1 /*
2 * Copyright (c) 1997-2021 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @(#)ndrv.c 1.1 (MacOSX) 6/10/43
30 * Justin Walker, 970604
31 * AF_NDRV support
32 * 980130 - Cleanup, reorg, performance improvemements
33 * 000816 - Removal of Y adapter cruft
34 */
35
36 /*
37 * PF_NDRV allows raw access to a specified network device, directly
38 * with a socket. Expected use involves a socket option to request
39 * protocol packets. This lets ndrv_output() call ifnet_output(), and
40 * lets DLIL find the proper recipient for incoming packets.
41 * The purpose here is for user-mode protocol implementation.
42 * Note that "pure raw access" will still be accomplished with BPF.
43 *
44 * In addition to the former use, when combined with socket NKEs,
45 * PF_NDRV permits a fairly flexible mechanism for implementing
46 * strange protocol support.
47 */
48 #include <mach/mach_types.h>
49
50 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/kernel.h>
53 #include <sys/malloc.h>
54 #include <sys/mbuf.h>
55 #include <sys/protosw.h>
56 #include <sys/domain.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
59 #include <sys/ioctl.h>
60 #include <sys/sysctl.h>
61 #include <sys/errno.h>
62 #include <sys/syslog.h>
63 #include <sys/proc.h>
64
65 #include <kern/queue.h>
66 #include <kern/assert.h>
67
68 #include <net/ndrv.h>
69 #include <net/route.h>
70 #include <net/if_llc.h>
71 #include <net/if_dl.h>
72 #include <net/if_types.h>
73 #include <net/ndrv_var.h>
74 #include <net/dlil.h>
75 #include <net/sockaddr_utils.h>
76
77 #if INET
78 #include <netinet/in.h>
79 #include <netinet/in_var.h>
80 #endif
81 #include <netinet/if_ether.h>
82
83 SYSCTL_NODE(_net, OID_AUTO, ndrv,
84 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "");
85
86 static unsigned int ndrv_multi_max_count = NDRV_DMUX_MAX_DESCR;
87 SYSCTL_UINT(_net_ndrv, OID_AUTO, multi_max_count, CTLFLAG_RW | CTLFLAG_LOCKED,
88 &ndrv_multi_max_count, 0, "Number of allowed multicast addresses per NRDV socket");
89
90 /*
91 * The locking strategy relies on the PF_NRDRV domain mutex that protects both the
92 * PCB list "ndrvl" and the sockets themselves
93 */
94
95 static int ndrv_do_detach(struct ndrv_cb *);
96 static int ndrv_do_disconnect(struct ndrv_cb *);
97 static struct ndrv_cb *ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol_family);
98 static int ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt);
99 static int ndrv_delspec(struct ndrv_cb *);
100 static int ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux);
101 static void ndrv_handle_ifp_detach(u_int32_t family, short unit);
102 static int ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt);
103 static int ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt);
104 static struct ndrv_multiaddr* ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* addr);
105 static void ndrv_remove_all_multicast(struct ndrv_cb *np);
106 static void ndrv_dominit(struct domain *);
107
108 u_int32_t ndrv_sendspace = NDRVSNDQ;
109 u_int32_t ndrv_recvspace = NDRVRCVQ;
110 TAILQ_HEAD(, ndrv_cb) ndrvl = TAILQ_HEAD_INITIALIZER(ndrvl);
111
112 uint32_t ndrv_pcbcount = 0;
113 SYSCTL_UINT(_net_ndrv, OID_AUTO, pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED,
114 &ndrv_pcbcount, 0, "Number of NRDV sockets");
115
116 static struct domain *ndrvdomain = NULL;
117 extern struct domain ndrvdomain_s;
118
119 #define NDRV_PROTODEMUX_COUNT 10
120
121 /*
122 * Verify these values match.
123 * To keep clients from including dlil.h, we define
124 * these values independently in ndrv.h. They must
125 * match or a conversion function must be written.
126 */
127 #if NDRV_DEMUXTYPE_ETHERTYPE != DLIL_DESC_ETYPE2
128 #error NDRV_DEMUXTYPE_ETHERTYPE must match DLIL_DESC_ETYPE2
129 #endif
130 #if NDRV_DEMUXTYPE_SAP != DLIL_DESC_SAP
131 #error NDRV_DEMUXTYPE_SAP must match DLIL_DESC_SAP
132 #endif
133 #if NDRV_DEMUXTYPE_SNAP != DLIL_DESC_SNAP
134 #error NDRV_DEMUXTYPE_SNAP must match DLIL_DESC_SNAP
135 #endif
136
137 /*
138 * Protocol output - Called to output a raw network packet directly
139 * to the driver.
140 */
141 static int
ndrv_output(struct mbuf * m,struct socket * so)142 ndrv_output(struct mbuf *m, struct socket *so)
143 {
144 struct ndrv_cb *np = sotondrvcb(so);
145 struct ifnet *ifp = np->nd_if;
146 int result = 0;
147
148 #if NDRV_DEBUG
149 printf("NDRV output: %x, %x, %x\n", m, so, np);
150 #endif
151
152 /*
153 * No header is a format error
154 */
155 if ((m->m_flags & M_PKTHDR) == 0) {
156 result = EINVAL;
157 goto out;
158 }
159
160 so_update_tx_data_stats(so, 1, m->m_pkthdr.len);
161
162 /* Unlock before calling ifnet_output */
163 socket_unlock(so, 0);
164
165 /*
166 * Call DLIL if we can. DLIL is much safer than calling the
167 * ifp directly.
168 */
169 result = ifnet_output_raw(ifp, np->nd_proto_family, m);
170
171 socket_lock(so, 0);
172 m = NULL;
173
174 out:
175 if (m != NULL) {
176 m_freem(m);
177 m = NULL;
178 }
179 return result;
180 }
181
182 /* Our input routine called from DLIL */
183 static errno_t
ndrv_input(ifnet_t ifp,protocol_family_t proto_family,mbuf_t m,char * orig_frame_header)184 ndrv_input(
185 ifnet_t ifp,
186 protocol_family_t proto_family,
187 mbuf_t m,
188 char *orig_frame_header)
189 {
190 struct socket *so;
191 struct sockaddr_dl ndrvsrc = {};
192 struct ndrv_cb *np;
193 char *frame_header = __unsafe_forge_bidi_indexable(char *,
194 orig_frame_header,
195 ifnet_hdrlen(ifp));
196 int error = 0;
197
198 ndrvsrc.sdl_len = sizeof(struct sockaddr_dl);
199 ndrvsrc.sdl_family = AF_NDRV;
200 ndrvsrc.sdl_index = 0;
201
202 /* move packet from if queue to socket */
203 /* Should be media-independent */
204 ndrvsrc.sdl_type = IFT_ETHER;
205 ndrvsrc.sdl_nlen = 0;
206 ndrvsrc.sdl_alen = 6;
207 ndrvsrc.sdl_slen = 0;
208 bcopy(frame_header, &ndrvsrc.sdl_data, 6);
209
210 /* prepend the frame header */
211 m = m_prepend(m, ifnet_hdrlen(ifp), M_NOWAIT);
212 if (m == NULL) {
213 return EJUSTRETURN;
214 }
215 bcopy(frame_header, m_mtod_current(m), ifnet_hdrlen(ifp));
216
217 /*
218 * We need to take the domain mutex before the list RW lock
219 */
220 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
221 lck_mtx_lock(ndrvdomain->dom_mtx);
222
223 np = ndrv_find_inbound(ifp, proto_family);
224 if (np == NULL) {
225 lck_mtx_unlock(ndrvdomain->dom_mtx);
226 return ENOENT;
227 }
228
229 so = np->nd_socket;
230
231 if (sbappendaddr(&(so->so_rcv), (struct sockaddr *)&ndrvsrc,
232 m, NULL, &error) != 0) {
233 sorwakeup(so);
234 }
235
236 lck_mtx_unlock(ndrvdomain->dom_mtx);
237
238 return 0; /* radar 4030377 - always return 0 */
239 }
240
241 /*
242 * Allocate an ndrv control block and some buffer space for the socket
243 */
244 static int
ndrv_attach(struct socket * so,int proto,__unused struct proc * p)245 ndrv_attach(struct socket *so, int proto, __unused struct proc *p)
246 {
247 int error;
248 struct ndrv_cb *np = sotondrvcb(so);
249
250 if ((so->so_state & SS_PRIV) == 0) {
251 return EPERM;
252 }
253
254 #if NDRV_DEBUG
255 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
256 #endif
257
258 if ((error = soreserve(so, ndrv_sendspace, ndrv_recvspace))) {
259 return error;
260 }
261
262 np = kalloc_type(struct ndrv_cb, Z_WAITOK | Z_ZERO | Z_NOFAIL);
263 so->so_pcb = (caddr_t)np;
264 #if NDRV_DEBUG
265 printf("NDRV attach: %x, %x, %x\n", so, proto, np);
266 #endif
267 TAILQ_INIT(&np->nd_dlist);
268 np->nd_signature = NDRV_SIGNATURE;
269 np->nd_socket = so;
270 np->nd_proto.sp_family = (uint16_t)SOCK_DOM(so);
271 np->nd_proto.sp_protocol = (uint16_t)proto;
272 np->nd_if = NULL;
273 np->nd_proto_family = 0;
274 np->nd_family = 0;
275 np->nd_unit = 0;
276
277 /*
278 * Use the domain mutex to protect the list
279 */
280 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
281 lck_mtx_lock(ndrvdomain->dom_mtx);
282
283 TAILQ_INSERT_TAIL(&ndrvl, np, nd_next);
284 ndrv_pcbcount++;
285
286 lck_mtx_unlock(ndrvdomain->dom_mtx);
287
288 return 0;
289 }
290
291 /*
292 * Destroy state just before socket deallocation.
293 * Flush data or not depending on the options.
294 */
295
296 static int
ndrv_detach(struct socket * so)297 ndrv_detach(struct socket *so)
298 {
299 struct ndrv_cb *np = sotondrvcb(so);
300
301 if (np == 0) {
302 return EINVAL;
303 }
304 return ndrv_do_detach(np);
305 }
306
307
308 /*
309 * If a socket isn't bound to a single address,
310 * the ndrv input routine will hand it anything
311 * within that protocol family (assuming there's
312 * nothing else around it should go to).
313 *
314 * Don't expect this to be used.
315 */
316
317 static int
ndrv_connect(struct socket * so,struct sockaddr * nam,__unused struct proc * p)318 ndrv_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
319 {
320 struct ndrv_cb *np = sotondrvcb(so);
321
322 if (np == 0) {
323 return EINVAL;
324 }
325
326 if (np->nd_faddr) {
327 return EISCONN;
328 }
329
330 if (nam->sa_len < sizeof(struct sockaddr_ndrv)) {
331 return EINVAL;
332 }
333
334 /* Allocate memory to store the remote address */
335 np->nd_faddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
336
337 SOCKADDR_COPY(nam, np->nd_faddr,
338 MIN(sizeof(struct sockaddr_ndrv), nam->sa_len));
339 np->nd_faddr->snd_len = sizeof(struct sockaddr_ndrv);
340 soisconnected(so);
341 return 0;
342 }
343
344 static void
ndrv_event(struct ifnet * ifp,__unused protocol_family_t protocol,const struct kev_msg * event)345 ndrv_event(struct ifnet *ifp, __unused protocol_family_t protocol,
346 const struct kev_msg *event)
347 {
348 if (event->vendor_code == KEV_VENDOR_APPLE &&
349 event->kev_class == KEV_NETWORK_CLASS &&
350 event->kev_subclass == KEV_DL_SUBCLASS &&
351 event->event_code == KEV_DL_IF_DETACHING) {
352 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_NOTOWNED);
353 lck_mtx_lock(ndrvdomain->dom_mtx);
354 ndrv_handle_ifp_detach(ifnet_family(ifp), ifp->if_unit);
355 lck_mtx_unlock(ndrvdomain->dom_mtx);
356 }
357 }
358
359 /*
360 * This is the "driver open" hook - we 'bind' to the
361 * named driver.
362 * Here's where we latch onto the driver.
363 */
364 static int
ndrv_bind(struct socket * so,struct sockaddr * nam,__unused struct proc * p)365 ndrv_bind(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
366 {
367 struct sockaddr_ndrv *sa = (struct sockaddr_ndrv *) nam;
368 const char *dname;
369 struct ndrv_cb *np;
370 struct ifnet *ifp;
371 int result;
372
373 if (TAILQ_EMPTY(&ifnet_head)) {
374 return EADDRNOTAVAIL; /* Quick sanity check */
375 }
376 np = sotondrvcb(so);
377 if (np == 0) {
378 return EINVAL;
379 }
380
381 if (np->nd_laddr) {
382 return EINVAL; /* XXX */
383 }
384 /* I think we just latch onto a copy here; the caller frees */
385 np->nd_laddr = kalloc_type(struct sockaddr_ndrv, Z_WAITOK | Z_NOFAIL | Z_ZERO);
386 SOCKADDR_COPY(sa, np->nd_laddr,
387 MIN(sizeof(struct sockaddr_ndrv), sa->snd_len));
388 np->nd_laddr->snd_len = sizeof(struct sockaddr_ndrv);
389 dname = (const char *) sa->snd_name;
390 if (*dname == '\0') {
391 return EINVAL;
392 }
393 #if NDRV_DEBUG
394 printf("NDRV bind: %x, %x, %s\n", so, np, dname);
395 #endif
396 /* Track down the driver and its ifnet structure.
397 * There's no internal call for this so we have to dup the code
398 * in if.c/ifconf()
399 */
400 ifnet_head_lock_shared();
401 TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
402 if (strlcmp(dname, ifp->if_xname, IFNAMSIZ) == 0) {
403 break;
404 }
405 }
406 ifnet_head_done();
407
408 if (ifp == NULL) {
409 return EADDRNOTAVAIL;
410 }
411
412 // PPP doesn't support PF_NDRV.
413 if (ifnet_family(ifp) != APPLE_IF_FAM_PPP) {
414 /* NDRV on this interface */
415 struct ifnet_attach_proto_param ndrv_proto;
416 result = 0;
417 bzero(&ndrv_proto, sizeof(ndrv_proto));
418 ndrv_proto.event = ndrv_event;
419
420 /* We aren't worried about double attaching, that should just return an error */
421 socket_unlock(so, 0);
422 result = ifnet_attach_protocol(ifp, PF_NDRV, &ndrv_proto);
423 socket_lock(so, 0);
424 if (result && result != EEXIST) {
425 return result;
426 }
427 np->nd_proto_family = PF_NDRV;
428 } else {
429 np->nd_proto_family = 0;
430 }
431
432 np->nd_if = ifp;
433 np->nd_family = ifnet_family(ifp);
434 np->nd_unit = ifp->if_unit;
435
436 return 0;
437 }
438
439 static int
ndrv_disconnect(struct socket * so)440 ndrv_disconnect(struct socket *so)
441 {
442 struct ndrv_cb *np = sotondrvcb(so);
443
444 if (np == 0) {
445 return EINVAL;
446 }
447
448 if (np->nd_faddr == 0) {
449 return ENOTCONN;
450 }
451
452 ndrv_do_disconnect(np);
453 return 0;
454 }
455
456 /*
457 * Mark the connection as being incapable of further input.
458 */
459 static int
ndrv_shutdown(struct socket * so)460 ndrv_shutdown(struct socket *so)
461 {
462 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
463 socantsendmore(so);
464 return 0;
465 }
466
467 /*
468 * Ship a packet out. The ndrv output will pass it
469 * to the appropriate driver. The really tricky part
470 * is the destination address...
471 */
472 static int
ndrv_send(struct socket * so,__unused int flags,struct mbuf * m,__unused struct sockaddr * addr,struct mbuf * control,__unused struct proc * p)473 ndrv_send(struct socket *so, __unused int flags, struct mbuf *m,
474 __unused struct sockaddr *addr, struct mbuf *control,
475 __unused struct proc *p)
476 {
477 int error;
478
479 if (control != NULL) {
480 error = EOPNOTSUPP;
481 goto out;
482 }
483
484 error = ndrv_output(m, so);
485 return error;
486
487 out:
488 if (control != NULL) {
489 m_freem(control);
490 }
491 if (m != NULL) {
492 m_freem(m);
493 }
494 m = NULL;
495 return error;
496 }
497
498
499 static int
ndrv_abort(struct socket * so)500 ndrv_abort(struct socket *so)
501 {
502 struct ndrv_cb *np = sotondrvcb(so);
503
504 if (np == 0) {
505 return EINVAL;
506 }
507
508 ndrv_do_disconnect(np);
509 return 0;
510 }
511
512 static int
ndrv_sockaddr(struct socket * so,struct sockaddr ** nam)513 ndrv_sockaddr(struct socket *so, struct sockaddr **nam)
514 {
515 struct ndrv_cb *np = sotondrvcb(so);
516 unsigned int len;
517
518 if (np == 0) {
519 return EINVAL;
520 }
521
522 if (np->nd_laddr == 0) {
523 return EINVAL;
524 }
525
526 len = np->nd_laddr->snd_len;
527 *nam = (struct sockaddr *)alloc_sockaddr(len,
528 Z_WAITOK | Z_NOFAIL);
529
530 SOCKADDR_COPY(np->nd_laddr, *nam, len);
531 return 0;
532 }
533
534
535 static int
ndrv_peeraddr(struct socket * so,struct sockaddr ** nam)536 ndrv_peeraddr(struct socket *so, struct sockaddr **nam)
537 {
538 struct ndrv_cb *np = sotondrvcb(so);
539 unsigned int len;
540
541 if (np == 0) {
542 return EINVAL;
543 }
544
545 if (np->nd_faddr == 0) {
546 return ENOTCONN;
547 }
548
549 len = np->nd_faddr->snd_len;
550 *nam = (struct sockaddr *)alloc_sockaddr(len,
551 Z_WAITOK | Z_NOFAIL);
552
553 SOCKADDR_COPY(np->nd_faddr, *nam, len);
554 return 0;
555 }
556
557
558 /* Control output */
559
560 static int
ndrv_ctloutput(struct socket * so,struct sockopt * sopt)561 ndrv_ctloutput(struct socket *so, struct sockopt *sopt)
562 {
563 struct ndrv_cb *np = sotondrvcb(so);
564 int error = 0;
565
566 switch (sopt->sopt_name) {
567 case NDRV_DELDMXSPEC: /* Delete current spec */
568 /* Verify no parameter was passed */
569 if (sopt->sopt_val != 0 || sopt->sopt_valsize != 0) {
570 /*
571 * We don't support deleting a specific demux, it's
572 * all or nothing.
573 */
574 return EINVAL;
575 }
576 error = ndrv_delspec(np);
577 break;
578 case NDRV_SETDMXSPEC: /* Set protocol spec */
579 error = ndrv_setspec(np, sopt);
580 break;
581 case NDRV_ADDMULTICAST:
582 error = ndrv_do_add_multicast(np, sopt);
583 break;
584 case NDRV_DELMULTICAST:
585 error = ndrv_do_remove_multicast(np, sopt);
586 break;
587 default:
588 error = ENOTSUP;
589 }
590 #ifdef NDRV_DEBUG
591 log(LOG_WARNING, "NDRV CTLOUT: %x returns %d\n", sopt->sopt_name,
592 error);
593 #endif
594 return error;
595 }
596
597 static int
ndrv_do_detach(struct ndrv_cb * np)598 ndrv_do_detach(struct ndrv_cb *np)
599 {
600 struct ndrv_cb* cur_np = NULL;
601 struct socket *so = np->nd_socket;
602 int error = 0;
603 struct ifnet * ifp;
604
605 #if NDRV_DEBUG
606 printf("NDRV detach: %x, %x\n", so, np);
607 #endif
608 ndrv_remove_all_multicast(np);
609
610 /* Remove from the linked list of control blocks */
611 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
612 TAILQ_REMOVE(&ndrvl, np, nd_next);
613 ndrv_pcbcount--;
614
615 ifp = np->nd_if;
616 if (ifp != NULL) {
617 u_int32_t proto_family = np->nd_proto_family;
618
619 if (proto_family != PF_NDRV && proto_family != 0) {
620 socket_unlock(so, 0);
621 ifnet_detach_protocol(ifp, proto_family);
622 socket_lock(so, 0);
623 }
624
625 /* Check if this is the last socket attached to this interface */
626 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
627 TAILQ_FOREACH(cur_np, &ndrvl, nd_next) {
628 if (cur_np->nd_family == np->nd_family &&
629 cur_np->nd_unit == np->nd_unit) {
630 break;
631 }
632 }
633
634 /* If there are no other interfaces, detach PF_NDRV from the interface */
635 if (cur_np == NULL) {
636 socket_unlock(so, 0);
637 ifnet_detach_protocol(ifp, PF_NDRV);
638 socket_lock(so, 0);
639 }
640 }
641 if (np->nd_laddr != NULL) {
642 kfree_type(struct sockaddr_ndrv, np->nd_laddr);
643 }
644 kfree_type(struct ndrv_cb, np);
645 so->so_pcb = 0;
646 so->so_flags |= SOF_PCBCLEARING;
647 sofree(so);
648 return error;
649 }
650
651 static int
ndrv_do_disconnect(struct ndrv_cb * np)652 ndrv_do_disconnect(struct ndrv_cb *np)
653 {
654 struct socket * so = np->nd_socket;
655 #if NDRV_DEBUG
656 printf("NDRV disconnect: %x\n", np);
657 #endif
658 if (np->nd_faddr) {
659 kfree_type(struct sockaddr_ndrv, np->nd_faddr);
660 }
661 /*
662 * A multipath subflow socket would have its SS_NOFDREF set by default,
663 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB;
664 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared.
665 */
666 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) {
667 ndrv_do_detach(np);
668 }
669 soisdisconnected(so);
670 return 0;
671 }
672
673 #if 0
674 //### Not used
675 /*
676 * When closing, dump any enqueued mbufs.
677 */
678 void
679 ndrv_flushq(struct ifqueue *q)
680 {
681 struct mbuf *m;
682 for (;;) {
683 IF_DEQUEUE(q, m);
684 if (m == NULL) {
685 break;
686 }
687 IF_DROP(q);
688 if (m) {
689 m_freem(m);
690 }
691 }
692 }
693 #endif
694
695 int
ndrv_setspec(struct ndrv_cb * np,struct sockopt * sopt)696 ndrv_setspec(struct ndrv_cb *np, struct sockopt *sopt)
697 {
698 struct ifnet_attach_proto_param proto_param;
699 struct ndrv_protocol_desc_kernel ndrvSpec;
700 struct ndrv_demux_desc* ndrvDemux = NULL;
701 size_t ndrvDemuxSize = 0;
702 int error = 0;
703 struct socket * so = np->nd_socket;
704 user_addr_t user_addr;
705 uint32_t demux_count = 0;
706
707 /* Sanity checking */
708 if (np->nd_proto_family != PF_NDRV) {
709 return EBUSY;
710 }
711 if (np->nd_if == NULL) {
712 return EINVAL;
713 }
714
715 /* Copy the ndrvSpec */
716 if (proc_is64bit(sopt->sopt_p)) {
717 struct ndrv_protocol_desc64 ndrvSpec64;
718
719 if (sopt->sopt_valsize != sizeof(ndrvSpec64)) {
720 return EINVAL;
721 }
722
723 error = sooptcopyin(sopt, &ndrvSpec64, sizeof(ndrvSpec64), sizeof(ndrvSpec64));
724 if (error != 0) {
725 return error;
726 }
727
728 ndrvSpec.version = ndrvSpec64.version;
729 ndrvSpec.protocol_family = ndrvSpec64.protocol_family;
730 demux_count = ndrvSpec64.demux_count;
731
732 user_addr = CAST_USER_ADDR_T(ndrvSpec64.demux_list);
733 } else {
734 struct ndrv_protocol_desc32 ndrvSpec32;
735
736 if (sopt->sopt_valsize != sizeof(ndrvSpec32)) {
737 return EINVAL;
738 }
739
740 error = sooptcopyin(sopt, &ndrvSpec32, sizeof(ndrvSpec32), sizeof(ndrvSpec32));
741 if (error != 0) {
742 return error;
743 }
744
745 ndrvSpec.version = ndrvSpec32.version;
746 ndrvSpec.protocol_family = ndrvSpec32.protocol_family;
747 demux_count = ndrvSpec32.demux_count;
748
749 user_addr = CAST_USER_ADDR_T(ndrvSpec32.demux_list);
750 }
751
752 /*
753 * Do not allow PF_NDRV as it's non-sensical and most importantly because
754 * we use PF_NDRV to see if the protocol family has already been set
755 */
756 if (ndrvSpec.protocol_family == PF_NDRV) {
757 return EINVAL;
758 }
759
760 /* Verify the parameter */
761 if (ndrvSpec.version > NDRV_PROTOCOL_DESC_VERS) {
762 return ENOTSUP; // version is too new!
763 } else if (ndrvSpec.version < 1) {
764 return EINVAL; // version is not valid
765 } else if (demux_count > NDRV_PROTODEMUX_COUNT || demux_count == 0) {
766 return EINVAL; // demux_count is not valid
767 }
768 bzero(&proto_param, sizeof(proto_param));
769
770 /* Allocate storage for demux array */
771 ndrvDemuxSize = demux_count * sizeof(struct ndrv_demux_desc);
772 ndrvDemux = (struct ndrv_demux_desc*) kalloc_data(ndrvDemuxSize, Z_WAITOK);
773 if (ndrvDemux == NULL) {
774 return ENOMEM;
775 }
776
777 /* Allocate enough ifnet_demux_descs */
778 struct ifnet_demux_desc *demux_desc = kalloc_type(struct ifnet_demux_desc,
779 demux_count, Z_WAITOK | Z_ZERO);
780 if (demux_desc == NULL) {
781 error = ENOMEM;
782 } else {
783 proto_param.demux_array = demux_desc;
784 proto_param.demux_count = demux_count;
785 }
786
787 if (error == 0) {
788 /* Copy the ndrv demux array from userland */
789 error = copyin(user_addr, ndrvDemux,
790 demux_count * sizeof(struct ndrv_demux_desc));
791 ndrvSpec.demux_list = ndrvDemux;
792 ndrvSpec.demux_count = demux_count;
793 }
794
795 if (error == 0) {
796 /* At this point, we've at least got enough bytes to start looking around */
797 u_int32_t demuxOn = 0;
798
799 proto_param.input = ndrv_input;
800 proto_param.event = ndrv_event;
801
802 for (demuxOn = 0; demuxOn < ndrvSpec.demux_count; demuxOn++) {
803 /* Convert an ndrv_demux_desc to a ifnet_demux_desc */
804 error = ndrv_to_ifnet_demux(&ndrvSpec.demux_list[demuxOn],
805 &proto_param.demux_array[demuxOn]);
806 if (error) {
807 break;
808 }
809 }
810 }
811
812 if (error == 0) {
813 /*
814 * Set the protocol family to prevent other threads from
815 * attaching a protocol while the socket is unlocked
816 */
817 np->nd_proto_family = ndrvSpec.protocol_family;
818 socket_unlock(so, 0);
819 error = ifnet_attach_protocol(np->nd_if, ndrvSpec.protocol_family,
820 &proto_param);
821 socket_lock(so, 0);
822 /*
823 * Upon failure, indicate that no protocol is attached
824 */
825 if (error != 0) {
826 np->nd_proto_family = PF_NDRV;
827 }
828 }
829
830 /* Free any memory we've allocated */
831 if (proto_param.demux_array != NULL) {
832 kfree_type_counted_by(struct ifnet_demux_desc,
833 proto_param.demux_count,
834 proto_param.demux_array);
835 }
836 if (ndrvDemux) {
837 ndrvSpec.demux_list = NULL;
838 ndrvSpec.demux_count = 0;
839 kfree_data(ndrvDemux, ndrvDemuxSize);
840 }
841
842 return error;
843 }
844
845
846 int
ndrv_to_ifnet_demux(struct ndrv_demux_desc * ndrv,struct ifnet_demux_desc * ifdemux)847 ndrv_to_ifnet_demux(struct ndrv_demux_desc* ndrv, struct ifnet_demux_desc* ifdemux)
848 {
849 bzero(ifdemux, sizeof(*ifdemux));
850
851 if (ndrv->type < DLIL_DESC_ETYPE2) {
852 /* using old "type", not supported */
853 return ENOTSUP;
854 }
855
856 if (ndrv->length > 28) {
857 return EINVAL;
858 }
859
860 ifdemux->type = ndrv->type;
861 ifdemux->data = ndrv->data.other;
862 ifdemux->datalen = ndrv->length;
863
864 return 0;
865 }
866
867 int
ndrv_delspec(struct ndrv_cb * np)868 ndrv_delspec(struct ndrv_cb *np)
869 {
870 int result = 0;
871
872 if (np->nd_proto_family == PF_NDRV ||
873 np->nd_proto_family == 0) {
874 return EINVAL;
875 }
876
877 /* Detach the protocol */
878 result = ifnet_detach_protocol(np->nd_if, np->nd_proto_family);
879 np->nd_proto_family = PF_NDRV;
880
881 return result;
882 }
883
884 struct ndrv_cb *
ndrv_find_inbound(struct ifnet * ifp,u_int32_t protocol)885 ndrv_find_inbound(struct ifnet *ifp, u_int32_t protocol)
886 {
887 struct ndrv_cb* np;
888
889 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
890
891 if (protocol == PF_NDRV) {
892 return NULL;
893 }
894
895 TAILQ_FOREACH(np, &ndrvl, nd_next) {
896 if (np->nd_proto_family == protocol &&
897 np->nd_if == ifp) {
898 return np;
899 }
900 }
901
902 return NULL;
903 }
904
905 static void
ndrv_handle_ifp_detach(u_int32_t family,short unit)906 ndrv_handle_ifp_detach(u_int32_t family, short unit)
907 {
908 struct ndrv_cb* np;
909 struct ifnet *ifp = NULL;
910 struct socket *so;
911
912 /* Find all sockets using this interface. */
913 TAILQ_FOREACH(np, &ndrvl, nd_next) {
914 if (np->nd_family == family &&
915 np->nd_unit == unit) {
916 /* This cb is using the detaching interface, but not for long. */
917 /* Let the protocol go */
918 ifp = np->nd_if;
919 if (np->nd_proto_family != 0) {
920 ndrv_delspec(np);
921 }
922
923 /* Delete the multicasts first */
924 ndrv_remove_all_multicast(np);
925
926 /* Disavow all knowledge of the ifp */
927 np->nd_if = NULL;
928 np->nd_unit = 0;
929 np->nd_family = 0;
930
931 so = np->nd_socket;
932 /* Make sure sending returns an error */
933 LCK_MTX_ASSERT(ndrvdomain->dom_mtx, LCK_MTX_ASSERT_OWNED);
934 socantsendmore(so);
935 socantrcvmore(so);
936 }
937 }
938
939 /* Unregister our protocol */
940 if (ifp) {
941 ifnet_detach_protocol(ifp, PF_NDRV);
942 }
943 }
944
945 static void
ndrv_multiaddr_free(struct ndrv_multiaddr * ndrv_multi)946 ndrv_multiaddr_free(struct ndrv_multiaddr *ndrv_multi)
947 {
948 kfree_data(ndrv_multi->addr, ndrv_multi->addr->sa_len);
949 kfree_type(struct ndrv_multiaddr, ndrv_multi);
950 }
951
952 static int
ndrv_do_add_multicast(struct ndrv_cb * np,struct sockopt * sopt)953 ndrv_do_add_multicast(struct ndrv_cb *np, struct sockopt *sopt)
954 {
955 struct ndrv_multiaddr *ndrv_multi = NULL;
956 struct sockaddr *addr = NULL;
957 int result;
958
959 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
960 sopt->sopt_level != SOL_NDRVPROTO || sopt->sopt_valsize > SOCK_MAXADDRLEN) {
961 return EINVAL;
962 }
963 if (np->nd_if == NULL) {
964 return ENXIO;
965 }
966 if (!(np->nd_dlist_cnt < ndrv_multi_max_count)) {
967 return EPERM;
968 }
969
970 // Copy in the address
971 addr = kalloc_data(sopt->sopt_valsize, Z_WAITOK_ZERO_NOFAIL);
972 result = copyin(sopt->sopt_val, addr, sopt->sopt_valsize);
973 if (result == 0) {
974 ndrv_multi = kalloc_type(struct ndrv_multiaddr, Z_WAITOK_ZERO_NOFAIL);
975 ndrv_multi->addr = addr;
976 addr = NULL; // don't use addr again
977 }
978
979 // Validate the sockaddr
980 if (result == 0 && sopt->sopt_valsize != ndrv_multi->addr->sa_len) {
981 result = EINVAL;
982 }
983
984 if (result == 0 && ndrv_have_multicast(np, ndrv_multi->addr)) {
985 result = EEXIST;
986 }
987
988 if (result == 0) {
989 // Try adding the multicast
990 result = ifnet_add_multicast(np->nd_if, ndrv_multi->addr,
991 &ndrv_multi->ifma);
992 }
993
994 if (result == 0) {
995 // Add to our linked list
996 ndrv_multi->next = np->nd_multiaddrs;
997 np->nd_multiaddrs = ndrv_multi;
998 np->nd_dlist_cnt++;
999 } else {
1000 // Free up the memory, something went wrong
1001 if (ndrv_multi != NULL) {
1002 ndrv_multiaddr_free(ndrv_multi);
1003 } else if (addr != NULL) {
1004 kfree_data(addr, sopt->sopt_valsize);
1005 }
1006 }
1007
1008 return result;
1009 }
1010
1011 static void
ndrv_cb_remove_multiaddr(struct ndrv_cb * np,struct ndrv_multiaddr * ndrv_entry)1012 ndrv_cb_remove_multiaddr(struct ndrv_cb *np, struct ndrv_multiaddr *ndrv_entry)
1013 {
1014 struct ndrv_multiaddr *cur = np->nd_multiaddrs;
1015 bool removed = false;
1016
1017 if (cur == ndrv_entry) {
1018 /* we were the head */
1019 np->nd_multiaddrs = cur->next;
1020 removed = true;
1021 } else {
1022 /* find our entry */
1023 struct ndrv_multiaddr *cur_next = NULL;
1024
1025 for (; cur != NULL; cur = cur_next) {
1026 cur_next = cur->next;
1027 if (cur_next == ndrv_entry) {
1028 cur->next = cur_next->next;
1029 removed = true;
1030 break;
1031 }
1032 }
1033 }
1034 ASSERT(removed);
1035 }
1036
1037 static int
ndrv_do_remove_multicast(struct ndrv_cb * np,struct sockopt * sopt)1038 ndrv_do_remove_multicast(struct ndrv_cb *np, struct sockopt *sopt)
1039 {
1040 struct sockaddr* multi_addr;
1041 struct ndrv_multiaddr* ndrv_entry = NULL;
1042 int result;
1043
1044 if (sopt->sopt_val == 0 || sopt->sopt_valsize < 2 ||
1045 sopt->sopt_valsize > SOCK_MAXADDRLEN ||
1046 sopt->sopt_level != SOL_NDRVPROTO) {
1047 return EINVAL;
1048 }
1049 if (np->nd_if == NULL || np->nd_dlist_cnt == 0) {
1050 return ENXIO;
1051 }
1052
1053 // Allocate storage
1054 multi_addr = (struct sockaddr*) kalloc_data(sopt->sopt_valsize, Z_WAITOK);
1055 if (multi_addr == NULL) {
1056 return ENOMEM;
1057 }
1058
1059 // Copy in the address
1060 result = copyin(sopt->sopt_val, multi_addr, sopt->sopt_valsize);
1061
1062 // Validate the sockaddr
1063 if (result == 0 && sopt->sopt_valsize != multi_addr->sa_len) {
1064 result = EINVAL;
1065 }
1066
1067 if (result == 0) {
1068 /* Find the old entry */
1069 ndrv_entry = ndrv_have_multicast(np, multi_addr);
1070
1071 if (ndrv_entry == NULL) {
1072 result = ENOENT;
1073 }
1074 }
1075
1076 if (result == 0) {
1077 // Try deleting the multicast
1078 result = ifnet_remove_multicast(ndrv_entry->ifma);
1079 }
1080
1081 if (result == 0) {
1082 // Remove from our linked list
1083 ifmaddr_release(ndrv_entry->ifma);
1084
1085 ndrv_cb_remove_multiaddr(np, ndrv_entry);
1086 np->nd_dlist_cnt--;
1087
1088 ndrv_multiaddr_free(ndrv_entry);
1089 }
1090 kfree_data(multi_addr, sopt->sopt_valsize);
1091
1092 return result;
1093 }
1094
1095 static struct ndrv_multiaddr*
ndrv_have_multicast(struct ndrv_cb * np,struct sockaddr * inAddr)1096 ndrv_have_multicast(struct ndrv_cb *np, struct sockaddr* inAddr)
1097 {
1098 struct ndrv_multiaddr* cur;
1099 for (cur = np->nd_multiaddrs; cur != NULL; cur = cur->next) {
1100 if ((inAddr->sa_len == cur->addr->sa_len) &&
1101 (SOCKADDR_CMP(cur->addr, inAddr, inAddr->sa_len) == 0)) {
1102 // Found a match
1103 return cur;
1104 }
1105 }
1106
1107 return NULL;
1108 }
1109
1110 static void
ndrv_remove_all_multicast(struct ndrv_cb * np)1111 ndrv_remove_all_multicast(struct ndrv_cb* np)
1112 {
1113 struct ndrv_multiaddr* cur;
1114
1115 if (np->nd_if != NULL) {
1116 while (np->nd_multiaddrs != NULL) {
1117 cur = np->nd_multiaddrs;
1118 np->nd_multiaddrs = cur->next;
1119
1120 ifnet_remove_multicast(cur->ifma);
1121 ifmaddr_release(cur->ifma);
1122 ndrv_multiaddr_free(cur);
1123 }
1124 }
1125 }
1126
1127 static struct pr_usrreqs ndrv_usrreqs = {
1128 .pru_abort = ndrv_abort,
1129 .pru_attach = ndrv_attach,
1130 .pru_bind = ndrv_bind,
1131 .pru_connect = ndrv_connect,
1132 .pru_detach = ndrv_detach,
1133 .pru_disconnect = ndrv_disconnect,
1134 .pru_peeraddr = ndrv_peeraddr,
1135 .pru_send = ndrv_send,
1136 .pru_shutdown = ndrv_shutdown,
1137 .pru_sockaddr = ndrv_sockaddr,
1138 .pru_sosend = sosend,
1139 .pru_soreceive = soreceive,
1140 };
1141
1142 static struct protosw ndrvsw[] = {
1143 {
1144 .pr_type = SOCK_RAW,
1145 .pr_protocol = NDRVPROTO_NDRV,
1146 .pr_flags = PR_ATOMIC | PR_ADDR,
1147 .pr_output = ndrv_output,
1148 .pr_ctloutput = ndrv_ctloutput,
1149 .pr_usrreqs = &ndrv_usrreqs,
1150 }
1151 };
1152
1153 static int ndrv_proto_count = (sizeof(ndrvsw) / sizeof(struct protosw));
1154
1155 struct domain ndrvdomain_s = {
1156 .dom_family = PF_NDRV,
1157 .dom_name = "NetDriver",
1158 .dom_init = ndrv_dominit,
1159 };
1160
1161 static void
ndrv_dominit(struct domain * dp)1162 ndrv_dominit(struct domain *dp)
1163 {
1164 struct protosw *pr;
1165 int i;
1166
1167 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
1168 VERIFY(ndrvdomain == NULL);
1169
1170 ndrvdomain = dp;
1171
1172 for (i = 0, pr = &ndrvsw[0]; i < ndrv_proto_count; i++, pr++) {
1173 net_add_proto(pr, dp, 1);
1174 }
1175 }
1176