2 * Copyright (c) 2004 Jeffrey M. Hsu. All rights reserved.
3 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
5 * This code is derived from software contributed to The DragonFly Project
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of The DragonFly Project nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific, prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * Copyright (c) 1982, 1986, 1991, 1993, 1995
36 * The Regents of the University of California. All rights reserved.
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. Neither the name of the University nor the names of its contributors
47 * may be used to endorse or promote products derived from this software
48 * without specific prior written permission.
50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62 * @(#)in_pcb.c 8.4 (Berkeley) 5/24/95
63 * $FreeBSD: src/sys/netinet/in_pcb.c,v 1.59.2.27 2004/01/02 04:06:42 ambrisko Exp $
66 #include "opt_inet6.h"
68 #include <sys/param.h>
69 #include <sys/systm.h>
70 #include <sys/malloc.h>
72 #include <sys/domain.h>
73 #include <sys/protosw.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
79 #include <sys/kernel.h>
80 #include <sys/sysctl.h>
82 #include <sys/socketvar2.h>
83 #include <sys/msgport2.h>
85 #include <machine/limits.h>
88 #include <net/if_types.h>
89 #include <net/route.h>
90 #include <net/netisr2.h>
91 #include <net/toeplitz2.h>
93 #include <netinet/in.h>
94 #include <netinet/in_pcb.h>
95 #include <netinet/in_var.h>
96 #include <netinet/ip_var.h>
98 #include <netinet/ip6.h>
99 #include <netinet6/ip6_var.h>
102 #define INP_LOCALGROUP_SIZMIN 8
103 #define INP_LOCALGROUP_SIZMAX 256
105 static struct inpcb *in_pcblookup_local(struct inpcbporthead *porthash,
106 struct in_addr laddr, u_int lport_arg, int wild_okay,
109 struct in_addr zeroin_addr;
112 * These configure the range of local port addresses assigned to
113 * "unspecified" outgoing connections/packets/whatever.
115 int ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */
116 int ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */
118 int ipport_firstauto = IPPORT_RESERVED; /* 1024 */
119 int ipport_lastauto = IPPORT_USERRESERVED; /* 5000 */
121 int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */
122 int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */
124 #define RANGECHK(var, min, max) \
125 if ((var) < (min)) { (var) = (min); } \
126 else if ((var) > (max)) { (var) = (max); }
128 int udpencap_enable = 1; /* enabled by default */
129 int udpencap_port = 4500; /* triggers decapsulation */
132 * Per-netisr inpcb markers.
133 * NOTE: they should only be used in netisrs.
135 static struct inpcb *in_pcbmarkers;
136 static struct inpcontainer *in_pcbcontainer_markers;
139 sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS)
143 error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
145 RANGECHK(ipport_lowfirstauto, 1, IPPORT_RESERVED - 1);
146 RANGECHK(ipport_lowlastauto, 1, IPPORT_RESERVED - 1);
148 RANGECHK(ipport_firstauto, IPPORT_RESERVED, USHRT_MAX);
149 RANGECHK(ipport_lastauto, IPPORT_RESERVED, USHRT_MAX);
151 RANGECHK(ipport_hifirstauto, IPPORT_RESERVED, USHRT_MAX);
152 RANGECHK(ipport_hilastauto, IPPORT_RESERVED, USHRT_MAX);
159 SYSCTL_NODE(_net_inet_ip, IPPROTO_IP, portrange, CTLFLAG_RW, 0, "IP Ports");
161 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowfirst, CTLTYPE_INT|CTLFLAG_RW,
162 &ipport_lowfirstauto, 0, &sysctl_net_ipport_check, "I", "");
163 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, lowlast, CTLTYPE_INT|CTLFLAG_RW,
164 &ipport_lowlastauto, 0, &sysctl_net_ipport_check, "I", "");
165 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, first, CTLTYPE_INT|CTLFLAG_RW,
166 &ipport_firstauto, 0, &sysctl_net_ipport_check, "I", "");
167 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, last, CTLTYPE_INT|CTLFLAG_RW,
168 &ipport_lastauto, 0, &sysctl_net_ipport_check, "I", "");
169 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hifirst, CTLTYPE_INT|CTLFLAG_RW,
170 &ipport_hifirstauto, 0, &sysctl_net_ipport_check, "I", "");
171 SYSCTL_PROC(_net_inet_ip_portrange, OID_AUTO, hilast, CTLTYPE_INT|CTLFLAG_RW,
172 &ipport_hilastauto, 0, &sysctl_net_ipport_check, "I", "");
174 /* Initialized by ip_init() */
175 int ip_porthash_trycount;
176 SYSCTL_INT(_net_inet_ip, OID_AUTO, porthash_trycount, CTLFLAG_RW,
177 &ip_porthash_trycount, 0,
178 "Number of tries to find local port matching hash of 4-tuple");
181 * in_pcb.c: manage the Protocol Control Blocks.
183 * NOTE: It is assumed that most of these functions will be called from
184 * a critical section. XXX - There are, unfortunately, a few exceptions
185 * to this rule that should be fixed.
187 * NOTE: The caller should initialize the cpu field to the cpu running the
188 * protocol stack associated with this inpcbinfo.
192 in_pcbinfo_init(struct inpcbinfo *pcbinfo, int cpu, boolean_t shared)
194 KASSERT(cpu >= 0 && cpu < netisr_ncpus, ("invalid cpu%d", cpu));
197 LIST_INIT(&pcbinfo->pcblisthead);
198 pcbinfo->portsave = kmalloc(sizeof(*pcbinfo->portsave), M_PCB,
202 pcbinfo->infotoken = kmalloc(sizeof(struct lwkt_token),
204 lwkt_token_init(pcbinfo->infotoken, "infotoken");
206 pcbinfo->infotoken = NULL;
211 in_pcbportinfo_set(struct inpcbinfo *pcbinfo, struct inpcbportinfo *portinfo,
215 KASSERT(portinfo_cnt > 0, ("invalid portinfo_cnt %d", portinfo_cnt));
216 pcbinfo->portinfo = portinfo;
217 pcbinfo->portinfo_cnt = portinfo_cnt;
220 struct baddynamicports baddynamicports;
223 * Check if the specified port is invalid for dynamic allocation.
226 in_baddynamic(u_int16_t port, u_int16_t proto)
230 return (DP_ISSET(baddynamicports.tcp, port));
232 return (DP_ISSET(baddynamicports.udp, port));
239 in_pcbonlist(struct inpcb *inp)
241 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
243 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
244 ("not in the correct netisr"));
245 KASSERT((inp->inp_flags & INP_ONLIST) == 0, ("already on pcblist"));
246 inp->inp_flags |= INP_ONLIST;
248 GET_PCBINFO_TOKEN(pcbinfo);
249 LIST_INSERT_HEAD(&pcbinfo->pcblisthead, inp, inp_list);
250 pcbinfo->ipi_count++;
251 REL_PCBINFO_TOKEN(pcbinfo);
255 in_pcbofflist(struct inpcb *inp)
257 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
259 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
260 ("not in the correct netisr"));
261 KASSERT(inp->inp_flags & INP_ONLIST, ("not on pcblist"));
262 inp->inp_flags &= ~INP_ONLIST;
264 GET_PCBINFO_TOKEN(pcbinfo);
265 LIST_REMOVE(inp, inp_list);
266 KASSERT(pcbinfo->ipi_count > 0,
267 ("invalid inpcb count %d", pcbinfo->ipi_count));
268 pcbinfo->ipi_count--;
269 REL_PCBINFO_TOKEN(pcbinfo);
273 * Allocate a PCB and associate it with the socket.
276 in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
280 inp = kmalloc(pcbinfo->ipi_size, M_PCB, M_WAITOK|M_ZERO|M_NULLOK);
283 inp->inp_lgrpindex = -1;
284 inp->inp_gencnt = ++pcbinfo->ipi_gencnt;
285 inp->inp_pcbinfo = pcbinfo;
286 inp->inp_socket = so;
288 if (INP_CHECK_SOCKAF(so, AF_INET6)) {
289 if (ip6_auto_flowlabel)
290 inp->inp_flags |= IN6P_AUTOFLOWLABEL;
291 inp->inp_af = AF_INET6;
294 inp->inp_af = AF_INET;
303 * Unlink a pcb with the intention of moving it to another cpu with a
304 * different pcbinfo. While unlinked nothing should attempt to dereference
305 * inp_pcbinfo, NULL it out so we assert if it does.
308 in_pcbunlink_flags(struct inpcb *inp, struct inpcbinfo *pcbinfo, int flags)
310 KASSERT(inp->inp_pcbinfo == pcbinfo, ("pcbinfo mismatch"));
311 KASSERT((inp->inp_flags & (flags | INP_CONNECTED)) == 0,
315 inp->inp_pcbinfo = NULL;
319 in_pcbunlink(struct inpcb *inp, struct inpcbinfo *pcbinfo)
321 in_pcbunlink_flags(inp, pcbinfo, INP_WILDCARD);
325 * Relink a pcb into a new pcbinfo.
328 in_pcblink_flags(struct inpcb *inp, struct inpcbinfo *pcbinfo, int flags)
330 KASSERT(inp->inp_pcbinfo == NULL, ("has pcbinfo"));
331 KASSERT((inp->inp_flags & (flags | INP_CONNECTED)) == 0,
334 inp->inp_pcbinfo = pcbinfo;
339 in_pcblink(struct inpcb *inp, struct inpcbinfo *pcbinfo)
341 return in_pcblink_flags(inp, pcbinfo, INP_WILDCARD);
345 in_pcbporthash_update(struct inpcbportinfo *portinfo,
346 struct inpcb *inp, u_short lport, struct ucred *cred, int wild)
348 struct inpcbporthead *porthash;
351 * This has to be atomic. If the porthash is shared across multiple
352 * protocol threads, e.g. tcp and udp, then the token must be held.
354 porthash = in_pcbporthash_head(portinfo, lport);
355 GET_PORTHASH_TOKEN(porthash);
357 if (in_pcblookup_local(porthash, inp->inp_laddr, lport,
358 wild, cred) != NULL) {
359 REL_PORTHASH_TOKEN(porthash);
362 inp->inp_lport = lport;
363 in_pcbinsporthash(porthash, inp);
365 REL_PORTHASH_TOKEN(porthash);
370 in_pcbsetlport(struct inpcb *inp, int wild, struct ucred *cred)
372 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
373 struct inpcbportinfo *portinfo;
374 u_short first, last, lport, step, first0, last0;
376 int portinfo_first, portinfo_idx;
379 inp->inp_flags |= INP_ANONPORT;
381 step = pcbinfo->portinfo_cnt;
382 portinfo_first = mycpuid % pcbinfo->portinfo_cnt;
383 portinfo_idx = portinfo_first;
385 if (inp->inp_flags & INP_HIGHPORT) {
386 first0 = ipport_hifirstauto; /* sysctl */
387 last0 = ipport_hilastauto;
388 } else if (inp->inp_flags & INP_LOWPORT) {
391 priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))) {
392 inp->inp_laddr.s_addr = INADDR_ANY;
395 first0 = ipport_lowfirstauto; /* 1023 */
396 last0 = ipport_lowlastauto; /* 600 */
398 first0 = ipport_firstauto; /* sysctl */
399 last0 = ipport_lastauto;
401 if (first0 > last0) {
406 KKASSERT(last0 >= first0);
410 portinfo = &pcbinfo->portinfo[portinfo_idx];
415 * Simple check to ensure all ports are not used up causing
418 in_pcbportrange(&last, &first, portinfo->offset, step);
419 lport = last - first;
420 count = lport / step;
422 lport = rounddown(cut % lport, step) + first;
423 KKASSERT(lport % step == portinfo->offset);
426 if (count-- < 0) { /* completely used? */
427 error = EADDRNOTAVAIL;
431 if (__predict_false(lport < first || lport > last)) {
433 KKASSERT(lport % step == portinfo->offset);
436 if (in_pcbporthash_update(portinfo, inp, htons(lport),
443 KKASSERT(lport % step == portinfo->offset);
447 /* Try next portinfo */
449 portinfo_idx %= pcbinfo->portinfo_cnt;
450 if (portinfo_idx != portinfo_first)
452 inp->inp_laddr.s_addr = INADDR_ANY;
458 in_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
460 struct socket *so = inp->inp_socket;
461 struct sockaddr_in jsin;
462 struct ucred *cred = NULL;
465 if (TAILQ_EMPTY(&in_ifaddrheads[mycpuid])) /* XXX broken! */
466 return (EADDRNOTAVAIL);
467 if (inp->inp_lport != 0 || inp->inp_laddr.s_addr != INADDR_ANY)
468 return (EINVAL); /* already bound */
470 if (!(so->so_options & (SO_REUSEADDR|SO_REUSEPORT)))
471 wild = 1; /* neither SO_REUSEADDR nor SO_REUSEPORT is set */
473 cred = td->td_proc->p_ucred;
476 struct sockaddr_in *sin = (struct sockaddr_in *)nam;
477 struct inpcbinfo *pcbinfo;
478 struct inpcbportinfo *portinfo;
479 struct inpcbporthead *porthash;
481 u_short lport, lport_ho;
482 int reuseport = (so->so_options & SO_REUSEPORT);
485 if (nam->sa_len != sizeof *sin)
489 * We should check the family, but old programs
490 * incorrectly fail to initialize it.
492 if (sin->sin_family != AF_INET)
493 return (EAFNOSUPPORT);
495 if (!prison_replace_wildcards(td, nam))
498 lport = sin->sin_port;
499 if (IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
501 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast;
502 * allow complete duplication of binding if
503 * SO_REUSEPORT is set, or if SO_REUSEADDR is set
504 * and a multicast address is bound on both
505 * new and duplicated sockets.
507 if (so->so_options & SO_REUSEADDR)
508 reuseport = SO_REUSEADDR | SO_REUSEPORT;
509 } else if (sin->sin_addr.s_addr != INADDR_ANY) {
510 sin->sin_port = 0; /* yech... */
511 bzero(&sin->sin_zero, sizeof sin->sin_zero);
512 if (ifa_ifwithaddr((struct sockaddr *)sin) == NULL)
513 return (EADDRNOTAVAIL);
516 inp->inp_laddr = sin->sin_addr;
518 jsin.sin_family = AF_INET;
519 jsin.sin_addr.s_addr = inp->inp_laddr.s_addr;
520 if (!prison_replace_wildcards(td, (struct sockaddr *)&jsin)) {
521 inp->inp_laddr.s_addr = INADDR_ANY;
524 inp->inp_laddr.s_addr = jsin.sin_addr.s_addr;
527 /* Auto-select local port */
528 return in_pcbsetlport(inp, wild, cred);
530 lport_ho = ntohs(lport);
533 if (lport_ho < IPPORT_RESERVED && cred &&
535 priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))) {
536 inp->inp_laddr.s_addr = INADDR_ANY;
541 * Locate the proper portinfo based on lport
543 pcbinfo = inp->inp_pcbinfo;
545 &pcbinfo->portinfo[lport_ho % pcbinfo->portinfo_cnt];
546 KKASSERT((lport_ho % pcbinfo->portinfo_cnt) ==
550 * This has to be atomic. If the porthash is shared across
551 * multiple protocol threads, e.g. tcp and udp then the token
554 porthash = in_pcbporthash_head(portinfo, lport);
555 GET_PORTHASH_TOKEN(porthash);
557 if (so->so_cred->cr_uid != 0 &&
558 !IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) {
559 t = in_pcblookup_local(porthash, sin->sin_addr, lport,
560 INPLOOKUP_WILDCARD, cred);
562 (so->so_cred->cr_uid !=
563 t->inp_socket->so_cred->cr_uid)) {
564 inp->inp_laddr.s_addr = INADDR_ANY;
569 if (cred && !prison_replace_wildcards(td, nam)) {
570 inp->inp_laddr.s_addr = INADDR_ANY;
571 error = EADDRNOTAVAIL;
574 t = in_pcblookup_local(porthash, sin->sin_addr, lport,
576 if (t && !(reuseport & t->inp_socket->so_options)) {
577 inp->inp_laddr.s_addr = INADDR_ANY;
581 inp->inp_lport = lport;
582 in_pcbinsporthash(porthash, inp);
585 REL_PORTHASH_TOKEN(porthash);
588 jsin.sin_family = AF_INET;
589 jsin.sin_addr.s_addr = inp->inp_laddr.s_addr;
590 if (!prison_replace_wildcards(td, (struct sockaddr *)&jsin)) {
591 inp->inp_laddr.s_addr = INADDR_ANY;
594 inp->inp_laddr.s_addr = jsin.sin_addr.s_addr;
596 return in_pcbsetlport(inp, wild, cred);
600 static struct inpcb *
601 in_pcblookup_localremote(struct inpcbporthead *porthash, struct in_addr laddr,
602 u_short lport, struct in_addr faddr, u_short fport, struct ucred *cred)
605 struct inpcbport *phd;
606 struct inpcb *match = NULL;
609 * If the porthashbase is shared across several cpus, it must
612 ASSERT_PORTHASH_TOKEN_HELD(porthash);
615 * Best fit PCB lookup.
617 * First see if this local port is in use by looking on the
620 LIST_FOREACH(phd, porthash, phd_hash) {
621 if (phd->phd_port == lport)
625 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
627 if (!INP_ISIPV4(inp))
630 if (inp->inp_laddr.s_addr != INADDR_ANY &&
631 inp->inp_laddr.s_addr != laddr.s_addr)
634 if (inp->inp_faddr.s_addr != INADDR_ANY &&
635 inp->inp_faddr.s_addr != faddr.s_addr)
638 if (inp->inp_fport != 0 && inp->inp_fport != fport)
643 inp->inp_socket->so_cred->cr_prison) {
653 in_pcbporthash_update4(struct inpcbportinfo *portinfo,
654 struct inpcb *inp, u_short lport, const struct sockaddr_in *sin,
657 struct inpcbporthead *porthash;
660 * This has to be atomic. If the porthash is shared across multiple
661 * protocol threads, e.g. tcp and udp, then the token must be held.
663 porthash = in_pcbporthash_head(portinfo, lport);
664 GET_PORTHASH_TOKEN(porthash);
666 if (in_pcblookup_localremote(porthash, inp->inp_laddr,
667 lport, sin->sin_addr, sin->sin_port, cred) != NULL) {
668 REL_PORTHASH_TOKEN(porthash);
671 inp->inp_lport = lport;
672 in_pcbinsporthash(porthash, inp);
674 REL_PORTHASH_TOKEN(porthash);
679 in_pcbbind_remote(struct inpcb *inp, const struct sockaddr *remote,
682 struct proc *p = td->td_proc;
683 const struct sockaddr_in *sin = (const struct sockaddr_in *)remote;
684 struct sockaddr_in jsin;
685 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
686 struct ucred *cred = NULL;
687 u_short first, last, lport;
688 int count, hash_count;
689 int error, selfconn = 0;
691 uint32_t hash_base = 0, hash;
693 ASSERT_NETISR_NCPUS(cpuid);
695 if (TAILQ_EMPTY(&in_ifaddrheads[cpuid])) /* XXX broken! */
696 return (EADDRNOTAVAIL);
698 KKASSERT(inp->inp_laddr.s_addr != INADDR_ANY);
699 if (inp->inp_lport != 0)
700 return (EINVAL); /* already bound */
705 jsin.sin_family = AF_INET;
706 jsin.sin_addr.s_addr = inp->inp_laddr.s_addr;
707 if (!prison_replace_wildcards(td, (struct sockaddr *)&jsin)) {
708 inp->inp_laddr.s_addr = INADDR_ANY;
711 inp->inp_laddr.s_addr = jsin.sin_addr.s_addr;
713 hash_count = ip_porthash_trycount;
714 if (hash_count > 0) {
715 hash_base = toeplitz_piecemeal_addr(sin->sin_addr.s_addr) ^
716 toeplitz_piecemeal_addr(inp->inp_laddr.s_addr) ^
717 toeplitz_piecemeal_port(sin->sin_port);
722 inp->inp_flags |= INP_ANONPORT;
724 if (inp->inp_flags & INP_HIGHPORT) {
725 first = ipport_hifirstauto; /* sysctl */
726 last = ipport_hilastauto;
727 } else if (inp->inp_flags & INP_LOWPORT) {
730 priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))) {
731 inp->inp_laddr.s_addr = INADDR_ANY;
734 first = ipport_lowfirstauto; /* 1023 */
735 last = ipport_lowlastauto; /* 600 */
737 first = ipport_firstauto; /* sysctl */
738 last = ipport_lastauto;
745 KKASSERT(last >= first);
747 count = last - first;
748 lport = (karc4random() % count) + first;
752 * Simple check to ensure all ports are not used up causing
758 if (count-- < 0) { /* completely used? */
759 error = EADDRNOTAVAIL;
763 if (__predict_false(lport < first || lport > last))
765 lport_no = htons(lport);
767 /* This could happen on loopback interface */
768 if (__predict_false(sin->sin_port == lport_no &&
769 sin->sin_addr.s_addr == inp->inp_laddr.s_addr)) {
771 ++count; /* don't count this try */
780 toeplitz_piecemeal_port(lport_no);
781 if (netisr_hashcpu(hash) != cpuid && hash_count)
785 if (in_pcbporthash_update4(
786 &pcbinfo->portinfo[lport % pcbinfo->portinfo_cnt],
787 inp, lport_no, sin, cred)) {
796 inp->inp_laddr.s_addr = INADDR_ANY;
801 * Transform old in_pcbconnect() into an inner subroutine for new
802 * in_pcbconnect(): Do some validity-checking on the remote
803 * address (in mbuf 'nam') and then determine local host address
804 * (i.e., which interface) to use to access that remote host.
806 * This preserves definition of in_pcbconnect(), while supporting a
807 * slightly different version for T/TCP. (This is more than
808 * a bit of a kludge, but cleaning up the internal interfaces would
809 * have forced minor changes in every protocol).
812 in_pcbladdr_find(struct inpcb *inp, struct sockaddr *nam,
813 struct sockaddr_in **plocal_sin, struct thread *td, int find)
815 struct in_ifaddr *ia;
816 struct ucred *cred = NULL;
817 struct sockaddr_in *sin = (struct sockaddr_in *)nam;
818 struct sockaddr *jsin;
819 int jailed = 0, alloc_route = 0;
821 if (nam->sa_len != sizeof *sin)
823 if (sin->sin_family != AF_INET)
824 return (EAFNOSUPPORT);
825 if (sin->sin_port == 0)
826 return (EADDRNOTAVAIL);
827 if (td && td->td_proc && td->td_proc->p_ucred)
828 cred = td->td_proc->p_ucred;
829 if (cred && cred->cr_prison)
831 if (!TAILQ_EMPTY(&in_ifaddrheads[mycpuid])) {
832 ia = TAILQ_FIRST(&in_ifaddrheads[mycpuid])->ia;
834 * If the destination address is INADDR_ANY,
835 * use the primary local address.
836 * If the supplied address is INADDR_BROADCAST,
837 * and the primary interface supports broadcast,
838 * choose the broadcast address for that interface.
840 if (sin->sin_addr.s_addr == INADDR_ANY)
841 sin->sin_addr = IA_SIN(ia)->sin_addr;
842 else if (sin->sin_addr.s_addr == (u_long)INADDR_BROADCAST &&
843 (ia->ia_ifp->if_flags & IFF_BROADCAST))
844 sin->sin_addr = satosin(&ia->ia_broadaddr)->sin_addr;
851 * If route is known or can be allocated now,
852 * our src addr is taken from the i/f, else punt.
853 * Note that we should check the address family of the cached
854 * destination, in case of sharing the cache with IPv6.
856 ro = &inp->inp_route;
858 (!(ro->ro_rt->rt_flags & RTF_UP) ||
859 ro->ro_dst.sa_family != AF_INET ||
860 satosin(&ro->ro_dst)->sin_addr.s_addr !=
861 sin->sin_addr.s_addr ||
862 inp->inp_socket->so_options & SO_DONTROUTE)) {
866 if (!(inp->inp_socket->so_options & SO_DONTROUTE) && /*XXX*/
867 (ro->ro_rt == NULL ||
868 ro->ro_rt->rt_ifp == NULL)) {
869 /* No route yet, so try to acquire one */
870 bzero(&ro->ro_dst, sizeof(struct sockaddr_in));
871 ro->ro_dst.sa_family = AF_INET;
872 ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
873 ((struct sockaddr_in *) &ro->ro_dst)->sin_addr =
879 * If we found a route, use the address
880 * corresponding to the outgoing interface
881 * unless it is the loopback (in case a route
882 * to our address on another net goes to loopback).
885 !(ro->ro_rt->rt_ifp->if_flags & IFF_LOOPBACK)) {
887 if (jailed_ip(cred->cr_prison,
888 ro->ro_rt->rt_ifa->ifa_addr)) {
889 ia = ifatoia(ro->ro_rt->rt_ifa);
892 ia = ifatoia(ro->ro_rt->rt_ifa);
896 u_short fport = sin->sin_port;
899 ia = ifatoia(ifa_ifwithdstaddr(sintosa(sin)));
900 if (ia && jailed && !jailed_ip(cred->cr_prison,
901 sintosa(&ia->ia_addr)))
904 ia = ifatoia(ifa_ifwithnet(sintosa(sin)));
905 if (ia && jailed && !jailed_ip(cred->cr_prison,
906 sintosa(&ia->ia_addr)))
908 sin->sin_port = fport;
910 !TAILQ_EMPTY(&in_ifaddrheads[mycpuid]))
911 ia = TAILQ_FIRST(&in_ifaddrheads[mycpuid])->ia;
912 if (ia && jailed && !jailed_ip(cred->cr_prison,
913 sintosa(&ia->ia_addr)))
916 if (!jailed && ia == NULL)
920 * If the destination address is multicast and an outgoing
921 * interface has been set as a multicast option, use the
922 * address of that interface as our source address.
924 if (!jailed && IN_MULTICAST(ntohl(sin->sin_addr.s_addr)) &&
925 inp->inp_moptions != NULL) {
926 struct ip_moptions *imo;
929 imo = inp->inp_moptions;
930 if ((ifp = imo->imo_multicast_ifp) != NULL) {
931 struct in_ifaddr_container *iac;
935 &in_ifaddrheads[mycpuid], ia_link) {
936 if (iac->ia->ia_ifp == ifp) {
946 * Don't do pcblookup call here; return interface in plocal_sin
947 * and exit to caller, that will do the lookup.
949 if (ia == NULL && jailed) {
950 if ((jsin = prison_get_nonlocal(
951 cred->cr_prison, AF_INET, NULL)) != NULL ||
952 (jsin = prison_get_local(
953 cred->cr_prison, AF_INET, NULL)) != NULL) {
954 *plocal_sin = satosin(jsin);
960 *plocal_sin = &ia->ia_addr;
966 in_pcbresetroute(inp);
967 return (EADDRNOTAVAIL);
971 in_pcbladdr(struct inpcb *inp, struct sockaddr *nam,
972 struct sockaddr_in **plocal_sin, struct thread *td)
974 return in_pcbladdr_find(inp, nam, plocal_sin, td,
975 (inp->inp_laddr.s_addr == INADDR_ANY));
980 * Connect from a socket to a specified address.
981 * Both address and port must be specified in argument sin.
982 * If don't have a local address for this socket yet,
986 in_pcbconnect(struct inpcb *inp, struct sockaddr *nam, struct thread *td)
988 struct sockaddr_in *if_sin;
989 struct sockaddr_in *sin = (struct sockaddr_in *)nam;
992 if_sin = NULL; /* avoid gcc warnings */
994 /* Call inner routine to assign local interface address. */
995 if ((error = in_pcbladdr(inp, nam, &if_sin, td)) != 0)
998 if (in_pcblookup_hash(inp->inp_pcbinfo, sin->sin_addr, sin->sin_port,
999 inp->inp_laddr.s_addr ?
1000 inp->inp_laddr : if_sin->sin_addr,
1001 inp->inp_lport, FALSE, NULL) != NULL) {
1002 return (EADDRINUSE);
1004 if (inp->inp_laddr.s_addr == INADDR_ANY) {
1005 if (inp->inp_lport == 0) {
1006 error = in_pcbbind(inp, NULL, td);
1010 inp->inp_laddr = if_sin->sin_addr;
1012 inp->inp_faddr = sin->sin_addr;
1013 inp->inp_fport = sin->sin_port;
1014 in_pcbinsconnhash(inp);
1019 in_pcbdisconnect(struct inpcb *inp)
1022 in_pcbremconnhash(inp);
1023 inp->inp_faddr.s_addr = INADDR_ANY;
1028 in_pcbdetach(struct inpcb *inp)
1030 struct socket *so = inp->inp_socket;
1031 struct inpcbinfo *ipi = inp->inp_pcbinfo;
1033 inp->inp_gencnt = ++ipi->ipi_gencnt;
1034 KKASSERT((so->so_state & SS_ASSERTINPROG) == 0);
1035 in_pcbremlists(inp);
1037 sofree(so); /* remove pcb ref */
1038 if (inp->inp_options)
1039 m_free(inp->inp_options);
1040 if (inp->inp_route.ro_rt)
1041 rtfree(inp->inp_route.ro_rt);
1042 ip_freemoptions(inp->inp_moptions);
1047 * The socket may have an invalid PCB, i.e. NULL. For example, a TCP
1048 * socket received RST.
1051 in_setsockaddr(struct socket *so, struct sockaddr **nam)
1054 struct sockaddr_in *sin;
1056 KASSERT(curthread->td_type == TD_TYPE_NETISR, ("not in netisr"));
1059 return (ECONNRESET);
1061 sin = kmalloc(sizeof *sin, M_SONAME, M_WAITOK | M_ZERO);
1062 sin->sin_family = AF_INET;
1063 sin->sin_len = sizeof *sin;
1064 sin->sin_port = inp->inp_lport;
1065 sin->sin_addr = inp->inp_laddr;
1067 *nam = (struct sockaddr *)sin;
1072 in_setsockaddr_dispatch(netmsg_t msg)
1076 error = in_setsockaddr(msg->base.nm_so, msg->peeraddr.nm_nam);
1077 lwkt_replymsg(&msg->lmsg, error);
1081 * The socket may have an invalid PCB, i.e. NULL. For example, a TCP
1082 * socket received RST.
1085 in_setpeeraddr(struct socket *so, struct sockaddr **nam)
1088 struct sockaddr_in *sin;
1090 KASSERT(curthread->td_type == TD_TYPE_NETISR, ("not in netisr"));
1093 return (ECONNRESET);
1095 sin = kmalloc(sizeof *sin, M_SONAME, M_WAITOK | M_ZERO);
1096 sin->sin_family = AF_INET;
1097 sin->sin_len = sizeof *sin;
1098 sin->sin_port = inp->inp_fport;
1099 sin->sin_addr = inp->inp_faddr;
1101 *nam = (struct sockaddr *)sin;
1106 in_setpeeraddr_dispatch(netmsg_t msg)
1110 error = in_setpeeraddr(msg->base.nm_so, msg->peeraddr.nm_nam);
1111 lwkt_replymsg(&msg->lmsg, error);
1115 in_pcbnotifyall(struct inpcbinfo *pcbinfo, struct in_addr faddr, int err,
1116 inp_notify_t notify)
1118 struct inpcb *inp, *marker;
1120 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
1121 ("not in the correct netisr"));
1122 marker = in_pcbmarker();
1126 * - If INP_PLACEMARKER is set we must ignore the rest of the
1127 * structure and skip it.
1128 * - It is safe to nuke inpcbs here, since we are in their own
1131 GET_PCBINFO_TOKEN(pcbinfo);
1133 LIST_INSERT_HEAD(&pcbinfo->pcblisthead, marker, inp_list);
1134 while ((inp = LIST_NEXT(marker, inp_list)) != NULL) {
1135 LIST_REMOVE(marker, inp_list);
1136 LIST_INSERT_AFTER(inp, marker, inp_list);
1138 if (inp->inp_flags & INP_PLACEMARKER)
1141 if (!INP_ISIPV4(inp))
1144 if (inp->inp_faddr.s_addr != faddr.s_addr ||
1145 inp->inp_socket == NULL)
1147 (*notify)(inp, err); /* can remove inp from list! */
1149 LIST_REMOVE(marker, inp_list);
1151 REL_PCBINFO_TOKEN(pcbinfo);
1155 in_pcbpurgeif0(struct inpcbinfo *pcbinfo, struct ifnet *ifp)
1157 struct inpcb *inp, *marker;
1160 * We only need to make sure that we are in netisr0, where all
1161 * multicast operation happen. We could check inpcbinfo which
1162 * does not belong to netisr0 by holding the inpcbinfo's token.
1163 * In this case, the pcbinfo must be able to be shared, i.e.
1164 * pcbinfo->infotoken is not NULL.
1167 KASSERT(pcbinfo->cpu == 0 || pcbinfo->infotoken != NULL,
1168 ("pcbinfo could not be shared"));
1171 * Get a marker for the current netisr (netisr0).
1173 * It is possible that the multicast address deletion blocks,
1174 * which could cause temporary token releasing. So we use
1175 * inpcb marker here to get a coherent view of the inpcb list.
1177 * While, on the other hand, moptions are only added and deleted
1178 * in netisr0, so we would not see staled moption or miss moption
1179 * even if the token was released due to the blocking multicast
1182 marker = in_pcbmarker();
1184 GET_PCBINFO_TOKEN(pcbinfo);
1186 LIST_INSERT_HEAD(&pcbinfo->pcblisthead, marker, inp_list);
1187 while ((inp = LIST_NEXT(marker, inp_list)) != NULL) {
1188 struct ip_moptions *imo;
1190 LIST_REMOVE(marker, inp_list);
1191 LIST_INSERT_AFTER(inp, marker, inp_list);
1193 if (inp->inp_flags & INP_PLACEMARKER)
1195 imo = inp->inp_moptions;
1196 if (INP_ISIPV4(inp) && imo != NULL) {
1200 * Unselect the outgoing interface if it is being
1203 if (imo->imo_multicast_ifp == ifp)
1204 imo->imo_multicast_ifp = NULL;
1207 * Drop multicast group membership if we joined
1208 * through the interface being detached.
1210 for (i = 0, gap = 0; i < imo->imo_num_memberships;
1212 if (imo->imo_membership[i]->inm_ifp == ifp) {
1215 * This could block and the pcbinfo
1216 * token could be passively released.
1218 in_delmulti(imo->imo_membership[i]);
1220 } else if (gap != 0)
1221 imo->imo_membership[i - gap] =
1222 imo->imo_membership[i];
1224 imo->imo_num_memberships -= gap;
1227 LIST_REMOVE(marker, inp_list);
1229 REL_PCBINFO_TOKEN(pcbinfo);
1233 * Check for alternatives when higher level complains
1234 * about service problems. For now, invalidate cached
1235 * routing information. If the route was created dynamically
1236 * (by a redirect), time to try a default gateway again.
1239 in_losing(struct inpcb *inp)
1242 struct rt_addrinfo rtinfo;
1244 if ((rt = inp->inp_route.ro_rt)) {
1245 bzero(&rtinfo, sizeof(struct rt_addrinfo));
1246 rtinfo.rti_info[RTAX_DST] = rt_key(rt);
1247 rtinfo.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
1248 rtinfo.rti_info[RTAX_NETMASK] = rt_mask(rt);
1249 rtinfo.rti_flags = rt->rt_flags;
1250 rt_missmsg(RTM_LOSING, &rtinfo, rt->rt_flags, 0);
1251 if (rt->rt_flags & RTF_DYNAMIC) {
1252 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway,
1253 rt_mask(rt), rt->rt_flags, NULL);
1255 inp->inp_route.ro_rt = NULL;
1258 * A new route can be allocated
1259 * the next time output is attempted.
1265 * After a routing change, flush old routing
1266 * and allocate a (hopefully) better one.
1269 in_rtchange(struct inpcb *inp, int err)
1271 if (inp->inp_route.ro_rt) {
1272 rtfree(inp->inp_route.ro_rt);
1273 inp->inp_route.ro_rt = NULL;
1275 * A new route can be allocated the next time
1276 * output is attempted.
1282 * Lookup a PCB based on the local address and port.
1284 static struct inpcb *
1285 in_pcblookup_local(struct inpcbporthead *porthash, struct in_addr laddr,
1286 u_int lport_arg, int wild_okay, struct ucred *cred)
1289 int matchwild = 3, wildcard;
1290 u_short lport = lport_arg;
1291 struct inpcbport *phd;
1292 struct inpcb *match = NULL;
1295 * If the porthashbase is shared across several cpus, it must
1298 ASSERT_PORTHASH_TOKEN_HELD(porthash);
1301 * Best fit PCB lookup.
1303 * First see if this local port is in use by looking on the
1306 LIST_FOREACH(phd, porthash, phd_hash) {
1307 if (phd->phd_port == lport)
1312 * Port is in use by one or more PCBs. Look for best
1315 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
1318 if (!INP_ISIPV4(inp))
1321 if (inp->inp_faddr.s_addr != INADDR_ANY)
1323 if (inp->inp_laddr.s_addr != INADDR_ANY) {
1324 if (laddr.s_addr == INADDR_ANY)
1326 else if (inp->inp_laddr.s_addr != laddr.s_addr)
1329 if (laddr.s_addr != INADDR_ANY)
1332 if (wildcard && !wild_okay)
1334 if (wildcard < matchwild &&
1337 inp->inp_socket->so_cred->cr_prison)) {
1339 matchwild = wildcard;
1340 if (matchwild == 0) {
1350 in_pcblocalgroup_last(const struct inpcbinfo *pcbinfo,
1351 const struct inpcb *inp)
1353 const struct inp_localgrphead *hdr;
1354 const struct inp_localgroup *grp;
1357 if (pcbinfo->localgrphashbase == NULL)
1360 GET_PCBINFO_TOKEN(pcbinfo);
1362 hdr = &pcbinfo->localgrphashbase[
1363 INP_PCBLOCALGRPHASH(inp->inp_lport, pcbinfo->localgrphashmask)];
1365 LIST_FOREACH(grp, hdr, il_list) {
1366 if (grp->il_af == inp->inp_af &&
1367 grp->il_lport == inp->inp_lport &&
1368 memcmp(&grp->il_dependladdr,
1369 &inp->inp_inc.inc_ie.ie_dependladdr,
1370 sizeof(grp->il_dependladdr)) == 0) {
1374 if (grp == NULL || grp->il_inpcnt == 1) {
1375 REL_PCBINFO_TOKEN(pcbinfo);
1379 KASSERT(grp->il_inpcnt >= 2,
1380 ("invalid localgroup inp count %d", grp->il_inpcnt));
1381 for (i = 0; i < grp->il_inpcnt; ++i) {
1382 if (grp->il_inp[i] == inp) {
1383 int last = grp->il_inpcnt - 1;
1386 last = grp->il_inpcnt - 2;
1387 REL_PCBINFO_TOKEN(pcbinfo);
1388 return grp->il_inp[last];
1391 REL_PCBINFO_TOKEN(pcbinfo);
1395 static struct inpcb *
1396 inp_localgroup_lookup(const struct inpcbinfo *pcbinfo,
1397 struct in_addr laddr, uint16_t lport, uint32_t pkt_hash)
1399 struct inpcb *local_wild = NULL;
1400 const struct inp_localgrphead *hdr;
1401 const struct inp_localgroup *grp;
1403 ASSERT_PCBINFO_TOKEN_HELD(pcbinfo);
1405 hdr = &pcbinfo->localgrphashbase[
1406 INP_PCBLOCALGRPHASH(lport, pcbinfo->localgrphashmask)];
1409 * Order of socket selection:
1413 * NOTE: Local group does not contain jailed sockets
1415 LIST_FOREACH(grp, hdr, il_list) {
1417 if (grp->il_af != AF_INET)
1420 if (grp->il_lport == lport) {
1424 * Modulo-N is used here, which greatly reduces
1425 * completion queue token contention, thus more
1426 * cpu time is saved.
1428 idx = netisr_hashlsb(pkt_hash) % grp->il_inpcnt;
1429 if (grp->il_laddr.s_addr == laddr.s_addr)
1430 return grp->il_inp[idx];
1431 else if (grp->il_laddr.s_addr == INADDR_ANY)
1432 local_wild = grp->il_inp[idx];
1435 if (local_wild != NULL)
1441 * Lookup PCB in hash list.
1444 in_pcblookup_pkthash(struct inpcbinfo *pcbinfo, struct in_addr faddr,
1445 u_int fport_arg, struct in_addr laddr, u_int lport_arg,
1446 boolean_t wildcard, struct ifnet *ifp, const struct mbuf *m)
1448 struct inpcbhead *head;
1449 struct inpcb *inp, *jinp=NULL;
1450 u_short fport = fport_arg, lport = lport_arg;
1453 * First look for an exact match.
1455 head = &pcbinfo->hashbase[INP_PCBCONNHASH(faddr.s_addr, fport,
1456 laddr.s_addr, lport, pcbinfo->hashmask)];
1457 LIST_FOREACH(inp, head, inp_hash) {
1459 if (!INP_ISIPV4(inp))
1462 if (in_hosteq(inp->inp_faddr, faddr) &&
1463 in_hosteq(inp->inp_laddr, laddr) &&
1464 inp->inp_fport == fport && inp->inp_lport == lport) {
1466 if (inp->inp_socket == NULL ||
1467 inp->inp_socket->so_cred->cr_prison == NULL) {
1479 struct inpcb *local_wild = NULL;
1480 struct inpcb *jinp_wild = NULL;
1481 struct inpcontainer *ic;
1482 struct inpcontainerhead *chead;
1483 struct sockaddr_in jsin;
1486 GET_PCBINFO_TOKEN(pcbinfo);
1489 * Check local group first
1491 if (pcbinfo->localgrphashbase != NULL &&
1492 m != NULL && (m->m_flags & M_HASH)) {
1493 inp = inp_localgroup_lookup(pcbinfo,
1494 laddr, lport, m->m_pkthdr.hash);
1496 REL_PCBINFO_TOKEN(pcbinfo);
1502 * Order of socket selection:
1503 * 1. non-jailed, non-wild.
1504 * 2. non-jailed, wild.
1505 * 3. jailed, non-wild.
1508 jsin.sin_family = AF_INET;
1509 chead = &pcbinfo->wildcardhashbase[
1510 INP_PCBWILDCARDHASH(lport, pcbinfo->wildcardhashmask)];
1511 LIST_FOREACH(ic, chead, ic_list) {
1513 if (inp->inp_flags & INP_PLACEMARKER)
1516 jsin.sin_addr.s_addr = laddr.s_addr;
1518 if (!INP_ISIPV4(inp))
1521 if (inp->inp_socket != NULL)
1522 cred = inp->inp_socket->so_cred;
1525 if (cred != NULL && jailed(cred)) {
1529 if (!jailed_ip(cred->cr_prison,
1530 (struct sockaddr *)&jsin))
1533 if (inp->inp_lport == lport) {
1534 if (inp->inp_laddr.s_addr == laddr.s_addr) {
1535 if (cred != NULL && jailed(cred)) {
1538 REL_PCBINFO_TOKEN(pcbinfo);
1542 if (inp->inp_laddr.s_addr == INADDR_ANY) {
1543 if (cred != NULL && jailed(cred))
1551 REL_PCBINFO_TOKEN(pcbinfo);
1553 if (local_wild != NULL)
1554 return (local_wild);
1567 in_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in_addr faddr,
1568 u_int fport_arg, struct in_addr laddr, u_int lport_arg,
1569 boolean_t wildcard, struct ifnet *ifp)
1571 return in_pcblookup_pkthash(pcbinfo, faddr, fport_arg,
1572 laddr, lport_arg, wildcard, ifp, NULL);
1576 * Insert PCB into connection hash table.
1579 in_pcbinsconnhash(struct inpcb *inp)
1581 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
1582 struct inpcbhead *bucket;
1583 u_int32_t hashkey_faddr, hashkey_laddr;
1586 if (INP_ISIPV6(inp)) {
1587 hashkey_faddr = inp->in6p_faddr.s6_addr32[3] /* XXX JH */;
1588 hashkey_laddr = inp->in6p_laddr.s6_addr32[3] /* XXX JH */;
1591 hashkey_faddr = inp->inp_faddr.s_addr;
1592 hashkey_laddr = inp->inp_laddr.s_addr;
1597 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
1598 ("not in the correct netisr"));
1599 ASSERT_INP_NOTINHASH(inp);
1600 inp->inp_flags |= INP_CONNECTED;
1603 * Insert into the connection hash table.
1605 bucket = &pcbinfo->hashbase[INP_PCBCONNHASH(hashkey_faddr,
1606 inp->inp_fport, hashkey_laddr, inp->inp_lport, pcbinfo->hashmask)];
1607 LIST_INSERT_HEAD(bucket, inp, inp_hash);
1611 * Remove PCB from connection hash table.
1614 in_pcbremconnhash(struct inpcb *inp)
1616 struct inpcbinfo *pcbinfo __debugvar = inp->inp_pcbinfo;
1618 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
1619 ("not in the correct netisr"));
1620 KASSERT(inp->inp_flags & INP_CONNECTED, ("inp not connected"));
1622 LIST_REMOVE(inp, inp_hash);
1623 inp->inp_flags &= ~INP_CONNECTED;
1627 * Insert PCB into port hash table.
1630 in_pcbinsporthash(struct inpcbporthead *pcbporthash, struct inpcb *inp)
1632 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
1633 struct inpcbport *phd;
1636 * If the porthashbase is shared across several cpus, it must
1639 ASSERT_PORTHASH_TOKEN_HELD(pcbporthash);
1642 * Insert into the port hash table.
1645 /* Go through port list and look for a head for this lport. */
1646 LIST_FOREACH(phd, pcbporthash, phd_hash) {
1647 if (phd->phd_port == inp->inp_lport)
1651 /* If none exists, use saved one and tack it on. */
1653 KKASSERT(pcbinfo->portsave != NULL);
1654 phd = pcbinfo->portsave;
1655 pcbinfo->portsave = NULL;
1656 phd->phd_port = inp->inp_lport;
1657 LIST_INIT(&phd->phd_pcblist);
1658 LIST_INSERT_HEAD(pcbporthash, phd, phd_hash);
1661 inp->inp_porthash = pcbporthash;
1663 LIST_INSERT_HEAD(&phd->phd_pcblist, inp, inp_portlist);
1666 * Malloc one inpcbport for later use. It is safe to use
1667 * "wait" malloc here (port token would be released, if
1668 * malloc ever blocked), since all changes to the porthash
1671 if (pcbinfo->portsave == NULL) {
1672 pcbinfo->portsave = kmalloc(sizeof(*pcbinfo->portsave),
1673 M_PCB, M_INTWAIT | M_ZERO);
1678 in_pcbinsporthash_lport(struct inpcb *inp)
1680 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
1681 struct inpcbportinfo *portinfo;
1682 struct inpcbporthead *porthash;
1685 /* Locate the proper portinfo based on lport */
1686 lport_ho = ntohs(inp->inp_lport);
1687 portinfo = &pcbinfo->portinfo[lport_ho % pcbinfo->portinfo_cnt];
1688 KKASSERT((lport_ho % pcbinfo->portinfo_cnt) == portinfo->offset);
1690 porthash = in_pcbporthash_head(portinfo, inp->inp_lport);
1691 GET_PORTHASH_TOKEN(porthash);
1692 in_pcbinsporthash(porthash, inp);
1693 REL_PORTHASH_TOKEN(porthash);
1697 in_pcbremporthash(struct inpcb *inp)
1699 struct inpcbporthead *porthash;
1700 struct inpcbport *phd;
1702 if (inp->inp_phd == NULL)
1704 KASSERT(inp->inp_lport != 0, ("inpcb has no lport"));
1706 porthash = inp->inp_porthash;
1707 KASSERT(porthash != NULL, ("no porthash"));
1709 GET_PORTHASH_TOKEN(porthash);
1712 LIST_REMOVE(inp, inp_portlist);
1713 if (LIST_FIRST(&phd->phd_pcblist) == NULL) {
1714 LIST_REMOVE(phd, phd_hash);
1718 REL_PORTHASH_TOKEN(porthash);
1720 inp->inp_phd = NULL;
1721 /* NOTE: Don't whack inp_lport, which may be used later */
1724 static struct inp_localgroup *
1725 inp_localgroup_alloc(u_char af, uint16_t port,
1726 const union in_dependaddr *addr, int size)
1728 struct inp_localgroup *grp;
1730 grp = kmalloc(__offsetof(struct inp_localgroup, il_inp[size]),
1731 M_TEMP, M_INTWAIT | M_ZERO);
1733 grp->il_lport = port;
1734 grp->il_dependladdr = *addr;
1735 grp->il_inpsiz = size;
1741 inp_localgroup_free(struct inp_localgroup *grp)
1747 inp_localgroup_destroy(struct inp_localgroup *grp)
1749 LIST_REMOVE(grp, il_list);
1750 inp_localgroup_free(grp);
1754 inp_localgroup_copy(struct inp_localgroup *grp,
1755 const struct inp_localgroup *old_grp)
1759 KASSERT(old_grp->il_inpcnt < grp->il_inpsiz,
1760 ("invalid new local group size %d and old local group count %d",
1761 grp->il_inpsiz, old_grp->il_inpcnt));
1762 for (i = 0; i < old_grp->il_inpcnt; ++i)
1763 grp->il_inp[i] = old_grp->il_inp[i];
1764 grp->il_inpcnt = old_grp->il_inpcnt;
1768 in_pcbinslocalgrphash_oncpu(struct inpcb *inp, struct inpcbinfo *pcbinfo)
1770 struct inp_localgrphead *hdr;
1771 struct inp_localgroup *grp, *grp_alloc = NULL;
1775 ASSERT_PCBINFO_TOKEN_HELD(pcbinfo);
1777 if (pcbinfo->localgrphashbase == NULL)
1781 * XXX don't allow jailed socket to join local group
1783 if (inp->inp_socket != NULL)
1784 cred = inp->inp_socket->so_cred;
1787 if (cred != NULL && jailed(cred))
1790 hdr = &pcbinfo->localgrphashbase[
1791 INP_PCBLOCALGRPHASH(inp->inp_lport, pcbinfo->localgrphashmask)];
1794 LIST_FOREACH(grp, hdr, il_list) {
1795 if (grp->il_af == inp->inp_af &&
1796 grp->il_lport == inp->inp_lport &&
1797 memcmp(&grp->il_dependladdr,
1798 &inp->inp_inc.inc_ie.ie_dependladdr,
1799 sizeof(grp->il_dependladdr)) == 0) {
1805 * Create a new local group
1807 if (grp_alloc == NULL) {
1808 grp_alloc = inp_localgroup_alloc(inp->inp_af,
1809 inp->inp_lport, &inp->inp_inc.inc_ie.ie_dependladdr,
1810 INP_LOCALGROUP_SIZMIN);
1812 * Local group allocation could block and the
1813 * local group w/ the same property might have
1814 * been added by others when we were blocked;
1819 /* Local group has been allocated; link it */
1822 LIST_INSERT_HEAD(hdr, grp, il_list);
1824 } else if (grp->il_inpcnt == grp->il_inpsiz) {
1825 if (grp->il_inpsiz >= INP_LOCALGROUP_SIZMAX) {
1826 static int limit_logged = 0;
1828 if (!limit_logged) {
1830 kprintf("local group port %d, "
1831 "limit reached\n", ntohs(grp->il_lport));
1833 if (grp_alloc != NULL) {
1835 * This would happen if the local group
1836 * w/ the same property was expanded when
1837 * our local group allocation blocked.
1839 inp_localgroup_free(grp_alloc);
1845 * Expand this local group
1847 if (grp_alloc == NULL ||
1848 grp->il_inpcnt >= grp_alloc->il_inpsiz) {
1849 if (grp_alloc != NULL)
1850 inp_localgroup_free(grp_alloc);
1851 grp_alloc = inp_localgroup_alloc(grp->il_af,
1852 grp->il_lport, &grp->il_dependladdr,
1853 grp->il_inpsiz * 2);
1855 * Local group allocation could block and the
1856 * local group w/ the same property might have
1857 * been expanded by others when we were blocked;
1864 * Save the old local group, link the new one, and then
1865 * destroy the old local group
1867 inp_localgroup_copy(grp_alloc, grp);
1868 LIST_INSERT_HEAD(hdr, grp_alloc, il_list);
1869 inp_localgroup_destroy(grp);
1875 * Found the local group
1877 if (grp_alloc != NULL) {
1879 * This would happen if the local group w/ the
1880 * same property was added or expanded when our
1881 * local group allocation blocked.
1883 inp_localgroup_free(grp_alloc);
1888 KASSERT(grp->il_inpcnt < grp->il_inpsiz,
1889 ("invalid local group size %d and count %d",
1890 grp->il_inpsiz, grp->il_inpcnt));
1893 * Keep the local group sorted by the inpcb local group index
1894 * in ascending order.
1896 * This eases the multi-process userland application which uses
1897 * SO_REUSEPORT sockets and binds process to the owner cpu of
1898 * the SO_REUSEPORT socket:
1899 * If we didn't sort the local group by the inpcb local group
1900 * index and one of the process owning an inpcb in this local
1901 * group restarted, e.g. crashed and restarted by watchdog,
1902 * other processes owning a inpcb in this local group would have
1903 * to detect that event, refetch its socket's owner cpu, and
1906 idx = grp->il_inpcnt;
1907 for (i = 0; i < idx; ++i) {
1908 struct inpcb *oinp = grp->il_inp[i];
1910 if (oinp->inp_lgrpindex > i) {
1911 if (inp->inp_lgrpindex < 0) {
1912 inp->inp_lgrpindex = i;
1913 } else if (inp->inp_lgrpindex != i) {
1915 kprintf("inp %p: grpidx %d, "
1916 "assigned to %d, cpu%d\n",
1917 inp, inp->inp_lgrpindex, i,
1921 grp->il_inp[i] = inp;
1923 /* Pull down inpcbs */
1924 for (; i < grp->il_inpcnt; ++i) {
1925 struct inpcb *oinp1 = grp->il_inp[i + 1];
1927 grp->il_inp[i + 1] = oinp;
1935 if (inp->inp_lgrpindex < 0) {
1936 inp->inp_lgrpindex = idx;
1937 } else if (inp->inp_lgrpindex != idx) {
1939 kprintf("inp %p: grpidx %d, assigned to %d, cpu%d\n",
1940 inp, inp->inp_lgrpindex, idx, mycpuid);
1943 grp->il_inp[idx] = inp;
1948 in_pcbinswildcardhash_oncpu(struct inpcb *inp, struct inpcbinfo *pcbinfo)
1950 struct inpcontainer *ic;
1951 struct inpcontainerhead *bucket;
1953 GET_PCBINFO_TOKEN(pcbinfo);
1955 in_pcbinslocalgrphash_oncpu(inp, pcbinfo);
1957 bucket = &pcbinfo->wildcardhashbase[
1958 INP_PCBWILDCARDHASH(inp->inp_lport, pcbinfo->wildcardhashmask)];
1960 ic = kmalloc(sizeof(struct inpcontainer), M_TEMP, M_INTWAIT);
1962 LIST_INSERT_HEAD(bucket, ic, ic_list);
1964 REL_PCBINFO_TOKEN(pcbinfo);
1968 * Insert PCB into wildcard hash table.
1971 in_pcbinswildcardhash(struct inpcb *inp)
1973 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
1975 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
1976 ("not in correct netisr"));
1977 ASSERT_INP_NOTINHASH(inp);
1978 inp->inp_flags |= INP_WILDCARD;
1980 in_pcbinswildcardhash_oncpu(inp, pcbinfo);
1984 in_pcbremlocalgrphash_oncpu(struct inpcb *inp, struct inpcbinfo *pcbinfo)
1986 struct inp_localgrphead *hdr;
1987 struct inp_localgroup *grp;
1989 ASSERT_PCBINFO_TOKEN_HELD(pcbinfo);
1991 if (pcbinfo->localgrphashbase == NULL)
1994 hdr = &pcbinfo->localgrphashbase[
1995 INP_PCBLOCALGRPHASH(inp->inp_lport, pcbinfo->localgrphashmask)];
1997 LIST_FOREACH(grp, hdr, il_list) {
2000 for (i = 0; i < grp->il_inpcnt; ++i) {
2001 if (grp->il_inp[i] != inp)
2004 if (grp->il_inpcnt == 1) {
2005 /* Destroy this local group */
2006 inp_localgroup_destroy(grp);
2008 /* Pull up inpcbs */
2009 for (; i + 1 < grp->il_inpcnt; ++i)
2010 grp->il_inp[i] = grp->il_inp[i + 1];
2019 in_pcbremwildcardhash_oncpu(struct inpcb *inp, struct inpcbinfo *pcbinfo)
2021 struct inpcontainer *ic;
2022 struct inpcontainerhead *head;
2024 GET_PCBINFO_TOKEN(pcbinfo);
2026 in_pcbremlocalgrphash_oncpu(inp, pcbinfo);
2029 head = &pcbinfo->wildcardhashbase[
2030 INP_PCBWILDCARDHASH(inp->inp_lport, pcbinfo->wildcardhashmask)];
2032 LIST_FOREACH(ic, head, ic_list) {
2033 if (ic->ic_inp == inp)
2036 REL_PCBINFO_TOKEN(pcbinfo);
2037 return; /* not found! */
2040 LIST_REMOVE(ic, ic_list); /* remove container from bucket chain */
2041 REL_PCBINFO_TOKEN(pcbinfo);
2042 kfree(ic, M_TEMP); /* deallocate container */
2046 * Remove PCB from wildcard hash table.
2049 in_pcbremwildcardhash(struct inpcb *inp)
2051 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
2053 KASSERT(&curthread->td_msgport == netisr_cpuport(pcbinfo->cpu),
2054 ("not in correct netisr"));
2055 KASSERT(inp->inp_flags & INP_WILDCARD, ("inp not wildcard"));
2057 in_pcbremwildcardhash_oncpu(inp, pcbinfo);
2058 inp->inp_lgrpindex = -1;
2059 inp->inp_flags &= ~INP_WILDCARD;
2063 * Remove PCB from various lists.
2066 in_pcbremlists(struct inpcb *inp)
2068 in_pcbremporthash(inp);
2069 if (inp->inp_flags & INP_WILDCARD) {
2070 in_pcbremwildcardhash(inp);
2071 } else if (inp->inp_flags & INP_CONNECTED) {
2072 in_pcbremconnhash(inp);
2075 if (inp->inp_flags & INP_ONLIST)
2080 prison_xinpcb(struct thread *td, struct inpcb *inp)
2084 if (td->td_proc == NULL)
2086 cr = td->td_proc->p_ucred;
2087 if (cr->cr_prison == NULL)
2089 if (inp->inp_socket && inp->inp_socket->so_cred &&
2090 inp->inp_socket->so_cred->cr_prison &&
2091 cr->cr_prison == inp->inp_socket->so_cred->cr_prison)
2097 in_pcblist_range(SYSCTL_HANDLER_ARGS)
2099 struct inpcbinfo *pcbinfo_arr = arg1;
2100 int pcbinfo_arrlen = arg2;
2101 struct inpcb *marker;
2105 KASSERT(pcbinfo_arrlen <= netisr_ncpus && pcbinfo_arrlen >= 1,
2106 ("invalid pcbinfo count %d", pcbinfo_arrlen));
2109 * The process of preparing the TCB list is too time-consuming and
2110 * resource-intensive to repeat twice on every request.
2113 if (req->oldptr == NULL) {
2114 for (cpu = 0; cpu < pcbinfo_arrlen; ++cpu)
2115 n += pcbinfo_arr[cpu].ipi_count;
2116 req->oldidx = (n + n/8 + 10) * sizeof(struct xinpcb);
2120 if (req->newptr != NULL)
2123 marker = kmalloc(sizeof(struct inpcb), M_TEMP, M_WAITOK|M_ZERO);
2124 marker->inp_flags |= INP_PLACEMARKER;
2127 * OK, now we're committed to doing something. Re-fetch ipi_count
2128 * after obtaining the generation count.
2132 for (cpu = 0; cpu < pcbinfo_arrlen && error == 0; ++cpu) {
2133 struct inpcbinfo *pcbinfo = &pcbinfo_arr[cpu];
2138 lwkt_migratecpu(cpu);
2140 GET_PCBINFO_TOKEN(pcbinfo);
2142 n = pcbinfo->ipi_count;
2144 LIST_INSERT_HEAD(&pcbinfo->pcblisthead, marker, inp_list);
2146 while ((inp = LIST_NEXT(marker, inp_list)) != NULL && i < n) {
2147 LIST_REMOVE(marker, inp_list);
2148 LIST_INSERT_AFTER(inp, marker, inp_list);
2150 if (inp->inp_flags & INP_PLACEMARKER)
2152 if (prison_xinpcb(req->td, inp))
2155 bzero(&xi, sizeof xi);
2156 xi.xi_len = sizeof xi;
2157 bcopy(inp, &xi.xi_inp, sizeof *inp);
2158 if (inp->inp_socket)
2159 sotoxsocket(inp->inp_socket, &xi.xi_socket);
2160 if ((error = SYSCTL_OUT(req, &xi, sizeof xi)) != 0)
2164 LIST_REMOVE(marker, inp_list);
2166 REL_PCBINFO_TOKEN(pcbinfo);
2168 if (error == 0 && i < n) {
2169 bzero(&xi, sizeof xi);
2170 xi.xi_len = sizeof xi;
2172 error = SYSCTL_OUT(req, &xi, sizeof xi);
2180 lwkt_migratecpu(origcpu);
2181 kfree(marker, M_TEMP);
2186 in_pcblist_ncpus(SYSCTL_HANDLER_ARGS)
2189 return (in_pcblist_range(oidp, arg1, netisr_ncpus, req));
2193 in_savefaddr(struct socket *so, const struct sockaddr *faddr)
2195 struct sockaddr_in *sin;
2197 KASSERT(faddr->sa_family == AF_INET,
2198 ("not AF_INET faddr %d", faddr->sa_family));
2200 sin = kmalloc(sizeof(*sin), M_SONAME, M_WAITOK | M_ZERO);
2201 sin->sin_family = AF_INET;
2202 sin->sin_len = sizeof(*sin);
2203 sin->sin_port = ((const struct sockaddr_in *)faddr)->sin_port;
2204 sin->sin_addr = ((const struct sockaddr_in *)faddr)->sin_addr;
2206 so->so_faddr = (struct sockaddr *)sin;
2210 in_pcbportinfo_init(struct inpcbportinfo *portinfo, int hashsize,
2213 memset(portinfo, 0, sizeof(*portinfo));
2215 portinfo->offset = offset;
2216 portinfo->porthashbase = phashinit(hashsize, M_PCB,
2217 &portinfo->porthashcnt);
2221 in_pcbportrange(u_short *hi0, u_short *lo0, u_short ofs, u_short step)
2231 hi = rounddown(hi, step);
2236 lo = roundup(lo, step);
2246 in_pcbglobalinit(void)
2250 in_pcbmarkers = kmalloc(netisr_ncpus * sizeof(struct inpcb), M_PCB,
2252 in_pcbcontainer_markers =
2253 kmalloc(netisr_ncpus * sizeof(struct inpcontainer), M_PCB,
2256 for (cpu = 0; cpu < netisr_ncpus; ++cpu) {
2257 struct inpcontainer *ic = &in_pcbcontainer_markers[cpu];
2258 struct inpcb *marker = &in_pcbmarkers[cpu];
2260 marker->inp_flags |= INP_PLACEMARKER;
2261 ic->ic_inp = marker;
2269 ASSERT_NETISR_NCPUS(mycpuid);
2270 return &in_pcbmarkers[mycpuid];
2273 struct inpcontainer *
2274 in_pcbcontainer_marker(void)
2277 ASSERT_NETISR_NCPUS(mycpuid);
2278 return &in_pcbcontainer_markers[mycpuid];
2282 in_pcbresetroute(struct inpcb *inp)
2284 struct route *ro = &inp->inp_route;
2286 if (ro->ro_rt != NULL)
2288 bzero(ro, sizeof(*ro));