1 /*
2 * Copyright (c) 2010-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*-
29 * Copyright (c) 2007-2009 Bruce Simpson.
30 * Copyright (c) 2005 Robert N. M. Watson.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. The name of the author may not be used to endorse or promote
42 * products derived from this software without specific prior written
43 * permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 /*
59 * IPv4 multicast socket, group, and socket option processing module.
60 */
61
62 #include <sys/cdefs.h>
63
64 #include <sys/param.h>
65 #include <sys/systm.h>
66 #include <sys/kernel.h>
67 #include <sys/malloc.h>
68 #include <sys/mbuf.h>
69 #include <sys/protosw.h>
70 #include <sys/socket.h>
71 #include <sys/socketvar.h>
72 #include <sys/protosw.h>
73 #include <sys/sysctl.h>
74 #include <sys/tree.h>
75 #include <sys/mcache.h>
76
77 #include <kern/zalloc.h>
78
79 #include <pexpert/pexpert.h>
80
81 #include <net/if.h>
82 #include <net/if_dl.h>
83 #include <net/net_api_stats.h>
84 #include <net/route.h>
85
86 #include <netinet/in.h>
87 #include <netinet/in_systm.h>
88 #include <netinet/in_pcb.h>
89 #include <netinet/in_var.h>
90 #include <netinet/ip_var.h>
91 #include <netinet/igmp_var.h>
92
93 #include <net/sockaddr_utils.h>
94
95 /*
96 * Functions with non-static linkage defined in this file should be
97 * declared in in_var.h:
98 * imo_multi_filter()
99 * in_addmulti()
100 * in_delmulti()
101 * in_joingroup()
102 * in_leavegroup()
103 * and ip_var.h:
104 * inp_freemoptions()
105 * inp_getmoptions()
106 * inp_setmoptions()
107 *
108 * XXX: Both carp and pf need to use the legacy (*,G) KPIs in_addmulti()
109 * and in_delmulti().
110 */
111 static void imf_commit(struct in_mfilter *);
112 static int imf_get_source(struct in_mfilter *imf,
113 const struct sockaddr_in *psin,
114 struct in_msource **);
115 static struct in_msource *
116 imf_graft(struct in_mfilter *, const uint8_t,
117 const struct sockaddr_in *);
118 static int imf_prune(struct in_mfilter *, const struct sockaddr_in *);
119 static void imf_rollback(struct in_mfilter *);
120 static void imf_reap(struct in_mfilter *);
121 static int imo_grow(struct ip_moptions *, uint16_t);
122 static size_t imo_match_group(const struct ip_moptions *,
123 const struct ifnet *, const struct sockaddr_in *);
124 static struct in_msource *
125 imo_match_source(const struct ip_moptions *, const size_t,
126 const struct sockaddr_in *);
127 static void ims_merge(struct ip_msource *ims,
128 const struct in_msource *lims, const int rollback);
129 static int in_getmulti(struct ifnet *, const struct in_addr *,
130 struct in_multi **);
131 static int in_joingroup(struct ifnet *, const struct in_addr *,
132 struct in_mfilter *, struct in_multi **);
133 static int inm_get_source(struct in_multi *inm, const in_addr_t haddr,
134 const int noalloc, struct ip_msource **pims);
135 static int inm_is_ifp_detached(const struct in_multi *);
136 static int inm_merge(struct in_multi *, /*const*/ struct in_mfilter *);
137 static void inm_reap(struct in_multi *);
138 static struct ip_moptions *
139 inp_findmoptions(struct inpcb *);
140 static int inp_get_source_filters(struct inpcb *, struct sockopt *);
141 static struct ifnet *
142 inp_lookup_mcast_ifp(const struct inpcb *,
143 const struct sockaddr_in *, const struct in_addr);
144 static int inp_block_unblock_source(struct inpcb *, struct sockopt *);
145 static int inp_set_multicast_if(struct inpcb *, struct sockopt *);
146 static int inp_set_source_filters(struct inpcb *, struct sockopt *);
147 static int sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS;
148 static struct ifnet * ip_multicast_if(struct in_addr *, unsigned int *);
149 static __inline__ int ip_msource_cmp(const struct ip_msource *,
150 const struct ip_msource *);
151
152 SYSCTL_NODE(_net_inet_ip, OID_AUTO, mcast, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "IPv4 multicast");
153
154 static u_long in_mcast_maxgrpsrc = IP_MAX_GROUP_SRC_FILTER;
155 SYSCTL_LONG(_net_inet_ip_mcast, OID_AUTO, maxgrpsrc,
156 CTLFLAG_RW | CTLFLAG_LOCKED, &in_mcast_maxgrpsrc, "Max source filters per group");
157
158 static u_int in_mcast_maxsocksrc = IP_MAX_SOCK_SRC_FILTER;
159 SYSCTL_UINT(_net_inet_ip_mcast, OID_AUTO, maxsocksrc,
160 CTLFLAG_RW | CTLFLAG_LOCKED, &in_mcast_maxsocksrc, IP_MAX_SOCK_SRC_FILTER,
161 "Max source filters per socket");
162
163 int in_mcast_loop = IP_DEFAULT_MULTICAST_LOOP;
164 SYSCTL_INT(_net_inet_ip_mcast, OID_AUTO, loop, CTLFLAG_RW | CTLFLAG_LOCKED,
165 &in_mcast_loop, 0, "Loopback multicast datagrams by default");
166
167 SYSCTL_NODE(_net_inet_ip_mcast, OID_AUTO, filters,
168 CTLFLAG_RD | CTLFLAG_LOCKED, sysctl_ip_mcast_filters,
169 "Per-interface stack-wide source filters");
170
171 RB_GENERATE_PREV(ip_msource_tree, ip_msource, ims_link, ip_msource_cmp);
172
173 #define INM_TRACE_HIST_SIZE 32 /* size of trace history */
174
175 /* For gdb */
176 __private_extern__ unsigned int inm_trace_hist_size = INM_TRACE_HIST_SIZE;
177
178 struct in_multi_dbg {
179 struct in_multi inm; /* in_multi */
180 u_int16_t inm_refhold_cnt; /* # of ref */
181 u_int16_t inm_refrele_cnt; /* # of rele */
182 /*
183 * Circular lists of inm_addref and inm_remref callers.
184 */
185 ctrace_t inm_refhold[INM_TRACE_HIST_SIZE];
186 ctrace_t inm_refrele[INM_TRACE_HIST_SIZE];
187 /*
188 * Trash list linkage
189 */
190 TAILQ_ENTRY(in_multi_dbg) inm_trash_link;
191 };
192
193 static LCK_ATTR_DECLARE(in_multihead_lock_attr, 0, 0);
194 static LCK_GRP_DECLARE(in_multihead_lock_grp, "in_multihead");
195
196 /* List of trash in_multi entries protected by inm_trash_lock */
197 static TAILQ_HEAD(, in_multi_dbg) inm_trash_head = TAILQ_HEAD_INITIALIZER(inm_trash_head);
198 static LCK_MTX_DECLARE_ATTR(inm_trash_lock, &in_multihead_lock_grp,
199 &in_multihead_lock_attr);
200
201 #if DEBUG
202 static TUNABLE(bool, inm_debug, "ifa_debug", true); /* debugging (enabled) */
203 #else
204 static TUNABLE(bool, inm_debug, "ifa_debug", false); /* debugging (disabled) */
205 #endif /* !DEBUG */
206
207 static KALLOC_TYPE_DEFINE(ipms_zone, struct ip_msource, NET_KT_DEFAULT);
208 static KALLOC_TYPE_DEFINE(inms_zone, struct in_msource, NET_KT_DEFAULT);
209
210 static LCK_RW_DECLARE_ATTR(in_multihead_lock, &in_multihead_lock_grp,
211 &in_multihead_lock_attr);
212
213 struct in_multihead in_multihead;
214
215 static struct in_multi *in_multi_alloc(zalloc_flags_t);
216 static void in_multi_free(struct in_multi *);
217 static void in_multi_attach(struct in_multi *);
218 static void inm_trace(struct in_multi *, int);
219
220 static struct ip_msource *ipms_alloc(zalloc_flags_t);
221 static void ipms_free(struct ip_msource *);
222 static struct in_msource *inms_alloc(zalloc_flags_t);
223 static void inms_free(struct in_msource *);
224
225 static __inline int
ip_msource_cmp(const struct ip_msource * a,const struct ip_msource * b)226 ip_msource_cmp(const struct ip_msource *a, const struct ip_msource *b)
227 {
228 if (a->ims_haddr < b->ims_haddr) {
229 return -1;
230 }
231 if (a->ims_haddr == b->ims_haddr) {
232 return 0;
233 }
234 return 1;
235 }
236
237 /*
238 * Inline function which wraps assertions for a valid ifp.
239 */
240 static __inline__ int
inm_is_ifp_detached(const struct in_multi * inm)241 inm_is_ifp_detached(const struct in_multi *inm)
242 {
243 VERIFY(inm->inm_ifma != NULL);
244 VERIFY(inm->inm_ifp == inm->inm_ifma->ifma_ifp);
245
246 return !ifnet_is_attached(inm->inm_ifp, 0);
247 }
248
249 /*
250 * Initialize an in_mfilter structure to a known state at t0, t1
251 * with an empty source filter list.
252 */
253 static __inline__ void
imf_init(struct in_mfilter * imf,const uint8_t st0,const uint8_t st1)254 imf_init(struct in_mfilter *imf, const uint8_t st0, const uint8_t st1)
255 {
256 memset(imf, 0, sizeof(struct in_mfilter));
257 RB_INIT(&imf->imf_sources);
258 imf->imf_st[0] = st0;
259 imf->imf_st[1] = st1;
260 }
261
262 /*
263 * Resize the ip_moptions vector to the next power-of-two minus 1.
264 */
265 static int
imo_grow(struct ip_moptions * imo,uint16_t newmax)266 imo_grow(struct ip_moptions *imo, uint16_t newmax)
267 {
268 struct in_multi **nmships;
269 struct in_multi **omships;
270 struct in_mfilter *nmfilters;
271 struct in_mfilter *omfilters;
272 int err;
273 uint16_t idx;
274 uint16_t oldmax;
275
276 IMO_LOCK_ASSERT_HELD(imo);
277
278 nmships = NULL;
279 nmfilters = NULL;
280 err = 0;
281 omships = imo->imo_membership;
282 omfilters = imo->imo_mfilters;
283 oldmax = imo->imo_max_memberships;
284
285 if (newmax == 0) {
286 newmax = ((oldmax + 1) * 2) - 1;
287 } else if (newmax <= oldmax) {
288 /* Nothing to do, exit early. */
289 return 0;
290 }
291
292 if (newmax > IP_MAX_MEMBERSHIPS) {
293 err = ETOOMANYREFS;
294 goto cleanup;
295 }
296
297 if ((nmships = kalloc_type(struct in_multi *, newmax,
298 Z_WAITOK | Z_ZERO)) == NULL) {
299 err = ENOMEM;
300 goto cleanup;
301 }
302
303 if ((nmfilters = kalloc_type(struct in_mfilter, newmax,
304 Z_WAITOK | Z_ZERO)) == NULL) {
305 err = ENOMEM;
306 goto cleanup;
307 }
308
309 /* Copy the existing memberships and release the memory. */
310 if (omships != NULL) {
311 VERIFY(oldmax <= newmax);
312 memcpy(nmships, omships, oldmax * sizeof(struct in_multi *));
313 kfree_type(struct in_multi *, oldmax, omships);
314 }
315
316 /* Copy the existing filters and release the memory. */
317 if (omfilters != NULL) {
318 VERIFY(oldmax <= newmax);
319 memcpy(nmfilters, omfilters, oldmax * sizeof(struct in_mfilter));
320 kfree_type(struct in_mfilter, oldmax, omfilters);
321 }
322
323 /* Initialize the newly allocated source filter heads. */
324 for (idx = oldmax; idx < newmax; idx++) {
325 imf_init(&nmfilters[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
326 }
327
328 imo->imo_membership = nmships;
329 nmships = NULL;
330 imo->imo_mfilters = nmfilters;
331 nmfilters = NULL;
332 imo->imo_max_memberships = newmax;
333
334 return 0;
335
336 cleanup:
337 if (nmfilters != NULL) {
338 kfree_type(struct in_mfilter, newmax, nmfilters);
339 }
340
341 if (nmships != NULL) {
342 kfree_type(struct in_multi *, newmax, nmships);
343 }
344
345 return err;
346 }
347
348 /*
349 * Find an IPv4 multicast group entry for this ip_moptions instance
350 * which matches the specified group, and optionally an interface.
351 * Return its index into the array, or -1 if not found.
352 */
353 static size_t
imo_match_group(const struct ip_moptions * imo,const struct ifnet * ifp,const struct sockaddr_in * group)354 imo_match_group(const struct ip_moptions *imo, const struct ifnet *ifp,
355 const struct sockaddr_in *group)
356 {
357 struct in_multi *pinm;
358 int idx;
359 int nmships;
360
361 IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
362
363
364 /* The imo_membership array may be lazy allocated. */
365 if (imo->imo_membership == NULL || imo->imo_num_memberships == 0) {
366 return -1;
367 }
368
369 nmships = imo->imo_num_memberships;
370 for (idx = 0; idx < nmships; idx++) {
371 pinm = imo->imo_membership[idx];
372 if (pinm == NULL) {
373 continue;
374 }
375 INM_LOCK(pinm);
376 if ((ifp == NULL || (pinm->inm_ifp == ifp)) &&
377 in_hosteq(pinm->inm_addr, group->sin_addr)) {
378 INM_UNLOCK(pinm);
379 break;
380 }
381 INM_UNLOCK(pinm);
382 }
383 if (idx >= nmships) {
384 idx = -1;
385 }
386
387 return idx;
388 }
389
390 /*
391 * Find an IPv4 multicast source entry for this imo which matches
392 * the given group index for this socket, and source address.
393 *
394 * NOTE: This does not check if the entry is in-mode, merely if
395 * it exists, which may not be the desired behaviour.
396 */
397 static struct in_msource *
imo_match_source(const struct ip_moptions * imo,const size_t gidx,const struct sockaddr_in * src)398 imo_match_source(const struct ip_moptions *imo, const size_t gidx,
399 const struct sockaddr_in *src)
400 {
401 struct ip_msource find;
402 struct in_mfilter *imf;
403 struct ip_msource *ims;
404
405 IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
406
407 VERIFY(src->sin_family == AF_INET);
408 VERIFY(gidx != (size_t)-1 && gidx < imo->imo_num_memberships);
409
410 /* The imo_mfilters array may be lazy allocated. */
411 if (imo->imo_mfilters == NULL) {
412 return NULL;
413 }
414 imf = &imo->imo_mfilters[gidx];
415
416 /* Source trees are keyed in host byte order. */
417 find.ims_haddr = ntohl(src->sin_addr.s_addr);
418 ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
419
420 return (struct in_msource *)ims;
421 }
422
423 /*
424 * Perform filtering for multicast datagrams on a socket by group and source.
425 *
426 * Returns 0 if a datagram should be allowed through, or various error codes
427 * if the socket was not a member of the group, or the source was muted, etc.
428 */
429 int
imo_multi_filter(const struct ip_moptions * imo,const struct ifnet * ifp,const struct sockaddr_in * group,const struct sockaddr_in * src)430 imo_multi_filter(const struct ip_moptions *imo, const struct ifnet *ifp,
431 const struct sockaddr_in *group, const struct sockaddr_in *src)
432 {
433 size_t gidx;
434 struct in_msource *ims;
435 int mode;
436
437 IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
438 VERIFY(ifp != NULL);
439
440 gidx = imo_match_group(imo, ifp, group);
441 if (gidx == (size_t)-1) {
442 return MCAST_NOTGMEMBER;
443 }
444
445 /*
446 * Check if the source was included in an (S,G) join.
447 * Allow reception on exclusive memberships by default,
448 * reject reception on inclusive memberships by default.
449 * Exclude source only if an in-mode exclude filter exists.
450 * Include source only if an in-mode include filter exists.
451 * NOTE: We are comparing group state here at IGMP t1 (now)
452 * with socket-layer t0 (since last downcall).
453 */
454 mode = imo->imo_mfilters[gidx].imf_st[1];
455 ims = imo_match_source(imo, gidx, src);
456
457 if ((ims == NULL && mode == MCAST_INCLUDE) ||
458 (ims != NULL && ims->imsl_st[0] != mode)) {
459 return MCAST_NOTSMEMBER;
460 }
461
462 return MCAST_PASS;
463 }
464
465 int
imo_clone(struct inpcb * from_inp,struct inpcb * to_inp)466 imo_clone(struct inpcb *from_inp, struct inpcb *to_inp)
467 {
468 int err = 0;
469 struct ip_moptions *from;
470 struct ip_moptions *to;
471
472 from = inp_findmoptions(from_inp);
473 if (from == NULL) {
474 return ENOMEM;
475 }
476
477 to = inp_findmoptions(to_inp);
478 if (to == NULL) {
479 IMO_REMREF(from);
480 return ENOMEM;
481 }
482
483 IMO_LOCK(from);
484 IMO_LOCK(to);
485
486 to->imo_multicast_ifp = from->imo_multicast_ifp;
487 to->imo_multicast_vif = from->imo_multicast_vif;
488 to->imo_multicast_ttl = from->imo_multicast_ttl;
489 to->imo_multicast_loop = from->imo_multicast_loop;
490
491 /*
492 * We're cloning, so drop any existing memberships and source
493 * filters on the destination ip_moptions.
494 */
495 IMO_PURGE_LOCKED(to);
496
497 VERIFY(to->imo_max_memberships != 0 && from->imo_max_memberships != 0);
498 if (to->imo_max_memberships < from->imo_max_memberships) {
499 /*
500 * Ensure source and destination ip_moptions memberships
501 * and source filters arrays are at least equal in size.
502 */
503 err = imo_grow(to, from->imo_max_memberships);
504 if (err != 0) {
505 goto done;
506 }
507 }
508 VERIFY(to->imo_max_memberships >= from->imo_max_memberships);
509
510 /*
511 * Source filtering doesn't apply to OpenTransport socket,
512 * so simply hold additional reference count per membership.
513 */
514 for (int i = 0; i < from->imo_num_memberships; i++) {
515 to->imo_membership[i] =
516 in_addmulti(&from->imo_membership[i]->inm_addr,
517 from->imo_membership[i]->inm_ifp);
518 if (to->imo_membership[i] == NULL) {
519 break;
520 }
521 to->imo_num_memberships++;
522 }
523 VERIFY(to->imo_num_memberships == from->imo_num_memberships);
524
525 done:
526 IMO_UNLOCK(to);
527 IMO_REMREF(to);
528 IMO_UNLOCK(from);
529 IMO_REMREF(from);
530
531 return err;
532 }
533
534 /*
535 * Find and return a reference to an in_multi record for (ifp, group),
536 * and bump its reference count.
537 * If one does not exist, try to allocate it, and update link-layer multicast
538 * filters on ifp to listen for group.
539 * Return 0 if successful, otherwise return an appropriate error code.
540 */
541 static int
in_getmulti(struct ifnet * ifp,const struct in_addr * group,struct in_multi ** pinm)542 in_getmulti(struct ifnet *ifp, const struct in_addr *group,
543 struct in_multi **pinm)
544 {
545 struct sockaddr_in gsin;
546 struct ifmultiaddr *__single ifma;
547 struct in_multi *__single inm;
548 int error;
549
550 in_multihead_lock_shared();
551 IN_LOOKUP_MULTI(group, ifp, inm);
552 if (inm != NULL) {
553 INM_LOCK(inm);
554 VERIFY(inm->inm_reqcnt >= 1);
555 inm->inm_reqcnt++;
556 VERIFY(inm->inm_reqcnt != 0);
557 *pinm = inm;
558 INM_UNLOCK(inm);
559 in_multihead_lock_done();
560 /*
561 * We already joined this group; return the inm
562 * with a refcount held (via lookup) for caller.
563 */
564 return 0;
565 }
566 in_multihead_lock_done();
567
568 SOCKADDR_ZERO(&gsin, sizeof(gsin));
569 gsin.sin_family = AF_INET;
570 gsin.sin_len = sizeof(struct sockaddr_in);
571 gsin.sin_addr = *group;
572
573 /*
574 * Check if a link-layer group is already associated
575 * with this network-layer group on the given ifnet.
576 */
577 error = if_addmulti(ifp, SA(&gsin), &ifma);
578 if (error != 0) {
579 return error;
580 }
581
582 /*
583 * See comments in inm_remref() for access to ifma_protospec.
584 */
585 in_multihead_lock_exclusive();
586 IFMA_LOCK(ifma);
587 if ((inm = ifma->ifma_protospec) != NULL) {
588 VERIFY(ifma->ifma_addr != NULL);
589 VERIFY(ifma->ifma_addr->sa_family == AF_INET);
590 INM_ADDREF(inm); /* for caller */
591 IFMA_UNLOCK(ifma);
592 INM_LOCK(inm);
593 VERIFY(inm->inm_ifma == ifma);
594 VERIFY(inm->inm_ifp == ifp);
595 VERIFY(in_hosteq(inm->inm_addr, *group));
596 if (inm->inm_debug & IFD_ATTACHED) {
597 VERIFY(inm->inm_reqcnt >= 1);
598 inm->inm_reqcnt++;
599 VERIFY(inm->inm_reqcnt != 0);
600 *pinm = inm;
601 INM_UNLOCK(inm);
602 in_multihead_lock_done();
603 IFMA_REMREF(ifma);
604 /*
605 * We lost the race with another thread doing
606 * in_getmulti(); since this group has already
607 * been joined; return the inm with a refcount
608 * held for caller.
609 */
610 return 0;
611 }
612 /*
613 * We lost the race with another thread doing in_delmulti();
614 * the inm referring to the ifma has been detached, thus we
615 * reattach it back to the in_multihead list and return the
616 * inm with a refcount held for the caller.
617 */
618 in_multi_attach(inm);
619 VERIFY((inm->inm_debug &
620 (IFD_ATTACHED | IFD_TRASHED)) == IFD_ATTACHED);
621 *pinm = inm;
622 INM_UNLOCK(inm);
623 in_multihead_lock_done();
624 IFMA_REMREF(ifma);
625 return 0;
626 }
627 IFMA_UNLOCK(ifma);
628
629 /*
630 * A new in_multi record is needed; allocate and initialize it.
631 * We DO NOT perform an IGMP join as the in_ layer may need to
632 * push an initial source list down to IGMP to support SSM.
633 *
634 * The initial source filter state is INCLUDE, {} as per the RFC.
635 */
636 inm = in_multi_alloc(Z_WAITOK);
637
638 INM_LOCK(inm);
639 inm->inm_addr = *group;
640 inm->inm_ifp = ifp;
641 inm->inm_igi = IGMP_IFINFO(ifp);
642 VERIFY(inm->inm_igi != NULL);
643 IGI_ADDREF(inm->inm_igi);
644 inm->inm_ifma = ifma; /* keep refcount from if_addmulti() */
645 inm->inm_state = IGMP_NOT_MEMBER;
646 /*
647 * Pending state-changes per group are subject to a bounds check.
648 */
649 inm->inm_scq.ifq_maxlen = IGMP_MAX_STATE_CHANGES;
650 inm->inm_st[0].iss_fmode = MCAST_UNDEFINED;
651 inm->inm_st[1].iss_fmode = MCAST_UNDEFINED;
652 RB_INIT(&inm->inm_srcs);
653 *pinm = inm;
654 in_multi_attach(inm);
655 VERIFY((inm->inm_debug & (IFD_ATTACHED | IFD_TRASHED)) == IFD_ATTACHED);
656 INM_ADDREF_LOCKED(inm); /* for caller */
657 INM_UNLOCK(inm);
658
659 IFMA_LOCK(ifma);
660 VERIFY(ifma->ifma_protospec == NULL);
661 ifma->ifma_protospec = inm;
662 IFMA_UNLOCK(ifma);
663 in_multihead_lock_done();
664
665 return 0;
666 }
667
668 /*
669 * Clear recorded source entries for a group.
670 * Used by the IGMP code.
671 * FIXME: Should reap.
672 */
673 void
inm_clear_recorded(struct in_multi * inm)674 inm_clear_recorded(struct in_multi *inm)
675 {
676 struct ip_msource *ims;
677
678 INM_LOCK_ASSERT_HELD(inm);
679
680 RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
681 if (ims->ims_stp) {
682 ims->ims_stp = 0;
683 --inm->inm_st[1].iss_rec;
684 }
685 }
686 VERIFY(inm->inm_st[1].iss_rec == 0);
687 }
688
689 /*
690 * Record a source as pending for a Source-Group IGMPv3 query.
691 * This lives here as it modifies the shared tree.
692 *
693 * inm is the group descriptor.
694 * naddr is the address of the source to record in network-byte order.
695 *
696 * If the net.inet.igmp.sgalloc sysctl is non-zero, we will
697 * lazy-allocate a source node in response to an SG query.
698 * Otherwise, no allocation is performed. This saves some memory
699 * with the trade-off that the source will not be reported to the
700 * router if joined in the window between the query response and
701 * the group actually being joined on the local host.
702 *
703 * Return 0 if the source didn't exist or was already marked as recorded.
704 * Return 1 if the source was marked as recorded by this function.
705 * Return <0 if any error occured (negated errno code).
706 */
707 int
inm_record_source(struct in_multi * inm,const in_addr_t naddr)708 inm_record_source(struct in_multi *inm, const in_addr_t naddr)
709 {
710 struct ip_msource find;
711 struct ip_msource *ims, *nims;
712
713 INM_LOCK_ASSERT_HELD(inm);
714
715 find.ims_haddr = ntohl(naddr);
716 ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
717 if (ims && ims->ims_stp) {
718 return 0;
719 }
720 if (ims == NULL) {
721 if (inm->inm_nsrc == in_mcast_maxgrpsrc) {
722 return -ENOSPC;
723 }
724 nims = ipms_alloc(Z_WAITOK);
725 nims->ims_haddr = find.ims_haddr;
726 RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
727 ++inm->inm_nsrc;
728 ims = nims;
729 }
730
731 /*
732 * Mark the source as recorded and update the recorded
733 * source count.
734 */
735 ++ims->ims_stp;
736 ++inm->inm_st[1].iss_rec;
737
738 return 1;
739 }
740
741 /*
742 * Return a pointer to an in_msource owned by an in_mfilter,
743 * given its source address.
744 * Lazy-allocate if needed. If this is a new entry its filter state is
745 * undefined at t0.
746 *
747 * imf is the filter set being modified.
748 * haddr is the source address in *host* byte-order.
749 *
750 * Caller is expected to be holding imo_lock.
751 */
752 static int
imf_get_source(struct in_mfilter * imf,const struct sockaddr_in * psin,struct in_msource ** plims)753 imf_get_source(struct in_mfilter *imf, const struct sockaddr_in *psin,
754 struct in_msource **plims)
755 {
756 struct ip_msource find;
757 struct ip_msource *ims;
758 struct in_msource *lims;
759 int error;
760
761 error = 0;
762 ims = NULL;
763 lims = NULL;
764
765 /* key is host byte order */
766 find.ims_haddr = ntohl(psin->sin_addr.s_addr);
767 ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
768 lims = (struct in_msource *)ims;
769 if (lims == NULL) {
770 if (imf->imf_nsrc == in_mcast_maxsocksrc) {
771 return ENOSPC;
772 }
773 lims = inms_alloc(Z_WAITOK);
774 lims->ims_haddr = find.ims_haddr;
775 lims->imsl_st[0] = MCAST_UNDEFINED;
776 RB_INSERT(ip_msource_tree, &imf->imf_sources,
777 (struct ip_msource *)lims);
778 ++imf->imf_nsrc;
779 }
780
781 *plims = lims;
782
783 return error;
784 }
785
786 /*
787 * Graft a source entry into an existing socket-layer filter set,
788 * maintaining any required invariants and checking allocations.
789 *
790 * The source is marked as being in the new filter mode at t1.
791 *
792 * Return the pointer to the new node, otherwise return NULL.
793 *
794 * Caller is expected to be holding imo_lock.
795 */
796 static struct in_msource *
imf_graft(struct in_mfilter * imf,const uint8_t st1,const struct sockaddr_in * psin)797 imf_graft(struct in_mfilter *imf, const uint8_t st1,
798 const struct sockaddr_in *psin)
799 {
800 struct in_msource *lims;
801
802 lims = inms_alloc(Z_WAITOK);
803 lims->ims_haddr = ntohl(psin->sin_addr.s_addr);
804 lims->imsl_st[0] = MCAST_UNDEFINED;
805 lims->imsl_st[1] = st1;
806 RB_INSERT(ip_msource_tree, &imf->imf_sources,
807 (struct ip_msource *)lims);
808 ++imf->imf_nsrc;
809
810 return lims;
811 }
812
813 /*
814 * Prune a source entry from an existing socket-layer filter set,
815 * maintaining any required invariants and checking allocations.
816 *
817 * The source is marked as being left at t1, it is not freed.
818 *
819 * Return 0 if no error occurred, otherwise return an errno value.
820 *
821 * Caller is expected to be holding imo_lock.
822 */
823 static int
imf_prune(struct in_mfilter * imf,const struct sockaddr_in * psin)824 imf_prune(struct in_mfilter *imf, const struct sockaddr_in *psin)
825 {
826 struct ip_msource find;
827 struct ip_msource *ims;
828 struct in_msource *lims;
829
830 /* key is host byte order */
831 find.ims_haddr = ntohl(psin->sin_addr.s_addr);
832 ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
833 if (ims == NULL) {
834 return ENOENT;
835 }
836 lims = (struct in_msource *)ims;
837 lims->imsl_st[1] = MCAST_UNDEFINED;
838 return 0;
839 }
840
841 /*
842 * Revert socket-layer filter set deltas at t1 to t0 state.
843 *
844 * Caller is expected to be holding imo_lock.
845 */
846 static void
imf_rollback(struct in_mfilter * imf)847 imf_rollback(struct in_mfilter *imf)
848 {
849 struct ip_msource *ims, *tims;
850 struct in_msource *lims;
851
852 RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
853 lims = (struct in_msource *)ims;
854 if (lims->imsl_st[0] == lims->imsl_st[1]) {
855 /* no change at t1 */
856 continue;
857 } else if (lims->imsl_st[0] != MCAST_UNDEFINED) {
858 /* revert change to existing source at t1 */
859 lims->imsl_st[1] = lims->imsl_st[0];
860 } else {
861 /* revert source added t1 */
862 IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
863 (uint64_t)VM_KERNEL_ADDRPERM(lims)));
864 RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
865 inms_free(lims);
866 imf->imf_nsrc--;
867 }
868 }
869 imf->imf_st[1] = imf->imf_st[0];
870 }
871
872 /*
873 * Mark socket-layer filter set as INCLUDE {} at t1.
874 *
875 * Caller is expected to be holding imo_lock.
876 */
877 void
imf_leave(struct in_mfilter * imf)878 imf_leave(struct in_mfilter *imf)
879 {
880 struct ip_msource *ims;
881 struct in_msource *lims;
882
883 RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
884 lims = (struct in_msource *)ims;
885 lims->imsl_st[1] = MCAST_UNDEFINED;
886 }
887 imf->imf_st[1] = MCAST_INCLUDE;
888 }
889
890 /*
891 * Mark socket-layer filter set deltas as committed.
892 *
893 * Caller is expected to be holding imo_lock.
894 */
895 static void
imf_commit(struct in_mfilter * imf)896 imf_commit(struct in_mfilter *imf)
897 {
898 struct ip_msource *ims;
899 struct in_msource *lims;
900
901 RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
902 lims = (struct in_msource *)ims;
903 lims->imsl_st[0] = lims->imsl_st[1];
904 }
905 imf->imf_st[0] = imf->imf_st[1];
906 }
907
908 /*
909 * Reap unreferenced sources from socket-layer filter set.
910 *
911 * Caller is expected to be holding imo_lock.
912 */
913 static void
imf_reap(struct in_mfilter * imf)914 imf_reap(struct in_mfilter *imf)
915 {
916 struct ip_msource *ims, *tims;
917 struct in_msource *lims;
918
919 RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
920 lims = (struct in_msource *)ims;
921 if ((lims->imsl_st[0] == MCAST_UNDEFINED) &&
922 (lims->imsl_st[1] == MCAST_UNDEFINED)) {
923 IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
924 (uint64_t)VM_KERNEL_ADDRPERM(lims)));
925 RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
926 inms_free(lims);
927 imf->imf_nsrc--;
928 }
929 }
930 }
931
932 /*
933 * Purge socket-layer filter set.
934 *
935 * Caller is expected to be holding imo_lock.
936 */
937 void
imf_purge(struct in_mfilter * imf)938 imf_purge(struct in_mfilter *imf)
939 {
940 struct ip_msource *ims, *tims;
941 struct in_msource *lims;
942
943 RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
944 lims = (struct in_msource *)ims;
945 IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
946 (uint64_t)VM_KERNEL_ADDRPERM(lims)));
947 RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
948 inms_free(lims);
949 imf->imf_nsrc--;
950 }
951 imf->imf_st[0] = imf->imf_st[1] = MCAST_UNDEFINED;
952 VERIFY(RB_EMPTY(&imf->imf_sources));
953 }
954
955 /*
956 * Look up a source filter entry for a multicast group.
957 *
958 * inm is the group descriptor to work with.
959 * haddr is the host-byte-order IPv4 address to look up.
960 * noalloc may be non-zero to suppress allocation of sources.
961 * *pims will be set to the address of the retrieved or allocated source.
962 *
963 * Return 0 if successful, otherwise return a non-zero error code.
964 */
965 static int
inm_get_source(struct in_multi * inm,const in_addr_t haddr,const int noalloc,struct ip_msource ** pims)966 inm_get_source(struct in_multi *inm, const in_addr_t haddr,
967 const int noalloc, struct ip_msource **pims)
968 {
969 struct ip_msource find;
970 struct ip_msource *ims, *nims;
971 #ifdef IGMP_DEBUG
972 struct in_addr ia;
973 char buf[MAX_IPv4_STR_LEN];
974 #endif
975 INM_LOCK_ASSERT_HELD(inm);
976
977 find.ims_haddr = haddr;
978 ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
979 if (ims == NULL && !noalloc) {
980 if (inm->inm_nsrc == in_mcast_maxgrpsrc) {
981 return ENOSPC;
982 }
983 nims = ipms_alloc(Z_WAITOK);
984 nims->ims_haddr = haddr;
985 RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
986 ++inm->inm_nsrc;
987 ims = nims;
988 #ifdef IGMP_DEBUG
989 ia.s_addr = htonl(haddr);
990 inet_ntop(AF_INET, &ia, buf, sizeof(buf));
991 IGMP_PRINTF(("%s: allocated %s as 0x%llx\n", __func__,
992 buf, (uint64_t)VM_KERNEL_ADDRPERM(ims)));
993 #endif
994 }
995
996 *pims = ims;
997 return 0;
998 }
999
1000 /*
1001 * Helper function to derive the filter mode on a source entry
1002 * from its internal counters. Predicates are:
1003 * A source is only excluded if all listeners exclude it.
1004 * A source is only included if no listeners exclude it,
1005 * and at least one listener includes it.
1006 * May be used by ifmcstat(8).
1007 */
1008 uint8_t
ims_get_mode(const struct in_multi * inm,const struct ip_msource * ims,uint8_t t)1009 ims_get_mode(const struct in_multi *inm, const struct ip_msource *ims,
1010 uint8_t t)
1011 {
1012 INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
1013
1014 t = !!t;
1015 if (inm->inm_st[t].iss_ex > 0 &&
1016 inm->inm_st[t].iss_ex == ims->ims_st[t].ex) {
1017 return MCAST_EXCLUDE;
1018 } else if (ims->ims_st[t].in > 0 && ims->ims_st[t].ex == 0) {
1019 return MCAST_INCLUDE;
1020 }
1021 return MCAST_UNDEFINED;
1022 }
1023
1024 /*
1025 * Merge socket-layer source into IGMP-layer source.
1026 * If rollback is non-zero, perform the inverse of the merge.
1027 */
1028 static void
ims_merge(struct ip_msource * ims,const struct in_msource * lims,const int rollback)1029 ims_merge(struct ip_msource *ims, const struct in_msource *lims,
1030 const int rollback)
1031 {
1032 int n = rollback ? -1 : 1;
1033 #ifdef IGMP_DEBUG
1034 struct in_addr ia;
1035
1036 ia.s_addr = htonl(ims->ims_haddr);
1037 #endif
1038
1039 if (lims->imsl_st[0] == MCAST_EXCLUDE) {
1040 IGMP_INET_PRINTF(ia,
1041 ("%s: t1 ex -= %d on %s\n",
1042 __func__, n, _igmp_inet_buf));
1043 ims->ims_st[1].ex -= n;
1044 } else if (lims->imsl_st[0] == MCAST_INCLUDE) {
1045 IGMP_INET_PRINTF(ia,
1046 ("%s: t1 in -= %d on %s\n",
1047 __func__, n, _igmp_inet_buf));
1048 ims->ims_st[1].in -= n;
1049 }
1050
1051 if (lims->imsl_st[1] == MCAST_EXCLUDE) {
1052 IGMP_INET_PRINTF(ia,
1053 ("%s: t1 ex += %d on %s\n",
1054 __func__, n, _igmp_inet_buf));
1055 ims->ims_st[1].ex += n;
1056 } else if (lims->imsl_st[1] == MCAST_INCLUDE) {
1057 IGMP_INET_PRINTF(ia,
1058 ("%s: t1 in += %d on %s\n",
1059 __func__, n, _igmp_inet_buf));
1060 ims->ims_st[1].in += n;
1061 }
1062 }
1063
1064 /*
1065 * Atomically update the global in_multi state, when a membership's
1066 * filter list is being updated in any way.
1067 *
1068 * imf is the per-inpcb-membership group filter pointer.
1069 * A fake imf may be passed for in-kernel consumers.
1070 *
1071 * XXX This is a candidate for a set-symmetric-difference style loop
1072 * which would eliminate the repeated lookup from root of ims nodes,
1073 * as they share the same key space.
1074 *
1075 * If any error occurred this function will back out of refcounts
1076 * and return a non-zero value.
1077 */
1078 static int
inm_merge(struct in_multi * inm,struct in_mfilter * imf)1079 inm_merge(struct in_multi *inm, /*const*/ struct in_mfilter *imf)
1080 {
1081 struct ip_msource *ims, *__single nims = NULL;
1082 struct in_msource *lims;
1083 int schanged, error;
1084 int nsrc0, nsrc1;
1085
1086 INM_LOCK_ASSERT_HELD(inm);
1087
1088 schanged = 0;
1089 error = 0;
1090 nsrc1 = nsrc0 = 0;
1091
1092 /*
1093 * Update the source filters first, as this may fail.
1094 * Maintain count of in-mode filters at t0, t1. These are
1095 * used to work out if we transition into ASM mode or not.
1096 * Maintain a count of source filters whose state was
1097 * actually modified by this operation.
1098 */
1099 RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1100 lims = (struct in_msource *)ims;
1101 if (lims->imsl_st[0] == imf->imf_st[0]) {
1102 nsrc0++;
1103 }
1104 if (lims->imsl_st[1] == imf->imf_st[1]) {
1105 nsrc1++;
1106 }
1107 if (lims->imsl_st[0] == lims->imsl_st[1]) {
1108 continue;
1109 }
1110 error = inm_get_source(inm, lims->ims_haddr, 0, &nims);
1111 ++schanged;
1112 if (error) {
1113 break;
1114 }
1115 ims_merge(nims, lims, 0);
1116 }
1117 if (error) {
1118 struct ip_msource *__single bims;
1119
1120 RB_FOREACH_REVERSE_FROM(ims, ip_msource_tree, nims) {
1121 lims = (struct in_msource *)ims;
1122 if (lims->imsl_st[0] == lims->imsl_st[1]) {
1123 continue;
1124 }
1125 (void) inm_get_source(inm, lims->ims_haddr, 1, &bims);
1126 if (bims == NULL) {
1127 continue;
1128 }
1129 ims_merge(bims, lims, 1);
1130 }
1131 goto out_reap;
1132 }
1133
1134 IGMP_PRINTF(("%s: imf filters in-mode: %d at t0, %d at t1\n",
1135 __func__, nsrc0, nsrc1));
1136
1137 /* Handle transition between INCLUDE {n} and INCLUDE {} on socket. */
1138 if (imf->imf_st[0] == imf->imf_st[1] &&
1139 imf->imf_st[1] == MCAST_INCLUDE) {
1140 if (nsrc1 == 0) {
1141 IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1142 --inm->inm_st[1].iss_in;
1143 }
1144 }
1145
1146 /* Handle filter mode transition on socket. */
1147 if (imf->imf_st[0] != imf->imf_st[1]) {
1148 IGMP_PRINTF(("%s: imf transition %d to %d\n",
1149 __func__, imf->imf_st[0], imf->imf_st[1]));
1150
1151 if (imf->imf_st[0] == MCAST_EXCLUDE) {
1152 IGMP_PRINTF(("%s: --ex on inm at t1\n", __func__));
1153 --inm->inm_st[1].iss_ex;
1154 } else if (imf->imf_st[0] == MCAST_INCLUDE) {
1155 IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1156 --inm->inm_st[1].iss_in;
1157 }
1158
1159 if (imf->imf_st[1] == MCAST_EXCLUDE) {
1160 IGMP_PRINTF(("%s: ex++ on inm at t1\n", __func__));
1161 inm->inm_st[1].iss_ex++;
1162 } else if (imf->imf_st[1] == MCAST_INCLUDE && nsrc1 > 0) {
1163 IGMP_PRINTF(("%s: in++ on inm at t1\n", __func__));
1164 inm->inm_st[1].iss_in++;
1165 }
1166 }
1167
1168 /*
1169 * Track inm filter state in terms of listener counts.
1170 * If there are any exclusive listeners, stack-wide
1171 * membership is exclusive.
1172 * Otherwise, if only inclusive listeners, stack-wide is inclusive.
1173 * If no listeners remain, state is undefined at t1,
1174 * and the IGMP lifecycle for this group should finish.
1175 */
1176 if (inm->inm_st[1].iss_ex > 0) {
1177 IGMP_PRINTF(("%s: transition to EX\n", __func__));
1178 inm->inm_st[1].iss_fmode = MCAST_EXCLUDE;
1179 } else if (inm->inm_st[1].iss_in > 0) {
1180 IGMP_PRINTF(("%s: transition to IN\n", __func__));
1181 inm->inm_st[1].iss_fmode = MCAST_INCLUDE;
1182 } else {
1183 IGMP_PRINTF(("%s: transition to UNDEF\n", __func__));
1184 inm->inm_st[1].iss_fmode = MCAST_UNDEFINED;
1185 }
1186
1187 /* Decrement ASM listener count on transition out of ASM mode. */
1188 if (imf->imf_st[0] == MCAST_EXCLUDE && nsrc0 == 0) {
1189 if ((imf->imf_st[1] != MCAST_EXCLUDE) ||
1190 (imf->imf_st[1] == MCAST_EXCLUDE && nsrc1 > 0)) {
1191 IGMP_PRINTF(("%s: --asm on inm at t1\n", __func__));
1192 --inm->inm_st[1].iss_asm;
1193 }
1194 }
1195
1196 /* Increment ASM listener count on transition to ASM mode. */
1197 if (imf->imf_st[1] == MCAST_EXCLUDE && nsrc1 == 0) {
1198 IGMP_PRINTF(("%s: asm++ on inm at t1\n", __func__));
1199 inm->inm_st[1].iss_asm++;
1200 }
1201
1202 IGMP_PRINTF(("%s: merged imf 0x%llx to inm 0x%llx\n", __func__,
1203 (uint64_t)VM_KERNEL_ADDRPERM(imf),
1204 (uint64_t)VM_KERNEL_ADDRPERM(inm)));
1205 inm_print(inm);
1206
1207 out_reap:
1208 if (schanged > 0) {
1209 IGMP_PRINTF(("%s: sources changed; reaping\n", __func__));
1210 inm_reap(inm);
1211 }
1212 return error;
1213 }
1214
1215 /*
1216 * Mark an in_multi's filter set deltas as committed.
1217 * Called by IGMP after a state change has been enqueued.
1218 */
1219 void
inm_commit(struct in_multi * inm)1220 inm_commit(struct in_multi *inm)
1221 {
1222 struct ip_msource *ims;
1223
1224 INM_LOCK_ASSERT_HELD(inm);
1225
1226 IGMP_PRINTF(("%s: commit inm 0x%llx\n", __func__,
1227 (uint64_t)VM_KERNEL_ADDRPERM(inm)));
1228 IGMP_PRINTF(("%s: pre commit:\n", __func__));
1229 inm_print(inm);
1230
1231 RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
1232 ims->ims_st[0] = ims->ims_st[1];
1233 }
1234 inm->inm_st[0] = inm->inm_st[1];
1235 }
1236
1237 /*
1238 * Reap unreferenced nodes from an in_multi's filter set.
1239 */
1240 static void
inm_reap(struct in_multi * inm)1241 inm_reap(struct in_multi *inm)
1242 {
1243 struct ip_msource *ims, *tims;
1244
1245 INM_LOCK_ASSERT_HELD(inm);
1246
1247 RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1248 if (ims->ims_st[0].ex > 0 || ims->ims_st[0].in > 0 ||
1249 ims->ims_st[1].ex > 0 || ims->ims_st[1].in > 0 ||
1250 ims->ims_stp != 0) {
1251 continue;
1252 }
1253 IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1254 (uint64_t)VM_KERNEL_ADDRPERM(ims)));
1255 RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1256 ipms_free(ims);
1257 inm->inm_nsrc--;
1258 }
1259 }
1260
1261 /*
1262 * Purge all source nodes from an in_multi's filter set.
1263 */
1264 void
inm_purge(struct in_multi * inm)1265 inm_purge(struct in_multi *inm)
1266 {
1267 struct ip_msource *ims, *tims;
1268
1269 INM_LOCK_ASSERT_HELD(inm);
1270
1271 RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1272 IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1273 (uint64_t)VM_KERNEL_ADDRPERM(ims)));
1274 RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1275 ipms_free(ims);
1276 inm->inm_nsrc--;
1277 }
1278 }
1279
1280 /*
1281 * Join a multicast group; real entry point.
1282 *
1283 * Only preserves atomicity at inm level.
1284 * NOTE: imf argument cannot be const due to sys/tree.h limitations.
1285 *
1286 * If the IGMP downcall fails, the group is not joined, and an error
1287 * code is returned.
1288 */
1289 static int
in_joingroup(struct ifnet * ifp,const struct in_addr * gina,struct in_mfilter * imf,struct in_multi ** pinm)1290 in_joingroup(struct ifnet *ifp, const struct in_addr *gina,
1291 /*const*/ struct in_mfilter *imf, struct in_multi **pinm)
1292 {
1293 struct in_mfilter timf;
1294 struct in_multi *__single inm = NULL;
1295 int error = 0;
1296 struct igmp_tparams itp;
1297
1298 IGMP_INET_PRINTF(*gina, ("%s: join %s on 0x%llx(%s))\n", __func__,
1299 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1300
1301 bzero(&itp, sizeof(itp));
1302 *pinm = NULL;
1303
1304 /*
1305 * If no imf was specified (i.e. kernel consumer),
1306 * fake one up and assume it is an ASM join.
1307 */
1308 if (imf == NULL) {
1309 imf_init(&timf, MCAST_UNDEFINED, MCAST_EXCLUDE);
1310 imf = &timf;
1311 }
1312
1313 error = in_getmulti(ifp, gina, &inm);
1314 if (error) {
1315 IGMP_PRINTF(("%s: in_getmulti() failure\n", __func__));
1316 return error;
1317 }
1318
1319 IGMP_PRINTF(("%s: merge inm state\n", __func__));
1320
1321 INM_LOCK(inm);
1322 error = inm_merge(inm, imf);
1323 if (error) {
1324 IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1325 goto out_inm_release;
1326 }
1327
1328 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1329 error = igmp_change_state(inm, &itp);
1330 if (error) {
1331 IGMP_PRINTF(("%s: failed to update source\n", __func__));
1332 imf_rollback(imf);
1333 goto out_inm_release;
1334 }
1335
1336 out_inm_release:
1337 if (error) {
1338 IGMP_PRINTF(("%s: dropping ref on 0x%llx\n", __func__,
1339 (uint64_t)VM_KERNEL_ADDRPERM(inm)));
1340 INM_UNLOCK(inm);
1341 INM_REMREF(inm);
1342 } else {
1343 INM_UNLOCK(inm);
1344 *pinm = inm; /* keep refcount from in_getmulti() */
1345 }
1346
1347 /* schedule timer now that we've dropped the lock(s) */
1348 igmp_set_fast_timeout(&itp);
1349
1350 return error;
1351 }
1352
1353 /*
1354 * Leave a multicast group; real entry point.
1355 * All source filters will be expunged.
1356 *
1357 * Only preserves atomicity at inm level.
1358 *
1359 * Note: This is not the same as inm_release(*) as this function also
1360 * makes a state change downcall into IGMP.
1361 */
1362 int
in_leavegroup(struct in_multi * inm,struct in_mfilter * imf)1363 in_leavegroup(struct in_multi *inm, /*const*/ struct in_mfilter *imf)
1364 {
1365 struct in_mfilter timf;
1366 int error, lastref;
1367 struct igmp_tparams itp;
1368
1369 bzero(&itp, sizeof(itp));
1370 error = 0;
1371
1372 INM_LOCK_ASSERT_NOTHELD(inm);
1373
1374 in_multihead_lock_exclusive();
1375 INM_LOCK(inm);
1376
1377 IGMP_INET_PRINTF(inm->inm_addr,
1378 ("%s: leave inm 0x%llx, %s/%s%d, imf 0x%llx\n", __func__,
1379 (uint64_t)VM_KERNEL_ADDRPERM(inm), _igmp_inet_buf,
1380 (inm_is_ifp_detached(inm) ? "null" : inm->inm_ifp->if_name),
1381 inm->inm_ifp->if_unit, (uint64_t)VM_KERNEL_ADDRPERM(imf)));
1382
1383 /*
1384 * If no imf was specified (i.e. kernel consumer),
1385 * fake one up and assume it is an ASM join.
1386 */
1387 if (imf == NULL) {
1388 imf_init(&timf, MCAST_EXCLUDE, MCAST_UNDEFINED);
1389 imf = &timf;
1390 }
1391
1392 /*
1393 * Begin state merge transaction at IGMP layer.
1394 *
1395 * As this particular invocation should not cause any memory
1396 * to be allocated, and there is no opportunity to roll back
1397 * the transaction, it MUST NOT fail.
1398 */
1399 IGMP_PRINTF(("%s: merge inm state\n", __func__));
1400
1401 error = inm_merge(inm, imf);
1402 KASSERT(error == 0, ("%s: failed to merge inm state\n", __func__));
1403
1404 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1405 error = igmp_change_state(inm, &itp);
1406 #if IGMP_DEBUG
1407 if (error) {
1408 IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1409 }
1410 #endif
1411 lastref = in_multi_detach(inm);
1412 VERIFY(!lastref || (!(inm->inm_debug & IFD_ATTACHED) &&
1413 inm->inm_reqcnt == 0));
1414 INM_UNLOCK(inm);
1415 in_multihead_lock_done();
1416
1417 if (lastref) {
1418 INM_REMREF(inm); /* for in_multihead list */
1419 }
1420 /* schedule timer now that we've dropped the lock(s) */
1421 igmp_set_fast_timeout(&itp);
1422
1423 return error;
1424 }
1425
1426 /*
1427 * Join an IPv4 multicast group in (*,G) exclusive mode.
1428 * The group must be a 224.0.0.0/24 link-scope group.
1429 * This KPI is for legacy kernel consumers only.
1430 */
1431 struct in_multi *
in_addmulti(struct in_addr * ap,struct ifnet * ifp)1432 in_addmulti(struct in_addr *ap, struct ifnet *ifp)
1433 {
1434 struct in_multi *__single pinm = NULL;
1435 int error;
1436
1437 KASSERT(IN_LOCAL_GROUP(ntohl(ap->s_addr)),
1438 ("%s: %s not in 224.0.0.0/24\n", __func__, inet_ntoa(*ap)));
1439
1440 error = in_joingroup(ifp, ap, NULL, &pinm);
1441 VERIFY(pinm != NULL || error != 0);
1442
1443 return pinm;
1444 }
1445
1446 /*
1447 * Leave an IPv4 multicast group, assumed to be in exclusive (*,G) mode.
1448 * This KPI is for legacy kernel consumers only.
1449 */
1450 void
in_delmulti(struct in_multi * inm)1451 in_delmulti(struct in_multi *inm)
1452 {
1453 (void) in_leavegroup(inm, NULL);
1454 }
1455
1456 /*
1457 * Block or unblock an ASM multicast source on an inpcb.
1458 * This implements the delta-based API described in RFC 3678.
1459 *
1460 * The delta-based API applies only to exclusive-mode memberships.
1461 * An IGMP downcall will be performed.
1462 *
1463 * Return 0 if successful, otherwise return an appropriate error code.
1464 */
1465 static int
inp_block_unblock_source(struct inpcb * inp,struct sockopt * sopt)1466 inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt)
1467 {
1468 struct group_source_req gsr;
1469 struct sockaddr_in *gsa, *ssa;
1470 struct ifnet *ifp;
1471 struct in_mfilter *imf;
1472 struct ip_moptions *imo;
1473 struct in_msource *ims;
1474 struct in_multi *inm;
1475 size_t idx;
1476 uint8_t fmode;
1477 int error, doblock;
1478 unsigned int ifindex = 0;
1479 struct igmp_tparams itp;
1480
1481 bzero(&itp, sizeof(itp));
1482 ifp = NULL;
1483 error = 0;
1484 doblock = 0;
1485
1486 memset(&gsr, 0, sizeof(struct group_source_req));
1487 gsa = SIN(&gsr.gsr_group);
1488 ssa = SIN(&gsr.gsr_source);
1489
1490 switch (sopt->sopt_name) {
1491 case IP_BLOCK_SOURCE:
1492 case IP_UNBLOCK_SOURCE: {
1493 struct ip_mreq_source mreqs;
1494
1495 error = sooptcopyin(sopt, &mreqs,
1496 sizeof(struct ip_mreq_source),
1497 sizeof(struct ip_mreq_source));
1498 if (error) {
1499 return error;
1500 }
1501
1502 gsa->sin_family = AF_INET;
1503 gsa->sin_len = sizeof(struct sockaddr_in);
1504 gsa->sin_addr = mreqs.imr_multiaddr;
1505
1506 ssa->sin_family = AF_INET;
1507 ssa->sin_len = sizeof(struct sockaddr_in);
1508 ssa->sin_addr = mreqs.imr_sourceaddr;
1509
1510 if (!in_nullhost(mreqs.imr_interface)) {
1511 ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
1512 }
1513
1514 if (sopt->sopt_name == IP_BLOCK_SOURCE) {
1515 doblock = 1;
1516 }
1517
1518 IGMP_INET_PRINTF(mreqs.imr_interface,
1519 ("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
1520 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
1521 break;
1522 }
1523
1524 case MCAST_BLOCK_SOURCE:
1525 case MCAST_UNBLOCK_SOURCE:
1526 error = sooptcopyin(sopt, &gsr,
1527 sizeof(struct group_source_req),
1528 sizeof(struct group_source_req));
1529 if (error) {
1530 return error;
1531 }
1532
1533 if (gsa->sin_family != AF_INET ||
1534 gsa->sin_len != sizeof(struct sockaddr_in)) {
1535 return EINVAL;
1536 }
1537
1538 if (ssa->sin_family != AF_INET ||
1539 ssa->sin_len != sizeof(struct sockaddr_in)) {
1540 return EINVAL;
1541 }
1542
1543 ifnet_head_lock_shared();
1544 if (gsr.gsr_interface == 0 || !IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
1545 ifnet_head_done();
1546 return EADDRNOTAVAIL;
1547 }
1548
1549 ifp = ifindex2ifnet[gsr.gsr_interface];
1550 ifnet_head_done();
1551
1552 if (ifp == NULL) {
1553 return EADDRNOTAVAIL;
1554 }
1555
1556 if (sopt->sopt_name == MCAST_BLOCK_SOURCE) {
1557 doblock = 1;
1558 }
1559 break;
1560
1561 default:
1562 IGMP_PRINTF(("%s: unknown sopt_name %d\n",
1563 __func__, sopt->sopt_name));
1564 return EOPNOTSUPP;
1565 }
1566
1567 if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
1568 return EINVAL;
1569 }
1570
1571 /*
1572 * Check if we are actually a member of this group.
1573 */
1574 imo = inp_findmoptions(inp);
1575 if (imo == NULL) {
1576 return ENOMEM;
1577 }
1578
1579 IMO_LOCK(imo);
1580 idx = imo_match_group(imo, ifp, gsa);
1581 if (idx == (size_t)-1 || imo->imo_mfilters == NULL) {
1582 error = EADDRNOTAVAIL;
1583 goto out_imo_locked;
1584 }
1585
1586 VERIFY(imo->imo_mfilters != NULL);
1587 imf = &imo->imo_mfilters[idx];
1588 inm = imo->imo_membership[idx];
1589
1590 /*
1591 * Attempting to use the delta-based API on an
1592 * non exclusive-mode membership is an error.
1593 */
1594 fmode = imf->imf_st[0];
1595 if (fmode != MCAST_EXCLUDE) {
1596 error = EINVAL;
1597 goto out_imo_locked;
1598 }
1599
1600 /*
1601 * Deal with error cases up-front:
1602 * Asked to block, but already blocked; or
1603 * Asked to unblock, but nothing to unblock.
1604 * If adding a new block entry, allocate it.
1605 */
1606 ims = imo_match_source(imo, idx, ssa);
1607 if ((ims != NULL && doblock) || (ims == NULL && !doblock)) {
1608 IGMP_INET_PRINTF(ssa->sin_addr,
1609 ("%s: source %s %spresent\n", __func__,
1610 _igmp_inet_buf, doblock ? "" : "not "));
1611 error = EADDRNOTAVAIL;
1612 goto out_imo_locked;
1613 }
1614
1615 /*
1616 * Begin state merge transaction at socket layer.
1617 */
1618 if (doblock) {
1619 IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
1620 ims = imf_graft(imf, fmode, ssa);
1621 if (ims == NULL) {
1622 error = ENOMEM;
1623 }
1624 } else {
1625 IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
1626 error = imf_prune(imf, ssa);
1627 }
1628
1629 if (error) {
1630 IGMP_PRINTF(("%s: merge imf state failed\n", __func__));
1631 goto out_imf_rollback;
1632 }
1633
1634 /*
1635 * Begin state merge transaction at IGMP layer.
1636 */
1637 INM_LOCK(inm);
1638 IGMP_PRINTF(("%s: merge inm state\n", __func__));
1639 error = inm_merge(inm, imf);
1640 if (error) {
1641 IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1642 INM_UNLOCK(inm);
1643 goto out_imf_rollback;
1644 }
1645
1646 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1647 error = igmp_change_state(inm, &itp);
1648 INM_UNLOCK(inm);
1649 #if IGMP_DEBUG
1650 if (error) {
1651 IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1652 }
1653 #endif
1654
1655 out_imf_rollback:
1656 if (error) {
1657 imf_rollback(imf);
1658 } else {
1659 imf_commit(imf);
1660 }
1661
1662 imf_reap(imf);
1663
1664 out_imo_locked:
1665 IMO_UNLOCK(imo);
1666 IMO_REMREF(imo); /* from inp_findmoptions() */
1667
1668 /* schedule timer now that we've dropped the lock(s) */
1669 igmp_set_fast_timeout(&itp);
1670
1671 return error;
1672 }
1673
1674 /*
1675 * Given an inpcb, return its multicast options structure pointer.
1676 *
1677 * Caller is responsible for locking the inpcb, and releasing the
1678 * extra reference held on the imo, upon a successful return.
1679 */
1680 static struct ip_moptions *
inp_findmoptions(struct inpcb * inp)1681 inp_findmoptions(struct inpcb *inp)
1682 {
1683 struct ip_moptions *imo;
1684 struct in_multi **immp;
1685 struct in_mfilter *imfp;
1686 size_t idx;
1687
1688 if ((imo = inp->inp_moptions) != NULL) {
1689 IMO_ADDREF(imo); /* for caller */
1690 return imo;
1691 }
1692
1693 imo = ip_allocmoptions(Z_WAITOK);
1694 if (imo == NULL) {
1695 return NULL;
1696 }
1697
1698 immp = kalloc_type(struct in_multi *, IP_MIN_MEMBERSHIPS,
1699 Z_WAITOK | Z_ZERO | Z_NOFAIL);
1700 imfp = kalloc_type(struct in_mfilter, IP_MIN_MEMBERSHIPS,
1701 Z_WAITOK | Z_ZERO | Z_NOFAIL);
1702
1703 imo->imo_multicast_ifp = NULL;
1704 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1705 imo->imo_multicast_vif = -1;
1706 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1707 imo->imo_multicast_loop = !!in_mcast_loop;
1708 imo->imo_num_memberships = 0;
1709 imo->imo_max_memberships = IP_MIN_MEMBERSHIPS;
1710 imo->imo_membership = immp;
1711 imo->imo_mfilters = imfp;
1712
1713 /* Initialize per-group source filters. */
1714 for (idx = 0; idx < IP_MIN_MEMBERSHIPS; idx++) {
1715 imf_init(&imfp[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
1716 }
1717
1718 inp->inp_moptions = imo; /* keep reference from ip_allocmoptions() */
1719 IMO_ADDREF(imo); /* for caller */
1720
1721 return imo;
1722 }
1723 /*
1724 * Atomically get source filters on a socket for an IPv4 multicast group.
1725 */
1726 static int
inp_get_source_filters(struct inpcb * inp,struct sockopt * sopt)1727 inp_get_source_filters(struct inpcb *inp, struct sockopt *sopt)
1728 {
1729 struct __msfilterreq64 msfr = {}, msfr64;
1730 struct __msfilterreq32 msfr32;
1731 struct sockaddr_in *gsa;
1732 struct ifnet *ifp;
1733 struct ip_moptions *imo;
1734 struct in_mfilter *imf;
1735 struct ip_msource *ims;
1736 struct in_msource *lims;
1737 struct sockaddr_in *psin;
1738 struct sockaddr_storage *ptss;
1739 struct sockaddr_storage *tss;
1740 int error;
1741 size_t idx;
1742 uint32_t nsrcs, ncsrcs;
1743 user_addr_t tmp_ptr;
1744
1745 imo = inp->inp_moptions;
1746 VERIFY(imo != NULL);
1747
1748 int is_64bit_proc = IS_64BIT_PROCESS(current_proc());
1749
1750 if (is_64bit_proc) {
1751 error = sooptcopyin(sopt, &msfr64,
1752 sizeof(struct __msfilterreq64),
1753 sizeof(struct __msfilterreq64));
1754 if (error) {
1755 return error;
1756 }
1757 /* we never use msfr.msfr_srcs; */
1758 memcpy(&msfr, &msfr64, sizeof(msfr64));
1759 } else {
1760 error = sooptcopyin(sopt, &msfr32,
1761 sizeof(struct __msfilterreq32),
1762 sizeof(struct __msfilterreq32));
1763 if (error) {
1764 return error;
1765 }
1766 /* we never use msfr.msfr_srcs; */
1767 memcpy(&msfr, &msfr32, sizeof(msfr32));
1768 }
1769
1770 ifnet_head_lock_shared();
1771 if (msfr.msfr_ifindex == 0 || !IF_INDEX_IN_RANGE(msfr.msfr_ifindex)) {
1772 ifnet_head_done();
1773 return EADDRNOTAVAIL;
1774 }
1775
1776 ifp = ifindex2ifnet[msfr.msfr_ifindex];
1777 ifnet_head_done();
1778
1779 if (ifp == NULL) {
1780 return EADDRNOTAVAIL;
1781 }
1782
1783 if ((size_t) msfr.msfr_nsrcs >
1784 UINT32_MAX / sizeof(struct sockaddr_storage)) {
1785 msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
1786 }
1787
1788 if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) {
1789 msfr.msfr_nsrcs = in_mcast_maxsocksrc;
1790 }
1791
1792 IMO_LOCK(imo);
1793 /*
1794 * Lookup group on the socket.
1795 */
1796 gsa = SIN(&msfr.msfr_group);
1797
1798 idx = imo_match_group(imo, ifp, gsa);
1799 if (idx == (size_t)-1 || imo->imo_mfilters == NULL) {
1800 IMO_UNLOCK(imo);
1801 return EADDRNOTAVAIL;
1802 }
1803 imf = &imo->imo_mfilters[idx];
1804
1805 /*
1806 * Ignore memberships which are in limbo.
1807 */
1808 if (imf->imf_st[1] == MCAST_UNDEFINED) {
1809 IMO_UNLOCK(imo);
1810 return EAGAIN;
1811 }
1812 msfr.msfr_fmode = imf->imf_st[1];
1813
1814 /*
1815 * If the user specified a buffer, copy out the source filter
1816 * entries to userland gracefully.
1817 * We only copy out the number of entries which userland
1818 * has asked for, but we always tell userland how big the
1819 * buffer really needs to be.
1820 */
1821
1822 if (is_64bit_proc) {
1823 tmp_ptr = CAST_USER_ADDR_T(msfr64.msfr_srcs);
1824 } else {
1825 tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
1826 }
1827
1828 tss = NULL;
1829 if (tmp_ptr != USER_ADDR_NULL && msfr.msfr_nsrcs > 0) {
1830 tss = kalloc_data((size_t)msfr.msfr_nsrcs * sizeof(*tss),
1831 Z_WAITOK | Z_ZERO);
1832 if (tss == NULL) {
1833 IMO_UNLOCK(imo);
1834 return ENOBUFS;
1835 }
1836 }
1837
1838 /*
1839 * Count number of sources in-mode at t0.
1840 * If buffer space exists and remains, copy out source entries.
1841 */
1842 nsrcs = msfr.msfr_nsrcs;
1843 ncsrcs = 0;
1844 ptss = tss;
1845 RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1846 lims = (struct in_msource *)ims;
1847 if (lims->imsl_st[0] == MCAST_UNDEFINED ||
1848 lims->imsl_st[0] != imf->imf_st[0]) {
1849 continue;
1850 }
1851 if (tss != NULL && nsrcs > 0) {
1852 psin = SIN(ptss);
1853 psin->sin_family = AF_INET;
1854 psin->sin_len = sizeof(struct sockaddr_in);
1855 psin->sin_addr.s_addr = htonl(lims->ims_haddr);
1856 psin->sin_port = 0;
1857 ++ptss;
1858 --nsrcs;
1859 ++ncsrcs;
1860 }
1861 }
1862
1863 IMO_UNLOCK(imo);
1864
1865 if (tss != NULL) {
1866 error = copyout(tss, CAST_USER_ADDR_T(tmp_ptr), ncsrcs * sizeof(*tss));
1867 kfree_data(tss, (size_t)msfr.msfr_nsrcs * sizeof(*tss));
1868 if (error) {
1869 return error;
1870 }
1871 }
1872
1873 msfr.msfr_nsrcs = ncsrcs;
1874 if (is_64bit_proc) {
1875 msfr64.msfr_ifindex = msfr.msfr_ifindex;
1876 msfr64.msfr_fmode = msfr.msfr_fmode;
1877 msfr64.msfr_nsrcs = msfr.msfr_nsrcs;
1878 memcpy(&msfr64.msfr_group, &msfr.msfr_group,
1879 sizeof(struct sockaddr_storage));
1880 error = sooptcopyout(sopt, &msfr64,
1881 sizeof(struct __msfilterreq64));
1882 } else {
1883 msfr32.msfr_ifindex = msfr.msfr_ifindex;
1884 msfr32.msfr_fmode = msfr.msfr_fmode;
1885 msfr32.msfr_nsrcs = msfr.msfr_nsrcs;
1886 memcpy(&msfr32.msfr_group, &msfr.msfr_group,
1887 sizeof(struct sockaddr_storage));
1888 error = sooptcopyout(sopt, &msfr32,
1889 sizeof(struct __msfilterreq32));
1890 }
1891
1892 return error;
1893 }
1894
1895 /*
1896 * Return the IP multicast options in response to user getsockopt().
1897 */
1898 int
inp_getmoptions(struct inpcb * inp,struct sockopt * sopt)1899 inp_getmoptions(struct inpcb *inp, struct sockopt *sopt)
1900 {
1901 struct ip_mreqn mreqn;
1902 struct ip_moptions *imo;
1903 struct ifnet *ifp;
1904 struct in_ifaddr *ia;
1905 int error, optval;
1906 unsigned int ifindex;
1907 u_char coptval;
1908
1909 imo = inp->inp_moptions;
1910 /*
1911 * If socket is neither of type SOCK_RAW or SOCK_DGRAM,
1912 * or is a divert socket, reject it.
1913 */
1914 if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT ||
1915 (SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
1916 SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM)) {
1917 return EOPNOTSUPP;
1918 }
1919
1920 error = 0;
1921 switch (sopt->sopt_name) {
1922 case IP_MULTICAST_IF:
1923 memset(&mreqn, 0, sizeof(struct ip_mreqn));
1924 if (imo != NULL) {
1925 IMO_LOCK(imo);
1926 ifp = imo->imo_multicast_ifp;
1927 if (!in_nullhost(imo->imo_multicast_addr)) {
1928 mreqn.imr_address = imo->imo_multicast_addr;
1929 } else if (ifp != NULL) {
1930 mreqn.imr_ifindex = ifp->if_index;
1931 IFP_TO_IA(ifp, ia);
1932 if (ia != NULL) {
1933 IFA_LOCK_SPIN(&ia->ia_ifa);
1934 mreqn.imr_address =
1935 IA_SIN(ia)->sin_addr;
1936 IFA_UNLOCK(&ia->ia_ifa);
1937 ifa_remref(&ia->ia_ifa);
1938 }
1939 }
1940 IMO_UNLOCK(imo);
1941 }
1942 if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
1943 error = sooptcopyout(sopt, &mreqn,
1944 sizeof(struct ip_mreqn));
1945 } else {
1946 error = sooptcopyout(sopt, &mreqn.imr_address,
1947 sizeof(struct in_addr));
1948 }
1949 break;
1950
1951 case IP_MULTICAST_IFINDEX:
1952 if (imo != NULL) {
1953 IMO_LOCK(imo);
1954 }
1955 if (imo == NULL || imo->imo_multicast_ifp == NULL) {
1956 ifindex = 0;
1957 } else {
1958 ifindex = imo->imo_multicast_ifp->if_index;
1959 }
1960 if (imo != NULL) {
1961 IMO_UNLOCK(imo);
1962 }
1963 error = sooptcopyout(sopt, &ifindex, sizeof(ifindex));
1964 break;
1965
1966 case IP_MULTICAST_TTL:
1967 if (imo == NULL) {
1968 optval = coptval = IP_DEFAULT_MULTICAST_TTL;
1969 } else {
1970 IMO_LOCK(imo);
1971 optval = coptval = imo->imo_multicast_ttl;
1972 IMO_UNLOCK(imo);
1973 }
1974 if (sopt->sopt_valsize == sizeof(u_char)) {
1975 error = sooptcopyout(sopt, &coptval, sizeof(u_char));
1976 } else {
1977 error = sooptcopyout(sopt, &optval, sizeof(int));
1978 }
1979 break;
1980
1981 case IP_MULTICAST_LOOP:
1982 if (imo == 0) {
1983 optval = coptval = IP_DEFAULT_MULTICAST_LOOP;
1984 } else {
1985 IMO_LOCK(imo);
1986 optval = coptval = imo->imo_multicast_loop;
1987 IMO_UNLOCK(imo);
1988 }
1989 if (sopt->sopt_valsize == sizeof(u_char)) {
1990 error = sooptcopyout(sopt, &coptval, sizeof(u_char));
1991 } else {
1992 error = sooptcopyout(sopt, &optval, sizeof(int));
1993 }
1994 break;
1995
1996 case IP_MSFILTER:
1997 if (imo == NULL) {
1998 error = EADDRNOTAVAIL;
1999 } else {
2000 error = inp_get_source_filters(inp, sopt);
2001 }
2002 break;
2003
2004 default:
2005 error = ENOPROTOOPT;
2006 break;
2007 }
2008
2009 return error;
2010 }
2011
2012 /*
2013 * Look up the ifnet to use for a multicast group membership,
2014 * given the IPv4 address of an interface, and the IPv4 group address.
2015 *
2016 * This routine exists to support legacy multicast applications
2017 * which do not understand that multicast memberships are scoped to
2018 * specific physical links in the networking stack, or which need
2019 * to join link-scope groups before IPv4 addresses are configured.
2020 *
2021 * If inp is non-NULL and is bound to an interface, use this socket's
2022 * inp_boundif for any required routing table lookup.
2023 *
2024 * If the route lookup fails, attempt to use the first non-loopback
2025 * interface with multicast capability in the system as a
2026 * last resort. The legacy IPv4 ASM API requires that we do
2027 * this in order to allow groups to be joined when the routing
2028 * table has not yet been populated during boot.
2029 *
2030 * Returns NULL if no ifp could be found.
2031 *
2032 */
2033 static struct ifnet *
inp_lookup_mcast_ifp(const struct inpcb * inp,const struct sockaddr_in * gsin,const struct in_addr ina)2034 inp_lookup_mcast_ifp(const struct inpcb *inp,
2035 const struct sockaddr_in *gsin, const struct in_addr ina)
2036 {
2037 struct ifnet *ifp;
2038 unsigned int ifindex = 0;
2039
2040 VERIFY(gsin->sin_family == AF_INET);
2041 VERIFY(IN_MULTICAST(ntohl(gsin->sin_addr.s_addr)));
2042
2043 ifp = NULL;
2044 if (!in_nullhost(ina)) {
2045 struct in_addr new_ina;
2046 memcpy(&new_ina, &ina, sizeof(struct in_addr));
2047 ifp = ip_multicast_if(&new_ina, &ifindex);
2048 } else {
2049 struct route ro;
2050 unsigned int ifscope = IFSCOPE_NONE;
2051
2052 if (inp != NULL && (inp->inp_flags & INP_BOUND_IF)) {
2053 ifscope = inp->inp_boundifp->if_index;
2054 }
2055
2056 bzero(&ro, sizeof(ro));
2057 memcpy(&ro.ro_dst, gsin, sizeof(struct sockaddr_in));
2058 rtalloc_scoped_ign(&ro, 0, ifscope);
2059 if (ro.ro_rt != NULL) {
2060 ifp = ro.ro_rt->rt_ifp;
2061 VERIFY(ifp != NULL);
2062 } else {
2063 struct in_ifaddr *ia;
2064 struct ifnet *mifp;
2065
2066 mifp = NULL;
2067 lck_rw_lock_shared(&in_ifaddr_rwlock);
2068 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
2069 IFA_LOCK_SPIN(&ia->ia_ifa);
2070 mifp = ia->ia_ifp;
2071 IFA_UNLOCK(&ia->ia_ifa);
2072 if (!(mifp->if_flags & IFF_LOOPBACK) &&
2073 (mifp->if_flags & IFF_MULTICAST)) {
2074 ifp = mifp;
2075 break;
2076 }
2077 }
2078 lck_rw_done(&in_ifaddr_rwlock);
2079 }
2080 ROUTE_RELEASE(&ro);
2081 }
2082
2083 return ifp;
2084 }
2085
2086 /*
2087 * Join an IPv4 multicast group, possibly with a source.
2088 *
2089 * NB: sopt->sopt_val might point to the kernel address space. This means that
2090 * we were called by the IPv6 stack due to the presence of an IPv6 v4 mapped
2091 * address. In this scenario, sopt_p points to kernproc and sooptcopyin() will
2092 * just issue an in-kernel memcpy.
2093 */
2094 int
inp_join_group(struct inpcb * inp,struct sockopt * sopt)2095 inp_join_group(struct inpcb *inp, struct sockopt *sopt)
2096 {
2097 struct group_source_req gsr;
2098 struct sockaddr_in *gsa, *ssa;
2099 struct ifnet *ifp;
2100 struct in_mfilter *imf;
2101 struct ip_moptions *imo;
2102 struct in_multi *__single inm = NULL;
2103 struct in_msource *lims;
2104 size_t idx;
2105 int error, is_new;
2106 struct igmp_tparams itp;
2107
2108 bzero(&itp, sizeof(itp));
2109 ifp = NULL;
2110 imf = NULL;
2111 error = 0;
2112 is_new = 0;
2113
2114 memset(&gsr, 0, sizeof(struct group_source_req));
2115 gsa = SIN(&gsr.gsr_group);
2116 gsa->sin_family = AF_UNSPEC;
2117 ssa = SIN(&gsr.gsr_source);
2118 ssa->sin_family = AF_UNSPEC;
2119
2120 switch (sopt->sopt_name) {
2121 case IP_ADD_MEMBERSHIP:
2122 case IP_ADD_SOURCE_MEMBERSHIP: {
2123 struct ip_mreq_source mreqs;
2124
2125 if (sopt->sopt_name == IP_ADD_MEMBERSHIP) {
2126 error = sooptcopyin(sopt, &mreqs,
2127 sizeof(struct ip_mreq),
2128 sizeof(struct ip_mreq));
2129 /*
2130 * Do argument switcharoo from ip_mreq into
2131 * ip_mreq_source to avoid using two instances.
2132 */
2133 mreqs.imr_interface = mreqs.imr_sourceaddr;
2134 mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2135 } else if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2136 error = sooptcopyin(sopt, &mreqs,
2137 sizeof(struct ip_mreq_source),
2138 sizeof(struct ip_mreq_source));
2139 }
2140 if (error) {
2141 IGMP_PRINTF(("%s: error copyin IP_ADD_MEMBERSHIP/"
2142 "IP_ADD_SOURCE_MEMBERSHIP %d err=%d\n",
2143 __func__, sopt->sopt_name, error));
2144 return error;
2145 }
2146
2147 gsa->sin_family = AF_INET;
2148 gsa->sin_len = sizeof(struct sockaddr_in);
2149 gsa->sin_addr = mreqs.imr_multiaddr;
2150
2151 if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2152 ssa->sin_family = AF_INET;
2153 ssa->sin_len = sizeof(struct sockaddr_in);
2154 ssa->sin_addr = mreqs.imr_sourceaddr;
2155 }
2156
2157 if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2158 return EINVAL;
2159 }
2160
2161 ifp = inp_lookup_mcast_ifp(inp, gsa, mreqs.imr_interface);
2162 IGMP_INET_PRINTF(mreqs.imr_interface,
2163 ("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2164 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2165 break;
2166 }
2167
2168 case MCAST_JOIN_GROUP:
2169 case MCAST_JOIN_SOURCE_GROUP:
2170 if (sopt->sopt_name == MCAST_JOIN_GROUP) {
2171 error = sooptcopyin(sopt, &gsr,
2172 sizeof(struct group_req),
2173 sizeof(struct group_req));
2174 } else if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2175 error = sooptcopyin(sopt, &gsr,
2176 sizeof(struct group_source_req),
2177 sizeof(struct group_source_req));
2178 }
2179 if (error) {
2180 return error;
2181 }
2182
2183 if (gsa->sin_family != AF_INET ||
2184 gsa->sin_len != sizeof(struct sockaddr_in)) {
2185 return EINVAL;
2186 }
2187
2188 /*
2189 * Overwrite the port field if present, as the sockaddr
2190 * being copied in may be matched with a binary comparison.
2191 */
2192 gsa->sin_port = 0;
2193 if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2194 if (ssa->sin_family != AF_INET ||
2195 ssa->sin_len != sizeof(struct sockaddr_in)) {
2196 return EINVAL;
2197 }
2198 ssa->sin_port = 0;
2199 }
2200
2201 if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2202 return EINVAL;
2203 }
2204
2205 ifnet_head_lock_shared();
2206 if (gsr.gsr_interface == 0 || !IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
2207 ifnet_head_done();
2208 return EADDRNOTAVAIL;
2209 }
2210 ifp = ifindex2ifnet[gsr.gsr_interface];
2211 ifnet_head_done();
2212 if (ifp == NULL) {
2213 return EADDRNOTAVAIL;
2214 }
2215 break;
2216
2217 default:
2218 IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2219 __func__, sopt->sopt_name));
2220 return EOPNOTSUPP;
2221 }
2222
2223 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2224 return EADDRNOTAVAIL;
2225 }
2226
2227 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_total);
2228 /*
2229 * TBD: revisit the criteria for non-OS initiated joins
2230 */
2231 if (inp->inp_lport == htons(5353)) {
2232 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_os_total);
2233 }
2234
2235 imo = inp_findmoptions(inp);
2236 if (imo == NULL) {
2237 return ENOMEM;
2238 }
2239
2240 IMO_LOCK(imo);
2241 idx = imo_match_group(imo, ifp, gsa);
2242 if (idx == (size_t)-1) {
2243 is_new = 1;
2244 } else {
2245 inm = imo->imo_membership[idx];
2246 imf = &imo->imo_mfilters[idx];
2247 if (ssa->sin_family != AF_UNSPEC) {
2248 /*
2249 * MCAST_JOIN_SOURCE_GROUP on an exclusive membership
2250 * is an error. On an existing inclusive membership,
2251 * it just adds the source to the filter list.
2252 */
2253 if (imf->imf_st[1] != MCAST_INCLUDE) {
2254 error = EINVAL;
2255 goto out_imo_locked;
2256 }
2257 /*
2258 * Throw out duplicates.
2259 *
2260 * XXX FIXME: This makes a naive assumption that
2261 * even if entries exist for *ssa in this imf,
2262 * they will be rejected as dupes, even if they
2263 * are not valid in the current mode (in-mode).
2264 *
2265 * in_msource is transactioned just as for anything
2266 * else in SSM -- but note naive use of inm_graft()
2267 * below for allocating new filter entries.
2268 *
2269 * This is only an issue if someone mixes the
2270 * full-state SSM API with the delta-based API,
2271 * which is discouraged in the relevant RFCs.
2272 */
2273 lims = imo_match_source(imo, idx, ssa);
2274 if (lims != NULL /*&&
2275 * lims->imsl_st[1] == MCAST_INCLUDE*/) {
2276 error = EADDRNOTAVAIL;
2277 goto out_imo_locked;
2278 }
2279 } else {
2280 /*
2281 * MCAST_JOIN_GROUP on an existing exclusive
2282 * membership is an error; return EADDRINUSE
2283 * to preserve 4.4BSD API idempotence, and
2284 * avoid tedious detour to code below.
2285 * NOTE: This is bending RFC 3678 a bit.
2286 *
2287 * On an existing inclusive membership, this is also
2288 * an error; if you want to change filter mode,
2289 * you must use the userland API setsourcefilter().
2290 * XXX We don't reject this for imf in UNDEFINED
2291 * state at t1, because allocation of a filter
2292 * is atomic with allocation of a membership.
2293 */
2294 error = EINVAL;
2295 /* See comments above for EADDRINUSE */
2296 if (imf->imf_st[1] == MCAST_EXCLUDE) {
2297 error = EADDRINUSE;
2298 }
2299 goto out_imo_locked;
2300 }
2301 }
2302
2303 /*
2304 * Begin state merge transaction at socket layer.
2305 */
2306
2307 if (is_new) {
2308 if (imo->imo_num_memberships == imo->imo_max_memberships) {
2309 error = imo_grow(imo, 0);
2310 if (error) {
2311 goto out_imo_locked;
2312 }
2313 }
2314 /*
2315 * Allocate the new slot upfront so we can deal with
2316 * grafting the new source filter in same code path
2317 * as for join-source on existing membership.
2318 */
2319 idx = imo->imo_num_memberships;
2320 imo->imo_membership[idx] = NULL;
2321 imo->imo_num_memberships++;
2322 VERIFY(imo->imo_mfilters != NULL);
2323 imf = &imo->imo_mfilters[idx];
2324 VERIFY(RB_EMPTY(&imf->imf_sources));
2325 }
2326
2327 /*
2328 * Graft new source into filter list for this inpcb's
2329 * membership of the group. The in_multi may not have
2330 * been allocated yet if this is a new membership, however,
2331 * the in_mfilter slot will be allocated and must be initialized.
2332 */
2333 if (ssa->sin_family != AF_UNSPEC) {
2334 /* Membership starts in IN mode */
2335 if (is_new) {
2336 IGMP_PRINTF(("%s: new join w/source\n", __func__));
2337 imf_init(imf, MCAST_UNDEFINED, MCAST_INCLUDE);
2338 } else {
2339 IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
2340 }
2341 lims = imf_graft(imf, MCAST_INCLUDE, ssa);
2342 if (lims == NULL) {
2343 IGMP_PRINTF(("%s: merge imf state failed\n",
2344 __func__));
2345 error = ENOMEM;
2346 goto out_imo_free;
2347 }
2348 } else {
2349 /* No address specified; Membership starts in EX mode */
2350 if (is_new) {
2351 IGMP_PRINTF(("%s: new join w/o source\n", __func__));
2352 imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE);
2353 }
2354 }
2355
2356 /*
2357 * Begin state merge transaction at IGMP layer.
2358 */
2359 if (is_new) {
2360 VERIFY(inm == NULL);
2361 error = in_joingroup(ifp, &gsa->sin_addr, imf, &inm);
2362
2363 VERIFY(inm != NULL || error != 0);
2364 if (error) {
2365 goto out_imo_free;
2366 }
2367 imo->imo_membership[idx] = inm; /* from in_joingroup() */
2368 } else {
2369 IGMP_PRINTF(("%s: merge inm state\n", __func__));
2370 INM_LOCK(inm);
2371 error = inm_merge(inm, imf);
2372 if (error) {
2373 IGMP_PRINTF(("%s: failed to merge inm state\n",
2374 __func__));
2375 INM_UNLOCK(inm);
2376 goto out_imf_rollback;
2377 }
2378 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2379 error = igmp_change_state(inm, &itp);
2380 INM_UNLOCK(inm);
2381 if (error) {
2382 IGMP_PRINTF(("%s: failed igmp downcall\n",
2383 __func__));
2384 goto out_imf_rollback;
2385 }
2386 }
2387
2388 out_imf_rollback:
2389 if (error) {
2390 imf_rollback(imf);
2391 if (is_new) {
2392 imf_purge(imf);
2393 } else {
2394 imf_reap(imf);
2395 }
2396 } else {
2397 imf_commit(imf);
2398 }
2399
2400 out_imo_free:
2401 if (error && is_new) {
2402 VERIFY(inm == NULL);
2403 imo->imo_membership[idx] = NULL;
2404 --imo->imo_num_memberships;
2405 }
2406
2407 out_imo_locked:
2408 IMO_UNLOCK(imo);
2409 IMO_REMREF(imo); /* from inp_findmoptions() */
2410
2411 /* schedule timer now that we've dropped the lock(s) */
2412 igmp_set_fast_timeout(&itp);
2413
2414 return error;
2415 }
2416
2417 /*
2418 * Leave an IPv4 multicast group on an inpcb, possibly with a source.
2419 *
2420 * NB: sopt->sopt_val might point to the kernel address space. Refer to the
2421 * block comment on top of inp_join_group() for more information.
2422 */
2423 int
inp_leave_group(struct inpcb * inp,struct sockopt * sopt)2424 inp_leave_group(struct inpcb *inp, struct sockopt *sopt)
2425 {
2426 struct group_source_req gsr;
2427 struct ip_mreq_source mreqs;
2428 struct sockaddr_in *gsa, *ssa;
2429 struct ifnet *ifp;
2430 struct in_mfilter *imf;
2431 struct ip_moptions *imo;
2432 struct in_msource *ims;
2433 struct in_multi *inm = NULL;
2434 size_t idx;
2435 int error, is_final;
2436 unsigned int ifindex = 0;
2437 struct igmp_tparams itp;
2438
2439 bzero(&itp, sizeof(itp));
2440 ifp = NULL;
2441 error = 0;
2442 is_final = 1;
2443
2444 memset(&gsr, 0, sizeof(struct group_source_req));
2445 gsa = SIN(&gsr.gsr_group);
2446 ssa = SIN(&gsr.gsr_source);
2447
2448 switch (sopt->sopt_name) {
2449 case IP_DROP_MEMBERSHIP:
2450 case IP_DROP_SOURCE_MEMBERSHIP:
2451 if (sopt->sopt_name == IP_DROP_MEMBERSHIP) {
2452 error = sooptcopyin(sopt, &mreqs,
2453 sizeof(struct ip_mreq),
2454 sizeof(struct ip_mreq));
2455 /*
2456 * Swap interface and sourceaddr arguments,
2457 * as ip_mreq and ip_mreq_source are laid
2458 * out differently.
2459 */
2460 mreqs.imr_interface = mreqs.imr_sourceaddr;
2461 mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2462 } else if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2463 error = sooptcopyin(sopt, &mreqs,
2464 sizeof(struct ip_mreq_source),
2465 sizeof(struct ip_mreq_source));
2466 }
2467 if (error) {
2468 return error;
2469 }
2470
2471 gsa->sin_family = AF_INET;
2472 gsa->sin_len = sizeof(struct sockaddr_in);
2473 gsa->sin_addr = mreqs.imr_multiaddr;
2474
2475 if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2476 ssa->sin_family = AF_INET;
2477 ssa->sin_len = sizeof(struct sockaddr_in);
2478 ssa->sin_addr = mreqs.imr_sourceaddr;
2479 }
2480 /*
2481 * Attempt to look up hinted ifp from interface address.
2482 * Fallthrough with null ifp iff lookup fails, to
2483 * preserve 4.4BSD mcast API idempotence.
2484 * XXX NOTE WELL: The RFC 3678 API is preferred because
2485 * using an IPv4 address as a key is racy.
2486 */
2487 if (!in_nullhost(mreqs.imr_interface)) {
2488 ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
2489 }
2490
2491 IGMP_INET_PRINTF(mreqs.imr_interface,
2492 ("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2493 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2494
2495 break;
2496
2497 case MCAST_LEAVE_GROUP:
2498 case MCAST_LEAVE_SOURCE_GROUP:
2499 if (sopt->sopt_name == MCAST_LEAVE_GROUP) {
2500 error = sooptcopyin(sopt, &gsr,
2501 sizeof(struct group_req),
2502 sizeof(struct group_req));
2503 } else if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2504 error = sooptcopyin(sopt, &gsr,
2505 sizeof(struct group_source_req),
2506 sizeof(struct group_source_req));
2507 }
2508 if (error) {
2509 return error;
2510 }
2511
2512 if (gsa->sin_family != AF_INET ||
2513 gsa->sin_len != sizeof(struct sockaddr_in)) {
2514 return EINVAL;
2515 }
2516
2517 if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2518 if (ssa->sin_family != AF_INET ||
2519 ssa->sin_len != sizeof(struct sockaddr_in)) {
2520 return EINVAL;
2521 }
2522 }
2523
2524 ifnet_head_lock_shared();
2525 if (gsr.gsr_interface == 0 ||
2526 !IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
2527 ifnet_head_done();
2528 return EADDRNOTAVAIL;
2529 }
2530
2531 ifp = ifindex2ifnet[gsr.gsr_interface];
2532 ifnet_head_done();
2533 if (ifp == NULL) {
2534 return EADDRNOTAVAIL;
2535 }
2536 break;
2537
2538 default:
2539 IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2540 __func__, sopt->sopt_name));
2541 return EOPNOTSUPP;
2542 }
2543
2544 if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2545 return EINVAL;
2546 }
2547
2548 /*
2549 * Find the membership in the membership array.
2550 */
2551 imo = inp_findmoptions(inp);
2552 if (imo == NULL) {
2553 return ENOMEM;
2554 }
2555
2556 IMO_LOCK(imo);
2557 idx = imo_match_group(imo, ifp, gsa);
2558 if (idx == (size_t)-1) {
2559 error = EADDRNOTAVAIL;
2560 goto out_locked;
2561 }
2562 inm = imo->imo_membership[idx];
2563 if (inm == NULL) {
2564 error = EINVAL;
2565 goto out_locked;
2566 }
2567 imf = &imo->imo_mfilters[idx];
2568
2569 if (ssa->sin_family != AF_UNSPEC) {
2570 IGMP_PRINTF(("%s: opt=%d is_final=0\n", __func__,
2571 sopt->sopt_name));
2572 is_final = 0;
2573 }
2574
2575 /*
2576 * Begin state merge transaction at socket layer.
2577 */
2578
2579 /*
2580 * If we were instructed only to leave a given source, do so.
2581 * MCAST_LEAVE_SOURCE_GROUP is only valid for inclusive memberships.
2582 */
2583 if (is_final) {
2584 imf_leave(imf);
2585 } else {
2586 if (imf->imf_st[0] == MCAST_EXCLUDE) {
2587 error = EADDRNOTAVAIL;
2588 goto out_locked;
2589 }
2590 ims = imo_match_source(imo, idx, ssa);
2591 if (ims == NULL) {
2592 IGMP_INET_PRINTF(ssa->sin_addr,
2593 ("%s: source %s %spresent\n", __func__,
2594 _igmp_inet_buf, "not "));
2595 error = EADDRNOTAVAIL;
2596 goto out_locked;
2597 }
2598 IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
2599 error = imf_prune(imf, ssa);
2600 if (error) {
2601 IGMP_PRINTF(("%s: merge imf state failed\n",
2602 __func__));
2603 goto out_locked;
2604 }
2605 }
2606
2607 /*
2608 * Begin state merge transaction at IGMP layer.
2609 */
2610 if (is_final) {
2611 /*
2612 * Give up the multicast address record to which
2613 * the membership points. Reference held in imo
2614 * will be released below.
2615 */
2616 (void) in_leavegroup(inm, imf);
2617 } else {
2618 IGMP_PRINTF(("%s: merge inm state\n", __func__));
2619 INM_LOCK(inm);
2620 error = inm_merge(inm, imf);
2621 if (error) {
2622 IGMP_PRINTF(("%s: failed to merge inm state\n",
2623 __func__));
2624 INM_UNLOCK(inm);
2625 goto out_imf_rollback;
2626 }
2627
2628 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2629 error = igmp_change_state(inm, &itp);
2630 if (error) {
2631 IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2632 }
2633 INM_UNLOCK(inm);
2634 }
2635
2636 out_imf_rollback:
2637 if (error) {
2638 imf_rollback(imf);
2639 } else {
2640 imf_commit(imf);
2641 }
2642
2643 imf_reap(imf);
2644
2645 if (is_final) {
2646 /* Remove the gap in the membership array and filter array. */
2647 VERIFY(inm == imo->imo_membership[idx]);
2648
2649 INM_REMREF(inm);
2650
2651 for (++idx; idx < imo->imo_num_memberships; ++idx) {
2652 imo->imo_membership[idx - 1] = imo->imo_membership[idx];
2653 imo->imo_mfilters[idx - 1] = imo->imo_mfilters[idx];
2654 }
2655 imo->imo_num_memberships--;
2656
2657 /* Re-initialize the now unused tail of the list */
2658 imo->imo_membership[imo->imo_num_memberships] = NULL;
2659 imf_init(&imo->imo_mfilters[imo->imo_num_memberships], MCAST_UNDEFINED, MCAST_EXCLUDE);
2660 }
2661
2662 out_locked:
2663 IMO_UNLOCK(imo);
2664 IMO_REMREF(imo); /* from inp_findmoptions() */
2665
2666 /* schedule timer now that we've dropped the lock(s) */
2667 igmp_set_fast_timeout(&itp);
2668
2669 return error;
2670 }
2671
2672 /*
2673 * Select the interface for transmitting IPv4 multicast datagrams.
2674 *
2675 * Either an instance of struct in_addr or an instance of struct ip_mreqn
2676 * may be passed to this socket option. An address of INADDR_ANY or an
2677 * interface index of 0 is used to remove a previous selection.
2678 * When no interface is selected, one is chosen for every send.
2679 */
2680 static int
inp_set_multicast_if(struct inpcb * inp,struct sockopt * sopt)2681 inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt)
2682 {
2683 struct in_addr addr;
2684 struct ip_mreqn mreqn;
2685 struct ifnet *ifp;
2686 struct ip_moptions *imo;
2687 int error = 0;
2688 unsigned int ifindex = 0;
2689
2690 bzero(&addr, sizeof(addr));
2691 if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
2692 /*
2693 * An interface index was specified using the
2694 * Linux-derived ip_mreqn structure.
2695 */
2696 error = sooptcopyin(sopt, &mreqn, sizeof(struct ip_mreqn),
2697 sizeof(struct ip_mreqn));
2698 if (error) {
2699 return error;
2700 }
2701
2702 ifnet_head_lock_shared();
2703 if (mreqn.imr_ifindex < 0 || !IF_INDEX_IN_RANGE(mreqn.imr_ifindex)) {
2704 ifnet_head_done();
2705 return EINVAL;
2706 }
2707
2708 if (mreqn.imr_ifindex == 0) {
2709 ifp = NULL;
2710 } else {
2711 ifp = ifindex2ifnet[mreqn.imr_ifindex];
2712 if (ifp == NULL) {
2713 ifnet_head_done();
2714 return EADDRNOTAVAIL;
2715 }
2716 }
2717 ifnet_head_done();
2718 } else {
2719 /*
2720 * An interface was specified by IPv4 address.
2721 * This is the traditional BSD usage.
2722 */
2723 error = sooptcopyin(sopt, &addr, sizeof(struct in_addr),
2724 sizeof(struct in_addr));
2725 if (error) {
2726 return error;
2727 }
2728 if (in_nullhost(addr)) {
2729 ifp = NULL;
2730 } else {
2731 ifp = ip_multicast_if(&addr, &ifindex);
2732 if (ifp == NULL) {
2733 IGMP_INET_PRINTF(addr,
2734 ("%s: can't find ifp for addr=%s\n",
2735 __func__, _igmp_inet_buf));
2736 return EADDRNOTAVAIL;
2737 }
2738 }
2739 }
2740
2741 /* Reject interfaces which do not support multicast. */
2742 if (ifp != NULL && (ifp->if_flags & IFF_MULTICAST) == 0) {
2743 return EOPNOTSUPP;
2744 }
2745
2746 imo = inp_findmoptions(inp);
2747 if (imo == NULL) {
2748 return ENOMEM;
2749 }
2750
2751 IMO_LOCK(imo);
2752 imo->imo_multicast_ifp = ifp;
2753 if (ifindex) {
2754 imo->imo_multicast_addr = addr;
2755 } else {
2756 imo->imo_multicast_addr.s_addr = INADDR_ANY;
2757 }
2758 IMO_UNLOCK(imo);
2759 IMO_REMREF(imo); /* from inp_findmoptions() */
2760
2761 return 0;
2762 }
2763
2764 /*
2765 * Atomically set source filters on a socket for an IPv4 multicast group.
2766 */
2767 static int
inp_set_source_filters(struct inpcb * inp,struct sockopt * sopt)2768 inp_set_source_filters(struct inpcb *inp, struct sockopt *sopt)
2769 {
2770 struct __msfilterreq64 msfr = {}, msfr64;
2771 struct __msfilterreq32 msfr32;
2772 struct sockaddr_in *gsa;
2773 struct ifnet *ifp;
2774 struct in_mfilter *imf;
2775 struct ip_moptions *imo;
2776 struct in_multi *inm;
2777 size_t idx;
2778 int error;
2779 uint64_t tmp_ptr;
2780 struct igmp_tparams itp;
2781
2782 bzero(&itp, sizeof(itp));
2783
2784 int is_64bit_proc = IS_64BIT_PROCESS(current_proc());
2785
2786 if (is_64bit_proc) {
2787 error = sooptcopyin(sopt, &msfr64,
2788 sizeof(struct __msfilterreq64),
2789 sizeof(struct __msfilterreq64));
2790 if (error) {
2791 return error;
2792 }
2793 /* we never use msfr.msfr_srcs; */
2794 memcpy(&msfr, &msfr64, sizeof(msfr64));
2795 } else {
2796 error = sooptcopyin(sopt, &msfr32,
2797 sizeof(struct __msfilterreq32),
2798 sizeof(struct __msfilterreq32));
2799 if (error) {
2800 return error;
2801 }
2802 /* we never use msfr.msfr_srcs; */
2803 memcpy(&msfr, &msfr32, sizeof(msfr32));
2804 }
2805
2806 if ((size_t) msfr.msfr_nsrcs >
2807 UINT32_MAX / sizeof(struct sockaddr_storage)) {
2808 msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
2809 }
2810
2811 if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) {
2812 return ENOBUFS;
2813 }
2814
2815 if ((msfr.msfr_fmode != MCAST_EXCLUDE &&
2816 msfr.msfr_fmode != MCAST_INCLUDE)) {
2817 return EINVAL;
2818 }
2819
2820 if (msfr.msfr_group.ss_family != AF_INET ||
2821 msfr.msfr_group.ss_len != sizeof(struct sockaddr_in)) {
2822 return EINVAL;
2823 }
2824
2825 gsa = SIN(&msfr.msfr_group);
2826 if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2827 return EINVAL;
2828 }
2829
2830 gsa->sin_port = 0; /* ignore port */
2831
2832 ifnet_head_lock_shared();
2833 if (msfr.msfr_ifindex == 0 || !IF_INDEX_IN_RANGE(msfr.msfr_ifindex)) {
2834 ifnet_head_done();
2835 return EADDRNOTAVAIL;
2836 }
2837
2838 ifp = ifindex2ifnet[msfr.msfr_ifindex];
2839 ifnet_head_done();
2840 if (ifp == NULL) {
2841 return EADDRNOTAVAIL;
2842 }
2843
2844 /*
2845 * Check if this socket is a member of this group.
2846 */
2847 imo = inp_findmoptions(inp);
2848 if (imo == NULL) {
2849 return ENOMEM;
2850 }
2851
2852 IMO_LOCK(imo);
2853 idx = imo_match_group(imo, ifp, gsa);
2854 if (idx == (size_t)-1 || imo->imo_mfilters == NULL) {
2855 error = EADDRNOTAVAIL;
2856 goto out_imo_locked;
2857 }
2858 inm = imo->imo_membership[idx];
2859 imf = &imo->imo_mfilters[idx];
2860
2861 /*
2862 * Begin state merge transaction at socket layer.
2863 */
2864
2865 imf->imf_st[1] = (uint8_t)msfr.msfr_fmode;
2866
2867 /*
2868 * Apply any new source filters, if present.
2869 * Make a copy of the user-space source vector so
2870 * that we may copy them with a single copyin. This
2871 * allows us to deal with page faults up-front.
2872 */
2873 if (msfr.msfr_nsrcs > 0) {
2874 struct in_msource *__single lims;
2875 struct sockaddr_in *psin;
2876 struct sockaddr_storage *kss, *pkss;
2877 int i;
2878
2879 if (is_64bit_proc) {
2880 tmp_ptr = msfr64.msfr_srcs;
2881 } else {
2882 tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
2883 }
2884
2885 IGMP_PRINTF(("%s: loading %lu source list entries\n",
2886 __func__, (unsigned long)msfr.msfr_nsrcs));
2887 kss = kalloc_data((size_t)msfr.msfr_nsrcs * sizeof(*kss), Z_WAITOK);
2888 if (kss == NULL) {
2889 error = ENOMEM;
2890 goto out_imo_locked;
2891 }
2892 error = copyin(CAST_USER_ADDR_T(tmp_ptr), kss,
2893 (size_t) msfr.msfr_nsrcs * sizeof(*kss));
2894 if (error) {
2895 kfree_data(kss, (size_t)msfr.msfr_nsrcs * sizeof(*kss));
2896 goto out_imo_locked;
2897 }
2898
2899 /*
2900 * Mark all source filters as UNDEFINED at t1.
2901 * Restore new group filter mode, as imf_leave()
2902 * will set it to INCLUDE.
2903 */
2904 imf_leave(imf);
2905 imf->imf_st[1] = (uint8_t)msfr.msfr_fmode;
2906
2907 /*
2908 * Update socket layer filters at t1, lazy-allocating
2909 * new entries. This saves a bunch of memory at the
2910 * cost of one RB_FIND() per source entry; duplicate
2911 * entries in the msfr_nsrcs vector are ignored.
2912 * If we encounter an error, rollback transaction.
2913 *
2914 * XXX This too could be replaced with a set-symmetric
2915 * difference like loop to avoid walking from root
2916 * every time, as the key space is common.
2917 */
2918 for (i = 0, pkss = kss; (u_int)i < msfr.msfr_nsrcs;
2919 i++, pkss++) {
2920 psin = SIN(pkss);
2921 if (psin->sin_family != AF_INET) {
2922 error = EAFNOSUPPORT;
2923 break;
2924 }
2925 if (psin->sin_len != sizeof(struct sockaddr_in)) {
2926 error = EINVAL;
2927 break;
2928 }
2929 error = imf_get_source(imf, psin, &lims);
2930 if (error) {
2931 break;
2932 }
2933 lims->imsl_st[1] = imf->imf_st[1];
2934 }
2935 kfree_data(kss, (size_t)msfr.msfr_nsrcs * sizeof(*kss));
2936 }
2937
2938 if (error) {
2939 goto out_imf_rollback;
2940 }
2941
2942 /*
2943 * Begin state merge transaction at IGMP layer.
2944 */
2945 INM_LOCK(inm);
2946 IGMP_PRINTF(("%s: merge inm state\n", __func__));
2947 error = inm_merge(inm, imf);
2948 if (error) {
2949 IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
2950 INM_UNLOCK(inm);
2951 goto out_imf_rollback;
2952 }
2953
2954 IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2955 error = igmp_change_state(inm, &itp);
2956 INM_UNLOCK(inm);
2957 #ifdef IGMP_DEBUG
2958 if (error) {
2959 IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2960 }
2961 #endif
2962
2963 out_imf_rollback:
2964 if (error) {
2965 imf_rollback(imf);
2966 } else {
2967 imf_commit(imf);
2968 }
2969
2970 imf_reap(imf);
2971
2972 out_imo_locked:
2973 IMO_UNLOCK(imo);
2974 IMO_REMREF(imo); /* from inp_findmoptions() */
2975
2976 /* schedule timer now that we've dropped the lock(s) */
2977 igmp_set_fast_timeout(&itp);
2978
2979 return error;
2980 }
2981
2982 /*
2983 * Set the IP multicast options in response to user setsockopt().
2984 *
2985 * Many of the socket options handled in this function duplicate the
2986 * functionality of socket options in the regular unicast API. However,
2987 * it is not possible to merge the duplicate code, because the idempotence
2988 * of the IPv4 multicast part of the BSD Sockets API must be preserved;
2989 * the effects of these options must be treated as separate and distinct.
2990 */
2991 int
inp_setmoptions(struct inpcb * inp,struct sockopt * sopt)2992 inp_setmoptions(struct inpcb *inp, struct sockopt *sopt)
2993 {
2994 struct ip_moptions *imo;
2995 int error;
2996 unsigned int ifindex;
2997 struct ifnet *ifp;
2998
2999 error = 0;
3000
3001 /*
3002 * If socket is neither of type SOCK_RAW or SOCK_DGRAM,
3003 * or is a divert socket, reject it.
3004 */
3005 if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT ||
3006 (SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
3007 SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM)) {
3008 return EOPNOTSUPP;
3009 }
3010
3011 switch (sopt->sopt_name) {
3012 case IP_MULTICAST_IF:
3013 error = inp_set_multicast_if(inp, sopt);
3014 break;
3015
3016 case IP_MULTICAST_IFINDEX:
3017 /*
3018 * Select the interface for outgoing multicast packets.
3019 */
3020 error = sooptcopyin(sopt, &ifindex, sizeof(ifindex),
3021 sizeof(ifindex));
3022 if (error) {
3023 break;
3024 }
3025
3026 imo = inp_findmoptions(inp);
3027 if (imo == NULL) {
3028 error = ENOMEM;
3029 break;
3030 }
3031 /*
3032 * Index 0 is used to remove a previous selection.
3033 * When no interface is selected, a default one is
3034 * chosen every time a multicast packet is sent.
3035 */
3036 if (ifindex == 0) {
3037 IMO_LOCK(imo);
3038 imo->imo_multicast_ifp = NULL;
3039 IMO_UNLOCK(imo);
3040 IMO_REMREF(imo); /* from inp_findmoptions() */
3041 break;
3042 }
3043
3044 ifnet_head_lock_shared();
3045 /* Don't need to check is ifindex is < 0 since it's unsigned */
3046 if (!IF_INDEX_IN_RANGE(ifindex)) {
3047 ifnet_head_done();
3048 IMO_REMREF(imo); /* from inp_findmoptions() */
3049 error = ENXIO; /* per IPV6_MULTICAST_IF */
3050 break;
3051 }
3052 ifp = ifindex2ifnet[ifindex];
3053 ifnet_head_done();
3054
3055 /* If it's detached or isn't a multicast interface, bail out */
3056 if (ifp == NULL || !(ifp->if_flags & IFF_MULTICAST)) {
3057 IMO_REMREF(imo); /* from inp_findmoptions() */
3058 error = EADDRNOTAVAIL;
3059 break;
3060 }
3061 IMO_LOCK(imo);
3062 imo->imo_multicast_ifp = ifp;
3063 /*
3064 * Clear out any remnants of past IP_MULTICAST_IF. The addr
3065 * isn't really used anywhere in the kernel; we could have
3066 * iterated thru the addresses of the interface and pick one
3067 * here, but that is redundant since ip_getmoptions() already
3068 * takes care of that for INADDR_ANY.
3069 */
3070 imo->imo_multicast_addr.s_addr = INADDR_ANY;
3071 IMO_UNLOCK(imo);
3072 IMO_REMREF(imo); /* from inp_findmoptions() */
3073 break;
3074
3075 case IP_MULTICAST_TTL: {
3076 u_char ttl;
3077
3078 /*
3079 * Set the IP time-to-live for outgoing multicast packets.
3080 * The original multicast API required a char argument,
3081 * which is inconsistent with the rest of the socket API.
3082 * We allow either a char or an int.
3083 */
3084 if (sopt->sopt_valsize == sizeof(u_char)) {
3085 error = sooptcopyin(sopt, &ttl, sizeof(u_char),
3086 sizeof(u_char));
3087 if (error) {
3088 break;
3089 }
3090 } else {
3091 u_int ittl;
3092
3093 error = sooptcopyin(sopt, &ittl, sizeof(u_int),
3094 sizeof(u_int));
3095 if (error) {
3096 break;
3097 }
3098 if (ittl > 255) {
3099 error = EINVAL;
3100 break;
3101 }
3102 ttl = (u_char)ittl;
3103 }
3104 imo = inp_findmoptions(inp);
3105 if (imo == NULL) {
3106 error = ENOMEM;
3107 break;
3108 }
3109 IMO_LOCK(imo);
3110 imo->imo_multicast_ttl = ttl;
3111 IMO_UNLOCK(imo);
3112 IMO_REMREF(imo); /* from inp_findmoptions() */
3113 break;
3114 }
3115
3116 case IP_MULTICAST_LOOP: {
3117 u_char loop;
3118
3119 /*
3120 * Set the loopback flag for outgoing multicast packets.
3121 * Must be zero or one. The original multicast API required a
3122 * char argument, which is inconsistent with the rest
3123 * of the socket API. We allow either a char or an int.
3124 */
3125 if (sopt->sopt_valsize == sizeof(u_char)) {
3126 error = sooptcopyin(sopt, &loop, sizeof(u_char),
3127 sizeof(u_char));
3128 if (error) {
3129 break;
3130 }
3131 } else {
3132 u_int iloop;
3133
3134 error = sooptcopyin(sopt, &iloop, sizeof(u_int),
3135 sizeof(u_int));
3136 if (error) {
3137 break;
3138 }
3139 loop = (u_char)iloop;
3140 }
3141 imo = inp_findmoptions(inp);
3142 if (imo == NULL) {
3143 error = ENOMEM;
3144 break;
3145 }
3146 IMO_LOCK(imo);
3147 imo->imo_multicast_loop = !!loop;
3148 IMO_UNLOCK(imo);
3149 IMO_REMREF(imo); /* from inp_findmoptions() */
3150 break;
3151 }
3152
3153 case IP_ADD_MEMBERSHIP:
3154 case IP_ADD_SOURCE_MEMBERSHIP:
3155 case MCAST_JOIN_GROUP:
3156 case MCAST_JOIN_SOURCE_GROUP:
3157 error = inp_join_group(inp, sopt);
3158 break;
3159
3160 case IP_DROP_MEMBERSHIP:
3161 case IP_DROP_SOURCE_MEMBERSHIP:
3162 case MCAST_LEAVE_GROUP:
3163 case MCAST_LEAVE_SOURCE_GROUP:
3164 error = inp_leave_group(inp, sopt);
3165 break;
3166
3167 case IP_BLOCK_SOURCE:
3168 case IP_UNBLOCK_SOURCE:
3169 case MCAST_BLOCK_SOURCE:
3170 case MCAST_UNBLOCK_SOURCE:
3171 error = inp_block_unblock_source(inp, sopt);
3172 break;
3173
3174 case IP_MSFILTER:
3175 error = inp_set_source_filters(inp, sopt);
3176 break;
3177
3178 default:
3179 error = EOPNOTSUPP;
3180 break;
3181 }
3182
3183 return error;
3184 }
3185
3186 /*
3187 * Expose IGMP's multicast filter mode and source list(s) to userland,
3188 * keyed by (ifindex, group).
3189 * The filter mode is written out as a uint32_t, followed by
3190 * 0..n of struct in_addr.
3191 * For use by ifmcstat(8).
3192 */
3193 static int
3194 sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS
3195 {
3196 #pragma unused(oidp)
3197
3198 struct in_addr src = {}, group;
3199 struct ifnet *ifp;
3200 struct in_multi *inm;
3201 struct in_multistep step;
3202 struct ip_msource *ims;
3203 int *name;
3204 int retval = 0;
3205 u_int namelen;
3206 uint32_t fmode, ifindex;
3207
3208 namelen = (u_int)arg2;
3209
3210 if (req->newptr != USER_ADDR_NULL) {
3211 return EPERM;
3212 }
3213
3214 if (namelen != 2) {
3215 return EINVAL;
3216 }
3217
3218 name = __unsafe_forge_bidi_indexable(int *, arg1, namelen * sizeof(int));
3219 ifindex = name[0];
3220 ifnet_head_lock_shared();
3221 if (!IF_INDEX_IN_RANGE(ifindex)) {
3222 IGMP_PRINTF(("%s: ifindex %u out of range\n",
3223 __func__, ifindex));
3224 ifnet_head_done();
3225 return ENOENT;
3226 }
3227
3228 group.s_addr = name[1];
3229 if (!IN_MULTICAST(ntohl(group.s_addr))) {
3230 IGMP_INET_PRINTF(group,
3231 ("%s: group %s is not multicast\n",
3232 __func__, _igmp_inet_buf));
3233 ifnet_head_done();
3234 return EINVAL;
3235 }
3236
3237 ifp = ifindex2ifnet[ifindex];
3238 ifnet_head_done();
3239 if (ifp == NULL) {
3240 IGMP_PRINTF(("%s: no ifp for ifindex %u\n", __func__, ifindex));
3241 return ENOENT;
3242 }
3243
3244 in_multihead_lock_shared();
3245 IN_FIRST_MULTI(step, inm);
3246 while (inm != NULL) {
3247 INM_LOCK(inm);
3248 if (inm->inm_ifp != ifp) {
3249 goto next;
3250 }
3251
3252 if (!in_hosteq(inm->inm_addr, group)) {
3253 goto next;
3254 }
3255
3256 fmode = inm->inm_st[1].iss_fmode;
3257 retval = SYSCTL_OUT(req, &fmode, sizeof(uint32_t));
3258 if (retval != 0) {
3259 INM_UNLOCK(inm);
3260 break; /* abort */
3261 }
3262 RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
3263 #ifdef IGMP_DEBUG
3264 struct in_addr ina;
3265 ina.s_addr = htonl(ims->ims_haddr);
3266 IGMP_INET_PRINTF(ina,
3267 ("%s: visit node %s\n", __func__, _igmp_inet_buf));
3268 #endif
3269 /*
3270 * Only copy-out sources which are in-mode.
3271 */
3272 if (fmode != ims_get_mode(inm, ims, 1)) {
3273 IGMP_PRINTF(("%s: skip non-in-mode\n",
3274 __func__));
3275 continue; /* process next source */
3276 }
3277 src.s_addr = htonl(ims->ims_haddr);
3278 retval = SYSCTL_OUT(req, &src, sizeof(struct in_addr));
3279 if (retval != 0) {
3280 break; /* process next inm */
3281 }
3282 }
3283 next:
3284 INM_UNLOCK(inm);
3285 IN_NEXT_MULTI(step, inm);
3286 }
3287 in_multihead_lock_done();
3288
3289 return retval;
3290 }
3291
3292 /*
3293 * XXX
3294 * The whole multicast option thing needs to be re-thought.
3295 * Several of these options are equally applicable to non-multicast
3296 * transmission, and one (IP_MULTICAST_TTL) totally duplicates a
3297 * standard option (IP_TTL).
3298 */
3299 /*
3300 * following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
3301 */
3302 static struct ifnet *
ip_multicast_if(struct in_addr * a,unsigned int * ifindexp)3303 ip_multicast_if(struct in_addr *a, unsigned int *ifindexp)
3304 {
3305 unsigned int ifindex;
3306 struct ifnet *ifp;
3307
3308 if (ifindexp != NULL) {
3309 *ifindexp = 0;
3310 }
3311 if (ntohl(a->s_addr) >> 24 == 0) {
3312 ifindex = ntohl(a->s_addr) & 0xffffff;
3313 ifnet_head_lock_shared();
3314 /* Don't need to check is ifindex is < 0 since it's unsigned */
3315 if (!IF_INDEX_IN_RANGE(ifindex)) {
3316 ifnet_head_done();
3317 return NULL;
3318 }
3319 ifp = ifindex2ifnet[ifindex];
3320 ifnet_head_done();
3321 if (ifp != NULL && ifindexp != NULL) {
3322 *ifindexp = ifindex;
3323 }
3324 } else {
3325 INADDR_TO_IFP(*a, ifp);
3326 }
3327 return ifp;
3328 }
3329
3330 static struct in_multi *
in_multi_alloc(zalloc_flags_t how)3331 in_multi_alloc(zalloc_flags_t how)
3332 {
3333 struct in_multi *inm;
3334
3335 if (inm_debug == 0) {
3336 inm = kalloc_type(struct in_multi, how | Z_ZERO);
3337 } else {
3338 struct in_multi_dbg *__single inm_dbg;
3339 inm_dbg = kalloc_type(struct in_multi_dbg, how | Z_ZERO);
3340 inm = (struct in_multi *__single)inm_dbg;
3341 }
3342 if (inm != NULL) {
3343 lck_mtx_init(&inm->inm_lock, &in_multihead_lock_grp,
3344 &in_multihead_lock_attr);
3345 inm->inm_debug |= IFD_ALLOC;
3346 if (inm_debug != 0) {
3347 inm->inm_debug |= IFD_DEBUG;
3348 inm->inm_trace = inm_trace;
3349 }
3350 }
3351 return inm;
3352 }
3353
3354 static void
in_multi_free(struct in_multi * inm)3355 in_multi_free(struct in_multi *inm)
3356 {
3357 INM_LOCK(inm);
3358 if (inm->inm_debug & IFD_ATTACHED) {
3359 panic("%s: attached inm=%p is being freed", __func__, inm);
3360 /* NOTREACHED */
3361 } else if (inm->inm_ifma != NULL) {
3362 panic("%s: ifma not NULL for inm=%p", __func__, inm);
3363 /* NOTREACHED */
3364 } else if (!(inm->inm_debug & IFD_ALLOC)) {
3365 panic("%s: inm %p cannot be freed", __func__, inm);
3366 /* NOTREACHED */
3367 } else if (inm->inm_refcount != 0) {
3368 panic("%s: non-zero refcount inm=%p", __func__, inm);
3369 /* NOTREACHED */
3370 } else if (inm->inm_reqcnt != 0) {
3371 panic("%s: non-zero reqcnt inm=%p", __func__, inm);
3372 /* NOTREACHED */
3373 }
3374
3375 /* Free any pending IGMPv3 state-change records */
3376 IF_DRAIN(&inm->inm_scq);
3377
3378 inm->inm_debug &= ~IFD_ALLOC;
3379 if ((inm->inm_debug & (IFD_DEBUG | IFD_TRASHED)) ==
3380 (IFD_DEBUG | IFD_TRASHED)) {
3381 lck_mtx_lock(&inm_trash_lock);
3382 TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3383 inm_trash_link);
3384 lck_mtx_unlock(&inm_trash_lock);
3385 inm->inm_debug &= ~IFD_TRASHED;
3386 }
3387 INM_UNLOCK(inm);
3388
3389 lck_mtx_destroy(&inm->inm_lock, &in_multihead_lock_grp);
3390 if (inm_debug == 0) {
3391 kfree_type(struct in_multi, inm);
3392 } else {
3393 struct in_multi_dbg *__single inm_dbg =
3394 (struct in_multi_dbg *__single)inm;
3395 kfree_type(struct in_multi_dbg, inm_dbg);
3396 inm = NULL;
3397 }
3398 }
3399
3400 static void
in_multi_attach(struct in_multi * inm)3401 in_multi_attach(struct in_multi *inm)
3402 {
3403 in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3404 INM_LOCK_ASSERT_HELD(inm);
3405
3406 if (inm->inm_debug & IFD_ATTACHED) {
3407 panic("%s: Attempt to attach an already attached inm=%p",
3408 __func__, inm);
3409 /* NOTREACHED */
3410 } else if (inm->inm_debug & IFD_TRASHED) {
3411 panic("%s: Attempt to reattach a detached inm=%p",
3412 __func__, inm);
3413 /* NOTREACHED */
3414 }
3415
3416 inm->inm_reqcnt++;
3417 VERIFY(inm->inm_reqcnt == 1);
3418 INM_ADDREF_LOCKED(inm);
3419 inm->inm_debug |= IFD_ATTACHED;
3420 /*
3421 * Reattach case: If debugging is enabled, take it
3422 * out of the trash list and clear IFD_TRASHED.
3423 */
3424 if ((inm->inm_debug & (IFD_DEBUG | IFD_TRASHED)) ==
3425 (IFD_DEBUG | IFD_TRASHED)) {
3426 /* Become a regular mutex, just in case */
3427 INM_CONVERT_LOCK(inm);
3428 lck_mtx_lock(&inm_trash_lock);
3429 TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3430 inm_trash_link);
3431 lck_mtx_unlock(&inm_trash_lock);
3432 inm->inm_debug &= ~IFD_TRASHED;
3433 }
3434
3435 LIST_INSERT_HEAD(&in_multihead, inm, inm_link);
3436 }
3437
3438 int
in_multi_detach(struct in_multi * inm)3439 in_multi_detach(struct in_multi *inm)
3440 {
3441 in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3442 INM_LOCK_ASSERT_HELD(inm);
3443
3444 if (inm->inm_reqcnt == 0) {
3445 panic("%s: inm=%p negative reqcnt", __func__, inm);
3446 /* NOTREACHED */
3447 }
3448
3449 --inm->inm_reqcnt;
3450 if (inm->inm_reqcnt > 0) {
3451 return 0;
3452 }
3453
3454 if (!(inm->inm_debug & IFD_ATTACHED)) {
3455 panic("%s: Attempt to detach an unattached record inm=%p",
3456 __func__, inm);
3457 /* NOTREACHED */
3458 } else if (inm->inm_debug & IFD_TRASHED) {
3459 panic("%s: inm %p is already in trash list", __func__, inm);
3460 /* NOTREACHED */
3461 }
3462
3463 /*
3464 * NOTE: Caller calls IFMA_REMREF
3465 */
3466 inm->inm_debug &= ~IFD_ATTACHED;
3467 LIST_REMOVE(inm, inm_link);
3468
3469 if (inm->inm_debug & IFD_DEBUG) {
3470 /* Become a regular mutex, just in case */
3471 INM_CONVERT_LOCK(inm);
3472 lck_mtx_lock(&inm_trash_lock);
3473 TAILQ_INSERT_TAIL(&inm_trash_head,
3474 (struct in_multi_dbg *)inm, inm_trash_link);
3475 lck_mtx_unlock(&inm_trash_lock);
3476 inm->inm_debug |= IFD_TRASHED;
3477 }
3478
3479 return 1;
3480 }
3481
3482 void
inm_addref(struct in_multi * inm,int locked)3483 inm_addref(struct in_multi *inm, int locked)
3484 {
3485 if (!locked) {
3486 INM_LOCK_SPIN(inm);
3487 } else {
3488 INM_LOCK_ASSERT_HELD(inm);
3489 }
3490
3491 if (++inm->inm_refcount == 0) {
3492 panic("%s: inm=%p wraparound refcnt", __func__, inm);
3493 /* NOTREACHED */
3494 } else if (inm->inm_trace != NULL) {
3495 (*inm->inm_trace)(inm, TRUE);
3496 }
3497 if (!locked) {
3498 INM_UNLOCK(inm);
3499 }
3500 }
3501
3502 void
inm_remref(struct in_multi * inm,int locked)3503 inm_remref(struct in_multi *inm, int locked)
3504 {
3505 struct ifmultiaddr *ifma;
3506 struct igmp_ifinfo *igi;
3507
3508 if (!locked) {
3509 INM_LOCK_SPIN(inm);
3510 } else {
3511 INM_LOCK_ASSERT_HELD(inm);
3512 }
3513
3514 if (inm->inm_refcount == 0 || (inm->inm_refcount == 1 && locked)) {
3515 panic("%s: inm=%p negative/missing refcnt", __func__, inm);
3516 /* NOTREACHED */
3517 } else if (inm->inm_trace != NULL) {
3518 (*inm->inm_trace)(inm, FALSE);
3519 }
3520
3521 --inm->inm_refcount;
3522 if (inm->inm_refcount > 0) {
3523 if (!locked) {
3524 INM_UNLOCK(inm);
3525 }
3526 return;
3527 }
3528
3529 /*
3530 * Synchronization with in_getmulti(). In the event the inm has been
3531 * detached, the underlying ifma would still be in the if_multiaddrs
3532 * list, and thus can be looked up via if_addmulti(). At that point,
3533 * the only way to find this inm is via ifma_protospec. To avoid
3534 * race conditions between the last inm_remref() of that inm and its
3535 * use via ifma_protospec, in_multihead lock is used for serialization.
3536 * In order to avoid violating the lock order, we must drop inm_lock
3537 * before acquiring in_multihead lock. To prevent the inm from being
3538 * freed prematurely, we hold an extra reference.
3539 */
3540 ++inm->inm_refcount;
3541 INM_UNLOCK(inm);
3542 in_multihead_lock_shared();
3543 INM_LOCK_SPIN(inm);
3544 --inm->inm_refcount;
3545 if (inm->inm_refcount > 0) {
3546 /* We've lost the race, so abort since inm is still in use */
3547 INM_UNLOCK(inm);
3548 in_multihead_lock_done();
3549 /* If it was locked, return it as such */
3550 if (locked) {
3551 INM_LOCK(inm);
3552 }
3553 return;
3554 }
3555 inm_purge(inm);
3556 ifma = inm->inm_ifma;
3557 inm->inm_ifma = NULL;
3558 inm->inm_ifp = NULL;
3559 igi = inm->inm_igi;
3560 inm->inm_igi = NULL;
3561 INM_UNLOCK(inm);
3562 IFMA_LOCK_SPIN(ifma);
3563 ifma->ifma_protospec = NULL;
3564 IFMA_UNLOCK(ifma);
3565 in_multihead_lock_done();
3566
3567 in_multi_free(inm);
3568 if_delmulti_ifma(ifma);
3569 /* Release reference held to the underlying ifmultiaddr */
3570 IFMA_REMREF(ifma);
3571
3572 if (igi != NULL) {
3573 IGI_REMREF(igi);
3574 }
3575 }
3576
3577 static void
inm_trace(struct in_multi * inm,int refhold)3578 inm_trace(struct in_multi *inm, int refhold)
3579 {
3580 struct in_multi_dbg *__single inm_dbg =
3581 (struct in_multi_dbg *__single)inm;
3582 ctrace_t *tr;
3583 u_int32_t idx;
3584 u_int16_t *cnt;
3585
3586 if (!(inm->inm_debug & IFD_DEBUG)) {
3587 panic("%s: inm %p has no debug structure", __func__, inm);
3588 /* NOTREACHED */
3589 }
3590 if (refhold) {
3591 cnt = &inm_dbg->inm_refhold_cnt;
3592 tr = inm_dbg->inm_refhold;
3593 } else {
3594 cnt = &inm_dbg->inm_refrele_cnt;
3595 tr = inm_dbg->inm_refrele;
3596 }
3597
3598 idx = os_atomic_inc_orig(cnt, relaxed) % INM_TRACE_HIST_SIZE;
3599 ctrace_record(&tr[idx]);
3600 }
3601
3602 void
in_multihead_lock_exclusive(void)3603 in_multihead_lock_exclusive(void)
3604 {
3605 lck_rw_lock_exclusive(&in_multihead_lock);
3606 }
3607
3608 void
in_multihead_lock_shared(void)3609 in_multihead_lock_shared(void)
3610 {
3611 lck_rw_lock_shared(&in_multihead_lock);
3612 }
3613
3614 void
in_multihead_lock_assert(int what)3615 in_multihead_lock_assert(int what)
3616 {
3617 #if !MACH_ASSERT
3618 #pragma unused(what)
3619 #endif
3620 LCK_RW_ASSERT(&in_multihead_lock, what);
3621 }
3622
3623 void
in_multihead_lock_done(void)3624 in_multihead_lock_done(void)
3625 {
3626 lck_rw_done(&in_multihead_lock);
3627 }
3628
3629 static struct ip_msource *
ipms_alloc(zalloc_flags_t how)3630 ipms_alloc(zalloc_flags_t how)
3631 {
3632 return zalloc_flags(ipms_zone, how | Z_ZERO);
3633 }
3634
3635 static void
ipms_free(struct ip_msource * ims)3636 ipms_free(struct ip_msource *ims)
3637 {
3638 zfree(ipms_zone, ims);
3639 }
3640
3641 static struct in_msource *
inms_alloc(zalloc_flags_t how)3642 inms_alloc(zalloc_flags_t how)
3643 {
3644 return zalloc_flags(inms_zone, how | Z_ZERO);
3645 }
3646
3647 static void
inms_free(struct in_msource * inms)3648 inms_free(struct in_msource *inms)
3649 {
3650 zfree(inms_zone, inms);
3651 }
3652
3653 #ifdef IGMP_DEBUG
3654
3655 static const char *inm_modestrs[] = { "un", "in", "ex" };
3656
3657 static const char *
inm_mode_str(const int mode)3658 inm_mode_str(const int mode)
3659 {
3660 if (mode >= MCAST_UNDEFINED && mode <= MCAST_EXCLUDE) {
3661 return inm_modestrs[mode];
3662 }
3663 return "??";
3664 }
3665
3666 static const char *inm_statestrs[] = {
3667 "not-member",
3668 "silent",
3669 "reporting",
3670 "idle",
3671 "lazy",
3672 "sleeping",
3673 "awakening",
3674 "query-pending",
3675 "sg-query-pending",
3676 "leaving"
3677 };
3678
3679 static const char *
inm_state_str(const int state)3680 inm_state_str(const int state)
3681 {
3682 if (state >= IGMP_NOT_MEMBER && state <= IGMP_LEAVING_MEMBER) {
3683 return inm_statestrs[state];
3684 }
3685 return "??";
3686 }
3687
3688 /*
3689 * Dump an in_multi structure to the console.
3690 */
3691 void
inm_print(const struct in_multi * inm)3692 inm_print(const struct in_multi *inm)
3693 {
3694 int t;
3695 char buf[MAX_IPv4_STR_LEN];
3696
3697 INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
3698
3699 if (igmp_debug == 0) {
3700 return;
3701 }
3702
3703 inet_ntop(AF_INET, &inm->inm_addr, buf, sizeof(buf));
3704 printf("%s: --- begin inm 0x%llx ---\n", __func__,
3705 (uint64_t)VM_KERNEL_ADDRPERM(inm));
3706 printf("addr %s ifp 0x%llx(%s) ifma 0x%llx\n",
3707 buf,
3708 (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
3709 if_name(inm->inm_ifp),
3710 (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifma));
3711 printf("timer %u state %s refcount %u scq.len %u\n",
3712 inm->inm_timer,
3713 inm_state_str(inm->inm_state),
3714 inm->inm_refcount,
3715 inm->inm_scq.ifq_len);
3716 printf("igi 0x%llx nsrc %lu sctimer %u scrv %u\n",
3717 (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_igi),
3718 inm->inm_nsrc,
3719 inm->inm_sctimer,
3720 inm->inm_scrv);
3721 for (t = 0; t < 2; t++) {
3722 printf("t%d: fmode %s asm %u ex %u in %u rec %u\n", t,
3723 inm_mode_str(inm->inm_st[t].iss_fmode),
3724 inm->inm_st[t].iss_asm,
3725 inm->inm_st[t].iss_ex,
3726 inm->inm_st[t].iss_in,
3727 inm->inm_st[t].iss_rec);
3728 }
3729 printf("%s: --- end inm 0x%llx ---\n", __func__,
3730 (uint64_t)VM_KERNEL_ADDRPERM(inm));
3731 }
3732
3733 #else
3734
3735 void
inm_print(__unused const struct in_multi * inm)3736 inm_print(__unused const struct in_multi *inm)
3737 {
3738 }
3739
3740 #endif
3741