1 /* $OpenBSD: udp_usrreq.c,v 1.329 2025/01/01 13:44:22 bluhm Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 #include <sys/domain.h> 79 80 #include <net/if.h> 81 #include <net/if_var.h> 82 #include <net/if_media.h> 83 #include <net/route.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #include <netinet6/in6_var.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/ip6protosw.h> 103 #endif /* INET6 */ 104 105 #include "pf.h" 106 #if NPF > 0 107 #include <net/pfvar.h> 108 #endif 109 110 #ifdef PIPEX 111 #include <netinet/if_ether.h> 112 #include <net/pipex.h> 113 #endif 114 115 /* 116 * Locks used to protect data: 117 * a atomic 118 */ 119 120 /* 121 * UDP protocol implementation. 122 * Per RFC 768, August, 1980. 123 */ 124 int udpcksum = 1; /* [a] */ 125 126 u_int udp_sendspace = 9216; /* [a] really max datagram size */ 127 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 128 /* [a] 40 1K datagrams */ 129 130 const struct pr_usrreqs udp_usrreqs = { 131 .pru_attach = udp_attach, 132 .pru_detach = udp_detach, 133 .pru_bind = udp_bind, 134 .pru_connect = udp_connect, 135 .pru_disconnect = udp_disconnect, 136 .pru_shutdown = udp_shutdown, 137 .pru_send = udp_send, 138 .pru_control = in_control, 139 .pru_sockaddr = in_sockaddr, 140 .pru_peeraddr = in_peeraddr, 141 }; 142 143 #ifdef INET6 144 const struct pr_usrreqs udp6_usrreqs = { 145 .pru_attach = udp_attach, 146 .pru_detach = udp_detach, 147 .pru_bind = udp_bind, 148 .pru_connect = udp_connect, 149 .pru_disconnect = udp_disconnect, 150 .pru_shutdown = udp_shutdown, 151 .pru_send = udp_send, 152 .pru_control = in6_control, 153 .pru_sockaddr = in6_sockaddr, 154 .pru_peeraddr = in6_peeraddr, 155 }; 156 #endif 157 158 const struct sysctl_bounded_args udpctl_vars[] = { 159 { UDPCTL_CHECKSUM, &udpcksum, 0, 1 }, 160 { UDPCTL_RECVSPACE, &udp_recvspace, 0, INT_MAX }, 161 { UDPCTL_SENDSPACE, &udp_sendspace, 0, INT_MAX }, 162 }; 163 164 struct inpcbtable udbtable; 165 #ifdef INET6 166 struct inpcbtable udb6table; 167 #endif 168 struct cpumem *udpcounters; 169 170 void udp_sbappend(struct inpcb *, struct mbuf *, struct ip *, 171 struct ip6_hdr *, int, struct udphdr *, struct sockaddr *, 172 u_int32_t); 173 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 174 void udp_notify(struct inpcb *, int); 175 int udp_sysctl_locked(int *, u_int, void *, size_t *, void *, size_t); 176 int udp_sysctl_udpstat(void *, size_t *, void *); 177 178 #ifndef UDB_INITIAL_HASH_SIZE 179 #define UDB_INITIAL_HASH_SIZE 128 180 #endif 181 182 void 183 udp_init(void) 184 { 185 udpcounters = counters_alloc(udps_ncounters); 186 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 187 #ifdef INET6 188 in_pcbinit(&udb6table, UDB_INITIAL_HASH_SIZE); 189 #endif 190 } 191 192 int 193 udp_input(struct mbuf **mp, int *offp, int proto, int af) 194 { 195 struct mbuf *m = *mp; 196 int iphlen = *offp; 197 struct ip *ip = NULL; 198 struct udphdr *uh; 199 struct inpcb *inp = NULL; 200 struct ip save_ip; 201 int len; 202 u_int16_t savesum; 203 union { 204 struct sockaddr sa; 205 struct sockaddr_in sin; 206 #ifdef INET6 207 struct sockaddr_in6 sin6; 208 #endif /* INET6 */ 209 } srcsa, dstsa; 210 struct ip6_hdr *ip6 = NULL; 211 u_int32_t ipsecflowinfo = 0; 212 213 udpstat_inc(udps_ipackets); 214 215 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 216 if (!uh) { 217 udpstat_inc(udps_hdrops); 218 return IPPROTO_DONE; 219 } 220 221 /* Check for illegal destination port 0 */ 222 if (uh->uh_dport == 0) { 223 udpstat_inc(udps_noport); 224 goto bad; 225 } 226 227 /* 228 * Make mbuf data length reflect UDP length. 229 * If not enough data to reflect UDP length, drop. 230 */ 231 len = ntohs((u_int16_t)uh->uh_ulen); 232 switch (af) { 233 case AF_INET: 234 if (m->m_pkthdr.len - iphlen != len) { 235 if (len > (m->m_pkthdr.len - iphlen) || 236 len < sizeof(struct udphdr)) { 237 udpstat_inc(udps_badlen); 238 goto bad; 239 } 240 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 241 } 242 ip = mtod(m, struct ip *); 243 /* 244 * Save a copy of the IP header in case we want restore it 245 * for sending an ICMP error message in response. 246 */ 247 save_ip = *ip; 248 break; 249 #ifdef INET6 250 case AF_INET6: 251 /* jumbograms */ 252 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 253 len = m->m_pkthdr.len - iphlen; 254 if (len != m->m_pkthdr.len - iphlen) { 255 udpstat_inc(udps_badlen); 256 goto bad; 257 } 258 ip6 = mtod(m, struct ip6_hdr *); 259 break; 260 #endif /* INET6 */ 261 default: 262 unhandled_af(af); 263 } 264 265 /* 266 * Checksum extended UDP header and data. 267 * from W.R.Stevens: check incoming udp cksums even if 268 * udpcksum is not set. 269 */ 270 savesum = uh->uh_sum; 271 if (uh->uh_sum == 0) { 272 udpstat_inc(udps_nosum); 273 #ifdef INET6 274 /* 275 * In IPv6, the UDP checksum is ALWAYS used. 276 */ 277 if (ip6) 278 goto bad; 279 #endif /* INET6 */ 280 } else { 281 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 282 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 283 udpstat_inc(udps_badsum); 284 goto bad; 285 } 286 udpstat_inc(udps_inswcsum); 287 288 if (ip) 289 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 290 iphlen, len); 291 #ifdef INET6 292 else if (ip6) 293 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 294 iphlen, len); 295 #endif /* INET6 */ 296 if (uh->uh_sum != 0) { 297 udpstat_inc(udps_badsum); 298 goto bad; 299 } 300 } 301 } 302 CLR(m->m_pkthdr.csum_flags, M_UDP_CSUM_OUT); 303 304 #ifdef IPSEC 305 if (udpencap_enable && udpencap_port && esp_enable && 306 #if NPF > 0 307 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 308 #endif 309 uh->uh_dport == htons(udpencap_port)) { 310 u_int32_t spi; 311 int skip = iphlen + sizeof(struct udphdr); 312 313 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 314 /* packet too short */ 315 m_freem(m); 316 return IPPROTO_DONE; 317 } 318 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 319 /* 320 * decapsulate if the SPI is not zero, otherwise pass 321 * to userland 322 */ 323 if (spi != 0) { 324 int protoff; 325 326 if ((m = *mp = m_pullup(m, skip)) == NULL) { 327 udpstat_inc(udps_hdrops); 328 return IPPROTO_DONE; 329 } 330 331 /* remove the UDP header */ 332 bcopy(mtod(m, u_char *), 333 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 334 m_adj(m, sizeof(struct udphdr)); 335 skip -= sizeof(struct udphdr); 336 337 espstat_inc(esps_udpencin); 338 protoff = af == AF_INET ? offsetof(struct ip, ip_p) : 339 offsetof(struct ip6_hdr, ip6_nxt); 340 return ipsec_common_input(mp, skip, protoff, 341 af, IPPROTO_ESP, 1); 342 } 343 } 344 #endif /* IPSEC */ 345 346 switch (af) { 347 case AF_INET: 348 bzero(&srcsa, sizeof(struct sockaddr_in)); 349 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 350 srcsa.sin.sin_family = AF_INET; 351 srcsa.sin.sin_port = uh->uh_sport; 352 srcsa.sin.sin_addr = ip->ip_src; 353 354 bzero(&dstsa, sizeof(struct sockaddr_in)); 355 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 356 dstsa.sin.sin_family = AF_INET; 357 dstsa.sin.sin_port = uh->uh_dport; 358 dstsa.sin.sin_addr = ip->ip_dst; 359 break; 360 #ifdef INET6 361 case AF_INET6: 362 bzero(&srcsa, sizeof(struct sockaddr_in6)); 363 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 364 srcsa.sin6.sin6_family = AF_INET6; 365 srcsa.sin6.sin6_port = uh->uh_sport; 366 #if 0 /*XXX inbound flowinfo */ 367 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 368 #endif 369 /* KAME hack: recover scopeid */ 370 in6_recoverscope(&srcsa.sin6, &ip6->ip6_src); 371 372 bzero(&dstsa, sizeof(struct sockaddr_in6)); 373 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 374 dstsa.sin6.sin6_family = AF_INET6; 375 dstsa.sin6.sin6_port = uh->uh_dport; 376 #if 0 /*XXX inbound flowinfo */ 377 dstsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 378 #endif 379 /* KAME hack: recover scopeid */ 380 in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst); 381 break; 382 #endif /* INET6 */ 383 } 384 385 if (m->m_flags & (M_BCAST|M_MCAST)) { 386 struct inpcbtable *table; 387 struct inpcb_iterator iter = { .inp_table = NULL }; 388 struct inpcb *last; 389 390 /* 391 * Deliver a multicast or broadcast datagram to *all* sockets 392 * for which the local and remote addresses and ports match 393 * those of the incoming datagram. This allows more than 394 * one process to receive multi/broadcasts on the same port. 395 * (This really ought to be done for unicast datagrams as 396 * well, but that would cause problems with existing 397 * applications that open both address-specific sockets and 398 * a wildcard socket listening to the same port -- they would 399 * end up receiving duplicates of every unicast datagram. 400 * Those applications open the multiple sockets to overcome an 401 * inadequacy of the UDP socket interface, but for backwards 402 * compatibility we avoid the problem here rather than 403 * fixing the interface. Maybe 4.5BSD will remedy this?) 404 */ 405 406 #ifdef INET6 407 if (ip6) 408 table = &udb6table; 409 else 410 #endif 411 table = &udbtable; 412 413 mtx_enter(&table->inpt_mtx); 414 last = inp = NULL; 415 while ((inp = in_pcb_iterator(table, inp, &iter)) != NULL) { 416 if (ip6) 417 KASSERT(ISSET(inp->inp_flags, INP_IPV6)); 418 else 419 KASSERT(!ISSET(inp->inp_flags, INP_IPV6)); 420 421 if (inp->inp_socket->so_rcv.sb_state & SS_CANTRCVMORE) 422 continue; 423 if (rtable_l2(inp->inp_rtableid) != 424 rtable_l2(m->m_pkthdr.ph_rtableid)) 425 continue; 426 if (inp->inp_lport != uh->uh_dport) 427 continue; 428 #ifdef INET6 429 if (ip6) { 430 if (inp->inp_ip6_minhlim && 431 inp->inp_ip6_minhlim > ip6->ip6_hlim) 432 continue; 433 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 434 if (!IN6_ARE_ADDR_EQUAL( 435 &inp->inp_laddr6, &ip6->ip6_dst)) 436 continue; 437 } else 438 #endif /* INET6 */ 439 { 440 if (inp->inp_ip_minttl && 441 inp->inp_ip_minttl > ip->ip_ttl) 442 continue; 443 444 if (inp->inp_laddr.s_addr != INADDR_ANY) { 445 if (inp->inp_laddr.s_addr != 446 ip->ip_dst.s_addr) 447 continue; 448 } 449 } 450 #ifdef INET6 451 if (ip6) { 452 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 453 if (!IN6_ARE_ADDR_EQUAL( 454 &inp->inp_faddr6, &ip6->ip6_src) || 455 inp->inp_fport != uh->uh_sport) 456 continue; 457 } else 458 #endif /* INET6 */ 459 if (inp->inp_faddr.s_addr != INADDR_ANY) { 460 if (inp->inp_faddr.s_addr != 461 ip->ip_src.s_addr || 462 inp->inp_fport != uh->uh_sport) 463 continue; 464 } 465 466 if (last != NULL) { 467 struct mbuf *n; 468 469 mtx_leave(&table->inpt_mtx); 470 471 n = m_copym(m, 0, M_COPYALL, M_NOWAIT); 472 if (n != NULL) { 473 udp_sbappend(last, n, ip, ip6, iphlen, 474 uh, &srcsa.sa, 0); 475 } 476 in_pcbunref(last); 477 478 mtx_enter(&table->inpt_mtx); 479 } 480 last = in_pcbref(inp); 481 482 /* 483 * Don't look for additional matches if this one does 484 * not have either the SO_REUSEPORT or SO_REUSEADDR 485 * socket options set. This heuristic avoids searching 486 * through all pcbs in the common case of a non-shared 487 * port. It assumes that an application will never 488 * clear these options after setting them. 489 */ 490 if ((inp->inp_socket->so_options & (SO_REUSEPORT | 491 SO_REUSEADDR)) == 0) { 492 in_pcb_iterator_abort(table, inp, &iter); 493 break; 494 } 495 } 496 mtx_leave(&table->inpt_mtx); 497 498 if (last == NULL) { 499 /* 500 * No matching pcb found; discard datagram. 501 * (No need to send an ICMP Port Unreachable 502 * for a broadcast or multicast datgram.) 503 */ 504 udpstat_inc(udps_noportbcast); 505 m_freem(m); 506 return IPPROTO_DONE; 507 } 508 509 udp_sbappend(last, m, ip, ip6, iphlen, uh, &srcsa.sa, 0); 510 in_pcbunref(last); 511 512 return IPPROTO_DONE; 513 } 514 /* 515 * Locate pcb for datagram. 516 */ 517 #if NPF > 0 518 inp = pf_inp_lookup(m); 519 #endif 520 if (inp == NULL) { 521 #ifdef INET6 522 if (ip6) { 523 inp = in6_pcblookup(&udb6table, &ip6->ip6_src, 524 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 525 m->m_pkthdr.ph_rtableid); 526 } else 527 #endif /* INET6 */ 528 { 529 inp = in_pcblookup(&udbtable, ip->ip_src, 530 uh->uh_sport, ip->ip_dst, uh->uh_dport, 531 m->m_pkthdr.ph_rtableid); 532 } 533 } 534 if (inp == NULL) { 535 udpstat_inc(udps_pcbhashmiss); 536 #ifdef INET6 537 if (ip6) { 538 inp = in6_pcblookup_listen(&udb6table, &ip6->ip6_dst, 539 uh->uh_dport, m, m->m_pkthdr.ph_rtableid); 540 } else 541 #endif /* INET6 */ 542 { 543 inp = in_pcblookup_listen(&udbtable, ip->ip_dst, 544 uh->uh_dport, m, m->m_pkthdr.ph_rtableid); 545 } 546 } 547 548 #ifdef IPSEC 549 if (ipsec_in_use) { 550 struct m_tag *mtag; 551 struct tdb_ident *tdbi; 552 struct tdb *tdb; 553 int error; 554 555 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 556 if (mtag != NULL) { 557 tdbi = (struct tdb_ident *)(mtag + 1); 558 tdb = gettdb(tdbi->rdomain, tdbi->spi, 559 &tdbi->dst, tdbi->proto); 560 } else 561 tdb = NULL; 562 error = ipsp_spd_lookup(m, af, iphlen, IPSP_DIRECTION_IN, 563 tdb, inp ? &inp->inp_seclevel : NULL, NULL, NULL); 564 if (error) { 565 udpstat_inc(udps_nosec); 566 tdb_unref(tdb); 567 goto bad; 568 } 569 /* create ipsec options, id is not modified after creation */ 570 if (tdb && tdb->tdb_ids) 571 ipsecflowinfo = tdb->tdb_ids->id_flow; 572 tdb_unref(tdb); 573 } 574 #endif /*IPSEC */ 575 576 if (inp == NULL) { 577 udpstat_inc(udps_noport); 578 if (m->m_flags & (M_BCAST | M_MCAST)) { 579 udpstat_inc(udps_noportbcast); 580 goto bad; 581 } 582 #ifdef INET6 583 if (ip6) { 584 uh->uh_sum = savesum; 585 icmp6_error(m, ICMP6_DST_UNREACH, 586 ICMP6_DST_UNREACH_NOPORT,0); 587 } else 588 #endif /* INET6 */ 589 { 590 *ip = save_ip; 591 uh->uh_sum = savesum; 592 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 593 0, 0); 594 } 595 return IPPROTO_DONE; 596 } 597 598 KASSERT(sotoinpcb(inp->inp_socket) == inp); 599 soassertlocked_readonly(inp->inp_socket); 600 601 #ifdef INET6 602 if (ip6 && inp->inp_ip6_minhlim && 603 inp->inp_ip6_minhlim > ip6->ip6_hlim) { 604 goto bad; 605 } else 606 #endif 607 if (ip && inp->inp_ip_minttl && 608 inp->inp_ip_minttl > ip->ip_ttl) { 609 goto bad; 610 } 611 612 #if NPF > 0 613 if (inp->inp_socket->so_state & SS_ISCONNECTED) 614 pf_inp_link(m, inp); 615 #endif 616 617 #ifdef PIPEX 618 if (pipex_enable && inp->inp_pipex) { 619 struct pipex_session *session; 620 int off = iphlen + sizeof(struct udphdr); 621 622 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 623 m = *mp = pipex_l2tp_input(m, off, session, 624 ipsecflowinfo); 625 pipex_rele_session(session); 626 if (m == NULL) { 627 in_pcbunref(inp); 628 return IPPROTO_DONE; 629 } 630 } 631 } 632 #endif 633 634 udp_sbappend(inp, m, ip, ip6, iphlen, uh, &srcsa.sa, ipsecflowinfo); 635 in_pcbunref(inp); 636 return IPPROTO_DONE; 637 bad: 638 m_freem(m); 639 in_pcbunref(inp); 640 return IPPROTO_DONE; 641 } 642 643 void 644 udp_sbappend(struct inpcb *inp, struct mbuf *m, struct ip *ip, 645 struct ip6_hdr *ip6, int hlen, struct udphdr *uh, 646 struct sockaddr *srcaddr, u_int32_t ipsecflowinfo) 647 { 648 struct socket *so = inp->inp_socket; 649 struct mbuf *opts = NULL; 650 651 hlen += sizeof(*uh); 652 653 if (inp->inp_upcall != NULL) { 654 m = (*inp->inp_upcall)(inp->inp_upcall_arg, m, 655 ip, ip6, uh, hlen); 656 if (m == NULL) 657 return; 658 } 659 660 #ifdef INET6 661 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 662 so->so_options & SO_TIMESTAMP)) 663 ip6_savecontrol(inp, m, &opts); 664 #endif /* INET6 */ 665 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 666 so->so_options & SO_TIMESTAMP)) 667 ip_savecontrol(inp, &opts, ip, m); 668 #ifdef INET6 669 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 670 struct mbuf **mp = &opts; 671 672 while (*mp) 673 mp = &(*mp)->m_next; 674 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 675 IPV6_RECVDSTPORT, IPPROTO_IPV6); 676 } 677 #endif /* INET6 */ 678 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 679 struct mbuf **mp = &opts; 680 681 while (*mp) 682 mp = &(*mp)->m_next; 683 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 684 IP_RECVDSTPORT, IPPROTO_IP); 685 } 686 #ifdef IPSEC 687 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 688 struct mbuf **mp = &opts; 689 690 while (*mp) 691 mp = &(*mp)->m_next; 692 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 693 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 694 } 695 #endif 696 m_adj(m, hlen); 697 698 mtx_enter(&so->so_rcv.sb_mtx); 699 if (sbappendaddr(so, &so->so_rcv, srcaddr, m, opts) == 0) { 700 mtx_leave(&so->so_rcv.sb_mtx); 701 udpstat_inc(udps_fullsock); 702 m_freem(m); 703 m_freem(opts); 704 return; 705 } 706 mtx_leave(&so->so_rcv.sb_mtx); 707 708 sorwakeup(so); 709 } 710 711 /* 712 * Notify a udp user of an asynchronous error; 713 * just wake up so that he can collect error status. 714 */ 715 void 716 udp_notify(struct inpcb *inp, int errno) 717 { 718 inp->inp_socket->so_error = errno; 719 sorwakeup(inp->inp_socket); 720 sowwakeup(inp->inp_socket); 721 } 722 723 #ifdef INET6 724 void 725 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 726 { 727 struct udphdr uh; 728 struct sockaddr_in6 sa6; 729 struct ip6_hdr *ip6; 730 struct mbuf *m; 731 int off; 732 void *cmdarg; 733 struct ip6ctlparam *ip6cp = NULL; 734 struct udp_portonly { 735 u_int16_t uh_sport; 736 u_int16_t uh_dport; 737 } *uhp; 738 struct inpcb *inp; 739 void (*notify)(struct inpcb *, int) = udp_notify; 740 741 if (sa == NULL) 742 return; 743 if (sa->sa_family != AF_INET6 || 744 sa->sa_len != sizeof(struct sockaddr_in6)) 745 return; 746 747 if ((unsigned)cmd >= PRC_NCMDS) 748 return; 749 if (PRC_IS_REDIRECT(cmd)) 750 notify = in_rtchange, d = NULL; 751 else if (cmd == PRC_HOSTDEAD) 752 d = NULL; 753 else if (cmd == PRC_MSGSIZE) 754 ; /* special code is present, see below */ 755 else if (inet6ctlerrmap[cmd] == 0) 756 return; 757 758 /* if the parameter is from icmp6, decode it. */ 759 if (d != NULL) { 760 ip6cp = (struct ip6ctlparam *)d; 761 m = ip6cp->ip6c_m; 762 ip6 = ip6cp->ip6c_ip6; 763 off = ip6cp->ip6c_off; 764 cmdarg = ip6cp->ip6c_cmdarg; 765 } else { 766 m = NULL; 767 ip6 = NULL; 768 cmdarg = NULL; 769 /* XXX: translate addresses into internal form */ 770 sa6 = *satosin6(sa); 771 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 772 /* should be impossible */ 773 return; 774 } 775 } 776 777 if (ip6cp && ip6cp->ip6c_finaldst) { 778 bzero(&sa6, sizeof(sa6)); 779 sa6.sin6_family = AF_INET6; 780 sa6.sin6_len = sizeof(sa6); 781 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 782 /* XXX: assuming M is valid in this case */ 783 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 784 ip6cp->ip6c_finaldst); 785 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 786 /* should be impossible */ 787 return; 788 } 789 } else { 790 /* XXX: translate addresses into internal form */ 791 sa6 = *satosin6(sa); 792 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 793 /* should be impossible */ 794 return; 795 } 796 } 797 798 if (ip6) { 799 /* 800 * XXX: We assume that when IPV6 is non NULL, 801 * M and OFF are valid. 802 */ 803 struct sockaddr_in6 sa6_src; 804 805 /* check if we can safely examine src and dst ports */ 806 if (m->m_pkthdr.len < off + sizeof(*uhp)) 807 return; 808 809 bzero(&uh, sizeof(uh)); 810 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 811 812 bzero(&sa6_src, sizeof(sa6_src)); 813 sa6_src.sin6_family = AF_INET6; 814 sa6_src.sin6_len = sizeof(sa6_src); 815 sa6_src.sin6_addr = ip6->ip6_src; 816 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 817 &ip6->ip6_src); 818 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 819 /* should be impossible */ 820 return; 821 } 822 823 if (cmd == PRC_MSGSIZE) { 824 /* 825 * Check to see if we have a valid UDP socket 826 * corresponding to the address in the ICMPv6 message 827 * payload. 828 */ 829 inp = in6_pcblookup(&udb6table, &sa6.sin6_addr, 830 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 831 rdomain); 832 #if 0 833 /* 834 * As the use of sendto(2) is fairly popular, 835 * we may want to allow non-connected pcb too. 836 * But it could be too weak against attacks... 837 * We should at least check if the local address (= s) 838 * is really ours. 839 */ 840 if (inp == NULL) { 841 inp = in6_pcblookup_listen(&udb6table, 842 &sa6_src.sin6_addr, uh.uh_sport, NULL, 843 rdomain)) 844 } 845 #endif 846 847 /* 848 * Depending on the value of "valid" and routing table 849 * size (mtudisc_{hi,lo}wat), we will: 850 * - recalculate the new MTU and create the 851 * corresponding routing entry, or 852 * - ignore the MTU change notification. 853 */ 854 icmp6_mtudisc_update((struct ip6ctlparam *)d, 855 inp != NULL); 856 in_pcbunref(inp); 857 858 /* 859 * regardless of if we called icmp6_mtudisc_update(), 860 * we need to call in6_pcbnotify(), to notify path 861 * MTU change to the userland (2292bis-02), because 862 * some unconnected sockets may share the same 863 * destination and want to know the path MTU. 864 */ 865 } 866 867 in6_pcbnotify(&udb6table, &sa6, uh.uh_dport, 868 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 869 } else { 870 in6_pcbnotify(&udb6table, &sa6, 0, 871 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 872 } 873 } 874 #endif 875 876 void 877 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 878 { 879 struct ip *ip = v; 880 struct udphdr *uhp; 881 struct in_addr faddr; 882 struct inpcb *inp; 883 void (*notify)(struct inpcb *, int) = udp_notify; 884 int errno; 885 886 if (sa == NULL) 887 return; 888 if (sa->sa_family != AF_INET || 889 sa->sa_len != sizeof(struct sockaddr_in)) 890 return; 891 faddr = satosin(sa)->sin_addr; 892 if (faddr.s_addr == INADDR_ANY) 893 return; 894 895 if ((unsigned)cmd >= PRC_NCMDS) 896 return; 897 errno = inetctlerrmap[cmd]; 898 if (PRC_IS_REDIRECT(cmd)) 899 notify = in_rtchange, ip = 0; 900 else if (cmd == PRC_HOSTDEAD) 901 ip = 0; 902 else if (errno == 0) 903 return; 904 if (ip) { 905 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 906 907 #ifdef IPSEC 908 /* PMTU discovery for udpencap */ 909 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 910 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 911 udpencap_ctlinput(cmd, sa, rdomain, v); 912 return; 913 } 914 #endif 915 inp = in_pcblookup(&udbtable, 916 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 917 rdomain); 918 if (inp != NULL) 919 notify(inp, errno); 920 in_pcbunref(inp); 921 } else 922 in_pcbnotifyall(&udbtable, satosin(sa), rdomain, errno, notify); 923 } 924 925 int 926 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 927 struct mbuf *control) 928 { 929 struct sockaddr_in *sin = NULL; 930 struct udpiphdr *ui; 931 u_int32_t ipsecflowinfo = 0; 932 struct sockaddr_in src_sin; 933 int len = m->m_pkthdr.len; 934 struct in_addr laddr; 935 int error = 0; 936 937 #ifdef INET6 938 if (ISSET(inp->inp_flags, INP_IPV6)) 939 return (udp6_output(inp, m, addr, control)); 940 #endif 941 942 /* 943 * Compute the packet length of the IP header, and 944 * punt if the length looks bogus. 945 */ 946 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 947 error = EMSGSIZE; 948 goto release; 949 } 950 951 memset(&src_sin, 0, sizeof(src_sin)); 952 953 if (control) { 954 u_int clen; 955 struct cmsghdr *cm; 956 caddr_t cmsgs; 957 958 /* 959 * XXX: Currently, we assume all the optional information is 960 * stored in a single mbuf. 961 */ 962 if (control->m_next) { 963 error = EINVAL; 964 goto release; 965 } 966 967 clen = control->m_len; 968 cmsgs = mtod(control, caddr_t); 969 do { 970 if (clen < CMSG_LEN(0)) { 971 error = EINVAL; 972 goto release; 973 } 974 cm = (struct cmsghdr *)cmsgs; 975 if (cm->cmsg_len < CMSG_LEN(0) || 976 CMSG_ALIGN(cm->cmsg_len) > clen) { 977 error = EINVAL; 978 goto release; 979 } 980 #ifdef IPSEC 981 if ((inp->inp_flags & INP_IPSECFLOWINFO) != 0 && 982 cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 983 cm->cmsg_level == IPPROTO_IP && 984 cm->cmsg_type == IP_IPSECFLOWINFO) { 985 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 986 } else 987 #endif 988 if (cm->cmsg_len == CMSG_LEN(sizeof(struct in_addr)) && 989 cm->cmsg_level == IPPROTO_IP && 990 cm->cmsg_type == IP_SENDSRCADDR) { 991 memcpy(&src_sin.sin_addr, CMSG_DATA(cm), 992 sizeof(struct in_addr)); 993 src_sin.sin_family = AF_INET; 994 src_sin.sin_len = sizeof(src_sin); 995 /* no check on reuse when sin->sin_port == 0 */ 996 if ((error = in_pcbaddrisavail(inp, &src_sin, 997 0, curproc))) 998 goto release; 999 } 1000 clen -= CMSG_ALIGN(cm->cmsg_len); 1001 cmsgs += CMSG_ALIGN(cm->cmsg_len); 1002 } while (clen); 1003 } 1004 1005 if (addr) { 1006 if ((error = in_nam2sin(addr, &sin))) 1007 goto release; 1008 if (sin->sin_port == 0) { 1009 error = EADDRNOTAVAIL; 1010 goto release; 1011 } 1012 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1013 error = EISCONN; 1014 goto release; 1015 } 1016 error = in_pcbselsrc(&laddr, sin, inp); 1017 if (error) 1018 goto release; 1019 1020 if (inp->inp_lport == 0) { 1021 error = in_pcbbind(inp, NULL, curproc); 1022 if (error) 1023 goto release; 1024 } 1025 1026 if (src_sin.sin_len > 0 && 1027 src_sin.sin_addr.s_addr != INADDR_ANY && 1028 src_sin.sin_addr.s_addr != inp->inp_laddr.s_addr) { 1029 src_sin.sin_port = inp->inp_lport; 1030 if (inp->inp_laddr.s_addr != INADDR_ANY && 1031 (error = 1032 in_pcbaddrisavail(inp, &src_sin, 0, curproc))) 1033 goto release; 1034 laddr = src_sin.sin_addr; 1035 } 1036 } else { 1037 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1038 error = ENOTCONN; 1039 goto release; 1040 } 1041 laddr = inp->inp_laddr; 1042 } 1043 1044 /* 1045 * Calculate data length and get a mbuf 1046 * for UDP and IP headers. 1047 */ 1048 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1049 if (m == NULL) { 1050 error = ENOBUFS; 1051 goto bail; 1052 } 1053 1054 /* 1055 * Fill in mbuf with extended UDP header 1056 * and addresses and length put into network format. 1057 */ 1058 ui = mtod(m, struct udpiphdr *); 1059 bzero(ui->ui_x1, sizeof ui->ui_x1); 1060 ui->ui_pr = IPPROTO_UDP; 1061 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1062 ui->ui_src = laddr; 1063 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 1064 ui->ui_sport = inp->inp_lport; 1065 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 1066 ui->ui_ulen = ui->ui_len; 1067 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1068 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1069 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1070 if (atomic_load_int(&udpcksum)) 1071 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1072 1073 udpstat_inc(udps_opackets); 1074 1075 /* force routing table */ 1076 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 1077 1078 #if NPF > 0 1079 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1080 pf_mbuf_link_inpcb(m, inp); 1081 #endif 1082 1083 error = ip_output(m, inp->inp_options, &inp->inp_route, 1084 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1085 &inp->inp_seclevel, ipsecflowinfo); 1086 1087 bail: 1088 m_freem(control); 1089 return (error); 1090 1091 release: 1092 m_freem(m); 1093 goto bail; 1094 } 1095 1096 int 1097 udp_attach(struct socket *so, int proto, int wait) 1098 { 1099 struct inpcbtable *table; 1100 int error; 1101 1102 if (so->so_pcb != NULL) 1103 return EINVAL; 1104 1105 if ((error = soreserve(so, atomic_load_int(&udp_sendspace), 1106 atomic_load_int(&udp_recvspace)))) 1107 return error; 1108 1109 NET_ASSERT_LOCKED(); 1110 #ifdef INET6 1111 if (so->so_proto->pr_domain->dom_family == PF_INET6) 1112 table = &udb6table; 1113 else 1114 #endif 1115 table = &udbtable; 1116 if ((error = in_pcballoc(so, table, wait))) 1117 return error; 1118 #ifdef INET6 1119 if (ISSET(sotoinpcb(so)->inp_flags, INP_IPV6)) 1120 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1121 else 1122 #endif 1123 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1124 return 0; 1125 } 1126 1127 int 1128 udp_detach(struct socket *so) 1129 { 1130 struct inpcb *inp; 1131 1132 soassertlocked(so); 1133 1134 inp = sotoinpcb(so); 1135 if (inp == NULL) 1136 return (EINVAL); 1137 1138 in_pcbdetach(inp); 1139 return (0); 1140 } 1141 1142 int 1143 udp_bind(struct socket *so, struct mbuf *addr, struct proc *p) 1144 { 1145 struct inpcb *inp = sotoinpcb(so); 1146 1147 soassertlocked(so); 1148 return in_pcbbind(inp, addr, p); 1149 } 1150 1151 int 1152 udp_connect(struct socket *so, struct mbuf *addr) 1153 { 1154 struct inpcb *inp = sotoinpcb(so); 1155 int error; 1156 1157 soassertlocked(so); 1158 1159 #ifdef INET6 1160 if (ISSET(inp->inp_flags, INP_IPV6)) { 1161 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 1162 return (EISCONN); 1163 } else 1164 #endif 1165 { 1166 if (inp->inp_faddr.s_addr != INADDR_ANY) 1167 return (EISCONN); 1168 } 1169 error = in_pcbconnect(inp, addr); 1170 if (error) 1171 return (error); 1172 1173 soisconnected(so); 1174 return (0); 1175 } 1176 1177 int 1178 udp_disconnect(struct socket *so) 1179 { 1180 struct inpcb *inp = sotoinpcb(so); 1181 1182 soassertlocked(so); 1183 1184 #ifdef INET6 1185 if (ISSET(inp->inp_flags, INP_IPV6)) { 1186 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 1187 return (ENOTCONN); 1188 } else 1189 #endif 1190 { 1191 if (inp->inp_faddr.s_addr == INADDR_ANY) 1192 return (ENOTCONN); 1193 } 1194 in_pcbunset_laddr(inp); 1195 in_pcbdisconnect(inp); 1196 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1197 1198 return (0); 1199 } 1200 1201 int 1202 udp_shutdown(struct socket *so) 1203 { 1204 soassertlocked(so); 1205 socantsendmore(so); 1206 return (0); 1207 } 1208 1209 int 1210 udp_send(struct socket *so, struct mbuf *m, struct mbuf *addr, 1211 struct mbuf *control) 1212 { 1213 struct inpcb *inp = sotoinpcb(so); 1214 1215 soassertlocked_readonly(so); 1216 1217 if (inp == NULL) { 1218 /* PCB could be destroyed, but socket still spliced. */ 1219 return (EINVAL); 1220 } 1221 1222 #ifdef PIPEX 1223 if (inp->inp_pipex) { 1224 struct pipex_session *session; 1225 1226 if (addr != NULL) 1227 session = 1228 pipex_l2tp_userland_lookup_session(m, 1229 mtod(addr, struct sockaddr *)); 1230 else 1231 #ifdef INET6 1232 if (ISSET(inp->inp_flags, INP_IPV6)) 1233 session = 1234 pipex_l2tp_userland_lookup_session_ipv6( 1235 m, inp->inp_faddr6); 1236 else 1237 #endif 1238 session = 1239 pipex_l2tp_userland_lookup_session_ipv4( 1240 m, inp->inp_faddr); 1241 if (session != NULL) { 1242 m = pipex_l2tp_userland_output(m, session); 1243 pipex_rele_session(session); 1244 1245 if (m == NULL) { 1246 m_freem(control); 1247 return (ENOMEM); 1248 } 1249 } 1250 } 1251 #endif 1252 1253 return (udp_output(inp, m, addr, control)); 1254 } 1255 1256 /* 1257 * Sysctl for udp variables. 1258 */ 1259 int 1260 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1261 size_t newlen) 1262 { 1263 /* All sysctl names at this level are terminal. */ 1264 if (namelen != 1) 1265 return (ENOTDIR); 1266 1267 switch (name[0]) { 1268 case UDPCTL_BADDYNAMIC: 1269 case UDPCTL_ROOTONLY: { 1270 size_t savelen = *oldlenp; 1271 int error; 1272 1273 if ((error = sysctl_vslock(oldp, savelen))) 1274 return (error); 1275 error = udp_sysctl_locked(name, namelen, oldp, oldlenp, 1276 newp, newlen); 1277 sysctl_vsunlock(oldp, savelen); 1278 1279 return (error); 1280 } 1281 case UDPCTL_STATS: 1282 if (newp != NULL) 1283 return (EPERM); 1284 1285 return (udp_sysctl_udpstat(oldp, oldlenp, newp)); 1286 1287 default: 1288 return (sysctl_bounded_arr(udpctl_vars, nitems(udpctl_vars), 1289 name, namelen, oldp, oldlenp, newp, newlen)); 1290 } 1291 /* NOTREACHED */ 1292 } 1293 1294 int 1295 udp_sysctl_locked(int *name, u_int namelen, void *oldp, size_t *oldlenp, 1296 void *newp, size_t newlen) 1297 { 1298 int error = ENOPROTOOPT; 1299 1300 switch (name[0]) { 1301 case UDPCTL_BADDYNAMIC: 1302 NET_LOCK(); 1303 error = sysctl_struct(oldp, oldlenp, newp, newlen, 1304 baddynamicports.udp, sizeof(baddynamicports.udp)); 1305 NET_UNLOCK(); 1306 break; 1307 1308 case UDPCTL_ROOTONLY: 1309 if (newp && securelevel > 0) 1310 return (EPERM); 1311 NET_LOCK(); 1312 error = sysctl_struct(oldp, oldlenp, newp, newlen, 1313 rootonlyports.udp, sizeof(rootonlyports.udp)); 1314 NET_UNLOCK(); 1315 break; 1316 } 1317 1318 return (error); 1319 } 1320 1321 int 1322 udp_sysctl_udpstat(void *oldp, size_t *oldlenp, void *newp) 1323 { 1324 uint64_t counters[udps_ncounters]; 1325 struct udpstat udpstat; 1326 u_long *words = (u_long *)&udpstat; 1327 int i; 1328 1329 CTASSERT(sizeof(udpstat) == (nitems(counters) * sizeof(u_long))); 1330 memset(&udpstat, 0, sizeof udpstat); 1331 counters_read(udpcounters, counters, nitems(counters), NULL); 1332 1333 for (i = 0; i < nitems(counters); i++) 1334 words[i] = (u_long)counters[i]; 1335 1336 return (sysctl_rdstruct(oldp, oldlenp, newp, 1337 &udpstat, sizeof(udpstat))); 1338 } 1339