1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 /* Copyright (c) 1990 Mentat Inc. */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 const char udp_version[] = "%Z%%M% %I% %E% SMI"; 30 31 #include <sys/types.h> 32 #include <sys/stream.h> 33 #include <sys/dlpi.h> 34 #include <sys/pattr.h> 35 #include <sys/stropts.h> 36 #include <sys/strlog.h> 37 #include <sys/strsun.h> 38 #include <sys/time.h> 39 #define _SUN_TPI_VERSION 2 40 #include <sys/tihdr.h> 41 #include <sys/timod.h> 42 #include <sys/ddi.h> 43 #include <sys/sunddi.h> 44 #include <sys/strsubr.h> 45 #include <sys/suntpi.h> 46 #include <sys/xti_inet.h> 47 #include <sys/cmn_err.h> 48 #include <sys/kmem.h> 49 #include <sys/policy.h> 50 #include <sys/ucred.h> 51 #include <sys/zone.h> 52 53 #include <sys/socket.h> 54 #include <sys/sockio.h> 55 #include <sys/vtrace.h> 56 #include <sys/sdt.h> 57 #include <sys/debug.h> 58 #include <sys/isa_defs.h> 59 #include <sys/random.h> 60 #include <netinet/in.h> 61 #include <netinet/ip6.h> 62 #include <netinet/icmp6.h> 63 #include <netinet/udp.h> 64 #include <net/if.h> 65 #include <net/route.h> 66 67 #include <inet/common.h> 68 #include <inet/ip.h> 69 #include <inet/ip_impl.h> 70 #include <inet/ip6.h> 71 #include <inet/ip_ire.h> 72 #include <inet/ip_if.h> 73 #include <inet/ip_multi.h> 74 #include <inet/ip_ndp.h> 75 #include <inet/mi.h> 76 #include <inet/mib2.h> 77 #include <inet/nd.h> 78 #include <inet/optcom.h> 79 #include <inet/snmpcom.h> 80 #include <inet/kstatcom.h> 81 #include <inet/udp_impl.h> 82 #include <inet/ipclassifier.h> 83 #include <inet/ipsec_impl.h> 84 #include <inet/ipp_common.h> 85 86 /* 87 * The ipsec_info.h header file is here since it has the definition for the 88 * M_CTL message types used by IP to convey information to the ULP. The 89 * ipsec_info.h needs the pfkeyv2.h, hence the latter's presence. 90 */ 91 #include <net/pfkeyv2.h> 92 #include <inet/ipsec_info.h> 93 94 #include <sys/tsol/label.h> 95 #include <sys/tsol/tnet.h> 96 #include <rpc/pmap_prot.h> 97 98 /* 99 * Synchronization notes: 100 * 101 * UDP is MT and uses the usual kernel synchronization primitives. There are 2 102 * locks, the fanout lock (uf_lock) and the udp endpoint lock udp_rwlock. 103 * We also use conn_lock when updating things that affect the IP classifier 104 * lookup. 105 * The lock order is udp_rwlock -> uf_lock and is udp_rwlock -> conn_lock. 106 * 107 * The fanout lock uf_lock: 108 * When a UDP endpoint is bound to a local port, it is inserted into 109 * a bind hash list. The list consists of an array of udp_fanout_t buckets. 110 * The size of the array is controlled by the udp_bind_fanout_size variable. 111 * This variable can be changed in /etc/system if the default value is 112 * not large enough. Each bind hash bucket is protected by a per bucket 113 * lock. It protects the udp_bind_hash and udp_ptpbhn fields in the udp_t 114 * structure and a few other fields in the udp_t. A UDP endpoint is removed 115 * from the bind hash list only when it is being unbound or being closed. 116 * The per bucket lock also protects a UDP endpoint's state changes. 117 * 118 * The udp_rwlock: 119 * This protects most of the other fields in the udp_t. The exact list of 120 * fields which are protected by each of the above locks is documented in 121 * the udp_t structure definition. 122 * 123 * Plumbing notes: 124 * UDP is always a device driver. For compatibility with mibopen() code 125 * it is possible to I_PUSH "udp", but that results in pushing a passthrough 126 * dummy module. 127 * 128 * The above implies that we don't support any intermediate module to 129 * reside in between /dev/ip and udp -- in fact, we never supported such 130 * scenario in the past as the inter-layer communication semantics have 131 * always been private. 132 */ 133 134 /* For /etc/system control */ 135 uint_t udp_bind_fanout_size = UDP_BIND_FANOUT_SIZE; 136 137 #define NDD_TOO_QUICK_MSG \ 138 "ndd get info rate too high for non-privileged users, try again " \ 139 "later.\n" 140 #define NDD_OUT_OF_BUF_MSG "<< Out of buffer >>\n" 141 142 /* Option processing attrs */ 143 typedef struct udpattrs_s { 144 union { 145 ip6_pkt_t *udpattr_ipp6; /* For V6 */ 146 ip4_pkt_t *udpattr_ipp4; /* For V4 */ 147 } udpattr_ippu; 148 #define udpattr_ipp6 udpattr_ippu.udpattr_ipp6 149 #define udpattr_ipp4 udpattr_ippu.udpattr_ipp4 150 mblk_t *udpattr_mb; 151 boolean_t udpattr_credset; 152 } udpattrs_t; 153 154 static void udp_addr_req(queue_t *q, mblk_t *mp); 155 static void udp_bind(queue_t *q, mblk_t *mp); 156 static void udp_bind_hash_insert(udp_fanout_t *uf, udp_t *udp); 157 static void udp_bind_hash_remove(udp_t *udp, boolean_t caller_holds_lock); 158 static void udp_bind_result(conn_t *, mblk_t *); 159 static void udp_bind_ack(conn_t *, mblk_t *mp); 160 static void udp_bind_error(conn_t *, mblk_t *mp); 161 static int udp_build_hdrs(udp_t *udp); 162 static void udp_capability_req(queue_t *q, mblk_t *mp); 163 static int udp_close(queue_t *q); 164 static void udp_connect(queue_t *q, mblk_t *mp); 165 static void udp_disconnect(queue_t *q, mblk_t *mp); 166 static void udp_err_ack(queue_t *q, mblk_t *mp, t_scalar_t t_error, 167 int sys_error); 168 static void udp_err_ack_prim(queue_t *q, mblk_t *mp, int primitive, 169 t_scalar_t tlierr, int unixerr); 170 static int udp_extra_priv_ports_get(queue_t *q, mblk_t *mp, caddr_t cp, 171 cred_t *cr); 172 static int udp_extra_priv_ports_add(queue_t *q, mblk_t *mp, 173 char *value, caddr_t cp, cred_t *cr); 174 static int udp_extra_priv_ports_del(queue_t *q, mblk_t *mp, 175 char *value, caddr_t cp, cred_t *cr); 176 static void udp_icmp_error(queue_t *q, mblk_t *mp); 177 static void udp_icmp_error_ipv6(queue_t *q, mblk_t *mp); 178 static void udp_info_req(queue_t *q, mblk_t *mp); 179 static void udp_input(void *, mblk_t *, void *); 180 static mblk_t *udp_ip_bind_mp(udp_t *udp, t_scalar_t bind_prim, 181 t_scalar_t addr_length); 182 static void udp_lrput(queue_t *, mblk_t *); 183 static void udp_lwput(queue_t *, mblk_t *); 184 static int udp_open(queue_t *q, dev_t *devp, int flag, int sflag, 185 cred_t *credp, boolean_t isv6); 186 static int udp_openv4(queue_t *q, dev_t *devp, int flag, int sflag, 187 cred_t *credp); 188 static int udp_openv6(queue_t *q, dev_t *devp, int flag, int sflag, 189 cred_t *credp); 190 static int udp_unitdata_opt_process(queue_t *q, mblk_t *mp, 191 int *errorp, udpattrs_t *udpattrs); 192 static boolean_t udp_opt_allow_udr_set(t_scalar_t level, t_scalar_t name); 193 static int udp_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr); 194 static boolean_t udp_param_register(IDP *ndp, udpparam_t *udppa, int cnt); 195 static int udp_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, 196 cred_t *cr); 197 static void udp_report_item(mblk_t *mp, udp_t *udp); 198 static int udp_rinfop(queue_t *q, infod_t *dp); 199 static int udp_rrw(queue_t *q, struiod_t *dp); 200 static int udp_status_report(queue_t *q, mblk_t *mp, caddr_t cp, 201 cred_t *cr); 202 static void udp_send_data(udp_t *, queue_t *, mblk_t *, ipha_t *); 203 static void udp_ud_err(queue_t *q, mblk_t *mp, uchar_t *destaddr, 204 t_scalar_t destlen, t_scalar_t err); 205 static void udp_unbind(queue_t *q, mblk_t *mp); 206 static in_port_t udp_update_next_port(udp_t *udp, in_port_t port, 207 boolean_t random); 208 static mblk_t *udp_output_v4(conn_t *, mblk_t *, ipaddr_t, uint16_t, uint_t, 209 int *, boolean_t); 210 static mblk_t *udp_output_v6(conn_t *connp, mblk_t *mp, sin6_t *sin6, 211 int *error); 212 static void udp_wput_other(queue_t *q, mblk_t *mp); 213 static void udp_wput_iocdata(queue_t *q, mblk_t *mp); 214 static size_t udp_set_rcv_hiwat(udp_t *udp, size_t size); 215 216 static void *udp_stack_init(netstackid_t stackid, netstack_t *ns); 217 static void udp_stack_fini(netstackid_t stackid, void *arg); 218 219 static void *udp_kstat_init(netstackid_t stackid); 220 static void udp_kstat_fini(netstackid_t stackid, kstat_t *ksp); 221 static void *udp_kstat2_init(netstackid_t, udp_stat_t *); 222 static void udp_kstat2_fini(netstackid_t, kstat_t *); 223 static int udp_kstat_update(kstat_t *kp, int rw); 224 225 static void udp_rcv_enqueue(queue_t *q, udp_t *udp, mblk_t *mp, 226 uint_t pkt_len); 227 static void udp_rcv_drain(queue_t *q, udp_t *udp, boolean_t closing); 228 static void udp_xmit(queue_t *, mblk_t *, ire_t *ire, conn_t *, zoneid_t); 229 230 #define UDP_RECV_HIWATER (56 * 1024) 231 #define UDP_RECV_LOWATER 128 232 #define UDP_XMIT_HIWATER (56 * 1024) 233 #define UDP_XMIT_LOWATER 1024 234 235 static struct module_info udp_mod_info = { 236 UDP_MOD_ID, UDP_MOD_NAME, 1, INFPSZ, UDP_RECV_HIWATER, UDP_RECV_LOWATER 237 }; 238 239 /* 240 * Entry points for UDP as a device. 241 * We have separate open functions for the /dev/udp and /dev/udp6 devices. 242 */ 243 static struct qinit udp_rinitv4 = { 244 NULL, NULL, udp_openv4, udp_close, NULL, 245 &udp_mod_info, NULL, udp_rrw, udp_rinfop, STRUIOT_STANDARD 246 }; 247 248 static struct qinit udp_rinitv6 = { 249 NULL, NULL, udp_openv6, udp_close, NULL, 250 &udp_mod_info, NULL, udp_rrw, udp_rinfop, STRUIOT_STANDARD 251 }; 252 253 static struct qinit udp_winit = { 254 (pfi_t)udp_wput, (pfi_t)ip_wsrv, NULL, NULL, NULL, 255 &udp_mod_info, NULL, NULL, NULL, STRUIOT_NONE 256 }; 257 258 /* 259 * UDP needs to handle I_LINK and I_PLINK since ifconfig 260 * likes to use it as a place to hang the various streams. 261 */ 262 static struct qinit udp_lrinit = { 263 (pfi_t)udp_lrput, NULL, udp_openv4, udp_close, NULL, 264 &udp_mod_info 265 }; 266 267 static struct qinit udp_lwinit = { 268 (pfi_t)udp_lwput, NULL, udp_openv4, udp_close, NULL, 269 &udp_mod_info 270 }; 271 272 /* For AF_INET aka /dev/udp */ 273 struct streamtab udpinfov4 = { 274 &udp_rinitv4, &udp_winit, &udp_lrinit, &udp_lwinit 275 }; 276 277 /* For AF_INET6 aka /dev/udp6 */ 278 struct streamtab udpinfov6 = { 279 &udp_rinitv6, &udp_winit, &udp_lrinit, &udp_lwinit 280 }; 281 282 static sin_t sin_null; /* Zero address for quick clears */ 283 static sin6_t sin6_null; /* Zero address for quick clears */ 284 285 #define UDP_MAXPACKET_IPV4 (IP_MAXPACKET - UDPH_SIZE - IP_SIMPLE_HDR_LENGTH) 286 287 /* Default structure copied into T_INFO_ACK messages */ 288 static struct T_info_ack udp_g_t_info_ack_ipv4 = { 289 T_INFO_ACK, 290 UDP_MAXPACKET_IPV4, /* TSDU_size. Excl. headers */ 291 T_INVALID, /* ETSU_size. udp does not support expedited data. */ 292 T_INVALID, /* CDATA_size. udp does not support connect data. */ 293 T_INVALID, /* DDATA_size. udp does not support disconnect data. */ 294 sizeof (sin_t), /* ADDR_size. */ 295 0, /* OPT_size - not initialized here */ 296 UDP_MAXPACKET_IPV4, /* TIDU_size. Excl. headers */ 297 T_CLTS, /* SERV_type. udp supports connection-less. */ 298 TS_UNBND, /* CURRENT_state. This is set from udp_state. */ 299 (XPG4_1|SENDZERO) /* PROVIDER_flag */ 300 }; 301 302 #define UDP_MAXPACKET_IPV6 (IP_MAXPACKET - UDPH_SIZE - IPV6_HDR_LEN) 303 304 static struct T_info_ack udp_g_t_info_ack_ipv6 = { 305 T_INFO_ACK, 306 UDP_MAXPACKET_IPV6, /* TSDU_size. Excl. headers */ 307 T_INVALID, /* ETSU_size. udp does not support expedited data. */ 308 T_INVALID, /* CDATA_size. udp does not support connect data. */ 309 T_INVALID, /* DDATA_size. udp does not support disconnect data. */ 310 sizeof (sin6_t), /* ADDR_size. */ 311 0, /* OPT_size - not initialized here */ 312 UDP_MAXPACKET_IPV6, /* TIDU_size. Excl. headers */ 313 T_CLTS, /* SERV_type. udp supports connection-less. */ 314 TS_UNBND, /* CURRENT_state. This is set from udp_state. */ 315 (XPG4_1|SENDZERO) /* PROVIDER_flag */ 316 }; 317 318 /* largest UDP port number */ 319 #define UDP_MAX_PORT 65535 320 321 /* 322 * Table of ND variables supported by udp. These are loaded into us_nd 323 * in udp_open. 324 * All of these are alterable, within the min/max values given, at run time. 325 */ 326 /* BEGIN CSTYLED */ 327 udpparam_t udp_param_arr[] = { 328 /*min max value name */ 329 { 0L, 256, 32, "udp_wroff_extra" }, 330 { 1L, 255, 255, "udp_ipv4_ttl" }, 331 { 0, IPV6_MAX_HOPS, IPV6_DEFAULT_HOPS, "udp_ipv6_hoplimit"}, 332 { 1024, (32 * 1024), 1024, "udp_smallest_nonpriv_port" }, 333 { 0, 1, 1, "udp_do_checksum" }, 334 { 1024, UDP_MAX_PORT, (32 * 1024), "udp_smallest_anon_port" }, 335 { 1024, UDP_MAX_PORT, UDP_MAX_PORT, "udp_largest_anon_port" }, 336 { UDP_XMIT_LOWATER, (1<<30), UDP_XMIT_HIWATER, "udp_xmit_hiwat"}, 337 { 0, (1<<30), UDP_XMIT_LOWATER, "udp_xmit_lowat"}, 338 { UDP_RECV_LOWATER, (1<<30), UDP_RECV_HIWATER, "udp_recv_hiwat"}, 339 { 65536, (1<<30), 2*1024*1024, "udp_max_buf"}, 340 { 100, 60000, 1000, "udp_ndd_get_info_interval"}, 341 }; 342 /* END CSTYLED */ 343 344 /* Setable in /etc/system */ 345 /* If set to 0, pick ephemeral port sequentially; otherwise randomly. */ 346 uint32_t udp_random_anon_port = 1; 347 348 /* 349 * Hook functions to enable cluster networking. 350 * On non-clustered systems these vectors must always be NULL 351 */ 352 353 void (*cl_inet_bind)(uchar_t protocol, sa_family_t addr_family, 354 uint8_t *laddrp, in_port_t lport) = NULL; 355 void (*cl_inet_unbind)(uint8_t protocol, sa_family_t addr_family, 356 uint8_t *laddrp, in_port_t lport) = NULL; 357 358 typedef union T_primitives *t_primp_t; 359 360 /* 361 * Return the next anonymous port in the privileged port range for 362 * bind checking. 363 * 364 * Trusted Extension (TX) notes: TX allows administrator to mark or 365 * reserve ports as Multilevel ports (MLP). MLP has special function 366 * on TX systems. Once a port is made MLP, it's not available as 367 * ordinary port. This creates "holes" in the port name space. It 368 * may be necessary to skip the "holes" find a suitable anon port. 369 */ 370 static in_port_t 371 udp_get_next_priv_port(udp_t *udp) 372 { 373 static in_port_t next_priv_port = IPPORT_RESERVED - 1; 374 in_port_t nextport; 375 boolean_t restart = B_FALSE; 376 udp_stack_t *us = udp->udp_us; 377 378 retry: 379 if (next_priv_port < us->us_min_anonpriv_port || 380 next_priv_port >= IPPORT_RESERVED) { 381 next_priv_port = IPPORT_RESERVED - 1; 382 if (restart) 383 return (0); 384 restart = B_TRUE; 385 } 386 387 if (is_system_labeled() && 388 (nextport = tsol_next_port(crgetzone(udp->udp_connp->conn_cred), 389 next_priv_port, IPPROTO_UDP, B_FALSE)) != 0) { 390 next_priv_port = nextport; 391 goto retry; 392 } 393 394 return (next_priv_port--); 395 } 396 397 /* UDP bind hash report triggered via the Named Dispatch mechanism. */ 398 /* ARGSUSED */ 399 static int 400 udp_bind_hash_report(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 401 { 402 udp_fanout_t *udpf; 403 int i; 404 zoneid_t zoneid; 405 conn_t *connp; 406 udp_t *udp; 407 udp_stack_t *us; 408 409 connp = Q_TO_CONN(q); 410 udp = connp->conn_udp; 411 us = udp->udp_us; 412 413 /* Refer to comments in udp_status_report(). */ 414 if (cr == NULL || secpolicy_ip_config(cr, B_TRUE) != 0) { 415 if (ddi_get_lbolt() - us->us_last_ndd_get_info_time < 416 drv_usectohz(us->us_ndd_get_info_interval * 1000)) { 417 (void) mi_mpprintf(mp, NDD_TOO_QUICK_MSG); 418 return (0); 419 } 420 } 421 if ((mp->b_cont = allocb(ND_MAX_BUF_LEN, BPRI_HI)) == NULL) { 422 /* The following may work even if we cannot get a large buf. */ 423 (void) mi_mpprintf(mp, NDD_OUT_OF_BUF_MSG); 424 return (0); 425 } 426 427 (void) mi_mpprintf(mp, 428 "UDP " MI_COL_HDRPAD_STR 429 /* 12345678[89ABCDEF] */ 430 " zone lport src addr dest addr port state"); 431 /* 1234 12345 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 12345 UNBOUND */ 432 433 zoneid = connp->conn_zoneid; 434 435 for (i = 0; i < us->us_bind_fanout_size; i++) { 436 udpf = &us->us_bind_fanout[i]; 437 mutex_enter(&udpf->uf_lock); 438 439 /* Print the hash index. */ 440 udp = udpf->uf_udp; 441 if (zoneid != GLOBAL_ZONEID) { 442 /* skip to first entry in this zone; might be none */ 443 while (udp != NULL && 444 udp->udp_connp->conn_zoneid != zoneid) 445 udp = udp->udp_bind_hash; 446 } 447 if (udp != NULL) { 448 uint_t print_len, buf_len; 449 450 buf_len = mp->b_cont->b_datap->db_lim - 451 mp->b_cont->b_wptr; 452 print_len = snprintf((char *)mp->b_cont->b_wptr, 453 buf_len, "%d\n", i); 454 if (print_len < buf_len) { 455 mp->b_cont->b_wptr += print_len; 456 } else { 457 mp->b_cont->b_wptr += buf_len; 458 } 459 for (; udp != NULL; udp = udp->udp_bind_hash) { 460 if (zoneid == GLOBAL_ZONEID || 461 zoneid == udp->udp_connp->conn_zoneid) 462 udp_report_item(mp->b_cont, udp); 463 } 464 } 465 mutex_exit(&udpf->uf_lock); 466 } 467 us->us_last_ndd_get_info_time = ddi_get_lbolt(); 468 return (0); 469 } 470 471 /* 472 * Hash list removal routine for udp_t structures. 473 */ 474 static void 475 udp_bind_hash_remove(udp_t *udp, boolean_t caller_holds_lock) 476 { 477 udp_t *udpnext; 478 kmutex_t *lockp; 479 udp_stack_t *us = udp->udp_us; 480 481 if (udp->udp_ptpbhn == NULL) 482 return; 483 484 /* 485 * Extract the lock pointer in case there are concurrent 486 * hash_remove's for this instance. 487 */ 488 ASSERT(udp->udp_port != 0); 489 if (!caller_holds_lock) { 490 lockp = &us->us_bind_fanout[UDP_BIND_HASH(udp->udp_port, 491 us->us_bind_fanout_size)].uf_lock; 492 ASSERT(lockp != NULL); 493 mutex_enter(lockp); 494 } 495 if (udp->udp_ptpbhn != NULL) { 496 udpnext = udp->udp_bind_hash; 497 if (udpnext != NULL) { 498 udpnext->udp_ptpbhn = udp->udp_ptpbhn; 499 udp->udp_bind_hash = NULL; 500 } 501 *udp->udp_ptpbhn = udpnext; 502 udp->udp_ptpbhn = NULL; 503 } 504 if (!caller_holds_lock) { 505 mutex_exit(lockp); 506 } 507 } 508 509 static void 510 udp_bind_hash_insert(udp_fanout_t *uf, udp_t *udp) 511 { 512 udp_t **udpp; 513 udp_t *udpnext; 514 515 ASSERT(MUTEX_HELD(&uf->uf_lock)); 516 ASSERT(udp->udp_ptpbhn == NULL); 517 udpp = &uf->uf_udp; 518 udpnext = udpp[0]; 519 if (udpnext != NULL) { 520 /* 521 * If the new udp bound to the INADDR_ANY address 522 * and the first one in the list is not bound to 523 * INADDR_ANY we skip all entries until we find the 524 * first one bound to INADDR_ANY. 525 * This makes sure that applications binding to a 526 * specific address get preference over those binding to 527 * INADDR_ANY. 528 */ 529 if (V6_OR_V4_INADDR_ANY(udp->udp_bound_v6src) && 530 !V6_OR_V4_INADDR_ANY(udpnext->udp_bound_v6src)) { 531 while ((udpnext = udpp[0]) != NULL && 532 !V6_OR_V4_INADDR_ANY( 533 udpnext->udp_bound_v6src)) { 534 udpp = &(udpnext->udp_bind_hash); 535 } 536 if (udpnext != NULL) 537 udpnext->udp_ptpbhn = &udp->udp_bind_hash; 538 } else { 539 udpnext->udp_ptpbhn = &udp->udp_bind_hash; 540 } 541 } 542 udp->udp_bind_hash = udpnext; 543 udp->udp_ptpbhn = udpp; 544 udpp[0] = udp; 545 } 546 547 /* 548 * This routine is called to handle each O_T_BIND_REQ/T_BIND_REQ message 549 * passed to udp_wput. 550 * It associates a port number and local address with the stream. 551 * The O_T_BIND_REQ/T_BIND_REQ is passed downstream to ip with the UDP 552 * protocol type (IPPROTO_UDP) placed in the message following the address. 553 * A T_BIND_ACK message is passed upstream when ip acknowledges the request. 554 * (Called as writer.) 555 * 556 * Note that UDP over IPv4 and IPv6 sockets can use the same port number 557 * without setting SO_REUSEADDR. This is needed so that they 558 * can be viewed as two independent transport protocols. 559 * However, anonymouns ports are allocated from the same range to avoid 560 * duplicating the us->us_next_port_to_try. 561 */ 562 static void 563 udp_bind(queue_t *q, mblk_t *mp) 564 { 565 sin_t *sin; 566 sin6_t *sin6; 567 mblk_t *mp1; 568 in_port_t port; /* Host byte order */ 569 in_port_t requested_port; /* Host byte order */ 570 struct T_bind_req *tbr; 571 int count; 572 in6_addr_t v6src; 573 boolean_t bind_to_req_port_only; 574 int loopmax; 575 udp_fanout_t *udpf; 576 in_port_t lport; /* Network byte order */ 577 zoneid_t zoneid; 578 conn_t *connp; 579 udp_t *udp; 580 boolean_t is_inaddr_any; 581 mlp_type_t addrtype, mlptype; 582 udp_stack_t *us; 583 584 connp = Q_TO_CONN(q); 585 udp = connp->conn_udp; 586 us = udp->udp_us; 587 if ((mp->b_wptr - mp->b_rptr) < sizeof (*tbr)) { 588 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 589 "udp_bind: bad req, len %u", 590 (uint_t)(mp->b_wptr - mp->b_rptr)); 591 udp_err_ack(q, mp, TPROTO, 0); 592 return; 593 } 594 if (udp->udp_state != TS_UNBND) { 595 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 596 "udp_bind: bad state, %u", udp->udp_state); 597 udp_err_ack(q, mp, TOUTSTATE, 0); 598 return; 599 } 600 /* 601 * Reallocate the message to make sure we have enough room for an 602 * address and the protocol type. 603 */ 604 mp1 = reallocb(mp, sizeof (struct T_bind_ack) + sizeof (sin6_t) + 1, 1); 605 if (!mp1) { 606 udp_err_ack(q, mp, TSYSERR, ENOMEM); 607 return; 608 } 609 610 mp = mp1; 611 tbr = (struct T_bind_req *)mp->b_rptr; 612 switch (tbr->ADDR_length) { 613 case 0: /* Request for a generic port */ 614 tbr->ADDR_offset = sizeof (struct T_bind_req); 615 if (udp->udp_family == AF_INET) { 616 tbr->ADDR_length = sizeof (sin_t); 617 sin = (sin_t *)&tbr[1]; 618 *sin = sin_null; 619 sin->sin_family = AF_INET; 620 mp->b_wptr = (uchar_t *)&sin[1]; 621 } else { 622 ASSERT(udp->udp_family == AF_INET6); 623 tbr->ADDR_length = sizeof (sin6_t); 624 sin6 = (sin6_t *)&tbr[1]; 625 *sin6 = sin6_null; 626 sin6->sin6_family = AF_INET6; 627 mp->b_wptr = (uchar_t *)&sin6[1]; 628 } 629 port = 0; 630 break; 631 632 case sizeof (sin_t): /* Complete IPv4 address */ 633 sin = (sin_t *)mi_offset_param(mp, tbr->ADDR_offset, 634 sizeof (sin_t)); 635 if (sin == NULL || !OK_32PTR((char *)sin)) { 636 udp_err_ack(q, mp, TSYSERR, EINVAL); 637 return; 638 } 639 if (udp->udp_family != AF_INET || 640 sin->sin_family != AF_INET) { 641 udp_err_ack(q, mp, TSYSERR, EAFNOSUPPORT); 642 return; 643 } 644 port = ntohs(sin->sin_port); 645 break; 646 647 case sizeof (sin6_t): /* complete IPv6 address */ 648 sin6 = (sin6_t *)mi_offset_param(mp, tbr->ADDR_offset, 649 sizeof (sin6_t)); 650 if (sin6 == NULL || !OK_32PTR((char *)sin6)) { 651 udp_err_ack(q, mp, TSYSERR, EINVAL); 652 return; 653 } 654 if (udp->udp_family != AF_INET6 || 655 sin6->sin6_family != AF_INET6) { 656 udp_err_ack(q, mp, TSYSERR, EAFNOSUPPORT); 657 return; 658 } 659 port = ntohs(sin6->sin6_port); 660 break; 661 662 default: /* Invalid request */ 663 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 664 "udp_bind: bad ADDR_length length %u", tbr->ADDR_length); 665 udp_err_ack(q, mp, TBADADDR, 0); 666 return; 667 } 668 669 requested_port = port; 670 671 if (requested_port == 0 || tbr->PRIM_type == O_T_BIND_REQ) 672 bind_to_req_port_only = B_FALSE; 673 else /* T_BIND_REQ and requested_port != 0 */ 674 bind_to_req_port_only = B_TRUE; 675 676 if (requested_port == 0) { 677 /* 678 * If the application passed in zero for the port number, it 679 * doesn't care which port number we bind to. Get one in the 680 * valid range. 681 */ 682 if (udp->udp_anon_priv_bind) { 683 port = udp_get_next_priv_port(udp); 684 } else { 685 port = udp_update_next_port(udp, 686 us->us_next_port_to_try, B_TRUE); 687 } 688 } else { 689 /* 690 * If the port is in the well-known privileged range, 691 * make sure the caller was privileged. 692 */ 693 int i; 694 boolean_t priv = B_FALSE; 695 696 if (port < us->us_smallest_nonpriv_port) { 697 priv = B_TRUE; 698 } else { 699 for (i = 0; i < us->us_num_epriv_ports; i++) { 700 if (port == us->us_epriv_ports[i]) { 701 priv = B_TRUE; 702 break; 703 } 704 } 705 } 706 707 if (priv) { 708 cred_t *cr = DB_CREDDEF(mp, connp->conn_cred); 709 710 if (secpolicy_net_privaddr(cr, port, 711 IPPROTO_UDP) != 0) { 712 udp_err_ack(q, mp, TACCES, 0); 713 return; 714 } 715 } 716 } 717 718 if (port == 0) { 719 udp_err_ack(q, mp, TNOADDR, 0); 720 return; 721 } 722 723 /* 724 * The state must be TS_UNBND. TPI mandates that users must send 725 * TPI primitives only 1 at a time and wait for the response before 726 * sending the next primitive. 727 */ 728 rw_enter(&udp->udp_rwlock, RW_WRITER); 729 if (udp->udp_state != TS_UNBND || udp->udp_pending_op != -1) { 730 rw_exit(&udp->udp_rwlock); 731 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 732 "udp_bind: bad state, %u", udp->udp_state); 733 udp_err_ack(q, mp, TOUTSTATE, 0); 734 return; 735 } 736 udp->udp_pending_op = tbr->PRIM_type; 737 /* 738 * Copy the source address into our udp structure. This address 739 * may still be zero; if so, IP will fill in the correct address 740 * each time an outbound packet is passed to it. Since the udp is 741 * not yet in the bind hash list, we don't grab the uf_lock to 742 * change udp_ipversion 743 */ 744 if (udp->udp_family == AF_INET) { 745 ASSERT(sin != NULL); 746 ASSERT(udp->udp_ipversion == IPV4_VERSION); 747 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + UDPH_SIZE + 748 udp->udp_ip_snd_options_len; 749 IN6_IPADDR_TO_V4MAPPED(sin->sin_addr.s_addr, &v6src); 750 } else { 751 ASSERT(sin6 != NULL); 752 v6src = sin6->sin6_addr; 753 if (IN6_IS_ADDR_V4MAPPED(&v6src)) { 754 /* 755 * no need to hold the uf_lock to set the udp_ipversion 756 * since we are not yet in the fanout list 757 */ 758 udp->udp_ipversion = IPV4_VERSION; 759 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + 760 UDPH_SIZE + udp->udp_ip_snd_options_len; 761 } else { 762 udp->udp_ipversion = IPV6_VERSION; 763 udp->udp_max_hdr_len = udp->udp_sticky_hdrs_len; 764 } 765 } 766 767 /* 768 * If udp_reuseaddr is not set, then we have to make sure that 769 * the IP address and port number the application requested 770 * (or we selected for the application) is not being used by 771 * another stream. If another stream is already using the 772 * requested IP address and port, the behavior depends on 773 * "bind_to_req_port_only". If set the bind fails; otherwise we 774 * search for any an unused port to bind to the the stream. 775 * 776 * As per the BSD semantics, as modified by the Deering multicast 777 * changes, if udp_reuseaddr is set, then we allow multiple binds 778 * to the same port independent of the local IP address. 779 * 780 * This is slightly different than in SunOS 4.X which did not 781 * support IP multicast. Note that the change implemented by the 782 * Deering multicast code effects all binds - not only binding 783 * to IP multicast addresses. 784 * 785 * Note that when binding to port zero we ignore SO_REUSEADDR in 786 * order to guarantee a unique port. 787 */ 788 789 count = 0; 790 if (udp->udp_anon_priv_bind) { 791 /* 792 * loopmax = (IPPORT_RESERVED-1) - 793 * us->us_min_anonpriv_port + 1 794 */ 795 loopmax = IPPORT_RESERVED - us->us_min_anonpriv_port; 796 } else { 797 loopmax = us->us_largest_anon_port - 798 us->us_smallest_anon_port + 1; 799 } 800 801 is_inaddr_any = V6_OR_V4_INADDR_ANY(v6src); 802 zoneid = connp->conn_zoneid; 803 804 for (;;) { 805 udp_t *udp1; 806 boolean_t found_exclbind = B_FALSE; 807 808 /* 809 * Walk through the list of udp streams bound to 810 * requested port with the same IP address. 811 */ 812 lport = htons(port); 813 udpf = &us->us_bind_fanout[UDP_BIND_HASH(lport, 814 us->us_bind_fanout_size)]; 815 mutex_enter(&udpf->uf_lock); 816 for (udp1 = udpf->uf_udp; udp1 != NULL; 817 udp1 = udp1->udp_bind_hash) { 818 if (lport != udp1->udp_port) 819 continue; 820 821 /* 822 * On a labeled system, we must treat bindings to ports 823 * on shared IP addresses by sockets with MAC exemption 824 * privilege as being in all zones, as there's 825 * otherwise no way to identify the right receiver. 826 */ 827 if (!(IPCL_ZONE_MATCH(udp1->udp_connp, zoneid) || 828 IPCL_ZONE_MATCH(connp, 829 udp1->udp_connp->conn_zoneid)) && 830 !udp->udp_mac_exempt && !udp1->udp_mac_exempt) 831 continue; 832 833 /* 834 * If UDP_EXCLBIND is set for either the bound or 835 * binding endpoint, the semantics of bind 836 * is changed according to the following chart. 837 * 838 * spec = specified address (v4 or v6) 839 * unspec = unspecified address (v4 or v6) 840 * A = specified addresses are different for endpoints 841 * 842 * bound bind to allowed? 843 * ------------------------------------- 844 * unspec unspec no 845 * unspec spec no 846 * spec unspec no 847 * spec spec yes if A 848 * 849 * For labeled systems, SO_MAC_EXEMPT behaves the same 850 * as UDP_EXCLBIND, except that zoneid is ignored. 851 */ 852 if (udp1->udp_exclbind || udp->udp_exclbind || 853 udp1->udp_mac_exempt || udp->udp_mac_exempt) { 854 if (V6_OR_V4_INADDR_ANY( 855 udp1->udp_bound_v6src) || 856 is_inaddr_any || 857 IN6_ARE_ADDR_EQUAL(&udp1->udp_bound_v6src, 858 &v6src)) { 859 found_exclbind = B_TRUE; 860 break; 861 } 862 continue; 863 } 864 865 /* 866 * Check ipversion to allow IPv4 and IPv6 sockets to 867 * have disjoint port number spaces. 868 */ 869 if (udp->udp_ipversion != udp1->udp_ipversion) { 870 871 /* 872 * On the first time through the loop, if the 873 * the user intentionally specified a 874 * particular port number, then ignore any 875 * bindings of the other protocol that may 876 * conflict. This allows the user to bind IPv6 877 * alone and get both v4 and v6, or bind both 878 * both and get each seperately. On subsequent 879 * times through the loop, we're checking a 880 * port that we chose (not the user) and thus 881 * we do not allow casual duplicate bindings. 882 */ 883 if (count == 0 && requested_port != 0) 884 continue; 885 } 886 887 /* 888 * No difference depending on SO_REUSEADDR. 889 * 890 * If existing port is bound to a 891 * non-wildcard IP address and 892 * the requesting stream is bound to 893 * a distinct different IP addresses 894 * (non-wildcard, also), keep going. 895 */ 896 if (!is_inaddr_any && 897 !V6_OR_V4_INADDR_ANY(udp1->udp_bound_v6src) && 898 !IN6_ARE_ADDR_EQUAL(&udp1->udp_bound_v6src, 899 &v6src)) { 900 continue; 901 } 902 break; 903 } 904 905 if (!found_exclbind && 906 (udp->udp_reuseaddr && requested_port != 0)) { 907 break; 908 } 909 910 if (udp1 == NULL) { 911 /* 912 * No other stream has this IP address 913 * and port number. We can use it. 914 */ 915 break; 916 } 917 mutex_exit(&udpf->uf_lock); 918 if (bind_to_req_port_only) { 919 /* 920 * We get here only when requested port 921 * is bound (and only first of the for() 922 * loop iteration). 923 * 924 * The semantics of this bind request 925 * require it to fail so we return from 926 * the routine (and exit the loop). 927 * 928 */ 929 udp->udp_pending_op = -1; 930 rw_exit(&udp->udp_rwlock); 931 udp_err_ack(q, mp, TADDRBUSY, 0); 932 return; 933 } 934 935 if (udp->udp_anon_priv_bind) { 936 port = udp_get_next_priv_port(udp); 937 } else { 938 if ((count == 0) && (requested_port != 0)) { 939 /* 940 * If the application wants us to find 941 * a port, get one to start with. Set 942 * requested_port to 0, so that we will 943 * update us->us_next_port_to_try below. 944 */ 945 port = udp_update_next_port(udp, 946 us->us_next_port_to_try, B_TRUE); 947 requested_port = 0; 948 } else { 949 port = udp_update_next_port(udp, port + 1, 950 B_FALSE); 951 } 952 } 953 954 if (port == 0 || ++count >= loopmax) { 955 /* 956 * We've tried every possible port number and 957 * there are none available, so send an error 958 * to the user. 959 */ 960 udp->udp_pending_op = -1; 961 rw_exit(&udp->udp_rwlock); 962 udp_err_ack(q, mp, TNOADDR, 0); 963 return; 964 } 965 } 966 967 /* 968 * Copy the source address into our udp structure. This address 969 * may still be zero; if so, ip will fill in the correct address 970 * each time an outbound packet is passed to it. 971 * If we are binding to a broadcast or multicast address then 972 * udp_bind_ack will clear the source address when it receives 973 * the T_BIND_ACK. 974 */ 975 udp->udp_v6src = udp->udp_bound_v6src = v6src; 976 udp->udp_port = lport; 977 /* 978 * Now reset the the next anonymous port if the application requested 979 * an anonymous port, or we handed out the next anonymous port. 980 */ 981 if ((requested_port == 0) && (!udp->udp_anon_priv_bind)) { 982 us->us_next_port_to_try = port + 1; 983 } 984 985 /* Initialize the O_T_BIND_REQ/T_BIND_REQ for ip. */ 986 if (udp->udp_family == AF_INET) { 987 sin->sin_port = udp->udp_port; 988 } else { 989 int error; 990 991 sin6->sin6_port = udp->udp_port; 992 /* Rebuild the header template */ 993 error = udp_build_hdrs(udp); 994 if (error != 0) { 995 udp->udp_pending_op = -1; 996 rw_exit(&udp->udp_rwlock); 997 mutex_exit(&udpf->uf_lock); 998 udp_err_ack(q, mp, TSYSERR, error); 999 return; 1000 } 1001 } 1002 udp->udp_state = TS_IDLE; 1003 udp_bind_hash_insert(udpf, udp); 1004 mutex_exit(&udpf->uf_lock); 1005 rw_exit(&udp->udp_rwlock); 1006 1007 if (cl_inet_bind) { 1008 /* 1009 * Running in cluster mode - register bind information 1010 */ 1011 if (udp->udp_ipversion == IPV4_VERSION) { 1012 (*cl_inet_bind)(IPPROTO_UDP, AF_INET, 1013 (uint8_t *)(&V4_PART_OF_V6(udp->udp_v6src)), 1014 (in_port_t)udp->udp_port); 1015 } else { 1016 (*cl_inet_bind)(IPPROTO_UDP, AF_INET6, 1017 (uint8_t *)&(udp->udp_v6src), 1018 (in_port_t)udp->udp_port); 1019 } 1020 1021 } 1022 1023 connp->conn_anon_port = (is_system_labeled() && requested_port == 0); 1024 if (is_system_labeled() && (!connp->conn_anon_port || 1025 connp->conn_anon_mlp)) { 1026 uint16_t mlpport; 1027 cred_t *cr = connp->conn_cred; 1028 zone_t *zone; 1029 1030 zone = crgetzone(cr); 1031 connp->conn_mlp_type = udp->udp_recvucred ? mlptBoth : 1032 mlptSingle; 1033 addrtype = tsol_mlp_addr_type(zone->zone_id, IPV6_VERSION, 1034 &v6src, us->us_netstack->netstack_ip); 1035 if (addrtype == mlptSingle) { 1036 rw_enter(&udp->udp_rwlock, RW_WRITER); 1037 udp->udp_pending_op = -1; 1038 rw_exit(&udp->udp_rwlock); 1039 udp_err_ack(q, mp, TNOADDR, 0); 1040 connp->conn_anon_port = B_FALSE; 1041 connp->conn_mlp_type = mlptSingle; 1042 return; 1043 } 1044 mlpport = connp->conn_anon_port ? PMAPPORT : port; 1045 mlptype = tsol_mlp_port_type(zone, IPPROTO_UDP, mlpport, 1046 addrtype); 1047 if (mlptype != mlptSingle && 1048 (connp->conn_mlp_type == mlptSingle || 1049 secpolicy_net_bindmlp(cr) != 0)) { 1050 if (udp->udp_debug) { 1051 (void) strlog(UDP_MOD_ID, 0, 1, 1052 SL_ERROR|SL_TRACE, 1053 "udp_bind: no priv for multilevel port %d", 1054 mlpport); 1055 } 1056 rw_enter(&udp->udp_rwlock, RW_WRITER); 1057 udp->udp_pending_op = -1; 1058 rw_exit(&udp->udp_rwlock); 1059 udp_err_ack(q, mp, TACCES, 0); 1060 connp->conn_anon_port = B_FALSE; 1061 connp->conn_mlp_type = mlptSingle; 1062 return; 1063 } 1064 1065 /* 1066 * If we're specifically binding a shared IP address and the 1067 * port is MLP on shared addresses, then check to see if this 1068 * zone actually owns the MLP. Reject if not. 1069 */ 1070 if (mlptype == mlptShared && addrtype == mlptShared) { 1071 /* 1072 * No need to handle exclusive-stack zones since 1073 * ALL_ZONES only applies to the shared stack. 1074 */ 1075 zoneid_t mlpzone; 1076 1077 mlpzone = tsol_mlp_findzone(IPPROTO_UDP, 1078 htons(mlpport)); 1079 if (connp->conn_zoneid != mlpzone) { 1080 if (udp->udp_debug) { 1081 (void) strlog(UDP_MOD_ID, 0, 1, 1082 SL_ERROR|SL_TRACE, 1083 "udp_bind: attempt to bind port " 1084 "%d on shared addr in zone %d " 1085 "(should be %d)", 1086 mlpport, connp->conn_zoneid, 1087 mlpzone); 1088 } 1089 rw_enter(&udp->udp_rwlock, RW_WRITER); 1090 udp->udp_pending_op = -1; 1091 rw_exit(&udp->udp_rwlock); 1092 udp_err_ack(q, mp, TACCES, 0); 1093 connp->conn_anon_port = B_FALSE; 1094 connp->conn_mlp_type = mlptSingle; 1095 return; 1096 } 1097 } 1098 if (connp->conn_anon_port) { 1099 int error; 1100 1101 error = tsol_mlp_anon(zone, mlptype, connp->conn_ulp, 1102 port, B_TRUE); 1103 if (error != 0) { 1104 if (udp->udp_debug) { 1105 (void) strlog(UDP_MOD_ID, 0, 1, 1106 SL_ERROR|SL_TRACE, 1107 "udp_bind: cannot establish anon " 1108 "MLP for port %d", port); 1109 } 1110 rw_enter(&udp->udp_rwlock, RW_WRITER); 1111 udp->udp_pending_op = -1; 1112 rw_exit(&udp->udp_rwlock); 1113 udp_err_ack(q, mp, TACCES, 0); 1114 connp->conn_anon_port = B_FALSE; 1115 connp->conn_mlp_type = mlptSingle; 1116 return; 1117 } 1118 } 1119 connp->conn_mlp_type = mlptype; 1120 } 1121 1122 /* Pass the protocol number in the message following the address. */ 1123 *mp->b_wptr++ = IPPROTO_UDP; 1124 if (!V6_OR_V4_INADDR_ANY(udp->udp_v6src)) { 1125 /* 1126 * Append a request for an IRE if udp_v6src not 1127 * zero (IPv4 - INADDR_ANY, or IPv6 - all-zeroes address). 1128 */ 1129 mp->b_cont = allocb(sizeof (ire_t), BPRI_HI); 1130 if (!mp->b_cont) { 1131 rw_enter(&udp->udp_rwlock, RW_WRITER); 1132 udp->udp_pending_op = -1; 1133 rw_exit(&udp->udp_rwlock); 1134 udp_err_ack(q, mp, TSYSERR, ENOMEM); 1135 return; 1136 } 1137 mp->b_cont->b_wptr += sizeof (ire_t); 1138 mp->b_cont->b_datap->db_type = IRE_DB_REQ_TYPE; 1139 } 1140 if (udp->udp_family == AF_INET6) 1141 mp = ip_bind_v6(q, mp, connp, NULL); 1142 else 1143 mp = ip_bind_v4(q, mp, connp); 1144 1145 /* The above return NULL if the bind needs to be deferred */ 1146 if (mp != NULL) 1147 udp_bind_result(connp, mp); 1148 else 1149 CONN_INC_REF(connp); 1150 } 1151 1152 /* 1153 * This is called from ip_wput_nondata to handle the results of a 1154 * deferred UDP bind. It is called once the bind has been completed. 1155 */ 1156 void 1157 udp_resume_bind(conn_t *connp, mblk_t *mp) 1158 { 1159 ASSERT(connp != NULL && IPCL_IS_UDP(connp)); 1160 1161 udp_bind_result(connp, mp); 1162 1163 CONN_OPER_PENDING_DONE(connp); 1164 } 1165 1166 /* 1167 * This routine handles each T_CONN_REQ message passed to udp. It 1168 * associates a default destination address with the stream. 1169 * 1170 * This routine sends down a T_BIND_REQ to IP with the following mblks: 1171 * T_BIND_REQ - specifying local and remote address/port 1172 * IRE_DB_REQ_TYPE - to get an IRE back containing ire_type and src 1173 * T_OK_ACK - for the T_CONN_REQ 1174 * T_CONN_CON - to keep the TPI user happy 1175 * 1176 * The connect completes in udp_bind_result. 1177 * When a T_BIND_ACK is received information is extracted from the IRE 1178 * and the two appended messages are sent to the TPI user. 1179 * Should udp_bind_result receive T_ERROR_ACK for the T_BIND_REQ it will 1180 * convert it to an error ack for the appropriate primitive. 1181 */ 1182 static void 1183 udp_connect(queue_t *q, mblk_t *mp) 1184 { 1185 sin6_t *sin6; 1186 sin_t *sin; 1187 struct T_conn_req *tcr; 1188 in6_addr_t v6dst; 1189 ipaddr_t v4dst; 1190 uint16_t dstport; 1191 uint32_t flowinfo; 1192 mblk_t *mp1, *mp2; 1193 udp_fanout_t *udpf; 1194 udp_t *udp, *udp1; 1195 ushort_t ipversion; 1196 udp_stack_t *us; 1197 conn_t *connp = Q_TO_CONN(q); 1198 1199 udp = connp->conn_udp; 1200 tcr = (struct T_conn_req *)mp->b_rptr; 1201 us = udp->udp_us; 1202 1203 /* A bit of sanity checking */ 1204 if ((mp->b_wptr - mp->b_rptr) < sizeof (struct T_conn_req)) { 1205 udp_err_ack(q, mp, TPROTO, 0); 1206 return; 1207 } 1208 1209 if (tcr->OPT_length != 0) { 1210 udp_err_ack(q, mp, TBADOPT, 0); 1211 return; 1212 } 1213 1214 /* 1215 * Determine packet type based on type of address passed in 1216 * the request should contain an IPv4 or IPv6 address. 1217 * Make sure that address family matches the type of 1218 * family of the the address passed down 1219 */ 1220 switch (tcr->DEST_length) { 1221 default: 1222 udp_err_ack(q, mp, TBADADDR, 0); 1223 return; 1224 1225 case sizeof (sin_t): 1226 sin = (sin_t *)mi_offset_param(mp, tcr->DEST_offset, 1227 sizeof (sin_t)); 1228 if (sin == NULL || !OK_32PTR((char *)sin)) { 1229 udp_err_ack(q, mp, TSYSERR, EINVAL); 1230 return; 1231 } 1232 if (udp->udp_family != AF_INET || 1233 sin->sin_family != AF_INET) { 1234 udp_err_ack(q, mp, TSYSERR, EAFNOSUPPORT); 1235 return; 1236 } 1237 v4dst = sin->sin_addr.s_addr; 1238 dstport = sin->sin_port; 1239 IN6_IPADDR_TO_V4MAPPED(v4dst, &v6dst); 1240 ASSERT(udp->udp_ipversion == IPV4_VERSION); 1241 ipversion = IPV4_VERSION; 1242 break; 1243 1244 case sizeof (sin6_t): 1245 sin6 = (sin6_t *)mi_offset_param(mp, tcr->DEST_offset, 1246 sizeof (sin6_t)); 1247 if (sin6 == NULL || !OK_32PTR((char *)sin6)) { 1248 udp_err_ack(q, mp, TSYSERR, EINVAL); 1249 return; 1250 } 1251 if (udp->udp_family != AF_INET6 || 1252 sin6->sin6_family != AF_INET6) { 1253 udp_err_ack(q, mp, TSYSERR, EAFNOSUPPORT); 1254 return; 1255 } 1256 v6dst = sin6->sin6_addr; 1257 dstport = sin6->sin6_port; 1258 if (IN6_IS_ADDR_V4MAPPED(&v6dst)) { 1259 IN6_V4MAPPED_TO_IPADDR(&v6dst, v4dst); 1260 ipversion = IPV4_VERSION; 1261 flowinfo = 0; 1262 } else { 1263 ipversion = IPV6_VERSION; 1264 flowinfo = sin6->sin6_flowinfo; 1265 } 1266 break; 1267 } 1268 if (dstport == 0) { 1269 udp_err_ack(q, mp, TBADADDR, 0); 1270 return; 1271 } 1272 1273 rw_enter(&udp->udp_rwlock, RW_WRITER); 1274 1275 /* 1276 * This UDP must have bound to a port already before doing a connect. 1277 * TPI mandates that users must send TPI primitives only 1 at a time 1278 * and wait for the response before sending the next primitive. 1279 */ 1280 if (udp->udp_state == TS_UNBND || udp->udp_pending_op != -1) { 1281 rw_exit(&udp->udp_rwlock); 1282 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 1283 "udp_connect: bad state, %u", udp->udp_state); 1284 udp_err_ack(q, mp, TOUTSTATE, 0); 1285 return; 1286 } 1287 udp->udp_pending_op = T_CONN_REQ; 1288 ASSERT(udp->udp_port != 0 && udp->udp_ptpbhn != NULL); 1289 1290 if (ipversion == IPV4_VERSION) { 1291 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + UDPH_SIZE + 1292 udp->udp_ip_snd_options_len; 1293 } else { 1294 udp->udp_max_hdr_len = udp->udp_sticky_hdrs_len; 1295 } 1296 1297 udpf = &us->us_bind_fanout[UDP_BIND_HASH(udp->udp_port, 1298 us->us_bind_fanout_size)]; 1299 1300 mutex_enter(&udpf->uf_lock); 1301 if (udp->udp_state == TS_DATA_XFER) { 1302 /* Already connected - clear out state */ 1303 udp->udp_v6src = udp->udp_bound_v6src; 1304 udp->udp_state = TS_IDLE; 1305 } 1306 1307 /* 1308 * Create a default IP header with no IP options. 1309 */ 1310 udp->udp_dstport = dstport; 1311 udp->udp_ipversion = ipversion; 1312 if (ipversion == IPV4_VERSION) { 1313 /* 1314 * Interpret a zero destination to mean loopback. 1315 * Update the T_CONN_REQ (sin/sin6) since it is used to 1316 * generate the T_CONN_CON. 1317 */ 1318 if (v4dst == INADDR_ANY) { 1319 v4dst = htonl(INADDR_LOOPBACK); 1320 IN6_IPADDR_TO_V4MAPPED(v4dst, &v6dst); 1321 if (udp->udp_family == AF_INET) { 1322 sin->sin_addr.s_addr = v4dst; 1323 } else { 1324 sin6->sin6_addr = v6dst; 1325 } 1326 } 1327 udp->udp_v6dst = v6dst; 1328 udp->udp_flowinfo = 0; 1329 1330 /* 1331 * If the destination address is multicast and 1332 * an outgoing multicast interface has been set, 1333 * use the address of that interface as our 1334 * source address if no source address has been set. 1335 */ 1336 if (V4_PART_OF_V6(udp->udp_v6src) == INADDR_ANY && 1337 CLASSD(v4dst) && 1338 udp->udp_multicast_if_addr != INADDR_ANY) { 1339 IN6_IPADDR_TO_V4MAPPED(udp->udp_multicast_if_addr, 1340 &udp->udp_v6src); 1341 } 1342 } else { 1343 ASSERT(udp->udp_ipversion == IPV6_VERSION); 1344 /* 1345 * Interpret a zero destination to mean loopback. 1346 * Update the T_CONN_REQ (sin/sin6) since it is used to 1347 * generate the T_CONN_CON. 1348 */ 1349 if (IN6_IS_ADDR_UNSPECIFIED(&v6dst)) { 1350 v6dst = ipv6_loopback; 1351 sin6->sin6_addr = v6dst; 1352 } 1353 udp->udp_v6dst = v6dst; 1354 udp->udp_flowinfo = flowinfo; 1355 /* 1356 * If the destination address is multicast and 1357 * an outgoing multicast interface has been set, 1358 * then the ip bind logic will pick the correct source 1359 * address (i.e. matching the outgoing multicast interface). 1360 */ 1361 } 1362 1363 /* 1364 * Verify that the src/port/dst/port is unique for all 1365 * connections in TS_DATA_XFER 1366 */ 1367 for (udp1 = udpf->uf_udp; udp1 != NULL; udp1 = udp1->udp_bind_hash) { 1368 if (udp1->udp_state != TS_DATA_XFER) 1369 continue; 1370 if (udp->udp_port != udp1->udp_port || 1371 udp->udp_ipversion != udp1->udp_ipversion || 1372 dstport != udp1->udp_dstport || 1373 !IN6_ARE_ADDR_EQUAL(&udp->udp_v6src, &udp1->udp_v6src) || 1374 !IN6_ARE_ADDR_EQUAL(&v6dst, &udp1->udp_v6dst) || 1375 !(IPCL_ZONE_MATCH(udp->udp_connp, 1376 udp1->udp_connp->conn_zoneid) || 1377 IPCL_ZONE_MATCH(udp1->udp_connp, 1378 udp->udp_connp->conn_zoneid))) 1379 continue; 1380 mutex_exit(&udpf->uf_lock); 1381 udp->udp_pending_op = -1; 1382 rw_exit(&udp->udp_rwlock); 1383 udp_err_ack(q, mp, TBADADDR, 0); 1384 return; 1385 } 1386 udp->udp_state = TS_DATA_XFER; 1387 mutex_exit(&udpf->uf_lock); 1388 1389 /* 1390 * Send down bind to IP to verify that there is a route 1391 * and to determine the source address. 1392 * This will come back as T_BIND_ACK with an IRE_DB_TYPE in rput. 1393 */ 1394 if (udp->udp_family == AF_INET) 1395 mp1 = udp_ip_bind_mp(udp, O_T_BIND_REQ, sizeof (ipa_conn_t)); 1396 else 1397 mp1 = udp_ip_bind_mp(udp, O_T_BIND_REQ, sizeof (ipa6_conn_t)); 1398 if (mp1 == NULL) { 1399 bind_failed: 1400 mutex_enter(&udpf->uf_lock); 1401 udp->udp_state = TS_IDLE; 1402 udp->udp_pending_op = -1; 1403 mutex_exit(&udpf->uf_lock); 1404 rw_exit(&udp->udp_rwlock); 1405 udp_err_ack(q, mp, TSYSERR, ENOMEM); 1406 return; 1407 } 1408 1409 rw_exit(&udp->udp_rwlock); 1410 /* 1411 * We also have to send a connection confirmation to 1412 * keep TLI happy. Prepare it for udp_bind_result. 1413 */ 1414 if (udp->udp_family == AF_INET) 1415 mp2 = mi_tpi_conn_con(NULL, (char *)sin, 1416 sizeof (*sin), NULL, 0); 1417 else 1418 mp2 = mi_tpi_conn_con(NULL, (char *)sin6, 1419 sizeof (*sin6), NULL, 0); 1420 if (mp2 == NULL) { 1421 freemsg(mp1); 1422 rw_enter(&udp->udp_rwlock, RW_WRITER); 1423 goto bind_failed; 1424 } 1425 1426 mp = mi_tpi_ok_ack_alloc(mp); 1427 if (mp == NULL) { 1428 /* Unable to reuse the T_CONN_REQ for the ack. */ 1429 freemsg(mp2); 1430 rw_enter(&udp->udp_rwlock, RW_WRITER); 1431 mutex_enter(&udpf->uf_lock); 1432 udp->udp_state = TS_IDLE; 1433 udp->udp_pending_op = -1; 1434 mutex_exit(&udpf->uf_lock); 1435 rw_exit(&udp->udp_rwlock); 1436 udp_err_ack_prim(q, mp1, T_CONN_REQ, TSYSERR, ENOMEM); 1437 return; 1438 } 1439 1440 /* Hang onto the T_OK_ACK and T_CONN_CON for later. */ 1441 linkb(mp1, mp); 1442 linkb(mp1, mp2); 1443 1444 mblk_setcred(mp1, connp->conn_cred); 1445 if (udp->udp_family == AF_INET) 1446 mp1 = ip_bind_v4(q, mp1, connp); 1447 else 1448 mp1 = ip_bind_v6(q, mp1, connp, NULL); 1449 1450 /* The above return NULL if the bind needs to be deferred */ 1451 if (mp1 != NULL) 1452 udp_bind_result(connp, mp1); 1453 else 1454 CONN_INC_REF(connp); 1455 } 1456 1457 static int 1458 udp_close(queue_t *q) 1459 { 1460 conn_t *connp = (conn_t *)q->q_ptr; 1461 udp_t *udp; 1462 1463 ASSERT(connp != NULL && IPCL_IS_UDP(connp)); 1464 udp = connp->conn_udp; 1465 1466 udp_quiesce_conn(connp); 1467 ip_quiesce_conn(connp); 1468 /* 1469 * Disable read-side synchronous stream 1470 * interface and drain any queued data. 1471 */ 1472 udp_rcv_drain(q, udp, B_TRUE); 1473 ASSERT(!udp->udp_direct_sockfs); 1474 1475 qprocsoff(q); 1476 1477 ASSERT(udp->udp_rcv_cnt == 0); 1478 ASSERT(udp->udp_rcv_msgcnt == 0); 1479 ASSERT(udp->udp_rcv_list_head == NULL); 1480 ASSERT(udp->udp_rcv_list_tail == NULL); 1481 1482 udp_close_free(connp); 1483 1484 /* 1485 * Now we are truly single threaded on this stream, and can 1486 * delete the things hanging off the connp, and finally the connp. 1487 * We removed this connp from the fanout list, it cannot be 1488 * accessed thru the fanouts, and we already waited for the 1489 * conn_ref to drop to 0. We are already in close, so 1490 * there cannot be any other thread from the top. qprocsoff 1491 * has completed, and service has completed or won't run in 1492 * future. 1493 */ 1494 ASSERT(connp->conn_ref == 1); 1495 inet_minor_free(connp->conn_minor_arena, connp->conn_dev); 1496 connp->conn_ref--; 1497 ipcl_conn_destroy(connp); 1498 1499 q->q_ptr = WR(q)->q_ptr = NULL; 1500 return (0); 1501 } 1502 1503 /* 1504 * Called in the close path to quiesce the conn 1505 */ 1506 void 1507 udp_quiesce_conn(conn_t *connp) 1508 { 1509 udp_t *udp = connp->conn_udp; 1510 1511 if (cl_inet_unbind != NULL && udp->udp_state == TS_IDLE) { 1512 /* 1513 * Running in cluster mode - register unbind information 1514 */ 1515 if (udp->udp_ipversion == IPV4_VERSION) { 1516 (*cl_inet_unbind)(IPPROTO_UDP, AF_INET, 1517 (uint8_t *)(&(V4_PART_OF_V6(udp->udp_v6src))), 1518 (in_port_t)udp->udp_port); 1519 } else { 1520 (*cl_inet_unbind)(IPPROTO_UDP, AF_INET6, 1521 (uint8_t *)(&(udp->udp_v6src)), 1522 (in_port_t)udp->udp_port); 1523 } 1524 } 1525 1526 udp_bind_hash_remove(udp, B_FALSE); 1527 1528 } 1529 1530 void 1531 udp_close_free(conn_t *connp) 1532 { 1533 udp_t *udp = connp->conn_udp; 1534 1535 /* If there are any options associated with the stream, free them. */ 1536 if (udp->udp_ip_snd_options != NULL) { 1537 mi_free((char *)udp->udp_ip_snd_options); 1538 udp->udp_ip_snd_options = NULL; 1539 udp->udp_ip_snd_options_len = 0; 1540 } 1541 1542 if (udp->udp_ip_rcv_options != NULL) { 1543 mi_free((char *)udp->udp_ip_rcv_options); 1544 udp->udp_ip_rcv_options = NULL; 1545 udp->udp_ip_rcv_options_len = 0; 1546 } 1547 1548 /* Free memory associated with sticky options */ 1549 if (udp->udp_sticky_hdrs_len != 0) { 1550 kmem_free(udp->udp_sticky_hdrs, 1551 udp->udp_sticky_hdrs_len); 1552 udp->udp_sticky_hdrs = NULL; 1553 udp->udp_sticky_hdrs_len = 0; 1554 } 1555 1556 ip6_pkt_free(&udp->udp_sticky_ipp); 1557 1558 /* 1559 * Clear any fields which the kmem_cache constructor clears. 1560 * Only udp_connp needs to be preserved. 1561 * TBD: We should make this more efficient to avoid clearing 1562 * everything. 1563 */ 1564 ASSERT(udp->udp_connp == connp); 1565 bzero(udp, sizeof (udp_t)); 1566 udp->udp_connp = connp; 1567 } 1568 1569 /* 1570 * This routine handles each T_DISCON_REQ message passed to udp 1571 * as an indicating that UDP is no longer connected. This results 1572 * in sending a T_BIND_REQ to IP to restore the binding to just 1573 * the local address/port. 1574 * 1575 * This routine sends down a T_BIND_REQ to IP with the following mblks: 1576 * T_BIND_REQ - specifying just the local address/port 1577 * T_OK_ACK - for the T_DISCON_REQ 1578 * 1579 * The disconnect completes in udp_bind_result. 1580 * When a T_BIND_ACK is received the appended T_OK_ACK is sent to the TPI user. 1581 * Should udp_bind_result receive T_ERROR_ACK for the T_BIND_REQ it will 1582 * convert it to an error ack for the appropriate primitive. 1583 */ 1584 static void 1585 udp_disconnect(queue_t *q, mblk_t *mp) 1586 { 1587 udp_t *udp; 1588 mblk_t *mp1; 1589 udp_fanout_t *udpf; 1590 udp_stack_t *us; 1591 conn_t *connp = Q_TO_CONN(q); 1592 1593 udp = connp->conn_udp; 1594 us = udp->udp_us; 1595 rw_enter(&udp->udp_rwlock, RW_WRITER); 1596 if (udp->udp_state != TS_DATA_XFER || udp->udp_pending_op != -1) { 1597 rw_exit(&udp->udp_rwlock); 1598 (void) mi_strlog(q, 1, SL_ERROR|SL_TRACE, 1599 "udp_disconnect: bad state, %u", udp->udp_state); 1600 udp_err_ack(q, mp, TOUTSTATE, 0); 1601 return; 1602 } 1603 udp->udp_pending_op = T_DISCON_REQ; 1604 udpf = &us->us_bind_fanout[UDP_BIND_HASH(udp->udp_port, 1605 us->us_bind_fanout_size)]; 1606 mutex_enter(&udpf->uf_lock); 1607 udp->udp_v6src = udp->udp_bound_v6src; 1608 udp->udp_state = TS_IDLE; 1609 mutex_exit(&udpf->uf_lock); 1610 1611 /* 1612 * Send down bind to IP to remove the full binding and revert 1613 * to the local address binding. 1614 */ 1615 if (udp->udp_family == AF_INET) 1616 mp1 = udp_ip_bind_mp(udp, O_T_BIND_REQ, sizeof (sin_t)); 1617 else 1618 mp1 = udp_ip_bind_mp(udp, O_T_BIND_REQ, sizeof (sin6_t)); 1619 if (mp1 == NULL) { 1620 udp->udp_pending_op = -1; 1621 rw_exit(&udp->udp_rwlock); 1622 udp_err_ack(q, mp, TSYSERR, ENOMEM); 1623 return; 1624 } 1625 mp = mi_tpi_ok_ack_alloc(mp); 1626 if (mp == NULL) { 1627 /* Unable to reuse the T_DISCON_REQ for the ack. */ 1628 udp->udp_pending_op = -1; 1629 rw_exit(&udp->udp_rwlock); 1630 udp_err_ack_prim(q, mp1, T_DISCON_REQ, TSYSERR, ENOMEM); 1631 return; 1632 } 1633 1634 if (udp->udp_family == AF_INET6) { 1635 int error; 1636 1637 /* Rebuild the header template */ 1638 error = udp_build_hdrs(udp); 1639 if (error != 0) { 1640 udp->udp_pending_op = -1; 1641 rw_exit(&udp->udp_rwlock); 1642 udp_err_ack_prim(q, mp, T_DISCON_REQ, TSYSERR, error); 1643 freemsg(mp1); 1644 return; 1645 } 1646 } 1647 1648 rw_exit(&udp->udp_rwlock); 1649 /* Append the T_OK_ACK to the T_BIND_REQ for udp_bind_ack */ 1650 linkb(mp1, mp); 1651 1652 if (udp->udp_family == AF_INET6) 1653 mp1 = ip_bind_v6(q, mp1, connp, NULL); 1654 else 1655 mp1 = ip_bind_v4(q, mp1, connp); 1656 1657 /* The above return NULL if the bind needs to be deferred */ 1658 if (mp1 != NULL) 1659 udp_bind_result(connp, mp1); 1660 else 1661 CONN_INC_REF(connp); 1662 } 1663 1664 /* This routine creates a T_ERROR_ACK message and passes it upstream. */ 1665 static void 1666 udp_err_ack(queue_t *q, mblk_t *mp, t_scalar_t t_error, int sys_error) 1667 { 1668 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL) 1669 qreply(q, mp); 1670 } 1671 1672 /* Shorthand to generate and send TPI error acks to our client */ 1673 static void 1674 udp_err_ack_prim(queue_t *q, mblk_t *mp, int primitive, t_scalar_t t_error, 1675 int sys_error) 1676 { 1677 struct T_error_ack *teackp; 1678 1679 if ((mp = tpi_ack_alloc(mp, sizeof (struct T_error_ack), 1680 M_PCPROTO, T_ERROR_ACK)) != NULL) { 1681 teackp = (struct T_error_ack *)mp->b_rptr; 1682 teackp->ERROR_prim = primitive; 1683 teackp->TLI_error = t_error; 1684 teackp->UNIX_error = sys_error; 1685 qreply(q, mp); 1686 } 1687 } 1688 1689 /*ARGSUSED*/ 1690 static int 1691 udp_extra_priv_ports_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 1692 { 1693 int i; 1694 udp_t *udp = Q_TO_UDP(q); 1695 udp_stack_t *us = udp->udp_us; 1696 1697 for (i = 0; i < us->us_num_epriv_ports; i++) { 1698 if (us->us_epriv_ports[i] != 0) 1699 (void) mi_mpprintf(mp, "%d ", us->us_epriv_ports[i]); 1700 } 1701 return (0); 1702 } 1703 1704 /* ARGSUSED */ 1705 static int 1706 udp_extra_priv_ports_add(queue_t *q, mblk_t *mp, char *value, caddr_t cp, 1707 cred_t *cr) 1708 { 1709 long new_value; 1710 int i; 1711 udp_t *udp = Q_TO_UDP(q); 1712 udp_stack_t *us = udp->udp_us; 1713 1714 /* 1715 * Fail the request if the new value does not lie within the 1716 * port number limits. 1717 */ 1718 if (ddi_strtol(value, NULL, 10, &new_value) != 0 || 1719 new_value <= 0 || new_value >= 65536) { 1720 return (EINVAL); 1721 } 1722 1723 /* Check if the value is already in the list */ 1724 for (i = 0; i < us->us_num_epriv_ports; i++) { 1725 if (new_value == us->us_epriv_ports[i]) { 1726 return (EEXIST); 1727 } 1728 } 1729 /* Find an empty slot */ 1730 for (i = 0; i < us->us_num_epriv_ports; i++) { 1731 if (us->us_epriv_ports[i] == 0) 1732 break; 1733 } 1734 if (i == us->us_num_epriv_ports) { 1735 return (EOVERFLOW); 1736 } 1737 1738 /* Set the new value */ 1739 us->us_epriv_ports[i] = (in_port_t)new_value; 1740 return (0); 1741 } 1742 1743 /* ARGSUSED */ 1744 static int 1745 udp_extra_priv_ports_del(queue_t *q, mblk_t *mp, char *value, caddr_t cp, 1746 cred_t *cr) 1747 { 1748 long new_value; 1749 int i; 1750 udp_t *udp = Q_TO_UDP(q); 1751 udp_stack_t *us = udp->udp_us; 1752 1753 /* 1754 * Fail the request if the new value does not lie within the 1755 * port number limits. 1756 */ 1757 if (ddi_strtol(value, NULL, 10, &new_value) != 0 || 1758 new_value <= 0 || new_value >= 65536) { 1759 return (EINVAL); 1760 } 1761 1762 /* Check that the value is already in the list */ 1763 for (i = 0; i < us->us_num_epriv_ports; i++) { 1764 if (us->us_epriv_ports[i] == new_value) 1765 break; 1766 } 1767 if (i == us->us_num_epriv_ports) { 1768 return (ESRCH); 1769 } 1770 1771 /* Clear the value */ 1772 us->us_epriv_ports[i] = 0; 1773 return (0); 1774 } 1775 1776 /* At minimum we need 4 bytes of UDP header */ 1777 #define ICMP_MIN_UDP_HDR 4 1778 1779 /* 1780 * udp_icmp_error is called by udp_input to process ICMP msgs. passed up by IP. 1781 * Generates the appropriate T_UDERROR_IND for permanent (non-transient) errors. 1782 * Assumes that IP has pulled up everything up to and including the ICMP header. 1783 */ 1784 static void 1785 udp_icmp_error(queue_t *q, mblk_t *mp) 1786 { 1787 icmph_t *icmph; 1788 ipha_t *ipha; 1789 int iph_hdr_length; 1790 udpha_t *udpha; 1791 sin_t sin; 1792 sin6_t sin6; 1793 mblk_t *mp1; 1794 int error = 0; 1795 udp_t *udp = Q_TO_UDP(q); 1796 1797 ipha = (ipha_t *)mp->b_rptr; 1798 1799 ASSERT(OK_32PTR(mp->b_rptr)); 1800 1801 if (IPH_HDR_VERSION(ipha) != IPV4_VERSION) { 1802 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION); 1803 udp_icmp_error_ipv6(q, mp); 1804 return; 1805 } 1806 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION); 1807 1808 /* Skip past the outer IP and ICMP headers */ 1809 iph_hdr_length = IPH_HDR_LENGTH(ipha); 1810 icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length]; 1811 ipha = (ipha_t *)&icmph[1]; 1812 1813 /* Skip past the inner IP and find the ULP header */ 1814 iph_hdr_length = IPH_HDR_LENGTH(ipha); 1815 udpha = (udpha_t *)((char *)ipha + iph_hdr_length); 1816 1817 switch (icmph->icmph_type) { 1818 case ICMP_DEST_UNREACHABLE: 1819 switch (icmph->icmph_code) { 1820 case ICMP_FRAGMENTATION_NEEDED: 1821 /* 1822 * IP has already adjusted the path MTU. 1823 */ 1824 break; 1825 case ICMP_PORT_UNREACHABLE: 1826 case ICMP_PROTOCOL_UNREACHABLE: 1827 error = ECONNREFUSED; 1828 break; 1829 default: 1830 /* Transient errors */ 1831 break; 1832 } 1833 break; 1834 default: 1835 /* Transient errors */ 1836 break; 1837 } 1838 if (error == 0) { 1839 freemsg(mp); 1840 return; 1841 } 1842 1843 /* 1844 * Deliver T_UDERROR_IND when the application has asked for it. 1845 * The socket layer enables this automatically when connected. 1846 */ 1847 if (!udp->udp_dgram_errind) { 1848 freemsg(mp); 1849 return; 1850 } 1851 1852 switch (udp->udp_family) { 1853 case AF_INET: 1854 sin = sin_null; 1855 sin.sin_family = AF_INET; 1856 sin.sin_addr.s_addr = ipha->ipha_dst; 1857 sin.sin_port = udpha->uha_dst_port; 1858 mp1 = mi_tpi_uderror_ind((char *)&sin, sizeof (sin_t), NULL, 0, 1859 error); 1860 break; 1861 case AF_INET6: 1862 sin6 = sin6_null; 1863 sin6.sin6_family = AF_INET6; 1864 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &sin6.sin6_addr); 1865 sin6.sin6_port = udpha->uha_dst_port; 1866 1867 mp1 = mi_tpi_uderror_ind((char *)&sin6, sizeof (sin6_t), 1868 NULL, 0, error); 1869 break; 1870 } 1871 if (mp1) 1872 putnext(q, mp1); 1873 freemsg(mp); 1874 } 1875 1876 /* 1877 * udp_icmp_error_ipv6 is called by udp_icmp_error to process ICMP for IPv6. 1878 * Generates the appropriate T_UDERROR_IND for permanent (non-transient) errors. 1879 * Assumes that IP has pulled up all the extension headers as well as the 1880 * ICMPv6 header. 1881 */ 1882 static void 1883 udp_icmp_error_ipv6(queue_t *q, mblk_t *mp) 1884 { 1885 icmp6_t *icmp6; 1886 ip6_t *ip6h, *outer_ip6h; 1887 uint16_t iph_hdr_length; 1888 uint8_t *nexthdrp; 1889 udpha_t *udpha; 1890 sin6_t sin6; 1891 mblk_t *mp1; 1892 int error = 0; 1893 udp_t *udp = Q_TO_UDP(q); 1894 udp_stack_t *us = udp->udp_us; 1895 1896 outer_ip6h = (ip6_t *)mp->b_rptr; 1897 if (outer_ip6h->ip6_nxt != IPPROTO_ICMPV6) 1898 iph_hdr_length = ip_hdr_length_v6(mp, outer_ip6h); 1899 else 1900 iph_hdr_length = IPV6_HDR_LEN; 1901 icmp6 = (icmp6_t *)&mp->b_rptr[iph_hdr_length]; 1902 ip6h = (ip6_t *)&icmp6[1]; 1903 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &iph_hdr_length, &nexthdrp)) { 1904 freemsg(mp); 1905 return; 1906 } 1907 udpha = (udpha_t *)((char *)ip6h + iph_hdr_length); 1908 1909 switch (icmp6->icmp6_type) { 1910 case ICMP6_DST_UNREACH: 1911 switch (icmp6->icmp6_code) { 1912 case ICMP6_DST_UNREACH_NOPORT: 1913 error = ECONNREFUSED; 1914 break; 1915 case ICMP6_DST_UNREACH_ADMIN: 1916 case ICMP6_DST_UNREACH_NOROUTE: 1917 case ICMP6_DST_UNREACH_BEYONDSCOPE: 1918 case ICMP6_DST_UNREACH_ADDR: 1919 /* Transient errors */ 1920 break; 1921 default: 1922 break; 1923 } 1924 break; 1925 case ICMP6_PACKET_TOO_BIG: { 1926 struct T_unitdata_ind *tudi; 1927 struct T_opthdr *toh; 1928 size_t udi_size; 1929 mblk_t *newmp; 1930 t_scalar_t opt_length = sizeof (struct T_opthdr) + 1931 sizeof (struct ip6_mtuinfo); 1932 sin6_t *sin6; 1933 struct ip6_mtuinfo *mtuinfo; 1934 1935 /* 1936 * If the application has requested to receive path mtu 1937 * information, send up an empty message containing an 1938 * IPV6_PATHMTU ancillary data item. 1939 */ 1940 if (!udp->udp_ipv6_recvpathmtu) 1941 break; 1942 1943 udi_size = sizeof (struct T_unitdata_ind) + sizeof (sin6_t) + 1944 opt_length; 1945 if ((newmp = allocb(udi_size, BPRI_MED)) == NULL) { 1946 BUMP_MIB(&us->us_udp_mib, udpInErrors); 1947 break; 1948 } 1949 1950 /* 1951 * newmp->b_cont is left to NULL on purpose. This is an 1952 * empty message containing only ancillary data. 1953 */ 1954 newmp->b_datap->db_type = M_PROTO; 1955 tudi = (struct T_unitdata_ind *)newmp->b_rptr; 1956 newmp->b_wptr = (uchar_t *)tudi + udi_size; 1957 tudi->PRIM_type = T_UNITDATA_IND; 1958 tudi->SRC_length = sizeof (sin6_t); 1959 tudi->SRC_offset = sizeof (struct T_unitdata_ind); 1960 tudi->OPT_offset = tudi->SRC_offset + sizeof (sin6_t); 1961 tudi->OPT_length = opt_length; 1962 1963 sin6 = (sin6_t *)&tudi[1]; 1964 bzero(sin6, sizeof (sin6_t)); 1965 sin6->sin6_family = AF_INET6; 1966 sin6->sin6_addr = udp->udp_v6dst; 1967 1968 toh = (struct T_opthdr *)&sin6[1]; 1969 toh->level = IPPROTO_IPV6; 1970 toh->name = IPV6_PATHMTU; 1971 toh->len = opt_length; 1972 toh->status = 0; 1973 1974 mtuinfo = (struct ip6_mtuinfo *)&toh[1]; 1975 bzero(mtuinfo, sizeof (struct ip6_mtuinfo)); 1976 mtuinfo->ip6m_addr.sin6_family = AF_INET6; 1977 mtuinfo->ip6m_addr.sin6_addr = ip6h->ip6_dst; 1978 mtuinfo->ip6m_mtu = icmp6->icmp6_mtu; 1979 /* 1980 * We've consumed everything we need from the original 1981 * message. Free it, then send our empty message. 1982 */ 1983 freemsg(mp); 1984 putnext(q, newmp); 1985 return; 1986 } 1987 case ICMP6_TIME_EXCEEDED: 1988 /* Transient errors */ 1989 break; 1990 case ICMP6_PARAM_PROB: 1991 /* If this corresponds to an ICMP_PROTOCOL_UNREACHABLE */ 1992 if (icmp6->icmp6_code == ICMP6_PARAMPROB_NEXTHEADER && 1993 (uchar_t *)ip6h + icmp6->icmp6_pptr == 1994 (uchar_t *)nexthdrp) { 1995 error = ECONNREFUSED; 1996 break; 1997 } 1998 break; 1999 } 2000 if (error == 0) { 2001 freemsg(mp); 2002 return; 2003 } 2004 2005 /* 2006 * Deliver T_UDERROR_IND when the application has asked for it. 2007 * The socket layer enables this automatically when connected. 2008 */ 2009 if (!udp->udp_dgram_errind) { 2010 freemsg(mp); 2011 return; 2012 } 2013 2014 sin6 = sin6_null; 2015 sin6.sin6_family = AF_INET6; 2016 sin6.sin6_addr = ip6h->ip6_dst; 2017 sin6.sin6_port = udpha->uha_dst_port; 2018 sin6.sin6_flowinfo = ip6h->ip6_vcf & ~IPV6_VERS_AND_FLOW_MASK; 2019 2020 mp1 = mi_tpi_uderror_ind((char *)&sin6, sizeof (sin6_t), NULL, 0, 2021 error); 2022 if (mp1) 2023 putnext(q, mp1); 2024 freemsg(mp); 2025 } 2026 2027 /* 2028 * This routine responds to T_ADDR_REQ messages. It is called by udp_wput. 2029 * The local address is filled in if endpoint is bound. The remote address 2030 * is filled in if remote address has been precified ("connected endpoint") 2031 * (The concept of connected CLTS sockets is alien to published TPI 2032 * but we support it anyway). 2033 */ 2034 static void 2035 udp_addr_req(queue_t *q, mblk_t *mp) 2036 { 2037 sin_t *sin; 2038 sin6_t *sin6; 2039 mblk_t *ackmp; 2040 struct T_addr_ack *taa; 2041 udp_t *udp = Q_TO_UDP(q); 2042 2043 /* Make it large enough for worst case */ 2044 ackmp = reallocb(mp, sizeof (struct T_addr_ack) + 2045 2 * sizeof (sin6_t), 1); 2046 if (ackmp == NULL) { 2047 udp_err_ack(q, mp, TSYSERR, ENOMEM); 2048 return; 2049 } 2050 taa = (struct T_addr_ack *)ackmp->b_rptr; 2051 2052 bzero(taa, sizeof (struct T_addr_ack)); 2053 ackmp->b_wptr = (uchar_t *)&taa[1]; 2054 2055 taa->PRIM_type = T_ADDR_ACK; 2056 ackmp->b_datap->db_type = M_PCPROTO; 2057 rw_enter(&udp->udp_rwlock, RW_READER); 2058 /* 2059 * Note: Following code assumes 32 bit alignment of basic 2060 * data structures like sin_t and struct T_addr_ack. 2061 */ 2062 if (udp->udp_state != TS_UNBND) { 2063 /* 2064 * Fill in local address first 2065 */ 2066 taa->LOCADDR_offset = sizeof (*taa); 2067 if (udp->udp_family == AF_INET) { 2068 taa->LOCADDR_length = sizeof (sin_t); 2069 sin = (sin_t *)&taa[1]; 2070 /* Fill zeroes and then initialize non-zero fields */ 2071 *sin = sin_null; 2072 sin->sin_family = AF_INET; 2073 if (!IN6_IS_ADDR_V4MAPPED_ANY(&udp->udp_v6src) && 2074 !IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src)) { 2075 IN6_V4MAPPED_TO_IPADDR(&udp->udp_v6src, 2076 sin->sin_addr.s_addr); 2077 } else { 2078 /* 2079 * INADDR_ANY 2080 * udp_v6src is not set, we might be bound to 2081 * broadcast/multicast. Use udp_bound_v6src as 2082 * local address instead (that could 2083 * also still be INADDR_ANY) 2084 */ 2085 IN6_V4MAPPED_TO_IPADDR(&udp->udp_bound_v6src, 2086 sin->sin_addr.s_addr); 2087 } 2088 sin->sin_port = udp->udp_port; 2089 ackmp->b_wptr = (uchar_t *)&sin[1]; 2090 if (udp->udp_state == TS_DATA_XFER) { 2091 /* 2092 * connected, fill remote address too 2093 */ 2094 taa->REMADDR_length = sizeof (sin_t); 2095 /* assumed 32-bit alignment */ 2096 taa->REMADDR_offset = taa->LOCADDR_offset + 2097 taa->LOCADDR_length; 2098 2099 sin = (sin_t *)(ackmp->b_rptr + 2100 taa->REMADDR_offset); 2101 /* initialize */ 2102 *sin = sin_null; 2103 sin->sin_family = AF_INET; 2104 sin->sin_addr.s_addr = 2105 V4_PART_OF_V6(udp->udp_v6dst); 2106 sin->sin_port = udp->udp_dstport; 2107 ackmp->b_wptr = (uchar_t *)&sin[1]; 2108 } 2109 } else { 2110 taa->LOCADDR_length = sizeof (sin6_t); 2111 sin6 = (sin6_t *)&taa[1]; 2112 /* Fill zeroes and then initialize non-zero fields */ 2113 *sin6 = sin6_null; 2114 sin6->sin6_family = AF_INET6; 2115 if (!IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src)) { 2116 sin6->sin6_addr = udp->udp_v6src; 2117 } else { 2118 /* 2119 * UNSPECIFIED 2120 * udp_v6src is not set, we might be bound to 2121 * broadcast/multicast. Use udp_bound_v6src as 2122 * local address instead (that could 2123 * also still be UNSPECIFIED) 2124 */ 2125 sin6->sin6_addr = 2126 udp->udp_bound_v6src; 2127 } 2128 sin6->sin6_port = udp->udp_port; 2129 ackmp->b_wptr = (uchar_t *)&sin6[1]; 2130 if (udp->udp_state == TS_DATA_XFER) { 2131 /* 2132 * connected, fill remote address too 2133 */ 2134 taa->REMADDR_length = sizeof (sin6_t); 2135 /* assumed 32-bit alignment */ 2136 taa->REMADDR_offset = taa->LOCADDR_offset + 2137 taa->LOCADDR_length; 2138 2139 sin6 = (sin6_t *)(ackmp->b_rptr + 2140 taa->REMADDR_offset); 2141 /* initialize */ 2142 *sin6 = sin6_null; 2143 sin6->sin6_family = AF_INET6; 2144 sin6->sin6_addr = udp->udp_v6dst; 2145 sin6->sin6_port = udp->udp_dstport; 2146 ackmp->b_wptr = (uchar_t *)&sin6[1]; 2147 } 2148 ackmp->b_wptr = (uchar_t *)&sin6[1]; 2149 } 2150 } 2151 rw_exit(&udp->udp_rwlock); 2152 ASSERT(ackmp->b_wptr <= ackmp->b_datap->db_lim); 2153 qreply(q, ackmp); 2154 } 2155 2156 static void 2157 udp_copy_info(struct T_info_ack *tap, udp_t *udp) 2158 { 2159 if (udp->udp_family == AF_INET) { 2160 *tap = udp_g_t_info_ack_ipv4; 2161 } else { 2162 *tap = udp_g_t_info_ack_ipv6; 2163 } 2164 tap->CURRENT_state = udp->udp_state; 2165 tap->OPT_size = udp_max_optsize; 2166 } 2167 2168 /* 2169 * This routine responds to T_CAPABILITY_REQ messages. It is called by 2170 * udp_wput. Much of the T_CAPABILITY_ACK information is copied from 2171 * udp_g_t_info_ack. The current state of the stream is copied from 2172 * udp_state. 2173 */ 2174 static void 2175 udp_capability_req(queue_t *q, mblk_t *mp) 2176 { 2177 t_uscalar_t cap_bits1; 2178 struct T_capability_ack *tcap; 2179 udp_t *udp = Q_TO_UDP(q); 2180 2181 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 2182 2183 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 2184 mp->b_datap->db_type, T_CAPABILITY_ACK); 2185 if (!mp) 2186 return; 2187 2188 tcap = (struct T_capability_ack *)mp->b_rptr; 2189 tcap->CAP_bits1 = 0; 2190 2191 if (cap_bits1 & TC1_INFO) { 2192 udp_copy_info(&tcap->INFO_ack, udp); 2193 tcap->CAP_bits1 |= TC1_INFO; 2194 } 2195 2196 qreply(q, mp); 2197 } 2198 2199 /* 2200 * This routine responds to T_INFO_REQ messages. It is called by udp_wput. 2201 * Most of the T_INFO_ACK information is copied from udp_g_t_info_ack. 2202 * The current state of the stream is copied from udp_state. 2203 */ 2204 static void 2205 udp_info_req(queue_t *q, mblk_t *mp) 2206 { 2207 udp_t *udp = Q_TO_UDP(q); 2208 2209 /* Create a T_INFO_ACK message. */ 2210 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO, 2211 T_INFO_ACK); 2212 if (!mp) 2213 return; 2214 udp_copy_info((struct T_info_ack *)mp->b_rptr, udp); 2215 qreply(q, mp); 2216 } 2217 2218 /* 2219 * IP recognizes seven kinds of bind requests: 2220 * 2221 * - A zero-length address binds only to the protocol number. 2222 * 2223 * - A 4-byte address is treated as a request to 2224 * validate that the address is a valid local IPv4 2225 * address, appropriate for an application to bind to. 2226 * IP does the verification, but does not make any note 2227 * of the address at this time. 2228 * 2229 * - A 16-byte address contains is treated as a request 2230 * to validate a local IPv6 address, as the 4-byte 2231 * address case above. 2232 * 2233 * - A 16-byte sockaddr_in to validate the local IPv4 address and also 2234 * use it for the inbound fanout of packets. 2235 * 2236 * - A 24-byte sockaddr_in6 to validate the local IPv6 address and also 2237 * use it for the inbound fanout of packets. 2238 * 2239 * - A 12-byte address (ipa_conn_t) containing complete IPv4 fanout 2240 * information consisting of local and remote addresses 2241 * and ports. In this case, the addresses are both 2242 * validated as appropriate for this operation, and, if 2243 * so, the information is retained for use in the 2244 * inbound fanout. 2245 * 2246 * - A 36-byte address address (ipa6_conn_t) containing complete IPv6 2247 * fanout information, like the 12-byte case above. 2248 * 2249 * IP will also fill in the IRE request mblk with information 2250 * regarding our peer. In all cases, we notify IP of our protocol 2251 * type by appending a single protocol byte to the bind request. 2252 */ 2253 static mblk_t * 2254 udp_ip_bind_mp(udp_t *udp, t_scalar_t bind_prim, t_scalar_t addr_length) 2255 { 2256 char *cp; 2257 mblk_t *mp; 2258 struct T_bind_req *tbr; 2259 ipa_conn_t *ac; 2260 ipa6_conn_t *ac6; 2261 sin_t *sin; 2262 sin6_t *sin6; 2263 2264 ASSERT(bind_prim == O_T_BIND_REQ || bind_prim == T_BIND_REQ); 2265 ASSERT(RW_LOCK_HELD(&udp->udp_rwlock)); 2266 mp = allocb(sizeof (*tbr) + addr_length + 1, BPRI_HI); 2267 if (!mp) 2268 return (mp); 2269 mp->b_datap->db_type = M_PROTO; 2270 tbr = (struct T_bind_req *)mp->b_rptr; 2271 tbr->PRIM_type = bind_prim; 2272 tbr->ADDR_offset = sizeof (*tbr); 2273 tbr->CONIND_number = 0; 2274 tbr->ADDR_length = addr_length; 2275 cp = (char *)&tbr[1]; 2276 switch (addr_length) { 2277 case sizeof (ipa_conn_t): 2278 ASSERT(udp->udp_family == AF_INET); 2279 /* Append a request for an IRE */ 2280 mp->b_cont = allocb(sizeof (ire_t), BPRI_HI); 2281 if (!mp->b_cont) { 2282 freemsg(mp); 2283 return (NULL); 2284 } 2285 mp->b_cont->b_wptr += sizeof (ire_t); 2286 mp->b_cont->b_datap->db_type = IRE_DB_REQ_TYPE; 2287 2288 /* cp known to be 32 bit aligned */ 2289 ac = (ipa_conn_t *)cp; 2290 ac->ac_laddr = V4_PART_OF_V6(udp->udp_v6src); 2291 ac->ac_faddr = V4_PART_OF_V6(udp->udp_v6dst); 2292 ac->ac_fport = udp->udp_dstport; 2293 ac->ac_lport = udp->udp_port; 2294 break; 2295 2296 case sizeof (ipa6_conn_t): 2297 ASSERT(udp->udp_family == AF_INET6); 2298 /* Append a request for an IRE */ 2299 mp->b_cont = allocb(sizeof (ire_t), BPRI_HI); 2300 if (!mp->b_cont) { 2301 freemsg(mp); 2302 return (NULL); 2303 } 2304 mp->b_cont->b_wptr += sizeof (ire_t); 2305 mp->b_cont->b_datap->db_type = IRE_DB_REQ_TYPE; 2306 2307 /* cp known to be 32 bit aligned */ 2308 ac6 = (ipa6_conn_t *)cp; 2309 ac6->ac6_laddr = udp->udp_v6src; 2310 ac6->ac6_faddr = udp->udp_v6dst; 2311 ac6->ac6_fport = udp->udp_dstport; 2312 ac6->ac6_lport = udp->udp_port; 2313 break; 2314 2315 case sizeof (sin_t): 2316 ASSERT(udp->udp_family == AF_INET); 2317 /* Append a request for an IRE */ 2318 mp->b_cont = allocb(sizeof (ire_t), BPRI_HI); 2319 if (!mp->b_cont) { 2320 freemsg(mp); 2321 return (NULL); 2322 } 2323 mp->b_cont->b_wptr += sizeof (ire_t); 2324 mp->b_cont->b_datap->db_type = IRE_DB_REQ_TYPE; 2325 2326 sin = (sin_t *)cp; 2327 *sin = sin_null; 2328 sin->sin_family = AF_INET; 2329 sin->sin_addr.s_addr = V4_PART_OF_V6(udp->udp_bound_v6src); 2330 sin->sin_port = udp->udp_port; 2331 break; 2332 2333 case sizeof (sin6_t): 2334 ASSERT(udp->udp_family == AF_INET6); 2335 /* Append a request for an IRE */ 2336 mp->b_cont = allocb(sizeof (ire_t), BPRI_HI); 2337 if (!mp->b_cont) { 2338 freemsg(mp); 2339 return (NULL); 2340 } 2341 mp->b_cont->b_wptr += sizeof (ire_t); 2342 mp->b_cont->b_datap->db_type = IRE_DB_REQ_TYPE; 2343 2344 sin6 = (sin6_t *)cp; 2345 *sin6 = sin6_null; 2346 sin6->sin6_family = AF_INET6; 2347 sin6->sin6_addr = udp->udp_bound_v6src; 2348 sin6->sin6_port = udp->udp_port; 2349 break; 2350 } 2351 /* Add protocol number to end */ 2352 cp[addr_length] = (char)IPPROTO_UDP; 2353 mp->b_wptr = (uchar_t *)&cp[addr_length + 1]; 2354 return (mp); 2355 } 2356 2357 /* For /dev/udp aka AF_INET open */ 2358 static int 2359 udp_openv4(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 2360 { 2361 return (udp_open(q, devp, flag, sflag, credp, B_FALSE)); 2362 } 2363 2364 /* For /dev/udp6 aka AF_INET6 open */ 2365 static int 2366 udp_openv6(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 2367 { 2368 return (udp_open(q, devp, flag, sflag, credp, B_TRUE)); 2369 } 2370 2371 /* 2372 * This is the open routine for udp. It allocates a udp_t structure for 2373 * the stream and, on the first open of the module, creates an ND table. 2374 */ 2375 /*ARGSUSED2*/ 2376 static int 2377 udp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp, 2378 boolean_t isv6) 2379 { 2380 int err; 2381 udp_t *udp; 2382 conn_t *connp; 2383 dev_t conn_dev; 2384 zoneid_t zoneid; 2385 netstack_t *ns; 2386 udp_stack_t *us; 2387 vmem_t *minor_arena; 2388 2389 TRACE_1(TR_FAC_UDP, TR_UDP_OPEN, "udp_open: q %p", q); 2390 2391 /* If the stream is already open, return immediately. */ 2392 if (q->q_ptr != NULL) 2393 return (0); 2394 2395 if (sflag == MODOPEN) 2396 return (EINVAL); 2397 2398 ns = netstack_find_by_cred(credp); 2399 ASSERT(ns != NULL); 2400 us = ns->netstack_udp; 2401 ASSERT(us != NULL); 2402 2403 /* 2404 * For exclusive stacks we set the zoneid to zero 2405 * to make UDP operate as if in the global zone. 2406 */ 2407 if (ns->netstack_stackid != GLOBAL_NETSTACKID) 2408 zoneid = GLOBAL_ZONEID; 2409 else 2410 zoneid = crgetzoneid(credp); 2411 2412 if ((ip_minor_arena_la != NULL) && (flag & SO_SOCKSTR) && 2413 ((conn_dev = inet_minor_alloc(ip_minor_arena_la)) != 0)) { 2414 minor_arena = ip_minor_arena_la; 2415 } else { 2416 /* 2417 * Either minor numbers in the large arena were exhausted 2418 * or a non socket application is doing the open. 2419 * Try to allocate from the small arena. 2420 */ 2421 if ((conn_dev = inet_minor_alloc(ip_minor_arena_sa)) == 0) { 2422 netstack_rele(ns); 2423 return (EBUSY); 2424 } 2425 minor_arena = ip_minor_arena_sa; 2426 } 2427 2428 *devp = makedevice(getemajor(*devp), (minor_t)conn_dev); 2429 2430 connp = ipcl_conn_create(IPCL_UDPCONN, KM_SLEEP, ns); 2431 connp->conn_dev = conn_dev; 2432 connp->conn_minor_arena = minor_arena; 2433 udp = connp->conn_udp; 2434 2435 /* 2436 * ipcl_conn_create did a netstack_hold. Undo the hold that was 2437 * done by netstack_find_by_cred() 2438 */ 2439 netstack_rele(ns); 2440 2441 /* 2442 * Initialize the udp_t structure for this stream. 2443 */ 2444 q->q_ptr = connp; 2445 WR(q)->q_ptr = connp; 2446 connp->conn_rq = q; 2447 connp->conn_wq = WR(q); 2448 2449 rw_enter(&udp->udp_rwlock, RW_WRITER); 2450 ASSERT(connp->conn_ulp == IPPROTO_UDP); 2451 ASSERT(connp->conn_udp == udp); 2452 ASSERT(udp->udp_connp == connp); 2453 2454 /* Set the initial state of the stream and the privilege status. */ 2455 udp->udp_state = TS_UNBND; 2456 if (isv6) { 2457 udp->udp_family = AF_INET6; 2458 udp->udp_ipversion = IPV6_VERSION; 2459 udp->udp_max_hdr_len = IPV6_HDR_LEN + UDPH_SIZE; 2460 udp->udp_ttl = us->us_ipv6_hoplimit; 2461 connp->conn_af_isv6 = B_TRUE; 2462 connp->conn_flags |= IPCL_ISV6; 2463 } else { 2464 udp->udp_family = AF_INET; 2465 udp->udp_ipversion = IPV4_VERSION; 2466 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + UDPH_SIZE; 2467 udp->udp_ttl = us->us_ipv4_ttl; 2468 connp->conn_af_isv6 = B_FALSE; 2469 connp->conn_flags &= ~IPCL_ISV6; 2470 } 2471 2472 udp->udp_multicast_ttl = IP_DEFAULT_MULTICAST_TTL; 2473 udp->udp_pending_op = -1; 2474 connp->conn_multicast_loop = IP_DEFAULT_MULTICAST_LOOP; 2475 connp->conn_zoneid = zoneid; 2476 2477 udp->udp_open_time = lbolt64; 2478 udp->udp_open_pid = curproc->p_pid; 2479 2480 /* 2481 * If the caller has the process-wide flag set, then default to MAC 2482 * exempt mode. This allows read-down to unlabeled hosts. 2483 */ 2484 if (getpflags(NET_MAC_AWARE, credp) != 0) 2485 udp->udp_mac_exempt = B_TRUE; 2486 2487 if (flag & SO_SOCKSTR) { 2488 connp->conn_flags |= IPCL_SOCKET; 2489 udp->udp_issocket = B_TRUE; 2490 udp->udp_direct_sockfs = B_TRUE; 2491 } 2492 2493 connp->conn_ulp_labeled = is_system_labeled(); 2494 2495 udp->udp_us = us; 2496 2497 q->q_hiwat = us->us_recv_hiwat; 2498 WR(q)->q_hiwat = us->us_xmit_hiwat; 2499 WR(q)->q_lowat = us->us_xmit_lowat; 2500 2501 connp->conn_recv = udp_input; 2502 crhold(credp); 2503 connp->conn_cred = credp; 2504 2505 mutex_enter(&connp->conn_lock); 2506 connp->conn_state_flags &= ~CONN_INCIPIENT; 2507 mutex_exit(&connp->conn_lock); 2508 2509 qprocson(q); 2510 2511 if (udp->udp_family == AF_INET6) { 2512 /* Build initial header template for transmit */ 2513 if ((err = udp_build_hdrs(udp)) != 0) { 2514 rw_exit(&udp->udp_rwlock); 2515 qprocsoff(q); 2516 ipcl_conn_destroy(connp); 2517 return (err); 2518 } 2519 } 2520 rw_exit(&udp->udp_rwlock); 2521 2522 /* Set the Stream head write offset and high watermark. */ 2523 (void) mi_set_sth_wroff(q, 2524 udp->udp_max_hdr_len + us->us_wroff_extra); 2525 (void) mi_set_sth_hiwat(q, udp_set_rcv_hiwat(udp, q->q_hiwat)); 2526 2527 return (0); 2528 } 2529 2530 /* 2531 * Which UDP options OK to set through T_UNITDATA_REQ... 2532 */ 2533 /* ARGSUSED */ 2534 static boolean_t 2535 udp_opt_allow_udr_set(t_scalar_t level, t_scalar_t name) 2536 { 2537 return (B_TRUE); 2538 } 2539 2540 /* 2541 * This routine gets default values of certain options whose default 2542 * values are maintained by protcol specific code 2543 */ 2544 /* ARGSUSED */ 2545 int 2546 udp_opt_default(queue_t *q, t_scalar_t level, t_scalar_t name, uchar_t *ptr) 2547 { 2548 udp_t *udp = Q_TO_UDP(q); 2549 udp_stack_t *us = udp->udp_us; 2550 int *i1 = (int *)ptr; 2551 2552 switch (level) { 2553 case IPPROTO_IP: 2554 switch (name) { 2555 case IP_MULTICAST_TTL: 2556 *ptr = (uchar_t)IP_DEFAULT_MULTICAST_TTL; 2557 return (sizeof (uchar_t)); 2558 case IP_MULTICAST_LOOP: 2559 *ptr = (uchar_t)IP_DEFAULT_MULTICAST_LOOP; 2560 return (sizeof (uchar_t)); 2561 } 2562 break; 2563 case IPPROTO_IPV6: 2564 switch (name) { 2565 case IPV6_MULTICAST_HOPS: 2566 *i1 = IP_DEFAULT_MULTICAST_TTL; 2567 return (sizeof (int)); 2568 case IPV6_MULTICAST_LOOP: 2569 *i1 = IP_DEFAULT_MULTICAST_LOOP; 2570 return (sizeof (int)); 2571 case IPV6_UNICAST_HOPS: 2572 *i1 = us->us_ipv6_hoplimit; 2573 return (sizeof (int)); 2574 } 2575 break; 2576 } 2577 return (-1); 2578 } 2579 2580 /* 2581 * This routine retrieves the current status of socket options. 2582 * It returns the size of the option retrieved. 2583 */ 2584 int 2585 udp_opt_get_locked(queue_t *q, t_scalar_t level, t_scalar_t name, uchar_t *ptr) 2586 { 2587 int *i1 = (int *)ptr; 2588 conn_t *connp; 2589 udp_t *udp; 2590 ip6_pkt_t *ipp; 2591 int len; 2592 udp_stack_t *us; 2593 2594 connp = Q_TO_CONN(q); 2595 udp = connp->conn_udp; 2596 ipp = &udp->udp_sticky_ipp; 2597 us = udp->udp_us; 2598 2599 switch (level) { 2600 case SOL_SOCKET: 2601 switch (name) { 2602 case SO_DEBUG: 2603 *i1 = udp->udp_debug; 2604 break; /* goto sizeof (int) option return */ 2605 case SO_REUSEADDR: 2606 *i1 = udp->udp_reuseaddr; 2607 break; /* goto sizeof (int) option return */ 2608 case SO_TYPE: 2609 *i1 = SOCK_DGRAM; 2610 break; /* goto sizeof (int) option return */ 2611 2612 /* 2613 * The following three items are available here, 2614 * but are only meaningful to IP. 2615 */ 2616 case SO_DONTROUTE: 2617 *i1 = udp->udp_dontroute; 2618 break; /* goto sizeof (int) option return */ 2619 case SO_USELOOPBACK: 2620 *i1 = udp->udp_useloopback; 2621 break; /* goto sizeof (int) option return */ 2622 case SO_BROADCAST: 2623 *i1 = udp->udp_broadcast; 2624 break; /* goto sizeof (int) option return */ 2625 2626 case SO_SNDBUF: 2627 *i1 = q->q_hiwat; 2628 break; /* goto sizeof (int) option return */ 2629 case SO_RCVBUF: 2630 *i1 = RD(q)->q_hiwat; 2631 break; /* goto sizeof (int) option return */ 2632 case SO_DGRAM_ERRIND: 2633 *i1 = udp->udp_dgram_errind; 2634 break; /* goto sizeof (int) option return */ 2635 case SO_RECVUCRED: 2636 *i1 = udp->udp_recvucred; 2637 break; /* goto sizeof (int) option return */ 2638 case SO_TIMESTAMP: 2639 *i1 = udp->udp_timestamp; 2640 break; /* goto sizeof (int) option return */ 2641 case SO_ANON_MLP: 2642 *i1 = udp->udp_anon_mlp; 2643 break; /* goto sizeof (int) option return */ 2644 case SO_MAC_EXEMPT: 2645 *i1 = udp->udp_mac_exempt; 2646 break; /* goto sizeof (int) option return */ 2647 case SO_ALLZONES: 2648 *i1 = connp->conn_allzones; 2649 break; /* goto sizeof (int) option return */ 2650 case SO_EXCLBIND: 2651 *i1 = udp->udp_exclbind ? SO_EXCLBIND : 0; 2652 break; 2653 case SO_PROTOTYPE: 2654 *i1 = IPPROTO_UDP; 2655 break; 2656 case SO_DOMAIN: 2657 *i1 = udp->udp_family; 2658 break; 2659 default: 2660 return (-1); 2661 } 2662 break; 2663 case IPPROTO_IP: 2664 if (udp->udp_family != AF_INET) 2665 return (-1); 2666 switch (name) { 2667 case IP_OPTIONS: 2668 case T_IP_OPTIONS: 2669 len = udp->udp_ip_rcv_options_len - udp->udp_label_len; 2670 if (len > 0) { 2671 bcopy(udp->udp_ip_rcv_options + 2672 udp->udp_label_len, ptr, len); 2673 } 2674 return (len); 2675 case IP_TOS: 2676 case T_IP_TOS: 2677 *i1 = (int)udp->udp_type_of_service; 2678 break; /* goto sizeof (int) option return */ 2679 case IP_TTL: 2680 *i1 = (int)udp->udp_ttl; 2681 break; /* goto sizeof (int) option return */ 2682 case IP_DHCPINIT_IF: 2683 return (-EINVAL); 2684 case IP_NEXTHOP: 2685 case IP_RECVPKTINFO: 2686 /* 2687 * This also handles IP_PKTINFO. 2688 * IP_PKTINFO and IP_RECVPKTINFO have the same value. 2689 * Differentiation is based on the size of the argument 2690 * passed in. 2691 * This option is handled in IP which will return an 2692 * error for IP_PKTINFO as it's not supported as a 2693 * sticky option. 2694 */ 2695 return (-EINVAL); 2696 case IP_MULTICAST_IF: 2697 /* 0 address if not set */ 2698 *(ipaddr_t *)ptr = udp->udp_multicast_if_addr; 2699 return (sizeof (ipaddr_t)); 2700 case IP_MULTICAST_TTL: 2701 *(uchar_t *)ptr = udp->udp_multicast_ttl; 2702 return (sizeof (uchar_t)); 2703 case IP_MULTICAST_LOOP: 2704 *ptr = connp->conn_multicast_loop; 2705 return (sizeof (uint8_t)); 2706 case IP_RECVOPTS: 2707 *i1 = udp->udp_recvopts; 2708 break; /* goto sizeof (int) option return */ 2709 case IP_RECVDSTADDR: 2710 *i1 = udp->udp_recvdstaddr; 2711 break; /* goto sizeof (int) option return */ 2712 case IP_RECVIF: 2713 *i1 = udp->udp_recvif; 2714 break; /* goto sizeof (int) option return */ 2715 case IP_RECVSLLA: 2716 *i1 = udp->udp_recvslla; 2717 break; /* goto sizeof (int) option return */ 2718 case IP_RECVTTL: 2719 *i1 = udp->udp_recvttl; 2720 break; /* goto sizeof (int) option return */ 2721 case IP_ADD_MEMBERSHIP: 2722 case IP_DROP_MEMBERSHIP: 2723 case IP_BLOCK_SOURCE: 2724 case IP_UNBLOCK_SOURCE: 2725 case IP_ADD_SOURCE_MEMBERSHIP: 2726 case IP_DROP_SOURCE_MEMBERSHIP: 2727 case MCAST_JOIN_GROUP: 2728 case MCAST_LEAVE_GROUP: 2729 case MCAST_BLOCK_SOURCE: 2730 case MCAST_UNBLOCK_SOURCE: 2731 case MCAST_JOIN_SOURCE_GROUP: 2732 case MCAST_LEAVE_SOURCE_GROUP: 2733 case IP_DONTFAILOVER_IF: 2734 /* cannot "get" the value for these */ 2735 return (-1); 2736 case IP_BOUND_IF: 2737 /* Zero if not set */ 2738 *i1 = udp->udp_bound_if; 2739 break; /* goto sizeof (int) option return */ 2740 case IP_UNSPEC_SRC: 2741 *i1 = udp->udp_unspec_source; 2742 break; /* goto sizeof (int) option return */ 2743 case IP_BROADCAST_TTL: 2744 *(uchar_t *)ptr = connp->conn_broadcast_ttl; 2745 return (sizeof (uchar_t)); 2746 default: 2747 return (-1); 2748 } 2749 break; 2750 case IPPROTO_IPV6: 2751 if (udp->udp_family != AF_INET6) 2752 return (-1); 2753 switch (name) { 2754 case IPV6_UNICAST_HOPS: 2755 *i1 = (unsigned int)udp->udp_ttl; 2756 break; /* goto sizeof (int) option return */ 2757 case IPV6_MULTICAST_IF: 2758 /* 0 index if not set */ 2759 *i1 = udp->udp_multicast_if_index; 2760 break; /* goto sizeof (int) option return */ 2761 case IPV6_MULTICAST_HOPS: 2762 *i1 = udp->udp_multicast_ttl; 2763 break; /* goto sizeof (int) option return */ 2764 case IPV6_MULTICAST_LOOP: 2765 *i1 = connp->conn_multicast_loop; 2766 break; /* goto sizeof (int) option return */ 2767 case IPV6_JOIN_GROUP: 2768 case IPV6_LEAVE_GROUP: 2769 case MCAST_JOIN_GROUP: 2770 case MCAST_LEAVE_GROUP: 2771 case MCAST_BLOCK_SOURCE: 2772 case MCAST_UNBLOCK_SOURCE: 2773 case MCAST_JOIN_SOURCE_GROUP: 2774 case MCAST_LEAVE_SOURCE_GROUP: 2775 /* cannot "get" the value for these */ 2776 return (-1); 2777 case IPV6_BOUND_IF: 2778 /* Zero if not set */ 2779 *i1 = udp->udp_bound_if; 2780 break; /* goto sizeof (int) option return */ 2781 case IPV6_UNSPEC_SRC: 2782 *i1 = udp->udp_unspec_source; 2783 break; /* goto sizeof (int) option return */ 2784 case IPV6_RECVPKTINFO: 2785 *i1 = udp->udp_ip_recvpktinfo; 2786 break; /* goto sizeof (int) option return */ 2787 case IPV6_RECVTCLASS: 2788 *i1 = udp->udp_ipv6_recvtclass; 2789 break; /* goto sizeof (int) option return */ 2790 case IPV6_RECVPATHMTU: 2791 *i1 = udp->udp_ipv6_recvpathmtu; 2792 break; /* goto sizeof (int) option return */ 2793 case IPV6_RECVHOPLIMIT: 2794 *i1 = udp->udp_ipv6_recvhoplimit; 2795 break; /* goto sizeof (int) option return */ 2796 case IPV6_RECVHOPOPTS: 2797 *i1 = udp->udp_ipv6_recvhopopts; 2798 break; /* goto sizeof (int) option return */ 2799 case IPV6_RECVDSTOPTS: 2800 *i1 = udp->udp_ipv6_recvdstopts; 2801 break; /* goto sizeof (int) option return */ 2802 case _OLD_IPV6_RECVDSTOPTS: 2803 *i1 = udp->udp_old_ipv6_recvdstopts; 2804 break; /* goto sizeof (int) option return */ 2805 case IPV6_RECVRTHDRDSTOPTS: 2806 *i1 = udp->udp_ipv6_recvrthdrdstopts; 2807 break; /* goto sizeof (int) option return */ 2808 case IPV6_RECVRTHDR: 2809 *i1 = udp->udp_ipv6_recvrthdr; 2810 break; /* goto sizeof (int) option return */ 2811 case IPV6_PKTINFO: { 2812 /* XXX assumes that caller has room for max size! */ 2813 struct in6_pktinfo *pkti; 2814 2815 pkti = (struct in6_pktinfo *)ptr; 2816 if (ipp->ipp_fields & IPPF_IFINDEX) 2817 pkti->ipi6_ifindex = ipp->ipp_ifindex; 2818 else 2819 pkti->ipi6_ifindex = 0; 2820 if (ipp->ipp_fields & IPPF_ADDR) 2821 pkti->ipi6_addr = ipp->ipp_addr; 2822 else 2823 pkti->ipi6_addr = ipv6_all_zeros; 2824 return (sizeof (struct in6_pktinfo)); 2825 } 2826 case IPV6_TCLASS: 2827 if (ipp->ipp_fields & IPPF_TCLASS) 2828 *i1 = ipp->ipp_tclass; 2829 else 2830 *i1 = IPV6_FLOW_TCLASS( 2831 IPV6_DEFAULT_VERS_AND_FLOW); 2832 break; /* goto sizeof (int) option return */ 2833 case IPV6_NEXTHOP: { 2834 sin6_t *sin6 = (sin6_t *)ptr; 2835 2836 if (!(ipp->ipp_fields & IPPF_NEXTHOP)) 2837 return (0); 2838 *sin6 = sin6_null; 2839 sin6->sin6_family = AF_INET6; 2840 sin6->sin6_addr = ipp->ipp_nexthop; 2841 return (sizeof (sin6_t)); 2842 } 2843 case IPV6_HOPOPTS: 2844 if (!(ipp->ipp_fields & IPPF_HOPOPTS)) 2845 return (0); 2846 if (ipp->ipp_hopoptslen <= udp->udp_label_len_v6) 2847 return (0); 2848 /* 2849 * The cipso/label option is added by kernel. 2850 * User is not usually aware of this option. 2851 * We copy out the hbh opt after the label option. 2852 */ 2853 bcopy((char *)ipp->ipp_hopopts + udp->udp_label_len_v6, 2854 ptr, ipp->ipp_hopoptslen - udp->udp_label_len_v6); 2855 if (udp->udp_label_len_v6 > 0) { 2856 ptr[0] = ((char *)ipp->ipp_hopopts)[0]; 2857 ptr[1] = (ipp->ipp_hopoptslen - 2858 udp->udp_label_len_v6 + 7) / 8 - 1; 2859 } 2860 return (ipp->ipp_hopoptslen - udp->udp_label_len_v6); 2861 case IPV6_RTHDRDSTOPTS: 2862 if (!(ipp->ipp_fields & IPPF_RTDSTOPTS)) 2863 return (0); 2864 bcopy(ipp->ipp_rtdstopts, ptr, ipp->ipp_rtdstoptslen); 2865 return (ipp->ipp_rtdstoptslen); 2866 case IPV6_RTHDR: 2867 if (!(ipp->ipp_fields & IPPF_RTHDR)) 2868 return (0); 2869 bcopy(ipp->ipp_rthdr, ptr, ipp->ipp_rthdrlen); 2870 return (ipp->ipp_rthdrlen); 2871 case IPV6_DSTOPTS: 2872 if (!(ipp->ipp_fields & IPPF_DSTOPTS)) 2873 return (0); 2874 bcopy(ipp->ipp_dstopts, ptr, ipp->ipp_dstoptslen); 2875 return (ipp->ipp_dstoptslen); 2876 case IPV6_PATHMTU: 2877 return (ip_fill_mtuinfo(&udp->udp_v6dst, 2878 udp->udp_dstport, (struct ip6_mtuinfo *)ptr, 2879 us->us_netstack)); 2880 default: 2881 return (-1); 2882 } 2883 break; 2884 case IPPROTO_UDP: 2885 switch (name) { 2886 case UDP_ANONPRIVBIND: 2887 *i1 = udp->udp_anon_priv_bind; 2888 break; 2889 case UDP_EXCLBIND: 2890 *i1 = udp->udp_exclbind ? UDP_EXCLBIND : 0; 2891 break; 2892 case UDP_RCVHDR: 2893 *i1 = udp->udp_rcvhdr ? 1 : 0; 2894 break; 2895 case UDP_NAT_T_ENDPOINT: 2896 *i1 = udp->udp_nat_t_endpoint; 2897 break; 2898 default: 2899 return (-1); 2900 } 2901 break; 2902 default: 2903 return (-1); 2904 } 2905 return (sizeof (int)); 2906 } 2907 2908 int 2909 udp_opt_get(queue_t *q, t_scalar_t level, t_scalar_t name, uchar_t *ptr) 2910 { 2911 udp_t *udp; 2912 int err; 2913 2914 udp = Q_TO_UDP(q); 2915 2916 rw_enter(&udp->udp_rwlock, RW_READER); 2917 err = udp_opt_get_locked(q, level, name, ptr); 2918 rw_exit(&udp->udp_rwlock); 2919 return (err); 2920 } 2921 2922 /* 2923 * This routine sets socket options. 2924 */ 2925 /* ARGSUSED */ 2926 int 2927 udp_opt_set_locked(queue_t *q, uint_t optset_context, int level, 2928 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 2929 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr, mblk_t *mblk) 2930 { 2931 udpattrs_t *attrs = thisdg_attrs; 2932 int *i1 = (int *)invalp; 2933 boolean_t onoff = (*i1 == 0) ? 0 : 1; 2934 boolean_t checkonly; 2935 int error; 2936 conn_t *connp; 2937 udp_t *udp; 2938 uint_t newlen; 2939 udp_stack_t *us; 2940 size_t sth_wroff; 2941 2942 connp = Q_TO_CONN(q); 2943 udp = connp->conn_udp; 2944 us = udp->udp_us; 2945 2946 switch (optset_context) { 2947 case SETFN_OPTCOM_CHECKONLY: 2948 checkonly = B_TRUE; 2949 /* 2950 * Note: Implies T_CHECK semantics for T_OPTCOM_REQ 2951 * inlen != 0 implies value supplied and 2952 * we have to "pretend" to set it. 2953 * inlen == 0 implies that there is no 2954 * value part in T_CHECK request and just validation 2955 * done elsewhere should be enough, we just return here. 2956 */ 2957 if (inlen == 0) { 2958 *outlenp = 0; 2959 return (0); 2960 } 2961 break; 2962 case SETFN_OPTCOM_NEGOTIATE: 2963 checkonly = B_FALSE; 2964 break; 2965 case SETFN_UD_NEGOTIATE: 2966 case SETFN_CONN_NEGOTIATE: 2967 checkonly = B_FALSE; 2968 /* 2969 * Negotiating local and "association-related" options 2970 * through T_UNITDATA_REQ. 2971 * 2972 * Following routine can filter out ones we do not 2973 * want to be "set" this way. 2974 */ 2975 if (!udp_opt_allow_udr_set(level, name)) { 2976 *outlenp = 0; 2977 return (EINVAL); 2978 } 2979 break; 2980 default: 2981 /* 2982 * We should never get here 2983 */ 2984 *outlenp = 0; 2985 return (EINVAL); 2986 } 2987 2988 ASSERT((optset_context != SETFN_OPTCOM_CHECKONLY) || 2989 (optset_context == SETFN_OPTCOM_CHECKONLY && inlen != 0)); 2990 2991 /* 2992 * For fixed length options, no sanity check 2993 * of passed in length is done. It is assumed *_optcom_req() 2994 * routines do the right thing. 2995 */ 2996 2997 switch (level) { 2998 case SOL_SOCKET: 2999 switch (name) { 3000 case SO_REUSEADDR: 3001 if (!checkonly) 3002 udp->udp_reuseaddr = onoff; 3003 break; 3004 case SO_DEBUG: 3005 if (!checkonly) 3006 udp->udp_debug = onoff; 3007 break; 3008 /* 3009 * The following three items are available here, 3010 * but are only meaningful to IP. 3011 */ 3012 case SO_DONTROUTE: 3013 if (!checkonly) 3014 udp->udp_dontroute = onoff; 3015 break; 3016 case SO_USELOOPBACK: 3017 if (!checkonly) 3018 udp->udp_useloopback = onoff; 3019 break; 3020 case SO_BROADCAST: 3021 if (!checkonly) 3022 udp->udp_broadcast = onoff; 3023 break; 3024 3025 case SO_SNDBUF: 3026 if (*i1 > us->us_max_buf) { 3027 *outlenp = 0; 3028 return (ENOBUFS); 3029 } 3030 if (!checkonly) { 3031 q->q_hiwat = *i1; 3032 } 3033 break; 3034 case SO_RCVBUF: 3035 if (*i1 > us->us_max_buf) { 3036 *outlenp = 0; 3037 return (ENOBUFS); 3038 } 3039 if (!checkonly) { 3040 RD(q)->q_hiwat = *i1; 3041 rw_exit(&udp->udp_rwlock); 3042 (void) mi_set_sth_hiwat(RD(q), 3043 udp_set_rcv_hiwat(udp, *i1)); 3044 rw_enter(&udp->udp_rwlock, RW_WRITER); 3045 } 3046 break; 3047 case SO_DGRAM_ERRIND: 3048 if (!checkonly) 3049 udp->udp_dgram_errind = onoff; 3050 break; 3051 case SO_RECVUCRED: 3052 if (!checkonly) 3053 udp->udp_recvucred = onoff; 3054 break; 3055 case SO_ALLZONES: 3056 /* 3057 * "soft" error (negative) 3058 * option not handled at this level 3059 * Do not modify *outlenp. 3060 */ 3061 return (-EINVAL); 3062 case SO_TIMESTAMP: 3063 if (!checkonly) 3064 udp->udp_timestamp = onoff; 3065 break; 3066 case SO_ANON_MLP: 3067 if (!checkonly) 3068 udp->udp_anon_mlp = onoff; 3069 break; 3070 case SO_MAC_EXEMPT: 3071 if (secpolicy_net_mac_aware(cr) != 0 || 3072 udp->udp_state != TS_UNBND) 3073 return (EACCES); 3074 if (!checkonly) 3075 udp->udp_mac_exempt = onoff; 3076 break; 3077 case SCM_UCRED: { 3078 struct ucred_s *ucr; 3079 cred_t *cr, *newcr; 3080 ts_label_t *tsl; 3081 3082 /* 3083 * Only sockets that have proper privileges and are 3084 * bound to MLPs will have any other value here, so 3085 * this implicitly tests for privilege to set label. 3086 */ 3087 if (connp->conn_mlp_type == mlptSingle) 3088 break; 3089 ucr = (struct ucred_s *)invalp; 3090 if (inlen != ucredsize || 3091 ucr->uc_labeloff < sizeof (*ucr) || 3092 ucr->uc_labeloff + sizeof (bslabel_t) > inlen) 3093 return (EINVAL); 3094 if (!checkonly) { 3095 mblk_t *mb; 3096 3097 if (attrs == NULL || 3098 (mb = attrs->udpattr_mb) == NULL) 3099 return (EINVAL); 3100 if ((cr = DB_CRED(mb)) == NULL) 3101 cr = udp->udp_connp->conn_cred; 3102 ASSERT(cr != NULL); 3103 if ((tsl = crgetlabel(cr)) == NULL) 3104 return (EINVAL); 3105 newcr = copycred_from_bslabel(cr, UCLABEL(ucr), 3106 tsl->tsl_doi, KM_NOSLEEP); 3107 if (newcr == NULL) 3108 return (ENOSR); 3109 mblk_setcred(mb, newcr); 3110 attrs->udpattr_credset = B_TRUE; 3111 crfree(newcr); 3112 } 3113 break; 3114 } 3115 case SO_EXCLBIND: 3116 if (!checkonly) 3117 udp->udp_exclbind = onoff; 3118 break; 3119 default: 3120 *outlenp = 0; 3121 return (EINVAL); 3122 } 3123 break; 3124 case IPPROTO_IP: 3125 if (udp->udp_family != AF_INET) { 3126 *outlenp = 0; 3127 return (ENOPROTOOPT); 3128 } 3129 switch (name) { 3130 case IP_OPTIONS: 3131 case T_IP_OPTIONS: 3132 /* Save options for use by IP. */ 3133 newlen = inlen + udp->udp_label_len; 3134 if ((inlen & 0x3) || newlen > IP_MAX_OPT_LENGTH) { 3135 *outlenp = 0; 3136 return (EINVAL); 3137 } 3138 if (checkonly) 3139 break; 3140 3141 /* 3142 * Update the stored options taking into account 3143 * any CIPSO option which we should not overwrite. 3144 */ 3145 if (!tsol_option_set(&udp->udp_ip_snd_options, 3146 &udp->udp_ip_snd_options_len, 3147 udp->udp_label_len, invalp, inlen)) { 3148 *outlenp = 0; 3149 return (ENOMEM); 3150 } 3151 3152 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + 3153 UDPH_SIZE + udp->udp_ip_snd_options_len; 3154 sth_wroff = udp->udp_max_hdr_len + us->us_wroff_extra; 3155 rw_exit(&udp->udp_rwlock); 3156 (void) mi_set_sth_wroff(RD(q), sth_wroff); 3157 rw_enter(&udp->udp_rwlock, RW_WRITER); 3158 break; 3159 3160 case IP_TTL: 3161 if (!checkonly) { 3162 udp->udp_ttl = (uchar_t)*i1; 3163 } 3164 break; 3165 case IP_TOS: 3166 case T_IP_TOS: 3167 if (!checkonly) { 3168 udp->udp_type_of_service = (uchar_t)*i1; 3169 } 3170 break; 3171 case IP_MULTICAST_IF: { 3172 /* 3173 * TODO should check OPTMGMT reply and undo this if 3174 * there is an error. 3175 */ 3176 struct in_addr *inap = (struct in_addr *)invalp; 3177 if (!checkonly) { 3178 udp->udp_multicast_if_addr = 3179 inap->s_addr; 3180 } 3181 break; 3182 } 3183 case IP_MULTICAST_TTL: 3184 if (!checkonly) 3185 udp->udp_multicast_ttl = *invalp; 3186 break; 3187 case IP_MULTICAST_LOOP: 3188 if (!checkonly) 3189 connp->conn_multicast_loop = *invalp; 3190 break; 3191 case IP_RECVOPTS: 3192 if (!checkonly) 3193 udp->udp_recvopts = onoff; 3194 break; 3195 case IP_RECVDSTADDR: 3196 if (!checkonly) 3197 udp->udp_recvdstaddr = onoff; 3198 break; 3199 case IP_RECVIF: 3200 if (!checkonly) 3201 udp->udp_recvif = onoff; 3202 break; 3203 case IP_RECVSLLA: 3204 if (!checkonly) 3205 udp->udp_recvslla = onoff; 3206 break; 3207 case IP_RECVTTL: 3208 if (!checkonly) 3209 udp->udp_recvttl = onoff; 3210 break; 3211 case IP_PKTINFO: { 3212 /* 3213 * This also handles IP_RECVPKTINFO. 3214 * IP_PKTINFO and IP_RECVPKTINFO have same value. 3215 * Differentiation is based on the size of the 3216 * argument passed in. 3217 */ 3218 struct in_pktinfo *pktinfop; 3219 ip4_pkt_t *attr_pktinfop; 3220 3221 if (checkonly) 3222 break; 3223 3224 if (inlen == sizeof (int)) { 3225 /* 3226 * This is IP_RECVPKTINFO option. 3227 * Keep a local copy of whether this option is 3228 * set or not and pass it down to IP for 3229 * processing. 3230 */ 3231 3232 udp->udp_ip_recvpktinfo = onoff; 3233 return (-EINVAL); 3234 } 3235 3236 if (attrs == NULL || 3237 (attr_pktinfop = attrs->udpattr_ipp4) == NULL) { 3238 /* 3239 * sticky option or no buffer to return 3240 * the results. 3241 */ 3242 return (EINVAL); 3243 } 3244 3245 if (inlen != sizeof (struct in_pktinfo)) 3246 return (EINVAL); 3247 3248 pktinfop = (struct in_pktinfo *)invalp; 3249 3250 /* 3251 * At least one of the values should be specified 3252 */ 3253 if (pktinfop->ipi_ifindex == 0 && 3254 pktinfop->ipi_spec_dst.s_addr == INADDR_ANY) { 3255 return (EINVAL); 3256 } 3257 3258 attr_pktinfop->ip4_addr = pktinfop->ipi_spec_dst.s_addr; 3259 attr_pktinfop->ip4_ill_index = pktinfop->ipi_ifindex; 3260 3261 break; 3262 } 3263 case IP_ADD_MEMBERSHIP: 3264 case IP_DROP_MEMBERSHIP: 3265 case IP_BLOCK_SOURCE: 3266 case IP_UNBLOCK_SOURCE: 3267 case IP_ADD_SOURCE_MEMBERSHIP: 3268 case IP_DROP_SOURCE_MEMBERSHIP: 3269 case MCAST_JOIN_GROUP: 3270 case MCAST_LEAVE_GROUP: 3271 case MCAST_BLOCK_SOURCE: 3272 case MCAST_UNBLOCK_SOURCE: 3273 case MCAST_JOIN_SOURCE_GROUP: 3274 case MCAST_LEAVE_SOURCE_GROUP: 3275 case IP_SEC_OPT: 3276 case IP_NEXTHOP: 3277 case IP_DHCPINIT_IF: 3278 /* 3279 * "soft" error (negative) 3280 * option not handled at this level 3281 * Do not modify *outlenp. 3282 */ 3283 return (-EINVAL); 3284 case IP_BOUND_IF: 3285 if (!checkonly) 3286 udp->udp_bound_if = *i1; 3287 break; 3288 case IP_UNSPEC_SRC: 3289 if (!checkonly) 3290 udp->udp_unspec_source = onoff; 3291 break; 3292 case IP_BROADCAST_TTL: 3293 if (!checkonly) 3294 connp->conn_broadcast_ttl = *invalp; 3295 break; 3296 default: 3297 *outlenp = 0; 3298 return (EINVAL); 3299 } 3300 break; 3301 case IPPROTO_IPV6: { 3302 ip6_pkt_t *ipp; 3303 boolean_t sticky; 3304 3305 if (udp->udp_family != AF_INET6) { 3306 *outlenp = 0; 3307 return (ENOPROTOOPT); 3308 } 3309 /* 3310 * Deal with both sticky options and ancillary data 3311 */ 3312 sticky = B_FALSE; 3313 if (attrs == NULL || (ipp = attrs->udpattr_ipp6) == 3314 NULL) { 3315 /* sticky options, or none */ 3316 ipp = &udp->udp_sticky_ipp; 3317 sticky = B_TRUE; 3318 } 3319 3320 switch (name) { 3321 case IPV6_MULTICAST_IF: 3322 if (!checkonly) 3323 udp->udp_multicast_if_index = *i1; 3324 break; 3325 case IPV6_UNICAST_HOPS: 3326 /* -1 means use default */ 3327 if (*i1 < -1 || *i1 > IPV6_MAX_HOPS) { 3328 *outlenp = 0; 3329 return (EINVAL); 3330 } 3331 if (!checkonly) { 3332 if (*i1 == -1) { 3333 udp->udp_ttl = ipp->ipp_unicast_hops = 3334 us->us_ipv6_hoplimit; 3335 ipp->ipp_fields &= ~IPPF_UNICAST_HOPS; 3336 /* Pass modified value to IP. */ 3337 *i1 = udp->udp_ttl; 3338 } else { 3339 udp->udp_ttl = ipp->ipp_unicast_hops = 3340 (uint8_t)*i1; 3341 ipp->ipp_fields |= IPPF_UNICAST_HOPS; 3342 } 3343 /* Rebuild the header template */ 3344 error = udp_build_hdrs(udp); 3345 if (error != 0) { 3346 *outlenp = 0; 3347 return (error); 3348 } 3349 } 3350 break; 3351 case IPV6_MULTICAST_HOPS: 3352 /* -1 means use default */ 3353 if (*i1 < -1 || *i1 > IPV6_MAX_HOPS) { 3354 *outlenp = 0; 3355 return (EINVAL); 3356 } 3357 if (!checkonly) { 3358 if (*i1 == -1) { 3359 udp->udp_multicast_ttl = 3360 ipp->ipp_multicast_hops = 3361 IP_DEFAULT_MULTICAST_TTL; 3362 ipp->ipp_fields &= ~IPPF_MULTICAST_HOPS; 3363 /* Pass modified value to IP. */ 3364 *i1 = udp->udp_multicast_ttl; 3365 } else { 3366 udp->udp_multicast_ttl = 3367 ipp->ipp_multicast_hops = 3368 (uint8_t)*i1; 3369 ipp->ipp_fields |= IPPF_MULTICAST_HOPS; 3370 } 3371 } 3372 break; 3373 case IPV6_MULTICAST_LOOP: 3374 if (*i1 != 0 && *i1 != 1) { 3375 *outlenp = 0; 3376 return (EINVAL); 3377 } 3378 if (!checkonly) 3379 connp->conn_multicast_loop = *i1; 3380 break; 3381 case IPV6_JOIN_GROUP: 3382 case IPV6_LEAVE_GROUP: 3383 case MCAST_JOIN_GROUP: 3384 case MCAST_LEAVE_GROUP: 3385 case MCAST_BLOCK_SOURCE: 3386 case MCAST_UNBLOCK_SOURCE: 3387 case MCAST_JOIN_SOURCE_GROUP: 3388 case MCAST_LEAVE_SOURCE_GROUP: 3389 /* 3390 * "soft" error (negative) 3391 * option not handled at this level 3392 * Note: Do not modify *outlenp 3393 */ 3394 return (-EINVAL); 3395 case IPV6_BOUND_IF: 3396 if (!checkonly) 3397 udp->udp_bound_if = *i1; 3398 break; 3399 case IPV6_UNSPEC_SRC: 3400 if (!checkonly) 3401 udp->udp_unspec_source = onoff; 3402 break; 3403 /* 3404 * Set boolean switches for ancillary data delivery 3405 */ 3406 case IPV6_RECVPKTINFO: 3407 if (!checkonly) 3408 udp->udp_ip_recvpktinfo = onoff; 3409 break; 3410 case IPV6_RECVTCLASS: 3411 if (!checkonly) { 3412 udp->udp_ipv6_recvtclass = onoff; 3413 } 3414 break; 3415 case IPV6_RECVPATHMTU: 3416 if (!checkonly) { 3417 udp->udp_ipv6_recvpathmtu = onoff; 3418 } 3419 break; 3420 case IPV6_RECVHOPLIMIT: 3421 if (!checkonly) 3422 udp->udp_ipv6_recvhoplimit = onoff; 3423 break; 3424 case IPV6_RECVHOPOPTS: 3425 if (!checkonly) 3426 udp->udp_ipv6_recvhopopts = onoff; 3427 break; 3428 case IPV6_RECVDSTOPTS: 3429 if (!checkonly) 3430 udp->udp_ipv6_recvdstopts = onoff; 3431 break; 3432 case _OLD_IPV6_RECVDSTOPTS: 3433 if (!checkonly) 3434 udp->udp_old_ipv6_recvdstopts = onoff; 3435 break; 3436 case IPV6_RECVRTHDRDSTOPTS: 3437 if (!checkonly) 3438 udp->udp_ipv6_recvrthdrdstopts = onoff; 3439 break; 3440 case IPV6_RECVRTHDR: 3441 if (!checkonly) 3442 udp->udp_ipv6_recvrthdr = onoff; 3443 break; 3444 /* 3445 * Set sticky options or ancillary data. 3446 * If sticky options, (re)build any extension headers 3447 * that might be needed as a result. 3448 */ 3449 case IPV6_PKTINFO: 3450 /* 3451 * The source address and ifindex are verified 3452 * in ip_opt_set(). For ancillary data the 3453 * source address is checked in ip_wput_v6. 3454 */ 3455 if (inlen != 0 && inlen != sizeof (struct in6_pktinfo)) 3456 return (EINVAL); 3457 if (checkonly) 3458 break; 3459 3460 if (inlen == 0) { 3461 ipp->ipp_fields &= ~(IPPF_IFINDEX|IPPF_ADDR); 3462 ipp->ipp_sticky_ignored |= 3463 (IPPF_IFINDEX|IPPF_ADDR); 3464 } else { 3465 struct in6_pktinfo *pkti; 3466 3467 pkti = (struct in6_pktinfo *)invalp; 3468 ipp->ipp_ifindex = pkti->ipi6_ifindex; 3469 ipp->ipp_addr = pkti->ipi6_addr; 3470 if (ipp->ipp_ifindex != 0) 3471 ipp->ipp_fields |= IPPF_IFINDEX; 3472 else 3473 ipp->ipp_fields &= ~IPPF_IFINDEX; 3474 if (!IN6_IS_ADDR_UNSPECIFIED( 3475 &ipp->ipp_addr)) 3476 ipp->ipp_fields |= IPPF_ADDR; 3477 else 3478 ipp->ipp_fields &= ~IPPF_ADDR; 3479 } 3480 if (sticky) { 3481 error = udp_build_hdrs(udp); 3482 if (error != 0) 3483 return (error); 3484 } 3485 break; 3486 case IPV6_HOPLIMIT: 3487 if (sticky) 3488 return (EINVAL); 3489 if (inlen != 0 && inlen != sizeof (int)) 3490 return (EINVAL); 3491 if (checkonly) 3492 break; 3493 3494 if (inlen == 0) { 3495 ipp->ipp_fields &= ~IPPF_HOPLIMIT; 3496 ipp->ipp_sticky_ignored |= IPPF_HOPLIMIT; 3497 } else { 3498 if (*i1 > 255 || *i1 < -1) 3499 return (EINVAL); 3500 if (*i1 == -1) 3501 ipp->ipp_hoplimit = 3502 us->us_ipv6_hoplimit; 3503 else 3504 ipp->ipp_hoplimit = *i1; 3505 ipp->ipp_fields |= IPPF_HOPLIMIT; 3506 } 3507 break; 3508 case IPV6_TCLASS: 3509 if (inlen != 0 && inlen != sizeof (int)) 3510 return (EINVAL); 3511 if (checkonly) 3512 break; 3513 3514 if (inlen == 0) { 3515 ipp->ipp_fields &= ~IPPF_TCLASS; 3516 ipp->ipp_sticky_ignored |= IPPF_TCLASS; 3517 } else { 3518 if (*i1 > 255 || *i1 < -1) 3519 return (EINVAL); 3520 if (*i1 == -1) 3521 ipp->ipp_tclass = 0; 3522 else 3523 ipp->ipp_tclass = *i1; 3524 ipp->ipp_fields |= IPPF_TCLASS; 3525 } 3526 if (sticky) { 3527 error = udp_build_hdrs(udp); 3528 if (error != 0) 3529 return (error); 3530 } 3531 break; 3532 case IPV6_NEXTHOP: 3533 /* 3534 * IP will verify that the nexthop is reachable 3535 * and fail for sticky options. 3536 */ 3537 if (inlen != 0 && inlen != sizeof (sin6_t)) 3538 return (EINVAL); 3539 if (checkonly) 3540 break; 3541 3542 if (inlen == 0) { 3543 ipp->ipp_fields &= ~IPPF_NEXTHOP; 3544 ipp->ipp_sticky_ignored |= IPPF_NEXTHOP; 3545 } else { 3546 sin6_t *sin6 = (sin6_t *)invalp; 3547 3548 if (sin6->sin6_family != AF_INET6) 3549 return (EAFNOSUPPORT); 3550 if (IN6_IS_ADDR_V4MAPPED( 3551 &sin6->sin6_addr)) 3552 return (EADDRNOTAVAIL); 3553 ipp->ipp_nexthop = sin6->sin6_addr; 3554 if (!IN6_IS_ADDR_UNSPECIFIED( 3555 &ipp->ipp_nexthop)) 3556 ipp->ipp_fields |= IPPF_NEXTHOP; 3557 else 3558 ipp->ipp_fields &= ~IPPF_NEXTHOP; 3559 } 3560 if (sticky) { 3561 error = udp_build_hdrs(udp); 3562 if (error != 0) 3563 return (error); 3564 } 3565 break; 3566 case IPV6_HOPOPTS: { 3567 ip6_hbh_t *hopts = (ip6_hbh_t *)invalp; 3568 /* 3569 * Sanity checks - minimum size, size a multiple of 3570 * eight bytes, and matching size passed in. 3571 */ 3572 if (inlen != 0 && 3573 inlen != (8 * (hopts->ip6h_len + 1))) 3574 return (EINVAL); 3575 3576 if (checkonly) 3577 break; 3578 3579 error = optcom_pkt_set(invalp, inlen, sticky, 3580 (uchar_t **)&ipp->ipp_hopopts, 3581 &ipp->ipp_hopoptslen, 3582 sticky ? udp->udp_label_len_v6 : 0); 3583 if (error != 0) 3584 return (error); 3585 if (ipp->ipp_hopoptslen == 0) { 3586 ipp->ipp_fields &= ~IPPF_HOPOPTS; 3587 ipp->ipp_sticky_ignored |= IPPF_HOPOPTS; 3588 } else { 3589 ipp->ipp_fields |= IPPF_HOPOPTS; 3590 } 3591 if (sticky) { 3592 error = udp_build_hdrs(udp); 3593 if (error != 0) 3594 return (error); 3595 } 3596 break; 3597 } 3598 case IPV6_RTHDRDSTOPTS: { 3599 ip6_dest_t *dopts = (ip6_dest_t *)invalp; 3600 3601 /* 3602 * Sanity checks - minimum size, size a multiple of 3603 * eight bytes, and matching size passed in. 3604 */ 3605 if (inlen != 0 && 3606 inlen != (8 * (dopts->ip6d_len + 1))) 3607 return (EINVAL); 3608 3609 if (checkonly) 3610 break; 3611 3612 if (inlen == 0) { 3613 if (sticky && 3614 (ipp->ipp_fields & IPPF_RTDSTOPTS) != 0) { 3615 kmem_free(ipp->ipp_rtdstopts, 3616 ipp->ipp_rtdstoptslen); 3617 ipp->ipp_rtdstopts = NULL; 3618 ipp->ipp_rtdstoptslen = 0; 3619 } 3620 3621 ipp->ipp_fields &= ~IPPF_RTDSTOPTS; 3622 ipp->ipp_sticky_ignored |= IPPF_RTDSTOPTS; 3623 } else { 3624 error = optcom_pkt_set(invalp, inlen, sticky, 3625 (uchar_t **)&ipp->ipp_rtdstopts, 3626 &ipp->ipp_rtdstoptslen, 0); 3627 if (error != 0) 3628 return (error); 3629 ipp->ipp_fields |= IPPF_RTDSTOPTS; 3630 } 3631 if (sticky) { 3632 error = udp_build_hdrs(udp); 3633 if (error != 0) 3634 return (error); 3635 } 3636 break; 3637 } 3638 case IPV6_DSTOPTS: { 3639 ip6_dest_t *dopts = (ip6_dest_t *)invalp; 3640 3641 /* 3642 * Sanity checks - minimum size, size a multiple of 3643 * eight bytes, and matching size passed in. 3644 */ 3645 if (inlen != 0 && 3646 inlen != (8 * (dopts->ip6d_len + 1))) 3647 return (EINVAL); 3648 3649 if (checkonly) 3650 break; 3651 3652 if (inlen == 0) { 3653 if (sticky && 3654 (ipp->ipp_fields & IPPF_DSTOPTS) != 0) { 3655 kmem_free(ipp->ipp_dstopts, 3656 ipp->ipp_dstoptslen); 3657 ipp->ipp_dstopts = NULL; 3658 ipp->ipp_dstoptslen = 0; 3659 } 3660 ipp->ipp_fields &= ~IPPF_DSTOPTS; 3661 ipp->ipp_sticky_ignored |= IPPF_DSTOPTS; 3662 } else { 3663 error = optcom_pkt_set(invalp, inlen, sticky, 3664 (uchar_t **)&ipp->ipp_dstopts, 3665 &ipp->ipp_dstoptslen, 0); 3666 if (error != 0) 3667 return (error); 3668 ipp->ipp_fields |= IPPF_DSTOPTS; 3669 } 3670 if (sticky) { 3671 error = udp_build_hdrs(udp); 3672 if (error != 0) 3673 return (error); 3674 } 3675 break; 3676 } 3677 case IPV6_RTHDR: { 3678 ip6_rthdr_t *rt = (ip6_rthdr_t *)invalp; 3679 3680 /* 3681 * Sanity checks - minimum size, size a multiple of 3682 * eight bytes, and matching size passed in. 3683 */ 3684 if (inlen != 0 && 3685 inlen != (8 * (rt->ip6r_len + 1))) 3686 return (EINVAL); 3687 3688 if (checkonly) 3689 break; 3690 3691 if (inlen == 0) { 3692 if (sticky && 3693 (ipp->ipp_fields & IPPF_RTHDR) != 0) { 3694 kmem_free(ipp->ipp_rthdr, 3695 ipp->ipp_rthdrlen); 3696 ipp->ipp_rthdr = NULL; 3697 ipp->ipp_rthdrlen = 0; 3698 } 3699 ipp->ipp_fields &= ~IPPF_RTHDR; 3700 ipp->ipp_sticky_ignored |= IPPF_RTHDR; 3701 } else { 3702 error = optcom_pkt_set(invalp, inlen, sticky, 3703 (uchar_t **)&ipp->ipp_rthdr, 3704 &ipp->ipp_rthdrlen, 0); 3705 if (error != 0) 3706 return (error); 3707 ipp->ipp_fields |= IPPF_RTHDR; 3708 } 3709 if (sticky) { 3710 error = udp_build_hdrs(udp); 3711 if (error != 0) 3712 return (error); 3713 } 3714 break; 3715 } 3716 3717 case IPV6_DONTFRAG: 3718 if (checkonly) 3719 break; 3720 3721 if (onoff) { 3722 ipp->ipp_fields |= IPPF_DONTFRAG; 3723 } else { 3724 ipp->ipp_fields &= ~IPPF_DONTFRAG; 3725 } 3726 break; 3727 3728 case IPV6_USE_MIN_MTU: 3729 if (inlen != sizeof (int)) 3730 return (EINVAL); 3731 3732 if (*i1 < -1 || *i1 > 1) 3733 return (EINVAL); 3734 3735 if (checkonly) 3736 break; 3737 3738 ipp->ipp_fields |= IPPF_USE_MIN_MTU; 3739 ipp->ipp_use_min_mtu = *i1; 3740 break; 3741 3742 case IPV6_BOUND_PIF: 3743 case IPV6_SEC_OPT: 3744 case IPV6_DONTFAILOVER_IF: 3745 case IPV6_SRC_PREFERENCES: 3746 case IPV6_V6ONLY: 3747 /* Handled at the IP level */ 3748 return (-EINVAL); 3749 default: 3750 *outlenp = 0; 3751 return (EINVAL); 3752 } 3753 break; 3754 } /* end IPPROTO_IPV6 */ 3755 case IPPROTO_UDP: 3756 switch (name) { 3757 case UDP_ANONPRIVBIND: 3758 if ((error = secpolicy_net_privaddr(cr, 0, 3759 IPPROTO_UDP)) != 0) { 3760 *outlenp = 0; 3761 return (error); 3762 } 3763 if (!checkonly) { 3764 udp->udp_anon_priv_bind = onoff; 3765 } 3766 break; 3767 case UDP_EXCLBIND: 3768 if (!checkonly) 3769 udp->udp_exclbind = onoff; 3770 break; 3771 case UDP_RCVHDR: 3772 if (!checkonly) 3773 udp->udp_rcvhdr = onoff; 3774 break; 3775 case UDP_NAT_T_ENDPOINT: 3776 if ((error = secpolicy_ip_config(cr, B_FALSE)) != 0) { 3777 *outlenp = 0; 3778 return (error); 3779 } 3780 3781 /* 3782 * Use udp_family instead so we can avoid ambiguitites 3783 * with AF_INET6 sockets that may switch from IPv4 3784 * to IPv6. 3785 */ 3786 if (udp->udp_family != AF_INET) { 3787 *outlenp = 0; 3788 return (EAFNOSUPPORT); 3789 } 3790 3791 if (!checkonly) { 3792 udp->udp_nat_t_endpoint = onoff; 3793 3794 udp->udp_max_hdr_len = IP_SIMPLE_HDR_LENGTH + 3795 UDPH_SIZE + udp->udp_ip_snd_options_len; 3796 3797 /* Also, adjust wroff */ 3798 if (onoff) { 3799 udp->udp_max_hdr_len += 3800 sizeof (uint32_t); 3801 } 3802 (void) mi_set_sth_wroff(RD(q), 3803 udp->udp_max_hdr_len + us->us_wroff_extra); 3804 } 3805 break; 3806 default: 3807 *outlenp = 0; 3808 return (EINVAL); 3809 } 3810 break; 3811 default: 3812 *outlenp = 0; 3813 return (EINVAL); 3814 } 3815 /* 3816 * Common case of OK return with outval same as inval. 3817 */ 3818 if (invalp != outvalp) { 3819 /* don't trust bcopy for identical src/dst */ 3820 (void) bcopy(invalp, outvalp, inlen); 3821 } 3822 *outlenp = inlen; 3823 return (0); 3824 } 3825 3826 int 3827 udp_opt_set(queue_t *q, uint_t optset_context, int level, 3828 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 3829 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr, mblk_t *mblk) 3830 { 3831 udp_t *udp; 3832 int err; 3833 3834 udp = Q_TO_UDP(q); 3835 3836 rw_enter(&udp->udp_rwlock, RW_WRITER); 3837 err = udp_opt_set_locked(q, optset_context, level, name, inlen, invalp, 3838 outlenp, outvalp, thisdg_attrs, cr, mblk); 3839 rw_exit(&udp->udp_rwlock); 3840 return (err); 3841 } 3842 3843 /* 3844 * Update udp_sticky_hdrs based on udp_sticky_ipp, udp_v6src, and udp_ttl. 3845 * The headers include ip6i_t (if needed), ip6_t, any sticky extension 3846 * headers, and the udp header. 3847 * Returns failure if can't allocate memory. 3848 */ 3849 static int 3850 udp_build_hdrs(udp_t *udp) 3851 { 3852 udp_stack_t *us = udp->udp_us; 3853 uchar_t *hdrs; 3854 uint_t hdrs_len; 3855 ip6_t *ip6h; 3856 ip6i_t *ip6i; 3857 udpha_t *udpha; 3858 ip6_pkt_t *ipp = &udp->udp_sticky_ipp; 3859 size_t sth_wroff; 3860 3861 ASSERT(RW_WRITE_HELD(&udp->udp_rwlock)); 3862 hdrs_len = ip_total_hdrs_len_v6(ipp) + UDPH_SIZE; 3863 ASSERT(hdrs_len != 0); 3864 if (hdrs_len != udp->udp_sticky_hdrs_len) { 3865 /* Need to reallocate */ 3866 hdrs = kmem_alloc(hdrs_len, KM_NOSLEEP); 3867 if (hdrs == NULL) 3868 return (ENOMEM); 3869 3870 if (udp->udp_sticky_hdrs_len != 0) { 3871 kmem_free(udp->udp_sticky_hdrs, 3872 udp->udp_sticky_hdrs_len); 3873 } 3874 udp->udp_sticky_hdrs = hdrs; 3875 udp->udp_sticky_hdrs_len = hdrs_len; 3876 } 3877 ip_build_hdrs_v6(udp->udp_sticky_hdrs, 3878 udp->udp_sticky_hdrs_len - UDPH_SIZE, ipp, IPPROTO_UDP); 3879 3880 /* Set header fields not in ipp */ 3881 if (ipp->ipp_fields & IPPF_HAS_IP6I) { 3882 ip6i = (ip6i_t *)udp->udp_sticky_hdrs; 3883 ip6h = (ip6_t *)&ip6i[1]; 3884 } else { 3885 ip6h = (ip6_t *)udp->udp_sticky_hdrs; 3886 } 3887 3888 if (!(ipp->ipp_fields & IPPF_ADDR)) 3889 ip6h->ip6_src = udp->udp_v6src; 3890 3891 udpha = (udpha_t *)(udp->udp_sticky_hdrs + hdrs_len - UDPH_SIZE); 3892 udpha->uha_src_port = udp->udp_port; 3893 3894 /* Try to get everything in a single mblk */ 3895 if (hdrs_len > udp->udp_max_hdr_len) { 3896 udp->udp_max_hdr_len = hdrs_len; 3897 sth_wroff = udp->udp_max_hdr_len + us->us_wroff_extra; 3898 rw_exit(&udp->udp_rwlock); 3899 (void) mi_set_sth_wroff(udp->udp_connp->conn_rq, sth_wroff); 3900 rw_enter(&udp->udp_rwlock, RW_WRITER); 3901 } 3902 return (0); 3903 } 3904 3905 /* 3906 * This routine retrieves the value of an ND variable in a udpparam_t 3907 * structure. It is called through nd_getset when a user reads the 3908 * variable. 3909 */ 3910 /* ARGSUSED */ 3911 static int 3912 udp_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 3913 { 3914 udpparam_t *udppa = (udpparam_t *)cp; 3915 3916 (void) mi_mpprintf(mp, "%d", udppa->udp_param_value); 3917 return (0); 3918 } 3919 3920 /* 3921 * Walk through the param array specified registering each element with the 3922 * named dispatch (ND) handler. 3923 */ 3924 static boolean_t 3925 udp_param_register(IDP *ndp, udpparam_t *udppa, int cnt) 3926 { 3927 for (; cnt-- > 0; udppa++) { 3928 if (udppa->udp_param_name && udppa->udp_param_name[0]) { 3929 if (!nd_load(ndp, udppa->udp_param_name, 3930 udp_param_get, udp_param_set, 3931 (caddr_t)udppa)) { 3932 nd_free(ndp); 3933 return (B_FALSE); 3934 } 3935 } 3936 } 3937 if (!nd_load(ndp, "udp_extra_priv_ports", 3938 udp_extra_priv_ports_get, NULL, NULL)) { 3939 nd_free(ndp); 3940 return (B_FALSE); 3941 } 3942 if (!nd_load(ndp, "udp_extra_priv_ports_add", 3943 NULL, udp_extra_priv_ports_add, NULL)) { 3944 nd_free(ndp); 3945 return (B_FALSE); 3946 } 3947 if (!nd_load(ndp, "udp_extra_priv_ports_del", 3948 NULL, udp_extra_priv_ports_del, NULL)) { 3949 nd_free(ndp); 3950 return (B_FALSE); 3951 } 3952 if (!nd_load(ndp, "udp_status", udp_status_report, NULL, 3953 NULL)) { 3954 nd_free(ndp); 3955 return (B_FALSE); 3956 } 3957 if (!nd_load(ndp, "udp_bind_hash", udp_bind_hash_report, NULL, 3958 NULL)) { 3959 nd_free(ndp); 3960 return (B_FALSE); 3961 } 3962 return (B_TRUE); 3963 } 3964 3965 /* This routine sets an ND variable in a udpparam_t structure. */ 3966 /* ARGSUSED */ 3967 static int 3968 udp_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, cred_t *cr) 3969 { 3970 long new_value; 3971 udpparam_t *udppa = (udpparam_t *)cp; 3972 3973 /* 3974 * Fail the request if the new value does not lie within the 3975 * required bounds. 3976 */ 3977 if (ddi_strtol(value, NULL, 10, &new_value) != 0 || 3978 new_value < udppa->udp_param_min || 3979 new_value > udppa->udp_param_max) { 3980 return (EINVAL); 3981 } 3982 3983 /* Set the new value */ 3984 udppa->udp_param_value = new_value; 3985 return (0); 3986 } 3987 3988 /* 3989 * Copy hop-by-hop option from ipp->ipp_hopopts to the buffer provided (with 3990 * T_opthdr) and return the number of bytes copied. 'dbuf' may be NULL to 3991 * just count the length needed for allocation. If 'dbuf' is non-NULL, 3992 * then it's assumed to be allocated to be large enough. 3993 * 3994 * Returns zero if trimming of the security option causes all options to go 3995 * away. 3996 */ 3997 static size_t 3998 copy_hop_opts(const ip6_pkt_t *ipp, uchar_t *dbuf) 3999 { 4000 struct T_opthdr *toh; 4001 size_t hol = ipp->ipp_hopoptslen; 4002 ip6_hbh_t *dstopt = NULL; 4003 const ip6_hbh_t *srcopt = ipp->ipp_hopopts; 4004 size_t tlen, olen, plen; 4005 boolean_t deleting; 4006 const struct ip6_opt *sopt, *lastpad; 4007 struct ip6_opt *dopt; 4008 4009 if ((toh = (struct T_opthdr *)dbuf) != NULL) { 4010 toh->level = IPPROTO_IPV6; 4011 toh->name = IPV6_HOPOPTS; 4012 toh->status = 0; 4013 dstopt = (ip6_hbh_t *)(toh + 1); 4014 } 4015 4016 /* 4017 * If labeling is enabled, then skip the label option 4018 * but get other options if there are any. 4019 */ 4020 if (is_system_labeled()) { 4021 dopt = NULL; 4022 if (dstopt != NULL) { 4023 /* will fill in ip6h_len later */ 4024 dstopt->ip6h_nxt = srcopt->ip6h_nxt; 4025 dopt = (struct ip6_opt *)(dstopt + 1); 4026 } 4027 sopt = (const struct ip6_opt *)(srcopt + 1); 4028 hol -= sizeof (*srcopt); 4029 tlen = sizeof (*dstopt); 4030 lastpad = NULL; 4031 deleting = B_FALSE; 4032 /* 4033 * This loop finds the first (lastpad pointer) of any number of 4034 * pads that preceeds the security option, then treats the 4035 * security option as though it were a pad, and then finds the 4036 * next non-pad option (or end of list). 4037 * 4038 * It then treats the entire block as one big pad. To preserve 4039 * alignment of any options that follow, or just the end of the 4040 * list, it computes a minimal new padding size that keeps the 4041 * same alignment for the next option. 4042 * 4043 * If it encounters just a sequence of pads with no security 4044 * option, those are copied as-is rather than collapsed. 4045 * 4046 * Note that to handle the end of list case, the code makes one 4047 * loop with 'hol' set to zero. 4048 */ 4049 for (;;) { 4050 if (hol > 0) { 4051 if (sopt->ip6o_type == IP6OPT_PAD1) { 4052 if (lastpad == NULL) 4053 lastpad = sopt; 4054 sopt = (const struct ip6_opt *) 4055 &sopt->ip6o_len; 4056 hol--; 4057 continue; 4058 } 4059 olen = sopt->ip6o_len + sizeof (*sopt); 4060 if (olen > hol) 4061 olen = hol; 4062 if (sopt->ip6o_type == IP6OPT_PADN || 4063 sopt->ip6o_type == ip6opt_ls) { 4064 if (sopt->ip6o_type == ip6opt_ls) 4065 deleting = B_TRUE; 4066 if (lastpad == NULL) 4067 lastpad = sopt; 4068 sopt = (const struct ip6_opt *) 4069 ((const char *)sopt + olen); 4070 hol -= olen; 4071 continue; 4072 } 4073 } else { 4074 /* if nothing was copied at all, then delete */ 4075 if (tlen == sizeof (*dstopt)) 4076 return (0); 4077 /* last pass; pick up any trailing padding */ 4078 olen = 0; 4079 } 4080 if (deleting) { 4081 /* 4082 * compute aligning effect of deleted material 4083 * to reproduce with pad. 4084 */ 4085 plen = ((const char *)sopt - 4086 (const char *)lastpad) & 7; 4087 tlen += plen; 4088 if (dopt != NULL) { 4089 if (plen == 1) { 4090 dopt->ip6o_type = IP6OPT_PAD1; 4091 } else if (plen > 1) { 4092 plen -= sizeof (*dopt); 4093 dopt->ip6o_type = IP6OPT_PADN; 4094 dopt->ip6o_len = plen; 4095 if (plen > 0) 4096 bzero(dopt + 1, plen); 4097 } 4098 dopt = (struct ip6_opt *) 4099 ((char *)dopt + plen); 4100 } 4101 deleting = B_FALSE; 4102 lastpad = NULL; 4103 } 4104 /* if there's uncopied padding, then copy that now */ 4105 if (lastpad != NULL) { 4106 olen += (const char *)sopt - 4107 (const char *)lastpad; 4108 sopt = lastpad; 4109 lastpad = NULL; 4110 } 4111 if (dopt != NULL && olen > 0) { 4112 bcopy(sopt, dopt, olen); 4113 dopt = (struct ip6_opt *)((char *)dopt + olen); 4114 } 4115 if (hol == 0) 4116 break; 4117 tlen += olen; 4118 sopt = (const struct ip6_opt *) 4119 ((const char *)sopt + olen); 4120 hol -= olen; 4121 } 4122 /* go back and patch up the length value, rounded upward */ 4123 if (dstopt != NULL) 4124 dstopt->ip6h_len = (tlen - 1) >> 3; 4125 } else { 4126 tlen = hol; 4127 if (dstopt != NULL) 4128 bcopy(srcopt, dstopt, hol); 4129 } 4130 4131 tlen += sizeof (*toh); 4132 if (toh != NULL) 4133 toh->len = tlen; 4134 4135 return (tlen); 4136 } 4137 4138 /* 4139 * Update udp_rcv_opt_len from the packet. 4140 * Called when options received, and when no options received but 4141 * udp_ip_recv_opt_len has previously recorded options. 4142 */ 4143 static void 4144 udp_save_ip_rcv_opt(udp_t *udp, void *opt, int opt_len) 4145 { 4146 /* Save the options if any */ 4147 if (opt_len > 0) { 4148 if (opt_len > udp->udp_ip_rcv_options_len) { 4149 /* Need to allocate larger buffer */ 4150 if (udp->udp_ip_rcv_options_len != 0) 4151 mi_free((char *)udp->udp_ip_rcv_options); 4152 udp->udp_ip_rcv_options_len = 0; 4153 udp->udp_ip_rcv_options = 4154 (uchar_t *)mi_alloc(opt_len, BPRI_HI); 4155 if (udp->udp_ip_rcv_options != NULL) 4156 udp->udp_ip_rcv_options_len = opt_len; 4157 } 4158 if (udp->udp_ip_rcv_options_len != 0) { 4159 bcopy(opt, udp->udp_ip_rcv_options, opt_len); 4160 /* Adjust length if we are resusing the space */ 4161 udp->udp_ip_rcv_options_len = opt_len; 4162 } 4163 } else if (udp->udp_ip_rcv_options_len != 0) { 4164 /* Clear out previously recorded options */ 4165 mi_free((char *)udp->udp_ip_rcv_options); 4166 udp->udp_ip_rcv_options = NULL; 4167 udp->udp_ip_rcv_options_len = 0; 4168 } 4169 } 4170 4171 /* ARGSUSED2 */ 4172 static void 4173 udp_input(void *arg1, mblk_t *mp, void *arg2) 4174 { 4175 conn_t *connp = (conn_t *)arg1; 4176 struct T_unitdata_ind *tudi; 4177 uchar_t *rptr; /* Pointer to IP header */ 4178 int hdr_length; /* Length of IP+UDP headers */ 4179 int opt_len; 4180 int udi_size; /* Size of T_unitdata_ind */ 4181 int mp_len; 4182 udp_t *udp; 4183 udpha_t *udpha; 4184 int ipversion; 4185 ip6_pkt_t ipp; 4186 ip6_t *ip6h; 4187 ip6i_t *ip6i; 4188 mblk_t *mp1; 4189 mblk_t *options_mp = NULL; 4190 ip_pktinfo_t *pinfo = NULL; 4191 cred_t *cr = NULL; 4192 pid_t cpid; 4193 uint32_t udp_ip_rcv_options_len; 4194 udp_bits_t udp_bits; 4195 cred_t *rcr = connp->conn_cred; 4196 udp_stack_t *us; 4197 4198 ASSERT(connp->conn_flags & IPCL_UDPCONN); 4199 4200 udp = connp->conn_udp; 4201 us = udp->udp_us; 4202 rptr = mp->b_rptr; 4203 ASSERT(DB_TYPE(mp) == M_DATA || DB_TYPE(mp) == M_CTL); 4204 ASSERT(OK_32PTR(rptr)); 4205 4206 /* 4207 * IP should have prepended the options data in an M_CTL 4208 * Check M_CTL "type" to make sure are not here bcos of 4209 * a valid ICMP message 4210 */ 4211 if (DB_TYPE(mp) == M_CTL) { 4212 if (MBLKL(mp) == sizeof (ip_pktinfo_t) && 4213 ((ip_pktinfo_t *)mp->b_rptr)->ip_pkt_ulp_type == 4214 IN_PKTINFO) { 4215 /* 4216 * IP_RECVIF or IP_RECVSLLA or IPF_RECVADDR information 4217 * has been prepended to the packet by IP. We need to 4218 * extract the mblk and adjust the rptr 4219 */ 4220 pinfo = (ip_pktinfo_t *)mp->b_rptr; 4221 options_mp = mp; 4222 mp = mp->b_cont; 4223 rptr = mp->b_rptr; 4224 UDP_STAT(us, udp_in_pktinfo); 4225 } else { 4226 /* 4227 * ICMP messages. 4228 */ 4229 udp_icmp_error(connp->conn_rq, mp); 4230 return; 4231 } 4232 } 4233 4234 mp_len = msgdsize(mp); 4235 /* 4236 * This is the inbound data path. 4237 * First, we check to make sure the IP version number is correct, 4238 * and then pull the IP and UDP headers into the first mblk. 4239 */ 4240 4241 /* Initialize regardless if ipversion is IPv4 or IPv6 */ 4242 ipp.ipp_fields = 0; 4243 4244 ipversion = IPH_HDR_VERSION(rptr); 4245 4246 rw_enter(&udp->udp_rwlock, RW_READER); 4247 udp_ip_rcv_options_len = udp->udp_ip_rcv_options_len; 4248 udp_bits = udp->udp_bits; 4249 rw_exit(&udp->udp_rwlock); 4250 4251 switch (ipversion) { 4252 case IPV4_VERSION: 4253 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 4254 ASSERT(((ipha_t *)rptr)->ipha_protocol == IPPROTO_UDP); 4255 hdr_length = IPH_HDR_LENGTH(rptr) + UDPH_SIZE; 4256 opt_len = hdr_length - (IP_SIMPLE_HDR_LENGTH + UDPH_SIZE); 4257 if ((opt_len > 0 || udp_ip_rcv_options_len > 0) && 4258 udp->udp_family == AF_INET) { 4259 /* 4260 * Record/update udp_ip_rcv_options with the lock 4261 * held. Not needed for AF_INET6 sockets 4262 * since they don't support a getsockopt of IP_OPTIONS. 4263 */ 4264 rw_enter(&udp->udp_rwlock, RW_WRITER); 4265 udp_save_ip_rcv_opt(udp, rptr + IP_SIMPLE_HDR_LENGTH, 4266 opt_len); 4267 rw_exit(&udp->udp_rwlock); 4268 } 4269 /* Handle IPV6_RECVPKTINFO even for IPv4 packet. */ 4270 if ((udp->udp_family == AF_INET6) && (pinfo != NULL) && 4271 udp->udp_ip_recvpktinfo) { 4272 if (pinfo->ip_pkt_flags & IPF_RECVIF) { 4273 ipp.ipp_fields |= IPPF_IFINDEX; 4274 ipp.ipp_ifindex = pinfo->ip_pkt_ifindex; 4275 } 4276 } 4277 break; 4278 case IPV6_VERSION: 4279 /* 4280 * IPv6 packets can only be received by applications 4281 * that are prepared to receive IPv6 addresses. 4282 * The IP fanout must ensure this. 4283 */ 4284 ASSERT(udp->udp_family == AF_INET6); 4285 4286 ip6h = (ip6_t *)rptr; 4287 ASSERT((uchar_t *)&ip6h[1] <= mp->b_wptr); 4288 4289 if (ip6h->ip6_nxt != IPPROTO_UDP) { 4290 uint8_t nexthdrp; 4291 /* Look for ifindex information */ 4292 if (ip6h->ip6_nxt == IPPROTO_RAW) { 4293 ip6i = (ip6i_t *)ip6h; 4294 if ((uchar_t *)&ip6i[1] > mp->b_wptr) 4295 goto tossit; 4296 4297 if (ip6i->ip6i_flags & IP6I_IFINDEX) { 4298 ASSERT(ip6i->ip6i_ifindex != 0); 4299 ipp.ipp_fields |= IPPF_IFINDEX; 4300 ipp.ipp_ifindex = ip6i->ip6i_ifindex; 4301 } 4302 rptr = (uchar_t *)&ip6i[1]; 4303 mp->b_rptr = rptr; 4304 if (rptr == mp->b_wptr) { 4305 mp1 = mp->b_cont; 4306 freeb(mp); 4307 mp = mp1; 4308 rptr = mp->b_rptr; 4309 } 4310 if (MBLKL(mp) < (IPV6_HDR_LEN + UDPH_SIZE)) 4311 goto tossit; 4312 ip6h = (ip6_t *)rptr; 4313 mp_len = msgdsize(mp); 4314 } 4315 /* 4316 * Find any potentially interesting extension headers 4317 * as well as the length of the IPv6 + extension 4318 * headers. 4319 */ 4320 hdr_length = ip_find_hdr_v6(mp, ip6h, &ipp, &nexthdrp) + 4321 UDPH_SIZE; 4322 ASSERT(nexthdrp == IPPROTO_UDP); 4323 } else { 4324 hdr_length = IPV6_HDR_LEN + UDPH_SIZE; 4325 ip6i = NULL; 4326 } 4327 break; 4328 default: 4329 ASSERT(0); 4330 } 4331 4332 /* 4333 * IP inspected the UDP header thus all of it must be in the mblk. 4334 * UDP length check is performed for IPv6 packets and IPv4 packets 4335 * to check if the size of the packet as specified 4336 * by the header is the same as the physical size of the packet. 4337 * FIXME? Didn't IP already check this? 4338 */ 4339 udpha = (udpha_t *)(rptr + (hdr_length - UDPH_SIZE)); 4340 if ((MBLKL(mp) < hdr_length) || 4341 (mp_len != (ntohs(udpha->uha_length) + hdr_length - UDPH_SIZE))) { 4342 goto tossit; 4343 } 4344 4345 4346 /* Walk past the headers unless IP_RECVHDR was set. */ 4347 if (!udp_bits.udpb_rcvhdr) { 4348 mp->b_rptr = rptr + hdr_length; 4349 mp_len -= hdr_length; 4350 } 4351 4352 /* 4353 * This is the inbound data path. Packets are passed upstream as 4354 * T_UNITDATA_IND messages with full IP headers still attached. 4355 */ 4356 if (udp->udp_family == AF_INET) { 4357 sin_t *sin; 4358 4359 ASSERT(IPH_HDR_VERSION((ipha_t *)rptr) == IPV4_VERSION); 4360 4361 /* 4362 * Normally only send up the source address. 4363 * If IP_RECVDSTADDR is set we include the destination IP 4364 * address as an option. With IP_RECVOPTS we include all 4365 * the IP options. 4366 */ 4367 udi_size = sizeof (struct T_unitdata_ind) + sizeof (sin_t); 4368 if (udp_bits.udpb_recvdstaddr) { 4369 udi_size += sizeof (struct T_opthdr) + 4370 sizeof (struct in_addr); 4371 UDP_STAT(us, udp_in_recvdstaddr); 4372 } 4373 4374 if (udp_bits.udpb_ip_recvpktinfo && (pinfo != NULL) && 4375 (pinfo->ip_pkt_flags & IPF_RECVADDR)) { 4376 udi_size += sizeof (struct T_opthdr) + 4377 sizeof (struct in_pktinfo); 4378 UDP_STAT(us, udp_ip_rcvpktinfo); 4379 } 4380 4381 if ((udp_bits.udpb_recvopts) && opt_len > 0) { 4382 udi_size += sizeof (struct T_opthdr) + opt_len; 4383 UDP_STAT(us, udp_in_recvopts); 4384 } 4385 4386 /* 4387 * If the IP_RECVSLLA or the IP_RECVIF is set then allocate 4388 * space accordingly 4389 */ 4390 if ((udp_bits.udpb_recvif) && (pinfo != NULL) && 4391 (pinfo->ip_pkt_flags & IPF_RECVIF)) { 4392 udi_size += sizeof (struct T_opthdr) + sizeof (uint_t); 4393 UDP_STAT(us, udp_in_recvif); 4394 } 4395 4396 if ((udp_bits.udpb_recvslla) && (pinfo != NULL) && 4397 (pinfo->ip_pkt_flags & IPF_RECVSLLA)) { 4398 udi_size += sizeof (struct T_opthdr) + 4399 sizeof (struct sockaddr_dl); 4400 UDP_STAT(us, udp_in_recvslla); 4401 } 4402 4403 if ((udp_bits.udpb_recvucred) && 4404 (cr = DB_CRED(mp)) != NULL) { 4405 udi_size += sizeof (struct T_opthdr) + ucredsize; 4406 cpid = DB_CPID(mp); 4407 UDP_STAT(us, udp_in_recvucred); 4408 } 4409 4410 /* 4411 * If SO_TIMESTAMP is set allocate the appropriate sized 4412 * buffer. Since gethrestime() expects a pointer aligned 4413 * argument, we allocate space necessary for extra 4414 * alignment (even though it might not be used). 4415 */ 4416 if (udp_bits.udpb_timestamp) { 4417 udi_size += sizeof (struct T_opthdr) + 4418 sizeof (timestruc_t) + _POINTER_ALIGNMENT; 4419 UDP_STAT(us, udp_in_timestamp); 4420 } 4421 4422 /* 4423 * If IP_RECVTTL is set allocate the appropriate sized buffer 4424 */ 4425 if (udp_bits.udpb_recvttl) { 4426 udi_size += sizeof (struct T_opthdr) + sizeof (uint8_t); 4427 UDP_STAT(us, udp_in_recvttl); 4428 } 4429 4430 /* Allocate a message block for the T_UNITDATA_IND structure. */ 4431 mp1 = allocb(udi_size, BPRI_MED); 4432 if (mp1 == NULL) { 4433 freemsg(mp); 4434 if (options_mp != NULL) 4435 freeb(options_mp); 4436 BUMP_MIB(&us->us_udp_mib, udpInErrors); 4437 return; 4438 } 4439 mp1->b_cont = mp; 4440 mp = mp1; 4441 mp->b_datap->db_type = M_PROTO; 4442 tudi = (struct T_unitdata_ind *)mp->b_rptr; 4443 mp->b_wptr = (uchar_t *)tudi + udi_size; 4444 tudi->PRIM_type = T_UNITDATA_IND; 4445 tudi->SRC_length = sizeof (sin_t); 4446 tudi->SRC_offset = sizeof (struct T_unitdata_ind); 4447 tudi->OPT_offset = sizeof (struct T_unitdata_ind) + 4448 sizeof (sin_t); 4449 udi_size -= (sizeof (struct T_unitdata_ind) + sizeof (sin_t)); 4450 tudi->OPT_length = udi_size; 4451 sin = (sin_t *)&tudi[1]; 4452 sin->sin_addr.s_addr = ((ipha_t *)rptr)->ipha_src; 4453 sin->sin_port = udpha->uha_src_port; 4454 sin->sin_family = udp->udp_family; 4455 *(uint32_t *)&sin->sin_zero[0] = 0; 4456 *(uint32_t *)&sin->sin_zero[4] = 0; 4457 4458 /* 4459 * Add options if IP_RECVDSTADDR, IP_RECVIF, IP_RECVSLLA or 4460 * IP_RECVTTL has been set. 4461 */ 4462 if (udi_size != 0) { 4463 /* 4464 * Copy in destination address before options to avoid 4465 * any padding issues. 4466 */ 4467 char *dstopt; 4468 4469 dstopt = (char *)&sin[1]; 4470 if (udp_bits.udpb_recvdstaddr) { 4471 struct T_opthdr *toh; 4472 ipaddr_t *dstptr; 4473 4474 toh = (struct T_opthdr *)dstopt; 4475 toh->level = IPPROTO_IP; 4476 toh->name = IP_RECVDSTADDR; 4477 toh->len = sizeof (struct T_opthdr) + 4478 sizeof (ipaddr_t); 4479 toh->status = 0; 4480 dstopt += sizeof (struct T_opthdr); 4481 dstptr = (ipaddr_t *)dstopt; 4482 *dstptr = ((ipha_t *)rptr)->ipha_dst; 4483 dstopt += sizeof (ipaddr_t); 4484 udi_size -= toh->len; 4485 } 4486 4487 if (udp_bits.udpb_recvopts && opt_len > 0) { 4488 struct T_opthdr *toh; 4489 4490 toh = (struct T_opthdr *)dstopt; 4491 toh->level = IPPROTO_IP; 4492 toh->name = IP_RECVOPTS; 4493 toh->len = sizeof (struct T_opthdr) + opt_len; 4494 toh->status = 0; 4495 dstopt += sizeof (struct T_opthdr); 4496 bcopy(rptr + IP_SIMPLE_HDR_LENGTH, dstopt, 4497 opt_len); 4498 dstopt += opt_len; 4499 udi_size -= toh->len; 4500 } 4501 4502 if ((udp_bits.udpb_ip_recvpktinfo) && (pinfo != NULL) && 4503 (pinfo->ip_pkt_flags & IPF_RECVADDR)) { 4504 struct T_opthdr *toh; 4505 struct in_pktinfo *pktinfop; 4506 4507 toh = (struct T_opthdr *)dstopt; 4508 toh->level = IPPROTO_IP; 4509 toh->name = IP_PKTINFO; 4510 toh->len = sizeof (struct T_opthdr) + 4511 sizeof (*pktinfop); 4512 toh->status = 0; 4513 dstopt += sizeof (struct T_opthdr); 4514 pktinfop = (struct in_pktinfo *)dstopt; 4515 pktinfop->ipi_ifindex = pinfo->ip_pkt_ifindex; 4516 pktinfop->ipi_spec_dst = 4517 pinfo->ip_pkt_match_addr; 4518 pktinfop->ipi_addr.s_addr = 4519 ((ipha_t *)rptr)->ipha_dst; 4520 4521 dstopt += sizeof (struct in_pktinfo); 4522 udi_size -= toh->len; 4523 } 4524 4525 if ((udp_bits.udpb_recvslla) && (pinfo != NULL) && 4526 (pinfo->ip_pkt_flags & IPF_RECVSLLA)) { 4527 4528 struct T_opthdr *toh; 4529 struct sockaddr_dl *dstptr; 4530 4531 toh = (struct T_opthdr *)dstopt; 4532 toh->level = IPPROTO_IP; 4533 toh->name = IP_RECVSLLA; 4534 toh->len = sizeof (struct T_opthdr) + 4535 sizeof (struct sockaddr_dl); 4536 toh->status = 0; 4537 dstopt += sizeof (struct T_opthdr); 4538 dstptr = (struct sockaddr_dl *)dstopt; 4539 bcopy(&pinfo->ip_pkt_slla, dstptr, 4540 sizeof (struct sockaddr_dl)); 4541 dstopt += sizeof (struct sockaddr_dl); 4542 udi_size -= toh->len; 4543 } 4544 4545 if ((udp_bits.udpb_recvif) && (pinfo != NULL) && 4546 (pinfo->ip_pkt_flags & IPF_RECVIF)) { 4547 4548 struct T_opthdr *toh; 4549 uint_t *dstptr; 4550 4551 toh = (struct T_opthdr *)dstopt; 4552 toh->level = IPPROTO_IP; 4553 toh->name = IP_RECVIF; 4554 toh->len = sizeof (struct T_opthdr) + 4555 sizeof (uint_t); 4556 toh->status = 0; 4557 dstopt += sizeof (struct T_opthdr); 4558 dstptr = (uint_t *)dstopt; 4559 *dstptr = pinfo->ip_pkt_ifindex; 4560 dstopt += sizeof (uint_t); 4561 udi_size -= toh->len; 4562 } 4563 4564 if (cr != NULL) { 4565 struct T_opthdr *toh; 4566 4567 toh = (struct T_opthdr *)dstopt; 4568 toh->level = SOL_SOCKET; 4569 toh->name = SCM_UCRED; 4570 toh->len = sizeof (struct T_opthdr) + ucredsize; 4571 toh->status = 0; 4572 dstopt += sizeof (struct T_opthdr); 4573 (void) cred2ucred(cr, cpid, dstopt, rcr); 4574 dstopt += ucredsize; 4575 udi_size -= toh->len; 4576 } 4577 4578 if (udp_bits.udpb_timestamp) { 4579 struct T_opthdr *toh; 4580 4581 toh = (struct T_opthdr *)dstopt; 4582 toh->level = SOL_SOCKET; 4583 toh->name = SCM_TIMESTAMP; 4584 toh->len = sizeof (struct T_opthdr) + 4585 sizeof (timestruc_t) + _POINTER_ALIGNMENT; 4586 toh->status = 0; 4587 dstopt += sizeof (struct T_opthdr); 4588 /* Align for gethrestime() */ 4589 dstopt = (char *)P2ROUNDUP((intptr_t)dstopt, 4590 sizeof (intptr_t)); 4591 gethrestime((timestruc_t *)dstopt); 4592 dstopt = (char *)toh + toh->len; 4593 udi_size -= toh->len; 4594 } 4595 4596 /* 4597 * CAUTION: 4598 * Due to aligment issues 4599 * Processing of IP_RECVTTL option 4600 * should always be the last. Adding 4601 * any option processing after this will 4602 * cause alignment panic. 4603 */ 4604 if (udp_bits.udpb_recvttl) { 4605 struct T_opthdr *toh; 4606 uint8_t *dstptr; 4607 4608 toh = (struct T_opthdr *)dstopt; 4609 toh->level = IPPROTO_IP; 4610 toh->name = IP_RECVTTL; 4611 toh->len = sizeof (struct T_opthdr) + 4612 sizeof (uint8_t); 4613 toh->status = 0; 4614 dstopt += sizeof (struct T_opthdr); 4615 dstptr = (uint8_t *)dstopt; 4616 *dstptr = ((ipha_t *)rptr)->ipha_ttl; 4617 dstopt += sizeof (uint8_t); 4618 udi_size -= toh->len; 4619 } 4620 4621 /* Consumed all of allocated space */ 4622 ASSERT(udi_size == 0); 4623 } 4624 } else { 4625 sin6_t *sin6; 4626 4627 /* 4628 * Handle both IPv4 and IPv6 packets for IPv6 sockets. 4629 * 4630 * Normally we only send up the address. If receiving of any 4631 * optional receive side information is enabled, we also send 4632 * that up as options. 4633 */ 4634 udi_size = sizeof (struct T_unitdata_ind) + sizeof (sin6_t); 4635 4636 if (ipp.ipp_fields & (IPPF_HOPOPTS|IPPF_DSTOPTS|IPPF_RTDSTOPTS| 4637 IPPF_RTHDR|IPPF_IFINDEX)) { 4638 if ((udp_bits.udpb_ipv6_recvhopopts) && 4639 (ipp.ipp_fields & IPPF_HOPOPTS)) { 4640 size_t hlen; 4641 4642 UDP_STAT(us, udp_in_recvhopopts); 4643 hlen = copy_hop_opts(&ipp, NULL); 4644 if (hlen == 0) 4645 ipp.ipp_fields &= ~IPPF_HOPOPTS; 4646 udi_size += hlen; 4647 } 4648 if (((udp_bits.udpb_ipv6_recvdstopts) || 4649 udp_bits.udpb_old_ipv6_recvdstopts) && 4650 (ipp.ipp_fields & IPPF_DSTOPTS)) { 4651 udi_size += sizeof (struct T_opthdr) + 4652 ipp.ipp_dstoptslen; 4653 UDP_STAT(us, udp_in_recvdstopts); 4654 } 4655 if ((((udp_bits.udpb_ipv6_recvdstopts) && 4656 udp_bits.udpb_ipv6_recvrthdr && 4657 (ipp.ipp_fields & IPPF_RTHDR)) || 4658 (udp_bits.udpb_ipv6_recvrthdrdstopts)) && 4659 (ipp.ipp_fields & IPPF_RTDSTOPTS)) { 4660 udi_size += sizeof (struct T_opthdr) + 4661 ipp.ipp_rtdstoptslen; 4662 UDP_STAT(us, udp_in_recvrtdstopts); 4663 } 4664 if ((udp_bits.udpb_ipv6_recvrthdr) && 4665 (ipp.ipp_fields & IPPF_RTHDR)) { 4666 udi_size += sizeof (struct T_opthdr) + 4667 ipp.ipp_rthdrlen; 4668 UDP_STAT(us, udp_in_recvrthdr); 4669 } 4670 if ((udp_bits.udpb_ip_recvpktinfo) && 4671 (ipp.ipp_fields & IPPF_IFINDEX)) { 4672 udi_size += sizeof (struct T_opthdr) + 4673 sizeof (struct in6_pktinfo); 4674 UDP_STAT(us, udp_in_recvpktinfo); 4675 } 4676 4677 } 4678 if ((udp_bits.udpb_recvucred) && 4679 (cr = DB_CRED(mp)) != NULL) { 4680 udi_size += sizeof (struct T_opthdr) + ucredsize; 4681 cpid = DB_CPID(mp); 4682 UDP_STAT(us, udp_in_recvucred); 4683 } 4684 4685 /* 4686 * If SO_TIMESTAMP is set allocate the appropriate sized 4687 * buffer. Since gethrestime() expects a pointer aligned 4688 * argument, we allocate space necessary for extra 4689 * alignment (even though it might not be used). 4690 */ 4691 if (udp_bits.udpb_timestamp) { 4692 udi_size += sizeof (struct T_opthdr) + 4693 sizeof (timestruc_t) + _POINTER_ALIGNMENT; 4694 UDP_STAT(us, udp_in_timestamp); 4695 } 4696 4697 if (udp_bits.udpb_ipv6_recvhoplimit) { 4698 udi_size += sizeof (struct T_opthdr) + sizeof (int); 4699 UDP_STAT(us, udp_in_recvhoplimit); 4700 } 4701 4702 if (udp_bits.udpb_ipv6_recvtclass) { 4703 udi_size += sizeof (struct T_opthdr) + sizeof (int); 4704 UDP_STAT(us, udp_in_recvtclass); 4705 } 4706 4707 mp1 = allocb(udi_size, BPRI_MED); 4708 if (mp1 == NULL) { 4709 freemsg(mp); 4710 if (options_mp != NULL) 4711 freeb(options_mp); 4712 BUMP_MIB(&us->us_udp_mib, udpInErrors); 4713 return; 4714 } 4715 mp1->b_cont = mp; 4716 mp = mp1; 4717 mp->b_datap->db_type = M_PROTO; 4718 tudi = (struct T_unitdata_ind *)mp->b_rptr; 4719 mp->b_wptr = (uchar_t *)tudi + udi_size; 4720 tudi->PRIM_type = T_UNITDATA_IND; 4721 tudi->SRC_length = sizeof (sin6_t); 4722 tudi->SRC_offset = sizeof (struct T_unitdata_ind); 4723 tudi->OPT_offset = sizeof (struct T_unitdata_ind) + 4724 sizeof (sin6_t); 4725 udi_size -= (sizeof (struct T_unitdata_ind) + sizeof (sin6_t)); 4726 tudi->OPT_length = udi_size; 4727 sin6 = (sin6_t *)&tudi[1]; 4728 if (ipversion == IPV4_VERSION) { 4729 in6_addr_t v6dst; 4730 4731 IN6_IPADDR_TO_V4MAPPED(((ipha_t *)rptr)->ipha_src, 4732 &sin6->sin6_addr); 4733 IN6_IPADDR_TO_V4MAPPED(((ipha_t *)rptr)->ipha_dst, 4734 &v6dst); 4735 sin6->sin6_flowinfo = 0; 4736 sin6->sin6_scope_id = 0; 4737 sin6->__sin6_src_id = ip_srcid_find_addr(&v6dst, 4738 connp->conn_zoneid, us->us_netstack); 4739 } else { 4740 sin6->sin6_addr = ip6h->ip6_src; 4741 /* No sin6_flowinfo per API */ 4742 sin6->sin6_flowinfo = 0; 4743 /* For link-scope source pass up scope id */ 4744 if ((ipp.ipp_fields & IPPF_IFINDEX) && 4745 IN6_IS_ADDR_LINKSCOPE(&ip6h->ip6_src)) 4746 sin6->sin6_scope_id = ipp.ipp_ifindex; 4747 else 4748 sin6->sin6_scope_id = 0; 4749 sin6->__sin6_src_id = ip_srcid_find_addr( 4750 &ip6h->ip6_dst, connp->conn_zoneid, 4751 us->us_netstack); 4752 } 4753 sin6->sin6_port = udpha->uha_src_port; 4754 sin6->sin6_family = udp->udp_family; 4755 4756 if (udi_size != 0) { 4757 uchar_t *dstopt; 4758 4759 dstopt = (uchar_t *)&sin6[1]; 4760 if ((udp_bits.udpb_ip_recvpktinfo) && 4761 (ipp.ipp_fields & IPPF_IFINDEX)) { 4762 struct T_opthdr *toh; 4763 struct in6_pktinfo *pkti; 4764 4765 toh = (struct T_opthdr *)dstopt; 4766 toh->level = IPPROTO_IPV6; 4767 toh->name = IPV6_PKTINFO; 4768 toh->len = sizeof (struct T_opthdr) + 4769 sizeof (*pkti); 4770 toh->status = 0; 4771 dstopt += sizeof (struct T_opthdr); 4772 pkti = (struct in6_pktinfo *)dstopt; 4773 if (ipversion == IPV6_VERSION) 4774 pkti->ipi6_addr = ip6h->ip6_dst; 4775 else 4776 IN6_IPADDR_TO_V4MAPPED( 4777 ((ipha_t *)rptr)->ipha_dst, 4778 &pkti->ipi6_addr); 4779 pkti->ipi6_ifindex = ipp.ipp_ifindex; 4780 dstopt += sizeof (*pkti); 4781 udi_size -= toh->len; 4782 } 4783 if (udp_bits.udpb_ipv6_recvhoplimit) { 4784 struct T_opthdr *toh; 4785 4786 toh = (struct T_opthdr *)dstopt; 4787 toh->level = IPPROTO_IPV6; 4788 toh->name = IPV6_HOPLIMIT; 4789 toh->len = sizeof (struct T_opthdr) + 4790 sizeof (uint_t); 4791 toh->status = 0; 4792 dstopt += sizeof (struct T_opthdr); 4793 if (ipversion == IPV6_VERSION) 4794 *(uint_t *)dstopt = ip6h->ip6_hops; 4795 else 4796 *(uint_t *)dstopt = 4797 ((ipha_t *)rptr)->ipha_ttl; 4798 dstopt += sizeof (uint_t); 4799 udi_size -= toh->len; 4800 } 4801 if (udp_bits.udpb_ipv6_recvtclass) { 4802 struct T_opthdr *toh; 4803 4804 toh = (struct T_opthdr *)dstopt; 4805 toh->level = IPPROTO_IPV6; 4806 toh->name = IPV6_TCLASS; 4807 toh->len = sizeof (struct T_opthdr) + 4808 sizeof (uint_t); 4809 toh->status = 0; 4810 dstopt += sizeof (struct T_opthdr); 4811 if (ipversion == IPV6_VERSION) { 4812 *(uint_t *)dstopt = 4813 IPV6_FLOW_TCLASS(ip6h->ip6_flow); 4814 } else { 4815 ipha_t *ipha = (ipha_t *)rptr; 4816 *(uint_t *)dstopt = 4817 ipha->ipha_type_of_service; 4818 } 4819 dstopt += sizeof (uint_t); 4820 udi_size -= toh->len; 4821 } 4822 if ((udp_bits.udpb_ipv6_recvhopopts) && 4823 (ipp.ipp_fields & IPPF_HOPOPTS)) { 4824 size_t hlen; 4825 4826 hlen = copy_hop_opts(&ipp, dstopt); 4827 dstopt += hlen; 4828 udi_size -= hlen; 4829 } 4830 if ((udp_bits.udpb_ipv6_recvdstopts) && 4831 (udp_bits.udpb_ipv6_recvrthdr) && 4832 (ipp.ipp_fields & IPPF_RTHDR) && 4833 (ipp.ipp_fields & IPPF_RTDSTOPTS)) { 4834 struct T_opthdr *toh; 4835 4836 toh = (struct T_opthdr *)dstopt; 4837 toh->level = IPPROTO_IPV6; 4838 toh->name = IPV6_DSTOPTS; 4839 toh->len = sizeof (struct T_opthdr) + 4840 ipp.ipp_rtdstoptslen; 4841 toh->status = 0; 4842 dstopt += sizeof (struct T_opthdr); 4843 bcopy(ipp.ipp_rtdstopts, dstopt, 4844 ipp.ipp_rtdstoptslen); 4845 dstopt += ipp.ipp_rtdstoptslen; 4846 udi_size -= toh->len; 4847 } 4848 if ((udp_bits.udpb_ipv6_recvrthdr) && 4849 (ipp.ipp_fields & IPPF_RTHDR)) { 4850 struct T_opthdr *toh; 4851 4852 toh = (struct T_opthdr *)dstopt; 4853 toh->level = IPPROTO_IPV6; 4854 toh->name = IPV6_RTHDR; 4855 toh->len = sizeof (struct T_opthdr) + 4856 ipp.ipp_rthdrlen; 4857 toh->status = 0; 4858 dstopt += sizeof (struct T_opthdr); 4859 bcopy(ipp.ipp_rthdr, dstopt, ipp.ipp_rthdrlen); 4860 dstopt += ipp.ipp_rthdrlen; 4861 udi_size -= toh->len; 4862 } 4863 if ((udp_bits.udpb_ipv6_recvdstopts) && 4864 (ipp.ipp_fields & IPPF_DSTOPTS)) { 4865 struct T_opthdr *toh; 4866 4867 toh = (struct T_opthdr *)dstopt; 4868 toh->level = IPPROTO_IPV6; 4869 toh->name = IPV6_DSTOPTS; 4870 toh->len = sizeof (struct T_opthdr) + 4871 ipp.ipp_dstoptslen; 4872 toh->status = 0; 4873 dstopt += sizeof (struct T_opthdr); 4874 bcopy(ipp.ipp_dstopts, dstopt, 4875 ipp.ipp_dstoptslen); 4876 dstopt += ipp.ipp_dstoptslen; 4877 udi_size -= toh->len; 4878 } 4879 4880 if (cr != NULL) { 4881 struct T_opthdr *toh; 4882 4883 toh = (struct T_opthdr *)dstopt; 4884 toh->level = SOL_SOCKET; 4885 toh->name = SCM_UCRED; 4886 toh->len = sizeof (struct T_opthdr) + ucredsize; 4887 toh->status = 0; 4888 (void) cred2ucred(cr, cpid, &toh[1], rcr); 4889 dstopt += toh->len; 4890 udi_size -= toh->len; 4891 } 4892 if (udp_bits.udpb_timestamp) { 4893 struct T_opthdr *toh; 4894 4895 toh = (struct T_opthdr *)dstopt; 4896 toh->level = SOL_SOCKET; 4897 toh->name = SCM_TIMESTAMP; 4898 toh->len = sizeof (struct T_opthdr) + 4899 sizeof (timestruc_t) + _POINTER_ALIGNMENT; 4900 toh->status = 0; 4901 dstopt += sizeof (struct T_opthdr); 4902 /* Align for gethrestime() */ 4903 dstopt = (uchar_t *)P2ROUNDUP((intptr_t)dstopt, 4904 sizeof (intptr_t)); 4905 gethrestime((timestruc_t *)dstopt); 4906 dstopt = (uchar_t *)toh + toh->len; 4907 udi_size -= toh->len; 4908 } 4909 4910 /* Consumed all of allocated space */ 4911 ASSERT(udi_size == 0); 4912 } 4913 #undef sin6 4914 /* No IP_RECVDSTADDR for IPv6. */ 4915 } 4916 4917 BUMP_MIB(&us->us_udp_mib, udpHCInDatagrams); 4918 if (options_mp != NULL) 4919 freeb(options_mp); 4920 4921 if (udp_bits.udpb_direct_sockfs) { 4922 /* 4923 * There is nothing above us except for the stream head; 4924 * use the read-side synchronous stream interface in 4925 * order to reduce the time spent in interrupt thread. 4926 */ 4927 ASSERT(udp->udp_issocket); 4928 udp_rcv_enqueue(connp->conn_rq, udp, mp, mp_len); 4929 } else { 4930 /* 4931 * Use regular STREAMS interface to pass data upstream 4932 * if this is not a socket endpoint, or if we have 4933 * switched over to the slow mode due to sockmod being 4934 * popped or a module being pushed on top of us. 4935 */ 4936 putnext(connp->conn_rq, mp); 4937 } 4938 return; 4939 4940 tossit: 4941 freemsg(mp); 4942 if (options_mp != NULL) 4943 freeb(options_mp); 4944 BUMP_MIB(&us->us_udp_mib, udpInErrors); 4945 } 4946 4947 /* 4948 * Handle the results of a T_BIND_REQ whether deferred by IP or handled 4949 * immediately. 4950 */ 4951 static void 4952 udp_bind_result(conn_t *connp, mblk_t *mp) 4953 { 4954 struct T_error_ack *tea; 4955 4956 switch (mp->b_datap->db_type) { 4957 case M_PROTO: 4958 case M_PCPROTO: 4959 /* M_PROTO messages contain some type of TPI message. */ 4960 ASSERT((uintptr_t)(mp->b_wptr - mp->b_rptr) <= 4961 (uintptr_t)INT_MAX); 4962 if (mp->b_wptr - mp->b_rptr < sizeof (t_scalar_t)) { 4963 freemsg(mp); 4964 return; 4965 } 4966 tea = (struct T_error_ack *)mp->b_rptr; 4967 4968 switch (tea->PRIM_type) { 4969 case T_ERROR_ACK: 4970 switch (tea->ERROR_prim) { 4971 case O_T_BIND_REQ: 4972 case T_BIND_REQ: 4973 udp_bind_error(connp, mp); 4974 return; 4975 default: 4976 break; 4977 } 4978 ASSERT(0); 4979 freemsg(mp); 4980 return; 4981 4982 case T_BIND_ACK: 4983 udp_bind_ack(connp, mp); 4984 return; 4985 4986 default: 4987 break; 4988 } 4989 freemsg(mp); 4990 return; 4991 default: 4992 /* FIXME: other cases? */ 4993 ASSERT(0); 4994 freemsg(mp); 4995 return; 4996 } 4997 } 4998 4999 /* 5000 * Process a T_BIND_ACK 5001 */ 5002 static void 5003 udp_bind_ack(conn_t *connp, mblk_t *mp) 5004 { 5005 udp_t *udp = connp->conn_udp; 5006 mblk_t *mp1; 5007 ire_t *ire; 5008 struct T_bind_ack *tba; 5009 uchar_t *addrp; 5010 ipa_conn_t *ac; 5011 ipa6_conn_t *ac6; 5012 udp_fanout_t *udpf; 5013 udp_stack_t *us = udp->udp_us; 5014 5015 ASSERT(udp->udp_pending_op != -1); 5016 rw_enter(&udp->udp_rwlock, RW_WRITER); 5017 /* 5018 * If a broadcast/multicast address was bound set 5019 * the source address to 0. 5020 * This ensures no datagrams with broadcast address 5021 * as source address are emitted (which would violate 5022 * RFC1122 - Hosts requirements) 5023 * 5024 * Note that when connecting the returned IRE is 5025 * for the destination address and we only perform 5026 * the broadcast check for the source address (it 5027 * is OK to connect to a broadcast/multicast address.) 5028 */ 5029 mp1 = mp->b_cont; 5030 if (mp1 != NULL && mp1->b_datap->db_type == IRE_DB_TYPE) { 5031 ire = (ire_t *)mp1->b_rptr; 5032 5033 /* 5034 * Note: we get IRE_BROADCAST for IPv6 to "mark" a multicast 5035 * local address. 5036 */ 5037 udpf = &us->us_bind_fanout[UDP_BIND_HASH(udp->udp_port, 5038 us->us_bind_fanout_size)]; 5039 if (ire->ire_type == IRE_BROADCAST && 5040 udp->udp_state != TS_DATA_XFER) { 5041 ASSERT(udp->udp_pending_op == T_BIND_REQ || 5042 udp->udp_pending_op == O_T_BIND_REQ); 5043 /* This was just a local bind to a broadcast addr */ 5044 mutex_enter(&udpf->uf_lock); 5045 V6_SET_ZERO(udp->udp_v6src); 5046 mutex_exit(&udpf->uf_lock); 5047 if (udp->udp_family == AF_INET6) 5048 (void) udp_build_hdrs(udp); 5049 } else if (V6_OR_V4_INADDR_ANY(udp->udp_v6src)) { 5050 /* 5051 * Local address not yet set - pick it from the 5052 * T_bind_ack 5053 */ 5054 tba = (struct T_bind_ack *)mp->b_rptr; 5055 addrp = &mp->b_rptr[tba->ADDR_offset]; 5056 switch (udp->udp_family) { 5057 case AF_INET: 5058 if (tba->ADDR_length == sizeof (ipa_conn_t)) { 5059 ac = (ipa_conn_t *)addrp; 5060 } else { 5061 ASSERT(tba->ADDR_length == 5062 sizeof (ipa_conn_x_t)); 5063 ac = &((ipa_conn_x_t *)addrp)->acx_conn; 5064 } 5065 mutex_enter(&udpf->uf_lock); 5066 IN6_IPADDR_TO_V4MAPPED(ac->ac_laddr, 5067 &udp->udp_v6src); 5068 mutex_exit(&udpf->uf_lock); 5069 break; 5070 case AF_INET6: 5071 if (tba->ADDR_length == sizeof (ipa6_conn_t)) { 5072 ac6 = (ipa6_conn_t *)addrp; 5073 } else { 5074 ASSERT(tba->ADDR_length == 5075 sizeof (ipa6_conn_x_t)); 5076 ac6 = &((ipa6_conn_x_t *) 5077 addrp)->ac6x_conn; 5078 } 5079 mutex_enter(&udpf->uf_lock); 5080 udp->udp_v6src = ac6->ac6_laddr; 5081 mutex_exit(&udpf->uf_lock); 5082 (void) udp_build_hdrs(udp); 5083 break; 5084 } 5085 } 5086 mp1 = mp1->b_cont; 5087 } 5088 udp->udp_pending_op = -1; 5089 rw_exit(&udp->udp_rwlock); 5090 /* 5091 * Look for one or more appended ACK message added by 5092 * udp_connect or udp_disconnect. 5093 * If none found just send up the T_BIND_ACK. 5094 * udp_connect has appended a T_OK_ACK and a T_CONN_CON. 5095 * udp_disconnect has appended a T_OK_ACK. 5096 */ 5097 if (mp1 != NULL) { 5098 if (mp->b_cont == mp1) 5099 mp->b_cont = NULL; 5100 else { 5101 ASSERT(mp->b_cont->b_cont == mp1); 5102 mp->b_cont->b_cont = NULL; 5103 } 5104 freemsg(mp); 5105 mp = mp1; 5106 while (mp != NULL) { 5107 mp1 = mp->b_cont; 5108 mp->b_cont = NULL; 5109 putnext(connp->conn_rq, mp); 5110 mp = mp1; 5111 } 5112 return; 5113 } 5114 freemsg(mp->b_cont); 5115 mp->b_cont = NULL; 5116 putnext(connp->conn_rq, mp); 5117 } 5118 5119 static void 5120 udp_bind_error(conn_t *connp, mblk_t *mp) 5121 { 5122 udp_t *udp = connp->conn_udp; 5123 struct T_error_ack *tea; 5124 udp_fanout_t *udpf; 5125 udp_stack_t *us = udp->udp_us; 5126 5127 tea = (struct T_error_ack *)mp->b_rptr; 5128 5129 /* 5130 * If our O_T_BIND_REQ/T_BIND_REQ fails, 5131 * clear out the associated port and source 5132 * address before passing the message 5133 * upstream. If this was caused by a T_CONN_REQ 5134 * revert back to bound state. 5135 */ 5136 5137 rw_enter(&udp->udp_rwlock, RW_WRITER); 5138 ASSERT(udp->udp_pending_op != -1); 5139 tea->ERROR_prim = udp->udp_pending_op; 5140 udp->udp_pending_op = -1; 5141 udpf = &us->us_bind_fanout[ 5142 UDP_BIND_HASH(udp->udp_port, 5143 us->us_bind_fanout_size)]; 5144 mutex_enter(&udpf->uf_lock); 5145 5146 switch (tea->ERROR_prim) { 5147 case T_CONN_REQ: 5148 ASSERT(udp->udp_state == TS_DATA_XFER); 5149 /* Connect failed */ 5150 /* Revert back to the bound source */ 5151 udp->udp_v6src = udp->udp_bound_v6src; 5152 udp->udp_state = TS_IDLE; 5153 mutex_exit(&udpf->uf_lock); 5154 if (udp->udp_family == AF_INET6) 5155 (void) udp_build_hdrs(udp); 5156 rw_exit(&udp->udp_rwlock); 5157 break; 5158 5159 case T_DISCON_REQ: 5160 case T_BIND_REQ: 5161 case O_T_BIND_REQ: 5162 V6_SET_ZERO(udp->udp_v6src); 5163 V6_SET_ZERO(udp->udp_bound_v6src); 5164 udp->udp_state = TS_UNBND; 5165 udp_bind_hash_remove(udp, B_TRUE); 5166 udp->udp_port = 0; 5167 mutex_exit(&udpf->uf_lock); 5168 if (udp->udp_family == AF_INET6) 5169 (void) udp_build_hdrs(udp); 5170 rw_exit(&udp->udp_rwlock); 5171 break; 5172 5173 default: 5174 mutex_exit(&udpf->uf_lock); 5175 rw_exit(&udp->udp_rwlock); 5176 (void) mi_strlog(connp->conn_rq, 1, 5177 SL_ERROR|SL_TRACE, 5178 "udp_input_other: bad ERROR_prim, " 5179 "len %d", tea->ERROR_prim); 5180 } 5181 putnext(connp->conn_rq, mp); 5182 } 5183 5184 /* 5185 * return SNMP stuff in buffer in mpdata. We don't hold any lock and report 5186 * information that can be changing beneath us. 5187 */ 5188 mblk_t * 5189 udp_snmp_get(queue_t *q, mblk_t *mpctl) 5190 { 5191 mblk_t *mpdata; 5192 mblk_t *mp_conn_ctl; 5193 mblk_t *mp_attr_ctl; 5194 mblk_t *mp6_conn_ctl; 5195 mblk_t *mp6_attr_ctl; 5196 mblk_t *mp_conn_tail; 5197 mblk_t *mp_attr_tail; 5198 mblk_t *mp6_conn_tail; 5199 mblk_t *mp6_attr_tail; 5200 struct opthdr *optp; 5201 mib2_udpEntry_t ude; 5202 mib2_udp6Entry_t ude6; 5203 mib2_transportMLPEntry_t mlp; 5204 int state; 5205 zoneid_t zoneid; 5206 int i; 5207 connf_t *connfp; 5208 conn_t *connp = Q_TO_CONN(q); 5209 int v4_conn_idx; 5210 int v6_conn_idx; 5211 boolean_t needattr; 5212 udp_t *udp; 5213 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 5214 udp_stack_t *us = connp->conn_netstack->netstack_udp; 5215 mblk_t *mp2ctl; 5216 5217 /* 5218 * make a copy of the original message 5219 */ 5220 mp2ctl = copymsg(mpctl); 5221 5222 mp_conn_ctl = mp_attr_ctl = mp6_conn_ctl = NULL; 5223 if (mpctl == NULL || 5224 (mpdata = mpctl->b_cont) == NULL || 5225 (mp_conn_ctl = copymsg(mpctl)) == NULL || 5226 (mp_attr_ctl = copymsg(mpctl)) == NULL || 5227 (mp6_conn_ctl = copymsg(mpctl)) == NULL || 5228 (mp6_attr_ctl = copymsg(mpctl)) == NULL) { 5229 freemsg(mp_conn_ctl); 5230 freemsg(mp_attr_ctl); 5231 freemsg(mp6_conn_ctl); 5232 freemsg(mpctl); 5233 freemsg(mp2ctl); 5234 return (0); 5235 } 5236 5237 zoneid = connp->conn_zoneid; 5238 5239 /* fixed length structure for IPv4 and IPv6 counters */ 5240 SET_MIB(us->us_udp_mib.udpEntrySize, sizeof (mib2_udpEntry_t)); 5241 SET_MIB(us->us_udp_mib.udp6EntrySize, sizeof (mib2_udp6Entry_t)); 5242 /* synchronize 64- and 32-bit counters */ 5243 SYNC32_MIB(&us->us_udp_mib, udpInDatagrams, udpHCInDatagrams); 5244 SYNC32_MIB(&us->us_udp_mib, udpOutDatagrams, udpHCOutDatagrams); 5245 5246 optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)]; 5247 optp->level = MIB2_UDP; 5248 optp->name = 0; 5249 (void) snmp_append_data(mpdata, (char *)&us->us_udp_mib, 5250 sizeof (us->us_udp_mib)); 5251 optp->len = msgdsize(mpdata); 5252 qreply(q, mpctl); 5253 5254 mp_conn_tail = mp_attr_tail = mp6_conn_tail = mp6_attr_tail = NULL; 5255 v4_conn_idx = v6_conn_idx = 0; 5256 5257 for (i = 0; i < CONN_G_HASH_SIZE; i++) { 5258 connfp = &ipst->ips_ipcl_globalhash_fanout[i]; 5259 connp = NULL; 5260 5261 while ((connp = ipcl_get_next_conn(connfp, connp, 5262 IPCL_UDPCONN))) { 5263 udp = connp->conn_udp; 5264 if (zoneid != connp->conn_zoneid) 5265 continue; 5266 5267 /* 5268 * Note that the port numbers are sent in 5269 * host byte order 5270 */ 5271 5272 if (udp->udp_state == TS_UNBND) 5273 state = MIB2_UDP_unbound; 5274 else if (udp->udp_state == TS_IDLE) 5275 state = MIB2_UDP_idle; 5276 else if (udp->udp_state == TS_DATA_XFER) 5277 state = MIB2_UDP_connected; 5278 else 5279 state = MIB2_UDP_unknown; 5280 5281 needattr = B_FALSE; 5282 bzero(&mlp, sizeof (mlp)); 5283 if (connp->conn_mlp_type != mlptSingle) { 5284 if (connp->conn_mlp_type == mlptShared || 5285 connp->conn_mlp_type == mlptBoth) 5286 mlp.tme_flags |= MIB2_TMEF_SHARED; 5287 if (connp->conn_mlp_type == mlptPrivate || 5288 connp->conn_mlp_type == mlptBoth) 5289 mlp.tme_flags |= MIB2_TMEF_PRIVATE; 5290 needattr = B_TRUE; 5291 } 5292 5293 /* 5294 * Create an IPv4 table entry for IPv4 entries and also 5295 * any IPv6 entries which are bound to in6addr_any 5296 * (i.e. anything a IPv4 peer could connect/send to). 5297 */ 5298 if (udp->udp_ipversion == IPV4_VERSION || 5299 (udp->udp_state <= TS_IDLE && 5300 IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src))) { 5301 ude.udpEntryInfo.ue_state = state; 5302 /* 5303 * If in6addr_any this will set it to 5304 * INADDR_ANY 5305 */ 5306 ude.udpLocalAddress = 5307 V4_PART_OF_V6(udp->udp_v6src); 5308 ude.udpLocalPort = ntohs(udp->udp_port); 5309 if (udp->udp_state == TS_DATA_XFER) { 5310 /* 5311 * Can potentially get here for 5312 * v6 socket if another process 5313 * (say, ping) has just done a 5314 * sendto(), changing the state 5315 * from the TS_IDLE above to 5316 * TS_DATA_XFER by the time we hit 5317 * this part of the code. 5318 */ 5319 ude.udpEntryInfo.ue_RemoteAddress = 5320 V4_PART_OF_V6(udp->udp_v6dst); 5321 ude.udpEntryInfo.ue_RemotePort = 5322 ntohs(udp->udp_dstport); 5323 } else { 5324 ude.udpEntryInfo.ue_RemoteAddress = 0; 5325 ude.udpEntryInfo.ue_RemotePort = 0; 5326 } 5327 5328 /* 5329 * We make the assumption that all udp_t 5330 * structs will be created within an address 5331 * region no larger than 32-bits. 5332 */ 5333 ude.udpInstance = (uint32_t)(uintptr_t)udp; 5334 ude.udpCreationProcess = 5335 (udp->udp_open_pid < 0) ? 5336 MIB2_UNKNOWN_PROCESS : 5337 udp->udp_open_pid; 5338 ude.udpCreationTime = udp->udp_open_time; 5339 5340 (void) snmp_append_data2(mp_conn_ctl->b_cont, 5341 &mp_conn_tail, (char *)&ude, sizeof (ude)); 5342 mlp.tme_connidx = v4_conn_idx++; 5343 if (needattr) 5344 (void) snmp_append_data2( 5345 mp_attr_ctl->b_cont, &mp_attr_tail, 5346 (char *)&mlp, sizeof (mlp)); 5347 } 5348 if (udp->udp_ipversion == IPV6_VERSION) { 5349 ude6.udp6EntryInfo.ue_state = state; 5350 ude6.udp6LocalAddress = udp->udp_v6src; 5351 ude6.udp6LocalPort = ntohs(udp->udp_port); 5352 ude6.udp6IfIndex = udp->udp_bound_if; 5353 if (udp->udp_state == TS_DATA_XFER) { 5354 ude6.udp6EntryInfo.ue_RemoteAddress = 5355 udp->udp_v6dst; 5356 ude6.udp6EntryInfo.ue_RemotePort = 5357 ntohs(udp->udp_dstport); 5358 } else { 5359 ude6.udp6EntryInfo.ue_RemoteAddress = 5360 sin6_null.sin6_addr; 5361 ude6.udp6EntryInfo.ue_RemotePort = 0; 5362 } 5363 /* 5364 * We make the assumption that all udp_t 5365 * structs will be created within an address 5366 * region no larger than 32-bits. 5367 */ 5368 ude6.udp6Instance = (uint32_t)(uintptr_t)udp; 5369 ude6.udp6CreationProcess = 5370 (udp->udp_open_pid < 0) ? 5371 MIB2_UNKNOWN_PROCESS : 5372 udp->udp_open_pid; 5373 ude6.udp6CreationTime = udp->udp_open_time; 5374 5375 (void) snmp_append_data2(mp6_conn_ctl->b_cont, 5376 &mp6_conn_tail, (char *)&ude6, 5377 sizeof (ude6)); 5378 mlp.tme_connidx = v6_conn_idx++; 5379 if (needattr) 5380 (void) snmp_append_data2( 5381 mp6_attr_ctl->b_cont, 5382 &mp6_attr_tail, (char *)&mlp, 5383 sizeof (mlp)); 5384 } 5385 } 5386 } 5387 5388 /* IPv4 UDP endpoints */ 5389 optp = (struct opthdr *)&mp_conn_ctl->b_rptr[ 5390 sizeof (struct T_optmgmt_ack)]; 5391 optp->level = MIB2_UDP; 5392 optp->name = MIB2_UDP_ENTRY; 5393 optp->len = msgdsize(mp_conn_ctl->b_cont); 5394 qreply(q, mp_conn_ctl); 5395 5396 /* table of MLP attributes... */ 5397 optp = (struct opthdr *)&mp_attr_ctl->b_rptr[ 5398 sizeof (struct T_optmgmt_ack)]; 5399 optp->level = MIB2_UDP; 5400 optp->name = EXPER_XPORT_MLP; 5401 optp->len = msgdsize(mp_attr_ctl->b_cont); 5402 if (optp->len == 0) 5403 freemsg(mp_attr_ctl); 5404 else 5405 qreply(q, mp_attr_ctl); 5406 5407 /* IPv6 UDP endpoints */ 5408 optp = (struct opthdr *)&mp6_conn_ctl->b_rptr[ 5409 sizeof (struct T_optmgmt_ack)]; 5410 optp->level = MIB2_UDP6; 5411 optp->name = MIB2_UDP6_ENTRY; 5412 optp->len = msgdsize(mp6_conn_ctl->b_cont); 5413 qreply(q, mp6_conn_ctl); 5414 5415 /* table of MLP attributes... */ 5416 optp = (struct opthdr *)&mp6_attr_ctl->b_rptr[ 5417 sizeof (struct T_optmgmt_ack)]; 5418 optp->level = MIB2_UDP6; 5419 optp->name = EXPER_XPORT_MLP; 5420 optp->len = msgdsize(mp6_attr_ctl->b_cont); 5421 if (optp->len == 0) 5422 freemsg(mp6_attr_ctl); 5423 else 5424 qreply(q, mp6_attr_ctl); 5425 5426 return (mp2ctl); 5427 } 5428 5429 /* 5430 * Return 0 if invalid set request, 1 otherwise, including non-udp requests. 5431 * NOTE: Per MIB-II, UDP has no writable data. 5432 * TODO: If this ever actually tries to set anything, it needs to be 5433 * to do the appropriate locking. 5434 */ 5435 /* ARGSUSED */ 5436 int 5437 udp_snmp_set(queue_t *q, t_scalar_t level, t_scalar_t name, 5438 uchar_t *ptr, int len) 5439 { 5440 switch (level) { 5441 case MIB2_UDP: 5442 return (0); 5443 default: 5444 return (1); 5445 } 5446 } 5447 5448 static void 5449 udp_report_item(mblk_t *mp, udp_t *udp) 5450 { 5451 char *state; 5452 char addrbuf1[INET6_ADDRSTRLEN]; 5453 char addrbuf2[INET6_ADDRSTRLEN]; 5454 uint_t print_len, buf_len; 5455 5456 buf_len = mp->b_datap->db_lim - mp->b_wptr; 5457 ASSERT(buf_len >= 0); 5458 if (buf_len == 0) 5459 return; 5460 5461 if (udp->udp_state == TS_UNBND) 5462 state = "UNBOUND"; 5463 else if (udp->udp_state == TS_IDLE) 5464 state = "IDLE"; 5465 else if (udp->udp_state == TS_DATA_XFER) 5466 state = "CONNECTED"; 5467 else 5468 state = "UnkState"; 5469 print_len = snprintf((char *)mp->b_wptr, buf_len, 5470 MI_COL_PTRFMT_STR "%4d %5u %s %s %5u %s\n", 5471 (void *)udp, udp->udp_connp->conn_zoneid, ntohs(udp->udp_port), 5472 inet_ntop(AF_INET6, &udp->udp_v6src, addrbuf1, sizeof (addrbuf1)), 5473 inet_ntop(AF_INET6, &udp->udp_v6dst, addrbuf2, sizeof (addrbuf2)), 5474 ntohs(udp->udp_dstport), state); 5475 if (print_len < buf_len) { 5476 mp->b_wptr += print_len; 5477 } else { 5478 mp->b_wptr += buf_len; 5479 } 5480 } 5481 5482 /* Report for ndd "udp_status" */ 5483 /* ARGSUSED */ 5484 static int 5485 udp_status_report(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 5486 { 5487 zoneid_t zoneid; 5488 connf_t *connfp; 5489 conn_t *connp = Q_TO_CONN(q); 5490 udp_t *udp = connp->conn_udp; 5491 int i; 5492 udp_stack_t *us = udp->udp_us; 5493 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 5494 5495 /* 5496 * Because of the ndd constraint, at most we can have 64K buffer 5497 * to put in all UDP info. So to be more efficient, just 5498 * allocate a 64K buffer here, assuming we need that large buffer. 5499 * This may be a problem as any user can read udp_status. Therefore 5500 * we limit the rate of doing this using us_ndd_get_info_interval. 5501 * This should be OK as normal users should not do this too often. 5502 */ 5503 if (cr == NULL || secpolicy_ip_config(cr, B_TRUE) != 0) { 5504 if (ddi_get_lbolt() - us->us_last_ndd_get_info_time < 5505 drv_usectohz(us->us_ndd_get_info_interval * 1000)) { 5506 (void) mi_mpprintf(mp, NDD_TOO_QUICK_MSG); 5507 return (0); 5508 } 5509 } 5510 if ((mp->b_cont = allocb(ND_MAX_BUF_LEN, BPRI_HI)) == NULL) { 5511 /* The following may work even if we cannot get a large buf. */ 5512 (void) mi_mpprintf(mp, NDD_OUT_OF_BUF_MSG); 5513 return (0); 5514 } 5515 (void) mi_mpprintf(mp, 5516 "UDP " MI_COL_HDRPAD_STR 5517 /* 12345678[89ABCDEF] */ 5518 " zone lport src addr dest addr port state"); 5519 /* 1234 12345 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 12345 UNBOUND */ 5520 5521 zoneid = connp->conn_zoneid; 5522 5523 for (i = 0; i < CONN_G_HASH_SIZE; i++) { 5524 connfp = &ipst->ips_ipcl_globalhash_fanout[i]; 5525 connp = NULL; 5526 5527 while ((connp = ipcl_get_next_conn(connfp, connp, 5528 IPCL_UDPCONN))) { 5529 udp = connp->conn_udp; 5530 if (zoneid != GLOBAL_ZONEID && 5531 zoneid != connp->conn_zoneid) 5532 continue; 5533 5534 udp_report_item(mp->b_cont, udp); 5535 } 5536 } 5537 us->us_last_ndd_get_info_time = ddi_get_lbolt(); 5538 return (0); 5539 } 5540 5541 /* 5542 * This routine creates a T_UDERROR_IND message and passes it upstream. 5543 * The address and options are copied from the T_UNITDATA_REQ message 5544 * passed in mp. This message is freed. 5545 */ 5546 static void 5547 udp_ud_err(queue_t *q, mblk_t *mp, uchar_t *destaddr, t_scalar_t destlen, 5548 t_scalar_t err) 5549 { 5550 struct T_unitdata_req *tudr; 5551 mblk_t *mp1; 5552 uchar_t *optaddr; 5553 t_scalar_t optlen; 5554 5555 if (DB_TYPE(mp) == M_DATA) { 5556 ASSERT(destaddr != NULL && destlen != 0); 5557 optaddr = NULL; 5558 optlen = 0; 5559 } else { 5560 if ((mp->b_wptr < mp->b_rptr) || 5561 (MBLKL(mp)) < sizeof (struct T_unitdata_req)) { 5562 goto done; 5563 } 5564 tudr = (struct T_unitdata_req *)mp->b_rptr; 5565 destaddr = mp->b_rptr + tudr->DEST_offset; 5566 if (destaddr < mp->b_rptr || destaddr >= mp->b_wptr || 5567 destaddr + tudr->DEST_length < mp->b_rptr || 5568 destaddr + tudr->DEST_length > mp->b_wptr) { 5569 goto done; 5570 } 5571 optaddr = mp->b_rptr + tudr->OPT_offset; 5572 if (optaddr < mp->b_rptr || optaddr >= mp->b_wptr || 5573 optaddr + tudr->OPT_length < mp->b_rptr || 5574 optaddr + tudr->OPT_length > mp->b_wptr) { 5575 goto done; 5576 } 5577 destlen = tudr->DEST_length; 5578 optlen = tudr->OPT_length; 5579 } 5580 5581 mp1 = mi_tpi_uderror_ind((char *)destaddr, destlen, 5582 (char *)optaddr, optlen, err); 5583 if (mp1 != NULL) 5584 qreply(q, mp1); 5585 5586 done: 5587 freemsg(mp); 5588 } 5589 5590 /* 5591 * This routine removes a port number association from a stream. It 5592 * is called by udp_wput to handle T_UNBIND_REQ messages. 5593 */ 5594 static void 5595 udp_unbind(queue_t *q, mblk_t *mp) 5596 { 5597 udp_t *udp = Q_TO_UDP(q); 5598 udp_fanout_t *udpf; 5599 udp_stack_t *us = udp->udp_us; 5600 5601 if (cl_inet_unbind != NULL) { 5602 /* 5603 * Running in cluster mode - register unbind information 5604 */ 5605 if (udp->udp_ipversion == IPV4_VERSION) { 5606 (*cl_inet_unbind)(IPPROTO_UDP, AF_INET, 5607 (uint8_t *)(&V4_PART_OF_V6(udp->udp_v6src)), 5608 (in_port_t)udp->udp_port); 5609 } else { 5610 (*cl_inet_unbind)(IPPROTO_UDP, AF_INET6, 5611 (uint8_t *)&(udp->udp_v6src), 5612 (in_port_t)udp->udp_port); 5613 } 5614 } 5615 5616 rw_enter(&udp->udp_rwlock, RW_WRITER); 5617 if (udp->udp_state == TS_UNBND || udp->udp_pending_op != -1) { 5618 rw_exit(&udp->udp_rwlock); 5619 udp_err_ack(q, mp, TOUTSTATE, 0); 5620 return; 5621 } 5622 udp->udp_pending_op = T_UNBIND_REQ; 5623 rw_exit(&udp->udp_rwlock); 5624 5625 /* 5626 * Pass the unbind to IP; T_UNBIND_REQ is larger than T_OK_ACK 5627 * and therefore ip_unbind must never return NULL. 5628 */ 5629 mp = ip_unbind(q, mp); 5630 ASSERT(mp != NULL); 5631 ASSERT(((struct T_ok_ack *)mp->b_rptr)->PRIM_type == T_OK_ACK); 5632 5633 /* 5634 * Once we're unbound from IP, the pending operation may be cleared 5635 * here. 5636 */ 5637 rw_enter(&udp->udp_rwlock, RW_WRITER); 5638 udpf = &us->us_bind_fanout[UDP_BIND_HASH(udp->udp_port, 5639 us->us_bind_fanout_size)]; 5640 mutex_enter(&udpf->uf_lock); 5641 udp_bind_hash_remove(udp, B_TRUE); 5642 V6_SET_ZERO(udp->udp_v6src); 5643 V6_SET_ZERO(udp->udp_bound_v6src); 5644 udp->udp_port = 0; 5645 mutex_exit(&udpf->uf_lock); 5646 5647 udp->udp_pending_op = -1; 5648 udp->udp_state = TS_UNBND; 5649 if (udp->udp_family == AF_INET6) 5650 (void) udp_build_hdrs(udp); 5651 rw_exit(&udp->udp_rwlock); 5652 5653 qreply(q, mp); 5654 } 5655 5656 /* 5657 * Don't let port fall into the privileged range. 5658 * Since the extra privileged ports can be arbitrary we also 5659 * ensure that we exclude those from consideration. 5660 * us->us_epriv_ports is not sorted thus we loop over it until 5661 * there are no changes. 5662 */ 5663 static in_port_t 5664 udp_update_next_port(udp_t *udp, in_port_t port, boolean_t random) 5665 { 5666 int i; 5667 in_port_t nextport; 5668 boolean_t restart = B_FALSE; 5669 udp_stack_t *us = udp->udp_us; 5670 5671 if (random && udp_random_anon_port != 0) { 5672 (void) random_get_pseudo_bytes((uint8_t *)&port, 5673 sizeof (in_port_t)); 5674 /* 5675 * Unless changed by a sys admin, the smallest anon port 5676 * is 32768 and the largest anon port is 65535. It is 5677 * very likely (50%) for the random port to be smaller 5678 * than the smallest anon port. When that happens, 5679 * add port % (anon port range) to the smallest anon 5680 * port to get the random port. It should fall into the 5681 * valid anon port range. 5682 */ 5683 if (port < us->us_smallest_anon_port) { 5684 port = us->us_smallest_anon_port + 5685 port % (us->us_largest_anon_port - 5686 us->us_smallest_anon_port); 5687 } 5688 } 5689 5690 retry: 5691 if (port < us->us_smallest_anon_port) 5692 port = us->us_smallest_anon_port; 5693 5694 if (port > us->us_largest_anon_port) { 5695 port = us->us_smallest_anon_port; 5696 if (restart) 5697 return (0); 5698 restart = B_TRUE; 5699 } 5700 5701 if (port < us->us_smallest_nonpriv_port) 5702 port = us->us_smallest_nonpriv_port; 5703 5704 for (i = 0; i < us->us_num_epriv_ports; i++) { 5705 if (port == us->us_epriv_ports[i]) { 5706 port++; 5707 /* 5708 * Make sure that the port is in the 5709 * valid range. 5710 */ 5711 goto retry; 5712 } 5713 } 5714 5715 if (is_system_labeled() && 5716 (nextport = tsol_next_port(crgetzone(udp->udp_connp->conn_cred), 5717 port, IPPROTO_UDP, B_TRUE)) != 0) { 5718 port = nextport; 5719 goto retry; 5720 } 5721 5722 return (port); 5723 } 5724 5725 static int 5726 udp_update_label(queue_t *wq, mblk_t *mp, ipaddr_t dst) 5727 { 5728 int err; 5729 uchar_t opt_storage[IP_MAX_OPT_LENGTH]; 5730 udp_t *udp = Q_TO_UDP(wq); 5731 udp_stack_t *us = udp->udp_us; 5732 5733 err = tsol_compute_label(DB_CREDDEF(mp, udp->udp_connp->conn_cred), dst, 5734 opt_storage, udp->udp_mac_exempt, 5735 us->us_netstack->netstack_ip); 5736 if (err == 0) { 5737 err = tsol_update_options(&udp->udp_ip_snd_options, 5738 &udp->udp_ip_snd_options_len, &udp->udp_label_len, 5739 opt_storage); 5740 } 5741 if (err != 0) { 5742 DTRACE_PROBE4( 5743 tx__ip__log__info__updatelabel__udp, 5744 char *, "queue(1) failed to update options(2) on mp(3)", 5745 queue_t *, wq, char *, opt_storage, mblk_t *, mp); 5746 } else { 5747 IN6_IPADDR_TO_V4MAPPED(dst, &udp->udp_v6lastdst); 5748 } 5749 return (err); 5750 } 5751 5752 static mblk_t * 5753 udp_output_v4(conn_t *connp, mblk_t *mp, ipaddr_t v4dst, uint16_t port, 5754 uint_t srcid, int *error, boolean_t insert_spi) 5755 { 5756 udp_t *udp = connp->conn_udp; 5757 queue_t *q = connp->conn_wq; 5758 mblk_t *mp1 = mp; 5759 mblk_t *mp2; 5760 ipha_t *ipha; 5761 int ip_hdr_length; 5762 uint32_t ip_len; 5763 udpha_t *udpha; 5764 boolean_t lock_held = B_FALSE; 5765 in_port_t uha_src_port; 5766 udpattrs_t attrs; 5767 uchar_t ip_snd_opt[IP_MAX_OPT_LENGTH]; 5768 uint32_t ip_snd_opt_len = 0; 5769 ip4_pkt_t pktinfo; 5770 ip4_pkt_t *pktinfop = &pktinfo; 5771 ip_opt_info_t optinfo; 5772 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 5773 udp_stack_t *us = udp->udp_us; 5774 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec; 5775 5776 5777 *error = 0; 5778 pktinfop->ip4_ill_index = 0; 5779 pktinfop->ip4_addr = INADDR_ANY; 5780 optinfo.ip_opt_flags = 0; 5781 optinfo.ip_opt_ill_index = 0; 5782 5783 if (v4dst == INADDR_ANY) 5784 v4dst = htonl(INADDR_LOOPBACK); 5785 5786 /* 5787 * If options passed in, feed it for verification and handling 5788 */ 5789 attrs.udpattr_credset = B_FALSE; 5790 if (DB_TYPE(mp) != M_DATA) { 5791 mp1 = mp->b_cont; 5792 if (((struct T_unitdata_req *)mp->b_rptr)->OPT_length != 0) { 5793 attrs.udpattr_ipp4 = pktinfop; 5794 attrs.udpattr_mb = mp; 5795 if (udp_unitdata_opt_process(q, mp, error, &attrs) < 0) 5796 goto done; 5797 /* 5798 * Note: success in processing options. 5799 * mp option buffer represented by 5800 * OPT_length/offset now potentially modified 5801 * and contain option setting results 5802 */ 5803 ASSERT(*error == 0); 5804 } 5805 } 5806 5807 /* mp1 points to the M_DATA mblk carrying the packet */ 5808 ASSERT(mp1 != NULL && DB_TYPE(mp1) == M_DATA); 5809 5810 rw_enter(&udp->udp_rwlock, RW_READER); 5811 lock_held = B_TRUE; 5812 /* 5813 * Check if our saved options are valid; update if not. 5814 * TSOL Note: Since we are not in WRITER mode, UDP packets 5815 * to different destination may require different labels, 5816 * or worse, UDP packets to same IP address may require 5817 * different labels due to use of shared all-zones address. 5818 * We use conn_lock to ensure that lastdst, ip_snd_options, 5819 * and ip_snd_options_len are consistent for the current 5820 * destination and are updated atomically. 5821 */ 5822 mutex_enter(&connp->conn_lock); 5823 if (is_system_labeled()) { 5824 /* Using UDP MLP requires SCM_UCRED from user */ 5825 if (connp->conn_mlp_type != mlptSingle && 5826 !attrs.udpattr_credset) { 5827 mutex_exit(&connp->conn_lock); 5828 DTRACE_PROBE4( 5829 tx__ip__log__info__output__udp, 5830 char *, "MLP mp(1) lacks SCM_UCRED attr(2) on q(3)", 5831 mblk_t *, mp1, udpattrs_t *, &attrs, queue_t *, q); 5832 *error = ECONNREFUSED; 5833 goto done; 5834 } 5835 /* 5836 * update label option for this UDP socket if 5837 * - the destination has changed, or 5838 * - the UDP socket is MLP 5839 */ 5840 if ((!IN6_IS_ADDR_V4MAPPED(&udp->udp_v6lastdst) || 5841 V4_PART_OF_V6(udp->udp_v6lastdst) != v4dst || 5842 connp->conn_mlp_type != mlptSingle) && 5843 (*error = udp_update_label(q, mp, v4dst)) != 0) { 5844 mutex_exit(&connp->conn_lock); 5845 goto done; 5846 } 5847 } 5848 if (udp->udp_ip_snd_options_len > 0) { 5849 ip_snd_opt_len = udp->udp_ip_snd_options_len; 5850 bcopy(udp->udp_ip_snd_options, ip_snd_opt, ip_snd_opt_len); 5851 } 5852 mutex_exit(&connp->conn_lock); 5853 5854 /* Add an IP header */ 5855 ip_hdr_length = IP_SIMPLE_HDR_LENGTH + UDPH_SIZE + ip_snd_opt_len + 5856 (insert_spi ? sizeof (uint32_t) : 0); 5857 ipha = (ipha_t *)&mp1->b_rptr[-ip_hdr_length]; 5858 if (DB_REF(mp1) != 1 || (uchar_t *)ipha < DB_BASE(mp1) || 5859 !OK_32PTR(ipha)) { 5860 mp2 = allocb(ip_hdr_length + us->us_wroff_extra, BPRI_LO); 5861 if (mp2 == NULL) { 5862 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 5863 "udp_wput_end: q %p (%S)", q, "allocbfail2"); 5864 *error = ENOMEM; 5865 goto done; 5866 } 5867 mp2->b_wptr = DB_LIM(mp2); 5868 mp2->b_cont = mp1; 5869 mp1 = mp2; 5870 if (DB_TYPE(mp) != M_DATA) 5871 mp->b_cont = mp1; 5872 else 5873 mp = mp1; 5874 5875 ipha = (ipha_t *)(mp1->b_wptr - ip_hdr_length); 5876 } 5877 ip_hdr_length -= (UDPH_SIZE + (insert_spi ? sizeof (uint32_t) : 0)); 5878 #ifdef _BIG_ENDIAN 5879 /* Set version, header length, and tos */ 5880 *(uint16_t *)&ipha->ipha_version_and_hdr_length = 5881 ((((IP_VERSION << 4) | (ip_hdr_length>>2)) << 8) | 5882 udp->udp_type_of_service); 5883 /* Set ttl and protocol */ 5884 *(uint16_t *)&ipha->ipha_ttl = (udp->udp_ttl << 8) | IPPROTO_UDP; 5885 #else 5886 /* Set version, header length, and tos */ 5887 *(uint16_t *)&ipha->ipha_version_and_hdr_length = 5888 ((udp->udp_type_of_service << 8) | 5889 ((IP_VERSION << 4) | (ip_hdr_length>>2))); 5890 /* Set ttl and protocol */ 5891 *(uint16_t *)&ipha->ipha_ttl = (IPPROTO_UDP << 8) | udp->udp_ttl; 5892 #endif 5893 if (pktinfop->ip4_addr != INADDR_ANY) { 5894 ipha->ipha_src = pktinfop->ip4_addr; 5895 optinfo.ip_opt_flags = IP_VERIFY_SRC; 5896 } else { 5897 /* 5898 * Copy our address into the packet. If this is zero, 5899 * first look at __sin6_src_id for a hint. If we leave the 5900 * source as INADDR_ANY then ip will fill in the real source 5901 * address. 5902 */ 5903 IN6_V4MAPPED_TO_IPADDR(&udp->udp_v6src, ipha->ipha_src); 5904 if (srcid != 0 && ipha->ipha_src == INADDR_ANY) { 5905 in6_addr_t v6src; 5906 5907 ip_srcid_find_id(srcid, &v6src, connp->conn_zoneid, 5908 us->us_netstack); 5909 IN6_V4MAPPED_TO_IPADDR(&v6src, ipha->ipha_src); 5910 } 5911 } 5912 uha_src_port = udp->udp_port; 5913 if (ip_hdr_length == IP_SIMPLE_HDR_LENGTH) { 5914 rw_exit(&udp->udp_rwlock); 5915 lock_held = B_FALSE; 5916 } 5917 5918 if (pktinfop->ip4_ill_index != 0) { 5919 optinfo.ip_opt_ill_index = pktinfop->ip4_ill_index; 5920 } 5921 5922 ipha->ipha_fragment_offset_and_flags = 0; 5923 ipha->ipha_ident = 0; 5924 5925 mp1->b_rptr = (uchar_t *)ipha; 5926 5927 ASSERT((uintptr_t)(mp1->b_wptr - (uchar_t *)ipha) <= 5928 (uintptr_t)UINT_MAX); 5929 5930 /* Determine length of packet */ 5931 ip_len = (uint32_t)(mp1->b_wptr - (uchar_t *)ipha); 5932 if ((mp2 = mp1->b_cont) != NULL) { 5933 do { 5934 ASSERT((uintptr_t)MBLKL(mp2) <= (uintptr_t)UINT_MAX); 5935 ip_len += (uint32_t)MBLKL(mp2); 5936 } while ((mp2 = mp2->b_cont) != NULL); 5937 } 5938 /* 5939 * If the size of the packet is greater than the maximum allowed by 5940 * ip, return an error. Passing this down could cause panics because 5941 * the size will have wrapped and be inconsistent with the msg size. 5942 */ 5943 if (ip_len > IP_MAXPACKET) { 5944 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 5945 "udp_wput_end: q %p (%S)", q, "IP length exceeded"); 5946 *error = EMSGSIZE; 5947 goto done; 5948 } 5949 ipha->ipha_length = htons((uint16_t)ip_len); 5950 ip_len -= ip_hdr_length; 5951 ip_len = htons((uint16_t)ip_len); 5952 udpha = (udpha_t *)(((uchar_t *)ipha) + ip_hdr_length); 5953 5954 /* Insert all-0s SPI now. */ 5955 if (insert_spi) 5956 *((uint32_t *)(udpha + 1)) = 0; 5957 5958 /* 5959 * Copy in the destination address 5960 */ 5961 ipha->ipha_dst = v4dst; 5962 5963 /* 5964 * Set ttl based on IP_MULTICAST_TTL to match IPv6 logic. 5965 */ 5966 if (CLASSD(v4dst)) 5967 ipha->ipha_ttl = udp->udp_multicast_ttl; 5968 5969 udpha->uha_dst_port = port; 5970 udpha->uha_src_port = uha_src_port; 5971 5972 if (ip_snd_opt_len > 0) { 5973 uint32_t cksum; 5974 5975 bcopy(ip_snd_opt, &ipha[1], ip_snd_opt_len); 5976 lock_held = B_FALSE; 5977 rw_exit(&udp->udp_rwlock); 5978 /* 5979 * Massage source route putting first source route in ipha_dst. 5980 * Ignore the destination in T_unitdata_req. 5981 * Create a checksum adjustment for a source route, if any. 5982 */ 5983 cksum = ip_massage_options(ipha, us->us_netstack); 5984 cksum = (cksum & 0xFFFF) + (cksum >> 16); 5985 cksum -= ((ipha->ipha_dst >> 16) & 0xFFFF) + 5986 (ipha->ipha_dst & 0xFFFF); 5987 if ((int)cksum < 0) 5988 cksum--; 5989 cksum = (cksum & 0xFFFF) + (cksum >> 16); 5990 /* 5991 * IP does the checksum if uha_checksum is non-zero, 5992 * We make it easy for IP to include our pseudo header 5993 * by putting our length in uha_checksum. 5994 */ 5995 cksum += ip_len; 5996 cksum = (cksum & 0xFFFF) + (cksum >> 16); 5997 /* There might be a carry. */ 5998 cksum = (cksum & 0xFFFF) + (cksum >> 16); 5999 #ifdef _LITTLE_ENDIAN 6000 if (us->us_do_checksum) 6001 ip_len = (cksum << 16) | ip_len; 6002 #else 6003 if (us->us_do_checksum) 6004 ip_len = (ip_len << 16) | cksum; 6005 else 6006 ip_len <<= 16; 6007 #endif 6008 } else { 6009 /* 6010 * IP does the checksum if uha_checksum is non-zero, 6011 * We make it easy for IP to include our pseudo header 6012 * by putting our length in uha_checksum. 6013 */ 6014 if (us->us_do_checksum) 6015 ip_len |= (ip_len << 16); 6016 #ifndef _LITTLE_ENDIAN 6017 else 6018 ip_len <<= 16; 6019 #endif 6020 } 6021 ASSERT(!lock_held); 6022 /* Set UDP length and checksum */ 6023 *((uint32_t *)&udpha->uha_length) = ip_len; 6024 if (DB_CRED(mp) != NULL) 6025 mblk_setcred(mp1, DB_CRED(mp)); 6026 6027 if (DB_TYPE(mp) != M_DATA) { 6028 ASSERT(mp != mp1); 6029 freeb(mp); 6030 } 6031 6032 /* mp has been consumed and we'll return success */ 6033 ASSERT(*error == 0); 6034 mp = NULL; 6035 6036 /* We're done. Pass the packet to ip. */ 6037 BUMP_MIB(&us->us_udp_mib, udpHCOutDatagrams); 6038 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6039 "udp_wput_end: q %p (%S)", q, "end"); 6040 6041 if ((connp->conn_flags & IPCL_CHECK_POLICY) != 0 || 6042 CONN_OUTBOUND_POLICY_PRESENT(connp, ipss) || 6043 connp->conn_dontroute || 6044 connp->conn_nofailover_ill != NULL || 6045 connp->conn_outgoing_ill != NULL || optinfo.ip_opt_flags != 0 || 6046 optinfo.ip_opt_ill_index != 0 || 6047 ipha->ipha_version_and_hdr_length != IP_SIMPLE_HDR_VERSION || 6048 IPP_ENABLED(IPP_LOCAL_OUT, ipst) || 6049 ipst->ips_ip_g_mrouter != NULL) { 6050 UDP_STAT(us, udp_ip_send); 6051 ip_output_options(connp, mp1, connp->conn_wq, IP_WPUT, 6052 &optinfo); 6053 } else { 6054 udp_send_data(udp, connp->conn_wq, mp1, ipha); 6055 } 6056 6057 done: 6058 if (lock_held) 6059 rw_exit(&udp->udp_rwlock); 6060 if (*error != 0) { 6061 ASSERT(mp != NULL); 6062 BUMP_MIB(&us->us_udp_mib, udpOutErrors); 6063 } 6064 return (mp); 6065 } 6066 6067 static void 6068 udp_send_data(udp_t *udp, queue_t *q, mblk_t *mp, ipha_t *ipha) 6069 { 6070 conn_t *connp = udp->udp_connp; 6071 ipaddr_t src, dst; 6072 ire_t *ire; 6073 ipif_t *ipif = NULL; 6074 mblk_t *ire_fp_mp; 6075 boolean_t retry_caching; 6076 udp_stack_t *us = udp->udp_us; 6077 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 6078 6079 dst = ipha->ipha_dst; 6080 src = ipha->ipha_src; 6081 ASSERT(ipha->ipha_ident == 0); 6082 6083 if (CLASSD(dst)) { 6084 int err; 6085 6086 ipif = conn_get_held_ipif(connp, 6087 &connp->conn_multicast_ipif, &err); 6088 6089 if (ipif == NULL || ipif->ipif_isv6 || 6090 (ipif->ipif_ill->ill_phyint->phyint_flags & 6091 PHYI_LOOPBACK)) { 6092 if (ipif != NULL) 6093 ipif_refrele(ipif); 6094 UDP_STAT(us, udp_ip_send); 6095 ip_output(connp, mp, q, IP_WPUT); 6096 return; 6097 } 6098 } 6099 6100 retry_caching = B_FALSE; 6101 mutex_enter(&connp->conn_lock); 6102 ire = connp->conn_ire_cache; 6103 ASSERT(!(connp->conn_state_flags & CONN_INCIPIENT)); 6104 6105 if (ire == NULL || ire->ire_addr != dst || 6106 (ire->ire_marks & IRE_MARK_CONDEMNED)) { 6107 retry_caching = B_TRUE; 6108 } else if (CLASSD(dst) && (ire->ire_type & IRE_CACHE)) { 6109 ill_t *stq_ill = (ill_t *)ire->ire_stq->q_ptr; 6110 6111 ASSERT(ipif != NULL); 6112 if (stq_ill != ipif->ipif_ill && (stq_ill->ill_group == NULL || 6113 stq_ill->ill_group != ipif->ipif_ill->ill_group)) 6114 retry_caching = B_TRUE; 6115 } 6116 6117 if (!retry_caching) { 6118 ASSERT(ire != NULL); 6119 IRE_REFHOLD(ire); 6120 mutex_exit(&connp->conn_lock); 6121 } else { 6122 boolean_t cached = B_FALSE; 6123 6124 connp->conn_ire_cache = NULL; 6125 mutex_exit(&connp->conn_lock); 6126 6127 /* Release the old ire */ 6128 if (ire != NULL) { 6129 IRE_REFRELE_NOTR(ire); 6130 ire = NULL; 6131 } 6132 6133 if (CLASSD(dst)) { 6134 ASSERT(ipif != NULL); 6135 ire = ire_ctable_lookup(dst, 0, 0, ipif, 6136 connp->conn_zoneid, MBLK_GETLABEL(mp), 6137 MATCH_IRE_ILL_GROUP, ipst); 6138 } else { 6139 ASSERT(ipif == NULL); 6140 ire = ire_cache_lookup(dst, connp->conn_zoneid, 6141 MBLK_GETLABEL(mp), ipst); 6142 } 6143 6144 if (ire == NULL) { 6145 if (ipif != NULL) 6146 ipif_refrele(ipif); 6147 UDP_STAT(us, udp_ire_null); 6148 ip_output(connp, mp, q, IP_WPUT); 6149 return; 6150 } 6151 IRE_REFHOLD_NOTR(ire); 6152 6153 mutex_enter(&connp->conn_lock); 6154 if (CONN_CACHE_IRE(connp) && connp->conn_ire_cache == NULL && 6155 !(ire->ire_marks & IRE_MARK_CONDEMNED)) { 6156 irb_t *irb = ire->ire_bucket; 6157 6158 /* 6159 * IRE's created for non-connection oriented transports 6160 * are normally initialized with IRE_MARK_TEMPORARY set 6161 * in the ire_marks. These IRE's are preferentially 6162 * reaped when the hash chain length in the cache 6163 * bucket exceeds the maximum value specified in 6164 * ip[6]_ire_max_bucket_cnt. This can severely affect 6165 * UDP performance if IRE cache entries that we need 6166 * to reuse are continually removed. To remedy this, 6167 * when we cache the IRE in the conn_t, we remove the 6168 * IRE_MARK_TEMPORARY bit from the ire_marks if it was 6169 * set. 6170 */ 6171 if (ire->ire_marks & IRE_MARK_TEMPORARY) { 6172 rw_enter(&irb->irb_lock, RW_WRITER); 6173 if (ire->ire_marks & IRE_MARK_TEMPORARY) { 6174 ire->ire_marks &= ~IRE_MARK_TEMPORARY; 6175 irb->irb_tmp_ire_cnt--; 6176 } 6177 rw_exit(&irb->irb_lock); 6178 } 6179 connp->conn_ire_cache = ire; 6180 cached = B_TRUE; 6181 } 6182 mutex_exit(&connp->conn_lock); 6183 6184 /* 6185 * We can continue to use the ire but since it was not 6186 * cached, we should drop the extra reference. 6187 */ 6188 if (!cached) 6189 IRE_REFRELE_NOTR(ire); 6190 } 6191 ASSERT(ire != NULL && ire->ire_ipversion == IPV4_VERSION); 6192 ASSERT(!CLASSD(dst) || ipif != NULL); 6193 6194 /* 6195 * Check if we can take the fast-path. 6196 * Note that "incomplete" ire's (where the link-layer for next hop 6197 * is not resolved, or where the fast-path header in nce_fp_mp is not 6198 * available yet) are sent down the legacy (slow) path 6199 */ 6200 if ((ire->ire_type & (IRE_BROADCAST|IRE_LOCAL|IRE_LOOPBACK)) || 6201 (ire->ire_flags & RTF_MULTIRT) || (ire->ire_stq == NULL) || 6202 (ire->ire_max_frag < ntohs(ipha->ipha_length)) || 6203 ((ire->ire_nce == NULL) || 6204 ((ire_fp_mp = ire->ire_nce->nce_fp_mp) == NULL)) || 6205 connp->conn_nexthop_set || (MBLKL(ire_fp_mp) > MBLKHEAD(mp))) { 6206 if (ipif != NULL) 6207 ipif_refrele(ipif); 6208 UDP_STAT(us, udp_ip_ire_send); 6209 IRE_REFRELE(ire); 6210 ip_output(connp, mp, q, IP_WPUT); 6211 return; 6212 } 6213 6214 if (src == INADDR_ANY && !connp->conn_unspec_src) { 6215 if (CLASSD(dst) && !(ire->ire_flags & RTF_SETSRC)) 6216 ipha->ipha_src = ipif->ipif_src_addr; 6217 else 6218 ipha->ipha_src = ire->ire_src_addr; 6219 } 6220 6221 if (ipif != NULL) 6222 ipif_refrele(ipif); 6223 6224 udp_xmit(connp->conn_wq, mp, ire, connp, connp->conn_zoneid); 6225 } 6226 6227 static void 6228 udp_xmit(queue_t *q, mblk_t *mp, ire_t *ire, conn_t *connp, zoneid_t zoneid) 6229 { 6230 ipaddr_t src, dst; 6231 ill_t *ill; 6232 mblk_t *ire_fp_mp; 6233 uint_t ire_fp_mp_len; 6234 uint16_t *up; 6235 uint32_t cksum, hcksum_txflags; 6236 queue_t *dev_q; 6237 udp_t *udp = connp->conn_udp; 6238 ipha_t *ipha = (ipha_t *)mp->b_rptr; 6239 udp_stack_t *us = udp->udp_us; 6240 ip_stack_t *ipst = connp->conn_netstack->netstack_ip; 6241 boolean_t ll_multicast = B_FALSE; 6242 6243 dev_q = ire->ire_stq->q_next; 6244 ASSERT(dev_q != NULL); 6245 6246 6247 if (DEV_Q_IS_FLOW_CTLED(dev_q)) { 6248 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsHCOutRequests); 6249 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 6250 if (ipst->ips_ip_output_queue) 6251 (void) putq(connp->conn_wq, mp); 6252 else 6253 freemsg(mp); 6254 ire_refrele(ire); 6255 return; 6256 } 6257 6258 ire_fp_mp = ire->ire_nce->nce_fp_mp; 6259 ire_fp_mp_len = MBLKL(ire_fp_mp); 6260 ASSERT(MBLKHEAD(mp) >= ire_fp_mp_len); 6261 6262 dst = ipha->ipha_dst; 6263 src = ipha->ipha_src; 6264 6265 ill = ire_to_ill(ire); 6266 ASSERT(ill != NULL); 6267 6268 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutRequests); 6269 6270 ipha->ipha_ident = (uint16_t)atomic_add_32_nv(&ire->ire_ident, 1); 6271 #ifndef _BIG_ENDIAN 6272 ipha->ipha_ident = (ipha->ipha_ident << 8) | (ipha->ipha_ident >> 8); 6273 #endif 6274 6275 if (ILL_HCKSUM_CAPABLE(ill) && dohwcksum) { 6276 ASSERT(ill->ill_hcksum_capab != NULL); 6277 hcksum_txflags = ill->ill_hcksum_capab->ill_hcksum_txflags; 6278 } else { 6279 hcksum_txflags = 0; 6280 } 6281 6282 /* pseudo-header checksum (do it in parts for IP header checksum) */ 6283 cksum = (dst >> 16) + (dst & 0xFFFF) + (src >> 16) + (src & 0xFFFF); 6284 6285 ASSERT(ipha->ipha_version_and_hdr_length == IP_SIMPLE_HDR_VERSION); 6286 up = IPH_UDPH_CHECKSUMP(ipha, IP_SIMPLE_HDR_LENGTH); 6287 if (*up != 0) { 6288 IP_CKSUM_XMIT_FAST(ire->ire_ipversion, hcksum_txflags, 6289 mp, ipha, up, IPPROTO_UDP, IP_SIMPLE_HDR_LENGTH, 6290 ntohs(ipha->ipha_length), cksum); 6291 6292 /* Software checksum? */ 6293 if (DB_CKSUMFLAGS(mp) == 0) { 6294 UDP_STAT(us, udp_out_sw_cksum); 6295 UDP_STAT_UPDATE(us, udp_out_sw_cksum_bytes, 6296 ntohs(ipha->ipha_length) - IP_SIMPLE_HDR_LENGTH); 6297 } 6298 } 6299 6300 if (!CLASSD(dst)) { 6301 ipha->ipha_fragment_offset_and_flags |= 6302 (uint32_t)htons(ire->ire_frag_flag); 6303 } 6304 6305 /* Calculate IP header checksum if hardware isn't capable */ 6306 if (!(DB_CKSUMFLAGS(mp) & HCK_IPV4_HDRCKSUM)) { 6307 IP_HDR_CKSUM(ipha, cksum, ((uint32_t *)ipha)[0], 6308 ((uint16_t *)ipha)[4]); 6309 } 6310 6311 if (CLASSD(dst)) { 6312 boolean_t ilm_exists; 6313 6314 ILM_WALKER_HOLD(ill); 6315 ilm_exists = (ilm_lookup_ill(ill, dst, ALL_ZONES) != NULL); 6316 ILM_WALKER_RELE(ill); 6317 if (ilm_exists) { 6318 ip_multicast_loopback(q, ill, mp, 6319 connp->conn_multicast_loop ? 0 : 6320 IP_FF_NO_MCAST_LOOP, zoneid); 6321 } 6322 6323 /* If multicast TTL is 0 then we are done */ 6324 if (ipha->ipha_ttl == 0) { 6325 freemsg(mp); 6326 ire_refrele(ire); 6327 return; 6328 } 6329 ll_multicast = B_TRUE; 6330 } 6331 6332 ASSERT(DB_TYPE(ire_fp_mp) == M_DATA); 6333 mp->b_rptr = (uchar_t *)ipha - ire_fp_mp_len; 6334 bcopy(ire_fp_mp->b_rptr, mp->b_rptr, ire_fp_mp_len); 6335 6336 UPDATE_OB_PKT_COUNT(ire); 6337 ire->ire_last_used_time = lbolt; 6338 6339 BUMP_MIB(ill->ill_ip_mib, ipIfStatsHCOutTransmits); 6340 UPDATE_MIB(ill->ill_ip_mib, ipIfStatsHCOutOctets, 6341 ntohs(ipha->ipha_length)); 6342 6343 if (ILL_DLS_CAPABLE(ill)) { 6344 /* 6345 * Send the packet directly to DLD, where it may be queued 6346 * depending on the availability of transmit resources at 6347 * the media layer. 6348 */ 6349 IP_DLS_ILL_TX(ill, ipha, mp, ipst); 6350 } else { 6351 DTRACE_PROBE4(ip4__physical__out__start, 6352 ill_t *, NULL, ill_t *, ill, 6353 ipha_t *, ipha, mblk_t *, mp); 6354 FW_HOOKS(ipst->ips_ip4_physical_out_event, 6355 ipst->ips_ipv4firewall_physical_out, 6356 NULL, ill, ipha, mp, mp, ll_multicast, ipst); 6357 DTRACE_PROBE1(ip4__physical__out__end, mblk_t *, mp); 6358 if (mp != NULL) 6359 putnext(ire->ire_stq, mp); 6360 } 6361 6362 IRE_REFRELE(ire); 6363 } 6364 6365 static boolean_t 6366 udp_update_label_v6(queue_t *wq, mblk_t *mp, in6_addr_t *dst) 6367 { 6368 udp_t *udp = Q_TO_UDP(wq); 6369 int err; 6370 uchar_t opt_storage[TSOL_MAX_IPV6_OPTION]; 6371 udp_stack_t *us = udp->udp_us; 6372 6373 err = tsol_compute_label_v6(DB_CREDDEF(mp, udp->udp_connp->conn_cred), 6374 dst, opt_storage, udp->udp_mac_exempt, 6375 us->us_netstack->netstack_ip); 6376 if (err == 0) { 6377 err = tsol_update_sticky(&udp->udp_sticky_ipp, 6378 &udp->udp_label_len_v6, opt_storage); 6379 } 6380 if (err != 0) { 6381 DTRACE_PROBE4( 6382 tx__ip__log__drop__updatelabel__udp6, 6383 char *, "queue(1) failed to update options(2) on mp(3)", 6384 queue_t *, wq, char *, opt_storage, mblk_t *, mp); 6385 } else { 6386 udp->udp_v6lastdst = *dst; 6387 } 6388 return (err); 6389 } 6390 6391 void 6392 udp_output_connected(void *arg, mblk_t *mp) 6393 { 6394 conn_t *connp = (conn_t *)arg; 6395 udp_t *udp = connp->conn_udp; 6396 udp_stack_t *us = udp->udp_us; 6397 ipaddr_t v4dst; 6398 in_port_t dstport; 6399 boolean_t mapped_addr; 6400 struct sockaddr_storage ss; 6401 sin_t *sin; 6402 sin6_t *sin6; 6403 struct sockaddr *addr; 6404 socklen_t addrlen; 6405 int error; 6406 boolean_t insert_spi = udp->udp_nat_t_endpoint; 6407 6408 /* M_DATA for connected socket */ 6409 6410 ASSERT(udp->udp_issocket); 6411 UDP_DBGSTAT(us, udp_data_conn); 6412 6413 mutex_enter(&connp->conn_lock); 6414 if (udp->udp_state != TS_DATA_XFER) { 6415 mutex_exit(&connp->conn_lock); 6416 BUMP_MIB(&us->us_udp_mib, udpOutErrors); 6417 UDP_STAT(us, udp_out_err_notconn); 6418 freemsg(mp); 6419 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6420 "udp_wput_end: connp %p (%S)", connp, 6421 "not-connected; address required"); 6422 return; 6423 } 6424 6425 mapped_addr = IN6_IS_ADDR_V4MAPPED(&udp->udp_v6dst); 6426 if (mapped_addr) 6427 IN6_V4MAPPED_TO_IPADDR(&udp->udp_v6dst, v4dst); 6428 6429 /* Initialize addr and addrlen as if they're passed in */ 6430 if (udp->udp_family == AF_INET) { 6431 sin = (sin_t *)&ss; 6432 sin->sin_family = AF_INET; 6433 dstport = sin->sin_port = udp->udp_dstport; 6434 ASSERT(mapped_addr); 6435 sin->sin_addr.s_addr = v4dst; 6436 addr = (struct sockaddr *)sin; 6437 addrlen = sizeof (*sin); 6438 } else { 6439 sin6 = (sin6_t *)&ss; 6440 sin6->sin6_family = AF_INET6; 6441 dstport = sin6->sin6_port = udp->udp_dstport; 6442 sin6->sin6_flowinfo = udp->udp_flowinfo; 6443 sin6->sin6_addr = udp->udp_v6dst; 6444 sin6->sin6_scope_id = 0; 6445 sin6->__sin6_src_id = 0; 6446 addr = (struct sockaddr *)sin6; 6447 addrlen = sizeof (*sin6); 6448 } 6449 mutex_exit(&connp->conn_lock); 6450 6451 if (mapped_addr) { 6452 /* 6453 * Handle both AF_INET and AF_INET6; the latter 6454 * for IPV4 mapped destination addresses. Note 6455 * here that both addr and addrlen point to the 6456 * corresponding struct depending on the address 6457 * family of the socket. 6458 */ 6459 mp = udp_output_v4(connp, mp, v4dst, dstport, 0, &error, 6460 insert_spi); 6461 } else { 6462 mp = udp_output_v6(connp, mp, sin6, &error); 6463 } 6464 if (error == 0) { 6465 ASSERT(mp == NULL); 6466 return; 6467 } 6468 6469 UDP_STAT(us, udp_out_err_output); 6470 ASSERT(mp != NULL); 6471 /* mp is freed by the following routine */ 6472 udp_ud_err(connp->conn_wq, mp, (uchar_t *)addr, (t_scalar_t)addrlen, 6473 (t_scalar_t)error); 6474 } 6475 6476 /* 6477 * This routine handles all messages passed downstream. It either 6478 * consumes the message or passes it downstream; it never queues a 6479 * a message. 6480 * 6481 * Also entry point for sockfs when udp is in "direct sockfs" mode. This mode 6482 * is valid when we are directly beneath the stream head, and thus sockfs 6483 * is able to bypass STREAMS and directly call us, passing along the sockaddr 6484 * structure without the cumbersome T_UNITDATA_REQ interface for the case of 6485 * connected endpoints. 6486 */ 6487 void 6488 udp_wput(queue_t *q, mblk_t *mp) 6489 { 6490 sin6_t *sin6; 6491 sin_t *sin; 6492 ipaddr_t v4dst; 6493 uint16_t port; 6494 uint_t srcid; 6495 conn_t *connp = Q_TO_CONN(q); 6496 udp_t *udp = connp->conn_udp; 6497 int error = 0; 6498 struct sockaddr *addr; 6499 socklen_t addrlen; 6500 udp_stack_t *us = udp->udp_us; 6501 boolean_t insert_spi = udp->udp_nat_t_endpoint; 6502 6503 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_START, 6504 "udp_wput_start: queue %p mp %p", q, mp); 6505 6506 /* 6507 * We directly handle several cases here: T_UNITDATA_REQ message 6508 * coming down as M_PROTO/M_PCPROTO and M_DATA messages for connected 6509 * socket. 6510 */ 6511 switch (DB_TYPE(mp)) { 6512 case M_DATA: 6513 /* 6514 * Quick check for error cases. Checks will be done again 6515 * under the lock later on 6516 */ 6517 if (!udp->udp_direct_sockfs || udp->udp_state != TS_DATA_XFER) { 6518 /* Not connected; address is required */ 6519 BUMP_MIB(&us->us_udp_mib, udpOutErrors); 6520 UDP_STAT(us, udp_out_err_notconn); 6521 freemsg(mp); 6522 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6523 "udp_wput_end: connp %p (%S)", connp, 6524 "not-connected; address required"); 6525 return; 6526 } 6527 udp_output_connected(connp, mp); 6528 return; 6529 6530 case M_PROTO: 6531 case M_PCPROTO: { 6532 struct T_unitdata_req *tudr; 6533 6534 ASSERT((uintptr_t)MBLKL(mp) <= (uintptr_t)INT_MAX); 6535 tudr = (struct T_unitdata_req *)mp->b_rptr; 6536 6537 /* Handle valid T_UNITDATA_REQ here */ 6538 if (MBLKL(mp) >= sizeof (*tudr) && 6539 ((t_primp_t)mp->b_rptr)->type == T_UNITDATA_REQ) { 6540 if (mp->b_cont == NULL) { 6541 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6542 "udp_wput_end: q %p (%S)", q, "badaddr"); 6543 error = EPROTO; 6544 goto ud_error; 6545 } 6546 6547 if (!MBLKIN(mp, 0, tudr->DEST_offset + 6548 tudr->DEST_length)) { 6549 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6550 "udp_wput_end: q %p (%S)", q, "badaddr"); 6551 error = EADDRNOTAVAIL; 6552 goto ud_error; 6553 } 6554 /* 6555 * If a port has not been bound to the stream, fail. 6556 * This is not a problem when sockfs is directly 6557 * above us, because it will ensure that the socket 6558 * is first bound before allowing data to be sent. 6559 */ 6560 if (udp->udp_state == TS_UNBND) { 6561 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6562 "udp_wput_end: q %p (%S)", q, "outstate"); 6563 error = EPROTO; 6564 goto ud_error; 6565 } 6566 addr = (struct sockaddr *) 6567 &mp->b_rptr[tudr->DEST_offset]; 6568 addrlen = tudr->DEST_length; 6569 if (tudr->OPT_length != 0) 6570 UDP_STAT(us, udp_out_opt); 6571 break; 6572 } 6573 /* FALLTHRU */ 6574 } 6575 default: 6576 udp_wput_other(q, mp); 6577 return; 6578 } 6579 ASSERT(addr != NULL); 6580 6581 switch (udp->udp_family) { 6582 case AF_INET6: 6583 sin6 = (sin6_t *)addr; 6584 if (!OK_32PTR((char *)sin6) || (addrlen != sizeof (sin6_t)) || 6585 (sin6->sin6_family != AF_INET6)) { 6586 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6587 "udp_wput_end: q %p (%S)", q, "badaddr"); 6588 error = EADDRNOTAVAIL; 6589 goto ud_error; 6590 } 6591 6592 if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 6593 /* 6594 * Destination is a non-IPv4-compatible IPv6 address. 6595 * Send out an IPv6 format packet. 6596 */ 6597 mp = udp_output_v6(connp, mp, sin6, &error); 6598 if (error != 0) 6599 goto ud_error; 6600 6601 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6602 "udp_wput_end: q %p (%S)", q, "udp_output_v6"); 6603 return; 6604 } 6605 /* 6606 * If the local address is not zero or a mapped address 6607 * return an error. It would be possible to send an IPv4 6608 * packet but the response would never make it back to the 6609 * application since it is bound to a non-mapped address. 6610 */ 6611 if (!IN6_IS_ADDR_V4MAPPED(&udp->udp_v6src) && 6612 !IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src)) { 6613 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6614 "udp_wput_end: q %p (%S)", q, "badaddr"); 6615 error = EADDRNOTAVAIL; 6616 goto ud_error; 6617 } 6618 /* Send IPv4 packet without modifying udp_ipversion */ 6619 /* Extract port and ipaddr */ 6620 port = sin6->sin6_port; 6621 IN6_V4MAPPED_TO_IPADDR(&sin6->sin6_addr, v4dst); 6622 srcid = sin6->__sin6_src_id; 6623 break; 6624 6625 case AF_INET: 6626 sin = (sin_t *)addr; 6627 if ((!OK_32PTR((char *)sin) || addrlen != sizeof (sin_t)) || 6628 (sin->sin_family != AF_INET)) { 6629 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_END, 6630 "udp_wput_end: q %p (%S)", q, "badaddr"); 6631 error = EADDRNOTAVAIL; 6632 goto ud_error; 6633 } 6634 /* Extract port and ipaddr */ 6635 port = sin->sin_port; 6636 v4dst = sin->sin_addr.s_addr; 6637 srcid = 0; 6638 break; 6639 } 6640 6641 mp = udp_output_v4(connp, mp, v4dst, port, srcid, &error, insert_spi); 6642 if (error != 0) { 6643 ud_error: 6644 UDP_STAT(us, udp_out_err_output); 6645 ASSERT(mp != NULL); 6646 /* mp is freed by the following routine */ 6647 udp_ud_err(q, mp, (uchar_t *)addr, (t_scalar_t)addrlen, 6648 (t_scalar_t)error); 6649 } 6650 } 6651 6652 /* 6653 * udp_output_v6(): 6654 * Assumes that udp_wput did some sanity checking on the destination 6655 * address. 6656 */ 6657 static mblk_t * 6658 udp_output_v6(conn_t *connp, mblk_t *mp, sin6_t *sin6, int *error) 6659 { 6660 ip6_t *ip6h; 6661 ip6i_t *ip6i; /* mp1->b_rptr even if no ip6i_t */ 6662 mblk_t *mp1 = mp; 6663 mblk_t *mp2; 6664 int udp_ip_hdr_len = IPV6_HDR_LEN + UDPH_SIZE; 6665 size_t ip_len; 6666 udpha_t *udph; 6667 udp_t *udp = connp->conn_udp; 6668 queue_t *q = connp->conn_wq; 6669 ip6_pkt_t ipp_s; /* For ancillary data options */ 6670 ip6_pkt_t *ipp = &ipp_s; 6671 ip6_pkt_t *tipp; /* temporary ipp */ 6672 uint32_t csum = 0; 6673 uint_t ignore = 0; 6674 uint_t option_exists = 0, is_sticky = 0; 6675 uint8_t *cp; 6676 uint8_t *nxthdr_ptr; 6677 in6_addr_t ip6_dst; 6678 udpattrs_t attrs; 6679 boolean_t opt_present; 6680 ip6_hbh_t *hopoptsptr = NULL; 6681 uint_t hopoptslen = 0; 6682 boolean_t is_ancillary = B_FALSE; 6683 udp_stack_t *us = udp->udp_us; 6684 size_t sth_wroff = 0; 6685 6686 *error = 0; 6687 6688 /* 6689 * If the local address is a mapped address return 6690 * an error. 6691 * It would be possible to send an IPv6 packet but the 6692 * response would never make it back to the application 6693 * since it is bound to a mapped address. 6694 */ 6695 if (IN6_IS_ADDR_V4MAPPED(&udp->udp_v6src)) { 6696 *error = EADDRNOTAVAIL; 6697 goto done; 6698 } 6699 6700 ipp->ipp_fields = 0; 6701 ipp->ipp_sticky_ignored = 0; 6702 6703 /* 6704 * If TPI options passed in, feed it for verification and handling 6705 */ 6706 attrs.udpattr_credset = B_FALSE; 6707 opt_present = B_FALSE; 6708 if (DB_TYPE(mp) != M_DATA) { 6709 mp1 = mp->b_cont; 6710 if (((struct T_unitdata_req *)mp->b_rptr)->OPT_length != 0) { 6711 attrs.udpattr_ipp6 = ipp; 6712 attrs.udpattr_mb = mp; 6713 if (udp_unitdata_opt_process(q, mp, error, 6714 &attrs) < 0) { 6715 goto done; 6716 } 6717 ASSERT(*error == 0); 6718 opt_present = B_TRUE; 6719 } 6720 } 6721 rw_enter(&udp->udp_rwlock, RW_READER); 6722 ignore = ipp->ipp_sticky_ignored; 6723 6724 /* mp1 points to the M_DATA mblk carrying the packet */ 6725 ASSERT(mp1 != NULL && DB_TYPE(mp1) == M_DATA); 6726 6727 if (sin6->sin6_scope_id != 0 && 6728 IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 6729 /* 6730 * IPPF_SCOPE_ID is special. It's neither a sticky 6731 * option nor ancillary data. It needs to be 6732 * explicitly set in options_exists. 6733 */ 6734 option_exists |= IPPF_SCOPE_ID; 6735 } 6736 6737 /* 6738 * Compute the destination address 6739 */ 6740 ip6_dst = sin6->sin6_addr; 6741 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) 6742 ip6_dst = ipv6_loopback; 6743 6744 /* 6745 * If we're not going to the same destination as last time, then 6746 * recompute the label required. This is done in a separate routine to 6747 * avoid blowing up our stack here. 6748 * 6749 * TSOL Note: Since we are not in WRITER mode, UDP packets 6750 * to different destination may require different labels, 6751 * or worse, UDP packets to same IP address may require 6752 * different labels due to use of shared all-zones address. 6753 * We use conn_lock to ensure that lastdst, sticky ipp_hopopts, 6754 * and sticky ipp_hopoptslen are consistent for the current 6755 * destination and are updated atomically. 6756 */ 6757 mutex_enter(&connp->conn_lock); 6758 if (is_system_labeled()) { 6759 /* Using UDP MLP requires SCM_UCRED from user */ 6760 if (connp->conn_mlp_type != mlptSingle && 6761 !attrs.udpattr_credset) { 6762 DTRACE_PROBE4( 6763 tx__ip__log__info__output__udp6, 6764 char *, "MLP mp(1) lacks SCM_UCRED attr(2) on q(3)", 6765 mblk_t *, mp1, udpattrs_t *, &attrs, queue_t *, q); 6766 *error = ECONNREFUSED; 6767 rw_exit(&udp->udp_rwlock); 6768 mutex_exit(&connp->conn_lock); 6769 goto done; 6770 } 6771 /* 6772 * update label option for this UDP socket if 6773 * - the destination has changed, or 6774 * - the UDP socket is MLP 6775 */ 6776 if ((opt_present || 6777 !IN6_ARE_ADDR_EQUAL(&udp->udp_v6lastdst, &ip6_dst) || 6778 connp->conn_mlp_type != mlptSingle) && 6779 (*error = udp_update_label_v6(q, mp, &ip6_dst)) != 0) { 6780 rw_exit(&udp->udp_rwlock); 6781 mutex_exit(&connp->conn_lock); 6782 goto done; 6783 } 6784 } 6785 6786 /* 6787 * If there's a security label here, then we ignore any options the 6788 * user may try to set. We keep the peer's label as a hidden sticky 6789 * option. We make a private copy of this label before releasing the 6790 * lock so that label is kept consistent with the destination addr. 6791 */ 6792 if (udp->udp_label_len_v6 > 0) { 6793 ignore &= ~IPPF_HOPOPTS; 6794 ipp->ipp_fields &= ~IPPF_HOPOPTS; 6795 } 6796 6797 if ((udp->udp_sticky_ipp.ipp_fields == 0) && (ipp->ipp_fields == 0)) { 6798 /* No sticky options nor ancillary data. */ 6799 mutex_exit(&connp->conn_lock); 6800 goto no_options; 6801 } 6802 6803 /* 6804 * Go through the options figuring out where each is going to 6805 * come from and build two masks. The first mask indicates if 6806 * the option exists at all. The second mask indicates if the 6807 * option is sticky or ancillary. 6808 */ 6809 if (!(ignore & IPPF_HOPOPTS)) { 6810 if (ipp->ipp_fields & IPPF_HOPOPTS) { 6811 option_exists |= IPPF_HOPOPTS; 6812 udp_ip_hdr_len += ipp->ipp_hopoptslen; 6813 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_HOPOPTS) { 6814 option_exists |= IPPF_HOPOPTS; 6815 is_sticky |= IPPF_HOPOPTS; 6816 ASSERT(udp->udp_sticky_ipp.ipp_hopoptslen != 0); 6817 hopoptsptr = kmem_alloc( 6818 udp->udp_sticky_ipp.ipp_hopoptslen, KM_NOSLEEP); 6819 if (hopoptsptr == NULL) { 6820 *error = ENOMEM; 6821 mutex_exit(&connp->conn_lock); 6822 goto done; 6823 } 6824 hopoptslen = udp->udp_sticky_ipp.ipp_hopoptslen; 6825 bcopy(udp->udp_sticky_ipp.ipp_hopopts, hopoptsptr, 6826 hopoptslen); 6827 udp_ip_hdr_len += hopoptslen; 6828 } 6829 } 6830 mutex_exit(&connp->conn_lock); 6831 6832 if (!(ignore & IPPF_RTHDR)) { 6833 if (ipp->ipp_fields & IPPF_RTHDR) { 6834 option_exists |= IPPF_RTHDR; 6835 udp_ip_hdr_len += ipp->ipp_rthdrlen; 6836 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_RTHDR) { 6837 option_exists |= IPPF_RTHDR; 6838 is_sticky |= IPPF_RTHDR; 6839 udp_ip_hdr_len += udp->udp_sticky_ipp.ipp_rthdrlen; 6840 } 6841 } 6842 6843 if (!(ignore & IPPF_RTDSTOPTS) && (option_exists & IPPF_RTHDR)) { 6844 if (ipp->ipp_fields & IPPF_RTDSTOPTS) { 6845 option_exists |= IPPF_RTDSTOPTS; 6846 udp_ip_hdr_len += ipp->ipp_rtdstoptslen; 6847 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_RTDSTOPTS) { 6848 option_exists |= IPPF_RTDSTOPTS; 6849 is_sticky |= IPPF_RTDSTOPTS; 6850 udp_ip_hdr_len += udp->udp_sticky_ipp.ipp_rtdstoptslen; 6851 } 6852 } 6853 6854 if (!(ignore & IPPF_DSTOPTS)) { 6855 if (ipp->ipp_fields & IPPF_DSTOPTS) { 6856 option_exists |= IPPF_DSTOPTS; 6857 udp_ip_hdr_len += ipp->ipp_dstoptslen; 6858 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_DSTOPTS) { 6859 option_exists |= IPPF_DSTOPTS; 6860 is_sticky |= IPPF_DSTOPTS; 6861 udp_ip_hdr_len += udp->udp_sticky_ipp.ipp_dstoptslen; 6862 } 6863 } 6864 6865 if (!(ignore & IPPF_IFINDEX)) { 6866 if (ipp->ipp_fields & IPPF_IFINDEX) { 6867 option_exists |= IPPF_IFINDEX; 6868 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_IFINDEX) { 6869 option_exists |= IPPF_IFINDEX; 6870 is_sticky |= IPPF_IFINDEX; 6871 } 6872 } 6873 6874 if (!(ignore & IPPF_ADDR)) { 6875 if (ipp->ipp_fields & IPPF_ADDR) { 6876 option_exists |= IPPF_ADDR; 6877 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_ADDR) { 6878 option_exists |= IPPF_ADDR; 6879 is_sticky |= IPPF_ADDR; 6880 } 6881 } 6882 6883 if (!(ignore & IPPF_DONTFRAG)) { 6884 if (ipp->ipp_fields & IPPF_DONTFRAG) { 6885 option_exists |= IPPF_DONTFRAG; 6886 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_DONTFRAG) { 6887 option_exists |= IPPF_DONTFRAG; 6888 is_sticky |= IPPF_DONTFRAG; 6889 } 6890 } 6891 6892 if (!(ignore & IPPF_USE_MIN_MTU)) { 6893 if (ipp->ipp_fields & IPPF_USE_MIN_MTU) { 6894 option_exists |= IPPF_USE_MIN_MTU; 6895 } else if (udp->udp_sticky_ipp.ipp_fields & 6896 IPPF_USE_MIN_MTU) { 6897 option_exists |= IPPF_USE_MIN_MTU; 6898 is_sticky |= IPPF_USE_MIN_MTU; 6899 } 6900 } 6901 6902 if (!(ignore & IPPF_HOPLIMIT) && (ipp->ipp_fields & IPPF_HOPLIMIT)) 6903 option_exists |= IPPF_HOPLIMIT; 6904 /* IPV6_HOPLIMIT can never be sticky */ 6905 ASSERT(!(udp->udp_sticky_ipp.ipp_fields & IPPF_HOPLIMIT)); 6906 6907 if (!(ignore & IPPF_UNICAST_HOPS) && 6908 (udp->udp_sticky_ipp.ipp_fields & IPPF_UNICAST_HOPS)) { 6909 option_exists |= IPPF_UNICAST_HOPS; 6910 is_sticky |= IPPF_UNICAST_HOPS; 6911 } 6912 6913 if (!(ignore & IPPF_MULTICAST_HOPS) && 6914 (udp->udp_sticky_ipp.ipp_fields & IPPF_MULTICAST_HOPS)) { 6915 option_exists |= IPPF_MULTICAST_HOPS; 6916 is_sticky |= IPPF_MULTICAST_HOPS; 6917 } 6918 6919 if (!(ignore & IPPF_TCLASS)) { 6920 if (ipp->ipp_fields & IPPF_TCLASS) { 6921 option_exists |= IPPF_TCLASS; 6922 } else if (udp->udp_sticky_ipp.ipp_fields & IPPF_TCLASS) { 6923 option_exists |= IPPF_TCLASS; 6924 is_sticky |= IPPF_TCLASS; 6925 } 6926 } 6927 6928 if (!(ignore & IPPF_NEXTHOP) && 6929 (udp->udp_sticky_ipp.ipp_fields & IPPF_NEXTHOP)) { 6930 option_exists |= IPPF_NEXTHOP; 6931 is_sticky |= IPPF_NEXTHOP; 6932 } 6933 6934 no_options: 6935 6936 /* 6937 * If any options carried in the ip6i_t were specified, we 6938 * need to account for the ip6i_t in the data we'll be sending 6939 * down. 6940 */ 6941 if (option_exists & IPPF_HAS_IP6I) 6942 udp_ip_hdr_len += sizeof (ip6i_t); 6943 6944 /* check/fix buffer config, setup pointers into it */ 6945 ip6h = (ip6_t *)&mp1->b_rptr[-udp_ip_hdr_len]; 6946 if (DB_REF(mp1) != 1 || ((unsigned char *)ip6h < DB_BASE(mp1)) || 6947 !OK_32PTR(ip6h)) { 6948 6949 /* Try to get everything in a single mblk next time */ 6950 if (udp_ip_hdr_len > udp->udp_max_hdr_len) { 6951 udp->udp_max_hdr_len = udp_ip_hdr_len; 6952 sth_wroff = udp->udp_max_hdr_len + us->us_wroff_extra; 6953 } 6954 6955 mp2 = allocb(udp_ip_hdr_len + us->us_wroff_extra, BPRI_LO); 6956 if (mp2 == NULL) { 6957 *error = ENOMEM; 6958 rw_exit(&udp->udp_rwlock); 6959 goto done; 6960 } 6961 mp2->b_wptr = DB_LIM(mp2); 6962 mp2->b_cont = mp1; 6963 mp1 = mp2; 6964 if (DB_TYPE(mp) != M_DATA) 6965 mp->b_cont = mp1; 6966 else 6967 mp = mp1; 6968 6969 ip6h = (ip6_t *)(mp1->b_wptr - udp_ip_hdr_len); 6970 } 6971 mp1->b_rptr = (unsigned char *)ip6h; 6972 ip6i = (ip6i_t *)ip6h; 6973 6974 #define ANCIL_OR_STICKY_PTR(f) ((is_sticky & f) ? &udp->udp_sticky_ipp : ipp) 6975 if (option_exists & IPPF_HAS_IP6I) { 6976 ip6h = (ip6_t *)&ip6i[1]; 6977 ip6i->ip6i_flags = 0; 6978 ip6i->ip6i_vcf = IPV6_DEFAULT_VERS_AND_FLOW; 6979 6980 /* sin6_scope_id takes precendence over IPPF_IFINDEX */ 6981 if (option_exists & IPPF_SCOPE_ID) { 6982 ip6i->ip6i_flags |= IP6I_IFINDEX; 6983 ip6i->ip6i_ifindex = sin6->sin6_scope_id; 6984 } else if (option_exists & IPPF_IFINDEX) { 6985 tipp = ANCIL_OR_STICKY_PTR(IPPF_IFINDEX); 6986 ASSERT(tipp->ipp_ifindex != 0); 6987 ip6i->ip6i_flags |= IP6I_IFINDEX; 6988 ip6i->ip6i_ifindex = tipp->ipp_ifindex; 6989 } 6990 6991 if (option_exists & IPPF_ADDR) { 6992 /* 6993 * Enable per-packet source address verification if 6994 * IPV6_PKTINFO specified the source address. 6995 * ip6_src is set in the transport's _wput function. 6996 */ 6997 ip6i->ip6i_flags |= IP6I_VERIFY_SRC; 6998 } 6999 7000 if (option_exists & IPPF_DONTFRAG) { 7001 ip6i->ip6i_flags |= IP6I_DONTFRAG; 7002 } 7003 7004 if (option_exists & IPPF_USE_MIN_MTU) { 7005 ip6i->ip6i_flags = IP6I_API_USE_MIN_MTU( 7006 ip6i->ip6i_flags, ipp->ipp_use_min_mtu); 7007 } 7008 7009 if (option_exists & IPPF_NEXTHOP) { 7010 tipp = ANCIL_OR_STICKY_PTR(IPPF_NEXTHOP); 7011 ASSERT(!IN6_IS_ADDR_UNSPECIFIED(&tipp->ipp_nexthop)); 7012 ip6i->ip6i_flags |= IP6I_NEXTHOP; 7013 ip6i->ip6i_nexthop = tipp->ipp_nexthop; 7014 } 7015 7016 /* 7017 * tell IP this is an ip6i_t private header 7018 */ 7019 ip6i->ip6i_nxt = IPPROTO_RAW; 7020 } 7021 7022 /* Initialize IPv6 header */ 7023 ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW; 7024 bzero(&ip6h->ip6_src, sizeof (ip6h->ip6_src)); 7025 7026 /* Set the hoplimit of the outgoing packet. */ 7027 if (option_exists & IPPF_HOPLIMIT) { 7028 /* IPV6_HOPLIMIT ancillary data overrides all other settings. */ 7029 ip6h->ip6_hops = ipp->ipp_hoplimit; 7030 ip6i->ip6i_flags |= IP6I_HOPLIMIT; 7031 } else if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 7032 ip6h->ip6_hops = udp->udp_multicast_ttl; 7033 if (option_exists & IPPF_MULTICAST_HOPS) 7034 ip6i->ip6i_flags |= IP6I_HOPLIMIT; 7035 } else { 7036 ip6h->ip6_hops = udp->udp_ttl; 7037 if (option_exists & IPPF_UNICAST_HOPS) 7038 ip6i->ip6i_flags |= IP6I_HOPLIMIT; 7039 } 7040 7041 if (option_exists & IPPF_ADDR) { 7042 tipp = ANCIL_OR_STICKY_PTR(IPPF_ADDR); 7043 ASSERT(!IN6_IS_ADDR_UNSPECIFIED(&tipp->ipp_addr)); 7044 ip6h->ip6_src = tipp->ipp_addr; 7045 } else { 7046 /* 7047 * The source address was not set using IPV6_PKTINFO. 7048 * First look at the bound source. 7049 * If unspecified fallback to __sin6_src_id. 7050 */ 7051 ip6h->ip6_src = udp->udp_v6src; 7052 if (sin6->__sin6_src_id != 0 && 7053 IN6_IS_ADDR_UNSPECIFIED(&ip6h->ip6_src)) { 7054 ip_srcid_find_id(sin6->__sin6_src_id, 7055 &ip6h->ip6_src, connp->conn_zoneid, 7056 us->us_netstack); 7057 } 7058 } 7059 7060 nxthdr_ptr = (uint8_t *)&ip6h->ip6_nxt; 7061 cp = (uint8_t *)&ip6h[1]; 7062 7063 /* 7064 * Here's where we have to start stringing together 7065 * any extension headers in the right order: 7066 * Hop-by-hop, destination, routing, and final destination opts. 7067 */ 7068 if (option_exists & IPPF_HOPOPTS) { 7069 /* Hop-by-hop options */ 7070 ip6_hbh_t *hbh = (ip6_hbh_t *)cp; 7071 tipp = ANCIL_OR_STICKY_PTR(IPPF_HOPOPTS); 7072 if (hopoptslen == 0) { 7073 hopoptsptr = tipp->ipp_hopopts; 7074 hopoptslen = tipp->ipp_hopoptslen; 7075 is_ancillary = B_TRUE; 7076 } 7077 7078 *nxthdr_ptr = IPPROTO_HOPOPTS; 7079 nxthdr_ptr = &hbh->ip6h_nxt; 7080 7081 bcopy(hopoptsptr, cp, hopoptslen); 7082 cp += hopoptslen; 7083 7084 if (hopoptsptr != NULL && !is_ancillary) { 7085 kmem_free(hopoptsptr, hopoptslen); 7086 hopoptsptr = NULL; 7087 hopoptslen = 0; 7088 } 7089 } 7090 /* 7091 * En-route destination options 7092 * Only do them if there's a routing header as well 7093 */ 7094 if (option_exists & IPPF_RTDSTOPTS) { 7095 ip6_dest_t *dst = (ip6_dest_t *)cp; 7096 tipp = ANCIL_OR_STICKY_PTR(IPPF_RTDSTOPTS); 7097 7098 *nxthdr_ptr = IPPROTO_DSTOPTS; 7099 nxthdr_ptr = &dst->ip6d_nxt; 7100 7101 bcopy(tipp->ipp_rtdstopts, cp, tipp->ipp_rtdstoptslen); 7102 cp += tipp->ipp_rtdstoptslen; 7103 } 7104 /* 7105 * Routing header next 7106 */ 7107 if (option_exists & IPPF_RTHDR) { 7108 ip6_rthdr_t *rt = (ip6_rthdr_t *)cp; 7109 tipp = ANCIL_OR_STICKY_PTR(IPPF_RTHDR); 7110 7111 *nxthdr_ptr = IPPROTO_ROUTING; 7112 nxthdr_ptr = &rt->ip6r_nxt; 7113 7114 bcopy(tipp->ipp_rthdr, cp, tipp->ipp_rthdrlen); 7115 cp += tipp->ipp_rthdrlen; 7116 } 7117 /* 7118 * Do ultimate destination options 7119 */ 7120 if (option_exists & IPPF_DSTOPTS) { 7121 ip6_dest_t *dest = (ip6_dest_t *)cp; 7122 tipp = ANCIL_OR_STICKY_PTR(IPPF_DSTOPTS); 7123 7124 *nxthdr_ptr = IPPROTO_DSTOPTS; 7125 nxthdr_ptr = &dest->ip6d_nxt; 7126 7127 bcopy(tipp->ipp_dstopts, cp, tipp->ipp_dstoptslen); 7128 cp += tipp->ipp_dstoptslen; 7129 } 7130 /* 7131 * Now set the last header pointer to the proto passed in 7132 */ 7133 ASSERT((int)(cp - (uint8_t *)ip6i) == (udp_ip_hdr_len - UDPH_SIZE)); 7134 *nxthdr_ptr = IPPROTO_UDP; 7135 7136 /* Update UDP header */ 7137 udph = (udpha_t *)((uchar_t *)ip6i + udp_ip_hdr_len - UDPH_SIZE); 7138 udph->uha_dst_port = sin6->sin6_port; 7139 udph->uha_src_port = udp->udp_port; 7140 7141 /* 7142 * Copy in the destination address 7143 */ 7144 ip6h->ip6_dst = ip6_dst; 7145 7146 ip6h->ip6_vcf = 7147 (IPV6_DEFAULT_VERS_AND_FLOW & IPV6_VERS_AND_FLOW_MASK) | 7148 (sin6->sin6_flowinfo & ~IPV6_VERS_AND_FLOW_MASK); 7149 7150 if (option_exists & IPPF_TCLASS) { 7151 tipp = ANCIL_OR_STICKY_PTR(IPPF_TCLASS); 7152 ip6h->ip6_vcf = IPV6_TCLASS_FLOW(ip6h->ip6_vcf, 7153 tipp->ipp_tclass); 7154 } 7155 rw_exit(&udp->udp_rwlock); 7156 7157 if (option_exists & IPPF_RTHDR) { 7158 ip6_rthdr_t *rth; 7159 7160 /* 7161 * Perform any processing needed for source routing. 7162 * We know that all extension headers will be in the same mblk 7163 * as the IPv6 header. 7164 */ 7165 rth = ip_find_rthdr_v6(ip6h, mp1->b_wptr); 7166 if (rth != NULL && rth->ip6r_segleft != 0) { 7167 if (rth->ip6r_type != IPV6_RTHDR_TYPE_0) { 7168 /* 7169 * Drop packet - only support Type 0 routing. 7170 * Notify the application as well. 7171 */ 7172 *error = EPROTO; 7173 goto done; 7174 } 7175 7176 /* 7177 * rth->ip6r_len is twice the number of 7178 * addresses in the header. Thus it must be even. 7179 */ 7180 if (rth->ip6r_len & 0x1) { 7181 *error = EPROTO; 7182 goto done; 7183 } 7184 /* 7185 * Shuffle the routing header and ip6_dst 7186 * addresses, and get the checksum difference 7187 * between the first hop (in ip6_dst) and 7188 * the destination (in the last routing hdr entry). 7189 */ 7190 csum = ip_massage_options_v6(ip6h, rth, 7191 us->us_netstack); 7192 /* 7193 * Verify that the first hop isn't a mapped address. 7194 * Routers along the path need to do this verification 7195 * for subsequent hops. 7196 */ 7197 if (IN6_IS_ADDR_V4MAPPED(&ip6h->ip6_dst)) { 7198 *error = EADDRNOTAVAIL; 7199 goto done; 7200 } 7201 7202 cp += (rth->ip6r_len + 1)*8; 7203 } 7204 } 7205 7206 /* count up length of UDP packet */ 7207 ip_len = (mp1->b_wptr - (unsigned char *)ip6h) - IPV6_HDR_LEN; 7208 if ((mp2 = mp1->b_cont) != NULL) { 7209 do { 7210 ASSERT((uintptr_t)MBLKL(mp2) <= (uintptr_t)UINT_MAX); 7211 ip_len += (uint32_t)MBLKL(mp2); 7212 } while ((mp2 = mp2->b_cont) != NULL); 7213 } 7214 7215 /* 7216 * If the size of the packet is greater than the maximum allowed by 7217 * ip, return an error. Passing this down could cause panics because 7218 * the size will have wrapped and be inconsistent with the msg size. 7219 */ 7220 if (ip_len > IP_MAXPACKET) { 7221 *error = EMSGSIZE; 7222 goto done; 7223 } 7224 7225 /* Store the UDP length. Subtract length of extension hdrs */ 7226 udph->uha_length = htons(ip_len + IPV6_HDR_LEN - 7227 (int)((uchar_t *)udph - (uchar_t *)ip6h)); 7228 7229 /* 7230 * We make it easy for IP to include our pseudo header 7231 * by putting our length in uh_checksum, modified (if 7232 * we have a routing header) by the checksum difference 7233 * between the ultimate destination and first hop addresses. 7234 * Note: UDP over IPv6 must always checksum the packet. 7235 */ 7236 csum += udph->uha_length; 7237 csum = (csum & 0xFFFF) + (csum >> 16); 7238 udph->uha_checksum = (uint16_t)csum; 7239 7240 #ifdef _LITTLE_ENDIAN 7241 ip_len = htons(ip_len); 7242 #endif 7243 ip6h->ip6_plen = ip_len; 7244 if (DB_CRED(mp) != NULL) 7245 mblk_setcred(mp1, DB_CRED(mp)); 7246 7247 if (DB_TYPE(mp) != M_DATA) { 7248 ASSERT(mp != mp1); 7249 freeb(mp); 7250 } 7251 7252 /* mp has been consumed and we'll return success */ 7253 ASSERT(*error == 0); 7254 mp = NULL; 7255 7256 /* We're done. Pass the packet to IP */ 7257 BUMP_MIB(&us->us_udp_mib, udpHCOutDatagrams); 7258 ip_output_v6(connp, mp1, q, IP_WPUT); 7259 7260 done: 7261 if (sth_wroff != 0) { 7262 (void) mi_set_sth_wroff(RD(q), 7263 udp->udp_max_hdr_len + us->us_wroff_extra); 7264 } 7265 if (hopoptsptr != NULL && !is_ancillary) { 7266 kmem_free(hopoptsptr, hopoptslen); 7267 hopoptsptr = NULL; 7268 } 7269 if (*error != 0) { 7270 ASSERT(mp != NULL); 7271 BUMP_MIB(&us->us_udp_mib, udpOutErrors); 7272 } 7273 return (mp); 7274 } 7275 7276 7277 static int 7278 udp_getpeername(udp_t *udp, struct sockaddr *sa, uint_t *salenp) 7279 { 7280 sin_t *sin = (sin_t *)sa; 7281 sin6_t *sin6 = (sin6_t *)sa; 7282 7283 ASSERT(RW_LOCK_HELD(&udp->udp_rwlock)); 7284 7285 if (udp->udp_state != TS_DATA_XFER) 7286 return (ENOTCONN); 7287 7288 switch (udp->udp_family) { 7289 case AF_INET: 7290 ASSERT(udp->udp_ipversion == IPV4_VERSION); 7291 7292 if (*salenp < sizeof (sin_t)) 7293 return (EINVAL); 7294 7295 *salenp = sizeof (sin_t); 7296 *sin = sin_null; 7297 sin->sin_family = AF_INET; 7298 sin->sin_port = udp->udp_dstport; 7299 sin->sin_addr.s_addr = V4_PART_OF_V6(udp->udp_v6dst); 7300 break; 7301 7302 case AF_INET6: 7303 if (*salenp < sizeof (sin6_t)) 7304 return (EINVAL); 7305 7306 *salenp = sizeof (sin6_t); 7307 *sin6 = sin6_null; 7308 sin6->sin6_family = AF_INET6; 7309 sin6->sin6_port = udp->udp_dstport; 7310 sin6->sin6_addr = udp->udp_v6dst; 7311 sin6->sin6_flowinfo = udp->udp_flowinfo; 7312 break; 7313 } 7314 7315 return (0); 7316 } 7317 7318 static int 7319 udp_getmyname(udp_t *udp, struct sockaddr *sa, uint_t *salenp) 7320 { 7321 sin_t *sin = (sin_t *)sa; 7322 sin6_t *sin6 = (sin6_t *)sa; 7323 7324 ASSERT(RW_LOCK_HELD(&udp->udp_rwlock)); 7325 7326 switch (udp->udp_family) { 7327 case AF_INET: 7328 ASSERT(udp->udp_ipversion == IPV4_VERSION); 7329 7330 if (*salenp < sizeof (sin_t)) 7331 return (EINVAL); 7332 7333 *salenp = sizeof (sin_t); 7334 *sin = sin_null; 7335 sin->sin_family = AF_INET; 7336 sin->sin_port = udp->udp_port; 7337 7338 /* 7339 * If udp_v6src is unspecified, we might be bound to broadcast 7340 * / multicast. Use udp_bound_v6src as local address instead 7341 * (that could also still be unspecified). 7342 */ 7343 if (!IN6_IS_ADDR_V4MAPPED_ANY(&udp->udp_v6src) && 7344 !IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src)) { 7345 sin->sin_addr.s_addr = V4_PART_OF_V6(udp->udp_v6src); 7346 } else { 7347 sin->sin_addr.s_addr = 7348 V4_PART_OF_V6(udp->udp_bound_v6src); 7349 } 7350 break; 7351 7352 case AF_INET6: 7353 if (*salenp < sizeof (sin6_t)) 7354 return (EINVAL); 7355 7356 *salenp = sizeof (sin6_t); 7357 *sin6 = sin6_null; 7358 sin6->sin6_family = AF_INET6; 7359 sin6->sin6_port = udp->udp_port; 7360 sin6->sin6_flowinfo = udp->udp_flowinfo; 7361 7362 /* 7363 * If udp_v6src is unspecified, we might be bound to broadcast 7364 * / multicast. Use udp_bound_v6src as local address instead 7365 * (that could also still be unspecified). 7366 */ 7367 if (!IN6_IS_ADDR_UNSPECIFIED(&udp->udp_v6src)) 7368 sin6->sin6_addr = udp->udp_v6src; 7369 else 7370 sin6->sin6_addr = udp->udp_bound_v6src; 7371 break; 7372 } 7373 7374 return (0); 7375 } 7376 7377 /* 7378 * Handle special out-of-band ioctl requests (see PSARC/2008/265). 7379 */ 7380 static void 7381 udp_wput_cmdblk(queue_t *q, mblk_t *mp) 7382 { 7383 void *data; 7384 mblk_t *datamp = mp->b_cont; 7385 udp_t *udp = Q_TO_UDP(q); 7386 cmdblk_t *cmdp = (cmdblk_t *)mp->b_rptr; 7387 7388 if (datamp == NULL || MBLKL(datamp) < cmdp->cb_len) { 7389 cmdp->cb_error = EPROTO; 7390 qreply(q, mp); 7391 return; 7392 } 7393 data = datamp->b_rptr; 7394 7395 rw_enter(&udp->udp_rwlock, RW_READER); 7396 switch (cmdp->cb_cmd) { 7397 case TI_GETPEERNAME: 7398 cmdp->cb_error = udp_getpeername(udp, data, &cmdp->cb_len); 7399 break; 7400 case TI_GETMYNAME: 7401 cmdp->cb_error = udp_getmyname(udp, data, &cmdp->cb_len); 7402 break; 7403 default: 7404 cmdp->cb_error = EINVAL; 7405 break; 7406 } 7407 rw_exit(&udp->udp_rwlock); 7408 7409 qreply(q, mp); 7410 } 7411 7412 static void 7413 udp_wput_other(queue_t *q, mblk_t *mp) 7414 { 7415 uchar_t *rptr = mp->b_rptr; 7416 struct datab *db; 7417 struct iocblk *iocp; 7418 cred_t *cr; 7419 conn_t *connp = Q_TO_CONN(q); 7420 udp_t *udp = connp->conn_udp; 7421 udp_stack_t *us; 7422 7423 TRACE_1(TR_FAC_UDP, TR_UDP_WPUT_OTHER_START, 7424 "udp_wput_other_start: q %p", q); 7425 7426 us = udp->udp_us; 7427 db = mp->b_datap; 7428 7429 cr = DB_CREDDEF(mp, connp->conn_cred); 7430 7431 switch (db->db_type) { 7432 case M_CMD: 7433 udp_wput_cmdblk(q, mp); 7434 return; 7435 7436 case M_PROTO: 7437 case M_PCPROTO: 7438 if (mp->b_wptr - rptr < sizeof (t_scalar_t)) { 7439 freemsg(mp); 7440 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7441 "udp_wput_other_end: q %p (%S)", q, "protoshort"); 7442 return; 7443 } 7444 switch (((t_primp_t)rptr)->type) { 7445 case T_ADDR_REQ: 7446 udp_addr_req(q, mp); 7447 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7448 "udp_wput_other_end: q %p (%S)", q, "addrreq"); 7449 return; 7450 case O_T_BIND_REQ: 7451 case T_BIND_REQ: 7452 udp_bind(q, mp); 7453 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7454 "udp_wput_other_end: q %p (%S)", q, "bindreq"); 7455 return; 7456 case T_CONN_REQ: 7457 udp_connect(q, mp); 7458 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7459 "udp_wput_other_end: q %p (%S)", q, "connreq"); 7460 return; 7461 case T_CAPABILITY_REQ: 7462 udp_capability_req(q, mp); 7463 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7464 "udp_wput_other_end: q %p (%S)", q, "capabreq"); 7465 return; 7466 case T_INFO_REQ: 7467 udp_info_req(q, mp); 7468 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7469 "udp_wput_other_end: q %p (%S)", q, "inforeq"); 7470 return; 7471 case T_UNITDATA_REQ: 7472 /* 7473 * If a T_UNITDATA_REQ gets here, the address must 7474 * be bad. Valid T_UNITDATA_REQs are handled 7475 * in udp_wput. 7476 */ 7477 udp_ud_err(q, mp, NULL, 0, EADDRNOTAVAIL); 7478 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7479 "udp_wput_other_end: q %p (%S)", q, "unitdatareq"); 7480 return; 7481 case T_UNBIND_REQ: 7482 udp_unbind(q, mp); 7483 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7484 "udp_wput_other_end: q %p (%S)", q, "unbindreq"); 7485 return; 7486 case T_SVR4_OPTMGMT_REQ: 7487 if (!snmpcom_req(q, mp, udp_snmp_set, ip_snmp_get, 7488 cr)) { 7489 (void) svr4_optcom_req(q, 7490 mp, cr, &udp_opt_obj, B_TRUE); 7491 } 7492 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7493 "udp_wput_other_end: q %p (%S)", q, "optmgmtreq"); 7494 return; 7495 7496 case T_OPTMGMT_REQ: 7497 (void) tpi_optcom_req(q, mp, cr, &udp_opt_obj, B_TRUE); 7498 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7499 "udp_wput_other_end: q %p (%S)", q, "optmgmtreq"); 7500 return; 7501 7502 case T_DISCON_REQ: 7503 udp_disconnect(q, mp); 7504 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7505 "udp_wput_other_end: q %p (%S)", q, "disconreq"); 7506 return; 7507 7508 /* The following TPI message is not supported by udp. */ 7509 case O_T_CONN_RES: 7510 case T_CONN_RES: 7511 udp_err_ack(q, mp, TNOTSUPPORT, 0); 7512 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7513 "udp_wput_other_end: q %p (%S)", q, 7514 "connres/disconreq"); 7515 return; 7516 7517 /* The following 3 TPI messages are illegal for udp. */ 7518 case T_DATA_REQ: 7519 case T_EXDATA_REQ: 7520 case T_ORDREL_REQ: 7521 udp_err_ack(q, mp, TNOTSUPPORT, 0); 7522 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7523 "udp_wput_other_end: q %p (%S)", q, 7524 "data/exdata/ordrel"); 7525 return; 7526 default: 7527 break; 7528 } 7529 break; 7530 case M_FLUSH: 7531 if (*rptr & FLUSHW) 7532 flushq(q, FLUSHDATA); 7533 break; 7534 case M_IOCTL: 7535 iocp = (struct iocblk *)mp->b_rptr; 7536 switch (iocp->ioc_cmd) { 7537 case TI_GETPEERNAME: 7538 if (udp->udp_state != TS_DATA_XFER) { 7539 /* 7540 * If a default destination address has not 7541 * been associated with the stream, then we 7542 * don't know the peer's name. 7543 */ 7544 iocp->ioc_error = ENOTCONN; 7545 iocp->ioc_count = 0; 7546 mp->b_datap->db_type = M_IOCACK; 7547 qreply(q, mp); 7548 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7549 "udp_wput_other_end: q %p (%S)", q, 7550 "getpeername"); 7551 return; 7552 } 7553 /* FALLTHRU */ 7554 case TI_GETMYNAME: { 7555 /* 7556 * For TI_GETPEERNAME and TI_GETMYNAME, we first 7557 * need to copyin the user's strbuf structure. 7558 * Processing will continue in the M_IOCDATA case 7559 * below. 7560 */ 7561 mi_copyin(q, mp, NULL, 7562 SIZEOF_STRUCT(strbuf, iocp->ioc_flag)); 7563 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7564 "udp_wput_other_end: q %p (%S)", q, "getmyname"); 7565 return; 7566 } 7567 case ND_SET: 7568 /* nd_getset performs the necessary checking */ 7569 case ND_GET: 7570 if (nd_getset(q, us->us_nd, mp)) { 7571 qreply(q, mp); 7572 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7573 "udp_wput_other_end: q %p (%S)", q, "get"); 7574 return; 7575 } 7576 break; 7577 case _SIOCSOCKFALLBACK: 7578 /* 7579 * Either sockmod is about to be popped and the 7580 * socket would now be treated as a plain stream, 7581 * or a module is about to be pushed so we could 7582 * no longer use read-side synchronous stream. 7583 * Drain any queued data and disable direct sockfs 7584 * interface from now on. 7585 */ 7586 if (!udp->udp_issocket) { 7587 DB_TYPE(mp) = M_IOCNAK; 7588 iocp->ioc_error = EINVAL; 7589 } else { 7590 udp->udp_issocket = B_FALSE; 7591 if (udp->udp_direct_sockfs) { 7592 /* 7593 * Disable read-side synchronous 7594 * stream interface and drain any 7595 * queued data. 7596 */ 7597 udp_rcv_drain(RD(q), udp, 7598 B_FALSE); 7599 ASSERT(!udp->udp_direct_sockfs); 7600 UDP_STAT(us, udp_sock_fallback); 7601 } 7602 DB_TYPE(mp) = M_IOCACK; 7603 iocp->ioc_error = 0; 7604 } 7605 iocp->ioc_count = 0; 7606 iocp->ioc_rval = 0; 7607 qreply(q, mp); 7608 return; 7609 default: 7610 break; 7611 } 7612 break; 7613 case M_IOCDATA: 7614 udp_wput_iocdata(q, mp); 7615 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7616 "udp_wput_other_end: q %p (%S)", q, "iocdata"); 7617 return; 7618 default: 7619 /* Unrecognized messages are passed through without change. */ 7620 break; 7621 } 7622 TRACE_2(TR_FAC_UDP, TR_UDP_WPUT_OTHER_END, 7623 "udp_wput_other_end: q %p (%S)", q, "end"); 7624 ip_output(connp, mp, q, IP_WPUT); 7625 } 7626 7627 /* 7628 * udp_wput_iocdata is called by udp_wput_other to handle all M_IOCDATA 7629 * messages. 7630 */ 7631 static void 7632 udp_wput_iocdata(queue_t *q, mblk_t *mp) 7633 { 7634 mblk_t *mp1; 7635 struct iocblk *iocp = (struct iocblk *)mp->b_rptr; 7636 STRUCT_HANDLE(strbuf, sb); 7637 udp_t *udp = Q_TO_UDP(q); 7638 int error; 7639 uint_t addrlen; 7640 7641 /* Make sure it is one of ours. */ 7642 switch (iocp->ioc_cmd) { 7643 case TI_GETMYNAME: 7644 case TI_GETPEERNAME: 7645 break; 7646 default: 7647 ip_output(udp->udp_connp, mp, q, IP_WPUT); 7648 return; 7649 } 7650 7651 switch (mi_copy_state(q, mp, &mp1)) { 7652 case -1: 7653 return; 7654 case MI_COPY_CASE(MI_COPY_IN, 1): 7655 break; 7656 case MI_COPY_CASE(MI_COPY_OUT, 1): 7657 /* 7658 * The address has been copied out, so now 7659 * copyout the strbuf. 7660 */ 7661 mi_copyout(q, mp); 7662 return; 7663 case MI_COPY_CASE(MI_COPY_OUT, 2): 7664 /* 7665 * The address and strbuf have been copied out. 7666 * We're done, so just acknowledge the original 7667 * M_IOCTL. 7668 */ 7669 mi_copy_done(q, mp, 0); 7670 return; 7671 default: 7672 /* 7673 * Something strange has happened, so acknowledge 7674 * the original M_IOCTL with an EPROTO error. 7675 */ 7676 mi_copy_done(q, mp, EPROTO); 7677 return; 7678 } 7679 7680 /* 7681 * Now we have the strbuf structure for TI_GETMYNAME 7682 * and TI_GETPEERNAME. Next we copyout the requested 7683 * address and then we'll copyout the strbuf. 7684 */ 7685 STRUCT_SET_HANDLE(sb, iocp->ioc_flag, (void *)mp1->b_rptr); 7686 addrlen = udp->udp_family == AF_INET ? sizeof (sin_t) : sizeof (sin6_t); 7687 if (STRUCT_FGET(sb, maxlen) < addrlen) { 7688 mi_copy_done(q, mp, EINVAL); 7689 return; 7690 } 7691 7692 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE); 7693 if (mp1 == NULL) 7694 return; 7695 7696 rw_enter(&udp->udp_rwlock, RW_READER); 7697 switch (iocp->ioc_cmd) { 7698 case TI_GETMYNAME: 7699 error = udp_getmyname(udp, (void *)mp1->b_rptr, &addrlen); 7700 break; 7701 case TI_GETPEERNAME: 7702 error = udp_getpeername(udp, (void *)mp1->b_rptr, &addrlen); 7703 break; 7704 } 7705 rw_exit(&udp->udp_rwlock); 7706 7707 if (error != 0) { 7708 mi_copy_done(q, mp, error); 7709 } else { 7710 mp1->b_wptr += addrlen; 7711 STRUCT_FSET(sb, len, addrlen); 7712 7713 /* Copy out the address */ 7714 mi_copyout(q, mp); 7715 } 7716 } 7717 7718 static int 7719 udp_unitdata_opt_process(queue_t *q, mblk_t *mp, int *errorp, 7720 udpattrs_t *udpattrs) 7721 { 7722 struct T_unitdata_req *udreqp; 7723 int is_absreq_failure; 7724 cred_t *cr; 7725 conn_t *connp = Q_TO_CONN(q); 7726 7727 ASSERT(((t_primp_t)mp->b_rptr)->type); 7728 7729 cr = DB_CREDDEF(mp, connp->conn_cred); 7730 7731 udreqp = (struct T_unitdata_req *)mp->b_rptr; 7732 7733 *errorp = tpi_optcom_buf(q, mp, &udreqp->OPT_length, 7734 udreqp->OPT_offset, cr, &udp_opt_obj, 7735 udpattrs, &is_absreq_failure); 7736 7737 if (*errorp != 0) { 7738 /* 7739 * Note: No special action needed in this 7740 * module for "is_absreq_failure" 7741 */ 7742 return (-1); /* failure */ 7743 } 7744 ASSERT(is_absreq_failure == 0); 7745 return (0); /* success */ 7746 } 7747 7748 void 7749 udp_ddi_init(void) 7750 { 7751 udp_max_optsize = optcom_max_optsize(udp_opt_obj.odb_opt_des_arr, 7752 udp_opt_obj.odb_opt_arr_cnt); 7753 7754 /* 7755 * We want to be informed each time a stack is created or 7756 * destroyed in the kernel, so we can maintain the 7757 * set of udp_stack_t's. 7758 */ 7759 netstack_register(NS_UDP, udp_stack_init, NULL, udp_stack_fini); 7760 } 7761 7762 void 7763 udp_ddi_destroy(void) 7764 { 7765 netstack_unregister(NS_UDP); 7766 } 7767 7768 /* 7769 * Initialize the UDP stack instance. 7770 */ 7771 static void * 7772 udp_stack_init(netstackid_t stackid, netstack_t *ns) 7773 { 7774 udp_stack_t *us; 7775 udpparam_t *pa; 7776 int i; 7777 7778 us = (udp_stack_t *)kmem_zalloc(sizeof (*us), KM_SLEEP); 7779 us->us_netstack = ns; 7780 7781 us->us_num_epriv_ports = UDP_NUM_EPRIV_PORTS; 7782 us->us_epriv_ports[0] = 2049; 7783 us->us_epriv_ports[1] = 4045; 7784 7785 /* 7786 * The smallest anonymous port in the priviledged port range which UDP 7787 * looks for free port. Use in the option UDP_ANONPRIVBIND. 7788 */ 7789 us->us_min_anonpriv_port = 512; 7790 7791 us->us_bind_fanout_size = udp_bind_fanout_size; 7792 7793 /* Roundup variable that might have been modified in /etc/system */ 7794 if (us->us_bind_fanout_size & (us->us_bind_fanout_size - 1)) { 7795 /* Not a power of two. Round up to nearest power of two */ 7796 for (i = 0; i < 31; i++) { 7797 if (us->us_bind_fanout_size < (1 << i)) 7798 break; 7799 } 7800 us->us_bind_fanout_size = 1 << i; 7801 } 7802 us->us_bind_fanout = kmem_zalloc(us->us_bind_fanout_size * 7803 sizeof (udp_fanout_t), KM_SLEEP); 7804 for (i = 0; i < us->us_bind_fanout_size; i++) { 7805 mutex_init(&us->us_bind_fanout[i].uf_lock, NULL, MUTEX_DEFAULT, 7806 NULL); 7807 } 7808 7809 pa = (udpparam_t *)kmem_alloc(sizeof (udp_param_arr), KM_SLEEP); 7810 7811 us->us_param_arr = pa; 7812 bcopy(udp_param_arr, us->us_param_arr, sizeof (udp_param_arr)); 7813 7814 (void) udp_param_register(&us->us_nd, 7815 us->us_param_arr, A_CNT(udp_param_arr)); 7816 7817 us->us_kstat = udp_kstat2_init(stackid, &us->us_statistics); 7818 us->us_mibkp = udp_kstat_init(stackid); 7819 return (us); 7820 } 7821 7822 /* 7823 * Free the UDP stack instance. 7824 */ 7825 static void 7826 udp_stack_fini(netstackid_t stackid, void *arg) 7827 { 7828 udp_stack_t *us = (udp_stack_t *)arg; 7829 int i; 7830 7831 for (i = 0; i < us->us_bind_fanout_size; i++) { 7832 mutex_destroy(&us->us_bind_fanout[i].uf_lock); 7833 } 7834 7835 kmem_free(us->us_bind_fanout, us->us_bind_fanout_size * 7836 sizeof (udp_fanout_t)); 7837 7838 us->us_bind_fanout = NULL; 7839 7840 nd_free(&us->us_nd); 7841 kmem_free(us->us_param_arr, sizeof (udp_param_arr)); 7842 us->us_param_arr = NULL; 7843 7844 udp_kstat_fini(stackid, us->us_mibkp); 7845 us->us_mibkp = NULL; 7846 7847 udp_kstat2_fini(stackid, us->us_kstat); 7848 us->us_kstat = NULL; 7849 bzero(&us->us_statistics, sizeof (us->us_statistics)); 7850 kmem_free(us, sizeof (*us)); 7851 } 7852 7853 static void * 7854 udp_kstat2_init(netstackid_t stackid, udp_stat_t *us_statisticsp) 7855 { 7856 kstat_t *ksp; 7857 7858 udp_stat_t template = { 7859 { "udp_ip_send", KSTAT_DATA_UINT64 }, 7860 { "udp_ip_ire_send", KSTAT_DATA_UINT64 }, 7861 { "udp_ire_null", KSTAT_DATA_UINT64 }, 7862 { "udp_drain", KSTAT_DATA_UINT64 }, 7863 { "udp_sock_fallback", KSTAT_DATA_UINT64 }, 7864 { "udp_rrw_busy", KSTAT_DATA_UINT64 }, 7865 { "udp_rrw_msgcnt", KSTAT_DATA_UINT64 }, 7866 { "udp_out_sw_cksum", KSTAT_DATA_UINT64 }, 7867 { "udp_out_sw_cksum_bytes", KSTAT_DATA_UINT64 }, 7868 { "udp_out_opt", KSTAT_DATA_UINT64 }, 7869 { "udp_out_err_notconn", KSTAT_DATA_UINT64 }, 7870 { "udp_out_err_output", KSTAT_DATA_UINT64 }, 7871 { "udp_out_err_tudr", KSTAT_DATA_UINT64 }, 7872 { "udp_in_pktinfo", KSTAT_DATA_UINT64 }, 7873 { "udp_in_recvdstaddr", KSTAT_DATA_UINT64 }, 7874 { "udp_in_recvopts", KSTAT_DATA_UINT64 }, 7875 { "udp_in_recvif", KSTAT_DATA_UINT64 }, 7876 { "udp_in_recvslla", KSTAT_DATA_UINT64 }, 7877 { "udp_in_recvucred", KSTAT_DATA_UINT64 }, 7878 { "udp_in_recvttl", KSTAT_DATA_UINT64 }, 7879 { "udp_in_recvhopopts", KSTAT_DATA_UINT64 }, 7880 { "udp_in_recvhoplimit", KSTAT_DATA_UINT64 }, 7881 { "udp_in_recvdstopts", KSTAT_DATA_UINT64 }, 7882 { "udp_in_recvrtdstopts", KSTAT_DATA_UINT64 }, 7883 { "udp_in_recvrthdr", KSTAT_DATA_UINT64 }, 7884 { "udp_in_recvpktinfo", KSTAT_DATA_UINT64 }, 7885 { "udp_in_recvtclass", KSTAT_DATA_UINT64 }, 7886 { "udp_in_timestamp", KSTAT_DATA_UINT64 }, 7887 #ifdef DEBUG 7888 { "udp_data_conn", KSTAT_DATA_UINT64 }, 7889 { "udp_data_notconn", KSTAT_DATA_UINT64 }, 7890 #endif 7891 }; 7892 7893 ksp = kstat_create_netstack(UDP_MOD_NAME, 0, "udpstat", "net", 7894 KSTAT_TYPE_NAMED, sizeof (template) / sizeof (kstat_named_t), 7895 KSTAT_FLAG_VIRTUAL, stackid); 7896 7897 if (ksp == NULL) 7898 return (NULL); 7899 7900 bcopy(&template, us_statisticsp, sizeof (template)); 7901 ksp->ks_data = (void *)us_statisticsp; 7902 ksp->ks_private = (void *)(uintptr_t)stackid; 7903 7904 kstat_install(ksp); 7905 return (ksp); 7906 } 7907 7908 static void 7909 udp_kstat2_fini(netstackid_t stackid, kstat_t *ksp) 7910 { 7911 if (ksp != NULL) { 7912 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private); 7913 kstat_delete_netstack(ksp, stackid); 7914 } 7915 } 7916 7917 static void * 7918 udp_kstat_init(netstackid_t stackid) 7919 { 7920 kstat_t *ksp; 7921 7922 udp_named_kstat_t template = { 7923 { "inDatagrams", KSTAT_DATA_UINT64, 0 }, 7924 { "inErrors", KSTAT_DATA_UINT32, 0 }, 7925 { "outDatagrams", KSTAT_DATA_UINT64, 0 }, 7926 { "entrySize", KSTAT_DATA_INT32, 0 }, 7927 { "entry6Size", KSTAT_DATA_INT32, 0 }, 7928 { "outErrors", KSTAT_DATA_UINT32, 0 }, 7929 }; 7930 7931 ksp = kstat_create_netstack(UDP_MOD_NAME, 0, UDP_MOD_NAME, "mib2", 7932 KSTAT_TYPE_NAMED, 7933 NUM_OF_FIELDS(udp_named_kstat_t), 0, stackid); 7934 7935 if (ksp == NULL || ksp->ks_data == NULL) 7936 return (NULL); 7937 7938 template.entrySize.value.ui32 = sizeof (mib2_udpEntry_t); 7939 template.entry6Size.value.ui32 = sizeof (mib2_udp6Entry_t); 7940 7941 bcopy(&template, ksp->ks_data, sizeof (template)); 7942 ksp->ks_update = udp_kstat_update; 7943 ksp->ks_private = (void *)(uintptr_t)stackid; 7944 7945 kstat_install(ksp); 7946 return (ksp); 7947 } 7948 7949 static void 7950 udp_kstat_fini(netstackid_t stackid, kstat_t *ksp) 7951 { 7952 if (ksp != NULL) { 7953 ASSERT(stackid == (netstackid_t)(uintptr_t)ksp->ks_private); 7954 kstat_delete_netstack(ksp, stackid); 7955 } 7956 } 7957 7958 static int 7959 udp_kstat_update(kstat_t *kp, int rw) 7960 { 7961 udp_named_kstat_t *udpkp; 7962 netstackid_t stackid = (netstackid_t)(uintptr_t)kp->ks_private; 7963 netstack_t *ns; 7964 udp_stack_t *us; 7965 7966 if ((kp == NULL) || (kp->ks_data == NULL)) 7967 return (EIO); 7968 7969 if (rw == KSTAT_WRITE) 7970 return (EACCES); 7971 7972 ns = netstack_find_by_stackid(stackid); 7973 if (ns == NULL) 7974 return (-1); 7975 us = ns->netstack_udp; 7976 if (us == NULL) { 7977 netstack_rele(ns); 7978 return (-1); 7979 } 7980 udpkp = (udp_named_kstat_t *)kp->ks_data; 7981 7982 udpkp->inDatagrams.value.ui64 = us->us_udp_mib.udpHCInDatagrams; 7983 udpkp->inErrors.value.ui32 = us->us_udp_mib.udpInErrors; 7984 udpkp->outDatagrams.value.ui64 = us->us_udp_mib.udpHCOutDatagrams; 7985 udpkp->outErrors.value.ui32 = us->us_udp_mib.udpOutErrors; 7986 netstack_rele(ns); 7987 return (0); 7988 } 7989 7990 /* 7991 * Read-side synchronous stream info entry point, called as a 7992 * result of handling certain STREAMS ioctl operations. 7993 */ 7994 static int 7995 udp_rinfop(queue_t *q, infod_t *dp) 7996 { 7997 mblk_t *mp; 7998 uint_t cmd = dp->d_cmd; 7999 int res = 0; 8000 int error = 0; 8001 udp_t *udp = Q_TO_UDP(q); 8002 struct stdata *stp = STREAM(q); 8003 8004 mutex_enter(&udp->udp_drain_lock); 8005 /* If shutdown on read has happened, return nothing */ 8006 mutex_enter(&stp->sd_lock); 8007 if (stp->sd_flag & STREOF) { 8008 mutex_exit(&stp->sd_lock); 8009 goto done; 8010 } 8011 mutex_exit(&stp->sd_lock); 8012 8013 if ((mp = udp->udp_rcv_list_head) == NULL) 8014 goto done; 8015 8016 ASSERT(DB_TYPE(mp) != M_DATA && mp->b_cont != NULL); 8017 8018 if (cmd & INFOD_COUNT) { 8019 /* 8020 * Return the number of messages. 8021 */ 8022 dp->d_count += udp->udp_rcv_msgcnt; 8023 res |= INFOD_COUNT; 8024 } 8025 if (cmd & INFOD_BYTES) { 8026 /* 8027 * Return size of all data messages. 8028 */ 8029 dp->d_bytes += udp->udp_rcv_cnt; 8030 res |= INFOD_BYTES; 8031 } 8032 if (cmd & INFOD_FIRSTBYTES) { 8033 /* 8034 * Return size of first data message. 8035 */ 8036 dp->d_bytes = msgdsize(mp); 8037 res |= INFOD_FIRSTBYTES; 8038 dp->d_cmd &= ~INFOD_FIRSTBYTES; 8039 } 8040 if (cmd & INFOD_COPYOUT) { 8041 mblk_t *mp1 = mp->b_cont; 8042 int n; 8043 /* 8044 * Return data contents of first message. 8045 */ 8046 ASSERT(DB_TYPE(mp1) == M_DATA); 8047 while (mp1 != NULL && dp->d_uiop->uio_resid > 0) { 8048 n = MIN(dp->d_uiop->uio_resid, MBLKL(mp1)); 8049 if (n != 0 && (error = uiomove((char *)mp1->b_rptr, n, 8050 UIO_READ, dp->d_uiop)) != 0) { 8051 goto done; 8052 } 8053 mp1 = mp1->b_cont; 8054 } 8055 res |= INFOD_COPYOUT; 8056 dp->d_cmd &= ~INFOD_COPYOUT; 8057 } 8058 done: 8059 mutex_exit(&udp->udp_drain_lock); 8060 8061 dp->d_res |= res; 8062 8063 return (error); 8064 } 8065 8066 /* 8067 * Read-side synchronous stream entry point. This is called as a result 8068 * of recv/read operation done at sockfs, and is guaranteed to execute 8069 * outside of the interrupt thread context. It returns a single datagram 8070 * (b_cont chain of T_UNITDATA_IND plus data) to the upper layer. 8071 */ 8072 static int 8073 udp_rrw(queue_t *q, struiod_t *dp) 8074 { 8075 mblk_t *mp; 8076 udp_t *udp = Q_TO_UDP(q); 8077 udp_stack_t *us = udp->udp_us; 8078 8079 /* 8080 * Dequeue datagram from the head of the list and return 8081 * it to caller; also ensure that RSLEEP sd_wakeq flag is 8082 * set/cleared depending on whether or not there's data 8083 * remaining in the list. 8084 */ 8085 mutex_enter(&udp->udp_drain_lock); 8086 if (!udp->udp_direct_sockfs) { 8087 mutex_exit(&udp->udp_drain_lock); 8088 UDP_STAT(us, udp_rrw_busy); 8089 return (EBUSY); 8090 } 8091 if ((mp = udp->udp_rcv_list_head) != NULL) { 8092 uint_t size = msgdsize(mp); 8093 8094 /* Last datagram in the list? */ 8095 if ((udp->udp_rcv_list_head = mp->b_next) == NULL) 8096 udp->udp_rcv_list_tail = NULL; 8097 mp->b_next = NULL; 8098 8099 udp->udp_rcv_cnt -= size; 8100 udp->udp_rcv_msgcnt--; 8101 UDP_STAT(us, udp_rrw_msgcnt); 8102 8103 /* No longer flow-controlling? */ 8104 if (udp->udp_rcv_cnt < udp->udp_rcv_hiwat && 8105 udp->udp_rcv_msgcnt < udp->udp_rcv_hiwat) 8106 udp->udp_drain_qfull = B_FALSE; 8107 } 8108 if (udp->udp_rcv_list_head == NULL) { 8109 /* 8110 * Either we just dequeued the last datagram or 8111 * we get here from sockfs and have nothing to 8112 * return; in this case clear RSLEEP. 8113 */ 8114 ASSERT(udp->udp_rcv_cnt == 0); 8115 ASSERT(udp->udp_rcv_msgcnt == 0); 8116 ASSERT(udp->udp_rcv_list_tail == NULL); 8117 STR_WAKEUP_CLEAR(STREAM(q)); 8118 } else { 8119 /* 8120 * More data follows; we need udp_rrw() to be 8121 * called in future to pick up the rest. 8122 */ 8123 STR_WAKEUP_SET(STREAM(q)); 8124 } 8125 mutex_exit(&udp->udp_drain_lock); 8126 dp->d_mp = mp; 8127 return (0); 8128 } 8129 8130 /* 8131 * Enqueue a completely-built T_UNITDATA_IND message into the receive 8132 * list; this is typically executed within the interrupt thread context 8133 * and so we do things as quickly as possible. 8134 */ 8135 static void 8136 udp_rcv_enqueue(queue_t *q, udp_t *udp, mblk_t *mp, uint_t pkt_len) 8137 { 8138 ASSERT(q == RD(q)); 8139 ASSERT(pkt_len == msgdsize(mp)); 8140 ASSERT(mp->b_next == NULL && mp->b_cont != NULL); 8141 ASSERT(DB_TYPE(mp) == M_PROTO && DB_TYPE(mp->b_cont) == M_DATA); 8142 ASSERT(MBLKL(mp) >= sizeof (struct T_unitdata_ind)); 8143 8144 mutex_enter(&udp->udp_drain_lock); 8145 /* 8146 * Wake up and signal the receiving app; it is okay to do this 8147 * before enqueueing the mp because we are holding the drain lock. 8148 * One of the advantages of synchronous stream is the ability for 8149 * us to find out when the application performs a read on the 8150 * socket by way of udp_rrw() entry point being called. We need 8151 * to generate SIGPOLL/SIGIO for each received data in the case 8152 * of asynchronous socket just as in the strrput() case. However, 8153 * we only wake the application up when necessary, i.e. during the 8154 * first enqueue. When udp_rrw() is called, we send up a single 8155 * datagram upstream and call STR_WAKEUP_SET() again when there 8156 * are still data remaining in our receive queue. 8157 */ 8158 if (udp->udp_rcv_list_head == NULL) { 8159 STR_WAKEUP_SET(STREAM(q)); 8160 udp->udp_rcv_list_head = mp; 8161 } else { 8162 udp->udp_rcv_list_tail->b_next = mp; 8163 } 8164 udp->udp_rcv_list_tail = mp; 8165 udp->udp_rcv_cnt += pkt_len; 8166 udp->udp_rcv_msgcnt++; 8167 8168 /* Need to flow-control? */ 8169 if (udp->udp_rcv_cnt >= udp->udp_rcv_hiwat || 8170 udp->udp_rcv_msgcnt >= udp->udp_rcv_hiwat) 8171 udp->udp_drain_qfull = B_TRUE; 8172 8173 /* Update poll events and send SIGPOLL/SIGIO if necessary */ 8174 STR_SENDSIG(STREAM(q)); 8175 mutex_exit(&udp->udp_drain_lock); 8176 } 8177 8178 /* 8179 * Drain the contents of receive list to the module upstream; we do 8180 * this during close or when we fallback to the slow mode due to 8181 * sockmod being popped or a module being pushed on top of us. 8182 */ 8183 static void 8184 udp_rcv_drain(queue_t *q, udp_t *udp, boolean_t closing) 8185 { 8186 mblk_t *mp; 8187 udp_stack_t *us = udp->udp_us; 8188 8189 ASSERT(q == RD(q)); 8190 8191 mutex_enter(&udp->udp_drain_lock); 8192 /* 8193 * There is no race with a concurrent udp_input() sending 8194 * up packets using putnext() after we have cleared the 8195 * udp_direct_sockfs flag but before we have completed 8196 * sending up the packets in udp_rcv_list, since we are 8197 * either a writer or we have quiesced the conn. 8198 */ 8199 udp->udp_direct_sockfs = B_FALSE; 8200 mutex_exit(&udp->udp_drain_lock); 8201 8202 if (udp->udp_rcv_list_head != NULL) 8203 UDP_STAT(us, udp_drain); 8204 8205 /* 8206 * Send up everything via putnext(); note here that we 8207 * don't need the udp_drain_lock to protect us since 8208 * nothing can enter udp_rrw() and that we currently 8209 * have exclusive access to this udp. 8210 */ 8211 while ((mp = udp->udp_rcv_list_head) != NULL) { 8212 udp->udp_rcv_list_head = mp->b_next; 8213 mp->b_next = NULL; 8214 udp->udp_rcv_cnt -= msgdsize(mp); 8215 udp->udp_rcv_msgcnt--; 8216 if (closing) { 8217 freemsg(mp); 8218 } else { 8219 putnext(q, mp); 8220 } 8221 } 8222 ASSERT(udp->udp_rcv_cnt == 0); 8223 ASSERT(udp->udp_rcv_msgcnt == 0); 8224 ASSERT(udp->udp_rcv_list_head == NULL); 8225 udp->udp_rcv_list_tail = NULL; 8226 udp->udp_drain_qfull = B_FALSE; 8227 } 8228 8229 static size_t 8230 udp_set_rcv_hiwat(udp_t *udp, size_t size) 8231 { 8232 udp_stack_t *us = udp->udp_us; 8233 8234 /* We add a bit of extra buffering */ 8235 size += size >> 1; 8236 if (size > us->us_max_buf) 8237 size = us->us_max_buf; 8238 8239 udp->udp_rcv_hiwat = size; 8240 return (size); 8241 } 8242 8243 /* 8244 * For the lower queue so that UDP can be a dummy mux. 8245 * Nobody should be sending 8246 * packets up this stream 8247 */ 8248 static void 8249 udp_lrput(queue_t *q, mblk_t *mp) 8250 { 8251 mblk_t *mp1; 8252 8253 switch (mp->b_datap->db_type) { 8254 case M_FLUSH: 8255 /* Turn around */ 8256 if (*mp->b_rptr & FLUSHW) { 8257 *mp->b_rptr &= ~FLUSHR; 8258 qreply(q, mp); 8259 return; 8260 } 8261 break; 8262 } 8263 /* Could receive messages that passed through ar_rput */ 8264 for (mp1 = mp; mp1; mp1 = mp1->b_cont) 8265 mp1->b_prev = mp1->b_next = NULL; 8266 freemsg(mp); 8267 } 8268 8269 /* 8270 * For the lower queue so that UDP can be a dummy mux. 8271 * Nobody should be sending packets down this stream. 8272 */ 8273 /* ARGSUSED */ 8274 void 8275 udp_lwput(queue_t *q, mblk_t *mp) 8276 { 8277 freemsg(mp); 8278 } 8279