1 /*
2 * Copyright (c) 2003-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the project nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 /*
59 * Copyright (c) 1982, 1986, 1991, 1993
60 * The Regents of the University of California. All rights reserved.
61 *
62 * Redistribution and use in source and binary forms, with or without
63 * modification, are permitted provided that the following conditions
64 * are met:
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
70 * 3. All advertising materials mentioning features or use of this software
71 * must display the following acknowledgement:
72 * This product includes software developed by the University of
73 * California, Berkeley and its contributors.
74 * 4. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)in.c 8.2 (Berkeley) 11/15/93
91 */
92
93
94 #include <sys/param.h>
95 #include <sys/ioctl.h>
96 #include <sys/errno.h>
97 #include <sys/malloc.h>
98 #include <sys/socket.h>
99 #include <sys/socketvar.h>
100 #include <sys/sockio.h>
101 #include <sys/systm.h>
102 #include <sys/time.h>
103 #include <sys/kernel.h>
104 #include <sys/syslog.h>
105 #include <sys/kern_event.h>
106 #include <sys/mcache.h>
107 #include <sys/protosw.h>
108 #include <sys/sysctl.h>
109
110 #include <kern/locks.h>
111 #include <kern/zalloc.h>
112 #include <kern/clock.h>
113 #include <libkern/OSAtomic.h>
114 #include <machine/machine_routines.h>
115 #include <mach/boolean.h>
116
117 #include <net/if.h>
118 #include <net/if_types.h>
119 #include <net/if_var.h>
120 #include <net/route.h>
121 #include <net/if_dl.h>
122 #include <net/kpi_protocol.h>
123 #include <net/nwk_wq.h>
124
125 #include <netinet/in.h>
126 #include <netinet/in_var.h>
127 #include <netinet/if_ether.h>
128 #include <netinet/in_systm.h>
129 #include <netinet/ip.h>
130 #include <netinet/in_pcb.h>
131 #include <netinet/icmp6.h>
132 #include <netinet/tcp.h>
133 #include <netinet/tcp_seq.h>
134 #include <netinet/tcp_var.h>
135
136 #include <netinet6/nd6.h>
137 #include <netinet/ip6.h>
138 #include <netinet6/ip6_var.h>
139 #include <netinet6/mld6_var.h>
140 #include <netinet6/in6_ifattach.h>
141 #include <netinet6/scope6_var.h>
142 #include <netinet6/in6_var.h>
143 #include <netinet6/in6_pcb.h>
144
145 #include <net/net_osdep.h>
146
147 #include <net/dlil.h>
148 #include <net/if_llatbl.h>
149
150 #if PF
151 #include <net/pfvar.h>
152 #endif /* PF */
153
154 /*
155 * Definitions of some costant IP6 addresses.
156 */
157 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
158 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
159 const struct in6_addr in6addr_nodelocal_allnodes =
160 IN6ADDR_NODELOCAL_ALLNODES_INIT;
161 const struct in6_addr in6addr_linklocal_allnodes =
162 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
163 const struct in6_addr in6addr_linklocal_allrouters =
164 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
165 const struct in6_addr in6addr_linklocal_allv2routers =
166 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
167 const struct in6_addr in6addr_multicast_prefix =
168 IN6ADDR_MULTICAST_PREFIX;
169
170 const struct in6_addr in6mask0 = IN6MASK0;
171 const struct in6_addr in6mask7 = IN6MASK7;
172 const struct in6_addr in6mask8 = IN6MASK8;
173 const struct in6_addr in6mask16 = IN6MASK16;
174 const struct in6_addr in6mask32 = IN6MASK32;
175 const struct in6_addr in6mask64 = IN6MASK64;
176 const struct in6_addr in6mask96 = IN6MASK96;
177 const struct in6_addr in6mask128 = IN6MASK128;
178
179 const struct sockaddr_in6 sa6_any = {
180 .sin6_len = sizeof(sa6_any),
181 .sin6_family = AF_INET6,
182 .sin6_port = 0,
183 .sin6_flowinfo = 0,
184 .sin6_addr = IN6ADDR_ANY_INIT,
185 .sin6_scope_id = 0
186 };
187
188 static int in6ctl_associd(struct socket *, u_long, caddr_t);
189 static int in6ctl_connid(struct socket *, u_long, caddr_t);
190 static int in6ctl_conninfo(struct socket *, u_long, caddr_t);
191 static int in6ctl_llstart(struct ifnet *, u_long, caddr_t);
192 static int in6ctl_llstop(struct ifnet *);
193 static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t);
194 static int in6ctl_gifaddr(struct ifnet *, struct in6_ifaddr *, u_long,
195 struct in6_ifreq *);
196 static int in6ctl_gifstat(struct ifnet *, u_long, struct in6_ifreq *);
197 static int in6ctl_alifetime(struct in6_ifaddr *, u_long, struct in6_ifreq *,
198 boolean_t);
199 static int in6ctl_aifaddr(struct ifnet *, struct in6_aliasreq *);
200 static void in6ctl_difaddr(struct ifnet *, struct in6_ifaddr *);
201 static int in6_autoconf(struct ifnet *, int);
202 static int in6_setrouter(struct ifnet *, ipv6_router_mode_t);
203 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
204 static int in6_ifaupdate_aux(struct in6_ifaddr *, struct ifnet *, int);
205 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
206 static struct in6_ifaddr *in6_ifaddr_alloc(zalloc_flags_t);
207 static void in6_ifaddr_attached(struct ifaddr *);
208 static void in6_ifaddr_detached(struct ifaddr *);
209 static void in6_ifaddr_free(struct ifaddr *);
210 static void in6_ifaddr_trace(struct ifaddr *, int);
211 #if defined(__LP64__)
212 static void in6_cgareq_32_to_64(const struct in6_cgareq_32 *,
213 struct in6_cgareq_64 *);
214 #else
215 static void in6_cgareq_64_to_32(const struct in6_cgareq_64 *,
216 struct in6_cgareq_32 *);
217 #endif
218 static struct in6_aliasreq *in6_aliasreq_to_native(void *, int,
219 struct in6_aliasreq *);
220 static int in6_to_kamescope(struct sockaddr_in6 *, struct ifnet *);
221 static int in6_getassocids(struct socket *, uint32_t *, user_addr_t);
222 static int in6_getconnids(struct socket *, sae_associd_t, uint32_t *,
223 user_addr_t);
224
225 static void in6_if_up_dad_start(struct ifnet *);
226
227 #define IA6_HASH_INIT(ia) { \
228 (ia)->ia6_hash.tqe_next = (void *)(uintptr_t)-1; \
229 (ia)->ia6_hash.tqe_prev = (void *)(uintptr_t)-1; \
230 }
231
232 #define IA6_IS_HASHED(ia) \
233 (!((ia)->ia6_hash.tqe_next == (void *)(uintptr_t)-1 || \
234 (ia)->ia6_hash.tqe_prev == (void *)(uintptr_t)-1))
235
236 static void in6_iahash_remove(struct in6_ifaddr *);
237 static void in6_iahash_insert(struct in6_ifaddr *);
238 static void in6_iahash_insert_ptp(struct in6_ifaddr *);
239
240 #define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */
241
242 /* For gdb */
243 __private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE;
244
245 struct in6_ifaddr_dbg {
246 struct in6_ifaddr in6ifa; /* in6_ifaddr */
247 struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */
248 u_int16_t in6ifa_refhold_cnt; /* # of IFA_ADDREF */
249 u_int16_t in6ifa_refrele_cnt; /* # of IFA_REMREF */
250 /*
251 * Alloc and free callers.
252 */
253 ctrace_t in6ifa_alloc;
254 ctrace_t in6ifa_free;
255 /*
256 * Circular lists of IFA_ADDREF and IFA_REMREF callers.
257 */
258 ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE];
259 ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE];
260 /*
261 * Trash list linkage
262 */
263 TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link;
264 };
265
266 /* List of trash in6_ifaddr entries protected by in6ifa_trash_lock */
267 static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head;
268 static LCK_MTX_DECLARE_ATTR(in6ifa_trash_lock, &ifa_mtx_grp, &ifa_mtx_attr);
269
270 #if DEBUG
271 static unsigned int in6ifa_debug = 1; /* debugging (enabled) */
272 #else
273 static unsigned int in6ifa_debug; /* debugging (disabled) */
274 #endif /* !DEBUG */
275 static struct zone *in6ifa_zone; /* zone for in6_ifaddr */
276 #define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
277
278 struct eventhandler_lists_ctxt in6_evhdlr_ctxt;
279 struct eventhandler_lists_ctxt in6_clat46_evhdlr_ctxt;
280 /*
281 * Subroutine for in6_ifaddloop() and in6_ifremloop().
282 * This routine does actual work.
283 */
284 static void
in6_ifloop_request(int cmd,struct ifaddr * ifa)285 in6_ifloop_request(int cmd, struct ifaddr *ifa)
286 {
287 struct sockaddr_in6 all1_sa;
288 struct rtentry *nrt = NULL;
289 int e;
290
291 bzero(&all1_sa, sizeof(all1_sa));
292 all1_sa.sin6_family = AF_INET6;
293 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
294 all1_sa.sin6_addr = in6mask128;
295
296 /*
297 * We specify the address itself as the gateway, and set the
298 * RTF_LLINFO flag, so that the corresponding host route would have
299 * the flag, and thus applications that assume traditional behavior
300 * would be happy. Note that we assume the caller of the function
301 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
302 * which changes the outgoing interface to the loopback interface.
303 * ifa_addr for INET6 is set once during init; no need to hold lock.
304 */
305 lck_mtx_lock(rnh_lock);
306 e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
307 (struct sockaddr *)&all1_sa, RTF_UP | RTF_HOST | RTF_LLINFO, &nrt);
308 if (e != 0) {
309 log(LOG_ERR, "in6_ifloop_request: "
310 "%s operation failed for %s (errno=%d)\n",
311 cmd == RTM_ADD ? "ADD" : "DELETE",
312 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr),
313 e);
314 }
315
316 if (nrt != NULL) {
317 RT_LOCK(nrt);
318 }
319 /*
320 * Make sure rt_ifa be equal to IFA, the second argument of the
321 * function.
322 * We need this because when we refer to rt_ifa->ia6_flags in
323 * ip6_input, we assume that the rt_ifa points to the address instead
324 * of the loopback address.
325 */
326 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) {
327 rtsetifa(nrt, ifa);
328 }
329
330 /*
331 * Report the addition/removal of the address to the routing socket.
332 * XXX: since we called rtinit for a p2p interface with a destination,
333 * we end up reporting twice in such a case. Should we rather
334 * omit the second report?
335 */
336 if (nrt != NULL) {
337 rt_newaddrmsg((u_char)cmd, ifa, e, nrt);
338 if (cmd == RTM_DELETE) {
339 RT_UNLOCK(nrt);
340 rtfree_locked(nrt);
341 } else {
342 /* the cmd must be RTM_ADD here */
343 RT_REMREF_LOCKED(nrt);
344 RT_UNLOCK(nrt);
345 }
346 }
347 lck_mtx_unlock(rnh_lock);
348 }
349
350 /*
351 * Add ownaddr as loopback rtentry. We previously add the route only if
352 * necessary (ex. on a p2p link). However, since we now manage addresses
353 * separately from prefixes, we should always add the route. We can't
354 * rely on the cloning mechanism from the corresponding interface route
355 * any more.
356 */
357 static void
in6_ifaddloop(struct ifaddr * ifa)358 in6_ifaddloop(struct ifaddr *ifa)
359 {
360 struct rtentry *rt;
361
362 /*
363 * If there is no loopback entry, allocate one. ifa_addr for
364 * INET6 is set once during init; no need to hold lock.
365 */
366 rt = rtalloc1(ifa->ifa_addr, 0, 0);
367 if (rt != NULL) {
368 RT_LOCK(rt);
369 }
370 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
371 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) {
372 if (rt != NULL) {
373 RT_REMREF_LOCKED(rt);
374 RT_UNLOCK(rt);
375 }
376 in6_ifloop_request(RTM_ADD, ifa);
377 } else if (rt != NULL) {
378 RT_REMREF_LOCKED(rt);
379 RT_UNLOCK(rt);
380 }
381 }
382
383 /*
384 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
385 * if it exists.
386 */
387 static void
in6_ifremloop(struct ifaddr * ifa)388 in6_ifremloop(struct ifaddr *ifa)
389 {
390 struct in6_ifaddr *ia;
391 struct rtentry *rt;
392 int ia_count = 0;
393
394 /*
395 * Some of BSD variants do not remove cloned routes
396 * from an interface direct route, when removing the direct route
397 * (see comments in net/net_osdep.h). Even for variants that do remove
398 * cloned routes, they could fail to remove the cloned routes when
399 * we handle multple addresses that share a common prefix.
400 * So, we should remove the route corresponding to the deleted address
401 * regardless of the result of in6_is_ifloop_auto().
402 */
403
404 /*
405 * Delete the entry only if exact one ifa exists. More than one ifa
406 * can exist if we assign a same single address to multiple
407 * (probably p2p) interfaces.
408 * XXX: we should avoid such a configuration in IPv6...
409 */
410 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
411 TAILQ_FOREACH(ia, IN6ADDR_HASH(IFA_IN6(ifa)), ia6_hash) {
412 IFA_LOCK(&ia->ia_ifa);
413 if (in6_are_addr_equal_scoped(IFA_IN6(ifa), &ia->ia_addr.sin6_addr, IFA_SIN6(ifa)->sin6_scope_id, ia->ia_addr.sin6_scope_id)) {
414 ia_count++;
415 if (ia_count > 1) {
416 IFA_UNLOCK(&ia->ia_ifa);
417 break;
418 }
419 }
420 IFA_UNLOCK(&ia->ia_ifa);
421 }
422 lck_rw_done(&in6_ifaddr_rwlock);
423
424 if (ia_count == 1) {
425 /*
426 * Before deleting, check if a corresponding loopbacked host
427 * route surely exists. With this check, we can avoid to
428 * delete an interface direct route whose destination is same
429 * as the address being removed. This can happen when removing
430 * a subnet-router anycast address on an interface attahced
431 * to a shared medium. ifa_addr for INET6 is set once during
432 * init; no need to hold lock.
433 */
434 rt = rtalloc1(ifa->ifa_addr, 0, 0);
435 if (rt != NULL) {
436 RT_LOCK(rt);
437 if ((rt->rt_flags & RTF_HOST) != 0 &&
438 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
439 RT_REMREF_LOCKED(rt);
440 RT_UNLOCK(rt);
441 in6_ifloop_request(RTM_DELETE, ifa);
442 } else {
443 RT_UNLOCK(rt);
444 }
445 }
446 }
447 }
448
449
450 int
in6_mask2len(struct in6_addr * mask,u_char * lim0)451 in6_mask2len(struct in6_addr *mask, u_char *lim0)
452 {
453 int x = 0, y;
454 u_char *lim = lim0, *p;
455
456 /* ignore the scope_id part */
457 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) {
458 lim = (u_char *)mask + sizeof(*mask);
459 }
460 for (p = (u_char *)mask; p < lim; x++, p++) {
461 if (*p != 0xff) {
462 break;
463 }
464 }
465 y = 0;
466 if (p < lim) {
467 for (y = 0; y < 8; y++) {
468 if ((*p & (0x80 >> y)) == 0) {
469 break;
470 }
471 }
472 }
473
474 /*
475 * when the limit pointer is given, do a stricter check on the
476 * remaining bits.
477 */
478 if (p < lim) {
479 if (y != 0 && (*p & (0x00ff >> y)) != 0) {
480 return -1;
481 }
482 for (p = p + 1; p < lim; p++) {
483 if (*p != 0) {
484 return -1;
485 }
486 }
487 }
488
489 return x * 8 + y;
490 }
491
492 void
in6_len2mask(struct in6_addr * mask,int len)493 in6_len2mask(struct in6_addr *mask, int len)
494 {
495 int i;
496
497 bzero(mask, sizeof(*mask));
498 for (i = 0; i < len / 8; i++) {
499 mask->s6_addr8[i] = 0xff;
500 }
501 if (len % 8) {
502 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff;
503 }
504 }
505
506 void
in6_aliasreq_64_to_32(struct in6_aliasreq_64 * src,struct in6_aliasreq_32 * dst)507 in6_aliasreq_64_to_32(struct in6_aliasreq_64 *src, struct in6_aliasreq_32 *dst)
508 {
509 bzero(dst, sizeof(*dst));
510 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
511 dst->ifra_addr = src->ifra_addr;
512 dst->ifra_dstaddr = src->ifra_dstaddr;
513 dst->ifra_prefixmask = src->ifra_prefixmask;
514 dst->ifra_flags = src->ifra_flags;
515 dst->ifra_lifetime.ia6t_expire = (u_int32_t)src->ifra_lifetime.ia6t_expire;
516 dst->ifra_lifetime.ia6t_preferred = (u_int32_t)src->ifra_lifetime.ia6t_preferred;
517 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
518 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
519 }
520
521 void
in6_aliasreq_32_to_64(struct in6_aliasreq_32 * src,struct in6_aliasreq_64 * dst)522 in6_aliasreq_32_to_64(struct in6_aliasreq_32 *src, struct in6_aliasreq_64 *dst)
523 {
524 bzero(dst, sizeof(*dst));
525 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
526 dst->ifra_addr = src->ifra_addr;
527 dst->ifra_dstaddr = src->ifra_dstaddr;
528 dst->ifra_prefixmask = src->ifra_prefixmask;
529 dst->ifra_flags = src->ifra_flags;
530 dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
531 dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
532 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
533 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
534 }
535
536 #if defined(__LP64__)
537 static void
in6_cgareq_32_to_64(const struct in6_cgareq_32 * src,struct in6_cgareq_64 * dst)538 in6_cgareq_32_to_64(const struct in6_cgareq_32 *src,
539 struct in6_cgareq_64 *dst)
540 {
541 bzero(dst, sizeof(*dst));
542 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
543 dst->cgar_flags = src->cgar_flags;
544 bcopy(src->cgar_cgaprep.cga_modifier.octets,
545 dst->cgar_cgaprep.cga_modifier.octets,
546 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
547 dst->cgar_cgaprep.cga_security_level =
548 src->cgar_cgaprep.cga_security_level;
549 dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
550 dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
551 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
552 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
553 dst->cgar_collision_count = src->cgar_collision_count;
554 }
555 #endif
556
557 #if !defined(__LP64__)
558 static void
in6_cgareq_64_to_32(const struct in6_cgareq_64 * src,struct in6_cgareq_32 * dst)559 in6_cgareq_64_to_32(const struct in6_cgareq_64 *src,
560 struct in6_cgareq_32 *dst)
561 {
562 bzero(dst, sizeof(*dst));
563 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
564 dst->cgar_flags = src->cgar_flags;
565 bcopy(src->cgar_cgaprep.cga_modifier.octets,
566 dst->cgar_cgaprep.cga_modifier.octets,
567 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
568 dst->cgar_cgaprep.cga_security_level =
569 src->cgar_cgaprep.cga_security_level;
570 dst->cgar_lifetime.ia6t_expire = (u_int32_t)src->cgar_lifetime.ia6t_expire;
571 dst->cgar_lifetime.ia6t_preferred = (u_int32_t)src->cgar_lifetime.ia6t_preferred;
572 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
573 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
574 dst->cgar_collision_count = src->cgar_collision_count;
575 }
576 #endif
577
578 static struct in6_aliasreq *
in6_aliasreq_to_native(void * data,int data_is_64,struct in6_aliasreq * dst)579 in6_aliasreq_to_native(void *data, int data_is_64, struct in6_aliasreq *dst)
580 {
581 #if defined(__LP64__)
582 if (data_is_64) {
583 bcopy(data, dst, sizeof(*dst));
584 } else {
585 in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data,
586 (struct in6_aliasreq_64 *)dst);
587 }
588 #else
589 if (data_is_64) {
590 in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data,
591 (struct in6_aliasreq_32 *)dst);
592 } else {
593 bcopy(data, dst, sizeof(*dst));
594 }
595 #endif /* __LP64__ */
596 return dst;
597 }
598
599 void
in6_cgareq_copy_from_user(const void * user_data,int user_is_64,struct in6_cgareq * cgareq)600 in6_cgareq_copy_from_user(const void *user_data, int user_is_64,
601 struct in6_cgareq *cgareq)
602 {
603 #if defined(__LP64__)
604 if (user_is_64) {
605 bcopy(user_data, cgareq, sizeof(*cgareq));
606 } else {
607 in6_cgareq_32_to_64((const struct in6_cgareq_32 *)user_data,
608 (struct in6_cgareq_64 *)cgareq);
609 }
610 #else
611 if (user_is_64) {
612 in6_cgareq_64_to_32((const struct in6_cgareq_64 *)user_data,
613 (struct in6_cgareq_32 *)cgareq);
614 } else {
615 bcopy(user_data, cgareq, sizeof(*cgareq));
616 }
617 #endif /* __LP64__ */
618 }
619
620 static __attribute__((noinline)) int
in6ctl_associd(struct socket * so,u_long cmd,caddr_t data)621 in6ctl_associd(struct socket *so, u_long cmd, caddr_t data)
622 {
623 int error = 0;
624 union {
625 struct so_aidreq32 a32;
626 struct so_aidreq64 a64;
627 } u;
628
629 VERIFY(so != NULL);
630
631 switch (cmd) {
632 case SIOCGASSOCIDS32: { /* struct so_aidreq32 */
633 bcopy(data, &u.a32, sizeof(u.a32));
634 error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
635 if (error == 0) {
636 bcopy(&u.a32, data, sizeof(u.a32));
637 }
638 break;
639 }
640
641 case SIOCGASSOCIDS64: { /* struct so_aidreq64 */
642 bcopy(data, &u.a64, sizeof(u.a64));
643 error = in6_getassocids(so, &u.a64.sar_cnt, (user_addr_t)u.a64.sar_aidp);
644 if (error == 0) {
645 bcopy(&u.a64, data, sizeof(u.a64));
646 }
647 break;
648 }
649
650 default:
651 VERIFY(0);
652 /* NOTREACHED */
653 }
654
655 return error;
656 }
657
658 static __attribute__((noinline)) int
in6ctl_connid(struct socket * so,u_long cmd,caddr_t data)659 in6ctl_connid(struct socket *so, u_long cmd, caddr_t data)
660 {
661 int error = 0;
662 union {
663 struct so_cidreq32 c32;
664 struct so_cidreq64 c64;
665 } u;
666
667 VERIFY(so != NULL);
668
669 switch (cmd) {
670 case SIOCGCONNIDS32: { /* struct so_cidreq32 */
671 bcopy(data, &u.c32, sizeof(u.c32));
672 error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
673 u.c32.scr_cidp);
674 if (error == 0) {
675 bcopy(&u.c32, data, sizeof(u.c32));
676 }
677 break;
678 }
679
680 case SIOCGCONNIDS64: { /* struct so_cidreq64 */
681 bcopy(data, &u.c64, sizeof(u.c64));
682 error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
683 (user_addr_t)u.c64.scr_cidp);
684 if (error == 0) {
685 bcopy(&u.c64, data, sizeof(u.c64));
686 }
687 break;
688 }
689
690 default:
691 VERIFY(0);
692 /* NOTREACHED */
693 }
694
695 return error;
696 }
697
698 static __attribute__((noinline)) int
in6ctl_conninfo(struct socket * so,u_long cmd,caddr_t data)699 in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
700 {
701 int error = 0;
702 union {
703 struct so_cinforeq32 ci32;
704 struct so_cinforeq64 ci64;
705 } u;
706
707 VERIFY(so != NULL);
708
709 switch (cmd) {
710 case SIOCGCONNINFO32: { /* struct so_cinforeq32 */
711 bcopy(data, &u.ci32, sizeof(u.ci32));
712 error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
713 &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
714 &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
715 &u.ci32.scir_aux_type, u.ci32.scir_aux_data,
716 &u.ci32.scir_aux_len);
717 if (error == 0) {
718 bcopy(&u.ci32, data, sizeof(u.ci32));
719 }
720 break;
721 }
722
723 case SIOCGCONNINFO64: { /* struct so_cinforeq64 */
724 bcopy(data, &u.ci64, sizeof(u.ci64));
725 error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
726 &u.ci64.scir_ifindex, &u.ci64.scir_error, (user_addr_t)u.ci64.scir_src,
727 &u.ci64.scir_src_len, (user_addr_t)u.ci64.scir_dst, &u.ci64.scir_dst_len,
728 &u.ci64.scir_aux_type, (user_addr_t)u.ci64.scir_aux_data,
729 &u.ci64.scir_aux_len);
730 if (error == 0) {
731 bcopy(&u.ci64, data, sizeof(u.ci64));
732 }
733 break;
734 }
735
736 default:
737 VERIFY(0);
738 /* NOTREACHED */
739 }
740
741 return error;
742 }
743
744 static __attribute__((noinline)) int
in6ctl_llstart(struct ifnet * ifp,u_long cmd,caddr_t data)745 in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data)
746 {
747 struct in6_aliasreq sifra, *ifra = NULL;
748 boolean_t is64;
749 int error = 0;
750
751 VERIFY(ifp != NULL);
752
753 switch (cmd) {
754 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
755 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
756 is64 = (cmd == SIOCLL_START_64);
757 /*
758 * Convert user ifra to the kernel form, when appropriate.
759 * This allows the conversion between different data models
760 * to be centralized, so that it can be passed around to other
761 * routines that are expecting the kernel form.
762 */
763 ifra = in6_aliasreq_to_native(data, is64, &sifra);
764
765 /*
766 * NOTE: All the interface specific DLIL attachements should
767 * be done here. They are currently done in in6_ifattach_aux()
768 * for the interfaces that need it.
769 */
770 if (ifra->ifra_addr.sin6_family == AF_INET6 &&
771 /* Only check ifra_dstaddr if valid */
772 (ifra->ifra_dstaddr.sin6_len == 0 ||
773 ifra->ifra_dstaddr.sin6_family == AF_INET6)) {
774 /* some interfaces may provide LinkLocal addresses */
775 error = in6_ifattach_aliasreq(ifp, NULL, ifra);
776 } else {
777 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
778 }
779 if (error == 0) {
780 in6_if_up_dad_start(ifp);
781 }
782 break;
783
784 default:
785 VERIFY(0);
786 /* NOTREACHED */
787 }
788
789 return error;
790 }
791
792 static __attribute__((noinline)) int
in6ctl_llstop(struct ifnet * ifp)793 in6ctl_llstop(struct ifnet *ifp)
794 {
795 struct in6_ifaddr *ia;
796 struct nd_prefix pr0, *pr;
797
798 VERIFY(ifp != NULL);
799
800 /* Remove link local addresses from interface */
801 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
802 boolean_t from_begining = TRUE;
803 while (from_begining) {
804 from_begining = FALSE;
805 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
806 if (ia->ia_ifa.ifa_ifp != ifp) {
807 continue;
808 }
809 IFA_LOCK(&ia->ia_ifa);
810 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
811 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
812 IFA_UNLOCK(&ia->ia_ifa);
813 lck_rw_done(&in6_ifaddr_rwlock);
814 in6_purgeaddr(&ia->ia_ifa);
815 IFA_REMREF(&ia->ia_ifa); /* for us */
816 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
817 /*
818 * Purging the address caused in6_ifaddr_rwlock
819 * to be dropped and reacquired;
820 * therefore search again from the beginning
821 * of in6_ifaddrs list.
822 */
823 from_begining = TRUE;
824 break;
825 }
826 IFA_UNLOCK(&ia->ia_ifa);
827 }
828 }
829 lck_rw_done(&in6_ifaddr_rwlock);
830
831 /* Delete the link local prefix */
832 bzero(&pr0, sizeof(pr0));
833 pr0.ndpr_plen = 64;
834 pr0.ndpr_ifp = ifp;
835 pr0.ndpr_prefix.sin6_addr.s6_addr16[0] = IPV6_ADDR_INT16_ULL;
836 (void)in6_setscope(&pr0.ndpr_prefix.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&pr0.ndpr_prefix.sin6_scope_id));
837 pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC);
838 if (pr) {
839 lck_mtx_lock(nd6_mutex);
840 NDPR_LOCK(pr);
841 prelist_remove(pr);
842 NDPR_UNLOCK(pr);
843 NDPR_REMREF(pr); /* Drop the reference from lookup */
844 lck_mtx_unlock(nd6_mutex);
845 }
846
847 return 0;
848 }
849
850 /*
851 * This routine configures secure link local address
852 */
853 static __attribute__((noinline)) int
in6ctl_cgastart(struct ifnet * ifp,u_long cmd,caddr_t data)854 in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data)
855 {
856 struct in6_cgareq llcgasr;
857 int is64, error = 0;
858
859 VERIFY(ifp != NULL);
860
861 switch (cmd) {
862 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
863 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
864 is64 = (cmd == SIOCLL_CGASTART_64);
865 /*
866 * Convert user cgareq to the kernel form, when appropriate.
867 * This allows the conversion between different data models
868 * to be centralized, so that it can be passed around to other
869 * routines that are expecting the kernel form.
870 */
871 in6_cgareq_copy_from_user(data, is64, &llcgasr);
872
873 /*
874 * NOTE: All the interface specific DLIL attachements
875 * should be done here. They are currently done in
876 * in6_ifattach_cgareq() for the interfaces that
877 * need it.
878 */
879 error = in6_ifattach_llcgareq(ifp, &llcgasr);
880 if (error == 0) {
881 in6_if_up_dad_start(ifp);
882 }
883 break;
884
885 default:
886 VERIFY(0);
887 /* NOTREACHED */
888 }
889
890 return error;
891 }
892
893 /*
894 * Caller passes in the ioctl data pointer directly via "ifr", with the
895 * expectation that this routine always uses bcopy() or other byte-aligned
896 * memory accesses.
897 */
898 static __attribute__((noinline)) int
in6ctl_gifaddr(struct ifnet * ifp,struct in6_ifaddr * ia,u_long cmd,struct in6_ifreq * ifr)899 in6ctl_gifaddr(struct ifnet *ifp, struct in6_ifaddr *ia, u_long cmd,
900 struct in6_ifreq *ifr)
901 {
902 struct sockaddr_in6 addr;
903 int error = 0;
904
905 VERIFY(ifp != NULL);
906
907 if (ia == NULL) {
908 return EADDRNOTAVAIL;
909 }
910
911 switch (cmd) {
912 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
913 IFA_LOCK(&ia->ia_ifa);
914 bcopy(&ia->ia_addr, &addr, sizeof(addr));
915 IFA_UNLOCK(&ia->ia_ifa);
916 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
917 break;
918 }
919 bcopy(&addr, &ifr->ifr_addr, sizeof(addr));
920 break;
921
922 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
923 if (!(ifp->if_flags & IFF_POINTOPOINT)) {
924 error = EINVAL;
925 break;
926 }
927 /*
928 * XXX: should we check if ifa_dstaddr is NULL and return
929 * an error?
930 */
931 IFA_LOCK(&ia->ia_ifa);
932 bcopy(&ia->ia_dstaddr, &addr, sizeof(addr));
933 IFA_UNLOCK(&ia->ia_ifa);
934 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
935 break;
936 }
937 bcopy(&addr, &ifr->ifr_dstaddr, sizeof(addr));
938 break;
939
940 default:
941 VERIFY(0);
942 /* NOTREACHED */
943 }
944
945 return error;
946 }
947
948 /*
949 * Caller passes in the ioctl data pointer directly via "ifr", with the
950 * expectation that this routine always uses bcopy() or other byte-aligned
951 * memory accesses.
952 */
953 static __attribute__((noinline)) int
in6ctl_gifstat(struct ifnet * ifp,u_long cmd,struct in6_ifreq * ifr)954 in6ctl_gifstat(struct ifnet *ifp, u_long cmd, struct in6_ifreq *ifr)
955 {
956 int error = 0, index;
957
958 VERIFY(ifp != NULL);
959 index = ifp->if_index;
960
961 switch (cmd) {
962 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
963 /* N.B.: if_inet6data is never freed once set. */
964 if (IN6_IFEXTRA(ifp) == NULL) {
965 /* return (EAFNOSUPPORT)? */
966 bzero(&ifr->ifr_ifru.ifru_stat,
967 sizeof(ifr->ifr_ifru.ifru_stat));
968 } else {
969 bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat,
970 &ifr->ifr_ifru.ifru_stat,
971 sizeof(ifr->ifr_ifru.ifru_stat));
972 }
973 break;
974
975 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
976 /* N.B.: if_inet6data is never freed once set. */
977 if (IN6_IFEXTRA(ifp) == NULL) {
978 /* return (EAFNOSUPPORT)? */
979 bzero(&ifr->ifr_ifru.ifru_icmp6stat,
980 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
981 } else {
982 bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat,
983 &ifr->ifr_ifru.ifru_icmp6stat,
984 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
985 }
986 break;
987
988 default:
989 VERIFY(0);
990 /* NOTREACHED */
991 }
992
993 return error;
994 }
995
996 /*
997 * Caller passes in the ioctl data pointer directly via "ifr", with the
998 * expectation that this routine always uses bcopy() or other byte-aligned
999 * memory accesses.
1000 */
1001 static __attribute__((noinline)) int
in6ctl_alifetime(struct in6_ifaddr * ia,u_long cmd,struct in6_ifreq * ifr,boolean_t p64)1002 in6ctl_alifetime(struct in6_ifaddr *ia, u_long cmd, struct in6_ifreq *ifr,
1003 boolean_t p64)
1004 {
1005 uint64_t timenow = net_uptime();
1006 struct in6_addrlifetime ia6_lt;
1007 struct timeval caltime;
1008 int error = 0;
1009
1010 if (ia == NULL) {
1011 return EADDRNOTAVAIL;
1012 }
1013
1014 switch (cmd) {
1015 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1016 IFA_LOCK(&ia->ia_ifa);
1017 /* retrieve time as calendar time (last arg is 1) */
1018 in6ifa_getlifetime(ia, &ia6_lt, 1);
1019 if (p64) {
1020 struct in6_addrlifetime_64 lt;
1021
1022 bzero(<, sizeof(lt));
1023 lt.ia6t_expire = ia6_lt.ia6t_expire;
1024 lt.ia6t_preferred = ia6_lt.ia6t_preferred;
1025 lt.ia6t_vltime = ia6_lt.ia6t_vltime;
1026 lt.ia6t_pltime = ia6_lt.ia6t_pltime;
1027 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1028 } else {
1029 struct in6_addrlifetime_32 lt;
1030
1031 bzero(<, sizeof(lt));
1032 lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire;
1033 lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred;
1034 lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime;
1035 lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime;
1036 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1037 }
1038 IFA_UNLOCK(&ia->ia_ifa);
1039 break;
1040
1041 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1042 getmicrotime(&caltime);
1043
1044 /* sanity for overflow - beware unsigned */
1045 if (p64) {
1046 struct in6_addrlifetime_64 lt;
1047
1048 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1049 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1050 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1051 error = EINVAL;
1052 break;
1053 }
1054 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1055 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1056 error = EINVAL;
1057 break;
1058 }
1059 } else {
1060 struct in6_addrlifetime_32 lt;
1061
1062 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1063 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1064 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1065 error = EINVAL;
1066 break;
1067 }
1068 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1069 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1070 error = EINVAL;
1071 break;
1072 }
1073 }
1074
1075 IFA_LOCK(&ia->ia_ifa);
1076 if (p64) {
1077 struct in6_addrlifetime_64 lt;
1078
1079 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1080 ia6_lt.ia6t_expire = (time_t)lt.ia6t_expire;
1081 ia6_lt.ia6t_preferred = (time_t)lt.ia6t_preferred;
1082 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1083 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1084 } else {
1085 struct in6_addrlifetime_32 lt;
1086
1087 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
1088 ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire;
1089 ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred;
1090 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1091 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1092 }
1093 /* for sanity */
1094 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1095 ia6_lt.ia6t_expire = (time_t)(timenow + ia6_lt.ia6t_vltime);
1096 } else {
1097 ia6_lt.ia6t_expire = 0;
1098 }
1099
1100 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1101 ia6_lt.ia6t_preferred = (time_t)(timenow + ia6_lt.ia6t_pltime);
1102 } else {
1103 ia6_lt.ia6t_preferred = 0;
1104 }
1105
1106 in6ifa_setlifetime(ia, &ia6_lt);
1107 IFA_UNLOCK(&ia->ia_ifa);
1108 break;
1109
1110 default:
1111 VERIFY(0);
1112 /* NOTREACHED */
1113 }
1114
1115 return error;
1116 }
1117
1118 static int
in6ctl_clat46start(struct ifnet * ifp)1119 in6ctl_clat46start(struct ifnet *ifp)
1120 {
1121 struct nd_prefix *pr = NULL;
1122 struct nd_prefix *next = NULL;
1123 struct in6_ifaddr *ia6 = NULL;
1124 int error = 0;
1125
1126 if (ifp == lo_ifp) {
1127 return EINVAL;
1128 }
1129 /*
1130 * Traverse the list of prefixes and find the first non-linklocal
1131 * prefix on the interface.
1132 * For that found eligible prefix, configure a CLAT46 reserved address.
1133 */
1134 lck_mtx_lock(nd6_mutex);
1135 for (pr = nd_prefix.lh_first; pr; pr = next) {
1136 next = pr->ndpr_next;
1137
1138 NDPR_LOCK(pr);
1139 if (pr->ndpr_ifp != ifp) {
1140 NDPR_UNLOCK(pr);
1141 continue;
1142 }
1143
1144 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
1145 NDPR_UNLOCK(pr);
1146 continue; /* XXX */
1147 }
1148
1149 if (pr->ndpr_raf_auto == 0) {
1150 NDPR_UNLOCK(pr);
1151 continue;
1152 }
1153
1154 if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
1155 NDPR_UNLOCK(pr);
1156 continue;
1157 }
1158
1159 if ((pr->ndpr_stateflags & NDPRF_CLAT46) == 0
1160 && pr->ndpr_vltime != 0) {
1161 NDPR_ADDREF(pr); /* Take reference for rest of the processing */
1162 NDPR_UNLOCK(pr);
1163 break;
1164 } else {
1165 NDPR_UNLOCK(pr);
1166 continue;
1167 }
1168 }
1169 lck_mtx_unlock(nd6_mutex);
1170
1171 if (pr != NULL) {
1172 if ((ia6 = in6_pfx_newpersistaddr(pr, FALSE, &error,
1173 TRUE, CLAT46_COLLISION_COUNT_OFFSET)) == NULL) {
1174 nd6log0(error,
1175 "Could not configure CLAT46 address on"
1176 " interface %s.\n", ifp->if_xname);
1177 } else {
1178 IFA_LOCK(&ia6->ia_ifa);
1179 NDPR_LOCK(pr);
1180 ia6->ia6_ndpr = pr;
1181 NDPR_ADDREF(pr); /* for addr reference */
1182 pr->ndpr_stateflags |= NDPRF_CLAT46;
1183 pr->ndpr_addrcnt++;
1184 VERIFY(pr->ndpr_addrcnt != 0);
1185 NDPR_UNLOCK(pr);
1186 IFA_UNLOCK(&ia6->ia_ifa);
1187 IFA_REMREF(&ia6->ia_ifa);
1188 ia6 = NULL;
1189 /*
1190 * A newly added address might affect the status
1191 * of other addresses, so we check and update it.
1192 * XXX: what if address duplication happens?
1193 */
1194 lck_mtx_lock(nd6_mutex);
1195 pfxlist_onlink_check();
1196 lck_mtx_unlock(nd6_mutex);
1197 }
1198 NDPR_REMREF(pr);
1199 }
1200 return error;
1201 }
1202
1203 static int
in6ctl_clat46stop(struct ifnet * ifp)1204 in6ctl_clat46stop(struct ifnet *ifp)
1205 {
1206 int error = 0;
1207 struct in6_ifaddr *ia = NULL;
1208
1209 if (ifp == lo_ifp) {
1210 return EINVAL;
1211 }
1212 if ((ifp->if_eflags & IFEF_CLAT46) == 0) {
1213 /* CLAT46 isn't enabled */
1214 goto done;
1215 }
1216 if_clear_eflags(ifp, IFEF_CLAT46);
1217
1218 /* find CLAT46 address and remove it */
1219 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1220 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
1221 if (ia->ia_ifa.ifa_ifp != ifp) {
1222 continue;
1223 }
1224 IFA_LOCK(&ia->ia_ifa);
1225 if ((ia->ia6_flags & IN6_IFF_CLAT46) != 0) {
1226 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
1227 IFA_UNLOCK(&ia->ia_ifa);
1228 lck_rw_done(&in6_ifaddr_rwlock);
1229 in6_purgeaddr(&ia->ia_ifa);
1230 IFA_REMREF(&ia->ia_ifa); /* for us */
1231 goto done;
1232 }
1233 IFA_UNLOCK(&ia->ia_ifa);
1234 }
1235 lck_rw_done(&in6_ifaddr_rwlock);
1236
1237 done:
1238 return error;
1239 }
1240
1241 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(void *)(ifa))
1242
1243 /*
1244 * Generic INET6 control operations (ioctl's).
1245 *
1246 * ifp is NULL if not an interface-specific ioctl.
1247 *
1248 * Most of the routines called to handle the ioctls would end up being
1249 * tail-call optimized, which unfortunately causes this routine to
1250 * consume too much stack space; this is the reason for the "noinline"
1251 * attribute used on those routines.
1252 *
1253 * If called directly from within the networking stack (as opposed to via
1254 * pru_control), the socket parameter may be NULL.
1255 */
1256 int
in6_control(struct socket * so,u_long cmd,caddr_t data,struct ifnet * ifp,struct proc * p)1257 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
1258 struct proc *p)
1259 {
1260 struct in6_ifreq *ifr = (struct in6_ifreq *)(void *)data;
1261 struct in6_aliasreq sifra, *ifra = NULL;
1262 struct in6_ifaddr *ia = NULL;
1263 struct sockaddr_in6 sin6, *sa6 = NULL;
1264 boolean_t privileged = (proc_suser(p) == 0);
1265 boolean_t p64 = proc_is64bit(p);
1266 boolean_t so_unlocked = FALSE;
1267 int intval, error = 0;
1268
1269 /* In case it's NULL, make sure it came from the kernel */
1270 VERIFY(so != NULL || p == kernproc);
1271
1272 /*
1273 * ioctls which don't require ifp, may require socket.
1274 */
1275 switch (cmd) {
1276 case SIOCAADDRCTL_POLICY: /* struct in6_addrpolicy */
1277 case SIOCDADDRCTL_POLICY: /* struct in6_addrpolicy */
1278 if (!privileged) {
1279 return EPERM;
1280 }
1281 return in6_src_ioctl(cmd, data);
1282 /* NOTREACHED */
1283
1284 case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */
1285 case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */
1286 case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */
1287 case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */
1288 if (!privileged) {
1289 return EPERM;
1290 }
1291 return defrtrlist_ioctl(cmd, data);
1292 /* NOTREACHED */
1293
1294 case SIOCGASSOCIDS32: /* struct so_aidreq32 */
1295 case SIOCGASSOCIDS64: /* struct so_aidreq64 */
1296 return in6ctl_associd(so, cmd, data);
1297 /* NOTREACHED */
1298
1299 case SIOCGCONNIDS32: /* struct so_cidreq32 */
1300 case SIOCGCONNIDS64: /* struct so_cidreq64 */
1301 return in6ctl_connid(so, cmd, data);
1302 /* NOTREACHED */
1303
1304 case SIOCGCONNINFO32: /* struct so_cinforeq32 */
1305 case SIOCGCONNINFO64: /* struct so_cinforeq64 */
1306 return in6ctl_conninfo(so, cmd, data);
1307 /* NOTREACHED */
1308 }
1309
1310 /*
1311 * The rest of ioctls require ifp; reject if we don't have one;
1312 * return ENXIO to be consistent with ifioctl().
1313 */
1314 if (ifp == NULL) {
1315 return ENXIO;
1316 }
1317
1318 /*
1319 * Unlock the socket since ifnet_ioctl() may be invoked by
1320 * one of the ioctl handlers below. Socket will be re-locked
1321 * prior to returning.
1322 */
1323 if (so != NULL) {
1324 socket_unlock(so, 0);
1325 so_unlocked = TRUE;
1326 }
1327
1328 lck_mtx_lock(&ifp->if_inet6_ioctl_lock);
1329 while (ifp->if_inet6_ioctl_busy) {
1330 (void) msleep(&ifp->if_inet6_ioctl_busy, &ifp->if_inet6_ioctl_lock, (PZERO - 1),
1331 __func__, NULL);
1332 LCK_MTX_ASSERT(&ifp->if_inet6_ioctl_lock, LCK_MTX_ASSERT_OWNED);
1333 }
1334 ifp->if_inet6_ioctl_busy = TRUE;
1335 lck_mtx_unlock(&ifp->if_inet6_ioctl_lock);
1336
1337 /*
1338 * ioctls which require ifp but not interface address.
1339 */
1340 switch (cmd) {
1341 case SIOCAUTOCONF_START: /* struct in6_ifreq */
1342 if (!privileged) {
1343 error = EPERM;
1344 goto done;
1345 }
1346 error = in6_autoconf(ifp, TRUE);
1347 goto done;
1348
1349 case SIOCAUTOCONF_STOP: /* struct in6_ifreq */
1350 if (!privileged) {
1351 error = EPERM;
1352 goto done;
1353 }
1354 error = in6_autoconf(ifp, FALSE);
1355 goto done;
1356
1357 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
1358 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
1359 if (!privileged) {
1360 error = EPERM;
1361 goto done;
1362 }
1363 error = in6ctl_llstart(ifp, cmd, data);
1364 goto done;
1365
1366 case SIOCLL_STOP: /* struct in6_ifreq */
1367 if (!privileged) {
1368 error = EPERM;
1369 goto done;
1370 }
1371 error = in6ctl_llstop(ifp);
1372 goto done;
1373
1374 case SIOCCLAT46_START: /* struct in6_ifreq */
1375 if (!privileged) {
1376 error = EPERM;
1377 goto done;
1378 }
1379 error = in6ctl_clat46start(ifp);
1380 if (error == 0) {
1381 if_set_eflags(ifp, IFEF_CLAT46);
1382 }
1383 goto done;
1384
1385 case SIOCCLAT46_STOP: /* struct in6_ifreq */
1386 if (!privileged) {
1387 error = EPERM;
1388 goto done;
1389 }
1390 error = in6ctl_clat46stop(ifp);
1391 goto done;
1392 case SIOCGETROUTERMODE_IN6: /* struct in6_ifreq */
1393 intval = ifp->if_ipv6_router_mode;
1394 bcopy(&intval, &((struct in6_ifreq *)(void *)data)->ifr_intval,
1395 sizeof(intval));
1396 goto done;
1397 case SIOCSETROUTERMODE_IN6: /* struct in6_ifreq */
1398 if (!privileged) {
1399 error = EPERM;
1400 goto done;
1401 }
1402 bcopy(&((struct in6_ifreq *)(void *)data)->ifr_intval,
1403 &intval, sizeof(intval));
1404 switch (intval) {
1405 case IPV6_ROUTER_MODE_DISABLED:
1406 case IPV6_ROUTER_MODE_EXCLUSIVE:
1407 case IPV6_ROUTER_MODE_HYBRID:
1408 break;
1409 default:
1410 error = EINVAL;
1411 goto done;
1412 }
1413 error = in6_setrouter(ifp, (ipv6_router_mode_t)intval);
1414 goto done;
1415
1416 case SIOCPROTOATTACH_IN6_32: /* struct in6_aliasreq_32 */
1417 case SIOCPROTOATTACH_IN6_64: /* struct in6_aliasreq_64 */
1418 if (!privileged) {
1419 error = EPERM;
1420 goto done;
1421 }
1422 error = in6_domifattach(ifp);
1423 goto done;
1424
1425 case SIOCPROTODETACH_IN6: /* struct in6_ifreq */
1426 if (!privileged) {
1427 error = EPERM;
1428 goto done;
1429 }
1430 /* Cleanup interface routes and addresses */
1431 in6_purgeif(ifp);
1432
1433 if ((error = proto_unplumb(PF_INET6, ifp))) {
1434 log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n",
1435 if_name(ifp), error);
1436 }
1437 goto done;
1438
1439 case SIOCSNDFLUSH_IN6: /* struct in6_ifreq */
1440 case SIOCSPFXFLUSH_IN6: /* struct in6_ifreq */
1441 case SIOCSRTRFLUSH_IN6: /* struct in6_ifreq */
1442 case SIOCSDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1443 case SIOCSDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1444 case SIOCSIFINFO_FLAGS: /* struct in6_ndireq */
1445 case SIOCGIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1446 case SIOCGIFCGAPREP_IN6_64: /* struct in6_cgareq_64 */
1447 case SIOCSIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1448 case SIOCSIFCGAPREP_IN6_64: /* struct in6_cgareq_32 */
1449 if (!privileged) {
1450 error = EPERM;
1451 goto done;
1452 }
1453 OS_FALLTHROUGH;
1454 case OSIOCGIFINFO_IN6: /* struct in6_ondireq */
1455 case SIOCGIFINFO_IN6: /* struct in6_ondireq */
1456 case SIOCGDRLST_IN6_32: /* struct in6_drlist_32 */
1457 case SIOCGDRLST_IN6_64: /* struct in6_drlist_64 */
1458 case SIOCGPRLST_IN6_32: /* struct in6_prlist_32 */
1459 case SIOCGPRLST_IN6_64: /* struct in6_prlist_64 */
1460 case SIOCGNBRINFO_IN6_32: /* struct in6_nbrinfo_32 */
1461 case SIOCGNBRINFO_IN6_64: /* struct in6_nbrinfo_64 */
1462 case SIOCGDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1463 case SIOCGDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1464 error = nd6_ioctl(cmd, data, ifp);
1465 goto done;
1466
1467 case SIOCSIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1468 case SIOCDIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1469 case SIOCAIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1470 case SIOCCIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1471 case SIOCSGIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1472 case SIOCGIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1473 log(LOG_NOTICE,
1474 "prefix ioctls are now invalidated. "
1475 "please use ifconfig.\n");
1476 error = EOPNOTSUPP;
1477 goto done;
1478
1479 case SIOCSSCOPE6: /* struct in6_ifreq (deprecated) */
1480 case SIOCGSCOPE6: /* struct in6_ifreq (deprecated) */
1481 case SIOCGSCOPE6DEF: /* struct in6_ifreq (deprecated) */
1482 error = EOPNOTSUPP;
1483 goto done;
1484
1485 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
1486 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
1487 if (!privileged) {
1488 error = EPERM;
1489 } else {
1490 error = in6ctl_cgastart(ifp, cmd, data);
1491 }
1492 goto done;
1493
1494 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
1495 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
1496 error = in6ctl_gifstat(ifp, cmd, ifr);
1497 goto done;
1498 }
1499
1500 /*
1501 * ioctls which require interface address; obtain sockaddr_in6.
1502 */
1503 switch (cmd) {
1504 case SIOCSIFADDR_IN6: /* struct in6_ifreq (deprecated) */
1505 case SIOCSIFDSTADDR_IN6: /* struct in6_ifreq (deprecated) */
1506 case SIOCSIFNETMASK_IN6: /* struct in6_ifreq (deprecated) */
1507 /*
1508 * Since IPv6 allows a node to assign multiple addresses
1509 * on a single interface, SIOCSIFxxx ioctls are deprecated.
1510 */
1511 /* we decided to obsolete this command (20000704) */
1512 error = EOPNOTSUPP;
1513 goto done;
1514
1515 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1516 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1517 if (!privileged) {
1518 error = EPERM;
1519 goto done;
1520 }
1521 /*
1522 * Convert user ifra to the kernel form, when appropriate.
1523 * This allows the conversion between different data models
1524 * to be centralized, so that it can be passed around to other
1525 * routines that are expecting the kernel form.
1526 */
1527 ifra = in6_aliasreq_to_native(data,
1528 (cmd == SIOCAIFADDR_IN6_64), &sifra);
1529 bcopy(&ifra->ifra_addr, &sin6, sizeof(sin6));
1530 sa6 = &sin6;
1531 break;
1532
1533 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1534 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1535 if (!privileged) {
1536 error = EPERM;
1537 goto done;
1538 }
1539 OS_FALLTHROUGH;
1540 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1541 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1542 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1543 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1544 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1545 bcopy(&ifr->ifr_addr, &sin6, sizeof(sin6));
1546 sa6 = &sin6;
1547 break;
1548 case SIOCGIFDSTADDR:
1549 case SIOCSIFDSTADDR:
1550 case SIOCGIFBRDADDR:
1551 case SIOCSIFBRDADDR:
1552 case SIOCGIFNETMASK:
1553 case SIOCSIFNETMASK:
1554 case SIOCGIFADDR:
1555 case SIOCSIFADDR:
1556 case SIOCAIFADDR:
1557 case SIOCDIFADDR:
1558 /* Do not handle these AF_INET commands in AF_INET6 path */
1559 error = EINVAL;
1560 goto done;
1561 }
1562
1563 /*
1564 * Find address for this interface, if it exists.
1565 *
1566 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
1567 * only, and used the first interface address as the target of other
1568 * operations (without checking ifra_addr). This was because netinet
1569 * code/API assumed at most 1 interface address per interface.
1570 * Since IPv6 allows a node to assign multiple addresses
1571 * on a single interface, we almost always look and check the
1572 * presence of ifra_addr, and reject invalid ones here.
1573 * It also decreases duplicated code among SIOC*_IN6 operations.
1574 */
1575 VERIFY(ia == NULL);
1576 if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
1577 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
1578 if (in6_embedded_scope) {
1579 if (sa6->sin6_addr.s6_addr16[1] == 0) {
1580 /* link ID is not embedded by the user */
1581 sa6->sin6_addr.s6_addr16[1] =
1582 htons(ifp->if_index);
1583 } else if (sa6->sin6_addr.s6_addr16[1] !=
1584 htons(ifp->if_index)) {
1585 error = EINVAL; /* link ID contradicts */
1586 goto done;
1587 }
1588 if (sa6->sin6_scope_id) {
1589 if (sa6->sin6_scope_id !=
1590 (u_int32_t)ifp->if_index) {
1591 error = EINVAL;
1592 goto done;
1593 }
1594 sa6->sin6_scope_id = 0; /* XXX: good way? */
1595 }
1596 } else {
1597 if (sa6->sin6_scope_id == IFSCOPE_NONE) {
1598 sa6->sin6_scope_id = ifp->if_index;
1599 } else if (sa6->sin6_scope_id != ifp->if_index) {
1600 error = EINVAL; /* link ID contradicts */
1601 goto done;
1602 }
1603 }
1604 }
1605 /*
1606 * Any failures from this point on must take into account
1607 * a non-NULL "ia" with an outstanding reference count, and
1608 * therefore requires IFA_REMREF. Jump to "done" label
1609 * instead of calling return if "ia" is valid.
1610 */
1611 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
1612 }
1613
1614 /*
1615 * SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests.
1616 */
1617 switch (cmd) {
1618 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1619 if (ia == NULL) {
1620 error = EADDRNOTAVAIL;
1621 goto done;
1622 }
1623 OS_FALLTHROUGH;
1624 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1625 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1626 VERIFY(sa6 != NULL);
1627 /*
1628 * We always require users to specify a valid IPv6 address for
1629 * the corresponding operation. Use "sa6" instead of "ifra"
1630 * since SIOCDIFADDR_IN6 falls thru above.
1631 */
1632 if (sa6->sin6_family != AF_INET6 ||
1633 sa6->sin6_len != sizeof(struct sockaddr_in6)) {
1634 error = EAFNOSUPPORT;
1635 goto done;
1636 }
1637
1638 if ((cmd == SIOCAIFADDR_IN6_32 || cmd == SIOCAIFADDR_IN6_64) &&
1639 (IN6_IS_ADDR_UNSPECIFIED(&sa6->sin6_addr) ||
1640 IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr) ||
1641 IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr) ||
1642 IN6_IS_ADDR_V4COMPAT(&sa6->sin6_addr))) {
1643 error = EINVAL;
1644 goto done;
1645 }
1646 break;
1647 }
1648
1649 /*
1650 * And finally process address-related ioctls.
1651 */
1652 switch (cmd) {
1653 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1654 /* This interface is basically deprecated. use SIOCGIFCONF. */
1655 /* FALLTHRU */
1656 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1657 error = in6ctl_gifaddr(ifp, ia, cmd, ifr);
1658 break;
1659
1660 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1661 if (ia != NULL) {
1662 IFA_LOCK(&ia->ia_ifa);
1663 bcopy(&ia->ia_prefixmask, &ifr->ifr_addr,
1664 sizeof(struct sockaddr_in6));
1665 IFA_UNLOCK(&ia->ia_ifa);
1666 } else {
1667 error = EADDRNOTAVAIL;
1668 }
1669 break;
1670
1671 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1672 if (ia != NULL) {
1673 IFA_LOCK(&ia->ia_ifa);
1674 bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6,
1675 sizeof(ifr->ifr_ifru.ifru_flags6));
1676 IFA_UNLOCK(&ia->ia_ifa);
1677 } else {
1678 error = EADDRNOTAVAIL;
1679 }
1680 break;
1681
1682 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1683 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1684 error = in6ctl_alifetime(ia, cmd, ifr, p64);
1685 break;
1686
1687 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1688 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1689 error = in6ctl_aifaddr(ifp, ifra);
1690 break;
1691
1692 case SIOCDIFADDR_IN6:
1693 in6ctl_difaddr(ifp, ia);
1694 break;
1695
1696 default:
1697 error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
1698 break;
1699 }
1700
1701 done:
1702 if (ifp != NULL) {
1703 lck_mtx_lock(&ifp->if_inet6_ioctl_lock);
1704 ifp->if_inet6_ioctl_busy = FALSE;
1705 lck_mtx_unlock(&ifp->if_inet6_ioctl_lock);
1706 wakeup(&ifp->if_inet6_ioctl_busy);
1707 }
1708
1709 if (ia != NULL) {
1710 IFA_REMREF(&ia->ia_ifa);
1711 }
1712 if (so_unlocked) {
1713 socket_lock(so, 0);
1714 }
1715
1716 return error;
1717 }
1718
1719 static __attribute__((noinline)) int
in6ctl_aifaddr(struct ifnet * ifp,struct in6_aliasreq * ifra)1720 in6ctl_aifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra)
1721 {
1722 int i, error, addtmp;
1723 uint8_t plen;
1724 struct nd_prefix pr0, *pr;
1725 struct in6_ifaddr *ia;
1726
1727 VERIFY(ifp != NULL && ifra != NULL);
1728 ia = NULL;
1729
1730 /* Attempt to attach the protocol, in case it isn't attached */
1731 error = in6_domifattach(ifp);
1732 if (error == 0) {
1733 /* PF_INET6 wasn't previously attached */
1734 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
1735 if (error != 0) {
1736 goto done;
1737 }
1738
1739 in6_if_up_dad_start(ifp);
1740 } else if (error != EEXIST) {
1741 goto done;
1742 }
1743
1744 /*
1745 * First, make or update the interface address structure, and link it
1746 * to the list.
1747 */
1748 error = in6_update_ifa(ifp, ifra, 0, &ia);
1749 if (error != 0) {
1750 goto done;
1751 }
1752 VERIFY(ia != NULL);
1753
1754 /* Now, make the prefix on-link on the interface. */
1755 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
1756 if (plen == 128) {
1757 goto done;
1758 }
1759
1760 /*
1761 * NOTE: We'd rather create the prefix before the address, but we need
1762 * at least one address to install the corresponding interface route,
1763 * so we configure the address first.
1764 */
1765
1766 /*
1767 * Convert mask to prefix length (prefixmask has already been validated
1768 * in in6_update_ifa().
1769 */
1770 bzero(&pr0, sizeof(pr0));
1771 pr0.ndpr_plen = plen;
1772 pr0.ndpr_ifp = ifp;
1773 pr0.ndpr_prefix = ifra->ifra_addr;
1774 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
1775
1776 /* apply the mask for safety. */
1777 for (i = 0; i < 4; i++) {
1778 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1779 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
1780 }
1781
1782 /*
1783 * Since we don't have an API to set prefix (not address) lifetimes, we
1784 * just use the same lifetimes as addresses. The (temporarily)
1785 * installed lifetimes can be overridden by later advertised RAs (when
1786 * accept_rtadv is non 0), which is an intended behavior.
1787 */
1788 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
1789 pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF);
1790 if (ifra->ifra_flags & (IN6_IFF_AUTOCONF | IN6_IFF_DYNAMIC)) {
1791 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
1792 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
1793 } else {
1794 pr0.ndpr_vltime = ND6_INFINITE_LIFETIME;
1795 pr0.ndpr_pltime = ND6_INFINITE_LIFETIME;
1796 }
1797 pr0.ndpr_stateflags |= NDPRF_STATIC;
1798 lck_mtx_init(&pr0.ndpr_lock, &ifa_mtx_grp, &ifa_mtx_attr);
1799
1800 /* add the prefix if there's none. */
1801 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_NEVER)) == NULL) {
1802 /*
1803 * nd6_prelist_add will install the corresponding interface
1804 * route.
1805 */
1806 error = nd6_prelist_add(&pr0, NULL, &pr, FALSE);
1807 if (error != 0) {
1808 goto done;
1809 }
1810
1811 if (pr == NULL) {
1812 log(LOG_ERR, "%s: nd6_prelist_add okay, but"
1813 " no prefix.\n", __func__);
1814 error = EINVAL;
1815 goto done;
1816 }
1817 }
1818
1819 IFA_LOCK(&ia->ia_ifa);
1820
1821 /* if this is a new autoconfed addr */
1822 addtmp = FALSE;
1823 if (ia->ia6_ndpr == NULL) {
1824 NDPR_LOCK(pr);
1825 ++pr->ndpr_addrcnt;
1826 if (!(ia->ia6_flags & IN6_IFF_NOTMANUAL)) {
1827 ++pr->ndpr_manual_addrcnt;
1828 VERIFY(pr->ndpr_manual_addrcnt != 0);
1829 }
1830 VERIFY(pr->ndpr_addrcnt != 0);
1831 ia->ia6_ndpr = pr;
1832 NDPR_ADDREF(pr); /* for addr reference */
1833
1834 /*
1835 * If this is the first autoconf address from the prefix,
1836 * create a temporary address as well (when specified).
1837 */
1838 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
1839 ip6_use_tempaddr &&
1840 pr->ndpr_addrcnt == 1 &&
1841 (!IN6_IS_ADDR_UNIQUE_LOCAL(&ia->ia_addr.sin6_addr)
1842 || ip6_ula_use_tempaddr)) {
1843 addtmp = true;
1844 }
1845 NDPR_UNLOCK(pr);
1846 }
1847
1848 IFA_UNLOCK(&ia->ia_ifa);
1849
1850 if (addtmp) {
1851 int e;
1852 e = in6_tmpifadd(ia, 1);
1853 if (e != 0) {
1854 log(LOG_NOTICE, "%s: failed to create a"
1855 " temporary address, error=%d\n",
1856 __func__, e);
1857 }
1858 }
1859
1860 /*
1861 * This might affect the status of autoconfigured addresses, that is,
1862 * this address might make other addresses detached.
1863 */
1864 lck_mtx_lock(nd6_mutex);
1865 pfxlist_onlink_check();
1866 lck_mtx_unlock(nd6_mutex);
1867
1868 /* Drop use count held above during lookup/add */
1869 NDPR_REMREF(pr);
1870
1871 done:
1872 if (ia != NULL) {
1873 IFA_REMREF(&ia->ia_ifa);
1874 }
1875 return error;
1876 }
1877
1878 static __attribute__((noinline)) void
in6ctl_difaddr(struct ifnet * ifp,struct in6_ifaddr * ia)1879 in6ctl_difaddr(struct ifnet *ifp, struct in6_ifaddr *ia)
1880 {
1881 int i = 0;
1882 struct nd_prefix pr0, *pr;
1883
1884 VERIFY(ifp != NULL && ia != NULL);
1885
1886 /*
1887 * If the address being deleted is the only one that owns
1888 * the corresponding prefix, expire the prefix as well.
1889 * XXX: theoretically, we don't have to worry about such
1890 * relationship, since we separate the address management
1891 * and the prefix management. We do this, however, to provide
1892 * as much backward compatibility as possible in terms of
1893 * the ioctl operation.
1894 * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
1895 */
1896 IFA_LOCK(&ia->ia_ifa);
1897 bzero(&pr0, sizeof(pr0));
1898 pr0.ndpr_ifp = ifp;
1899 pr0.ndpr_plen = (uint8_t)in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1900 if (pr0.ndpr_plen == 128) {
1901 IFA_UNLOCK(&ia->ia_ifa);
1902 goto purgeaddr;
1903 }
1904 pr0.ndpr_prefix = ia->ia_addr;
1905 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
1906 for (i = 0; i < 4; i++) {
1907 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1908 ia->ia_prefixmask.sin6_addr.s6_addr32[i];
1909 }
1910 IFA_UNLOCK(&ia->ia_ifa);
1911
1912 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
1913 IFA_LOCK(&ia->ia_ifa);
1914 NDPR_LOCK(pr);
1915 if (pr->ndpr_addrcnt == 1) {
1916 /* XXX: just for expiration */
1917 pr->ndpr_expire = 1;
1918 }
1919 NDPR_UNLOCK(pr);
1920 IFA_UNLOCK(&ia->ia_ifa);
1921
1922 /* Drop use count held above during lookup */
1923 NDPR_REMREF(pr);
1924 }
1925
1926 purgeaddr:
1927 in6_purgeaddr(&ia->ia_ifa);
1928 }
1929
1930 static __attribute__((noinline)) int
in6_autoconf(struct ifnet * ifp,int enable)1931 in6_autoconf(struct ifnet *ifp, int enable)
1932 {
1933 int error = 0;
1934
1935 VERIFY(ifp != NULL);
1936
1937 if (ifp->if_flags & IFF_LOOPBACK) {
1938 return EINVAL;
1939 }
1940
1941 if (enable) {
1942 /*
1943 * An interface in IPv6 router mode implies that it
1944 * is either configured with a static IP address or
1945 * autoconfigured via a locally-generated RA. Prevent
1946 * SIOCAUTOCONF_START from being set in that mode.
1947 */
1948 ifnet_lock_exclusive(ifp);
1949 if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
1950 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1951 error = EBUSY;
1952 } else {
1953 if_set_eflags(ifp, IFEF_ACCEPT_RTADV);
1954 }
1955 ifnet_lock_done(ifp);
1956 } else {
1957 struct in6_ifaddr *ia = NULL;
1958
1959 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1960
1961 /* Remove autoconfigured address from interface */
1962 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1963 boolean_t from_begining = TRUE;
1964 while (from_begining) {
1965 from_begining = FALSE;
1966 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
1967 if (ia->ia_ifa.ifa_ifp != ifp) {
1968 continue;
1969 }
1970 IFA_LOCK(&ia->ia_ifa);
1971 if (ia->ia6_flags & IN6_IFF_AUTOCONF) {
1972 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
1973 IFA_UNLOCK(&ia->ia_ifa);
1974 lck_rw_done(&in6_ifaddr_rwlock);
1975 in6_purgeaddr(&ia->ia_ifa);
1976 IFA_REMREF(&ia->ia_ifa); /* for us */
1977 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1978 /*
1979 * Purging the address caused in6_ifaddr_rwlock
1980 * to be dropped and reacquired;
1981 * therefore search again from the beginning
1982 * of in6_ifaddrs list.
1983 */
1984 from_begining = TRUE;
1985 break;
1986 }
1987 IFA_UNLOCK(&ia->ia_ifa);
1988 }
1989 }
1990 lck_rw_done(&in6_ifaddr_rwlock);
1991 }
1992 return error;
1993 }
1994
1995 /*
1996 * Handle SIOCSETROUTERMODE_IN6 to set the IPv6 router mode on the interface
1997 * Entering or exiting IPV6_ROUTER_MODE_EXCLUSIVE will result in the removal of
1998 * autoconfigured IPv6 addresses on the interface.
1999 */
2000 static __attribute__((noinline)) int
in6_setrouter(struct ifnet * ifp,ipv6_router_mode_t mode)2001 in6_setrouter(struct ifnet *ifp, ipv6_router_mode_t mode)
2002 {
2003 int error = 0;
2004 ipv6_router_mode_t prev_mode;
2005
2006 VERIFY(ifp != NULL);
2007
2008 if (ifp->if_flags & IFF_LOOPBACK) {
2009 return ENODEV;
2010 }
2011
2012 prev_mode = ifp->if_ipv6_router_mode;
2013 if (prev_mode == mode) {
2014 /* no mode change, there's nothing to do */
2015 return 0;
2016 }
2017 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
2018 struct nd_ifinfo *ndi = NULL;
2019
2020 ndi = ND_IFINFO(ifp);
2021 if (ndi != NULL && ndi->initialized) {
2022 lck_mtx_lock(&ndi->lock);
2023 if (ndi->flags & ND6_IFF_PROXY_PREFIXES) {
2024 /* No proxy if we are an advertising router */
2025 ndi->flags &= ~ND6_IFF_PROXY_PREFIXES;
2026 lck_mtx_unlock(&ndi->lock);
2027 (void) nd6_if_prproxy(ifp, FALSE);
2028 } else {
2029 lck_mtx_unlock(&ndi->lock);
2030 }
2031 }
2032 }
2033
2034 ifp->if_ipv6_router_mode = mode;
2035 lck_mtx_lock(nd6_mutex);
2036 defrouter_select(ifp, NULL);
2037 lck_mtx_unlock(nd6_mutex);
2038 if_allmulti(ifp, (mode == IPV6_ROUTER_MODE_EXCLUSIVE));
2039 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE ||
2040 (prev_mode == IPV6_ROUTER_MODE_EXCLUSIVE
2041 && mode == IPV6_ROUTER_MODE_DISABLED)) {
2042 error = in6_autoconf(ifp, FALSE);
2043 }
2044 return error;
2045 }
2046
2047 static int
in6_to_kamescope(struct sockaddr_in6 * sin6,struct ifnet * ifp)2048 in6_to_kamescope(struct sockaddr_in6 *sin6, struct ifnet *ifp)
2049 {
2050 struct sockaddr_in6 tmp;
2051 int error, id;
2052
2053 VERIFY(sin6 != NULL);
2054 tmp = *sin6;
2055
2056 error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp);
2057 if (error != 0) {
2058 return error;
2059 }
2060
2061 id = in6_addr2scopeid(ifp, &tmp.sin6_addr);
2062 if (tmp.sin6_scope_id == 0) {
2063 tmp.sin6_scope_id = id;
2064 } else if (tmp.sin6_scope_id != id) {
2065 return EINVAL; /* scope ID mismatch. */
2066 }
2067 error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL, IN6_NULL_IF_EMBEDDED_SCOPE(&tmp.sin6_scope_id));
2068 if (error != 0) {
2069 return error;
2070 }
2071
2072 if (in6_embedded_scope || !IN6_IS_SCOPE_EMBED(&tmp.sin6_addr)) {
2073 tmp.sin6_scope_id = 0;
2074 }
2075 *sin6 = tmp;
2076 return 0;
2077 }
2078
2079 /*
2080 * When the address is being configured we should clear out certain flags
2081 * coming in from the caller.
2082 */
2083 #define IN6_IFF_CLR_ADDR_FLAG_MASK (~(IN6_IFF_DEPRECATED | IN6_IFF_DETACHED | IN6_IFF_DUPLICATED))
2084
2085 static int
in6_ifaupdate_aux(struct in6_ifaddr * ia,struct ifnet * ifp,int ifaupflags)2086 in6_ifaupdate_aux(struct in6_ifaddr *ia, struct ifnet *ifp, int ifaupflags)
2087 {
2088 struct sockaddr_in6 mltaddr, mltmask;
2089 struct in6_addr llsol;
2090 struct ifaddr *ifa;
2091 struct in6_multi *in6m_sol;
2092 struct in6_multi_mship *imm;
2093 struct rtentry *rt;
2094 int delay, error = 0;
2095
2096 VERIFY(ifp != NULL && ia != NULL);
2097 ifa = &ia->ia_ifa;
2098 in6m_sol = NULL;
2099
2100 nd6log2(debug, "%s - %s ifp %s ia6_flags 0x%x ifaupflags 0x%x\n",
2101 __func__,
2102 ip6_sprintf(&ia->ia_addr.sin6_addr),
2103 if_name(ia->ia_ifp),
2104 ia->ia6_flags,
2105 ifaupflags);
2106
2107 /*
2108 * Just to be safe, always clear certain flags when address
2109 * is being configured
2110 */
2111 ia->ia6_flags &= IN6_IFF_CLR_ADDR_FLAG_MASK;
2112
2113 /*
2114 * Mark the address as tentative before joining multicast addresses,
2115 * so that corresponding MLD responses would not have a tentative
2116 * source address.
2117 */
2118 if (in6if_do_dad(ifp)) {
2119 in6_ifaddr_set_dadprogress(ia);
2120 /*
2121 * Do not delay sending neighbor solicitations when using optimistic
2122 * duplicate address detection, c.f. RFC 4429.
2123 */
2124 if (ia->ia6_flags & IN6_IFF_OPTIMISTIC) {
2125 ifaupflags &= ~IN6_IFAUPDATE_DADDELAY;
2126 } else {
2127 ifaupflags |= IN6_IFAUPDATE_DADDELAY;
2128 }
2129 } else {
2130 /*
2131 * If the interface has been marked to not perform
2132 * DAD, make sure to reset DAD in progress flags
2133 * that may come in from the caller.
2134 */
2135 ia->ia6_flags &= ~IN6_IFF_DADPROGRESS;
2136 }
2137
2138 /* Join necessary multicast groups */
2139 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
2140 /* join solicited multicast addr for new host id */
2141 bzero(&llsol, sizeof(struct in6_addr));
2142 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
2143 llsol.s6_addr32[1] = 0;
2144 llsol.s6_addr32[2] = htonl(1);
2145 llsol.s6_addr32[3] = ia->ia_addr.sin6_addr.s6_addr32[3];
2146 llsol.s6_addr8[12] = 0xff;
2147 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) {
2148 /* XXX: should not happen */
2149 log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
2150 goto unwind;
2151 }
2152 delay = 0;
2153 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2154 /*
2155 * We need a random delay for DAD on the address
2156 * being configured. It also means delaying
2157 * transmission of the corresponding MLD report to
2158 * avoid report collision. [RFC 4862]
2159 */
2160 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2161 }
2162 imm = in6_joingroup(ifp, &llsol, &error, delay);
2163 if (imm == NULL) {
2164 nd6log(info,
2165 "%s: addmulti failed for %s on %s (errno=%d)\n",
2166 __func__, ip6_sprintf(&llsol), if_name(ifp),
2167 error);
2168 VERIFY(error != 0);
2169 goto unwind;
2170 }
2171 in6m_sol = imm->i6mm_maddr;
2172 /* take a refcount for this routine */
2173 IN6M_ADDREF(in6m_sol);
2174
2175 IFA_LOCK_SPIN(ifa);
2176 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2177 IFA_UNLOCK(ifa);
2178
2179 bzero(&mltmask, sizeof(mltmask));
2180 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2181 mltmask.sin6_family = AF_INET6;
2182 mltmask.sin6_addr = in6mask32;
2183 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */
2184
2185 /*
2186 * join link-local all-nodes address
2187 */
2188 bzero(&mltaddr, sizeof(mltaddr));
2189 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2190 mltaddr.sin6_family = AF_INET6;
2191 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
2192 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id))) != 0) {
2193 goto unwind; /* XXX: should not fail */
2194 }
2195 /*
2196 * XXX: do we really need this automatic routes?
2197 * We should probably reconsider this stuff. Most applications
2198 * actually do not need the routes, since they usually specify
2199 * the outgoing interface.
2200 */
2201 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2202 ia->ia_ifp->if_index);
2203 if (rt) {
2204 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2205 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2206 rtfree(rt);
2207 rt = NULL;
2208 }
2209 }
2210 if (!rt) {
2211 error = rtrequest_scoped(RTM_ADD,
2212 (struct sockaddr *)&mltaddr,
2213 (struct sockaddr *)&ia->ia_addr,
2214 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2215 NULL, ia->ia_ifp->if_index);
2216 if (error) {
2217 goto unwind;
2218 }
2219 } else {
2220 rtfree(rt);
2221 }
2222
2223 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2224 if (!imm) {
2225 nd6log(info,
2226 "%s: addmulti failed for %s on %s (errno=%d)\n",
2227 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2228 if_name(ifp), error);
2229 VERIFY(error != 0);
2230 goto unwind;
2231 }
2232 IFA_LOCK_SPIN(ifa);
2233 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2234 IFA_UNLOCK(ifa);
2235
2236 /*
2237 * join node information group address
2238 */
2239 #define hostnamelen strlen(hostname)
2240 delay = 0;
2241 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2242 /*
2243 * The spec doesn't say anything about delay for this
2244 * group, but the same logic should apply.
2245 */
2246 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2247 }
2248 lck_mtx_lock(&hostname_lock);
2249 int n = in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id));
2250 lck_mtx_unlock(&hostname_lock);
2251 if (n == 0) {
2252 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
2253 delay); /* XXX jinmei */
2254 if (!imm) {
2255 nd6log(info,
2256 "%s: addmulti failed for %s on %s "
2257 "(errno=%d)\n",
2258 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2259 if_name(ifp), error);
2260 /* XXX not very fatal, go on... */
2261 error = 0;
2262 } else {
2263 IFA_LOCK_SPIN(ifa);
2264 LIST_INSERT_HEAD(&ia->ia6_memberships,
2265 imm, i6mm_chain);
2266 IFA_UNLOCK(ifa);
2267 }
2268 }
2269 #undef hostnamelen
2270
2271 /*
2272 * join interface-local all-nodes address.
2273 * (ff01::1%ifN, and ff01::%ifN/32)
2274 */
2275 mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
2276 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, IN6_NULL_IF_EMBEDDED_SCOPE(&mltaddr.sin6_scope_id))) != 0) {
2277 goto unwind; /* XXX: should not fail */
2278 }
2279 /* XXX: again, do we really need the route? */
2280 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2281 ia->ia_ifp->if_index);
2282 if (rt) {
2283 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2284 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2285 rtfree(rt);
2286 rt = NULL;
2287 }
2288 }
2289 if (!rt) {
2290 error = rtrequest_scoped(RTM_ADD,
2291 (struct sockaddr *)&mltaddr,
2292 (struct sockaddr *)&ia->ia_addr,
2293 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2294 NULL, ia->ia_ifp->if_index);
2295 if (error) {
2296 goto unwind;
2297 }
2298 } else {
2299 rtfree(rt);
2300 }
2301
2302 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2303 if (!imm) {
2304 nd6log(info,
2305 "%s: addmulti failed for %s on %s (errno=%d)\n",
2306 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2307 if_name(ifp), error);
2308 VERIFY(error != 0);
2309 goto unwind;
2310 }
2311 IFA_LOCK(ifa);
2312 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2313 IFA_UNLOCK(ifa);
2314 #undef MLTMASK_LEN
2315
2316 /*
2317 * create a ff00::/8 route
2318 */
2319 bzero(&mltmask, sizeof(mltmask));
2320 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2321 mltmask.sin6_family = AF_INET6;
2322 mltmask.sin6_addr = in6mask8;
2323 #define MLTMASK_LEN_8_BITS 1 /* ff00::/8 mltmask's masklen (=8bit=1octet) */
2324
2325 bzero(&mltaddr, sizeof(mltaddr));
2326 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2327 mltaddr.sin6_family = AF_INET6;
2328 mltaddr.sin6_addr = in6addr_multicast_prefix;
2329
2330 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2331 ia->ia_ifp->if_index);
2332 if (rt) {
2333 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2334 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN_8_BITS)) {
2335 rtfree(rt);
2336 rt = NULL;
2337 }
2338 }
2339 if (!rt) {
2340 error = rtrequest_scoped(RTM_ADD,
2341 (struct sockaddr *)&mltaddr,
2342 (struct sockaddr *)&ia->ia_addr,
2343 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2344 NULL, ia->ia_ifp->if_index);
2345 if (error) {
2346 goto unwind;
2347 }
2348 } else {
2349 rtfree(rt);
2350 }
2351 }
2352 #undef MLTMASK_LEN_8_BITS
2353
2354 /* Ensure nd6_service() is scheduled as soon as it's convenient */
2355 ++nd6_sched_timeout_want;
2356
2357 /*
2358 * Perform DAD, if:
2359 * * Interface is marked to perform DAD, AND
2360 * * Address is not marked to skip DAD, AND
2361 * * Address is in a pre-DAD state (Tentative or Optimistic)
2362 */
2363 IFA_LOCK_SPIN(ifa);
2364 if (in6if_do_dad(ifp) && (ia->ia6_flags & IN6_IFF_NODAD) == 0 &&
2365 (ia->ia6_flags & IN6_IFF_DADPROGRESS) != 0) {
2366 int mindelay, maxdelay;
2367 int *delayptr, delayval;
2368
2369 IFA_UNLOCK(ifa);
2370 delayptr = NULL;
2371 /*
2372 * Avoid the DAD delay if the caller wants us to skip it.
2373 * This is not compliant with RFC 2461, but it's only being
2374 * used for signalling and not for actual DAD.
2375 */
2376 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY) &&
2377 !(ia->ia6_flags & IN6_IFF_SWIFTDAD)) {
2378 /*
2379 * We need to impose a delay before sending an NS
2380 * for DAD. Check if we also needed a delay for the
2381 * corresponding MLD message. If we did, the delay
2382 * should be larger than the MLD delay (this could be
2383 * relaxed a bit, but this simple logic is at least
2384 * safe).
2385 */
2386 mindelay = 0;
2387 if (in6m_sol != NULL) {
2388 IN6M_LOCK(in6m_sol);
2389 if (in6m_sol->in6m_state ==
2390 MLD_REPORTING_MEMBER) {
2391 mindelay = in6m_sol->in6m_timer;
2392 }
2393 IN6M_UNLOCK(in6m_sol);
2394 }
2395 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
2396 if (maxdelay - mindelay == 0) {
2397 delayval = 0;
2398 } else {
2399 delayval =
2400 (random() % (maxdelay - mindelay)) +
2401 mindelay;
2402 }
2403 delayptr = &delayval;
2404 }
2405
2406 nd6_dad_start((struct ifaddr *)ia, delayptr);
2407 } else {
2408 IFA_UNLOCK(ifa);
2409 }
2410
2411 goto done;
2412
2413 unwind:
2414 VERIFY(error != 0);
2415 in6_purgeaddr(&ia->ia_ifa);
2416
2417 done:
2418 /* release reference held for this routine */
2419 if (in6m_sol != NULL) {
2420 IN6M_REMREF(in6m_sol);
2421 }
2422 return error;
2423 }
2424
2425 /*
2426 * Request an IPv6 interface address. If the address is new, then it will be
2427 * constructed and appended to the interface address chains. The interface
2428 * address structure is optionally returned with a reference for the caller.
2429 */
2430 int
in6_update_ifa(struct ifnet * ifp,struct in6_aliasreq * ifra,int ifaupflags,struct in6_ifaddr ** iar)2431 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int ifaupflags,
2432 struct in6_ifaddr **iar)
2433 {
2434 struct in6_addrlifetime ia6_lt;
2435 struct in6_ifaddr *ia;
2436 struct ifaddr *ifa;
2437 struct ifaddr *xifa;
2438 struct in6_addrlifetime *lt;
2439 uint64_t timenow;
2440 int plen, error;
2441
2442 /* Sanity check parameters and initialize locals */
2443 VERIFY(ifp != NULL && ifra != NULL && iar != NULL);
2444 ia = NULL;
2445 ifa = NULL;
2446 error = 0;
2447
2448 /*
2449 * We always require users to specify a valid IPv6 address for
2450 * the corresponding operation.
2451 */
2452 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
2453 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
2454 error = EAFNOSUPPORT;
2455 goto unwind;
2456 }
2457
2458 /* Validate ifra_prefixmask.sin6_len is properly bounded. */
2459 if (ifra->ifra_prefixmask.sin6_len == 0 ||
2460 ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) {
2461 error = EINVAL;
2462 goto unwind;
2463 }
2464
2465 /* Validate prefix length extracted from ifra_prefixmask structure. */
2466 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
2467 (u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len);
2468 if (plen <= 0) {
2469 error = EINVAL;
2470 goto unwind;
2471 }
2472
2473 /* Validate lifetimes */
2474 lt = &ifra->ifra_lifetime;
2475 if (lt->ia6t_pltime > lt->ia6t_vltime) {
2476 log(LOG_INFO,
2477 "%s: pltime 0x%x > vltime 0x%x for %s\n", __func__,
2478 lt->ia6t_pltime, lt->ia6t_vltime,
2479 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2480 error = EINVAL;
2481 goto unwind;
2482 }
2483 if (lt->ia6t_vltime == 0) {
2484 /*
2485 * the following log might be noisy, but this is a typical
2486 * configuration mistake or a tool's bug.
2487 */
2488 log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
2489 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2490 }
2491
2492 /*
2493 * Before we lock the ifnet structure, we first check to see if the
2494 * address already exists. If so, then we don't allocate and link a
2495 * new one here.
2496 */
2497 struct sockaddr_in6 lookup_address = ifra->ifra_addr;
2498 if (IN6_IS_ADDR_LINKLOCAL(&lookup_address.sin6_addr)) {
2499 if (in6_embedded_scope) {
2500 if (lookup_address.sin6_addr.s6_addr16[1] == 0) {
2501 /* link ID is not embedded by the user */
2502 lookup_address.sin6_addr.s6_addr16[1] =
2503 htons(ifp->if_index);
2504 } else if (lookup_address.sin6_addr.s6_addr16[1] !=
2505 htons(ifp->if_index)) {
2506 error = EINVAL; /* link ID contradicts */
2507 goto done;
2508 }
2509 } else {
2510 if (lookup_address.sin6_scope_id == IFSCOPE_NONE) {
2511 lookup_address.sin6_scope_id = ifp->if_index;
2512 }
2513 }
2514 if (lookup_address.sin6_scope_id != 0 &&
2515 lookup_address.sin6_scope_id !=
2516 (u_int32_t)ifp->if_index) {
2517 error = EINVAL;
2518 goto done;
2519 }
2520 }
2521
2522 ia = in6ifa_ifpwithaddr(ifp, &lookup_address.sin6_addr);
2523 if (ia != NULL) {
2524 ifa = &ia->ia_ifa;
2525 }
2526
2527 /*
2528 * Validate destination address on interface types that require it.
2529 */
2530 if ((ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) {
2531 switch (ifra->ifra_dstaddr.sin6_family) {
2532 case AF_INET6:
2533 if (plen != 128) {
2534 /* noisy message for diagnostic purposes */
2535 log(LOG_INFO,
2536 "%s: prefix length < 128 with"
2537 " explicit dstaddr.\n", __func__);
2538 error = EINVAL;
2539 goto unwind;
2540 }
2541 break;
2542
2543 case AF_UNSPEC:
2544 break;
2545
2546 default:
2547 error = EAFNOSUPPORT;
2548 goto unwind;
2549 }
2550 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) {
2551 log(LOG_INFO,
2552 "%s: dstaddr valid only on p2p and loopback interfaces.\n",
2553 __func__);
2554 error = EINVAL;
2555 goto unwind;
2556 }
2557
2558 timenow = net_uptime();
2559
2560 if (ia == NULL) {
2561 zalloc_flags_t how;
2562
2563 /* Is this the first new IPv6 address for the interface? */
2564 ifaupflags |= IN6_IFAUPDATE_NEWADDR;
2565
2566 /* Allocate memory for IPv6 interface address structure. */
2567 how = (ifaupflags & IN6_IFAUPDATE_NOWAIT) ? Z_NOWAIT : Z_WAITOK;
2568 ia = in6_ifaddr_alloc(how);
2569 if (ia == NULL) {
2570 error = ENOBUFS;
2571 goto unwind;
2572 }
2573
2574 ifa = &ia->ia_ifa;
2575
2576 /*
2577 * Initialize interface address structure.
2578 *
2579 * Note well: none of these sockaddr_in6 structures contain a
2580 * valid sin6_port, sin6_flowinfo or even a sin6_scope_id field.
2581 * We still embed link-local scope identifiers at the end of an
2582 * arbitrary fe80::/32 prefix, for historical reasons. Also, the
2583 * ifa_dstaddr field is always non-NULL on point-to-point and
2584 * loopback interfaces, and conventionally points to a socket
2585 * address of AF_UNSPEC family when there is no destination.
2586 *
2587 * Please enjoy the dancing sea turtle.
2588 */
2589 IFA_ADDREF(ifa); /* for this and optionally for caller */
2590 IA6_HASH_INIT(ia);
2591 ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
2592 if (ifra->ifra_dstaddr.sin6_family == AF_INET6 ||
2593 (ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
2594 ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
2595 }
2596 ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
2597 ifa->ifa_ifp = ifp;
2598 ifa->ifa_metric = ifp->if_metric;
2599 ifa->ifa_rtrequest = nd6_rtrequest;
2600
2601 LIST_INIT(&ia->ia6_memberships);
2602 ia->ia_addr.sin6_family = AF_INET6;
2603 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
2604 ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr;
2605 ia->ia_prefixmask.sin6_family = AF_INET6;
2606 ia->ia_prefixmask.sin6_len = sizeof(ia->ia_prefixmask);
2607 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
2608 error = in6_to_kamescope(&ia->ia_addr, ifp);
2609 if (error != 0) {
2610 goto unwind;
2611 }
2612 if (ifa->ifa_dstaddr != NULL) {
2613 ia->ia_dstaddr = ifra->ifra_dstaddr;
2614 error = in6_to_kamescope(&ia->ia_dstaddr, ifp);
2615 if (error != 0) {
2616 goto unwind;
2617 }
2618 }
2619
2620 /* Append to address chains */
2621 ifnet_lock_exclusive(ifp);
2622 ifaupflags |= IN6_IFAUPDATE_1STADDR;
2623 TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) {
2624 IFA_LOCK_SPIN(xifa);
2625 if (xifa->ifa_addr->sa_family != AF_INET6) {
2626 IFA_UNLOCK(xifa);
2627 ifaupflags &= ~IN6_IFAUPDATE_1STADDR;
2628 break;
2629 }
2630 IFA_UNLOCK(xifa);
2631 }
2632
2633 IFA_LOCK_SPIN(ifa);
2634 if_attach_ifa(ifp, ifa); /* holds reference for ifnet link */
2635 IFA_UNLOCK(ifa);
2636 ifnet_lock_done(ifp);
2637
2638 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2639 TAILQ_INSERT_TAIL(&in6_ifaddrhead, ia, ia6_link);
2640 IFA_ADDREF(ifa); /* hold for in6_ifaddrs link */
2641 lck_rw_done(&in6_ifaddr_rwlock);
2642 } else {
2643 ifa = &ia->ia_ifa;
2644 ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR | IN6_IFAUPDATE_1STADDR);
2645 }
2646
2647 VERIFY(ia != NULL && ifa == &ia->ia_ifa);
2648 IFA_LOCK(ifa);
2649
2650 /*
2651 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
2652 * to see if the address is deprecated or invalidated, but initialize
2653 * these members for applications.
2654 */
2655 ia->ia6_updatetime = ia->ia6_createtime = timenow;
2656 ia6_lt = *lt;
2657 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
2658 ia6_lt.ia6t_expire = (time_t)(timenow + ia6_lt.ia6t_vltime);
2659 } else {
2660 ia6_lt.ia6t_expire = 0;
2661 }
2662 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
2663 ia6_lt.ia6t_preferred = (time_t)(timenow + ia6_lt.ia6t_pltime);
2664 } else {
2665 ia6_lt.ia6t_preferred = 0;
2666 }
2667 in6ifa_setlifetime(ia, &ia6_lt);
2668
2669 /*
2670 * Backward compatibility - if IN6_IFF_DEPRECATED is set from the
2671 * userland, make it deprecated.
2672 */
2673 if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
2674 ia->ia6_lifetime.ia6ti_pltime = 0;
2675 ia->ia6_lifetime.ia6ti_preferred = timenow;
2676 }
2677
2678 /*
2679 * Update flag or prefix length
2680 */
2681 ia->ia_plen = plen;
2682 ia->ia6_flags = ifra->ifra_flags;
2683
2684 /* Release locks (new address available to concurrent tasks) */
2685 IFA_UNLOCK(ifa);
2686
2687 /* Further initialization of the interface address */
2688 error = in6_ifinit(ifp, ia, ifaupflags);
2689 if (error != 0) {
2690 goto unwind;
2691 }
2692
2693 /* Finish updating the address while other tasks are working with it */
2694 error = in6_ifaupdate_aux(ia, ifp, ifaupflags);
2695 if (error != 0) {
2696 goto unwind;
2697 }
2698
2699 /* Return success (optionally w/ address for caller). */
2700 VERIFY(error == 0);
2701 (void) ifnet_notify_address(ifp, AF_INET6);
2702
2703 goto done;
2704
2705 unwind:
2706 VERIFY(error != 0);
2707 if (ia != NULL) {
2708 VERIFY(ifa == &ia->ia_ifa);
2709 IFA_REMREF(ifa);
2710 ia = NULL;
2711 }
2712
2713 done:
2714 *iar = ia;
2715 return error;
2716 }
2717
2718 void
in6_purgeaddr(struct ifaddr * ifa)2719 in6_purgeaddr(struct ifaddr *ifa)
2720 {
2721 struct ifnet *ifp = ifa->ifa_ifp;
2722 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
2723 struct in6_multi_mship *imm;
2724
2725 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2726
2727 /* stop DAD processing */
2728 nd6_dad_stop(ifa);
2729
2730 /*
2731 * delete route to the destination of the address being purged.
2732 * The interface must be p2p or loopback in this case.
2733 */
2734 IFA_LOCK(ifa);
2735 if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128) {
2736 int error, rtf;
2737
2738 IFA_UNLOCK(ifa);
2739 rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0;
2740 error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf);
2741 if (error != 0) {
2742 log(LOG_ERR, "in6_purgeaddr: failed to remove "
2743 "a route to the p2p destination: %s on %s, "
2744 "errno=%d\n",
2745 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
2746 error);
2747 /* proceed anyway... */
2748 }
2749 IFA_LOCK_SPIN(ifa);
2750 ia->ia_flags &= ~IFA_ROUTE;
2751 }
2752 IFA_UNLOCK(ifa);
2753
2754 /* Remove ownaddr's loopback rtentry, if it exists. */
2755 in6_ifremloop(&(ia->ia_ifa));
2756
2757 /*
2758 * leave from multicast groups we have joined for the interface
2759 */
2760 IFA_LOCK(ifa);
2761 while ((imm = ia->ia6_memberships.lh_first) != NULL) {
2762 LIST_REMOVE(imm, i6mm_chain);
2763 IFA_UNLOCK(ifa);
2764 in6_leavegroup(imm);
2765 IFA_LOCK(ifa);
2766 }
2767 IFA_UNLOCK(ifa);
2768
2769 /* in6_unlink_ifa() will need exclusive access */
2770 in6_unlink_ifa(ia, ifp);
2771 in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia, NULL);
2772
2773 (void) ifnet_notify_address(ifp, AF_INET6);
2774 }
2775
2776 static void
in6_unlink_ifa(struct in6_ifaddr * ia,struct ifnet * ifp)2777 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
2778 {
2779 struct in6_ifaddr *nia;
2780 struct ifaddr *ifa;
2781 int unlinked;
2782
2783 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2784
2785 ifa = &ia->ia_ifa;
2786 IFA_ADDREF(ifa);
2787
2788 ifnet_lock_exclusive(ifp);
2789 IFA_LOCK(ifa);
2790 if (ifa->ifa_debug & IFD_ATTACHED) {
2791 if_detach_ifa(ifp, ifa);
2792 }
2793 IFA_UNLOCK(ifa);
2794 ifnet_lock_done(ifp);
2795
2796 unlinked = 0;
2797 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2798 TAILQ_FOREACH(nia, &in6_ifaddrhead, ia6_link) {
2799 if (ia == nia) {
2800 TAILQ_REMOVE(&in6_ifaddrhead, ia, ia6_link);
2801 IFA_LOCK(ifa);
2802 if (IA6_IS_HASHED(ia)) {
2803 in6_iahash_remove(ia);
2804 }
2805 IFA_UNLOCK(ifa);
2806 unlinked = 1;
2807 break;
2808 }
2809 }
2810
2811 /*
2812 * When IPv6 address is being removed, release the
2813 * reference to the base prefix.
2814 * Also, since the release might, affect the status
2815 * of other (detached) addresses, call
2816 * pfxlist_onlink_check().
2817 */
2818 IFA_LOCK(ifa);
2819 /*
2820 * Only log the below message for addresses other than
2821 * link local.
2822 * Only one LLA (auto-configured or statically) is allowed
2823 * on an interface.
2824 * LLA prefix, while added to the prefix list, is not
2825 * reference countedi (as it is the only one).
2826 * The prefix also never expires on its own as LLAs
2827 * have infinite lifetime.
2828 *
2829 * For now quiece down the log message for LLAs.
2830 */
2831 if (!IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
2832 if (ia->ia6_ndpr == NULL) {
2833 log(LOG_NOTICE, "in6_unlink_ifa: IPv6 address "
2834 "0x%llx has no prefix\n",
2835 (uint64_t)VM_KERNEL_ADDRPERM(ia));
2836 } else {
2837 struct nd_prefix *pr = ia->ia6_ndpr;
2838
2839 NDPR_LOCK(pr);
2840 if (!(ia->ia6_flags & IN6_IFF_NOTMANUAL)) {
2841 VERIFY(pr->ndpr_manual_addrcnt != 0);
2842 pr->ndpr_manual_addrcnt--;
2843 }
2844 ia->ia6_flags &= ~IN6_IFF_AUTOCONF;
2845 ia->ia6_ndpr = NULL;
2846 VERIFY(pr->ndpr_addrcnt != 0);
2847 pr->ndpr_addrcnt--;
2848 if (ia->ia6_flags & IN6_IFF_CLAT46) {
2849 pr->ndpr_stateflags &= ~NDPRF_CLAT46;
2850 }
2851 NDPR_UNLOCK(pr);
2852 NDPR_REMREF(pr); /* release addr reference */
2853 }
2854 }
2855 IFA_UNLOCK(ifa);
2856 lck_rw_done(&in6_ifaddr_rwlock);
2857
2858 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
2859 lck_mtx_lock(nd6_mutex);
2860 pfxlist_onlink_check();
2861 lck_mtx_unlock(nd6_mutex);
2862 }
2863 /*
2864 * release another refcnt for the link from in6_ifaddrs.
2865 * Do this only if it's not already unlinked in the event that we lost
2866 * the race, since in6_ifaddr_rwlock was momentarily dropped above.
2867 */
2868 if (unlinked) {
2869 IFA_REMREF(ifa);
2870 }
2871
2872 /* release reference held for this routine */
2873 IFA_REMREF(ifa);
2874
2875 /* invalidate route caches */
2876 routegenid_inet6_update();
2877 }
2878
2879 void
in6_purgeif(struct ifnet * ifp)2880 in6_purgeif(struct ifnet *ifp)
2881 {
2882 struct in6_ifaddr *ia;
2883
2884 if (ifp == NULL) {
2885 return;
2886 }
2887
2888 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2889
2890 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2891 boolean_t from_begining = TRUE;
2892 while (from_begining) {
2893 from_begining = FALSE;
2894 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
2895 if (ia->ia_ifa.ifa_ifp != ifp) {
2896 continue;
2897 }
2898 IFA_ADDREF(&ia->ia_ifa); /* for us */
2899 lck_rw_done(&in6_ifaddr_rwlock);
2900 in6_purgeaddr(&ia->ia_ifa);
2901 IFA_REMREF(&ia->ia_ifa); /* for us */
2902 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2903 /*
2904 * Purging the address would have caused
2905 * in6_ifaddr_rwlock to be dropped and reacquired;
2906 * therefore search again from the beginning
2907 * of in6_ifaddrs list.
2908 */
2909 from_begining = TRUE;
2910 break;
2911 }
2912 }
2913 lck_rw_done(&in6_ifaddr_rwlock);
2914
2915 in6_ifdetach(ifp);
2916 }
2917
2918 /*
2919 * Initialize an interface's internet6 address and routing table entry.
2920 */
2921 static int
in6_ifinit(struct ifnet * ifp,struct in6_ifaddr * ia,int ifaupflags)2922 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, int ifaupflags)
2923 {
2924 int error;
2925 struct ifaddr *ifa;
2926
2927 error = 0;
2928 ifa = &ia->ia_ifa;
2929
2930 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2931 IFA_LOCK(&ia->ia_ifa);
2932 if (IA6_IS_HASHED(ia)) {
2933 in6_iahash_remove(ia);
2934 }
2935 if ((ifp->if_flags & IFF_POINTOPOINT)) {
2936 in6_iahash_insert_ptp(ia);
2937 } else {
2938 in6_iahash_insert(ia);
2939 }
2940 IFA_UNLOCK(&ia->ia_ifa);
2941 lck_rw_done(&in6_ifaddr_rwlock);
2942
2943 /*
2944 * NOTE: SIOCSIFADDR is defined with struct ifreq as parameter,
2945 * but here we are sending it down to the interface with a pointer
2946 * to struct ifaddr, for legacy reasons.
2947 */
2948 if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != 0) {
2949 error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia);
2950 if (error != 0) {
2951 if (error != EOPNOTSUPP) {
2952 goto failed;
2953 }
2954 error = 0;
2955 }
2956 }
2957
2958 IFA_LOCK(ifa);
2959
2960 /*
2961 * Special case:
2962 * If the destination address is specified for a point-to-point
2963 * interface, install a route to the destination as an interface
2964 * direct route.
2965 */
2966 if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128 &&
2967 ia->ia_dstaddr.sin6_family == AF_INET6) {
2968 IFA_UNLOCK(ifa);
2969 error = rtinit(ifa, RTM_ADD, RTF_UP | RTF_HOST);
2970 if (error != 0) {
2971 goto failed;
2972 }
2973 IFA_LOCK(ifa);
2974 ia->ia_flags |= IFA_ROUTE;
2975 }
2976 IFA_LOCK_ASSERT_HELD(ifa);
2977 if (ia->ia_plen < 128) {
2978 /*
2979 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
2980 */
2981 ia->ia_flags |= RTF_CLONING;
2982 }
2983
2984 IFA_UNLOCK(ifa);
2985
2986 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
2987 if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != 0) {
2988 in6_ifaddloop(ifa);
2989 }
2990
2991 /* invalidate route caches */
2992 routegenid_inet6_update();
2993
2994 VERIFY(error == 0);
2995 return 0;
2996 failed:
2997 VERIFY(error != 0);
2998 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2999 IFA_LOCK(&ia->ia_ifa);
3000 if (IA6_IS_HASHED(ia)) {
3001 in6_iahash_remove(ia);
3002 }
3003 IFA_UNLOCK(&ia->ia_ifa);
3004 lck_rw_done(&in6_ifaddr_rwlock);
3005
3006 return error;
3007 }
3008
3009 void
in6_purgeaddrs(struct ifnet * ifp)3010 in6_purgeaddrs(struct ifnet *ifp)
3011 {
3012 in6_purgeif(ifp);
3013 }
3014
3015 /*
3016 * Find an IPv6 interface link-local address specific to an interface.
3017 */
3018 struct in6_ifaddr *
in6ifa_ifpforlinklocal(struct ifnet * ifp,int ignoreflags)3019 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
3020 {
3021 struct ifaddr *ifa;
3022
3023 ifnet_lock_shared(ifp);
3024 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3025 {
3026 IFA_LOCK_SPIN(ifa);
3027 if (ifa->ifa_addr->sa_family != AF_INET6) {
3028 IFA_UNLOCK(ifa);
3029 continue;
3030 }
3031 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
3032 if ((((struct in6_ifaddr *)ifa)->ia6_flags &
3033 ignoreflags) != 0) {
3034 IFA_UNLOCK(ifa);
3035 continue;
3036 }
3037 IFA_ADDREF_LOCKED(ifa); /* for caller */
3038 IFA_UNLOCK(ifa);
3039 break;
3040 }
3041 IFA_UNLOCK(ifa);
3042 }
3043 ifnet_lock_done(ifp);
3044
3045 return (struct in6_ifaddr *)ifa;
3046 }
3047
3048 struct in6_ifaddr *
in6ifa_ifpwithflag(struct ifnet * ifp,int flag)3049 in6ifa_ifpwithflag(struct ifnet * ifp, int flag)
3050 {
3051 struct ifaddr *ifa;
3052
3053 ifnet_lock_shared(ifp);
3054 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3055 {
3056 IFA_LOCK_SPIN(ifa);
3057 if (ifa->ifa_addr->sa_family != AF_INET6) {
3058 IFA_UNLOCK(ifa);
3059 continue;
3060 }
3061 if ((((struct in6_ifaddr *)ifa)->ia6_flags & flag) == flag) {
3062 IFA_ADDREF_LOCKED(ifa);
3063 IFA_UNLOCK(ifa);
3064 break;
3065 }
3066 IFA_UNLOCK(ifa);
3067 }
3068 ifnet_lock_done(ifp);
3069
3070 return (struct in6_ifaddr *)ifa;
3071 }
3072
3073 /*
3074 * find the internet address corresponding to a given interface and address.
3075 */
3076 struct in6_ifaddr *
in6ifa_ifpwithaddr(struct ifnet * ifp,struct in6_addr * addr)3077 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
3078 {
3079 struct ifaddr *ifa;
3080
3081 ifnet_lock_shared(ifp);
3082 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3083 {
3084 IFA_LOCK_SPIN(ifa);
3085 if (ifa->ifa_addr->sa_family != AF_INET6) {
3086 IFA_UNLOCK(ifa);
3087 continue;
3088 }
3089 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
3090 IFA_ADDREF_LOCKED(ifa); /* for caller */
3091 IFA_UNLOCK(ifa);
3092 break;
3093 }
3094 IFA_UNLOCK(ifa);
3095 }
3096 ifnet_lock_done(ifp);
3097
3098 return (struct in6_ifaddr *)ifa;
3099 }
3100
3101 struct in6_ifaddr *
in6ifa_prproxyaddr(struct in6_addr * addr,uint32_t ifscope)3102 in6ifa_prproxyaddr(struct in6_addr *addr, uint32_t ifscope)
3103 {
3104 struct in6_ifaddr *ia;
3105
3106 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3107 TAILQ_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
3108 IFA_LOCK(&ia->ia_ifa);
3109 if (in6_are_addr_equal_scoped(addr, IFA_IN6(&ia->ia_ifa), ifscope, ia->ia_ifp->if_index)) {
3110 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for caller */
3111 IFA_UNLOCK(&ia->ia_ifa);
3112 break;
3113 }
3114 IFA_UNLOCK(&ia->ia_ifa);
3115 }
3116 lck_rw_done(&in6_ifaddr_rwlock);
3117
3118 if (ia != NULL && !nd6_prproxy_ifaddr(ia)) {
3119 IFA_REMREF(&ia->ia_ifa);
3120 ia = NULL;
3121 }
3122
3123 return ia;
3124 }
3125
3126 void
in6ifa_getlifetime(struct in6_ifaddr * ia6,struct in6_addrlifetime * t_dst,int iscalendar)3127 in6ifa_getlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_dst,
3128 int iscalendar)
3129 {
3130 struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime;
3131 struct timeval caltime;
3132
3133 t_dst->ia6t_vltime = t_src->ia6ti_vltime;
3134 t_dst->ia6t_pltime = t_src->ia6ti_pltime;
3135 t_dst->ia6t_expire = 0;
3136 t_dst->ia6t_preferred = 0;
3137
3138 /* account for system time change */
3139 getmicrotime(&caltime);
3140 t_src->ia6ti_base_calendartime +=
3141 NET_CALCULATE_CLOCKSKEW(caltime,
3142 t_src->ia6ti_base_calendartime, net_uptime(),
3143 t_src->ia6ti_base_uptime);
3144
3145 if (iscalendar) {
3146 if (t_src->ia6ti_expire != 0 &&
3147 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3148 t_dst->ia6t_expire = (time_t)(t_src->ia6ti_base_calendartime +
3149 t_src->ia6ti_expire - t_src->ia6ti_base_uptime);
3150 }
3151
3152 if (t_src->ia6ti_preferred != 0 &&
3153 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3154 t_dst->ia6t_preferred = (time_t)(t_src->ia6ti_base_calendartime +
3155 t_src->ia6ti_preferred - t_src->ia6ti_base_uptime);
3156 }
3157 } else {
3158 if (t_src->ia6ti_expire != 0 &&
3159 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3160 t_dst->ia6t_expire = (time_t)t_src->ia6ti_expire;
3161 }
3162
3163 if (t_src->ia6ti_preferred != 0 &&
3164 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3165 t_dst->ia6t_preferred = (time_t)t_src->ia6ti_preferred;
3166 }
3167 }
3168 }
3169
3170 void
in6ifa_setlifetime(struct in6_ifaddr * ia6,struct in6_addrlifetime * t_src)3171 in6ifa_setlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_src)
3172 {
3173 struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime;
3174 struct timeval caltime;
3175
3176 /* account for system time change */
3177 getmicrotime(&caltime);
3178 t_dst->ia6ti_base_calendartime +=
3179 NET_CALCULATE_CLOCKSKEW(caltime,
3180 t_dst->ia6ti_base_calendartime, net_uptime(),
3181 t_dst->ia6ti_base_uptime);
3182
3183 /* trust the caller for the values */
3184 t_dst->ia6ti_expire = t_src->ia6t_expire;
3185 t_dst->ia6ti_preferred = t_src->ia6t_preferred;
3186 t_dst->ia6ti_vltime = t_src->ia6t_vltime;
3187 t_dst->ia6ti_pltime = t_src->ia6t_pltime;
3188 }
3189
3190 /*
3191 * Convert IP6 address to printable (loggable) representation.
3192 */
3193 char *
ip6_sprintf(const struct in6_addr * addr)3194 ip6_sprintf(const struct in6_addr *addr)
3195 {
3196 static const char digits[] = "0123456789abcdef";
3197 static int ip6round = 0;
3198 static char ip6buf[8][48];
3199
3200 int i;
3201 char *cp;
3202 const u_short *a = (const u_short *)addr;
3203 const u_char *d;
3204 u_char n;
3205 int dcolon = 0;
3206 int zpad = 0;
3207
3208 ip6round = (ip6round + 1) & 7;
3209 cp = ip6buf[ip6round];
3210
3211 for (i = 0; i < 8; i++) {
3212 if (dcolon == 1) {
3213 if (*a == 0) {
3214 if (i == 7) {
3215 *cp++ = ':';
3216 }
3217 a++;
3218 continue;
3219 } else {
3220 dcolon = 2;
3221 }
3222 }
3223 if (*a == 0) {
3224 if (dcolon == 0 && *(a + 1) == 0) {
3225 if (i == 0) {
3226 *cp++ = ':';
3227 }
3228 *cp++ = ':';
3229 dcolon = 1;
3230 } else {
3231 *cp++ = '0';
3232 *cp++ = ':';
3233 }
3234 a++;
3235 continue;
3236 }
3237 d = (const u_char *)a;
3238 zpad = 0;
3239 if ((n = *d >> 4) != 0) {
3240 *cp++ = digits[n];
3241 zpad = 1;
3242 }
3243 if ((n = *d++ & 0xf) != 0 || zpad) {
3244 *cp++ = digits[n];
3245 zpad = 1;
3246 }
3247 if ((n = *d >> 4) != 0 || zpad) {
3248 *cp++ = digits[n];
3249 zpad = 1;
3250 }
3251 if ((n = *d & 0xf) != 0 || zpad) {
3252 *cp++ = digits[n];
3253 }
3254 *cp++ = ':';
3255 a++;
3256 }
3257 *--cp = 0;
3258 return ip6buf[ip6round];
3259 }
3260
3261 int
in6addr_local(struct in6_addr * in6)3262 in6addr_local(struct in6_addr *in6)
3263 {
3264 struct rtentry *rt;
3265 struct sockaddr_in6 sin6;
3266 int local = 0;
3267
3268 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_SCOPE_LINKLOCAL(in6)) {
3269 return 1;
3270 }
3271
3272 sin6.sin6_family = AF_INET6;
3273 sin6.sin6_len = sizeof(sin6);
3274 bcopy(in6, &sin6.sin6_addr, sizeof(*in6));
3275 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
3276
3277 if (rt != NULL) {
3278 RT_LOCK_SPIN(rt);
3279 if (rt->rt_gateway->sa_family == AF_LINK) {
3280 local = 1;
3281 }
3282 RT_UNLOCK(rt);
3283 rtfree(rt);
3284 } else {
3285 local = in6_localaddr(in6);
3286 }
3287 return local;
3288 }
3289
3290 int
in6_localaddr(struct in6_addr * in6)3291 in6_localaddr(struct in6_addr *in6)
3292 {
3293 struct in6_ifaddr *ia;
3294
3295 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_MC_UNICAST_BASED_LINKLOCAL(in6)) {
3296 return 1;
3297 }
3298
3299 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3300 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
3301 IFA_LOCK_SPIN(&ia->ia_ifa);
3302 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
3303 &ia->ia_prefixmask.sin6_addr)) {
3304 IFA_UNLOCK(&ia->ia_ifa);
3305 lck_rw_done(&in6_ifaddr_rwlock);
3306 return 1;
3307 }
3308 IFA_UNLOCK(&ia->ia_ifa);
3309 }
3310 lck_rw_done(&in6_ifaddr_rwlock);
3311 return 0;
3312 }
3313
3314 /*
3315 * return length of part which dst and src are equal
3316 * hard coding...
3317 */
3318 int
in6_matchlen(struct in6_addr * src,struct in6_addr * dst)3319 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
3320 {
3321 int match = 0;
3322 u_char *s = (u_char *)src, *d = (u_char *)dst;
3323 u_char *lim = s + 16, r;
3324
3325 while (s < lim) {
3326 if ((r = (*d++ ^ *s++)) != 0) {
3327 while (r < 128) {
3328 match++;
3329 r <<= 1;
3330 }
3331 break;
3332 } else {
3333 match += 8;
3334 }
3335 }
3336 return match;
3337 }
3338
3339 /* XXX: to be scope conscious */
3340 int
in6_are_prefix_equal(struct in6_addr * p1,uint32_t ifscope1,struct in6_addr * p2,uint32_t ifscope2,int len)3341 in6_are_prefix_equal(struct in6_addr *p1, uint32_t ifscope1, struct in6_addr *p2, uint32_t ifscope2, int len)
3342 {
3343 int bytelen, bitlen;
3344
3345 /* sanity check */
3346 if (0 > len || len > 128) {
3347 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3348 return 0;
3349 }
3350
3351 bytelen = len / 8;
3352 bitlen = len % 8;
3353
3354 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) {
3355 return 0;
3356 }
3357 if (bitlen != 0 &&
3358 p1->s6_addr[bytelen] >> (8 - bitlen) !=
3359 p2->s6_addr[bytelen] >> (8 - bitlen)) {
3360 return 0;
3361 }
3362
3363 if (IN6_IS_SCOPE_EMBED(p1) && !in6_embedded_scope) {
3364 return ifscope1 == ifscope2;
3365 }
3366
3367 return 1;
3368 }
3369
3370 void
in6_prefixlen2mask(struct in6_addr * maskp,int len)3371 in6_prefixlen2mask(struct in6_addr *maskp, int len)
3372 {
3373 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
3374 int bytelen, bitlen, i;
3375
3376 /* sanity check */
3377 if (0 > len || len > 128) {
3378 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3379 return;
3380 }
3381
3382 bzero(maskp, sizeof(*maskp));
3383 bytelen = len / 8;
3384 bitlen = len % 8;
3385 for (i = 0; i < bytelen; i++) {
3386 maskp->s6_addr[i] = 0xff;
3387 }
3388 if (bitlen) {
3389 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
3390 }
3391 }
3392
3393 /*
3394 * return the best address out of the same scope
3395 */
3396 struct in6_ifaddr *
in6_ifawithscope(struct ifnet * oifp,struct in6_addr * dst)3397 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst)
3398 {
3399 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
3400 int blen = -1;
3401 struct ifaddr *ifa;
3402 struct ifnet *ifp;
3403 struct in6_ifaddr *ifa_best = NULL;
3404
3405 if (oifp == NULL) {
3406 return NULL;
3407 }
3408
3409 /*
3410 * We search for all addresses on all interfaces from the beginning.
3411 * Comparing an interface with the outgoing interface will be done
3412 * only at the final stage of tiebreaking.
3413 */
3414 ifnet_head_lock_shared();
3415 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3416 /*
3417 * We can never take an address that breaks the scope zone
3418 * of the destination.
3419 */
3420 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) {
3421 continue;
3422 }
3423
3424 ifnet_lock_shared(ifp);
3425 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3426 int tlen = -1, dscopecmp, bscopecmp, matchcmp;
3427
3428 IFA_LOCK(ifa);
3429 if (ifa->ifa_addr->sa_family != AF_INET6) {
3430 IFA_UNLOCK(ifa);
3431 continue;
3432 }
3433 src_scope = in6_addrscope(IFA_IN6(ifa));
3434
3435 /*
3436 * Don't use an address before completing DAD
3437 * nor a duplicated address.
3438 */
3439 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3440 (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3441 IFA_UNLOCK(ifa);
3442 continue;
3443 }
3444 /* XXX: is there any case to allow anycasts? */
3445 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3446 IN6_IFF_ANYCAST) {
3447 IFA_UNLOCK(ifa);
3448 continue;
3449 }
3450 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3451 IN6_IFF_DETACHED) {
3452 IFA_UNLOCK(ifa);
3453 continue;
3454 }
3455 /*
3456 * If this is the first address we find,
3457 * keep it anyway.
3458 */
3459 if (ifa_best == NULL) {
3460 goto replace;
3461 }
3462
3463 /*
3464 * ifa_best is never NULL beyond this line except
3465 * within the block labeled "replace".
3466 */
3467
3468 /*
3469 * If ifa_best has a smaller scope than dst and
3470 * the current address has a larger one than
3471 * (or equal to) dst, always replace ifa_best.
3472 * Also, if the current address has a smaller scope
3473 * than dst, ignore it unless ifa_best also has a
3474 * smaller scope.
3475 * Consequently, after the two if-clause below,
3476 * the followings must be satisfied:
3477 * (scope(src) < scope(dst) &&
3478 * scope(best) < scope(dst))
3479 * OR
3480 * (scope(best) >= scope(dst) &&
3481 * scope(src) >= scope(dst))
3482 */
3483 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 &&
3484 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) {
3485 goto replace; /* (A) */
3486 }
3487 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 &&
3488 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) {
3489 IFA_UNLOCK(ifa);
3490 continue; /* (B) */
3491 }
3492 /*
3493 * A deprecated address SHOULD NOT be used in new
3494 * communications if an alternate (non-deprecated)
3495 * address is available and has sufficient scope.
3496 * RFC 4862, Section 5.5.4.
3497 */
3498 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3499 IN6_IFF_DEPRECATED) {
3500 /*
3501 * Ignore any deprecated addresses if
3502 * specified by configuration.
3503 */
3504 if (!ip6_use_deprecated) {
3505 IFA_UNLOCK(ifa);
3506 continue;
3507 }
3508 /*
3509 * If we have already found a non-deprecated
3510 * candidate, just ignore deprecated addresses.
3511 */
3512 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
3513 == 0) {
3514 IFA_UNLOCK(ifa);
3515 continue;
3516 }
3517 }
3518
3519 /*
3520 * A non-deprecated address is always preferred
3521 * to a deprecated one regardless of scopes and
3522 * address matching (Note invariants ensured by the
3523 * conditions (A) and (B) above.)
3524 */
3525 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
3526 (((struct in6_ifaddr *)ifa)->ia6_flags &
3527 IN6_IFF_DEPRECATED) == 0) {
3528 goto replace;
3529 }
3530
3531 /*
3532 * When we use temporary addresses described in
3533 * RFC 4941, we prefer temporary addresses to
3534 * public autoconf addresses. Again, note the
3535 * invariants from (A) and (B). Also note that we
3536 * don't have any preference between static addresses
3537 * and autoconf addresses (despite of whether or not
3538 * the latter is temporary or public.)
3539 */
3540 if (ip6_use_tempaddr) {
3541 struct in6_ifaddr *ifat;
3542
3543 ifat = (struct in6_ifaddr *)ifa;
3544 if ((ifa_best->ia6_flags &
3545 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3546 == IN6_IFF_AUTOCONF &&
3547 (ifat->ia6_flags &
3548 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3549 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY)) {
3550 goto replace;
3551 }
3552 if ((ifa_best->ia6_flags &
3553 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3554 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY) &&
3555 (ifat->ia6_flags &
3556 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3557 == IN6_IFF_AUTOCONF) {
3558 IFA_UNLOCK(ifa);
3559 continue;
3560 }
3561 }
3562
3563 /*
3564 * At this point, we have two cases:
3565 * 1. we are looking at a non-deprecated address,
3566 * and ifa_best is also non-deprecated.
3567 * 2. we are looking at a deprecated address,
3568 * and ifa_best is also deprecated.
3569 * Also, we do not have to consider a case where
3570 * the scope of if_best is larger(smaller) than dst and
3571 * the scope of the current address is smaller(larger)
3572 * than dst. Such a case has already been covered.
3573 * Tiebreaking is done according to the following
3574 * items:
3575 * - the scope comparison between the address and
3576 * dst (dscopecmp)
3577 * - the scope comparison between the address and
3578 * ifa_best (bscopecmp)
3579 * - if the address match dst longer than ifa_best
3580 * (matchcmp)
3581 * - if the address is on the outgoing I/F (outI/F)
3582 *
3583 * Roughly speaking, the selection policy is
3584 * - the most important item is scope. The same scope
3585 * is best. Then search for a larger scope.
3586 * Smaller scopes are the last resort.
3587 * - A deprecated address is chosen only when we have
3588 * no address that has an enough scope, but is
3589 * prefered to any addresses of smaller scopes
3590 * (this must be already done above.)
3591 * - addresses on the outgoing I/F are preferred to
3592 * ones on other interfaces if none of above
3593 * tiebreaks. In the table below, the column "bI"
3594 * means if the best_ifa is on the outgoing
3595 * interface, and the column "sI" means if the ifa
3596 * is on the outgoing interface.
3597 * - If there is no other reasons to choose one,
3598 * longest address match against dst is considered.
3599 *
3600 * The precise decision table is as follows:
3601 * dscopecmp bscopecmp match bI oI | replace?
3602 * N/A equal N/A Y N | No (1)
3603 * N/A equal N/A N Y | Yes (2)
3604 * N/A equal larger N/A | Yes (3)
3605 * N/A equal !larger N/A | No (4)
3606 * larger larger N/A N/A | No (5)
3607 * larger smaller N/A N/A | Yes (6)
3608 * smaller larger N/A N/A | Yes (7)
3609 * smaller smaller N/A N/A | No (8)
3610 * equal smaller N/A N/A | Yes (9)
3611 * equal larger (already done at A above)
3612 */
3613 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
3614 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
3615
3616 if (bscopecmp == 0) {
3617 struct ifnet *bifp = ifa_best->ia_ifp;
3618
3619 if (bifp == oifp && ifp != oifp) { /* (1) */
3620 IFA_UNLOCK(ifa);
3621 continue;
3622 }
3623 if (bifp != oifp && ifp == oifp) { /* (2) */
3624 goto replace;
3625 }
3626
3627 /*
3628 * Both bifp and ifp are on the outgoing
3629 * interface, or both two are on a different
3630 * interface from the outgoing I/F.
3631 * now we need address matching against dst
3632 * for tiebreaking.
3633 */
3634 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3635 matchcmp = tlen - blen;
3636 if (matchcmp > 0) { /* (3) */
3637 goto replace;
3638 }
3639 IFA_UNLOCK(ifa);
3640 continue; /* (4) */
3641 }
3642 if (dscopecmp > 0) {
3643 if (bscopecmp > 0) { /* (5) */
3644 IFA_UNLOCK(ifa);
3645 continue;
3646 }
3647 goto replace; /* (6) */
3648 }
3649 if (dscopecmp < 0) {
3650 if (bscopecmp > 0) { /* (7) */
3651 goto replace;
3652 }
3653 IFA_UNLOCK(ifa);
3654 continue; /* (8) */
3655 }
3656
3657 /* now dscopecmp must be 0 */
3658 if (bscopecmp < 0) {
3659 goto replace; /* (9) */
3660 }
3661 replace:
3662 IFA_ADDREF_LOCKED(ifa); /* for ifa_best */
3663 blen = tlen >= 0 ? tlen :
3664 in6_matchlen(IFA_IN6(ifa), dst);
3665 best_scope =
3666 in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr);
3667 IFA_UNLOCK(ifa);
3668 if (ifa_best) {
3669 IFA_REMREF(&ifa_best->ia_ifa);
3670 }
3671 ifa_best = (struct in6_ifaddr *)ifa;
3672 }
3673 ifnet_lock_done(ifp);
3674 }
3675 ifnet_head_done();
3676
3677 /* count statistics for future improvements */
3678 if (ifa_best == NULL) {
3679 ip6stat.ip6s_sources_none++;
3680 } else {
3681 IFA_LOCK_SPIN(&ifa_best->ia_ifa);
3682 if (oifp == ifa_best->ia_ifp) {
3683 ip6stat.ip6s_sources_sameif[best_scope]++;
3684 } else {
3685 ip6stat.ip6s_sources_otherif[best_scope]++;
3686 }
3687
3688 if (best_scope == dst_scope) {
3689 ip6stat.ip6s_sources_samescope[best_scope]++;
3690 } else {
3691 ip6stat.ip6s_sources_otherscope[best_scope]++;
3692 }
3693
3694 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
3695 ip6stat.ip6s_sources_deprecated[best_scope]++;
3696 }
3697 IFA_UNLOCK(&ifa_best->ia_ifa);
3698 }
3699
3700 return ifa_best;
3701 }
3702
3703 /*
3704 * return the best address out of the same scope. if no address was
3705 * found, return the first valid address from designated IF.
3706 */
3707 struct in6_ifaddr *
in6_ifawithifp(struct ifnet * ifp,struct in6_addr * dst)3708 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
3709 {
3710 int dst_scope = in6_addrscope(dst), blen = -1, tlen;
3711 struct ifaddr *ifa;
3712 struct in6_ifaddr *besta = NULL;
3713 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
3714
3715 dep[0] = dep[1] = NULL;
3716
3717 /*
3718 * We first look for addresses in the same scope.
3719 * If there is one, return it.
3720 * If two or more, return one which matches the dst longest.
3721 * If none, return one of global addresses assigned other ifs.
3722 */
3723 ifnet_lock_shared(ifp);
3724 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3725 IFA_LOCK(ifa);
3726 if (ifa->ifa_addr->sa_family != AF_INET6) {
3727 IFA_UNLOCK(ifa);
3728 continue;
3729 }
3730 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3731 IFA_UNLOCK(ifa);
3732 continue; /* XXX: is there any case to allow anycast? */
3733 }
3734 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3735 IFA_UNLOCK(ifa);
3736 continue; /* don't use this interface */
3737 }
3738 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3739 IFA_UNLOCK(ifa);
3740 continue;
3741 }
3742 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3743 if (ip6_use_deprecated) {
3744 IFA_ADDREF_LOCKED(ifa); /* for dep[0] */
3745 IFA_UNLOCK(ifa);
3746 if (dep[0] != NULL) {
3747 IFA_REMREF(&dep[0]->ia_ifa);
3748 }
3749 dep[0] = (struct in6_ifaddr *)ifa;
3750 } else {
3751 IFA_UNLOCK(ifa);
3752 }
3753 continue;
3754 }
3755
3756 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
3757 /*
3758 * call in6_matchlen() as few as possible
3759 */
3760 if (besta) {
3761 if (blen == -1) {
3762 IFA_UNLOCK(ifa);
3763 IFA_LOCK(&besta->ia_ifa);
3764 blen = in6_matchlen(
3765 &besta->ia_addr.sin6_addr, dst);
3766 IFA_UNLOCK(&besta->ia_ifa);
3767 IFA_LOCK(ifa);
3768 }
3769 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3770 if (tlen > blen) {
3771 blen = tlen;
3772 IFA_ADDREF_LOCKED(ifa); /* for besta */
3773 IFA_UNLOCK(ifa);
3774 IFA_REMREF(&besta->ia_ifa);
3775 besta = (struct in6_ifaddr *)ifa;
3776 } else {
3777 IFA_UNLOCK(ifa);
3778 }
3779 } else {
3780 besta = (struct in6_ifaddr *)ifa;
3781 IFA_ADDREF_LOCKED(ifa); /* for besta */
3782 IFA_UNLOCK(ifa);
3783 }
3784 } else {
3785 IFA_UNLOCK(ifa);
3786 }
3787 }
3788 if (besta) {
3789 ifnet_lock_done(ifp);
3790 if (dep[0] != NULL) {
3791 IFA_REMREF(&dep[0]->ia_ifa);
3792 }
3793 return besta;
3794 }
3795
3796 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3797 IFA_LOCK(ifa);
3798 if (ifa->ifa_addr->sa_family != AF_INET6) {
3799 IFA_UNLOCK(ifa);
3800 continue;
3801 }
3802 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3803 IFA_UNLOCK(ifa);
3804 continue; /* XXX: is there any case to allow anycast? */
3805 }
3806 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3807 IFA_UNLOCK(ifa);
3808 continue; /* don't use this interface */
3809 }
3810 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3811 IFA_UNLOCK(ifa);
3812 continue;
3813 }
3814 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3815 if (ip6_use_deprecated) {
3816 IFA_ADDREF_LOCKED(ifa); /* for dep[1] */
3817 IFA_UNLOCK(ifa);
3818 if (dep[1] != NULL) {
3819 IFA_REMREF(&dep[1]->ia_ifa);
3820 }
3821 dep[1] = (struct in6_ifaddr *)ifa;
3822 } else {
3823 IFA_UNLOCK(ifa);
3824 }
3825 continue;
3826 }
3827 IFA_ADDREF_LOCKED(ifa); /* for caller */
3828 IFA_UNLOCK(ifa);
3829 ifnet_lock_done(ifp);
3830 if (dep[0] != NULL) {
3831 IFA_REMREF(&dep[0]->ia_ifa);
3832 }
3833 if (dep[1] != NULL) {
3834 IFA_REMREF(&dep[1]->ia_ifa);
3835 }
3836 return (struct in6_ifaddr *)ifa;
3837 }
3838 ifnet_lock_done(ifp);
3839
3840 /* use the last-resort values, that are, deprecated addresses */
3841 if (dep[0]) {
3842 if (dep[1] != NULL) {
3843 IFA_REMREF(&dep[1]->ia_ifa);
3844 }
3845 return dep[0];
3846 }
3847 if (dep[1]) {
3848 return dep[1];
3849 }
3850
3851 return NULL;
3852 }
3853
3854 /*
3855 * perform DAD when interface becomes IFF_UP.
3856 */
3857 static void
in6_if_up_dad_start(struct ifnet * ifp)3858 in6_if_up_dad_start(struct ifnet *ifp)
3859 {
3860 struct ifaddr *ifa;
3861 struct nd_ifinfo *ndi = NULL;
3862
3863 ndi = ND_IFINFO(ifp);
3864 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3865 if (!(ndi->flags & ND6_IFF_DAD)) {
3866 return;
3867 }
3868
3869 /* start DAD on all the interface addresses */
3870 ifnet_lock_exclusive(ifp);
3871 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3872 struct in6_ifaddr *ia6;
3873
3874 IFA_LOCK_SPIN(ifa);
3875 if (ifa->ifa_addr->sa_family != AF_INET6) {
3876 IFA_UNLOCK(ifa);
3877 continue;
3878 }
3879 ia6 = (struct in6_ifaddr *)ifa;
3880 if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) {
3881 int delay = 0; /* delay ticks before DAD output */
3882 IFA_UNLOCK(ifa);
3883 nd6_dad_start(ifa, &delay);
3884 } else {
3885 IFA_UNLOCK(ifa);
3886 }
3887 }
3888 ifnet_lock_done(ifp);
3889 }
3890
3891 int
in6if_do_dad(struct ifnet * ifp)3892 in6if_do_dad(
3893 struct ifnet *ifp)
3894 {
3895 struct nd_ifinfo *ndi = NULL;
3896
3897 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
3898 return 0;
3899 }
3900
3901 ndi = ND_IFINFO(ifp);
3902 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3903 if (!(ndi->flags & ND6_IFF_DAD)) {
3904 return 0;
3905 }
3906
3907 /*
3908 * If we are using the alternative neighbor discovery
3909 * interface on this interface, then skip DAD.
3910 *
3911 * Also, skip it for interfaces marked "local private"
3912 * for now, even when not marked as using the alternative
3913 * interface. This is for historical reasons.
3914 */
3915 if (ifp->if_eflags &
3916 (IFEF_IPV6_ND6ALT | IFEF_LOCALNET_PRIVATE | IFEF_DIRECTLINK)) {
3917 return 0;
3918 }
3919
3920 if (ifp->if_family == IFNET_FAMILY_IPSEC ||
3921 ifp->if_family == IFNET_FAMILY_UTUN) {
3922 /*
3923 * Ignore DAD for tunneling virtual interfaces, which get
3924 * their IPv6 address explicitly assigned.
3925 */
3926 return 0;
3927 }
3928
3929 switch (ifp->if_type) {
3930 #if IFT_DUMMY
3931 case IFT_DUMMY:
3932 #endif
3933 case IFT_FAITH:
3934 /*
3935 * These interfaces do not have the IFF_LOOPBACK flag,
3936 * but loop packets back. We do not have to do DAD on such
3937 * interfaces. We should even omit it, because loop-backed
3938 * NS would confuse the DAD procedure.
3939 */
3940 return 0;
3941 default:
3942 /*
3943 * Our DAD routine requires the interface up and running.
3944 * However, some interfaces can be up before the RUNNING
3945 * status. Additionaly, users may try to assign addresses
3946 * before the interface becomes up (or running).
3947 * We simply skip DAD in such a case as a work around.
3948 * XXX: we should rather mark "tentative" on such addresses,
3949 * and do DAD after the interface becomes ready.
3950 */
3951 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) !=
3952 (IFF_UP | IFF_RUNNING)) {
3953 return 0;
3954 }
3955
3956 return 1;
3957 }
3958 }
3959
3960 /*
3961 * Calculate max IPv6 MTU through all the interfaces and store it
3962 * to in6_maxmtu.
3963 */
3964 void
in6_setmaxmtu(void)3965 in6_setmaxmtu(void)
3966 {
3967 u_int32_t maxmtu = 0;
3968 struct ifnet *ifp;
3969
3970 ifnet_head_lock_shared();
3971 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3972 struct nd_ifinfo *ndi = NULL;
3973
3974 if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized) {
3975 ndi = NULL;
3976 }
3977 if (ndi != NULL) {
3978 lck_mtx_lock(&ndi->lock);
3979 }
3980 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
3981 IN6_LINKMTU(ifp) > maxmtu) {
3982 maxmtu = IN6_LINKMTU(ifp);
3983 }
3984 if (ndi != NULL) {
3985 lck_mtx_unlock(&ndi->lock);
3986 }
3987 }
3988 ifnet_head_done();
3989 if (maxmtu) { /* update only when maxmtu is positive */
3990 in6_maxmtu = maxmtu;
3991 }
3992 }
3993 /*
3994 * Provide the length of interface identifiers to be used for the link attached
3995 * to the given interface. The length should be defined in "IPv6 over
3996 * xxx-link" document. Note that address architecture might also define
3997 * the length for a particular set of address prefixes, regardless of the
3998 * link type. Also see RFC 4862 for additional background.
3999 */
4000 int
in6_if2idlen(struct ifnet * ifp)4001 in6_if2idlen(struct ifnet *ifp)
4002 {
4003 switch (ifp->if_type) {
4004 case IFT_ETHER: /* RFC2464 */
4005 case IFT_IEEE8023ADLAG: /* IEEE802.3ad Link Aggregate */
4006 #ifdef IFT_PROPVIRTUAL
4007 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */
4008 #endif
4009 #ifdef IFT_L2VLAN
4010 case IFT_L2VLAN: /* ditto */
4011 #endif
4012 #ifdef IFT_IEEE80211
4013 case IFT_IEEE80211: /* ditto */
4014 #endif
4015 #ifdef IFT_MIP
4016 case IFT_MIP: /* ditto */
4017 #endif
4018 return 64;
4019 case IFT_FDDI: /* RFC2467 */
4020 return 64;
4021 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */
4022 return 64;
4023 case IFT_PPP: /* RFC2472 */
4024 return 64;
4025 case IFT_ARCNET: /* RFC2497 */
4026 return 64;
4027 case IFT_FRELAY: /* RFC2590 */
4028 return 64;
4029 case IFT_IEEE1394: /* RFC3146 */
4030 return 64;
4031 case IFT_GIF:
4032 return 64; /* draft-ietf-v6ops-mech-v2-07 */
4033 case IFT_LOOP:
4034 return 64; /* XXX: is this really correct? */
4035 case IFT_OTHER:
4036 return 64; /* for utun interfaces */
4037 case IFT_CELLULAR:
4038 return 64; /* Packet Data over Cellular */
4039 case IFT_BRIDGE:
4040 return 64; /* Transparent bridge interface */
4041 case IFT_6LOWPAN:
4042 return 64; /* 6LoWPAN */
4043 default:
4044 /*
4045 * Unknown link type:
4046 * It might be controversial to use the today's common constant
4047 * of 64 for these cases unconditionally. For full compliance,
4048 * we should return an error in this case. On the other hand,
4049 * if we simply miss the standard for the link type or a new
4050 * standard is defined for a new link type, the IFID length
4051 * is very likely to be the common constant. As a compromise,
4052 * we always use the constant, but make an explicit notice
4053 * indicating the "unknown" case.
4054 */
4055 log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__,
4056 ifp->if_type);
4057 return 64;
4058 }
4059 }
4060 /*
4061 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
4062 * v4 mapped addr or v4 compat addr
4063 */
4064 void
in6_sin6_2_sin(struct sockaddr_in * sin,struct sockaddr_in6 * sin6)4065 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
4066 {
4067 bzero(sin, sizeof(*sin));
4068 sin->sin_len = sizeof(struct sockaddr_in);
4069 sin->sin_family = AF_INET;
4070 sin->sin_port = sin6->sin6_port;
4071 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
4072 }
4073
4074 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
4075 void
in6_sin_2_v4mapsin6(struct sockaddr_in * sin,struct sockaddr_in6 * sin6)4076 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
4077 {
4078 bzero(sin6, sizeof(*sin6));
4079 sin6->sin6_len = sizeof(struct sockaddr_in6);
4080 sin6->sin6_family = AF_INET6;
4081 sin6->sin6_port = sin->sin_port;
4082 sin6->sin6_addr.s6_addr32[0] = 0;
4083 sin6->sin6_addr.s6_addr32[1] = 0;
4084 if (sin->sin_addr.s_addr) {
4085 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
4086 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
4087 } else {
4088 sin6->sin6_addr.s6_addr32[2] = 0;
4089 sin6->sin6_addr.s6_addr32[3] = 0;
4090 }
4091 }
4092
4093 /* Convert sockaddr_in6 into sockaddr_in. */
4094 void
in6_sin6_2_sin_in_sock(struct sockaddr * nam)4095 in6_sin6_2_sin_in_sock(struct sockaddr *nam)
4096 {
4097 struct sockaddr_in *sin_p;
4098 struct sockaddr_in6 sin6;
4099
4100 /*
4101 * Save original sockaddr_in6 addr and convert it
4102 * to sockaddr_in.
4103 */
4104 sin6 = *(struct sockaddr_in6 *)(void *)nam;
4105 sin_p = (struct sockaddr_in *)(void *)nam;
4106 in6_sin6_2_sin(sin_p, &sin6);
4107 }
4108
4109 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
4110 int
in6_sin_2_v4mapsin6_in_sock(struct sockaddr ** nam)4111 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
4112 {
4113 struct sockaddr_in *sin_p;
4114 struct sockaddr_in6 *sin6_p;
4115
4116 sin6_p = (struct sockaddr_in6 *)alloc_sockaddr(sizeof(*sin6_p),
4117 Z_WAITOK | Z_NOFAIL);
4118
4119 sin_p = (struct sockaddr_in *)(void *)*nam;
4120 in6_sin_2_v4mapsin6(sin_p, sin6_p);
4121 free_sockaddr(*nam);
4122 *nam = (struct sockaddr *)sin6_p;
4123
4124 return 0;
4125 }
4126
4127 /*
4128 * Posts in6_event_data message kernel events.
4129 *
4130 * To get the same size of kev_in6_data between ILP32 and LP64 data models
4131 * we are using a special version of the in6_addrlifetime structure that
4132 * uses only 32 bits fields to be compatible with Leopard, and that
4133 * are large enough to span 68 years.
4134 */
4135 void
in6_post_msg(struct ifnet * ifp,u_int32_t event_code,struct in6_ifaddr * ifa,uint8_t * mac)4136 in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa,
4137 uint8_t *mac)
4138 {
4139 struct kev_msg ev_msg;
4140 struct kev_in6_data in6_event_data;
4141 struct in6_addrlifetime ia6_lt;
4142
4143 bzero(&in6_event_data, sizeof(struct kev_in6_data));
4144 bzero(&ev_msg, sizeof(struct kev_msg));
4145 ev_msg.vendor_code = KEV_VENDOR_APPLE;
4146 ev_msg.kev_class = KEV_NETWORK_CLASS;
4147 ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
4148 ev_msg.event_code = event_code;
4149
4150 if (ifa) {
4151 IFA_LOCK(&ifa->ia_ifa);
4152 in6_event_data.ia_addr = ifa->ia_addr;
4153 in6_event_data.ia_net = ifa->ia_net;
4154 in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
4155 in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
4156 in6_event_data.ia_plen = ifa->ia_plen;
4157 in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
4158
4159 /* retrieve time as calendar time (last arg is 1) */
4160 in6ifa_getlifetime(ifa, &ia6_lt, 1);
4161 in6_event_data.ia_lifetime.ia6t_expire = (u_int32_t)ia6_lt.ia6t_expire;
4162 in6_event_data.ia_lifetime.ia6t_preferred = (u_int32_t)ia6_lt.ia6t_preferred;
4163 in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime;
4164 in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime;
4165 IFA_UNLOCK(&ifa->ia_ifa);
4166 }
4167
4168 if (ifp != NULL) {
4169 (void) strlcpy(&in6_event_data.link_data.if_name[0],
4170 ifp->if_name, IFNAMSIZ);
4171 in6_event_data.link_data.if_family = ifp->if_family;
4172 in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
4173 }
4174
4175 if (mac != NULL) {
4176 memcpy(&in6_event_data.ia_mac, mac,
4177 sizeof(in6_event_data.ia_mac));
4178 }
4179
4180 ev_msg.dv[0].data_ptr = &in6_event_data;
4181 ev_msg.dv[0].data_length = sizeof(in6_event_data);
4182 ev_msg.dv[1].data_length = 0;
4183
4184 dlil_post_complete_msg(NULL, &ev_msg);
4185 }
4186
4187 /*
4188 * Called as part of ip6_init
4189 */
4190 void
in6_ifaddr_init(void)4191 in6_ifaddr_init(void)
4192 {
4193 in6_cga_init();
4194 in6_multi_init();
4195
4196 PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof(in6ifa_debug));
4197
4198 vm_size_t in6ifa_size = (in6ifa_debug == 0) ? sizeof(struct in6_ifaddr) :
4199 sizeof(struct in6_ifaddr_dbg);
4200
4201 in6ifa_zone = zone_create(IN6IFA_ZONE_NAME, in6ifa_size, ZC_ZFREE_CLEARMEM);
4202
4203 TAILQ_INIT(&in6ifa_trash_head);
4204 }
4205
4206 static struct in6_ifaddr *
in6_ifaddr_alloc(zalloc_flags_t how)4207 in6_ifaddr_alloc(zalloc_flags_t how)
4208 {
4209 struct in6_ifaddr *in6ifa;
4210
4211 in6ifa = zalloc_flags(in6ifa_zone, how | Z_ZERO);
4212 if (in6ifa != NULL) {
4213 in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
4214 in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC;
4215 in6ifa->ia_ifa.ifa_del_wc = &in6ifa->ia_ifa.ifa_debug;
4216 in6ifa->ia_ifa.ifa_del_waiters = 0;
4217 ifa_lock_init(&in6ifa->ia_ifa);
4218 if (in6ifa_debug != 0) {
4219 struct in6_ifaddr_dbg *in6ifa_dbg =
4220 (struct in6_ifaddr_dbg *)in6ifa;
4221 in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG;
4222 in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
4223 in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached;
4224 in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached;
4225 ctrace_record(&in6ifa_dbg->in6ifa_alloc);
4226 }
4227 }
4228
4229 return in6ifa;
4230 }
4231
4232 static void
in6_ifaddr_free(struct ifaddr * ifa)4233 in6_ifaddr_free(struct ifaddr *ifa)
4234 {
4235 IFA_LOCK_ASSERT_HELD(ifa);
4236
4237 if (ifa->ifa_refcnt != 0) {
4238 panic("%s: ifa %p bad ref cnt", __func__, ifa);
4239 /* NOTREACHED */
4240 } else if (!(ifa->ifa_debug & IFD_ALLOC)) {
4241 panic("%s: ifa %p cannot be freed", __func__, ifa);
4242 /* NOTREACHED */
4243 }
4244 if (ifa->ifa_debug & IFD_DEBUG) {
4245 struct in6_ifaddr_dbg *in6ifa_dbg =
4246 (struct in6_ifaddr_dbg *)ifa;
4247 ctrace_record(&in6ifa_dbg->in6ifa_free);
4248 bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
4249 sizeof(struct in6_ifaddr));
4250 if (ifa->ifa_debug & IFD_TRASHED) {
4251 /* Become a regular mutex, just in case */
4252 IFA_CONVERT_LOCK(ifa);
4253 lck_mtx_lock(&in6ifa_trash_lock);
4254 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg,
4255 in6ifa_trash_link);
4256 lck_mtx_unlock(&in6ifa_trash_lock);
4257 ifa->ifa_debug &= ~IFD_TRASHED;
4258 }
4259 }
4260 IFA_UNLOCK(ifa);
4261 ifa_lock_destroy(ifa);
4262 bzero(ifa, sizeof(struct in6_ifaddr));
4263 zfree(in6ifa_zone, ifa);
4264 }
4265
4266 static void
in6_ifaddr_attached(struct ifaddr * ifa)4267 in6_ifaddr_attached(struct ifaddr *ifa)
4268 {
4269 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4270
4271 IFA_LOCK_ASSERT_HELD(ifa);
4272
4273 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4274 panic("%s: ifa %p has no debug structure", __func__, ifa);
4275 /* NOTREACHED */
4276 }
4277 if (ifa->ifa_debug & IFD_TRASHED) {
4278 /* Become a regular mutex, just in case */
4279 IFA_CONVERT_LOCK(ifa);
4280 lck_mtx_lock(&in6ifa_trash_lock);
4281 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4282 lck_mtx_unlock(&in6ifa_trash_lock);
4283 ifa->ifa_debug &= ~IFD_TRASHED;
4284 }
4285 }
4286
4287 static void
in6_ifaddr_detached(struct ifaddr * ifa)4288 in6_ifaddr_detached(struct ifaddr *ifa)
4289 {
4290 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4291
4292 IFA_LOCK_ASSERT_HELD(ifa);
4293
4294 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4295 panic("%s: ifa %p has no debug structure", __func__, ifa);
4296 /* NOTREACHED */
4297 } else if (ifa->ifa_debug & IFD_TRASHED) {
4298 panic("%s: ifa %p is already in trash list", __func__, ifa);
4299 /* NOTREACHED */
4300 }
4301 ifa->ifa_debug |= IFD_TRASHED;
4302 /* Become a regular mutex, just in case */
4303 IFA_CONVERT_LOCK(ifa);
4304 lck_mtx_lock(&in6ifa_trash_lock);
4305 TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4306 lck_mtx_unlock(&in6ifa_trash_lock);
4307 }
4308
4309 static void
in6_ifaddr_trace(struct ifaddr * ifa,int refhold)4310 in6_ifaddr_trace(struct ifaddr *ifa, int refhold)
4311 {
4312 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4313 ctrace_t *tr;
4314 u_int32_t idx;
4315 u_int16_t *cnt;
4316
4317 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4318 panic("%s: ifa %p has no debug structure", __func__, ifa);
4319 /* NOTREACHED */
4320 }
4321 if (refhold) {
4322 cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
4323 tr = in6ifa_dbg->in6ifa_refhold;
4324 } else {
4325 cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
4326 tr = in6ifa_dbg->in6ifa_refrele;
4327 }
4328
4329 idx = atomic_add_16_ov(cnt, 1) % IN6IFA_TRACE_HIST_SIZE;
4330 ctrace_record(&tr[idx]);
4331 }
4332
4333 /*
4334 * Handle SIOCGASSOCIDS ioctl for PF_INET6 domain.
4335 */
4336 static int
in6_getassocids(struct socket * so,uint32_t * cnt,user_addr_t aidp)4337 in6_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp)
4338 {
4339 struct in6pcb *in6p = sotoin6pcb(so);
4340 sae_associd_t aid;
4341
4342 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4343 return EINVAL;
4344 }
4345
4346 /* IN6PCB has no concept of association */
4347 aid = SAE_ASSOCID_ANY;
4348 *cnt = 0;
4349
4350 /* just asking how many there are? */
4351 if (aidp == USER_ADDR_NULL) {
4352 return 0;
4353 }
4354
4355 return copyout(&aid, aidp, sizeof(aid));
4356 }
4357
4358 /*
4359 * Handle SIOCGCONNIDS ioctl for PF_INET6 domain.
4360 */
4361 static int
in6_getconnids(struct socket * so,sae_associd_t aid,uint32_t * cnt,user_addr_t cidp)4362 in6_getconnids(struct socket *so, sae_associd_t aid, uint32_t *cnt,
4363 user_addr_t cidp)
4364 {
4365 struct in6pcb *in6p = sotoin6pcb(so);
4366 sae_connid_t cid;
4367
4368 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4369 return EINVAL;
4370 }
4371
4372 if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
4373 return EINVAL;
4374 }
4375
4376 /* if connected, return 1 connection count */
4377 *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0);
4378
4379 /* just asking how many there are? */
4380 if (cidp == USER_ADDR_NULL) {
4381 return 0;
4382 }
4383
4384 /* if IN6PCB is connected, assign it connid 1 */
4385 cid = ((*cnt != 0) ? 1 : SAE_CONNID_ANY);
4386
4387 return copyout(&cid, cidp, sizeof(cid));
4388 }
4389
4390 /*
4391 * Handle SIOCGCONNINFO ioctl for PF_INET6 domain.
4392 */
4393 int
in6_getconninfo(struct socket * so,sae_connid_t cid,uint32_t * flags,uint32_t * ifindex,int32_t * soerror,user_addr_t src,socklen_t * src_len,user_addr_t dst,socklen_t * dst_len,uint32_t * aux_type,user_addr_t aux_data,uint32_t * aux_len)4394 in6_getconninfo(struct socket *so, sae_connid_t cid, uint32_t *flags,
4395 uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len,
4396 user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type,
4397 user_addr_t aux_data, uint32_t *aux_len)
4398 {
4399 struct in6pcb *in6p = sotoin6pcb(so);
4400 struct sockaddr_in6 sin6;
4401 struct ifnet *ifp = NULL;
4402 int error = 0;
4403 u_int32_t copy_len = 0;
4404
4405 /*
4406 * Don't test for INPCB_STATE_DEAD since this may be called
4407 * after SOF_PCBCLEARING is set, e.g. after tcp_close().
4408 */
4409 if (in6p == NULL) {
4410 error = EINVAL;
4411 goto out;
4412 }
4413
4414 if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != 1) {
4415 error = EINVAL;
4416 goto out;
4417 }
4418
4419 ifp = in6p->in6p_last_outifp;
4420 *ifindex = ((ifp != NULL) ? ifp->if_index : 0);
4421 *soerror = so->so_error;
4422 *flags = 0;
4423 if (so->so_state & SS_ISCONNECTED) {
4424 *flags |= (CIF_CONNECTED | CIF_PREFERRED);
4425 }
4426 if (in6p->in6p_flags & INP_BOUND_IF) {
4427 *flags |= CIF_BOUND_IF;
4428 }
4429 if (!(in6p->in6p_flags & INP_IN6ADDR_ANY)) {
4430 *flags |= CIF_BOUND_IP;
4431 }
4432 if (!(in6p->in6p_flags & INP_ANONPORT)) {
4433 *flags |= CIF_BOUND_PORT;
4434 }
4435
4436 bzero(&sin6, sizeof(sin6));
4437 sin6.sin6_len = sizeof(sin6);
4438 sin6.sin6_family = AF_INET6;
4439
4440 /* source address and port */
4441 sin6.sin6_port = in6p->in6p_lport;
4442 if (!in6_embedded_scope) {
4443 sin6.sin6_scope_id = in6p->inp_lifscope;
4444 }
4445 in6_recoverscope(&sin6, &in6p->in6p_laddr, NULL);
4446 if (*src_len == 0) {
4447 *src_len = sin6.sin6_len;
4448 } else {
4449 if (src != USER_ADDR_NULL) {
4450 copy_len = min(*src_len, sizeof(sin6));
4451 error = copyout(&sin6, src, copy_len);
4452 if (error != 0) {
4453 goto out;
4454 }
4455 *src_len = copy_len;
4456 }
4457 }
4458
4459 /* destination address and port */
4460 sin6.sin6_port = in6p->in6p_fport;
4461 if (!in6_embedded_scope) {
4462 sin6.sin6_scope_id = in6p->inp_fifscope;
4463 }
4464 in6_recoverscope(&sin6, &in6p->in6p_faddr, NULL);
4465 if (*dst_len == 0) {
4466 *dst_len = sin6.sin6_len;
4467 } else {
4468 if (dst != USER_ADDR_NULL) {
4469 copy_len = min(*dst_len, sizeof(sin6));
4470 error = copyout(&sin6, dst, copy_len);
4471 if (error != 0) {
4472 goto out;
4473 }
4474 *dst_len = copy_len;
4475 }
4476 }
4477
4478 if (SOCK_PROTO(so) == IPPROTO_TCP) {
4479 struct conninfo_tcp tcp_ci;
4480
4481 *aux_type = CIAUX_TCP;
4482 if (*aux_len == 0) {
4483 *aux_len = sizeof(tcp_ci);
4484 } else {
4485 if (aux_data != USER_ADDR_NULL) {
4486 copy_len = min(*aux_len, sizeof(tcp_ci));
4487 bzero(&tcp_ci, sizeof(tcp_ci));
4488 tcp_getconninfo(so, &tcp_ci);
4489 error = copyout(&tcp_ci, aux_data, copy_len);
4490 if (error != 0) {
4491 goto out;
4492 }
4493 *aux_len = copy_len;
4494 }
4495 }
4496 } else {
4497 *aux_type = 0;
4498 *aux_len = 0;
4499 }
4500
4501 out:
4502 return error;
4503 }
4504
4505 /*
4506 * 'u' group ioctls.
4507 *
4508 * The switch statement below does nothing at runtime, as it serves as a
4509 * compile time check to ensure that all of the socket 'u' ioctls (those
4510 * in the 'u' group going thru soo_ioctl) that are made available by the
4511 * networking stack is unique. This works as long as this routine gets
4512 * updated each time a new interface ioctl gets added.
4513 *
4514 * Any failures at compile time indicates duplicated ioctl values.
4515 */
4516 static __attribute__((unused)) void
in6ioctl_cassert(void)4517 in6ioctl_cassert(void)
4518 {
4519 /*
4520 * This is equivalent to _CASSERT() and the compiler wouldn't
4521 * generate any instructions, thus for compile time only.
4522 */
4523 switch ((u_long)0) {
4524 case 0:
4525
4526 /* bsd/netinet6/in6_var.h */
4527 case SIOCAADDRCTL_POLICY:
4528 case SIOCDADDRCTL_POLICY:
4529 case SIOCDRADD_IN6_32:
4530 case SIOCDRADD_IN6_64:
4531 case SIOCDRDEL_IN6_32:
4532 case SIOCDRDEL_IN6_64:
4533 ;
4534 }
4535 }
4536
4537 struct in6_llentry {
4538 struct llentry base;
4539 };
4540
4541 #define IN6_LLTBL_DEFAULT_HSIZE 32
4542 #define IN6_LLTBL_HASH(k, h) \
4543 ((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
4544
4545 /*
4546 * Do actual deallocation of @lle.
4547 */
4548 static void
in6_lltable_destroy_lle_unlocked(struct llentry * lle)4549 in6_lltable_destroy_lle_unlocked(struct llentry *lle)
4550 {
4551 LLE_LOCK_DESTROY(lle);
4552 LLE_REQ_DESTROY(lle);
4553 struct in6_llentry *in_lle = (struct in6_llentry *)lle;
4554 kfree_type(struct in6_llentry, in_lle);
4555 }
4556
4557 /*
4558 * Called by LLE_FREE_LOCKED when number of references
4559 * drops to zero.
4560 */
4561 static void
in6_lltable_destroy_lle(struct llentry * lle)4562 in6_lltable_destroy_lle(struct llentry *lle)
4563 {
4564 LLE_WUNLOCK(lle);
4565 /* XXX TBD */
4566 //thread_call_free(lle->lle_timer);
4567 in6_lltable_destroy_lle_unlocked(lle);
4568 }
4569
4570
4571 static struct llentry *
in6_lltable_new(const struct in6_addr * addr6,uint16_t flags)4572 in6_lltable_new(const struct in6_addr *addr6, uint16_t flags)
4573 {
4574 #pragma unused(flags)
4575 struct in6_llentry *lle;
4576
4577 lle = kalloc_type(struct in6_llentry, Z_NOWAIT | Z_ZERO);
4578 if (lle == NULL) { /* NB: caller generates msg */
4579 return NULL;
4580 }
4581
4582 lle->base.r_l3addr.addr6 = *addr6;
4583 lle->base.lle_refcnt = 1;
4584 lle->base.lle_free = in6_lltable_destroy_lle;
4585 LLE_LOCK_INIT(&lle->base);
4586 LLE_REQ_INIT(&lle->base);
4587 #if 0
4588 /* XXX TBD */
4589 lle->base.lle_timer = thread_call_allocate(nd6_llinfo_timer, lle);
4590
4591 if (lle->base.lle_timer == NULL) {
4592 printf("lle_timer thread call could not be allocated.\n");
4593 LLE_LOCK_DESTROY(&lle->base);
4594 LLE_REQ_DESTROY(&lle->base);
4595 kfree_type(struct in6_llentry, lle);
4596 return NULL;
4597 }
4598 #endif
4599 return &lle->base;
4600 }
4601
4602 static int
in6_lltable_match_prefix(const struct sockaddr * saddr,const struct sockaddr * smask,uint16_t flags,struct llentry * lle)4603 in6_lltable_match_prefix(const struct sockaddr *saddr,
4604 const struct sockaddr *smask, uint16_t flags, struct llentry *lle)
4605 {
4606 const struct in6_addr *addr, *mask, *lle_addr;
4607
4608 addr = &((const struct sockaddr_in6 *)(const void *)saddr)->sin6_addr;
4609 mask = &((const struct sockaddr_in6 *)(const void *)smask)->sin6_addr;
4610 lle_addr = &lle->r_l3addr.addr6;
4611 uint32_t lle_addr_ifscope = lle->lle_tbl->llt_ifp->if_index;
4612 uint32_t addr_ifscope = ((const struct sockaddr_in6 *)(const void *)saddr)->sin6_scope_id;
4613
4614 if (in6_are_masked_addr_scope_equal(lle_addr, lle_addr_ifscope, addr, addr_ifscope, mask) == 0) {
4615 return 0;
4616 }
4617
4618 if (lle->la_flags & LLE_IFADDR) {
4619 /*
4620 * Delete LLE_IFADDR records IFF address & flag matches.
4621 * Note that addr is the interface address within prefix
4622 * being matched.
4623 */
4624 if (in6_are_addr_equal_scoped(addr, lle_addr, addr_ifscope, lle_addr_ifscope) &&
4625 (flags & LLE_STATIC) != 0) {
4626 return 1;
4627 }
4628 return 0;
4629 }
4630
4631 /* flags & LLE_STATIC means deleting both dynamic and static entries */
4632 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) {
4633 return 1;
4634 }
4635
4636 return 0;
4637 }
4638
4639 static void
in6_lltable_free_entry(struct lltable * llt,struct llentry * lle)4640 in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
4641 {
4642 struct ifnet *ifp;
4643
4644 LLE_WLOCK_ASSERT(lle);
4645 KASSERT(llt != NULL, ("lltable is NULL"));
4646
4647 /* Unlink entry from table */
4648 if ((lle->la_flags & LLE_LINKED) != 0) {
4649 ifp = llt->llt_ifp;
4650 if_afdata_wlock_assert(ifp, llt->llt_af);
4651 lltable_unlink_entry(llt, lle);
4652 }
4653
4654 #if 0
4655 /* XXX TBD */
4656 if (thread_call_cancel(lle->lle_timer) == TRUE) {
4657 LLE_REMREF(lle);
4658 }
4659 #endif
4660 llentry_free(lle);
4661 }
4662
4663 static int
in6_lltable_rtcheck(struct ifnet * ifp,uint16_t flags,const struct sockaddr * l3addr)4664 in6_lltable_rtcheck(struct ifnet *ifp,
4665 uint16_t flags, const struct sockaddr *l3addr)
4666 {
4667 #pragma unused(flags)
4668 struct rtentry *rt;
4669
4670 KASSERT(l3addr->sa_family == AF_INET6,
4671 ("sin_family %d", l3addr->sa_family));
4672 /* XXX rtalloc1 should take a const param */
4673 rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0);
4674 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
4675 struct ifaddr *ifa;
4676 /*
4677 * Create an ND6 cache for an IPv6 neighbor
4678 * that is not covered by our own prefix.
4679 */
4680 /* XXX ifaof_ifpforaddr should take a const param */
4681 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
4682 if (ifa != NULL) {
4683 IFA_REMREF(ifa);
4684 if (rt != NULL) {
4685 rtfree(rt);
4686 }
4687 return 0;
4688 }
4689 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
4690 ip6_sprintf(&((const struct sockaddr_in6 *)(const void *)l3addr)->sin6_addr));
4691 if (rt != NULL) {
4692 rtfree(rt);
4693 }
4694 return EINVAL;
4695 }
4696 rtfree(rt);
4697 return 0;
4698 }
4699
4700 static inline uint32_t
in6_lltable_hash_dst(const struct in6_addr * dst,uint32_t hsize)4701 in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
4702 {
4703 return IN6_LLTBL_HASH(dst->s6_addr32[3], hsize);
4704 }
4705
4706 static uint32_t
in6_lltable_hash(const struct llentry * lle,uint32_t hsize)4707 in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
4708 {
4709 return in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize);
4710 }
4711
4712 static void
in6_lltable_fill_sa_entry(const struct llentry * lle,struct sockaddr * sa)4713 in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
4714 {
4715 struct sockaddr_in6 *sin6;
4716
4717 sin6 = (struct sockaddr_in6 *)(void *)sa;
4718 bzero(sin6, sizeof(*sin6));
4719 sin6->sin6_family = AF_INET6;
4720 sin6->sin6_len = sizeof(*sin6);
4721 sin6->sin6_addr = lle->r_l3addr.addr6;
4722 }
4723
4724 static inline struct llentry *
in6_lltable_find_dst(struct lltable * llt,const struct in6_addr * dst)4725 in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
4726 {
4727 struct llentry *lle;
4728 struct llentries *lleh;
4729 u_int hashidx;
4730
4731 hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
4732 lleh = &llt->lle_head[hashidx];
4733 LIST_FOREACH(lle, lleh, lle_next) {
4734 if (lle->la_flags & LLE_DELETED) {
4735 continue;
4736 }
4737 if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst)) {
4738 break;
4739 }
4740 }
4741
4742 return lle;
4743 }
4744
4745 static void
in6_lltable_delete_entry(struct lltable * llt,struct llentry * lle)4746 in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
4747 {
4748 #pragma unused(llt)
4749 lle->la_flags |= LLE_DELETED;
4750 EVENTHANDLER_INVOKE(NULL, lle_event, lle, LLENTRY_DELETED);
4751 #ifdef DIAGNOSTIC
4752 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
4753 #endif
4754 llentry_free(lle);
4755 }
4756
4757 static struct llentry *
in6_lltable_alloc(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)4758 in6_lltable_alloc(struct lltable *llt, uint16_t flags,
4759 const struct sockaddr *l3addr)
4760 {
4761 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4762 struct ifnet *ifp = llt->llt_ifp;
4763 struct llentry *lle;
4764
4765 KASSERT(l3addr->sa_family == AF_INET6,
4766 ("sin_family %d", l3addr->sa_family));
4767
4768 /*
4769 * A route that covers the given address must have
4770 * been installed 1st because we are doing a resolution,
4771 * verify this.
4772 */
4773 if (!(flags & LLE_IFADDR) &&
4774 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) {
4775 return NULL;
4776 }
4777
4778 lle = in6_lltable_new(&sin6->sin6_addr, flags);
4779 if (lle == NULL) {
4780 log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
4781 return NULL;
4782 }
4783 lle->la_flags = (uint16_t)flags;
4784 if ((flags & LLE_IFADDR) == LLE_IFADDR) {
4785 lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
4786 lle->la_flags |= LLE_STATIC;
4787 }
4788
4789 if ((lle->la_flags & LLE_STATIC) != 0) {
4790 lle->ln_state = ND6_LLINFO_REACHABLE;
4791 }
4792
4793 return lle;
4794 }
4795
4796 static struct llentry *
in6_lltable_lookup(struct lltable * llt,uint16_t flags,const struct sockaddr * l3addr)4797 in6_lltable_lookup(struct lltable *llt, uint16_t flags,
4798 const struct sockaddr *l3addr)
4799 {
4800 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4801 struct llentry *lle;
4802
4803 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp, llt->llt_af);
4804 KASSERT(l3addr->sa_family == AF_INET6,
4805 ("sin_family %d", l3addr->sa_family));
4806
4807 lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
4808
4809 if (lle == NULL) {
4810 return NULL;
4811 }
4812
4813 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
4814 (LLE_UNLOCKED | LLE_EXCLUSIVE), ("wrong lle request flags: 0x%X",
4815 flags));
4816
4817 if (flags & LLE_UNLOCKED) {
4818 return lle;
4819 }
4820
4821 if (flags & LLE_EXCLUSIVE) {
4822 LLE_WLOCK(lle);
4823 } else {
4824 LLE_RLOCK(lle);
4825 }
4826 return lle;
4827 }
4828
4829 static int
in6_lltable_dump_entry(struct lltable * llt,struct llentry * lle,struct sysctl_req * wr)4830 in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
4831 struct sysctl_req *wr)
4832 {
4833 struct ifnet *ifp = llt->llt_ifp;
4834 /* XXX stack use */
4835 struct {
4836 struct rt_msghdr rtm;
4837 struct sockaddr_in6 sin6;
4838 /*
4839 * ndp.c assumes that sdl is word aligned
4840 */
4841 #ifdef __LP64__
4842 uint32_t pad;
4843 #endif
4844 struct sockaddr_dl sdl;
4845 } ndpc;
4846 struct sockaddr_dl *sdl;
4847 int error;
4848
4849 bzero(&ndpc, sizeof(ndpc));
4850 /* skip deleted entries */
4851 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) {
4852 return 0;
4853 }
4854 /* Skip if jailed and not a valid IP of the prison. */
4855 lltable_fill_sa_entry(lle,
4856 (struct sockaddr *)&ndpc.sin6);
4857 /*
4858 * produce a msg made of:
4859 * struct rt_msghdr;
4860 * struct sockaddr_in6 (IPv6)
4861 * struct sockaddr_dl;
4862 */
4863 ndpc.rtm.rtm_msglen = sizeof(ndpc);
4864 ndpc.rtm.rtm_version = RTM_VERSION;
4865 ndpc.rtm.rtm_type = RTM_GET;
4866 ndpc.rtm.rtm_flags = RTF_UP;
4867 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
4868
4869 /* publish */
4870 if (lle->la_flags & LLE_PUB) {
4871 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
4872 }
4873 sdl = &ndpc.sdl;
4874 sdl->sdl_family = AF_LINK;
4875 sdl->sdl_len = sizeof(*sdl);
4876 sdl->sdl_index = ifp->if_index;
4877 sdl->sdl_type = ifp->if_type;
4878 if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
4879 sdl->sdl_alen = ifp->if_addrlen;
4880 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
4881 } else {
4882 sdl->sdl_alen = 0;
4883 bzero(LLADDR(sdl), ifp->if_addrlen);
4884 }
4885 if (lle->la_expire != 0) {
4886 clock_sec_t secs;
4887 clock_usec_t usecs;
4888
4889 clock_get_calendar_microtime(&secs, &usecs);
4890 ndpc.rtm.rtm_rmx.rmx_expire = (int32_t)(lle->la_expire +
4891 lle->lle_remtime / hz +
4892 secs - net_uptime());
4893 }
4894 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
4895 if (lle->la_flags & LLE_STATIC) {
4896 ndpc.rtm.rtm_flags |= RTF_STATIC;
4897 }
4898 if (lle->la_flags & LLE_IFADDR) {
4899 ndpc.rtm.rtm_flags |= RTF_PINNED;
4900 }
4901 if (lle->ln_router != 0) {
4902 ndpc.rtm.rtm_flags |= RTF_GATEWAY;
4903 }
4904 ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
4905 /* Store state in rmx_weight value */
4906 ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
4907 ndpc.rtm.rtm_index = ifp->if_index;
4908 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
4909
4910 return error;
4911 }
4912
4913 struct lltable *
in6_lltattach(struct ifnet * ifp)4914 in6_lltattach(struct ifnet *ifp)
4915 {
4916 struct lltable *llt;
4917
4918 llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
4919 llt->llt_af = AF_INET6;
4920 llt->llt_ifp = ifp;
4921
4922 llt->llt_lookup = in6_lltable_lookup;
4923 llt->llt_alloc_entry = in6_lltable_alloc;
4924 llt->llt_delete_entry = in6_lltable_delete_entry;
4925 llt->llt_dump_entry = in6_lltable_dump_entry;
4926 llt->llt_hash = in6_lltable_hash;
4927 llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
4928 llt->llt_free_entry = in6_lltable_free_entry;
4929 llt->llt_match_prefix = in6_lltable_match_prefix;
4930 lltable_link(llt);
4931
4932 return llt;
4933 }
4934
4935 void
in6_ip6_to_sockaddr(const struct in6_addr * ip6,u_int16_t port,uint32_t ifscope,struct sockaddr_in6 * sin6,u_int32_t maxlen)4936 in6_ip6_to_sockaddr(const struct in6_addr *ip6, u_int16_t port, uint32_t ifscope,
4937 struct sockaddr_in6 *sin6, u_int32_t maxlen)
4938 {
4939 if (maxlen < sizeof(struct sockaddr_in6)) {
4940 return;
4941 }
4942
4943 *sin6 = (struct sockaddr_in6) {
4944 .sin6_family = AF_INET6,
4945 .sin6_len = sizeof(*sin6),
4946 .sin6_port = port,
4947 .sin6_addr = *ip6,
4948 .sin6_scope_id = IN6_IS_SCOPE_EMBED(ip6) ? ifscope : IFSCOPE_NONE,
4949 };
4950
4951 if (IN6_IS_SCOPE_EMBED(&sin6->sin6_addr)) {
4952 in6_verify_ifscope(&sin6->sin6_addr, ifscope);
4953 if (in6_embedded_scope) {
4954 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
4955 sin6->sin6_addr.s6_addr16[1] = 0;
4956 }
4957 }
4958 }
4959
4960 /* IPv6 events */
4961 struct in6_event {
4962 in6_evhdlr_code_t in6_event_code;
4963 struct ifnet *in6_ifp;
4964 struct in6_addr in6_address;
4965 uint32_t val;
4966 };
4967
4968 struct in6_event2kev in6_event2kev_array[IN6_EVENT_MAX] = {
4969 {
4970 .in6_event_code = IN6_ADDR_MARKED_DUPLICATED,
4971 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4972 .in6_event_kev_code = KEV_ND6_DAD_FAILURE,
4973 .in6_event_str = "IN6_ADDR_MARKED_DUPLICATED",
4974 },
4975 {
4976 .in6_event_code = IN6_ADDR_MARKED_DETACHED,
4977 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4978 .in6_event_kev_code = KEV_ND6_ADDR_DETACHED,
4979 .in6_event_str = "IN6_ADDR_MARKED_DETACHED",
4980 },
4981 {
4982 .in6_event_code = IN6_ADDR_MARKED_DEPRECATED,
4983 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4984 .in6_event_kev_code = KEV_ND6_ADDR_DEPRECATED,
4985 .in6_event_str = "IN6_ADDR_MARKED_DEPRECATED",
4986 },
4987 {
4988 .in6_event_code = IN6_NDP_RTR_EXPIRY,
4989 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4990 .in6_event_kev_code = KEV_ND6_RTR_EXPIRED,
4991 .in6_event_str = "IN6_NDP_RTR_EXPIRY",
4992 },
4993 {
4994 .in6_event_code = IN6_NDP_PFX_EXPIRY,
4995 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4996 .in6_event_kev_code = KEV_ND6_PFX_EXPIRED,
4997 .in6_event_str = "IN6_NDP_PFX_EXPIRY",
4998 },
4999 {
5000 .in6_event_code = IN6_NDP_ADDR_EXPIRY,
5001 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
5002 .in6_event_kev_code = KEV_ND6_ADDR_EXPIRED,
5003 .in6_event_str = "IN6_NDP_ADDR_EXPIRY",
5004 },
5005 };
5006
5007 void
in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,in6_evhdlr_code_t in6_ev_code,struct ifnet * ifp,struct in6_addr * p_addr6,uint32_t val)5008 in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,
5009 in6_evhdlr_code_t in6_ev_code, struct ifnet *ifp,
5010 struct in6_addr *p_addr6, uint32_t val)
5011 {
5012 struct kev_msg ev_msg;
5013 struct kev_nd6_event nd6_event;
5014
5015 bzero(&ev_msg, sizeof(ev_msg));
5016 bzero(&nd6_event, sizeof(nd6_event));
5017
5018 nd6log0(info, "%s Event %s received for %s\n",
5019 __func__, in6_event2kev_array[in6_ev_code].in6_event_str,
5020 ip6_sprintf(p_addr6));
5021
5022 ev_msg.vendor_code = KEV_VENDOR_APPLE;
5023 ev_msg.kev_class = KEV_NETWORK_CLASS;
5024 ev_msg.kev_subclass =
5025 in6_event2kev_array[in6_ev_code].in6_event_kev_subclass;
5026 ev_msg.event_code =
5027 in6_event2kev_array[in6_ev_code].in6_event_kev_code;
5028
5029 nd6_event.link_data.if_family = ifp->if_family;
5030 nd6_event.link_data.if_unit = ifp->if_unit;
5031 strlcpy(nd6_event.link_data.if_name, ifp->if_name,
5032 sizeof(nd6_event.link_data.if_name));
5033
5034 VERIFY(p_addr6 != NULL);
5035 bcopy(p_addr6, &nd6_event.in6_address,
5036 sizeof(nd6_event.in6_address));
5037 nd6_event.val = val;
5038
5039 ev_msg.dv[0].data_ptr = &nd6_event;
5040 ev_msg.dv[0].data_length = sizeof(nd6_event);
5041
5042 kev_post_msg(&ev_msg);
5043 }
5044
5045 struct in6_event_nwk_wq_entry {
5046 struct nwk_wq_entry nwk_wqe;
5047 struct in6_event in6_ev_arg;
5048 };
5049
5050 static void
in6_event_callback(struct nwk_wq_entry * nwk_item)5051 in6_event_callback(struct nwk_wq_entry *nwk_item)
5052 {
5053 struct in6_event_nwk_wq_entry *p_ev;
5054
5055 p_ev = __container_of(nwk_item, struct in6_event_nwk_wq_entry, nwk_wqe);
5056
5057 EVENTHANDLER_INVOKE(&in6_evhdlr_ctxt, in6_event,
5058 p_ev->in6_ev_arg.in6_event_code, p_ev->in6_ev_arg.in6_ifp,
5059 &p_ev->in6_ev_arg.in6_address, p_ev->in6_ev_arg.val);
5060
5061 kfree_type(struct in6_event_nwk_wq_entry, p_ev);
5062 }
5063
5064 void
in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,struct ifnet * ifp,struct in6_addr * p_addr6,uint32_t val)5065 in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,
5066 struct ifnet *ifp, struct in6_addr *p_addr6,
5067 uint32_t val)
5068 {
5069 struct in6_event_nwk_wq_entry *p_in6_ev = NULL;
5070
5071 p_in6_ev = kalloc_type(struct in6_event_nwk_wq_entry,
5072 Z_WAITOK | Z_ZERO | Z_NOFAIL);
5073
5074 p_in6_ev->nwk_wqe.func = in6_event_callback;
5075 p_in6_ev->in6_ev_arg.in6_event_code = in6_event_code;
5076 p_in6_ev->in6_ev_arg.in6_ifp = ifp;
5077 if (p_addr6 != NULL) {
5078 bcopy(p_addr6, &p_in6_ev->in6_ev_arg.in6_address,
5079 sizeof(p_in6_ev->in6_ev_arg.in6_address));
5080 }
5081 p_in6_ev->in6_ev_arg.val = val;
5082
5083 nwk_wq_enqueue(&p_in6_ev->nwk_wqe);
5084 }
5085
5086 /*
5087 * Caller must hold in6_ifaddr_rwlock as writer.
5088 */
5089 static void
in6_iahash_remove(struct in6_ifaddr * ia)5090 in6_iahash_remove(struct in6_ifaddr *ia)
5091 {
5092 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5093 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5094
5095 if (!IA6_IS_HASHED(ia)) {
5096 panic("%s: attempt to remove wrong ia %p from ipv6 hash table", __func__, ia);
5097 /* NOTREACHED */
5098 }
5099 TAILQ_REMOVE(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
5100 IA6_HASH_INIT(ia);
5101 if (IFA_REMREF_LOCKED(&ia->ia_ifa) == NULL) {
5102 panic("%s: unexpected (missing) refcnt ifa=%p", __func__,
5103 &ia->ia_ifa);
5104 /* NOTREACHED */
5105 }
5106 }
5107
5108 /*
5109 * Caller must hold in6_ifaddr_rwlock as writer.
5110 */
5111 static void
in6_iahash_insert(struct in6_ifaddr * ia)5112 in6_iahash_insert(struct in6_ifaddr *ia)
5113 {
5114 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5115 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5116
5117 if (ia->ia_addr.sin6_family != AF_INET6) {
5118 panic("%s: attempt to insert wrong ia %p into hash table", __func__, ia);
5119 /* NOTREACHED */
5120 } else if (IA6_IS_HASHED(ia)) {
5121 panic("%s: attempt to double-insert ia %p into hash table", __func__, ia);
5122 /* NOTREACHED */
5123 }
5124 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5125 ia, ia6_hash);
5126 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5127 }
5128
5129 /*
5130 * Some point to point interfaces that are tunnels borrow the address from
5131 * an underlying interface (e.g. VPN server). In order for source address
5132 * selection logic to find the underlying interface first, we add the address
5133 * of borrowing point to point interfaces at the end of the list.
5134 * (see rdar://6733789)
5135 *
5136 * Caller must hold in6_ifaddr_rwlock as writer.
5137 */
5138 static void
in6_iahash_insert_ptp(struct in6_ifaddr * ia)5139 in6_iahash_insert_ptp(struct in6_ifaddr *ia)
5140 {
5141 struct in6_ifaddr *tmp_ifa;
5142 struct ifnet *tmp_ifp;
5143
5144 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5145 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5146
5147 if (ia->ia_addr.sin6_family != AF_INET6) {
5148 panic("%s: attempt to insert wrong ia %p into hash table", __func__, ia);
5149 /* NOTREACHED */
5150 } else if (IA6_IS_HASHED(ia)) {
5151 panic("%s: attempt to double-insert ia %p into hash table", __func__, ia);
5152 /* NOTREACHED */
5153 }
5154 IFA_UNLOCK(&ia->ia_ifa);
5155 TAILQ_FOREACH(tmp_ifa, IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia6_hash) {
5156 IFA_LOCK(&tmp_ifa->ia_ifa);
5157 /* ia->ia_addr won't change, so check without lock */
5158 if (in6_are_addr_equal_scoped(&tmp_ifa->ia_addr.sin6_addr, &ia->ia_addr.sin6_addr, tmp_ifa->ia_addr.sin6_scope_id, ia->ia_addr.sin6_scope_id)) {
5159 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5160 break;
5161 }
5162 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5163 }
5164 tmp_ifp = (tmp_ifa == NULL) ? NULL : tmp_ifa->ia_ifp;
5165
5166 IFA_LOCK(&ia->ia_ifa);
5167 if (tmp_ifp == NULL) {
5168 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5169 ia, ia6_hash);
5170 } else {
5171 TAILQ_INSERT_TAIL(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5172 ia, ia6_hash);
5173 }
5174 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5175 }
5176