#include <sys/param.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
#include <sys/errno.h>
#include <sys/stat.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/syslog.h>
#include <machine/endian.h>
#include <net/if.h>
#include <net/route.h>
#include <net/if_types.h>
#include <net/ntstat.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/in_systm.h>
#include <netinet/in_tclass.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/in_pcb.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
#include <netinet6/udp6_var.h>
#include <netinet/icmp6.h>
#include <netinet6/ip6protosw.h>
#if NECP
#include <net/necp.h>
#endif
#include <net/net_osdep.h>
#if CONTENT_FILTER
#include <net/content_filter.h>
#endif
extern int soreserveheadroom;
int
udp6_output(struct in6pcb *in6p, struct mbuf *m, struct sockaddr *addr6,
struct mbuf *control, struct proc *p)
{
u_int32_t ulen = m->m_pkthdr.len;
u_int32_t plen = sizeof(struct udphdr) + ulen;
struct ip6_hdr *ip6;
struct udphdr *udp6;
struct in6_addr *laddr, *faddr;
u_short fport;
int error = 0;
struct ip6_pktopts opt, *optp = NULL;
struct ip6_moptions *im6o;
int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
int flags;
struct sockaddr_in6 tmp;
struct in6_addr storage;
int sotc = SO_TC_UNSPEC;
int netsvctype = _NET_SERVICE_TYPE_UNSPEC;
struct ip6_out_args ip6oa;
struct flowadv *adv = &ip6oa.ip6oa_flowadv;
struct socket *so = in6p->in6p_socket;
struct route_in6 ro;
int flowadv = 0;
bool sndinprog_cnt_used = false;
#if CONTENT_FILTER
struct m_tag *cfil_tag = NULL;
bool cfil_faddr_use = false;
uint32_t cfil_so_state_change_cnt = 0;
struct sockaddr *cfil_faddr = NULL;
struct sockaddr_in6 *cfil_sin6 = NULL;
#endif
bool check_qos_marking_again = (so->so_flags1 & SOF1_QOSMARKING_POLICY_OVERRIDE) ? FALSE : TRUE;
bzero(&ip6oa, sizeof(ip6oa));
ip6oa.ip6oa_boundif = IFSCOPE_NONE;
ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF;
flowadv = (so->so_state & SS_ISCONNECTED) ? 1 : 0;
if (flowadv && INP_WAIT_FOR_IF_FEEDBACK(in6p)) {
error = ENOBUFS;
goto release;
}
if (in6p->inp_flags & INP_BOUND_IF) {
ip6oa.ip6oa_boundif = in6p->inp_boundifp->if_index;
ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
}
if (INP_NO_CELLULAR(in6p)) {
ip6oa.ip6oa_flags |= IP6OAF_NO_CELLULAR;
}
if (INP_NO_EXPENSIVE(in6p)) {
ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
}
if (INP_NO_CONSTRAINED(in6p)) {
ip6oa.ip6oa_flags |= IP6OAF_NO_CONSTRAINED;
}
if (INP_AWDL_UNRESTRICTED(in6p)) {
ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
}
if (INP_INTCOPROC_ALLOWED(in6p)) {
ip6oa.ip6oa_flags |= IP6OAF_INTCOPROC_ALLOWED;
}
#if CONTENT_FILTER
if (so->so_cfil_db && !addr6) {
cfil_tag = cfil_dgram_get_socket_state(m, &cfil_so_state_change_cnt, NULL, &cfil_faddr, NULL);
if (cfil_tag) {
cfil_sin6 = (struct sockaddr_in6 *)(void *)cfil_faddr;
if ((so->so_state_change_cnt != cfil_so_state_change_cnt) &&
(in6p->in6p_fport != cfil_sin6->sin6_port ||
!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &cfil_sin6->sin6_addr))) {
cfil_faddr_use = true;
}
}
}
#endif
if (control) {
sotc = so_tc_from_control(control, &netsvctype);
if ((error = ip6_setpktopts(control, &opt,
NULL, IPPROTO_UDP)) != 0) {
goto release;
}
optp = &opt;
} else {
optp = in6p->in6p_outputopts;
}
if (sotc == SO_TC_UNSPEC) {
sotc = so->so_traffic_class;
netsvctype = so->so_netsvctype;
}
ip6oa.ip6oa_sotc = sotc;
ip6oa.ip6oa_netsvctype = netsvctype;
in6p->inp_sndinprog_cnt++;
sndinprog_cnt_used = true;
if (addr6) {
struct sockaddr_in6 *sin6 =
(struct sockaddr_in6 *)(void *)addr6;
if (sin6->sin6_port == 0) {
error = EADDRNOTAVAIL;
goto release;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
error = EISCONN;
goto release;
}
tmp = *sin6;
sin6 = &tmp;
faddr = &sin6->sin6_addr;
fport = sin6->sin6_port;
if (IN6_IS_ADDR_V4MAPPED(faddr)) {
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
error = EINVAL;
goto release;
} else {
af = AF_INET;
}
}
if (in6_embedscope(&sin6->sin6_addr, sin6, in6p, NULL,
optp) != 0) {
error = EINVAL;
goto release;
}
if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
laddr = in6_selectsrc(sin6, optp,
in6p, &in6p->in6p_route, NULL, &storage,
ip6oa.ip6oa_boundif, &error);
} else {
laddr = &in6p->in6p_laddr;
}
if (laddr == NULL) {
if (error == 0) {
error = EADDRNOTAVAIL;
}
goto release;
}
if (in6p->in6p_lport == 0 &&
(error = in6_pcbsetport(laddr, in6p, p, 0)) != 0) {
goto release;
}
} else {
if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
error = ENOTCONN;
goto release;
}
laddr = &in6p->in6p_laddr;
faddr = &in6p->in6p_faddr;
fport = in6p->in6p_fport;
#if CONTENT_FILTER
if (cfil_faddr_use) {
faddr = &((struct sockaddr_in6 *)(void *)cfil_faddr)->sin6_addr;
fport = ((struct sockaddr_in6 *)(void *)cfil_faddr)->sin6_port;
ROUTE_RELEASE(&in6p->in6p_route);
}
#endif
if (IN6_IS_ADDR_V4MAPPED(faddr)) {
if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
log(LOG_INFO, "udp6_output: IPV6_V6ONLY "
"option was set for a connected socket\n");
error = EINVAL;
goto release;
} else {
af = AF_INET;
}
}
}
if (in6p->inp_flowhash == 0) {
in6p->inp_flowhash = inp_calc_flowhash(in6p);
}
if (in6p->inp_flow == 0 && in6p->in6p_flags & IN6P_AUTOFLOWLABEL) {
in6p->inp_flow &= ~IPV6_FLOWLABEL_MASK;
in6p->inp_flow |=
(htonl(in6p->inp_flowhash) & IPV6_FLOWLABEL_MASK);
}
if (af == AF_INET) {
hlen = sizeof(struct ip);
}
if (fport == htons(53) && !(so->so_flags1 & SOF1_DNS_COUNTED)) {
so->so_flags1 |= SOF1_DNS_COUNTED;
INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet_dgram_dns);
}
M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT, 1);
if (m == 0) {
error = ENOBUFS;
goto release;
}
udp6 = (struct udphdr *)(void *)(mtod(m, caddr_t) + hlen);
udp6->uh_sport = in6p->in6p_lport;
udp6->uh_dport = fport;
if (plen <= 0xffff) {
udp6->uh_ulen = htons((u_short)plen);
} else {
udp6->uh_ulen = 0;
}
udp6->uh_sum = 0;
switch (af) {
case AF_INET6:
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_flow = in6p->inp_flow & IPV6_FLOWINFO_MASK;
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
ip6->ip6_vfc |= IPV6_VERSION;
#if 0
ip6->ip6_plen = htons((u_short)plen);
#endif
ip6->ip6_nxt = IPPROTO_UDP;
ip6->ip6_hlim = in6_selecthlim(in6p, in6p->in6p_route.ro_rt ?
in6p->in6p_route.ro_rt->rt_ifp : NULL);
ip6->ip6_src = *laddr;
ip6->ip6_dst = *faddr;
udp6->uh_sum = in6_pseudo(laddr, faddr,
htonl(plen + IPPROTO_UDP));
m->m_pkthdr.csum_flags = (CSUM_UDPIPV6 | CSUM_ZERO_INVERT);
m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) {
ip6oa.ip6oa_flags |= IP6OAF_BOUND_SRCADDR;
}
flags = IPV6_OUTARGS;
udp6stat.udp6s_opackets++;
#if NECP
{
necp_kernel_policy_id policy_id;
necp_kernel_policy_id skip_policy_id;
u_int32_t route_rule_id;
u_int32_t pass_flags;
if (net_qos_policy_restricted != 0 &&
ROUTE_UNUSABLE(&in6p->inp_route)) {
struct sockaddr_in6 to;
struct sockaddr_in6 from;
ROUTE_RELEASE(&in6p->inp_route);
bzero(&from, sizeof(struct sockaddr_in6));
from.sin6_family = AF_INET6;
from.sin6_len = sizeof(struct sockaddr_in6);
from.sin6_addr = *laddr;
bzero(&to, sizeof(struct sockaddr_in6));
to.sin6_family = AF_INET6;
to.sin6_len = sizeof(struct sockaddr_in6);
to.sin6_addr = *faddr;
in6p->inp_route.ro_dst.sa_family = AF_INET6;
in6p->inp_route.ro_dst.sa_len = sizeof(struct sockaddr_in6);
((struct sockaddr_in6 *)(void *)&in6p->inp_route.ro_dst)->sin6_addr =
*faddr;
rtalloc_scoped(&in6p->inp_route, ip6oa.ip6oa_boundif);
inp_update_necp_policy(in6p, (struct sockaddr *)&from,
(struct sockaddr *)&to, ip6oa.ip6oa_boundif);
in6p->inp_policyresult.results.qos_marking_gencount = 0;
}
if (!necp_socket_is_allowed_to_send_recv_v6(in6p, in6p->in6p_lport, fport, laddr, faddr, NULL, 0, &policy_id, &route_rule_id, &skip_policy_id, &pass_flags)) {
error = EHOSTUNREACH;
goto release;
}
necp_mark_packet_from_socket(m, in6p, policy_id, route_rule_id, skip_policy_id, pass_flags);
if (net_qos_policy_restricted != 0) {
necp_socket_update_qos_marking(in6p, in6p->in6p_route.ro_rt, route_rule_id);
}
}
#endif
if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED)) {
ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
}
if (check_qos_marking_again) {
ip6oa.ip6oa_flags |= IP6OAF_REDO_QOSMARKING_POLICY;
}
ip6oa.qos_marking_gencount = in6p->inp_policyresult.results.qos_marking_gencount;
#if IPSEC
if (in6p->in6p_sp != NULL && ipsec_setsocket(m, so) != 0) {
error = ENOBUFS;
goto release;
}
#endif
if (ROUTE_UNUSABLE(&in6p->in6p_route) ||
rt_key(in6p->in6p_route.ro_rt)->sa_family != AF_INET6) {
ROUTE_RELEASE(&in6p->in6p_route);
}
in6p_route_copyout(in6p, &ro);
set_packet_service_class(m, so, sotc, PKT_SCF_IPV6);
m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
m->m_pkthdr.pkt_flowid = in6p->inp_flowhash;
m->m_pkthdr.pkt_proto = IPPROTO_UDP;
m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC);
if (flowadv) {
m->m_pkthdr.pkt_flags |= PKTF_FLOW_ADV;
}
m->m_pkthdr.tx_udp_pid = so->last_pid;
if (so->so_flags & SOF_DELEGATED) {
m->m_pkthdr.tx_udp_e_pid = so->e_pid;
} else {
m->m_pkthdr.tx_udp_e_pid = 0;
}
im6o = in6p->in6p_moptions;
if (im6o != NULL) {
IM6O_LOCK(im6o);
IM6O_ADDREF_LOCKED(im6o);
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
im6o->im6o_multicast_ifp != NULL) {
in6p->in6p_last_outifp =
im6o->im6o_multicast_ifp;
}
IM6O_UNLOCK(im6o);
}
socket_unlock(so, 0);
error = ip6_output(m, optp, &ro, flags, im6o, NULL, &ip6oa);
m = NULL;
socket_lock(so, 0);
if (im6o != NULL) {
IM6O_REMREF(im6o);
}
if (check_qos_marking_again) {
in6p->inp_policyresult.results.qos_marking_gencount = ip6oa.qos_marking_gencount;
if (ip6oa.ip6oa_flags & IP6OAF_QOSMARKING_ALLOWED) {
in6p->inp_socket->so_flags1 |= SOF1_QOSMARKING_ALLOWED;
} else {
in6p->inp_socket->so_flags1 &= ~SOF1_QOSMARKING_ALLOWED;
}
}
if (error == 0 && nstat_collect) {
boolean_t cell, wifi, wired;
if (in6p->in6p_route.ro_rt != NULL) {
cell = IFNET_IS_CELLULAR(in6p->in6p_route.
ro_rt->rt_ifp);
wifi = (!cell && IFNET_IS_WIFI(in6p->in6p_route.
ro_rt->rt_ifp));
wired = (!wifi && IFNET_IS_WIRED(in6p->in6p_route.
ro_rt->rt_ifp));
} else {
cell = wifi = wired = FALSE;
}
INP_ADD_STAT(in6p, cell, wifi, wired, txpackets, 1);
INP_ADD_STAT(in6p, cell, wifi, wired, txbytes, ulen);
inp_set_activity_bitmap(in6p);
}
if (flowadv && (adv->code == FADV_FLOW_CONTROLLED ||
adv->code == FADV_SUSPENDED)) {
error = ENOBUFS;
inp_set_fc_state(in6p, adv->code);
}
if (ro.ro_rt != NULL) {
struct ifnet *outif = ro.ro_rt->rt_ifp;
so->so_pktheadroom = (uint16_t)P2ROUNDUP(
sizeof(struct udphdr) +
hlen +
ifnet_hdrlen(outif) +
ifnet_mbuf_packetpreamblelen(outif),
sizeof(u_int32_t));
}
in6p_route_copyin(in6p, &ro);
if (in6p->in6p_route.ro_rt != NULL) {
struct rtentry *rt = in6p->in6p_route.ro_rt;
struct ifnet *outif;
if (rt->rt_flags & RTF_MULTICAST) {
rt = NULL;
}
#if CONTENT_FILTER
if (cfil_faddr_use) {
rt = NULL;
}
#endif
if (rt == NULL) {
ROUTE_RELEASE(&in6p->in6p_route);
}
if (rt != NULL) {
if (ip6oa.ip6oa_flags & IP6OAF_BOUND_IF) {
outif = ifindex2ifnet[ip6oa.ip6oa_boundif];
} else {
outif = rt->rt_ifp;
}
if (outif != NULL && outif != in6p->in6p_last_outifp) {
in6p->in6p_last_outifp = outif;
so->so_pktheadroom = (uint16_t)P2ROUNDUP(
sizeof(struct udphdr) +
hlen +
ifnet_hdrlen(outif) +
ifnet_mbuf_packetpreamblelen(outif),
sizeof(u_int32_t));
}
}
} else {
ROUTE_RELEASE(&in6p->in6p_route);
}
if (error != 0 && (ip6oa.ip6oa_retflags & IP6OARF_IFDENIED) &&
(INP_NO_CELLULAR(in6p) || INP_NO_EXPENSIVE(in6p) || INP_NO_CONSTRAINED(in6p))) {
soevent(in6p->inp_socket, (SO_FILT_HINT_LOCKED |
SO_FILT_HINT_IFDENIED));
}
break;
case AF_INET:
error = EAFNOSUPPORT;
goto release;
}
goto releaseopt;
release:
if (m != NULL) {
m_freem(m);
}
releaseopt:
if (control != NULL) {
if (optp == &opt) {
ip6_clearpktopts(optp, -1);
}
m_freem(control);
}
#if CONTENT_FILTER
if (cfil_tag) {
m_tag_free(cfil_tag);
}
#endif
if (sndinprog_cnt_used) {
VERIFY(in6p->inp_sndinprog_cnt > 0);
if (--in6p->inp_sndinprog_cnt == 0) {
in6p->inp_flags &= ~(INP_FC_FEEDBACK);
if (in6p->inp_sndingprog_waiters > 0) {
wakeup(&in6p->inp_sndinprog_cnt);
}
}
sndinprog_cnt_used = false;
}
return error;
}