]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/raw_ip6.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4903.270.47.tar.gz
[apple/xnu.git] / bsd / netinet6 / raw_ip6.c
1 /*
2 * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
30 * All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. Neither the name of the project nor the names of its contributors
41 * may be used to endorse or promote products derived from this software
42 * without specific prior written permission.
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
47 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * SUCH DAMAGE.
55 *
56 * $FreeBSD: src/sys/netinet6/raw_ip6.c,v 1.7.2.4 2001/07/29 19:32:40 ume Exp $
57 */
58
59 /*
60 * Copyright (c) 1982, 1986, 1988, 1993
61 * The Regents of the University of California. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 * 1. Redistributions of source code must retain the above copyright
67 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in the
70 * documentation and/or other materials provided with the distribution.
71 * 3. All advertising materials mentioning features or use of this software
72 * must display the following acknowledgement:
73 * This product includes software developed by the University of
74 * California, Berkeley and its contributors.
75 * 4. Neither the name of the University nor the names of its contributors
76 * may be used to endorse or promote products derived from this software
77 * without specific prior written permission.
78 *
79 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
80 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
81 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
82 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
83 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
84 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
85 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
86 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
87 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
88 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
89 * SUCH DAMAGE.
90 *
91 * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94
92 */
93 #include <sys/param.h>
94 #include <sys/malloc.h>
95 #include <sys/proc.h>
96 #include <sys/mcache.h>
97 #include <sys/mbuf.h>
98 #include <sys/socket.h>
99 #include <sys/protosw.h>
100 #include <sys/socketvar.h>
101 #include <sys/errno.h>
102 #include <sys/systm.h>
103
104 #include <net/if.h>
105 #include <net/net_api_stats.h>
106 #include <net/route.h>
107 #include <net/if_types.h>
108
109 #include <netinet/in.h>
110 #include <netinet/in_var.h>
111 #include <netinet/in_systm.h>
112 #include <netinet/in_tclass.h>
113 #include <netinet/ip6.h>
114 #include <netinet6/ip6_var.h>
115 #include <netinet/icmp6.h>
116 #include <netinet/in_pcb.h>
117 #include <netinet6/in6_pcb.h>
118 #include <netinet6/nd6.h>
119 #include <netinet6/ip6protosw.h>
120 #include <netinet6/scope6_var.h>
121 #include <netinet6/raw_ip6.h>
122
123 #if IPSEC
124 #include <netinet6/ipsec.h>
125 #include <netinet6/ipsec6.h>
126 #endif /*IPSEC*/
127
128 #if NECP
129 #include <net/necp.h>
130 #endif
131
132 /*
133 * Raw interface to IP6 protocol.
134 */
135
136 extern struct inpcbhead ripcb;
137 extern struct inpcbinfo ripcbinfo;
138 extern u_int32_t rip_sendspace;
139 extern u_int32_t rip_recvspace;
140
141 struct rip6stat rip6stat;
142
143 /*
144 * Setup generic address and protocol structures
145 * for raw_input routine, then pass them along with
146 * mbuf chain.
147 */
148 int
149 rip6_input(
150 struct mbuf **mp,
151 int *offp,
152 int proto)
153 {
154 struct mbuf *m = *mp;
155 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
156 struct inpcb *in6p;
157 struct inpcb *last = 0;
158 struct mbuf *opts = NULL;
159 struct sockaddr_in6 rip6src;
160 int ret;
161 struct ifnet *ifp = m->m_pkthdr.rcvif;
162
163 /* Expect 32-bit aligned data pointer on strict-align platforms */
164 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
165
166 rip6stat.rip6s_ipackets++;
167
168 init_sin6(&rip6src, m); /* general init */
169
170 lck_rw_lock_shared(ripcbinfo.ipi_lock);
171 LIST_FOREACH(in6p, &ripcb, inp_list) {
172 if ((in6p->in6p_vflag & INP_IPV6) == 0) {
173 continue;
174 }
175 if (in6p->in6p_ip6_nxt &&
176 in6p->in6p_ip6_nxt != proto) {
177 continue;
178 }
179 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) &&
180 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) {
181 continue;
182 }
183 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) &&
184 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) {
185 continue;
186 }
187
188 if (inp_restricted_recv(in6p, ifp)) {
189 continue;
190 }
191
192 if (proto == IPPROTO_ICMPV6 || in6p->in6p_cksum != -1) {
193 rip6stat.rip6s_isum++;
194 if (in6_cksum(m, ip6->ip6_nxt, *offp,
195 m->m_pkthdr.len - *offp)) {
196 rip6stat.rip6s_badsum++;
197 continue;
198 }
199 }
200 if (last) {
201 struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
202
203 #if NECP
204 if (n && !necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
205 &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
206 m_freem(n);
207 /* do not inject data into pcb */
208 } else
209 #endif /* NECP */
210 if (n) {
211 if ((last->in6p_flags & INP_CONTROLOPTS) != 0 ||
212 (last->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
213 (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
214 (last->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
215 ret = ip6_savecontrol(last, n, &opts);
216 if (ret != 0) {
217 m_freem(n);
218 m_freem(opts);
219 last = in6p;
220 continue;
221 }
222 }
223 /* strip intermediate headers */
224 m_adj(n, *offp);
225 so_recv_data_stat(last->in6p_socket, m, 0);
226 if (sbappendaddr(&last->in6p_socket->so_rcv,
227 (struct sockaddr *)&rip6src,
228 n, opts, NULL) == 0) {
229 rip6stat.rip6s_fullsock++;
230 } else {
231 sorwakeup(last->in6p_socket);
232 }
233 opts = NULL;
234 }
235 }
236 last = in6p;
237 }
238
239 #if NECP
240 if (last && !necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
241 &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
242 m_freem(m);
243 ip6stat.ip6s_delivered--;
244 /* do not inject data into pcb */
245 } else
246 #endif /* NECP */
247 if (last) {
248 if ((last->in6p_flags & INP_CONTROLOPTS) != 0 ||
249 (last->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
250 (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
251 (last->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
252 ret = ip6_savecontrol(last, m, &opts);
253 if (ret != 0) {
254 m_freem(m);
255 m_freem(opts);
256 ip6stat.ip6s_delivered--;
257 goto unlock;
258 }
259 }
260 /* strip intermediate headers */
261 m_adj(m, *offp);
262 so_recv_data_stat(last->in6p_socket, m, 0);
263 if (sbappendaddr(&last->in6p_socket->so_rcv,
264 (struct sockaddr *)&rip6src, m, opts, NULL) == 0) {
265 rip6stat.rip6s_fullsock++;
266 } else {
267 sorwakeup(last->in6p_socket);
268 }
269 } else {
270 rip6stat.rip6s_nosock++;
271 if (m->m_flags & M_MCAST) {
272 rip6stat.rip6s_nosockmcast++;
273 }
274 if (proto == IPPROTO_NONE) {
275 m_freem(m);
276 } else {
277 char *prvnxtp = ip6_get_prevhdr(m, *offp); /* XXX */
278 icmp6_error(m, ICMP6_PARAM_PROB,
279 ICMP6_PARAMPROB_NEXTHEADER,
280 prvnxtp - mtod(m, char *));
281 }
282 ip6stat.ip6s_delivered--;
283 }
284
285 unlock:
286 lck_rw_done(ripcbinfo.ipi_lock);
287
288 return IPPROTO_DONE;
289 }
290
291 void
292 rip6_ctlinput(
293 int cmd,
294 struct sockaddr *sa,
295 void *d,
296 __unused struct ifnet *ifp)
297 {
298 struct ip6_hdr *ip6;
299 struct mbuf *m;
300 void *cmdarg = NULL;
301 int off = 0;
302 struct ip6ctlparam *ip6cp = NULL;
303 const struct sockaddr_in6 *sa6_src = NULL;
304 void (*notify)(struct inpcb *, int) = in6_rtchange;
305
306 if (sa->sa_family != AF_INET6 ||
307 sa->sa_len != sizeof(struct sockaddr_in6)) {
308 return;
309 }
310
311 if ((unsigned)cmd >= PRC_NCMDS) {
312 return;
313 }
314 if (PRC_IS_REDIRECT(cmd)) {
315 notify = in6_rtchange;
316 d = NULL;
317 } else if (cmd == PRC_HOSTDEAD) {
318 d = NULL;
319 } else if (inet6ctlerrmap[cmd] == 0) {
320 return;
321 }
322
323 /* if the parameter is from icmp6, decode it. */
324 if (d != NULL) {
325 ip6cp = (struct ip6ctlparam *)d;
326 m = ip6cp->ip6c_m;
327 ip6 = ip6cp->ip6c_ip6;
328 off = ip6cp->ip6c_off;
329 cmdarg = ip6cp->ip6c_cmdarg;
330 sa6_src = ip6cp->ip6c_src;
331 } else {
332 m = NULL;
333 ip6 = NULL;
334 sa6_src = &sa6_any;
335 }
336
337 (void) in6_pcbnotify(&ripcbinfo, sa, 0, (const struct sockaddr *)sa6_src,
338 0, cmd, cmdarg, notify);
339 }
340
341 /*
342 * Generate IPv6 header and pass packet to ip6_output.
343 * Tack on options user may have setup with control call.
344 */
345 int
346 rip6_output(
347 struct mbuf *m,
348 struct socket *so,
349 struct sockaddr_in6 *dstsock,
350 struct mbuf *control,
351 int israw)
352 {
353 struct in6_addr *dst;
354 struct ip6_hdr *ip6;
355 struct inpcb *in6p;
356 u_int plen = m->m_pkthdr.len;
357 int error = 0;
358 struct ip6_pktopts opt, *optp = NULL;
359 struct ip6_moptions *im6o = NULL;
360 struct ifnet *oifp = NULL;
361 int type = 0, code = 0; /* for ICMPv6 output statistics only */
362 int sotc = SO_TC_UNSPEC;
363 int netsvctype = _NET_SERVICE_TYPE_UNSPEC;
364 struct ip6_out_args ip6oa;
365 int flags = IPV6_OUTARGS;
366
367 in6p = sotoin6pcb(so);
368
369 bzero(&ip6oa, sizeof(ip6oa));
370 ip6oa.ip6oa_boundif = IFSCOPE_NONE;
371 ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF;
372
373 if (in6p == NULL
374 #if NECP
375 || (necp_socket_should_use_flow_divert(in6p))
376 #endif /* NECP */
377 ) {
378 if (in6p == NULL) {
379 error = EINVAL;
380 } else {
381 error = EPROTOTYPE;
382 }
383 goto bad;
384 }
385 if (dstsock != NULL && IN6_IS_ADDR_V4MAPPED(&dstsock->sin6_addr)) {
386 error = EINVAL;
387 goto bad;
388 }
389
390 if (in6p->inp_flags & INP_BOUND_IF) {
391 ip6oa.ip6oa_boundif = in6p->inp_boundifp->if_index;
392 ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
393 }
394 if (INP_NO_CELLULAR(in6p)) {
395 ip6oa.ip6oa_flags |= IP6OAF_NO_CELLULAR;
396 }
397 if (INP_NO_EXPENSIVE(in6p)) {
398 ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
399 }
400 if (INP_AWDL_UNRESTRICTED(in6p)) {
401 ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
402 }
403 if (INP_INTCOPROC_ALLOWED(in6p)) {
404 ip6oa.ip6oa_flags |= IP6OAF_INTCOPROC_ALLOWED;
405 }
406
407 dst = &dstsock->sin6_addr;
408 if (control) {
409 sotc = so_tc_from_control(control, &netsvctype);
410
411 if ((error = ip6_setpktopts(control, &opt, NULL,
412 SOCK_PROTO(so))) != 0) {
413 goto bad;
414 }
415 optp = &opt;
416 } else {
417 optp = in6p->in6p_outputopts;
418 }
419 if (sotc == SO_TC_UNSPEC) {
420 sotc = so->so_traffic_class;
421 netsvctype = so->so_netsvctype;
422 }
423 ip6oa.ip6oa_sotc = sotc;
424 ip6oa.ip6oa_netsvctype = netsvctype;
425
426 /*
427 * For an ICMPv6 packet, we should know its type and code
428 * to update statistics.
429 */
430 if (SOCK_PROTO(so) == IPPROTO_ICMPV6) {
431 struct icmp6_hdr *icmp6;
432 if (m->m_len < sizeof(struct icmp6_hdr) &&
433 (m = m_pullup(m, sizeof(struct icmp6_hdr))) == NULL) {
434 error = ENOBUFS;
435 goto bad;
436 }
437 icmp6 = mtod(m, struct icmp6_hdr *);
438 type = icmp6->icmp6_type;
439 code = icmp6->icmp6_code;
440 }
441
442 if (in6p->inp_flowhash == 0) {
443 in6p->inp_flowhash = inp_calc_flowhash(in6p);
444 }
445 /* update flowinfo - RFC 6437 */
446 if (in6p->inp_flow == 0 && in6p->in6p_flags & IN6P_AUTOFLOWLABEL) {
447 in6p->inp_flow &= ~IPV6_FLOWLABEL_MASK;
448 in6p->inp_flow |=
449 (htonl(in6p->inp_flowhash) & IPV6_FLOWLABEL_MASK);
450 }
451
452 M_PREPEND(m, sizeof(*ip6), M_WAIT, 1);
453 if (m == NULL) {
454 error = ENOBUFS;
455 goto bad;
456 }
457 ip6 = mtod(m, struct ip6_hdr *);
458
459 /*
460 * Next header might not be ICMP6 but use its pseudo header anyway.
461 */
462 ip6->ip6_dst = *dst;
463
464 im6o = in6p->in6p_moptions;
465
466 /*
467 * If the scope of the destination is link-local, embed the interface
468 * index in the address.
469 *
470 * XXX advanced-api value overrides sin6_scope_id
471 */
472 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
473 struct in6_pktinfo *pi;
474 struct ifnet *im6o_multicast_ifp = NULL;
475
476 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && im6o != NULL) {
477 IM6O_LOCK(im6o);
478 im6o_multicast_ifp = im6o->im6o_multicast_ifp;
479 IM6O_UNLOCK(im6o);
480 }
481 /*
482 * XXX Boundary check is assumed to be already done in
483 * ip6_setpktoptions().
484 */
485 ifnet_head_lock_shared();
486 if (optp && (pi = optp->ip6po_pktinfo) && pi->ipi6_ifindex) {
487 ip6->ip6_dst.s6_addr16[1] = htons(pi->ipi6_ifindex);
488 oifp = ifindex2ifnet[pi->ipi6_ifindex];
489 if (oifp != NULL) {
490 ifnet_reference(oifp);
491 }
492 } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
493 im6o != NULL && im6o_multicast_ifp != NULL) {
494 oifp = im6o_multicast_ifp;
495 ifnet_reference(oifp);
496 ip6->ip6_dst.s6_addr16[1] = htons(oifp->if_index);
497 } else if (dstsock->sin6_scope_id) {
498 /*
499 * boundary check
500 *
501 * Sinced stsock->sin6_scope_id is unsigned, we don't
502 * need to check if it's < 0
503 */
504 if (if_index < dstsock->sin6_scope_id) {
505 error = ENXIO; /* XXX EINVAL? */
506 ifnet_head_done();
507 goto bad;
508 }
509 ip6->ip6_dst.s6_addr16[1]
510 = htons(dstsock->sin6_scope_id & 0xffff);/*XXX*/
511 }
512 ifnet_head_done();
513 }
514
515 /*
516 * Source address selection.
517 */
518 {
519 struct in6_addr *in6a;
520 struct in6_addr storage;
521 u_short index = 0;
522
523 if (israw != 0 && optp && optp->ip6po_pktinfo && !IN6_IS_ADDR_UNSPECIFIED(&optp->ip6po_pktinfo->ipi6_addr)) {
524 in6a = &optp->ip6po_pktinfo->ipi6_addr;
525 flags |= IPV6_FLAG_NOSRCIFSEL;
526 } else if ((in6a = in6_selectsrc(dstsock, optp, in6p,
527 &in6p->in6p_route, NULL, &storage, ip6oa.ip6oa_boundif,
528 &error)) == 0) {
529 if (error == 0) {
530 error = EADDRNOTAVAIL;
531 }
532 goto bad;
533 } else {
534 ip6oa.ip6oa_flags |= IP6OAF_BOUND_SRCADDR;
535 }
536 ip6->ip6_src = *in6a;
537 if (in6p->in6p_route.ro_rt != NULL) {
538 RT_LOCK(in6p->in6p_route.ro_rt);
539 if (in6p->in6p_route.ro_rt->rt_ifp != NULL) {
540 index = in6p->in6p_route.ro_rt->rt_ifp->if_index;
541 }
542 RT_UNLOCK(in6p->in6p_route.ro_rt);
543 if (oifp != NULL) {
544 ifnet_release(oifp);
545 }
546 ifnet_head_lock_shared();
547 if (index == 0 || if_index < index) {
548 panic("bad if_index on interface from route");
549 }
550 oifp = ifindex2ifnet[index];
551 if (oifp != NULL) {
552 ifnet_reference(oifp);
553 }
554 ifnet_head_done();
555 }
556 }
557 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
558 (in6p->inp_flow & IPV6_FLOWINFO_MASK);
559 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
560 (IPV6_VERSION & IPV6_VERSION_MASK);
561 /* ip6_plen will be filled in ip6_output, so not fill it here. */
562 ip6->ip6_nxt = in6p->in6p_ip6_nxt;
563 ip6->ip6_hlim = in6_selecthlim(in6p, oifp);
564
565 if (SOCK_PROTO(so) == IPPROTO_ICMPV6 || in6p->in6p_cksum != -1) {
566 struct mbuf *n;
567 int off;
568 u_int16_t *p;
569
570 /* compute checksum */
571 if (SOCK_PROTO(so) == IPPROTO_ICMPV6) {
572 off = offsetof(struct icmp6_hdr, icmp6_cksum);
573 } else {
574 off = in6p->in6p_cksum;
575 }
576 if (plen < (unsigned int)(off + 1)) {
577 error = EINVAL;
578 goto bad;
579 }
580 off += sizeof(struct ip6_hdr);
581
582 n = m;
583 while (n && n->m_len <= off) {
584 off -= n->m_len;
585 n = n->m_next;
586 }
587 if (!n) {
588 goto bad;
589 }
590 p = (u_int16_t *)(void *)(mtod(n, caddr_t) + off);
591 *p = 0;
592 *p = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen);
593 }
594
595 #if NECP
596 {
597 necp_kernel_policy_id policy_id;
598 necp_kernel_policy_id skip_policy_id;
599 u_int32_t route_rule_id;
600
601 /*
602 * We need a route to perform NECP route rule checks
603 */
604 if (net_qos_policy_restricted != 0 &&
605 ROUTE_UNUSABLE(&in6p->in6p_route)) {
606 struct sockaddr_in6 to;
607 struct sockaddr_in6 from;
608
609 ROUTE_RELEASE(&in6p->in6p_route);
610
611 bzero(&from, sizeof(struct sockaddr_in6));
612 from.sin6_family = AF_INET6;
613 from.sin6_len = sizeof(struct sockaddr_in6);
614 from.sin6_addr = ip6->ip6_src;
615
616 bzero(&to, sizeof(struct sockaddr_in6));
617 to.sin6_family = AF_INET6;
618 to.sin6_len = sizeof(struct sockaddr_in6);
619 to.sin6_addr = ip6->ip6_dst;
620
621 in6p->in6p_route.ro_dst.sin6_family = AF_INET6;
622 in6p->in6p_route.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
623 ((struct sockaddr_in6 *)(void *)&in6p->in6p_route.ro_dst)->sin6_addr =
624 ip6->ip6_dst;
625
626 rtalloc_scoped((struct route *)&in6p->in6p_route, ip6oa.ip6oa_boundif);
627
628 inp_update_necp_policy(in6p, (struct sockaddr *)&from,
629 (struct sockaddr *)&to, ip6oa.ip6oa_boundif);
630 in6p->inp_policyresult.results.qos_marking_gencount = 0;
631 }
632
633 if (!necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
634 &ip6->ip6_src, &ip6->ip6_dst, NULL, &policy_id, &route_rule_id, &skip_policy_id)) {
635 error = EHOSTUNREACH;
636 goto bad;
637 }
638
639 necp_mark_packet_from_socket(m, in6p, policy_id, route_rule_id, skip_policy_id);
640
641 if (net_qos_policy_restricted != 0) {
642 necp_socket_update_qos_marking(in6p, in6p->in6p_route.ro_rt,
643 NULL, route_rule_id);
644 }
645 }
646 #endif /* NECP */
647 if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED)) {
648 ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
649 }
650
651 #if IPSEC
652 if (in6p->in6p_sp != NULL && ipsec_setsocket(m, so) != 0) {
653 error = ENOBUFS;
654 goto bad;
655 }
656 #endif /*IPSEC*/
657
658 if (ROUTE_UNUSABLE(&in6p->in6p_route)) {
659 ROUTE_RELEASE(&in6p->in6p_route);
660 }
661
662 if (oifp != NULL) {
663 ifnet_release(oifp);
664 oifp = NULL;
665 }
666
667 set_packet_service_class(m, so, sotc, PKT_SCF_IPV6);
668 m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
669 m->m_pkthdr.pkt_flowid = in6p->inp_flowhash;
670 m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC |
671 PKTF_FLOW_RAWSOCK);
672 m->m_pkthdr.pkt_proto = in6p->in6p_ip6_nxt;
673 m->m_pkthdr.tx_rawip_pid = so->last_pid;
674 if (so->so_flags & SOF_DELEGATED) {
675 m->m_pkthdr.tx_rawip_e_pid = so->e_pid;
676 } else {
677 m->m_pkthdr.tx_rawip_e_pid = 0;
678 }
679
680 if (im6o != NULL) {
681 IM6O_ADDREF(im6o);
682 }
683
684 error = ip6_output(m, optp, &in6p->in6p_route, flags, im6o,
685 &oifp, &ip6oa);
686
687 if (im6o != NULL) {
688 IM6O_REMREF(im6o);
689 }
690
691 if (in6p->in6p_route.ro_rt != NULL) {
692 struct rtentry *rt = in6p->in6p_route.ro_rt;
693 struct ifnet *outif;
694
695 if ((rt->rt_flags & RTF_MULTICAST) ||
696 in6p->in6p_socket == NULL ||
697 !(in6p->in6p_socket->so_state & SS_ISCONNECTED)) {
698 rt = NULL; /* unusable */
699 }
700 /*
701 * Always discard the cached route for unconnected
702 * socket or if it is a multicast route.
703 */
704 if (rt == NULL) {
705 ROUTE_RELEASE(&in6p->in6p_route);
706 }
707
708 /*
709 * If this is a connected socket and the destination
710 * route is not multicast, update outif with that of
711 * the route interface index used by IP.
712 */
713 if (rt != NULL &&
714 (outif = rt->rt_ifp) != in6p->in6p_last_outifp) {
715 in6p->in6p_last_outifp = outif;
716 }
717 } else {
718 ROUTE_RELEASE(&in6p->in6p_route);
719 }
720
721 /*
722 * If output interface was cellular/expensive, and this socket is
723 * denied access to it, generate an event.
724 */
725 if (error != 0 && (ip6oa.ip6oa_retflags & IP6OARF_IFDENIED) &&
726 (INP_NO_CELLULAR(in6p) || INP_NO_EXPENSIVE(in6p))) {
727 soevent(in6p->inp_socket, (SO_FILT_HINT_LOCKED |
728 SO_FILT_HINT_IFDENIED));
729 }
730
731 if (SOCK_PROTO(so) == IPPROTO_ICMPV6) {
732 if (oifp) {
733 icmp6_ifoutstat_inc(oifp, type, code);
734 }
735 icmp6stat.icp6s_outhist[type]++;
736 } else {
737 rip6stat.rip6s_opackets++;
738 }
739
740 goto freectl;
741
742 bad:
743 if (m != NULL) {
744 m_freem(m);
745 }
746
747 freectl:
748 if (optp == &opt && optp->ip6po_rthdr) {
749 ROUTE_RELEASE(&optp->ip6po_route);
750 }
751
752 if (control != NULL) {
753 if (optp == &opt) {
754 ip6_clearpktopts(optp, -1);
755 }
756 m_freem(control);
757 }
758 if (oifp != NULL) {
759 ifnet_release(oifp);
760 }
761 return error;
762 }
763
764 /*
765 * Raw IPv6 socket option processing.
766 */
767 int
768 rip6_ctloutput(
769 struct socket *so,
770 struct sockopt *sopt)
771 {
772 int error, optval;
773
774 /* Allow <SOL_SOCKET,SO_FLUSH> at this level */
775 if (sopt->sopt_level == IPPROTO_ICMPV6) {
776 /*
777 * XXX: is it better to call icmp6_ctloutput() directly
778 * from protosw?
779 */
780 return icmp6_ctloutput(so, sopt);
781 } else if (sopt->sopt_level != IPPROTO_IPV6 &&
782 !(sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_FLUSH)) {
783 return EINVAL;
784 }
785
786 error = 0;
787
788 switch (sopt->sopt_dir) {
789 case SOPT_GET:
790 switch (sopt->sopt_name) {
791 case IPV6_CHECKSUM:
792 error = ip6_raw_ctloutput(so, sopt);
793 break;
794 default:
795 error = ip6_ctloutput(so, sopt);
796 break;
797 }
798 break;
799
800 case SOPT_SET:
801 switch (sopt->sopt_name) {
802 case IPV6_CHECKSUM:
803 error = ip6_raw_ctloutput(so, sopt);
804 break;
805
806 case SO_FLUSH:
807 if ((error = sooptcopyin(sopt, &optval, sizeof(optval),
808 sizeof(optval))) != 0) {
809 break;
810 }
811
812 error = inp_flush(sotoinpcb(so), optval);
813 break;
814
815 default:
816 error = ip6_ctloutput(so, sopt);
817 break;
818 }
819 break;
820 }
821
822 return error;
823 }
824
825 static int
826 rip6_attach(struct socket *so, int proto, struct proc *p)
827 {
828 struct inpcb *inp;
829 int error;
830
831 inp = sotoinpcb(so);
832 if (inp) {
833 panic("rip6_attach");
834 }
835 if ((error = proc_suser(p)) != 0) {
836 return error;
837 }
838
839 error = soreserve(so, rip_sendspace, rip_recvspace);
840 if (error) {
841 return error;
842 }
843 error = in_pcballoc(so, &ripcbinfo, p);
844 if (error) {
845 return error;
846 }
847 inp = (struct inpcb *)so->so_pcb;
848 inp->inp_vflag |= INP_IPV6;
849 inp->in6p_ip6_nxt = (char)proto;
850 inp->in6p_hops = -1; /* use kernel default */
851 inp->in6p_cksum = -1;
852 MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *,
853 sizeof(struct icmp6_filter), M_PCB, M_WAITOK);
854 if (inp->in6p_icmp6filt == NULL) {
855 return ENOMEM;
856 }
857 ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt);
858 return 0;
859 }
860
861 static int
862 rip6_detach(struct socket *so)
863 {
864 struct inpcb *inp;
865
866 inp = sotoinpcb(so);
867 if (inp == 0) {
868 panic("rip6_detach");
869 }
870 /* xxx: RSVP */
871 if (inp->in6p_icmp6filt) {
872 FREE(inp->in6p_icmp6filt, M_PCB);
873 inp->in6p_icmp6filt = NULL;
874 }
875 in6_pcbdetach(inp);
876 return 0;
877 }
878
879 static int
880 rip6_abort(struct socket *so)
881 {
882 soisdisconnected(so);
883 return rip6_detach(so);
884 }
885
886 static int
887 rip6_disconnect(struct socket *so)
888 {
889 struct inpcb *inp = sotoinpcb(so);
890
891 if ((so->so_state & SS_ISCONNECTED) == 0) {
892 return ENOTCONN;
893 }
894 inp->in6p_faddr = in6addr_any;
895 return rip6_abort(so);
896 }
897
898 static int
899 rip6_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
900 {
901 #pragma unused(p)
902 struct inpcb *inp = sotoinpcb(so);
903 struct sockaddr_in6 sin6;
904 struct ifaddr *ifa = NULL;
905 struct ifnet *outif = NULL;
906 int error;
907
908 if (inp == NULL
909 #if NECP
910 || (necp_socket_should_use_flow_divert(inp))
911 #endif /* NECP */
912 ) {
913 return inp == NULL ? EINVAL : EPROTOTYPE;
914 }
915
916 if (nam->sa_len != sizeof(struct sockaddr_in6)) {
917 return EINVAL;
918 }
919
920 if (TAILQ_EMPTY(&ifnet_head) || SIN6(nam)->sin6_family != AF_INET6) {
921 return EADDRNOTAVAIL;
922 }
923
924 bzero(&sin6, sizeof(sin6));
925 *(&sin6) = *SIN6(nam);
926
927 if ((error = sa6_embedscope(&sin6, ip6_use_defzone)) != 0) {
928 return error;
929 }
930
931 /* Sanitize local copy for address searches */
932 sin6.sin6_flowinfo = 0;
933 sin6.sin6_scope_id = 0;
934 sin6.sin6_port = 0;
935
936 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) &&
937 (ifa = ifa_ifwithaddr(SA(&sin6))) == 0) {
938 return EADDRNOTAVAIL;
939 }
940 if (ifa != NULL) {
941 IFA_LOCK(ifa);
942 if (((struct in6_ifaddr *)ifa)->ia6_flags &
943 (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY | IN6_IFF_CLAT46 |
944 IN6_IFF_DETACHED | IN6_IFF_DEPRECATED)) {
945 IFA_UNLOCK(ifa);
946 IFA_REMREF(ifa);
947 return EADDRNOTAVAIL;
948 }
949 outif = ifa->ifa_ifp;
950 IFA_UNLOCK(ifa);
951 IFA_REMREF(ifa);
952 }
953 inp->in6p_laddr = sin6.sin6_addr;
954 inp->in6p_last_outifp = outif;
955
956 return 0;
957 }
958
959 static int
960 rip6_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
961 {
962 struct inpcb *inp = sotoinpcb(so);
963 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)(void *)nam;
964 struct in6_addr *in6a = NULL;
965 struct in6_addr storage;
966 int error = 0;
967 #if ENABLE_DEFAULT_SCOPE
968 struct sockaddr_in6 tmp;
969 #endif
970 unsigned int ifscope;
971 struct ifnet *outif = NULL;
972
973 if (inp == NULL
974 #if NECP
975 || (necp_socket_should_use_flow_divert(inp))
976 #endif /* NECP */
977 ) {
978 return inp == NULL ? EINVAL : EPROTOTYPE;
979 }
980 if (nam->sa_len != sizeof(*addr)) {
981 return EINVAL;
982 }
983 if (TAILQ_EMPTY(&ifnet_head)) {
984 return EADDRNOTAVAIL;
985 }
986 if (addr->sin6_family != AF_INET6) {
987 return EAFNOSUPPORT;
988 }
989
990 if (!(so->so_flags1 & SOF1_CONNECT_COUNTED)) {
991 so->so_flags1 |= SOF1_CONNECT_COUNTED;
992 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet6_dgram_connected);
993 }
994
995 #if ENABLE_DEFAULT_SCOPE
996 if (addr->sin6_scope_id == 0) { /* not change if specified */
997 /* avoid overwrites */
998 tmp = *addr;
999 addr = &tmp;
1000 addr->sin6_scope_id = scope6_addr2default(&addr->sin6_addr);
1001 }
1002 #endif
1003
1004 /* KAME hack: embed scopeid */
1005 if (in6_embedscope(&SIN6(nam)->sin6_addr, SIN6(nam), inp, NULL, NULL) != 0) {
1006 return EINVAL;
1007 }
1008
1009 ifscope = (inp->inp_flags & INP_BOUND_IF) ?
1010 inp->inp_boundifp->if_index : IFSCOPE_NONE;
1011
1012 /* Source address selection. XXX: need pcblookup? */
1013 in6a = in6_selectsrc(addr, inp->in6p_outputopts, inp, &inp->in6p_route,
1014 NULL, &storage, ifscope, &error);
1015 if (in6a == NULL) {
1016 return error ? error : EADDRNOTAVAIL;
1017 }
1018 inp->in6p_laddr = *in6a;
1019 inp->in6p_faddr = addr->sin6_addr;
1020 if (inp->in6p_route.ro_rt != NULL) {
1021 outif = inp->in6p_route.ro_rt->rt_ifp;
1022 }
1023 inp->in6p_last_outifp = outif;
1024
1025 soisconnected(so);
1026 return 0;
1027 }
1028
1029 static int
1030 rip6_shutdown(struct socket *so)
1031 {
1032 socantsendmore(so);
1033 return 0;
1034 }
1035
1036 static int
1037 rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
1038 struct mbuf *control, struct proc *p)
1039 {
1040 #pragma unused(flags, p)
1041 struct inpcb *inp = sotoinpcb(so);
1042 struct sockaddr_in6 tmp;
1043 struct sockaddr_in6 *dst = (struct sockaddr_in6 *)(void *)nam;
1044 int error = 0;
1045
1046 if (inp == NULL
1047 #if NECP
1048 || (necp_socket_should_use_flow_divert(inp))
1049 #endif /* NECP */
1050 ) {
1051 if (inp == NULL) {
1052 error = EINVAL;
1053 } else {
1054 error = EPROTOTYPE;
1055 }
1056 goto bad;
1057 }
1058
1059 /* always copy sockaddr to avoid overwrites */
1060 if (so->so_state & SS_ISCONNECTED) {
1061 if (nam != NULL) {
1062 error = EISCONN;
1063 goto bad;
1064 }
1065 /* XXX */
1066 bzero(&tmp, sizeof(tmp));
1067 tmp.sin6_family = AF_INET6;
1068 tmp.sin6_len = sizeof(struct sockaddr_in6);
1069 bcopy(&inp->in6p_faddr, &tmp.sin6_addr,
1070 sizeof(struct in6_addr));
1071 dst = &tmp;
1072 } else {
1073 if (nam == NULL) {
1074 error = ENOTCONN;
1075 goto bad;
1076 }
1077 tmp = *(struct sockaddr_in6 *)(void *)nam;
1078 dst = &tmp;
1079 }
1080 #if ENABLE_DEFAULT_SCOPE
1081 if (dst->sin6_scope_id == 0) { /* not change if specified */
1082 dst->sin6_scope_id = scope6_addr2default(&dst->sin6_addr);
1083 }
1084 #endif
1085 return rip6_output(m, so, dst, control, 1);
1086
1087 bad:
1088 VERIFY(error != 0);
1089
1090 if (m != NULL) {
1091 m_freem(m);
1092 }
1093 if (control != NULL) {
1094 m_freem(control);
1095 }
1096
1097 return error;
1098 }
1099
1100 struct pr_usrreqs rip6_usrreqs = {
1101 .pru_abort = rip6_abort,
1102 .pru_attach = rip6_attach,
1103 .pru_bind = rip6_bind,
1104 .pru_connect = rip6_connect,
1105 .pru_control = in6_control,
1106 .pru_detach = rip6_detach,
1107 .pru_disconnect = rip6_disconnect,
1108 .pru_peeraddr = in6_getpeeraddr,
1109 .pru_send = rip6_send,
1110 .pru_shutdown = rip6_shutdown,
1111 .pru_sockaddr = in6_getsockaddr,
1112 .pru_sosend = sosend,
1113 .pru_soreceive = soreceive,
1114 };
1115
1116 __private_extern__ struct pr_usrreqs icmp6_dgram_usrreqs = {
1117 .pru_abort = rip6_abort,
1118 .pru_attach = icmp6_dgram_attach,
1119 .pru_bind = rip6_bind,
1120 .pru_connect = rip6_connect,
1121 .pru_control = in6_control,
1122 .pru_detach = rip6_detach,
1123 .pru_disconnect = rip6_disconnect,
1124 .pru_peeraddr = in6_getpeeraddr,
1125 .pru_send = icmp6_dgram_send,
1126 .pru_shutdown = rip6_shutdown,
1127 .pru_sockaddr = in6_getsockaddr,
1128 .pru_sosend = sosend,
1129 .pru_soreceive = soreceive,
1130 };
mirror of XNU