1 /*
2 * Copyright (c) 1999-2018 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <kern/locks.h>
30 #include <kern/zalloc.h>
31
32 #include <sys/types.h>
33 #include <sys/kernel_types.h>
34 #include <sys/kauth.h>
35 #include <sys/socket.h>
36 #include <sys/socketvar.h>
37 #include <sys/sockio.h>
38 #include <sys/sysctl.h>
39 #include <sys/proc.h>
40
41 #include <net/if.h>
42 #include <net/if_var.h>
43 #include <net/if_types.h>
44 #include <net/bpf.h>
45 #include <net/net_osdep.h>
46 #include <net/pktap.h>
47 #include <net/iptap.h>
48
49 #include <netinet/in_pcb.h>
50 #include <netinet/tcp.h>
51 #include <netinet/tcp_var.h>
52 #define _IP_VHL
53 #include <netinet/ip.h>
54 #include <netinet/ip_var.h>
55 #include <netinet/udp.h>
56 #include <netinet/udp_var.h>
57
58 #include <netinet/ip6.h>
59 #include <netinet6/in6_pcb.h>
60
61 #include <netinet/kpi_ipfilter.h>
62
63 #include <libkern/OSAtomic.h>
64
65 #include <kern/debug.h>
66
67 #include <sys/mcache.h>
68
69 #include <string.h>
70
71 struct iptap_softc {
72 LIST_ENTRY(iptap_softc) iptap_link;
73 uint32_t iptap_unit;
74 uint32_t iptap_dlt_raw_count;
75 uint32_t iptap_dlt_pkttap_count;
76 struct ifnet *iptap_ifp;
77 };
78
79 static LIST_HEAD(iptap_list, iptap_softc) iptap_list = LIST_HEAD_INITIALIZER(iptap_list);
80
81 static void iptap_lock_shared(void);
82 static void iptap_lock_exclusive(void);
83 static void iptap_lock_done(void);
84
85 static LCK_GRP_DECLARE(iptap_grp, "IPTAP_IFNAME");
86 static LCK_RW_DECLARE(iptap_lck_rw, &iptap_grp);
87
88 errno_t iptap_if_output(ifnet_t, mbuf_t);
89 errno_t iptap_demux(ifnet_t, mbuf_t, char *, protocol_family_t *);
90 errno_t iptap_add_proto(ifnet_t, protocol_family_t, const struct ifnet_demux_desc *,
91 u_int32_t);
92 errno_t iptap_del_proto(ifnet_t, protocol_family_t);
93 errno_t iptap_getdrvspec(ifnet_t, struct ifdrv64 *);
94 errno_t iptap_ioctl(ifnet_t, unsigned long, void *);
95 void iptap_detach(ifnet_t);
96 errno_t iptap_tap_callback(ifnet_t, u_int32_t, bpf_tap_mode );
97 int iptap_clone_create(struct if_clone *, u_int32_t, void *);
98 int iptap_clone_destroy(struct ifnet *);
99
100 static int iptap_ipf_register(void);
101 static int iptap_ipf_unregister(void);
102 static errno_t iptap_ipf_input(void *, mbuf_t *, int, u_int8_t);
103 static errno_t iptap_ipf_output(void *, mbuf_t *, ipf_pktopts_t);
104 static void iptap_ipf_detach(void *);
105
106 static ipfilter_t iptap_ipf4, iptap_ipf6;
107
108 void iptap_bpf_tap(struct mbuf *m, u_int32_t proto, int outgoing);
109
110 #define IPTAP_MAXUNIT IF_MAXUNIT
111 #define IPTAP_ZONE_MAX_ELEM MIN(IFNETS_MAX, IPTAP_MAXUNIT)
112
113 static struct if_clone iptap_cloner =
114 IF_CLONE_INITIALIZER(IPTAP_IFNAME,
115 iptap_clone_create,
116 iptap_clone_destroy,
117 0,
118 IPTAP_MAXUNIT,
119 IPTAP_ZONE_MAX_ELEM,
120 sizeof(struct iptap_softc));
121
122 SYSCTL_DECL(_net_link);
123 SYSCTL_NODE(_net_link, OID_AUTO, iptap, CTLFLAG_RW | CTLFLAG_LOCKED, 0,
124 "iptap virtual interface");
125
126 static int iptap_total_tap_count = 0;
127 SYSCTL_INT(_net_link_iptap, OID_AUTO, total_tap_count, CTLFLAG_RD | CTLFLAG_LOCKED,
128 &iptap_total_tap_count, 0, "");
129
130 static int iptap_log = 0;
131 SYSCTL_INT(_net_link_iptap, OID_AUTO, log, CTLFLAG_RW | CTLFLAG_LOCKED,
132 &iptap_log, 0, "");
133
134 #define IPTAP_LOG(fmt, ...) \
135 do { \
136 if ((iptap_log)) \
137 printf("%s:%d " fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__); \
138 } while(false)
139
140 __private_extern__ void
iptap_init(void)141 iptap_init(void)
142 {
143 errno_t error;
144
145 error = if_clone_attach(&iptap_cloner);
146 if (error != 0) {
147 panic("%s: if_clone_attach() failed, error %d", __func__, error);
148 }
149 }
150
151 static void
iptap_lock_shared(void)152 iptap_lock_shared(void)
153 {
154 lck_rw_lock_shared(&iptap_lck_rw);
155 }
156
157 static void
iptap_lock_exclusive(void)158 iptap_lock_exclusive(void)
159 {
160 lck_rw_lock_exclusive(&iptap_lck_rw);
161 }
162
163 static void
iptap_lock_done(void)164 iptap_lock_done(void)
165 {
166 lck_rw_done(&iptap_lck_rw);
167 }
168
169 __private_extern__ int
iptap_clone_create(struct if_clone * ifc,u_int32_t unit,void * params)170 iptap_clone_create(struct if_clone *ifc, u_int32_t unit, void *params)
171 {
172 #pragma unused(params)
173
174 int error = 0;
175 struct iptap_softc *iptap = NULL;
176 struct ifnet_init_eparams if_init;
177
178 iptap = if_clone_softc_allocate(&iptap_cloner);
179 iptap->iptap_unit = unit;
180
181 /*
182 * We do not use a set_bpf_tap() function as we rather rely on the more
183 * accurate callback passed to bpf_attach()
184 */
185 bzero(&if_init, sizeof(if_init));
186 if_init.ver = IFNET_INIT_CURRENT_VERSION;
187 if_init.len = sizeof(if_init);
188 if_init.flags = IFNET_INIT_LEGACY;
189 if_init.name = ifc->ifc_name;
190 if_init.unit = unit;
191 if_init.type = IFT_OTHER;
192 if_init.family = IFNET_FAMILY_LOOPBACK;
193 if_init.output = iptap_if_output;
194 if_init.demux = iptap_demux;
195 if_init.add_proto = iptap_add_proto;
196 if_init.del_proto = iptap_del_proto;
197 if_init.softc = iptap;
198 if_init.ioctl = iptap_ioctl;
199 if_init.detach = iptap_detach;
200
201 error = ifnet_allocate_extended(&if_init, &iptap->iptap_ifp);
202 if (error != 0) {
203 printf("%s: ifnet_allocate failed, error %d\n", __func__, error);
204 goto done;
205 }
206
207 ifnet_set_flags(iptap->iptap_ifp, IFF_UP, IFF_UP);
208
209 error = ifnet_attach(iptap->iptap_ifp, NULL);
210 if (error != 0) {
211 printf("%s: ifnet_attach failed - error %d\n", __func__, error);
212 ifnet_release(iptap->iptap_ifp);
213 goto done;
214 }
215
216 /*
217 * Attach by default as DLT_PKTAP for packet metadata
218 * Provide DLT_RAW for legacy
219 */
220 bpf_attach(iptap->iptap_ifp, DLT_PKTAP, sizeof(struct pktap_header), NULL,
221 iptap_tap_callback);
222 bpf_attach(iptap->iptap_ifp, DLT_RAW, 0, NULL,
223 iptap_tap_callback);
224
225 /* Take a reference and add to the global list */
226 ifnet_reference(iptap->iptap_ifp);
227
228 iptap_lock_exclusive();
229
230 if (LIST_EMPTY(&iptap_list)) {
231 iptap_ipf_register();
232 }
233 LIST_INSERT_HEAD(&iptap_list, iptap, iptap_link);
234 iptap_lock_done();
235 done:
236 if (error != 0) {
237 if (iptap != NULL) {
238 if_clone_softc_deallocate(&iptap_cloner, iptap);
239 }
240 }
241 return error;
242 }
243
244 __private_extern__ int
iptap_clone_destroy(struct ifnet * ifp)245 iptap_clone_destroy(struct ifnet *ifp)
246 {
247 int error = 0;
248
249 (void) ifnet_detach(ifp);
250
251 return error;
252 }
253
254 /*
255 * This function is called whenever a DLT is set on the interface:
256 * - When interface is attached to a BPF device via BIOCSETIF for the default DLT
257 * - Whenever a new DLT is selected via BIOCSDLT
258 * - When the interface is detached from a BPF device (direction is zero)
259 */
260 __private_extern__ errno_t
iptap_tap_callback(ifnet_t ifp,u_int32_t dlt,bpf_tap_mode direction)261 iptap_tap_callback(ifnet_t ifp, u_int32_t dlt, bpf_tap_mode direction)
262 {
263 struct iptap_softc *iptap;
264
265 iptap = ifp->if_softc;
266 if (iptap == NULL) {
267 printf("%s: if_softc is NULL for ifp %s\n", __func__,
268 ifp->if_xname);
269 goto done;
270 }
271 switch (dlt) {
272 case DLT_RAW:
273 if (direction == 0) {
274 if (iptap->iptap_dlt_raw_count > 0) {
275 iptap->iptap_dlt_raw_count--;
276 OSAddAtomic(-1, &iptap_total_tap_count);
277 }
278 } else {
279 iptap->iptap_dlt_raw_count++;
280 OSAddAtomic(1, &iptap_total_tap_count);
281 }
282 break;
283 case DLT_PKTAP:
284 if (direction == 0) {
285 if (iptap->iptap_dlt_pkttap_count > 0) {
286 iptap->iptap_dlt_pkttap_count--;
287 OSAddAtomic(-1, &iptap_total_tap_count);
288 }
289 } else {
290 iptap->iptap_dlt_pkttap_count++;
291 OSAddAtomic(1, &iptap_total_tap_count);
292 }
293 break;
294 }
295 done:
296 /*
297 * Attachements count must be positive and we're in trouble
298 * if we have more that 2**31 attachements
299 */
300 VERIFY(iptap_total_tap_count >= 0);
301
302 return 0;
303 }
304
305 __private_extern__ errno_t
iptap_if_output(ifnet_t ifp,mbuf_t m)306 iptap_if_output(ifnet_t ifp, mbuf_t m)
307 {
308 #pragma unused(ifp)
309
310 mbuf_freem(m);
311 return ENOTSUP;
312 }
313
314 __private_extern__ errno_t
iptap_demux(ifnet_t ifp,mbuf_t m,char * header,protocol_family_t * ppf)315 iptap_demux(ifnet_t ifp, mbuf_t m, char *header,
316 protocol_family_t *ppf)
317 {
318 #pragma unused(ifp)
319 #pragma unused(m)
320 #pragma unused(header)
321 #pragma unused(ppf)
322
323 return ENOTSUP;
324 }
325
326 __private_extern__ errno_t
iptap_add_proto(ifnet_t ifp,protocol_family_t pf,const struct ifnet_demux_desc * dmx,u_int32_t cnt)327 iptap_add_proto(ifnet_t ifp, protocol_family_t pf,
328 const struct ifnet_demux_desc *dmx, u_int32_t cnt)
329 {
330 #pragma unused(ifp)
331 #pragma unused(pf)
332 #pragma unused(dmx)
333 #pragma unused(cnt)
334
335 return 0;
336 }
337
338 __private_extern__ errno_t
iptap_del_proto(ifnet_t ifp,protocol_family_t pf)339 iptap_del_proto(ifnet_t ifp, protocol_family_t pf)
340 {
341 #pragma unused(ifp)
342 #pragma unused(pf)
343
344 return 0;
345 }
346
347 __private_extern__ errno_t
iptap_getdrvspec(ifnet_t ifp,struct ifdrv64 * ifd)348 iptap_getdrvspec(ifnet_t ifp, struct ifdrv64 *ifd)
349 {
350 errno_t error = 0;
351 struct iptap_softc *iptap;
352
353 iptap = ifp->if_softc;
354 if (iptap == NULL) {
355 error = ENOENT;
356 printf("%s: iptap NULL - error %d\n", __func__, error);
357 goto done;
358 }
359
360 switch (ifd->ifd_cmd) {
361 case PKTP_CMD_TAP_COUNT: {
362 uint32_t tap_count = iptap->iptap_dlt_raw_count + iptap->iptap_dlt_pkttap_count;
363
364 if (ifd->ifd_len < sizeof(tap_count)) {
365 printf("%s: PKTP_CMD_TAP_COUNT ifd_len %llu too small - error %d\n",
366 __func__, ifd->ifd_len, error);
367 error = EINVAL;
368 break;
369 }
370 error = copyout(&tap_count, ifd->ifd_data, sizeof(tap_count));
371 if (error) {
372 printf("%s: PKTP_CMD_TAP_COUNT copyout - error %d\n", __func__, error);
373 goto done;
374 }
375 break;
376 }
377 default:
378 error = EINVAL;
379 break;
380 }
381
382 done:
383 return error;
384 }
385
386 __private_extern__ errno_t
iptap_ioctl(ifnet_t ifp,unsigned long cmd,void * data)387 iptap_ioctl(ifnet_t ifp, unsigned long cmd, void *data)
388 {
389 errno_t error = 0;
390
391 if ((cmd & IOC_IN)) {
392 error = kauth_authorize_generic(kauth_cred_get(), KAUTH_GENERIC_ISSUSER);
393 if (error) {
394 goto done;
395 }
396 }
397
398 switch (cmd) {
399 case SIOCGDRVSPEC32: {
400 struct ifdrv64 ifd;
401 struct ifdrv32 *ifd32 = (struct ifdrv32 *)data;
402
403 memcpy(ifd.ifd_name, ifd32->ifd_name, sizeof(ifd.ifd_name));
404 ifd.ifd_cmd = ifd32->ifd_cmd;
405 ifd.ifd_len = ifd32->ifd_len;
406 ifd.ifd_data = ifd32->ifd_data;
407
408 error = iptap_getdrvspec(ifp, &ifd);
409
410 break;
411 }
412 case SIOCGDRVSPEC64: {
413 struct ifdrv64 *ifd64 = (struct ifdrv64 *)data;
414
415 error = iptap_getdrvspec(ifp, ifd64);
416
417 break;
418 }
419 default:
420 error = ENOTSUP;
421 break;
422 }
423 done:
424 return error;
425 }
426
427 __private_extern__ void
iptap_detach(ifnet_t ifp)428 iptap_detach(ifnet_t ifp)
429 {
430 struct iptap_softc *iptap = NULL;
431
432 iptap_lock_exclusive();
433
434 iptap = ifp->if_softc;
435 ifp->if_softc = NULL;
436 LIST_REMOVE(iptap, iptap_link);
437
438 if (LIST_EMPTY(&iptap_list)) {
439 iptap_ipf_unregister();
440 }
441
442 iptap_lock_done();
443
444 /* Drop reference as it's no more on the global list */
445 ifnet_release(ifp);
446 if_clone_softc_deallocate(&iptap_cloner, iptap);
447
448 /* This is for the reference taken by ifnet_attach() */
449 (void) ifnet_release(ifp);
450 }
451
452 static int
iptap_ipf_register(void)453 iptap_ipf_register(void)
454 {
455 struct ipf_filter iptap_ipfinit;
456 int err = 0;
457
458 IPTAP_LOG("\n");
459
460 bzero(&iptap_ipfinit, sizeof(iptap_ipfinit));
461 iptap_ipfinit.name = IPTAP_IFNAME;
462 iptap_ipfinit.cookie = &iptap_ipf4;
463 iptap_ipfinit.ipf_input = iptap_ipf_input;
464 iptap_ipfinit.ipf_output = iptap_ipf_output;
465 iptap_ipfinit.ipf_detach = iptap_ipf_detach;
466
467 err = ipf_addv4(&iptap_ipfinit, &iptap_ipf4);
468 if (err != 0) {
469 printf("%s: ipf_addv4 for %s0 failed - %d\n",
470 __func__, IPTAP_IFNAME, err);
471 goto done;
472 }
473
474 iptap_ipfinit.cookie = &iptap_ipf6;
475 err = ipf_addv6(&iptap_ipfinit, &iptap_ipf6);
476 if (err != 0) {
477 printf("%s: ipf_addv6 for %s0 failed - %d\n",
478 __func__, IPTAP_IFNAME, err);
479 (void) ipf_remove(iptap_ipf4);
480 iptap_ipf4 = NULL;
481 goto done;
482 }
483
484 done:
485 return err;
486 }
487
488 static int
iptap_ipf_unregister(void)489 iptap_ipf_unregister(void)
490 {
491 int err = 0;
492
493 IPTAP_LOG("\n");
494
495 if (iptap_ipf4 != NULL) {
496 err = ipf_remove(iptap_ipf4);
497 if (err != 0) {
498 printf("%s: ipf_remove (ipv4) for %s0 failed - %d\n",
499 __func__, IPTAP_IFNAME, err);
500 goto done;
501 }
502 iptap_ipf4 = NULL;
503 }
504
505 if (iptap_ipf6 != NULL) {
506 err = ipf_remove(iptap_ipf6);
507 if (err != 0) {
508 printf("%s: ipf_remove (ipv6) for %s0 failed - %d\n",
509 __func__, IPTAP_IFNAME, err);
510 goto done;
511 }
512 iptap_ipf6 = NULL;
513 }
514 done:
515 return err;
516 }
517
518 static errno_t
iptap_ipf_input(void * arg,mbuf_t * mp,int off,u_int8_t proto)519 iptap_ipf_input(void *arg, mbuf_t *mp, int off, u_int8_t proto)
520 {
521 #pragma unused(off)
522 #pragma unused(proto)
523
524 if (arg == (void *)&iptap_ipf4) {
525 iptap_bpf_tap(*mp, AF_INET, 0);
526 } else if (arg == (void *)&iptap_ipf6) {
527 iptap_bpf_tap(*mp, AF_INET6, 0);
528 } else {
529 IPTAP_LOG("%s:%d bad cookie 0x%llx &iptap_ipf4 0x%llx "
530 "&iptap_ipf6 0x%llx\n", __func__, __LINE__,
531 (uint64_t)VM_KERNEL_ADDRPERM(arg),
532 (uint64_t)VM_KERNEL_ADDRPERM(&iptap_ipf4),
533 (uint64_t)VM_KERNEL_ADDRPERM(&iptap_ipf6));
534 }
535
536 return 0;
537 }
538
539 static errno_t
iptap_ipf_output(void * arg,mbuf_t * mp,ipf_pktopts_t opt)540 iptap_ipf_output(void *arg, mbuf_t *mp, ipf_pktopts_t opt)
541 {
542 #pragma unused(opt)
543
544 if (arg == (void *)&iptap_ipf4) {
545 iptap_bpf_tap(*mp, AF_INET, 1);
546 } else if (arg == (void *)&iptap_ipf6) {
547 iptap_bpf_tap(*mp, AF_INET6, 1);
548 } else {
549 IPTAP_LOG("%s:%d bad cookie 0x%llx &iptap_ipf4 0x%llx "
550 "&iptap_ipf6 0x%llx\n", __func__, __LINE__,
551 (uint64_t)VM_KERNEL_ADDRPERM(arg),
552 (uint64_t)VM_KERNEL_ADDRPERM(&iptap_ipf4),
553 (uint64_t)VM_KERNEL_ADDRPERM(&iptap_ipf6));
554 }
555
556 return 0;
557 }
558
559 static void
iptap_ipf_detach(void * arg)560 iptap_ipf_detach(void *arg)
561 {
562 #pragma unused(arg)
563 }
564
565 __private_extern__ void
iptap_bpf_tap(struct mbuf * m,u_int32_t proto,int outgoing)566 iptap_bpf_tap(struct mbuf *m, u_int32_t proto, int outgoing)
567 {
568 struct iptap_softc *iptap;
569 void (*bpf_tap_func)(ifnet_t, u_int32_t, mbuf_t, void *, size_t ) =
570 outgoing ? bpf_tap_out : bpf_tap_in;
571 uint32_t src_scope_id = 0;
572 uint32_t dst_scope_id = 0;
573
574 if (proto == AF_INET6) {
575 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
576 /*
577 * Clear the embedded scope ID
578 */
579 if (in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
580 src_scope_id = ip6->ip6_src.s6_addr16[1];
581 ip6->ip6_src.s6_addr16[1] = 0;
582 }
583 if (in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
584 dst_scope_id = ip6->ip6_dst.s6_addr16[1];
585 ip6->ip6_dst.s6_addr16[1] = 0;
586 }
587 }
588
589 iptap_lock_shared();
590
591 LIST_FOREACH(iptap, &iptap_list, iptap_link) {
592 if (iptap->iptap_dlt_raw_count > 0) {
593 bpf_tap_func(iptap->iptap_ifp, DLT_RAW, m,
594 NULL, 0);
595 }
596 if (iptap->iptap_dlt_pkttap_count > 0) {
597 struct {
598 struct pktap_header hdr;
599 u_int32_t proto;
600 } hdr_buffer;
601 struct pktap_header *hdr = &hdr_buffer.hdr;
602 size_t hdr_size = sizeof(hdr_buffer);
603 struct ifnet *ifp = outgoing ? NULL : m->m_pkthdr.rcvif;
604
605 /* Verify the structure is packed */
606 _CASSERT(sizeof(hdr_buffer) == sizeof(struct pktap_header) + sizeof(u_int32_t));
607
608 bzero(hdr, sizeof(hdr_buffer));
609 hdr->pth_length = sizeof(struct pktap_header);
610 hdr->pth_type_next = PTH_TYPE_PACKET;
611 hdr->pth_dlt = DLT_NULL;
612 if (ifp != NULL) {
613 snprintf(hdr->pth_ifname, sizeof(hdr->pth_ifname), "%s",
614 ifp->if_xname);
615 }
616 hdr_buffer.proto = proto;
617 hdr->pth_flags = outgoing ? PTH_FLAG_DIR_OUT : PTH_FLAG_DIR_IN;
618 hdr->pth_protocol_family = proto;
619 hdr->pth_frame_pre_length = 0;
620 hdr->pth_frame_post_length = 0;
621 hdr->pth_iftype = ifp != NULL ? ifp->if_type : 0;
622 hdr->pth_ifunit = ifp != NULL ? ifp->if_unit : 0;
623
624 pktap_fill_proc_info(hdr, proto, m, 0, outgoing, ifp);
625
626 hdr->pth_svc = so_svc2tc(m->m_pkthdr.pkt_svc);
627
628 bpf_tap_func(iptap->iptap_ifp, DLT_PKTAP, m, hdr, hdr_size);
629 }
630 }
631
632 iptap_lock_done();
633
634 if (proto == AF_INET6) {
635 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
636
637 /*
638 * Restore the embedded scope ID
639 */
640 if (in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
641 ip6->ip6_src.s6_addr16[1] = (uint16_t)src_scope_id;
642 }
643 if (in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
644 ip6->ip6_dst.s6_addr16[1] = (uint16_t)dst_scope_id;
645 }
646 }
647 }
648