1 /* $OpenBSD: udp_usrreq.c,v 1.174 2014/01/24 18:54:58 henning Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/proc.h> 78 #include <sys/sysctl.h> 79 80 #include <net/if.h> 81 #include <net/if_media.h> 82 #include <net/route.h> 83 84 #include <netinet/in.h> 85 #include <netinet/in_systm.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #ifndef INET 101 #include <netinet/in.h> 102 #endif 103 #include <netinet6/in6_var.h> 104 #include <netinet6/ip6_var.h> 105 #include <netinet6/ip6protosw.h> 106 #endif /* INET6 */ 107 108 #include "pf.h" 109 #if NPF > 0 110 #include <net/pfvar.h> 111 #endif 112 113 #ifdef PIPEX 114 #include <netinet/if_ether.h> 115 #include <net/pipex.h> 116 #endif 117 118 #include "vxlan.h" 119 #if NVXLAN > 0 120 #include <net/if_vxlan.h> 121 #endif 122 123 /* 124 * UDP protocol implementation. 125 * Per RFC 768, August, 1980. 126 */ 127 int udpcksum = 1; 128 129 u_int udp_sendspace = 9216; /* really max datagram size */ 130 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 131 /* 40 1K datagrams */ 132 133 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 134 135 struct inpcbtable udbtable; 136 struct udpstat udpstat; 137 138 void udp_detach(struct inpcb *); 139 void udp_notify(struct inpcb *, int); 140 141 #ifndef UDBHASHSIZE 142 #define UDBHASHSIZE 128 143 #endif 144 int udbhashsize = UDBHASHSIZE; 145 146 void 147 udp_init() 148 { 149 in_pcbinit(&udbtable, udbhashsize); 150 } 151 152 #ifdef INET6 153 int 154 udp6_input(struct mbuf **mp, int *offp, int proto) 155 { 156 struct mbuf *m = *mp; 157 158 udp_input(m, *offp, proto); 159 return IPPROTO_DONE; 160 } 161 #endif 162 163 void 164 udp_input(struct mbuf *m, ...) 165 { 166 struct ip *ip; 167 struct udphdr *uh; 168 struct inpcb *inp = NULL; 169 struct mbuf *opts = NULL; 170 struct ip save_ip; 171 int iphlen, len; 172 va_list ap; 173 u_int16_t savesum; 174 union { 175 struct sockaddr sa; 176 struct sockaddr_in sin; 177 #ifdef INET6 178 struct sockaddr_in6 sin6; 179 #endif /* INET6 */ 180 } srcsa, dstsa; 181 #ifdef INET6 182 struct ip6_hdr *ip6; 183 #endif /* INET6 */ 184 #ifdef IPSEC 185 struct m_tag *mtag; 186 struct tdb_ident *tdbi; 187 struct tdb *tdb; 188 int error; 189 u_int32_t ipsecflowinfo = 0; 190 #endif /* IPSEC */ 191 192 va_start(ap, m); 193 iphlen = va_arg(ap, int); 194 va_end(ap); 195 196 udpstat.udps_ipackets++; 197 198 switch (mtod(m, struct ip *)->ip_v) { 199 case 4: 200 ip = mtod(m, struct ip *); 201 #ifdef INET6 202 ip6 = NULL; 203 #endif /* INET6 */ 204 srcsa.sa.sa_family = AF_INET; 205 break; 206 #ifdef INET6 207 case 6: 208 ip = NULL; 209 ip6 = mtod(m, struct ip6_hdr *); 210 srcsa.sa.sa_family = AF_INET6; 211 break; 212 #endif /* INET6 */ 213 default: 214 goto bad; 215 } 216 217 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 218 if (!uh) { 219 udpstat.udps_hdrops++; 220 return; 221 } 222 223 /* Check for illegal destination port 0 */ 224 if (uh->uh_dport == 0) { 225 udpstat.udps_noport++; 226 goto bad; 227 } 228 229 /* 230 * Make mbuf data length reflect UDP length. 231 * If not enough data to reflect UDP length, drop. 232 */ 233 len = ntohs((u_int16_t)uh->uh_ulen); 234 if (ip) { 235 if (m->m_pkthdr.len - iphlen != len) { 236 if (len > (m->m_pkthdr.len - iphlen) || 237 len < sizeof(struct udphdr)) { 238 udpstat.udps_badlen++; 239 goto bad; 240 } 241 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 242 } 243 } 244 #ifdef INET6 245 else if (ip6) { 246 /* jumbograms */ 247 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 248 len = m->m_pkthdr.len - iphlen; 249 if (len != m->m_pkthdr.len - iphlen) { 250 udpstat.udps_badlen++; 251 goto bad; 252 } 253 } 254 #endif 255 else /* shouldn't happen */ 256 goto bad; 257 258 /* 259 * Save a copy of the IP header in case we want restore it 260 * for sending an ICMP error message in response. 261 */ 262 if (ip) 263 save_ip = *ip; 264 265 #ifdef INET6 266 if (ip6) { 267 /* Be proactive about malicious use of IPv4 mapped address */ 268 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 269 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 270 /* XXX stat */ 271 goto bad; 272 } 273 } 274 #endif /* INET6 */ 275 276 /* 277 * Checksum extended UDP header and data. 278 * from W.R.Stevens: check incoming udp cksums even if 279 * udpcksum is not set. 280 */ 281 savesum = uh->uh_sum; 282 if (uh->uh_sum == 0) { 283 udpstat.udps_nosum++; 284 #ifdef INET6 285 /* 286 * In IPv6, the UDP checksum is ALWAYS used. 287 */ 288 if (ip6) 289 goto bad; 290 #endif /* INET6 */ 291 } else { 292 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 293 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 294 udpstat.udps_badsum++; 295 goto bad; 296 } 297 udpstat.udps_inswcsum++; 298 299 if (ip) 300 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 301 iphlen, len); 302 #ifdef INET6 303 else if (ip6) 304 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 305 iphlen, len); 306 #endif /* INET6 */ 307 if (uh->uh_sum != 0) { 308 udpstat.udps_badsum++; 309 goto bad; 310 } 311 } 312 } 313 314 #ifdef IPSEC 315 if (udpencap_enable && udpencap_port && 316 #if NPF > 0 317 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 318 #endif 319 uh->uh_dport == htons(udpencap_port)) { 320 u_int32_t spi; 321 int skip = iphlen + sizeof(struct udphdr); 322 323 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 324 /* packet too short */ 325 m_freem(m); 326 return; 327 } 328 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 329 /* 330 * decapsulate if the SPI is not zero, otherwise pass 331 * to userland 332 */ 333 if (spi != 0) { 334 if ((m = m_pullup(m, skip)) == NULL) { 335 udpstat.udps_hdrops++; 336 return; 337 } 338 339 /* remove the UDP header */ 340 bcopy(mtod(m, u_char *), 341 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 342 m_adj(m, sizeof(struct udphdr)); 343 skip -= sizeof(struct udphdr); 344 345 espstat.esps_udpencin++; 346 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 347 srcsa.sa.sa_family, IPPROTO_ESP, 1); 348 return; 349 } 350 } 351 #endif 352 353 switch (srcsa.sa.sa_family) { 354 case AF_INET: 355 bzero(&srcsa, sizeof(struct sockaddr_in)); 356 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 357 srcsa.sin.sin_family = AF_INET; 358 srcsa.sin.sin_port = uh->uh_sport; 359 srcsa.sin.sin_addr = ip->ip_src; 360 361 bzero(&dstsa, sizeof(struct sockaddr_in)); 362 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 363 dstsa.sin.sin_family = AF_INET; 364 dstsa.sin.sin_port = uh->uh_dport; 365 dstsa.sin.sin_addr = ip->ip_dst; 366 break; 367 #ifdef INET6 368 case AF_INET6: 369 bzero(&srcsa, sizeof(struct sockaddr_in6)); 370 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 371 srcsa.sin6.sin6_family = AF_INET6; 372 srcsa.sin6.sin6_port = uh->uh_sport; 373 #if 0 /*XXX inbound flowinfo */ 374 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 375 #endif 376 /* KAME hack: recover scopeid */ 377 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, 378 m->m_pkthdr.rcvif); 379 380 bzero(&dstsa, sizeof(struct sockaddr_in6)); 381 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 382 dstsa.sin6.sin6_family = AF_INET6; 383 dstsa.sin6.sin6_port = uh->uh_dport; 384 /* KAME hack: recover scopeid */ 385 (void)in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst, 386 m->m_pkthdr.rcvif); 387 break; 388 #endif /* INET6 */ 389 } 390 391 #if NVXLAN > 0 392 if (vxlan_enable > 0 && 393 #if NPF > 0 394 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 395 #endif 396 (error = vxlan_lookup(m, uh, iphlen, &srcsa.sa)) != 0) { 397 if (error == -1) { 398 udpstat.udps_hdrops++; 399 m_freem(m); 400 } 401 return; 402 } 403 #endif 404 405 #ifdef INET6 406 if ((ip6 && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) || 407 (ip && IN_MULTICAST(ip->ip_dst.s_addr)) || 408 (ip && in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif, 409 m->m_pkthdr.rdomain))) { 410 #else /* INET6 */ 411 if (IN_MULTICAST(ip->ip_dst.s_addr) || 412 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif, m->m_pkthdr.rdomain)) { 413 #endif /* INET6 */ 414 struct inpcb *last; 415 /* 416 * Deliver a multicast or broadcast datagram to *all* sockets 417 * for which the local and remote addresses and ports match 418 * those of the incoming datagram. This allows more than 419 * one process to receive multi/broadcasts on the same port. 420 * (This really ought to be done for unicast datagrams as 421 * well, but that would cause problems with existing 422 * applications that open both address-specific sockets and 423 * a wildcard socket listening to the same port -- they would 424 * end up receiving duplicates of every unicast datagram. 425 * Those applications open the multiple sockets to overcome an 426 * inadequacy of the UDP socket interface, but for backwards 427 * compatibility we avoid the problem here rather than 428 * fixing the interface. Maybe 4.5BSD will remedy this?) 429 */ 430 431 iphlen += sizeof(struct udphdr); 432 433 /* 434 * Locate pcb(s) for datagram. 435 * (Algorithm copied from raw_intr().) 436 */ 437 last = NULL; 438 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 439 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 440 continue; 441 #ifdef INET6 442 /* don't accept it if AF does not match */ 443 if (ip6 && !(inp->inp_flags & INP_IPV6)) 444 continue; 445 if (!ip6 && (inp->inp_flags & INP_IPV6)) 446 continue; 447 #endif 448 if (rtable_l2(inp->inp_rtableid) != 449 rtable_l2(m->m_pkthdr.rdomain)) 450 continue; 451 if (inp->inp_lport != uh->uh_dport) 452 continue; 453 #ifdef INET6 454 if (ip6) { 455 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 456 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 457 &ip6->ip6_dst)) 458 continue; 459 } else 460 #endif /* INET6 */ 461 if (inp->inp_laddr.s_addr != INADDR_ANY) { 462 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 463 continue; 464 } 465 #ifdef INET6 466 if (ip6) { 467 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 468 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 469 &ip6->ip6_src) || 470 inp->inp_fport != uh->uh_sport) 471 continue; 472 } else 473 #endif /* INET6 */ 474 if (inp->inp_faddr.s_addr != INADDR_ANY) { 475 if (inp->inp_faddr.s_addr != 476 ip->ip_src.s_addr || 477 inp->inp_fport != uh->uh_sport) 478 continue; 479 } 480 481 if (last != NULL) { 482 struct mbuf *n; 483 484 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 485 #ifdef INET6 486 if (ip6 && (last->inp_flags & 487 IN6P_CONTROLOPTS || 488 last->inp_socket->so_options & 489 SO_TIMESTAMP)) 490 ip6_savecontrol(last, n, &opts); 491 #endif /* INET6 */ 492 if (ip && (last->inp_flags & 493 INP_CONTROLOPTS || 494 last->inp_socket->so_options & 495 SO_TIMESTAMP)) 496 ip_savecontrol(last, &opts, 497 ip, n); 498 499 m_adj(n, iphlen); 500 if (sbappendaddr( 501 &last->inp_socket->so_rcv, 502 &srcsa.sa, n, opts) == 0) { 503 m_freem(n); 504 if (opts) 505 m_freem(opts); 506 udpstat.udps_fullsock++; 507 } else 508 sorwakeup(last->inp_socket); 509 opts = NULL; 510 } 511 } 512 last = inp; 513 /* 514 * Don't look for additional matches if this one does 515 * not have either the SO_REUSEPORT or SO_REUSEADDR 516 * socket options set. This heuristic avoids searching 517 * through all pcbs in the common case of a non-shared 518 * port. It assumes that an application will never 519 * clear these options after setting them. 520 */ 521 if ((last->inp_socket->so_options & (SO_REUSEPORT | 522 SO_REUSEADDR)) == 0) 523 break; 524 } 525 526 if (last == NULL) { 527 /* 528 * No matching pcb found; discard datagram. 529 * (No need to send an ICMP Port Unreachable 530 * for a broadcast or multicast datgram.) 531 */ 532 udpstat.udps_noportbcast++; 533 goto bad; 534 } 535 536 #ifdef INET6 537 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 538 last->inp_socket->so_options & SO_TIMESTAMP)) 539 ip6_savecontrol(last, m, &opts); 540 #endif /* INET6 */ 541 if (ip && (last->inp_flags & INP_CONTROLOPTS || 542 last->inp_socket->so_options & SO_TIMESTAMP)) 543 ip_savecontrol(last, &opts, ip, m); 544 545 m_adj(m, iphlen); 546 if (sbappendaddr(&last->inp_socket->so_rcv, 547 &srcsa.sa, m, opts) == 0) { 548 udpstat.udps_fullsock++; 549 goto bad; 550 } 551 sorwakeup(last->inp_socket); 552 return; 553 } 554 /* 555 * Locate pcb for datagram. 556 */ 557 #if 0 558 if (m->m_pkthdr.pf.statekey) 559 inp = m->m_pkthdr.pf.statekey->inp; 560 #endif 561 if (inp == NULL) { 562 #ifdef INET6 563 if (ip6) 564 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 565 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 566 m->m_pkthdr.rdomain); 567 else 568 #endif /* INET6 */ 569 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 570 ip->ip_dst, uh->uh_dport, m->m_pkthdr.rdomain); 571 #if NPF > 0 572 if (m->m_pkthdr.pf.statekey && inp) { 573 m->m_pkthdr.pf.statekey->inp = inp; 574 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 575 } 576 #endif 577 } 578 if (inp == 0) { 579 int inpl_reverse = 0; 580 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 581 inpl_reverse = 1; 582 ++udpstat.udps_pcbhashmiss; 583 #ifdef INET6 584 if (ip6) { 585 inp = in6_pcblookup_listen(&udbtable, 586 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m, 587 m->m_pkthdr.rdomain); 588 } else 589 #endif /* INET6 */ 590 inp = in_pcblookup_listen(&udbtable, 591 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 592 m->m_pkthdr.rdomain); 593 if (inp == 0) { 594 udpstat.udps_noport++; 595 if (m->m_flags & (M_BCAST | M_MCAST)) { 596 udpstat.udps_noportbcast++; 597 goto bad; 598 } 599 #ifdef INET6 600 if (ip6) { 601 uh->uh_sum = savesum; 602 icmp6_error(m, ICMP6_DST_UNREACH, 603 ICMP6_DST_UNREACH_NOPORT,0); 604 } else 605 #endif /* INET6 */ 606 { 607 *ip = save_ip; 608 uh->uh_sum = savesum; 609 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 610 0, 0); 611 } 612 return; 613 } 614 } 615 KASSERT(sotoinpcb(inp->inp_socket) == inp); 616 617 #if NPF > 0 618 /* The statekey has finished finding the inp, it is no longer needed. */ 619 m->m_pkthdr.pf.statekey = NULL; 620 #endif 621 622 #ifdef IPSEC 623 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 624 if (mtag != NULL) { 625 tdbi = (struct tdb_ident *)(mtag + 1); 626 tdb = gettdb(tdbi->rdomain, tdbi->spi, 627 &tdbi->dst, tdbi->proto); 628 } else 629 tdb = NULL; 630 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 631 IPSP_DIRECTION_IN, tdb, inp, 0); 632 if (error) { 633 udpstat.udps_nosec++; 634 goto bad; 635 } 636 637 /* Latch SA only if the socket is connected */ 638 if (inp->inp_tdb_in != tdb && 639 (inp->inp_socket->so_state & SS_ISCONNECTED)) { 640 if (tdb) { 641 tdb_add_inp(tdb, inp, 1); 642 if (inp->inp_ipo == NULL) { 643 inp->inp_ipo = ipsec_add_policy(inp, 644 srcsa.sa.sa_family, IPSP_DIRECTION_OUT); 645 if (inp->inp_ipo == NULL) { 646 goto bad; 647 } 648 } 649 if (inp->inp_ipo->ipo_dstid == NULL && 650 tdb->tdb_srcid != NULL) { 651 inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; 652 tdb->tdb_srcid->ref_count++; 653 } 654 if (inp->inp_ipsec_remotecred == NULL && 655 tdb->tdb_remote_cred != NULL) { 656 inp->inp_ipsec_remotecred = 657 tdb->tdb_remote_cred; 658 tdb->tdb_remote_cred->ref_count++; 659 } 660 if (inp->inp_ipsec_remoteauth == NULL && 661 tdb->tdb_remote_auth != NULL) { 662 inp->inp_ipsec_remoteauth = 663 tdb->tdb_remote_auth; 664 tdb->tdb_remote_auth->ref_count++; 665 } 666 } else { /* Just reset */ 667 TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, 668 inp_tdb_in_next); 669 inp->inp_tdb_in = NULL; 670 } 671 } 672 /* create ipsec options while we know that tdb cannot be modified */ 673 if (tdb) 674 ipsecflowinfo = tdb->tdb_spi; 675 676 #endif /*IPSEC */ 677 678 opts = NULL; 679 #ifdef INET6 680 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 681 inp->inp_socket->so_options & SO_TIMESTAMP)) 682 ip6_savecontrol(inp, m, &opts); 683 #endif /* INET6 */ 684 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 685 inp->inp_socket->so_options & SO_TIMESTAMP)) 686 ip_savecontrol(inp, &opts, ip, m); 687 #ifdef INET6 688 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 689 struct mbuf **mp = &opts; 690 691 while (*mp) 692 mp = &(*mp)->m_next; 693 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 694 IPV6_RECVDSTPORT, IPPROTO_IPV6); 695 } 696 #endif /* INET6 */ 697 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 698 struct mbuf **mp = &opts; 699 700 while (*mp) 701 mp = &(*mp)->m_next; 702 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 703 IP_RECVDSTPORT, IPPROTO_IP); 704 } 705 #ifdef IPSEC 706 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 707 struct mbuf **mp = &opts; 708 709 while (*mp) 710 mp = &(*mp)->m_next; 711 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 712 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 713 } 714 #endif 715 #ifdef PIPEX 716 if (pipex_enable && inp->inp_pipex) { 717 struct pipex_session *session; 718 int off = iphlen + sizeof(struct udphdr); 719 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 720 if ((m = pipex_l2tp_input(m, off, session, 721 ipsecflowinfo)) == NULL) { 722 if (opts) 723 m_freem(opts); 724 return; /* the packet is handled by PIPEX */ 725 } 726 } 727 } 728 #endif 729 730 iphlen += sizeof(struct udphdr); 731 m_adj(m, iphlen); 732 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 733 udpstat.udps_fullsock++; 734 goto bad; 735 } 736 sorwakeup(inp->inp_socket); 737 return; 738 bad: 739 m_freem(m); 740 if (opts) 741 m_freem(opts); 742 } 743 744 /* 745 * Notify a udp user of an asynchronous error; 746 * just wake up so that he can collect error status. 747 */ 748 void 749 udp_notify(struct inpcb *inp, int errno) 750 { 751 inp->inp_socket->so_error = errno; 752 sorwakeup(inp->inp_socket); 753 sowwakeup(inp->inp_socket); 754 } 755 756 #ifdef INET6 757 void 758 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 759 { 760 struct udphdr uh; 761 struct sockaddr_in6 sa6; 762 struct ip6_hdr *ip6; 763 struct mbuf *m; 764 int off; 765 void *cmdarg; 766 struct ip6ctlparam *ip6cp = NULL; 767 struct udp_portonly { 768 u_int16_t uh_sport; 769 u_int16_t uh_dport; 770 } *uhp; 771 void (*notify)(struct inpcb *, int) = udp_notify; 772 773 if (sa == NULL) 774 return; 775 if (sa->sa_family != AF_INET6 || 776 sa->sa_len != sizeof(struct sockaddr_in6)) 777 return; 778 779 if ((unsigned)cmd >= PRC_NCMDS) 780 return; 781 if (PRC_IS_REDIRECT(cmd)) 782 notify = in_rtchange, d = NULL; 783 else if (cmd == PRC_HOSTDEAD) 784 d = NULL; 785 else if (cmd == PRC_MSGSIZE) 786 ; /* special code is present, see below */ 787 else if (inet6ctlerrmap[cmd] == 0) 788 return; 789 790 /* if the parameter is from icmp6, decode it. */ 791 if (d != NULL) { 792 ip6cp = (struct ip6ctlparam *)d; 793 m = ip6cp->ip6c_m; 794 ip6 = ip6cp->ip6c_ip6; 795 off = ip6cp->ip6c_off; 796 cmdarg = ip6cp->ip6c_cmdarg; 797 } else { 798 m = NULL; 799 ip6 = NULL; 800 cmdarg = NULL; 801 /* XXX: translate addresses into internal form */ 802 sa6 = *(struct sockaddr_in6 *)sa; 803 #ifndef SCOPEDROUTING 804 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 805 /* should be impossible */ 806 return; 807 } 808 #endif 809 } 810 811 if (ip6cp && ip6cp->ip6c_finaldst) { 812 bzero(&sa6, sizeof(sa6)); 813 sa6.sin6_family = AF_INET6; 814 sa6.sin6_len = sizeof(sa6); 815 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 816 /* XXX: assuming M is valid in this case */ 817 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 818 ip6cp->ip6c_finaldst); 819 #ifndef SCOPEDROUTING 820 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 821 /* should be impossible */ 822 return; 823 } 824 #endif 825 } else { 826 /* XXX: translate addresses into internal form */ 827 sa6 = *(struct sockaddr_in6 *)sa; 828 #ifndef SCOPEDROUTING 829 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 830 /* should be impossible */ 831 return; 832 } 833 #endif 834 } 835 836 if (ip6) { 837 /* 838 * XXX: We assume that when IPV6 is non NULL, 839 * M and OFF are valid. 840 */ 841 struct sockaddr_in6 sa6_src; 842 843 /* check if we can safely examine src and dst ports */ 844 if (m->m_pkthdr.len < off + sizeof(*uhp)) 845 return; 846 847 bzero(&uh, sizeof(uh)); 848 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 849 850 bzero(&sa6_src, sizeof(sa6_src)); 851 sa6_src.sin6_family = AF_INET6; 852 sa6_src.sin6_len = sizeof(sa6_src); 853 sa6_src.sin6_addr = ip6->ip6_src; 854 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 855 &ip6->ip6_src); 856 #ifndef SCOPEDROUTING 857 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 858 /* should be impossible */ 859 return; 860 } 861 #endif 862 863 if (cmd == PRC_MSGSIZE) { 864 int valid = 0; 865 866 /* 867 * Check to see if we have a valid UDP socket 868 * corresponding to the address in the ICMPv6 message 869 * payload. 870 */ 871 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 872 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 873 rdomain)) 874 valid = 1; 875 #if 0 876 /* 877 * As the use of sendto(2) is fairly popular, 878 * we may want to allow non-connected pcb too. 879 * But it could be too weak against attacks... 880 * We should at least check if the local address (= s) 881 * is really ours. 882 */ 883 else if (in6_pcblookup_listen(&udbtable, 884 &sa6_src.sin6_addr, uh.uh_sport, 0, 885 rdomain)) 886 valid = 1; 887 #endif 888 889 /* 890 * Depending on the value of "valid" and routing table 891 * size (mtudisc_{hi,lo}wat), we will: 892 * - recalculate the new MTU and create the 893 * corresponding routing entry, or 894 * - ignore the MTU change notification. 895 */ 896 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 897 898 /* 899 * regardless of if we called icmp6_mtudisc_update(), 900 * we need to call in6_pcbnotify(), to notify path 901 * MTU change to the userland (2292bis-02), because 902 * some unconnected sockets may share the same 903 * destination and want to know the path MTU. 904 */ 905 } 906 907 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 908 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 909 } else { 910 (void) in6_pcbnotify(&udbtable, &sa6, 0, 911 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 912 } 913 } 914 #endif 915 916 void * 917 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 918 { 919 struct ip *ip = v; 920 struct udphdr *uhp; 921 struct in_addr faddr; 922 struct inpcb *inp; 923 void (*notify)(struct inpcb *, int) = udp_notify; 924 int errno; 925 926 if (sa == NULL) 927 return NULL; 928 if (sa->sa_family != AF_INET || 929 sa->sa_len != sizeof(struct sockaddr_in)) 930 return NULL; 931 faddr = satosin(sa)->sin_addr; 932 if (faddr.s_addr == INADDR_ANY) 933 return NULL; 934 935 if ((unsigned)cmd >= PRC_NCMDS) 936 return NULL; 937 errno = inetctlerrmap[cmd]; 938 if (PRC_IS_REDIRECT(cmd)) 939 notify = in_rtchange, ip = 0; 940 else if (cmd == PRC_HOSTDEAD) 941 ip = 0; 942 else if (errno == 0) 943 return NULL; 944 if (ip) { 945 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 946 947 #ifdef IPSEC 948 /* PMTU discovery for udpencap */ 949 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 950 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 951 udpencap_ctlinput(cmd, sa, rdomain, v); 952 return (NULL); 953 } 954 #endif 955 inp = in_pcbhashlookup(&udbtable, 956 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 957 rdomain); 958 if (inp && inp->inp_socket != NULL) 959 notify(inp, errno); 960 } else 961 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 962 return (NULL); 963 } 964 965 int 966 udp_output(struct mbuf *m, ...) 967 { 968 struct inpcb *inp; 969 struct mbuf *addr, *control; 970 struct udpiphdr *ui; 971 u_int32_t ipsecflowinfo = 0; 972 int len = m->m_pkthdr.len; 973 struct in_addr laddr; 974 int s = 0, error = 0; 975 va_list ap; 976 977 va_start(ap, m); 978 inp = va_arg(ap, struct inpcb *); 979 addr = va_arg(ap, struct mbuf *); 980 control = va_arg(ap, struct mbuf *); 981 va_end(ap); 982 983 #ifdef DIAGNOSTIC 984 if ((inp->inp_flags & INP_IPV6) != 0) 985 panic("IPv6 inpcb to udp_output"); 986 #endif 987 988 /* 989 * Compute the packet length of the IP header, and 990 * punt if the length looks bogus. 991 */ 992 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 993 error = EMSGSIZE; 994 goto release; 995 } 996 997 if (addr) { 998 laddr = inp->inp_laddr; 999 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1000 error = EISCONN; 1001 goto release; 1002 } 1003 /* 1004 * Must block input while temporarily connected. 1005 */ 1006 s = splsoftnet(); 1007 error = in_pcbconnect(inp, addr); 1008 if (error) { 1009 splx(s); 1010 goto release; 1011 } 1012 } else { 1013 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1014 error = ENOTCONN; 1015 goto release; 1016 } 1017 } 1018 1019 #ifdef IPSEC 1020 if (control && (inp->inp_flags & INP_IPSECFLOWINFO) != 0) { 1021 u_int clen; 1022 struct cmsghdr *cm; 1023 caddr_t cmsgs; 1024 1025 /* 1026 * XXX: Currently, we assume all the optional information is stored 1027 * in a single mbuf. 1028 */ 1029 if (control->m_next) { 1030 error = EINVAL; 1031 goto bail; 1032 } 1033 1034 clen = control->m_len; 1035 cmsgs = mtod(control, caddr_t); 1036 do { 1037 if (clen < CMSG_LEN(0)) { 1038 error = EINVAL; 1039 goto bail; 1040 } 1041 cm = (struct cmsghdr *)cmsgs; 1042 if (cm->cmsg_len < CMSG_LEN(0) || 1043 CMSG_ALIGN(cm->cmsg_len) > clen) { 1044 error = EINVAL; 1045 goto bail; 1046 } 1047 if (cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 1048 cm->cmsg_level == IPPROTO_IP && 1049 cm->cmsg_type == IP_IPSECFLOWINFO) { 1050 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 1051 break; 1052 } 1053 clen -= CMSG_ALIGN(cm->cmsg_len); 1054 cmsgs += CMSG_ALIGN(cm->cmsg_len); 1055 } while (clen); 1056 } 1057 #endif 1058 /* 1059 * Calculate data length and get a mbuf 1060 * for UDP and IP headers. 1061 */ 1062 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1063 if (m == NULL) { 1064 error = ENOBUFS; 1065 goto bail; 1066 } 1067 1068 /* 1069 * Fill in mbuf with extended UDP header 1070 * and addresses and length put into network format. 1071 */ 1072 ui = mtod(m, struct udpiphdr *); 1073 bzero(ui->ui_x1, sizeof ui->ui_x1); 1074 ui->ui_pr = IPPROTO_UDP; 1075 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1076 ui->ui_src = inp->inp_laddr; 1077 ui->ui_dst = inp->inp_faddr; 1078 ui->ui_sport = inp->inp_lport; 1079 ui->ui_dport = inp->inp_fport; 1080 ui->ui_ulen = ui->ui_len; 1081 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1082 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1083 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1084 if (udpcksum) 1085 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1086 1087 udpstat.udps_opackets++; 1088 1089 /* force routing domain */ 1090 m->m_pkthdr.rdomain = inp->inp_rtableid; 1091 1092 error = ip_output(m, inp->inp_options, &inp->inp_route, 1093 (inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST)) 1094 |IP_IPSECFLOW, inp->inp_moptions, inp, ipsecflowinfo); 1095 if (error == EACCES) /* translate pf(4) error for userland */ 1096 error = EHOSTUNREACH; 1097 1098 bail: 1099 if (addr) { 1100 inp->inp_laddr = laddr; 1101 in_pcbdisconnect(inp); 1102 splx(s); 1103 } 1104 if (control) 1105 m_freem(control); 1106 return (error); 1107 1108 release: 1109 m_freem(m); 1110 if (control) 1111 m_freem(control); 1112 return (error); 1113 } 1114 1115 /*ARGSUSED*/ 1116 int 1117 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1118 struct mbuf *control, struct proc *p) 1119 { 1120 struct inpcb *inp = sotoinpcb(so); 1121 int error = 0; 1122 int s; 1123 1124 if (req == PRU_CONTROL) { 1125 #ifdef INET6 1126 if (inp->inp_flags & INP_IPV6) 1127 return (in6_control(so, (u_long)m, (caddr_t)addr, 1128 (struct ifnet *)control)); 1129 else 1130 #endif /* INET6 */ 1131 return (in_control(so, (u_long)m, (caddr_t)addr, 1132 (struct ifnet *)control)); 1133 } 1134 if (inp == NULL && req != PRU_ATTACH) { 1135 error = EINVAL; 1136 goto release; 1137 } 1138 /* 1139 * Note: need to block udp_input while changing 1140 * the udp pcb queue and/or pcb addresses. 1141 */ 1142 switch (req) { 1143 1144 case PRU_ATTACH: 1145 if (inp != NULL) { 1146 error = EINVAL; 1147 break; 1148 } 1149 s = splsoftnet(); 1150 if ((error = soreserve(so, udp_sendspace, udp_recvspace)) || 1151 (error = in_pcballoc(so, &udbtable))) { 1152 splx(s); 1153 break; 1154 } 1155 splx(s); 1156 #ifdef INET6 1157 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1158 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1159 else 1160 #endif /* INET6 */ 1161 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1162 break; 1163 1164 case PRU_DETACH: 1165 udp_detach(inp); 1166 break; 1167 1168 case PRU_BIND: 1169 s = splsoftnet(); 1170 #ifdef INET6 1171 if (inp->inp_flags & INP_IPV6) 1172 error = in6_pcbbind(inp, addr, p); 1173 else 1174 #endif 1175 error = in_pcbbind(inp, addr, p); 1176 splx(s); 1177 break; 1178 1179 case PRU_LISTEN: 1180 error = EOPNOTSUPP; 1181 break; 1182 1183 case PRU_CONNECT: 1184 #ifdef INET6 1185 if (inp->inp_flags & INP_IPV6) { 1186 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1187 error = EISCONN; 1188 break; 1189 } 1190 s = splsoftnet(); 1191 error = in6_pcbconnect(inp, addr); 1192 splx(s); 1193 } else 1194 #endif /* INET6 */ 1195 { 1196 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1197 error = EISCONN; 1198 break; 1199 } 1200 s = splsoftnet(); 1201 error = in_pcbconnect(inp, addr); 1202 splx(s); 1203 } 1204 1205 if (error == 0) 1206 soisconnected(so); 1207 break; 1208 1209 case PRU_CONNECT2: 1210 error = EOPNOTSUPP; 1211 break; 1212 1213 case PRU_ACCEPT: 1214 error = EOPNOTSUPP; 1215 break; 1216 1217 case PRU_DISCONNECT: 1218 #ifdef INET6 1219 if (inp->inp_flags & INP_IPV6) { 1220 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1221 error = ENOTCONN; 1222 break; 1223 } 1224 } else 1225 #endif /* INET6 */ 1226 { 1227 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1228 error = ENOTCONN; 1229 break; 1230 } 1231 } 1232 1233 s = splsoftnet(); 1234 #ifdef INET6 1235 if (inp->inp_flags & INP_IPV6) 1236 inp->inp_laddr6 = in6addr_any; 1237 else 1238 #endif /* INET6 */ 1239 inp->inp_laddr.s_addr = INADDR_ANY; 1240 in_pcbdisconnect(inp); 1241 1242 splx(s); 1243 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1244 break; 1245 1246 case PRU_SHUTDOWN: 1247 socantsendmore(so); 1248 break; 1249 1250 case PRU_SEND: 1251 #ifdef PIPEX 1252 if (inp->inp_pipex) { 1253 struct pipex_session *session; 1254 1255 if (addr != NULL) 1256 session = 1257 pipex_l2tp_userland_lookup_session(m, 1258 mtod(addr, struct sockaddr *)); 1259 else 1260 #ifdef INET6 1261 if (inp->inp_flags & INP_IPV6) 1262 session = 1263 pipex_l2tp_userland_lookup_session_ipv6( 1264 m, inp->inp_faddr6); 1265 else 1266 #endif 1267 session = 1268 pipex_l2tp_userland_lookup_session_ipv4( 1269 m, inp->inp_faddr); 1270 if (session != NULL) 1271 if ((m = pipex_l2tp_userland_output( 1272 m, session)) == NULL) { 1273 error = ENOMEM; 1274 goto release; 1275 } 1276 } 1277 #endif 1278 1279 #ifdef INET6 1280 if (inp->inp_flags & INP_IPV6) 1281 return (udp6_output(inp, m, addr, control)); 1282 else 1283 return (udp_output(m, inp, addr, control)); 1284 #else 1285 return (udp_output(m, inp, addr, control)); 1286 #endif 1287 1288 case PRU_ABORT: 1289 soisdisconnected(so); 1290 udp_detach(inp); 1291 break; 1292 1293 case PRU_SOCKADDR: 1294 #ifdef INET6 1295 if (inp->inp_flags & INP_IPV6) 1296 in6_setsockaddr(inp, addr); 1297 else 1298 #endif /* INET6 */ 1299 in_setsockaddr(inp, addr); 1300 break; 1301 1302 case PRU_PEERADDR: 1303 #ifdef INET6 1304 if (inp->inp_flags & INP_IPV6) 1305 in6_setpeeraddr(inp, addr); 1306 else 1307 #endif /* INET6 */ 1308 in_setpeeraddr(inp, addr); 1309 break; 1310 1311 case PRU_SENSE: 1312 /* 1313 * stat: don't bother with a blocksize. 1314 */ 1315 /* 1316 * Perhaps Path MTU might be returned for a connected 1317 * UDP socket in this case. 1318 */ 1319 return (0); 1320 1321 case PRU_SENDOOB: 1322 case PRU_FASTTIMO: 1323 case PRU_SLOWTIMO: 1324 case PRU_PROTORCV: 1325 case PRU_PROTOSEND: 1326 error = EOPNOTSUPP; 1327 break; 1328 1329 case PRU_RCVD: 1330 case PRU_RCVOOB: 1331 return (EOPNOTSUPP); /* do not free mbuf's */ 1332 1333 default: 1334 panic("udp_usrreq"); 1335 } 1336 1337 release: 1338 if (control) { 1339 m_freem(control); 1340 } 1341 if (m) 1342 m_freem(m); 1343 return (error); 1344 } 1345 1346 void 1347 udp_detach(struct inpcb *inp) 1348 { 1349 int s = splsoftnet(); 1350 1351 in_pcbdetach(inp); 1352 splx(s); 1353 } 1354 1355 /* 1356 * Sysctl for udp variables. 1357 */ 1358 int 1359 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1360 size_t newlen) 1361 { 1362 /* All sysctl names at this level are terminal. */ 1363 if (namelen != 1) 1364 return (ENOTDIR); 1365 1366 switch (name[0]) { 1367 case UDPCTL_BADDYNAMIC: 1368 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1369 baddynamicports.udp, sizeof(baddynamicports.udp))); 1370 1371 case UDPCTL_STATS: 1372 if (newp != NULL) 1373 return (EPERM); 1374 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1375 &udpstat, sizeof(udpstat))); 1376 1377 default: 1378 if (name[0] < UDPCTL_MAXID) 1379 return (sysctl_int_arr(udpctl_vars, name, namelen, 1380 oldp, oldlenp, newp, newlen)); 1381 return (ENOPROTOOPT); 1382 } 1383 /* NOTREACHED */ 1384 } 1385