1 /*
2 * Copyright (c) 1997-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @(#)ndrv.c 1.1 (MacOSX) 6/10/43
30 * Justin Walker, 970604
31 * AF_NDRV support
32 * 980130 - Cleanup, reorg, performance improvemements
33 * 000816 - Removal of Y adapter cruft
34 */
35
36 /*
37 * PF_NDRV allows raw access to a specified network device, directly
38 * with a socket. Expected use involves a socket option to request
39 * protocol packets. This lets ndrv_output() call ifnet_output(), and
40 * lets DLIL find the proper recipient for incoming packets.
41 * The purpose here is for user-mode protocol implementation.
42 * Note that "pure raw access" will still be accomplished with BPF.
43 *
44 * In addition to the former use, when combined with socket NKEs,
45 * PF_NDRV permits a fairly flexible mechanism for implementing
46 * strange protocol support.
47 */
48 #include <mach/mach_types.h>
49
50 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/kernel.h>
53 #include <sys/malloc.h>
54 #include <sys/mbuf.h>
55 #include <sys/protosw.h>
56 #include <sys/domain.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
59 #include <sys/ioctl.h>
60 #include <sys/sysctl.h>
61 #include <sys/errno.h>
62 #include <sys/syslog.h>
63 #include <sys/proc.h>
64
65 #include <kern/queue.h>
66
67 #include <net/ndrv.h>
68 #include <net/route.h>
69 #include <net/if_llc.h>
70 #include <net/if_dl.h>
71 #include <net/if_types.h>
72 #include <net/ndrv_var.h>
73 #include <net/dlil.h>
74
75 #if INET
76 #include <netinet/in.h>
77 #include <netinet/in_var.h>
78 #endif
79 #include <netinet/if_ether.h>
80
81 static unsigned int ndrv_multi_max_count = NDRV_DMUX_MAX_DESCR;
82 SYSCTL_UINT(_net, OID_AUTO, ndrv_multi_max_count, CTLFLAG_RW | CTLFLAG_LOCKED,
83 &ndrv_multi_max_count, 0, "Number of allowed multicast addresses per NRDV socket");
84
85 /*
86 * The locking strategy relies on the PF_NRDRV domain mutex that protects both the
87 * PCB list "ndrvl" and the sockets themselves
88 */
89
90 static int ndrv_do_detach(struct ndrv_cb *);
91 static int ndrv_do_disconnect(struct ndrv_cb *);
92 static struct ndrv_cb *ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol_family);
93 static int ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt);
94 static int ndrv_delspec(struct ndrv_cb *);
95 static int ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux);
96 static void ndrv_handle_ifp_detach(u_int32_t family, short unit);
97 static int ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt);
98 static int ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt);
99 static struct ndrv_multiaddr* ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* addr);
100 static void ndrv_remove_all_multicast(struct ndrv_cb *np);
101 static void ndrv_dominit(struct domain *);
102
103 u_int32_t ndrv_sendspace = NDRVSNDQ;
104 u_int32_t ndrv_recvspace = NDRVRCVQ;
105 TAILQ_HEAD(, ndrv_cb) ndrvl = TAILQ_HEAD_INITIALIZER(ndrvl);
106
107 static struct domain *ndrvdomain = NULL;
108 extern struct domain ndrvdomain_s;
109
110 #define NDRV_PROTODEMUX_COUNT 10
111
112 /*
113 * Verify these values match.
114 * To keep clients from including dlil.h, we define
115 * these values independently in ndrv.h. They must
116 * match or a conversion function must be written.
117 */
118 #if NDRV_DEMUXTYPE_ETHERTYPE != DLIL_DESC_ETYPE2
119 #error NDRV_DEMUXTYPE_ETHERTYPE must match DLIL_DESC_ETYPE2
120 #endif
121 #if NDRV_DEMUXTYPE_SAP != DLIL_DESC_SAP
122 #error NDRV_DEMUXTYPE_SAP must match DLIL_DESC_SAP
123 #endif
124 #if NDRV_DEMUXTYPE_SNAP != DLIL_DESC_SNAP
125 #error NDRV_DEMUXTYPE_SNAP must match DLIL_DESC_SNAP
126 #endif
127
128 /*
129 * Protocol output - Called to output a raw network packet directly
130 * to the driver.
131 */
132 static int
ndrv_output(struct mbuf * m,struct socket * so)133 ndrv_output(struct mbuf *m, struct socket *so)
134 {
135 struct ndrv_cb *np = sotondrvcb(so);
136 struct ifnet *ifp = np->nd_if;
137 int result = 0;
138
139 #if NDRV_DEBUG
140 printf("NDRV output: %x, %x, %x\n", m, so, np);
141 #endif
142
143 /*
144 * No header is a format error
145 */
146 if ((m->m_flags & M_PKTHDR) == 0) {
147 return EINVAL;
148 }
149
150 /* Unlock before calling ifnet_output */
151 socket_unlock(so, 0);
152
153 /*
154 * Call DLIL if we can. DLIL is much safer than calling the
155 * ifp directly.
156 */
157 result = ifnet_output_raw(ifp, np->nd_proto_family, m);
158
159 socket_lock(so, 0);
160
161 return result;
162 }
163
164 /* Our input routine called from DLIL */
165 static errno_t
ndrv_input(ifnet_t ifp,protocol_family_t proto_family,mbuf_t m,char * frame_header)166 ndrv_input(
167 ifnet_t ifp,
168 protocol_family_t proto_family,
169 mbuf_t m,
170 char *frame_header)
171 {
172 struct socket *so;
173 struct sockaddr_dl ndrvsrc = {};
174 struct ndrv_cb *np;
175 int error = 0;
176
177 ndrvsrc.sdl_len = sizeof(struct sockaddr_dl);
178 ndrvsrc.sdl_family = AF_NDRV;
179 ndrvsrc.sdl_index = 0;
180
181 /* move packet from if queue to socket */
182 /* Should be media-independent */
183 ndrvsrc.sdl_type = IFT_ETHER;
184 ndrvsrc.sdl_nlen = 0;
185 ndrvsrc.sdl_alen = 6;
186 ndrvsrc.sdl_slen = 0;
187 bcopy(frame_header, &ndrvsrc.sdl_data, 6);
188
189 /* prepend the frame header */
190 m = m_prepend(m, ifnet_hdrlen(ifp), M_NOWAIT);
191 if (m == NULL) {
192 return EJUSTRETURN;
193 }
194 bcopy(frame_header, m->m_data, ifnet_hdrlen(ifp));
195
196 /*
197 * We need to take the domain mutex before the list RW lock
198 */
199 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
200 lck_mtx_lock(ndrvdomain->dom_mtx);
201
202 np = ndrv_find_inbound(ifp, proto_family);
203 if (np == NULL) {
204 lck_mtx_unlock(ndrvdomain->dom_mtx);
205 return ENOENT;
206 }
207
208 so = np->nd_socket;
209
210 if (sbappendaddr(&(so->so_rcv), (struct sockaddr *)&ndrvsrc,
211 m, NULL, &error) != 0) {
212 sorwakeup(so);
213 }
214
215 lck_mtx_unlock(ndrvdomain->dom_mtx);
216
217 return 0; /* radar 4030377 - always return 0 */
218 }
219
220 /*
221 * Allocate an ndrv control block and some buffer space for the socket
222 */
223 static int
ndrv_attach(struct socket * so,int proto,__unused struct proc * p)224 ndrv_attach(struct socket *so, int proto, __unused struct proc *p)
225 {
226 int error;
227 struct ndrv_cb *np = sotondrvcb(so);
228
229 if ((so->so_state & SS_PRIV) == 0) {
230 return EPERM;
231 }
232
233 #if NDRV_DEBUG
234 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
235 #endif
236
237 if ((error = soreserve(so, ndrv_sendspace, ndrv_recvspace))) {
238 return error;
239 }
240
241 np = kalloc_type(struct ndrv_cb, Z_WAITOK | Z_ZERO | Z_NOFAIL);
242 so->so_pcb = (caddr_t)np;
243 #if NDRV_DEBUG
244 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
245 #endif
246 TAILQ_INIT(&np->nd_dlist);
247 np->nd_signature = NDRV_SIGNATURE;
248 np->nd_socket = so;
249 np->nd_proto.sp_family = (uint16_t)SOCK_DOM(so);
250 np->nd_proto.sp_protocol = (uint16_t)proto;
251 np->nd_if = NULL;
252 np->nd_proto_family = 0;
253 np->nd_family = 0;
254 np->nd_unit = 0;
255
256 /*
257 * Use the domain mutex to protect the list
258 */
259 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
260 lck_mtx_lock(ndrvdomain->dom_mtx);
261
262 TAILQ_INSERT_TAIL(&ndrvl, np, nd_next);
263
264 lck_mtx_unlock(ndrvdomain->dom_mtx);
265
266 return 0;
267 }
268
269 /*
270 * Destroy state just before socket deallocation.
271 * Flush data or not depending on the options.
272 */
273
274 static int
ndrv_detach(struct socket * so)275 ndrv_detach(struct socket *so)
276 {
277 struct ndrv_cb *np = sotondrvcb(so);
278
279 if (np == 0) {
280 return EINVAL;
281 }
282 return ndrv_do_detach(np);
283 }
284
285
286 /*
287 * If a socket isn't bound to a single address,
288 * the ndrv input routine will hand it anything
289 * within that protocol family (assuming there's
290 * nothing else around it should go to).
291 *
292 * Don't expect this to be used.
293 */
294
295 static int
ndrv_connect(struct socket * so,struct sockaddr * nam,__unused struct proc * p)296 ndrv_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
297 {
298 struct ndrv_cb *np = sotondrvcb(so);
299
300 if (np == 0) {
301 return EINVAL;
302 }
303
304 if (np->nd_faddr) {
305 return EISCONN;
306 }
307
308 if (nam->sa_len < sizeof(struct sockaddr_ndrv)) {
309 return EINVAL;
310 }
311
312 /* Allocate memory to store the remote address */
313 np->nd_faddr = (struct sockaddr_ndrv *) kalloc_data(nam->sa_len, Z_WAITOK);
314 if (np->nd_faddr == NULL) {
315 return ENOMEM;
316 }
317
318 bcopy((caddr_t) nam, (caddr_t) np->nd_faddr, nam->sa_len);
319 soisconnected(so);
320 return 0;
321 }
322
323 static void
ndrv_event(struct ifnet * ifp,__unused protocol_family_t protocol,const struct kev_msg * event)324 ndrv_event(struct ifnet *ifp, __unused protocol_family_t protocol,
325 const struct kev_msg *event)
326 {
327 if (event->vendor_code == KEV_VENDOR_APPLE &&
328 event->kev_class == KEV_NETWORK_CLASS &&
329 event->kev_subclass == KEV_DL_SUBCLASS &&
330 event->event_code == KEV_DL_IF_DETACHING) {
331 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
332 lck_mtx_lock(ndrvdomain->dom_mtx);
333 ndrv_handle_ifp_detach(ifnet_family(ifp), ifp->if_unit);
334 lck_mtx_unlock(ndrvdomain->dom_mtx);
335 }
336 }
337
338 /*
339 * This is the "driver open" hook - we 'bind' to the
340 * named driver.
341 * Here's where we latch onto the driver.
342 */
343 static int
ndrv_bind(struct socket * so,struct sockaddr * nam,__unused struct proc * p)344 ndrv_bind(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
345 {
346 struct sockaddr_ndrv *sa = (struct sockaddr_ndrv *) nam;
347 char *dname;
348 struct ndrv_cb *np;
349 struct ifnet *ifp;
350 int result;
351
352 if (TAILQ_EMPTY(&ifnet_head)) {
353 return EADDRNOTAVAIL; /* Quick sanity check */
354 }
355 np = sotondrvcb(so);
356 if (np == 0) {
357 return EINVAL;
358 }
359
360 if (np->nd_laddr) {
361 return EINVAL; /* XXX */
362 }
363 /* I think we just latch onto a copy here; the caller frees */
364 np->nd_laddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL);
365 bcopy((caddr_t) sa, (caddr_t) np->nd_laddr, sizeof(struct sockaddr_ndrv));
366 dname = (char *) sa->snd_name;
367 np->nd_laddr->snd_len = sizeof(struct sockaddr_ndrv);
368 if (*dname == '\0') {
369 return EINVAL;
370 }
371 #if NDRV_DEBUG
372 printf("NDRV bind: %x, %x, %s\n", so, np, dname);
373 #endif
374 /* Track down the driver and its ifnet structure.
375 * There's no internal call for this so we have to dup the code
376 * in if.c/ifconf()
377 */
378 ifnet_head_lock_shared();
379 TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
380 if (strncmp(ifp->if_xname, dname, IFNAMSIZ) == 0) {
381 break;
382 }
383 }
384 ifnet_head_done();
385
386 if (ifp == NULL) {
387 return EADDRNOTAVAIL;
388 }
389
390 // PPP doesn't support PF_NDRV.
391 if (ifnet_family(ifp) != APPLE_IF_FAM_PPP) {
392 /* NDRV on this interface */
393 struct ifnet_attach_proto_param ndrv_proto;
394 result = 0;
395 bzero(&ndrv_proto, sizeof(ndrv_proto));
396 ndrv_proto.event = ndrv_event;
397
398 /* We aren't worried about double attaching, that should just return an error */
399 socket_unlock(so, 0);
400 result = ifnet_attach_protocol(ifp, PF_NDRV, &ndrv_proto);
401 socket_lock(so, 0);
402 if (result && result != EEXIST) {
403 return result;
404 }
405 np->nd_proto_family = PF_NDRV;
406 } else {
407 np->nd_proto_family = 0;
408 }
409
410 np->nd_if = ifp;
411 np->nd_family = ifnet_family(ifp);
412 np->nd_unit = ifp->if_unit;
413
414 return 0;
415 }
416
417 static int
ndrv_disconnect(struct socket * so)418 ndrv_disconnect(struct socket *so)
419 {
420 struct ndrv_cb *np = sotondrvcb(so);
421
422 if (np == 0) {
423 return EINVAL;
424 }
425
426 if (np->nd_faddr == 0) {
427 return ENOTCONN;
428 }
429
430 ndrv_do_disconnect(np);
431 return 0;
432 }
433
434 /*
435 * Mark the connection as being incapable of further input.
436 */
437 static int
ndrv_shutdown(struct socket * so)438 ndrv_shutdown(struct socket *so)
439 {
440 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
441 socantsendmore(so);
442 return 0;
443 }
444
445 /*
446 * Ship a packet out. The ndrv output will pass it
447 * to the appropriate driver. The really tricky part
448 * is the destination address...
449 */
450 static int
ndrv_send(struct socket * so,__unused int flags,struct mbuf * m,__unused struct sockaddr * addr,struct mbuf * control,__unused struct proc * p)451 ndrv_send(struct socket *so, __unused int flags, struct mbuf *m,
452 __unused struct sockaddr *addr, struct mbuf *control,
453 __unused struct proc *p)
454 {
455 int error;
456
457 if (control != NULL) {
458 m_freem(control);
459 return EOPNOTSUPP;
460 }
461
462 error = ndrv_output(m, so);
463 m = NULL;
464 return error;
465 }
466
467
468 static int
ndrv_abort(struct socket * so)469 ndrv_abort(struct socket *so)
470 {
471 struct ndrv_cb *np = sotondrvcb(so);
472
473 if (np == 0) {
474 return EINVAL;
475 }
476
477 ndrv_do_disconnect(np);
478 return 0;
479 }
480
481 static int
ndrv_sockaddr(struct socket * so,struct sockaddr ** nam)482 ndrv_sockaddr(struct socket *so, struct sockaddr **nam)
483 {
484 struct ndrv_cb *np = sotondrvcb(so);
485 int len;
486
487 if (np == 0) {
488 return EINVAL;
489 }
490
491 if (np->nd_laddr == 0) {
492 return EINVAL;
493 }
494
495 len = np->nd_laddr->snd_len;
496 *nam = (struct sockaddr *)alloc_sockaddr(len,
497 Z_WAITOK | Z_NOFAIL);
498
499 bcopy((caddr_t)np->nd_laddr, *nam,
500 (unsigned)len);
501 return 0;
502 }
503
504
505 static int
ndrv_peeraddr(struct socket * so,struct sockaddr ** nam)506 ndrv_peeraddr(struct socket *so, struct sockaddr **nam)
507 {
508 struct ndrv_cb *np = sotondrvcb(so);
509 int len;
510
511 if (np == 0) {
512 return EINVAL;
513 }
514
515 if (np->nd_faddr == 0) {
516 return ENOTCONN;
517 }
518
519 len = np->nd_faddr->snd_len;
520 *nam = (struct sockaddr *)alloc_sockaddr(len,
521 Z_WAITOK | Z_NOFAIL);
522
523 bcopy((caddr_t)np->nd_faddr, *nam,
524 (unsigned)len);
525 return 0;
526 }
527
528
529 /* Control output */
530
531 static int
ndrv_ctloutput(struct socket * so,struct sockopt * sopt)532 ndrv_ctloutput(struct socket *so, struct sockopt *sopt)
533 {
534 struct ndrv_cb *np = sotondrvcb(so);
535 int error = 0;
536
537 switch (sopt->sopt_name) {
538 case NDRV_DELDMXSPEC: /* Delete current spec */
539 /* Verify no parameter was passed */
540 if (sopt->sopt_val != 0 || sopt->sopt_valsize != 0) {
541 /*
542 * We don't support deleting a specific demux, it's
543 * all or nothing.
544 */
545 return EINVAL;
546 }
547 error = ndrv_delspec(np);
548 break;
549 case NDRV_SETDMXSPEC: /* Set protocol spec */
550 error = ndrv_setspec(np, sopt);
551 break;
552 case NDRV_ADDMULTICAST:
553 error = ndrv_do_add_multicast(np, sopt);
554 break;
555 case NDRV_DELMULTICAST:
556 error = ndrv_do_remove_multicast(np, sopt);
557 break;
558 default:
559 error = ENOTSUP;
560 }
561 #ifdef NDRV_DEBUG
562 log(LOG_WARNING, "NDRV CTLOUT: %x returns %d\n", sopt->sopt_name,
563 error);
564 #endif
565 return error;
566 }
567
568 static int
ndrv_do_detach(struct ndrv_cb * np)569 ndrv_do_detach(struct ndrv_cb *np)
570 {
571 struct ndrv_cb* cur_np = NULL;
572 struct socket *so = np->nd_socket;
573 int error = 0;
574 struct ifnet * ifp;
575
576 #if NDRV_DEBUG
577 printf("NDRV detach: %x, %x\n", so, np);
578 #endif
579 ndrv_remove_all_multicast(np);
580
581 /* Remove from the linked list of control blocks */
582 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
583 TAILQ_REMOVE(&ndrvl, np, nd_next);
584
585 ifp = np->nd_if;
586 if (ifp != NULL) {
587 u_int32_t proto_family = np->nd_proto_family;
588
589 if (proto_family != PF_NDRV && proto_family != 0) {
590 socket_unlock(so, 0);
591 ifnet_detach_protocol(ifp, proto_family);
592 socket_lock(so, 0);
593 }
594
595 /* Check if this is the last socket attached to this interface */
596 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
597 TAILQ_FOREACH(cur_np, &ndrvl, nd_next) {
598 if (cur_np->nd_family == np->nd_family &&
599 cur_np->nd_unit == np->nd_unit) {
600 break;
601 }
602 }
603
604 /* If there are no other interfaces, detach PF_NDRV from the interface */
605 if (cur_np == NULL) {
606 socket_unlock(so, 0);
607 ifnet_detach_protocol(ifp, PF_NDRV);
608 socket_lock(so, 0);
609 }
610 }
611 if (np->nd_laddr != NULL) {
612 kfree_type(struct sockaddr_ndrv, np->nd_laddr);
613 np->nd_laddr = NULL;
614 }
615 kfree_type(struct ndrv_cb, np);
616 so->so_pcb = 0;
617 so->so_flags |= SOF_PCBCLEARING;
618 sofree(so);
619 return error;
620 }
621
622 static int
ndrv_do_disconnect(struct ndrv_cb * np)623 ndrv_do_disconnect(struct ndrv_cb *np)
624 {
625 struct socket * so = np->nd_socket;
626 #if NDRV_DEBUG
627 printf("NDRV disconnect: %x\n", np);
628 #endif
629 if (np->nd_faddr) {
630 kfree_data(np->nd_faddr, np->nd_faddr->snd_len);
631 np->nd_faddr = 0;
632 }
633 /*
634 * A multipath subflow socket would have its SS_NOFDREF set by default,
635 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB;
636 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared.
637 */
638 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) {
639 ndrv_do_detach(np);
640 }
641 soisdisconnected(so);
642 return 0;
643 }
644
645 #if 0
646 //### Not used
647 /*
648 * When closing, dump any enqueued mbufs.
649 */
650 void
651 ndrv_flushq(struct ifqueue *q)
652 {
653 struct mbuf *m;
654 for (;;) {
655 IF_DEQUEUE(q, m);
656 if (m == NULL) {
657 break;
658 }
659 IF_DROP(q);
660 if (m) {
661 m_freem(m);
662 }
663 }
664 }
665 #endif
666
667 int
ndrv_setspec(struct ndrv_cb * np,struct sockopt * sopt)668 ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt)
669 {
670 struct ifnet_attach_proto_param proto_param;
671 struct ndrv_protocol_desc ndrvSpec;
672 struct ndrv_demux_desc* ndrvDemux = NULL;
673 size_t ndrvDemuxSize = 0;
674 int error = 0;
675 struct socket * so = np->nd_socket;
676 user_addr_t user_addr;
677
678 /* Sanity checking */
679 if (np->nd_proto_family != PF_NDRV) {
680 return EBUSY;
681 }
682 if (np->nd_if == NULL) {
683 return EINVAL;
684 }
685
686 /* Copy the ndrvSpec */
687 if (proc_is64bit(sopt->sopt_p)) {
688 struct ndrv_protocol_desc64 ndrvSpec64;
689
690 if (sopt->sopt_valsize != sizeof(ndrvSpec64)) {
691 return EINVAL;
692 }
693
694 error = sooptcopyin(sopt, &ndrvSpec64, sizeof(ndrvSpec64), sizeof(ndrvSpec64));
695 if (error != 0) {
696 return error;
697 }
698
699 ndrvSpec.version = ndrvSpec64.version;
700 ndrvSpec.protocol_family = ndrvSpec64.protocol_family;
701 ndrvSpec.demux_count = ndrvSpec64.demux_count;
702
703 user_addr = CAST_USER_ADDR_T(ndrvSpec64.demux_list);
704 } else {
705 struct ndrv_protocol_desc32 ndrvSpec32;
706
707 if (sopt->sopt_valsize != sizeof(ndrvSpec32)) {
708 return EINVAL;
709 }
710
711 error = sooptcopyin(sopt, &ndrvSpec32, sizeof(ndrvSpec32), sizeof(ndrvSpec32));
712 if (error != 0) {
713 return error;
714 }
715
716 ndrvSpec.version = ndrvSpec32.version;
717 ndrvSpec.protocol_family = ndrvSpec32.protocol_family;
718 ndrvSpec.demux_count = ndrvSpec32.demux_count;
719
720 user_addr = CAST_USER_ADDR_T(ndrvSpec32.demux_list);
721 }
722
723 /* Verify the parameter */
724 if (ndrvSpec.version > NDRV_PROTOCOL_DESC_VERS) {
725 return ENOTSUP; // version is too new!
726 } else if (ndrvSpec.version < 1) {
727 return EINVAL; // version is not valid
728 } else if (ndrvSpec.demux_count > NDRV_PROTODEMUX_COUNT || ndrvSpec.demux_count == 0) {
729 return EINVAL; // demux_count is not valid
730 }
731 bzero(&proto_param, sizeof(proto_param));
732 proto_param.demux_count = ndrvSpec.demux_count;
733
734 /* Allocate storage for demux array */
735 ndrvDemuxSize = proto_param.demux_count * sizeof(struct ndrv_demux_desc);
736 ndrvDemux = (struct ndrv_demux_desc*) kalloc_data(ndrvDemuxSize, Z_WAITOK);
737 if (ndrvDemux == NULL) {
738 return ENOMEM;
739 }
740
741 /* Allocate enough ifnet_demux_descs */
742 MALLOC(proto_param.demux_array, struct ifnet_demux_desc*,
743 sizeof(*proto_param.demux_array) * ndrvSpec.demux_count,
744 M_TEMP, M_WAITOK);
745 if (proto_param.demux_array == NULL) {
746 error = ENOMEM;
747 }
748
749 if (error == 0) {
750 /* Copy the ndrv demux array from userland */
751 error = copyin(user_addr, ndrvDemux,
752 ndrvSpec.demux_count * sizeof(struct ndrv_demux_desc));
753 ndrvSpec.demux_list = ndrvDemux;
754 }
755
756 if (error == 0) {
757 /* At this point, we've at least got enough bytes to start looking around */
758 u_int32_t demuxOn = 0;
759
760 proto_param.demux_count = ndrvSpec.demux_count;
761 proto_param.input = ndrv_input;
762 proto_param.event = ndrv_event;
763
764 for (demuxOn = 0; demuxOn < ndrvSpec.demux_count; demuxOn++) {
765 /* Convert an ndrv_demux_desc to a ifnet_demux_desc */
766 error = ndrv_to_ifnet_demux(&ndrvSpec.demux_list[demuxOn],
767 &proto_param.demux_array[demuxOn]);
768 if (error) {
769 break;
770 }
771 }
772 }
773
774 if (error == 0) {
775 /* We've got all our ducks lined up...lets attach! */
776 socket_unlock(so, 0);
777 error = ifnet_attach_protocol(np->nd_if, ndrvSpec.protocol_family,
778 &proto_param);
779 socket_lock(so, 0);
780 if (error == 0) {
781 np->nd_proto_family = ndrvSpec.protocol_family;
782 }
783 }
784
785 /* Free any memory we've allocated */
786 if (proto_param.demux_array) {
787 FREE(proto_param.demux_array, M_TEMP);
788 }
789 if (ndrvDemux) {
790 kfree_data(ndrvDemux, ndrvDemuxSize);
791 }
792
793 return error;
794 }
795
796
797 int
ndrv_to_ifnet_demux(struct ndrv_demux_desc * ndrv,struct ifnet_demux_desc * ifdemux)798 ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux)
799 {
800 bzero(ifdemux, sizeof(*ifdemux));
801
802 if (ndrv->type < DLIL_DESC_ETYPE2) {
803 /* using old "type", not supported */
804 return ENOTSUP;
805 }
806
807 if (ndrv->length > 28) {
808 return EINVAL;
809 }
810
811 ifdemux->type = ndrv->type;
812 ifdemux->data = ndrv->data.other;
813 ifdemux->datalen = ndrv->length;
814
815 return 0;
816 }
817
818 int
ndrv_delspec(struct ndrv_cb * np)819 ndrv_delspec(struct ndrv_cb *np)
820 {
821 int result = 0;
822
823 if (np->nd_proto_family == PF_NDRV ||
824 np->nd_proto_family == 0) {
825 return EINVAL;
826 }
827
828 /* Detach the protocol */
829 result = ifnet_detach_protocol(np->nd_if, np->nd_proto_family);
830 np->nd_proto_family = PF_NDRV;
831
832 return result;
833 }
834
835 struct ndrv_cb *
ndrv_find_inbound(struct ifnet * ifp,u_int32_t protocol)836 ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol)
837 {
838 struct ndrv_cb* np;
839
840 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
841
842 if (protocol == PF_NDRV) {
843 return NULL;
844 }
845
846 TAILQ_FOREACH(np, &ndrvl, nd_next) {
847 if (np->nd_proto_family == protocol &&
848 np->nd_if == ifp) {
849 return np;
850 }
851 }
852
853 return NULL;
854 }
855
856 static void
ndrv_handle_ifp_detach(u_int32_t family,short unit)857 ndrv_handle_ifp_detach(u_int32_t family, short unit)
858 {
859 struct ndrv_cb* np;
860 struct ifnet *ifp = NULL;
861 struct socket *so;
862
863 /* Find all sockets using this interface. */
864 TAILQ_FOREACH(np, &ndrvl, nd_next) {
865 if (np->nd_family == family &&
866 np->nd_unit == unit) {
867 /* This cb is using the detaching interface, but not for long. */
868 /* Let the protocol go */
869 ifp = np->nd_if;
870 if (np->nd_proto_family != 0) {
871 ndrv_delspec(np);
872 }
873
874 /* Delete the multicasts first */
875 ndrv_remove_all_multicast(np);
876
877 /* Disavow all knowledge of the ifp */
878 np->nd_if = NULL;
879 np->nd_unit = 0;
880 np->nd_family = 0;
881
882 so = np->nd_socket;
883 /* Make sure sending returns an error */
884 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
885 socantsendmore(so);
886 socantrcvmore(so);
887 }
888 }
889
890 /* Unregister our protocol */
891 if (ifp) {
892 ifnet_detach_protocol(ifp, PF_NDRV);
893 }
894 }
895
896 static int
ndrv_do_add_multicast(struct ndrv_cb * np,struct sockopt * sopt)897 ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt)
898 {
899 struct ndrv_multiaddr* ndrv_multi;
900 int result;
901
902 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
903 sopt->sopt_level != SOL_NDRVPROTO || sopt->sopt_valsize > SOCK_MAXADDRLEN) {
904 return EINVAL;
905 }
906 if (np->nd_if == NULL) {
907 return ENXIO;
908 }
909 if (!(np->nd_dlist_cnt < ndrv_multi_max_count)) {
910 return EPERM;
911 }
912
913 // Allocate storage
914 MALLOC(ndrv_multi, struct ndrv_multiaddr*, sizeof(struct ndrv_multiaddr) -
915 sizeof(struct sockaddr) + sopt->sopt_valsize, M_IFADDR, M_WAITOK);
916 if (ndrv_multi == NULL) {
917 return ENOMEM;
918 }
919
920 // Copy in the address
921 result = copyin(sopt->sopt_val, &ndrv_multi->addr, sopt->sopt_valsize);
922
923 // Validate the sockaddr
924 if (result == 0 && sopt->sopt_valsize != ndrv_multi->addr.sa_len) {
925 result = EINVAL;
926 }
927
928 if (result == 0 && ndrv_have_multicast(np, &ndrv_multi->addr)) {
929 result = EEXIST;
930 }
931
932 if (result == 0) {
933 // Try adding the multicast
934 result = ifnet_add_multicast(np->nd_if, &ndrv_multi->addr,
935 &ndrv_multi->ifma);
936 }
937
938 if (result == 0) {
939 // Add to our linked list
940 ndrv_multi->next = np->nd_multiaddrs;
941 np->nd_multiaddrs = ndrv_multi;
942 np->nd_dlist_cnt++;
943 } else {
944 // Free up the memory, something went wrong
945 FREE(ndrv_multi, M_IFADDR);
946 }
947
948 return result;
949 }
950
951 static int
ndrv_do_remove_multicast(struct ndrv_cb * np,struct sockopt * sopt)952 ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt)
953 {
954 struct sockaddr* multi_addr;
955 struct ndrv_multiaddr* ndrv_entry = NULL;
956 int result;
957
958 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
959 sopt->sopt_valsize > SOCK_MAXADDRLEN ||
960 sopt->sopt_level != SOL_NDRVPROTO) {
961 return EINVAL;
962 }
963 if (np->nd_if == NULL || np->nd_dlist_cnt == 0) {
964 return ENXIO;
965 }
966
967 // Allocate storage
968 multi_addr = (struct sockaddr*) kalloc_data(sopt->sopt_valsize, Z_WAITOK);
969 if (multi_addr == NULL) {
970 return ENOMEM;
971 }
972
973 // Copy in the address
974 result = copyin(sopt->sopt_val, multi_addr, sopt->sopt_valsize);
975
976 // Validate the sockaddr
977 if (result == 0 && sopt->sopt_valsize != multi_addr->sa_len) {
978 result = EINVAL;
979 }
980
981 if (result == 0) {
982 /* Find the old entry */
983 ndrv_entry = ndrv_have_multicast(np, multi_addr);
984
985 if (ndrv_entry == NULL) {
986 result = ENOENT;
987 }
988 }
989
990 if (result == 0) {
991 // Try deleting the multicast
992 result = ifnet_remove_multicast(ndrv_entry->ifma);
993 }
994
995 if (result == 0) {
996 // Remove from our linked list
997 struct ndrv_multiaddr* cur = np->nd_multiaddrs;
998
999 ifmaddr_release(ndrv_entry->ifma);
1000
1001 if (cur == ndrv_entry) {
1002 np->nd_multiaddrs = cur->next;
1003 } else {
1004 for (cur = cur->next; cur != NULL; cur = cur->next) {
1005 if (cur->next == ndrv_entry) {
1006 cur->next = cur->next->next;
1007 break;
1008 }
1009 }
1010 }
1011
1012 np->nd_dlist_cnt--;
1013
1014 // Free the memory
1015 FREE(ndrv_entry, M_IFADDR);
1016 }
1017 kfree_data(multi_addr, sopt->sopt_valsize);
1018
1019 return result;
1020 }
1021
1022 static struct ndrv_multiaddr*
ndrv_have_multicast(struct ndrv_cb * np,struct sockaddr * inAddr)1023 ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* inAddr)
1024 {
1025 struct ndrv_multiaddr* cur;
1026 for (cur = np->nd_multiaddrs; cur != NULL; cur = cur->next) {
1027 if ((inAddr->sa_len == cur->addr.sa_len) &&
1028 (bcmp(&cur->addr, inAddr, inAddr->sa_len) == 0)) {
1029 // Found a match
1030 return cur;
1031 }
1032 }
1033
1034 return NULL;
1035 }
1036
1037 static void
ndrv_remove_all_multicast(struct ndrv_cb * np)1038 ndrv_remove_all_multicast(struct ndrv_cb* np)
1039 {
1040 struct ndrv_multiaddr* cur;
1041
1042 if (np->nd_if != NULL) {
1043 while (np->nd_multiaddrs != NULL) {
1044 cur = np->nd_multiaddrs;
1045 np->nd_multiaddrs = cur->next;
1046
1047 ifnet_remove_multicast(cur->ifma);
1048 ifmaddr_release(cur->ifma);
1049 FREE(cur, M_IFADDR);
1050 }
1051 }
1052 }
1053
1054 static struct pr_usrreqs ndrv_usrreqs = {
1055 .pru_abort = ndrv_abort,
1056 .pru_attach = ndrv_attach,
1057 .pru_bind = ndrv_bind,
1058 .pru_connect = ndrv_connect,
1059 .pru_detach = ndrv_detach,
1060 .pru_disconnect = ndrv_disconnect,
1061 .pru_peeraddr = ndrv_peeraddr,
1062 .pru_send = ndrv_send,
1063 .pru_shutdown = ndrv_shutdown,
1064 .pru_sockaddr = ndrv_sockaddr,
1065 .pru_sosend = sosend,
1066 .pru_soreceive = soreceive,
1067 };
1068
1069 static struct protosw ndrvsw[] = {
1070 {
1071 .pr_type = SOCK_RAW,
1072 .pr_protocol = NDRVPROTO_NDRV,
1073 .pr_flags = PR_ATOMIC | PR_ADDR,
1074 .pr_output = ndrv_output,
1075 .pr_ctloutput = ndrv_ctloutput,
1076 .pr_usrreqs = &ndrv_usrreqs,
1077 }
1078 };
1079
1080 static int ndrv_proto_count = (sizeof(ndrvsw) / sizeof(struct protosw));
1081
1082 struct domain ndrvdomain_s = {
1083 .dom_family = PF_NDRV,
1084 .dom_name = "NetDriver",
1085 .dom_init = ndrv_dominit,
1086 };
1087
1088 static void
ndrv_dominit(struct domain * dp)1089 ndrv_dominit(struct domain *dp)
1090 {
1091 struct protosw *pr;
1092 int i;
1093
1094 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
1095 VERIFY(ndrvdomain == NULL);
1096
1097 ndrvdomain = dp;
1098
1099 for (i = 0, pr = &ndrvsw[0]; i < ndrv_proto_count; i++, pr++) {
1100 net_add_proto(pr, dp, 1);
1101 }
1102 }
1103