1 /*
2 * Copyright (c) 2000-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1982, 1986, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in.c 8.4 (Berkeley) 1/9/95
61 */
62
63 #include <sys/param.h>
64 #include <sys/systm.h>
65 #include <sys/sockio.h>
66 #include <sys/socketvar.h>
67 #include <sys/malloc.h>
68 #include <sys/proc.h>
69 #include <sys/socket.h>
70 #include <sys/kernel.h>
71 #include <sys/sysctl.h>
72 #include <sys/kern_event.h>
73 #include <sys/syslog.h>
74 #include <sys/mcache.h>
75 #include <sys/protosw.h>
76 #include <sys/file.h>
77
78 #include <kern/zalloc.h>
79 #include <pexpert/pexpert.h>
80 #include <os/log.h>
81
82 #include <net/if.h>
83 #include <net/if_types.h>
84 #include <net/route.h>
85 #include <net/kpi_protocol.h>
86 #include <net/dlil.h>
87 #include <net/if_llatbl.h>
88 #include <net/if_arp.h>
89 #if PF
90 #include <net/pfvar.h>
91 #endif /* PF */
92
93 #include <netinet/in.h>
94 #include <netinet/in_var.h>
95 #include <netinet/in_pcb.h>
96 #include <netinet/igmp_var.h>
97 #include <netinet/ip_var.h>
98 #include <netinet/tcp.h>
99 #include <netinet/tcp_timer.h>
100 #include <netinet/tcp_var.h>
101 #include <netinet/if_ether.h>
102
103 static int inctl_associd(struct socket *, u_long, caddr_t);
104 static int inctl_connid(struct socket *, u_long, caddr_t);
105 static int inctl_conninfo(struct socket *, u_long, caddr_t);
106 static int inctl_autoaddr(struct ifnet *, struct ifreq *);
107 static int inctl_arpipll(struct ifnet *, struct ifreq *);
108 static int inctl_setrouter(struct ifnet *, struct ifreq *);
109 static int inctl_ifaddr(struct ifnet *, struct in_ifaddr *, u_long,
110 struct ifreq *);
111 static int inctl_ifdstaddr(struct ifnet *, struct in_ifaddr *, u_long,
112 struct ifreq *);
113 static int inctl_ifbrdaddr(struct ifnet *, struct in_ifaddr *, u_long,
114 struct ifreq *);
115 static int inctl_ifnetmask(struct ifnet *, struct in_ifaddr *, u_long,
116 struct ifreq *);
117
118 static void in_socktrim(struct sockaddr_in *);
119 static int in_ifinit(struct ifnet *, struct in_ifaddr *,
120 struct sockaddr_in *, int);
121
122 #define IA_HASH_INIT(ia) { \
123 (ia)->ia_hash.tqe_next = (void *)(uintptr_t)-1; \
124 (ia)->ia_hash.tqe_prev = (void *)(uintptr_t)-1; \
125 }
126
127 #define IA_IS_HASHED(ia) \
128 (!((ia)->ia_hash.tqe_next == (void *)(uintptr_t)-1 || \
129 (ia)->ia_hash.tqe_prev == (void *)(uintptr_t)-1))
130
131 static void in_iahash_remove(struct in_ifaddr *);
132 static void in_iahash_insert(struct in_ifaddr *);
133 static void in_iahash_insert_ptp(struct in_ifaddr *);
134 static struct in_ifaddr *in_ifaddr_alloc(zalloc_flags_t);
135 static void in_ifaddr_attached(struct ifaddr *);
136 static void in_ifaddr_detached(struct ifaddr *);
137 static void in_ifaddr_free(struct ifaddr *);
138 static void in_ifaddr_trace(struct ifaddr *, int);
139
140 static int in_getassocids(struct socket *, uint32_t *, user_addr_t);
141 static int in_getconnids(struct socket *, sae_associd_t, uint32_t *, user_addr_t);
142
143 /* IPv4 Layer 2 neighbor cache management routines */
144 static void in_lltable_destroy_lle_unlocked(struct llentry *lle);
145 static void in_lltable_destroy_lle(struct llentry *lle);
146 static struct llentry *in_lltable_new(struct in_addr addr4, uint16_t flags);
147 static int in_lltable_match_prefix(const struct sockaddr *saddr,
148 const struct sockaddr *smask, uint16_t flags, struct llentry *lle);
149 static void in_lltable_free_entry(struct lltable *llt, struct llentry *lle);
150 static int in_lltable_rtcheck(struct ifnet *ifp, uint16_t flags, const struct sockaddr *l3addr);
151 static inline uint32_t in_lltable_hash_dst(const struct in_addr dst, uint32_t hsize);
152 static uint32_t in_lltable_hash(const struct llentry *lle, uint32_t hsize);
153 static void in_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa);
154 static inline struct llentry * in_lltable_find_dst(struct lltable *llt, struct in_addr dst);
155 static void in_lltable_delete_entry(struct lltable *llt, struct llentry *lle);
156 static struct llentry * in_lltable_alloc(struct lltable *llt, uint16_t flags, const struct sockaddr *l3addr);
157 static struct llentry * in_lltable_lookup(struct lltable *llt, uint16_t flags, const struct sockaddr *l3addr);
158 static int in_lltable_dump_entry(struct lltable *llt, struct llentry *lle, struct sysctl_req *wr);
159 static struct lltable * in_lltattach(struct ifnet *ifp);
160
161 static int subnetsarelocal = 0;
162 SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local,
163 CTLFLAG_RW | CTLFLAG_LOCKED, &subnetsarelocal, 0, "");
164
165 /* Track whether or not the SIOCARPIPLL ioctl has been called */
166 u_int32_t ipv4_ll_arp_aware = 0;
167
168 #define INIFA_TRACE_HIST_SIZE 32 /* size of trace history */
169
170 /* For gdb */
171 __private_extern__ unsigned int inifa_trace_hist_size = INIFA_TRACE_HIST_SIZE;
172
173 struct in_ifaddr_dbg {
174 struct in_ifaddr inifa; /* in_ifaddr */
175 struct in_ifaddr inifa_old; /* saved in_ifaddr */
176 u_int16_t inifa_refhold_cnt; /* # of IFA_ADDREF */
177 u_int16_t inifa_refrele_cnt; /* # of IFA_REMREF */
178 /*
179 * Alloc and free callers.
180 */
181 ctrace_t inifa_alloc;
182 ctrace_t inifa_free;
183 /*
184 * Circular lists of IFA_ADDREF and IFA_REMREF callers.
185 */
186 ctrace_t inifa_refhold[INIFA_TRACE_HIST_SIZE];
187 ctrace_t inifa_refrele[INIFA_TRACE_HIST_SIZE];
188 /*
189 * Trash list linkage
190 */
191 TAILQ_ENTRY(in_ifaddr_dbg) inifa_trash_link;
192 };
193
194 /* List of trash in_ifaddr entries protected by inifa_trash_lock */
195 static TAILQ_HEAD(, in_ifaddr_dbg) inifa_trash_head;
196 static LCK_MTX_DECLARE_ATTR(inifa_trash_lock, &ifa_mtx_grp, &ifa_mtx_attr);
197
198 #if DEBUG
199 static TUNABLE(bool, inifa_debug, "ifa_debug", true); /* debugging (enabled) */
200 #else
201 static TUNABLE(bool, inifa_debug, "ifa_debug", false); /* debugging (disabled) */
202 #endif /* !DEBUG */
203 static struct zone *inifa_zone; /* zone for in_ifaddr */
204
205 #define INIFA_ZONE_NAME "in_ifaddr" /* zone name */
206
207 static const unsigned int in_extra_size = sizeof(struct in_ifextra);
208 static const unsigned int in_extra_bufsize = in_extra_size +
209 sizeof(void *) + sizeof(uint64_t);
210
211 /*
212 * Return 1 if the address is
213 * - loopback
214 * - unicast or multicast link local
215 * - routed via a link level gateway
216 * - belongs to a directly connected (sub)net
217 */
218 int
inaddr_local(struct in_addr in)219 inaddr_local(struct in_addr in)
220 {
221 struct rtentry *rt;
222 struct sockaddr_in sin;
223 int local = 0;
224
225 if (ntohl(in.s_addr) == INADDR_LOOPBACK ||
226 IN_LINKLOCAL(ntohl(in.s_addr))) {
227 local = 1;
228 } else if (ntohl(in.s_addr) >= INADDR_UNSPEC_GROUP &&
229 ntohl(in.s_addr) <= INADDR_MAX_LOCAL_GROUP) {
230 local = 1;
231 } else {
232 sin.sin_family = AF_INET;
233 sin.sin_len = sizeof(sin);
234 sin.sin_addr = in;
235 rt = rtalloc1((struct sockaddr *)&sin, 0, 0);
236
237 if (rt != NULL) {
238 RT_LOCK_SPIN(rt);
239 if (rt->rt_gateway->sa_family == AF_LINK ||
240 (rt->rt_ifp->if_flags & IFF_LOOPBACK)) {
241 local = 1;
242 }
243 RT_UNLOCK(rt);
244 rtfree(rt);
245 } else {
246 local = in_localaddr(in);
247 }
248 }
249 return local;
250 }
251
252 /*
253 * Return 1 if an internet address is for a ``local'' host
254 * (one to which we have a connection). If subnetsarelocal
255 * is true, this includes other subnets of the local net,
256 * otherwise, it includes the directly-connected (sub)nets.
257 * The IPv4 link local prefix 169.254/16 is also included.
258 */
259 int
in_localaddr(struct in_addr in)260 in_localaddr(struct in_addr in)
261 {
262 u_int32_t i = ntohl(in.s_addr);
263 struct in_ifaddr *ia;
264
265 if (IN_LINKLOCAL(i)) {
266 return 1;
267 }
268
269 if (subnetsarelocal) {
270 lck_rw_lock_shared(&in_ifaddr_rwlock);
271 for (ia = in_ifaddrhead.tqh_first; ia != NULL;
272 ia = ia->ia_link.tqe_next) {
273 IFA_LOCK(&ia->ia_ifa);
274 if ((i & ia->ia_netmask) == ia->ia_net) {
275 IFA_UNLOCK(&ia->ia_ifa);
276 lck_rw_done(&in_ifaddr_rwlock);
277 return 1;
278 }
279 IFA_UNLOCK(&ia->ia_ifa);
280 }
281 lck_rw_done(&in_ifaddr_rwlock);
282 } else {
283 lck_rw_lock_shared(&in_ifaddr_rwlock);
284 for (ia = in_ifaddrhead.tqh_first; ia != NULL;
285 ia = ia->ia_link.tqe_next) {
286 IFA_LOCK(&ia->ia_ifa);
287 if ((i & ia->ia_subnetmask) == ia->ia_subnet) {
288 IFA_UNLOCK(&ia->ia_ifa);
289 lck_rw_done(&in_ifaddr_rwlock);
290 return 1;
291 }
292 IFA_UNLOCK(&ia->ia_ifa);
293 }
294 lck_rw_done(&in_ifaddr_rwlock);
295 }
296 return 0;
297 }
298
299 /*
300 * Determine whether an IP address is in a reserved set of addresses
301 * that may not be forwarded, or whether datagrams to that destination
302 * may be forwarded.
303 */
304 boolean_t
in_canforward(struct in_addr in)305 in_canforward(struct in_addr in)
306 {
307 u_int32_t i = ntohl(in.s_addr);
308 u_int32_t net;
309
310 if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i)) {
311 return FALSE;
312 }
313 if (IN_CLASSA(i)) {
314 net = i & IN_CLASSA_NET;
315 if (net == 0 || net == (IN_LOOPBACKNET << IN_CLASSA_NSHIFT)) {
316 return FALSE;
317 }
318 }
319 return TRUE;
320 }
321
322 /*
323 * Trim a mask in a sockaddr
324 */
325 static void
in_socktrim(struct sockaddr_in * ap)326 in_socktrim(struct sockaddr_in *ap)
327 {
328 char *cplim = (char *)&ap->sin_addr;
329 char *cp = (char *)(&ap->sin_addr + 1);
330
331 ap->sin_len = 0;
332 while (--cp >= cplim) {
333 if (*cp) {
334 (ap)->sin_len = (uint8_t)(cp - (char *)(ap) + 1);
335 break;
336 }
337 }
338 }
339
340 static int in_interfaces; /* number of external internet interfaces */
341
342 static int
in_domifattach(struct ifnet * ifp)343 in_domifattach(struct ifnet *ifp)
344 {
345 int error;
346
347 VERIFY(ifp != NULL);
348
349 if ((error = proto_plumb(PF_INET, ifp)) && error != EEXIST) {
350 log(LOG_ERR, "%s: proto_plumb returned %d if=%s\n",
351 __func__, error, if_name(ifp));
352 } else if (error == 0 && ifp->if_inetdata == NULL) {
353 void **pbuf, *base;
354 struct in_ifextra *ext;
355 int errorx;
356
357 if ((ext = (struct in_ifextra *)_MALLOC(in_extra_bufsize,
358 M_IFADDR, M_WAITOK | M_ZERO)) == NULL) {
359 error = ENOMEM;
360 errorx = proto_unplumb(PF_INET, ifp);
361 if (errorx != 0) {
362 log(LOG_ERR,
363 "%s: proto_unplumb returned %d if=%s%d\n",
364 __func__, errorx, ifp->if_name,
365 ifp->if_unit);
366 }
367 goto done;
368 }
369
370 /* Align on 64-bit boundary */
371 base = (void *)P2ROUNDUP((intptr_t)ext + sizeof(uint64_t),
372 sizeof(uint64_t));
373 VERIFY(((intptr_t)base + in_extra_size) <=
374 ((intptr_t)ext + in_extra_bufsize));
375 pbuf = (void **)((intptr_t)base - sizeof(void *));
376 *pbuf = ext;
377 ifp->if_inetdata = base;
378 IN_IFEXTRA(ifp)->ii_llt = in_lltattach(ifp);
379 VERIFY(IS_P2ALIGNED(ifp->if_inetdata, sizeof(uint64_t)));
380 }
381 done:
382 if (error == 0 && ifp->if_inetdata != NULL) {
383 /*
384 * Since the structure is never freed, we need to
385 * zero out its contents to avoid reusing stale data.
386 * A little redundant with allocation above, but it
387 * keeps the code simpler for all cases.
388 */
389 bzero(ifp->if_inetdata, in_extra_size);
390 }
391 return error;
392 }
393
394 static __attribute__((noinline)) int
inctl_associd(struct socket * so,u_long cmd,caddr_t data)395 inctl_associd(struct socket *so, u_long cmd, caddr_t data)
396 {
397 int error = 0;
398 union {
399 struct so_aidreq32 a32;
400 struct so_aidreq64 a64;
401 } u;
402
403 VERIFY(so != NULL);
404
405 switch (cmd) {
406 case SIOCGASSOCIDS32: /* struct so_aidreq32 */
407 bcopy(data, &u.a32, sizeof(u.a32));
408 error = in_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
409 if (error == 0) {
410 bcopy(&u.a32, data, sizeof(u.a32));
411 }
412 break;
413
414 case SIOCGASSOCIDS64: /* struct so_aidreq64 */
415 bcopy(data, &u.a64, sizeof(u.a64));
416 error = in_getassocids(so, &u.a64.sar_cnt, (user_addr_t)u.a64.sar_aidp);
417 if (error == 0) {
418 bcopy(&u.a64, data, sizeof(u.a64));
419 }
420 break;
421
422 default:
423 VERIFY(0);
424 /* NOTREACHED */
425 }
426
427 return error;
428 }
429
430 static __attribute__((noinline)) int
inctl_connid(struct socket * so,u_long cmd,caddr_t data)431 inctl_connid(struct socket *so, u_long cmd, caddr_t data)
432 {
433 int error = 0;
434 union {
435 struct so_cidreq32 c32;
436 struct so_cidreq64 c64;
437 } u;
438
439 VERIFY(so != NULL);
440
441 switch (cmd) {
442 case SIOCGCONNIDS32: /* struct so_cidreq32 */
443 bcopy(data, &u.c32, sizeof(u.c32));
444 error = in_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
445 u.c32.scr_cidp);
446 if (error == 0) {
447 bcopy(&u.c32, data, sizeof(u.c32));
448 }
449 break;
450
451 case SIOCGCONNIDS64: /* struct so_cidreq64 */
452 bcopy(data, &u.c64, sizeof(u.c64));
453 error = in_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
454 (user_addr_t)u.c64.scr_cidp);
455 if (error == 0) {
456 bcopy(&u.c64, data, sizeof(u.c64));
457 }
458 break;
459
460 default:
461 VERIFY(0);
462 /* NOTREACHED */
463 }
464
465 return error;
466 }
467
468 static __attribute__((noinline)) int
inctl_conninfo(struct socket * so,u_long cmd,caddr_t data)469 inctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
470 {
471 int error = 0;
472 union {
473 struct so_cinforeq32 ci32;
474 struct so_cinforeq64 ci64;
475 } u;
476
477 VERIFY(so != NULL);
478
479 switch (cmd) {
480 case SIOCGCONNINFO32: /* struct so_cinforeq32 */
481 bcopy(data, &u.ci32, sizeof(u.ci32));
482 error = in_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
483 &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
484 &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
485 &u.ci32.scir_aux_type, u.ci32.scir_aux_data,
486 &u.ci32.scir_aux_len);
487 if (error == 0) {
488 bcopy(&u.ci32, data, sizeof(u.ci32));
489 }
490 break;
491
492 case SIOCGCONNINFO64: /* struct so_cinforeq64 */
493 bcopy(data, &u.ci64, sizeof(u.ci64));
494 error = in_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
495 &u.ci64.scir_ifindex, &u.ci64.scir_error, (user_addr_t)u.ci64.scir_src,
496 &u.ci64.scir_src_len, (user_addr_t)u.ci64.scir_dst, &u.ci64.scir_dst_len,
497 &u.ci64.scir_aux_type, (user_addr_t)u.ci64.scir_aux_data,
498 &u.ci64.scir_aux_len);
499 if (error == 0) {
500 bcopy(&u.ci64, data, sizeof(u.ci64));
501 }
502 break;
503
504 default:
505 VERIFY(0);
506 /* NOTREACHED */
507 }
508
509 return error;
510 }
511
512 /*
513 * Caller passes in the ioctl data pointer directly via "ifr", with the
514 * expectation that this routine always uses bcopy() or other byte-aligned
515 * memory accesses.
516 */
517 static __attribute__((noinline)) int
inctl_autoaddr(struct ifnet * ifp,struct ifreq * ifr)518 inctl_autoaddr(struct ifnet *ifp, struct ifreq *ifr)
519 {
520 int error = 0, intval;
521
522 VERIFY(ifp != NULL);
523
524 bcopy(&ifr->ifr_intval, &intval, sizeof(intval));
525
526 ifnet_lock_exclusive(ifp);
527 if (intval) {
528 /*
529 * An interface in IPv4 router mode implies that it
530 * is configured with a static IP address and should
531 * not act as a DHCP client; prevent SIOCAUTOADDR from
532 * being set in that mode.
533 */
534 if (ifp->if_eflags & IFEF_IPV4_ROUTER) {
535 intval = 0; /* be safe; clear flag if set */
536 error = EBUSY;
537 } else {
538 if_set_eflags(ifp, IFEF_AUTOCONFIGURING);
539 }
540 }
541 if (!intval) {
542 if_clear_eflags(ifp, IFEF_AUTOCONFIGURING);
543 }
544 ifnet_lock_done(ifp);
545
546 return error;
547 }
548
549 /*
550 * Caller passes in the ioctl data pointer directly via "ifr", with the
551 * expectation that this routine always uses bcopy() or other byte-aligned
552 * memory accesses.
553 */
554 static __attribute__((noinline)) int
inctl_arpipll(struct ifnet * ifp,struct ifreq * ifr)555 inctl_arpipll(struct ifnet *ifp, struct ifreq *ifr)
556 {
557 int error = 0, intval;
558
559 VERIFY(ifp != NULL);
560
561 bcopy(&ifr->ifr_intval, &intval, sizeof(intval));
562 ipv4_ll_arp_aware = 1;
563
564 ifnet_lock_exclusive(ifp);
565 if (intval) {
566 /*
567 * An interface in IPv4 router mode implies that it
568 * is configured with a static IP address and should
569 * not have to deal with IPv4 Link-Local Address;
570 * prevent SIOCARPIPLL from being set in that mode.
571 */
572 if (ifp->if_eflags & IFEF_IPV4_ROUTER) {
573 intval = 0; /* be safe; clear flag if set */
574 error = EBUSY;
575 } else {
576 if_set_eflags(ifp, IFEF_ARPLL);
577 }
578 }
579 if (!intval) {
580 if_clear_eflags(ifp, IFEF_ARPLL);
581 }
582 ifnet_lock_done(ifp);
583
584 return error;
585 }
586
587 /*
588 * Handle SIOCSETROUTERMODE to set or clear the IPv4 router mode flag on
589 * the interface. When in this mode, IPv4 Link-Local Address support is
590 * disabled in ARP, and DHCP client support is disabled in IP input; turning
591 * any of them on would cause an error to be returned. Entering or exiting
592 * this mode will result in the removal of IPv4 addresses currently configured
593 * on the interface.
594 *
595 * Caller passes in the ioctl data pointer directly via "ifr", with the
596 * expectation that this routine always uses bcopy() or other byte-aligned
597 * memory accesses.
598 */
599 static __attribute__((noinline)) int
inctl_setrouter(struct ifnet * ifp,struct ifreq * ifr)600 inctl_setrouter(struct ifnet *ifp, struct ifreq *ifr)
601 {
602 int error = 0, intval;
603
604 VERIFY(ifp != NULL);
605
606 /* Router mode isn't valid for loopback */
607 if (ifp->if_flags & IFF_LOOPBACK) {
608 return ENODEV;
609 }
610
611 bcopy(&ifr->ifr_intval, &intval, sizeof(intval));
612 switch (intval) {
613 case 0:
614 case 1:
615 break;
616 default:
617 return EINVAL;
618 }
619 ifnet_lock_exclusive(ifp);
620 if (intval != 0) {
621 if_set_eflags(ifp, IFEF_IPV4_ROUTER);
622 if_clear_eflags(ifp, (IFEF_ARPLL | IFEF_AUTOCONFIGURING));
623 } else {
624 if_clear_eflags(ifp, IFEF_IPV4_ROUTER);
625 }
626 ifnet_lock_done(ifp);
627
628 /* purge all IPv4 addresses configured on this interface */
629 in_purgeaddrs(ifp);
630
631 return error;
632 }
633
634 /*
635 * Caller passes in the ioctl data pointer directly via "ifr", with the
636 * expectation that this routine always uses bcopy() or other byte-aligned
637 * memory accesses.
638 */
639 static __attribute__((noinline)) int
inctl_ifaddr(struct ifnet * ifp,struct in_ifaddr * ia,u_long cmd,struct ifreq * ifr)640 inctl_ifaddr(struct ifnet *ifp, struct in_ifaddr *ia, u_long cmd,
641 struct ifreq *ifr)
642 {
643 struct kev_in_data in_event_data;
644 struct kev_msg ev_msg;
645 struct sockaddr_in addr;
646 struct ifaddr *ifa;
647 int error = 0;
648
649 VERIFY(ifp != NULL);
650
651 bzero(&in_event_data, sizeof(struct kev_in_data));
652 bzero(&ev_msg, sizeof(struct kev_msg));
653
654 switch (cmd) {
655 case SIOCGIFADDR: /* struct ifreq */
656 if (ia == NULL) {
657 error = EADDRNOTAVAIL;
658 break;
659 }
660 IFA_LOCK(&ia->ia_ifa);
661 bcopy(&ia->ia_addr, &ifr->ifr_addr, sizeof(addr));
662 IFA_UNLOCK(&ia->ia_ifa);
663 break;
664
665 case SIOCSIFADDR: /* struct ifreq */
666 VERIFY(ia != NULL);
667 bcopy(&ifr->ifr_addr, &addr, sizeof(addr));
668 /*
669 * If this is a new address, the reference count for the
670 * hash table has been taken at creation time above.
671 */
672 error = in_ifinit(ifp, ia, &addr, 1);
673 if (error == 0) {
674 (void) ifnet_notify_address(ifp, AF_INET);
675 }
676 break;
677
678 case SIOCAIFADDR: { /* struct {if,in_}aliasreq */
679 struct in_aliasreq *ifra = (struct in_aliasreq *)ifr;
680 struct sockaddr_in broadaddr, mask;
681 int hostIsNew, maskIsNew;
682
683 VERIFY(ia != NULL);
684 bcopy(&ifra->ifra_addr, &addr, sizeof(addr));
685 bcopy(&ifra->ifra_broadaddr, &broadaddr, sizeof(broadaddr));
686 bcopy(&ifra->ifra_mask, &mask, sizeof(mask));
687
688 maskIsNew = 0;
689 hostIsNew = 1;
690 error = 0;
691
692 IFA_LOCK(&ia->ia_ifa);
693 if (ia->ia_addr.sin_family == AF_INET) {
694 if (addr.sin_len == 0) {
695 addr = ia->ia_addr;
696 hostIsNew = 0;
697 } else if (addr.sin_addr.s_addr ==
698 ia->ia_addr.sin_addr.s_addr) {
699 hostIsNew = 0;
700 }
701 }
702 if (mask.sin_len != 0) {
703 IFA_UNLOCK(&ia->ia_ifa);
704 in_ifscrub(ifp, ia, 0);
705 IFA_LOCK(&ia->ia_ifa);
706 ia->ia_sockmask.sin_len = sizeof(struct sockaddr_in);
707 ia->ia_sockmask.sin_family = AF_INET;
708 ia->ia_sockmask.sin_port = 0;
709 ia->ia_sockmask.sin_addr = mask.sin_addr;
710 bzero(&ia->ia_sockmask.sin_zero, sizeof(ia->ia_dstaddr.sin_zero));
711 ia->ia_subnetmask =
712 ntohl(ia->ia_sockmask.sin_addr.s_addr);
713 maskIsNew = 1;
714 }
715 if ((ifp->if_flags & IFF_POINTOPOINT) &&
716 (broadaddr.sin_family == AF_INET)) {
717 IFA_UNLOCK(&ia->ia_ifa);
718 in_ifscrub(ifp, ia, 0);
719 IFA_LOCK(&ia->ia_ifa);
720 ia->ia_dstaddr.sin_family = AF_INET;
721 ia->ia_dstaddr.sin_len = sizeof(struct sockaddr_in);
722 ia->ia_dstaddr.sin_port = 0;
723 ia->ia_dstaddr.sin_addr = broadaddr.sin_addr;
724 bzero(&ia->ia_dstaddr.sin_zero, sizeof(ia->ia_dstaddr.sin_zero));
725 maskIsNew = 1; /* We lie; but the effect's the same */
726 }
727 if (addr.sin_family == AF_INET && (hostIsNew || maskIsNew)) {
728 IFA_UNLOCK(&ia->ia_ifa);
729 error = in_ifinit(ifp, ia, &addr, 0);
730 } else {
731 IFA_UNLOCK(&ia->ia_ifa);
732 }
733 if (error == 0) {
734 (void) ifnet_notify_address(ifp, AF_INET);
735 }
736 IFA_LOCK(&ia->ia_ifa);
737 if ((ifp->if_flags & IFF_BROADCAST) &&
738 (broadaddr.sin_family == AF_INET)) {
739 ia->ia_broadaddr.sin_family = AF_INET;
740 ia->ia_broadaddr.sin_len = sizeof(struct sockaddr_in);
741 ia->ia_broadaddr.sin_port = 0;
742 ia->ia_broadaddr.sin_addr = broadaddr.sin_addr;
743 bzero(&ia->ia_broadaddr.sin_zero, sizeof(ia->ia_broadaddr.sin_zero));
744 }
745
746 /*
747 * Report event.
748 */
749 if ((error == 0) || (error == EEXIST)) {
750 ev_msg.vendor_code = KEV_VENDOR_APPLE;
751 ev_msg.kev_class = KEV_NETWORK_CLASS;
752 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
753
754 if (hostIsNew) {
755 ev_msg.event_code = KEV_INET_NEW_ADDR;
756 } else {
757 ev_msg.event_code = KEV_INET_CHANGED_ADDR;
758 }
759
760 if (ia->ia_ifa.ifa_dstaddr) {
761 in_event_data.ia_dstaddr =
762 ((struct sockaddr_in *)(void *)ia->
763 ia_ifa.ifa_dstaddr)->sin_addr;
764 } else {
765 in_event_data.ia_dstaddr.s_addr = INADDR_ANY;
766 }
767 in_event_data.ia_addr = ia->ia_addr.sin_addr;
768 in_event_data.ia_net = ia->ia_net;
769 in_event_data.ia_netmask = ia->ia_netmask;
770 in_event_data.ia_subnet = ia->ia_subnet;
771 in_event_data.ia_subnetmask = ia->ia_subnetmask;
772 in_event_data.ia_netbroadcast = ia->ia_netbroadcast;
773 IFA_UNLOCK(&ia->ia_ifa);
774 (void) strlcpy(&in_event_data.link_data.if_name[0],
775 ifp->if_name, IFNAMSIZ);
776 in_event_data.link_data.if_family = ifp->if_family;
777 in_event_data.link_data.if_unit = ifp->if_unit;
778
779 ev_msg.dv[0].data_ptr = &in_event_data;
780 ev_msg.dv[0].data_length = sizeof(struct kev_in_data);
781 ev_msg.dv[1].data_length = 0;
782
783 dlil_post_complete_msg(ifp, &ev_msg);
784 } else {
785 IFA_UNLOCK(&ia->ia_ifa);
786 }
787 break;
788 }
789
790 case SIOCDIFADDR: /* struct ifreq */
791 VERIFY(ia != NULL);
792 error = ifnet_ioctl(ifp, PF_INET, SIOCDIFADDR, ia);
793 if (error == EOPNOTSUPP) {
794 error = 0;
795 }
796 if (error != 0) {
797 break;
798 }
799
800 /* Fill out the kernel event information */
801 ev_msg.vendor_code = KEV_VENDOR_APPLE;
802 ev_msg.kev_class = KEV_NETWORK_CLASS;
803 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
804
805 ev_msg.event_code = KEV_INET_ADDR_DELETED;
806
807 IFA_LOCK(&ia->ia_ifa);
808 if (ia->ia_ifa.ifa_dstaddr) {
809 in_event_data.ia_dstaddr = ((struct sockaddr_in *)
810 (void *)ia->ia_ifa.ifa_dstaddr)->sin_addr;
811 } else {
812 in_event_data.ia_dstaddr.s_addr = INADDR_ANY;
813 }
814 in_event_data.ia_addr = ia->ia_addr.sin_addr;
815 in_event_data.ia_net = ia->ia_net;
816 in_event_data.ia_netmask = ia->ia_netmask;
817 in_event_data.ia_subnet = ia->ia_subnet;
818 in_event_data.ia_subnetmask = ia->ia_subnetmask;
819 in_event_data.ia_netbroadcast = ia->ia_netbroadcast;
820 IFA_UNLOCK(&ia->ia_ifa);
821 (void) strlcpy(&in_event_data.link_data.if_name[0],
822 ifp->if_name, IFNAMSIZ);
823 in_event_data.link_data.if_family = ifp->if_family;
824 in_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
825
826 ev_msg.dv[0].data_ptr = &in_event_data;
827 ev_msg.dv[0].data_length = sizeof(struct kev_in_data);
828 ev_msg.dv[1].data_length = 0;
829
830 ifa = &ia->ia_ifa;
831 lck_rw_lock_exclusive(&in_ifaddr_rwlock);
832 /* Release ia_link reference */
833 IFA_REMREF(ifa);
834 TAILQ_REMOVE(&in_ifaddrhead, ia, ia_link);
835 IFA_LOCK(ifa);
836 if (IA_IS_HASHED(ia)) {
837 in_iahash_remove(ia);
838 }
839 IFA_UNLOCK(ifa);
840 lck_rw_done(&in_ifaddr_rwlock);
841
842 /*
843 * in_ifscrub kills the interface route.
844 */
845 in_ifscrub(ifp, ia, 0);
846 ifnet_lock_exclusive(ifp);
847 IFA_LOCK(ifa);
848 /* if_detach_ifa() releases ifa_link reference */
849 if_detach_ifa(ifp, ifa);
850 /* Our reference to this address is dropped at the bottom */
851 IFA_UNLOCK(ifa);
852
853 /* invalidate route caches */
854 routegenid_inet_update();
855
856 /*
857 * If the interface supports multicast, and no address is left,
858 * remove the "all hosts" multicast group from that interface.
859 */
860 if ((ifp->if_flags & IFF_MULTICAST) ||
861 ifp->if_allhostsinm != NULL) {
862 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
863 IFA_LOCK(ifa);
864 if (ifa->ifa_addr->sa_family == AF_INET) {
865 IFA_UNLOCK(ifa);
866 break;
867 }
868 IFA_UNLOCK(ifa);
869 }
870 ifnet_lock_done(ifp);
871
872 lck_mtx_lock(&ifp->if_addrconfig_lock);
873 if (ifa == NULL && ifp->if_allhostsinm != NULL) {
874 struct in_multi *inm = ifp->if_allhostsinm;
875 ifp->if_allhostsinm = NULL;
876
877 in_delmulti(inm);
878 /* release the reference for allhostsinm */
879 INM_REMREF(inm);
880 }
881 lck_mtx_unlock(&ifp->if_addrconfig_lock);
882 } else {
883 ifnet_lock_done(ifp);
884 }
885
886 /* Post the kernel event */
887 dlil_post_complete_msg(ifp, &ev_msg);
888
889 /*
890 * See if there is any IPV4 address left and if so,
891 * reconfigure KDP to use current primary address.
892 */
893 ifa = ifa_ifpgetprimary(ifp, AF_INET);
894 if (ifa != NULL) {
895 /*
896 * NOTE: SIOCSIFADDR is defined with struct ifreq
897 * as parameter, but here we are sending it down
898 * to the interface with a pointer to struct ifaddr,
899 * for legacy reasons.
900 */
901 error = ifnet_ioctl(ifp, PF_INET, SIOCSIFADDR, ifa);
902 if (error == EOPNOTSUPP) {
903 error = 0;
904 }
905
906 /* Release reference from ifa_ifpgetprimary() */
907 IFA_REMREF(ifa);
908 }
909 (void) ifnet_notify_address(ifp, AF_INET);
910 break;
911
912 default:
913 VERIFY(0);
914 /* NOTREACHED */
915 }
916
917 return error;
918 }
919
920 /*
921 * Caller passes in the ioctl data pointer directly via "ifr", with the
922 * expectation that this routine always uses bcopy() or other byte-aligned
923 * memory accesses.
924 */
925 static __attribute__((noinline)) int
inctl_ifdstaddr(struct ifnet * ifp,struct in_ifaddr * ia,u_long cmd,struct ifreq * ifr)926 inctl_ifdstaddr(struct ifnet *ifp, struct in_ifaddr *ia, u_long cmd,
927 struct ifreq *ifr)
928 {
929 struct kev_in_data in_event_data;
930 struct kev_msg ev_msg;
931 struct sockaddr_in dstaddr;
932 int error = 0;
933
934 VERIFY(ifp != NULL);
935
936 if (!(ifp->if_flags & IFF_POINTOPOINT)) {
937 return EINVAL;
938 }
939
940 bzero(&in_event_data, sizeof(struct kev_in_data));
941 bzero(&ev_msg, sizeof(struct kev_msg));
942
943 switch (cmd) {
944 case SIOCGIFDSTADDR: /* struct ifreq */
945 if (ia == NULL) {
946 error = EADDRNOTAVAIL;
947 break;
948 }
949 IFA_LOCK(&ia->ia_ifa);
950 bcopy(&ia->ia_dstaddr, &ifr->ifr_dstaddr, sizeof(dstaddr));
951 IFA_UNLOCK(&ia->ia_ifa);
952 break;
953
954 case SIOCSIFDSTADDR: /* struct ifreq */
955 VERIFY(ia != NULL);
956 IFA_LOCK(&ia->ia_ifa);
957 dstaddr = ia->ia_dstaddr;
958
959 ia->ia_dstaddr.sin_family = AF_INET;
960 ia->ia_dstaddr.sin_len = sizeof(struct sockaddr_in);
961 ia->ia_dstaddr.sin_port = 0;
962 bcopy(&(SIN(&ifr->ifr_dstaddr)->sin_addr),
963 &ia->ia_dstaddr.sin_addr, sizeof(ia->ia_dstaddr.sin_addr));
964 bzero(&ia->ia_dstaddr.sin_zero, sizeof(ia->ia_dstaddr.sin_zero));
965
966 IFA_UNLOCK(&ia->ia_ifa);
967 /*
968 * NOTE: SIOCSIFDSTADDR is defined with struct ifreq
969 * as parameter, but here we are sending it down
970 * to the interface with a pointer to struct ifaddr,
971 * for legacy reasons.
972 */
973 error = ifnet_ioctl(ifp, PF_INET, SIOCSIFDSTADDR, ia);
974 IFA_LOCK(&ia->ia_ifa);
975 if (error == EOPNOTSUPP) {
976 error = 0;
977 }
978 if (error != 0) {
979 ia->ia_dstaddr = dstaddr;
980 IFA_UNLOCK(&ia->ia_ifa);
981 break;
982 }
983 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
984
985 ev_msg.vendor_code = KEV_VENDOR_APPLE;
986 ev_msg.kev_class = KEV_NETWORK_CLASS;
987 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
988
989 ev_msg.event_code = KEV_INET_SIFDSTADDR;
990
991 if (ia->ia_ifa.ifa_dstaddr) {
992 in_event_data.ia_dstaddr = ((struct sockaddr_in *)
993 (void *)ia->ia_ifa.ifa_dstaddr)->sin_addr;
994 } else {
995 in_event_data.ia_dstaddr.s_addr = INADDR_ANY;
996 }
997
998 in_event_data.ia_addr = ia->ia_addr.sin_addr;
999 in_event_data.ia_net = ia->ia_net;
1000 in_event_data.ia_netmask = ia->ia_netmask;
1001 in_event_data.ia_subnet = ia->ia_subnet;
1002 in_event_data.ia_subnetmask = ia->ia_subnetmask;
1003 in_event_data.ia_netbroadcast = ia->ia_netbroadcast;
1004 IFA_UNLOCK(&ia->ia_ifa);
1005 (void) strlcpy(&in_event_data.link_data.if_name[0],
1006 ifp->if_name, IFNAMSIZ);
1007 in_event_data.link_data.if_family = ifp->if_family;
1008 in_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
1009
1010 ev_msg.dv[0].data_ptr = &in_event_data;
1011 ev_msg.dv[0].data_length = sizeof(struct kev_in_data);
1012 ev_msg.dv[1].data_length = 0;
1013
1014 dlil_post_complete_msg(ifp, &ev_msg);
1015
1016 lck_mtx_lock(rnh_lock);
1017 IFA_LOCK(&ia->ia_ifa);
1018 if (ia->ia_flags & IFA_ROUTE) {
1019 ia->ia_ifa.ifa_dstaddr = (struct sockaddr *)&dstaddr;
1020 IFA_UNLOCK(&ia->ia_ifa);
1021 rtinit_locked(&(ia->ia_ifa), RTM_DELETE, RTF_HOST);
1022 IFA_LOCK(&ia->ia_ifa);
1023 ia->ia_ifa.ifa_dstaddr =
1024 (struct sockaddr *)&ia->ia_dstaddr;
1025 IFA_UNLOCK(&ia->ia_ifa);
1026 rtinit_locked(&(ia->ia_ifa), RTM_ADD,
1027 RTF_HOST | RTF_UP);
1028 } else {
1029 IFA_UNLOCK(&ia->ia_ifa);
1030 }
1031 lck_mtx_unlock(rnh_lock);
1032 break;
1033
1034
1035
1036 default:
1037 VERIFY(0);
1038 /* NOTREACHED */
1039 }
1040
1041 return error;
1042 }
1043
1044 /*
1045 * Caller passes in the ioctl data pointer directly via "ifr", with the
1046 * expectation that this routine always uses bcopy() or other byte-aligned
1047 * memory accesses.
1048 */
1049 static __attribute__((noinline)) int
inctl_ifbrdaddr(struct ifnet * ifp,struct in_ifaddr * ia,u_long cmd,struct ifreq * ifr)1050 inctl_ifbrdaddr(struct ifnet *ifp, struct in_ifaddr *ia, u_long cmd,
1051 struct ifreq *ifr)
1052 {
1053 struct kev_in_data in_event_data;
1054 struct kev_msg ev_msg;
1055 int error = 0;
1056
1057 VERIFY(ifp != NULL);
1058
1059 if (ia == NULL) {
1060 return EADDRNOTAVAIL;
1061 }
1062
1063 if (!(ifp->if_flags & IFF_BROADCAST)) {
1064 return EINVAL;
1065 }
1066
1067 bzero(&in_event_data, sizeof(struct kev_in_data));
1068 bzero(&ev_msg, sizeof(struct kev_msg));
1069
1070 switch (cmd) {
1071 case SIOCGIFBRDADDR: /* struct ifreq */
1072 IFA_LOCK(&ia->ia_ifa);
1073 bcopy(&ia->ia_broadaddr, &ifr->ifr_broadaddr,
1074 sizeof(struct sockaddr_in));
1075 IFA_UNLOCK(&ia->ia_ifa);
1076 break;
1077
1078 case SIOCSIFBRDADDR: /* struct ifreq */
1079 IFA_LOCK(&ia->ia_ifa);
1080
1081 ia->ia_broadaddr.sin_family = AF_INET;
1082 ia->ia_broadaddr.sin_len = sizeof(struct sockaddr_in);
1083 ia->ia_broadaddr.sin_port = 0;
1084 bcopy(&(SIN(&ifr->ifr_broadaddr)->sin_addr),
1085 &ia->ia_broadaddr.sin_addr, sizeof(ia->ia_broadaddr.sin_addr));
1086 bzero(&ia->ia_broadaddr.sin_zero, sizeof(ia->ia_broadaddr.sin_zero));
1087
1088 ev_msg.vendor_code = KEV_VENDOR_APPLE;
1089 ev_msg.kev_class = KEV_NETWORK_CLASS;
1090 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
1091
1092 ev_msg.event_code = KEV_INET_SIFBRDADDR;
1093
1094 if (ia->ia_ifa.ifa_dstaddr) {
1095 in_event_data.ia_dstaddr = ((struct sockaddr_in *)
1096 (void *)ia->ia_ifa.ifa_dstaddr)->sin_addr;
1097 } else {
1098 in_event_data.ia_dstaddr.s_addr = INADDR_ANY;
1099 }
1100 in_event_data.ia_addr = ia->ia_addr.sin_addr;
1101 in_event_data.ia_net = ia->ia_net;
1102 in_event_data.ia_netmask = ia->ia_netmask;
1103 in_event_data.ia_subnet = ia->ia_subnet;
1104 in_event_data.ia_subnetmask = ia->ia_subnetmask;
1105 in_event_data.ia_netbroadcast = ia->ia_netbroadcast;
1106 IFA_UNLOCK(&ia->ia_ifa);
1107 (void) strlcpy(&in_event_data.link_data.if_name[0],
1108 ifp->if_name, IFNAMSIZ);
1109 in_event_data.link_data.if_family = ifp->if_family;
1110 in_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
1111
1112 ev_msg.dv[0].data_ptr = &in_event_data;
1113 ev_msg.dv[0].data_length = sizeof(struct kev_in_data);
1114 ev_msg.dv[1].data_length = 0;
1115
1116 dlil_post_complete_msg(ifp, &ev_msg);
1117 break;
1118
1119 default:
1120 VERIFY(0);
1121 /* NOTREACHED */
1122 }
1123
1124 return error;
1125 }
1126
1127 /*
1128 * Caller passes in the ioctl data pointer directly via "ifr", with the
1129 * expectation that this routine always uses bcopy() or other byte-aligned
1130 * memory accesses.
1131 */
1132 static __attribute__((noinline)) int
inctl_ifnetmask(struct ifnet * ifp,struct in_ifaddr * ia,u_long cmd,struct ifreq * ifr)1133 inctl_ifnetmask(struct ifnet *ifp, struct in_ifaddr *ia, u_long cmd,
1134 struct ifreq *ifr)
1135 {
1136 struct kev_in_data in_event_data;
1137 struct kev_msg ev_msg;
1138 struct sockaddr_in mask;
1139 int error = 0;
1140
1141 VERIFY(ifp != NULL);
1142
1143 bzero(&in_event_data, sizeof(struct kev_in_data));
1144 bzero(&ev_msg, sizeof(struct kev_msg));
1145
1146 switch (cmd) {
1147 case SIOCGIFNETMASK: /* struct ifreq */
1148 if (ia == NULL) {
1149 error = EADDRNOTAVAIL;
1150 break;
1151 }
1152 IFA_LOCK(&ia->ia_ifa);
1153 bcopy(&ia->ia_sockmask, &ifr->ifr_addr, sizeof(mask));
1154 IFA_UNLOCK(&ia->ia_ifa);
1155 break;
1156
1157 case SIOCSIFNETMASK: { /* struct ifreq */
1158 in_addr_t i;
1159
1160 bcopy(&ifr->ifr_addr, &mask, sizeof(mask));
1161 i = mask.sin_addr.s_addr;
1162
1163 VERIFY(ia != NULL);
1164 IFA_LOCK(&ia->ia_ifa);
1165 ia->ia_subnetmask = ntohl(ia->ia_sockmask.sin_addr.s_addr = i);
1166 ev_msg.vendor_code = KEV_VENDOR_APPLE;
1167 ev_msg.kev_class = KEV_NETWORK_CLASS;
1168 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
1169
1170 ev_msg.event_code = KEV_INET_SIFNETMASK;
1171
1172 if (ia->ia_ifa.ifa_dstaddr) {
1173 in_event_data.ia_dstaddr = ((struct sockaddr_in *)
1174 (void *)ia->ia_ifa.ifa_dstaddr)->sin_addr;
1175 } else {
1176 in_event_data.ia_dstaddr.s_addr = INADDR_ANY;
1177 }
1178 in_event_data.ia_addr = ia->ia_addr.sin_addr;
1179 in_event_data.ia_net = ia->ia_net;
1180 in_event_data.ia_netmask = ia->ia_netmask;
1181 in_event_data.ia_subnet = ia->ia_subnet;
1182 in_event_data.ia_subnetmask = ia->ia_subnetmask;
1183 in_event_data.ia_netbroadcast = ia->ia_netbroadcast;
1184 IFA_UNLOCK(&ia->ia_ifa);
1185 (void) strlcpy(&in_event_data.link_data.if_name[0],
1186 ifp->if_name, IFNAMSIZ);
1187 in_event_data.link_data.if_family = ifp->if_family;
1188 in_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
1189
1190 ev_msg.dv[0].data_ptr = &in_event_data;
1191 ev_msg.dv[0].data_length = sizeof(struct kev_in_data);
1192 ev_msg.dv[1].data_length = 0;
1193
1194 dlil_post_complete_msg(ifp, &ev_msg);
1195 break;
1196 }
1197
1198 default:
1199 VERIFY(0);
1200 /* NOTREACHED */
1201 }
1202
1203 return error;
1204 }
1205
1206 /*
1207 * Generic INET control operations (ioctl's).
1208 *
1209 * ifp is NULL if not an interface-specific ioctl.
1210 *
1211 * Most of the routines called to handle the ioctls would end up being
1212 * tail-call optimized, which unfortunately causes this routine to
1213 * consume too much stack space; this is the reason for the "noinline"
1214 * attribute used on those routines.
1215 *
1216 * If called directly from within the networking stack (as opposed to via
1217 * pru_control), the socket parameter may be NULL.
1218 */
1219 int
in_control(struct socket * so,u_long cmd,caddr_t data,struct ifnet * ifp,struct proc * p)1220 in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
1221 struct proc *p)
1222 {
1223 struct ifreq *ifr = (struct ifreq *)(void *)data;
1224 struct sockaddr_in addr, dstaddr;
1225 struct sockaddr_in sin, *sa = NULL;
1226 boolean_t privileged = (proc_suser(p) == 0);
1227 boolean_t so_unlocked = FALSE;
1228 struct in_ifaddr *ia = NULL;
1229 struct ifaddr *ifa;
1230 int error = 0;
1231 int intval;
1232
1233 /* In case it's NULL, make sure it came from the kernel */
1234 VERIFY(so != NULL || p == kernproc);
1235
1236 /*
1237 * ioctls which don't require ifp, but require socket.
1238 */
1239 switch (cmd) {
1240 case SIOCGASSOCIDS32: /* struct so_aidreq32 */
1241 case SIOCGASSOCIDS64: /* struct so_aidreq64 */
1242 return inctl_associd(so, cmd, data);
1243 /* NOTREACHED */
1244
1245 case SIOCGCONNIDS32: /* struct so_cidreq32 */
1246 case SIOCGCONNIDS64: /* struct so_cidreq64 */
1247 return inctl_connid(so, cmd, data);
1248 /* NOTREACHED */
1249
1250 case SIOCGCONNINFO32: /* struct so_cinforeq32 */
1251 case SIOCGCONNINFO64: /* struct so_cinforeq64 */
1252 return inctl_conninfo(so, cmd, data);
1253 /* NOTREACHED */
1254 }
1255
1256 /*
1257 * The rest of ioctls require ifp; reject if we don't have one;
1258 * return ENXIO to be consistent with ifioctl().
1259 */
1260 if (ifp == NULL) {
1261 return ENXIO;
1262 }
1263
1264 /*
1265 * ioctls which require ifp but not interface address.
1266 */
1267 switch (cmd) {
1268 case SIOCAUTOADDR: /* struct ifreq */
1269 if (!privileged) {
1270 return EPERM;
1271 }
1272 return inctl_autoaddr(ifp, ifr);
1273 /* NOTREACHED */
1274
1275 case SIOCARPIPLL: /* struct ifreq */
1276 if (!privileged) {
1277 return EPERM;
1278 }
1279 return inctl_arpipll(ifp, ifr);
1280 /* NOTREACHED */
1281
1282 case SIOCGETROUTERMODE: /* struct ifreq */
1283 intval = (ifp->if_eflags & IFEF_IPV4_ROUTER) != 0 ? 1 : 0;
1284 bcopy(&intval, &ifr->ifr_intval, sizeof(intval));
1285 return 0;
1286 /* NOTREACHED */
1287
1288 case SIOCSETROUTERMODE: /* struct ifreq */
1289 if (!privileged) {
1290 return EPERM;
1291 }
1292 return inctl_setrouter(ifp, ifr);
1293 /* NOTREACHED */
1294
1295 case SIOCPROTOATTACH: /* struct ifreq */
1296 if (!privileged) {
1297 return EPERM;
1298 }
1299 return in_domifattach(ifp);
1300 /* NOTREACHED */
1301
1302 case SIOCPROTODETACH: /* struct ifreq */
1303 if (!privileged) {
1304 return EPERM;
1305 }
1306
1307 /*
1308 * If an IPv4 address is still present, refuse to detach.
1309 */
1310 ifnet_lock_shared(ifp);
1311 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1312 IFA_LOCK(ifa);
1313 if (ifa->ifa_addr->sa_family == AF_INET) {
1314 IFA_UNLOCK(ifa);
1315 break;
1316 }
1317 IFA_UNLOCK(ifa);
1318 }
1319 ifnet_lock_done(ifp);
1320 return (ifa == NULL) ? proto_unplumb(PF_INET, ifp) : EBUSY;
1321 /* NOTREACHED */
1322 }
1323
1324 /*
1325 * ioctls which require interface address; obtain sockaddr_in.
1326 */
1327 switch (cmd) {
1328 case SIOCAIFADDR: /* struct {if,in_}aliasreq */
1329 if (!privileged) {
1330 return EPERM;
1331 }
1332 bcopy(&((struct in_aliasreq *)(void *)data)->ifra_addr,
1333 &sin, sizeof(sin));
1334 sa = &sin;
1335 break;
1336
1337 case SIOCDIFADDR: /* struct ifreq */
1338 case SIOCSIFADDR: /* struct ifreq */
1339 case SIOCSIFDSTADDR: /* struct ifreq */
1340 case SIOCSIFNETMASK: /* struct ifreq */
1341 case SIOCSIFBRDADDR: /* struct ifreq */
1342 if (!privileged) {
1343 return EPERM;
1344 }
1345 OS_FALLTHROUGH;
1346 case SIOCGIFADDR: /* struct ifreq */
1347 case SIOCGIFDSTADDR: /* struct ifreq */
1348 case SIOCGIFNETMASK: /* struct ifreq */
1349 case SIOCGIFBRDADDR: /* struct ifreq */
1350 bcopy(&ifr->ifr_addr, &sin, sizeof(sin));
1351 sa = &sin;
1352 break;
1353 }
1354
1355 /*
1356 * Find address for this interface, if it exists.
1357 *
1358 * If an alias address was specified, find that one instead of
1359 * the first one on the interface, if possible.
1360 */
1361 VERIFY(ia == NULL);
1362 if (sa != NULL) {
1363 struct in_ifaddr *iap;
1364
1365 /*
1366 * Any failures from this point on must take into account
1367 * a non-NULL "ia" with an outstanding reference count, and
1368 * therefore requires IFA_REMREF. Jump to "done" label
1369 * instead of calling return if "ia" is valid.
1370 */
1371 lck_rw_lock_shared(&in_ifaddr_rwlock);
1372 TAILQ_FOREACH(iap, INADDR_HASH(sa->sin_addr.s_addr), ia_hash) {
1373 IFA_LOCK(&iap->ia_ifa);
1374 if (iap->ia_ifp == ifp &&
1375 iap->ia_addr.sin_addr.s_addr ==
1376 sa->sin_addr.s_addr) {
1377 ia = iap;
1378 IFA_ADDREF_LOCKED(&iap->ia_ifa);
1379 IFA_UNLOCK(&iap->ia_ifa);
1380 break;
1381 }
1382 IFA_UNLOCK(&iap->ia_ifa);
1383 }
1384 lck_rw_done(&in_ifaddr_rwlock);
1385
1386 if (ia == NULL) {
1387 ifnet_lock_shared(ifp);
1388 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1389 iap = ifatoia(ifa);
1390 IFA_LOCK(&iap->ia_ifa);
1391 if (iap->ia_addr.sin_family == AF_INET) {
1392 ia = iap;
1393 IFA_ADDREF_LOCKED(&iap->ia_ifa);
1394 IFA_UNLOCK(&iap->ia_ifa);
1395 break;
1396 }
1397 IFA_UNLOCK(&iap->ia_ifa);
1398 }
1399 ifnet_lock_done(ifp);
1400 }
1401 }
1402
1403 /*
1404 * Unlock the socket since ifnet_ioctl() may be invoked by
1405 * one of the ioctl handlers below. Socket will be re-locked
1406 * prior to returning.
1407 */
1408 if (so != NULL) {
1409 socket_unlock(so, 0);
1410 so_unlocked = TRUE;
1411 }
1412
1413 switch (cmd) {
1414 case SIOCAIFADDR: /* struct {if,in_}aliasreq */
1415 case SIOCDIFADDR: /* struct ifreq */
1416 if (cmd == SIOCAIFADDR) {
1417 bcopy(&((struct in_aliasreq *)(void *)data)->
1418 ifra_addr, &addr, sizeof(addr));
1419 bcopy(&((struct in_aliasreq *)(void *)data)->
1420 ifra_dstaddr, &dstaddr, sizeof(dstaddr));
1421 } else {
1422 VERIFY(cmd == SIOCDIFADDR);
1423 bcopy(&((struct ifreq *)(void *)data)->ifr_addr,
1424 &addr, sizeof(addr));
1425 bzero(&dstaddr, sizeof(dstaddr));
1426 }
1427
1428 if (addr.sin_family == AF_INET) {
1429 struct in_ifaddr *oia;
1430
1431 lck_rw_lock_shared(&in_ifaddr_rwlock);
1432 for (oia = ia; ia; ia = ia->ia_link.tqe_next) {
1433 IFA_LOCK(&ia->ia_ifa);
1434 if (ia->ia_ifp == ifp &&
1435 ia->ia_addr.sin_addr.s_addr ==
1436 addr.sin_addr.s_addr) {
1437 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1438 IFA_UNLOCK(&ia->ia_ifa);
1439 break;
1440 }
1441 IFA_UNLOCK(&ia->ia_ifa);
1442 }
1443 lck_rw_done(&in_ifaddr_rwlock);
1444 if (oia != NULL) {
1445 IFA_REMREF(&oia->ia_ifa);
1446 }
1447 if ((ifp->if_flags & IFF_POINTOPOINT) &&
1448 (cmd == SIOCAIFADDR) &&
1449 (dstaddr.sin_addr.s_addr == INADDR_ANY)) {
1450 error = EDESTADDRREQ;
1451 goto done;
1452 }
1453 } else if (cmd == SIOCAIFADDR) {
1454 error = EINVAL;
1455 goto done;
1456 }
1457 if (cmd == SIOCDIFADDR) {
1458 if (ia == NULL) {
1459 error = EADDRNOTAVAIL;
1460 goto done;
1461 }
1462
1463 IFA_LOCK(&ia->ia_ifa);
1464 /*
1465 * Avoid the race condition seen when two
1466 * threads process SIOCDIFADDR command
1467 * at the same time.
1468 */
1469 while (ia->ia_ifa.ifa_debug & IFD_DETACHING) {
1470 os_log(OS_LOG_DEFAULT,
1471 "Another thread is already attempting to "
1472 "delete IPv4 address: %s on interface %s. "
1473 "Go to sleep and check again after the operation is done",
1474 inet_ntoa(sa->sin_addr), ia->ia_ifp->if_xname);
1475 ia->ia_ifa.ifa_del_waiters++;
1476 (void) msleep(ia->ia_ifa.ifa_del_wc, &ia->ia_ifa.ifa_lock, (PZERO - 1),
1477 __func__, NULL);
1478 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
1479 }
1480
1481 if ((ia->ia_ifa.ifa_debug & IFD_ATTACHED) == 0) {
1482 error = EADDRNOTAVAIL;
1483 IFA_UNLOCK(&ia->ia_ifa);
1484 goto done;
1485 }
1486
1487 ia->ia_ifa.ifa_debug |= IFD_DETACHING;
1488 IFA_UNLOCK(&ia->ia_ifa);
1489 }
1490
1491 OS_FALLTHROUGH;
1492 case SIOCSIFADDR: /* struct ifreq */
1493 case SIOCSIFDSTADDR: /* struct ifreq */
1494 case SIOCSIFNETMASK: /* struct ifreq */
1495 if (cmd == SIOCAIFADDR) {
1496 /* fell thru from above; just repeat it */
1497 bcopy(&((struct in_aliasreq *)(void *)data)->
1498 ifra_addr, &addr, sizeof(addr));
1499 } else {
1500 VERIFY(cmd == SIOCDIFADDR || cmd == SIOCSIFADDR ||
1501 cmd == SIOCSIFNETMASK || cmd == SIOCSIFDSTADDR);
1502 bcopy(&((struct ifreq *)(void *)data)->ifr_addr,
1503 &addr, sizeof(addr));
1504 }
1505
1506 if (addr.sin_family != AF_INET && cmd == SIOCSIFADDR) {
1507 error = EINVAL;
1508 goto done;
1509 }
1510
1511 if ((cmd == SIOCAIFADDR || cmd == SIOCSIFADDR) &&
1512 (IN_MULTICAST(ntohl(addr.sin_addr.s_addr)) ||
1513 addr.sin_addr.s_addr == INADDR_BROADCAST ||
1514 addr.sin_addr.s_addr == INADDR_ANY)) {
1515 error = EINVAL;
1516 goto done;
1517 }
1518
1519 if (ia == NULL) {
1520 ia = in_ifaddr_alloc(Z_WAITOK);
1521 if (ia == NULL) {
1522 error = ENOBUFS;
1523 goto done;
1524 }
1525 ifnet_lock_exclusive(ifp);
1526 ifa = &ia->ia_ifa;
1527 IFA_LOCK(ifa);
1528 /* Hold a reference for this routine */
1529 IFA_ADDREF_LOCKED(ifa);
1530 IA_HASH_INIT(ia);
1531 ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
1532 ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
1533 ifa->ifa_netmask = (struct sockaddr *)&ia->ia_sockmask;
1534 ia->ia_sockmask.sin_len = offsetof(struct sockaddr_in, sin_zero);
1535 if (ifp->if_flags & IFF_BROADCAST) {
1536 ia->ia_broadaddr.sin_len = sizeof(ia->ia_addr);
1537 ia->ia_broadaddr.sin_family = AF_INET;
1538 }
1539 ia->ia_ifp = ifp;
1540 if (!(ifp->if_flags & IFF_LOOPBACK)) {
1541 in_interfaces++;
1542 }
1543 /* if_attach_ifa() holds a reference for ifa_link */
1544 if_attach_ifa(ifp, ifa);
1545 /*
1546 * If we have to go through in_ifinit(), make sure
1547 * to avoid installing route(s) based on this address
1548 * via PFC_IFUP event, before the link resolver (ARP)
1549 * initializes it.
1550 */
1551 if (cmd == SIOCAIFADDR || cmd == SIOCSIFADDR) {
1552 ifa->ifa_debug |= IFD_NOTREADY;
1553 }
1554 IFA_UNLOCK(ifa);
1555 ifnet_lock_done(ifp);
1556 lck_rw_lock_exclusive(&in_ifaddr_rwlock);
1557 /* Hold a reference for ia_link */
1558 IFA_ADDREF(ifa);
1559 TAILQ_INSERT_TAIL(&in_ifaddrhead, ia, ia_link);
1560 lck_rw_done(&in_ifaddr_rwlock);
1561 /* discard error */
1562 (void) in_domifattach(ifp);
1563 error = 0;
1564 }
1565 break;
1566 }
1567
1568 switch (cmd) {
1569 case SIOCGIFDSTADDR: /* struct ifreq */
1570 case SIOCSIFDSTADDR: /* struct ifreq */
1571 error = inctl_ifdstaddr(ifp, ia, cmd, ifr);
1572 break;
1573
1574 case SIOCGIFBRDADDR: /* struct ifreq */
1575 case SIOCSIFBRDADDR: /* struct ifreq */
1576 error = inctl_ifbrdaddr(ifp, ia, cmd, ifr);
1577 break;
1578
1579 case SIOCGIFNETMASK: /* struct ifreq */
1580 case SIOCSIFNETMASK: /* struct ifreq */
1581 error = inctl_ifnetmask(ifp, ia, cmd, ifr);
1582 break;
1583
1584 case SIOCGIFADDR: /* struct ifreq */
1585 case SIOCSIFADDR: /* struct ifreq */
1586 case SIOCAIFADDR: /* struct {if,in_}aliasreq */
1587 case SIOCDIFADDR: /* struct ifreq */
1588 error = inctl_ifaddr(ifp, ia, cmd, ifr);
1589 break;
1590
1591 default:
1592 error = EOPNOTSUPP;
1593 break;
1594 }
1595
1596 done:
1597 if (ia != NULL) {
1598 if (cmd == SIOCDIFADDR) {
1599 IFA_LOCK(&ia->ia_ifa);
1600 ia->ia_ifa.ifa_debug &= ~IFD_DETACHING;
1601 if (ia->ia_ifa.ifa_del_waiters > 0) {
1602 ia->ia_ifa.ifa_del_waiters = 0;
1603 wakeup(ia->ia_ifa.ifa_del_wc);
1604 }
1605 IFA_UNLOCK(&ia->ia_ifa);
1606 }
1607 IFA_REMREF(&ia->ia_ifa);
1608 }
1609 if (so_unlocked) {
1610 socket_lock(so, 0);
1611 }
1612
1613 return error;
1614 }
1615
1616 /*
1617 * Delete any existing route for an interface.
1618 */
1619 void
in_ifscrub(struct ifnet * ifp,struct in_ifaddr * ia,int locked)1620 in_ifscrub(struct ifnet *ifp, struct in_ifaddr *ia, int locked)
1621 {
1622 IFA_LOCK(&ia->ia_ifa);
1623 if ((ia->ia_flags & IFA_ROUTE) == 0) {
1624 IFA_UNLOCK(&ia->ia_ifa);
1625 return;
1626 }
1627 IFA_UNLOCK(&ia->ia_ifa);
1628 if (!locked) {
1629 lck_mtx_lock(rnh_lock);
1630 }
1631 if (ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) {
1632 rtinit_locked(&(ia->ia_ifa), RTM_DELETE, RTF_HOST);
1633 } else {
1634 rtinit_locked(&(ia->ia_ifa), RTM_DELETE, 0);
1635 }
1636 IFA_LOCK(&ia->ia_ifa);
1637 ia->ia_flags &= ~IFA_ROUTE;
1638 IFA_UNLOCK(&ia->ia_ifa);
1639 if (!locked) {
1640 lck_mtx_unlock(rnh_lock);
1641 }
1642 }
1643
1644 /*
1645 * Caller must hold in_ifaddr_rwlock as writer.
1646 */
1647 static void
in_iahash_remove(struct in_ifaddr * ia)1648 in_iahash_remove(struct in_ifaddr *ia)
1649 {
1650 LCK_RW_ASSERT(&in_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
1651 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
1652
1653 if (!IA_IS_HASHED(ia)) {
1654 panic("attempt to remove wrong ia %p from hash table", ia);
1655 /* NOTREACHED */
1656 }
1657 TAILQ_REMOVE(INADDR_HASH(ia->ia_addr.sin_addr.s_addr), ia, ia_hash);
1658 IA_HASH_INIT(ia);
1659 if (IFA_REMREF_LOCKED(&ia->ia_ifa) == NULL) {
1660 panic("%s: unexpected (missing) refcnt ifa=%p", __func__,
1661 &ia->ia_ifa);
1662 /* NOTREACHED */
1663 }
1664 }
1665
1666 /*
1667 * Caller must hold in_ifaddr_rwlock as writer.
1668 */
1669 static void
in_iahash_insert(struct in_ifaddr * ia)1670 in_iahash_insert(struct in_ifaddr *ia)
1671 {
1672 LCK_RW_ASSERT(&in_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
1673 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
1674
1675 if (ia->ia_addr.sin_family != AF_INET) {
1676 panic("attempt to insert wrong ia %p into hash table", ia);
1677 /* NOTREACHED */
1678 } else if (IA_IS_HASHED(ia)) {
1679 panic("attempt to double-insert ia %p into hash table", ia);
1680 /* NOTREACHED */
1681 }
1682 TAILQ_INSERT_HEAD(INADDR_HASH(ia->ia_addr.sin_addr.s_addr),
1683 ia, ia_hash);
1684 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1685 }
1686
1687 /*
1688 * Some point to point interfaces that are tunnels borrow the address from
1689 * an underlying interface (e.g. VPN server). In order for source address
1690 * selection logic to find the underlying interface first, we add the address
1691 * of borrowing point to point interfaces at the end of the list.
1692 * (see rdar://6733789)
1693 *
1694 * Caller must hold in_ifaddr_rwlock as writer.
1695 */
1696 static void
in_iahash_insert_ptp(struct in_ifaddr * ia)1697 in_iahash_insert_ptp(struct in_ifaddr *ia)
1698 {
1699 struct in_ifaddr *tmp_ifa;
1700 struct ifnet *tmp_ifp;
1701
1702 LCK_RW_ASSERT(&in_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
1703 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
1704
1705 if (ia->ia_addr.sin_family != AF_INET) {
1706 panic("attempt to insert wrong ia %p into hash table", ia);
1707 /* NOTREACHED */
1708 } else if (IA_IS_HASHED(ia)) {
1709 panic("attempt to double-insert ia %p into hash table", ia);
1710 /* NOTREACHED */
1711 }
1712 IFA_UNLOCK(&ia->ia_ifa);
1713 TAILQ_FOREACH(tmp_ifa, INADDR_HASH(ia->ia_addr.sin_addr.s_addr),
1714 ia_hash) {
1715 IFA_LOCK(&tmp_ifa->ia_ifa);
1716 /* ia->ia_addr won't change, so check without lock */
1717 if (IA_SIN(tmp_ifa)->sin_addr.s_addr ==
1718 ia->ia_addr.sin_addr.s_addr) {
1719 IFA_UNLOCK(&tmp_ifa->ia_ifa);
1720 break;
1721 }
1722 IFA_UNLOCK(&tmp_ifa->ia_ifa);
1723 }
1724 tmp_ifp = (tmp_ifa == NULL) ? NULL : tmp_ifa->ia_ifp;
1725
1726 IFA_LOCK(&ia->ia_ifa);
1727 if (tmp_ifp == NULL) {
1728 TAILQ_INSERT_HEAD(INADDR_HASH(ia->ia_addr.sin_addr.s_addr),
1729 ia, ia_hash);
1730 } else {
1731 TAILQ_INSERT_TAIL(INADDR_HASH(ia->ia_addr.sin_addr.s_addr),
1732 ia, ia_hash);
1733 }
1734 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1735 }
1736
1737 /*
1738 * Initialize an interface's internet address
1739 * and routing table entry.
1740 */
1741 static int
in_ifinit(struct ifnet * ifp,struct in_ifaddr * ia,struct sockaddr_in * sin,int scrub)1742 in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, struct sockaddr_in *sin,
1743 int scrub)
1744 {
1745 u_int32_t i = ntohl(sin->sin_addr.s_addr);
1746 struct sockaddr_in oldaddr;
1747 int flags = RTF_UP, error;
1748 struct ifaddr *ifa0;
1749 unsigned int cmd;
1750 int oldremoved = 0;
1751
1752 /* Take an extra reference for this routine */
1753 IFA_ADDREF(&ia->ia_ifa);
1754
1755 lck_rw_lock_exclusive(&in_ifaddr_rwlock);
1756 IFA_LOCK(&ia->ia_ifa);
1757 oldaddr = ia->ia_addr;
1758 if (IA_IS_HASHED(ia)) {
1759 oldremoved = 1;
1760 in_iahash_remove(ia);
1761 }
1762 ia->ia_addr = *sin;
1763 /*
1764 * Interface addresses should not contain port or sin_zero information.
1765 */
1766 SIN(&ia->ia_addr)->sin_family = AF_INET;
1767 SIN(&ia->ia_addr)->sin_len = sizeof(struct sockaddr_in);
1768 SIN(&ia->ia_addr)->sin_port = 0;
1769 bzero(&SIN(&ia->ia_addr)->sin_zero, sizeof(sin->sin_zero));
1770 if ((ifp->if_flags & IFF_POINTOPOINT)) {
1771 in_iahash_insert_ptp(ia);
1772 } else {
1773 in_iahash_insert(ia);
1774 }
1775 IFA_UNLOCK(&ia->ia_ifa);
1776 lck_rw_done(&in_ifaddr_rwlock);
1777
1778 /*
1779 * Give the interface a chance to initialize if this is its first
1780 * address, and to validate the address if necessary. Send down
1781 * SIOCSIFADDR for first address, and SIOCAIFADDR for alias(es).
1782 * We find the first IPV4 address assigned to it and check if this
1783 * is the same as the one passed into this routine.
1784 */
1785 ifa0 = ifa_ifpgetprimary(ifp, AF_INET);
1786 cmd = (&ia->ia_ifa == ifa0) ? SIOCSIFADDR : SIOCAIFADDR;
1787 error = ifnet_ioctl(ifp, PF_INET, cmd, ia);
1788 if (error == EOPNOTSUPP) {
1789 error = 0;
1790 }
1791 /*
1792 * If we've just sent down SIOCAIFADDR, send another ioctl down
1793 * for SIOCSIFADDR for the first IPV4 address of the interface,
1794 * because an address change on one of the addresses will result
1795 * in the removal of the previous first IPV4 address. KDP needs
1796 * be reconfigured with the current primary IPV4 address.
1797 */
1798 if (error == 0 && cmd == SIOCAIFADDR) {
1799 /*
1800 * NOTE: SIOCSIFADDR is defined with struct ifreq
1801 * as parameter, but here we are sending it down
1802 * to the interface with a pointer to struct ifaddr,
1803 * for legacy reasons.
1804 */
1805 error = ifnet_ioctl(ifp, PF_INET, SIOCSIFADDR, ifa0);
1806 if (error == EOPNOTSUPP) {
1807 error = 0;
1808 }
1809 }
1810
1811 /* Release reference from ifa_ifpgetprimary() */
1812 IFA_REMREF(ifa0);
1813
1814 if (error) {
1815 lck_rw_lock_exclusive(&in_ifaddr_rwlock);
1816 IFA_LOCK(&ia->ia_ifa);
1817 if (IA_IS_HASHED(ia)) {
1818 in_iahash_remove(ia);
1819 }
1820 ia->ia_addr = oldaddr;
1821 if (oldremoved) {
1822 if ((ifp->if_flags & IFF_POINTOPOINT)) {
1823 in_iahash_insert_ptp(ia);
1824 } else {
1825 in_iahash_insert(ia);
1826 }
1827 }
1828 IFA_UNLOCK(&ia->ia_ifa);
1829 lck_rw_done(&in_ifaddr_rwlock);
1830 /* Release extra reference taken above */
1831 IFA_REMREF(&ia->ia_ifa);
1832 return error;
1833 }
1834 lck_mtx_lock(rnh_lock);
1835 IFA_LOCK(&ia->ia_ifa);
1836 /*
1837 * Address has been initialized by the link resolver (ARP)
1838 * via ifnet_ioctl() above; it may now generate route(s).
1839 */
1840 ia->ia_ifa.ifa_debug &= ~IFD_NOTREADY;
1841 if (scrub) {
1842 ia->ia_ifa.ifa_addr = (struct sockaddr *)&oldaddr;
1843 IFA_UNLOCK(&ia->ia_ifa);
1844 in_ifscrub(ifp, ia, 1);
1845 IFA_LOCK(&ia->ia_ifa);
1846 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
1847 }
1848 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
1849 if (IN_CLASSA(i)) {
1850 ia->ia_netmask = IN_CLASSA_NET;
1851 } else if (IN_CLASSB(i)) {
1852 ia->ia_netmask = IN_CLASSB_NET;
1853 } else {
1854 ia->ia_netmask = IN_CLASSC_NET;
1855 }
1856 /*
1857 * The subnet mask usually includes at least the standard network part,
1858 * but may may be smaller in the case of supernetting.
1859 * If it is set, we believe it.
1860 */
1861 if (ia->ia_subnetmask == 0) {
1862 ia->ia_subnetmask = ia->ia_netmask;
1863 ia->ia_sockmask.sin_addr.s_addr = htonl(ia->ia_subnetmask);
1864 } else {
1865 ia->ia_netmask &= ia->ia_subnetmask;
1866 }
1867 ia->ia_net = i & ia->ia_netmask;
1868 ia->ia_subnet = i & ia->ia_subnetmask;
1869 in_socktrim(&ia->ia_sockmask);
1870 /*
1871 * Add route for the network.
1872 */
1873 ia->ia_ifa.ifa_metric = ifp->if_metric;
1874 if (ifp->if_flags & IFF_BROADCAST) {
1875 ia->ia_broadaddr.sin_addr.s_addr =
1876 htonl(ia->ia_subnet | ~ia->ia_subnetmask);
1877 ia->ia_netbroadcast.s_addr =
1878 htonl(ia->ia_net | ~ia->ia_netmask);
1879 } else if (ifp->if_flags & IFF_LOOPBACK) {
1880 ia->ia_ifa.ifa_dstaddr = ia->ia_ifa.ifa_addr;
1881 flags |= RTF_HOST;
1882 } else if (ifp->if_flags & IFF_POINTOPOINT) {
1883 if (ia->ia_dstaddr.sin_family != AF_INET) {
1884 IFA_UNLOCK(&ia->ia_ifa);
1885 lck_mtx_unlock(rnh_lock);
1886 /* Release extra reference taken above */
1887 IFA_REMREF(&ia->ia_ifa);
1888 return 0;
1889 }
1890 ia->ia_dstaddr.sin_len = sizeof(struct sockaddr_in);
1891 flags |= RTF_HOST;
1892 }
1893 IFA_UNLOCK(&ia->ia_ifa);
1894
1895 if ((error = rtinit_locked(&(ia->ia_ifa), RTM_ADD, flags)) == 0) {
1896 IFA_LOCK(&ia->ia_ifa);
1897 ia->ia_flags |= IFA_ROUTE;
1898 IFA_UNLOCK(&ia->ia_ifa);
1899 }
1900 lck_mtx_unlock(rnh_lock);
1901
1902 /* XXX check if the subnet route points to the same interface */
1903 if (error == EEXIST) {
1904 error = 0;
1905 }
1906
1907 /*
1908 * If the interface supports multicast, join the "all hosts"
1909 * multicast group on that interface.
1910 */
1911 if (ifp->if_flags & IFF_MULTICAST) {
1912 struct in_addr addr;
1913
1914 lck_mtx_lock(&ifp->if_addrconfig_lock);
1915 addr.s_addr = htonl(INADDR_ALLHOSTS_GROUP);
1916 if (ifp->if_allhostsinm == NULL) {
1917 struct in_multi *inm;
1918 inm = in_addmulti(&addr, ifp);
1919
1920 if (inm != NULL) {
1921 /*
1922 * Keep the reference on inm added by
1923 * in_addmulti above for storing the
1924 * pointer in allhostsinm.
1925 */
1926 ifp->if_allhostsinm = inm;
1927 } else {
1928 printf("%s: failed to add membership to "
1929 "all-hosts multicast address on %s\n",
1930 __func__, if_name(ifp));
1931 }
1932 }
1933 lck_mtx_unlock(&ifp->if_addrconfig_lock);
1934 }
1935
1936 /* Release extra reference taken above */
1937 IFA_REMREF(&ia->ia_ifa);
1938
1939 if (error == 0) {
1940 /* invalidate route caches */
1941 routegenid_inet_update();
1942 }
1943
1944 return error;
1945 }
1946
1947 /*
1948 * Return TRUE if the address might be a local broadcast address.
1949 */
1950 boolean_t
in_broadcast(struct in_addr in,struct ifnet * ifp)1951 in_broadcast(struct in_addr in, struct ifnet *ifp)
1952 {
1953 struct ifaddr *ifa;
1954 u_int32_t t;
1955
1956 if (in.s_addr == INADDR_BROADCAST || in.s_addr == INADDR_ANY) {
1957 return TRUE;
1958 }
1959 if (!(ifp->if_flags & IFF_BROADCAST)) {
1960 return FALSE;
1961 }
1962 t = ntohl(in.s_addr);
1963
1964 /*
1965 * Look through the list of addresses for a match
1966 * with a broadcast address.
1967 */
1968 #define ia ((struct in_ifaddr *)ifa)
1969 ifnet_lock_shared(ifp);
1970 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1971 IFA_LOCK(ifa);
1972 if (ifa->ifa_addr->sa_family == AF_INET &&
1973 (in.s_addr == ia->ia_broadaddr.sin_addr.s_addr ||
1974 in.s_addr == ia->ia_netbroadcast.s_addr ||
1975 /*
1976 * Check for old-style (host 0) broadcast.
1977 */
1978 t == ia->ia_subnet || t == ia->ia_net) &&
1979 /*
1980 * Check for an all one subnetmask. These
1981 * only exist when an interface gets a secondary
1982 * address.
1983 */
1984 ia->ia_subnetmask != (u_int32_t)0xffffffff) {
1985 IFA_UNLOCK(ifa);
1986 ifnet_lock_done(ifp);
1987 return TRUE;
1988 }
1989 IFA_UNLOCK(ifa);
1990 }
1991 ifnet_lock_done(ifp);
1992 return FALSE;
1993 #undef ia
1994 }
1995
1996 void
in_purgeaddrs(struct ifnet * ifp)1997 in_purgeaddrs(struct ifnet *ifp)
1998 {
1999 struct ifaddr **ifap;
2000 int err, i;
2001
2002 VERIFY(ifp != NULL);
2003
2004 /*
2005 * Be nice, and try the civilized way first. If we can't get
2006 * rid of them this way, then do it the rough way. We must
2007 * only get here during detach time, after the ifnet has been
2008 * removed from the global list and arrays.
2009 */
2010 err = ifnet_get_address_list_family_internal(ifp, &ifap, AF_INET, 1,
2011 M_WAITOK, 0);
2012 if (err == 0 && ifap != NULL) {
2013 struct ifreq ifr;
2014
2015 bzero(&ifr, sizeof(ifr));
2016 (void) snprintf(ifr.ifr_name, sizeof(ifr.ifr_name),
2017 "%s", if_name(ifp));
2018
2019 for (i = 0; ifap[i] != NULL; i++) {
2020 struct ifaddr *ifa;
2021
2022 ifa = ifap[i];
2023 IFA_LOCK(ifa);
2024 bcopy(ifa->ifa_addr, &ifr.ifr_addr,
2025 sizeof(struct sockaddr_in));
2026 IFA_UNLOCK(ifa);
2027 err = in_control(NULL, SIOCDIFADDR, (caddr_t)&ifr, ifp,
2028 kernproc);
2029 /* if we lost the race, ignore it */
2030 if (err == EADDRNOTAVAIL) {
2031 err = 0;
2032 }
2033 if (err != 0) {
2034 char s_addr[MAX_IPv4_STR_LEN];
2035 char s_dstaddr[MAX_IPv4_STR_LEN];
2036 struct in_addr *s, *d;
2037
2038 IFA_LOCK(ifa);
2039 s = &((struct sockaddr_in *)
2040 (void *)ifa->ifa_addr)->sin_addr;
2041 d = &((struct sockaddr_in *)
2042 (void *)ifa->ifa_dstaddr)->sin_addr;
2043 (void) inet_ntop(AF_INET, &s->s_addr, s_addr,
2044 sizeof(s_addr));
2045 (void) inet_ntop(AF_INET, &d->s_addr, s_dstaddr,
2046 sizeof(s_dstaddr));
2047 IFA_UNLOCK(ifa);
2048
2049 printf("%s: SIOCDIFADDR ifp=%s ifa_addr=%s "
2050 "ifa_dstaddr=%s (err=%d)\n", __func__,
2051 ifp->if_xname, s_addr, s_dstaddr, err);
2052 }
2053 }
2054 ifnet_free_address_list(ifap);
2055 } else if (err != 0 && err != ENXIO) {
2056 printf("%s: error retrieving list of AF_INET addresses for "
2057 "ifp=%s (err=%d)\n", __func__, ifp->if_xname, err);
2058 }
2059 }
2060
2061 /*
2062 * Called as part of ip_init
2063 */
2064 void
in_ifaddr_init(void)2065 in_ifaddr_init(void)
2066 {
2067 size_t inifa_size = (inifa_debug == 0) ? sizeof(struct in_ifaddr) :
2068 sizeof(struct in_ifaddr_dbg);
2069
2070 in_multi_init();
2071
2072 inifa_zone = zone_create(INIFA_ZONE_NAME, inifa_size, ZC_NONE);
2073
2074 TAILQ_INIT(&inifa_trash_head);
2075 }
2076
2077 static struct in_ifaddr *
in_ifaddr_alloc(zalloc_flags_t how)2078 in_ifaddr_alloc(zalloc_flags_t how)
2079 {
2080 struct in_ifaddr *inifa;
2081
2082 inifa = zalloc_flags(inifa_zone, Z_ZERO | how);
2083 if (inifa != NULL) {
2084 inifa->ia_ifa.ifa_free = in_ifaddr_free;
2085 inifa->ia_ifa.ifa_debug |= IFD_ALLOC;
2086 inifa->ia_ifa.ifa_del_wc = &inifa->ia_ifa.ifa_debug;
2087 inifa->ia_ifa.ifa_del_waiters = 0;
2088 ifa_lock_init(&inifa->ia_ifa);
2089 if (inifa_debug != 0) {
2090 struct in_ifaddr_dbg *inifa_dbg =
2091 (struct in_ifaddr_dbg *)inifa;
2092 inifa->ia_ifa.ifa_debug |= IFD_DEBUG;
2093 inifa->ia_ifa.ifa_trace = in_ifaddr_trace;
2094 inifa->ia_ifa.ifa_attached = in_ifaddr_attached;
2095 inifa->ia_ifa.ifa_detached = in_ifaddr_detached;
2096 ctrace_record(&inifa_dbg->inifa_alloc);
2097 }
2098 }
2099 return inifa;
2100 }
2101
2102 static void
in_ifaddr_free(struct ifaddr * ifa)2103 in_ifaddr_free(struct ifaddr *ifa)
2104 {
2105 IFA_LOCK_ASSERT_HELD(ifa);
2106
2107 if (ifa->ifa_refcnt != 0) {
2108 panic("%s: ifa %p bad ref cnt", __func__, ifa);
2109 /* NOTREACHED */
2110 }
2111 if (!(ifa->ifa_debug & IFD_ALLOC)) {
2112 panic("%s: ifa %p cannot be freed", __func__, ifa);
2113 /* NOTREACHED */
2114 }
2115 if (ifa->ifa_debug & IFD_DEBUG) {
2116 struct in_ifaddr_dbg *inifa_dbg = (struct in_ifaddr_dbg *)ifa;
2117 ctrace_record(&inifa_dbg->inifa_free);
2118 bcopy(&inifa_dbg->inifa, &inifa_dbg->inifa_old,
2119 sizeof(struct in_ifaddr));
2120 if (ifa->ifa_debug & IFD_TRASHED) {
2121 /* Become a regular mutex, just in case */
2122 IFA_CONVERT_LOCK(ifa);
2123 lck_mtx_lock(&inifa_trash_lock);
2124 TAILQ_REMOVE(&inifa_trash_head, inifa_dbg,
2125 inifa_trash_link);
2126 lck_mtx_unlock(&inifa_trash_lock);
2127 ifa->ifa_debug &= ~IFD_TRASHED;
2128 }
2129 }
2130 IFA_UNLOCK(ifa);
2131 ifa_lock_destroy(ifa);
2132 bzero(ifa, sizeof(struct in_ifaddr));
2133 zfree(inifa_zone, ifa);
2134 }
2135
2136 static void
in_ifaddr_attached(struct ifaddr * ifa)2137 in_ifaddr_attached(struct ifaddr *ifa)
2138 {
2139 struct in_ifaddr_dbg *inifa_dbg = (struct in_ifaddr_dbg *)ifa;
2140
2141 IFA_LOCK_ASSERT_HELD(ifa);
2142
2143 if (!(ifa->ifa_debug & IFD_DEBUG)) {
2144 panic("%s: ifa %p has no debug structure", __func__, ifa);
2145 /* NOTREACHED */
2146 }
2147 if (ifa->ifa_debug & IFD_TRASHED) {
2148 /* Become a regular mutex, just in case */
2149 IFA_CONVERT_LOCK(ifa);
2150 lck_mtx_lock(&inifa_trash_lock);
2151 TAILQ_REMOVE(&inifa_trash_head, inifa_dbg, inifa_trash_link);
2152 lck_mtx_unlock(&inifa_trash_lock);
2153 ifa->ifa_debug &= ~IFD_TRASHED;
2154 }
2155 }
2156
2157 static void
in_ifaddr_detached(struct ifaddr * ifa)2158 in_ifaddr_detached(struct ifaddr *ifa)
2159 {
2160 struct in_ifaddr_dbg *inifa_dbg = (struct in_ifaddr_dbg *)ifa;
2161
2162 IFA_LOCK_ASSERT_HELD(ifa);
2163
2164 if (!(ifa->ifa_debug & IFD_DEBUG)) {
2165 panic("%s: ifa %p has no debug structure", __func__, ifa);
2166 /* NOTREACHED */
2167 } else if (ifa->ifa_debug & IFD_TRASHED) {
2168 panic("%s: ifa %p is already in trash list", __func__, ifa);
2169 /* NOTREACHED */
2170 }
2171 ifa->ifa_debug |= IFD_TRASHED;
2172 /* Become a regular mutex, just in case */
2173 IFA_CONVERT_LOCK(ifa);
2174 lck_mtx_lock(&inifa_trash_lock);
2175 TAILQ_INSERT_TAIL(&inifa_trash_head, inifa_dbg, inifa_trash_link);
2176 lck_mtx_unlock(&inifa_trash_lock);
2177 }
2178
2179 static void
in_ifaddr_trace(struct ifaddr * ifa,int refhold)2180 in_ifaddr_trace(struct ifaddr *ifa, int refhold)
2181 {
2182 struct in_ifaddr_dbg *inifa_dbg = (struct in_ifaddr_dbg *)ifa;
2183 ctrace_t *tr;
2184 u_int32_t idx;
2185 u_int16_t *cnt;
2186
2187 if (!(ifa->ifa_debug & IFD_DEBUG)) {
2188 panic("%s: ifa %p has no debug structure", __func__, ifa);
2189 /* NOTREACHED */
2190 }
2191 if (refhold) {
2192 cnt = &inifa_dbg->inifa_refhold_cnt;
2193 tr = inifa_dbg->inifa_refhold;
2194 } else {
2195 cnt = &inifa_dbg->inifa_refrele_cnt;
2196 tr = inifa_dbg->inifa_refrele;
2197 }
2198
2199 idx = atomic_add_16_ov(cnt, 1) % INIFA_TRACE_HIST_SIZE;
2200 ctrace_record(&tr[idx]);
2201 }
2202
2203 /*
2204 * Handle SIOCGASSOCIDS ioctl for PF_INET domain.
2205 */
2206 static int
in_getassocids(struct socket * so,uint32_t * cnt,user_addr_t aidp)2207 in_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp)
2208 {
2209 struct inpcb *inp = sotoinpcb(so);
2210 sae_associd_t aid;
2211
2212 if (inp == NULL || inp->inp_state == INPCB_STATE_DEAD) {
2213 return EINVAL;
2214 }
2215
2216 /* INPCB has no concept of association */
2217 aid = SAE_ASSOCID_ANY;
2218 *cnt = 0;
2219
2220 /* just asking how many there are? */
2221 if (aidp == USER_ADDR_NULL) {
2222 return 0;
2223 }
2224
2225 return copyout(&aid, aidp, sizeof(aid));
2226 }
2227
2228 /*
2229 * Handle SIOCGCONNIDS ioctl for PF_INET domain.
2230 */
2231 static int
in_getconnids(struct socket * so,sae_associd_t aid,uint32_t * cnt,user_addr_t cidp)2232 in_getconnids(struct socket *so, sae_associd_t aid, uint32_t *cnt,
2233 user_addr_t cidp)
2234 {
2235 struct inpcb *inp = sotoinpcb(so);
2236 sae_connid_t cid;
2237
2238 if (inp == NULL || inp->inp_state == INPCB_STATE_DEAD) {
2239 return EINVAL;
2240 }
2241
2242 if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
2243 return EINVAL;
2244 }
2245
2246 /* if connected, return 1 connection count */
2247 *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0);
2248
2249 /* just asking how many there are? */
2250 if (cidp == USER_ADDR_NULL) {
2251 return 0;
2252 }
2253
2254 /* if INPCB is connected, assign it connid 1 */
2255 cid = ((*cnt != 0) ? 1 : SAE_CONNID_ANY);
2256
2257 return copyout(&cid, cidp, sizeof(cid));
2258 }
2259
2260 /*
2261 * Handle SIOCGCONNINFO ioctl for PF_INET domain.
2262 */
2263 int
in_getconninfo(struct socket * so,sae_connid_t cid,uint32_t * flags,uint32_t * ifindex,int32_t * soerror,user_addr_t src,socklen_t * src_len,user_addr_t dst,socklen_t * dst_len,uint32_t * aux_type,user_addr_t aux_data,uint32_t * aux_len)2264 in_getconninfo(struct socket *so, sae_connid_t cid, uint32_t *flags,
2265 uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len,
2266 user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type,
2267 user_addr_t aux_data, uint32_t *aux_len)
2268 {
2269 struct inpcb *inp = sotoinpcb(so);
2270 struct sockaddr_in sin;
2271 struct ifnet *ifp = NULL;
2272 int error = 0;
2273 u_int32_t copy_len = 0;
2274
2275 /*
2276 * Don't test for INPCB_STATE_DEAD since this may be called
2277 * after SOF_PCBCLEARING is set, e.g. after tcp_close().
2278 */
2279 if (inp == NULL) {
2280 error = EINVAL;
2281 goto out;
2282 }
2283
2284 if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != 1) {
2285 error = EINVAL;
2286 goto out;
2287 }
2288
2289 ifp = inp->inp_last_outifp;
2290 *ifindex = ((ifp != NULL) ? ifp->if_index : 0);
2291 *soerror = so->so_error;
2292 *flags = 0;
2293 if (so->so_state & SS_ISCONNECTED) {
2294 *flags |= (CIF_CONNECTED | CIF_PREFERRED);
2295 }
2296 if (inp->inp_flags & INP_BOUND_IF) {
2297 *flags |= CIF_BOUND_IF;
2298 }
2299 if (!(inp->inp_flags & INP_INADDR_ANY)) {
2300 *flags |= CIF_BOUND_IP;
2301 }
2302 if (!(inp->inp_flags & INP_ANONPORT)) {
2303 *flags |= CIF_BOUND_PORT;
2304 }
2305
2306 bzero(&sin, sizeof(sin));
2307 sin.sin_len = sizeof(sin);
2308 sin.sin_family = AF_INET;
2309
2310 /* source address and port */
2311 sin.sin_port = inp->inp_lport;
2312 sin.sin_addr.s_addr = inp->inp_laddr.s_addr;
2313 if (*src_len == 0) {
2314 *src_len = sin.sin_len;
2315 } else {
2316 if (src != USER_ADDR_NULL) {
2317 copy_len = min(*src_len, sizeof(sin));
2318 error = copyout(&sin, src, copy_len);
2319 if (error != 0) {
2320 goto out;
2321 }
2322 *src_len = copy_len;
2323 }
2324 }
2325
2326 /* destination address and port */
2327 sin.sin_port = inp->inp_fport;
2328 sin.sin_addr.s_addr = inp->inp_faddr.s_addr;
2329 if (*dst_len == 0) {
2330 *dst_len = sin.sin_len;
2331 } else {
2332 if (dst != USER_ADDR_NULL) {
2333 copy_len = min(*dst_len, sizeof(sin));
2334 error = copyout(&sin, dst, copy_len);
2335 if (error != 0) {
2336 goto out;
2337 }
2338 *dst_len = copy_len;
2339 }
2340 }
2341
2342 if (SOCK_PROTO(so) == IPPROTO_TCP) {
2343 struct conninfo_tcp tcp_ci;
2344
2345 *aux_type = CIAUX_TCP;
2346 if (*aux_len == 0) {
2347 *aux_len = sizeof(tcp_ci);
2348 } else {
2349 if (aux_data != USER_ADDR_NULL) {
2350 copy_len = min(*aux_len, sizeof(tcp_ci));
2351 bzero(&tcp_ci, sizeof(tcp_ci));
2352 tcp_getconninfo(so, &tcp_ci);
2353 error = copyout(&tcp_ci, aux_data, copy_len);
2354 if (error != 0) {
2355 goto out;
2356 }
2357 *aux_len = copy_len;
2358 }
2359 }
2360 } else {
2361 *aux_type = 0;
2362 *aux_len = 0;
2363 }
2364
2365 out:
2366 return error;
2367 }
2368
2369 struct in_llentry {
2370 struct llentry base;
2371 };
2372
2373 #define IN_LLTBL_DEFAULT_HSIZE 32
2374 #define IN_LLTBL_HASH(k, h) \
2375 ((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
2376
2377 /*
2378 * Do actual deallocation of @lle.
2379 */
2380 static void
in_lltable_destroy_lle_unlocked(struct llentry * lle)2381 in_lltable_destroy_lle_unlocked(struct llentry *lle)
2382 {
2383 LLE_LOCK_DESTROY(lle);
2384 LLE_REQ_DESTROY(lle);
2385 kfree_type(struct in_llentry, lle);
2386 }
2387
2388 /*
2389 * Called by LLE_FREE_LOCKED when number of references
2390 * drops to zero.
2391 */
2392 static void
in_lltable_destroy_lle(struct llentry * lle)2393 in_lltable_destroy_lle(struct llentry *lle)
2394 {
2395 LLE_WUNLOCK(lle);
2396 in_lltable_destroy_lle_unlocked(lle);
2397 }
2398
2399 static struct llentry *
in_lltable_new(struct in_addr addr4,uint16_t flags)2400 in_lltable_new(struct in_addr addr4, uint16_t flags)
2401 {
2402 #pragma unused(flags)
2403 struct in_llentry *lle;
2404
2405 lle = kalloc_type(struct in_llentry, Z_NOWAIT | Z_ZERO);
2406 if (lle == NULL) { /* NB: caller generates msg */
2407 return NULL;
2408 }
2409
2410 /*
2411 * For IPv4 this will trigger "arpresolve" to generate
2412 * an ARP request.
2413 */
2414 lle->base.la_expire = net_uptime(); /* mark expired */
2415 lle->base.r_l3addr.addr4 = addr4;
2416 lle->base.lle_refcnt = 1;
2417 lle->base.lle_free = in_lltable_destroy_lle;
2418
2419 LLE_LOCK_INIT(&lle->base);
2420 LLE_REQ_INIT(&lle->base);
2421 //callout_init(&lle->base.lle_timer, 1);
2422
2423 return &lle->base;
2424 }
2425
2426 #define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \
2427 ((((d).s_addr ^ (a).s_addr) & (m).s_addr)) == 0 )
2428
2429 static int
in_lltable_match_prefix(const struct sockaddr * saddr,const struct sockaddr * smask,uint16_t flags,struct llentry * lle)2430 in_lltable_match_prefix(const struct sockaddr *saddr,
2431 const struct sockaddr *smask, uint16_t flags, struct llentry *lle)
2432 {
2433 struct in_addr addr, mask, lle_addr;
2434
2435 addr = ((const struct sockaddr_in *)(const void *)saddr)->sin_addr;
2436 mask = ((const struct sockaddr_in *)(const void *)smask)->sin_addr;
2437 lle_addr.s_addr = ntohl(lle->r_l3addr.addr4.s_addr);
2438
2439 if (IN_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0) {
2440 return 0;
2441 }
2442
2443 if (lle->la_flags & LLE_IFADDR) {
2444 /*
2445 * Delete LLE_IFADDR records IFF address & flag matches.
2446 * Note that addr is the interface address within prefix
2447 * being matched.
2448 * Note also we should handle 'ifdown' cases without removing
2449 * ifaddr macs.
2450 */
2451 if (addr.s_addr == lle_addr.s_addr && (flags & LLE_STATIC) != 0) {
2452 return 1;
2453 }
2454 return 0;
2455 }
2456
2457 /* flags & LLE_STATIC means deleting both dynamic and static entries */
2458 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) {
2459 return 1;
2460 }
2461
2462 return 0;
2463 }
2464
2465 static void
in_lltable_free_entry(struct lltable * llt,struct llentry * lle)2466 in_lltable_free_entry(struct lltable *llt, struct llentry *lle)
2467 {
2468 struct ifnet *ifp;
2469 size_t pkts_dropped;
2470
2471 LLE_WLOCK_ASSERT(lle);
2472 KASSERT(llt != NULL, ("lltable is NULL"));
2473
2474 /* Unlink entry from table if not already */
2475 if ((lle->la_flags & LLE_LINKED) != 0) {
2476 ifp = llt->llt_ifp;
2477 IF_AFDATA_WLOCK_ASSERT(ifp, llt->llt_af);
2478 lltable_unlink_entry(llt, lle);
2479 }
2480
2481 #if 0
2482 /* cancel timer */
2483 if (callout_stop(&lle->lle_timer) > 0) {
2484 LLE_REMREF(lle);
2485 }
2486 #endif
2487 /* Drop hold queue */
2488 pkts_dropped = llentry_free(lle);
2489 arpstat.dropped += pkts_dropped;
2490 }
2491
2492
2493 static int
in_lltable_rtcheck(struct ifnet * ifp,uint16_t flags,const struct sockaddr * l3addr)2494 in_lltable_rtcheck(struct ifnet *ifp, uint16_t flags, const struct sockaddr *l3addr)
2495 {
2496 #pragma unused(flags)
2497 struct rtentry *rt;
2498
2499 KASSERT(l3addr->sa_family == AF_INET,
2500 ("sin_family %d", l3addr->sa_family));
2501
2502 /* XXX rtalloc1 should take a const param */
2503 rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0);
2504 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
2505 log(LOG_INFO, "IPv4 address: \"%s\" is not on the network\n",
2506 inet_ntoa(((const struct sockaddr_in *)(const void *)l3addr)->sin_addr));
2507 if (rt != NULL) {
2508 rtfree_locked(rt);
2509 }
2510 return EINVAL;
2511 }
2512 rtfree_locked(rt);
2513 return 0;
2514 }
2515
2516 static inline uint32_t
in_lltable_hash_dst(const struct in_addr dst,uint32_t hsize)2517 in_lltable_hash_dst(const struct in_addr dst, uint32_t hsize)
2518 {
2519 return IN_LLTBL_HASH(dst.s_addr, hsize);
2520 }
2521
2522 static uint32_t
in_lltable_hash(const struct llentry * lle,uint32_t hsize)2523 in_lltable_hash(const struct llentry *lle, uint32_t hsize)
2524 {
2525 return in_lltable_hash_dst(lle->r_l3addr.addr4, hsize);
2526 }
2527
2528
2529 static void
in_lltable_fill_sa_entry(const struct llentry * lle,struct sockaddr * sa)2530 in_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
2531 {
2532 struct sockaddr_in *sin;
2533
2534 sin = (struct sockaddr_in *)(void *)sa;
2535 bzero(sin, sizeof(*sin));
2536 sin->sin_family = AF_INET;
2537 sin->sin_len = sizeof(*sin);
2538 sin->sin_addr = lle->r_l3addr.addr4;
2539 }
2540
2541 static inline struct llentry *
in_lltable_find_dst(struct lltable * llt,struct in_addr dst)2542 in_lltable_find_dst(struct lltable *llt, struct in_addr dst)
2543 {
2544 struct llentry *lle;
2545 struct llentries *lleh;
2546 u_int hashidx;
2547
2548 hashidx = in_lltable_hash_dst(dst, llt->llt_hsize);
2549 lleh = &llt->lle_head[hashidx];
2550 LIST_FOREACH(lle, lleh, lle_next) {
2551 if (lle->la_flags & LLE_DELETED) {
2552 continue;
2553 }
2554 if (lle->r_l3addr.addr4.s_addr == dst.s_addr) {
2555 break;
2556 }
2557 }
2558
2559 return lle;
2560 }
2561
2562 static void
in_lltable_delete_entry(struct lltable * llt,struct llentry * lle)2563 in_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
2564 {
2565 #pragma unused(llt)
2566 lle->la_flags |= LLE_DELETED;
2567 //EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_DELETED);
2568 #ifdef DIAGNOSTIC
2569 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
2570 #endif
2571 llentry_free(lle);
2572 }
2573
2574 static struct llentry *
in_lltable_alloc(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)2575 in_lltable_alloc(struct lltable *llt, uint16_t flags, const struct sockaddr *l3addr)
2576 {
2577 const struct sockaddr_in *sin = (const struct sockaddr_in *) (const void *)l3addr;
2578 struct ifnet *ifp = llt->llt_ifp;
2579 struct llentry *lle;
2580
2581 KASSERT(l3addr->sa_family == AF_INET,
2582 ("sin_family %d", l3addr->sa_family));
2583
2584 /*
2585 * A route that covers the given address must have
2586 * been installed 1st because we are doing a resolution,
2587 * verify this.
2588 */
2589 if (!(flags & LLE_IFADDR) &&
2590 in_lltable_rtcheck(ifp, flags, l3addr) != 0) {
2591 return NULL;
2592 }
2593
2594 lle = in_lltable_new(sin->sin_addr, flags);
2595 if (lle == NULL) {
2596 log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
2597 return NULL;
2598 }
2599 lle->la_flags = flags & ~LLE_CREATE;
2600 if (flags & LLE_STATIC) {
2601 lle->r_flags |= RLLE_VALID;
2602 }
2603 if ((flags & LLE_IFADDR) == LLE_IFADDR) {
2604 lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
2605 lle->la_flags |= LLE_STATIC;
2606 lle->r_flags |= (RLLE_VALID | RLLE_IFADDR);
2607 }
2608 return lle;
2609 }
2610
2611 /*
2612 * Return NULL if not found or marked for deletion.
2613 * If found return lle read locked.
2614 */
2615 static struct llentry *
in_lltable_lookup(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)2616 in_lltable_lookup(struct lltable *llt, uint16_t flags, const struct sockaddr *l3addr)
2617 {
2618 const struct sockaddr_in *sin = (const struct sockaddr_in *)(const void *)l3addr;
2619 struct llentry *lle;
2620
2621 IF_AFDATA_WLOCK_ASSERT(llt->llt_ifp, llt->llt_af);
2622
2623 KASSERT(l3addr->sa_family == AF_INET,
2624 ("sin_family %d", l3addr->sa_family));
2625 lle = in_lltable_find_dst(llt, sin->sin_addr);
2626
2627 if (lle == NULL) {
2628 return NULL;
2629 }
2630
2631 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
2632 (LLE_UNLOCKED | LLE_EXCLUSIVE), ("wrong lle request flags: 0x%X",
2633 flags));
2634
2635 if (flags & LLE_UNLOCKED) {
2636 return lle;
2637 }
2638
2639 if (flags & LLE_EXCLUSIVE) {
2640 LLE_WLOCK(lle);
2641 } else {
2642 LLE_RLOCK(lle);
2643 }
2644
2645 return lle;
2646 }
2647
2648 static int
in_lltable_dump_entry(struct lltable * llt,struct llentry * lle,struct sysctl_req * wr)2649 in_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
2650 struct sysctl_req *wr)
2651 {
2652 struct ifnet *ifp = llt->llt_ifp;
2653 /* XXX stack use */
2654 struct {
2655 struct rt_msghdr rtm;
2656 struct sockaddr_in sin;
2657 struct sockaddr_dl sdl;
2658 } arpc;
2659 struct sockaddr_dl *sdl;
2660 int error;
2661
2662 bzero(&arpc, sizeof(arpc));
2663 /* skip deleted entries */
2664 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) {
2665 return 0;
2666 }
2667 /* Skip if jailed and not a valid IP of the prison. */
2668 lltable_fill_sa_entry(lle, (struct sockaddr *)&arpc.sin);
2669 /*
2670 * produce a msg made of:
2671 * struct rt_msghdr;
2672 * struct sockaddr_in; (IPv4)
2673 * struct sockaddr_dl;
2674 */
2675 arpc.rtm.rtm_msglen = sizeof(arpc);
2676 arpc.rtm.rtm_version = RTM_VERSION;
2677 arpc.rtm.rtm_type = RTM_GET;
2678 arpc.rtm.rtm_flags = RTF_UP;
2679 arpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
2680
2681 /* publish */
2682 if (lle->la_flags & LLE_PUB) {
2683 arpc.rtm.rtm_flags |= RTF_ANNOUNCE;
2684 }
2685
2686 sdl = &arpc.sdl;
2687 sdl->sdl_family = AF_LINK;
2688 sdl->sdl_len = sizeof(*sdl);
2689 sdl->sdl_index = ifp->if_index;
2690 sdl->sdl_type = ifp->if_type;
2691 if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
2692 sdl->sdl_alen = ifp->if_addrlen;
2693 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
2694 } else {
2695 sdl->sdl_alen = 0;
2696 bzero(LLADDR(sdl), ifp->if_addrlen);
2697 }
2698
2699 arpc.rtm.rtm_rmx.rmx_expire =
2700 lle->la_flags & LLE_STATIC ? 0 : (int32_t)lle->la_expire;
2701 arpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
2702 if (lle->la_flags & LLE_STATIC) {
2703 arpc.rtm.rtm_flags |= RTF_STATIC;
2704 }
2705 if (lle->la_flags & LLE_IFADDR) {
2706 arpc.rtm.rtm_flags |= RTF_PINNED;
2707 }
2708 arpc.rtm.rtm_flags |= RTF_PINNED;
2709 arpc.rtm.rtm_index = ifp->if_index;
2710 error = SYSCTL_OUT(wr, &arpc, sizeof(arpc));
2711
2712 return error;
2713 }
2714
2715 static struct lltable *
in_lltattach(struct ifnet * ifp)2716 in_lltattach(struct ifnet *ifp)
2717 {
2718 struct lltable *llt;
2719
2720 llt = lltable_allocate_htbl(IN_LLTBL_DEFAULT_HSIZE);
2721 llt->llt_af = AF_INET;
2722 llt->llt_ifp = ifp;
2723
2724 llt->llt_lookup = in_lltable_lookup;
2725 llt->llt_alloc_entry = in_lltable_alloc;
2726 llt->llt_delete_entry = in_lltable_delete_entry;
2727 llt->llt_dump_entry = in_lltable_dump_entry;
2728 llt->llt_hash = in_lltable_hash;
2729 llt->llt_fill_sa_entry = in_lltable_fill_sa_entry;
2730 llt->llt_free_entry = in_lltable_free_entry;
2731 llt->llt_match_prefix = in_lltable_match_prefix;
2732 lltable_link(llt);
2733
2734 return llt;
2735 }
2736
2737 struct in_ifaddr*
inifa_ifpwithflag(struct ifnet * ifp,uint32_t flag)2738 inifa_ifpwithflag(struct ifnet * ifp, uint32_t flag)
2739 {
2740 struct ifaddr *ifa;
2741
2742 ifnet_lock_shared(ifp);
2743 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_link)
2744 {
2745 IFA_LOCK_SPIN(ifa);
2746 if (ifa->ifa_addr->sa_family != AF_INET) {
2747 IFA_UNLOCK(ifa);
2748 continue;
2749 }
2750 if ((((struct in_ifaddr *)ifa)->ia_flags & flag) == flag) {
2751 IFA_ADDREF_LOCKED(ifa);
2752 IFA_UNLOCK(ifa);
2753 break;
2754 }
2755 IFA_UNLOCK(ifa);
2756 }
2757 ifnet_lock_done(ifp);
2758
2759 return (struct in_ifaddr *)ifa;
2760 }
2761
2762 struct in_ifaddr *
inifa_ifpclatv4(struct ifnet * ifp)2763 inifa_ifpclatv4(struct ifnet * ifp)
2764 {
2765 struct ifaddr *ifa;
2766
2767 ifnet_lock_shared(ifp);
2768 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_link)
2769 {
2770 uint32_t addr = 0;
2771 IFA_LOCK_SPIN(ifa);
2772 if (ifa->ifa_addr->sa_family != AF_INET) {
2773 IFA_UNLOCK(ifa);
2774 continue;
2775 }
2776
2777 addr = ntohl(SIN(ifa->ifa_addr)->sin_addr.s_addr);
2778 if (!IN_LINKLOCAL(addr) &&
2779 !IN_LOOPBACK(addr)) {
2780 IFA_ADDREF_LOCKED(ifa);
2781 IFA_UNLOCK(ifa);
2782 break;
2783 }
2784 IFA_UNLOCK(ifa);
2785 }
2786 ifnet_lock_done(ifp);
2787
2788 return (struct in_ifaddr *)ifa;
2789 }
2790