1 /*
2 * Copyright (c) 2003-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the project nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 /*
59 * Copyright (c) 1982, 1986, 1991, 1993
60 * The Regents of the University of California. All rights reserved.
61 *
62 * Redistribution and use in source and binary forms, with or without
63 * modification, are permitted provided that the following conditions
64 * are met:
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
70 * 3. All advertising materials mentioning features or use of this software
71 * must display the following acknowledgement:
72 * This product includes software developed by the University of
73 * California, Berkeley and its contributors.
74 * 4. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)in.c 8.2 (Berkeley) 11/15/93
91 */
92
93
94 #include <sys/param.h>
95 #include <sys/ioctl.h>
96 #include <sys/errno.h>
97 #include <sys/malloc.h>
98 #include <sys/socket.h>
99 #include <sys/socketvar.h>
100 #include <sys/sockio.h>
101 #include <sys/systm.h>
102 #include <sys/time.h>
103 #include <sys/kernel.h>
104 #include <sys/syslog.h>
105 #include <sys/kern_event.h>
106 #include <sys/mcache.h>
107 #include <sys/protosw.h>
108 #include <sys/sysctl.h>
109
110 #include <kern/locks.h>
111 #include <kern/zalloc.h>
112 #include <kern/clock.h>
113 #include <libkern/OSAtomic.h>
114 #include <machine/machine_routines.h>
115 #include <mach/boolean.h>
116
117 #include <net/if.h>
118 #include <net/if_types.h>
119 #include <net/if_var.h>
120 #include <net/route.h>
121 #include <net/if_dl.h>
122 #include <net/kpi_protocol.h>
123 #include <net/nwk_wq.h>
124
125 #include <netinet/in.h>
126 #include <netinet/in_var.h>
127 #include <netinet/if_ether.h>
128 #include <netinet/in_systm.h>
129 #include <netinet/ip.h>
130 #include <netinet/in_pcb.h>
131 #include <netinet/icmp6.h>
132 #include <netinet/tcp.h>
133 #include <netinet/tcp_seq.h>
134 #include <netinet/tcp_var.h>
135
136 #include <netinet6/nd6.h>
137 #include <netinet/ip6.h>
138 #include <netinet6/ip6_var.h>
139 #include <netinet6/mld6_var.h>
140 #include <netinet6/in6_ifattach.h>
141 #include <netinet6/scope6_var.h>
142 #include <netinet6/in6_var.h>
143 #include <netinet6/in6_pcb.h>
144
145 #include <net/net_osdep.h>
146
147 #include <net/dlil.h>
148 #include <net/if_llatbl.h>
149
150 #if PF
151 #include <net/pfvar.h>
152 #endif /* PF */
153
154 /*
155 * Definitions of some costant IP6 addresses.
156 */
157 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
158 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
159 const struct in6_addr in6addr_nodelocal_allnodes =
160 IN6ADDR_NODELOCAL_ALLNODES_INIT;
161 const struct in6_addr in6addr_linklocal_allnodes =
162 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
163 const struct in6_addr in6addr_linklocal_allrouters =
164 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
165 const struct in6_addr in6addr_linklocal_allv2routers =
166 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
167 const struct in6_addr in6addr_multicast_prefix =
168 IN6ADDR_MULTICAST_PREFIX;
169
170 const struct in6_addr in6mask0 = IN6MASK0;
171 const struct in6_addr in6mask7 = IN6MASK7;
172 const struct in6_addr in6mask8 = IN6MASK8;
173 const struct in6_addr in6mask16 = IN6MASK16;
174 const struct in6_addr in6mask32 = IN6MASK32;
175 const struct in6_addr in6mask64 = IN6MASK64;
176 const struct in6_addr in6mask96 = IN6MASK96;
177 const struct in6_addr in6mask128 = IN6MASK128;
178
179 const struct sockaddr_in6 sa6_any = {
180 .sin6_len = sizeof(sa6_any),
181 .sin6_family = AF_INET6,
182 .sin6_port = 0,
183 .sin6_flowinfo = 0,
184 .sin6_addr = IN6ADDR_ANY_INIT,
185 .sin6_scope_id = 0
186 };
187
188 static int in6ctl_associd(struct socket *, u_long, caddr_t);
189 static int in6ctl_connid(struct socket *, u_long, caddr_t);
190 static int in6ctl_conninfo(struct socket *, u_long, caddr_t);
191 static int in6ctl_llstart(struct ifnet *, u_long, caddr_t);
192 static int in6ctl_llstop(struct ifnet *);
193 static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t);
194 static int in6ctl_gifaddr(struct ifnet *, struct in6_ifaddr *, u_long,
195 struct in6_ifreq *);
196 static int in6ctl_gifstat(struct ifnet *, u_long, struct in6_ifreq *);
197 static int in6ctl_alifetime(struct in6_ifaddr *, u_long, struct in6_ifreq *,
198 boolean_t);
199 static int in6ctl_aifaddr(struct ifnet *, struct in6_aliasreq *);
200 static void in6ctl_difaddr(struct ifnet *, struct in6_ifaddr *);
201 static int in6_autoconf(struct ifnet *, int);
202 static int in6_setrouter(struct ifnet *, ipv6_router_mode_t);
203 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
204 static int in6_ifaupdate_aux(struct in6_ifaddr *, struct ifnet *, int);
205 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
206 static struct in6_ifaddr *in6_ifaddr_alloc(zalloc_flags_t);
207 static void in6_ifaddr_attached(struct ifaddr *);
208 static void in6_ifaddr_detached(struct ifaddr *);
209 static void in6_ifaddr_free(struct ifaddr *);
210 static void in6_ifaddr_trace(struct ifaddr *, int);
211 #if defined(__LP64__)
212 static void in6_cgareq_32_to_64(const struct in6_cgareq_32 *,
213 struct in6_cgareq_64 *);
214 #else
215 static void in6_cgareq_64_to_32(const struct in6_cgareq_64 *,
216 struct in6_cgareq_32 *);
217 #endif
218 static struct in6_aliasreq *in6_aliasreq_to_native(void *, int,
219 struct in6_aliasreq *);
220 static int in6_to_kamescope(struct sockaddr_in6 *, struct ifnet *);
221 static int in6_getassocids(struct socket *, uint32_t *, user_addr_t);
222 static int in6_getconnids(struct socket *, sae_associd_t, uint32_t *,
223 user_addr_t);
224
225 static void in6_if_up_dad_start(struct ifnet *);
226
227 #define IA6_HASH_INIT(ia) { \
228 (ia)->ia6_hash.tqe_next = (void *)(uintptr_t)-1; \
229 (ia)->ia6_hash.tqe_prev = (void *)(uintptr_t)-1; \
230 }
231
232 #define IA6_IS_HASHED(ia) \
233 (!((ia)->ia6_hash.tqe_next == (void *)(uintptr_t)-1 || \
234 (ia)->ia6_hash.tqe_prev == (void *)(uintptr_t)-1))
235
236 static void in6_iahash_remove(struct in6_ifaddr *);
237 static void in6_iahash_insert(struct in6_ifaddr *);
238 static void in6_iahash_insert_ptp(struct in6_ifaddr *);
239
240 #define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */
241
242 /* For gdb */
243 __private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE;
244
245 struct in6_ifaddr_dbg {
246 struct in6_ifaddr in6ifa; /* in6_ifaddr */
247 struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */
248 u_int16_t in6ifa_refhold_cnt; /* # of IFA_ADDREF */
249 u_int16_t in6ifa_refrele_cnt; /* # of IFA_REMREF */
250 /*
251 * Alloc and free callers.
252 */
253 ctrace_t in6ifa_alloc;
254 ctrace_t in6ifa_free;
255 /*
256 * Circular lists of IFA_ADDREF and IFA_REMREF callers.
257 */
258 ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE];
259 ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE];
260 /*
261 * Trash list linkage
262 */
263 TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link;
264 };
265
266 /* List of trash in6_ifaddr entries protected by in6ifa_trash_lock */
267 static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head;
268 static LCK_MTX_DECLARE_ATTR(in6ifa_trash_lock, &ifa_mtx_grp, &ifa_mtx_attr);
269
270 #if DEBUG
271 static unsigned int in6ifa_debug = 1; /* debugging (enabled) */
272 #else
273 static unsigned int in6ifa_debug; /* debugging (disabled) */
274 #endif /* !DEBUG */
275 static struct zone *in6ifa_zone; /* zone for in6_ifaddr */
276 #define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
277
278 struct eventhandler_lists_ctxt in6_evhdlr_ctxt;
279 struct eventhandler_lists_ctxt in6_clat46_evhdlr_ctxt;
280 /*
281 * Subroutine for in6_ifaddloop() and in6_ifremloop().
282 * This routine does actual work.
283 */
284 static void
in6_ifloop_request(int cmd,struct ifaddr * ifa)285 in6_ifloop_request(int cmd, struct ifaddr *ifa)
286 {
287 struct sockaddr_in6 all1_sa;
288 struct rtentry *nrt = NULL;
289 int e;
290
291 bzero(&all1_sa, sizeof(all1_sa));
292 all1_sa.sin6_family = AF_INET6;
293 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
294 all1_sa.sin6_addr = in6mask128;
295
296 /*
297 * We specify the address itself as the gateway, and set the
298 * RTF_LLINFO flag, so that the corresponding host route would have
299 * the flag, and thus applications that assume traditional behavior
300 * would be happy. Note that we assume the caller of the function
301 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
302 * which changes the outgoing interface to the loopback interface.
303 * ifa_addr for INET6 is set once during init; no need to hold lock.
304 */
305 lck_mtx_lock(rnh_lock);
306 e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
307 (struct sockaddr *)&all1_sa, RTF_UP | RTF_HOST | RTF_LLINFO, &nrt);
308 if (e != 0) {
309 log(LOG_ERR, "in6_ifloop_request: "
310 "%s operation failed for %s (errno=%d)\n",
311 cmd == RTM_ADD ? "ADD" : "DELETE",
312 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr),
313 e);
314 }
315
316 if (nrt != NULL) {
317 RT_LOCK(nrt);
318 }
319 /*
320 * Make sure rt_ifa be equal to IFA, the second argument of the
321 * function.
322 * We need this because when we refer to rt_ifa->ia6_flags in
323 * ip6_input, we assume that the rt_ifa points to the address instead
324 * of the loopback address.
325 */
326 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) {
327 rtsetifa(nrt, ifa);
328 }
329
330 /*
331 * Report the addition/removal of the address to the routing socket.
332 * XXX: since we called rtinit for a p2p interface with a destination,
333 * we end up reporting twice in such a case. Should we rather
334 * omit the second report?
335 */
336 if (nrt != NULL) {
337 rt_newaddrmsg((u_char)cmd, ifa, e, nrt);
338 if (cmd == RTM_DELETE) {
339 RT_UNLOCK(nrt);
340 rtfree_locked(nrt);
341 } else {
342 /* the cmd must be RTM_ADD here */
343 RT_REMREF_LOCKED(nrt);
344 RT_UNLOCK(nrt);
345 }
346 }
347 lck_mtx_unlock(rnh_lock);
348 }
349
350 /*
351 * Add ownaddr as loopback rtentry. We previously add the route only if
352 * necessary (ex. on a p2p link). However, since we now manage addresses
353 * separately from prefixes, we should always add the route. We can't
354 * rely on the cloning mechanism from the corresponding interface route
355 * any more.
356 */
357 static void
in6_ifaddloop(struct ifaddr * ifa)358 in6_ifaddloop(struct ifaddr *ifa)
359 {
360 struct rtentry *rt;
361
362 /*
363 * If there is no loopback entry, allocate one. ifa_addr for
364 * INET6 is set once during init; no need to hold lock.
365 */
366 rt = rtalloc1(ifa->ifa_addr, 0, 0);
367 if (rt != NULL) {
368 RT_LOCK(rt);
369 }
370 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
371 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) {
372 if (rt != NULL) {
373 RT_REMREF_LOCKED(rt);
374 RT_UNLOCK(rt);
375 }
376 in6_ifloop_request(RTM_ADD, ifa);
377 } else if (rt != NULL) {
378 RT_REMREF_LOCKED(rt);
379 RT_UNLOCK(rt);
380 }
381 }
382
383 /*
384 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
385 * if it exists.
386 */
387 static void
in6_ifremloop(struct ifaddr * ifa)388 in6_ifremloop(struct ifaddr *ifa)
389 {
390 struct in6_ifaddr *ia;
391 struct rtentry *rt;
392 int ia_count = 0;
393
394 /*
395 * Some of BSD variants do not remove cloned routes
396 * from an interface direct route, when removing the direct route
397 * (see comments in net/net_osdep.h). Even for variants that do remove
398 * cloned routes, they could fail to remove the cloned routes when
399 * we handle multple addresses that share a common prefix.
400 * So, we should remove the route corresponding to the deleted address
401 * regardless of the result of in6_is_ifloop_auto().
402 */
403
404 /*
405 * Delete the entry only if exact one ifa exists. More than one ifa
406 * can exist if we assign a same single address to multiple
407 * (probably p2p) interfaces.
408 * XXX: we should avoid such a configuration in IPv6...
409 */
410 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
411 TAILQ_FOREACH(ia, IN6ADDR_HASH(IFA_IN6(ifa)), ia6_hash) {
412 IFA_LOCK(&ia->ia_ifa);
413 if (in6_are_addr_equal_scoped(IFA_IN6(ifa), &ia->ia_addr.sin6_addr, IFA_SIN6(ifa)->sin6_scope_id, ia->ia_addr.sin6_scope_id)) {
414 ia_count++;
415 if (ia_count > 1) {
416 IFA_UNLOCK(&ia->ia_ifa);
417 break;
418 }
419 }
420 IFA_UNLOCK(&ia->ia_ifa);
421 }
422 lck_rw_done(&in6_ifaddr_rwlock);
423
424 if (ia_count == 1) {
425 /*
426 * Before deleting, check if a corresponding loopbacked host
427 * route surely exists. With this check, we can avoid to
428 * delete an interface direct route whose destination is same
429 * as the address being removed. This can happen when removing
430 * a subnet-router anycast address on an interface attahced
431 * to a shared medium. ifa_addr for INET6 is set once during
432 * init; no need to hold lock.
433 */
434 rt = rtalloc1(ifa->ifa_addr, 0, 0);
435 if (rt != NULL) {
436 RT_LOCK(rt);
437 if ((rt->rt_flags & RTF_HOST) != 0 &&
438 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
439 RT_REMREF_LOCKED(rt);
440 RT_UNLOCK(rt);
441 in6_ifloop_request(RTM_DELETE, ifa);
442 } else {
443 RT_UNLOCK(rt);
444 }
445 }
446 }
447 }
448
449
450 int
in6_mask2len(struct in6_addr * mask,u_char * lim0)451 in6_mask2len(struct in6_addr *mask, u_char *lim0)
452 {
453 int x = 0, y;
454 u_char *lim = lim0, *p;
455
456 /* ignore the scope_id part */
457 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) {
458 lim = (u_char *)mask + sizeof(*mask);
459 }
460 for (p = (u_char *)mask; p < lim; x++, p++) {
461 if (*p != 0xff) {
462 break;
463 }
464 }
465 y = 0;
466 if (p < lim) {
467 for (y = 0; y < 8; y++) {
468 if ((*p & (0x80 >> y)) == 0) {
469 break;
470 }
471 }
472 }
473
474 /*
475 * when the limit pointer is given, do a stricter check on the
476 * remaining bits.
477 */
478 if (p < lim) {
479 if (y != 0 && (*p & (0x00ff >> y)) != 0) {
480 return -1;
481 }
482 for (p = p + 1; p < lim; p++) {
483 if (*p != 0) {
484 return -1;
485 }
486 }
487 }
488
489 return x * 8 + y;
490 }
491
492 void
in6_len2mask(struct in6_addr * mask,int len)493 in6_len2mask(struct in6_addr *mask, int len)
494 {
495 int i;
496
497 bzero(mask, sizeof(*mask));
498 for (i = 0; i < len / 8; i++) {
499 mask->s6_addr8[i] = 0xff;
500 }
501 if (len % 8) {
502 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff;
503 }
504 }
505
506 void
in6_aliasreq_64_to_32(struct in6_aliasreq_64 * src,struct in6_aliasreq_32 * dst)507 in6_aliasreq_64_to_32(struct in6_aliasreq_64 *src, struct in6_aliasreq_32 *dst)
508 {
509 bzero(dst, sizeof(*dst));
510 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
511 dst->ifra_addr = src->ifra_addr;
512 dst->ifra_dstaddr = src->ifra_dstaddr;
513 dst->ifra_prefixmask = src->ifra_prefixmask;
514 dst->ifra_flags = src->ifra_flags;
515 dst->ifra_lifetime.ia6t_expire = (u_int32_t)src->ifra_lifetime.ia6t_expire;
516 dst->ifra_lifetime.ia6t_preferred = (u_int32_t)src->ifra_lifetime.ia6t_preferred;
517 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
518 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
519 }
520
521 void
in6_aliasreq_32_to_64(struct in6_aliasreq_32 * src,struct in6_aliasreq_64 * dst)522 in6_aliasreq_32_to_64(struct in6_aliasreq_32 *src, struct in6_aliasreq_64 *dst)
523 {
524 bzero(dst, sizeof(*dst));
525 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
526 dst->ifra_addr = src->ifra_addr;
527 dst->ifra_dstaddr = src->ifra_dstaddr;
528 dst->ifra_prefixmask = src->ifra_prefixmask;
529 dst->ifra_flags = src->ifra_flags;
530 dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
531 dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
532 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
533 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
534 }
535
536 #if defined(__LP64__)
537 static void
in6_cgareq_32_to_64(const struct in6_cgareq_32 * src,struct in6_cgareq_64 * dst)538 in6_cgareq_32_to_64(const struct in6_cgareq_32 *src,
539 struct in6_cgareq_64 *dst)
540 {
541 bzero(dst, sizeof(*dst));
542 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
543 dst->cgar_flags = src->cgar_flags;
544 bcopy(src->cgar_cgaprep.cga_modifier.octets,
545 dst->cgar_cgaprep.cga_modifier.octets,
546 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
547 dst->cgar_cgaprep.cga_security_level =
548 src->cgar_cgaprep.cga_security_level;
549 dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
550 dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
551 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
552 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
553 dst->cgar_collision_count = src->cgar_collision_count;
554 }
555 #endif
556
557 #if !defined(__LP64__)
558 static void
in6_cgareq_64_to_32(const struct in6_cgareq_64 * src,struct in6_cgareq_32 * dst)559 in6_cgareq_64_to_32(const struct in6_cgareq_64 *src,
560 struct in6_cgareq_32 *dst)
561 {
562 bzero(dst, sizeof(*dst));
563 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
564 dst->cgar_flags = src->cgar_flags;
565 bcopy(src->cgar_cgaprep.cga_modifier.octets,
566 dst->cgar_cgaprep.cga_modifier.octets,
567 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
568 dst->cgar_cgaprep.cga_security_level =
569 src->cgar_cgaprep.cga_security_level;
570 dst->cgar_lifetime.ia6t_expire = (u_int32_t)src->cgar_lifetime.ia6t_expire;
571 dst->cgar_lifetime.ia6t_preferred = (u_int32_t)src->cgar_lifetime.ia6t_preferred;
572 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
573 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
574 dst->cgar_collision_count = src->cgar_collision_count;
575 }
576 #endif
577
578 static struct in6_aliasreq *
in6_aliasreq_to_native(void * data,int data_is_64,struct in6_aliasreq * dst)579 in6_aliasreq_to_native(void *data, int data_is_64, struct in6_aliasreq *dst)
580 {
581 #if defined(__LP64__)
582 if (data_is_64) {
583 bcopy(data, dst, sizeof(*dst));
584 } else {
585 in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data,
586 (struct in6_aliasreq_64 *)dst);
587 }
588 #else
589 if (data_is_64) {
590 in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data,
591 (struct in6_aliasreq_32 *)dst);
592 } else {
593 bcopy(data, dst, sizeof(*dst));
594 }
595 #endif /* __LP64__ */
596 return dst;
597 }
598
599 void
in6_cgareq_copy_from_user(const void * user_data,int user_is_64,struct in6_cgareq * cgareq)600 in6_cgareq_copy_from_user(const void *user_data, int user_is_64,
601 struct in6_cgareq *cgareq)
602 {
603 #if defined(__LP64__)
604 if (user_is_64) {
605 bcopy(user_data, cgareq, sizeof(*cgareq));
606 } else {
607 in6_cgareq_32_to_64((const struct in6_cgareq_32 *)user_data,
608 (struct in6_cgareq_64 *)cgareq);
609 }
610 #else
611 if (user_is_64) {
612 in6_cgareq_64_to_32((const struct in6_cgareq_64 *)user_data,
613 (struct in6_cgareq_32 *)cgareq);
614 } else {
615 bcopy(user_data, cgareq, sizeof(*cgareq));
616 }
617 #endif /* __LP64__ */
618 }
619
620 static __attribute__((noinline)) int
in6ctl_associd(struct socket * so,u_long cmd,caddr_t data)621 in6ctl_associd(struct socket *so, u_long cmd, caddr_t data)
622 {
623 int error = 0;
624 union {
625 struct so_aidreq32 a32;
626 struct so_aidreq64 a64;
627 } u;
628
629 VERIFY(so != NULL);
630
631 switch (cmd) {
632 case SIOCGASSOCIDS32: { /* struct so_aidreq32 */
633 bcopy(data, &u.a32, sizeof(u.a32));
634 error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
635 if (error == 0) {
636 bcopy(&u.a32, data, sizeof(u.a32));
637 }
638 break;
639 }
640
641 case SIOCGASSOCIDS64: { /* struct so_aidreq64 */
642 bcopy(data, &u.a64, sizeof(u.a64));
643 error = in6_getassocids(so, &u.a64.sar_cnt, (user_addr_t)u.a64.sar_aidp);
644 if (error == 0) {
645 bcopy(&u.a64, data, sizeof(u.a64));
646 }
647 break;
648 }
649
650 default:
651 VERIFY(0);
652 /* NOTREACHED */
653 }
654
655 return error;
656 }
657
658 static __attribute__((noinline)) int
in6ctl_connid(struct socket * so,u_long cmd,caddr_t data)659 in6ctl_connid(struct socket *so, u_long cmd, caddr_t data)
660 {
661 int error = 0;
662 union {
663 struct so_cidreq32 c32;
664 struct so_cidreq64 c64;
665 } u;
666
667 VERIFY(so != NULL);
668
669 switch (cmd) {
670 case SIOCGCONNIDS32: { /* struct so_cidreq32 */
671 bcopy(data, &u.c32, sizeof(u.c32));
672 error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
673 u.c32.scr_cidp);
674 if (error == 0) {
675 bcopy(&u.c32, data, sizeof(u.c32));
676 }
677 break;
678 }
679
680 case SIOCGCONNIDS64: { /* struct so_cidreq64 */
681 bcopy(data, &u.c64, sizeof(u.c64));
682 error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
683 (user_addr_t)u.c64.scr_cidp);
684 if (error == 0) {
685 bcopy(&u.c64, data, sizeof(u.c64));
686 }
687 break;
688 }
689
690 default:
691 VERIFY(0);
692 /* NOTREACHED */
693 }
694
695 return error;
696 }
697
698 static __attribute__((noinline)) int
in6ctl_conninfo(struct socket * so,u_long cmd,caddr_t data)699 in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
700 {
701 int error = 0;
702 union {
703 struct so_cinforeq32 ci32;
704 struct so_cinforeq64 ci64;
705 } u;
706
707 VERIFY(so != NULL);
708
709 switch (cmd) {
710 case SIOCGCONNINFO32: { /* struct so_cinforeq32 */
711 bcopy(data, &u.ci32, sizeof(u.ci32));
712 error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
713 &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
714 &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
715 &u.ci32.scir_aux_type, u.ci32.scir_aux_data,
716 &u.ci32.scir_aux_len);
717 if (error == 0) {
718 bcopy(&u.ci32, data, sizeof(u.ci32));
719 }
720 break;
721 }
722
723 case SIOCGCONNINFO64: { /* struct so_cinforeq64 */
724 bcopy(data, &u.ci64, sizeof(u.ci64));
725 error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
726 &u.ci64.scir_ifindex, &u.ci64.scir_error, (user_addr_t)u.ci64.scir_src,
727 &u.ci64.scir_src_len, (user_addr_t)u.ci64.scir_dst, &u.ci64.scir_dst_len,
728 &u.ci64.scir_aux_type, (user_addr_t)u.ci64.scir_aux_data,
729 &u.ci64.scir_aux_len);
730 if (error == 0) {
731 bcopy(&u.ci64, data, sizeof(u.ci64));
732 }
733 break;
734 }
735
736 default:
737 VERIFY(0);
738 /* NOTREACHED */
739 }
740
741 return error;
742 }
743
744 static __attribute__((noinline)) int
in6ctl_llstart(struct ifnet * ifp,u_long cmd,caddr_t data)745 in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data)
746 {
747 struct in6_aliasreq sifra, *ifra = NULL;
748 boolean_t is64;
749 int error = 0;
750
751 VERIFY(ifp != NULL);
752
753 switch (cmd) {
754 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
755 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
756 is64 = (cmd == SIOCLL_START_64);
757 /*
758 * Convert user ifra to the kernel form, when appropriate.
759 * This allows the conversion between different data models
760 * to be centralized, so that it can be passed around to other
761 * routines that are expecting the kernel form.
762 */
763 ifra = in6_aliasreq_to_native(data, is64, &sifra);
764
765 /*
766 * NOTE: All the interface specific DLIL attachements should
767 * be done here. They are currently done in in6_ifattach_aux()
768 * for the interfaces that need it.
769 */
770 if (ifra->ifra_addr.sin6_family == AF_INET6 &&
771 /* Only check ifra_dstaddr if valid */
772 (ifra->ifra_dstaddr.sin6_len == 0 ||
773 ifra->ifra_dstaddr.sin6_family == AF_INET6)) {
774 /* some interfaces may provide LinkLocal addresses */
775 error = in6_ifattach_aliasreq(ifp, NULL, ifra);
776 } else {
777 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
778 }
779 if (error == 0) {
780 in6_if_up_dad_start(ifp);
781 }
782 break;
783
784 default:
785 VERIFY(0);
786 /* NOTREACHED */
787 }
788
789 return error;
790 }
791
792 static __attribute__((noinline)) int
in6ctl_llstop(struct ifnet * ifp)793 in6ctl_llstop(struct ifnet *ifp)
794 {
795 struct in6_ifaddr *ia;
796 struct nd_prefix pr0, *pr;
797
798 VERIFY(ifp != NULL);
799
800 /* Remove link local addresses from interface */
801 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
802 boolean_t from_begining = TRUE;
803 while (from_begining) {
804 from_begining = FALSE;
805 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
806 if (ia->ia_ifa.ifa_ifp != ifp) {
807 continue;
808 }
809 IFA_LOCK(&ia->ia_ifa);
810 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
811 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
812 IFA_UNLOCK(&ia->ia_ifa);
813 lck_rw_done(&in6_ifaddr_rwlock);
814 in6_purgeaddr(&ia->ia_ifa);
815 IFA_REMREF(&ia->ia_ifa); /* for us */
816 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
817 /*
818 * Purging the address caused in6_ifaddr_rwlock
819 * to be dropped and reacquired;
820 * therefore search again from the beginning
821 * of in6_ifaddrs list.
822 */
823 from_begining = TRUE;
824 break;
825 }
826 IFA_UNLOCK(&ia->ia_ifa);
827 }
828 }
829 lck_rw_done(&in6_ifaddr_rwlock);
830
831 /* Delete the link local prefix */
832 bzero(&pr0, sizeof(pr0));
833 pr0.ndpr_plen = 64;
834 pr0.ndpr_ifp = ifp;
835 pr0.ndpr_prefix.sin6_addr.s6_addr16[0] = IPV6_ADDR_INT16_ULL;
836 (void)in6_setscope(&pr0.ndpr_prefix.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&pr0.ndpr_prefix.sin6_scope_id));
837 pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC);
838 if (pr) {
839 lck_mtx_lock(nd6_mutex);
840 NDPR_LOCK(pr);
841 prelist_remove(pr);
842 NDPR_UNLOCK(pr);
843 NDPR_REMREF(pr); /* Drop the reference from lookup */
844 lck_mtx_unlock(nd6_mutex);
845 }
846
847 return 0;
848 }
849
850 /*
851 * This routine configures secure link local address
852 */
853 static __attribute__((noinline)) int
in6ctl_cgastart(struct ifnet * ifp,u_long cmd,caddr_t data)854 in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data)
855 {
856 struct in6_cgareq llcgasr;
857 int is64, error = 0;
858
859 VERIFY(ifp != NULL);
860
861 switch (cmd) {
862 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
863 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
864 is64 = (cmd == SIOCLL_CGASTART_64);
865 /*
866 * Convert user cgareq to the kernel form, when appropriate.
867 * This allows the conversion between different data models
868 * to be centralized, so that it can be passed around to other
869 * routines that are expecting the kernel form.
870 */
871 in6_cgareq_copy_from_user(data, is64, &llcgasr);
872
873 /*
874 * NOTE: All the interface specific DLIL attachements
875 * should be done here. They are currently done in
876 * in6_ifattach_cgareq() for the interfaces that
877 * need it.
878 */
879 error = in6_ifattach_llcgareq(ifp, &llcgasr);
880 if (error == 0) {
881 in6_if_up_dad_start(ifp);
882 }
883 break;
884
885 default:
886 VERIFY(0);
887 /* NOTREACHED */
888 }
889
890 return error;
891 }
892
893 /*
894 * Caller passes in the ioctl data pointer directly via "ifr", with the
895 * expectation that this routine always uses bcopy() or other byte-aligned
896 * memory accesses.
897 */
898 static __attribute__((noinline)) int
in6ctl_gifaddr(struct ifnet * ifp,struct in6_ifaddr * ia,u_long cmd,struct in6_ifreq * ifr)899 in6ctl_gifaddr(struct ifnet *ifp, struct in6_ifaddr *ia, u_long cmd,
900 struct in6_ifreq *ifr)
901 {
902 struct sockaddr_in6 addr;
903 int error = 0;
904
905 VERIFY(ifp != NULL);
906
907 if (ia == NULL) {
908 return EADDRNOTAVAIL;
909 }
910
911 switch (cmd) {
912 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
913 IFA_LOCK(&ia->ia_ifa);
914 bcopy(&ia->ia_addr, &addr, sizeof(addr));
915 IFA_UNLOCK(&ia->ia_ifa);
916 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
917 break;
918 }
919 bcopy(&addr, &ifr->ifr_addr, sizeof(addr));
920 break;
921
922 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
923 if (!(ifp->if_flags & IFF_POINTOPOINT)) {
924 error = EINVAL;
925 break;
926 }
927 /*
928 * XXX: should we check if ifa_dstaddr is NULL and return
929 * an error?
930 */
931 IFA_LOCK(&ia->ia_ifa);
932 bcopy(&ia->ia_dstaddr, &addr, sizeof(addr));
933 IFA_UNLOCK(&ia->ia_ifa);
934 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
935 break;
936 }
937 bcopy(&addr, &ifr->ifr_dstaddr, sizeof(addr));
938 break;
939
940 default:
941 VERIFY(0);
942 /* NOTREACHED */
943 }
944
945 return error;
946 }
947
948 /*
949 * Caller passes in the ioctl data pointer directly via "ifr", with the
950 * expectation that this routine always uses bcopy() or other byte-aligned
951 * memory accesses.
952 */
953 static __attribute__((noinline)) int
in6ctl_gifstat(struct ifnet * ifp,u_long cmd,struct in6_ifreq * ifr)954 in6ctl_gifstat(struct ifnet *ifp, u_long cmd, struct in6_ifreq *ifr)
955 {
956 int error = 0, index;
957
958 VERIFY(ifp != NULL);
959 index = ifp->if_index;
960
961 switch (cmd) {
962 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
963 /* N.B.: if_inet6data is never freed once set. */
964 if (IN6_IFEXTRA(ifp) == NULL) {
965 /* return (EAFNOSUPPORT)? */
966 bzero(&ifr->ifr_ifru.ifru_stat,
967 sizeof(ifr->ifr_ifru.ifru_stat));
968 } else {
969 bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat,
970 &ifr->ifr_ifru.ifru_stat,
971 sizeof(ifr->ifr_ifru.ifru_stat));
972 }
973 break;
974
975 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
976 /* N.B.: if_inet6data is never freed once set. */
977 if (IN6_IFEXTRA(ifp) == NULL) {
978 /* return (EAFNOSUPPORT)? */
979 bzero(&ifr->ifr_ifru.ifru_icmp6stat,
980 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
981 } else {
982 bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat,
983 &ifr->ifr_ifru.ifru_icmp6stat,
984 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
985 }
986 break;
987
988 default:
989 VERIFY(0);
990 /* NOTREACHED */
991 }
992
993 return error;
994 }
995
996 /*
997 * Caller passes in the ioctl data pointer directly via "ifr", with the
998 * expectation that this routine always uses bcopy() or other byte-aligned
999 * memory accesses.
1000 */
1001 static __attribute__((noinline)) int
in6ctl_alifetime(struct in6_ifaddr * ia,u_long cmd,struct in6_ifreq * ifr,boolean_t p64)1002 in6ctl_alifetime(struct in6_ifaddr *ia, u_long cmd, struct in6_ifreq *ifr,
1003 boolean_t p64)
1004 {
1005 uint64_t timenow = net_uptime();
1006 struct in6_addrlifetime ia6_lt;
1007 struct timeval caltime;
1008 int error = 0;
1009
1010 if (ia == NULL) {
1011 return EADDRNOTAVAIL;
1012 }
1013
1014 switch (cmd) {
1015 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1016 IFA_LOCK(&ia->ia_ifa);
1017 /* retrieve time as calendar time (last arg is 1) */
1018 in6ifa_getlifetime(ia, &ia6_lt, 1);
1019 if (p64) {
1020 struct in6_addrlifetime_64 lt;
1021
1022 bzero(<, sizeof(lt));
1023 lt.ia6t_expire = ia6_lt.ia6t_expire;
1024 lt.ia6t_preferred = ia6_lt.ia6t_preferred;
1025 lt.ia6t_vltime = ia6_lt.ia6t_vltime;
1026 lt.ia6t_pltime = ia6_lt.ia6t_pltime;
1027 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1028 } else {
1029 struct in6_addrlifetime_32 lt;
1030
1031 bzero(<, sizeof(lt));
1032 lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire;
1033 lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred;
1034 lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime;
1035 lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime;
1036 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1037 }
1038 IFA_UNLOCK(&ia->ia_ifa);
1039 break;
1040
1041 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1042 getmicrotime(&caltime);
1043
1044 /* sanity for overflow - beware unsigned */
1045 if (p64) {
1046 struct in6_addrlifetime_64 lt;
1047
1048 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1049 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1050 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1051 error = EINVAL;
1052 break;
1053 }
1054 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1055 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1056 error = EINVAL;
1057 break;
1058 }
1059 } else {
1060 struct in6_addrlifetime_32 lt;
1061
1062 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1063 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1064 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1065 error = EINVAL;
1066 break;
1067 }
1068 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1069 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1070 error = EINVAL;
1071 break;
1072 }
1073 }
1074
1075 IFA_LOCK(&ia->ia_ifa);
1076 if (p64) {
1077 struct in6_addrlifetime_64 lt;
1078
1079 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1080 ia6_lt.ia6t_expire = (time_t)lt.ia6t_expire;
1081 ia6_lt.ia6t_preferred = (time_t)lt.ia6t_preferred;
1082 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1083 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1084 } else {
1085 struct in6_addrlifetime_32 lt;
1086
1087 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1088 ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire;
1089 ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred;
1090 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1091 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1092 }
1093 /* for sanity */
1094 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1095 ia6_lt.ia6t_expire = (time_t)(timenow + ia6_lt.ia6t_vltime);
1096 } else {
1097 ia6_lt.ia6t_expire = 0;
1098 }
1099
1100 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1101 ia6_lt.ia6t_preferred = (time_t)(timenow + ia6_lt.ia6t_pltime);
1102 } else {
1103 ia6_lt.ia6t_preferred = 0;
1104 }
1105
1106 in6ifa_setlifetime(ia, &ia6_lt);
1107 IFA_UNLOCK(&ia->ia_ifa);
1108 break;
1109
1110 default:
1111 VERIFY(0);
1112 /* NOTREACHED */
1113 }
1114
1115 return error;
1116 }
1117
1118 static int
in6ctl_clat46start(struct ifnet * ifp)1119 in6ctl_clat46start(struct ifnet *ifp)
1120 {
1121 struct nd_prefix *pr = NULL;
1122 struct nd_prefix *next = NULL;
1123 struct in6_ifaddr *ia6 = NULL;
1124 int error = 0;
1125
1126 if (ifp == lo_ifp) {
1127 return EINVAL;
1128 }
1129 /*
1130 * Traverse the list of prefixes and find the first non-linklocal
1131 * prefix on the interface.
1132 * For that found eligible prefix, configure a CLAT46 reserved address.
1133 */
1134 lck_mtx_lock(nd6_mutex);
1135 for (pr = nd_prefix.lh_first; pr; pr = next) {
1136 next = pr->ndpr_next;
1137
1138 NDPR_LOCK(pr);
1139 if (pr->ndpr_ifp != ifp) {
1140 NDPR_UNLOCK(pr);
1141 continue;
1142 }
1143
1144 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
1145 NDPR_UNLOCK(pr);
1146 continue; /* XXX */
1147 }
1148
1149 if (pr->ndpr_raf_auto == 0) {
1150 NDPR_UNLOCK(pr);
1151 continue;
1152 }
1153
1154 if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
1155 NDPR_UNLOCK(pr);
1156 continue;
1157 }
1158
1159 if ((pr->ndpr_stateflags & NDPRF_CLAT46) == 0
1160 && pr->ndpr_vltime != 0) {
1161 NDPR_ADDREF(pr); /* Take reference for rest of the processing */
1162 NDPR_UNLOCK(pr);
1163 break;
1164 } else {
1165 NDPR_UNLOCK(pr);
1166 continue;
1167 }
1168 }
1169 lck_mtx_unlock(nd6_mutex);
1170
1171 if (pr != NULL) {
1172 if ((ia6 = in6_pfx_newpersistaddr(pr, FALSE, &error,
1173 TRUE, CLAT46_COLLISION_COUNT_OFFSET)) == NULL) {
1174 nd6log0(error,
1175 "Could not configure CLAT46 address on"
1176 " interface %s.\n", ifp->if_xname);
1177 } else {
1178 IFA_LOCK(&ia6->ia_ifa);
1179 NDPR_LOCK(pr);
1180 ia6->ia6_ndpr = pr;
1181 NDPR_ADDREF(pr); /* for addr reference */
1182 pr->ndpr_stateflags |= NDPRF_CLAT46;
1183 pr->ndpr_addrcnt++;
1184 VERIFY(pr->ndpr_addrcnt != 0);
1185 NDPR_UNLOCK(pr);
1186 IFA_UNLOCK(&ia6->ia_ifa);
1187 IFA_REMREF(&ia6->ia_ifa);
1188 ia6 = NULL;
1189 /*
1190 * A newly added address might affect the status
1191 * of other addresses, so we check and update it.
1192 * XXX: what if address duplication happens?
1193 */
1194 lck_mtx_lock(nd6_mutex);
1195 pfxlist_onlink_check();
1196 lck_mtx_unlock(nd6_mutex);
1197 }
1198 NDPR_REMREF(pr);
1199 }
1200 return error;
1201 }
1202
1203 static int
in6ctl_clat46stop(struct ifnet * ifp)1204 in6ctl_clat46stop(struct ifnet *ifp)
1205 {
1206 int error = 0;
1207 struct in6_ifaddr *ia = NULL;
1208
1209 if (ifp == lo_ifp) {
1210 return EINVAL;
1211 }
1212 if ((ifp->if_eflags & IFEF_CLAT46) == 0) {
1213 /* CLAT46 isn't enabled */
1214 goto done;
1215 }
1216 if_clear_eflags(ifp, IFEF_CLAT46);
1217
1218 /* find CLAT46 address and remove it */
1219 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1220 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
1221 if (ia->ia_ifa.ifa_ifp != ifp) {
1222 continue;
1223 }
1224 IFA_LOCK(&ia->ia_ifa);
1225 if ((ia->ia6_flags & IN6_IFF_CLAT46) != 0) {
1226 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
1227 IFA_UNLOCK(&ia->ia_ifa);
1228 lck_rw_done(&in6_ifaddr_rwlock);
1229 in6_purgeaddr(&ia->ia_ifa);
1230 IFA_REMREF(&ia->ia_ifa); /* for us */
1231 goto done;
1232 }
1233 IFA_UNLOCK(&ia->ia_ifa);
1234 }
1235 lck_rw_done(&in6_ifaddr_rwlock);
1236
1237 done:
1238 return error;
1239 }
1240
1241 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(void *)(ifa))
1242
1243 /*
1244 * Generic INET6 control operations (ioctl's).
1245 *
1246 * ifp is NULL if not an interface-specific ioctl.
1247 *
1248 * Most of the routines called to handle the ioctls would end up being
1249 * tail-call optimized, which unfortunately causes this routine to
1250 * consume too much stack space; this is the reason for the "noinline"
1251 * attribute used on those routines.
1252 *
1253 * If called directly from within the networking stack (as opposed to via
1254 * pru_control), the socket parameter may be NULL.
1255 */
1256 int
in6_control(struct socket * so,u_long cmd,caddr_t data,struct ifnet * ifp,struct proc * p)1257 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
1258 struct proc *p)
1259 {
1260 struct in6_ifreq *ifr = (struct in6_ifreq *)(void *)data;
1261 struct in6_aliasreq sifra, *ifra = NULL;
1262 struct in6_ifaddr *ia = NULL;
1263 struct sockaddr_in6 sin6, *sa6 = NULL;
1264 boolean_t privileged = (proc_suser(p) == 0);
1265 boolean_t p64 = proc_is64bit(p);
1266 boolean_t so_unlocked = FALSE;
1267 int intval, error = 0;
1268
1269 /* In case it's NULL, make sure it came from the kernel */
1270 VERIFY(so != NULL || p == kernproc);
1271
1272 /*
1273 * ioctls which don't require ifp, may require socket.
1274 */
1275 switch (cmd) {
1276 case SIOCAADDRCTL_POLICY: /* struct in6_addrpolicy */
1277 case SIOCDADDRCTL_POLICY: /* struct in6_addrpolicy */
1278 if (!privileged) {
1279 return EPERM;
1280 }
1281 return in6_src_ioctl(cmd, data);
1282 /* NOTREACHED */
1283
1284 case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */
1285 case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */
1286 case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */
1287 case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */
1288 if (!privileged) {
1289 return EPERM;
1290 }
1291 return defrtrlist_ioctl(cmd, data);
1292 /* NOTREACHED */
1293
1294 case SIOCGASSOCIDS32: /* struct so_aidreq32 */
1295 case SIOCGASSOCIDS64: /* struct so_aidreq64 */
1296 return in6ctl_associd(so, cmd, data);
1297 /* NOTREACHED */
1298
1299 case SIOCGCONNIDS32: /* struct so_cidreq32 */
1300 case SIOCGCONNIDS64: /* struct so_cidreq64 */
1301 return in6ctl_connid(so, cmd, data);
1302 /* NOTREACHED */
1303
1304 case SIOCGCONNINFO32: /* struct so_cinforeq32 */
1305 case SIOCGCONNINFO64: /* struct so_cinforeq64 */
1306 return in6ctl_conninfo(so, cmd, data);
1307 /* NOTREACHED */
1308 }
1309
1310 /*
1311 * The rest of ioctls require ifp; reject if we don't have one;
1312 * return ENXIO to be consistent with ifioctl().
1313 */
1314 if (ifp == NULL) {
1315 return ENXIO;
1316 }
1317
1318 /*
1319 * Unlock the socket since ifnet_ioctl() may be invoked by
1320 * one of the ioctl handlers below. Socket will be re-locked
1321 * prior to returning.
1322 */
1323 if (so != NULL) {
1324 socket_unlock(so, 0);
1325 so_unlocked = TRUE;
1326 }
1327
1328 lck_mtx_lock(&ifp->if_inet6_ioctl_lock);
1329 while (ifp->if_inet6_ioctl_busy) {
1330 (void) msleep(&ifp->if_inet6_ioctl_busy, &ifp->if_inet6_ioctl_lock, (PZERO - 1),
1331 __func__, NULL);
1332 LCK_MTX_ASSERT(&ifp->if_inet6_ioctl_lock, LCK_MTX_ASSERT_OWNED);
1333 }
1334 ifp->if_inet6_ioctl_busy = TRUE;
1335 lck_mtx_unlock(&ifp->if_inet6_ioctl_lock);
1336
1337 /*
1338 * ioctls which require ifp but not interface address.
1339 */
1340 switch (cmd) {
1341 case SIOCAUTOCONF_START: /* struct in6_ifreq */
1342 if (!privileged) {
1343 error = EPERM;
1344 goto done;
1345 }
1346 error = in6_autoconf(ifp, TRUE);
1347 goto done;
1348
1349 case SIOCAUTOCONF_STOP: /* struct in6_ifreq */
1350 if (!privileged) {
1351 error = EPERM;
1352 goto done;
1353 }
1354 error = in6_autoconf(ifp, FALSE);
1355 goto done;
1356
1357 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
1358 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
1359 if (!privileged) {
1360 error = EPERM;
1361 goto done;
1362 }
1363 error = in6ctl_llstart(ifp, cmd, data);
1364 goto done;
1365
1366 case SIOCLL_STOP: /* struct in6_ifreq */
1367 if (!privileged) {
1368 error = EPERM;
1369 goto done;
1370 }
1371 error = in6ctl_llstop(ifp);
1372 goto done;
1373
1374 case SIOCCLAT46_START: /* struct in6_ifreq */
1375 if (!privileged) {
1376 error = EPERM;
1377 goto done;
1378 }
1379 error = in6ctl_clat46start(ifp);
1380 if (error == 0) {
1381 if_set_eflags(ifp, IFEF_CLAT46);
1382 }
1383 goto done;
1384
1385 case SIOCCLAT46_STOP: /* struct in6_ifreq */
1386 if (!privileged) {
1387 error = EPERM;
1388 goto done;
1389 }
1390 error = in6ctl_clat46stop(ifp);
1391 goto done;
1392 case SIOCGETROUTERMODE_IN6: /* struct in6_ifreq */
1393 intval = ifp->if_ipv6_router_mode;
1394 bcopy(&intval, &((struct in6_ifreq *)(void *)data)->ifr_intval,
1395 sizeof(intval));
1396 goto done;
1397 case SIOCSETROUTERMODE_IN6: /* struct in6_ifreq */
1398 if (!privileged) {
1399 error = EPERM;
1400 goto done;
1401 }
1402 bcopy(&((struct in6_ifreq *)(void *)data)->ifr_intval,
1403 &intval, sizeof(intval));
1404 switch (intval) {
1405 case IPV6_ROUTER_MODE_DISABLED:
1406 case IPV6_ROUTER_MODE_EXCLUSIVE:
1407 case IPV6_ROUTER_MODE_HYBRID:
1408 break;
1409 default:
1410 error = EINVAL;
1411 goto done;
1412 }
1413 error = in6_setrouter(ifp, (ipv6_router_mode_t)intval);
1414 goto done;
1415
1416 case SIOCPROTOATTACH_IN6_32: /* struct in6_aliasreq_32 */
1417 case SIOCPROTOATTACH_IN6_64: /* struct in6_aliasreq_64 */
1418 if (!privileged) {
1419 error = EPERM;
1420 goto done;
1421 }
1422 error = in6_domifattach(ifp);
1423 goto done;
1424
1425 case SIOCPROTODETACH_IN6: /* struct in6_ifreq */
1426 if (!privileged) {
1427 error = EPERM;
1428 goto done;
1429 }
1430 /* Cleanup interface routes and addresses */
1431 in6_purgeif(ifp);
1432
1433 if ((error = proto_unplumb(PF_INET6, ifp))) {
1434 log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n",
1435 if_name(ifp), error);
1436 }
1437 goto done;
1438
1439 case SIOCSNDFLUSH_IN6: /* struct in6_ifreq */
1440 case SIOCSPFXFLUSH_IN6: /* struct in6_ifreq */
1441 case SIOCSRTRFLUSH_IN6: /* struct in6_ifreq */
1442 case SIOCSDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1443 case SIOCSDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1444 case SIOCSIFINFO_FLAGS: /* struct in6_ndireq */
1445 case SIOCGIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1446 case SIOCGIFCGAPREP_IN6_64: /* struct in6_cgareq_64 */
1447 case SIOCSIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1448 case SIOCSIFCGAPREP_IN6_64: /* struct in6_cgareq_32 */
1449 if (!privileged) {
1450 error = EPERM;
1451 goto done;
1452 }
1453 OS_FALLTHROUGH;
1454 case OSIOCGIFINFO_IN6: /* struct in6_ondireq */
1455 case SIOCGIFINFO_IN6: /* struct in6_ondireq */
1456 case SIOCGDRLST_IN6_32: /* struct in6_drlist_32 */
1457 case SIOCGDRLST_IN6_64: /* struct in6_drlist_64 */
1458 case SIOCGPRLST_IN6_32: /* struct in6_prlist_32 */
1459 case SIOCGPRLST_IN6_64: /* struct in6_prlist_64 */
1460 case SIOCGNBRINFO_IN6_32: /* struct in6_nbrinfo_32 */
1461 case SIOCGNBRINFO_IN6_64: /* struct in6_nbrinfo_64 */
1462 case SIOCGDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1463 case SIOCGDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1464 error = nd6_ioctl(cmd, data, ifp);
1465 goto done;
1466
1467 case SIOCSIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1468 case SIOCDIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1469 case SIOCAIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1470 case SIOCCIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1471 case SIOCSGIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1472 case SIOCGIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1473 log(LOG_NOTICE,
1474 "prefix ioctls are now invalidated. "
1475 "please use ifconfig.\n");
1476 error = EOPNOTSUPP;
1477 goto done;
1478
1479 case SIOCSSCOPE6: /* struct in6_ifreq (deprecated) */
1480 case SIOCGSCOPE6: /* struct in6_ifreq (deprecated) */
1481 case SIOCGSCOPE6DEF: /* struct in6_ifreq (deprecated) */
1482 error = EOPNOTSUPP;
1483 goto done;
1484
1485 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
1486 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
1487 if (!privileged) {
1488 error = EPERM;
1489 } else {
1490 error = in6ctl_cgastart(ifp, cmd, data);
1491 }
1492 goto done;
1493
1494 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
1495 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
1496 error = in6ctl_gifstat(ifp, cmd, ifr);
1497 goto done;
1498 }
1499
1500 /*
1501 * ioctls which require interface address; obtain sockaddr_in6.
1502 */
1503 switch (cmd) {
1504 case SIOCSIFADDR_IN6: /* struct in6_ifreq (deprecated) */
1505 case SIOCSIFDSTADDR_IN6: /* struct in6_ifreq (deprecated) */
1506 case SIOCSIFNETMASK_IN6: /* struct in6_ifreq (deprecated) */
1507 /*
1508 * Since IPv6 allows a node to assign multiple addresses
1509 * on a single interface, SIOCSIFxxx ioctls are deprecated.
1510 */
1511 /* we decided to obsolete this command (20000704) */
1512 error = EOPNOTSUPP;
1513 goto done;
1514
1515 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1516 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1517 if (!privileged) {
1518 error = EPERM;
1519 goto done;
1520 }
1521 /*
1522 * Convert user ifra to the kernel form, when appropriate.
1523 * This allows the conversion between different data models
1524 * to be centralized, so that it can be passed around to other
1525 * routines that are expecting the kernel form.
1526 */
1527 ifra = in6_aliasreq_to_native(data,
1528 (cmd == SIOCAIFADDR_IN6_64), &sifra);
1529 bcopy(&ifra->ifra_addr, &sin6, sizeof(sin6));
1530 sa6 = &sin6;
1531 break;
1532
1533 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1534 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1535 if (!privileged) {
1536 error = EPERM;
1537 goto done;
1538 }
1539 OS_FALLTHROUGH;
1540 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1541 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1542 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1543 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1544 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1545 bcopy(&ifr->ifr_addr, &sin6, sizeof(sin6));
1546 sa6 = &sin6;
1547 break;
1548 case SIOCGIFDSTADDR:
1549 case SIOCSIFDSTADDR:
1550 case SIOCGIFBRDADDR:
1551 case SIOCSIFBRDADDR:
1552 case SIOCGIFNETMASK:
1553 case SIOCSIFNETMASK:
1554 case SIOCGIFADDR:
1555 case SIOCSIFADDR:
1556 case SIOCAIFADDR:
1557 case SIOCDIFADDR:
1558 /* Do not handle these AF_INET commands in AF_INET6 path */
1559 error = EINVAL;
1560 goto done;
1561 }
1562
1563 /*
1564 * Find address for this interface, if it exists.
1565 *
1566 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
1567 * only, and used the first interface address as the target of other
1568 * operations (without checking ifra_addr). This was because netinet
1569 * code/API assumed at most 1 interface address per interface.
1570 * Since IPv6 allows a node to assign multiple addresses
1571 * on a single interface, we almost always look and check the
1572 * presence of ifra_addr, and reject invalid ones here.
1573 * It also decreases duplicated code among SIOC*_IN6 operations.
1574 */
1575 VERIFY(ia == NULL);
1576 if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
1577 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
1578 if (in6_embedded_scope) {
1579 if (sa6->sin6_addr.s6_addr16[1] == 0) {
1580 /* link ID is not embedded by the user */
1581 sa6->sin6_addr.s6_addr16[1] =
1582 htons(ifp->if_index);
1583 } else if (sa6->sin6_addr.s6_addr16[1] !=
1584 htons(ifp->if_index)) {
1585 error = EINVAL; /* link ID contradicts */
1586 goto done;
1587 }
1588 if (sa6->sin6_scope_id) {
1589 if (sa6->sin6_scope_id !=
1590 (u_int32_t)ifp->if_index) {
1591 error = EINVAL;
1592 goto done;
1593 }
1594 sa6->sin6_scope_id = 0; /* XXX: good way? */
1595 }
1596 } else {
1597 if (sa6->sin6_scope_id == IFSCOPE_NONE) {
1598 sa6->sin6_scope_id = ifp->if_index;
1599 } else if (sa6->sin6_scope_id != ifp->if_index) {
1600 error = EINVAL; /* link ID contradicts */
1601 goto done;
1602 }
1603 }
1604 }
1605 /*
1606 * Any failures from this point on must take into account
1607 * a non-NULL "ia" with an outstanding reference count, and
1608 * therefore requires IFA_REMREF. Jump to "done" label
1609 * instead of calling return if "ia" is valid.
1610 */
1611 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
1612 }
1613
1614 /*
1615 * SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests.
1616 */
1617 switch (cmd) {
1618 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1619 if (ia == NULL) {
1620 error = EADDRNOTAVAIL;
1621 goto done;
1622 }
1623 OS_FALLTHROUGH;
1624 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1625 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1626 VERIFY(sa6 != NULL);
1627 /*
1628 * We always require users to specify a valid IPv6 address for
1629 * the corresponding operation. Use "sa6" instead of "ifra"
1630 * since SIOCDIFADDR_IN6 falls thru above.
1631 */
1632 if (sa6->sin6_family != AF_INET6 ||
1633 sa6->sin6_len != sizeof(struct sockaddr_in6)) {
1634 error = EAFNOSUPPORT;
1635 goto done;
1636 }
1637
1638 if ((cmd == SIOCAIFADDR_IN6_32 || cmd == SIOCAIFADDR_IN6_64) &&
1639 (IN6_IS_ADDR_UNSPECIFIED(&sa6->sin6_addr) ||
1640 IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr) ||
1641 IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr) ||
1642 IN6_IS_ADDR_V4COMPAT(&sa6->sin6_addr))) {
1643 error = EINVAL;
1644 goto done;
1645 }
1646 break;
1647 }
1648
1649 /*
1650 * And finally process address-related ioctls.
1651 */
1652 switch (cmd) {
1653 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1654 /* This interface is basically deprecated. use SIOCGIFCONF. */
1655 /* FALLTHRU */
1656 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1657 error = in6ctl_gifaddr(ifp, ia, cmd, ifr);
1658 break;
1659
1660 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1661 if (ia != NULL) {
1662 IFA_LOCK(&ia->ia_ifa);
1663 bcopy(&ia->ia_prefixmask, &ifr->ifr_addr,
1664 sizeof(struct sockaddr_in6));
1665 IFA_UNLOCK(&ia->ia_ifa);
1666 } else {
1667 error = EADDRNOTAVAIL;
1668 }
1669 break;
1670
1671 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1672 if (ia != NULL) {
1673 IFA_LOCK(&ia->ia_ifa);
1674 bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6,
1675 sizeof(ifr->ifr_ifru.ifru_flags6));
1676 IFA_UNLOCK(&ia->ia_ifa);
1677 } else {
1678 error = EADDRNOTAVAIL;
1679 }
1680 break;
1681
1682 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1683 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1684 error = in6ctl_alifetime(ia, cmd, ifr, p64);
1685 break;
1686
1687 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1688 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1689 error = in6ctl_aifaddr(ifp, ifra);
1690 break;
1691
1692 case SIOCDIFADDR_IN6:
1693 in6ctl_difaddr(ifp, ia);
1694 break;
1695
1696 default:
1697 error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
1698 break;
1699 }
1700
1701 done:
1702 if (ifp != NULL) {
1703 lck_mtx_lock(&ifp->if_inet6_ioctl_lock);
1704 ifp->if_inet6_ioctl_busy = FALSE;
1705 lck_mtx_unlock(&ifp->if_inet6_ioctl_lock);
1706 wakeup(&ifp->if_inet6_ioctl_busy);
1707 }
1708
1709 if (ia != NULL) {
1710 IFA_REMREF(&ia->ia_ifa);
1711 }
1712 if (so_unlocked) {
1713 socket_lock(so, 0);
1714 }
1715
1716 return error;
1717 }
1718
1719 static __attribute__((noinline)) int
in6ctl_aifaddr(struct ifnet * ifp,struct in6_aliasreq * ifra)1720 in6ctl_aifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra)
1721 {
1722 int i, error, addtmp;
1723 uint8_t plen;
1724 struct nd_prefix pr0, *pr;
1725 struct in6_ifaddr *ia;
1726
1727 VERIFY(ifp != NULL && ifra != NULL);
1728 ia = NULL;
1729
1730 /*
1731 * XXX This interface is not meant to be used for static LLA
1732 * configuration.
1733 * Instead one can use SIOCLL_START can be used to configure LLA
1734 * statically.
1735 * For bin-compat reasons though, allow it for now and only make
1736 * sure that scope gets communicated correctly.
1737 */
1738 if (IN6_IS_ADDR_LINKLOCAL(&ifra->ifra_addr.sin6_addr)) {
1739 if (in6_embedded_scope) {
1740 ifra->ifra_addr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
1741 } else {
1742 /*
1743 * XXX May be we should rather also check if sin6_scope_id
1744 * is already set or enforce if set that it is same
1745 * as interface index?
1746 * For now to avoid any unintended consequence, just use
1747 * interface index and set sin6_scope_id.
1748 * Also should we just prohibit this interface to configure
1749 * additional link local and limti LLA configuration through
1750 * other *_start ioctls?
1751 */
1752 ifra->ifra_addr.sin6_addr.s6_addr16[1] = 0;
1753 ifra->ifra_addr.sin6_scope_id = ifp->if_index;
1754 }
1755 }
1756
1757 /* Attempt to attach the protocol, in case it isn't attached */
1758 error = in6_domifattach(ifp);
1759 if (error == 0) {
1760 /* PF_INET6 wasn't previously attached */
1761 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
1762 if (error != 0) {
1763 goto done;
1764 }
1765
1766 in6_if_up_dad_start(ifp);
1767 } else if (error != EEXIST) {
1768 goto done;
1769 }
1770
1771 /*
1772 * First, make or update the interface address structure, and link it
1773 * to the list.
1774 */
1775 error = in6_update_ifa(ifp, ifra, 0, &ia);
1776 if (error != 0) {
1777 goto done;
1778 }
1779 VERIFY(ia != NULL);
1780
1781 /* Now, make the prefix on-link on the interface. */
1782 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
1783 if (plen == 128) {
1784 goto done;
1785 }
1786
1787 /*
1788 * NOTE: We'd rather create the prefix before the address, but we need
1789 * at least one address to install the corresponding interface route,
1790 * so we configure the address first.
1791 */
1792
1793 /*
1794 * Convert mask to prefix length (prefixmask has already been validated
1795 * in in6_update_ifa().
1796 */
1797 bzero(&pr0, sizeof(pr0));
1798 pr0.ndpr_plen = plen;
1799 pr0.ndpr_ifp = ifp;
1800 pr0.ndpr_prefix = ifra->ifra_addr;
1801 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
1802
1803 /* apply the mask for safety. */
1804 for (i = 0; i < 4; i++) {
1805 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1806 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
1807 }
1808
1809 /*
1810 * Since we don't have an API to set prefix (not address) lifetimes, we
1811 * just use the same lifetimes as addresses. The (temporarily)
1812 * installed lifetimes can be overridden by later advertised RAs (when
1813 * accept_rtadv is non 0), which is an intended behavior.
1814 */
1815 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
1816 pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF);
1817 if (ifra->ifra_flags & (IN6_IFF_AUTOCONF | IN6_IFF_DYNAMIC)) {
1818 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
1819 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
1820 } else {
1821 pr0.ndpr_vltime = ND6_INFINITE_LIFETIME;
1822 pr0.ndpr_pltime = ND6_INFINITE_LIFETIME;
1823 }
1824 pr0.ndpr_stateflags |= NDPRF_STATIC;
1825 lck_mtx_init(&pr0.ndpr_lock, &ifa_mtx_grp, &ifa_mtx_attr);
1826
1827 /* add the prefix if there's none. */
1828 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_NEVER)) == NULL) {
1829 /*
1830 * nd6_prelist_add will install the corresponding interface
1831 * route.
1832 */
1833 error = nd6_prelist_add(&pr0, NULL, &pr, FALSE);
1834 if (error != 0) {
1835 goto done;
1836 }
1837
1838 if (pr == NULL) {
1839 log(LOG_ERR, "%s: nd6_prelist_add okay, but"
1840 " no prefix.\n", __func__);
1841 error = EINVAL;
1842 goto done;
1843 }
1844 }
1845
1846 IFA_LOCK(&ia->ia_ifa);
1847
1848 /* if this is a new autoconfed addr */
1849 addtmp = FALSE;
1850 if (ia->ia6_ndpr == NULL) {
1851 NDPR_LOCK(pr);
1852 ++pr->ndpr_addrcnt;
1853 if (!(ia->ia6_flags & IN6_IFF_NOTMANUAL)) {
1854 ++pr->ndpr_manual_addrcnt;
1855 VERIFY(pr->ndpr_manual_addrcnt != 0);
1856 }
1857 VERIFY(pr->ndpr_addrcnt != 0);
1858 ia->ia6_ndpr = pr;
1859 NDPR_ADDREF(pr); /* for addr reference */
1860
1861 /*
1862 * If this is the first autoconf address from the prefix,
1863 * create a temporary address as well (when specified).
1864 */
1865 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
1866 ip6_use_tempaddr &&
1867 pr->ndpr_addrcnt == 1 &&
1868 (!IN6_IS_ADDR_UNIQUE_LOCAL(&ia->ia_addr.sin6_addr)
1869 || ip6_ula_use_tempaddr)) {
1870 addtmp = true;
1871 }
1872 NDPR_UNLOCK(pr);
1873 }
1874
1875 IFA_UNLOCK(&ia->ia_ifa);
1876
1877 if (addtmp) {
1878 int e;
1879 e = in6_tmpifadd(ia, 1);
1880 if (e != 0) {
1881 log(LOG_NOTICE, "%s: failed to create a"
1882 " temporary address, error=%d\n",
1883 __func__, e);
1884 }
1885 }
1886
1887 /*
1888 * This might affect the status of autoconfigured addresses, that is,
1889 * this address might make other addresses detached.
1890 */
1891 lck_mtx_lock(nd6_mutex);
1892 pfxlist_onlink_check();
1893 lck_mtx_unlock(nd6_mutex);
1894
1895 /* Drop use count held above during lookup/add */
1896 NDPR_REMREF(pr);
1897
1898 done:
1899 if (ia != NULL) {
1900 IFA_REMREF(&ia->ia_ifa);
1901 }
1902 return error;
1903 }
1904
1905 static __attribute__((noinline)) void
in6ctl_difaddr(struct ifnet * ifp,struct in6_ifaddr * ia)1906 in6ctl_difaddr(struct ifnet *ifp, struct in6_ifaddr *ia)
1907 {
1908 int i = 0;
1909 struct nd_prefix pr0, *pr;
1910
1911 VERIFY(ifp != NULL && ia != NULL);
1912
1913 /*
1914 * If the address being deleted is the only one that owns
1915 * the corresponding prefix, expire the prefix as well.
1916 * XXX: theoretically, we don't have to worry about such
1917 * relationship, since we separate the address management
1918 * and the prefix management. We do this, however, to provide
1919 * as much backward compatibility as possible in terms of
1920 * the ioctl operation.
1921 * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
1922 */
1923 IFA_LOCK(&ia->ia_ifa);
1924 bzero(&pr0, sizeof(pr0));
1925 pr0.ndpr_ifp = ifp;
1926 pr0.ndpr_plen = (uint8_t)in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1927 if (pr0.ndpr_plen == 128) {
1928 IFA_UNLOCK(&ia->ia_ifa);
1929 goto purgeaddr;
1930 }
1931 pr0.ndpr_prefix = ia->ia_addr;
1932 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
1933 for (i = 0; i < 4; i++) {
1934 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1935 ia->ia_prefixmask.sin6_addr.s6_addr32[i];
1936 }
1937 IFA_UNLOCK(&ia->ia_ifa);
1938
1939 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
1940 IFA_LOCK(&ia->ia_ifa);
1941 NDPR_LOCK(pr);
1942 if (pr->ndpr_addrcnt == 1) {
1943 /* XXX: just for expiration */
1944 pr->ndpr_expire = 1;
1945 }
1946 NDPR_UNLOCK(pr);
1947 IFA_UNLOCK(&ia->ia_ifa);
1948
1949 /* Drop use count held above during lookup */
1950 NDPR_REMREF(pr);
1951 }
1952
1953 purgeaddr:
1954 in6_purgeaddr(&ia->ia_ifa);
1955 }
1956
1957 static __attribute__((noinline)) int
in6_autoconf(struct ifnet * ifp,int enable)1958 in6_autoconf(struct ifnet *ifp, int enable)
1959 {
1960 int error = 0;
1961
1962 VERIFY(ifp != NULL);
1963
1964 if (ifp->if_flags & IFF_LOOPBACK) {
1965 return EINVAL;
1966 }
1967
1968 if (enable) {
1969 /*
1970 * An interface in IPv6 router mode implies that it
1971 * is either configured with a static IP address or
1972 * autoconfigured via a locally-generated RA. Prevent
1973 * SIOCAUTOCONF_START from being set in that mode.
1974 */
1975 ifnet_lock_exclusive(ifp);
1976 if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
1977 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1978 error = EBUSY;
1979 } else {
1980 if_set_eflags(ifp, IFEF_ACCEPT_RTADV);
1981 }
1982 ifnet_lock_done(ifp);
1983 } else {
1984 struct in6_ifaddr *ia = NULL;
1985
1986 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1987
1988 /* Remove autoconfigured address from interface */
1989 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1990 boolean_t from_begining = TRUE;
1991 while (from_begining) {
1992 from_begining = FALSE;
1993 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
1994 if (ia->ia_ifa.ifa_ifp != ifp) {
1995 continue;
1996 }
1997 IFA_LOCK(&ia->ia_ifa);
1998 if (ia->ia6_flags & IN6_IFF_AUTOCONF) {
1999 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
2000 IFA_UNLOCK(&ia->ia_ifa);
2001 lck_rw_done(&in6_ifaddr_rwlock);
2002 in6_purgeaddr(&ia->ia_ifa);
2003 IFA_REMREF(&ia->ia_ifa); /* for us */
2004 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2005 /*
2006 * Purging the address caused in6_ifaddr_rwlock
2007 * to be dropped and reacquired;
2008 * therefore search again from the beginning
2009 * of in6_ifaddrs list.
2010 */
2011 from_begining = TRUE;
2012 break;
2013 }
2014 IFA_UNLOCK(&ia->ia_ifa);
2015 }
2016 }
2017 lck_rw_done(&in6_ifaddr_rwlock);
2018 }
2019 return error;
2020 }
2021
2022 /*
2023 * Handle SIOCSETROUTERMODE_IN6 to set the IPv6 router mode on the interface
2024 * Entering or exiting IPV6_ROUTER_MODE_EXCLUSIVE will result in the removal of
2025 * autoconfigured IPv6 addresses on the interface.
2026 */
2027 static __attribute__((noinline)) int
in6_setrouter(struct ifnet * ifp,ipv6_router_mode_t mode)2028 in6_setrouter(struct ifnet *ifp, ipv6_router_mode_t mode)
2029 {
2030 int error = 0;
2031 ipv6_router_mode_t prev_mode;
2032
2033 VERIFY(ifp != NULL);
2034
2035 if (ifp->if_flags & IFF_LOOPBACK) {
2036 return ENODEV;
2037 }
2038
2039 prev_mode = ifp->if_ipv6_router_mode;
2040 if (prev_mode == mode) {
2041 /* no mode change, there's nothing to do */
2042 return 0;
2043 }
2044 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
2045 struct nd_ifinfo *ndi = NULL;
2046
2047 ndi = ND_IFINFO(ifp);
2048 if (ndi != NULL && ndi->initialized) {
2049 lck_mtx_lock(&ndi->lock);
2050 if (ndi->flags & ND6_IFF_PROXY_PREFIXES) {
2051 /* No proxy if we are an advertising router */
2052 ndi->flags &= ~ND6_IFF_PROXY_PREFIXES;
2053 lck_mtx_unlock(&ndi->lock);
2054 (void) nd6_if_prproxy(ifp, FALSE);
2055 } else {
2056 lck_mtx_unlock(&ndi->lock);
2057 }
2058 }
2059 }
2060
2061 ifp->if_ipv6_router_mode = mode;
2062 lck_mtx_lock(nd6_mutex);
2063 defrouter_select(ifp, NULL);
2064 lck_mtx_unlock(nd6_mutex);
2065 if_allmulti(ifp, (mode == IPV6_ROUTER_MODE_EXCLUSIVE));
2066 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE ||
2067 (prev_mode == IPV6_ROUTER_MODE_EXCLUSIVE
2068 && mode == IPV6_ROUTER_MODE_DISABLED)) {
2069 error = in6_autoconf(ifp, FALSE);
2070 }
2071 return error;
2072 }
2073
2074 static int
in6_to_kamescope(struct sockaddr_in6 * sin6,struct ifnet * ifp)2075 in6_to_kamescope(struct sockaddr_in6 *sin6, struct ifnet *ifp)
2076 {
2077 struct sockaddr_in6 tmp;
2078 int error, id;
2079
2080 VERIFY(sin6 != NULL);
2081 tmp = *sin6;
2082
2083 error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp);
2084 if (error != 0) {
2085 return error;
2086 }
2087
2088 id = in6_addr2scopeid(ifp, &tmp.sin6_addr);
2089 if (tmp.sin6_scope_id == 0) {
2090 tmp.sin6_scope_id = id;
2091 } else if (tmp.sin6_scope_id != id) {
2092 return EINVAL; /* scope ID mismatch. */
2093 }
2094 error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL, IN6_NULL_IF_EMBEDDED_SCOPE(&tmp.sin6_scope_id));
2095 if (error != 0) {
2096 return error;
2097 }
2098
2099 if (in6_embedded_scope || !IN6_IS_SCOPE_EMBED(&tmp.sin6_addr)) {
2100 tmp.sin6_scope_id = 0;
2101 }
2102 *sin6 = tmp;
2103 return 0;
2104 }
2105
2106 /*
2107 * When the address is being configured we should clear out certain flags
2108 * coming in from the caller.
2109 */
2110 #define IN6_IFF_CLR_ADDR_FLAG_MASK (~(IN6_IFF_DEPRECATED | IN6_IFF_DETACHED | IN6_IFF_DUPLICATED))
2111
2112 static int
in6_ifaupdate_aux(struct in6_ifaddr * ia,struct ifnet * ifp,int ifaupflags)2113 in6_ifaupdate_aux(struct in6_ifaddr *ia, struct ifnet *ifp, int ifaupflags)
2114 {
2115 struct sockaddr_in6 mltaddr, mltmask;
2116 struct in6_addr llsol;
2117 struct ifaddr *ifa;
2118 struct in6_multi *in6m_sol;
2119 struct in6_multi_mship *imm;
2120 struct rtentry *rt;
2121 int delay, error = 0;
2122
2123 VERIFY(ifp != NULL && ia != NULL);
2124 ifa = &ia->ia_ifa;
2125 in6m_sol = NULL;
2126
2127 nd6log2(debug, "%s - %s ifp %s ia6_flags 0x%x ifaupflags 0x%x\n",
2128 __func__,
2129 ip6_sprintf(&ia->ia_addr.sin6_addr),
2130 if_name(ia->ia_ifp),
2131 ia->ia6_flags,
2132 ifaupflags);
2133
2134 /*
2135 * Just to be safe, always clear certain flags when address
2136 * is being configured
2137 */
2138 ia->ia6_flags &= IN6_IFF_CLR_ADDR_FLAG_MASK;
2139
2140 /*
2141 * Mark the address as tentative before joining multicast addresses,
2142 * so that corresponding MLD responses would not have a tentative
2143 * source address.
2144 */
2145 if (in6if_do_dad(ifp)) {
2146 in6_ifaddr_set_dadprogress(ia);
2147 /*
2148 * Do not delay sending neighbor solicitations when using optimistic
2149 * duplicate address detection, c.f. RFC 4429.
2150 */
2151 if (ia->ia6_flags & IN6_IFF_OPTIMISTIC) {
2152 ifaupflags &= ~IN6_IFAUPDATE_DADDELAY;
2153 } else {
2154 ifaupflags |= IN6_IFAUPDATE_DADDELAY;
2155 }
2156 } else {
2157 /*
2158 * If the interface has been marked to not perform
2159 * DAD, make sure to reset DAD in progress flags
2160 * that may come in from the caller.
2161 */
2162 ia->ia6_flags &= ~IN6_IFF_DADPROGRESS;
2163 }
2164
2165 /* Join necessary multicast groups */
2166 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
2167 /* join solicited multicast addr for new host id */
2168 bzero(&llsol, sizeof(struct in6_addr));
2169 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
2170 llsol.s6_addr32[1] = 0;
2171 llsol.s6_addr32[2] = htonl(1);
2172 llsol.s6_addr32[3] = ia->ia_addr.sin6_addr.s6_addr32[3];
2173 llsol.s6_addr8[12] = 0xff;
2174 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) {
2175 /* XXX: should not happen */
2176 log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
2177 goto unwind;
2178 }
2179 delay = 0;
2180 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2181 /*
2182 * We need a random delay for DAD on the address
2183 * being configured. It also means delaying
2184 * transmission of the corresponding MLD report to
2185 * avoid report collision. [RFC 4862]
2186 */
2187 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2188 }
2189 imm = in6_joingroup(ifp, &llsol, &error, delay);
2190 if (imm == NULL) {
2191 nd6log(info,
2192 "%s: addmulti failed for %s on %s (errno=%d)\n",
2193 __func__, ip6_sprintf(&llsol), if_name(ifp),
2194 error);
2195 VERIFY(error != 0);
2196 goto unwind;
2197 }
2198 in6m_sol = imm->i6mm_maddr;
2199 /* take a refcount for this routine */
2200 IN6M_ADDREF(in6m_sol);
2201
2202 IFA_LOCK_SPIN(ifa);
2203 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2204 IFA_UNLOCK(ifa);
2205
2206 bzero(&mltmask, sizeof(mltmask));
2207 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2208 mltmask.sin6_family = AF_INET6;
2209 mltmask.sin6_addr = in6mask32;
2210 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */
2211
2212 /*
2213 * join link-local all-nodes address
2214 */
2215 bzero(&mltaddr, sizeof(mltaddr));
2216 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2217 mltaddr.sin6_family = AF_INET6;
2218 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
2219 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id))) != 0) {
2220 goto unwind; /* XXX: should not fail */
2221 }
2222 /*
2223 * XXX: do we really need this automatic routes?
2224 * We should probably reconsider this stuff. Most applications
2225 * actually do not need the routes, since they usually specify
2226 * the outgoing interface.
2227 */
2228 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2229 ia->ia_ifp->if_index);
2230 if (rt) {
2231 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2232 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2233 rtfree(rt);
2234 rt = NULL;
2235 }
2236 }
2237 if (!rt) {
2238 error = rtrequest_scoped(RTM_ADD,
2239 (struct sockaddr *)&mltaddr,
2240 (struct sockaddr *)&ia->ia_addr,
2241 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2242 NULL, ia->ia_ifp->if_index);
2243 if (error) {
2244 goto unwind;
2245 }
2246 } else {
2247 rtfree(rt);
2248 }
2249
2250 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2251 if (!imm) {
2252 nd6log(info,
2253 "%s: addmulti failed for %s on %s (errno=%d)\n",
2254 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2255 if_name(ifp), error);
2256 VERIFY(error != 0);
2257 goto unwind;
2258 }
2259 IFA_LOCK_SPIN(ifa);
2260 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2261 IFA_UNLOCK(ifa);
2262
2263 /*
2264 * join node information group address
2265 */
2266 #define hostnamelen strlen(hostname)
2267 delay = 0;
2268 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2269 /*
2270 * The spec doesn't say anything about delay for this
2271 * group, but the same logic should apply.
2272 */
2273 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2274 }
2275 lck_mtx_lock(&hostname_lock);
2276 int n = in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id));
2277 lck_mtx_unlock(&hostname_lock);
2278 if (n == 0) {
2279 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
2280 delay); /* XXX jinmei */
2281 if (!imm) {
2282 nd6log(info,
2283 "%s: addmulti failed for %s on %s "
2284 "(errno=%d)\n",
2285 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2286 if_name(ifp), error);
2287 /* XXX not very fatal, go on... */
2288 error = 0;
2289 } else {
2290 IFA_LOCK_SPIN(ifa);
2291 LIST_INSERT_HEAD(&ia->ia6_memberships,
2292 imm, i6mm_chain);
2293 IFA_UNLOCK(ifa);
2294 }
2295 }
2296 #undef hostnamelen
2297
2298 /*
2299 * join interface-local all-nodes address.
2300 * (ff01::1%ifN, and ff01::%ifN/32)
2301 */
2302 mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
2303 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id))) != 0) {
2304 goto unwind; /* XXX: should not fail */
2305 }
2306 /* XXX: again, do we really need the route? */
2307 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2308 ia->ia_ifp->if_index);
2309 if (rt) {
2310 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2311 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2312 rtfree(rt);
2313 rt = NULL;
2314 }
2315 }
2316 if (!rt) {
2317 error = rtrequest_scoped(RTM_ADD,
2318 (struct sockaddr *)&mltaddr,
2319 (struct sockaddr *)&ia->ia_addr,
2320 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2321 NULL, ia->ia_ifp->if_index);
2322 if (error) {
2323 goto unwind;
2324 }
2325 } else {
2326 rtfree(rt);
2327 }
2328
2329 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2330 if (!imm) {
2331 nd6log(info,
2332 "%s: addmulti failed for %s on %s (errno=%d)\n",
2333 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2334 if_name(ifp), error);
2335 VERIFY(error != 0);
2336 goto unwind;
2337 }
2338 IFA_LOCK(ifa);
2339 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2340 IFA_UNLOCK(ifa);
2341 #undef MLTMASK_LEN
2342
2343 /*
2344 * create a ff00::/8 route
2345 */
2346 bzero(&mltmask, sizeof(mltmask));
2347 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2348 mltmask.sin6_family = AF_INET6;
2349 mltmask.sin6_addr = in6mask8;
2350 #define MLTMASK_LEN_8_BITS 1 /* ff00::/8 mltmask's masklen (=8bit=1octet) */
2351
2352 bzero(&mltaddr, sizeof(mltaddr));
2353 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2354 mltaddr.sin6_family = AF_INET6;
2355 mltaddr.sin6_addr = in6addr_multicast_prefix;
2356
2357 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2358 ia->ia_ifp->if_index);
2359 if (rt) {
2360 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2361 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN_8_BITS)) {
2362 rtfree(rt);
2363 rt = NULL;
2364 }
2365 }
2366 if (!rt) {
2367 error = rtrequest_scoped(RTM_ADD,
2368 (struct sockaddr *)&mltaddr,
2369 (struct sockaddr *)&ia->ia_addr,
2370 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2371 NULL, ia->ia_ifp->if_index);
2372 if (error) {
2373 goto unwind;
2374 }
2375 } else {
2376 rtfree(rt);
2377 }
2378 }
2379 #undef MLTMASK_LEN_8_BITS
2380
2381 /* Ensure nd6_service() is scheduled as soon as it's convenient */
2382 ++nd6_sched_timeout_want;
2383
2384 /*
2385 * Perform DAD, if:
2386 * * Interface is marked to perform DAD, AND
2387 * * Address is not marked to skip DAD, AND
2388 * * Address is in a pre-DAD state (Tentative or Optimistic)
2389 */
2390 IFA_LOCK_SPIN(ifa);
2391 if (in6if_do_dad(ifp) && (ia->ia6_flags & IN6_IFF_NODAD) == 0 &&
2392 (ia->ia6_flags & IN6_IFF_DADPROGRESS) != 0) {
2393 int mindelay, maxdelay;
2394 int *delayptr, delayval;
2395
2396 IFA_UNLOCK(ifa);
2397 delayptr = NULL;
2398 /*
2399 * Avoid the DAD delay if the caller wants us to skip it.
2400 * This is not compliant with RFC 2461, but it's only being
2401 * used for signalling and not for actual DAD.
2402 */
2403 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY) &&
2404 !(ia->ia6_flags & IN6_IFF_SWIFTDAD)) {
2405 /*
2406 * We need to impose a delay before sending an NS
2407 * for DAD. Check if we also needed a delay for the
2408 * corresponding MLD message. If we did, the delay
2409 * should be larger than the MLD delay (this could be
2410 * relaxed a bit, but this simple logic is at least
2411 * safe).
2412 */
2413 mindelay = 0;
2414 if (in6m_sol != NULL) {
2415 IN6M_LOCK(in6m_sol);
2416 if (in6m_sol->in6m_state ==
2417 MLD_REPORTING_MEMBER) {
2418 mindelay = in6m_sol->in6m_timer;
2419 }
2420 IN6M_UNLOCK(in6m_sol);
2421 }
2422 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
2423 if (maxdelay - mindelay == 0) {
2424 delayval = 0;
2425 } else {
2426 delayval =
2427 (random() % (maxdelay - mindelay)) +
2428 mindelay;
2429 }
2430 delayptr = &delayval;
2431 }
2432
2433 nd6_dad_start((struct ifaddr *)ia, delayptr);
2434 } else {
2435 IFA_UNLOCK(ifa);
2436 }
2437
2438 goto done;
2439
2440 unwind:
2441 VERIFY(error != 0);
2442 in6_purgeaddr(&ia->ia_ifa);
2443
2444 done:
2445 /* release reference held for this routine */
2446 if (in6m_sol != NULL) {
2447 IN6M_REMREF(in6m_sol);
2448 }
2449 return error;
2450 }
2451
2452 /*
2453 * Request an IPv6 interface address. If the address is new, then it will be
2454 * constructed and appended to the interface address chains. The interface
2455 * address structure is optionally returned with a reference for the caller.
2456 */
2457 int
in6_update_ifa(struct ifnet * ifp,struct in6_aliasreq * ifra,int ifaupflags,struct in6_ifaddr ** iar)2458 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int ifaupflags,
2459 struct in6_ifaddr **iar)
2460 {
2461 struct in6_addrlifetime ia6_lt;
2462 struct in6_ifaddr *ia;
2463 struct ifaddr *ifa;
2464 struct ifaddr *xifa;
2465 struct in6_addrlifetime *lt;
2466 uint64_t timenow;
2467 int plen, error;
2468
2469 /* Sanity check parameters and initialize locals */
2470 VERIFY(ifp != NULL && ifra != NULL && iar != NULL);
2471 ia = NULL;
2472 ifa = NULL;
2473 error = 0;
2474
2475 /*
2476 * We always require users to specify a valid IPv6 address for
2477 * the corresponding operation.
2478 */
2479 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
2480 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
2481 error = EAFNOSUPPORT;
2482 goto unwind;
2483 }
2484
2485 /* Validate ifra_prefixmask.sin6_len is properly bounded. */
2486 if (ifra->ifra_prefixmask.sin6_len == 0 ||
2487 ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) {
2488 error = EINVAL;
2489 goto unwind;
2490 }
2491
2492 /* Validate prefix length extracted from ifra_prefixmask structure. */
2493 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
2494 (u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len);
2495 if (plen <= 0) {
2496 error = EINVAL;
2497 goto unwind;
2498 }
2499
2500 /* Validate lifetimes */
2501 lt = &ifra->ifra_lifetime;
2502 if (lt->ia6t_pltime > lt->ia6t_vltime) {
2503 log(LOG_INFO,
2504 "%s: pltime 0x%x > vltime 0x%x for %s\n", __func__,
2505 lt->ia6t_pltime, lt->ia6t_vltime,
2506 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2507 error = EINVAL;
2508 goto unwind;
2509 }
2510 if (lt->ia6t_vltime == 0) {
2511 /*
2512 * the following log might be noisy, but this is a typical
2513 * configuration mistake or a tool's bug.
2514 */
2515 log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
2516 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2517 }
2518
2519 /*
2520 * Before we lock the ifnet structure, we first check to see if the
2521 * address already exists. If so, then we don't allocate and link a
2522 * new one here.
2523 */
2524 struct sockaddr_in6 lookup_address = ifra->ifra_addr;
2525 if (IN6_IS_ADDR_LINKLOCAL(&lookup_address.sin6_addr)) {
2526 if (in6_embedded_scope) {
2527 if (lookup_address.sin6_addr.s6_addr16[1] == 0) {
2528 /* link ID is not embedded by the user */
2529 lookup_address.sin6_addr.s6_addr16[1] =
2530 htons(ifp->if_index);
2531 } else if (lookup_address.sin6_addr.s6_addr16[1] !=
2532 htons(ifp->if_index)) {
2533 error = EINVAL; /* link ID contradicts */
2534 goto done;
2535 }
2536 } else {
2537 if (lookup_address.sin6_scope_id == IFSCOPE_NONE) {
2538 lookup_address.sin6_scope_id = ifp->if_index;
2539 }
2540 }
2541 if (lookup_address.sin6_scope_id != 0 &&
2542 lookup_address.sin6_scope_id !=
2543 (u_int32_t)ifp->if_index) {
2544 error = EINVAL;
2545 goto done;
2546 }
2547 }
2548
2549 ia = in6ifa_ifpwithaddr(ifp, &lookup_address.sin6_addr);
2550 if (ia != NULL) {
2551 ifa = &ia->ia_ifa;
2552 }
2553
2554 /*
2555 * Validate destination address on interface types that require it.
2556 */
2557 if ((ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) {
2558 switch (ifra->ifra_dstaddr.sin6_family) {
2559 case AF_INET6:
2560 if (plen != 128) {
2561 /* noisy message for diagnostic purposes */
2562 log(LOG_INFO,
2563 "%s: prefix length < 128 with"
2564 " explicit dstaddr.\n", __func__);
2565 error = EINVAL;
2566 goto unwind;
2567 }
2568 break;
2569
2570 case AF_UNSPEC:
2571 break;
2572
2573 default:
2574 error = EAFNOSUPPORT;
2575 goto unwind;
2576 }
2577 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) {
2578 log(LOG_INFO,
2579 "%s: dstaddr valid only on p2p and loopback interfaces.\n",
2580 __func__);
2581 error = EINVAL;
2582 goto unwind;
2583 }
2584
2585 timenow = net_uptime();
2586
2587 if (ia == NULL) {
2588 zalloc_flags_t how;
2589
2590 /* Is this the first new IPv6 address for the interface? */
2591 ifaupflags |= IN6_IFAUPDATE_NEWADDR;
2592
2593 /* Allocate memory for IPv6 interface address structure. */
2594 how = (ifaupflags & IN6_IFAUPDATE_NOWAIT) ? Z_NOWAIT : Z_WAITOK;
2595 ia = in6_ifaddr_alloc(how);
2596 if (ia == NULL) {
2597 error = ENOBUFS;
2598 goto unwind;
2599 }
2600
2601 ifa = &ia->ia_ifa;
2602
2603 /*
2604 * Initialize interface address structure.
2605 *
2606 * Note well: none of these sockaddr_in6 structures contain a
2607 * valid sin6_port, sin6_flowinfo or even a sin6_scope_id field.
2608 * We still embed link-local scope identifiers at the end of an
2609 * arbitrary fe80::/32 prefix, for historical reasons. Also, the
2610 * ifa_dstaddr field is always non-NULL on point-to-point and
2611 * loopback interfaces, and conventionally points to a socket
2612 * address of AF_UNSPEC family when there is no destination.
2613 *
2614 * Please enjoy the dancing sea turtle.
2615 */
2616 IFA_ADDREF(ifa); /* for this and optionally for caller */
2617 IA6_HASH_INIT(ia);
2618 ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
2619 if (ifra->ifra_dstaddr.sin6_family == AF_INET6 ||
2620 (ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
2621 ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
2622 }
2623 ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
2624 ifa->ifa_ifp = ifp;
2625 ifa->ifa_metric = ifp->if_metric;
2626 ifa->ifa_rtrequest = nd6_rtrequest;
2627
2628 LIST_INIT(&ia->ia6_memberships);
2629 ia->ia_addr.sin6_family = AF_INET6;
2630 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
2631 ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr;
2632 ia->ia_prefixmask.sin6_family = AF_INET6;
2633 ia->ia_prefixmask.sin6_len = sizeof(ia->ia_prefixmask);
2634 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
2635 error = in6_to_kamescope(&ia->ia_addr, ifp);
2636 if (error != 0) {
2637 goto unwind;
2638 }
2639 if (ifa->ifa_dstaddr != NULL) {
2640 ia->ia_dstaddr = ifra->ifra_dstaddr;
2641 error = in6_to_kamescope(&ia->ia_dstaddr, ifp);
2642 if (error != 0) {
2643 goto unwind;
2644 }
2645 }
2646
2647 /* Append to address chains */
2648 ifnet_lock_exclusive(ifp);
2649 ifaupflags |= IN6_IFAUPDATE_1STADDR;
2650 TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) {
2651 IFA_LOCK_SPIN(xifa);
2652 if (xifa->ifa_addr->sa_family != AF_INET6) {
2653 IFA_UNLOCK(xifa);
2654 ifaupflags &= ~IN6_IFAUPDATE_1STADDR;
2655 break;
2656 }
2657 IFA_UNLOCK(xifa);
2658 }
2659
2660 IFA_LOCK_SPIN(ifa);
2661 if_attach_ifa(ifp, ifa); /* holds reference for ifnet link */
2662 IFA_UNLOCK(ifa);
2663 ifnet_lock_done(ifp);
2664
2665 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2666 TAILQ_INSERT_TAIL(&in6_ifaddrhead, ia, ia6_link);
2667 IFA_ADDREF(ifa); /* hold for in6_ifaddrs link */
2668 os_atomic_inc(&in6_ifaddrlist_genid, relaxed);
2669 lck_rw_done(&in6_ifaddr_rwlock);
2670 } else {
2671 ifa = &ia->ia_ifa;
2672 ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR | IN6_IFAUPDATE_1STADDR);
2673 }
2674
2675 VERIFY(ia != NULL && ifa == &ia->ia_ifa);
2676 IFA_LOCK(ifa);
2677
2678 /*
2679 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
2680 * to see if the address is deprecated or invalidated, but initialize
2681 * these members for applications.
2682 */
2683 ia->ia6_updatetime = ia->ia6_createtime = timenow;
2684 ia6_lt = *lt;
2685 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
2686 ia6_lt.ia6t_expire = (time_t)(timenow + ia6_lt.ia6t_vltime);
2687 } else {
2688 ia6_lt.ia6t_expire = 0;
2689 }
2690 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
2691 ia6_lt.ia6t_preferred = (time_t)(timenow + ia6_lt.ia6t_pltime);
2692 } else {
2693 ia6_lt.ia6t_preferred = 0;
2694 }
2695 in6ifa_setlifetime(ia, &ia6_lt);
2696
2697 /*
2698 * Backward compatibility - if IN6_IFF_DEPRECATED is set from the
2699 * userland, make it deprecated.
2700 */
2701 if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
2702 ia->ia6_lifetime.ia6ti_pltime = 0;
2703 ia->ia6_lifetime.ia6ti_preferred = timenow;
2704 }
2705
2706 /*
2707 * Update flag or prefix length
2708 */
2709 ia->ia_plen = plen;
2710 ia->ia6_flags = ifra->ifra_flags;
2711
2712 /* Release locks (new address available to concurrent tasks) */
2713 IFA_UNLOCK(ifa);
2714
2715 /* Further initialization of the interface address */
2716 error = in6_ifinit(ifp, ia, ifaupflags);
2717 if (error != 0) {
2718 goto unwind;
2719 }
2720
2721 /* Finish updating the address while other tasks are working with it */
2722 error = in6_ifaupdate_aux(ia, ifp, ifaupflags);
2723 if (error != 0) {
2724 goto unwind;
2725 }
2726
2727 /* Return success (optionally w/ address for caller). */
2728 VERIFY(error == 0);
2729 (void) ifnet_notify_address(ifp, AF_INET6);
2730
2731 goto done;
2732
2733 unwind:
2734 VERIFY(error != 0);
2735 if (ia != NULL) {
2736 VERIFY(ifa == &ia->ia_ifa);
2737 IFA_REMREF(ifa);
2738 ia = NULL;
2739 }
2740
2741 done:
2742 *iar = ia;
2743 return error;
2744 }
2745
2746 void
in6_purgeaddr(struct ifaddr * ifa)2747 in6_purgeaddr(struct ifaddr *ifa)
2748 {
2749 struct ifnet *ifp = ifa->ifa_ifp;
2750 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
2751 struct in6_multi_mship *imm;
2752
2753 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2754
2755 /* stop DAD processing */
2756 nd6_dad_stop(ifa);
2757
2758 /*
2759 * delete route to the destination of the address being purged.
2760 * The interface must be p2p or loopback in this case.
2761 */
2762 IFA_LOCK(ifa);
2763 if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128) {
2764 int error, rtf;
2765
2766 IFA_UNLOCK(ifa);
2767 rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0;
2768 error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf);
2769 if (error != 0) {
2770 log(LOG_ERR, "in6_purgeaddr: failed to remove "
2771 "a route to the p2p destination: %s on %s, "
2772 "errno=%d\n",
2773 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
2774 error);
2775 /* proceed anyway... */
2776 }
2777 IFA_LOCK_SPIN(ifa);
2778 ia->ia_flags &= ~IFA_ROUTE;
2779 }
2780 IFA_UNLOCK(ifa);
2781
2782 /* Remove ownaddr's loopback rtentry, if it exists. */
2783 in6_ifremloop(&(ia->ia_ifa));
2784
2785 /*
2786 * leave from multicast groups we have joined for the interface
2787 */
2788 IFA_LOCK(ifa);
2789 while ((imm = ia->ia6_memberships.lh_first) != NULL) {
2790 LIST_REMOVE(imm, i6mm_chain);
2791 IFA_UNLOCK(ifa);
2792 in6_leavegroup(imm);
2793 IFA_LOCK(ifa);
2794 }
2795 IFA_UNLOCK(ifa);
2796
2797 /* in6_unlink_ifa() will need exclusive access */
2798 in6_unlink_ifa(ia, ifp);
2799 in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia, NULL);
2800
2801 (void) ifnet_notify_address(ifp, AF_INET6);
2802 }
2803
2804 static void
in6_unlink_ifa(struct in6_ifaddr * ia,struct ifnet * ifp)2805 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
2806 {
2807 struct in6_ifaddr *nia;
2808 struct ifaddr *ifa;
2809 int unlinked;
2810
2811 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2812
2813 ifa = &ia->ia_ifa;
2814 IFA_ADDREF(ifa);
2815
2816 ifnet_lock_exclusive(ifp);
2817 IFA_LOCK(ifa);
2818 if (ifa->ifa_debug & IFD_ATTACHED) {
2819 if_detach_ifa(ifp, ifa);
2820 }
2821 IFA_UNLOCK(ifa);
2822 ifnet_lock_done(ifp);
2823
2824 unlinked = 0;
2825 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2826 TAILQ_FOREACH(nia, &in6_ifaddrhead, ia6_link) {
2827 if (ia == nia) {
2828 TAILQ_REMOVE(&in6_ifaddrhead, ia, ia6_link);
2829 os_atomic_inc(&in6_ifaddrlist_genid, relaxed);
2830 IFA_LOCK(ifa);
2831 if (IA6_IS_HASHED(ia)) {
2832 in6_iahash_remove(ia);
2833 }
2834 IFA_UNLOCK(ifa);
2835 unlinked = 1;
2836 break;
2837 }
2838 }
2839
2840 /*
2841 * When IPv6 address is being removed, release the
2842 * reference to the base prefix.
2843 * Also, since the release might, affect the status
2844 * of other (detached) addresses, call
2845 * pfxlist_onlink_check().
2846 */
2847 IFA_LOCK(ifa);
2848 /*
2849 * Only log the below message for addresses other than
2850 * link local.
2851 * Only one LLA (auto-configured or statically) is allowed
2852 * on an interface.
2853 * LLA prefix, while added to the prefix list, is not
2854 * reference countedi (as it is the only one).
2855 * The prefix also never expires on its own as LLAs
2856 * have infinite lifetime.
2857 *
2858 * For now quiece down the log message for LLAs.
2859 */
2860 if (!IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
2861 if (ia->ia6_ndpr == NULL) {
2862 log(LOG_NOTICE, "in6_unlink_ifa: IPv6 address "
2863 "0x%llx has no prefix\n",
2864 (uint64_t)VM_KERNEL_ADDRPERM(ia));
2865 } else {
2866 struct nd_prefix *pr = ia->ia6_ndpr;
2867
2868 NDPR_LOCK(pr);
2869 if (!(ia->ia6_flags & IN6_IFF_NOTMANUAL)) {
2870 VERIFY(pr->ndpr_manual_addrcnt != 0);
2871 pr->ndpr_manual_addrcnt--;
2872 }
2873 ia->ia6_flags &= ~IN6_IFF_AUTOCONF;
2874 ia->ia6_ndpr = NULL;
2875 VERIFY(pr->ndpr_addrcnt != 0);
2876 pr->ndpr_addrcnt--;
2877 if (ia->ia6_flags & IN6_IFF_CLAT46) {
2878 pr->ndpr_stateflags &= ~NDPRF_CLAT46;
2879 }
2880 NDPR_UNLOCK(pr);
2881 NDPR_REMREF(pr); /* release addr reference */
2882 }
2883 }
2884 IFA_UNLOCK(ifa);
2885 lck_rw_done(&in6_ifaddr_rwlock);
2886
2887 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
2888 lck_mtx_lock(nd6_mutex);
2889 pfxlist_onlink_check();
2890 lck_mtx_unlock(nd6_mutex);
2891 }
2892 /*
2893 * release another refcnt for the link from in6_ifaddrs.
2894 * Do this only if it's not already unlinked in the event that we lost
2895 * the race, since in6_ifaddr_rwlock was momentarily dropped above.
2896 */
2897 if (unlinked) {
2898 IFA_REMREF(ifa);
2899 }
2900
2901 /* release reference held for this routine */
2902 IFA_REMREF(ifa);
2903
2904 /* invalidate route caches */
2905 routegenid_inet6_update();
2906 }
2907
2908 void
in6_purgeif(struct ifnet * ifp)2909 in6_purgeif(struct ifnet *ifp)
2910 {
2911 struct in6_ifaddr *ia;
2912
2913 if (ifp == NULL) {
2914 return;
2915 }
2916
2917 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2918
2919 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2920 boolean_t from_begining = TRUE;
2921 while (from_begining) {
2922 from_begining = FALSE;
2923 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
2924 if (ia->ia_ifa.ifa_ifp != ifp) {
2925 continue;
2926 }
2927 IFA_ADDREF(&ia->ia_ifa); /* for us */
2928 lck_rw_done(&in6_ifaddr_rwlock);
2929 in6_purgeaddr(&ia->ia_ifa);
2930 IFA_REMREF(&ia->ia_ifa); /* for us */
2931 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2932 /*
2933 * Purging the address would have caused
2934 * in6_ifaddr_rwlock to be dropped and reacquired;
2935 * therefore search again from the beginning
2936 * of in6_ifaddrs list.
2937 */
2938 from_begining = TRUE;
2939 break;
2940 }
2941 }
2942 lck_rw_done(&in6_ifaddr_rwlock);
2943
2944 in6_ifdetach(ifp);
2945 }
2946
2947 /*
2948 * Initialize an interface's internet6 address and routing table entry.
2949 */
2950 static int
in6_ifinit(struct ifnet * ifp,struct in6_ifaddr * ia,int ifaupflags)2951 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, int ifaupflags)
2952 {
2953 int error;
2954 struct ifaddr *ifa;
2955
2956 error = 0;
2957 ifa = &ia->ia_ifa;
2958
2959 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2960 IFA_LOCK(&ia->ia_ifa);
2961 if (IA6_IS_HASHED(ia)) {
2962 in6_iahash_remove(ia);
2963 }
2964 if ((ifp->if_flags & IFF_POINTOPOINT)) {
2965 in6_iahash_insert_ptp(ia);
2966 } else {
2967 in6_iahash_insert(ia);
2968 }
2969 IFA_UNLOCK(&ia->ia_ifa);
2970 lck_rw_done(&in6_ifaddr_rwlock);
2971
2972 /*
2973 * NOTE: SIOCSIFADDR is defined with struct ifreq as parameter,
2974 * but here we are sending it down to the interface with a pointer
2975 * to struct ifaddr, for legacy reasons.
2976 */
2977 if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != 0) {
2978 error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia);
2979 if (error != 0) {
2980 if (error != EOPNOTSUPP) {
2981 goto failed;
2982 }
2983 error = 0;
2984 }
2985 }
2986
2987 IFA_LOCK(ifa);
2988
2989 /*
2990 * Special case:
2991 * If the destination address is specified for a point-to-point
2992 * interface, install a route to the destination as an interface
2993 * direct route.
2994 */
2995 if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128 &&
2996 ia->ia_dstaddr.sin6_family == AF_INET6) {
2997 IFA_UNLOCK(ifa);
2998 error = rtinit(ifa, RTM_ADD, RTF_UP | RTF_HOST);
2999 if (error != 0) {
3000 goto failed;
3001 }
3002 IFA_LOCK(ifa);
3003 ia->ia_flags |= IFA_ROUTE;
3004 }
3005 IFA_LOCK_ASSERT_HELD(ifa);
3006 if (ia->ia_plen < 128) {
3007 /*
3008 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
3009 */
3010 ia->ia_flags |= RTF_CLONING;
3011 }
3012
3013 IFA_UNLOCK(ifa);
3014
3015 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
3016 if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != 0) {
3017 in6_ifaddloop(ifa);
3018 }
3019
3020 /* invalidate route caches */
3021 routegenid_inet6_update();
3022
3023 VERIFY(error == 0);
3024 return 0;
3025 failed:
3026 VERIFY(error != 0);
3027 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
3028 IFA_LOCK(&ia->ia_ifa);
3029 if (IA6_IS_HASHED(ia)) {
3030 in6_iahash_remove(ia);
3031 }
3032 IFA_UNLOCK(&ia->ia_ifa);
3033 lck_rw_done(&in6_ifaddr_rwlock);
3034
3035 return error;
3036 }
3037
3038 void
in6_purgeaddrs(struct ifnet * ifp)3039 in6_purgeaddrs(struct ifnet *ifp)
3040 {
3041 in6_purgeif(ifp);
3042 }
3043
3044 /*
3045 * Find an IPv6 interface link-local address specific to an interface.
3046 */
3047 struct in6_ifaddr *
in6ifa_ifpforlinklocal(struct ifnet * ifp,int ignoreflags)3048 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
3049 {
3050 struct ifaddr *ifa;
3051
3052 ifnet_lock_shared(ifp);
3053 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3054 {
3055 IFA_LOCK_SPIN(ifa);
3056 if (ifa->ifa_addr->sa_family != AF_INET6) {
3057 IFA_UNLOCK(ifa);
3058 continue;
3059 }
3060 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
3061 if ((((struct in6_ifaddr *)ifa)->ia6_flags &
3062 ignoreflags) != 0) {
3063 IFA_UNLOCK(ifa);
3064 continue;
3065 }
3066 IFA_ADDREF_LOCKED(ifa); /* for caller */
3067 IFA_UNLOCK(ifa);
3068 break;
3069 }
3070 IFA_UNLOCK(ifa);
3071 }
3072 ifnet_lock_done(ifp);
3073
3074 return (struct in6_ifaddr *)ifa;
3075 }
3076
3077 struct in6_ifaddr *
in6ifa_ifpwithflag(struct ifnet * ifp,int flag)3078 in6ifa_ifpwithflag(struct ifnet * ifp, int flag)
3079 {
3080 struct ifaddr *ifa;
3081
3082 ifnet_lock_shared(ifp);
3083 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3084 {
3085 IFA_LOCK_SPIN(ifa);
3086 if (ifa->ifa_addr->sa_family != AF_INET6) {
3087 IFA_UNLOCK(ifa);
3088 continue;
3089 }
3090 if ((((struct in6_ifaddr *)ifa)->ia6_flags & flag) == flag) {
3091 IFA_ADDREF_LOCKED(ifa);
3092 IFA_UNLOCK(ifa);
3093 break;
3094 }
3095 IFA_UNLOCK(ifa);
3096 }
3097 ifnet_lock_done(ifp);
3098
3099 return (struct in6_ifaddr *)ifa;
3100 }
3101
3102 /*
3103 * find the internet address corresponding to a given interface and address.
3104 */
3105 struct in6_ifaddr *
in6ifa_ifpwithaddr(struct ifnet * ifp,struct in6_addr * addr)3106 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
3107 {
3108 struct ifaddr *ifa;
3109
3110 ifnet_lock_shared(ifp);
3111 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3112 {
3113 IFA_LOCK_SPIN(ifa);
3114 if (ifa->ifa_addr->sa_family != AF_INET6) {
3115 IFA_UNLOCK(ifa);
3116 continue;
3117 }
3118 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
3119 IFA_ADDREF_LOCKED(ifa); /* for caller */
3120 IFA_UNLOCK(ifa);
3121 break;
3122 }
3123 IFA_UNLOCK(ifa);
3124 }
3125 ifnet_lock_done(ifp);
3126
3127 return (struct in6_ifaddr *)ifa;
3128 }
3129
3130 struct in6_ifaddr *
in6ifa_prproxyaddr(struct in6_addr * addr,uint32_t ifscope)3131 in6ifa_prproxyaddr(struct in6_addr *addr, uint32_t ifscope)
3132 {
3133 struct in6_ifaddr *ia;
3134
3135 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3136 TAILQ_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
3137 IFA_LOCK(&ia->ia_ifa);
3138 if (in6_are_addr_equal_scoped(addr, IFA_IN6(&ia->ia_ifa), ifscope, ia->ia_ifp->if_index)) {
3139 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for caller */
3140 IFA_UNLOCK(&ia->ia_ifa);
3141 break;
3142 }
3143 IFA_UNLOCK(&ia->ia_ifa);
3144 }
3145 lck_rw_done(&in6_ifaddr_rwlock);
3146
3147 if (ia != NULL && !nd6_prproxy_ifaddr(ia)) {
3148 IFA_REMREF(&ia->ia_ifa);
3149 ia = NULL;
3150 }
3151
3152 return ia;
3153 }
3154
3155 void
in6ifa_getlifetime(struct in6_ifaddr * ia6,struct in6_addrlifetime * t_dst,int iscalendar)3156 in6ifa_getlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_dst,
3157 int iscalendar)
3158 {
3159 struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime;
3160 struct timeval caltime;
3161
3162 t_dst->ia6t_vltime = t_src->ia6ti_vltime;
3163 t_dst->ia6t_pltime = t_src->ia6ti_pltime;
3164 t_dst->ia6t_expire = 0;
3165 t_dst->ia6t_preferred = 0;
3166
3167 /* account for system time change */
3168 getmicrotime(&caltime);
3169 t_src->ia6ti_base_calendartime +=
3170 NET_CALCULATE_CLOCKSKEW(caltime,
3171 t_src->ia6ti_base_calendartime, net_uptime(),
3172 t_src->ia6ti_base_uptime);
3173
3174 if (iscalendar) {
3175 if (t_src->ia6ti_expire != 0 &&
3176 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3177 t_dst->ia6t_expire = (time_t)(t_src->ia6ti_base_calendartime +
3178 t_src->ia6ti_expire - t_src->ia6ti_base_uptime);
3179 }
3180
3181 if (t_src->ia6ti_preferred != 0 &&
3182 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3183 t_dst->ia6t_preferred = (time_t)(t_src->ia6ti_base_calendartime +
3184 t_src->ia6ti_preferred - t_src->ia6ti_base_uptime);
3185 }
3186 } else {
3187 if (t_src->ia6ti_expire != 0 &&
3188 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3189 t_dst->ia6t_expire = (time_t)t_src->ia6ti_expire;
3190 }
3191
3192 if (t_src->ia6ti_preferred != 0 &&
3193 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3194 t_dst->ia6t_preferred = (time_t)t_src->ia6ti_preferred;
3195 }
3196 }
3197 }
3198
3199 void
in6ifa_setlifetime(struct in6_ifaddr * ia6,struct in6_addrlifetime * t_src)3200 in6ifa_setlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_src)
3201 {
3202 struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime;
3203 struct timeval caltime;
3204
3205 /* account for system time change */
3206 getmicrotime(&caltime);
3207 t_dst->ia6ti_base_calendartime +=
3208 NET_CALCULATE_CLOCKSKEW(caltime,
3209 t_dst->ia6ti_base_calendartime, net_uptime(),
3210 t_dst->ia6ti_base_uptime);
3211
3212 /* trust the caller for the values */
3213 t_dst->ia6ti_expire = t_src->ia6t_expire;
3214 t_dst->ia6ti_preferred = t_src->ia6t_preferred;
3215 t_dst->ia6ti_vltime = t_src->ia6t_vltime;
3216 t_dst->ia6ti_pltime = t_src->ia6t_pltime;
3217 }
3218
3219 /*
3220 * Convert IP6 address to printable (loggable) representation.
3221 */
3222 char *
ip6_sprintf(const struct in6_addr * addr)3223 ip6_sprintf(const struct in6_addr *addr)
3224 {
3225 static const char digits[] = "0123456789abcdef";
3226 static int ip6round = 0;
3227 static char ip6buf[8][48];
3228
3229 int i;
3230 char *cp;
3231 const u_short *a = (const u_short *)addr;
3232 const u_char *d;
3233 u_char n;
3234 int dcolon = 0;
3235 int zpad = 0;
3236
3237 ip6round = (ip6round + 1) & 7;
3238 cp = ip6buf[ip6round];
3239
3240 for (i = 0; i < 8; i++) {
3241 if (dcolon == 1) {
3242 if (*a == 0) {
3243 if (i == 7) {
3244 *cp++ = ':';
3245 }
3246 a++;
3247 continue;
3248 } else {
3249 dcolon = 2;
3250 }
3251 }
3252 if (*a == 0) {
3253 if (dcolon == 0 && *(a + 1) == 0) {
3254 if (i == 0) {
3255 *cp++ = ':';
3256 }
3257 *cp++ = ':';
3258 dcolon = 1;
3259 } else {
3260 *cp++ = '0';
3261 *cp++ = ':';
3262 }
3263 a++;
3264 continue;
3265 }
3266 d = (const u_char *)a;
3267 zpad = 0;
3268 if ((n = *d >> 4) != 0) {
3269 *cp++ = digits[n];
3270 zpad = 1;
3271 }
3272 if ((n = *d++ & 0xf) != 0 || zpad) {
3273 *cp++ = digits[n];
3274 zpad = 1;
3275 }
3276 if ((n = *d >> 4) != 0 || zpad) {
3277 *cp++ = digits[n];
3278 zpad = 1;
3279 }
3280 if ((n = *d & 0xf) != 0 || zpad) {
3281 *cp++ = digits[n];
3282 }
3283 *cp++ = ':';
3284 a++;
3285 }
3286 *--cp = 0;
3287 return ip6buf[ip6round];
3288 }
3289
3290 int
in6addr_local(struct in6_addr * in6)3291 in6addr_local(struct in6_addr *in6)
3292 {
3293 struct rtentry *rt;
3294 struct sockaddr_in6 sin6;
3295 int local = 0;
3296
3297 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_SCOPE_LINKLOCAL(in6)) {
3298 return 1;
3299 }
3300
3301 sin6.sin6_family = AF_INET6;
3302 sin6.sin6_len = sizeof(sin6);
3303 bcopy(in6, &sin6.sin6_addr, sizeof(*in6));
3304 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
3305
3306 if (rt != NULL) {
3307 RT_LOCK_SPIN(rt);
3308 if (rt->rt_gateway->sa_family == AF_LINK) {
3309 local = 1;
3310 }
3311 RT_UNLOCK(rt);
3312 rtfree(rt);
3313 } else {
3314 local = in6_localaddr(in6);
3315 }
3316 return local;
3317 }
3318
3319 int
in6_localaddr(struct in6_addr * in6)3320 in6_localaddr(struct in6_addr *in6)
3321 {
3322 struct in6_ifaddr *ia;
3323
3324 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_MC_UNICAST_BASED_LINKLOCAL(in6)) {
3325 return 1;
3326 }
3327
3328 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3329 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
3330 IFA_LOCK_SPIN(&ia->ia_ifa);
3331 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
3332 &ia->ia_prefixmask.sin6_addr)) {
3333 IFA_UNLOCK(&ia->ia_ifa);
3334 lck_rw_done(&in6_ifaddr_rwlock);
3335 return 1;
3336 }
3337 IFA_UNLOCK(&ia->ia_ifa);
3338 }
3339 lck_rw_done(&in6_ifaddr_rwlock);
3340 return 0;
3341 }
3342
3343 /*
3344 * return length of part which dst and src are equal
3345 * hard coding...
3346 */
3347 int
in6_matchlen(struct in6_addr * src,struct in6_addr * dst)3348 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
3349 {
3350 int match = 0;
3351 u_char *s = (u_char *)src, *d = (u_char *)dst;
3352 u_char *lim = s + 16, r;
3353
3354 while (s < lim) {
3355 if ((r = (*d++ ^ *s++)) != 0) {
3356 while (r < 128) {
3357 match++;
3358 r <<= 1;
3359 }
3360 break;
3361 } else {
3362 match += 8;
3363 }
3364 }
3365 return match;
3366 }
3367
3368 /* XXX: to be scope conscious */
3369 int
in6_are_prefix_equal(struct in6_addr * p1,uint32_t ifscope1,struct in6_addr * p2,uint32_t ifscope2,int len)3370 in6_are_prefix_equal(struct in6_addr *p1, uint32_t ifscope1, struct in6_addr *p2, uint32_t ifscope2, int len)
3371 {
3372 int bytelen, bitlen;
3373
3374 /* sanity check */
3375 if (0 > len || len > 128) {
3376 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3377 return 0;
3378 }
3379
3380 bytelen = len / 8;
3381 bitlen = len % 8;
3382
3383 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) {
3384 return 0;
3385 }
3386 if (bitlen != 0 &&
3387 p1->s6_addr[bytelen] >> (8 - bitlen) !=
3388 p2->s6_addr[bytelen] >> (8 - bitlen)) {
3389 return 0;
3390 }
3391
3392 if (IN6_IS_SCOPE_EMBED(p1) && !in6_embedded_scope) {
3393 return ifscope1 == ifscope2;
3394 }
3395
3396 return 1;
3397 }
3398
3399 void
in6_prefixlen2mask(struct in6_addr * maskp,int len)3400 in6_prefixlen2mask(struct in6_addr *maskp, int len)
3401 {
3402 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
3403 int bytelen, bitlen, i;
3404
3405 /* sanity check */
3406 if (0 > len || len > 128) {
3407 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3408 return;
3409 }
3410
3411 bzero(maskp, sizeof(*maskp));
3412 bytelen = len / 8;
3413 bitlen = len % 8;
3414 for (i = 0; i < bytelen; i++) {
3415 maskp->s6_addr[i] = 0xff;
3416 }
3417 if (bitlen) {
3418 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
3419 }
3420 }
3421
3422 /*
3423 * return the best address out of the same scope
3424 */
3425 struct in6_ifaddr *
in6_ifawithscope(struct ifnet * oifp,struct in6_addr * dst)3426 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst)
3427 {
3428 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
3429 int blen = -1;
3430 struct ifaddr *ifa;
3431 struct ifnet *ifp;
3432 struct in6_ifaddr *ifa_best = NULL;
3433
3434 if (oifp == NULL) {
3435 return NULL;
3436 }
3437
3438 /*
3439 * We search for all addresses on all interfaces from the beginning.
3440 * Comparing an interface with the outgoing interface will be done
3441 * only at the final stage of tiebreaking.
3442 */
3443 ifnet_head_lock_shared();
3444 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3445 /*
3446 * We can never take an address that breaks the scope zone
3447 * of the destination.
3448 */
3449 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) {
3450 continue;
3451 }
3452
3453 ifnet_lock_shared(ifp);
3454 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3455 int tlen = -1, dscopecmp, bscopecmp, matchcmp;
3456
3457 IFA_LOCK(ifa);
3458 if (ifa->ifa_addr->sa_family != AF_INET6) {
3459 IFA_UNLOCK(ifa);
3460 continue;
3461 }
3462 src_scope = in6_addrscope(IFA_IN6(ifa));
3463
3464 /*
3465 * Don't use an address before completing DAD
3466 * nor a duplicated address.
3467 */
3468 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3469 (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3470 IFA_UNLOCK(ifa);
3471 continue;
3472 }
3473 /* XXX: is there any case to allow anycasts? */
3474 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3475 IN6_IFF_ANYCAST) {
3476 IFA_UNLOCK(ifa);
3477 continue;
3478 }
3479 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3480 IN6_IFF_DETACHED) {
3481 IFA_UNLOCK(ifa);
3482 continue;
3483 }
3484 /*
3485 * If this is the first address we find,
3486 * keep it anyway.
3487 */
3488 if (ifa_best == NULL) {
3489 goto replace;
3490 }
3491
3492 /*
3493 * ifa_best is never NULL beyond this line except
3494 * within the block labeled "replace".
3495 */
3496
3497 /*
3498 * If ifa_best has a smaller scope than dst and
3499 * the current address has a larger one than
3500 * (or equal to) dst, always replace ifa_best.
3501 * Also, if the current address has a smaller scope
3502 * than dst, ignore it unless ifa_best also has a
3503 * smaller scope.
3504 * Consequently, after the two if-clause below,
3505 * the followings must be satisfied:
3506 * (scope(src) < scope(dst) &&
3507 * scope(best) < scope(dst))
3508 * OR
3509 * (scope(best) >= scope(dst) &&
3510 * scope(src) >= scope(dst))
3511 */
3512 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 &&
3513 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) {
3514 goto replace; /* (A) */
3515 }
3516 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 &&
3517 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) {
3518 IFA_UNLOCK(ifa);
3519 continue; /* (B) */
3520 }
3521 /*
3522 * A deprecated address SHOULD NOT be used in new
3523 * communications if an alternate (non-deprecated)
3524 * address is available and has sufficient scope.
3525 * RFC 4862, Section 5.5.4.
3526 */
3527 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3528 IN6_IFF_DEPRECATED) {
3529 /*
3530 * Ignore any deprecated addresses if
3531 * specified by configuration.
3532 */
3533 if (!ip6_use_deprecated) {
3534 IFA_UNLOCK(ifa);
3535 continue;
3536 }
3537 /*
3538 * If we have already found a non-deprecated
3539 * candidate, just ignore deprecated addresses.
3540 */
3541 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
3542 == 0) {
3543 IFA_UNLOCK(ifa);
3544 continue;
3545 }
3546 }
3547
3548 /*
3549 * A non-deprecated address is always preferred
3550 * to a deprecated one regardless of scopes and
3551 * address matching (Note invariants ensured by the
3552 * conditions (A) and (B) above.)
3553 */
3554 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
3555 (((struct in6_ifaddr *)ifa)->ia6_flags &
3556 IN6_IFF_DEPRECATED) == 0) {
3557 goto replace;
3558 }
3559
3560 /*
3561 * When we use temporary addresses described in
3562 * RFC 4941, we prefer temporary addresses to
3563 * public autoconf addresses. Again, note the
3564 * invariants from (A) and (B). Also note that we
3565 * don't have any preference between static addresses
3566 * and autoconf addresses (despite of whether or not
3567 * the latter is temporary or public.)
3568 */
3569 if (ip6_use_tempaddr) {
3570 struct in6_ifaddr *ifat;
3571
3572 ifat = (struct in6_ifaddr *)ifa;
3573 if ((ifa_best->ia6_flags &
3574 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3575 == IN6_IFF_AUTOCONF &&
3576 (ifat->ia6_flags &
3577 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3578 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY)) {
3579 goto replace;
3580 }
3581 if ((ifa_best->ia6_flags &
3582 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3583 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY) &&
3584 (ifat->ia6_flags &
3585 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3586 == IN6_IFF_AUTOCONF) {
3587 IFA_UNLOCK(ifa);
3588 continue;
3589 }
3590 }
3591
3592 /*
3593 * At this point, we have two cases:
3594 * 1. we are looking at a non-deprecated address,
3595 * and ifa_best is also non-deprecated.
3596 * 2. we are looking at a deprecated address,
3597 * and ifa_best is also deprecated.
3598 * Also, we do not have to consider a case where
3599 * the scope of if_best is larger(smaller) than dst and
3600 * the scope of the current address is smaller(larger)
3601 * than dst. Such a case has already been covered.
3602 * Tiebreaking is done according to the following
3603 * items:
3604 * - the scope comparison between the address and
3605 * dst (dscopecmp)
3606 * - the scope comparison between the address and
3607 * ifa_best (bscopecmp)
3608 * - if the address match dst longer than ifa_best
3609 * (matchcmp)
3610 * - if the address is on the outgoing I/F (outI/F)
3611 *
3612 * Roughly speaking, the selection policy is
3613 * - the most important item is scope. The same scope
3614 * is best. Then search for a larger scope.
3615 * Smaller scopes are the last resort.
3616 * - A deprecated address is chosen only when we have
3617 * no address that has an enough scope, but is
3618 * prefered to any addresses of smaller scopes
3619 * (this must be already done above.)
3620 * - addresses on the outgoing I/F are preferred to
3621 * ones on other interfaces if none of above
3622 * tiebreaks. In the table below, the column "bI"
3623 * means if the best_ifa is on the outgoing
3624 * interface, and the column "sI" means if the ifa
3625 * is on the outgoing interface.
3626 * - If there is no other reasons to choose one,
3627 * longest address match against dst is considered.
3628 *
3629 * The precise decision table is as follows:
3630 * dscopecmp bscopecmp match bI oI | replace?
3631 * N/A equal N/A Y N | No (1)
3632 * N/A equal N/A N Y | Yes (2)
3633 * N/A equal larger N/A | Yes (3)
3634 * N/A equal !larger N/A | No (4)
3635 * larger larger N/A N/A | No (5)
3636 * larger smaller N/A N/A | Yes (6)
3637 * smaller larger N/A N/A | Yes (7)
3638 * smaller smaller N/A N/A | No (8)
3639 * equal smaller N/A N/A | Yes (9)
3640 * equal larger (already done at A above)
3641 */
3642 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
3643 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
3644
3645 if (bscopecmp == 0) {
3646 struct ifnet *bifp = ifa_best->ia_ifp;
3647
3648 if (bifp == oifp && ifp != oifp) { /* (1) */
3649 IFA_UNLOCK(ifa);
3650 continue;
3651 }
3652 if (bifp != oifp && ifp == oifp) { /* (2) */
3653 goto replace;
3654 }
3655
3656 /*
3657 * Both bifp and ifp are on the outgoing
3658 * interface, or both two are on a different
3659 * interface from the outgoing I/F.
3660 * now we need address matching against dst
3661 * for tiebreaking.
3662 */
3663 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3664 matchcmp = tlen - blen;
3665 if (matchcmp > 0) { /* (3) */
3666 goto replace;
3667 }
3668 IFA_UNLOCK(ifa);
3669 continue; /* (4) */
3670 }
3671 if (dscopecmp > 0) {
3672 if (bscopecmp > 0) { /* (5) */
3673 IFA_UNLOCK(ifa);
3674 continue;
3675 }
3676 goto replace; /* (6) */
3677 }
3678 if (dscopecmp < 0) {
3679 if (bscopecmp > 0) { /* (7) */
3680 goto replace;
3681 }
3682 IFA_UNLOCK(ifa);
3683 continue; /* (8) */
3684 }
3685
3686 /* now dscopecmp must be 0 */
3687 if (bscopecmp < 0) {
3688 goto replace; /* (9) */
3689 }
3690 replace:
3691 IFA_ADDREF_LOCKED(ifa); /* for ifa_best */
3692 blen = tlen >= 0 ? tlen :
3693 in6_matchlen(IFA_IN6(ifa), dst);
3694 best_scope =
3695 in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr);
3696 IFA_UNLOCK(ifa);
3697 if (ifa_best) {
3698 IFA_REMREF(&ifa_best->ia_ifa);
3699 }
3700 ifa_best = (struct in6_ifaddr *)ifa;
3701 }
3702 ifnet_lock_done(ifp);
3703 }
3704 ifnet_head_done();
3705
3706 /* count statistics for future improvements */
3707 if (ifa_best == NULL) {
3708 ip6stat.ip6s_sources_none++;
3709 } else {
3710 IFA_LOCK_SPIN(&ifa_best->ia_ifa);
3711 if (oifp == ifa_best->ia_ifp) {
3712 ip6stat.ip6s_sources_sameif[best_scope]++;
3713 } else {
3714 ip6stat.ip6s_sources_otherif[best_scope]++;
3715 }
3716
3717 if (best_scope == dst_scope) {
3718 ip6stat.ip6s_sources_samescope[best_scope]++;
3719 } else {
3720 ip6stat.ip6s_sources_otherscope[best_scope]++;
3721 }
3722
3723 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
3724 ip6stat.ip6s_sources_deprecated[best_scope]++;
3725 }
3726 IFA_UNLOCK(&ifa_best->ia_ifa);
3727 }
3728
3729 return ifa_best;
3730 }
3731
3732 /*
3733 * return the best address out of the same scope. if no address was
3734 * found, return the first valid address from designated IF.
3735 */
3736 struct in6_ifaddr *
in6_ifawithifp(struct ifnet * ifp,struct in6_addr * dst)3737 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
3738 {
3739 int dst_scope = in6_addrscope(dst), blen = -1, tlen;
3740 struct ifaddr *ifa;
3741 struct in6_ifaddr *besta = NULL;
3742 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
3743
3744 dep[0] = dep[1] = NULL;
3745
3746 /*
3747 * We first look for addresses in the same scope.
3748 * If there is one, return it.
3749 * If two or more, return one which matches the dst longest.
3750 * If none, return one of global addresses assigned other ifs.
3751 */
3752 ifnet_lock_shared(ifp);
3753 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3754 IFA_LOCK(ifa);
3755 if (ifa->ifa_addr->sa_family != AF_INET6) {
3756 IFA_UNLOCK(ifa);
3757 continue;
3758 }
3759 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3760 IFA_UNLOCK(ifa);
3761 continue; /* XXX: is there any case to allow anycast? */
3762 }
3763 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3764 IFA_UNLOCK(ifa);
3765 continue; /* don't use this interface */
3766 }
3767 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3768 IFA_UNLOCK(ifa);
3769 continue;
3770 }
3771 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3772 if (ip6_use_deprecated) {
3773 IFA_ADDREF_LOCKED(ifa); /* for dep[0] */
3774 IFA_UNLOCK(ifa);
3775 if (dep[0] != NULL) {
3776 IFA_REMREF(&dep[0]->ia_ifa);
3777 }
3778 dep[0] = (struct in6_ifaddr *)ifa;
3779 } else {
3780 IFA_UNLOCK(ifa);
3781 }
3782 continue;
3783 }
3784
3785 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
3786 /*
3787 * call in6_matchlen() as few as possible
3788 */
3789 if (besta) {
3790 if (blen == -1) {
3791 IFA_UNLOCK(ifa);
3792 IFA_LOCK(&besta->ia_ifa);
3793 blen = in6_matchlen(
3794 &besta->ia_addr.sin6_addr, dst);
3795 IFA_UNLOCK(&besta->ia_ifa);
3796 IFA_LOCK(ifa);
3797 }
3798 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3799 if (tlen > blen) {
3800 blen = tlen;
3801 IFA_ADDREF_LOCKED(ifa); /* for besta */
3802 IFA_UNLOCK(ifa);
3803 IFA_REMREF(&besta->ia_ifa);
3804 besta = (struct in6_ifaddr *)ifa;
3805 } else {
3806 IFA_UNLOCK(ifa);
3807 }
3808 } else {
3809 besta = (struct in6_ifaddr *)ifa;
3810 IFA_ADDREF_LOCKED(ifa); /* for besta */
3811 IFA_UNLOCK(ifa);
3812 }
3813 } else {
3814 IFA_UNLOCK(ifa);
3815 }
3816 }
3817 if (besta) {
3818 ifnet_lock_done(ifp);
3819 if (dep[0] != NULL) {
3820 IFA_REMREF(&dep[0]->ia_ifa);
3821 }
3822 return besta;
3823 }
3824
3825 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3826 IFA_LOCK(ifa);
3827 if (ifa->ifa_addr->sa_family != AF_INET6) {
3828 IFA_UNLOCK(ifa);
3829 continue;
3830 }
3831 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3832 IFA_UNLOCK(ifa);
3833 continue; /* XXX: is there any case to allow anycast? */
3834 }
3835 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3836 IFA_UNLOCK(ifa);
3837 continue; /* don't use this interface */
3838 }
3839 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3840 IFA_UNLOCK(ifa);
3841 continue;
3842 }
3843 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3844 if (ip6_use_deprecated) {
3845 IFA_ADDREF_LOCKED(ifa); /* for dep[1] */
3846 IFA_UNLOCK(ifa);
3847 if (dep[1] != NULL) {
3848 IFA_REMREF(&dep[1]->ia_ifa);
3849 }
3850 dep[1] = (struct in6_ifaddr *)ifa;
3851 } else {
3852 IFA_UNLOCK(ifa);
3853 }
3854 continue;
3855 }
3856 IFA_ADDREF_LOCKED(ifa); /* for caller */
3857 IFA_UNLOCK(ifa);
3858 ifnet_lock_done(ifp);
3859 if (dep[0] != NULL) {
3860 IFA_REMREF(&dep[0]->ia_ifa);
3861 }
3862 if (dep[1] != NULL) {
3863 IFA_REMREF(&dep[1]->ia_ifa);
3864 }
3865 return (struct in6_ifaddr *)ifa;
3866 }
3867 ifnet_lock_done(ifp);
3868
3869 /* use the last-resort values, that are, deprecated addresses */
3870 if (dep[0]) {
3871 if (dep[1] != NULL) {
3872 IFA_REMREF(&dep[1]->ia_ifa);
3873 }
3874 return dep[0];
3875 }
3876 if (dep[1]) {
3877 return dep[1];
3878 }
3879
3880 return NULL;
3881 }
3882
3883 /*
3884 * perform DAD when interface becomes IFF_UP.
3885 */
3886 static void
in6_if_up_dad_start(struct ifnet * ifp)3887 in6_if_up_dad_start(struct ifnet *ifp)
3888 {
3889 struct ifaddr *ifa;
3890 struct nd_ifinfo *ndi = NULL;
3891
3892 ndi = ND_IFINFO(ifp);
3893 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3894 if (!(ndi->flags & ND6_IFF_DAD)) {
3895 return;
3896 }
3897
3898 /* start DAD on all the interface addresses */
3899 ifnet_lock_exclusive(ifp);
3900 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3901 struct in6_ifaddr *ia6;
3902
3903 IFA_LOCK_SPIN(ifa);
3904 if (ifa->ifa_addr->sa_family != AF_INET6) {
3905 IFA_UNLOCK(ifa);
3906 continue;
3907 }
3908 ia6 = (struct in6_ifaddr *)ifa;
3909 if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) {
3910 int delay = 0; /* delay ticks before DAD output */
3911 IFA_UNLOCK(ifa);
3912 nd6_dad_start(ifa, &delay);
3913 } else {
3914 IFA_UNLOCK(ifa);
3915 }
3916 }
3917 ifnet_lock_done(ifp);
3918 }
3919
3920 int
in6if_do_dad(struct ifnet * ifp)3921 in6if_do_dad(
3922 struct ifnet *ifp)
3923 {
3924 struct nd_ifinfo *ndi = NULL;
3925
3926 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
3927 return 0;
3928 }
3929
3930 ndi = ND_IFINFO(ifp);
3931 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3932 if (!(ndi->flags & ND6_IFF_DAD)) {
3933 return 0;
3934 }
3935
3936 /*
3937 * If we are using the alternative neighbor discovery
3938 * interface on this interface, then skip DAD.
3939 *
3940 * Also, skip it for interfaces marked "local private"
3941 * for now, even when not marked as using the alternative
3942 * interface. This is for historical reasons.
3943 */
3944 if (ifp->if_eflags &
3945 (IFEF_IPV6_ND6ALT | IFEF_LOCALNET_PRIVATE | IFEF_DIRECTLINK)) {
3946 return 0;
3947 }
3948
3949 if (ifp->if_family == IFNET_FAMILY_IPSEC ||
3950 ifp->if_family == IFNET_FAMILY_UTUN) {
3951 /*
3952 * Ignore DAD for tunneling virtual interfaces, which get
3953 * their IPv6 address explicitly assigned.
3954 */
3955 return 0;
3956 }
3957
3958 switch (ifp->if_type) {
3959 #if IFT_DUMMY
3960 case IFT_DUMMY:
3961 #endif
3962 case IFT_FAITH:
3963 /*
3964 * These interfaces do not have the IFF_LOOPBACK flag,
3965 * but loop packets back. We do not have to do DAD on such
3966 * interfaces. We should even omit it, because loop-backed
3967 * NS would confuse the DAD procedure.
3968 */
3969 return 0;
3970 default:
3971 /*
3972 * Our DAD routine requires the interface up and running.
3973 * However, some interfaces can be up before the RUNNING
3974 * status. Additionaly, users may try to assign addresses
3975 * before the interface becomes up (or running).
3976 * We simply skip DAD in such a case as a work around.
3977 * XXX: we should rather mark "tentative" on such addresses,
3978 * and do DAD after the interface becomes ready.
3979 */
3980 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) !=
3981 (IFF_UP | IFF_RUNNING)) {
3982 return 0;
3983 }
3984
3985 return 1;
3986 }
3987 }
3988
3989 /*
3990 * Calculate max IPv6 MTU through all the interfaces and store it
3991 * to in6_maxmtu.
3992 */
3993 void
in6_setmaxmtu(void)3994 in6_setmaxmtu(void)
3995 {
3996 u_int32_t maxmtu = 0;
3997 struct ifnet *ifp;
3998
3999 ifnet_head_lock_shared();
4000 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
4001 struct nd_ifinfo *ndi = NULL;
4002
4003 if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized) {
4004 ndi = NULL;
4005 }
4006 if (ndi != NULL) {
4007 lck_mtx_lock(&ndi->lock);
4008 }
4009 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
4010 IN6_LINKMTU(ifp) > maxmtu) {
4011 maxmtu = IN6_LINKMTU(ifp);
4012 }
4013 if (ndi != NULL) {
4014 lck_mtx_unlock(&ndi->lock);
4015 }
4016 }
4017 ifnet_head_done();
4018 if (maxmtu) { /* update only when maxmtu is positive */
4019 in6_maxmtu = maxmtu;
4020 }
4021 }
4022 /*
4023 * Provide the length of interface identifiers to be used for the link attached
4024 * to the given interface. The length should be defined in "IPv6 over
4025 * xxx-link" document. Note that address architecture might also define
4026 * the length for a particular set of address prefixes, regardless of the
4027 * link type. Also see RFC 4862 for additional background.
4028 */
4029 int
in6_if2idlen(struct ifnet * ifp)4030 in6_if2idlen(struct ifnet *ifp)
4031 {
4032 switch (ifp->if_type) {
4033 case IFT_ETHER: /* RFC2464 */
4034 case IFT_IEEE8023ADLAG: /* IEEE802.3ad Link Aggregate */
4035 #ifdef IFT_PROPVIRTUAL
4036 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */
4037 #endif
4038 #ifdef IFT_L2VLAN
4039 case IFT_L2VLAN: /* ditto */
4040 #endif
4041 #ifdef IFT_IEEE80211
4042 case IFT_IEEE80211: /* ditto */
4043 #endif
4044 #ifdef IFT_MIP
4045 case IFT_MIP: /* ditto */
4046 #endif
4047 return 64;
4048 case IFT_FDDI: /* RFC2467 */
4049 return 64;
4050 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */
4051 return 64;
4052 case IFT_PPP: /* RFC2472 */
4053 return 64;
4054 case IFT_ARCNET: /* RFC2497 */
4055 return 64;
4056 case IFT_FRELAY: /* RFC2590 */
4057 return 64;
4058 case IFT_IEEE1394: /* RFC3146 */
4059 return 64;
4060 case IFT_GIF:
4061 return 64; /* draft-ietf-v6ops-mech-v2-07 */
4062 case IFT_LOOP:
4063 return 64; /* XXX: is this really correct? */
4064 case IFT_OTHER:
4065 return 64; /* for utun interfaces */
4066 case IFT_CELLULAR:
4067 return 64; /* Packet Data over Cellular */
4068 case IFT_BRIDGE:
4069 return 64; /* Transparent bridge interface */
4070 default:
4071 /*
4072 * Unknown link type:
4073 * It might be controversial to use the today's common constant
4074 * of 64 for these cases unconditionally. For full compliance,
4075 * we should return an error in this case. On the other hand,
4076 * if we simply miss the standard for the link type or a new
4077 * standard is defined for a new link type, the IFID length
4078 * is very likely to be the common constant. As a compromise,
4079 * we always use the constant, but make an explicit notice
4080 * indicating the "unknown" case.
4081 */
4082 log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__,
4083 ifp->if_type);
4084 return 64;
4085 }
4086 }
4087 /*
4088 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
4089 * v4 mapped addr or v4 compat addr
4090 */
4091 void
in6_sin6_2_sin(struct sockaddr_in * sin,struct sockaddr_in6 * sin6)4092 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
4093 {
4094 bzero(sin, sizeof(*sin));
4095 sin->sin_len = sizeof(struct sockaddr_in);
4096 sin->sin_family = AF_INET;
4097 sin->sin_port = sin6->sin6_port;
4098 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
4099 }
4100
4101 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
4102 void
in6_sin_2_v4mapsin6(struct sockaddr_in * sin,struct sockaddr_in6 * sin6)4103 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
4104 {
4105 bzero(sin6, sizeof(*sin6));
4106 sin6->sin6_len = sizeof(struct sockaddr_in6);
4107 sin6->sin6_family = AF_INET6;
4108 sin6->sin6_port = sin->sin_port;
4109 sin6->sin6_addr.s6_addr32[0] = 0;
4110 sin6->sin6_addr.s6_addr32[1] = 0;
4111 if (sin->sin_addr.s_addr) {
4112 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
4113 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
4114 } else {
4115 sin6->sin6_addr.s6_addr32[2] = 0;
4116 sin6->sin6_addr.s6_addr32[3] = 0;
4117 }
4118 }
4119
4120 /* Convert sockaddr_in6 into sockaddr_in. */
4121 void
in6_sin6_2_sin_in_sock(struct sockaddr * nam)4122 in6_sin6_2_sin_in_sock(struct sockaddr *nam)
4123 {
4124 struct sockaddr_in *sin_p;
4125 struct sockaddr_in6 sin6;
4126
4127 /*
4128 * Save original sockaddr_in6 addr and convert it
4129 * to sockaddr_in.
4130 */
4131 sin6 = *(struct sockaddr_in6 *)(void *)nam;
4132 sin_p = (struct sockaddr_in *)(void *)nam;
4133 in6_sin6_2_sin(sin_p, &sin6);
4134 }
4135
4136 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
4137 int
in6_sin_2_v4mapsin6_in_sock(struct sockaddr ** nam)4138 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
4139 {
4140 struct sockaddr_in *sin_p;
4141 struct sockaddr_in6 *sin6_p;
4142
4143 sin6_p = (struct sockaddr_in6 *)alloc_sockaddr(sizeof(*sin6_p),
4144 Z_WAITOK | Z_NOFAIL);
4145
4146 sin_p = (struct sockaddr_in *)(void *)*nam;
4147 in6_sin_2_v4mapsin6(sin_p, sin6_p);
4148 free_sockaddr(*nam);
4149 *nam = (struct sockaddr *)sin6_p;
4150
4151 return 0;
4152 }
4153
4154 /*
4155 * Posts in6_event_data message kernel events.
4156 *
4157 * To get the same size of kev_in6_data between ILP32 and LP64 data models
4158 * we are using a special version of the in6_addrlifetime structure that
4159 * uses only 32 bits fields to be compatible with Leopard, and that
4160 * are large enough to span 68 years.
4161 */
4162 void
in6_post_msg(struct ifnet * ifp,u_int32_t event_code,struct in6_ifaddr * ifa,uint8_t * mac)4163 in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa,
4164 uint8_t *mac)
4165 {
4166 struct kev_msg ev_msg;
4167 struct kev_in6_data in6_event_data;
4168 struct in6_addrlifetime ia6_lt;
4169
4170 bzero(&in6_event_data, sizeof(struct kev_in6_data));
4171 bzero(&ev_msg, sizeof(struct kev_msg));
4172 ev_msg.vendor_code = KEV_VENDOR_APPLE;
4173 ev_msg.kev_class = KEV_NETWORK_CLASS;
4174 ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
4175 ev_msg.event_code = event_code;
4176
4177 if (ifa) {
4178 IFA_LOCK(&ifa->ia_ifa);
4179 in6_event_data.ia_addr = ifa->ia_addr;
4180 in6_event_data.ia_net = ifa->ia_net;
4181 in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
4182 in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
4183 in6_event_data.ia_plen = ifa->ia_plen;
4184 in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
4185
4186 /* retrieve time as calendar time (last arg is 1) */
4187 in6ifa_getlifetime(ifa, &ia6_lt, 1);
4188 in6_event_data.ia_lifetime.ia6t_expire = (u_int32_t)ia6_lt.ia6t_expire;
4189 in6_event_data.ia_lifetime.ia6t_preferred = (u_int32_t)ia6_lt.ia6t_preferred;
4190 in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime;
4191 in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime;
4192 IFA_UNLOCK(&ifa->ia_ifa);
4193 }
4194
4195 if (ifp != NULL) {
4196 (void) strlcpy(&in6_event_data.link_data.if_name[0],
4197 ifp->if_name, IFNAMSIZ);
4198 in6_event_data.link_data.if_family = ifp->if_family;
4199 in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
4200 }
4201
4202 if (mac != NULL) {
4203 memcpy(&in6_event_data.ia_mac, mac,
4204 sizeof(in6_event_data.ia_mac));
4205 }
4206
4207 ev_msg.dv[0].data_ptr = &in6_event_data;
4208 ev_msg.dv[0].data_length = sizeof(in6_event_data);
4209 ev_msg.dv[1].data_length = 0;
4210
4211 dlil_post_complete_msg(NULL, &ev_msg);
4212 }
4213
4214 /*
4215 * Called as part of ip6_init
4216 */
4217 void
in6_ifaddr_init(void)4218 in6_ifaddr_init(void)
4219 {
4220 in6_cga_init();
4221 in6_multi_init();
4222
4223 PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof(in6ifa_debug));
4224
4225 vm_size_t in6ifa_size = (in6ifa_debug == 0) ? sizeof(struct in6_ifaddr) :
4226 sizeof(struct in6_ifaddr_dbg);
4227
4228 in6ifa_zone = zone_create(IN6IFA_ZONE_NAME, in6ifa_size, ZC_ZFREE_CLEARMEM);
4229
4230 TAILQ_INIT(&in6ifa_trash_head);
4231 }
4232
4233 static struct in6_ifaddr *
in6_ifaddr_alloc(zalloc_flags_t how)4234 in6_ifaddr_alloc(zalloc_flags_t how)
4235 {
4236 struct in6_ifaddr *in6ifa;
4237
4238 in6ifa = zalloc_flags(in6ifa_zone, how | Z_ZERO);
4239 if (in6ifa != NULL) {
4240 in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
4241 in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC;
4242 in6ifa->ia_ifa.ifa_del_wc = &in6ifa->ia_ifa.ifa_debug;
4243 in6ifa->ia_ifa.ifa_del_waiters = 0;
4244 ifa_lock_init(&in6ifa->ia_ifa);
4245 if (in6ifa_debug != 0) {
4246 struct in6_ifaddr_dbg *in6ifa_dbg =
4247 (struct in6_ifaddr_dbg *)in6ifa;
4248 in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG;
4249 in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
4250 in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached;
4251 in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached;
4252 ctrace_record(&in6ifa_dbg->in6ifa_alloc);
4253 }
4254 }
4255
4256 return in6ifa;
4257 }
4258
4259 static void
in6_ifaddr_free(struct ifaddr * ifa)4260 in6_ifaddr_free(struct ifaddr *ifa)
4261 {
4262 IFA_LOCK_ASSERT_HELD(ifa);
4263
4264 if (ifa->ifa_refcnt != 0) {
4265 panic("%s: ifa %p bad ref cnt", __func__, ifa);
4266 /* NOTREACHED */
4267 } else if (!(ifa->ifa_debug & IFD_ALLOC)) {
4268 panic("%s: ifa %p cannot be freed", __func__, ifa);
4269 /* NOTREACHED */
4270 }
4271 if (ifa->ifa_debug & IFD_DEBUG) {
4272 struct in6_ifaddr_dbg *in6ifa_dbg =
4273 (struct in6_ifaddr_dbg *)ifa;
4274 ctrace_record(&in6ifa_dbg->in6ifa_free);
4275 bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
4276 sizeof(struct in6_ifaddr));
4277 if (ifa->ifa_debug & IFD_TRASHED) {
4278 /* Become a regular mutex, just in case */
4279 IFA_CONVERT_LOCK(ifa);
4280 lck_mtx_lock(&in6ifa_trash_lock);
4281 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg,
4282 in6ifa_trash_link);
4283 lck_mtx_unlock(&in6ifa_trash_lock);
4284 ifa->ifa_debug &= ~IFD_TRASHED;
4285 }
4286 }
4287 IFA_UNLOCK(ifa);
4288 ifa_lock_destroy(ifa);
4289 bzero(ifa, sizeof(struct in6_ifaddr));
4290 zfree(in6ifa_zone, ifa);
4291 }
4292
4293 static void
in6_ifaddr_attached(struct ifaddr * ifa)4294 in6_ifaddr_attached(struct ifaddr *ifa)
4295 {
4296 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4297
4298 IFA_LOCK_ASSERT_HELD(ifa);
4299
4300 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4301 panic("%s: ifa %p has no debug structure", __func__, ifa);
4302 /* NOTREACHED */
4303 }
4304 if (ifa->ifa_debug & IFD_TRASHED) {
4305 /* Become a regular mutex, just in case */
4306 IFA_CONVERT_LOCK(ifa);
4307 lck_mtx_lock(&in6ifa_trash_lock);
4308 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4309 lck_mtx_unlock(&in6ifa_trash_lock);
4310 ifa->ifa_debug &= ~IFD_TRASHED;
4311 }
4312 }
4313
4314 static void
in6_ifaddr_detached(struct ifaddr * ifa)4315 in6_ifaddr_detached(struct ifaddr *ifa)
4316 {
4317 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4318
4319 IFA_LOCK_ASSERT_HELD(ifa);
4320
4321 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4322 panic("%s: ifa %p has no debug structure", __func__, ifa);
4323 /* NOTREACHED */
4324 } else if (ifa->ifa_debug & IFD_TRASHED) {
4325 panic("%s: ifa %p is already in trash list", __func__, ifa);
4326 /* NOTREACHED */
4327 }
4328 ifa->ifa_debug |= IFD_TRASHED;
4329 /* Become a regular mutex, just in case */
4330 IFA_CONVERT_LOCK(ifa);
4331 lck_mtx_lock(&in6ifa_trash_lock);
4332 TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4333 lck_mtx_unlock(&in6ifa_trash_lock);
4334 }
4335
4336 static void
in6_ifaddr_trace(struct ifaddr * ifa,int refhold)4337 in6_ifaddr_trace(struct ifaddr *ifa, int refhold)
4338 {
4339 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4340 ctrace_t *tr;
4341 u_int32_t idx;
4342 u_int16_t *cnt;
4343
4344 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4345 panic("%s: ifa %p has no debug structure", __func__, ifa);
4346 /* NOTREACHED */
4347 }
4348 if (refhold) {
4349 cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
4350 tr = in6ifa_dbg->in6ifa_refhold;
4351 } else {
4352 cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
4353 tr = in6ifa_dbg->in6ifa_refrele;
4354 }
4355
4356 idx = atomic_add_16_ov(cnt, 1) % IN6IFA_TRACE_HIST_SIZE;
4357 ctrace_record(&tr[idx]);
4358 }
4359
4360 /*
4361 * Handle SIOCGASSOCIDS ioctl for PF_INET6 domain.
4362 */
4363 static int
in6_getassocids(struct socket * so,uint32_t * cnt,user_addr_t aidp)4364 in6_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp)
4365 {
4366 struct in6pcb *in6p = sotoin6pcb(so);
4367 sae_associd_t aid;
4368
4369 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4370 return EINVAL;
4371 }
4372
4373 /* IN6PCB has no concept of association */
4374 aid = SAE_ASSOCID_ANY;
4375 *cnt = 0;
4376
4377 /* just asking how many there are? */
4378 if (aidp == USER_ADDR_NULL) {
4379 return 0;
4380 }
4381
4382 return copyout(&aid, aidp, sizeof(aid));
4383 }
4384
4385 /*
4386 * Handle SIOCGCONNIDS ioctl for PF_INET6 domain.
4387 */
4388 static int
in6_getconnids(struct socket * so,sae_associd_t aid,uint32_t * cnt,user_addr_t cidp)4389 in6_getconnids(struct socket *so, sae_associd_t aid, uint32_t *cnt,
4390 user_addr_t cidp)
4391 {
4392 struct in6pcb *in6p = sotoin6pcb(so);
4393 sae_connid_t cid;
4394
4395 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4396 return EINVAL;
4397 }
4398
4399 if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
4400 return EINVAL;
4401 }
4402
4403 /* if connected, return 1 connection count */
4404 *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0);
4405
4406 /* just asking how many there are? */
4407 if (cidp == USER_ADDR_NULL) {
4408 return 0;
4409 }
4410
4411 /* if IN6PCB is connected, assign it connid 1 */
4412 cid = ((*cnt != 0) ? 1 : SAE_CONNID_ANY);
4413
4414 return copyout(&cid, cidp, sizeof(cid));
4415 }
4416
4417 /*
4418 * Handle SIOCGCONNINFO ioctl for PF_INET6 domain.
4419 */
4420 int
in6_getconninfo(struct socket * so,sae_connid_t cid,uint32_t * flags,uint32_t * ifindex,int32_t * soerror,user_addr_t src,socklen_t * src_len,user_addr_t dst,socklen_t * dst_len,uint32_t * aux_type,user_addr_t aux_data,uint32_t * aux_len)4421 in6_getconninfo(struct socket *so, sae_connid_t cid, uint32_t *flags,
4422 uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len,
4423 user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type,
4424 user_addr_t aux_data, uint32_t *aux_len)
4425 {
4426 struct in6pcb *in6p = sotoin6pcb(so);
4427 struct sockaddr_in6 sin6;
4428 struct ifnet *ifp = NULL;
4429 int error = 0;
4430 u_int32_t copy_len = 0;
4431
4432 /*
4433 * Don't test for INPCB_STATE_DEAD since this may be called
4434 * after SOF_PCBCLEARING is set, e.g. after tcp_close().
4435 */
4436 if (in6p == NULL) {
4437 error = EINVAL;
4438 goto out;
4439 }
4440
4441 if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != 1) {
4442 error = EINVAL;
4443 goto out;
4444 }
4445
4446 ifp = in6p->in6p_last_outifp;
4447 *ifindex = ((ifp != NULL) ? ifp->if_index : 0);
4448 *soerror = so->so_error;
4449 *flags = 0;
4450 if (so->so_state & SS_ISCONNECTED) {
4451 *flags |= (CIF_CONNECTED | CIF_PREFERRED);
4452 }
4453 if (in6p->in6p_flags & INP_BOUND_IF) {
4454 *flags |= CIF_BOUND_IF;
4455 }
4456 if (!(in6p->in6p_flags & INP_IN6ADDR_ANY)) {
4457 *flags |= CIF_BOUND_IP;
4458 }
4459 if (!(in6p->in6p_flags & INP_ANONPORT)) {
4460 *flags |= CIF_BOUND_PORT;
4461 }
4462
4463 bzero(&sin6, sizeof(sin6));
4464 sin6.sin6_len = sizeof(sin6);
4465 sin6.sin6_family = AF_INET6;
4466
4467 /* source address and port */
4468 sin6.sin6_port = in6p->in6p_lport;
4469 if (!in6_embedded_scope) {
4470 sin6.sin6_scope_id = in6p->inp_lifscope;
4471 }
4472 in6_recoverscope(&sin6, &in6p->in6p_laddr, NULL);
4473 if (*src_len == 0) {
4474 *src_len = sin6.sin6_len;
4475 } else {
4476 if (src != USER_ADDR_NULL) {
4477 copy_len = min(*src_len, sizeof(sin6));
4478 error = copyout(&sin6, src, copy_len);
4479 if (error != 0) {
4480 goto out;
4481 }
4482 *src_len = copy_len;
4483 }
4484 }
4485
4486 /* destination address and port */
4487 sin6.sin6_port = in6p->in6p_fport;
4488 if (!in6_embedded_scope) {
4489 sin6.sin6_scope_id = in6p->inp_fifscope;
4490 }
4491 in6_recoverscope(&sin6, &in6p->in6p_faddr, NULL);
4492 if (*dst_len == 0) {
4493 *dst_len = sin6.sin6_len;
4494 } else {
4495 if (dst != USER_ADDR_NULL) {
4496 copy_len = min(*dst_len, sizeof(sin6));
4497 error = copyout(&sin6, dst, copy_len);
4498 if (error != 0) {
4499 goto out;
4500 }
4501 *dst_len = copy_len;
4502 }
4503 }
4504
4505 if (SOCK_PROTO(so) == IPPROTO_TCP) {
4506 struct conninfo_tcp tcp_ci;
4507
4508 *aux_type = CIAUX_TCP;
4509 if (*aux_len == 0) {
4510 *aux_len = sizeof(tcp_ci);
4511 } else {
4512 if (aux_data != USER_ADDR_NULL) {
4513 copy_len = min(*aux_len, sizeof(tcp_ci));
4514 bzero(&tcp_ci, sizeof(tcp_ci));
4515 tcp_getconninfo(so, &tcp_ci);
4516 error = copyout(&tcp_ci, aux_data, copy_len);
4517 if (error != 0) {
4518 goto out;
4519 }
4520 *aux_len = copy_len;
4521 }
4522 }
4523 } else {
4524 *aux_type = 0;
4525 *aux_len = 0;
4526 }
4527
4528 out:
4529 return error;
4530 }
4531
4532 /*
4533 * 'u' group ioctls.
4534 *
4535 * The switch statement below does nothing at runtime, as it serves as a
4536 * compile time check to ensure that all of the socket 'u' ioctls (those
4537 * in the 'u' group going thru soo_ioctl) that are made available by the
4538 * networking stack is unique. This works as long as this routine gets
4539 * updated each time a new interface ioctl gets added.
4540 *
4541 * Any failures at compile time indicates duplicated ioctl values.
4542 */
4543 static __attribute__((unused)) void
in6ioctl_cassert(void)4544 in6ioctl_cassert(void)
4545 {
4546 /*
4547 * This is equivalent to _CASSERT() and the compiler wouldn't
4548 * generate any instructions, thus for compile time only.
4549 */
4550 switch ((u_long)0) {
4551 case 0:
4552
4553 /* bsd/netinet6/in6_var.h */
4554 case SIOCAADDRCTL_POLICY:
4555 case SIOCDADDRCTL_POLICY:
4556 case SIOCDRADD_IN6_32:
4557 case SIOCDRADD_IN6_64:
4558 case SIOCDRDEL_IN6_32:
4559 case SIOCDRDEL_IN6_64:
4560 ;
4561 }
4562 }
4563
4564 struct in6_llentry {
4565 struct llentry base;
4566 };
4567
4568 #define IN6_LLTBL_DEFAULT_HSIZE 32
4569 #define IN6_LLTBL_HASH(k, h) \
4570 ((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
4571
4572 /*
4573 * Do actual deallocation of @lle.
4574 */
4575 static void
in6_lltable_destroy_lle_unlocked(struct llentry * lle)4576 in6_lltable_destroy_lle_unlocked(struct llentry *lle)
4577 {
4578 LLE_LOCK_DESTROY(lle);
4579 LLE_REQ_DESTROY(lle);
4580 struct in6_llentry *in_lle = (struct in6_llentry *)lle;
4581 kfree_type(struct in6_llentry, in_lle);
4582 }
4583
4584 /*
4585 * Called by LLE_FREE_LOCKED when number of references
4586 * drops to zero.
4587 */
4588 static void
in6_lltable_destroy_lle(struct llentry * lle)4589 in6_lltable_destroy_lle(struct llentry *lle)
4590 {
4591 LLE_WUNLOCK(lle);
4592 /* XXX TBD */
4593 //thread_call_free(lle->lle_timer);
4594 in6_lltable_destroy_lle_unlocked(lle);
4595 }
4596
4597
4598 static struct llentry *
in6_lltable_new(const struct in6_addr * addr6,uint16_t flags)4599 in6_lltable_new(const struct in6_addr *addr6, uint16_t flags)
4600 {
4601 #pragma unused(flags)
4602 struct in6_llentry *lle;
4603
4604 lle = kalloc_type(struct in6_llentry, Z_NOWAIT | Z_ZERO);
4605 if (lle == NULL) { /* NB: caller generates msg */
4606 return NULL;
4607 }
4608
4609 lle->base.r_l3addr.addr6 = *addr6;
4610 lle->base.lle_refcnt = 1;
4611 lle->base.lle_free = in6_lltable_destroy_lle;
4612 LLE_LOCK_INIT(&lle->base);
4613 LLE_REQ_INIT(&lle->base);
4614 #if 0
4615 /* XXX TBD */
4616 lle->base.lle_timer = thread_call_allocate(nd6_llinfo_timer, lle);
4617
4618 if (lle->base.lle_timer == NULL) {
4619 printf("lle_timer thread call could not be allocated.\n");
4620 LLE_LOCK_DESTROY(&lle->base);
4621 LLE_REQ_DESTROY(&lle->base);
4622 kfree_type(struct in6_llentry, lle);
4623 return NULL;
4624 }
4625 #endif
4626 return &lle->base;
4627 }
4628
4629 static int
in6_lltable_match_prefix(const struct sockaddr * saddr,const struct sockaddr * smask,uint16_t flags,struct llentry * lle)4630 in6_lltable_match_prefix(const struct sockaddr *saddr,
4631 const struct sockaddr *smask, uint16_t flags, struct llentry *lle)
4632 {
4633 const struct in6_addr *addr, *mask, *lle_addr;
4634
4635 addr = &((const struct sockaddr_in6 *)(const void *)saddr)->sin6_addr;
4636 mask = &((const struct sockaddr_in6 *)(const void *)smask)->sin6_addr;
4637 lle_addr = &lle->r_l3addr.addr6;
4638 uint32_t lle_addr_ifscope = lle->lle_tbl->llt_ifp->if_index;
4639 uint32_t addr_ifscope = ((const struct sockaddr_in6 *)(const void *)saddr)->sin6_scope_id;
4640
4641 if (in6_are_masked_addr_scope_equal(lle_addr, lle_addr_ifscope, addr, addr_ifscope, mask) == 0) {
4642 return 0;
4643 }
4644
4645 if (lle->la_flags & LLE_IFADDR) {
4646 /*
4647 * Delete LLE_IFADDR records IFF address & flag matches.
4648 * Note that addr is the interface address within prefix
4649 * being matched.
4650 */
4651 if (in6_are_addr_equal_scoped(addr, lle_addr, addr_ifscope, lle_addr_ifscope) &&
4652 (flags & LLE_STATIC) != 0) {
4653 return 1;
4654 }
4655 return 0;
4656 }
4657
4658 /* flags & LLE_STATIC means deleting both dynamic and static entries */
4659 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) {
4660 return 1;
4661 }
4662
4663 return 0;
4664 }
4665
4666 static void
in6_lltable_free_entry(struct lltable * llt,struct llentry * lle)4667 in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
4668 {
4669 struct ifnet *ifp;
4670
4671 LLE_WLOCK_ASSERT(lle);
4672 KASSERT(llt != NULL, ("lltable is NULL"));
4673
4674 /* Unlink entry from table */
4675 if ((lle->la_flags & LLE_LINKED) != 0) {
4676 ifp = llt->llt_ifp;
4677 if_afdata_wlock_assert(ifp, llt->llt_af);
4678 lltable_unlink_entry(llt, lle);
4679 }
4680
4681 #if 0
4682 /* XXX TBD */
4683 if (thread_call_cancel(lle->lle_timer) == TRUE) {
4684 LLE_REMREF(lle);
4685 }
4686 #endif
4687 llentry_free(lle);
4688 }
4689
4690 static int
in6_lltable_rtcheck(struct ifnet * ifp,uint16_t flags,const struct sockaddr * l3addr)4691 in6_lltable_rtcheck(struct ifnet *ifp,
4692 uint16_t flags, const struct sockaddr *l3addr)
4693 {
4694 #pragma unused(flags)
4695 struct rtentry *rt;
4696
4697 KASSERT(l3addr->sa_family == AF_INET6,
4698 ("sin_family %d", l3addr->sa_family));
4699 /* XXX rtalloc1 should take a const param */
4700 rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0);
4701 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
4702 struct ifaddr *ifa;
4703 /*
4704 * Create an ND6 cache for an IPv6 neighbor
4705 * that is not covered by our own prefix.
4706 */
4707 /* XXX ifaof_ifpforaddr should take a const param */
4708 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
4709 if (ifa != NULL) {
4710 IFA_REMREF(ifa);
4711 if (rt != NULL) {
4712 rtfree(rt);
4713 }
4714 return 0;
4715 }
4716 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
4717 ip6_sprintf(&((const struct sockaddr_in6 *)(const void *)l3addr)->sin6_addr));
4718 if (rt != NULL) {
4719 rtfree(rt);
4720 }
4721 return EINVAL;
4722 }
4723 rtfree(rt);
4724 return 0;
4725 }
4726
4727 static inline uint32_t
in6_lltable_hash_dst(const struct in6_addr * dst,uint32_t hsize)4728 in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
4729 {
4730 return IN6_LLTBL_HASH(dst->s6_addr32[3], hsize);
4731 }
4732
4733 static uint32_t
in6_lltable_hash(const struct llentry * lle,uint32_t hsize)4734 in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
4735 {
4736 return in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize);
4737 }
4738
4739 static void
in6_lltable_fill_sa_entry(const struct llentry * lle,struct sockaddr * sa)4740 in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
4741 {
4742 struct sockaddr_in6 *sin6;
4743
4744 sin6 = (struct sockaddr_in6 *)(void *)sa;
4745 bzero(sin6, sizeof(*sin6));
4746 sin6->sin6_family = AF_INET6;
4747 sin6->sin6_len = sizeof(*sin6);
4748 sin6->sin6_addr = lle->r_l3addr.addr6;
4749 }
4750
4751 static inline struct llentry *
in6_lltable_find_dst(struct lltable * llt,const struct in6_addr * dst)4752 in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
4753 {
4754 struct llentry *lle;
4755 struct llentries *lleh;
4756 u_int hashidx;
4757
4758 hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
4759 lleh = &llt->lle_head[hashidx];
4760 LIST_FOREACH(lle, lleh, lle_next) {
4761 if (lle->la_flags & LLE_DELETED) {
4762 continue;
4763 }
4764 if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst)) {
4765 break;
4766 }
4767 }
4768
4769 return lle;
4770 }
4771
4772 static void
in6_lltable_delete_entry(struct lltable * llt,struct llentry * lle)4773 in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
4774 {
4775 #pragma unused(llt)
4776 lle->la_flags |= LLE_DELETED;
4777 EVENTHANDLER_INVOKE(NULL, lle_event, lle, LLENTRY_DELETED);
4778 #ifdef DIAGNOSTIC
4779 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
4780 #endif
4781 llentry_free(lle);
4782 }
4783
4784 static struct llentry *
in6_lltable_alloc(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)4785 in6_lltable_alloc(struct lltable *llt, uint16_t flags,
4786 const struct sockaddr *l3addr)
4787 {
4788 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4789 struct ifnet *ifp = llt->llt_ifp;
4790 struct llentry *lle;
4791
4792 KASSERT(l3addr->sa_family == AF_INET6,
4793 ("sin_family %d", l3addr->sa_family));
4794
4795 /*
4796 * A route that covers the given address must have
4797 * been installed 1st because we are doing a resolution,
4798 * verify this.
4799 */
4800 if (!(flags & LLE_IFADDR) &&
4801 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) {
4802 return NULL;
4803 }
4804
4805 lle = in6_lltable_new(&sin6->sin6_addr, flags);
4806 if (lle == NULL) {
4807 log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
4808 return NULL;
4809 }
4810 lle->la_flags = (uint16_t)flags;
4811 if ((flags & LLE_IFADDR) == LLE_IFADDR) {
4812 lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
4813 lle->la_flags |= LLE_STATIC;
4814 }
4815
4816 if ((lle->la_flags & LLE_STATIC) != 0) {
4817 lle->ln_state = ND6_LLINFO_REACHABLE;
4818 }
4819
4820 return lle;
4821 }
4822
4823 static struct llentry *
in6_lltable_lookup(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)4824 in6_lltable_lookup(struct lltable *llt, uint16_t flags,
4825 const struct sockaddr *l3addr)
4826 {
4827 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4828 struct llentry *lle;
4829
4830 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp, llt->llt_af);
4831 KASSERT(l3addr->sa_family == AF_INET6,
4832 ("sin_family %d", l3addr->sa_family));
4833
4834 lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
4835
4836 if (lle == NULL) {
4837 return NULL;
4838 }
4839
4840 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
4841 (LLE_UNLOCKED | LLE_EXCLUSIVE), ("wrong lle request flags: 0x%X",
4842 flags));
4843
4844 if (flags & LLE_UNLOCKED) {
4845 return lle;
4846 }
4847
4848 if (flags & LLE_EXCLUSIVE) {
4849 LLE_WLOCK(lle);
4850 } else {
4851 LLE_RLOCK(lle);
4852 }
4853 return lle;
4854 }
4855
4856 static int
in6_lltable_dump_entry(struct lltable * llt,struct llentry * lle,struct sysctl_req * wr)4857 in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
4858 struct sysctl_req *wr)
4859 {
4860 struct ifnet *ifp = llt->llt_ifp;
4861 /* XXX stack use */
4862 struct {
4863 struct rt_msghdr rtm;
4864 struct sockaddr_in6 sin6;
4865 /*
4866 * ndp.c assumes that sdl is word aligned
4867 */
4868 #ifdef __LP64__
4869 uint32_t pad;
4870 #endif
4871 struct sockaddr_dl sdl;
4872 } ndpc;
4873 struct sockaddr_dl *sdl;
4874 int error;
4875
4876 bzero(&ndpc, sizeof(ndpc));
4877 /* skip deleted entries */
4878 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) {
4879 return 0;
4880 }
4881 /* Skip if jailed and not a valid IP of the prison. */
4882 lltable_fill_sa_entry(lle,
4883 (struct sockaddr *)&ndpc.sin6);
4884 /*
4885 * produce a msg made of:
4886 * struct rt_msghdr;
4887 * struct sockaddr_in6 (IPv6)
4888 * struct sockaddr_dl;
4889 */
4890 ndpc.rtm.rtm_msglen = sizeof(ndpc);
4891 ndpc.rtm.rtm_version = RTM_VERSION;
4892 ndpc.rtm.rtm_type = RTM_GET;
4893 ndpc.rtm.rtm_flags = RTF_UP;
4894 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
4895
4896 /* publish */
4897 if (lle->la_flags & LLE_PUB) {
4898 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
4899 }
4900 sdl = &ndpc.sdl;
4901 sdl->sdl_family = AF_LINK;
4902 sdl->sdl_len = sizeof(*sdl);
4903 sdl->sdl_index = ifp->if_index;
4904 sdl->sdl_type = ifp->if_type;
4905 if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
4906 sdl->sdl_alen = ifp->if_addrlen;
4907 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
4908 } else {
4909 sdl->sdl_alen = 0;
4910 bzero(LLADDR(sdl), ifp->if_addrlen);
4911 }
4912 if (lle->la_expire != 0) {
4913 clock_sec_t secs;
4914 clock_usec_t usecs;
4915
4916 clock_get_calendar_microtime(&secs, &usecs);
4917 ndpc.rtm.rtm_rmx.rmx_expire = (int32_t)(lle->la_expire +
4918 lle->lle_remtime / hz +
4919 secs - net_uptime());
4920 }
4921 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
4922 if (lle->la_flags & LLE_STATIC) {
4923 ndpc.rtm.rtm_flags |= RTF_STATIC;
4924 }
4925 if (lle->la_flags & LLE_IFADDR) {
4926 ndpc.rtm.rtm_flags |= RTF_PINNED;
4927 }
4928 if (lle->ln_router != 0) {
4929 ndpc.rtm.rtm_flags |= RTF_GATEWAY;
4930 }
4931 ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
4932 /* Store state in rmx_weight value */
4933 ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
4934 ndpc.rtm.rtm_index = ifp->if_index;
4935 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
4936
4937 return error;
4938 }
4939
4940 struct lltable *
in6_lltattach(struct ifnet * ifp)4941 in6_lltattach(struct ifnet *ifp)
4942 {
4943 struct lltable *llt;
4944
4945 llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
4946 llt->llt_af = AF_INET6;
4947 llt->llt_ifp = ifp;
4948
4949 llt->llt_lookup = in6_lltable_lookup;
4950 llt->llt_alloc_entry = in6_lltable_alloc;
4951 llt->llt_delete_entry = in6_lltable_delete_entry;
4952 llt->llt_dump_entry = in6_lltable_dump_entry;
4953 llt->llt_hash = in6_lltable_hash;
4954 llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
4955 llt->llt_free_entry = in6_lltable_free_entry;
4956 llt->llt_match_prefix = in6_lltable_match_prefix;
4957 lltable_link(llt);
4958
4959 return llt;
4960 }
4961
4962 void
in6_ip6_to_sockaddr(const struct in6_addr * ip6,u_int16_t port,uint32_t ifscope,struct sockaddr_in6 * sin6,u_int32_t maxlen)4963 in6_ip6_to_sockaddr(const struct in6_addr *ip6, u_int16_t port, uint32_t ifscope,
4964 struct sockaddr_in6 *sin6, u_int32_t maxlen)
4965 {
4966 if (maxlen < sizeof(struct sockaddr_in6)) {
4967 return;
4968 }
4969
4970 *sin6 = (struct sockaddr_in6) {
4971 .sin6_family = AF_INET6,
4972 .sin6_len = sizeof(*sin6),
4973 .sin6_port = port,
4974 .sin6_addr = *ip6,
4975 .sin6_scope_id = IN6_IS_SCOPE_EMBED(ip6) ? ifscope : IFSCOPE_NONE,
4976 };
4977
4978 if (IN6_IS_SCOPE_EMBED(&sin6->sin6_addr)) {
4979 in6_verify_ifscope(&sin6->sin6_addr, ifscope);
4980 if (in6_embedded_scope) {
4981 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
4982 sin6->sin6_addr.s6_addr16[1] = 0;
4983 }
4984 }
4985 }
4986
4987 /* IPv6 events */
4988 struct in6_event {
4989 in6_evhdlr_code_t in6_event_code;
4990 struct ifnet *in6_ifp;
4991 struct in6_addr in6_address;
4992 uint32_t val;
4993 };
4994
4995 struct in6_event2kev in6_event2kev_array[IN6_EVENT_MAX] = {
4996 {
4997 .in6_event_code = IN6_ADDR_MARKED_DUPLICATED,
4998 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4999 .in6_event_kev_code = KEV_ND6_DAD_FAILURE,
5000 .in6_event_str = "IN6_ADDR_MARKED_DUPLICATED",
5001 },
5002 {
5003 .in6_event_code = IN6_ADDR_MARKED_DETACHED,
5004 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5005 .in6_event_kev_code = KEV_ND6_ADDR_DETACHED,
5006 .in6_event_str = "IN6_ADDR_MARKED_DETACHED",
5007 },
5008 {
5009 .in6_event_code = IN6_ADDR_MARKED_DEPRECATED,
5010 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5011 .in6_event_kev_code = KEV_ND6_ADDR_DEPRECATED,
5012 .in6_event_str = "IN6_ADDR_MARKED_DEPRECATED",
5013 },
5014 {
5015 .in6_event_code = IN6_NDP_RTR_EXPIRY,
5016 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5017 .in6_event_kev_code = KEV_ND6_RTR_EXPIRED,
5018 .in6_event_str = "IN6_NDP_RTR_EXPIRY",
5019 },
5020 {
5021 .in6_event_code = IN6_NDP_PFX_EXPIRY,
5022 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5023 .in6_event_kev_code = KEV_ND6_PFX_EXPIRED,
5024 .in6_event_str = "IN6_NDP_PFX_EXPIRY",
5025 },
5026 {
5027 .in6_event_code = IN6_NDP_ADDR_EXPIRY,
5028 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5029 .in6_event_kev_code = KEV_ND6_ADDR_EXPIRED,
5030 .in6_event_str = "IN6_NDP_ADDR_EXPIRY",
5031 },
5032 };
5033
5034 void
in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,in6_evhdlr_code_t in6_ev_code,struct ifnet * ifp,struct in6_addr * p_addr6,uint32_t val)5035 in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,
5036 in6_evhdlr_code_t in6_ev_code, struct ifnet *ifp,
5037 struct in6_addr *p_addr6, uint32_t val)
5038 {
5039 struct kev_msg ev_msg;
5040 struct kev_nd6_event nd6_event;
5041
5042 bzero(&ev_msg, sizeof(ev_msg));
5043 bzero(&nd6_event, sizeof(nd6_event));
5044
5045 nd6log0(info, "%s Event %s received for %s\n",
5046 __func__, in6_event2kev_array[in6_ev_code].in6_event_str,
5047 ip6_sprintf(p_addr6));
5048
5049 ev_msg.vendor_code = KEV_VENDOR_APPLE;
5050 ev_msg.kev_class = KEV_NETWORK_CLASS;
5051 ev_msg.kev_subclass =
5052 in6_event2kev_array[in6_ev_code].in6_event_kev_subclass;
5053 ev_msg.event_code =
5054 in6_event2kev_array[in6_ev_code].in6_event_kev_code;
5055
5056 nd6_event.link_data.if_family = ifp->if_family;
5057 nd6_event.link_data.if_unit = ifp->if_unit;
5058 strlcpy(nd6_event.link_data.if_name, ifp->if_name,
5059 sizeof(nd6_event.link_data.if_name));
5060
5061 VERIFY(p_addr6 != NULL);
5062 bcopy(p_addr6, &nd6_event.in6_address,
5063 sizeof(nd6_event.in6_address));
5064 nd6_event.val = val;
5065
5066 ev_msg.dv[0].data_ptr = &nd6_event;
5067 ev_msg.dv[0].data_length = sizeof(nd6_event);
5068
5069 kev_post_msg(&ev_msg);
5070 }
5071
5072 struct in6_event_nwk_wq_entry {
5073 struct nwk_wq_entry nwk_wqe;
5074 struct in6_event in6_ev_arg;
5075 };
5076
5077 static void
in6_event_callback(struct nwk_wq_entry * nwk_item)5078 in6_event_callback(struct nwk_wq_entry *nwk_item)
5079 {
5080 struct in6_event_nwk_wq_entry *p_ev;
5081
5082 p_ev = __container_of(nwk_item, struct in6_event_nwk_wq_entry, nwk_wqe);
5083
5084 EVENTHANDLER_INVOKE(&in6_evhdlr_ctxt, in6_event,
5085 p_ev->in6_ev_arg.in6_event_code, p_ev->in6_ev_arg.in6_ifp,
5086 &p_ev->in6_ev_arg.in6_address, p_ev->in6_ev_arg.val);
5087
5088 kfree_type(struct in6_event_nwk_wq_entry, p_ev);
5089 }
5090
5091 void
in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,struct ifnet * ifp,struct in6_addr * p_addr6,uint32_t val)5092 in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,
5093 struct ifnet *ifp, struct in6_addr *p_addr6,
5094 uint32_t val)
5095 {
5096 struct in6_event_nwk_wq_entry *p_in6_ev = NULL;
5097
5098 p_in6_ev = kalloc_type(struct in6_event_nwk_wq_entry,
5099 Z_WAITOK | Z_ZERO | Z_NOFAIL);
5100
5101 p_in6_ev->nwk_wqe.func = in6_event_callback;
5102 p_in6_ev->in6_ev_arg.in6_event_code = in6_event_code;
5103 p_in6_ev->in6_ev_arg.in6_ifp = ifp;
5104 if (p_addr6 != NULL) {
5105 bcopy(p_addr6, &p_in6_ev->in6_ev_arg.in6_address,
5106 sizeof(p_in6_ev->in6_ev_arg.in6_address));
5107 }
5108 p_in6_ev->in6_ev_arg.val = val;
5109
5110 nwk_wq_enqueue(&p_in6_ev->nwk_wqe);
5111 }
5112
5113 /*
5114 * Caller must hold in6_ifaddr_rwlock as writer.
5115 */
5116 static void
in6_iahash_remove(struct in6_ifaddr * ia)5117 in6_iahash_remove(struct in6_ifaddr *ia)
5118 {
5119 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5120 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5121
5122 if (!IA6_IS_HASHED(ia)) {
5123 panic("%s: attempt to remove wrong ia %p from ipv6 hash table", __func__, ia);
5124 /* NOTREACHED */
5125 }
5126 TAILQ_REMOVE(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
5127 IA6_HASH_INIT(ia);
5128 if (IFA_REMREF_LOCKED(&ia->ia_ifa) == NULL) {
5129 panic("%s: unexpected (missing) refcnt ifa=%p", __func__,
5130 &ia->ia_ifa);
5131 /* NOTREACHED */
5132 }
5133 }
5134
5135 /*
5136 * Caller must hold in6_ifaddr_rwlock as writer.
5137 */
5138 static void
in6_iahash_insert(struct in6_ifaddr * ia)5139 in6_iahash_insert(struct in6_ifaddr *ia)
5140 {
5141 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5142 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5143
5144 if (ia->ia_addr.sin6_family != AF_INET6) {
5145 panic("%s: attempt to insert wrong ia %p into hash table", __func__, ia);
5146 /* NOTREACHED */
5147 } else if (IA6_IS_HASHED(ia)) {
5148 panic("%s: attempt to double-insert ia %p into hash table", __func__, ia);
5149 /* NOTREACHED */
5150 }
5151 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5152 ia, ia6_hash);
5153 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5154 }
5155
5156 /*
5157 * Some point to point interfaces that are tunnels borrow the address from
5158 * an underlying interface (e.g. VPN server). In order for source address
5159 * selection logic to find the underlying interface first, we add the address
5160 * of borrowing point to point interfaces at the end of the list.
5161 * (see rdar://6733789)
5162 *
5163 * Caller must hold in6_ifaddr_rwlock as writer.
5164 */
5165 static void
in6_iahash_insert_ptp(struct in6_ifaddr * ia)5166 in6_iahash_insert_ptp(struct in6_ifaddr *ia)
5167 {
5168 struct in6_ifaddr *tmp_ifa;
5169 struct ifnet *tmp_ifp;
5170
5171 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5172 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5173
5174 if (ia->ia_addr.sin6_family != AF_INET6) {
5175 panic("%s: attempt to insert wrong ia %p into hash table", __func__, ia);
5176 /* NOTREACHED */
5177 } else if (IA6_IS_HASHED(ia)) {
5178 panic("%s: attempt to double-insert ia %p into hash table", __func__, ia);
5179 /* NOTREACHED */
5180 }
5181 IFA_UNLOCK(&ia->ia_ifa);
5182 TAILQ_FOREACH(tmp_ifa, IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia6_hash) {
5183 IFA_LOCK(&tmp_ifa->ia_ifa);
5184 /* ia->ia_addr won't change, so check without lock */
5185 if (in6_are_addr_equal_scoped(&tmp_ifa->ia_addr.sin6_addr, &ia->ia_addr.sin6_addr, tmp_ifa->ia_addr.sin6_scope_id, ia->ia_addr.sin6_scope_id)) {
5186 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5187 break;
5188 }
5189 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5190 }
5191 tmp_ifp = (tmp_ifa == NULL) ? NULL : tmp_ifa->ia_ifp;
5192
5193 IFA_LOCK(&ia->ia_ifa);
5194 if (tmp_ifp == NULL) {
5195 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5196 ia, ia6_hash);
5197 } else {
5198 TAILQ_INSERT_TAIL(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5199 ia, ia6_hash);
5200 }
5201 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5202 }
5203
5204 /*
5205 * ipv6 socket options.
5206 *
5207 * The switch statement below does nothing at runtime, as it serves as a
5208 * compile time check to ensure that all of the ipv6 socket options are
5209 * unique. This works as long as this routine gets updated each time a
5210 * new ipv6 socket option gets added.
5211 *
5212 * Any failures at compile time indicates duplicated ipv6 socket option
5213 * values.
5214 */
5215 static __attribute__((unused)) void
tcpsockopt_cassert(void)5216 tcpsockopt_cassert(void)
5217 {
5218 /*
5219 * This is equivalent to _CASSERT() and the compiler wouldn't
5220 * generate any instructions, thus for compile time only.
5221 */
5222 switch ((int)0) {
5223 case 0:
5224
5225 /* bsd/netinet6/in6.h */
5226 case IPV6_SOCKOPT_RESERVED1:
5227 case IPV6_UNICAST_HOPS:
5228 case IPV6_MULTICAST_IF:
5229 case IPV6_MULTICAST_HOPS:
5230 case IPV6_MULTICAST_LOOP:
5231 case IPV6_JOIN_GROUP:
5232 case IPV6_LEAVE_GROUP:
5233 case IPV6_PORTRANGE:
5234 case ICMP6_FILTER:
5235 case IPV6_2292PKTINFO:
5236 case IPV6_2292HOPLIMIT:
5237 case IPV6_2292NEXTHOP:
5238 case IPV6_2292HOPOPTS:
5239 case IPV6_2292DSTOPTS:
5240 case IPV6_2292RTHDR:
5241 case IPV6_2292PKTOPTIONS:
5242 #ifdef __APPLE_USE_RFC_2292
5243 // #define IPV6_PKTINFO IPV6_3542PKTINFO
5244 // #define IPV6_HOPLIMIT IPV6_3542HOPLIMIT
5245 // #define IPV6_NEXTHOP IPV6_3542NEXTHOP
5246 // #define IPV6_HOPOPTS IPV6_3542HOPOPTS
5247 // #define IPV6_DSTOPTS IPV6_3542DSTOPTS
5248 // #define IPV6_RTHDR IPV6_3542RTHDR
5249 case IPV6_PKTOPTIONS:
5250 #endif /* __APPLE_USE_RFC_2292 */
5251 case IPV6_CHECKSUM:
5252 case IPV6_V6ONLY:
5253 #ifndef KERNEL
5254 // #define IPV6_BINDV6ONLY IPV6_V6ONLY
5255 #endif /* KERNEL */
5256 case IPV6_IPSEC_POLICY:
5257 case IPV6_FAITH:
5258 case IPV6_FW_ADD:
5259 case IPV6_FW_DEL:
5260 case IPV6_FW_FLUSH:
5261 case IPV6_FW_ZERO:
5262 case IPV6_FW_GET:
5263 case IPV6_RECVTCLASS:
5264 case IPV6_TCLASS:
5265 #ifdef __APPLE_USE_RFC_3542
5266 case IPV6_RTHDRDSTOPTS:
5267 case IPV6_RECVPKTINFO:
5268 case IPV6_RECVHOPLIMIT:
5269 case IPV6_RECVRTHDR:
5270 case IPV6_RECVHOPOPTS:
5271 case IPV6_RECVDSTOPTS:
5272 #ifdef KERNEL
5273 case IPV6_RECVRTHDRDSTOPTS:
5274 #endif
5275 case IPV6_USE_MIN_MTU:
5276 case IPV6_RECVPATHMTU:
5277 case IPV6_PATHMTU:
5278 case IPV6_3542PKTINFO:
5279 case IPV6_3542HOPLIMIT:
5280 case IPV6_3542NEXTHOP:
5281 case IPV6_3542HOPOPTS:
5282 case IPV6_3542DSTOPTS:
5283 case IPV6_3542RTHDR:
5284 // #define IPV6_PKTINFO IPV6_3542PKTINFO
5285 // #define IPV6_HOPLIMIT IPV6_3542HOPLIMIT
5286 // #define IPV6_NEXTHOP IPV6_3542NEXTHOP
5287 // #define IPV6_HOPOPTS IPV6_3542HOPOPTS
5288 // #define IPV6_DSTOPTS IPV6_3542DSTOPTS
5289 // #define IPV6_RTHDR IPV6_3542RTHDR
5290 case IPV6_AUTOFLOWLABEL:
5291 case IPV6_DONTFRAG:
5292 case IPV6_PREFER_TEMPADDR:
5293 case IPV6_MSFILTER:
5294 #endif /* __APPLE_USE_RFC_3542 */
5295 case IPV6_BOUND_IF:
5296
5297 /* bsd/netinet6/in6_private.h */
5298 case IPV6_NO_IFT_CELLULAR:
5299 case IPV6_OUT_IF:
5300 ;
5301 }
5302 }
5303