1 /*
2 * Copyright (c) 1997-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @(#)ndrv.c 1.1 (MacOSX) 6/10/43
30 * Justin Walker, 970604
31 * AF_NDRV support
32 * 980130 - Cleanup, reorg, performance improvemements
33 * 000816 - Removal of Y adapter cruft
34 */
35
36 /*
37 * PF_NDRV allows raw access to a specified network device, directly
38 * with a socket. Expected use involves a socket option to request
39 * protocol packets. This lets ndrv_output() call ifnet_output(), and
40 * lets DLIL find the proper recipient for incoming packets.
41 * The purpose here is for user-mode protocol implementation.
42 * Note that "pure raw access" will still be accomplished with BPF.
43 *
44 * In addition to the former use, when combined with socket NKEs,
45 * PF_NDRV permits a fairly flexible mechanism for implementing
46 * strange protocol support.
47 */
48 #include <mach/mach_types.h>
49
50 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/kernel.h>
53 #include <sys/malloc.h>
54 #include <sys/mbuf.h>
55 #include <sys/protosw.h>
56 #include <sys/domain.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
59 #include <sys/ioctl.h>
60 #include <sys/sysctl.h>
61 #include <sys/errno.h>
62 #include <sys/syslog.h>
63 #include <sys/proc.h>
64
65 #include <kern/queue.h>
66
67 #include <net/ndrv.h>
68 #include <net/route.h>
69 #include <net/if_llc.h>
70 #include <net/if_dl.h>
71 #include <net/if_types.h>
72 #include <net/ndrv_var.h>
73 #include <net/dlil.h>
74
75 #if INET
76 #include <netinet/in.h>
77 #include <netinet/in_var.h>
78 #endif
79 #include <netinet/if_ether.h>
80
81 static unsigned int ndrv_multi_max_count = NDRV_DMUX_MAX_DESCR;
82 SYSCTL_UINT(_net, OID_AUTO, ndrv_multi_max_count, CTLFLAG_RW | CTLFLAG_LOCKED,
83 &ndrv_multi_max_count, 0, "Number of allowed multicast addresses per NRDV socket");
84
85 /*
86 * The locking strategy relies on the PF_NRDRV domain mutex that protects both the
87 * PCB list "ndrvl" and the sockets themselves
88 */
89
90 static int ndrv_do_detach(struct ndrv_cb *);
91 static int ndrv_do_disconnect(struct ndrv_cb *);
92 static struct ndrv_cb *ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol_family);
93 static int ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt);
94 static int ndrv_delspec(struct ndrv_cb *);
95 static int ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux);
96 static void ndrv_handle_ifp_detach(u_int32_t family, short unit);
97 static int ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt);
98 static int ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt);
99 static struct ndrv_multiaddr* ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* addr);
100 static void ndrv_remove_all_multicast(struct ndrv_cb *np);
101 static void ndrv_dominit(struct domain *);
102
103 u_int32_t ndrv_sendspace = NDRVSNDQ;
104 u_int32_t ndrv_recvspace = NDRVRCVQ;
105 TAILQ_HEAD(, ndrv_cb) ndrvl = TAILQ_HEAD_INITIALIZER(ndrvl);
106
107 static struct domain *ndrvdomain = NULL;
108 extern struct domain ndrvdomain_s;
109
110 #define NDRV_PROTODEMUX_COUNT 10
111
112 /*
113 * Verify these values match.
114 * To keep clients from including dlil.h, we define
115 * these values independently in ndrv.h. They must
116 * match or a conversion function must be written.
117 */
118 #if NDRV_DEMUXTYPE_ETHERTYPE != DLIL_DESC_ETYPE2
119 #error NDRV_DEMUXTYPE_ETHERTYPE must match DLIL_DESC_ETYPE2
120 #endif
121 #if NDRV_DEMUXTYPE_SAP != DLIL_DESC_SAP
122 #error NDRV_DEMUXTYPE_SAP must match DLIL_DESC_SAP
123 #endif
124 #if NDRV_DEMUXTYPE_SNAP != DLIL_DESC_SNAP
125 #error NDRV_DEMUXTYPE_SNAP must match DLIL_DESC_SNAP
126 #endif
127
128 /*
129 * Protocol output - Called to output a raw network packet directly
130 * to the driver.
131 */
132 static int
ndrv_output(struct mbuf * m,struct socket * so)133 ndrv_output(struct mbuf *m, struct socket *so)
134 {
135 struct ndrv_cb *np = sotondrvcb(so);
136 struct ifnet *ifp = np->nd_if;
137 int result = 0;
138
139 #if NDRV_DEBUG
140 printf("NDRV output: %x, %x, %x\n", m, so, np);
141 #endif
142
143 /*
144 * No header is a format error
145 */
146 if ((m->m_flags & M_PKTHDR) == 0) {
147 return EINVAL;
148 }
149
150 /* Unlock before calling ifnet_output */
151 socket_unlock(so, 0);
152
153 /*
154 * Call DLIL if we can. DLIL is much safer than calling the
155 * ifp directly.
156 */
157 result = ifnet_output_raw(ifp, np->nd_proto_family, m);
158
159 socket_lock(so, 0);
160
161 return result;
162 }
163
164 /* Our input routine called from DLIL */
165 static errno_t
ndrv_input(ifnet_t ifp,protocol_family_t proto_family,mbuf_t m,char * frame_header)166 ndrv_input(
167 ifnet_t ifp,
168 protocol_family_t proto_family,
169 mbuf_t m,
170 char *frame_header)
171 {
172 struct socket *so;
173 struct sockaddr_dl ndrvsrc = {};
174 struct ndrv_cb *np;
175 int error = 0;
176
177 ndrvsrc.sdl_len = sizeof(struct sockaddr_dl);
178 ndrvsrc.sdl_family = AF_NDRV;
179 ndrvsrc.sdl_index = 0;
180
181 /* move packet from if queue to socket */
182 /* Should be media-independent */
183 ndrvsrc.sdl_type = IFT_ETHER;
184 ndrvsrc.sdl_nlen = 0;
185 ndrvsrc.sdl_alen = 6;
186 ndrvsrc.sdl_slen = 0;
187 bcopy(frame_header, &ndrvsrc.sdl_data, 6);
188
189 /* prepend the frame header */
190 m = m_prepend(m, ifnet_hdrlen(ifp), M_NOWAIT);
191 if (m == NULL) {
192 return EJUSTRETURN;
193 }
194 bcopy(frame_header, m->m_data, ifnet_hdrlen(ifp));
195
196 /*
197 * We need to take the domain mutex before the list RW lock
198 */
199 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
200 lck_mtx_lock(ndrvdomain->dom_mtx);
201
202 np = ndrv_find_inbound(ifp, proto_family);
203 if (np == NULL) {
204 lck_mtx_unlock(ndrvdomain->dom_mtx);
205 return ENOENT;
206 }
207
208 so = np->nd_socket;
209
210 if (sbappendaddr(&(so->so_rcv), (struct sockaddr *)&ndrvsrc,
211 m, NULL, &error) != 0) {
212 sorwakeup(so);
213 }
214
215 lck_mtx_unlock(ndrvdomain->dom_mtx);
216
217 return 0; /* radar 4030377 - always return 0 */
218 }
219
220 /*
221 * Allocate an ndrv control block and some buffer space for the socket
222 */
223 static int
ndrv_attach(struct socket * so,int proto,__unused struct proc * p)224 ndrv_attach(struct socket *so, int proto, __unused struct proc *p)
225 {
226 int error;
227 struct ndrv_cb *np = sotondrvcb(so);
228
229 if ((so->so_state & SS_PRIV) == 0) {
230 return EPERM;
231 }
232
233 #if NDRV_DEBUG
234 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
235 #endif
236
237 if ((error = soreserve(so, ndrv_sendspace, ndrv_recvspace))) {
238 return error;
239 }
240
241 np = kalloc_type(struct ndrv_cb, Z_WAITOK | Z_ZERO | Z_NOFAIL);
242 so->so_pcb = (caddr_t)np;
243 #if NDRV_DEBUG
244 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
245 #endif
246 TAILQ_INIT(&np->nd_dlist);
247 np->nd_signature = NDRV_SIGNATURE;
248 np->nd_socket = so;
249 np->nd_proto.sp_family = (uint16_t)SOCK_DOM(so);
250 np->nd_proto.sp_protocol = (uint16_t)proto;
251 np->nd_if = NULL;
252 np->nd_proto_family = 0;
253 np->nd_family = 0;
254 np->nd_unit = 0;
255
256 /*
257 * Use the domain mutex to protect the list
258 */
259 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
260 lck_mtx_lock(ndrvdomain->dom_mtx);
261
262 TAILQ_INSERT_TAIL(&ndrvl, np, nd_next);
263
264 lck_mtx_unlock(ndrvdomain->dom_mtx);
265
266 return 0;
267 }
268
269 /*
270 * Destroy state just before socket deallocation.
271 * Flush data or not depending on the options.
272 */
273
274 static int
ndrv_detach(struct socket * so)275 ndrv_detach(struct socket *so)
276 {
277 struct ndrv_cb *np = sotondrvcb(so);
278
279 if (np == 0) {
280 return EINVAL;
281 }
282 return ndrv_do_detach(np);
283 }
284
285
286 /*
287 * If a socket isn't bound to a single address,
288 * the ndrv input routine will hand it anything
289 * within that protocol family (assuming there's
290 * nothing else around it should go to).
291 *
292 * Don't expect this to be used.
293 */
294
295 static int
ndrv_connect(struct socket * so,struct sockaddr * nam,__unused struct proc * p)296 ndrv_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
297 {
298 struct ndrv_cb *np = sotondrvcb(so);
299
300 if (np == 0) {
301 return EINVAL;
302 }
303
304 if (np->nd_faddr) {
305 return EISCONN;
306 }
307
308 if (nam->sa_len < sizeof(struct sockaddr_ndrv)) {
309 return EINVAL;
310 }
311
312 /* Allocate memory to store the remote address */
313 np->nd_faddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
314
315 bcopy((caddr_t) nam, (caddr_t) np->nd_faddr, MIN(sizeof(struct sockaddr_ndrv), nam->sa_len));
316 np->nd_faddr->snd_len = sizeof(struct sockaddr_ndrv);
317 soisconnected(so);
318 return 0;
319 }
320
321 static void
ndrv_event(struct ifnet * ifp,__unused protocol_family_t protocol,const struct kev_msg * event)322 ndrv_event(struct ifnet *ifp, __unused protocol_family_t protocol,
323 const struct kev_msg *event)
324 {
325 if (event->vendor_code == KEV_VENDOR_APPLE &&
326 event->kev_class == KEV_NETWORK_CLASS &&
327 event->kev_subclass == KEV_DL_SUBCLASS &&
328 event->event_code == KEV_DL_IF_DETACHING) {
329 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
330 lck_mtx_lock(ndrvdomain->dom_mtx);
331 ndrv_handle_ifp_detach(ifnet_family(ifp), ifp->if_unit);
332 lck_mtx_unlock(ndrvdomain->dom_mtx);
333 }
334 }
335
336 /*
337 * This is the "driver open" hook - we 'bind' to the
338 * named driver.
339 * Here's where we latch onto the driver.
340 */
341 static int
ndrv_bind(struct socket * so,struct sockaddr * nam,__unused struct proc * p)342 ndrv_bind(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
343 {
344 struct sockaddr_ndrv *sa = (struct sockaddr_ndrv *) nam;
345 char *dname;
346 struct ndrv_cb *np;
347 struct ifnet *ifp;
348 int result;
349
350 if (TAILQ_EMPTY(&ifnet_head)) {
351 return EADDRNOTAVAIL; /* Quick sanity check */
352 }
353 np = sotondrvcb(so);
354 if (np == 0) {
355 return EINVAL;
356 }
357
358 if (np->nd_laddr) {
359 return EINVAL; /* XXX */
360 }
361 /* I think we just latch onto a copy here; the caller frees */
362 np->nd_laddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
363 bcopy((caddr_t) sa, (caddr_t) np->nd_laddr, MIN(sizeof(struct sockaddr_ndrv), sa->snd_len));
364 np->nd_laddr->snd_len = sizeof(struct sockaddr_ndrv);
365 dname = (char *) sa->snd_name;
366 if (*dname == '\0') {
367 return EINVAL;
368 }
369 #if NDRV_DEBUG
370 printf("NDRV bind: %x, %x, %s\n", so, np, dname);
371 #endif
372 /* Track down the driver and its ifnet structure.
373 * There's no internal call for this so we have to dup the code
374 * in if.c/ifconf()
375 */
376 ifnet_head_lock_shared();
377 TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
378 if (strncmp(ifp->if_xname, dname, IFNAMSIZ) == 0) {
379 break;
380 }
381 }
382 ifnet_head_done();
383
384 if (ifp == NULL) {
385 return EADDRNOTAVAIL;
386 }
387
388 // PPP doesn't support PF_NDRV.
389 if (ifnet_family(ifp) != APPLE_IF_FAM_PPP) {
390 /* NDRV on this interface */
391 struct ifnet_attach_proto_param ndrv_proto;
392 result = 0;
393 bzero(&ndrv_proto, sizeof(ndrv_proto));
394 ndrv_proto.event = ndrv_event;
395
396 /* We aren't worried about double attaching, that should just return an error */
397 socket_unlock(so, 0);
398 result = ifnet_attach_protocol(ifp, PF_NDRV, &ndrv_proto);
399 socket_lock(so, 0);
400 if (result && result != EEXIST) {
401 return result;
402 }
403 np->nd_proto_family = PF_NDRV;
404 } else {
405 np->nd_proto_family = 0;
406 }
407
408 np->nd_if = ifp;
409 np->nd_family = ifnet_family(ifp);
410 np->nd_unit = ifp->if_unit;
411
412 return 0;
413 }
414
415 static int
ndrv_disconnect(struct socket * so)416 ndrv_disconnect(struct socket *so)
417 {
418 struct ndrv_cb *np = sotondrvcb(so);
419
420 if (np == 0) {
421 return EINVAL;
422 }
423
424 if (np->nd_faddr == 0) {
425 return ENOTCONN;
426 }
427
428 ndrv_do_disconnect(np);
429 return 0;
430 }
431
432 /*
433 * Mark the connection as being incapable of further input.
434 */
435 static int
ndrv_shutdown(struct socket * so)436 ndrv_shutdown(struct socket *so)
437 {
438 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
439 socantsendmore(so);
440 return 0;
441 }
442
443 /*
444 * Ship a packet out. The ndrv output will pass it
445 * to the appropriate driver. The really tricky part
446 * is the destination address...
447 */
448 static int
ndrv_send(struct socket * so,__unused int flags,struct mbuf * m,__unused struct sockaddr * addr,struct mbuf * control,__unused struct proc * p)449 ndrv_send(struct socket *so, __unused int flags, struct mbuf *m,
450 __unused struct sockaddr *addr, struct mbuf *control,
451 __unused struct proc *p)
452 {
453 int error;
454
455 if (control != NULL) {
456 m_freem(control);
457 return EOPNOTSUPP;
458 }
459
460 error = ndrv_output(m, so);
461 m = NULL;
462 return error;
463 }
464
465
466 static int
ndrv_abort(struct socket * so)467 ndrv_abort(struct socket *so)
468 {
469 struct ndrv_cb *np = sotondrvcb(so);
470
471 if (np == 0) {
472 return EINVAL;
473 }
474
475 ndrv_do_disconnect(np);
476 return 0;
477 }
478
479 static int
ndrv_sockaddr(struct socket * so,struct sockaddr ** nam)480 ndrv_sockaddr(struct socket *so, struct sockaddr **nam)
481 {
482 struct ndrv_cb *np = sotondrvcb(so);
483 int len;
484
485 if (np == 0) {
486 return EINVAL;
487 }
488
489 if (np->nd_laddr == 0) {
490 return EINVAL;
491 }
492
493 len = np->nd_laddr->snd_len;
494 *nam = (struct sockaddr *)alloc_sockaddr(len,
495 Z_WAITOK | Z_NOFAIL);
496
497 bcopy((caddr_t)np->nd_laddr, *nam,
498 (unsigned)len);
499 return 0;
500 }
501
502
503 static int
ndrv_peeraddr(struct socket * so,struct sockaddr ** nam)504 ndrv_peeraddr(struct socket *so, struct sockaddr **nam)
505 {
506 struct ndrv_cb *np = sotondrvcb(so);
507 int len;
508
509 if (np == 0) {
510 return EINVAL;
511 }
512
513 if (np->nd_faddr == 0) {
514 return ENOTCONN;
515 }
516
517 len = np->nd_faddr->snd_len;
518 *nam = (struct sockaddr *)alloc_sockaddr(len,
519 Z_WAITOK | Z_NOFAIL);
520
521 bcopy((caddr_t)np->nd_faddr, *nam,
522 (unsigned)len);
523 return 0;
524 }
525
526
527 /* Control output */
528
529 static int
ndrv_ctloutput(struct socket * so,struct sockopt * sopt)530 ndrv_ctloutput(struct socket *so, struct sockopt *sopt)
531 {
532 struct ndrv_cb *np = sotondrvcb(so);
533 int error = 0;
534
535 switch (sopt->sopt_name) {
536 case NDRV_DELDMXSPEC: /* Delete current spec */
537 /* Verify no parameter was passed */
538 if (sopt->sopt_val != 0 || sopt->sopt_valsize != 0) {
539 /*
540 * We don't support deleting a specific demux, it's
541 * all or nothing.
542 */
543 return EINVAL;
544 }
545 error = ndrv_delspec(np);
546 break;
547 case NDRV_SETDMXSPEC: /* Set protocol spec */
548 error = ndrv_setspec(np, sopt);
549 break;
550 case NDRV_ADDMULTICAST:
551 error = ndrv_do_add_multicast(np, sopt);
552 break;
553 case NDRV_DELMULTICAST:
554 error = ndrv_do_remove_multicast(np, sopt);
555 break;
556 default:
557 error = ENOTSUP;
558 }
559 #ifdef NDRV_DEBUG
560 log(LOG_WARNING, "NDRV CTLOUT: %x returns %d\n", sopt->sopt_name,
561 error);
562 #endif
563 return error;
564 }
565
566 static int
ndrv_do_detach(struct ndrv_cb * np)567 ndrv_do_detach(struct ndrv_cb *np)
568 {
569 struct ndrv_cb* cur_np = NULL;
570 struct socket *so = np->nd_socket;
571 int error = 0;
572 struct ifnet * ifp;
573
574 #if NDRV_DEBUG
575 printf("NDRV detach: %x, %x\n", so, np);
576 #endif
577 ndrv_remove_all_multicast(np);
578
579 /* Remove from the linked list of control blocks */
580 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
581 TAILQ_REMOVE(&ndrvl, np, nd_next);
582
583 ifp = np->nd_if;
584 if (ifp != NULL) {
585 u_int32_t proto_family = np->nd_proto_family;
586
587 if (proto_family != PF_NDRV && proto_family != 0) {
588 socket_unlock(so, 0);
589 ifnet_detach_protocol(ifp, proto_family);
590 socket_lock(so, 0);
591 }
592
593 /* Check if this is the last socket attached to this interface */
594 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
595 TAILQ_FOREACH(cur_np, &ndrvl, nd_next) {
596 if (cur_np->nd_family == np->nd_family &&
597 cur_np->nd_unit == np->nd_unit) {
598 break;
599 }
600 }
601
602 /* If there are no other interfaces, detach PF_NDRV from the interface */
603 if (cur_np == NULL) {
604 socket_unlock(so, 0);
605 ifnet_detach_protocol(ifp, PF_NDRV);
606 socket_lock(so, 0);
607 }
608 }
609 if (np->nd_laddr != NULL) {
610 kfree_type(struct sockaddr_ndrv, np->nd_laddr);
611 }
612 kfree_type(struct ndrv_cb, np);
613 so->so_pcb = 0;
614 so->so_flags |= SOF_PCBCLEARING;
615 sofree(so);
616 return error;
617 }
618
619 static int
ndrv_do_disconnect(struct ndrv_cb * np)620 ndrv_do_disconnect(struct ndrv_cb *np)
621 {
622 struct socket * so = np->nd_socket;
623 #if NDRV_DEBUG
624 printf("NDRV disconnect: %x\n", np);
625 #endif
626 if (np->nd_faddr) {
627 kfree_type(struct sockaddr_ndrv, np->nd_faddr);
628 }
629 /*
630 * A multipath subflow socket would have its SS_NOFDREF set by default,
631 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB;
632 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared.
633 */
634 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) {
635 ndrv_do_detach(np);
636 }
637 soisdisconnected(so);
638 return 0;
639 }
640
641 #if 0
642 //### Not used
643 /*
644 * When closing, dump any enqueued mbufs.
645 */
646 void
647 ndrv_flushq(struct ifqueue *q)
648 {
649 struct mbuf *m;
650 for (;;) {
651 IF_DEQUEUE(q, m);
652 if (m == NULL) {
653 break;
654 }
655 IF_DROP(q);
656 if (m) {
657 m_freem(m);
658 }
659 }
660 }
661 #endif
662
663 int
ndrv_setspec(struct ndrv_cb * np,struct sockopt * sopt)664 ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt)
665 {
666 struct ifnet_attach_proto_param proto_param;
667 struct ndrv_protocol_desc ndrvSpec;
668 struct ndrv_demux_desc* ndrvDemux = NULL;
669 size_t ndrvDemuxSize = 0;
670 int error = 0;
671 struct socket * so = np->nd_socket;
672 user_addr_t user_addr;
673
674 /* Sanity checking */
675 if (np->nd_proto_family != PF_NDRV) {
676 return EBUSY;
677 }
678 if (np->nd_if == NULL) {
679 return EINVAL;
680 }
681
682 /* Copy the ndrvSpec */
683 if (proc_is64bit(sopt->sopt_p)) {
684 struct ndrv_protocol_desc64 ndrvSpec64;
685
686 if (sopt->sopt_valsize != sizeof(ndrvSpec64)) {
687 return EINVAL;
688 }
689
690 error = sooptcopyin(sopt, &ndrvSpec64, sizeof(ndrvSpec64), sizeof(ndrvSpec64));
691 if (error != 0) {
692 return error;
693 }
694
695 ndrvSpec.version = ndrvSpec64.version;
696 ndrvSpec.protocol_family = ndrvSpec64.protocol_family;
697 ndrvSpec.demux_count = ndrvSpec64.demux_count;
698
699 user_addr = CAST_USER_ADDR_T(ndrvSpec64.demux_list);
700 } else {
701 struct ndrv_protocol_desc32 ndrvSpec32;
702
703 if (sopt->sopt_valsize != sizeof(ndrvSpec32)) {
704 return EINVAL;
705 }
706
707 error = sooptcopyin(sopt, &ndrvSpec32, sizeof(ndrvSpec32), sizeof(ndrvSpec32));
708 if (error != 0) {
709 return error;
710 }
711
712 ndrvSpec.version = ndrvSpec32.version;
713 ndrvSpec.protocol_family = ndrvSpec32.protocol_family;
714 ndrvSpec.demux_count = ndrvSpec32.demux_count;
715
716 user_addr = CAST_USER_ADDR_T(ndrvSpec32.demux_list);
717 }
718
719 /*
720 * Do not allow PF_NDRV as it's non-sensical and most importantly because
721 * we use PF_NDRV to see if the protocol family has already been set
722 */
723 if (ndrvSpec.protocol_family == PF_NDRV) {
724 return EINVAL;
725 }
726
727 /* Verify the parameter */
728 if (ndrvSpec.version > NDRV_PROTOCOL_DESC_VERS) {
729 return ENOTSUP; // version is too new!
730 } else if (ndrvSpec.version < 1) {
731 return EINVAL; // version is not valid
732 } else if (ndrvSpec.demux_count > NDRV_PROTODEMUX_COUNT || ndrvSpec.demux_count == 0) {
733 return EINVAL; // demux_count is not valid
734 }
735 bzero(&proto_param, sizeof(proto_param));
736 proto_param.demux_count = ndrvSpec.demux_count;
737
738 /* Allocate storage for demux array */
739 ndrvDemuxSize = proto_param.demux_count * sizeof(struct ndrv_demux_desc);
740 ndrvDemux = (struct ndrv_demux_desc*) kalloc_data(ndrvDemuxSize, Z_WAITOK);
741 if (ndrvDemux == NULL) {
742 return ENOMEM;
743 }
744
745 /* Allocate enough ifnet_demux_descs */
746 proto_param.demux_array = kalloc_type(struct ifnet_demux_desc,
747 ndrvSpec.demux_count, Z_WAITOK | Z_ZERO);
748 if (proto_param.demux_array == NULL) {
749 error = ENOMEM;
750 }
751
752 if (error == 0) {
753 /* Copy the ndrv demux array from userland */
754 error = copyin(user_addr, ndrvDemux,
755 ndrvSpec.demux_count * sizeof(struct ndrv_demux_desc));
756 ndrvSpec.demux_list = ndrvDemux;
757 }
758
759 if (error == 0) {
760 /* At this point, we've at least got enough bytes to start looking around */
761 u_int32_t demuxOn = 0;
762
763 proto_param.demux_count = ndrvSpec.demux_count;
764 proto_param.input = ndrv_input;
765 proto_param.event = ndrv_event;
766
767 for (demuxOn = 0; demuxOn < ndrvSpec.demux_count; demuxOn++) {
768 /* Convert an ndrv_demux_desc to a ifnet_demux_desc */
769 error = ndrv_to_ifnet_demux(&ndrvSpec.demux_list[demuxOn],
770 &proto_param.demux_array[demuxOn]);
771 if (error) {
772 break;
773 }
774 }
775 }
776
777 if (error == 0) {
778 /*
779 * Set the protocol family to prevent other threads from
780 * attaching a protocol while the socket is unlocked
781 */
782 np->nd_proto_family = ndrvSpec.protocol_family;
783 socket_unlock(so, 0);
784 error = ifnet_attach_protocol(np->nd_if, ndrvSpec.protocol_family,
785 &proto_param);
786 socket_lock(so, 0);
787 /*
788 * Upon failure, indicate that no protocol is attached
789 */
790 if (error != 0) {
791 np->nd_proto_family = PF_NDRV;
792 }
793 }
794
795 /* Free any memory we've allocated */
796 if (proto_param.demux_array) {
797 kfree_type(struct ifnet_demux_desc, ndrvSpec.demux_count,
798 proto_param.demux_array);
799 }
800 if (ndrvDemux) {
801 kfree_data(ndrvDemux, ndrvDemuxSize);
802 }
803
804 return error;
805 }
806
807
808 int
ndrv_to_ifnet_demux(struct ndrv_demux_desc * ndrv,struct ifnet_demux_desc * ifdemux)809 ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux)
810 {
811 bzero(ifdemux, sizeof(*ifdemux));
812
813 if (ndrv->type < DLIL_DESC_ETYPE2) {
814 /* using old "type", not supported */
815 return ENOTSUP;
816 }
817
818 if (ndrv->length > 28) {
819 return EINVAL;
820 }
821
822 ifdemux->type = ndrv->type;
823 ifdemux->data = ndrv->data.other;
824 ifdemux->datalen = ndrv->length;
825
826 return 0;
827 }
828
829 int
ndrv_delspec(struct ndrv_cb * np)830 ndrv_delspec(struct ndrv_cb *np)
831 {
832 int result = 0;
833
834 if (np->nd_proto_family == PF_NDRV ||
835 np->nd_proto_family == 0) {
836 return EINVAL;
837 }
838
839 /* Detach the protocol */
840 result = ifnet_detach_protocol(np->nd_if, np->nd_proto_family);
841 np->nd_proto_family = PF_NDRV;
842
843 return result;
844 }
845
846 struct ndrv_cb *
ndrv_find_inbound(struct ifnet * ifp,u_int32_t protocol)847 ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol)
848 {
849 struct ndrv_cb* np;
850
851 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
852
853 if (protocol == PF_NDRV) {
854 return NULL;
855 }
856
857 TAILQ_FOREACH(np, &ndrvl, nd_next) {
858 if (np->nd_proto_family == protocol &&
859 np->nd_if == ifp) {
860 return np;
861 }
862 }
863
864 return NULL;
865 }
866
867 static void
ndrv_handle_ifp_detach(u_int32_t family,short unit)868 ndrv_handle_ifp_detach(u_int32_t family, short unit)
869 {
870 struct ndrv_cb* np;
871 struct ifnet *ifp = NULL;
872 struct socket *so;
873
874 /* Find all sockets using this interface. */
875 TAILQ_FOREACH(np, &ndrvl, nd_next) {
876 if (np->nd_family == family &&
877 np->nd_unit == unit) {
878 /* This cb is using the detaching interface, but not for long. */
879 /* Let the protocol go */
880 ifp = np->nd_if;
881 if (np->nd_proto_family != 0) {
882 ndrv_delspec(np);
883 }
884
885 /* Delete the multicasts first */
886 ndrv_remove_all_multicast(np);
887
888 /* Disavow all knowledge of the ifp */
889 np->nd_if = NULL;
890 np->nd_unit = 0;
891 np->nd_family = 0;
892
893 so = np->nd_socket;
894 /* Make sure sending returns an error */
895 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
896 socantsendmore(so);
897 socantrcvmore(so);
898 }
899 }
900
901 /* Unregister our protocol */
902 if (ifp) {
903 ifnet_detach_protocol(ifp, PF_NDRV);
904 }
905 }
906
907 static struct ndrv_multiaddr *
ndrv_multiaddr_alloc(size_t size)908 ndrv_multiaddr_alloc(size_t size)
909 {
910 struct ndrv_multiaddr *ndrv_multi;
911
912 ndrv_multi = kalloc_type(struct ndrv_multiaddr, Z_WAITOK_ZERO_NOFAIL);
913 ndrv_multi->addr = kalloc_data(size, Z_WAITOK_ZERO_NOFAIL);
914 return ndrv_multi;
915 }
916
917 static void
ndrv_multiaddr_free(struct ndrv_multiaddr * ndrv_multi,size_t size)918 ndrv_multiaddr_free(struct ndrv_multiaddr *ndrv_multi, size_t size)
919 {
920 kfree_data(ndrv_multi->addr, size);
921 kfree_type(struct ndrv_multiaddr, ndrv_multi);
922 }
923
924 static int
ndrv_do_add_multicast(struct ndrv_cb * np,struct sockopt * sopt)925 ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt)
926 {
927 struct ndrv_multiaddr *ndrv_multi;
928 int result;
929
930 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
931 sopt->sopt_level != SOL_NDRVPROTO || sopt->sopt_valsize > SOCK_MAXADDRLEN) {
932 return EINVAL;
933 }
934 if (np->nd_if == NULL) {
935 return ENXIO;
936 }
937 if (!(np->nd_dlist_cnt < ndrv_multi_max_count)) {
938 return EPERM;
939 }
940
941 ndrv_multi = ndrv_multiaddr_alloc(sopt->sopt_valsize);
942
943 // Copy in the address
944 result = copyin(sopt->sopt_val, ndrv_multi->addr, sopt->sopt_valsize);
945
946 // Validate the sockaddr
947 if (result == 0 && sopt->sopt_valsize != ndrv_multi->addr->sa_len) {
948 result = EINVAL;
949 }
950
951 if (result == 0 && ndrv_have_multicast(np, ndrv_multi->addr)) {
952 result = EEXIST;
953 }
954
955 if (result == 0) {
956 // Try adding the multicast
957 result = ifnet_add_multicast(np->nd_if, ndrv_multi->addr,
958 &ndrv_multi->ifma);
959 }
960
961 if (result == 0) {
962 // Add to our linked list
963 ndrv_multi->next = np->nd_multiaddrs;
964 np->nd_multiaddrs = ndrv_multi;
965 np->nd_dlist_cnt++;
966 } else {
967 // Free up the memory, something went wrong
968 ndrv_multiaddr_free(ndrv_multi, sopt->sopt_valsize);
969 }
970
971 return result;
972 }
973
974 static int
ndrv_do_remove_multicast(struct ndrv_cb * np,struct sockopt * sopt)975 ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt)
976 {
977 struct sockaddr* multi_addr;
978 struct ndrv_multiaddr* ndrv_entry = NULL;
979 int result;
980
981 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
982 sopt->sopt_valsize > SOCK_MAXADDRLEN ||
983 sopt->sopt_level != SOL_NDRVPROTO) {
984 return EINVAL;
985 }
986 if (np->nd_if == NULL || np->nd_dlist_cnt == 0) {
987 return ENXIO;
988 }
989
990 // Allocate storage
991 multi_addr = (struct sockaddr*) kalloc_data(sopt->sopt_valsize, Z_WAITOK);
992 if (multi_addr == NULL) {
993 return ENOMEM;
994 }
995
996 // Copy in the address
997 result = copyin(sopt->sopt_val, multi_addr, sopt->sopt_valsize);
998
999 // Validate the sockaddr
1000 if (result == 0 && sopt->sopt_valsize != multi_addr->sa_len) {
1001 result = EINVAL;
1002 }
1003
1004 if (result == 0) {
1005 /* Find the old entry */
1006 ndrv_entry = ndrv_have_multicast(np, multi_addr);
1007
1008 if (ndrv_entry == NULL) {
1009 result = ENOENT;
1010 }
1011 }
1012
1013 if (result == 0) {
1014 // Try deleting the multicast
1015 result = ifnet_remove_multicast(ndrv_entry->ifma);
1016 }
1017
1018 if (result == 0) {
1019 // Remove from our linked list
1020 struct ndrv_multiaddr* cur = np->nd_multiaddrs;
1021
1022 ifmaddr_release(ndrv_entry->ifma);
1023
1024 if (cur == ndrv_entry) {
1025 np->nd_multiaddrs = cur->next;
1026 } else {
1027 for (cur = cur->next; cur != NULL; cur = cur->next) {
1028 if (cur->next == ndrv_entry) {
1029 cur->next = cur->next->next;
1030 break;
1031 }
1032 }
1033 }
1034
1035 np->nd_dlist_cnt--;
1036
1037 ndrv_multiaddr_free(ndrv_entry, ndrv_entry->addr->sa_len);
1038 }
1039 kfree_data(multi_addr, sopt->sopt_valsize);
1040
1041 return result;
1042 }
1043
1044 static struct ndrv_multiaddr*
ndrv_have_multicast(struct ndrv_cb * np,struct sockaddr * inAddr)1045 ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* inAddr)
1046 {
1047 struct ndrv_multiaddr* cur;
1048 for (cur = np->nd_multiaddrs; cur != NULL; cur = cur->next) {
1049 if ((inAddr->sa_len == cur->addr->sa_len) &&
1050 (bcmp(cur->addr, inAddr, inAddr->sa_len) == 0)) {
1051 // Found a match
1052 return cur;
1053 }
1054 }
1055
1056 return NULL;
1057 }
1058
1059 static void
ndrv_remove_all_multicast(struct ndrv_cb * np)1060 ndrv_remove_all_multicast(struct ndrv_cb* np)
1061 {
1062 struct ndrv_multiaddr* cur;
1063
1064 if (np->nd_if != NULL) {
1065 while (np->nd_multiaddrs != NULL) {
1066 cur = np->nd_multiaddrs;
1067 np->nd_multiaddrs = cur->next;
1068
1069 ifnet_remove_multicast(cur->ifma);
1070 ifmaddr_release(cur->ifma);
1071 ndrv_multiaddr_free(cur, cur->addr->sa_len);
1072 }
1073 }
1074 }
1075
1076 static struct pr_usrreqs ndrv_usrreqs = {
1077 .pru_abort = ndrv_abort,
1078 .pru_attach = ndrv_attach,
1079 .pru_bind = ndrv_bind,
1080 .pru_connect = ndrv_connect,
1081 .pru_detach = ndrv_detach,
1082 .pru_disconnect = ndrv_disconnect,
1083 .pru_peeraddr = ndrv_peeraddr,
1084 .pru_send = ndrv_send,
1085 .pru_shutdown = ndrv_shutdown,
1086 .pru_sockaddr = ndrv_sockaddr,
1087 .pru_sosend = sosend,
1088 .pru_soreceive = soreceive,
1089 };
1090
1091 static struct protosw ndrvsw[] = {
1092 {
1093 .pr_type = SOCK_RAW,
1094 .pr_protocol = NDRVPROTO_NDRV,
1095 .pr_flags = PR_ATOMIC | PR_ADDR,
1096 .pr_output = ndrv_output,
1097 .pr_ctloutput = ndrv_ctloutput,
1098 .pr_usrreqs = &ndrv_usrreqs,
1099 }
1100 };
1101
1102 static int ndrv_proto_count = (sizeof(ndrvsw) / sizeof(struct protosw));
1103
1104 struct domain ndrvdomain_s = {
1105 .dom_family = PF_NDRV,
1106 .dom_name = "NetDriver",
1107 .dom_init = ndrv_dominit,
1108 };
1109
1110 static void
ndrv_dominit(struct domain * dp)1111 ndrv_dominit(struct domain *dp)
1112 {
1113 struct protosw *pr;
1114 int i;
1115
1116 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
1117 VERIFY(ndrvdomain == NULL);
1118
1119 ndrvdomain = dp;
1120
1121 for (i = 0, pr = &ndrvsw[0]; i < ndrv_proto_count; i++, pr++) {
1122 net_add_proto(pr, dp, 1);
1123 }
1124 }
1125