version 1.52.8.1, 1999/12/27 18:36:21 |
version 1.66.4.4, 2001/04/06 00:26:54 |
|
|
*/ |
*/ |
|
|
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
|
#include "opt_ipkdb.h" |
#include "ipkdb.h" |
|
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/malloc.h> |
#include <sys/malloc.h> |
|
|
#include <netkey/key_debug.h> |
#include <netkey/key_debug.h> |
#endif /*IPSEC*/ |
#endif /*IPSEC*/ |
|
|
|
#ifdef IPKDB |
|
#include <ipkdb/ipkdb.h> |
|
#endif |
|
|
/* |
/* |
* UDP protocol implementation. |
* UDP protocol implementation. |
* Per RFC 768, August, 1980. |
* Per RFC 768, August, 1980. |
|
|
in_pcbinit(&udbtable, udbhashsize, udbhashsize); |
in_pcbinit(&udbtable, udbhashsize, udbhashsize); |
} |
} |
|
|
|
#ifndef UDP6 |
void |
void |
#if __STDC__ |
#if __STDC__ |
udp_input(struct mbuf *m, ...) |
udp_input(struct mbuf *m, ...) |
Line 218 udp_input(m, va_alist) |
|
Line 222 udp_input(m, va_alist) |
|
} |
} |
#endif |
#endif |
|
|
|
/* destination port of 0 is illegal, based on RFC768. */ |
|
if (uh->uh_dport == 0) |
|
goto bad; |
|
|
/* |
/* |
* Make mbuf data length reflect UDP length. |
* Make mbuf data length reflect UDP length. |
* If not enough data to reflect UDP length, drop. |
* If not enough data to reflect UDP length, drop. |
*/ |
*/ |
len = ntohs((u_int16_t)uh->uh_ulen); |
len = ntohs((u_int16_t)uh->uh_ulen); |
if (ip->ip_len != iphlen + len) { |
if (ip->ip_len != iphlen + len) { |
if (ip->ip_len < iphlen + len) { |
if (ip->ip_len < iphlen + len || len < sizeof(struct udphdr)) { |
udpstat.udps_badlen++; |
udpstat.udps_badlen++; |
goto bad; |
goto bad; |
} |
} |
Line 235 udp_input(m, va_alist) |
|
Line 243 udp_input(m, va_alist) |
|
* Checksum extended UDP header and data. |
* Checksum extended UDP header and data. |
*/ |
*/ |
if (uh->uh_sum) { |
if (uh->uh_sum) { |
#ifndef PULLDOWN_TEST |
|
struct ip save_ip; |
|
|
|
/* |
|
* Save a copy of the IP header in case we want restore it |
|
* for sending an ICMP error message in response. |
|
*/ |
|
save_ip = *ip; |
|
|
|
bzero(((struct ipovly *)ip)->ih_x1, |
|
sizeof ((struct ipovly *)ip)->ih_x1); |
|
((struct ipovly *)ip)->ih_len = uh->uh_ulen; |
|
if (in_cksum(m, len + sizeof (struct ip)) != 0) { |
|
udpstat.udps_badsum++; |
|
m_freem(m); |
|
return; |
|
} |
|
|
|
*ip = save_ip; |
|
#else |
|
if (in4_cksum(m, IPPROTO_UDP, iphlen, len) != 0) { |
if (in4_cksum(m, IPPROTO_UDP, iphlen, len) != 0) { |
udpstat.udps_badsum++; |
udpstat.udps_badsum++; |
m_freem(m); |
m_freem(m); |
return; |
return; |
} |
} |
#endif |
|
} |
} |
|
|
/* construct source and dst sockaddrs. */ |
/* construct source and dst sockaddrs. */ |
Line 300 udp_input(m, va_alist) |
|
Line 287 udp_input(m, va_alist) |
|
#endif |
#endif |
|
|
if (n == 0) { |
if (n == 0) { |
udpstat.udps_noport++; |
|
if (m->m_flags & (M_BCAST | M_MCAST)) { |
if (m->m_flags & (M_BCAST | M_MCAST)) { |
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
#if NIPKDB > 0 |
udpstat.udps_noport++; |
|
#ifdef IPKDB |
if (checkipkdb(&ip->ip_src, uh->uh_sport, uh->uh_dport, |
if (checkipkdb(&ip->ip_src, uh->uh_sport, uh->uh_dport, |
m, iphlen + sizeof(struct udphdr), |
m, iphlen + sizeof(struct udphdr), |
m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) { |
m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) { |
Line 375 udp6_input(mp, offp, proto) |
|
Line 362 udp6_input(mp, offp, proto) |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
/* destination port of 0 is illegal, based on RFC768. */ |
|
if (uh->uh_dport == 0) |
|
goto bad; |
|
|
|
/* Be proactive about malicious use of IPv4 mapped address */ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
/* XXX stat */ |
|
goto bad; |
|
} |
|
|
/* |
/* |
* Checksum extended UDP header and data. |
* Checksum extended UDP header and data. |
*/ |
*/ |
Line 417 udp6_input(mp, offp, proto) |
|
Line 415 udp6_input(mp, offp, proto) |
|
dst.sin6_port = uh->uh_dport; |
dst.sin6_port = uh->uh_dport; |
|
|
if (udp6_realinput(AF_INET6, &src, &dst, m, off) == 0) { |
if (udp6_realinput(AF_INET6, &src, &dst, m, off) == 0) { |
udp6stat.udp6s_noport++; |
|
if (m->m_flags & M_MCAST) { |
if (m->m_flags & M_MCAST) { |
udp6stat.udp6s_noportmcast++; |
udp6stat.udp6s_noportmcast++; |
goto bad; |
goto bad; |
} |
} |
|
udp6stat.udp6s_noport++; |
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); |
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); |
m = NULL; |
m = NULL; |
} |
} |
Line 556 udp4_realinput(src, dst, m, off) |
|
Line 554 udp4_realinput(src, dst, m, off) |
|
dst4 = &dst->sin_addr; |
dst4 = &dst->sin_addr; |
dport = &dst->sin_port; |
dport = &dst->sin_port; |
|
|
if (IN_MULTICAST(src4->s_addr) || |
if (IN_MULTICAST(dst4->s_addr) || |
in_broadcast(*dst4, m->m_pkthdr.rcvif)) { |
in_broadcast(*dst4, m->m_pkthdr.rcvif)) { |
struct inpcb *last; |
struct inpcb *last; |
/* |
/* |
Line 622 udp4_realinput(src, dst, m, off) |
|
Line 620 udp4_realinput(src, dst, m, off) |
|
* (No need to send an ICMP Port Unreachable |
* (No need to send an ICMP Port Unreachable |
* for a broadcast or multicast datgram.) |
* for a broadcast or multicast datgram.) |
*/ |
*/ |
udpstat.udps_noport++; |
|
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
Line 639 udp4_realinput(src, dst, m, off) |
|
Line 636 udp4_realinput(src, dst, m, off) |
|
#if 0 |
#if 0 |
struct mbuf *n; |
struct mbuf *n; |
|
|
udpstat.udps_noport++; |
|
if (m->m_flags & (M_BCAST | M_MCAST)) { |
if (m->m_flags & (M_BCAST | M_MCAST)) { |
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
#if NIPKDB > 0 |
udpstat.udps_noport++; |
|
#ifdef IPKDB |
if (checkipkdb(src4, *sport, *dport, m, off, |
if (checkipkdb(src4, *sport, *dport, m, off, |
m->m_pkthdr.len - off)) { |
m->m_pkthdr.len - off)) { |
/* |
/* |
|
|
static int |
static int |
in6_mcmatch(in6p, ia6, ifp) |
in6_mcmatch(in6p, ia6, ifp) |
struct in6pcb *in6p; |
struct in6pcb *in6p; |
register struct in6_addr *ia6; |
struct in6_addr *ia6; |
struct ifnet *ifp; |
struct ifnet *ifp; |
{ |
{ |
struct ip6_moptions *im6o = in6p->in6p_moptions; |
struct ip6_moptions *im6o = in6p->in6p_moptions; |
Line 706 udp6_realinput(af, src, dst, m, off) |
|
Line 703 udp6_realinput(af, src, dst, m, off) |
|
u_int16_t *sport, *dport; |
u_int16_t *sport, *dport; |
int rcvcnt; |
int rcvcnt; |
struct in6_addr *src6, *dst6; |
struct in6_addr *src6, *dst6; |
struct in_addr *src4; |
struct in_addr *dst4; |
struct in6pcb *in6p; |
struct in6pcb *in6p; |
|
|
rcvcnt = 0; |
rcvcnt = 0; |
Line 721 udp6_realinput(af, src, dst, m, off) |
|
Line 718 udp6_realinput(af, src, dst, m, off) |
|
sport = &src->sin6_port; |
sport = &src->sin6_port; |
dst6 = &dst->sin6_addr; |
dst6 = &dst->sin6_addr; |
dport = &dst->sin6_port; |
dport = &dst->sin6_port; |
src4 = (struct in_addr *)&src->sin6_addr.s6_addr32[12]; |
dst4 = (struct in_addr *)&dst->sin6_addr.s6_addr32[12]; |
|
|
if (IN6_IS_ADDR_MULTICAST(dst6) |
if (IN6_IS_ADDR_MULTICAST(dst6) |
|| (af == AF_INET && IN_MULTICAST(src4->s_addr))) { |
|| (af == AF_INET && IN_MULTICAST(dst4->s_addr))) { |
struct in6pcb *last; |
struct in6pcb *last; |
/* |
/* |
* Deliver a multicast or broadcast datagram to *all* sockets |
* Deliver a multicast or broadcast datagram to *all* sockets |
Line 758 udp6_realinput(af, src, dst, m, off) |
|
Line 755 udp6_realinput(af, src, dst, m, off) |
|
&& !in6_mcmatch(in6p, dst6, m->m_pkthdr.rcvif)) |
&& !in6_mcmatch(in6p, dst6, m->m_pkthdr.rcvif)) |
continue; |
continue; |
} |
} |
|
#ifndef INET6_BINDV6ONLY |
|
else { |
|
if (IN6_IS_ADDR_V4MAPPED(dst6) |
|
&& (in6p->in6p_flags & IN6P_BINDV6ONLY)) |
|
continue; |
|
} |
|
#endif |
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { |
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { |
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, src6) |
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, src6) |
|| in6p->in6p_fport != *sport) |
|| in6p->in6p_fport != *sport) |
continue; |
continue; |
} |
} |
|
#ifndef INET6_BINDV6ONLY |
|
else { |
|
if (IN6_IS_ADDR_V4MAPPED(src6) |
|
&& (in6p->in6p_flags & IN6P_BINDV6ONLY)) |
|
continue; |
|
} |
|
#endif |
|
|
last = in6p; |
last = in6p; |
udp6_sendup(m, off, (struct sockaddr *)src, |
udp6_sendup(m, off, (struct sockaddr *)src, |
Line 791 udp6_realinput(af, src, dst, m, off) |
|
Line 802 udp6_realinput(af, src, dst, m, off) |
|
*/ |
*/ |
switch (af) { |
switch (af) { |
case AF_INET: |
case AF_INET: |
udpstat.udps_noport++; |
|
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
break; |
break; |
case AF_INET6: |
case AF_INET6: |
udp6stat.udp6s_noport++; |
|
udp6stat.udp6s_noportmcast++; |
udp6stat.udp6s_noportmcast++; |
break; |
break; |
} |
} |
Line 817 udp6_realinput(af, src, dst, m, off) |
|
Line 826 udp6_realinput(af, src, dst, m, off) |
|
n = m_copy(m, 0, M_COPYALL); |
n = m_copy(m, 0, M_COPYALL); |
switch (af) { |
switch (af) { |
case AF_INET: |
case AF_INET: |
udpstat.udps_noport++; |
|
if (m->m_flags & (M_BCAST | M_MCAST)) { |
if (m->m_flags & (M_BCAST | M_MCAST)) { |
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
|
udpstat.udps_noport++; |
if (n != NULL) |
if (n != NULL) |
icmp_error(n, ICMP_UNREACH, |
icmp_error(n, ICMP_UNREACH, |
ICMP_UNREACH_PORT, 0, 0); |
ICMP_UNREACH_PORT, 0, 0); |
break; |
break; |
case AF_INET6: |
case AF_INET6: |
udp6stat.udp6s_noport++; |
|
if (m->m_flags & M_MCAST) { |
if (m->m_flags & M_MCAST) { |
udp6stat.udp6s_noportmcast++; |
udp6stat.udp6s_noportmcast++; |
goto bad; |
goto bad; |
} |
} |
|
udp6stat.udp6s_noport++; |
if (n != NULL) |
if (n != NULL) |
icmp6_error(n, ICMP6_DST_UNREACH, |
icmp6_error(n, ICMP6_DST_UNREACH, |
ICMP6_DST_UNREACH_NOPORT, 0); |
ICMP6_DST_UNREACH_NOPORT, 0); |
|
|
} |
} |
#endif |
#endif |
|
|
#if 0 |
#else /*UDP6*/ |
|
|
void |
void |
#if __STDC__ |
#if __STDC__ |
udp_input(struct mbuf *m, ...) |
udp_input(struct mbuf *m, ...) |
Line 863 udp_input(m, va_alist) |
|
Line 873 udp_input(m, va_alist) |
|
#endif |
#endif |
{ |
{ |
int proto; |
int proto; |
register struct ip *ip; |
struct ip *ip; |
register struct udphdr *uh; |
struct udphdr *uh; |
register struct inpcb *inp; |
struct inpcb *inp; |
struct mbuf *opts = 0; |
struct mbuf *opts = 0; |
int len; |
int len; |
struct ip save_ip; |
struct ip save_ip; |
Line 905 udp_input(m, va_alist) |
|
Line 915 udp_input(m, va_alist) |
|
} |
} |
uh = (struct udphdr *)((caddr_t)ip + iphlen); |
uh = (struct udphdr *)((caddr_t)ip + iphlen); |
|
|
|
/* destination port of 0 is illegal, based on RFC768. */ |
|
if (uh->uh_dport == 0) |
|
goto bad; |
|
|
/* |
/* |
* Make mbuf data length reflect UDP length. |
* Make mbuf data length reflect UDP length. |
* If not enough data to reflect UDP length, drop. |
* If not enough data to reflect UDP length, drop. |
*/ |
*/ |
len = ntohs((u_int16_t)uh->uh_ulen); |
len = ntohs((u_int16_t)uh->uh_ulen); |
if (ip->ip_len != iphlen + len) { |
if (ip->ip_len != iphlen + len) { |
if (ip->ip_len < iphlen + len) { |
if (ip->ip_len < iphlen + len || len < sizeof(struct udphdr)) { |
udpstat.udps_badlen++; |
udpstat.udps_badlen++; |
goto bad; |
goto bad; |
} |
} |
Line 1040 udp_input(m, va_alist) |
|
Line 1054 udp_input(m, va_alist) |
|
* (No need to send an ICMP Port Unreachable |
* (No need to send an ICMP Port Unreachable |
* for a broadcast or multicast datgram.) |
* for a broadcast or multicast datgram.) |
*/ |
*/ |
udpstat.udps_noport++; |
|
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
Line 1074 udp_input(m, va_alist) |
|
Line 1087 udp_input(m, va_alist) |
|
++udpstat.udps_pcbhashmiss; |
++udpstat.udps_pcbhashmiss; |
inp = in_pcblookup_bind(&udbtable, ip->ip_dst, uh->uh_dport); |
inp = in_pcblookup_bind(&udbtable, ip->ip_dst, uh->uh_dport); |
if (inp == 0) { |
if (inp == 0) { |
udpstat.udps_noport++; |
|
if (m->m_flags & (M_BCAST | M_MCAST)) { |
if (m->m_flags & (M_BCAST | M_MCAST)) { |
udpstat.udps_noportbcast++; |
udpstat.udps_noportbcast++; |
goto bad; |
goto bad; |
} |
} |
|
udpstat.udps_noport++; |
*ip = save_ip; |
*ip = save_ip; |
#if NIPKDB > 0 |
#ifdef IPKDB |
if (checkipkdb(&ip->ip_src, |
if (checkipkdb(&ip->ip_src, |
uh->uh_sport, |
uh->uh_sport, |
uh->uh_dport, |
uh->uh_dport, |
|
|
if (opts) |
if (opts) |
m_freem(opts); |
m_freem(opts); |
} |
} |
#endif |
#endif /*UDP6*/ |
|
|
/* |
/* |
* Notify a udp user of an asynchronous error; |
* Notify a udp user of an asynchronous error; |
|
|
*/ |
*/ |
static void |
static void |
udp_notify(inp, errno) |
udp_notify(inp, errno) |
register struct inpcb *inp; |
struct inpcb *inp; |
int errno; |
int errno; |
{ |
{ |
|
|
Line 1146 udp_ctlinput(cmd, sa, v) |
|
Line 1159 udp_ctlinput(cmd, sa, v) |
|
struct sockaddr *sa; |
struct sockaddr *sa; |
void *v; |
void *v; |
{ |
{ |
register struct ip *ip = v; |
struct ip *ip = v; |
register struct udphdr *uh; |
struct udphdr *uh; |
extern int inetctlerrmap[]; |
|
void (*notify) __P((struct inpcb *, int)) = udp_notify; |
void (*notify) __P((struct inpcb *, int)) = udp_notify; |
int errno; |
int errno; |
|
|
Line 1185 udp_output(m, va_alist) |
|
Line 1197 udp_output(m, va_alist) |
|
va_dcl |
va_dcl |
#endif |
#endif |
{ |
{ |
register struct inpcb *inp; |
struct inpcb *inp; |
register struct udpiphdr *ui; |
struct udpiphdr *ui; |
register int len = m->m_pkthdr.len; |
int len = m->m_pkthdr.len; |
int error = 0; |
int error = 0; |
va_list ap; |
va_list ap; |
|
|
Line 1242 udp_output(m, va_alist) |
|
Line 1254 udp_output(m, va_alist) |
|
udpstat.udps_opackets++; |
udpstat.udps_opackets++; |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
m->m_pkthdr.rcvif = (struct ifnet *)inp->inp_socket; |
if (ipsec_setsocket(m, inp->inp_socket) != 0) { |
|
error = ENOBUFS; |
|
goto release; |
|
} |
#endif /*IPSEC*/ |
#endif /*IPSEC*/ |
|
|
return (ip_output(m, inp->inp_options, &inp->inp_route, |
return (ip_output(m, inp->inp_options, &inp->inp_route, |
Line 1266 udp_usrreq(so, req, m, nam, control, p) |
|
Line 1281 udp_usrreq(so, req, m, nam, control, p) |
|
struct mbuf *m, *nam, *control; |
struct mbuf *m, *nam, *control; |
struct proc *p; |
struct proc *p; |
{ |
{ |
register struct inpcb *inp; |
struct inpcb *inp; |
int s; |
int s; |
register int error = 0; |
int error = 0; |
|
|
if (req == PRU_CONTROL) |
if (req == PRU_CONTROL) |
return (in_control(so, (long)m, (caddr_t)nam, |
return (in_control(so, (long)m, (caddr_t)nam, |
(struct ifnet *)control, p)); |
(struct ifnet *)control, p)); |
|
|
|
if (req == PRU_PURGEIF) { |
|
in_purgeif((struct ifnet *)control); |
|
in_pcbpurgeif(&udbtable, (struct ifnet *)control); |
|
return (0); |
|
} |
|
|
s = splsoftnet(); |
s = splsoftnet(); |
inp = sotoinpcb(so); |
inp = sotoinpcb(so); |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
Line 1307 udp_usrreq(so, req, m, nam, control, p) |
|
Line 1328 udp_usrreq(so, req, m, nam, control, p) |
|
inp = sotoinpcb(so); |
inp = sotoinpcb(so); |
inp->inp_ip.ip_ttl = ip_defttl; |
inp->inp_ip.ip_ttl = ip_defttl; |
#ifdef IPSEC |
#ifdef IPSEC |
error = ipsec_init_policy(&inp->inp_sp); |
error = ipsec_init_policy(so, &inp->inp_sp); |
if (error != 0) { |
if (error != 0) { |
in_pcbdetach(inp); |
in_pcbdetach(inp); |
break; |
break; |