1 /*- 2 * Copyright (c) 1982, 1986, 1991, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95 30 * $FreeBSD$ 31 */ 32 33 #include "opt_ipsec.h" 34 #include "opt_inet6.h" 35 #include "opt_mac.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/mac.h> 40 #include <sys/malloc.h> 41 #include <sys/mbuf.h> 42 #include <sys/domain.h> 43 #include <sys/protosw.h> 44 #include <sys/socket.h> 45 #include <sys/socketvar.h> 46 #include <sys/proc.h> 47 #include <sys/jail.h> 48 #include <sys/kernel.h> 49 #include <sys/sysctl.h> 50 51 #include <vm/uma.h> 52 53 #include <net/if.h> 54 #include <net/if_types.h> 55 #include <net/route.h> 56 57 #include <netinet/in.h> 58 #include <netinet/in_pcb.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip_var.h> 61 #include <netinet/tcp_var.h> 62 #include <netinet/udp.h> 63 #include <netinet/udp_var.h> 64 #ifdef INET6 65 #include <netinet/ip6.h> 66 #include <netinet6/ip6_var.h> 67 #endif /* INET6 */ 68 69 #ifdef IPSEC 70 #include <netinet6/ipsec.h> 71 #include <netkey/key.h> 72 #endif /* IPSEC */ 73 74 #ifdef FAST_IPSEC 75 #if defined(IPSEC) || defined(IPSEC_ESP) 76 #error "Bad idea: don't compile with both IPSEC and FAST_IPSEC!" 77 #endif 78 79 #include <netipsec/ipsec.h> 80 #include <netipsec/key.h> 81 #endif /* FAST_IPSEC */ 82 83 /* 84 * These configure the range of local port addresses assigned to 85 * "unspecified" outgoing connections/packets/whatever. 86 */ 87 int ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */ 88 int ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */ 89 int ipport_firstauto = IPPORT_HIFIRSTAUTO; /* 49152 */ 90 int ipport_lastauto = IPPORT_HILASTAUTO; /* 65535 */ 91 int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */ 92 int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */ 93 94 /* 95 * Reserved ports accessible only to root. There are significant 96 * security considerations that must be accounted for when changing these, 97 * but the security benefits can be great. Please be careful. 98 */ 99 int ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */ 100 int ipport_reservedlow = 0; 101 102 /* Variables dealing with random ephemeral port allocation. */ 103 int ipport_randomized = 1; /* user controlled via sysctl */ 104 int ipport_randomcps = 10; /* user controlled via sysctl */ 105 int ipport_randomtime = 45; /* user controlled via sysctl */ 106 int ipport_stoprandom = 0; /* toggled by ipport_tick */ 107 int ipport_tcpallocs; 108 int ipport_tcplastcount; 109 110 #define RANGECHK(var, min, max) \ 111 if ((var) < (min)) { (var) = (min); } \ 112 else if ((var) > (max)) { (var) = (max); } 113 114 static int 115 sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS) 116 { 117 int error; 118 119 error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req); 120 if (error == 0) { 121 RANGECHK(ipport_lowfirstauto, 1, IPPORT_RESERVED - 1); 122 RANGECHK(ipport_lowlastauto, 1, IPPORT_RESERVED - 1); 123 RANGECHK(ipport_firstauto, IPPORT_RESERVED, IPPORT_MAX); 124 RANGECHK(ipport_lastauto, IPPORT_RESERVED, IPPORT_MAX); 125 RANGECHK(ipport_hifirstauto, IPPORT_RESERVED, IPPORT_MAX); 126 RANGECHK(ipport_hilastauto, IPPORT_RESERVED, IPPORT_MAX); 127 } 128 return (error); 129 } 130 131 #undef RANGECHK 132 133 SYSCTL_NODE(_net_inet_ip, IPPROTO_IP, portrange, CTLFLAG_RW, 0, "IP Ports"); 134 135 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst, CTLTYPE_INT|CTLFLAG_RW, 136 &ipport_lowfirstauto, 0, &sysctl_net_ipport_check, "I", ""); 137 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast, CTLTYPE_INT|CTLFLAG_RW, 138 &ipport_lowlastauto, 0, &sysctl_net_ipport_check, "I", ""); 139 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, first, CTLTYPE_INT|CTLFLAG_RW, 140 &ipport_firstauto, 0, &sysctl_net_ipport_check, "I", ""); 141 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, last, CTLTYPE_INT|CTLFLAG_RW, 142 &ipport_lastauto, 0, &sysctl_net_ipport_check, "I", ""); 143 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst, CTLTYPE_INT|CTLFLAG_RW, 144 &ipport_hifirstauto, 0, &sysctl_net_ipport_check, "I", ""); 145 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hilast, CTLTYPE_INT|CTLFLAG_RW, 146 &ipport_hilastauto, 0, &sysctl_net_ipport_check, "I", ""); 147 SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedhigh, 148 CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedhigh, 0, ""); 149 SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, reservedlow, 150 CTLFLAG_RW|CTLFLAG_SECURE, &ipport_reservedlow, 0, ""); 151 SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomized, 152 CTLFLAG_RW, &ipport_randomized, 0, ""); 153 SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomcps, 154 CTLFLAG_RW, &ipport_randomcps, 0, ""); 155 SYSCTL_INT(_net_inet_ip_portrange, OID_AUTO, randomtime, 156 CTLFLAG_RW, &ipport_randomtime, 0, ""); 157 158 /* 159 * in_pcb.c: manage the Protocol Control Blocks. 160 * 161 * NOTE: It is assumed that most of these functions will be called at 162 * splnet(). XXX - There are, unfortunately, a few exceptions to this 163 * rule that should be fixed. 164 */ 165 166 /* 167 * Allocate a PCB and associate it with the socket. 168 */ 169 int 170 in_pcballoc(so, pcbinfo, type) 171 struct socket *so; 172 struct inpcbinfo *pcbinfo; 173 const char *type; 174 { 175 register struct inpcb *inp; 176 int error; 177 178 INP_INFO_WLOCK_ASSERT(pcbinfo); 179 error = 0; 180 inp = uma_zalloc(pcbinfo->ipi_zone, M_NOWAIT | M_ZERO); 181 if (inp == NULL) 182 return (ENOBUFS); 183 inp->inp_gencnt = ++pcbinfo->ipi_gencnt; 184 inp->inp_pcbinfo = pcbinfo; 185 inp->inp_socket = so; 186 #ifdef MAC 187 error = mac_init_inpcb(inp, M_NOWAIT); 188 if (error != 0) 189 goto out; 190 SOCK_LOCK(so); 191 mac_create_inpcb_from_socket(so, inp); 192 SOCK_UNLOCK(so); 193 #endif 194 #if defined(IPSEC) || defined(FAST_IPSEC) 195 #ifdef FAST_IPSEC 196 error = ipsec_init_policy(so, &inp->inp_sp); 197 #else 198 error = ipsec_init_pcbpolicy(so, &inp->inp_sp); 199 #endif 200 if (error != 0) 201 goto out; 202 #endif /*IPSEC*/ 203 #if defined(INET6) 204 if (INP_SOCKAF(so) == AF_INET6) { 205 inp->inp_vflag |= INP_IPV6PROTO; 206 if (ip6_v6only) 207 inp->inp_flags |= IN6P_IPV6_V6ONLY; 208 } 209 #endif 210 LIST_INSERT_HEAD(pcbinfo->listhead, inp, inp_list); 211 pcbinfo->ipi_count++; 212 so->so_pcb = (caddr_t)inp; 213 INP_LOCK_INIT(inp, "inp", type); 214 #ifdef INET6 215 if (ip6_auto_flowlabel) 216 inp->inp_flags |= IN6P_AUTOFLOWLABEL; 217 #endif 218 #if defined(IPSEC) || defined(FAST_IPSEC) || defined(MAC) 219 out: 220 if (error != 0) 221 uma_zfree(pcbinfo->ipi_zone, inp); 222 #endif 223 return (error); 224 } 225 226 int 227 in_pcbbind(inp, nam, cred) 228 register struct inpcb *inp; 229 struct sockaddr *nam; 230 struct ucred *cred; 231 { 232 int anonport, error; 233 234 INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo); 235 INP_LOCK_ASSERT(inp); 236 237 if (inp->inp_lport != 0 || inp->inp_laddr.s_addr != INADDR_ANY) 238 return (EINVAL); 239 anonport = inp->inp_lport == 0 && (nam == NULL || 240 ((struct sockaddr_in *)nam)->sin_port == 0); 241 error = in_pcbbind_setup(inp, nam, &inp->inp_laddr.s_addr, 242 &inp->inp_lport, cred); 243 if (error) 244 return (error); 245 if (in_pcbinshash(inp) != 0) { 246 inp->inp_laddr.s_addr = INADDR_ANY; 247 inp->inp_lport = 0; 248 return (EAGAIN); 249 } 250 if (anonport) 251 inp->inp_flags |= INP_ANONPORT; 252 return (0); 253 } 254 255 /* 256 * Set up a bind operation on a PCB, performing port allocation 257 * as required, but do not actually modify the PCB. Callers can 258 * either complete the bind by setting inp_laddr/inp_lport and 259 * calling in_pcbinshash(), or they can just use the resulting 260 * port and address to authorise the sending of a once-off packet. 261 * 262 * On error, the values of *laddrp and *lportp are not changed. 263 */ 264 int 265 in_pcbbind_setup(inp, nam, laddrp, lportp, cred) 266 struct inpcb *inp; 267 struct sockaddr *nam; 268 in_addr_t *laddrp; 269 u_short *lportp; 270 struct ucred *cred; 271 { 272 struct socket *so = inp->inp_socket; 273 unsigned short *lastport; 274 struct sockaddr_in *sin; 275 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 276 struct in_addr laddr; 277 u_short lport = 0; 278 int wild = 0, reuseport = (so->so_options & SO_REUSEPORT); 279 int error, prison = 0; 280 int dorandom; 281 282 INP_INFO_WLOCK_ASSERT(pcbinfo); 283 INP_LOCK_ASSERT(inp); 284 285 if (TAILQ_EMPTY(&in_ifaddrhead)) /* XXX broken! */ 286 return (EADDRNOTAVAIL); 287 laddr.s_addr = *laddrp; 288 if (nam != NULL && laddr.s_addr != INADDR_ANY) 289 return (EINVAL); 290 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 291 wild = 1; 292 if (nam) { 293 sin = (struct sockaddr_in *)nam; 294 if (nam->sa_len != sizeof (*sin)) 295 return (EINVAL); 296 #ifdef notdef 297 /* 298 * We should check the family, but old programs 299 * incorrectly fail to initialize it. 300 */ 301 if (sin->sin_family != AF_INET) 302 return (EAFNOSUPPORT); 303 #endif 304 if (sin->sin_addr.s_addr != INADDR_ANY) 305 if (prison_ip(cred, 0, &sin->sin_addr.s_addr)) 306 return(EINVAL); 307 if (sin->sin_port != *lportp) { 308 /* Don't allow the port to change. */ 309 if (*lportp != 0) 310 return (EINVAL); 311 lport = sin->sin_port; 312 } 313 /* NB: lport is left as 0 if the port isn't being changed. */ 314 if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 315 /* 316 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 317 * allow complete duplication of binding if 318 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 319 * and a multicast address is bound on both 320 * new and duplicated sockets. 321 */ 322 if (so->so_options & SO_REUSEADDR) 323 reuseport = SO_REUSEADDR|SO_REUSEPORT; 324 } else if (sin->sin_addr.s_addr != INADDR_ANY) { 325 sin->sin_port = 0; /* yech... */ 326 bzero(&sin->sin_zero, sizeof(sin->sin_zero)); 327 if (ifa_ifwithaddr((struct sockaddr *)sin) == 0) 328 return (EADDRNOTAVAIL); 329 } 330 laddr = sin->sin_addr; 331 if (lport) { 332 struct inpcb *t; 333 /* GROSS */ 334 if (ntohs(lport) <= ipport_reservedhigh && 335 ntohs(lport) >= ipport_reservedlow && 336 suser_cred(cred, SUSER_ALLOWJAIL)) 337 return (EACCES); 338 if (jailed(cred)) 339 prison = 1; 340 if (so->so_cred->cr_uid != 0 && 341 !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { 342 t = in_pcblookup_local(inp->inp_pcbinfo, 343 sin->sin_addr, lport, 344 prison ? 0 : INPLOOKUP_WILDCARD); 345 /* 346 * XXX 347 * This entire block sorely needs a rewrite. 348 */ 349 if (t && 350 ((t->inp_vflag & INP_TIMEWAIT) == 0) && 351 (so->so_type != SOCK_STREAM || 352 ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && 353 (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || 354 ntohl(t->inp_laddr.s_addr) != INADDR_ANY || 355 (t->inp_socket->so_options & 356 SO_REUSEPORT) == 0) && 357 (so->so_cred->cr_uid != 358 t->inp_socket->so_cred->cr_uid)) 359 return (EADDRINUSE); 360 } 361 if (prison && prison_ip(cred, 0, &sin->sin_addr.s_addr)) 362 return (EADDRNOTAVAIL); 363 t = in_pcblookup_local(pcbinfo, sin->sin_addr, 364 lport, prison ? 0 : wild); 365 if (t && (t->inp_vflag & INP_TIMEWAIT)) { 366 if ((reuseport & intotw(t)->tw_so_options) == 0) 367 return (EADDRINUSE); 368 } else 369 if (t && 370 (reuseport & t->inp_socket->so_options) == 0) { 371 #if defined(INET6) 372 if (ntohl(sin->sin_addr.s_addr) != 373 INADDR_ANY || 374 ntohl(t->inp_laddr.s_addr) != 375 INADDR_ANY || 376 INP_SOCKAF(so) == 377 INP_SOCKAF(t->inp_socket)) 378 #endif /* defined(INET6) */ 379 return (EADDRINUSE); 380 } 381 } 382 } 383 if (*lportp != 0) 384 lport = *lportp; 385 if (lport == 0) { 386 u_short first, last; 387 int count; 388 389 if (laddr.s_addr != INADDR_ANY) 390 if (prison_ip(cred, 0, &laddr.s_addr)) 391 return (EINVAL); 392 393 if (inp->inp_flags & INP_HIGHPORT) { 394 first = ipport_hifirstauto; /* sysctl */ 395 last = ipport_hilastauto; 396 lastport = &pcbinfo->lasthi; 397 } else if (inp->inp_flags & INP_LOWPORT) { 398 if ((error = suser_cred(cred, SUSER_ALLOWJAIL)) != 0) 399 return error; 400 first = ipport_lowfirstauto; /* 1023 */ 401 last = ipport_lowlastauto; /* 600 */ 402 lastport = &pcbinfo->lastlow; 403 } else { 404 first = ipport_firstauto; /* sysctl */ 405 last = ipport_lastauto; 406 lastport = &pcbinfo->lastport; 407 } 408 /* 409 * For UDP, use random port allocation as long as the user 410 * allows it. For TCP (and as of yet unknown) connections, 411 * use random port allocation only if the user allows it AND 412 * ipport_tick allows it. 413 */ 414 if (ipport_randomized && 415 (!ipport_stoprandom || pcbinfo == &udbinfo)) 416 dorandom = 1; 417 else 418 dorandom = 0; 419 /* Make sure to not include UDP packets in the count. */ 420 if (pcbinfo != &udbinfo) 421 ipport_tcpallocs++; 422 /* 423 * Simple check to ensure all ports are not used up causing 424 * a deadlock here. 425 * 426 * We split the two cases (up and down) so that the direction 427 * is not being tested on each round of the loop. 428 */ 429 if (first > last) { 430 /* 431 * counting down 432 */ 433 if (dorandom) 434 *lastport = first - 435 (arc4random() % (first - last)); 436 count = first - last; 437 438 do { 439 if (count-- < 0) /* completely used? */ 440 return (EADDRNOTAVAIL); 441 --*lastport; 442 if (*lastport > first || *lastport < last) 443 *lastport = first; 444 lport = htons(*lastport); 445 } while (in_pcblookup_local(pcbinfo, laddr, lport, 446 wild)); 447 } else { 448 /* 449 * counting up 450 */ 451 if (dorandom) 452 *lastport = first + 453 (arc4random() % (last - first)); 454 count = last - first; 455 456 do { 457 if (count-- < 0) /* completely used? */ 458 return (EADDRNOTAVAIL); 459 ++*lastport; 460 if (*lastport < first || *lastport > last) 461 *lastport = first; 462 lport = htons(*lastport); 463 } while (in_pcblookup_local(pcbinfo, laddr, lport, 464 wild)); 465 } 466 } 467 if (prison_ip(cred, 0, &laddr.s_addr)) 468 return (EINVAL); 469 *laddrp = laddr.s_addr; 470 *lportp = lport; 471 return (0); 472 } 473 474 /* 475 * Connect from a socket to a specified address. 476 * Both address and port must be specified in argument sin. 477 * If don't have a local address for this socket yet, 478 * then pick one. 479 */ 480 int 481 in_pcbconnect(inp, nam, cred) 482 register struct inpcb *inp; 483 struct sockaddr *nam; 484 struct ucred *cred; 485 { 486 u_short lport, fport; 487 in_addr_t laddr, faddr; 488 int anonport, error; 489 490 INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo); 491 INP_LOCK_ASSERT(inp); 492 493 lport = inp->inp_lport; 494 laddr = inp->inp_laddr.s_addr; 495 anonport = (lport == 0); 496 error = in_pcbconnect_setup(inp, nam, &laddr, &lport, &faddr, &fport, 497 NULL, cred); 498 if (error) 499 return (error); 500 501 /* Do the initial binding of the local address if required. */ 502 if (inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0) { 503 inp->inp_lport = lport; 504 inp->inp_laddr.s_addr = laddr; 505 if (in_pcbinshash(inp) != 0) { 506 inp->inp_laddr.s_addr = INADDR_ANY; 507 inp->inp_lport = 0; 508 return (EAGAIN); 509 } 510 } 511 512 /* Commit the remaining changes. */ 513 inp->inp_lport = lport; 514 inp->inp_laddr.s_addr = laddr; 515 inp->inp_faddr.s_addr = faddr; 516 inp->inp_fport = fport; 517 in_pcbrehash(inp); 518 #ifdef IPSEC 519 if (inp->inp_socket->so_type == SOCK_STREAM) 520 ipsec_pcbconn(inp->inp_sp); 521 #endif 522 if (anonport) 523 inp->inp_flags |= INP_ANONPORT; 524 return (0); 525 } 526 527 /* 528 * Set up for a connect from a socket to the specified address. 529 * On entry, *laddrp and *lportp should contain the current local 530 * address and port for the PCB; these are updated to the values 531 * that should be placed in inp_laddr and inp_lport to complete 532 * the connect. 533 * 534 * On success, *faddrp and *fportp will be set to the remote address 535 * and port. These are not updated in the error case. 536 * 537 * If the operation fails because the connection already exists, 538 * *oinpp will be set to the PCB of that connection so that the 539 * caller can decide to override it. In all other cases, *oinpp 540 * is set to NULL. 541 */ 542 int 543 in_pcbconnect_setup(inp, nam, laddrp, lportp, faddrp, fportp, oinpp, cred) 544 register struct inpcb *inp; 545 struct sockaddr *nam; 546 in_addr_t *laddrp; 547 u_short *lportp; 548 in_addr_t *faddrp; 549 u_short *fportp; 550 struct inpcb **oinpp; 551 struct ucred *cred; 552 { 553 struct sockaddr_in *sin = (struct sockaddr_in *)nam; 554 struct in_ifaddr *ia; 555 struct sockaddr_in sa; 556 struct ucred *socred; 557 struct inpcb *oinp; 558 struct in_addr laddr, faddr; 559 u_short lport, fport; 560 int error; 561 562 INP_INFO_WLOCK_ASSERT(inp->inp_pcbinfo); 563 INP_LOCK_ASSERT(inp); 564 565 if (oinpp != NULL) 566 *oinpp = NULL; 567 if (nam->sa_len != sizeof (*sin)) 568 return (EINVAL); 569 if (sin->sin_family != AF_INET) 570 return (EAFNOSUPPORT); 571 if (sin->sin_port == 0) 572 return (EADDRNOTAVAIL); 573 laddr.s_addr = *laddrp; 574 lport = *lportp; 575 faddr = sin->sin_addr; 576 fport = sin->sin_port; 577 socred = inp->inp_socket->so_cred; 578 if (laddr.s_addr == INADDR_ANY && jailed(socred)) { 579 bzero(&sa, sizeof(sa)); 580 sa.sin_addr.s_addr = htonl(prison_getip(socred)); 581 sa.sin_len = sizeof(sa); 582 sa.sin_family = AF_INET; 583 error = in_pcbbind_setup(inp, (struct sockaddr *)&sa, 584 &laddr.s_addr, &lport, cred); 585 if (error) 586 return (error); 587 } 588 if (!TAILQ_EMPTY(&in_ifaddrhead)) { 589 /* 590 * If the destination address is INADDR_ANY, 591 * use the primary local address. 592 * If the supplied address is INADDR_BROADCAST, 593 * and the primary interface supports broadcast, 594 * choose the broadcast address for that interface. 595 */ 596 if (faddr.s_addr == INADDR_ANY) 597 faddr = IA_SIN(TAILQ_FIRST(&in_ifaddrhead))->sin_addr; 598 else if (faddr.s_addr == (u_long)INADDR_BROADCAST && 599 (TAILQ_FIRST(&in_ifaddrhead)->ia_ifp->if_flags & 600 IFF_BROADCAST)) 601 faddr = satosin(&TAILQ_FIRST( 602 &in_ifaddrhead)->ia_broadaddr)->sin_addr; 603 } 604 if (laddr.s_addr == INADDR_ANY) { 605 struct route sro; 606 607 bzero(&sro, sizeof(sro)); 608 ia = (struct in_ifaddr *)0; 609 /* 610 * If route is known our src addr is taken from the i/f, 611 * else punt. 612 */ 613 if ((inp->inp_socket->so_options & SO_DONTROUTE) == 0) { 614 /* Find out route to destination */ 615 sro.ro_dst.sa_family = AF_INET; 616 sro.ro_dst.sa_len = sizeof(struct sockaddr_in); 617 ((struct sockaddr_in *)&sro.ro_dst)->sin_addr = faddr; 618 rtalloc_ign(&sro, RTF_CLONING); 619 } 620 /* 621 * If we found a route, use the address 622 * corresponding to the outgoing interface 623 * unless it is the loopback (in case a route 624 * to our address on another net goes to loopback). 625 */ 626 if (sro.ro_rt && !(sro.ro_rt->rt_ifp->if_flags & IFF_LOOPBACK)) 627 ia = ifatoia(sro.ro_rt->rt_ifa); 628 if (sro.ro_rt) 629 RTFREE(sro.ro_rt); 630 if (ia == 0) { 631 bzero(&sa, sizeof(sa)); 632 sa.sin_addr = faddr; 633 sa.sin_len = sizeof(sa); 634 sa.sin_family = AF_INET; 635 636 ia = ifatoia(ifa_ifwithdstaddr(sintosa(&sa))); 637 if (ia == 0) 638 ia = ifatoia(ifa_ifwithnet(sintosa(&sa))); 639 if (ia == 0) 640 return (ENETUNREACH); 641 } 642 /* 643 * If the destination address is multicast and an outgoing 644 * interface has been set as a multicast option, use the 645 * address of that interface as our source address. 646 */ 647 if (IN_MULTICAST(ntohl(faddr.s_addr)) && 648 inp->inp_moptions != NULL) { 649 struct ip_moptions *imo; 650 struct ifnet *ifp; 651 652 imo = inp->inp_moptions; 653 if (imo->imo_multicast_ifp != NULL) { 654 ifp = imo->imo_multicast_ifp; 655 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) 656 if (ia->ia_ifp == ifp) 657 break; 658 if (ia == 0) 659 return (EADDRNOTAVAIL); 660 } 661 } 662 laddr = ia->ia_addr.sin_addr; 663 } 664 665 oinp = in_pcblookup_hash(inp->inp_pcbinfo, faddr, fport, laddr, lport, 666 0, NULL); 667 if (oinp != NULL) { 668 if (oinpp != NULL) 669 *oinpp = oinp; 670 return (EADDRINUSE); 671 } 672 if (lport == 0) { 673 error = in_pcbbind_setup(inp, NULL, &laddr.s_addr, &lport, 674 cred); 675 if (error) 676 return (error); 677 } 678 *laddrp = laddr.s_addr; 679 *lportp = lport; 680 *faddrp = faddr.s_addr; 681 *fportp = fport; 682 return (0); 683 } 684 685 void 686 in_pcbdisconnect(inp) 687 struct inpcb *inp; 688 { 689 INP_LOCK_ASSERT(inp); 690 691 inp->inp_faddr.s_addr = INADDR_ANY; 692 inp->inp_fport = 0; 693 in_pcbrehash(inp); 694 #ifdef IPSEC 695 ipsec_pcbdisconn(inp->inp_sp); 696 #endif 697 if (inp->inp_socket->so_state & SS_NOFDREF) 698 in_pcbdetach(inp); 699 } 700 701 void 702 in_pcbdetach(inp) 703 struct inpcb *inp; 704 { 705 struct socket *so = inp->inp_socket; 706 struct inpcbinfo *ipi = inp->inp_pcbinfo; 707 708 INP_LOCK_ASSERT(inp); 709 710 #if defined(IPSEC) || defined(FAST_IPSEC) 711 ipsec4_delete_pcbpolicy(inp); 712 #endif /*IPSEC*/ 713 inp->inp_gencnt = ++ipi->ipi_gencnt; 714 in_pcbremlists(inp); 715 if (so) { 716 ACCEPT_LOCK(); 717 SOCK_LOCK(so); 718 so->so_pcb = NULL; 719 sotryfree(so); 720 } 721 if (inp->inp_options) 722 (void)m_free(inp->inp_options); 723 ip_freemoptions(inp->inp_moptions); 724 inp->inp_vflag = 0; 725 INP_LOCK_DESTROY(inp); 726 #ifdef MAC 727 mac_destroy_inpcb(inp); 728 #endif 729 uma_zfree(ipi->ipi_zone, inp); 730 } 731 732 struct sockaddr * 733 in_sockaddr(port, addr_p) 734 in_port_t port; 735 struct in_addr *addr_p; 736 { 737 struct sockaddr_in *sin; 738 739 MALLOC(sin, struct sockaddr_in *, sizeof *sin, M_SONAME, 740 M_WAITOK | M_ZERO); 741 sin->sin_family = AF_INET; 742 sin->sin_len = sizeof(*sin); 743 sin->sin_addr = *addr_p; 744 sin->sin_port = port; 745 746 return (struct sockaddr *)sin; 747 } 748 749 /* 750 * The wrapper function will pass down the pcbinfo for this function to lock. 751 * The socket must have a valid 752 * (i.e., non-nil) PCB, but it should be impossible to get an invalid one 753 * except through a kernel programming error, so it is acceptable to panic 754 * (or in this case trap) if the PCB is invalid. (Actually, we don't trap 755 * because there actually /is/ a programming error somewhere... XXX) 756 */ 757 int 758 in_setsockaddr(so, nam, pcbinfo) 759 struct socket *so; 760 struct sockaddr **nam; 761 struct inpcbinfo *pcbinfo; 762 { 763 int s; 764 register struct inpcb *inp; 765 struct in_addr addr; 766 in_port_t port; 767 768 s = splnet(); 769 INP_INFO_RLOCK(pcbinfo); 770 inp = sotoinpcb(so); 771 if (!inp) { 772 INP_INFO_RUNLOCK(pcbinfo); 773 splx(s); 774 return ECONNRESET; 775 } 776 INP_LOCK(inp); 777 port = inp->inp_lport; 778 addr = inp->inp_laddr; 779 INP_UNLOCK(inp); 780 INP_INFO_RUNLOCK(pcbinfo); 781 splx(s); 782 783 *nam = in_sockaddr(port, &addr); 784 return 0; 785 } 786 787 /* 788 * The wrapper function will pass down the pcbinfo for this function to lock. 789 */ 790 int 791 in_setpeeraddr(so, nam, pcbinfo) 792 struct socket *so; 793 struct sockaddr **nam; 794 struct inpcbinfo *pcbinfo; 795 { 796 int s; 797 register struct inpcb *inp; 798 struct in_addr addr; 799 in_port_t port; 800 801 s = splnet(); 802 INP_INFO_RLOCK(pcbinfo); 803 inp = sotoinpcb(so); 804 if (!inp) { 805 INP_INFO_RUNLOCK(pcbinfo); 806 splx(s); 807 return ECONNRESET; 808 } 809 INP_LOCK(inp); 810 port = inp->inp_fport; 811 addr = inp->inp_faddr; 812 INP_UNLOCK(inp); 813 INP_INFO_RUNLOCK(pcbinfo); 814 splx(s); 815 816 *nam = in_sockaddr(port, &addr); 817 return 0; 818 } 819 820 void 821 in_pcbnotifyall(pcbinfo, faddr, errno, notify) 822 struct inpcbinfo *pcbinfo; 823 struct in_addr faddr; 824 int errno; 825 struct inpcb *(*notify)(struct inpcb *, int); 826 { 827 struct inpcb *inp, *ninp; 828 struct inpcbhead *head; 829 int s; 830 831 s = splnet(); 832 INP_INFO_WLOCK(pcbinfo); 833 head = pcbinfo->listhead; 834 for (inp = LIST_FIRST(head); inp != NULL; inp = ninp) { 835 INP_LOCK(inp); 836 ninp = LIST_NEXT(inp, inp_list); 837 #ifdef INET6 838 if ((inp->inp_vflag & INP_IPV4) == 0) { 839 INP_UNLOCK(inp); 840 continue; 841 } 842 #endif 843 if (inp->inp_faddr.s_addr != faddr.s_addr || 844 inp->inp_socket == NULL) { 845 INP_UNLOCK(inp); 846 continue; 847 } 848 if ((*notify)(inp, errno)) 849 INP_UNLOCK(inp); 850 } 851 INP_INFO_WUNLOCK(pcbinfo); 852 splx(s); 853 } 854 855 void 856 in_pcbpurgeif0(pcbinfo, ifp) 857 struct inpcbinfo *pcbinfo; 858 struct ifnet *ifp; 859 { 860 struct inpcb *inp; 861 struct ip_moptions *imo; 862 int i, gap; 863 864 /* why no splnet here? XXX */ 865 INP_INFO_RLOCK(pcbinfo); 866 LIST_FOREACH(inp, pcbinfo->listhead, inp_list) { 867 INP_LOCK(inp); 868 imo = inp->inp_moptions; 869 if ((inp->inp_vflag & INP_IPV4) && 870 imo != NULL) { 871 /* 872 * Unselect the outgoing interface if it is being 873 * detached. 874 */ 875 if (imo->imo_multicast_ifp == ifp) 876 imo->imo_multicast_ifp = NULL; 877 878 /* 879 * Drop multicast group membership if we joined 880 * through the interface being detached. 881 */ 882 for (i = 0, gap = 0; i < imo->imo_num_memberships; 883 i++) { 884 if (imo->imo_membership[i]->inm_ifp == ifp) { 885 in_delmulti(imo->imo_membership[i]); 886 gap++; 887 } else if (gap != 0) 888 imo->imo_membership[i - gap] = 889 imo->imo_membership[i]; 890 } 891 imo->imo_num_memberships -= gap; 892 } 893 INP_UNLOCK(inp); 894 } 895 INP_INFO_RUNLOCK(pcbinfo); 896 } 897 898 /* 899 * Lookup a PCB based on the local address and port. 900 */ 901 struct inpcb * 902 in_pcblookup_local(pcbinfo, laddr, lport_arg, wild_okay) 903 struct inpcbinfo *pcbinfo; 904 struct in_addr laddr; 905 u_int lport_arg; 906 int wild_okay; 907 { 908 register struct inpcb *inp; 909 int matchwild = 3, wildcard; 910 u_short lport = lport_arg; 911 912 INP_INFO_WLOCK_ASSERT(pcbinfo); 913 914 if (!wild_okay) { 915 struct inpcbhead *head; 916 /* 917 * Look for an unconnected (wildcard foreign addr) PCB that 918 * matches the local address and port we're looking for. 919 */ 920 head = &pcbinfo->hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, pcbinfo->hashmask)]; 921 LIST_FOREACH(inp, head, inp_hash) { 922 #ifdef INET6 923 if ((inp->inp_vflag & INP_IPV4) == 0) 924 continue; 925 #endif 926 if (inp->inp_faddr.s_addr == INADDR_ANY && 927 inp->inp_laddr.s_addr == laddr.s_addr && 928 inp->inp_lport == lport) { 929 /* 930 * Found. 931 */ 932 return (inp); 933 } 934 } 935 /* 936 * Not found. 937 */ 938 return (NULL); 939 } else { 940 struct inpcbporthead *porthash; 941 struct inpcbport *phd; 942 struct inpcb *match = NULL; 943 /* 944 * Best fit PCB lookup. 945 * 946 * First see if this local port is in use by looking on the 947 * port hash list. 948 */ 949 retrylookup: 950 porthash = &pcbinfo->porthashbase[INP_PCBPORTHASH(lport, 951 pcbinfo->porthashmask)]; 952 LIST_FOREACH(phd, porthash, phd_hash) { 953 if (phd->phd_port == lport) 954 break; 955 } 956 if (phd != NULL) { 957 /* 958 * Port is in use by one or more PCBs. Look for best 959 * fit. 960 */ 961 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { 962 wildcard = 0; 963 #ifdef INET6 964 if ((inp->inp_vflag & INP_IPV4) == 0) 965 continue; 966 #endif 967 /* 968 * Clean out old time_wait sockets if they 969 * are clogging up needed local ports. 970 */ 971 if ((inp->inp_vflag & INP_TIMEWAIT) != 0) { 972 if (tcp_twrecycleable((struct tcptw *)inp->inp_ppcb)) { 973 INP_LOCK(inp); 974 tcp_twclose((struct tcptw *)inp->inp_ppcb, 0); 975 match = NULL; 976 goto retrylookup; 977 } 978 } 979 if (inp->inp_faddr.s_addr != INADDR_ANY) 980 wildcard++; 981 if (inp->inp_laddr.s_addr != INADDR_ANY) { 982 if (laddr.s_addr == INADDR_ANY) 983 wildcard++; 984 else if (inp->inp_laddr.s_addr != laddr.s_addr) 985 continue; 986 } else { 987 if (laddr.s_addr != INADDR_ANY) 988 wildcard++; 989 } 990 if (wildcard < matchwild) { 991 match = inp; 992 matchwild = wildcard; 993 if (matchwild == 0) { 994 break; 995 } 996 } 997 } 998 } 999 return (match); 1000 } 1001 } 1002 1003 /* 1004 * Lookup PCB in hash list. 1005 */ 1006 struct inpcb * 1007 in_pcblookup_hash(pcbinfo, faddr, fport_arg, laddr, lport_arg, wildcard, 1008 ifp) 1009 struct inpcbinfo *pcbinfo; 1010 struct in_addr faddr, laddr; 1011 u_int fport_arg, lport_arg; 1012 int wildcard; 1013 struct ifnet *ifp; 1014 { 1015 struct inpcbhead *head; 1016 register struct inpcb *inp; 1017 u_short fport = fport_arg, lport = lport_arg; 1018 1019 INP_INFO_RLOCK_ASSERT(pcbinfo); 1020 /* 1021 * First look for an exact match. 1022 */ 1023 head = &pcbinfo->hashbase[INP_PCBHASH(faddr.s_addr, lport, fport, pcbinfo->hashmask)]; 1024 LIST_FOREACH(inp, head, inp_hash) { 1025 #ifdef INET6 1026 if ((inp->inp_vflag & INP_IPV4) == 0) 1027 continue; 1028 #endif 1029 if (inp->inp_faddr.s_addr == faddr.s_addr && 1030 inp->inp_laddr.s_addr == laddr.s_addr && 1031 inp->inp_fport == fport && 1032 inp->inp_lport == lport) { 1033 /* 1034 * Found. 1035 */ 1036 return (inp); 1037 } 1038 } 1039 if (wildcard) { 1040 struct inpcb *local_wild = NULL; 1041 #if defined(INET6) 1042 struct inpcb *local_wild_mapped = NULL; 1043 #endif /* defined(INET6) */ 1044 1045 head = &pcbinfo->hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, pcbinfo->hashmask)]; 1046 LIST_FOREACH(inp, head, inp_hash) { 1047 #ifdef INET6 1048 if ((inp->inp_vflag & INP_IPV4) == 0) 1049 continue; 1050 #endif 1051 if (inp->inp_faddr.s_addr == INADDR_ANY && 1052 inp->inp_lport == lport) { 1053 if (ifp && ifp->if_type == IFT_FAITH && 1054 (inp->inp_flags & INP_FAITH) == 0) 1055 continue; 1056 if (inp->inp_laddr.s_addr == laddr.s_addr) 1057 return (inp); 1058 else if (inp->inp_laddr.s_addr == INADDR_ANY) { 1059 #if defined(INET6) 1060 if (INP_CHECK_SOCKAF(inp->inp_socket, 1061 AF_INET6)) 1062 local_wild_mapped = inp; 1063 else 1064 #endif /* defined(INET6) */ 1065 local_wild = inp; 1066 } 1067 } 1068 } 1069 #if defined(INET6) 1070 if (local_wild == NULL) 1071 return (local_wild_mapped); 1072 #endif /* defined(INET6) */ 1073 return (local_wild); 1074 } 1075 1076 /* 1077 * Not found. 1078 */ 1079 return (NULL); 1080 } 1081 1082 /* 1083 * Insert PCB onto various hash lists. 1084 */ 1085 int 1086 in_pcbinshash(inp) 1087 struct inpcb *inp; 1088 { 1089 struct inpcbhead *pcbhash; 1090 struct inpcbporthead *pcbporthash; 1091 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 1092 struct inpcbport *phd; 1093 u_int32_t hashkey_faddr; 1094 1095 INP_INFO_WLOCK_ASSERT(pcbinfo); 1096 #ifdef INET6 1097 if (inp->inp_vflag & INP_IPV6) 1098 hashkey_faddr = inp->in6p_faddr.s6_addr32[3] /* XXX */; 1099 else 1100 #endif /* INET6 */ 1101 hashkey_faddr = inp->inp_faddr.s_addr; 1102 1103 pcbhash = &pcbinfo->hashbase[INP_PCBHASH(hashkey_faddr, 1104 inp->inp_lport, inp->inp_fport, pcbinfo->hashmask)]; 1105 1106 pcbporthash = &pcbinfo->porthashbase[INP_PCBPORTHASH(inp->inp_lport, 1107 pcbinfo->porthashmask)]; 1108 1109 /* 1110 * Go through port list and look for a head for this lport. 1111 */ 1112 LIST_FOREACH(phd, pcbporthash, phd_hash) { 1113 if (phd->phd_port == inp->inp_lport) 1114 break; 1115 } 1116 /* 1117 * If none exists, malloc one and tack it on. 1118 */ 1119 if (phd == NULL) { 1120 MALLOC(phd, struct inpcbport *, sizeof(struct inpcbport), M_PCB, M_NOWAIT); 1121 if (phd == NULL) { 1122 return (ENOBUFS); /* XXX */ 1123 } 1124 phd->phd_port = inp->inp_lport; 1125 LIST_INIT(&phd->phd_pcblist); 1126 LIST_INSERT_HEAD(pcbporthash, phd, phd_hash); 1127 } 1128 inp->inp_phd = phd; 1129 LIST_INSERT_HEAD(&phd->phd_pcblist, inp, inp_portlist); 1130 LIST_INSERT_HEAD(pcbhash, inp, inp_hash); 1131 return (0); 1132 } 1133 1134 /* 1135 * Move PCB to the proper hash bucket when { faddr, fport } have been 1136 * changed. NOTE: This does not handle the case of the lport changing (the 1137 * hashed port list would have to be updated as well), so the lport must 1138 * not change after in_pcbinshash() has been called. 1139 */ 1140 void 1141 in_pcbrehash(inp) 1142 struct inpcb *inp; 1143 { 1144 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 1145 struct inpcbhead *head; 1146 u_int32_t hashkey_faddr; 1147 1148 INP_INFO_WLOCK_ASSERT(pcbinfo); 1149 INP_LOCK_ASSERT(inp); 1150 #ifdef INET6 1151 if (inp->inp_vflag & INP_IPV6) 1152 hashkey_faddr = inp->in6p_faddr.s6_addr32[3] /* XXX */; 1153 else 1154 #endif /* INET6 */ 1155 hashkey_faddr = inp->inp_faddr.s_addr; 1156 1157 head = &pcbinfo->hashbase[INP_PCBHASH(hashkey_faddr, 1158 inp->inp_lport, inp->inp_fport, pcbinfo->hashmask)]; 1159 1160 LIST_REMOVE(inp, inp_hash); 1161 LIST_INSERT_HEAD(head, inp, inp_hash); 1162 } 1163 1164 /* 1165 * Remove PCB from various lists. 1166 */ 1167 void 1168 in_pcbremlists(inp) 1169 struct inpcb *inp; 1170 { 1171 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 1172 1173 INP_INFO_WLOCK_ASSERT(pcbinfo); 1174 INP_LOCK_ASSERT(inp); 1175 1176 inp->inp_gencnt = ++pcbinfo->ipi_gencnt; 1177 if (inp->inp_lport) { 1178 struct inpcbport *phd = inp->inp_phd; 1179 1180 LIST_REMOVE(inp, inp_hash); 1181 LIST_REMOVE(inp, inp_portlist); 1182 if (LIST_FIRST(&phd->phd_pcblist) == NULL) { 1183 LIST_REMOVE(phd, phd_hash); 1184 free(phd, M_PCB); 1185 } 1186 } 1187 LIST_REMOVE(inp, inp_list); 1188 pcbinfo->ipi_count--; 1189 } 1190 1191 /* 1192 * A set label operation has occurred at the socket layer, propagate the 1193 * label change into the in_pcb for the socket. 1194 */ 1195 void 1196 in_pcbsosetlabel(so) 1197 struct socket *so; 1198 { 1199 #ifdef MAC 1200 struct inpcb *inp; 1201 1202 inp = (struct inpcb *)so->so_pcb; 1203 INP_LOCK(inp); 1204 SOCK_LOCK(so); 1205 mac_inpcb_sosetlabel(so, inp); 1206 SOCK_UNLOCK(so); 1207 INP_UNLOCK(inp); 1208 #endif 1209 } 1210 1211 /* 1212 * ipport_tick runs once per second, determining if random port 1213 * allocation should be continued. If more than ipport_randomcps 1214 * ports have been allocated in the last second, then we return to 1215 * sequential port allocation. We return to random allocation only 1216 * once we drop below ipport_randomcps for at least 5 seconds. 1217 */ 1218 1219 void 1220 ipport_tick(xtp) 1221 void *xtp; 1222 { 1223 if (ipport_tcpallocs > ipport_tcplastcount + ipport_randomcps) { 1224 ipport_stoprandom = ipport_randomtime; 1225 } else { 1226 if (ipport_stoprandom > 0) 1227 ipport_stoprandom--; 1228 } 1229 ipport_tcplastcount = ipport_tcpallocs; 1230 callout_reset(&ipport_tick_callout, hz, ipport_tick, NULL); 1231 } 1232