1 /*
2 * Copyright (c) 1997-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @(#)ndrv.c 1.1 (MacOSX) 6/10/43
30 * Justin Walker, 970604
31 * AF_NDRV support
32 * 980130 - Cleanup, reorg, performance improvemements
33 * 000816 - Removal of Y adapter cruft
34 */
35
36 /*
37 * PF_NDRV allows raw access to a specified network device, directly
38 * with a socket. Expected use involves a socket option to request
39 * protocol packets. This lets ndrv_output() call ifnet_output(), and
40 * lets DLIL find the proper recipient for incoming packets.
41 * The purpose here is for user-mode protocol implementation.
42 * Note that "pure raw access" will still be accomplished with BPF.
43 *
44 * In addition to the former use, when combined with socket NKEs,
45 * PF_NDRV permits a fairly flexible mechanism for implementing
46 * strange protocol support.
47 */
48 #include <mach/mach_types.h>
49
50 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/kernel.h>
53 #include <sys/malloc.h>
54 #include <sys/mbuf.h>
55 #include <sys/protosw.h>
56 #include <sys/domain.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
59 #include <sys/ioctl.h>
60 #include <sys/sysctl.h>
61 #include <sys/errno.h>
62 #include <sys/syslog.h>
63 #include <sys/proc.h>
64
65 #include <kern/queue.h>
66 #include <kern/assert.h>
67
68 #include <net/ndrv.h>
69 #include <net/route.h>
70 #include <net/if_llc.h>
71 #include <net/if_dl.h>
72 #include <net/if_types.h>
73 #include <net/ndrv_var.h>
74 #include <net/dlil.h>
75 #include <net/sockaddr_utils.h>
76
77 #if INET
78 #include <netinet/in.h>
79 #include <netinet/in_var.h>
80 #endif
81 #include <netinet/if_ether.h>
82
83 SYSCTL_NODE(_net, OID_AUTO, ndrv,
84 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "");
85
86 static unsigned int ndrv_multi_max_count = NDRV_DMUX_MAX_DESCR;
87 SYSCTL_UINT(_net_ndrv, OID_AUTO, multi_max_count, CTLFLAG_RW | CTLFLAG_LOCKED,
88 &ndrv_multi_max_count, 0, "Number of allowed multicast addresses per NRDV socket");
89
90 /*
91 * The locking strategy relies on the PF_NRDRV domain mutex that protects both the
92 * PCB list "ndrvl" and the sockets themselves
93 */
94
95 static int ndrv_do_detach(struct ndrv_cb *);
96 static int ndrv_do_disconnect(struct ndrv_cb *);
97 static struct ndrv_cb *ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol_family);
98 static int ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt);
99 static int ndrv_delspec(struct ndrv_cb *);
100 static int ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux);
101 static void ndrv_handle_ifp_detach(u_int32_t family, short unit);
102 static int ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt);
103 static int ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt);
104 static struct ndrv_multiaddr* ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* addr);
105 static void ndrv_remove_all_multicast(struct ndrv_cb *np);
106 static void ndrv_dominit(struct domain *);
107
108 u_int32_t ndrv_sendspace = NDRVSNDQ;
109 u_int32_t ndrv_recvspace = NDRVRCVQ;
110 TAILQ_HEAD(, ndrv_cb) ndrvl = TAILQ_HEAD_INITIALIZER(ndrvl);
111
112 uint32_t ndrv_pcbcount = 0;
113 SYSCTL_UINT(_net_ndrv, OID_AUTO, pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED,
114 &ndrv_pcbcount, 0, "Number of NRDV sockets");
115
116 static struct domain *ndrvdomain = NULL;
117 extern struct domain ndrvdomain_s;
118
119 #define NDRV_PROTODEMUX_COUNT 10
120
121 /*
122 * Verify these values match.
123 * To keep clients from including dlil.h, we define
124 * these values independently in ndrv.h. They must
125 * match or a conversion function must be written.
126 */
127 #if NDRV_DEMUXTYPE_ETHERTYPE != DLIL_DESC_ETYPE2
128 #error NDRV_DEMUXTYPE_ETHERTYPE must match DLIL_DESC_ETYPE2
129 #endif
130 #if NDRV_DEMUXTYPE_SAP != DLIL_DESC_SAP
131 #error NDRV_DEMUXTYPE_SAP must match DLIL_DESC_SAP
132 #endif
133 #if NDRV_DEMUXTYPE_SNAP != DLIL_DESC_SNAP
134 #error NDRV_DEMUXTYPE_SNAP must match DLIL_DESC_SNAP
135 #endif
136
137 /*
138 * Protocol output - Called to output a raw network packet directly
139 * to the driver.
140 */
141 static int
ndrv_output(struct mbuf * m,struct socket * so)142 ndrv_output(struct mbuf *m, struct socket *so)
143 {
144 struct ndrv_cb *np = sotondrvcb(so);
145 struct ifnet *ifp = np->nd_if;
146 int result = 0;
147
148 #if NDRV_DEBUG
149 printf("NDRV output: %x, %x, %x\n", m, so, np);
150 #endif
151
152 /*
153 * No header is a format error
154 */
155 if ((m->m_flags & M_PKTHDR) == 0) {
156 return EINVAL;
157 }
158
159 so_update_tx_data_stats(so, 1, m->m_pkthdr.len);
160
161 /* Unlock before calling ifnet_output */
162 socket_unlock(so, 0);
163
164 /*
165 * Call DLIL if we can. DLIL is much safer than calling the
166 * ifp directly.
167 */
168 result = ifnet_output_raw(ifp, np->nd_proto_family, m);
169
170 socket_lock(so, 0);
171
172 return result;
173 }
174
175 /* Our input routine called from DLIL */
176 static errno_t
ndrv_input(ifnet_t ifp,protocol_family_t proto_family,mbuf_t m,char * orig_frame_header)177 ndrv_input(
178 ifnet_t ifp,
179 protocol_family_t proto_family,
180 mbuf_t m,
181 char *orig_frame_header)
182 {
183 struct socket *so;
184 struct sockaddr_dl ndrvsrc = {};
185 struct ndrv_cb *np;
186 char *frame_header = __unsafe_forge_bidi_indexable(char *,
187 orig_frame_header,
188 ifnet_hdrlen(ifp));
189 int error = 0;
190
191 ndrvsrc.sdl_len = sizeof(struct sockaddr_dl);
192 ndrvsrc.sdl_family = AF_NDRV;
193 ndrvsrc.sdl_index = 0;
194
195 /* move packet from if queue to socket */
196 /* Should be media-independent */
197 ndrvsrc.sdl_type = IFT_ETHER;
198 ndrvsrc.sdl_nlen = 0;
199 ndrvsrc.sdl_alen = 6;
200 ndrvsrc.sdl_slen = 0;
201 bcopy(frame_header, &ndrvsrc.sdl_data, 6);
202
203 /* prepend the frame header */
204 m = m_prepend(m, ifnet_hdrlen(ifp), M_NOWAIT);
205 if (m == NULL) {
206 return EJUSTRETURN;
207 }
208 bcopy(frame_header, m_mtod_current(m), ifnet_hdrlen(ifp));
209
210 /*
211 * We need to take the domain mutex before the list RW lock
212 */
213 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
214 lck_mtx_lock(ndrvdomain->dom_mtx);
215
216 np = ndrv_find_inbound(ifp, proto_family);
217 if (np == NULL) {
218 lck_mtx_unlock(ndrvdomain->dom_mtx);
219 return ENOENT;
220 }
221
222 so = np->nd_socket;
223
224 if (sbappendaddr(&(so->so_rcv), (struct sockaddr *)&ndrvsrc,
225 m, NULL, &error) != 0) {
226 sorwakeup(so);
227 }
228
229 lck_mtx_unlock(ndrvdomain->dom_mtx);
230
231 return 0; /* radar 4030377 - always return 0 */
232 }
233
234 /*
235 * Allocate an ndrv control block and some buffer space for the socket
236 */
237 static int
ndrv_attach(struct socket * so,int proto,__unused struct proc * p)238 ndrv_attach(struct socket *so, int proto, __unused struct proc *p)
239 {
240 int error;
241 struct ndrv_cb *np = sotondrvcb(so);
242
243 if ((so->so_state & SS_PRIV) == 0) {
244 return EPERM;
245 }
246
247 #if NDRV_DEBUG
248 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
249 #endif
250
251 if ((error = soreserve(so, ndrv_sendspace, ndrv_recvspace))) {
252 return error;
253 }
254
255 np = kalloc_type(struct ndrv_cb, Z_WAITOK | Z_ZERO | Z_NOFAIL);
256 so->so_pcb = (caddr_t)np;
257 #if NDRV_DEBUG
258 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
259 #endif
260 TAILQ_INIT(&np->nd_dlist);
261 np->nd_signature = NDRV_SIGNATURE;
262 np->nd_socket = so;
263 np->nd_proto.sp_family = (uint16_t)SOCK_DOM(so);
264 np->nd_proto.sp_protocol = (uint16_t)proto;
265 np->nd_if = NULL;
266 np->nd_proto_family = 0;
267 np->nd_family = 0;
268 np->nd_unit = 0;
269
270 /*
271 * Use the domain mutex to protect the list
272 */
273 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
274 lck_mtx_lock(ndrvdomain->dom_mtx);
275
276 TAILQ_INSERT_TAIL(&ndrvl, np, nd_next);
277 ndrv_pcbcount++;
278
279 lck_mtx_unlock(ndrvdomain->dom_mtx);
280
281 return 0;
282 }
283
284 /*
285 * Destroy state just before socket deallocation.
286 * Flush data or not depending on the options.
287 */
288
289 static int
ndrv_detach(struct socket * so)290 ndrv_detach(struct socket *so)
291 {
292 struct ndrv_cb *np = sotondrvcb(so);
293
294 if (np == 0) {
295 return EINVAL;
296 }
297 return ndrv_do_detach(np);
298 }
299
300
301 /*
302 * If a socket isn't bound to a single address,
303 * the ndrv input routine will hand it anything
304 * within that protocol family (assuming there's
305 * nothing else around it should go to).
306 *
307 * Don't expect this to be used.
308 */
309
310 static int
ndrv_connect(struct socket * so,struct sockaddr * nam,__unused struct proc * p)311 ndrv_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
312 {
313 struct ndrv_cb *np = sotondrvcb(so);
314
315 if (np == 0) {
316 return EINVAL;
317 }
318
319 if (np->nd_faddr) {
320 return EISCONN;
321 }
322
323 if (nam->sa_len < sizeof(struct sockaddr_ndrv)) {
324 return EINVAL;
325 }
326
327 /* Allocate memory to store the remote address */
328 np->nd_faddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
329
330 SOCKADDR_COPY(nam, np->nd_faddr,
331 MIN(sizeof(struct sockaddr_ndrv), nam->sa_len));
332 np->nd_faddr->snd_len = sizeof(struct sockaddr_ndrv);
333 soisconnected(so);
334 return 0;
335 }
336
337 static void
ndrv_event(struct ifnet * ifp,__unused protocol_family_t protocol,const struct kev_msg * event)338 ndrv_event(struct ifnet *ifp, __unused protocol_family_t protocol,
339 const struct kev_msg *event)
340 {
341 if (event->vendor_code == KEV_VENDOR_APPLE &&
342 event->kev_class == KEV_NETWORK_CLASS &&
343 event->kev_subclass == KEV_DL_SUBCLASS &&
344 event->event_code == KEV_DL_IF_DETACHING) {
345 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
346 lck_mtx_lock(ndrvdomain->dom_mtx);
347 ndrv_handle_ifp_detach(ifnet_family(ifp), ifp->if_unit);
348 lck_mtx_unlock(ndrvdomain->dom_mtx);
349 }
350 }
351
352 /*
353 * This is the "driver open" hook - we 'bind' to the
354 * named driver.
355 * Here's where we latch onto the driver.
356 */
357 static int
ndrv_bind(struct socket * so,struct sockaddr * nam,__unused struct proc * p)358 ndrv_bind(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
359 {
360 struct sockaddr_ndrv *sa = (struct sockaddr_ndrv *) nam;
361 const char *dname;
362 struct ndrv_cb *np;
363 struct ifnet *ifp;
364 int result;
365
366 if (TAILQ_EMPTY(&ifnet_head)) {
367 return EADDRNOTAVAIL; /* Quick sanity check */
368 }
369 np = sotondrvcb(so);
370 if (np == 0) {
371 return EINVAL;
372 }
373
374 if (np->nd_laddr) {
375 return EINVAL; /* XXX */
376 }
377 /* I think we just latch onto a copy here; the caller frees */
378 np->nd_laddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
379 SOCKADDR_COPY(sa, np->nd_laddr,
380 MIN(sizeof(struct sockaddr_ndrv), sa->snd_len));
381 np->nd_laddr->snd_len = sizeof(struct sockaddr_ndrv);
382 dname = (const char *) sa->snd_name;
383 if (*dname == '\0') {
384 return EINVAL;
385 }
386 #if NDRV_DEBUG
387 printf("NDRV bind: %x, %x, %s\n", so, np, dname);
388 #endif
389 /* Track down the driver and its ifnet structure.
390 * There's no internal call for this so we have to dup the code
391 * in if.c/ifconf()
392 */
393 ifnet_head_lock_shared();
394 TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
395 if (strlcmp(dname, ifp->if_xname, IFNAMSIZ) == 0) {
396 break;
397 }
398 }
399 ifnet_head_done();
400
401 if (ifp == NULL) {
402 return EADDRNOTAVAIL;
403 }
404
405 // PPP doesn't support PF_NDRV.
406 if (ifnet_family(ifp) != APPLE_IF_FAM_PPP) {
407 /* NDRV on this interface */
408 struct ifnet_attach_proto_param ndrv_proto;
409 result = 0;
410 bzero(&ndrv_proto, sizeof(ndrv_proto));
411 ndrv_proto.event = ndrv_event;
412
413 /* We aren't worried about double attaching, that should just return an error */
414 socket_unlock(so, 0);
415 result = ifnet_attach_protocol(ifp, PF_NDRV, &ndrv_proto);
416 socket_lock(so, 0);
417 if (result && result != EEXIST) {
418 return result;
419 }
420 np->nd_proto_family = PF_NDRV;
421 } else {
422 np->nd_proto_family = 0;
423 }
424
425 np->nd_if = ifp;
426 np->nd_family = ifnet_family(ifp);
427 np->nd_unit = ifp->if_unit;
428
429 return 0;
430 }
431
432 static int
ndrv_disconnect(struct socket * so)433 ndrv_disconnect(struct socket *so)
434 {
435 struct ndrv_cb *np = sotondrvcb(so);
436
437 if (np == 0) {
438 return EINVAL;
439 }
440
441 if (np->nd_faddr == 0) {
442 return ENOTCONN;
443 }
444
445 ndrv_do_disconnect(np);
446 return 0;
447 }
448
449 /*
450 * Mark the connection as being incapable of further input.
451 */
452 static int
ndrv_shutdown(struct socket * so)453 ndrv_shutdown(struct socket *so)
454 {
455 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
456 socantsendmore(so);
457 return 0;
458 }
459
460 /*
461 * Ship a packet out. The ndrv output will pass it
462 * to the appropriate driver. The really tricky part
463 * is the destination address...
464 */
465 static int
ndrv_send(struct socket * so,__unused int flags,struct mbuf * m,__unused struct sockaddr * addr,struct mbuf * control,__unused struct proc * p)466 ndrv_send(struct socket *so, __unused int flags, struct mbuf *m,
467 __unused struct sockaddr *addr, struct mbuf *control,
468 __unused struct proc *p)
469 {
470 int error;
471
472 if (control != NULL) {
473 m_freem(control);
474 return EOPNOTSUPP;
475 }
476
477 error = ndrv_output(m, so);
478 m = NULL;
479 return error;
480 }
481
482
483 static int
ndrv_abort(struct socket * so)484 ndrv_abort(struct socket *so)
485 {
486 struct ndrv_cb *np = sotondrvcb(so);
487
488 if (np == 0) {
489 return EINVAL;
490 }
491
492 ndrv_do_disconnect(np);
493 return 0;
494 }
495
496 static int
ndrv_sockaddr(struct socket * so,struct sockaddr ** nam)497 ndrv_sockaddr(struct socket *so, struct sockaddr **nam)
498 {
499 struct ndrv_cb *np = sotondrvcb(so);
500 unsigned int len;
501
502 if (np == 0) {
503 return EINVAL;
504 }
505
506 if (np->nd_laddr == 0) {
507 return EINVAL;
508 }
509
510 len = np->nd_laddr->snd_len;
511 *nam = (struct sockaddr *)alloc_sockaddr(len,
512 Z_WAITOK | Z_NOFAIL);
513
514 SOCKADDR_COPY(np->nd_laddr, *nam, len);
515 return 0;
516 }
517
518
519 static int
ndrv_peeraddr(struct socket * so,struct sockaddr ** nam)520 ndrv_peeraddr(struct socket *so, struct sockaddr **nam)
521 {
522 struct ndrv_cb *np = sotondrvcb(so);
523 unsigned int len;
524
525 if (np == 0) {
526 return EINVAL;
527 }
528
529 if (np->nd_faddr == 0) {
530 return ENOTCONN;
531 }
532
533 len = np->nd_faddr->snd_len;
534 *nam = (struct sockaddr *)alloc_sockaddr(len,
535 Z_WAITOK | Z_NOFAIL);
536
537 SOCKADDR_COPY(np->nd_faddr, *nam, len);
538 return 0;
539 }
540
541
542 /* Control output */
543
544 static int
ndrv_ctloutput(struct socket * so,struct sockopt * sopt)545 ndrv_ctloutput(struct socket *so, struct sockopt *sopt)
546 {
547 struct ndrv_cb *np = sotondrvcb(so);
548 int error = 0;
549
550 switch (sopt->sopt_name) {
551 case NDRV_DELDMXSPEC: /* Delete current spec */
552 /* Verify no parameter was passed */
553 if (sopt->sopt_val != 0 || sopt->sopt_valsize != 0) {
554 /*
555 * We don't support deleting a specific demux, it's
556 * all or nothing.
557 */
558 return EINVAL;
559 }
560 error = ndrv_delspec(np);
561 break;
562 case NDRV_SETDMXSPEC: /* Set protocol spec */
563 error = ndrv_setspec(np, sopt);
564 break;
565 case NDRV_ADDMULTICAST:
566 error = ndrv_do_add_multicast(np, sopt);
567 break;
568 case NDRV_DELMULTICAST:
569 error = ndrv_do_remove_multicast(np, sopt);
570 break;
571 default:
572 error = ENOTSUP;
573 }
574 #ifdef NDRV_DEBUG
575 log(LOG_WARNING, "NDRV CTLOUT: %x returns %d\n", sopt->sopt_name,
576 error);
577 #endif
578 return error;
579 }
580
581 static int
ndrv_do_detach(struct ndrv_cb * np)582 ndrv_do_detach(struct ndrv_cb *np)
583 {
584 struct ndrv_cb* cur_np = NULL;
585 struct socket *so = np->nd_socket;
586 int error = 0;
587 struct ifnet * ifp;
588
589 #if NDRV_DEBUG
590 printf("NDRV detach: %x, %x\n", so, np);
591 #endif
592 ndrv_remove_all_multicast(np);
593
594 /* Remove from the linked list of control blocks */
595 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
596 TAILQ_REMOVE(&ndrvl, np, nd_next);
597 ndrv_pcbcount--;
598
599 ifp = np->nd_if;
600 if (ifp != NULL) {
601 u_int32_t proto_family = np->nd_proto_family;
602
603 if (proto_family != PF_NDRV && proto_family != 0) {
604 socket_unlock(so, 0);
605 ifnet_detach_protocol(ifp, proto_family);
606 socket_lock(so, 0);
607 }
608
609 /* Check if this is the last socket attached to this interface */
610 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
611 TAILQ_FOREACH(cur_np, &ndrvl, nd_next) {
612 if (cur_np->nd_family == np->nd_family &&
613 cur_np->nd_unit == np->nd_unit) {
614 break;
615 }
616 }
617
618 /* If there are no other interfaces, detach PF_NDRV from the interface */
619 if (cur_np == NULL) {
620 socket_unlock(so, 0);
621 ifnet_detach_protocol(ifp, PF_NDRV);
622 socket_lock(so, 0);
623 }
624 }
625 if (np->nd_laddr != NULL) {
626 kfree_type(struct sockaddr_ndrv, np->nd_laddr);
627 }
628 kfree_type(struct ndrv_cb, np);
629 so->so_pcb = 0;
630 so->so_flags |= SOF_PCBCLEARING;
631 sofree(so);
632 return error;
633 }
634
635 static int
ndrv_do_disconnect(struct ndrv_cb * np)636 ndrv_do_disconnect(struct ndrv_cb *np)
637 {
638 struct socket * so = np->nd_socket;
639 #if NDRV_DEBUG
640 printf("NDRV disconnect: %x\n", np);
641 #endif
642 if (np->nd_faddr) {
643 kfree_type(struct sockaddr_ndrv, np->nd_faddr);
644 }
645 /*
646 * A multipath subflow socket would have its SS_NOFDREF set by default,
647 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB;
648 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared.
649 */
650 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) {
651 ndrv_do_detach(np);
652 }
653 soisdisconnected(so);
654 return 0;
655 }
656
657 #if 0
658 //### Not used
659 /*
660 * When closing, dump any enqueued mbufs.
661 */
662 void
663 ndrv_flushq(struct ifqueue *q)
664 {
665 struct mbuf *m;
666 for (;;) {
667 IF_DEQUEUE(q, m);
668 if (m == NULL) {
669 break;
670 }
671 IF_DROP(q);
672 if (m) {
673 m_freem(m);
674 }
675 }
676 }
677 #endif
678
679 int
ndrv_setspec(struct ndrv_cb * np,struct sockopt * sopt)680 ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt)
681 {
682 struct ifnet_attach_proto_param proto_param;
683 struct ndrv_protocol_desc_kernel ndrvSpec;
684 struct ndrv_demux_desc* ndrvDemux = NULL;
685 size_t ndrvDemuxSize = 0;
686 int error = 0;
687 struct socket * so = np->nd_socket;
688 user_addr_t user_addr;
689 uint32_t demux_count = 0;
690
691 /* Sanity checking */
692 if (np->nd_proto_family != PF_NDRV) {
693 return EBUSY;
694 }
695 if (np->nd_if == NULL) {
696 return EINVAL;
697 }
698
699 /* Copy the ndrvSpec */
700 if (proc_is64bit(sopt->sopt_p)) {
701 struct ndrv_protocol_desc64 ndrvSpec64;
702
703 if (sopt->sopt_valsize != sizeof(ndrvSpec64)) {
704 return EINVAL;
705 }
706
707 error = sooptcopyin(sopt, &ndrvSpec64, sizeof(ndrvSpec64), sizeof(ndrvSpec64));
708 if (error != 0) {
709 return error;
710 }
711
712 ndrvSpec.version = ndrvSpec64.version;
713 ndrvSpec.protocol_family = ndrvSpec64.protocol_family;
714 demux_count = ndrvSpec64.demux_count;
715
716 user_addr = CAST_USER_ADDR_T(ndrvSpec64.demux_list);
717 } else {
718 struct ndrv_protocol_desc32 ndrvSpec32;
719
720 if (sopt->sopt_valsize != sizeof(ndrvSpec32)) {
721 return EINVAL;
722 }
723
724 error = sooptcopyin(sopt, &ndrvSpec32, sizeof(ndrvSpec32), sizeof(ndrvSpec32));
725 if (error != 0) {
726 return error;
727 }
728
729 ndrvSpec.version = ndrvSpec32.version;
730 ndrvSpec.protocol_family = ndrvSpec32.protocol_family;
731 demux_count = ndrvSpec32.demux_count;
732
733 user_addr = CAST_USER_ADDR_T(ndrvSpec32.demux_list);
734 }
735
736 /*
737 * Do not allow PF_NDRV as it's non-sensical and most importantly because
738 * we use PF_NDRV to see if the protocol family has already been set
739 */
740 if (ndrvSpec.protocol_family == PF_NDRV) {
741 return EINVAL;
742 }
743
744 /* Verify the parameter */
745 if (ndrvSpec.version > NDRV_PROTOCOL_DESC_VERS) {
746 return ENOTSUP; // version is too new!
747 } else if (ndrvSpec.version < 1) {
748 return EINVAL; // version is not valid
749 } else if (demux_count > NDRV_PROTODEMUX_COUNT || demux_count == 0) {
750 return EINVAL; // demux_count is not valid
751 }
752 bzero(&proto_param, sizeof(proto_param));
753
754 /* Allocate storage for demux array */
755 ndrvDemuxSize = demux_count * sizeof(struct ndrv_demux_desc);
756 ndrvDemux = (struct ndrv_demux_desc*) kalloc_data(ndrvDemuxSize, Z_WAITOK);
757 if (ndrvDemux == NULL) {
758 return ENOMEM;
759 }
760
761 /* Allocate enough ifnet_demux_descs */
762 struct ifnet_demux_desc *demux_desc = kalloc_type(struct ifnet_demux_desc,
763 demux_count, Z_WAITOK | Z_ZERO);
764 if (demux_desc == NULL) {
765 error = ENOMEM;
766 } else {
767 proto_param.demux_array = demux_desc;
768 proto_param.demux_count = demux_count;
769 }
770
771 if (error == 0) {
772 /* Copy the ndrv demux array from userland */
773 error = copyin(user_addr, ndrvDemux,
774 demux_count * sizeof(struct ndrv_demux_desc));
775 ndrvSpec.demux_list = ndrvDemux;
776 ndrvSpec.demux_count = demux_count;
777 }
778
779 if (error == 0) {
780 /* At this point, we've at least got enough bytes to start looking around */
781 u_int32_t demuxOn = 0;
782
783 proto_param.input = ndrv_input;
784 proto_param.event = ndrv_event;
785
786 for (demuxOn = 0; demuxOn < ndrvSpec.demux_count; demuxOn++) {
787 /* Convert an ndrv_demux_desc to a ifnet_demux_desc */
788 error = ndrv_to_ifnet_demux(&ndrvSpec.demux_list[demuxOn],
789 &proto_param.demux_array[demuxOn]);
790 if (error) {
791 break;
792 }
793 }
794 }
795
796 if (error == 0) {
797 /*
798 * Set the protocol family to prevent other threads from
799 * attaching a protocol while the socket is unlocked
800 */
801 np->nd_proto_family = ndrvSpec.protocol_family;
802 socket_unlock(so, 0);
803 error = ifnet_attach_protocol(np->nd_if, ndrvSpec.protocol_family,
804 &proto_param);
805 socket_lock(so, 0);
806 /*
807 * Upon failure, indicate that no protocol is attached
808 */
809 if (error != 0) {
810 np->nd_proto_family = PF_NDRV;
811 }
812 }
813
814 /* Free any memory we've allocated */
815 if (proto_param.demux_array != NULL) {
816 kfree_type_counted_by(struct ifnet_demux_desc,
817 proto_param.demux_count,
818 proto_param.demux_array);
819 }
820 if (ndrvDemux) {
821 ndrvSpec.demux_list = NULL;
822 ndrvSpec.demux_count = 0;
823 kfree_data(ndrvDemux, ndrvDemuxSize);
824 }
825
826 return error;
827 }
828
829
830 int
ndrv_to_ifnet_demux(struct ndrv_demux_desc * ndrv,struct ifnet_demux_desc * ifdemux)831 ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux)
832 {
833 bzero(ifdemux, sizeof(*ifdemux));
834
835 if (ndrv->type < DLIL_DESC_ETYPE2) {
836 /* using old "type", not supported */
837 return ENOTSUP;
838 }
839
840 if (ndrv->length > 28) {
841 return EINVAL;
842 }
843
844 ifdemux->type = ndrv->type;
845 ifdemux->data = ndrv->data.other;
846 ifdemux->datalen = ndrv->length;
847
848 return 0;
849 }
850
851 int
ndrv_delspec(struct ndrv_cb * np)852 ndrv_delspec(struct ndrv_cb *np)
853 {
854 int result = 0;
855
856 if (np->nd_proto_family == PF_NDRV ||
857 np->nd_proto_family == 0) {
858 return EINVAL;
859 }
860
861 /* Detach the protocol */
862 result = ifnet_detach_protocol(np->nd_if, np->nd_proto_family);
863 np->nd_proto_family = PF_NDRV;
864
865 return result;
866 }
867
868 struct ndrv_cb *
ndrv_find_inbound(struct ifnet * ifp,u_int32_t protocol)869 ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol)
870 {
871 struct ndrv_cb* np;
872
873 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
874
875 if (protocol == PF_NDRV) {
876 return NULL;
877 }
878
879 TAILQ_FOREACH(np, &ndrvl, nd_next) {
880 if (np->nd_proto_family == protocol &&
881 np->nd_if == ifp) {
882 return np;
883 }
884 }
885
886 return NULL;
887 }
888
889 static void
ndrv_handle_ifp_detach(u_int32_t family,short unit)890 ndrv_handle_ifp_detach(u_int32_t family, short unit)
891 {
892 struct ndrv_cb* np;
893 struct ifnet *ifp = NULL;
894 struct socket *so;
895
896 /* Find all sockets using this interface. */
897 TAILQ_FOREACH(np, &ndrvl, nd_next) {
898 if (np->nd_family == family &&
899 np->nd_unit == unit) {
900 /* This cb is using the detaching interface, but not for long. */
901 /* Let the protocol go */
902 ifp = np->nd_if;
903 if (np->nd_proto_family != 0) {
904 ndrv_delspec(np);
905 }
906
907 /* Delete the multicasts first */
908 ndrv_remove_all_multicast(np);
909
910 /* Disavow all knowledge of the ifp */
911 np->nd_if = NULL;
912 np->nd_unit = 0;
913 np->nd_family = 0;
914
915 so = np->nd_socket;
916 /* Make sure sending returns an error */
917 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
918 socantsendmore(so);
919 socantrcvmore(so);
920 }
921 }
922
923 /* Unregister our protocol */
924 if (ifp) {
925 ifnet_detach_protocol(ifp, PF_NDRV);
926 }
927 }
928
929 static void
ndrv_multiaddr_free(struct ndrv_multiaddr * ndrv_multi)930 ndrv_multiaddr_free(struct ndrv_multiaddr *ndrv_multi)
931 {
932 kfree_data(ndrv_multi->addr, ndrv_multi->addr->sa_len);
933 kfree_type(struct ndrv_multiaddr, ndrv_multi);
934 }
935
936 static int
ndrv_do_add_multicast(struct ndrv_cb * np,struct sockopt * sopt)937 ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt)
938 {
939 struct ndrv_multiaddr *ndrv_multi = NULL;
940 struct sockaddr *addr = NULL;
941 int result;
942
943 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
944 sopt->sopt_level != SOL_NDRVPROTO || sopt->sopt_valsize > SOCK_MAXADDRLEN) {
945 return EINVAL;
946 }
947 if (np->nd_if == NULL) {
948 return ENXIO;
949 }
950 if (!(np->nd_dlist_cnt < ndrv_multi_max_count)) {
951 return EPERM;
952 }
953
954 // Copy in the address
955 addr = kalloc_data(sopt->sopt_valsize, Z_WAITOK_ZERO_NOFAIL);
956 result = copyin(sopt->sopt_val, addr, sopt->sopt_valsize);
957 if (result == 0) {
958 ndrv_multi = kalloc_type(struct ndrv_multiaddr, Z_WAITOK_ZERO_NOFAIL);
959 ndrv_multi->addr = addr;
960 addr = NULL; // don't use addr again
961 }
962
963 // Validate the sockaddr
964 if (result == 0 && sopt->sopt_valsize != ndrv_multi->addr->sa_len) {
965 result = EINVAL;
966 }
967
968 if (result == 0 && ndrv_have_multicast(np, ndrv_multi->addr)) {
969 result = EEXIST;
970 }
971
972 if (result == 0) {
973 // Try adding the multicast
974 result = ifnet_add_multicast(np->nd_if, ndrv_multi->addr,
975 &ndrv_multi->ifma);
976 }
977
978 if (result == 0) {
979 // Add to our linked list
980 ndrv_multi->next = np->nd_multiaddrs;
981 np->nd_multiaddrs = ndrv_multi;
982 np->nd_dlist_cnt++;
983 } else {
984 // Free up the memory, something went wrong
985 if (ndrv_multi != NULL) {
986 ndrv_multiaddr_free(ndrv_multi);
987 } else if (addr != NULL) {
988 kfree_data(addr, sopt->sopt_valsize);
989 }
990 }
991
992 return result;
993 }
994
995 static void
ndrv_cb_remove_multiaddr(struct ndrv_cb * np,struct ndrv_multiaddr * ndrv_entry)996 ndrv_cb_remove_multiaddr(struct ndrv_cb *np, struct ndrv_multiaddr *ndrv_entry)
997 {
998 struct ndrv_multiaddr *cur = np->nd_multiaddrs;
999 bool removed = false;
1000
1001 if (cur == ndrv_entry) {
1002 /* we were the head */
1003 np->nd_multiaddrs = cur->next;
1004 removed = true;
1005 } else {
1006 /* find our entry */
1007 struct ndrv_multiaddr *cur_next = NULL;
1008
1009 for (; cur != NULL; cur = cur_next) {
1010 cur_next = cur->next;
1011 if (cur_next == ndrv_entry) {
1012 cur->next = cur_next->next;
1013 removed = true;
1014 break;
1015 }
1016 }
1017 }
1018 ASSERT(removed);
1019 }
1020
1021 static int
ndrv_do_remove_multicast(struct ndrv_cb * np,struct sockopt * sopt)1022 ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt)
1023 {
1024 struct sockaddr* multi_addr;
1025 struct ndrv_multiaddr* ndrv_entry = NULL;
1026 int result;
1027
1028 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
1029 sopt->sopt_valsize > SOCK_MAXADDRLEN ||
1030 sopt->sopt_level != SOL_NDRVPROTO) {
1031 return EINVAL;
1032 }
1033 if (np->nd_if == NULL || np->nd_dlist_cnt == 0) {
1034 return ENXIO;
1035 }
1036
1037 // Allocate storage
1038 multi_addr = (struct sockaddr*) kalloc_data(sopt->sopt_valsize, Z_WAITOK);
1039 if (multi_addr == NULL) {
1040 return ENOMEM;
1041 }
1042
1043 // Copy in the address
1044 result = copyin(sopt->sopt_val, multi_addr, sopt->sopt_valsize);
1045
1046 // Validate the sockaddr
1047 if (result == 0 && sopt->sopt_valsize != multi_addr->sa_len) {
1048 result = EINVAL;
1049 }
1050
1051 if (result == 0) {
1052 /* Find the old entry */
1053 ndrv_entry = ndrv_have_multicast(np, multi_addr);
1054
1055 if (ndrv_entry == NULL) {
1056 result = ENOENT;
1057 }
1058 }
1059
1060 if (result == 0) {
1061 // Try deleting the multicast
1062 result = ifnet_remove_multicast(ndrv_entry->ifma);
1063 }
1064
1065 if (result == 0) {
1066 // Remove from our linked list
1067 ifmaddr_release(ndrv_entry->ifma);
1068
1069 ndrv_cb_remove_multiaddr(np, ndrv_entry);
1070 np->nd_dlist_cnt--;
1071
1072 ndrv_multiaddr_free(ndrv_entry);
1073 }
1074 kfree_data(multi_addr, sopt->sopt_valsize);
1075
1076 return result;
1077 }
1078
1079 static struct ndrv_multiaddr*
ndrv_have_multicast(struct ndrv_cb * np,struct sockaddr * inAddr)1080 ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* inAddr)
1081 {
1082 struct ndrv_multiaddr* cur;
1083 for (cur = np->nd_multiaddrs; cur != NULL; cur = cur->next) {
1084 if ((inAddr->sa_len == cur->addr->sa_len) &&
1085 (SOCKADDR_CMP(cur->addr, inAddr, inAddr->sa_len) == 0)) {
1086 // Found a match
1087 return cur;
1088 }
1089 }
1090
1091 return NULL;
1092 }
1093
1094 static void
ndrv_remove_all_multicast(struct ndrv_cb * np)1095 ndrv_remove_all_multicast(struct ndrv_cb* np)
1096 {
1097 struct ndrv_multiaddr* cur;
1098
1099 if (np->nd_if != NULL) {
1100 while (np->nd_multiaddrs != NULL) {
1101 cur = np->nd_multiaddrs;
1102 np->nd_multiaddrs = cur->next;
1103
1104 ifnet_remove_multicast(cur->ifma);
1105 ifmaddr_release(cur->ifma);
1106 ndrv_multiaddr_free(cur);
1107 }
1108 }
1109 }
1110
1111 static struct pr_usrreqs ndrv_usrreqs = {
1112 .pru_abort = ndrv_abort,
1113 .pru_attach = ndrv_attach,
1114 .pru_bind = ndrv_bind,
1115 .pru_connect = ndrv_connect,
1116 .pru_detach = ndrv_detach,
1117 .pru_disconnect = ndrv_disconnect,
1118 .pru_peeraddr = ndrv_peeraddr,
1119 .pru_send = ndrv_send,
1120 .pru_shutdown = ndrv_shutdown,
1121 .pru_sockaddr = ndrv_sockaddr,
1122 .pru_sosend = sosend,
1123 .pru_soreceive = soreceive,
1124 };
1125
1126 static struct protosw ndrvsw[] = {
1127 {
1128 .pr_type = SOCK_RAW,
1129 .pr_protocol = NDRVPROTO_NDRV,
1130 .pr_flags = PR_ATOMIC | PR_ADDR,
1131 .pr_output = ndrv_output,
1132 .pr_ctloutput = ndrv_ctloutput,
1133 .pr_usrreqs = &ndrv_usrreqs,
1134 }
1135 };
1136
1137 static int ndrv_proto_count = (sizeof(ndrvsw) / sizeof(struct protosw));
1138
1139 struct domain ndrvdomain_s = {
1140 .dom_family = PF_NDRV,
1141 .dom_name = "NetDriver",
1142 .dom_init = ndrv_dominit,
1143 };
1144
1145 static void
ndrv_dominit(struct domain * dp)1146 ndrv_dominit(struct domain *dp)
1147 {
1148 struct protosw *pr;
1149 int i;
1150
1151 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
1152 VERIFY(ndrvdomain == NULL);
1153
1154 ndrvdomain = dp;
1155
1156 for (i = 0, pr = &ndrvsw[0]; i < ndrv_proto_count; i++, pr++) {
1157 net_add_proto(pr, dp, 1);
1158 }
1159 }
1160