTACH:
if ((so->so_state & SS_PRIV) == 0) {
error = EACCES;
break;
}
error = raw_attach(so, (int)nam);
break;
/*
* Destroy state just before socket deallocation.
* Flush data or not depending on the options.
*/
case PRU_DETACH:
if (rp == 0) {
error = ENOTCONN;
break;
}
raw_detach(rp);
break;
#ifdef notdef
/*
* If a socket isn't bound to a single address,
* the raw input routine will hand it anything
* within that protocol family (assuming there's
* nothing else around it should go to).
*/
case PRU_CONNECT:
if (rp->rcb_faddr) {
error = EISCONN;
break;
}
nam = m_copym(nam, 0, M_COPYALL, M_WAIT);
rp->rcb_faddr = mtod(nam, struct sockaddr *);
soisconnected(so);
break;
case PRU_BIND:
if (rp->rcb_laddr) {
error = EINVAL; /* XXX */
break;
}
error = raw_bind(so, nam);
break;
#endif
case PRU_CONNECT2:
error = EOPNOTSUPP;
goto release;
case PRU_DISCONNECT:
if (rp->rcb_faddr == 0) {
error = ENOTCONN;
break;
}
raw_disconnect(rp);
soisdisconnected(so);
break;
/*
* Mark the connection as being incapable of further input.
*/
case PRU_SHUTDOWN:
socantsendmore(so);
break;
/*
* Ship a packet out. The appropriate raw output
* routine handles any massaging necessary.
*/
case PRU_SEND:
if (nam) {
if (rp->rcb_faddr) {
error = EISCONN;
break;
}
rp->rcb_faddr = mtod(nam, struct sockaddr *);
} else if (rp->rcb_faddr == 0) {
error = ENOTCONN;
break;
}
error = (*so->so_proto->pr_output)(m, so);
m = NULL;
if (nam)
rp->rcb_faddr = 0;
break;
case PRU_ABORT:
raw_disconnect(rp);
sofree(so);
soisdisconnected(so);
break;
case PRU_SENSE:
/*
* stat: don't bother with a blocksize.
*/
return (0);
/*
* Not supported.
*/
case PRU_RCVOOB:
case PRU_RCVD:
return(EOPNOTSUPP);
case PRU_LISTEN:
case PRU_ACCEPT:
case PRU_SENDOOB:
error = EOPNOTSUPP;
break;
case PRU_SOCKADDR:
if (rp->rcb_laddr == 0) {
error = EINVAL;
break;
}
len = rp->rcb_laddr->sa_len;
aligned_bcopy((caddr_t)rp->rcb_laddr, mtod(nam, caddr_t), (unsigned)len);
nam->m_len = len;
break;
case PRU_PEERADDR:
if (rp->rcb_faddr == 0) {
error = ENOTCONN;
break;
}
len = rp->rcb_faddr->sa_len;
aligned_bcopy((caddr_t)rp->rcb_faddr, mtod(nam, caddr_t), (unsigned)len);
nam->m_len = len;
break;
default:
panic("raw_usrreq");
}
static int
kttcp_soreceive(struct socket *so, unsigned long long slen,
unsigned long long *done, struct lwp *l, int *flagsp)
{
struct mbuf *m, **mp;
int flags, len, error, offset, moff, type;
long long orig_resid, resid;
const struct protosw *pr;
struct mbuf *nextrecord;
pr = so->so_proto;
mp = NULL;
type = 0;
resid = orig_resid = slen;
if (flagsp)
flags = *flagsp &~ MSG_EOR;
else
flags = 0;
if (flags & MSG_OOB) {
m = m_get(M_WAIT, MT_DATA);
solock(so);
error = (*pr->pr_usrreqs->pr_recvoob)(so, m, flags & MSG_PEEK);
sounlock(so);
if (error)
goto bad;
do {
resid -= min(resid, m->m_len);
m = m_free(m);
} while (resid && error == 0 && m);
bad:
if (m)
m_freem(m);
return (error);
}
if (mp)
*mp = NULL;
solock(so);
restart:
if ((error = sblock(&so->so_rcv, SBLOCKWAIT(flags))) != 0)
return (error);
m = so->so_rcv.sb_mb;
/*
* If we have less data than requested, block awaiting more
* (subject to any timeout) if:
* 1. the current count is less than the low water mark,
* 2. MSG_WAITALL is set, and it is possible to do the entire
* receive operation at once if we block (resid <= hiwat), or
* 3. MSG_DONTWAIT is not set.
* If MSG_WAITALL is set but resid is larger than the receive buffer,
* we have to do the receive in sections, and thus risk returning
* a short count if a timeout or signal occurs after we start.
*/
if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
so->so_rcv.sb_cc < resid) &&
(so->so_rcv.sb_cc < so->so_rcv.sb_lowat ||
((flags & MSG_WAITALL) && resid <= so->so_rcv.sb_hiwat)) &&
m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
#ifdef DIAGNOSTIC
if (m == NULL && so->so_rcv.sb_cc)
panic("receive 1");
#endif
if (so->so_error) {
if (m)
goto dontblock;
error = so->so_error;
if ((flags & MSG_PEEK) == 0)
so->so_error = 0;
goto release;
}
if (so->so_state & SS_CANTRCVMORE) {
if (m)
goto dontblock;
else
goto release;
}
for (; m; m = m->m_next)
if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
m = so->so_rcv.sb_mb;
goto dontblock;
}
if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
(so->so_proto->pr_flags & PR_CONNREQUIRED)) {
error = ENOTCONN;
goto release;
}
if (resid == 0)
goto release;
if ((so->so_state & SS_NBIO) ||
(flags & (MSG_DONTWAIT|MSG_NBIO))) {
error = EWOULDBLOCK;
goto release;
}
sbunlock(&so->so_rcv);
error = sbwait(&so->so_rcv);
if (error) {
sounlock(so);
return (error);
}
goto restart;
}
dontblock:
/*
* On entry here, m points to the first record of the socket buffer.
* While we process the initial mbufs containing address and control
* info, we save a copy of m->m_nextpkt into nextrecord.
*/
#ifdef notyet /* XXXX */
if (uio->uio_lwp)
uio->uio_lwp->l_ru.ru_msgrcv++;
#endif
KASSERT(m == so->so_rcv.sb_mb);
SBLASTRECORDCHK(&so->so_rcv, "kttcp_soreceive 1");
SBLASTMBUFCHK(&so->so_rcv, "kttcp_soreceive 1");
nextrecord = m->m_nextpkt;
if (pr->pr_flags & PR_ADDR) {
#ifdef DIAGNOSTIC
if (m->m_type != MT_SONAME)
panic("receive 1a");
#endif
orig_resid = 0;
if (flags & MSG_PEEK) {
m = m->m_next;
} else {
sbfree(&so->so_rcv, m);
MFREE(m, so->so_rcv.sb_mb);
m = so->so_rcv.sb_mb;
}
}
while (m && m->m_type == MT_CONTROL && error == 0) {
if (flags & MSG_PEEK) {
m = m->m_next;
} else {
sbfree(&so->so_rcv, m);
MFREE(m, so->so_rcv.sb_mb);
m = so->so_rcv.sb_mb;
}
}
/*
* If m is non-NULL, we have some data to read. From now on,
* make sure to keep sb_lastrecord consistent when working on
* the last packet on the chain (nextrecord == NULL) and we
* change m->m_nextpkt.
*/
if (m) {
if ((flags & MSG_PEEK) == 0) {
m->m_nextpkt = nextrecord;
/*
* If nextrecord == NULL (this is a single chain),
* then sb_lastrecord may not be valid here if m
* was changed earlier.
*/
if (nextrecord == NULL) {
KASSERT(so->so_rcv.sb_mb == m);
so->so_rcv.sb_lastrecord = m;
}
}
type = m->m_type;
if (type == MT_OOBDATA)
flags |= MSG_OOB;
} else {
if ((flags & MSG_PEEK) == 0) {
KASSERT(so->so_rcv.sb_mb == m);
so->so_rcv.sb_mb = nextrecord;
SB_EMPTY_FIXUP(&so->so_rcv);
}
}
SBLASTRECORDCHK(&so->so_rcv, "kttcp_soreceive 2");
SBLASTMBUFCHK(&so->so_rcv, "kttcp_soreceive 2");
moff = 0;
offset = 0;
while (m && resid > 0 && error == 0) {
if (m->m_type == MT_OOBDATA) {
if (type != MT_OOBDATA)
break;
} else if (type == MT_OOBDATA)
break;
#ifdef DIAGNOSTIC
else if (m->m_type != MT_DATA && m->m_type != MT_HEADER)
panic("receive 3");
#endif
so->so_state &= ~SS_RCVATMARK;
len = resid;
if (so->so_oobmark && len > so->so_oobmark - offset)
len = so->so_oobmark - offset;
if (len > m->m_len - moff)
len = m->m_len - moff;
/*
* If mp is set, just pass back the mbufs.
* Otherwise copy them out via the uio, then free.
* Sockbuf must be consistent here (points to current mbuf,
* it points to next record) when we drop priority;
* we must note any additions to the sockbuf when we
* block interrupts again.
*/
resid -= len;
if (len == m->m_len - moff) {
if (m->m_flags & M_EOR)
flags |= MSG_EOR;
if (flags & MSG_PEEK) {
m = m->m_next;
moff = 0;
} else {
nextrecord = m->m_nextpkt;
sbfree(&so->so_rcv, m);
if (mp) {
*mp = m;
mp = &m->m_next;
so->so_rcv.sb_mb = m = m->m_next;
*mp = NULL;
} else {
MFREE(m, so->so_rcv.sb_mb);
m = so->so_rcv.sb_mb;
}
/*
* If m != NULL, we also know that
* so->so_rcv.sb_mb != NULL.
*/
KASSERT(so->so_rcv.sb_mb == m);
if (m) {
m->m_nextpkt = nextrecord;
if (nextrecord == NULL)
so->so_rcv.sb_lastrecord = m;
} else {
so->so_rcv.sb_mb = nextrecord;
SB_EMPTY_FIXUP(&so->so_rcv);
}
SBLASTRECORDCHK(&so->so_rcv,
"kttcp_soreceive 3");
SBLASTMBUFCHK(&so->so_rcv,
"kttcp_soreceive 3");
}
} else {
if (flags & MSG_PEEK)
moff += len;
else {
if (mp) {
sounlock(so);
*mp = m_copym(m, 0, len, M_WAIT);
solock(so);
}
m->m_data += len;
m->m_len -= len;
so->so_rcv.sb_cc -= len;
}
}
if (so->so_oobmark) {
if ((flags & MSG_PEEK) == 0) {
so->so_oobmark -= len;
if (so->so_oobmark == 0) {
so->so_state |= SS_RCVATMARK;
break;
}
} else {
offset += len;
if (offset == so->so_oobmark)
break;
}
}
if (flags & MSG_EOR)
break;
/*
* If the MSG_WAITALL flag is set (for non-atomic socket),
* we must not quit until "uio->uio_resid == 0" or an error
* termination. If a signal/timeout occurs, return
* with a short count but without error.
* Keep sockbuf locked against other readers.
*/
while (flags & MSG_WAITALL && m == NULL && resid > 0 &&
!sosendallatonce(so) && !nextrecord) {
if (so->so_error || so->so_state & SS_CANTRCVMORE)
break;
/*
* If we are peeking and the socket receive buffer is
* full, stop since we can't get more data to peek at.
*/
if ((flags & MSG_PEEK) && sbspace(&so->so_rcv) <= 0)
break;
/*
* If we've drained the socket buffer, tell the
* protocol in case it needs to do something to
* get it filled again.
*/
if ((pr->pr_flags & PR_WANTRCVD) && so->so_pcb) {
(*pr->pr_usrreqs->pr_rcvd)(so, flags, l);
}
SBLASTRECORDCHK(&so->so_rcv,
"kttcp_soreceive sbwait 2");
SBLASTMBUFCHK(&so->so_rcv,
"kttcp_soreceive sbwait 2");
error = sbwait(&so->so_rcv);
if (error) {
sbunlock(&so->so_rcv);
sounlock(so);
return (0);
}
if ((m = so->so_rcv.sb_mb) != NULL)
nextrecord = m->m_nextpkt;
}
}
if (m && pr->pr_flags & PR_ATOMIC) {
flags |= MSG_TRUNC;
if ((flags & MSG_PEEK) == 0)
(void) sbdroprecord(&so->so_rcv);
}
if ((flags & MSG_PEEK) == 0) {
if (m == NULL) {
/*
* First part is an SB_EMPTY_FIXUP(). Second part
* makes sure sb_lastrecord is up-to-date if
* there is still data in the socket buffer.
*/
so->so_rcv.sb_mb = nextrecord;
if (so->so_rcv.sb_mb == NULL) {
so->so_rcv.sb_mbtail = NULL;
so->so_rcv.sb_lastrecord = NULL;
} else if (nextrecord->m_nextpkt == NULL)
so->so_rcv.sb_lastrecord = nextrecord;
}
SBLASTRECORDCHK(&so->so_rcv, "kttcp_soreceive 4");
SBLASTMBUFCHK(&so->so_rcv, "kttcp_soreceive 4");
if (pr->pr_flags & PR_WANTRCVD && so->so_pcb) {
(*pr->pr_usrreqs->pr_rcvd)(so, flags, l);
}
}
if (orig_resid == resid && orig_resid &&
(flags & MSG_EOR) == 0 && (so->so_state & SS_CANTRCVMORE) == 0) {
sbunlock(&so->so_rcv);
goto restart;
}
if (flagsp)
*flagsp |= flags;
release:
sbunlock(&so->so_rcv);
sounlock(so);
*done = slen - resid;
#if 0
printf("soreceive: error %d slen %llu resid %lld\n", error, slen, resid);
#endif
return (error);
}
/*
* Do a remote procedure call (RPC) and wait for its reply.
* If from_p is non-null, then we are doing broadcast, and
* the address from whence the response came is saved there.
* data: input/output
* from_p: output
*/
int
krpc_call(struct sockaddr_in *sa, u_int prog, u_int vers, u_int func,
struct mbuf **data, struct mbuf **from_p, int retries)
{
struct socket *so;
struct sockaddr_in *sin;
struct mbuf *m, *nam, *mhead, *from, *mopt;
struct rpc_call *call;
struct rpc_reply *reply;
struct uio auio;
int error, rcvflg, timo, secs, len;
static u_int32_t xid = 0;
char addr[INET_ADDRSTRLEN];
int *ip;
struct timeval tv;
/*
* Validate address family.
* Sorry, this is INET specific...
*/
if (sa->sin_family != AF_INET)
return (EAFNOSUPPORT);
/* Free at end if not null. */
nam = mhead = NULL;
from = NULL;
/*
* Create socket and set its receive timeout.
*/
if ((error = socreate(AF_INET, &so, SOCK_DGRAM, 0)))
goto out;
m = m_get(M_WAIT, MT_SOOPTS);
tv.tv_sec = 1;
tv.tv_usec = 0;
memcpy(mtod(m, struct timeval *), &tv, sizeof tv);
m->m_len = sizeof(tv);
if ((error = sosetopt(so, SOL_SOCKET, SO_RCVTIMEO, m)))
goto out;
/*
* Enable broadcast if necessary.
*/
if (from_p) {
int32_t *on;
m = m_get(M_WAIT, MT_SOOPTS);
on = mtod(m, int32_t *);
m->m_len = sizeof(*on);
*on = 1;
if ((error = sosetopt(so, SOL_SOCKET, SO_BROADCAST, m)))
goto out;
}
/*
* Bind the local endpoint to a reserved port,
* because some NFS servers refuse requests from
* non-reserved (non-privileged) ports.
*/
MGET(mopt, M_WAIT, MT_SOOPTS);
mopt->m_len = sizeof(int);
ip = mtod(mopt, int *);
*ip = IP_PORTRANGE_LOW;
error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt);
if (error)
goto out;
MGET(m, M_WAIT, MT_SONAME);
sin = mtod(m, struct sockaddr_in *);
sin->sin_len = m->m_len = sizeof (struct sockaddr_in);
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = INADDR_ANY;
sin->sin_port = htons(0);
error = sobind(so, m, &proc0);
m_freem(m);
if (error) {
printf("bind failed\n");
goto out;
}
MGET(mopt, M_WAIT, MT_SOOPTS);
mopt->m_len = sizeof(int);
ip = mtod(mopt, int *);
*ip = IP_PORTRANGE_DEFAULT;
error = sosetopt(so, IPPROTO_IP, IP_PORTRANGE, mopt);
if (error)
goto out;
/*
* Setup socket address for the server.
*/
nam = m_get(M_WAIT, MT_SONAME);
sin = mtod(nam, struct sockaddr_in *);
bcopy((caddr_t)sa, (caddr_t)sin, (nam->m_len = sa->sin_len));
/*
* Prepend RPC message header.
*/
mhead = m_gethdr(M_WAIT, MT_DATA);
mhead->m_next = *data;
call = mtod(mhead, struct rpc_call *);
mhead->m_len = sizeof(*call);
bzero((caddr_t)call, sizeof(*call));
/* rpc_call part */
xid = krpc_get_xid();
call->rp_xid = txdr_unsigned(xid);
/* call->rp_direction = 0; */
call->rp_rpcvers = txdr_unsigned(2);
call->rp_prog = txdr_unsigned(prog);
call->rp_vers = txdr_unsigned(vers);
call->rp_proc = txdr_unsigned(func);
/* rpc_auth part (auth_unix as root) */
call->rpc_auth.authtype = txdr_unsigned(RPCAUTH_UNIX);
call->rpc_auth.authlen = txdr_unsigned(sizeof(struct auth_unix));
/* rpc_verf part (auth_null) */
call->rpc_verf.authtype = 0;
call->rpc_verf.authlen = 0;
/*
* Setup packet header
*/
len = 0;
m = mhead;
while (m) {
len += m->m_len;
m = m->m_next;
}
mhead->m_pkthdr.len = len;
mhead->m_pkthdr.rcvif = NULL;
/*
* Send it, repeatedly, until a reply is received,
* but delay each re-send by an increasing amount.
* If the delay hits the maximum, start complaining.
*/
for (timo = 0; retries; retries--) {
/* Send RPC request (or re-send). */
m = m_copym(mhead, 0, M_COPYALL, M_WAIT);
if (m == NULL) {
error = ENOBUFS;
goto out;
}
error = sosend(so, nam, NULL, m, NULL, 0);
if (error) {
printf("krpc_call: sosend: %d\n", error);
goto out;
}
m = NULL;
/* Determine new timeout. */
if (timo < MAX_RESEND_DELAY)
timo++;
else
printf("RPC timeout for server %s (0x%x) prog %u\n",
inet_ntop(AF_INET, &sin->sin_addr,
addr, sizeof(addr)),
ntohl(sin->sin_addr.s_addr), prog);
/*
* Wait for up to timo seconds for a reply.
* The socket receive timeout was set to 1 second.
*/
secs = timo;
while (secs > 0) {
if (from) {
m_freem(from);
from = NULL;
}
if (m) {
m_freem(m);
m = NULL;
}
auio.uio_resid = len = 1<<16;
auio.uio_procp = NULL;
rcvflg = 0;
error = soreceive(so, &from, &auio, &m, NULL, &rcvflg,
0);
if (error == EWOULDBLOCK) {
secs--;
continue;
}
if (error)
goto out;
len -= auio.uio_resid;
/* Does the reply contain at least a header? */
if (len < MIN_REPLY_HDR)
continue;
if (m->m_len < MIN_REPLY_HDR)
continue;
reply = mtod(m, struct rpc_reply *);
/* Is it the right reply? */
if (reply->rp_direction != txdr_unsigned(RPC_REPLY))
continue;
if (reply->rp_xid != txdr_unsigned(xid))
continue;
/* Was RPC accepted? (authorization OK) */
if (reply->rp_astatus != 0) {
error = fxdr_unsigned(u_int32_t, reply->rp_errno);
printf("rpc denied, error=%d\n", error);
continue;
}
/* Did the call succeed? */
if (reply->rp_status != 0) {
error = fxdr_unsigned(u_int32_t, reply->rp_status);
printf("rpc denied, status=%d\n", error);
continue;
}
goto gotreply; /* break two levels */
} /* while secs */
} /* forever send/receive */
error = ETIMEDOUT;
goto out;
gotreply:
/*
* Get RPC reply header into first mbuf,
* get its length, then strip it off.
*/
len = sizeof(*reply);
if (m->m_len < len) {
m = m_pullup(m, len);
if (m == NULL) {
error = ENOBUFS;
goto out;
}
}
reply = mtod(m, struct rpc_reply *);
if (reply->rp_auth.authtype != 0) {
len += fxdr_unsigned(u_int32_t, reply->rp_auth.authlen);
len = (len + 3) & ~3; /* XXX? */
}
m_adj(m, len);
/* result */
*data = m;
if (from_p && error == 0) {
*from_p = from;
from = NULL;
}
out:
if (nam) m_freem(nam);
if (mhead) m_freem(mhead);
if (from) m_freem(from);
soclose(so);
return error;
}
/*
* Look for the request in the cache
* If found then
* return action and optionally reply
* else
* insert it in the cache
*
* The rules are as follows:
* - if in progress, return DROP request
* - if completed within DELAY of the current time, return DROP it
* - if completed a longer time ago return REPLY if the reply was cached or
* return DOIT
* Update/add new request at end of lru list
*/
int
nfsrv_getcache(struct nfsrv_descript *nd, struct nfssvc_sock *slp,
struct mbuf **repp)
{
struct nfsrvhash *hash;
struct nfsrvcache *rp;
struct mbuf *mb;
struct sockaddr_in *saddr;
int ret;
/*
* Don't cache recent requests for reliable transport protocols.
* (Maybe we should for the case of a reconnect, but..)
*/
if (!nd->nd_nam2)
return (RC_DOIT);
rp = nfsrv_lookupcache(nd);
if (rp) {
/* If not at end of LRU chain, move it there */
if (TAILQ_NEXT(rp, rc_lru)) {
TAILQ_REMOVE(&nfsrvlruhead, rp, rc_lru);
TAILQ_INSERT_TAIL(&nfsrvlruhead, rp, rc_lru);
}
if (rp->rc_state == RC_UNUSED)
panic("nfsrv cache");
if (rp->rc_state == RC_INPROG) {
nfsstats.srvcache_inproghits++;
ret = RC_DROPIT;
} else if (rp->rc_flag & RC_REPSTATUS) {
nfsstats.srvcache_nonidemdonehits++;
nfs_rephead(0, nd, slp, rp->rc_status, repp, &mb);
ret = RC_REPLY;
} else if (rp->rc_flag & RC_REPMBUF) {
nfsstats.srvcache_nonidemdonehits++;
*repp = m_copym(rp->rc_reply, 0, M_COPYALL, M_WAIT);
ret = RC_REPLY;
} else {
nfsstats.srvcache_idemdonehits++;
rp->rc_state = RC_INPROG;
ret = RC_DOIT;
}
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup(rp);
}
return (ret);
}
nfsstats.srvcache_misses++;
if (numnfsrvcache < desirednfsrvcache) {
rp = malloc(sizeof(*rp), M_NFSD, M_WAITOK|M_ZERO);
numnfsrvcache++;
rp->rc_flag = RC_LOCKED;
} else {
rp = TAILQ_FIRST(&nfsrvlruhead);
while ((rp->rc_flag & RC_LOCKED) != 0) {
rp->rc_flag |= RC_WANTED;
tsleep(rp, PZERO-1, "nfsrc", 0);
rp = TAILQ_FIRST(&nfsrvlruhead);
}
rp->rc_flag |= RC_LOCKED;
LIST_REMOVE(rp, rc_hash);
TAILQ_REMOVE(&nfsrvlruhead, rp, rc_lru);
nfsrv_cleanentry(rp);
rp->rc_flag &= (RC_LOCKED | RC_WANTED);
}
TAILQ_INSERT_TAIL(&nfsrvlruhead, rp, rc_lru);
rp->rc_state = RC_INPROG;
rp->rc_xid = nd->nd_retxid;
saddr = mtod(nd->nd_nam, struct sockaddr_in *);
switch (saddr->sin_family) {
case AF_INET:
rp->rc_flag |= RC_INETADDR;
rp->rc_inetaddr = saddr->sin_addr.s_addr;
break;
default:
rp->rc_flag |= RC_NAM;
rp->rc_nam = m_copym(nd->nd_nam, 0, M_COPYALL, M_WAIT);
break;
};
rp->rc_proc = nd->nd_procnum;
hash = NFSRCHASH(nd->nd_retxid);
LIST_INSERT_HEAD(hash, rp, rc_hash);
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup(rp);
}
return (RC_DOIT);
}
/*
* FDDI output routine.
* Encapsulate a packet of type family for the local net.
* Use trailer local net encapsulation if enough data in first
* packet leaves a multiple of 512 bytes of data in remainder.
*/
static int
fddi_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
struct route *ro)
{
u_int16_t type;
int loop_copy = 0, error = 0, hdrcmplt = 0;
u_char esrc[FDDI_ADDR_LEN], edst[FDDI_ADDR_LEN];
struct fddi_header *fh;
#if defined(INET) || defined(INET6)
int is_gw = 0;
#endif
#ifdef MAC
error = mac_ifnet_check_transmit(ifp, m);
if (error)
senderr(error);
#endif
if (ifp->if_flags & IFF_MONITOR)
senderr(ENETDOWN);
if (!((ifp->if_flags & IFF_UP) &&
(ifp->if_drv_flags & IFF_DRV_RUNNING)))
senderr(ENETDOWN);
getmicrotime(&ifp->if_lastchange);
#if defined(INET) || defined(INET6)
if (ro != NULL)
is_gw = (ro->ro_flags & RT_HAS_GW) != 0;
#endif
switch (dst->sa_family) {
#ifdef INET
case AF_INET: {
error = arpresolve(ifp, is_gw, m, dst, edst, NULL, NULL);
if (error)
return (error == EWOULDBLOCK ? 0 : error);
type = htons(ETHERTYPE_IP);
break;
}
case AF_ARP:
{
struct arphdr *ah;
ah = mtod(m, struct arphdr *);
ah->ar_hrd = htons(ARPHRD_ETHER);
loop_copy = -1; /* if this is for us, don't do it */
switch (ntohs(ah->ar_op)) {
case ARPOP_REVREQUEST:
case ARPOP_REVREPLY:
type = htons(ETHERTYPE_REVARP);
break;
case ARPOP_REQUEST:
case ARPOP_REPLY:
default:
type = htons(ETHERTYPE_ARP);
break;
}
if (m->m_flags & M_BCAST)
bcopy(ifp->if_broadcastaddr, edst, FDDI_ADDR_LEN);
else
bcopy(ar_tha(ah), edst, FDDI_ADDR_LEN);
}
break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
error = nd6_resolve(ifp, is_gw, m, dst, edst, NULL, NULL);
if (error)
return (error == EWOULDBLOCK ? 0 : error);
type = htons(ETHERTYPE_IPV6);
break;
#endif /* INET6 */
case pseudo_AF_HDRCMPLT:
{
const struct ether_header *eh;
hdrcmplt = 1;
eh = (const struct ether_header *)dst->sa_data;
bcopy(eh->ether_shost, esrc, FDDI_ADDR_LEN);
/* FALLTHROUGH */
}
case AF_UNSPEC:
{
const struct ether_header *eh;
loop_copy = -1;
eh = (const struct ether_header *)dst->sa_data;
bcopy(eh->ether_dhost, edst, FDDI_ADDR_LEN);
if (*edst & 1)
m->m_flags |= (M_BCAST|M_MCAST);
type = eh->ether_type;
break;
}
case AF_IMPLINK:
{
fh = mtod(m, struct fddi_header *);
error = EPROTONOSUPPORT;
switch (fh->fddi_fc & (FDDIFC_C|FDDIFC_L|FDDIFC_F)) {
case FDDIFC_LLC_ASYNC: {
/* legal priorities are 0 through 7 */
if ((fh->fddi_fc & FDDIFC_Z) > 7)
goto bad;
break;
}
case FDDIFC_LLC_SYNC: {
/* FDDIFC_Z bits reserved, must be zero */
if (fh->fddi_fc & FDDIFC_Z)
goto bad;
break;
}
case FDDIFC_SMT: {
/* FDDIFC_Z bits must be non zero */
if ((fh->fddi_fc & FDDIFC_Z) == 0)
goto bad;
break;
}
default: {
/* anything else is too dangerous */
goto bad;
}
}
error = 0;
if (fh->fddi_dhost[0] & 1)
m->m_flags |= (M_BCAST|M_MCAST);
goto queue_it;
}
default:
if_printf(ifp, "can't handle af%d\n", dst->sa_family);
senderr(EAFNOSUPPORT);
}
/*
* Add LLC header.
*/
if (type != 0) {
struct llc *l;
M_PREPEND(m, LLC_SNAPFRAMELEN, M_NOWAIT);
if (m == NULL)
senderr(ENOBUFS);
l = mtod(m, struct llc *);
l->llc_control = LLC_UI;
l->llc_dsap = l->llc_ssap = LLC_SNAP_LSAP;
l->llc_snap.org_code[0] =
l->llc_snap.org_code[1] =
l->llc_snap.org_code[2] = 0;
l->llc_snap.ether_type = htons(type);
}
/*
* Add local net header. If no space in first mbuf,
* allocate another.
*/
M_PREPEND(m, FDDI_HDR_LEN, M_NOWAIT);
if (m == NULL)
senderr(ENOBUFS);
fh = mtod(m, struct fddi_header *);
fh->fddi_fc = FDDIFC_LLC_ASYNC|FDDIFC_LLC_PRIO4;
bcopy((caddr_t)edst, (caddr_t)fh->fddi_dhost, FDDI_ADDR_LEN);
queue_it:
if (hdrcmplt)
bcopy((caddr_t)esrc, (caddr_t)fh->fddi_shost, FDDI_ADDR_LEN);
else
bcopy(IF_LLADDR(ifp), (caddr_t)fh->fddi_shost,
FDDI_ADDR_LEN);
/*
* If a simplex interface, and the packet is being sent to our
* Ethernet address or a broadcast address, loopback a copy.
* XXX To make a simplex device behave exactly like a duplex
* device, we should copy in the case of sending to our own
* ethernet address (thus letting the original actually appear
* on the wire). However, we don't do that here for security
* reasons and compatibility with the original behavior.
*/
if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) {
if ((m->m_flags & M_BCAST) || (loop_copy > 0)) {
struct mbuf *n;
n = m_copym(m, 0, M_COPYALL, M_NOWAIT);
(void) if_simloop(ifp, n, dst->sa_family,
FDDI_HDR_LEN);
} else if (bcmp(fh->fddi_dhost, fh->fddi_shost,
FDDI_ADDR_LEN) == 0) {
(void) if_simloop(ifp, m, dst->sa_family,
FDDI_HDR_LEN);
return (0); /* XXX */
}
}
error = (ifp->if_transmit)(ifp, m);
if (error)
if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
return (error);
bad:
if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
if (m)
m_freem(m);
return (error);
}
int
ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
{
struct mf6c *rt;
struct mif6 *mifp;
struct mbuf *mm;
int s;
mifi_t mifi;
struct sockaddr_in6 sin6;
char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &ip6->ip6_src, src, sizeof(src));
inet_ntop(AF_INET6, &ip6->ip6_dst, dst, sizeof(dst));
#ifdef MRT6DEBUG
if (mrt6debug & DEBUG_FORWARD)
log(LOG_DEBUG, "ip6_mforward: src %s, dst %s, ifindex %d\n",
src, dst, ifp->if_index);
#endif
/*
* Don't forward a packet with Hop limit of zero or one,
* or a packet destined to a local-only group.
*/
if (ip6->ip6_hlim <= 1 || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) ||
IN6_IS_ADDR_MC_LINKLOCAL(&ip6->ip6_dst))
return 0;
ip6->ip6_hlim--;
/*
* Source address check: do not forward packets with unspecified
* source. It was discussed in July 2000, on ipngwg mailing list.
* This is rather more serious than unicast cases, because some
* MLD packets can be sent with the unspecified source address
* (although such packets must normally set 1 to the hop limit field).
*/
if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
if (ip6_log_time + ip6_log_interval < time_second) {
ip6_log_time = time_second;
log(LOG_DEBUG,
"cannot forward "
"from %s to %s nxt %d received on interface %u\n",
src, dst,
ip6->ip6_nxt,
m->m_pkthdr.ph_ifidx);
}
return 0;
}
/*
* Determine forwarding mifs from the forwarding cache table
*/
s = splsoftnet();
MF6CFIND(ip6->ip6_src, ip6->ip6_dst, rt);
/* Entry exists, so forward if necessary */
if (rt) {
splx(s);
return (ip6_mdq(m, ifp, rt));
} else {
/*
* If we don't have a route for packet's origin,
* Make a copy of the packet &
* send message to routing daemon
*/
struct mbuf *mb0;
struct rtdetq *rte;
u_long hash;
mrt6stat.mrt6s_no_route++;
#ifdef MRT6DEBUG
if (mrt6debug & (DEBUG_FORWARD | DEBUG_MFC))
log(LOG_DEBUG, "ip6_mforward: no rte s %s g %s\n",
src, dst);
#endif
/*
* Allocate mbufs early so that we don't do extra work if we
* are just going to fail anyway.
*/
rte = (struct rtdetq *)malloc(sizeof(*rte), M_MRTABLE,
M_NOWAIT);
if (rte == NULL) {
splx(s);
return ENOBUFS;
}
mb0 = m_copym(m, 0, M_COPYALL, M_NOWAIT);
/*
* Pullup packet header if needed before storing it,
* as other references may modify it in the meantime.
*/
if (mb0 &&
(M_READONLY(mb0) || mb0->m_len < sizeof(struct ip6_hdr)))
mb0 = m_pullup(mb0, sizeof(struct ip6_hdr));
if (mb0 == NULL) {
free(rte, M_MRTABLE, 0);
splx(s);
return ENOBUFS;
}
/* is there an upcall waiting for this packet? */
hash = MF6CHASH(ip6->ip6_src, ip6->ip6_dst);
for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_src,
&rt->mf6c_origin.sin6_addr) &&
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
&rt->mf6c_mcastgrp.sin6_addr) &&
(rt->mf6c_stall != NULL))
break;
}
if (rt == NULL) {
struct mrt6msg *im;
/* no upcall, so make a new entry */
rt = (struct mf6c *)malloc(sizeof(*rt), M_MRTABLE,
M_NOWAIT);
if (rt == NULL) {
free(rte, M_MRTABLE, 0);
m_freem(mb0);
splx(s);
return ENOBUFS;
}
/*
* Make a copy of the header to send to the user
* level process
*/
mm = m_copym(mb0, 0, sizeof(struct ip6_hdr), M_NOWAIT);
if (mm == NULL) {
free(rte, M_MRTABLE, 0);
m_freem(mb0);
free(rt, M_MRTABLE, 0);
splx(s);
return ENOBUFS;
}
/*
* Send message to routing daemon
*/
(void)memset(&sin6, 0, sizeof(sin6));
sin6.sin6_len = sizeof(sin6);
sin6.sin6_family = AF_INET6;
sin6.sin6_addr = ip6->ip6_src;
im = NULL;
switch (ip6_mrouter_ver) {
case MRT6_INIT:
im = mtod(mm, struct mrt6msg *);
im->im6_msgtype = MRT6MSG_NOCACHE;
im->im6_mbz = 0;
break;
default:
free(rte, M_MRTABLE, 0);
m_freem(mb0);
free(rt, M_MRTABLE, 0);
splx(s);
return EINVAL;
}
#ifdef MRT6DEBUG
if (mrt6debug & DEBUG_FORWARD)
log(LOG_DEBUG,
"getting the iif info in the kernel\n");
#endif
for (mifp = mif6table, mifi = 0;
mifi < nummifs && mifp->m6_ifp != ifp;
mifp++, mifi++)
;
switch (ip6_mrouter_ver) {
case MRT6_INIT:
im->im6_mif = mifi;
break;
}
if (socket6_send(ip6_mrouter, mm, &sin6) < 0) {
log(LOG_WARNING, "ip6_mforward: ip6_mrouter "
"socket queue full\n");
mrt6stat.mrt6s_upq_sockfull++;
free(rte, M_MRTABLE, 0);
m_freem(mb0);
free(rt, M_MRTABLE, 0);
splx(s);
return ENOBUFS;
}
mrt6stat.mrt6s_upcalls++;
/* insert new entry at head of hash chain */
bzero(rt, sizeof(*rt));
rt->mf6c_origin.sin6_family = AF_INET6;
rt->mf6c_origin.sin6_len = sizeof(struct sockaddr_in6);
rt->mf6c_origin.sin6_addr = ip6->ip6_src;
rt->mf6c_mcastgrp.sin6_family = AF_INET6;
rt->mf6c_mcastgrp.sin6_len = sizeof(struct sockaddr_in6);
rt->mf6c_mcastgrp.sin6_addr = ip6->ip6_dst;
rt->mf6c_expire = UPCALL_EXPIRE;
n6expire[hash]++;
rt->mf6c_parent = MF6C_INCOMPLETE_PARENT;
/* link into table */
rt->mf6c_next = mf6ctable[hash];
mf6ctable[hash] = rt;
/* Add this entry to the end of the queue */
rt->mf6c_stall = rte;
} else {
/* determine if q has overflowed */
struct rtdetq **p;
int npkts = 0;
for (p = &rt->mf6c_stall; *p != NULL; p = &(*p)->next)
if (++npkts > MAX_UPQ6) {
mrt6stat.mrt6s_upq_ovflw++;
free(rte, M_MRTABLE, 0);
m_freem(mb0);
splx(s);
return 0;
}
/* Add this entry to the end of the queue */
*p = rte;
}
rte->next = NULL;
rte->m = mb0;
rte->ifp = ifp;
splx(s);
return 0;
}
/*
* Modify the packet so that the payload is compressed.
* The mbuf (m) must start with IPv4 or IPv6 header.
* On failure, free the given mbuf and return non-zero.
*
* on invocation:
* m nexthdrp md
* v v v
* IP ......... payload
* during the encryption:
* m nexthdrp mprev md
* v v v v
* IP ............... ipcomp payload
* <-----><----->
* complen plen
* <-> hlen
* <-----------------> compoff
*/
static int
ipcomp_output(struct mbuf *m, u_char *nexthdrp, struct mbuf *md,
struct ipsecrequest *isr, int af)
{
struct mbuf *n;
struct mbuf *md0;
struct mbuf *mcopy;
struct mbuf *mprev;
struct ipcomp *ipcomp;
struct secasvar *sav = isr->sav;
const struct ipcomp_algorithm *algo;
u_int16_t cpi; /* host order */
size_t plen0, plen; /* payload length to be compressed */
size_t compoff;
int afnumber;
int error = 0;
struct ipsecstat *stat;
switch (af) {
#ifdef INET
case AF_INET:
afnumber = 4;
stat = &ipsecstat;
break;
#endif
#ifdef INET6
case AF_INET6:
afnumber = 6;
stat = &ipsec6stat;
break;
#endif
default:
ipseclog((LOG_ERR, "ipcomp_output: unsupported af %d\n", af));
return 0; /* no change at all */
}
/* grab parameters */
algo = ipcomp_algorithm_lookup(sav->alg_enc);
if ((ntohl(sav->spi) & ~0xffff) != 0 || !algo) {
stat->out_inval++;
m_freem(m);
return EINVAL;
}
if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
cpi = sav->alg_enc;
else
cpi = ntohl(sav->spi) & 0xffff;
/* compute original payload length */
plen = 0;
for (n = md; n; n = n->m_next)
plen += n->m_len;
/* if the payload is short enough, we don't need to compress */
if (plen < algo->minplen)
return 0;
/*
* retain the original packet for two purposes:
* (1) we need to backout our changes when compression is not necessary.
* (2) byte lifetime computation should use the original packet.
* see RFC2401 page 23.
* compromise two m_copym(). we will be going through every byte of
* the payload during compression process anyways.
*/
mcopy = m_copym(m, 0, M_COPYALL, MB_DONTWAIT);
if (mcopy == NULL) {
error = ENOBUFS;
return 0;
}
md0 = m_copym(md, 0, M_COPYALL, MB_DONTWAIT);
if (md0 == NULL) {
m_freem(mcopy);
error = ENOBUFS;
return 0;
}
plen0 = plen;
/* make the packet over-writable */
for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
;
if (mprev == NULL || mprev->m_next != md) {
ipseclog((LOG_DEBUG, "ipcomp%d_output: md is not in chain\n",
afnumber));
stat->out_inval++;
m_freem(m);
m_freem(md0);
m_freem(mcopy);
return EINVAL;
}
mprev->m_next = NULL;
if ((md = ipsec_copypkt(md)) == NULL) {
m_freem(m);
m_freem(md0);
m_freem(mcopy);
error = ENOBUFS;
goto fail;
}
mprev->m_next = md;
/* compress data part */
if ((*algo->compress)(m, md, &plen) || mprev->m_next == NULL) {
ipseclog((LOG_ERR, "packet compression failure\n"));
m = NULL;
m_freem(md0);
m_freem(mcopy);
stat->out_inval++;
error = EINVAL;
goto fail;
}
stat->out_comphist[sav->alg_enc]++;
md = mprev->m_next;
/*
* if the packet became bigger, meaningless to use IPComp.
* we've only wasted our cpu time.
*/
if (plen0 < plen) {
m_freem(md);
m_freem(mcopy);
mprev->m_next = md0;
return 0;
}
/*
* no need to backout change beyond here.
*/
m_freem(md0);
md0 = NULL;
m->m_pkthdr.len -= plen0;
m->m_pkthdr.len += plen;
{
/*
* insert IPComp header.
*/
#ifdef INET
struct ip *ip = NULL;
#endif
size_t complen = sizeof(struct ipcomp);
switch (af) {
#ifdef INET
case AF_INET:
ip = mtod(m, struct ip *);
break;
#endif
#ifdef INET6
case AF_INET6:
break;
#endif
}
compoff = m->m_pkthdr.len - plen;
/*
* grow the mbuf to accomodate ipcomp header.
* before: IP ... payload
* after: IP ... ipcomp payload
*/
if (M_LEADINGSPACE(md) < complen) {
MGET(n, MB_DONTWAIT, MT_DATA);
if (!n) {
m_freem(m);
error = ENOBUFS;
goto fail;
}
n->m_len = complen;
mprev->m_next = n;
n->m_next = md;
m->m_pkthdr.len += complen;
ipcomp = mtod(n, struct ipcomp *);
} else {
/*
* Update a request cache entry after the rpc has been done
*/
void
nfsrv_updatecache(struct nfsrv_descript *nd, int repvalid, struct mbuf *repmbuf)
{
struct nfsrvcache *rp;
if (!nd->nd_nam2)
return;
lwkt_gettoken(&srvcache_token);
loop:
for (rp = NFSRCHASH(nd->nd_retxid)->lh_first; rp != NULL;
rp = rp->rc_hash.le_next) {
if (nd->nd_retxid == rp->rc_xid && nd->nd_procnum == rp->rc_proc &&
netaddr_match(NETFAMILY(rp), &rp->rc_haddr, nd->nd_nam)) {
NFS_DPF(RC, ("U%03x", rp->rc_xid & 0xfff));
if ((rp->rc_flag & RC_LOCKED) != 0) {
rp->rc_flag |= RC_WANTED;
tsleep((caddr_t)rp, 0, "nfsrc", 0);
goto loop;
}
rp->rc_flag |= RC_LOCKED;
if (rp->rc_state == RC_DONE) {
/*
* This can occur if the cache is too small.
* Retransmits of the same request aren't
* dropped so we may see the operation
* complete more then once.
*/
if (rp->rc_flag & RC_REPMBUF) {
m_freem(rp->rc_reply);
rp->rc_reply = NULL;
rp->rc_flag &= ~RC_REPMBUF;
}
}
rp->rc_state = RC_DONE;
/*
* If we have a valid reply update status and save
* the reply for non-idempotent rpc's.
*/
if (repvalid && nonidempotent[nd->nd_procnum]) {
if ((nd->nd_flag & ND_NFSV3) == 0 &&
nfsv2_repstat[nfsv2_procid[nd->nd_procnum]]) {
rp->rc_status = nd->nd_repstat;
rp->rc_flag |= RC_REPSTATUS;
} else {
if (rp->rc_flag & RC_REPMBUF) {
m_freem(rp->rc_reply);
rp->rc_reply = NULL;
rp->rc_flag &= ~RC_REPMBUF;
}
rp->rc_reply = m_copym(repmbuf, 0,
M_COPYALL, MB_WAIT);
rp->rc_flag |= RC_REPMBUF;
}
}
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup((caddr_t)rp);
}
break;
}
}
lwkt_reltoken(&srvcache_token);
NFS_DPF(RC, ("L%03x", nd->nd_retxid & 0xfff));
}
/*
* Look for the request in the cache
* If found then
* return action and optionally reply
* else
* insert it in the cache
*
* The rules are as follows:
* - if in progress, return DROP request
* - if completed within DELAY of the current time, return DROP it
* - if completed a longer time ago return REPLY if the reply was cached or
* return DOIT
* Update/add new request at end of lru list
*/
int
nfsrv_getcache(struct nfsrv_descript *nd, struct nfssvc_sock *slp,
struct mbuf **repp)
{
struct nfsrvcache *rp;
struct mbuf *mb;
struct sockaddr_in *saddr;
caddr_t bpos;
int ret;
/*
* Don't cache recent requests for reliable transport protocols.
* (Maybe we should for the case of a reconnect, but..)
*/
if (!nd->nd_nam2)
return (RC_DOIT);
lwkt_gettoken(&srvcache_token);
loop:
for (rp = NFSRCHASH(nd->nd_retxid)->lh_first; rp != NULL;
rp = rp->rc_hash.le_next) {
if (nd->nd_retxid == rp->rc_xid && nd->nd_procnum == rp->rc_proc &&
netaddr_match(NETFAMILY(rp), &rp->rc_haddr, nd->nd_nam)) {
NFS_DPF(RC, ("H%03x", rp->rc_xid & 0xfff));
if ((rp->rc_flag & RC_LOCKED) != 0) {
rp->rc_flag |= RC_WANTED;
tsleep((caddr_t)rp, 0, "nfsrc", 0);
goto loop;
}
rp->rc_flag |= RC_LOCKED;
/* If not at end of LRU chain, move it there */
if (TAILQ_NEXT(rp, rc_lru) != NULL) {
TAILQ_REMOVE(&nfsrvlruhead, rp, rc_lru);
TAILQ_INSERT_TAIL(&nfsrvlruhead, rp, rc_lru);
}
if (rp->rc_state == RC_UNUSED)
panic("nfsrv cache");
if (rp->rc_state == RC_INPROG) {
nfsstats.srvcache_inproghits++;
ret = RC_DROPIT;
} else if (rp->rc_flag & RC_REPSTATUS) {
nfsstats.srvcache_nonidemdonehits++;
nfs_rephead(0, nd, slp, rp->rc_status,
repp, &mb, &bpos);
ret = RC_REPLY;
} else if (rp->rc_flag & RC_REPMBUF) {
nfsstats.srvcache_nonidemdonehits++;
*repp = m_copym(rp->rc_reply, 0, M_COPYALL,
MB_WAIT);
ret = RC_REPLY;
} else {
nfsstats.srvcache_idemdonehits++;
rp->rc_state = RC_INPROG;
ret = RC_DOIT;
}
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup((caddr_t)rp);
}
lwkt_reltoken(&srvcache_token);
return (ret);
}
}
nfsstats.srvcache_misses++;
NFS_DPF(RC, ("M%03x", nd->nd_retxid & 0xfff));
if (numnfsrvcache < desirednfsrvcache) {
rp = kmalloc((u_long)sizeof *rp, M_NFSD, M_WAITOK | M_ZERO);
numnfsrvcache++;
rp->rc_flag = RC_LOCKED;
} else {
rp = TAILQ_FIRST(&nfsrvlruhead);
while ((rp->rc_flag & RC_LOCKED) != 0) {
rp->rc_flag |= RC_WANTED;
tsleep((caddr_t)rp, 0, "nfsrc", 0);
rp = TAILQ_FIRST(&nfsrvlruhead);
}
rp->rc_flag |= RC_LOCKED;
LIST_REMOVE(rp, rc_hash);
TAILQ_REMOVE(&nfsrvlruhead, rp, rc_lru);
if (rp->rc_flag & RC_REPMBUF) {
m_freem(rp->rc_reply);
rp->rc_reply = NULL;
rp->rc_flag &= ~RC_REPMBUF;
}
if (rp->rc_flag & RC_NAM) {
kfree(rp->rc_nam, M_SONAME);
rp->rc_nam = NULL;
rp->rc_flag &= ~RC_NAM;
}
}
TAILQ_INSERT_TAIL(&nfsrvlruhead, rp, rc_lru);
rp->rc_state = RC_INPROG;
rp->rc_xid = nd->nd_retxid;
saddr = (struct sockaddr_in *)nd->nd_nam;
switch (saddr->sin_family) {
case AF_INET:
rp->rc_flag |= RC_INETADDR;
rp->rc_inetaddr = saddr->sin_addr.s_addr;
break;
case AF_ISO:
default:
rp->rc_flag |= RC_NAM;
rp->rc_nam = dup_sockaddr(nd->nd_nam);
break;
};
rp->rc_proc = nd->nd_procnum;
LIST_INSERT_HEAD(NFSRCHASH(nd->nd_retxid), rp, rc_hash);
rp->rc_flag &= ~RC_LOCKED;
if (rp->rc_flag & RC_WANTED) {
rp->rc_flag &= ~RC_WANTED;
wakeup((caddr_t)rp);
}
lwkt_reltoken(&srvcache_token);
return (RC_DOIT);
}
void
tcp_pcap_add(struct tcphdr *th, struct mbuf *m, struct mbufq *queue)
{
struct mbuf *n = NULL, *mhead;
KASSERT(th, ("%s: called with th == NULL", __func__));
KASSERT(m, ("%s: called with m == NULL", __func__));
KASSERT(queue, ("%s: called with queue == NULL", __func__));
/* We only care about data packets. */
while (m && m->m_type != MT_DATA)
m = m->m_next;
/* We only need to do something if we still have an mbuf. */
if (!m)
return;
/* If we are not saving mbufs, return now. */
if (queue->mq_maxlen == 0)
return;
/*
* Check to see if we will need to recycle mbufs.
*
* If we need to get rid of mbufs to stay below
* our packet count, try to reuse the mbuf. Once
* we already have a new mbuf (n), then we can
* simply free subsequent mbufs.
*
* Note that most of the logic in here is to deal
* with the reuse. If we are fine with constant
* mbuf allocs/deallocs, we could ditch this logic.
* But, it only seems to make sense to reuse
* mbufs we already have.
*/
while (mbufq_full(queue)) {
mhead = mbufq_dequeue(queue);
if (n) {
tcp_pcap_m_freem(mhead);
}
else {
/*
* If this held an external cluster, try to
* detach the cluster. But, if we held the
* last reference, go through the normal
* free-ing process.
*/
if (mhead->m_flags & M_EXT) {
switch (mhead->m_ext.ext_type) {
case EXT_SFBUF:
/* Don't mess around with these. */
tcp_pcap_m_freem(mhead);
continue;
default:
if (atomic_fetchadd_int(
mhead->m_ext.ext_cnt, -1) == 1)
{
/*
* We held the last reference
* on this cluster. Restore
* the reference count and put
* it back in the pool.
*/
*(mhead->m_ext.ext_cnt) = 1;
tcp_pcap_m_freem(mhead);
continue;
}
/*
* We were able to cleanly free the
* reference.
*/
atomic_subtract_int(
&tcp_pcap_clusters_referenced_cur,
1);
tcp_pcap_alloc_reuse_ext++;
break;
}
}
else {
tcp_pcap_alloc_reuse_mbuf++;
}
n = mhead;
tcp_pcap_m_freem(n->m_next);
m_init(n, NULL, 0, M_NOWAIT, MT_DATA, 0);
}
}
/* Check to see if we need to get a new mbuf. */
if (!n) {
if (!(n = m_get(M_NOWAIT, MT_DATA)))
return;
tcp_pcap_alloc_new_mbuf++;
}
/*
* What are we dealing with? If a cluster, attach it. Otherwise,
* try to copy the data from the beginning of the mbuf to the
* end of data. (There may be data between the start of the data
* area and the current data pointer. We want to get this, because
* it may contain header information that is useful.)
* In cases where that isn't possible, settle for what we can
* get.
*/
if ((m->m_flags & M_EXT) && tcp_pcap_take_cluster_reference()) {
n->m_data = m->m_data;
n->m_len = m->m_len;
mb_dupcl(n, m);
}
else if (((m->m_data + m->m_len) - M_START(m)) <= M_SIZE(n)) {
/*
* At this point, n is guaranteed to be a normal mbuf
* with no cluster and no packet header. Because the
* logic in this code block requires this, the assert
* is here to catch any instances where someone
* changes the logic to invalidate that assumption.
*/
KASSERT((n->m_flags & (M_EXT | M_PKTHDR)) == 0,
("%s: Unexpected flags (%#x) for mbuf",
__func__, n->m_flags));
n->m_data = n->m_dat + M_LEADINGSPACE_NOWRITE(m);
n->m_len = m->m_len;
bcopy(M_START(m), n->m_dat,
m->m_len + M_LEADINGSPACE_NOWRITE(m));
}
else {
/*
* This is the case where we need to "settle for what
* we can get". The most probable way to this code
* path is that we've already taken references to the
* maximum number of mbuf clusters we can, and the data
* is too long to fit in an mbuf's internal storage.
* Try for a "best fit".
*/
tcp_pcap_copy_bestfit(th, m, n);
/* Don't try to get additional data. */
goto add_to_queue;
}
if (m->m_next) {
n->m_next = m_copym(m->m_next, 0, M_COPYALL, M_NOWAIT);
tcp_pcap_adj_cluster_reference(n->m_next, 1);
}
add_to_queue:
/* Add the new mbuf to the list. */
if (mbufq_enqueue(queue, n)) {
/* This shouldn't happen. If INVARIANTS is defined, panic. */
KASSERT(0, ("%s: mbufq was unexpectedly full!", __func__));
tcp_pcap_m_freem(n);
}
}
/*
* Check the cache and, optionally, do the RPC.
* Return the appropriate cache response.
*/
static int
nfs_proc(struct nfsrv_descript *nd, u_int32_t xid, SVCXPRT *xprt,
struct nfsrvcache **rpp)
{
struct thread *td = curthread;
int cacherep = RC_DOIT, isdgram, taglen = -1;
struct mbuf *m;
u_char tag[NFSV4_SMALLSTR + 1], *tagstr = NULL;
u_int32_t minorvers = 0;
uint32_t ack;
*rpp = NULL;
if (nd->nd_nam2 == NULL) {
nd->nd_flag |= ND_STREAMSOCK;
isdgram = 0;
} else {
isdgram = 1;
}
/*
* Two cases:
* 1 - For NFSv2 over UDP, if we are near our malloc/mget
* limit, just drop the request. There is no
* NFSERR_RESOURCE or NFSERR_DELAY for NFSv2 and the
* client will timeout/retry over UDP in a little while.
* 2 - nd_repstat == 0 && nd_mreq == NULL, which
* means a normal nfs rpc, so check the cache
*/
if ((nd->nd_flag & ND_NFSV2) && nd->nd_nam2 != NULL &&
nfsrv_mallocmget_limit()) {
cacherep = RC_DROPIT;
} else {
/*
* For NFSv3, play it safe and assume that the client is
* doing retries on the same TCP connection.
*/
if ((nd->nd_flag & (ND_NFSV4 | ND_STREAMSOCK)) ==
ND_STREAMSOCK)
nd->nd_flag |= ND_SAMETCPCONN;
nd->nd_retxid = xid;
nd->nd_tcpconntime = NFSD_MONOSEC;
nd->nd_sockref = xprt->xp_sockref;
if ((nd->nd_flag & ND_NFSV4) != 0)
nfsd_getminorvers(nd, tag, &tagstr, &taglen,
&minorvers);
if ((nd->nd_flag & ND_NFSV41) != 0)
/* NFSv4.1 caches replies in the session slots. */
cacherep = RC_DOIT;
else {
cacherep = nfsrvd_getcache(nd);
ack = 0;
SVC_ACK(xprt, &ack);
nfsrc_trimcache(xprt->xp_sockref, ack, 0);
}
}
/*
* Handle the request. There are three cases.
* RC_DOIT - do the RPC
* RC_REPLY - return the reply already created
* RC_DROPIT - just throw the request away
*/
if (cacherep == RC_DOIT) {
if ((nd->nd_flag & ND_NFSV41) != 0)
nd->nd_xprt = xprt;
nfsrvd_dorpc(nd, isdgram, tagstr, taglen, minorvers, td);
if ((nd->nd_flag & ND_NFSV41) != 0) {
if (nd->nd_repstat != NFSERR_REPLYFROMCACHE &&
(nd->nd_flag & ND_SAVEREPLY) != 0) {
/* Cache a copy of the reply. */
m = m_copym(nd->nd_mreq, 0, M_COPYALL,
M_WAITOK);
} else
m = NULL;
if ((nd->nd_flag & ND_HASSEQUENCE) != 0)
nfsrv_cache_session(nd->nd_sessionid,
nd->nd_slotid, nd->nd_repstat, &m);
if (nd->nd_repstat == NFSERR_REPLYFROMCACHE)
nd->nd_repstat = 0;
cacherep = RC_REPLY;
} else {
if (nd->nd_repstat == NFSERR_DONTREPLY)
cacherep = RC_DROPIT;
else
cacherep = RC_REPLY;
*rpp = nfsrvd_updatecache(nd);
}
}
if (tagstr != NULL && taglen > NFSV4_SMALLSTR)
free(tagstr, M_TEMP);
NFSEXITCODE2(0, nd);
return (cacherep);
}
/*
* User Request.
* up is socket
* m is either
* optional mbuf chain containing message
* ioctl command (PRU_CONTROL)
* nam is either
* optional mbuf chain containing an address
* ioctl data (PRU_CONTROL)
* optionally protocol number (PRU_ATTACH)
* message flags (PRU_RCVD)
* ctl is either
* optional mbuf chain containing socket options
* optional interface pointer (PRU_CONTROL, PRU_PURGEIF)
* l is pointer to process requesting action (if any)
*
* we are responsible for disposing of m and ctl if
* they are mbuf chains
*/
int
l2cap_usrreq(struct socket *up, int req, struct mbuf *m,
struct mbuf *nam, struct mbuf *ctl, struct proc *p)
{
struct l2cap_channel *pcb = up->so_pcb;
struct sockaddr_bt *sa;
struct mbuf *m0;
int err = 0;
#ifdef notyet /* XXX */
DPRINTFN(2, "%s\n", prurequests[req]);
#endif
switch (req) {
case PRU_CONTROL:
return EPASSTHROUGH;
#ifdef notyet /* XXX */
case PRU_PURGEIF:
return EOPNOTSUPP;
#endif
case PRU_ATTACH:
/* XXX solock() and bt_lock fiddling in NetBSD */
if (pcb != NULL)
return EINVAL;
/*
* For L2CAP socket PCB we just use an l2cap_channel structure
* since we have nothing to add..
*/
err = soreserve(up, l2cap_sendspace, l2cap_recvspace);
if (err)
return err;
return l2cap_attach((struct l2cap_channel **)&up->so_pcb,
&l2cap_proto, up);
}
if (pcb == NULL) {
err = EINVAL;
goto release;
}
switch(req) {
case PRU_DISCONNECT:
soisdisconnecting(up);
return l2cap_disconnect(pcb, up->so_linger);
case PRU_ABORT:
l2cap_disconnect(pcb, 0);
soisdisconnected(up);
/* fall through to */
case PRU_DETACH:
return l2cap_detach((struct l2cap_channel **)&up->so_pcb);
case PRU_BIND:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
if (sa->bt_len != sizeof(struct sockaddr_bt))
return EINVAL;
if (sa->bt_family != AF_BLUETOOTH)
return EAFNOSUPPORT;
return l2cap_bind(pcb, sa);
case PRU_CONNECT:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
if (sa->bt_len != sizeof(struct sockaddr_bt))
return EINVAL;
if (sa->bt_family != AF_BLUETOOTH)
return EAFNOSUPPORT;
soisconnecting(up);
return l2cap_connect(pcb, sa);
case PRU_PEERADDR:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
nam->m_len = sizeof(struct sockaddr_bt);
return l2cap_peeraddr(pcb, sa);
case PRU_SOCKADDR:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
nam->m_len = sizeof(struct sockaddr_bt);
return l2cap_sockaddr(pcb, sa);
case PRU_SHUTDOWN:
socantsendmore(up);
break;
case PRU_SEND:
KASSERT(m != NULL);
if (m->m_pkthdr.len == 0)
break;
if (m->m_pkthdr.len > pcb->lc_omtu) {
err = EMSGSIZE;
break;
}
m0 = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
if (m0 == NULL) {
err = ENOMEM;
break;
}
if (ctl) /* no use for that */
m_freem(ctl);
sbappendrecord(&up->so_snd, m);
return l2cap_send(pcb, m0);
case PRU_SENSE:
return 0; /* (no release) */
case PRU_RCVD:
case PRU_RCVOOB:
return EOPNOTSUPP; /* (no release) */
case PRU_LISTEN:
return l2cap_listen(pcb);
case PRU_ACCEPT:
KASSERT(nam != NULL);
sa = mtod(nam, struct sockaddr_bt *);
nam->m_len = sizeof(struct sockaddr_bt);
return l2cap_peeraddr(pcb, sa);
case PRU_CONNECT2:
case PRU_SENDOOB:
case PRU_FASTTIMO:
case PRU_SLOWTIMO:
case PRU_PROTORCV:
case PRU_PROTOSEND:
err = EOPNOTSUPP;
break;
default:
UNKNOWN(req);
err = EOPNOTSUPP;
break;
}
release:
if (m) m_freem(m);
if (ctl) m_freem(ctl);
return err;
}
/*
* Forward a packet. If some error occurs return the sender
* an icmp packet. Note we can't always generate a meaningful
* icmp message because icmp doesn't have a large enough repertoire
* of codes and types.
*
* If not forwarding, just drop the packet. This could be confusing
* if ipforwarding was zero but some routing protocol was advancing
* us as a gateway to somewhere. However, we must let the routing
* protocol deal with that.
*
*/
void
ip6_forward(struct mbuf *m, int srcrt)
{
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_in6 *dst = NULL;
struct rtentry *rt = NULL;
struct route_in6 rin6;
int error, type = 0, code = 0;
struct mbuf *mcopy = NULL;
struct ifnet *origifp; /* maybe unnecessary */
u_int32_t inzone, outzone;
struct in6_addr src_in6, dst_in6, odst;
struct m_tag *fwd_tag;
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
/*
* Do not forward packets to multicast destination (should be handled
* by ip6_mforward().
* Do not forward packets with unspecified source. It was discussed
* in July 2000, on the ipngwg mailing list.
*/
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
IP6STAT_INC(ip6s_cantforward);
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
V_ip6_log_time = time_uptime;
log(LOG_DEBUG,
"cannot forward "
"from %s to %s nxt %d received on %s\n",
ip6_sprintf(ip6bufs, &ip6->ip6_src),
ip6_sprintf(ip6bufd, &ip6->ip6_dst),
ip6->ip6_nxt,
if_name(m->m_pkthdr.rcvif));
}
m_freem(m);
return;
}
if (
#ifdef IPSTEALTH
V_ip6stealth == 0 &&
#endif
ip6->ip6_hlim <= IPV6_HLIMDEC) {
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
icmp6_error(m, ICMP6_TIME_EXCEEDED,
ICMP6_TIME_EXCEED_TRANSIT, 0);
return;
}
/*
* Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
* size of IPv6 + ICMPv6 headers) bytes of the packet in case
* we need to generate an ICMP6 message to the src.
* Thanks to M_EXT, in most cases copy will not occur.
*
* It is important to save it before IPsec processing as IPsec
* processing may modify the mbuf.
*/
mcopy = m_copym(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN),
M_NOWAIT);
#ifdef IPSTEALTH
if (V_ip6stealth == 0)
#endif
ip6->ip6_hlim -= IPV6_HLIMDEC;
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
if (IPSEC_ENABLED(ipv6)) {
if ((error = IPSEC_FORWARD(ipv6, m)) != 0) {
/* mbuf consumed by IPsec */
m_freem(mcopy);
if (error != EINPROGRESS)
IP6STAT_INC(ip6s_cantforward);
return;
}
/* No IPsec processing required */
}
#endif
again:
bzero(&rin6, sizeof(struct route_in6));
dst = (struct sockaddr_in6 *)&rin6.ro_dst;
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
again2:
rin6.ro_rt = in6_rtalloc1((struct sockaddr *)dst, 0, 0, M_GETFIB(m));
rt = rin6.ro_rt;
if (rin6.ro_rt != NULL)
RT_UNLOCK(rin6.ro_rt);
else {
IP6STAT_INC(ip6s_noroute);
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
goto bad;
}
/*
* Source scope check: if a packet can't be delivered to its
* destination for the reason that the destination is beyond the scope
* of the source address, discard the packet and return an icmp6
* destination unreachable error with Code 2 (beyond scope of source
* address). We use a local copy of ip6_src, since in6_setscope()
* will possibly modify its first argument.
* [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
*/
src_in6 = ip6->ip6_src;
if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) {
/* XXX: this should not happen */
IP6STAT_INC(ip6s_cantforward);
IP6STAT_INC(ip6s_badscope);
goto bad;
}
if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) {
IP6STAT_INC(ip6s_cantforward);
IP6STAT_INC(ip6s_badscope);
goto bad;
}
if (inzone != outzone) {
IP6STAT_INC(ip6s_cantforward);
IP6STAT_INC(ip6s_badscope);
in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
V_ip6_log_time = time_uptime;
log(LOG_DEBUG,
"cannot forward "
"src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
ip6_sprintf(ip6bufs, &ip6->ip6_src),
ip6_sprintf(ip6bufd, &ip6->ip6_dst),
ip6->ip6_nxt,
if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp));
}
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
goto bad;
}
/*
* Destination scope check: if a packet is going to break the scope
* zone of packet's destination address, discard it. This case should
* usually be prevented by appropriately-configured routing table, but
* we need an explicit check because we may mistakenly forward the
* packet to a different zone by (e.g.) a default route.
*/
dst_in6 = ip6->ip6_dst;
if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 ||
in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 ||
inzone != outzone) {
IP6STAT_INC(ip6s_cantforward);
IP6STAT_INC(ip6s_badscope);
goto bad;
}
if (rt->rt_flags & RTF_GATEWAY)
dst = (struct sockaddr_in6 *)rt->rt_gateway;
/*
* If we are to forward the packet using the same interface
* as one we got the packet from, perhaps we should send a redirect
* to sender to shortcut a hop.
* Only send redirect if source is sending directly to us,
* and if packet was not source routed (or has any options).
* Also, don't send redirect if forwarding using a route
* modified by a redirect.
*/
if (V_ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) {
/*
* If the incoming interface is equal to the outgoing
* one, and the link attached to the interface is
* point-to-point, then it will be highly probable
* that a routing loop occurs. Thus, we immediately
* drop the packet and send an ICMPv6 error message.
*
* type/code is based on suggestion by Rich Draves.
* not sure if it is the best pick.
*/
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_ADDR, 0);
goto bad;
}
type = ND_REDIRECT;
}
/*
* Fake scoped addresses. Note that even link-local source or
* destinaion can appear, if the originating node just sends the
* packet to us (without address resolution for the destination).
* Since both icmp6_error and icmp6_redirect_output fill the embedded
* link identifiers, we can do this stuff after making a copy for
* returning an error.
*/
if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
/*
* See corresponding comments in ip6_output.
* XXX: but is it possible that ip6_forward() sends a packet
* to a loopback interface? I don't think so, and thus
* I bark here. ([email protected])
* XXX: it is common to route invalid packets to loopback.
* also, the codepath will be visited on use of ::1 in
* rthdr. (itojun)
*/
#if 1
if (0)
#else
if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
#endif
{
printf("ip6_forward: outgoing interface is loopback. "
"src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
ip6_sprintf(ip6bufs, &ip6->ip6_src),
ip6_sprintf(ip6bufd, &ip6->ip6_dst),
ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
if_name(rt->rt_ifp));
}
/* we can just use rcvif in forwarding. */
origifp = m->m_pkthdr.rcvif;
}
else
origifp = rt->rt_ifp;
/*
* clear embedded scope identifiers if necessary.
* in6_clearscope will touch the addresses only when necessary.
*/
in6_clearscope(&ip6->ip6_src);
in6_clearscope(&ip6->ip6_dst);
/* Jump over all PFIL processing if hooks are not active. */
if (!PFIL_HOOKED(&V_inet6_pfil_hook))
goto pass;
odst = ip6->ip6_dst;
/* Run through list of hooks for output packets. */
error = pfil_run_hooks(&V_inet6_pfil_hook, &m, rt->rt_ifp, PFIL_OUT, NULL);
if (error != 0 || m == NULL)
goto freecopy; /* consumed by filter */
ip6 = mtod(m, struct ip6_hdr *);
/* See if destination IP address was changed by packet filter. */
if (!IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst)) {
m->m_flags |= M_SKIP_FIREWALL;
/* If destination is now ourself drop to ip6_input(). */
if (in6_localip(&ip6->ip6_dst))
m->m_flags |= M_FASTFWD_OURS;
else {
RTFREE(rt);
goto again; /* Redo the routing table lookup. */
}
}
/* See if local, if yes, send it to netisr. */
if (m->m_flags & M_FASTFWD_OURS) {
if (m->m_pkthdr.rcvif == NULL)
m->m_pkthdr.rcvif = V_loif;
if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
m->m_pkthdr.csum_flags |=
CSUM_DATA_VALID_IPV6 | CSUM_PSEUDO_HDR;
m->m_pkthdr.csum_data = 0xffff;
}
#ifdef SCTP
if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6)
m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
#endif
error = netisr_queue(NETISR_IPV6, m);
goto out;
}
/* Or forward to some other address? */
if ((m->m_flags & M_IP6_NEXTHOP) &&
(fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
dst = (struct sockaddr_in6 *)&rin6.ro_dst;
bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in6));
m->m_flags |= M_SKIP_FIREWALL;
m->m_flags &= ~M_IP6_NEXTHOP;
m_tag_delete(m, fwd_tag);
RTFREE(rt);
goto again2;
}
pass:
/* See if the size was changed by the packet filter. */
if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) {
in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
if (mcopy)
icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0,
IN6_LINKMTU(rt->rt_ifp));
goto bad;
}
error = nd6_output_ifp(rt->rt_ifp, origifp, m, dst, NULL);
if (error) {
in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
IP6STAT_INC(ip6s_cantforward);
} else {
IP6STAT_INC(ip6s_forward);
in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward);
if (type)
IP6STAT_INC(ip6s_redirectsent);
else {
if (mcopy)
goto freecopy;
}
}
if (mcopy == NULL)
goto out;
switch (error) {
case 0:
if (type == ND_REDIRECT) {
icmp6_redirect_output(mcopy, rt);
goto out;
}
goto freecopy;
case EMSGSIZE:
/* xxx MTU is constant in PPP? */
goto freecopy;
case ENOBUFS:
/* Tell source to slow down like source quench in IP? */
goto freecopy;
case ENETUNREACH: /* shouldn't happen, checked above */
case EHOSTUNREACH:
case ENETDOWN:
case EHOSTDOWN:
default:
type = ICMP6_DST_UNREACH;
code = ICMP6_DST_UNREACH_ADDR;
break;
}
icmp6_error(mcopy, type, code, 0);
goto out;
freecopy:
m_freem(mcopy);
goto out;
bad:
m_freem(m);
out:
if (rt != NULL)
RTFREE(rt);
}
void
ip6_forward(struct mbuf *m, int srcrt)
{
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_in6 *dst;
struct rtentry *rt;
int error = 0, type = 0, code = 0;
struct mbuf *mcopy = NULL;
#ifdef IPSEC
u_int8_t sproto = 0;
struct m_tag *mtag;
union sockaddr_union sdst;
struct tdb_ident *tdbi;
u_int32_t sspi;
struct tdb *tdb;
#if NPF > 0
struct ifnet *encif;
#endif
#endif /* IPSEC */
u_int rtableid = 0;
char src6[INET6_ADDRSTRLEN], dst6[INET6_ADDRSTRLEN];
/*
* Do not forward packets to multicast destination (should be handled
* by ip6_mforward().
* Do not forward packets with unspecified source. It was discussed
* in July 2000, on ipngwg mailing list.
*/
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
if (ip6_log_time + ip6_log_interval < time_second) {
ip6_log_time = time_second;
inet_ntop(AF_INET6, &ip6->ip6_src, src6, sizeof(src6));
inet_ntop(AF_INET6, &ip6->ip6_dst, dst6, sizeof(dst6));
log(LOG_DEBUG,
"cannot forward "
"from %s to %s nxt %d received on inteface %u\n",
src6, dst6,
ip6->ip6_nxt,
m->m_pkthdr.ph_ifidx);
}
m_freem(m);
return;
}
if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
icmp6_error(m, ICMP6_TIME_EXCEEDED,
ICMP6_TIME_EXCEED_TRANSIT, 0);
return;
}
ip6->ip6_hlim -= IPV6_HLIMDEC;
/*
* Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
* size of IPv6 + ICMPv6 headers) bytes of the packet in case
* we need to generate an ICMP6 message to the src.
* Thanks to M_EXT, in most cases copy will not occur.
*
* It is important to save it before IPsec processing as IPsec
* processing may modify the mbuf.
*/
mcopy = m_copym(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN),
M_NOWAIT);
#if NPF > 0
reroute:
#endif
#ifdef IPSEC
if (!ipsec_in_use)
goto done_spd;
/*
* Check if there was an outgoing SA bound to the flow
* from a transport protocol.
*/
/* Do we have any pending SAs to apply ? */
tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr),
&error, IPSP_DIRECTION_OUT, NULL, NULL, 0);
if (tdb == NULL) {
if (error == 0) {
/*
* No IPsec processing required, we'll just send the
* packet out.
*/
sproto = 0;
/* Fall through to routing/multicast handling */
} else {
/*
* -EINVAL is used to indicate that the packet should
* be silently dropped, typically because we've asked
* key management for an SA.
*/
if (error == -EINVAL) /* Should silently drop packet */
error = 0;
m_freem(m);
goto freecopy;
}
} else {
/* Loop detection */
for (mtag = m_tag_first(m); mtag != NULL;
mtag = m_tag_next(m, mtag)) {
if (mtag->m_tag_id != PACKET_TAG_IPSEC_OUT_DONE)
continue;
tdbi = (struct tdb_ident *)(mtag + 1);
if (tdbi->spi == tdb->tdb_spi &&
tdbi->proto == tdb->tdb_sproto &&
tdbi->rdomain == tdb->tdb_rdomain &&
!bcmp(&tdbi->dst, &tdb->tdb_dst,
sizeof(union sockaddr_union))) {
sproto = 0; /* mark as no-IPsec-needed */
goto done_spd;
}
}
/* We need to do IPsec */
bcopy(&tdb->tdb_dst, &sdst, sizeof(sdst));
sspi = tdb->tdb_spi;
sproto = tdb->tdb_sproto;
}
/* Fall through to the routing/multicast handling code */
done_spd:
#endif /* IPSEC */
#if NPF > 0
rtableid = m->m_pkthdr.ph_rtableid;
#endif
dst = &ip6_forward_rt.ro_dst;
if (!srcrt) {
/*
* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst
*/
if (ip6_forward_rt.ro_rt == NULL ||
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0 ||
ip6_forward_rt.ro_tableid != rtableid) {
if (ip6_forward_rt.ro_rt) {
rtfree(ip6_forward_rt.ro_rt);
ip6_forward_rt.ro_rt = NULL;
}
/* this probably fails but give it a try again */
ip6_forward_rt.ro_tableid = rtableid;
ip6_forward_rt.ro_rt = rtalloc_mpath(
sin6tosa(&ip6_forward_rt.ro_dst),
&ip6->ip6_src.s6_addr32[0],
ip6_forward_rt.ro_tableid);
}
if (ip6_forward_rt.ro_rt == NULL) {
ip6stat.ip6s_noroute++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
}
} else if (ip6_forward_rt.ro_rt == NULL ||
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0 ||
!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr) ||
ip6_forward_rt.ro_tableid != rtableid) {
if (ip6_forward_rt.ro_rt) {
rtfree(ip6_forward_rt.ro_rt);
ip6_forward_rt.ro_rt = NULL;
}
bzero(dst, sizeof(*dst));
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
ip6_forward_rt.ro_tableid = rtableid;
ip6_forward_rt.ro_rt = rtalloc_mpath(
sin6tosa(&ip6_forward_rt.ro_dst),
&ip6->ip6_src.s6_addr32[0],
ip6_forward_rt.ro_tableid);
if (ip6_forward_rt.ro_rt == NULL) {
ip6stat.ip6s_noroute++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
}
}
rt = ip6_forward_rt.ro_rt;
/*
* Scope check: if a packet can't be delivered to its destination
* for the reason that the destination is beyond the scope of the
* source address, discard the packet and return an icmp6 destination
* unreachable error with Code 2 (beyond scope of source address).
* [draft-ietf-ipngwg-icmp-v3-00.txt, Section 3.1]
*/
if (in6_addr2scopeid(m->m_pkthdr.ph_ifidx, &ip6->ip6_src) !=
in6_addr2scopeid(rt->rt_ifp->if_index, &ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
if (ip6_log_time + ip6_log_interval < time_second) {
ip6_log_time = time_second;
inet_ntop(AF_INET6, &ip6->ip6_src, src6, sizeof(src6));
inet_ntop(AF_INET6, &ip6->ip6_dst, dst6, sizeof(dst6));
log(LOG_DEBUG,
"cannot forward "
"src %s, dst %s, nxt %d, rcvif %u, outif %u\n",
src6, dst6,
ip6->ip6_nxt,
m->m_pkthdr.ph_ifidx, rt->rt_ifp->if_index);
}
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
m_freem(m);
goto freert;
}
#ifdef IPSEC
/*
* Check if the packet needs encapsulation.
* ipsp_process_packet will never come back to here.
* XXX ipsp_process_packet() calls ip6_output(), and there'll be no
* PMTU notification. is it okay?
*/
if (sproto != 0) {
tdb = gettdb(rtable_l2(m->m_pkthdr.ph_rtableid),
sspi, &sdst, sproto);
if (tdb == NULL) {
error = EHOSTUNREACH;
m_freem(m);
goto senderr; /*XXX*/
}
#if NPF > 0
if ((encif = enc_getif(tdb->tdb_rdomain,
tdb->tdb_tap)) == NULL ||
pf_test(AF_INET6, PF_FWD, encif, &m) != PF_PASS) {
error = EHOSTUNREACH;
m_freem(m);
goto senderr;
}
if (m == NULL)
goto senderr;
ip6 = mtod(m, struct ip6_hdr *);
/*
* PF_TAG_REROUTE handling or not...
* Packet is entering IPsec so the routing is
* already overruled by the IPsec policy.
* Until now the change was not reconsidered.
* What's the behaviour?
*/
#endif
in6_proto_cksum_out(m, encif);
m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
/* Callee frees mbuf */
error = ipsp_process_packet(m, tdb, AF_INET6, 0);
m_freem(mcopy);
goto freert;
}
