1 /*
2 * Copyright (c) 2000-2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29
30 /* $FreeBSD: src/sys/netinet6/udp6_output.c,v 1.1.2.3 2001/08/31 13:49:58 jlemon Exp $ */
31 /* $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $ */
32
33 /*
34 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
35 * All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the project nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 */
61
62 /*
63 * Copyright (c) 1982, 1986, 1989, 1993
64 * The Regents of the University of California. All rights reserved.
65 *
66 * Redistribution and use in source and binary forms, with or without
67 * modification, are permitted provided that the following conditions
68 * are met:
69 * 1. Redistributions of source code must retain the above copyright
70 * notice, this list of conditions and the following disclaimer.
71 * 2. Redistributions in binary form must reproduce the above copyright
72 * notice, this list of conditions and the following disclaimer in the
73 * documentation and/or other materials provided with the distribution.
74 * 3. All advertising materials mentioning features or use of this software
75 * must display the following acknowledgement:
76 * This product includes software developed by the University of
77 * California, Berkeley and its contributors.
78 * 4. Neither the name of the University nor the names of its contributors
79 * may be used to endorse or promote products derived from this software
80 * without specific prior written permission.
81 *
82 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
83 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
84 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
85 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
86 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
87 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
88 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
89 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
90 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
91 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
92 * SUCH DAMAGE.
93 *
94 * @(#)udp_var.h 8.1 (Berkeley) 6/10/93
95 */
96
97 #include <sys/param.h>
98 #include <sys/malloc.h>
99 #include <sys/mbuf.h>
100 #include <sys/protosw.h>
101 #include <sys/socket.h>
102 #include <sys/socketvar.h>
103 #include <sys/sysctl.h>
104 #include <sys/errno.h>
105 #include <sys/stat.h>
106 #include <sys/systm.h>
107 #include <sys/proc.h>
108 #include <sys/syslog.h>
109
110 #include <kern/uipc_socket.h>
111
112 #include <machine/endian.h>
113
114 #include <net/if.h>
115 #include <net/route.h>
116 #include <net/if_types.h>
117 #include <net/ntstat.h>
118 #include <net/droptap.h>
119
120 #include <netinet/in.h>
121 #include <netinet/in_var.h>
122 #include <netinet/in_systm.h>
123 #include <netinet/in_tclass.h>
124 #include <netinet/ip.h>
125 #include <netinet/ip_var.h>
126 #include <netinet/in_pcb.h>
127 #include <netinet/udp.h>
128 #include <netinet/udp_log.h>
129 #include <netinet/udp_var.h>
130 #include <netinet/ip6.h>
131 #include <netinet6/ip6_var.h>
132 #include <netinet6/in6_pcb.h>
133 #include <netinet6/udp6_var.h>
134 #include <netinet/icmp6.h>
135 #include <netinet6/ip6protosw.h>
136
137 #if NECP
138 #include <net/necp.h>
139 #endif /* NECP */
140
141 #include <net/net_osdep.h>
142
143 #if CONTENT_FILTER
144 #include <net/content_filter.h>
145 #endif /* CONTENT_FILTER */
146
147 #include <net/sockaddr_utils.h>
148
149 /*
150 * UDP protocol inplementation.
151 * Per RFC 768, August, 1980.
152 */
153 int
udp6_output(struct in6pcb * in6p,struct mbuf * m,struct sockaddr * addr6,struct mbuf * control,struct proc * p)154 udp6_output(struct in6pcb *in6p, struct mbuf *m, struct sockaddr *addr6,
155 struct mbuf *control, struct proc *p)
156 {
157 u_int32_t ulen = m->m_pkthdr.len;
158 u_int32_t plen = sizeof(struct udphdr) + ulen;
159 struct ip6_hdr *ip6;
160 struct udphdr *__single udp6;
161 struct in6_addr *__single laddr, *__single faddr;
162 u_short fport;
163 int error = 0;
164 struct ip6_pktopts opt, *__single optp = NULL;
165 struct ip6_moptions *__single im6o;
166 int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
167 int flags;
168 struct sockaddr_in6 tmp;
169 struct in6_addr storage;
170 struct sock_cm_info sockcminfo;
171 struct ip6_out_args ip6oa;
172 struct flowadv *__single adv = &ip6oa.ip6oa_flowadv;
173 struct socket *__single so = in6p->in6p_socket;
174 struct route_in6 ro;
175 int flowadv = 0;
176 bool sndinprog_cnt_used = false;
177 #if CONTENT_FILTER
178 struct m_tag *__single cfil_tag = NULL;
179 bool cfil_faddr_use = false;
180 uint32_t cfil_so_state_change_cnt = 0;
181 struct sockaddr *__single cfil_faddr = NULL;
182 struct sockaddr_in6 *__single cfil_sin6 = NULL;
183 #endif
184 bool check_qos_marking_again = (so->so_flags1 & SOF1_QOSMARKING_POLICY_OVERRIDE) ? FALSE : TRUE;
185 uint32_t lifscope = IFSCOPE_NONE, fifscope = IFSCOPE_NONE;
186 drop_reason_t drop_reason = DROP_REASON_UNSPECIFIED;
187
188 bzero(&ip6oa, sizeof(ip6oa));
189 ip6oa.ip6oa_boundif = IFSCOPE_NONE;
190 ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF;
191
192 /* Enable flow advisory only when connected */
193 flowadv = (so->so_state & SS_ISCONNECTED) ? 1 : 0;
194
195 if (flowadv && INP_WAIT_FOR_IF_FEEDBACK(in6p)) {
196 error = ENOBUFS;
197 drop_reason = DROP_REASON_IP_ENOBUFS;
198 UDP_LOG(in6p, "flow controlled error ENOBUFS");
199 goto release;
200 }
201
202 if (in6p->inp_flags & INP_BOUND_IF) {
203 ip6oa.ip6oa_boundif = in6p->inp_boundifp->if_index;
204 ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
205 } else if (!in6_embedded_scope && IN6_IS_SCOPE_EMBED(&in6p->in6p_faddr)) {
206 ip6oa.ip6oa_boundif = in6p->inp_fifscope;
207 ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
208 }
209 if (INP_NO_CELLULAR(in6p)) {
210 ip6oa.ip6oa_flags |= IP6OAF_NO_CELLULAR;
211 }
212 if (INP_NO_EXPENSIVE(in6p)) {
213 ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
214 }
215 if (INP_NO_CONSTRAINED(in6p)) {
216 ip6oa.ip6oa_flags |= IP6OAF_NO_CONSTRAINED;
217 }
218 if (INP_AWDL_UNRESTRICTED(in6p)) {
219 ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
220 }
221 if (INP_INTCOPROC_ALLOWED(in6p)) {
222 ip6oa.ip6oa_flags |= IP6OAF_INTCOPROC_ALLOWED;
223 }
224 if (INP_MANAGEMENT_ALLOWED(in6p)) {
225 ip6oa.ip6oa_flags |= IP6OAF_MANAGEMENT_ALLOWED;
226 }
227 if (INP_ULTRA_CONSTRAINED_ALLOWED(in6p)) {
228 ip6oa.ip6oa_flags |= IP6OAF_ULTRA_CONSTRAINED_ALLOWED;
229 }
230
231 #if CONTENT_FILTER
232 /*
233 * If socket is subject to UDP Content Filter and no addr is passed in,
234 * retrieve CFIL saved state from mbuf and use it if necessary.
235 */
236 if (CFIL_DGRAM_FILTERED(so) && !addr6) {
237 cfil_tag = cfil_dgram_get_socket_state(m, &cfil_so_state_change_cnt, NULL, &cfil_faddr, NULL);
238 if (cfil_tag) {
239 cfil_sin6 = SIN6(cfil_faddr);
240 if ((so->so_state_change_cnt != cfil_so_state_change_cnt) &&
241 (in6p->in6p_fport != cfil_sin6->sin6_port ||
242 !in6_are_addr_equal_scoped(&in6p->in6p_faddr, &cfil_sin6->sin6_addr, in6p->inp_fifscope, cfil_sin6->sin6_scope_id))) {
243 /*
244 * Socket is connected but socket state and dest addr/port changed.
245 * We need to use the saved faddr info.
246 */
247 cfil_faddr_use = true;
248 }
249 }
250 }
251 #endif
252
253 sock_init_cm_info(&sockcminfo, so);
254
255 if (control) {
256 sock_parse_cm_info(control, &sockcminfo);
257
258 if ((error = ip6_setpktopts(control, &opt,
259 in6p->in6p_outputopts, IPPROTO_UDP)) != 0) {
260 drop_reason = DROP_REASON_IP6_BAD_OPTION;
261 UDP_LOG(in6p, "bad option error %d", error);
262 goto release;
263 }
264 optp = &opt;
265 } else {
266 optp = in6p->in6p_outputopts;
267 }
268
269 ip6oa.ip6oa_sotc = sockcminfo.sotc;
270 ip6oa.ip6oa_netsvctype = sockcminfo.netsvctype;
271
272 in6p->inp_sndinprog_cnt++;
273 sndinprog_cnt_used = true;
274
275 if (addr6) {
276 /*
277 * IPv4 version of udp_output calls in_pcbconnect in this case,
278 * which has its costs.
279 *
280 * Since we saw no essential reason for calling in_pcbconnect,
281 * we get rid of such kind of logic, and call in6_selectsrc
282 * and in6_pcbsetport in order to fill in the local address
283 * and the local port.
284 */
285 struct sockaddr_in6 *__single sin6 = SIN6(addr6);
286
287 if (sin6->sin6_port == 0) {
288 error = EADDRNOTAVAIL;
289 drop_reason = DROP_REASON_IP_DST_ADDR_NO_AVAIL;
290 UDP_LOG(in6p, "sin6_port 0 error EADDRNOTAVAIL");
291 goto release;
292 }
293
294 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
295 /* how about ::ffff:0.0.0.0 case? */
296 error = EISCONN;
297 drop_reason = DROP_REASON_IP_EISCONN;
298 UDP_LOG(in6p, "already connected error EISCONN");
299 goto release;
300 }
301
302 /* protect *sin6 from overwrites */
303 tmp = *sin6;
304 sin6 = &tmp;
305
306 faddr = &sin6->sin6_addr;
307 fport = sin6->sin6_port; /* allow 0 port */
308
309 if (IN6_IS_ADDR_V4MAPPED(faddr)) {
310 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
311 /*
312 * I believe we should explicitly discard the
313 * packet when mapped addresses are disabled,
314 * rather than send the packet as an IPv6 one.
315 * If we chose the latter approach, the packet
316 * might be sent out on the wire based on the
317 * default route, the situation which we'd
318 * probably want to avoid.
319 * (20010421 [email protected])
320 */
321 error = EINVAL;
322 drop_reason = DROP_REASON_IP6_ONLY;
323 UDP_LOG(in6p, "IPv6 only with IPv4 mapped error EINVAL");
324 goto release;
325 } else {
326 af = AF_INET;
327 }
328 }
329
330 /* KAME hack: embed scopeid */
331 if (in6_embedscope(&sin6->sin6_addr, sin6, in6p, NULL,
332 optp, IN6_NULL_IF_EMBEDDED_SCOPE(&sin6->sin6_scope_id)) != 0) {
333 error = EINVAL;
334 drop_reason = DROP_REASON_IP6_BAD_SCOPE;
335 UDP_LOG(in6p, "bad scope error EINVAL");
336 goto release;
337 }
338 fifscope = sin6->sin6_scope_id;
339
340 if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
341 struct ifnet *__single src_ifp = NULL;
342 laddr = in6_selectsrc(sin6, optp,
343 in6p, &in6p->in6p_route, &src_ifp, &storage,
344 ip6oa.ip6oa_boundif, &error);
345 if (src_ifp != NULL) {
346 lifscope = src_ifp->if_index;
347 ifnet_release(src_ifp);
348 }
349 } else {
350 laddr = &in6p->in6p_laddr; /* XXX */
351 lifscope = in6p->inp_lifscope;
352 }
353 if (laddr == NULL) {
354 if (error == 0) {
355 error = EADDRNOTAVAIL;
356 }
357 drop_reason = DROP_REASON_IP_SRC_ADDR_NO_AVAIL;
358 UDP_LOG(in6p, "source address not available error EADDRNOTAVAIL");
359 goto release;
360 }
361 if (in6p->in6p_lport == 0) {
362 inp_enter_bind_in_progress(so);
363
364 error = in6_pcbsetport(laddr, addr6, in6p, p, 0);
365
366 if (error == 0) {
367 ASSERT(in6p->in6p_lport != 0);
368 }
369
370 inp_exit_bind_in_progress(so);
371
372 if (error != 0) {
373 UDP_LOG(in6p, "in6_pcbsetport error %d", error);
374 goto release;
375 }
376 }
377 } else {
378 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
379 error = ENOTCONN;
380 UDP_LOG(in6p, "not connected error ENOTCONN");
381 drop_reason = DROP_REASON_IP6_ADDR_UNSPECIFIED;
382 goto release;
383 }
384 laddr = &in6p->in6p_laddr;
385 faddr = &in6p->in6p_faddr;
386 fport = in6p->in6p_fport;
387 fifscope = in6p->inp_fifscope;
388 lifscope = in6p->inp_lifscope;
389 #if CONTENT_FILTER
390 if (cfil_faddr_use) {
391 faddr = &SIN6(cfil_faddr)->sin6_addr;
392 fport = SIN6(cfil_faddr)->sin6_port;
393 fifscope = SIN6(cfil_faddr)->sin6_scope_id;
394
395 /* Do not use cached route */
396 ROUTE_RELEASE(&in6p->in6p_route);
397 }
398 #endif
399 if (IN6_IS_ADDR_V4MAPPED(faddr)) {
400 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) {
401 /*
402 * XXX: this case would happen when the
403 * application sets the V6ONLY flag after
404 * connecting the foreign address.
405 * Such applications should be fixed,
406 * so we bark here.
407 */
408 error = EINVAL;
409 UDP_LOG(in6p, "IPv6 only with IPv4 mapped error EINVAL");
410 goto release;
411 } else {
412 af = AF_INET;
413 }
414 }
415 }
416
417 if (in6p->inp_flowhash == 0) {
418 inp_calc_flowhash(in6p);
419 ASSERT(in6p->inp_flowhash != 0);
420 }
421 /* update flowinfo - RFC 6437 */
422 if (in6p->inp_flow == 0 && in6p->in6p_flags & IN6P_AUTOFLOWLABEL) {
423 in6p->inp_flow &= ~IPV6_FLOWLABEL_MASK;
424 in6p->inp_flow |=
425 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
426 }
427
428 if (af == AF_INET) {
429 hlen = sizeof(struct ip);
430 }
431
432 if (fport == htons(53) && !(so->so_flags1 & SOF1_DNS_COUNTED)) {
433 so->so_flags1 |= SOF1_DNS_COUNTED;
434 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet_dgram_dns);
435 }
436
437 /*
438 * Calculate data length and get a mbuf
439 * for UDP and IP6 headers.
440 */
441 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT, 1);
442 if (m == 0) {
443 error = ENOBUFS;
444 UDP_LOG(in6p, "M_PREPEND error ENOBUFS");
445 drop_reason = DROP_REASON_IP_ENOBUFS;
446 goto release;
447 }
448
449 /*
450 * Stuff checksum and output datagram.
451 */
452 udp6 = (struct udphdr *)(void *)(mtod(m, caddr_t) + hlen);
453 udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */
454 udp6->uh_dport = fport;
455 if (plen <= 0xffff) {
456 udp6->uh_ulen = htons((u_short)plen);
457 } else {
458 udp6->uh_ulen = 0;
459 }
460 udp6->uh_sum = 0;
461
462 switch (af) {
463 case AF_INET6:
464 ip6 = mtod(m, struct ip6_hdr *);
465 ip6->ip6_flow = in6p->inp_flow & IPV6_FLOWINFO_MASK;
466 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
467 ip6->ip6_vfc |= IPV6_VERSION;
468 #if 0 /* ip6_plen will be filled in ip6_output. */
469 ip6->ip6_plen = htons((u_short)plen);
470 #endif
471 ip6->ip6_nxt = IPPROTO_UDP;
472 ip6->ip6_hlim = in6_selecthlim(in6p, in6p->in6p_route.ro_rt ?
473 in6p->in6p_route.ro_rt->rt_ifp : NULL);
474 ip6->ip6_src = *laddr;
475 ip6->ip6_dst = *faddr;
476
477 udp6->uh_sum = in6_pseudo(laddr, faddr,
478 htonl(plen + IPPROTO_UDP));
479 m->m_pkthdr.csum_flags = (CSUM_UDPIPV6 | CSUM_ZERO_INVERT);
480 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
481
482 if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) {
483 ip6oa.ip6oa_flags |= IP6OAF_BOUND_SRCADDR;
484 }
485
486 flags = IPV6_OUTARGS;
487
488 udp6stat.udp6s_opackets++;
489
490 #if NECP
491 {
492 necp_kernel_policy_id policy_id;
493 necp_kernel_policy_id skip_policy_id;
494 u_int32_t route_rule_id;
495 u_int32_t pass_flags;
496
497 /*
498 * We need a route to perform NECP route rule checks
499 */
500 if (net_qos_policy_restricted != 0 &&
501 ROUTE_UNUSABLE(&in6p->inp_route)) {
502 struct sockaddr_in6 to;
503 struct sockaddr_in6 from;
504
505 ROUTE_RELEASE(&in6p->inp_route);
506
507 SOCKADDR_ZERO(&from, sizeof(struct sockaddr_in6));
508 from.sin6_family = AF_INET6;
509 from.sin6_len = sizeof(struct sockaddr_in6);
510 from.sin6_addr = *laddr;
511
512 SOCKADDR_ZERO(&to, sizeof(struct sockaddr_in6));
513 to.sin6_family = AF_INET6;
514 to.sin6_len = sizeof(struct sockaddr_in6);
515 to.sin6_addr = *faddr;
516
517 in6p->inp_route.ro_dst.sa_family = AF_INET6;
518 in6p->inp_route.ro_dst.sa_len = sizeof(struct sockaddr_in6);
519 SIN6(&in6p->inp_route.ro_dst)->sin6_addr = *faddr;
520
521 if (!in6_embedded_scope) {
522 SIN6(&in6p->inp_route.ro_dst)->sin6_scope_id =
523 IN6_IS_SCOPE_EMBED(faddr) ? fifscope : IFSCOPE_NONE;
524 }
525 rtalloc_scoped(&in6p->inp_route, ip6oa.ip6oa_boundif);
526
527 inp_update_necp_policy(in6p, SA(&from),
528 SA(&to), ip6oa.ip6oa_boundif);
529 in6p->inp_policyresult.results.qos_marking_gencount = 0;
530 }
531
532 if (!necp_socket_is_allowed_to_send_recv_v6(in6p, in6p->in6p_lport, fport, laddr, faddr, NULL, 0, &policy_id, &route_rule_id, &skip_policy_id, &pass_flags)) {
533 error = EHOSTUNREACH;
534 drop_reason = DROP_REASON_IP_NECP_POLICY_DROP;
535 UDP_LOG_DROP_NECP(ip6, udp6, in6p, true);
536 goto release;
537 }
538
539 necp_mark_packet_from_socket(m, in6p, policy_id, route_rule_id, skip_policy_id, pass_flags);
540
541 if (net_qos_policy_restricted != 0) {
542 necp_socket_update_qos_marking(in6p, in6p->in6p_route.ro_rt, route_rule_id);
543 }
544 }
545 #endif /* NECP */
546 if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED)) {
547 ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
548 }
549 if (check_qos_marking_again) {
550 ip6oa.ip6oa_flags |= IP6OAF_REDO_QOSMARKING_POLICY;
551 }
552 ip6oa.qos_marking_gencount = in6p->inp_policyresult.results.qos_marking_gencount;
553
554 #if IPSEC
555 if (in6p->in6p_sp != NULL && ipsec_setsocket(m, so) != 0) {
556 error = ENOBUFS;
557 UDP_LOG_DROP_PCB(ip6, udp6, in6p, true, "ipsec_setsocket error ENOBUFS");
558 drop_reason = DROP_REASON_IP_ENOBUFS;
559 goto release;
560 }
561 #endif /*IPSEC*/
562
563 /* In case of IPv4-mapped address used in previous send */
564 if (ROUTE_UNUSABLE(&in6p->in6p_route) ||
565 rt_key(in6p->in6p_route.ro_rt)->sa_family != AF_INET6) {
566 ROUTE_RELEASE(&in6p->in6p_route);
567 }
568
569 /* Copy the cached route and take an extra reference */
570 in6p_route_copyout(in6p, &ro);
571
572 set_packet_service_class(m, so, sockcminfo.sotc, PKT_SCF_IPV6);
573 if (sockcminfo.tx_time) {
574 mbuf_set_tx_time(m, sockcminfo.tx_time);
575 }
576
577 m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
578 m->m_pkthdr.pkt_flowid = in6p->inp_flowhash;
579 m->m_pkthdr.pkt_proto = IPPROTO_UDP;
580 m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC);
581 if (flowadv) {
582 m->m_pkthdr.pkt_flags |= PKTF_FLOW_ADV;
583 }
584 m->m_pkthdr.tx_udp_pid = so->last_pid;
585 if (so->so_flags & SOF_DELEGATED) {
586 m->m_pkthdr.tx_udp_e_pid = so->e_pid;
587 } else {
588 m->m_pkthdr.tx_udp_e_pid = 0;
589 }
590 #if (DEBUG || DEVELOPMENT)
591 if (so->so_flags & SOF_MARK_WAKE_PKT) {
592 so->so_flags &= ~SOF_MARK_WAKE_PKT;
593 m->m_pkthdr.pkt_flags |= PKTF_WAKE_PKT;
594 }
595 #endif /* (DEBUG || DEVELOPMENT) */
596
597 im6o = in6p->in6p_moptions;
598 if (im6o != NULL) {
599 IM6O_LOCK(im6o);
600 IM6O_ADDREF_LOCKED(im6o);
601 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
602 im6o->im6o_multicast_ifp != NULL) {
603 in6p->in6p_last_outifp =
604 im6o->im6o_multicast_ifp;
605 #if SKYWALK
606 if (NETNS_TOKEN_VALID(&in6p->inp_netns_token)) {
607 netns_set_ifnet(&in6p->inp_netns_token,
608 in6p->in6p_last_outifp);
609 }
610 #endif /* SKYWALK */
611 }
612 IM6O_UNLOCK(im6o);
613 }
614
615 ip6_output_setdstifscope(m, fifscope, NULL);
616 ip6_output_setsrcifscope(m, lifscope, NULL);
617
618 socket_unlock(so, 0);
619 error = ip6_output(m, optp, &ro, flags, im6o, NULL, &ip6oa);
620 m = NULL;
621 socket_lock(so, 0);
622
623 if (im6o != NULL) {
624 IM6O_REMREF(im6o);
625 }
626
627 if (check_qos_marking_again) {
628 in6p->inp_policyresult.results.qos_marking_gencount = ip6oa.qos_marking_gencount;
629 if (ip6oa.ip6oa_flags & IP6OAF_QOSMARKING_ALLOWED) {
630 in6p->inp_socket->so_flags1 |= SOF1_QOSMARKING_ALLOWED;
631 } else {
632 in6p->inp_socket->so_flags1 &= ~SOF1_QOSMARKING_ALLOWED;
633 }
634 }
635
636 if (error == 0 && nstat_collect) {
637 stats_functional_type ifnet_count_type = stats_functional_type_unclassified;
638
639 if (ro.ro_rt != NULL) {
640 ifnet_count_type = IFNET_COUNT_TYPE(ro.ro_rt->rt_ifp);
641 }
642 INP_ADD_TXSTAT(in6p, ifnet_count_type, 1, ulen);
643 }
644
645 if (flowadv && (adv->code == FADV_FLOW_CONTROLLED ||
646 adv->code == FADV_SUSPENDED)) {
647 /*
648 * Return an error to indicate
649 * that the packet has been dropped.
650 */
651 error = ENOBUFS;
652 inp_set_fc_state(in6p, adv->code);
653 }
654
655 if (ro.ro_rt != NULL) {
656 struct ifnet *__single outif = ro.ro_rt->rt_ifp;
657
658 so->so_pktheadroom = (uint16_t)P2ROUNDUP(
659 sizeof(struct udphdr) +
660 hlen +
661 ifnet_hdrlen(outif) +
662 ifnet_mbuf_packetpreamblelen(outif),
663 sizeof(u_int32_t));
664 }
665
666 /* Synchronize PCB cached route */
667 in6p_route_copyin(in6p, &ro);
668
669 if (in6p->in6p_route.ro_rt != NULL) {
670 struct rtentry *__single rt = in6p->in6p_route.ro_rt;
671 struct ifnet *__single outif;
672
673 if (IS_LOCALNET_ROUTE(rt)) {
674 in6p->in6p_flags2 |= INP2_LAST_ROUTE_LOCAL;
675 } else {
676 in6p->in6p_flags2 &= ~INP2_LAST_ROUTE_LOCAL;
677 }
678
679 if (rt->rt_flags & RTF_MULTICAST) {
680 rt = NULL; /* unusable */
681 }
682 #if CONTENT_FILTER
683 /*
684 * Discard temporary route for cfil case
685 */
686 if (cfil_faddr_use) {
687 rt = NULL; /* unusable */
688 }
689 #endif
690
691 /*
692 * Always discard the cached route for unconnected
693 * socket or if it is a multicast route.
694 */
695 if (rt == NULL) {
696 ROUTE_RELEASE(&in6p->in6p_route);
697 }
698
699 /*
700 * If the destination route is unicast, update outif
701 * with that of the route interface used by IP.
702 */
703 if (rt != NULL) {
704 /*
705 * When an NECP IP tunnel policy forces the outbound interface,
706 * ip6_output_list() informs the transport layer what is the actual
707 * outgoing interface
708 */
709 if (ip6oa.ip6oa_flags & IP6OAF_BOUND_IF) {
710 ifnet_head_lock_shared();
711 outif = ifindex2ifnet[ip6oa.ip6oa_boundif];
712 ifnet_head_done();
713 } else {
714 outif = rt->rt_ifp;
715 }
716 if (outif != NULL && outif != in6p->in6p_last_outifp) {
717 in6p->in6p_last_outifp = outif;
718 #if SKYWALK
719 if (NETNS_TOKEN_VALID(&in6p->inp_netns_token)) {
720 netns_set_ifnet(&in6p->inp_netns_token,
721 in6p->in6p_last_outifp);
722 }
723 #endif /* SKYWALK */
724
725 so->so_pktheadroom = (uint16_t)P2ROUNDUP(
726 sizeof(struct udphdr) +
727 hlen +
728 ifnet_hdrlen(outif) +
729 ifnet_mbuf_packetpreamblelen(outif),
730 sizeof(u_int32_t));
731 }
732 }
733 } else {
734 ROUTE_RELEASE(&in6p->in6p_route);
735 }
736
737 /*
738 * If output interface was cellular/expensive, and this
739 * socket is denied access to it, generate an event.
740 */
741 if (error != 0 && (ip6oa.ip6oa_flags & IP6OAF_R_IFDENIED) &&
742 (INP_NO_CELLULAR(in6p) || INP_NO_EXPENSIVE(in6p) || INP_NO_CONSTRAINED(in6p))) {
743 soevent(in6p->inp_socket, (SO_FILT_HINT_LOCKED |
744 SO_FILT_HINT_IFDENIED));
745 }
746 break;
747 case AF_INET:
748 error = EAFNOSUPPORT;
749 UDP_LOG(in6p, "bad address family error EAFNOSUPPORT");
750 drop_reason = DROP_REASON_IP_EAFNOSUPPORT;
751 goto release;
752 }
753 goto releaseopt;
754
755 release:
756
757 if (m != NULL) {
758 m_drop(m, DROPTAP_FLAG_DIR_OUT | DROPTAP_FLAG_L2_MISSING, drop_reason, NULL, 0);
759 }
760
761 releaseopt:
762 if (control != NULL) {
763 if (optp == &opt) {
764 ip6_clearpktopts(optp, -1);
765 }
766 m_freem(control);
767 }
768 #if CONTENT_FILTER
769 if (cfil_tag) {
770 m_tag_free(cfil_tag);
771 }
772 #endif
773 if (sndinprog_cnt_used) {
774 VERIFY(in6p->inp_sndinprog_cnt > 0);
775 if (--in6p->inp_sndinprog_cnt == 0) {
776 in6p->inp_flags &= ~(INP_FC_FEEDBACK);
777 if (in6p->inp_sndingprog_waiters > 0) {
778 wakeup(&in6p->inp_sndinprog_cnt);
779 }
780 }
781 sndinprog_cnt_used = false;
782 }
783
784 return error;
785 }
786