udp.c revision 7256a34efe9df75b638b9e812912ef7c5c68e208
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2013 Nexenta Systems, Inc. All rights reserved.
*/
/* Copyright (c) 1990 Mentat Inc. */
#define _SUN_TPI_VERSION 2
#include <sys/xti_inet.h>
#include <sys/cred_impl.h>
#include <sys/socketvar.h>
#include <sys/isa_defs.h>
#include <inet/ipsec_impl.h>
#include <inet/ip_multi.h>
#include <inet/proto_set.h>
#include <inet/kstatcom.h>
#include <inet/ipclassifier.h>
#include <sys/squeue_impl.h>
#include <sys/ethernet.h>
#include <rpc/pmap_prot.h>
#include <inet/udp_impl.h>
/*
* Synchronization notes:
*
* UDP is MT and uses the usual kernel synchronization primitives. There are 2
* locks, the fanout lock (uf_lock) and conn_lock. conn_lock
* protects the contents of the udp_t. uf_lock protects the address and the
* fanout information.
* The lock order is conn_lock -> uf_lock.
*
* The fanout lock uf_lock:
* When a UDP endpoint is bound to a local port, it is inserted into
* a bind hash list. The list consists of an array of udp_fanout_t buckets.
* The size of the array is controlled by the udp_bind_fanout_size variable.
* not large enough. Each bind hash bucket is protected by a per bucket
* lock. It protects the udp_bind_hash and udp_ptpbhn fields in the udp_t
* structure and a few other fields in the udp_t. A UDP endpoint is removed
* from the bind hash list only when it is being unbound or being closed.
* The per bucket lock also protects a UDP endpoint's state changes.
*
* Plumbing notes:
* UDP is always a device driver. For compatibility with mibopen() code
* it is possible to I_PUSH "udp", but that results in pushing a passthrough
* dummy module.
*
* The above implies that we don't support any intermediate module to
* scenario in the past as the inter-layer communication semantics have
* always been private.
*/
static void udp_close_free(conn_t *);
int sys_error);
int *);
/* Common routines for TPI and socket module */
/* Common routine for TPI and socket module */
static void udp_do_close(conn_t *);
static int udp_do_unbind(conn_t *);
/*
* Called for each connect() and for sendto()/sendmsg() to a different
* destination.
* For connect(), called in udp_connect().
* For sendto()/sendmsg(), called in udp_output_newdst().
*
* This macro assumes that the cl_inet_connect2 hook is not NULL.
* Please check this before calling this macro.
*
* void
* CL_INET_UDP_CONNECT(conn_t cp, udp_t *udp, boolean_t is_outgoing,
* in6_addr_t *faddrp, in_port_t (or uint16_t) fport, int err);
*/
(err) = 0; \
/* \
* Running in cluster mode - check and register active \
* "connection" information \
*/ \
(err) = (*cl_inet_connect2)( \
(cp)->conn_lport, \
else \
(err) = (*cl_inet_connect2)( \
(cp)->conn_lport, \
}
static struct module_info udp_mod_info = {
};
/*
* Entry points for UDP as a device.
*/
static struct qinit udp_rinitv4 = {
};
static struct qinit udp_rinitv6 = {
};
};
/* UDP entry point during fallback */
struct qinit udp_fallback_sock_winit = {
};
/*
* UDP needs to handle I_LINK and I_PLINK since ifconfig
* likes to use it as a place to hang the various streams.
*/
static struct qinit udp_lrinit = {
};
static struct qinit udp_lwinit = {
};
};
};
/* Default structure copied into T_INFO_ACK messages */
static struct T_info_ack udp_g_t_info_ack_ipv4 = {
UDP_MAXPACKET_IPV4, /* TSDU_size. Excl. headers */
T_INVALID, /* ETSU_size. udp does not support expedited data. */
T_INVALID, /* CDATA_size. udp does not support connect data. */
T_INVALID, /* DDATA_size. udp does not support disconnect data. */
sizeof (sin_t), /* ADDR_size. */
0, /* OPT_size - not initialized here */
UDP_MAXPACKET_IPV4, /* TIDU_size. Excl. headers */
T_CLTS, /* SERV_type. udp supports connection-less. */
TS_UNBND, /* CURRENT_state. This is set from udp_state. */
};
static struct T_info_ack udp_g_t_info_ack_ipv6 = {
UDP_MAXPACKET_IPV6, /* TSDU_size. Excl. headers */
T_INVALID, /* ETSU_size. udp does not support expedited data. */
T_INVALID, /* CDATA_size. udp does not support connect data. */
T_INVALID, /* DDATA_size. udp does not support disconnect data. */
sizeof (sin6_t), /* ADDR_size. */
0, /* OPT_size - not initialized here */
UDP_MAXPACKET_IPV6, /* TIDU_size. Excl. headers */
T_CLTS, /* SERV_type. udp supports connection-less. */
TS_UNBND, /* CURRENT_state. This is set from udp_state. */
};
/*
* UDP tunables related declarations. Definitions are in udp_tunables.c
*/
extern mod_prop_info_t udp_propinfo_tbl[];
extern int udp_propinfo_count;
/* If set to 0, pick ephemeral port sequentially; otherwise randomly. */
/*
* Hook functions to enable cluster networking.
* On non-clustered systems these vectors must always be NULL
*/
typedef union T_primitives *t_primp_t;
/*
* Return the next anonymous port in the privileged port range for
* bind checking.
*
* Trusted Extension (TX) notes: TX allows administrator to mark or
* reserve ports as Multilevel ports (MLP). MLP has special function
* on TX systems. Once a port is made MLP, it's not available as
* ordinary port. This creates "holes" in the port name space. It
* may be necessary to skip the "holes" find a suitable anon port.
*/
static in_port_t
{
if (restart)
return (0);
}
if (is_system_labeled() &&
goto retry;
}
return (next_priv_port--);
}
/*
* Hash list removal routine for udp_t structures.
*/
static void
{
return;
/*
* Extract the lock pointer in case there are concurrent
* hash_remove's for this instance.
*/
if (!caller_holds_lock) {
}
}
}
if (!caller_holds_lock) {
}
}
static void
{
/*
* If the new udp bound to the INADDR_ANY address
* and the first one in the list is not bound to
* INADDR_ANY we skip all entries until we find the
* first one bound to INADDR_ANY.
* This makes sure that applications binding to a
* specific address get preference over those binding to
* INADDR_ANY.
*/
}
} else {
}
}
}
/*
* This routine is called to handle each O_T_BIND_REQ/T_BIND_REQ message
* passed to udp_wput.
* It associates a port number and local address with the stream.
* It calls IP to verify the local IP address, and calls IP to insert
* the conn_t in the fanout table.
* If everything is ok it then sends the T_BIND_ACK back up.
*
* Note that UDP over IPv4 and IPv6 sockets can use the same port number
* without setting SO_REUSEADDR. This is needed so that they
* can be viewed as two independent transport protocols.
* However, anonymouns ports are allocated from the same range to avoid
* duplicating the us->us_next_port_to_try.
*/
static void
{
struct T_bind_req *tbr;
int error;
/*
* All Solaris components should pass a db_credp
* for this TPI message, hence we ASSERT.
* But in case there is some other M_PROTO that looks
* like a TPI message sent by some other kernel
* component, we check and return an error.
*/
return;
}
"udp_bind: bad req, len %u",
return;
}
return;
}
/*
* Reallocate the message to make sure we have enough room for an
* address.
*/
return;
}
/* Reset the message type in preparation for shipping it back. */
switch (tbr->ADDR_length) {
case 0: /* Request for a generic port */
} else {
}
break;
case sizeof (sin_t): /* Complete IPv4 address */
sizeof (sin_t));
return;
}
return;
}
break;
case sizeof (sin6_t): /* complete IPv6 address */
sizeof (sin6_t));
return;
}
return;
}
break;
default: /* Invalid request */
return;
}
if (error != 0) {
if (error > 0) {
} else {
}
} else {
}
}
/*
* This routine handles each T_CONN_REQ message passed to udp. It
* associates a default destination address with the stream.
*
* After various error checks are completed, udp_connect() lays
* the target address and port into the composite header template.
* Then we ask IP for information, including a source address if we didn't
* already have one. Finally we send up the T_OK_ACK reply message.
*/
static void
{
int error;
struct T_conn_req *tcr;
/*
* All Solaris components should pass a db_credp
* for this TPI message, hence we ASSERT.
* But in case there is some other M_PROTO that looks
* like a TPI message sent by some other kernel
* component, we check and return an error.
*/
return;
}
/* A bit of sanity checking */
return;
}
if (tcr->OPT_length != 0) {
return;
}
/*
* Determine packet type based on type of address passed in
* the request should contain an IPv4 or IPv6 address.
* Make sure that address family matches the type of
* family of the address passed down.
*/
switch (tcr->DEST_length) {
default:
return;
case sizeof (sin_t):
sizeof (sin_t));
break;
case sizeof (sin6_t):
sizeof (sin6_t));
break;
}
if (error != 0) {
return;
}
if (error != 0) {
if (error < 0)
else
} else {
/*
* We have to send a connection confirmation to
* keep TLI happy.
*/
} else {
}
return;
}
/*
* Send ok_ack for T_CONN_REQ
*/
/* Unable to reuse the T_CONN_REQ for the ack. */
return;
}
}
}
static int
{
if (flags & SO_FALLBACK) {
/*
* stream is being closed while in fallback
* simply free the resources that were allocated
*/
qprocsoff(q);
goto done;
}
done:
return (0);
}
static void
{
/* If there are any options associated with the stream, free them. */
/*
* Clear any fields which the kmem_cache constructor clears.
* Only udp_connp needs to be preserved.
* TBD: We should make this more efficient to avoid clearing
* everything.
*/
}
static int
{
int error;
return (-TOUTSTATE);
}
if (connp->conn_mcbc_bind)
else
connp->conn_fport = 0;
/* Remove any remnants of mapped address binding */
if (error != 0)
return (error);
/*
* Tell IP to remove the full binding and revert
* to the local address binding.
*/
return (ip_laddr_fanout_insert(connp));
}
static void
{
int error;
/*
* Allocate the largest primitive we need to send back
* T_error_ack is > than T_ok_ack
*/
/* Unable to reuse the T_DISCON_REQ for the ack. */
return;
}
if (error != 0) {
if (error < 0) {
} else {
}
} else {
}
}
int
{
int error;
if (error < 0)
return (error);
}
/* This routine creates a T_ERROR_ACK message and passes it upstream. */
static void
{
}
/* Shorthand to generate and send TPI error acks to our client */
static void
{
struct T_error_ack *teackp;
}
}
/* At minimum we need 4 bytes of UDP header */
#define ICMP_MIN_UDP_HDR 4
/*
* udp_icmp_input is called as conn_recvicmp to process ICMP messages.
* Generates the appropriate T_UDERROR_IND for permanent (non-transient) errors.
* Assumes that IP has pulled up everything up to and including the ICMP header.
*/
/* ARGSUSED2 */
static void
{
int iph_hdr_length;
int error = 0;
return;
}
/* Skip past the outer IP and ICMP headers */
/* Skip past the inner IP and find the ULP header */
switch (icmph->icmph_type) {
case ICMP_DEST_UNREACHABLE:
switch (icmph->icmph_code) {
case ICMP_FRAGMENTATION_NEEDED: {
/*
* IP has already adjusted the path MTU.
* But we need to adjust DF for IPv4.
*/
break;
/*
* Some other thread holds conn_ixa. We will
* redo this on the next ICMP too big.
*/
break;
}
(void) ip_get_pmtu(ixa);
} else {
}
break;
}
case ICMP_PORT_UNREACHABLE:
break;
default:
/* Transient errors */
break;
}
break;
default:
/* Transient errors */
break;
}
if (error == 0) {
return;
}
/*
* Deliver T_UDERROR_IND when the application has asked for it.
* The socket layer enables this automatically when connected.
*/
if (!connp->conn_dgram_errind) {
return;
}
switch (connp->conn_family) {
case AF_INET:
if (IPCL_IS_NONSTR(connp)) {
connp->conn_faddr_v4) {
goto done;
}
} else {
}
} else {
}
break;
case AF_INET6:
if (IPCL_IS_NONSTR(connp)) {
&connp->conn_faddr_v6)) {
goto done;
}
} else {
}
} else {
}
break;
}
done:
}
/*
* udp_icmp_error_ipv6 is called by udp_icmp_error to process ICMP for IPv6.
* Generates the appropriate T_UDERROR_IND for permanent (non-transient) errors.
* Assumes that IP has pulled up all the extension headers as well as the
* ICMPv6 header.
*/
static void
{
int error = 0;
#ifdef DEBUG
else
#endif
/* Skip past the outer IP and ICMP headers */
/* Skip past the inner IP and find the ULP header */
return;
}
switch (icmp6->icmp6_type) {
case ICMP6_DST_UNREACH:
switch (icmp6->icmp6_code) {
case ICMP6_DST_UNREACH_NOPORT:
break;
case ICMP6_DST_UNREACH_ADMIN:
case ICMP6_DST_UNREACH_ADDR:
/* Transient errors */
break;
default:
break;
}
break;
case ICMP6_PACKET_TOO_BIG: {
struct T_unitdata_ind *tudi;
sizeof (struct ip6_mtuinfo);
struct ip6_mtuinfo *mtuinfo;
/*
* If the application has requested to receive path mtu
* information, send up an empty message containing an
* IPV6_PATHMTU ancillary data item.
*/
if (!connp->conn_ipv6_recvpathmtu)
break;
break;
}
/*
* newmp->b_cont is left to NULL on purpose. This is an
* empty message containing only ancillary data.
*/
/*
* We've consumed everything we need from the original
* message. Free it, then send our empty message.
*/
return;
}
case ICMP6_TIME_EXCEEDED:
/* Transient errors */
break;
case ICMP6_PARAM_PROB:
/* If this corresponds to an ICMP_PROTOCOL_UNREACHABLE */
break;
}
break;
}
if (error == 0) {
return;
}
/*
* Deliver T_UDERROR_IND when the application has asked for it.
* The socket layer enables this automatically when connected.
*/
if (!connp->conn_dgram_errind) {
return;
}
if (IPCL_IS_NONSTR(connp)) {
&connp->conn_faddr_v6)) {
goto done;
}
} else {
}
} else {
}
done:
}
/*
* This routine responds to T_ADDR_REQ messages. It is called by udp_wput.
* The local address is filled in if endpoint is bound. The remote address
* is filled in if remote address has been precified ("connected endpoint")
* (The concept of connected CLTS sockets is alien to published TPI
* but we support it anyway).
*/
static void
{
struct T_addr_ack *taa;
/* Make it large enough for worst case */
return;
}
else
/*
* Note: Following code assumes 32 bit alignment of basic
* data structures like sin_t and struct T_addr_ack.
*/
/*
* Fill in local address first
*/
}
/*
* connected, fill remote address too
*/
/* assumed 32-bit alignment */
}
}
static void
{
} else {
}
}
static void
{
}
}
/*
* This routine responds to T_CAPABILITY_REQ messages. It is called by
* udp_wput. Much of the T_CAPABILITY_ACK information is copied from
* udp_g_t_info_ack. The current state of the stream is copied from
* udp_state.
*/
static void
{
struct T_capability_ack *tcap;
if (!mp)
return;
}
/*
* This routine responds to T_INFO_REQ messages. It is called by udp_wput.
* Most of the T_INFO_ACK information is copied from udp_g_t_info_ack.
* The current state of the stream is copied from udp_state.
*/
static void
{
/* Create a T_INFO_ACK message. */
if (!mp)
return;
}
static int
{
}
static int
{
}
/*
* This is the open routine for udp. It allocates a udp_t structure for
* the stream and, on the first open of the module, creates an ND table.
*/
static int
{
int err;
/* If the stream is already open, return immediately. */
return (0);
return (EINVAL);
} else {
/*
* Either minor numbers in the large arena were exhausted
* or a non socket application is doing the open.
* Try to allocate from the small arena.
*/
return (EBUSY);
}
if (flag & SO_FALLBACK) {
/*
* Non streams socket needs a stream to fallback to
*/
qprocson(q);
return (0);
}
return (err);
}
/*
* Initialize the udp_t structure for this stream.
*/
/*
* need to lock anything.
*/
if (flag & SO_SOCKSTR) {
}
qprocson(q);
/* Set the Stream head write offset and high watermark. */
(void) proto_set_rx_hiwat(q, connp,
return (0);
}
/*
* Which UDP options OK to set through T_UNITDATA_REQ...
*/
/* ARGSUSED */
static boolean_t
{
return (B_TRUE);
}
/*
* This routine gets default values of certain options whose default
* values are maintained by protcol specific code
*/
int
{
switch (level) {
case IPPROTO_IP:
switch (name) {
case IP_MULTICAST_TTL:
return (sizeof (uchar_t));
case IP_MULTICAST_LOOP:
return (sizeof (uchar_t));
}
break;
case IPPROTO_IPV6:
switch (name) {
case IPV6_MULTICAST_HOPS:
return (sizeof (int));
case IPV6_MULTICAST_LOOP:
return (sizeof (int));
case IPV6_UNICAST_HOPS:
return (sizeof (int));
}
break;
}
return (-1);
}
/*
* This routine retrieves the current status of socket options.
* It returns the size of the option retrieved, or -1.
*/
int
{
int len;
int retval;
coas.coa_changed = 0;
/*
* We assume that the optcom framework has checked for the set
* of levels and names that are supported, hence we don't worry
* about rejecting based on that.
* First check for UDP specific handling, then pass to common routine.
*/
switch (level) {
case IPPROTO_IP:
/*
* Only allow IPv4 option processing on IPv4 sockets.
*/
return (-1);
switch (name) {
case IP_OPTIONS:
case T_IP_OPTIONS:
return (0);
}
return (len);
}
break;
case IPPROTO_UDP:
switch (name) {
case UDP_NAT_T_ENDPOINT:
return (sizeof (int));
case UDP_RCVHDR:
return (sizeof (int));
}
}
return (retval);
}
/*
* This routine retrieves the current status of socket options.
* It returns the size of the option retrieved, or -1.
*/
int
{
int err;
return (err);
}
/*
* This routine sets socket options.
*/
int
{
int error;
/*
* First do UDP specific sanity checks and handle UDP specific
* options. Note that some IPPROTO_UDP options are handled
* by conn_opt_set.
*/
switch (level) {
case SOL_SOCKET:
switch (name) {
case SO_SNDBUF:
return (ENOBUFS);
}
break;
case SO_RCVBUF:
return (ENOBUFS);
}
break;
case SCM_UCRED: {
/*
* Only sockets that have proper privileges and are
* bound to MLPs will have any other value here, so
* this implicitly tests for privilege to set label.
*/
break;
return (EINVAL);
if (!checkonly) {
/*
* Set ixa_tsl to the new label.
* We assume that crgetzoneid doesn't change
* as part of the SCM_UCRED.
*/
return (EINVAL);
return (ENOSR);
/*
* Move the hold on the cr_label to ixa_tsl by
* setting cr_label to NULL. Then release newcr.
*/
}
/* Fully handled this option. */
return (0);
}
}
break;
case IPPROTO_UDP:
switch (name) {
case UDP_NAT_T_ENDPOINT:
return (error);
}
/*
* Use conn_family instead so we can avoid ambiguitites
* with AF_INET6 sockets that may switch from IPv4
* to IPv6.
*/
return (EAFNOSUPPORT);
}
if (!checkonly) {
}
/* Fully handled this option. */
return (0);
case UDP_RCVHDR:
return (0);
}
break;
}
return (error);
}
/*
* This routine sets socket options.
*/
int
{
int err;
switch (optset_context) {
case SETFN_OPTCOM_CHECKONLY:
/*
* Note: Implies T_CHECK semantics for T_OPTCOM_REQ
* inlen != 0 implies value supplied and
* we have to "pretend" to set it.
* inlen == 0 implies that there is no
* value part in T_CHECK request and just validation
* done elsewhere should be enough, we just return here.
*/
if (inlen == 0) {
*outlenp = 0;
return (0);
}
break;
case SETFN_OPTCOM_NEGOTIATE:
break;
case SETFN_UD_NEGOTIATE:
case SETFN_CONN_NEGOTIATE:
/*
* Negotiating local and "association-related" options
* through T_UNITDATA_REQ.
*
* Following routine can filter out ones we do not
* want to be "set" this way.
*/
*outlenp = 0;
return (EINVAL);
}
break;
default:
/*
* We should never get here
*/
*outlenp = 0;
return (EINVAL);
}
if (thisdg_attrs != NULL) {
/* Options from T_UNITDATA_REQ */
} else {
/* Get a reference on conn_ixa to prevent concurrent mods */
*outlenp = 0;
return (ENOMEM);
}
coas.coa_changed = 0;
}
if (err != 0) {
if (!coa->coa_ancillary)
*outlenp = 0;
return (err);
}
/* Handle DHCPINIT here outside of lock */
if (ifindex == 0) {
} else {
goto errout;
}
goto errout;
}
goto errout;
}
}
/*
* We've locked the conn so conn_cleanup_ill()
* cannot clear conn_dhcpinit_ill -- so it's
* safe to access the ill.
*/
}
} else {
}
}
/*
* Common case of OK return with outval same as inval.
*/
}
/*
* If this was not ancillary data, then we rebuild the headers,
* Since the label depends on the destination we go through
* ip_set_destination first.
*/
if (coa->coa_ancillary) {
return (0);
}
/*
* We clear lastdst to make sure we pick up the change
* next time sending.
* If we are connected we re-cache the information.
* We ignore errors to preserve BSD behavior.
* Note that we don't redo IPsec policy lookup here
* since the final destination (or source) didn't change.
*/
if (!IN6_IS_ADDR_UNSPECIFIED(&faddr) &&
}
}
/*
* Rebuild the header template if we are connected.
* Otherwise clear conn_v6lastdst so we rebuild the header
* in the data path.
*/
if (err != 0) {
return (err);
}
} else {
}
}
connp->conn_rcvbuf);
}
}
/* Increase wroff if needed */
if (udp->udp_nat_t_endpoint)
} else {
}
}
return (err);
}
/* This routine sets socket options. */
int
{
int error;
return (error);
}
/*
* Setup IP and UDP headers.
* Returns NULL on allocation failure, in which case data_mp is freed.
*/
mblk_t *
{
if (insert_spi)
ulp_hdr_len += sizeof (uint32_t);
return (NULL);
}
data_len += ulp_hdr_len;
udpha->uha_checksum = 0;
/*
* has massaged it and placed the pseudo-header checksum difference
* in the cksum argument.
*
* Setup header length and prepare for ULP checksum done in IP.
*
* We make it easy for IP to include our pseudo header
* by putting our length in uha_checksum.
* The IP source, destination, and length have already been set by
* conn_prepend_hdr.
*/
/* IP does the checksum if uha_checksum is non-zero */
if (us->us_do_checksum) {
if (cksum == 0)
else
} else {
udpha->uha_checksum = 0;
}
} else {
if (cksum == 0)
else
}
/* Insert all-0s SPI now. */
if (insert_spi)
return (mp);
}
static int
{
int error;
/*
* We clear lastdst to make sure we don't use the lastdst path
* next time sending since we might not have set v6dst yet.
*/
flowinfo);
if (error != 0)
return (error);
/*
* is stored in conn_sum.
*/
udpha->uha_checksum = 0;
return (0);
}
static mblk_t *
{
/*
* fallback has started but messages have not been moved yet
*/
} else {
}
return (NULL);
} else {
/*
* Fallback completed, let the caller putnext() the mblk.
*/
return (mp);
}
}
/*
* Deliver data to ULP. In case we have a socket, and it's falling back to
* TPI, then we'll queue the mp for later processing.
*/
static void
{
if (IPCL_IS_NONSTR(connp)) {
int error;
/*
* let's confirm while holding the lock
*/
}
}
} else {
}
}
} else {
if (is_system_labeled()) {
/*
* Provide for protocols above UDP such as RPC
* NOPID leaves db_cpid unchanged.
*/
}
}
}
/*
* This is the inbound data path.
* IP has already pulled up the IP plus UDP headers and verified alignment
* etc.
*/
/* ARGSUSED2 */
static void
{
struct T_unitdata_ind *tudi;
int hdr_length; /* Length of IP+UDP headers */
int udi_size; /* Size of T_unitdata_ind */
int pkt_len;
/*
* Get a snapshot of these and allow other threads to change
* them after that. We need the same recv_ancillary when determining
* the size as when adding the ancillary data items.
*/
/*
* IP inspected the UDP header thus all of it must be in the mblk.
* UDP length check is performed for IPv6 packets and IPv4 packets
* to check if the size of the packet as specified
* by the UDP header is the same as the length derived from the IP
* header.
*/
goto tossit;
hdr_length += UDPH_SIZE;
/* Initialize regardless of IP version */
ipps.ipp_fields = 0;
udp_ipv4_options_len > 0) &&
int err;
/*
* held. Not needed for AF_INET6 sockets
* since they don't support a getsockopt of IP_OPTIONS.
*/
B_TRUE);
if (err != 0) {
/* Allocation failed. Drop packet */
return;
}
}
if (recv_ancillary.crb_all != 0) {
/*
* Record packet information in the ip_pkt_t
*/
} else {
/*
* IPv6 packets can only be received by applications
* that are prepared to receive IPv6 addresses.
* The IP fanout must ensure this.
*/
/* We don't care about the length, but need the ipp */
&nexthdrp);
/* Restore */
}
}
/*
* This is the inbound data path. Packets are passed upstream as
* T_UNITDATA_IND messages.
*/
/*
* Normally only send up the source address.
* If any ancillary data items are wanted we add those.
*/
if (recv_ancillary.crb_all != 0) {
}
/* Allocate a message block for the T_UNITDATA_IND structure. */
return;
}
sizeof (sin_t);
/*
* Add options if IP_RECVDSTADDR, IP_RECVIF, IP_RECVSLLA or
* IP_RECVTTL has been set.
*/
if (udi_size != 0) {
}
} else {
/*
* Handle both IPv4 and IPv6 packets for IPv6 sockets.
*
* Normally we only send up the address. If receiving of any
* optional receive side information is enabled, we also send
* that up as options.
*/
if (recv_ancillary.crb_all != 0) {
}
return;
}
sizeof (sin6_t);
&v6dst);
sin6->sin6_flowinfo = 0;
sin6->sin6_scope_id = 0;
} else {
/* No sin6_flowinfo per API */
sin6->sin6_flowinfo = 0;
/* For link-scope pass up scope id */
else
sin6->sin6_scope_id = 0;
us->us_netstack);
}
if (udi_size != 0) {
}
}
/*
* DTrace this UDP input as udp:::receive (this is for IPv4, IPv6 and
* loopback traffic).
*/
/* Walk past the headers unless IP_RECVHDR was set. */
if (!udp->udp_rcvhdr) {
pkt_len -= hdr_length;
}
return;
}
/*
* This routine creates a T_UDERROR_IND message and passes it upstream.
* The address and options are copied from the T_UNITDATA_REQ message
* passed in mp. This message is freed.
*/
static void
{
struct T_unitdata_req *tudr;
goto done;
}
goto done;
}
goto done;
}
done:
}
/*
* This routine removes a port number association from a stream. It
* is called by udp_wput to handle T_UNBIND_REQ messages.
*/
static void
{
int error;
if (error) {
if (error < 0)
else
return;
}
}
/*
* Don't let port fall into the privileged range.
* Since the extra privileged ports can be arbitrary we also
* ensure that we exclude those from consideration.
* us->us_epriv_ports is not sorted thus we loop over it until
* there are no changes.
*/
static in_port_t
{
int i, bump;
if (random && udp_random_anon_port != 0) {
sizeof (in_port_t));
/*
* Unless changed by a sys admin, the smallest anon port
* is 32768 and the largest anon port is 65535. It is
* very likely (50%) for the random port to be smaller
* than the smallest anon port. When that happens,
* add port % (anon port range) to the smallest anon
* port to get the random port. It should fall into the
* valid anon port range.
*/
if (us->us_smallest_anon_port ==
bump = 0;
} else {
}
}
}
if (restart)
return (0);
}
for (i = 0; i < us->us_num_epriv_ports; i++) {
port++;
/*
* Make sure that the port is in the
* valid range.
*/
goto retry;
}
}
if (is_system_labeled() &&
goto retry;
}
return (port);
}
/*
* Handle T_UNITDATA_REQ with options. Both IPv4 and IPv6
* Either tudr_mp or msg is set. If tudr_mp we take ancillary data from
* the TPI options, otherwise we take them from msg_control.
* If both sin and sin6 is set it is a connected socket and we use conn_faddr.
* Always consumes mp; never consumes tudr_mp.
*/
static int
{
int error;
int is_absreq_failure = 0;
/*
* Get ixa before checking state to handle a disconnect race.
*
* We need an exclusive copy of conn_ixa since the ancillary data
* options might modify it. That copy has no pointers hence we
* need to set them up once we've parsed the ancillary data.
*/
return (ENOMEM);
}
if (is_system_labeled()) {
/* We need to restart with a label based on the cred */
}
/* In case previous destination was multicast or multirt */
/* Get a copy of conn_xmit_ipp since the options might change it */
return (ENOMEM);
}
if (error != 0) {
goto done;
}
/*
* Parse the options and update ixa and ipp as a result.
* Note that ixa_tsl can be updated if SCM_UCRED.
* ixa_refrele/ixa_inactivate will release any reference on ixa_tsl.
*/
coa->coa_changed = 0;
} else {
struct T_unitdata_req *tudr;
coa, &is_absreq_failure);
}
if (error != 0) {
/*
* Note: No special action needed in this
* module for "is_absreq_failure"
*/
goto done;
}
ASSERT(is_absreq_failure == 0);
/*
* If laddr is unspecified then we look at sin6_src_id.
* We will give precedence to a source address set with IPV6_PKTINFO
* (aka IPPF_ADDR) but that is handled in build_hdrs. However, we don't
* want ip_attr_connect to select a source (since it can fail) when
* IPV6_PKTINFO is specified.
* If this doesn't result in a source address then we get a source
* from ip_attr_connect() below.
*/
flowinfo = 0;
} else {
}
}
if (IN6_IS_ADDR_V4MAPPED(&v6dst))
else
} else {
/* Connected case */
}
/* Handle IP_PKTINFO/IPV6_PKTINFO setting source address. */
} else {
}
}
switch (error) {
case 0:
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
goto failed;
case ENETDOWN:
/*
* Have !ipif_addr_ready address; drop packet silently
* until we can get applications to not send until we
* are ready.
*/
error = 0;
goto failed;
case EHOSTUNREACH:
case ENETUNREACH:
/*
* Let conn_ip_output/ire_send_noroute return
* the error and send any local ICMP error.
*/
error = 0;
break;
}
/* FALLTHRU */
default:
goto done;
}
/*
* We might be going to a different destination than last time,
* thus check that TX allows the communication and compute any
* needed label.
*
* TSOL Note: We have an exclusive ipp and ixa for this thread so we
* don't have to worry about concurrent threads.
*/
if (is_system_labeled()) {
/* Using UDP MLP requires SCM_UCRED from user */
goto done;
}
/*
* Check whether Trusted Solaris policy allows communication
* with this host, and pretend that the destination is
* unreachable if not.
* Compute any needed label and place it in ipp_label_v4/v6.
*
* Later conn_build_hdr_template/conn_prepend_hdr takes
* ipp_label_v4/v6 to form the packet.
*
* Tsol note: We have ipp structure local to this thread so
* no locking is needed.
*/
if (error != 0) {
goto done;
}
}
goto done;
}
goto done;
}
/* We're done. Pass the packet to ip. */
/* No udpOutErrors if an error since IP increases its error counter */
switch (error) {
case 0:
break;
case EWOULDBLOCK:
error = 0;
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
/* FALLTHRU */
default:
/*
* Clear the source and v6lastdst so we call ip_attr_connect
* for the next packet and try to pick a better source.
*/
if (connp->conn_mcbc_bind)
else
break;
}
done:
return (error);
}
/*
* Handle sending an M_DATA for a connected socket.
* Handles both IPv4 and IPv6.
*/
static int
{
int error;
/*
* If no other thread is using conn_ixa this just gets a reference to
* conn_ixa. Otherwise we get a safe copy of conn_ixa.
*/
return (ENOMEM);
}
return (error);
}
/*
* In case we got a safe copy of conn_ixa, or if opt_set made us a new
* safe copy, then we need to fill in any pointers in it.
*/
switch (error) {
case 0:
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
goto failed;
case ENETDOWN:
/*
* Have !ipif_addr_ready address; drop packet silently
* until we can get applications to not send until we
* are ready.
*/
error = 0;
goto failed;
case EHOSTUNREACH:
case ENETUNREACH:
/*
* Let conn_ip_output/ire_send_noroute return
* the error and send any local ICMP error.
*/
error = 0;
break;
}
/* FALLTHRU */
default:
return (error);
}
} else {
/* Done with conn_t */
}
/* We're done. Pass the packet to ip. */
/* No udpOutErrors if an error since IP increases its error counter */
switch (error) {
case 0:
break;
case EWOULDBLOCK:
error = 0;
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
break;
}
return (error);
}
/*
* Handle sending an M_DATA to the last destination.
* Handles both IPv4 and IPv6.
*
* NOTE: The caller must hold conn_lock and we drop it here.
*/
static int
{
int error;
return (error);
}
/*
* In case we got a safe copy of conn_ixa, or if opt_set made us a new
* safe copy, then we need to fill in any pointers in it.
*/
switch (error) {
case 0:
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
goto failed;
case ENETDOWN:
/*
* Have !ipif_addr_ready address; drop packet silently
* until we can get applications to not send until we
* are ready.
*/
error = 0;
goto failed;
case EHOSTUNREACH:
case ENETUNREACH:
/*
* Let conn_ip_output/ire_send_noroute return
* the error and send any local ICMP error.
*/
error = 0;
break;
}
/* FALLTHRU */
default:
return (error);
}
} else {
/* Done with conn_t */
}
/* We're done. Pass the packet to ip. */
/* No udpOutErrors if an error since IP increases its error counter */
switch (error) {
case 0:
break;
case EWOULDBLOCK:
error = 0;
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
/* FALLTHRU */
default:
/*
* Clear the source and v6lastdst so we call ip_attr_connect
* for the next packet and try to pick a better source.
*/
if (connp->conn_mcbc_bind)
else
break;
}
return (error);
}
/*
* Prepend the header template and then fill in the source and
* flowinfo. The caller needs to handle the destination address since
* it's setting is different if rthdr or source route.
*
* Returns NULL is allocation failed or if the packet would exceed IP_MAXPACKET.
* When it returns NULL it sets errorp.
*/
static mblk_t *
{
/*
* Copy the header template and leave space for an SPI
*/
if (pktlen > IP_MAXPACKET) {
return (NULL);
}
return (NULL);
}
}
/*
* Setup header length and prepare for ULP checksum done in IP.
* udp_build_hdr_template has already massaged any routing header
* and placed the result in conn_sum.
*
* We make it easy for IP to include our pseudo header
* by putting our length in uha_checksum.
*/
/* IP does the checksum if uha_checksum is non-zero */
if (us->us_do_checksum)
/* if IP_PKTINFO specified an addres it wins over bind() */
} else {
}
} else {
/* if IP_PKTINFO specified an addres it wins over bind() */
} else {
}
/* Overrides the class part of flowinfo */
ipp->ipp_tclass);
}
}
/* Insert all-0s SPI now. */
if (insert_spi)
return (mp);
}
/*
* Send a T_UDERR_IND in response to an M_DATA
*/
static void
{
struct sockaddr_storage ss;
/* Initialize addr and addrlen as if they're passed in */
} else {
} else {
sin6->sin6_scope_id = 0;
}
sin6->__sin6_src_id = 0;
}
}
/*
* This routine handles all messages passed downstream. It either
* consumes the message or passes it downstream; it never queues a
* a message.
*
* Also entry point for sockfs when udp is in "direct sockfs" mode. This mode
* is valid when we are directly beneath the stream head, and thus sockfs
* is able to bypass STREAMS and directly call us, passing along the sockaddr
* structure without the cumbersome T_UNITDATA_REQ interface for the case of
* connected endpoints.
*/
void
{
int error = 0;
struct T_unitdata_req *tudr;
/*
* We directly handle several cases here: T_UNITDATA_REQ message
* socket.
*/
case M_DATA:
/* Not connected; address is required */
return;
}
/*
* All Solaris components should pass a db_credp
* for this message, hence we ASSERT.
* On production kernels we return an error to be robust against
* random streams modules sitting on top of us.
*/
return;
}
if (error != 0) {
#ifdef DEBUG
#endif
}
return;
case M_PROTO:
case M_PCPROTO:
udp_wput_other(q, mp);
return;
}
break;
default:
udp_wput_other(q, mp);
return;
}
/* Handle valid T_UNITDATA_REQ here */
goto ud_error2;
}
goto ud_error2;
}
/*
* All Solaris components should pass a db_credp
* for this TPI message, hence we should ASSERT.
* However, RPC (svc_clts_ksend) does this odd thing where it
* passes the options from a T_UNITDATA_IND unchanged in a
* T_UNITDATA_REQ. While that is the right thing to do for
* some options, SCM_UCRED being the key one, this also makes it
* pass down IP_RECVDSTADDR. Hence we can't ASSERT here.
*/
}
/*
* If a port has not been bound to the stream, fail.
* This is not a problem when sockfs is directly
* above us, because it will ensure that the socket
* is first bound before allowing data to be sent.
*/
goto ud_error2;
}
switch (connp->conn_family) {
case AF_INET6:
goto ud_error2;
}
/*
* Destination is a non-IPv4-compatible IPv6 address.
* Send out an IPv6 format packet.
*/
/*
* If the local address is a mapped address return
* an error.
* It would be possible to send an IPv6 packet but the
* response would never make it back to the application
* since it is bound to a mapped address.
*/
goto ud_error2;
}
} else {
if (connp->conn_ipv6_v6only) {
goto ud_error2;
}
/*
* If the local address is not zero or a mapped address
* return an error. It would be possible to send an
* IPv4 packet but the response would never make it
* back to the application since it is bound to a
* non-mapped address.
*/
goto ud_error2;
}
}
}
if (tudr->OPT_length != 0) {
/*
* If we are connected then the destination needs to be
* the same as the connected one.
*/
goto ud_error2;
}
} else {
/*
* We have to allocate an ip_xmit_attr_t before we grab
* conn_lock and we need to hold conn_lock once we've
* checked conn_same_as_last_v6 to handle concurrent
* send* calls on a socket.
*/
goto ud_error2;
}
/* udp_output_lastdst drops conn_lock */
} else {
/* udp_output_newdst drops conn_lock */
}
}
if (error == 0) {
return;
}
break;
case AF_INET:
goto ud_error2;
}
srcid = 0;
if (tudr->OPT_length != 0) {
/*
* If we are connected then the destination needs to be
* the same as the connected one.
*/
goto ud_error2;
}
} else {
/*
* We have to allocate an ip_xmit_attr_t before we grab
* conn_lock and we need to hold conn_lock once we've
* checked conn_same_as_last_v4 to handle concurrent
* send* calls on a socket.
*/
goto ud_error2;
}
/* udp_output_lastdst drops conn_lock */
} else {
/* udp_output_newdst drops conn_lock */
}
}
if (error == 0) {
return;
}
break;
}
/* mp is freed by the following routine */
return;
/* mp is freed by the following routine */
}
/*
* Handle the case of the IP address, port, flow label being different
* for both IPv4 and IPv6.
*
* NOTE: The caller must hold conn_lock and we drop it here.
*/
static int
{
int error = 0;
/*
* We hold conn_lock across all the use and modifications of
* the conn_lastdst, conn_ixa, and conn_xmit_ipp to ensure that they
* stay consistent.
*/
if (is_system_labeled()) {
/* We need to restart with a label based on the cred */
}
/*
* If we are connected then the destination needs to be the
* same as the connected one, which is not the case here since we
* checked for that above.
*/
goto ud_error;
}
/* In case previous destination was multicast or multirt */
/*
* If laddr is unspecified then we look at sin6_src_id.
* We will give precedence to a source address set with IPV6_PKTINFO
* (aka IPPF_ADDR) but that is handled in build_hdrs. However, we don't
* want ip_attr_connect to select a source (since it can fail) when
* IPV6_PKTINFO is specified.
* If this doesn't result in a source address then we get a source
* from ip_attr_connect() below.
*/
flowinfo = 0;
srcid = 0;
}
} else {
} else {
}
}
if (IN6_IS_ADDR_V4MAPPED(&v6dst))
else
}
/* Handle IP_PKTINFO/IPV6_PKTINFO setting source address. */
} else {
}
}
switch (error) {
case 0:
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
goto failed;
case ENETDOWN:
/*
* Have !ipif_addr_ready address; drop packet silently
* until we can get applications to not send until we
* are ready.
*/
error = 0;
goto failed;
case EHOSTUNREACH:
case ENETUNREACH:
/*
* Let conn_ip_output/ire_send_noroute return
* the error and send any local ICMP error.
*/
error = 0;
break;
}
/* FALLTHRU */
default:
goto ud_error;
}
/*
* Cluster note: we let the cluster hook know that we are sending to a
*/
if (cl_inet_connect2 != NULL) {
if (error != 0) {
goto ud_error;
}
}
/*
* While we dropped the lock some other thread might have connected
* this socket. If so we bail out with EISCONN to ensure that the
* connecting thread is the one that updates conn_ixa, conn_ht_*
* and conn_*last*.
*/
goto ud_error;
}
/*
* We need to rebuild the headers if
* - we are labeling packets (could be different for different
* destinations)
* - we have a source route (or routing header) since we need to
* massage that to get the pseudo-header checksum
* - the IP version is different than the last time
* - a socket option with COA_HEADER_CHANGED has been set which
* set conn_v6lastdst to zero.
*
* Otherwise the prepend function will just update the src, dst,
* dstport, and flow label.
*/
if (is_system_labeled()) {
/* TX MLP requires SCM_UCRED and don't have that here */
goto ud_error;
}
/*
* Check whether Trusted Solaris policy allows communication
* with this host, and pretend that the destination is
* unreachable if not.
* Compute any needed label and place it in ipp_label_v4/v6.
*
* Later conn_build_hdr_template/conn_prepend_hdr takes
* ipp_label_v4/v6 to form the packet.
*
* Tsol note: Since we hold conn_lock we know no other
* thread manipulates conn_xmit_ipp.
*/
&connp->conn_xmit_ipp);
if (error != 0) {
goto ud_error;
}
/* Rebuild the header template */
flowinfo);
if (error != 0) {
goto ud_error;
}
(IPPF_IPV4_OPTIONS|IPPF_RTHDR)) ||
/* Rebuild the header template */
flowinfo);
if (error != 0) {
goto ud_error;
}
} else {
/* Simply update the destination address if no source route */
} else {
}
} else {
}
}
/*
* template and conn_ixa.
*/
/* Also remember a source to use together with lastdst */
/* Done with conn_t */
goto ud_error;
}
/* We're done. Pass the packet to ip. */
/* No udpOutErrors if an error since IP increases its error counter */
switch (error) {
case 0:
break;
case EWOULDBLOCK:
error = 0;
break;
case EADDRNOTAVAIL:
/*
* IXAF_VERIFY_SOURCE tells us to pick a better source.
* Don't have the application see that errno
*/
error = ENETUNREACH;
/* FALLTHRU */
default:
/*
* Clear the source and v6lastdst so we call ip_attr_connect
* for the next packet and try to pick a better source.
*/
if (connp->conn_mcbc_bind)
else
break;
}
return (error);
return (error);
}
/* ARGSUSED */
static void
{
#ifdef DEBUG
#endif
}
/*
* Handle special out-of-band ioctl requests (see PSARC/2008/265).
*/
static void
{
void *data;
return;
}
case TI_GETPEERNAME:
else
break;
case TI_GETMYNAME:
break;
default:
break;
}
}
static void
{
}
static void
{
case M_CMD:
udp_wput_cmdblk(q, mp);
return;
case M_PROTO:
case M_PCPROTO:
/*
* If the message does not contain a PRIM_type,
* throw it away.
*/
return;
}
case T_ADDR_REQ:
udp_addr_req(q, mp);
return;
case O_T_BIND_REQ:
case T_BIND_REQ:
udp_tpi_bind(q, mp);
return;
case T_CONN_REQ:
udp_tpi_connect(q, mp);
return;
case T_CAPABILITY_REQ:
udp_capability_req(q, mp);
return;
case T_INFO_REQ:
udp_info_req(q, mp);
return;
case T_UNITDATA_REQ:
/*
* If a T_UNITDATA_REQ gets here, the address must
* be bad. Valid T_UNITDATA_REQs are handled
* in udp_wput.
*/
return;
case T_UNBIND_REQ:
udp_tpi_unbind(q, mp);
return;
case T_SVR4_OPTMGMT_REQ:
/*
* All Solaris components should pass a db_credp
* for this TPI message, hence we ASSERT.
* But in case there is some other M_PROTO that looks
* like a TPI message sent by some other kernel
* component, we check and return an error.
*/
return;
}
cr)) {
}
return;
case T_OPTMGMT_REQ:
/*
* All Solaris components should pass a db_credp
* for this TPI message, hence we ASSERT.
* But in case there is some other M_PROTO that looks
* like a TPI message sent by some other kernel
* component, we check and return an error.
*/
return;
}
return;
case T_DISCON_REQ:
udp_tpi_disconnect(q, mp);
return;
/* The following TPI message is not supported by udp. */
case O_T_CONN_RES:
case T_CONN_RES:
return;
/* The following 3 TPI requests are illegal for udp. */
case T_DATA_REQ:
case T_EXDATA_REQ:
case T_ORDREL_REQ:
return;
default:
break;
}
break;
case M_FLUSH:
break;
case M_IOCTL:
case TI_GETPEERNAME:
/*
* If a default destination address has not
* been associated with the stream, then we
* don't know the peer's name.
*/
return;
}
/* FALLTHRU */
case TI_GETMYNAME:
/*
* For TI_GETPEERNAME and TI_GETMYNAME, we first
* need to copyin the user's strbuf structure.
* Processing will continue in the M_IOCDATA case
* below.
*/
return;
case _SIOCSOCKFALLBACK:
/*
* Either sockmod is about to be popped and the
* socket would now be treated as a plain stream,
* or a module is about to be pushed so we have
* to follow pure TPI semantics.
*/
if (!udp->udp_issocket) {
} else {
}
return;
default:
break;
}
break;
case M_IOCDATA:
udp_wput_iocdata(q, mp);
return;
default:
/* Unrecognized messages are passed through without change. */
break;
}
ip_wput_nondata(q, mp);
}
/*
* udp_wput_iocdata is called by udp_wput_other to handle all M_IOCDATA
* messages.
*/
static void
{
/* Make sure it is one of ours. */
case TI_GETMYNAME:
case TI_GETPEERNAME:
break;
default:
ip_wput_nondata(q, mp);
return;
}
case -1:
return;
break;
/*
* The address has been copied out, so now
* copyout the strbuf.
*/
mi_copyout(q, mp);
return;
/*
* The address and strbuf have been copied out.
* We're done, so just acknowledge the original
* M_IOCTL.
*/
mi_copy_done(q, mp, 0);
return;
default:
/*
* Something strange has happened, so acknowledge
* the original M_IOCTL with an EPROTO error.
*/
return;
}
/*
* Now we have the strbuf structure for TI_GETMYNAME
* and TI_GETPEERNAME. Next we copyout the requested
* address and then we'll copyout the strbuf.
*/
else
return;
}
case TI_GETMYNAME:
break;
case TI_GETPEERNAME:
return;
}
break;
}
if (!mp1)
return;
case TI_GETMYNAME:
&addrlen);
break;
case TI_GETPEERNAME:
&addrlen);
break;
}
/* Copy out the address */
mi_copyout(q, mp);
}
void
udp_ddi_g_init(void)
{
/*
* We want to be informed each time a stack is created or
* destroyed in the kernel, so we can maintain the
* set of udp_stack_t's.
*/
}
void
udp_ddi_g_destroy(void)
{
}
#define INET_NAME "ip"
/*
* Initialize the UDP stack instance.
*/
static void *
{
int i;
int error = 0;
/*
* The smallest anonymous port in the priviledged port range which UDP
* looks for free port. Use in the option UDP_ANONPRIVBIND.
*/
/* Not a power of two. Round up to nearest power of two */
for (i = 0; i < 31; i++) {
break;
}
}
sizeof (udp_fanout_t), KM_SLEEP);
for (i = 0; i < us->us_bind_fanout_size; i++) {
NULL);
}
KM_SLEEP);
/* Allocate the per netstack stats */
KM_SLEEP);
KM_SLEEP);
}
return (us);
}
/*
* Free the UDP stack instance.
*/
static void
{
int i;
for (i = 0; i < us->us_bind_fanout_size; i++) {
}
sizeof (udp_fanout_t));
udp_propinfo_count * sizeof (mod_prop_info_t));
}
static size_t
{
/* We add a bit of extra buffering */
return (size);
}
/*
* For the lower queue so that UDP can be a dummy mux.
* Nobody should be sending
* packets up this stream
*/
static void
{
case M_FLUSH:
/* Turn around */
return;
}
break;
}
}
/*
* For the lower queue so that UDP can be a dummy mux.
* Nobody should be sending packets down this stream.
*/
/* ARGSUSED */
void
{
}
/*
* When a CPU is added, we need to allocate the per CPU stats struct.
*/
void
{
int i;
return;
KM_SLEEP);
}
}
/*
* Below routines for UDP socket module.
*/
static conn_t *
{
netstack_t *ns;
int len;
return (NULL);
/*
* For exclusive stacks we set the zoneid to zero
* to make UDP operate as if in the global zone.
*/
else
return (NULL);
}
/*
* ipcl_conn_create did a netstack_hold. Undo the hold that was
* done by netstack_find_by_cred()
*/
/*
* need to lock anything.
*/
/* Set the initial state of the stream and the privilege status. */
if (isv6) {
} else {
}
/* conn_allzones can not be set this early, hence no IPCL_ZONEID */
/*
* If the caller has the process-wide flag set, then default to MAC
* exempt mode. This allows read-down to unlabeled hosts.
*/
/* Cache things in ixa without an extra refhold */
if (is_system_labeled())
if (us->us_pmtu_discovery)
return (connp);
}
{
return (NULL);
}
else
return (NULL);
/*
* Set flow control
* need to lock anything.
*/
*errorp = 0;
return ((sock_lower_handle_t)connp);
}
/* ARGSUSED3 */
void
{
struct sock_proto_props sopp;
/* All Solaris components should pass a cred for this operation. */
&sopp);
}
static void
{
/*
* Running in cluster mode - register unbind information
*/
(*cl_inet_unbind)(
} else {
(*cl_inet_unbind)(
}
}
if (!IPCL_IS_NONSTR(connp)) {
}
/*
* Now we are truly single threaded on this stream, and can
* delete the things hanging off the connp, and finally the connp.
* We removed this connp from the fanout list, it cannot be
* accessed thru the fanouts, and we already waited for the
* conn_ref to drop to 0. We are already in close, so
* there cannot be any other thread from the top. qprocsoff
* has completed, and service has completed or won't run in
* future.
*/
if (!IPCL_IS_NONSTR(connp)) {
} else {
}
}
/* ARGSUSED1 */
int
{
/* All Solaris components should pass a cred for this operation. */
return (0);
}
static int
{
int error = 0;
int count;
int loopmax;
switch (len) {
case sizeof (sin_t): /* Complete IPv4 address */
return (EINVAL);
return (EAFNOSUPPORT);
}
if (v4src != INADDR_ANY) {
B_TRUE);
}
break;
case sizeof (sin6_t): /* complete IPv6 address */
return (EINVAL);
return (EAFNOSUPPORT);
}
if (IN6_IS_ADDR_V4MAPPED(&v6src)) {
if (connp->conn_ipv6_v6only)
return (EADDRNOTAVAIL);
if (v4src != INADDR_ANY) {
}
} else {
if (!IN6_IS_ADDR_UNSPECIFIED(&v6src)) {
if (IN6_IS_ADDR_LINKSCOPE(&v6src))
}
}
break;
default: /* Invalid request */
"udp_bind: bad ADDR_length length %u", len);
return (-TBADADDR);
}
/* Is the local address a valid unicast, multicast, or broadcast? */
if (laddr_type == IPVL_BAD)
return (EADDRNOTAVAIL);
if (requested_port == 0 || !bind_to_req_port_only)
else /* T_BIND_REQ and requested_port != 0 */
if (requested_port == 0) {
/*
* If the application passed in zero for the port number, it
* doesn't care which port number we bind to. Get one in the
* valid range.
*/
if (connp->conn_anon_priv_bind) {
} else {
}
} else {
/*
* If the port is in the well-known privileged range,
* make sure the caller was privileged.
*/
int i;
} else {
for (i = 0; i < us->us_num_epriv_ports; i++) {
break;
}
}
}
if (priv) {
return (-TACCES);
}
}
if (port == 0)
return (-TNOADDR);
/*
* The state must be TS_UNBND. TPI mandates that users must send
* TPI primitives only 1 at a time and wait for the response before
* sending the next primitive.
*/
return (-TOUTSTATE);
}
/*
* Copy the source address into our udp structure. This address
* may still be zero; if so, IP will fill in the correct address
* each time an outbound packet is passed to it. Since the udp is
* not yet in the bind hash list, we don't grab the uf_lock to
* change conn_ipversion
*/
} else {
if (IN6_IS_ADDR_V4MAPPED(&v6src)) {
/*
* no need to hold the uf_lock to set the conn_ipversion
* since we are not yet in the fanout list
*/
} else {
}
}
/*
* If conn_reuseaddr is not set, then we have to make sure that
* the IP address and port number the application requested
* (or we selected for the application) is not being used by
* another stream. If another stream is already using the
* requested IP address and port, the behavior depends on
* "bind_to_req_port_only". If set the bind fails; otherwise we
* search for any an unused port to bind to the stream.
*
* As per the BSD semantics, as modified by the Deering multicast
* changes, if udp_reuseaddr is set, then we allow multiple binds
* to the same port independent of the local IP address.
*
* This is slightly different than in SunOS 4.X which did not
* support IP multicast. Note that the change implemented by the
* Deering multicast code effects all binds - not only binding
* to IP multicast addresses.
*
* Note that when binding to port zero we ignore SO_REUSEADDR in
* order to guarantee a unique port.
*/
count = 0;
if (connp->conn_anon_priv_bind) {
/*
* loopmax = (IPPORT_RESERVED-1) -
* us->us_min_anonpriv_port + 1
*/
} else {
}
for (;;) {
/*
* Walk through the list of udp streams bound to
* requested port with the same IP address.
*/
continue;
/*
* On a labeled system, we must treat bindings to ports
* on shared IP addresses by sockets with MAC exemption
* privilege as being in all zones, as there's
* otherwise no way to identify the right receiver.
*/
continue;
/*
* If UDP_EXCLBIND is set for either the bound or
* binding endpoint, the semantics of bind
* is changed according to the following chart.
*
* spec = specified address (v4 or v6)
* unspec = unspecified address (v4 or v6)
* A = specified addresses are different for endpoints
*
* bound bind to allowed?
* -------------------------------------
* unspec unspec no
* unspec spec no
* spec unspec no
* spec spec yes if A
*
* For labeled systems, SO_MAC_EXEMPT behaves the same
* as UDP_EXCLBIND, except that zoneid is ignored.
*/
if (V6_OR_V4_INADDR_ANY(
connp1->conn_bound_addr_v6) ||
&v6src)) {
break;
}
continue;
}
/*
* Check ipversion to allow IPv4 and IPv6 sockets to
* have disjoint port number spaces.
*/
/*
* On the first time through the loop, if the
* the user intentionally specified a
* particular port number, then ignore any
* bindings of the other protocol that may
* conflict. This allows the user to bind IPv6
* alone and get both v4 and v6, or bind both
* both and get each seperately. On subsequent
* times through the loop, we're checking a
* port that we chose (not the user) and thus
* we do not allow casual duplicate bindings.
*/
if (count == 0 && requested_port != 0)
continue;
}
/*
* No difference depending on SO_REUSEADDR.
*
* If existing port is bound to a
* non-wildcard IP address and
* the requesting stream is bound to
* a distinct different IP addresses
* (non-wildcard, also), keep going.
*/
if (!is_inaddr_any &&
&v6src)) {
continue;
}
break;
}
if (!found_exclbind &&
break;
}
/*
* No other stream has this IP address
* and port number. We can use it.
*/
break;
}
if (bind_to_req_port_only) {
/*
* We get here only when requested port
* is bound (and only first of the for()
* loop iteration).
*
* The semantics of this bind request
* require it to fail so we return from
* the routine (and exit the loop).
*
*/
return (-TADDRBUSY);
}
if (connp->conn_anon_priv_bind) {
} else {
if ((count == 0) && (requested_port != 0)) {
/*
* If the application wants us to find
* a port, get one to start with. Set
* requested_port to 0, so that we will
* update us->us_next_port_to_try below.
*/
requested_port = 0;
} else {
B_FALSE);
}
}
/*
* We've tried every possible port number and
* there are none available, so send an error
* to the user.
*/
return (-TNOADDR);
}
}
/*
* Copy the source address into our udp structure. This address
* may still be zero; if so, ip_attr_connect will fill in the correct
* address when a packet is about to be sent.
* If we are binding to a broadcast or multicast address then
* we just set the conn_bound_addr since we don't want to use
* that as the source address when sending.
*/
if (scopeid != 0) {
} else {
}
switch (laddr_type) {
case IPVL_UNICAST_UP:
case IPVL_UNICAST_DOWN:
break;
case IPVL_MCAST:
case IPVL_BCAST:
/* ip_set_destination will pick a source address later */
break;
}
/* Any errors after this point should use late_error */
/*
* Now reset the next anonymous port if the application requested
* an anonymous port, or we handed out the next anonymous port.
*/
}
/* Initialize the T_BIND_ACK. */
} else {
}
if (cl_inet_bind) {
/*
* Running in cluster mode - register bind information
*/
} else {
}
}
connp->conn_anon_mlp)) {
if (addrtype == mlptSingle) {
goto late_error;
}
addrtype);
/*
* It is a coding error to attempt to bind an MLP port
* without first setting SOL_SOCKET/SCM_UCRED.
*/
if (mlptype != mlptSingle &&
goto late_error;
}
/*
* It is an access violation to attempt to bind an MLP port
* without NET_BINDMLP privilege.
*/
if (mlptype != mlptSingle &&
secpolicy_net_bindmlp(cr) != 0) {
if (connp->conn_debug) {
"udp_bind: no priv for multilevel port %d",
mlpport);
}
goto late_error;
}
/*
* If we're specifically binding a shared IP address and the
* port is MLP on shared addresses, then check to see if this
* zone actually owns the MLP. Reject if not.
*/
/*
* No need to handle exclusive-stack zones since
* ALL_ZONES only applies to the shared stack.
*/
if (connp->conn_debug) {
"udp_bind: attempt to bind port "
"%d on shared addr in zone %d "
"(should be %d)",
mlpzone);
}
goto late_error;
}
}
if (connp->conn_anon_port) {
if (error != 0) {
if (connp->conn_debug) {
"udp_bind: cannot establish anon "
"MLP for port %d", port);
}
goto late_error;
}
}
}
/*
* We create an initial header template here to make a subsequent
* sendto have a starting point. Since conn_last_dst is zero the
* first sendto will always follow the 'dst changed' code path.
* Note that we defer massaging options and the related checksum
* adjustment until we have a destination address.
*/
if (error != 0) {
goto late_error;
}
/* Just in case */
connp->conn_fport = 0;
if (error != 0)
goto late_error;
/* Bind succeeded */
return (0);
/* We had already picked the port number, and then the bind failed */
if (scopeid != 0) {
}
connp->conn_lport = 0;
/* Restore the header that was built above - different source address */
return (error);
}
int
{
int error;
/* All Solaris components should pass a cred for this operation. */
else
if (error < 0) {
else
}
return (error);
}
static int
{
int error;
/* All Solaris components should pass a cred for this operation. */
len = sizeof (struct sockaddr_in);
} else {
}
}
/*
* This routine removes a port number association from a stream. It
* is called by udp_unbind and udp_tpi_unbind.
*/
static int
{
if (cl_inet_unbind != NULL) {
/*
* Running in cluster mode - register unbind information
*/
(*cl_inet_unbind)(
} else {
(*cl_inet_unbind)(
}
}
/* If a bind has not been done, we can't unbind. */
return (-TOUTSTATE);
}
connp->conn_lport = 0;
/* In case we were also connected */
connp->conn_fport = 0;
return (0);
}
/*
* It associates a default destination address with the stream.
*/
static int
{
int error;
/*
* Address has been verified by the caller
*/
switch (len) {
default:
/*
* Should never happen
*/
return (EINVAL);
case sizeof (sin_t):
break;
case sizeof (sin6_t):
}
if (IN6_IS_ADDR_V4MAPPED(&v6dst)) {
if (connp->conn_ipv6_v6only)
return (EADDRNOTAVAIL);
/*
* Destination adress is mapped IPv6 address.
* Source bound address should be unspecified or
* IPv6 mapped address as well.
*/
if (!IN6_IS_ADDR_UNSPECIFIED(
&connp->conn_bound_addr_v6) &&
return (EADDRNOTAVAIL);
}
flowinfo = 0;
} else {
}
break;
}
if (dstport == 0)
return (-TBADADDR);
/*
* If there is a different thread using conn_ixa then we get a new
* copy and cut the old one loose from conn_ixa. Otherwise we use
* Once connect() is done other threads can use conn_ixa since the
* refcnt will be back at one.
* We defer updating conn_ixa until later to handle any concurrent
* conn_ixa_cleanup thread.
*/
return (ENOMEM);
/*
* This udp_t must have bound to a port already before doing a connect.
* Reject if a connect is in progress (we drop conn_lock during
* udp_do_connect).
*/
return (-TOUTSTATE);
}
/* Already connected - clear out state */
if (connp->conn_mcbc_bind)
else
connp->conn_fport = 0;
}
if (ipversion == IPV4_VERSION) {
/*
* Interpret a zero destination to mean loopback.
* generate the T_CONN_CON.
*/
if (v4dst == INADDR_ANY) {
} else {
}
}
connp->conn_flowinfo = 0;
} else {
/*
* Interpret a zero destination to mean loopback.
* generate the T_CONN_CON.
*/
if (IN6_IS_ADDR_UNSPECIFIED(&v6dst)) {
}
}
/*
*/
}
if (is_system_labeled()) {
/* We need to restart with a label based on the cred */
}
if (scopeid != 0) {
} else {
}
/*
* conn_connect will drop conn_lock and reacquire it.
* To prevent a send* from messing with this udp_t while the lock
* is dropped we set udp_state and clear conn_v6lastdst.
* That will make all send* fail with EISCONN.
*/
if (error != 0)
goto connect_failed;
/*
* The addresses have been verified. Time to insert in
* the correct fanout list.
*/
if (error != 0)
goto connect_failed;
if (error != 0) {
goto connect_failed;
}
/* Record this as the "last" send even though we haven't sent any */
/* Also remember a source to use together with lastdst */
/*
* We've picked a source address above. Now we can
* connections in TS_DATA_XFER, skipping ourselves.
*/
continue;
continue;
&connp1->conn_laddr_v6) ||
continue;
goto connect_failed;
}
if (cl_inet_connect2 != NULL) {
if (error != 0) {
goto connect_failed;
}
}
return (0);
connp->conn_fport = 0;
/* In case the source address was set above */
if (connp->conn_mcbc_bind)
else
connp->conn_flowinfo = 0;
return (error);
}
static int
{
int error;
/* All Solaris components should pass a cred for this operation. */
/*
* Disconnect
* Make sure we are connected
*/
return (EINVAL);
return (error);
}
if (error != 0)
goto done;
/* do an implicit bind if necessary */
/*
* We could be racing with an actual bind, in which case
* we would see EPROTO. We cross our fingers and try
* to connect.
*/
goto done;
}
/*
* set SO_DGRAM_ERRIND
*/
int unbind_err;
ASSERT(unbind_err == 0);
}
if (error == 0) {
*id = 0;
} else if (error < 0) {
}
done:
/*
* No need to hold locks to set state
* after connect failure socket state is undefined
* We set the state only to imitate old sockfs behavior
*/
}
return (error);
}
int
{
int error = 0;
/* All Solaris components should pass a cred for this operation. */
/* do an implicit bind if necessary */
/*
* We could be racing with an actual bind, in which case
* we would see EPROTO. We cross our fingers and try
* to connect.
*/
return (error);
}
}
/* Connected? */
return (EDESTADDRREQ);
}
if (msg->msg_controllen != 0) {
} else {
}
if (us->us_sendto_ignerr)
return (0);
else
return (error);
}
return (EISCONN);
}
if (error != 0) {
return (error);
}
switch (connp->conn_family) {
case AF_INET6:
/*
* Destination is a non-IPv4-compatible IPv6 address.
* Send out an IPv6 format packet.
*/
/*
* If the local address is a mapped address return
* an error.
* It would be possible to send an IPv6 packet but the
* response would never make it back to the application
* since it is bound to a mapped address.
*/
return (EADDRNOTAVAIL);
}
} else {
if (connp->conn_ipv6_v6only) {
return (EADDRNOTAVAIL);
}
/*
* If the local address is not zero or a mapped address
* return an error. It would be possible to send an
* IPv4 packet but the response would never make it
* back to the application since it is bound to a
* non-mapped address.
*/
return (EADDRNOTAVAIL);
}
}
}
/*
* We have to allocate an ip_xmit_attr_t before we grab
* conn_lock and we need to hold conn_lock once we've check
* conn_same_as_last_v6 to handle concurrent send* calls on a
* socket.
*/
if (msg->msg_controllen == 0) {
return (ENOMEM);
}
} else {
}
if (udp->udp_delayed_error != 0) {
udp->udp_delayed_error = 0;
/* Compare IP address, port, and family */
return (error);
}
}
if (msg->msg_controllen != 0) {
/* udp_output_lastdst drops conn_lock */
} else {
/* udp_output_newdst drops conn_lock */
}
if (us->us_sendto_ignerr)
return (0);
else
return (error);
case AF_INET:
/*
* We have to allocate an ip_xmit_attr_t before we grab
* conn_lock and we need to hold conn_lock once we've check
* conn_same_as_last_v6 to handle concurrent send* on a socket.
*/
if (msg->msg_controllen == 0) {
return (ENOMEM);
}
} else {
}
if (udp->udp_delayed_error != 0) {
udp->udp_delayed_error = 0;
/* Compare IP address and port */
return (error);
}
}
if (msg->msg_controllen != 0) {
/* udp_output_lastdst drops conn_lock */
} else {
/* udp_output_newdst drops conn_lock */
}
if (us->us_sendto_ignerr)
return (0);
else
return (error);
default:
return (EINVAL);
}
}
int
{
struct T_capability_ack tca;
short opts;
struct stroptions *stropt;
int error;
/*
* setup the fallback stream that was allocated
*/
/* Notify stream head about options before sending up data */
/*
* Free the helper stream
*/
if (!issocket)
/*
* Collect the information needed to sync with the sonode
*/
if (error != 0)
faddrlen = 0;
opts = 0;
if (connp->conn_dgram_errind)
opts |= SO_DGRAM_ERRIND;
opts |= SO_DONTROUTE;
/*
* Attempts to send data up during fallback will result in it being
* queued in udp_t. First push up the datagrams obtained from the
* socket, then any packets queued in udp_t.
*/
}
}
/*
* No longer a streams less socket
*/
return (0);
}
/* ARGSUSED3 */
int
{
int error;
/* All Solaris components should pass a cred for this operation. */
else
return (error);
}
/* ARGSUSED3 */
int
{
int error;
/* All Solaris components should pass a cred for this operation. */
return (error);
}
int
{
int error;
void *optvalp_buf;
int len;
/* All Solaris components should pass a cred for this operation. */
if (error != 0) {
if (error < 0)
return (error);
}
if (len == -1) {
return (EINVAL);
}
/*
* update optlen and copy option value
*/
return (0);
}
int
{
int error;
/* All Solaris components should pass a cred for this operation. */
if (error != 0) {
if (error < 0)
return (error);
}
return (error);
}
void
{
}
/* ARGSUSED2 */
int
{
/* All Solaris components should pass a cred for this operation. */
/* shut down the send side */
SOCK_OPCTL_SHUT_SEND, 0);
/* shut down the recv side */
SOCK_OPCTL_SHUT_RECV, 0);
return (0);
}
int
{
int error;
/* All Solaris components should pass a cred for this operation. */
/*
* If we don't have a helper stream then create one.
* ip_create_helper_stream takes care of locking the conn_t,
* so this check for NULL is just a performance optimization.
*/
/*
* Create a helper stream for non-STREAMS socket.
*/
if (error != 0) {
ip0dbg(("tcp_ioctl: create of IP helper stream "
"failed %d\n", error));
return (error);
}
}
switch (cmd) {
case _SIOCSOCKFALLBACK:
case TI_GETPEERNAME:
case TI_GETMYNAME:
ip1dbg(("udp_ioctl: cmd 0x%x on non streams socket",
cmd));
break;
default:
/*
* Pass on to IP using helper stream
*/
break;
}
return (error);
}
/* ARGSUSED */
int
{
return (EOPNOTSUPP);
}
/* ARGSUSED */
int
{
return (EOPNOTSUPP);
}
udp_activate, /* sd_activate */
udp_accept, /* sd_accept */
udp_bind, /* sd_bind */
udp_listen, /* sd_listen */
udp_connect, /* sd_connect */
udp_getpeername, /* sd_getpeername */
udp_getsockname, /* sd_getsockname */
udp_getsockopt, /* sd_getsockopt */
udp_setsockopt, /* sd_setsockopt */
udp_send, /* sd_send */
NULL, /* sd_send_uio */
NULL, /* sd_recv_uio */
NULL, /* sd_poll */
udp_shutdown, /* sd_shutdown */
udp_clr_flowctrl, /* sd_setflowctrl */
udp_ioctl, /* sd_ioctl */
udp_close /* sd_close */
};