]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet/igmp.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2422.110.17.tar.gz
[apple/xnu.git] / bsd / netinet / igmp.c
1 /*
2 * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*-
29 * Copyright (c) 2007-2009 Bruce Simpson.
30 * Copyright (c) 1988 Stephen Deering.
31 * Copyright (c) 1992, 1993
32 * The Regents of the University of California. All rights reserved.
33 *
34 * This code is derived from software contributed to Berkeley by
35 * Stephen Deering of Stanford University.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)igmp.c 8.1 (Berkeley) 7/19/93
66 */
67 /*
68 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
69 * support for mandatory and extensible security protections. This notice
70 * is included in support of clause 2.2 (b) of the Apple Public License,
71 * Version 2.0.
72 */
73
74 /*
75 * Internet Group Management Protocol (IGMP) routines.
76 * [RFC1112, RFC2236, RFC3376]
77 *
78 * Written by Steve Deering, Stanford, May 1988.
79 * Modified by Rosen Sharma, Stanford, Aug 1994.
80 * Modified by Bill Fenner, Xerox PARC, Feb 1995.
81 * Modified to fully comply to IGMPv2 by Bill Fenner, Oct 1995.
82 * Significantly rewritten for IGMPv3, VIMAGE, and SMP by Bruce Simpson.
83 *
84 * MULTICAST Revision: 3.5.1.4
85 */
86
87 #include <sys/cdefs.h>
88
89 #include <sys/param.h>
90 #include <sys/systm.h>
91 #include <sys/malloc.h>
92 #include <sys/mbuf.h>
93 #include <sys/socket.h>
94 #include <sys/protosw.h>
95 #include <sys/kernel.h>
96 #include <sys/sysctl.h>
97 #include <sys/mcache.h>
98
99 #include <libkern/libkern.h>
100 #include <kern/zalloc.h>
101
102 #include <net/if.h>
103 #include <net/route.h>
104
105 #include <netinet/in.h>
106 #include <netinet/in_var.h>
107 #include <netinet/in_systm.h>
108 #include <netinet/ip.h>
109 #include <netinet/ip_var.h>
110 #include <netinet/igmp.h>
111 #include <netinet/igmp_var.h>
112 #include <netinet/kpi_ipfilter_var.h>
113
114 SLIST_HEAD(igmp_inm_relhead, in_multi);
115
116 static void igi_initvar(struct igmp_ifinfo *, struct ifnet *, int);
117 static struct igmp_ifinfo *igi_alloc(int);
118 static void igi_free(struct igmp_ifinfo *);
119 static void igi_delete(const struct ifnet *, struct igmp_inm_relhead *);
120 static void igmp_dispatch_queue(struct igmp_ifinfo *, struct ifqueue *,
121 int, const int);
122 static void igmp_final_leave(struct in_multi *, struct igmp_ifinfo *,
123 struct igmp_tparams *);
124 static int igmp_handle_state_change(struct in_multi *,
125 struct igmp_ifinfo *, struct igmp_tparams *);
126 static int igmp_initial_join(struct in_multi *, struct igmp_ifinfo *,
127 struct igmp_tparams *);
128 static int igmp_input_v1_query(struct ifnet *, const struct ip *,
129 const struct igmp *);
130 static int igmp_input_v2_query(struct ifnet *, const struct ip *,
131 const struct igmp *);
132 static int igmp_input_v3_query(struct ifnet *, const struct ip *,
133 /*const*/ struct igmpv3 *);
134 static int igmp_input_v3_group_query(struct in_multi *,
135 int, /*const*/ struct igmpv3 *);
136 static int igmp_input_v1_report(struct ifnet *, struct mbuf *,
137 /*const*/ struct ip *, /*const*/ struct igmp *);
138 static int igmp_input_v2_report(struct ifnet *, struct mbuf *,
139 /*const*/ struct ip *, /*const*/ struct igmp *);
140 static void igmp_sendpkt(struct mbuf *);
141 static __inline__ int igmp_isgroupreported(const struct in_addr);
142 static struct mbuf *igmp_ra_alloc(void);
143 #ifdef IGMP_DEBUG
144 static const char *igmp_rec_type_to_str(const int);
145 #endif
146 static uint32_t igmp_set_version(struct igmp_ifinfo *, const int);
147 static void igmp_flush_relq(struct igmp_ifinfo *,
148 struct igmp_inm_relhead *);
149 static int igmp_v1v2_queue_report(struct in_multi *, const int);
150 static void igmp_v1v2_process_group_timer(struct in_multi *, const int);
151 static void igmp_v1v2_process_querier_timers(struct igmp_ifinfo *);
152 static uint32_t igmp_v2_update_group(struct in_multi *, const int);
153 static void igmp_v3_cancel_link_timers(struct igmp_ifinfo *);
154 static uint32_t igmp_v3_dispatch_general_query(struct igmp_ifinfo *);
155 static struct mbuf *
156 igmp_v3_encap_report(struct ifnet *, struct mbuf *);
157 static int igmp_v3_enqueue_group_record(struct ifqueue *,
158 struct in_multi *, const int, const int, const int);
159 static int igmp_v3_enqueue_filter_change(struct ifqueue *,
160 struct in_multi *);
161 static void igmp_v3_process_group_timers(struct igmp_ifinfo *,
162 struct ifqueue *, struct ifqueue *, struct in_multi *,
163 const int);
164 static int igmp_v3_merge_state_changes(struct in_multi *,
165 struct ifqueue *);
166 static void igmp_v3_suppress_group_record(struct in_multi *);
167 static int sysctl_igmp_ifinfo SYSCTL_HANDLER_ARGS;
168 static int sysctl_igmp_gsr SYSCTL_HANDLER_ARGS;
169 static int sysctl_igmp_default_version SYSCTL_HANDLER_ARGS;
170
171 static int igmp_timeout_run; /* IGMP timer is scheduled to run */
172 static void igmp_timeout(void *);
173 static void igmp_sched_timeout(void);
174
175 static struct mbuf *m_raopt; /* Router Alert option */
176
177 static int querier_present_timers_running; /* IGMPv1/v2 older version
178 * querier present */
179 static int interface_timers_running; /* IGMPv3 general
180 * query response */
181 static int state_change_timers_running; /* IGMPv3 state-change
182 * retransmit */
183 static int current_state_timers_running; /* IGMPv1/v2 host
184 * report; IGMPv3 g/sg
185 * query response */
186
187 /*
188 * Subsystem lock macros.
189 */
190 #define IGMP_LOCK() \
191 lck_mtx_lock(&igmp_mtx)
192 #define IGMP_LOCK_ASSERT_HELD() \
193 lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_OWNED)
194 #define IGMP_LOCK_ASSERT_NOTHELD() \
195 lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_NOTOWNED)
196 #define IGMP_UNLOCK() \
197 lck_mtx_unlock(&igmp_mtx)
198
199 static LIST_HEAD(, igmp_ifinfo) igi_head;
200 static struct igmpstat_v3 igmpstat_v3 = {
201 .igps_version = IGPS_VERSION_3,
202 .igps_len = sizeof(struct igmpstat_v3),
203 };
204 static struct igmpstat igmpstat; /* old IGMPv2 stats structure */
205 static struct timeval igmp_gsrdelay = {10, 0};
206
207 static int igmp_recvifkludge = 1;
208 static int igmp_sendra = 1;
209 static int igmp_sendlocal = 1;
210 static int igmp_v1enable = 1;
211 static int igmp_v2enable = 1;
212 static int igmp_legacysupp = 0;
213 static int igmp_default_version = IGMP_VERSION_3;
214
215 SYSCTL_STRUCT(_net_inet_igmp, IGMPCTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
216 &igmpstat, igmpstat, "");
217 SYSCTL_STRUCT(_net_inet_igmp, OID_AUTO, v3stats,
218 CTLFLAG_RD | CTLFLAG_LOCKED, &igmpstat_v3, igmpstat_v3, "");
219 SYSCTL_INT(_net_inet_igmp, OID_AUTO, recvifkludge, CTLFLAG_RW | CTLFLAG_LOCKED,
220 &igmp_recvifkludge, 0,
221 "Rewrite IGMPv1/v2 reports from 0.0.0.0 to contain subnet address");
222 SYSCTL_INT(_net_inet_igmp, OID_AUTO, sendra, CTLFLAG_RW | CTLFLAG_LOCKED,
223 &igmp_sendra, 0,
224 "Send IP Router Alert option in IGMPv2/v3 messages");
225 SYSCTL_INT(_net_inet_igmp, OID_AUTO, sendlocal, CTLFLAG_RW | CTLFLAG_LOCKED,
226 &igmp_sendlocal, 0,
227 "Send IGMP membership reports for 224.0.0.0/24 groups");
228 SYSCTL_INT(_net_inet_igmp, OID_AUTO, v1enable, CTLFLAG_RW | CTLFLAG_LOCKED,
229 &igmp_v1enable, 0,
230 "Enable backwards compatibility with IGMPv1");
231 SYSCTL_INT(_net_inet_igmp, OID_AUTO, v2enable, CTLFLAG_RW | CTLFLAG_LOCKED,
232 &igmp_v2enable, 0,
233 "Enable backwards compatibility with IGMPv2");
234 SYSCTL_INT(_net_inet_igmp, OID_AUTO, legacysupp, CTLFLAG_RW | CTLFLAG_LOCKED,
235 &igmp_legacysupp, 0,
236 "Allow v1/v2 reports to suppress v3 group responses");
237 SYSCTL_PROC(_net_inet_igmp, OID_AUTO, default_version,
238 CTLTYPE_INT | CTLFLAG_RW,
239 &igmp_default_version, 0, sysctl_igmp_default_version, "I",
240 "Default version of IGMP to run on each interface");
241 SYSCTL_PROC(_net_inet_igmp, OID_AUTO, gsrdelay,
242 CTLTYPE_INT | CTLFLAG_RW,
243 &igmp_gsrdelay.tv_sec, 0, sysctl_igmp_gsr, "I",
244 "Rate limit for IGMPv3 Group-and-Source queries in seconds");
245 #ifdef IGMP_DEBUG
246 int igmp_debug = 0;
247 SYSCTL_INT(_net_inet_igmp, OID_AUTO,
248 debug, CTLFLAG_RW | CTLFLAG_LOCKED, &igmp_debug, 0, "");
249 #endif
250
251 SYSCTL_NODE(_net_inet_igmp, OID_AUTO, ifinfo, CTLFLAG_RD | CTLFLAG_LOCKED,
252 sysctl_igmp_ifinfo, "Per-interface IGMPv3 state");
253
254 /* Lock group and attribute for igmp_mtx */
255 static lck_attr_t *igmp_mtx_attr;
256 static lck_grp_t *igmp_mtx_grp;
257 static lck_grp_attr_t *igmp_mtx_grp_attr;
258
259 /*
260 * Locking and reference counting:
261 *
262 * igmp_mtx mainly protects igi_head. In cases where both igmp_mtx and
263 * in_multihead_lock must be held, the former must be acquired first in order
264 * to maintain lock ordering. It is not a requirement that igmp_mtx be
265 * acquired first before in_multihead_lock, but in case both must be acquired
266 * in succession, the correct lock ordering must be followed.
267 *
268 * Instead of walking the if_multiaddrs list at the interface and returning
269 * the ifma_protospec value of a matching entry, we search the global list
270 * of in_multi records and find it that way; this is done with in_multihead
271 * lock held. Doing so avoids the race condition issues that many other BSDs
272 * suffer from (therefore in our implementation, ifma_protospec will never be
273 * NULL for as long as the in_multi is valid.)
274 *
275 * The above creates a requirement for the in_multi to stay in in_multihead
276 * list even after the final IGMP leave (in IGMPv3 mode) until no longer needs
277 * be retransmitted (this is not required for IGMPv1/v2.) In order to handle
278 * this, the request and reference counts of the in_multi are bumped up when
279 * the state changes to IGMP_LEAVING_MEMBER, and later dropped in the timeout
280 * handler. Each in_multi holds a reference to the underlying igmp_ifinfo.
281 *
282 * Thus, the permitted lock oder is:
283 *
284 * igmp_mtx, in_multihead_lock, inm_lock, igi_lock
285 *
286 * Any may be taken independently, but if any are held at the same time,
287 * the above lock order must be followed.
288 */
289 static decl_lck_mtx_data(, igmp_mtx);
290 static int igmp_timers_are_running;
291
292 #define IGMP_ADD_DETACHED_INM(_head, _inm) { \
293 SLIST_INSERT_HEAD(_head, _inm, inm_dtle); \
294 }
295
296 #define IGMP_REMOVE_DETACHED_INM(_head) { \
297 struct in_multi *_inm, *_inm_tmp; \
298 SLIST_FOREACH_SAFE(_inm, _head, inm_dtle, _inm_tmp) { \
299 SLIST_REMOVE(_head, _inm, in_multi, inm_dtle); \
300 INM_REMREF(_inm); \
301 } \
302 VERIFY(SLIST_EMPTY(_head)); \
303 }
304
305 #define IGI_ZONE_MAX 64 /* maximum elements in zone */
306 #define IGI_ZONE_NAME "igmp_ifinfo" /* zone name */
307
308 static unsigned int igi_size; /* size of zone element */
309 static struct zone *igi_zone; /* zone for igmp_ifinfo */
310
311 /* Store IGMPv3 record count in the module private scratch space */
312 #define vt_nrecs pkt_mpriv.__mpriv_u.__mpriv32[0].__mpriv32_u.__val16[0]
313
314 static __inline void
315 igmp_save_context(struct mbuf *m, struct ifnet *ifp)
316 {
317 m->m_pkthdr.rcvif = ifp;
318 }
319
320 static __inline void
321 igmp_scrub_context(struct mbuf *m)
322 {
323 m->m_pkthdr.rcvif = NULL;
324 }
325
326 #ifdef IGMP_DEBUG
327 static __inline const char *
328 inet_ntop_haddr(in_addr_t haddr, char *buf, socklen_t size)
329 {
330 struct in_addr ia;
331
332 ia.s_addr = htonl(haddr);
333 return (inet_ntop(AF_INET, &ia, buf, size));
334 }
335 #endif
336
337 /*
338 * Restore context from a queued IGMP output chain.
339 * Return saved ifp.
340 */
341 static __inline struct ifnet *
342 igmp_restore_context(struct mbuf *m)
343 {
344 return (m->m_pkthdr.rcvif);
345 }
346
347 /*
348 * Retrieve or set default IGMP version.
349 */
350 static int
351 sysctl_igmp_default_version SYSCTL_HANDLER_ARGS
352 {
353 #pragma unused(oidp, arg2)
354 int error;
355 int new;
356
357 IGMP_LOCK();
358
359 error = SYSCTL_OUT(req, arg1, sizeof(int));
360 if (error || !req->newptr)
361 goto out_locked;
362
363 new = igmp_default_version;
364
365 error = SYSCTL_IN(req, &new, sizeof(int));
366 if (error)
367 goto out_locked;
368
369 if (new < IGMP_VERSION_1 || new > IGMP_VERSION_3) {
370 error = EINVAL;
371 goto out_locked;
372 }
373
374 IGMP_PRINTF(("%s: change igmp_default_version from %d to %d\n",
375 __func__, igmp_default_version, new));
376
377 igmp_default_version = new;
378
379 out_locked:
380 IGMP_UNLOCK();
381 return (error);
382 }
383
384 /*
385 * Retrieve or set threshold between group-source queries in seconds.
386 *
387 */
388 static int
389 sysctl_igmp_gsr SYSCTL_HANDLER_ARGS
390 {
391 #pragma unused(arg1, arg2)
392 int error;
393 int i;
394
395 IGMP_LOCK();
396
397 i = igmp_gsrdelay.tv_sec;
398
399 error = sysctl_handle_int(oidp, &i, 0, req);
400 if (error || !req->newptr)
401 goto out_locked;
402
403 if (i < -1 || i >= 60) {
404 error = EINVAL;
405 goto out_locked;
406 }
407
408 igmp_gsrdelay.tv_sec = i;
409
410 out_locked:
411 IGMP_UNLOCK();
412 return (error);
413 }
414
415 /*
416 * Expose struct igmp_ifinfo to userland, keyed by ifindex.
417 * For use by ifmcstat(8).
418 *
419 */
420 static int
421 sysctl_igmp_ifinfo SYSCTL_HANDLER_ARGS
422 {
423 #pragma unused(oidp)
424 int *name;
425 int error;
426 u_int namelen;
427 struct ifnet *ifp;
428 struct igmp_ifinfo *igi;
429 struct igmp_ifinfo_u igi_u;
430
431 name = (int *)arg1;
432 namelen = arg2;
433
434 if (req->newptr != USER_ADDR_NULL)
435 return (EPERM);
436
437 if (namelen != 1)
438 return (EINVAL);
439
440 IGMP_LOCK();
441
442 if (name[0] <= 0 || name[0] > (u_int)if_index) {
443 error = ENOENT;
444 goto out_locked;
445 }
446
447 error = ENOENT;
448
449 ifnet_head_lock_shared();
450 ifp = ifindex2ifnet[name[0]];
451 ifnet_head_done();
452 if (ifp == NULL)
453 goto out_locked;
454
455 bzero(&igi_u, sizeof (igi_u));
456
457 LIST_FOREACH(igi, &igi_head, igi_link) {
458 IGI_LOCK(igi);
459 if (ifp != igi->igi_ifp) {
460 IGI_UNLOCK(igi);
461 continue;
462 }
463 igi_u.igi_ifindex = igi->igi_ifp->if_index;
464 igi_u.igi_version = igi->igi_version;
465 igi_u.igi_v1_timer = igi->igi_v1_timer;
466 igi_u.igi_v2_timer = igi->igi_v2_timer;
467 igi_u.igi_v3_timer = igi->igi_v3_timer;
468 igi_u.igi_flags = igi->igi_flags;
469 igi_u.igi_rv = igi->igi_rv;
470 igi_u.igi_qi = igi->igi_qi;
471 igi_u.igi_qri = igi->igi_qri;
472 igi_u.igi_uri = igi->igi_uri;
473 IGI_UNLOCK(igi);
474
475 error = SYSCTL_OUT(req, &igi_u, sizeof (igi_u));
476 break;
477 }
478
479 out_locked:
480 IGMP_UNLOCK();
481 return (error);
482 }
483
484 /*
485 * Dispatch an entire queue of pending packet chains
486 *
487 * Must not be called with inm_lock held.
488 */
489 static void
490 igmp_dispatch_queue(struct igmp_ifinfo *igi, struct ifqueue *ifq, int limit,
491 const int loop)
492 {
493 struct mbuf *m;
494 struct ip *ip;
495
496 if (igi != NULL)
497 IGI_LOCK_ASSERT_HELD(igi);
498
499 for (;;) {
500 IF_DEQUEUE(ifq, m);
501 if (m == NULL)
502 break;
503 IGMP_PRINTF(("%s: dispatch 0x%llx from 0x%llx\n", __func__,
504 (uint64_t)VM_KERNEL_ADDRPERM(ifq),
505 (uint64_t)VM_KERNEL_ADDRPERM(m)));
506 ip = mtod(m, struct ip *);
507 if (loop)
508 m->m_flags |= M_IGMP_LOOP;
509 if (igi != NULL)
510 IGI_UNLOCK(igi);
511 igmp_sendpkt(m);
512 if (igi != NULL)
513 IGI_LOCK(igi);
514 if (--limit == 0)
515 break;
516 }
517
518 if (igi != NULL)
519 IGI_LOCK_ASSERT_HELD(igi);
520 }
521
522 /*
523 * Filter outgoing IGMP report state by group.
524 *
525 * Reports are ALWAYS suppressed for ALL-HOSTS (224.0.0.1).
526 * If the net.inet.igmp.sendlocal sysctl is 0, then IGMP reports are
527 * disabled for all groups in the 224.0.0.0/24 link-local scope. However,
528 * this may break certain IGMP snooping switches which rely on the old
529 * report behaviour.
530 *
531 * Return zero if the given group is one for which IGMP reports
532 * should be suppressed, or non-zero if reports should be issued.
533 */
534
535 static __inline__
536 int igmp_isgroupreported(const struct in_addr addr)
537 {
538
539 if (in_allhosts(addr) ||
540 ((!igmp_sendlocal && IN_LOCAL_GROUP(ntohl(addr.s_addr)))))
541 return (0);
542
543 return (1);
544 }
545
546 /*
547 * Construct a Router Alert option to use in outgoing packets.
548 */
549 static struct mbuf *
550 igmp_ra_alloc(void)
551 {
552 struct mbuf *m;
553 struct ipoption *p;
554
555 MGET(m, M_WAITOK, MT_DATA);
556 p = mtod(m, struct ipoption *);
557 p->ipopt_dst.s_addr = INADDR_ANY;
558 p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */
559 p->ipopt_list[1] = 0x04; /* 4 bytes long */
560 p->ipopt_list[2] = IPOPT_EOL; /* End of IP option list */
561 p->ipopt_list[3] = 0x00; /* pad byte */
562 m->m_len = sizeof(p->ipopt_dst) + p->ipopt_list[1];
563
564 return (m);
565 }
566
567 /*
568 * Attach IGMP when PF_INET is attached to an interface.
569 */
570 struct igmp_ifinfo *
571 igmp_domifattach(struct ifnet *ifp, int how)
572 {
573 struct igmp_ifinfo *igi;
574
575 IGMP_PRINTF(("%s: called for ifp 0x%llx(%s)\n",
576 __func__, (uint64_t)VM_KERNEL_ADDRPERM(ifp), ifp->if_name));
577
578 igi = igi_alloc(how);
579 if (igi == NULL)
580 return (NULL);
581
582 IGMP_LOCK();
583
584 IGI_LOCK(igi);
585 igi_initvar(igi, ifp, 0);
586 igi->igi_debug |= IFD_ATTACHED;
587 IGI_ADDREF_LOCKED(igi); /* hold a reference for igi_head */
588 IGI_ADDREF_LOCKED(igi); /* hold a reference for caller */
589 IGI_UNLOCK(igi);
590 ifnet_lock_shared(ifp);
591 igmp_initsilent(ifp, igi);
592 ifnet_lock_done(ifp);
593
594 LIST_INSERT_HEAD(&igi_head, igi, igi_link);
595
596 IGMP_UNLOCK();
597
598 IGMP_PRINTF(("%s: allocate igmp_ifinfo for ifp 0x%llx(%s)\n", __func__,
599 (uint64_t)VM_KERNEL_ADDRPERM(ifp), ifp->if_name));
600
601 return (igi);
602 }
603
604 /*
605 * Attach IGMP when PF_INET is reattached to an interface. Caller is
606 * expected to have an outstanding reference to the igi.
607 */
608 void
609 igmp_domifreattach(struct igmp_ifinfo *igi)
610 {
611 struct ifnet *ifp;
612
613 IGMP_LOCK();
614
615 IGI_LOCK(igi);
616 VERIFY(!(igi->igi_debug & IFD_ATTACHED));
617 ifp = igi->igi_ifp;
618 VERIFY(ifp != NULL);
619 igi_initvar(igi, ifp, 1);
620 igi->igi_debug |= IFD_ATTACHED;
621 IGI_ADDREF_LOCKED(igi); /* hold a reference for igi_head */
622 IGI_UNLOCK(igi);
623 ifnet_lock_shared(ifp);
624 igmp_initsilent(ifp, igi);
625 ifnet_lock_done(ifp);
626
627 LIST_INSERT_HEAD(&igi_head, igi, igi_link);
628
629 IGMP_UNLOCK();
630
631 IGMP_PRINTF(("%s: reattached igmp_ifinfo for ifp 0x%llx(%s)\n",
632 __func__, (uint64_t)VM_KERNEL_ADDRPERM(ifp), ifp->if_name));
633 }
634
635 /*
636 * Hook for domifdetach.
637 */
638 void
639 igmp_domifdetach(struct ifnet *ifp)
640 {
641 SLIST_HEAD(, in_multi) inm_dthead;
642
643 SLIST_INIT(&inm_dthead);
644
645 IGMP_PRINTF(("%s: called for ifp 0x%llx(%s%d)\n", __func__,
646 (uint64_t)VM_KERNEL_ADDRPERM(ifp), ifp->if_name, ifp->if_unit));
647
648 IGMP_LOCK();
649 igi_delete(ifp, (struct igmp_inm_relhead *)&inm_dthead);
650 IGMP_UNLOCK();
651
652 /* Now that we're dropped all locks, release detached records */
653 IGMP_REMOVE_DETACHED_INM(&inm_dthead);
654 }
655
656 /*
657 * Called at interface detach time. Note that we only flush all deferred
658 * responses and record releases; all remaining inm records and their source
659 * entries related to this interface are left intact, in order to handle
660 * the reattach case.
661 */
662 static void
663 igi_delete(const struct ifnet *ifp, struct igmp_inm_relhead *inm_dthead)
664 {
665 struct igmp_ifinfo *igi, *tigi;
666
667 IGMP_LOCK_ASSERT_HELD();
668
669 LIST_FOREACH_SAFE(igi, &igi_head, igi_link, tigi) {
670 IGI_LOCK(igi);
671 if (igi->igi_ifp == ifp) {
672 /*
673 * Free deferred General Query responses.
674 */
675 IF_DRAIN(&igi->igi_gq);
676 IF_DRAIN(&igi->igi_v2q);
677 igmp_flush_relq(igi, inm_dthead);
678 VERIFY(SLIST_EMPTY(&igi->igi_relinmhead));
679 igi->igi_debug &= ~IFD_ATTACHED;
680 IGI_UNLOCK(igi);
681
682 LIST_REMOVE(igi, igi_link);
683 IGI_REMREF(igi); /* release igi_head reference */
684 return;
685 }
686 IGI_UNLOCK(igi);
687 }
688 panic("%s: igmp_ifinfo not found for ifp %p(%s)\n", __func__,
689 ifp, ifp->if_xname);
690 }
691
692 __private_extern__ void
693 igmp_initsilent(struct ifnet *ifp, struct igmp_ifinfo *igi)
694 {
695 ifnet_lock_assert(ifp, IFNET_LCK_ASSERT_OWNED);
696
697 IGI_LOCK_ASSERT_NOTHELD(igi);
698 IGI_LOCK(igi);
699 if (!(ifp->if_flags & IFF_MULTICAST))
700 igi->igi_flags |= IGIF_SILENT;
701 else
702 igi->igi_flags &= ~IGIF_SILENT;
703 IGI_UNLOCK(igi);
704 }
705
706 static void
707 igi_initvar(struct igmp_ifinfo *igi, struct ifnet *ifp, int reattach)
708 {
709 IGI_LOCK_ASSERT_HELD(igi);
710
711 igi->igi_ifp = ifp;
712 igi->igi_version = igmp_default_version;
713 igi->igi_flags = 0;
714 igi->igi_rv = IGMP_RV_INIT;
715 igi->igi_qi = IGMP_QI_INIT;
716 igi->igi_qri = IGMP_QRI_INIT;
717 igi->igi_uri = IGMP_URI_INIT;
718
719 if (!reattach)
720 SLIST_INIT(&igi->igi_relinmhead);
721
722 /*
723 * Responses to general queries are subject to bounds.
724 */
725 igi->igi_gq.ifq_maxlen = IGMP_MAX_RESPONSE_PACKETS;
726 igi->igi_v2q.ifq_maxlen = IGMP_MAX_RESPONSE_PACKETS;
727 }
728
729 static struct igmp_ifinfo *
730 igi_alloc(int how)
731 {
732 struct igmp_ifinfo *igi;
733
734 igi = (how == M_WAITOK) ? zalloc(igi_zone) : zalloc_noblock(igi_zone);
735 if (igi != NULL) {
736 bzero(igi, igi_size);
737 lck_mtx_init(&igi->igi_lock, igmp_mtx_grp, igmp_mtx_attr);
738 igi->igi_debug |= IFD_ALLOC;
739 }
740 return (igi);
741 }
742
743 static void
744 igi_free(struct igmp_ifinfo *igi)
745 {
746 IGI_LOCK(igi);
747 if (igi->igi_debug & IFD_ATTACHED) {
748 panic("%s: attached igi=%p is being freed", __func__, igi);
749 /* NOTREACHED */
750 } else if (igi->igi_ifp != NULL) {
751 panic("%s: ifp not NULL for igi=%p", __func__, igi);
752 /* NOTREACHED */
753 } else if (!(igi->igi_debug & IFD_ALLOC)) {
754 panic("%s: igi %p cannot be freed", __func__, igi);
755 /* NOTREACHED */
756 } else if (igi->igi_refcnt != 0) {
757 panic("%s: non-zero refcnt igi=%p", __func__, igi);
758 /* NOTREACHED */
759 }
760 igi->igi_debug &= ~IFD_ALLOC;
761 IGI_UNLOCK(igi);
762
763 lck_mtx_destroy(&igi->igi_lock, igmp_mtx_grp);
764 zfree(igi_zone, igi);
765 }
766
767 void
768 igi_addref(struct igmp_ifinfo *igi, int locked)
769 {
770 if (!locked)
771 IGI_LOCK_SPIN(igi);
772 else
773 IGI_LOCK_ASSERT_HELD(igi);
774
775 if (++igi->igi_refcnt == 0) {
776 panic("%s: igi=%p wraparound refcnt", __func__, igi);
777 /* NOTREACHED */
778 }
779 if (!locked)
780 IGI_UNLOCK(igi);
781 }
782
783 void
784 igi_remref(struct igmp_ifinfo *igi)
785 {
786 SLIST_HEAD(, in_multi) inm_dthead;
787 struct ifnet *ifp;
788
789 IGI_LOCK_SPIN(igi);
790
791 if (igi->igi_refcnt == 0) {
792 panic("%s: igi=%p negative refcnt", __func__, igi);
793 /* NOTREACHED */
794 }
795
796 --igi->igi_refcnt;
797 if (igi->igi_refcnt > 0) {
798 IGI_UNLOCK(igi);
799 return;
800 }
801
802 ifp = igi->igi_ifp;
803 igi->igi_ifp = NULL;
804 IF_DRAIN(&igi->igi_gq);
805 IF_DRAIN(&igi->igi_v2q);
806 SLIST_INIT(&inm_dthead);
807 igmp_flush_relq(igi, (struct igmp_inm_relhead *)&inm_dthead);
808 VERIFY(SLIST_EMPTY(&igi->igi_relinmhead));
809 IGI_UNLOCK(igi);
810
811 /* Now that we're dropped all locks, release detached records */
812 IGMP_REMOVE_DETACHED_INM(&inm_dthead);
813
814 IGMP_PRINTF(("%s: freeing igmp_ifinfo for ifp 0x%llx(%s)\n",
815 __func__, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
816
817 igi_free(igi);
818 }
819
820 /*
821 * Process a received IGMPv1 query.
822 * Return non-zero if the message should be dropped.
823 */
824 static int
825 igmp_input_v1_query(struct ifnet *ifp, const struct ip *ip,
826 const struct igmp *igmp)
827 {
828 struct igmp_ifinfo *igi;
829 struct in_multi *inm;
830 struct in_multistep step;
831 struct igmp_tparams itp = { 0, 0, 0, 0 };
832
833 IGMP_LOCK_ASSERT_NOTHELD();
834
835 /*
836 * IGMPv1 Host Membership Queries SHOULD always be addressed to
837 * 224.0.0.1. They are always treated as General Queries.
838 * igmp_group is always ignored. Do not drop it as a userland
839 * daemon may wish to see it.
840 */
841 if (!in_allhosts(ip->ip_dst) || !in_nullhost(igmp->igmp_group)) {
842 IGMPSTAT_INC(igps_rcv_badqueries);
843 OIGMPSTAT_INC(igps_rcv_badqueries);
844 goto done;
845 }
846 IGMPSTAT_INC(igps_rcv_gen_queries);
847
848 igi = IGMP_IFINFO(ifp);
849 VERIFY(igi != NULL);
850
851 IGI_LOCK(igi);
852 if (igi->igi_flags & IGIF_LOOPBACK) {
853 IGMP_PRINTF(("%s: ignore v1 query on IGIF_LOOPBACK "
854 "ifp 0x%llx(%s)\n", __func__,
855 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
856 IGI_UNLOCK(igi);
857 goto done;
858 }
859 /*
860 * Switch to IGMPv1 host compatibility mode.
861 */
862 itp.qpt = igmp_set_version(igi, IGMP_VERSION_1);
863 IGI_UNLOCK(igi);
864
865 IGMP_PRINTF(("%s: process v1 query on ifp 0x%llx(%s)\n", __func__,
866 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
867
868 /*
869 * Start the timers in all of our group records
870 * for the interface on which the query arrived,
871 * except those which are already running.
872 */
873 in_multihead_lock_shared();
874 IN_FIRST_MULTI(step, inm);
875 while (inm != NULL) {
876 INM_LOCK(inm);
877 if (inm->inm_ifp != ifp || inm->inm_timer != 0)
878 goto next;
879
880 switch (inm->inm_state) {
881 case IGMP_NOT_MEMBER:
882 case IGMP_SILENT_MEMBER:
883 break;
884 case IGMP_G_QUERY_PENDING_MEMBER:
885 case IGMP_SG_QUERY_PENDING_MEMBER:
886 case IGMP_REPORTING_MEMBER:
887 case IGMP_IDLE_MEMBER:
888 case IGMP_LAZY_MEMBER:
889 case IGMP_SLEEPING_MEMBER:
890 case IGMP_AWAKENING_MEMBER:
891 inm->inm_state = IGMP_REPORTING_MEMBER;
892 inm->inm_timer = IGMP_RANDOM_DELAY(IGMP_V1V2_MAX_RI);
893 itp.cst = 1;
894 break;
895 case IGMP_LEAVING_MEMBER:
896 break;
897 }
898 next:
899 INM_UNLOCK(inm);
900 IN_NEXT_MULTI(step, inm);
901 }
902 in_multihead_lock_done();
903 done:
904 igmp_set_timeout(&itp);
905
906 return (0);
907 }
908
909 /*
910 * Process a received IGMPv2 general or group-specific query.
911 */
912 static int
913 igmp_input_v2_query(struct ifnet *ifp, const struct ip *ip,
914 const struct igmp *igmp)
915 {
916 struct igmp_ifinfo *igi;
917 struct in_multi *inm;
918 int is_general_query;
919 uint16_t timer;
920 struct igmp_tparams itp = { 0, 0, 0, 0 };
921
922 IGMP_LOCK_ASSERT_NOTHELD();
923
924 is_general_query = 0;
925
926 /*
927 * Validate address fields upfront.
928 */
929 if (in_nullhost(igmp->igmp_group)) {
930 /*
931 * IGMPv2 General Query.
932 * If this was not sent to the all-hosts group, ignore it.
933 */
934 if (!in_allhosts(ip->ip_dst))
935 goto done;
936 IGMPSTAT_INC(igps_rcv_gen_queries);
937 is_general_query = 1;
938 } else {
939 /* IGMPv2 Group-Specific Query. */
940 IGMPSTAT_INC(igps_rcv_group_queries);
941 }
942
943 igi = IGMP_IFINFO(ifp);
944 VERIFY(igi != NULL);
945
946 IGI_LOCK(igi);
947 if (igi->igi_flags & IGIF_LOOPBACK) {
948 IGMP_PRINTF(("%s: ignore v2 query on IGIF_LOOPBACK "
949 "ifp 0x%llx(%s)\n", __func__,
950 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
951 IGI_UNLOCK(igi);
952 goto done;
953 }
954 /*
955 * Ignore v2 query if in v1 Compatibility Mode.
956 */
957 if (igi->igi_version == IGMP_VERSION_1) {
958 IGI_UNLOCK(igi);
959 goto done;
960 }
961 itp.qpt = igmp_set_version(igi, IGMP_VERSION_2);
962 IGI_UNLOCK(igi);
963
964 timer = igmp->igmp_code / IGMP_TIMER_SCALE;
965 if (timer == 0)
966 timer = 1;
967
968 if (is_general_query) {
969 struct in_multistep step;
970
971 IGMP_PRINTF(("%s: process v2 general query on ifp 0x%llx(%s)\n",
972 __func__, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
973 /*
974 * For each reporting group joined on this
975 * interface, kick the report timer.
976 */
977 in_multihead_lock_shared();
978 IN_FIRST_MULTI(step, inm);
979 while (inm != NULL) {
980 INM_LOCK(inm);
981 if (inm->inm_ifp == ifp)
982 itp.cst += igmp_v2_update_group(inm, timer);
983 INM_UNLOCK(inm);
984 IN_NEXT_MULTI(step, inm);
985 }
986 in_multihead_lock_done();
987 } else {
988 /*
989 * Group-specific IGMPv2 query, we need only
990 * look up the single group to process it.
991 */
992 in_multihead_lock_shared();
993 IN_LOOKUP_MULTI(&igmp->igmp_group, ifp, inm);
994 in_multihead_lock_done();
995 if (inm != NULL) {
996 INM_LOCK(inm);
997 IGMP_INET_PRINTF(igmp->igmp_group,
998 ("process v2 query %s on ifp 0x%llx(%s)\n",
999 _igmp_inet_buf,
1000 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1001 itp.cst = igmp_v2_update_group(inm, timer);
1002 INM_UNLOCK(inm);
1003 INM_REMREF(inm); /* from IN_LOOKUP_MULTI */
1004 }
1005 }
1006 done:
1007 igmp_set_timeout(&itp);
1008
1009 return (0);
1010 }
1011
1012 /*
1013 * Update the report timer on a group in response to an IGMPv2 query.
1014 *
1015 * If we are becoming the reporting member for this group, start the timer.
1016 * If we already are the reporting member for this group, and timer is
1017 * below the threshold, reset it.
1018 *
1019 * We may be updating the group for the first time since we switched
1020 * to IGMPv3. If we are, then we must clear any recorded source lists,
1021 * and transition to REPORTING state; the group timer is overloaded
1022 * for group and group-source query responses.
1023 *
1024 * Unlike IGMPv3, the delay per group should be jittered
1025 * to avoid bursts of IGMPv2 reports.
1026 */
1027 static uint32_t
1028 igmp_v2_update_group(struct in_multi *inm, const int timer)
1029 {
1030
1031 IGMP_INET_PRINTF(inm->inm_addr, ("%s: %s/%s timer=%d\n",
1032 __func__, _igmp_inet_buf, if_name(inm->inm_ifp),
1033 timer));
1034
1035 INM_LOCK_ASSERT_HELD(inm);
1036
1037 switch (inm->inm_state) {
1038 case IGMP_NOT_MEMBER:
1039 case IGMP_SILENT_MEMBER:
1040 break;
1041 case IGMP_REPORTING_MEMBER:
1042 if (inm->inm_timer != 0 &&
1043 inm->inm_timer <= timer) {
1044 IGMP_PRINTF(("%s: REPORTING and timer running, "
1045 "skipping.\n", __func__));
1046 break;
1047 }
1048 /* FALLTHROUGH */
1049 case IGMP_SG_QUERY_PENDING_MEMBER:
1050 case IGMP_G_QUERY_PENDING_MEMBER:
1051 case IGMP_IDLE_MEMBER:
1052 case IGMP_LAZY_MEMBER:
1053 case IGMP_AWAKENING_MEMBER:
1054 IGMP_PRINTF(("%s: ->REPORTING\n", __func__));
1055 inm->inm_state = IGMP_REPORTING_MEMBER;
1056 inm->inm_timer = IGMP_RANDOM_DELAY(timer);
1057 break;
1058 case IGMP_SLEEPING_MEMBER:
1059 IGMP_PRINTF(("%s: ->AWAKENING\n", __func__));
1060 inm->inm_state = IGMP_AWAKENING_MEMBER;
1061 break;
1062 case IGMP_LEAVING_MEMBER:
1063 break;
1064 }
1065
1066 return (inm->inm_timer);
1067 }
1068
1069 /*
1070 * Process a received IGMPv3 general, group-specific or
1071 * group-and-source-specific query.
1072 * Assumes m has already been pulled up to the full IGMP message length.
1073 * Return 0 if successful, otherwise an appropriate error code is returned.
1074 */
1075 static int
1076 igmp_input_v3_query(struct ifnet *ifp, const struct ip *ip,
1077 /*const*/ struct igmpv3 *igmpv3)
1078 {
1079 struct igmp_ifinfo *igi;
1080 struct in_multi *inm;
1081 int is_general_query;
1082 uint32_t maxresp, nsrc, qqi;
1083 uint16_t timer;
1084 uint8_t qrv;
1085 struct igmp_tparams itp = { 0, 0, 0, 0 };
1086
1087 IGMP_LOCK_ASSERT_NOTHELD();
1088
1089 is_general_query = 0;
1090
1091 IGMP_PRINTF(("%s: process v3 query on ifp 0x%llx(%s)\n", __func__,
1092 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1093
1094 maxresp = igmpv3->igmp_code; /* in 1/10ths of a second */
1095 if (maxresp >= 128) {
1096 maxresp = IGMP_MANT(igmpv3->igmp_code) <<
1097 (IGMP_EXP(igmpv3->igmp_code) + 3);
1098 }
1099
1100 /*
1101 * Robustness must never be less than 2 for on-wire IGMPv3.
1102 * FUTURE: Check if ifp has IGIF_LOOPBACK set, as we will make
1103 * an exception for interfaces whose IGMPv3 state changes
1104 * are redirected to loopback (e.g. MANET).
1105 */
1106 qrv = IGMP_QRV(igmpv3->igmp_misc);
1107 if (qrv < 2) {
1108 IGMP_PRINTF(("%s: clamping qrv %d to %d\n", __func__,
1109 qrv, IGMP_RV_INIT));
1110 qrv = IGMP_RV_INIT;
1111 }
1112
1113 qqi = igmpv3->igmp_qqi;
1114 if (qqi >= 128) {
1115 qqi = IGMP_MANT(igmpv3->igmp_qqi) <<
1116 (IGMP_EXP(igmpv3->igmp_qqi) + 3);
1117 }
1118
1119 timer = maxresp / IGMP_TIMER_SCALE;
1120 if (timer == 0)
1121 timer = 1;
1122
1123 nsrc = ntohs(igmpv3->igmp_numsrc);
1124
1125 /*
1126 * Validate address fields and versions upfront before
1127 * accepting v3 query.
1128 */
1129 if (in_nullhost(igmpv3->igmp_group)) {
1130 /*
1131 * IGMPv3 General Query.
1132 *
1133 * General Queries SHOULD be directed to 224.0.0.1.
1134 * A general query with a source list has undefined
1135 * behaviour; discard it.
1136 */
1137 IGMPSTAT_INC(igps_rcv_gen_queries);
1138 if (!in_allhosts(ip->ip_dst) || nsrc > 0) {
1139 IGMPSTAT_INC(igps_rcv_badqueries);
1140 OIGMPSTAT_INC(igps_rcv_badqueries);
1141 goto done;
1142 }
1143 is_general_query = 1;
1144 } else {
1145 /* Group or group-source specific query. */
1146 if (nsrc == 0)
1147 IGMPSTAT_INC(igps_rcv_group_queries);
1148 else
1149 IGMPSTAT_INC(igps_rcv_gsr_queries);
1150 }
1151
1152 igi = IGMP_IFINFO(ifp);
1153 VERIFY(igi != NULL);
1154
1155 IGI_LOCK(igi);
1156 if (igi->igi_flags & IGIF_LOOPBACK) {
1157 IGMP_PRINTF(("%s: ignore v3 query on IGIF_LOOPBACK "
1158 "ifp 0x%llx(%s)\n", __func__,
1159 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1160 IGI_UNLOCK(igi);
1161 goto done;
1162 }
1163
1164 /*
1165 * Discard the v3 query if we're in Compatibility Mode.
1166 * The RFC is not obviously worded that hosts need to stay in
1167 * compatibility mode until the Old Version Querier Present
1168 * timer expires.
1169 */
1170 if (igi->igi_version != IGMP_VERSION_3) {
1171 IGMP_PRINTF(("%s: ignore v3 query in v%d mode on "
1172 "ifp 0x%llx(%s)\n", __func__, igi->igi_version,
1173 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1174 IGI_UNLOCK(igi);
1175 goto done;
1176 }
1177
1178 itp.qpt = igmp_set_version(igi, IGMP_VERSION_3);
1179 igi->igi_rv = qrv;
1180 igi->igi_qi = qqi;
1181 igi->igi_qri = MAX(timer, IGMP_QRI_MIN);
1182
1183 IGMP_PRINTF(("%s: qrv %d qi %d qri %d\n", __func__, igi->igi_rv,
1184 igi->igi_qi, igi->igi_qri));
1185
1186 if (is_general_query) {
1187 /*
1188 * Schedule a current-state report on this ifp for
1189 * all groups, possibly containing source lists.
1190 * If there is a pending General Query response
1191 * scheduled earlier than the selected delay, do
1192 * not schedule any other reports.
1193 * Otherwise, reset the interface timer.
1194 */
1195 IGMP_PRINTF(("%s: process v3 general query on ifp 0x%llx(%s)\n",
1196 __func__, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1197 if (igi->igi_v3_timer == 0 || igi->igi_v3_timer >= timer) {
1198 itp.it = igi->igi_v3_timer = IGMP_RANDOM_DELAY(timer);
1199 }
1200 IGI_UNLOCK(igi);
1201 } else {
1202 IGI_UNLOCK(igi);
1203 /*
1204 * Group-source-specific queries are throttled on
1205 * a per-group basis to defeat denial-of-service attempts.
1206 * Queries for groups we are not a member of on this
1207 * link are simply ignored.
1208 */
1209 in_multihead_lock_shared();
1210 IN_LOOKUP_MULTI(&igmpv3->igmp_group, ifp, inm);
1211 in_multihead_lock_done();
1212 if (inm == NULL)
1213 goto done;
1214
1215 INM_LOCK(inm);
1216 if (nsrc > 0) {
1217 if (!ratecheck(&inm->inm_lastgsrtv,
1218 &igmp_gsrdelay)) {
1219 IGMP_PRINTF(("%s: GS query throttled.\n",
1220 __func__));
1221 IGMPSTAT_INC(igps_drop_gsr_queries);
1222 INM_UNLOCK(inm);
1223 INM_REMREF(inm); /* from IN_LOOKUP_MULTI */
1224 goto done;
1225 }
1226 }
1227 IGMP_INET_PRINTF(igmpv3->igmp_group,
1228 ("process v3 %s query on ifp 0x%llx(%s)\n", _igmp_inet_buf,
1229 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1230 /*
1231 * If there is a pending General Query response
1232 * scheduled sooner than the selected delay, no
1233 * further report need be scheduled.
1234 * Otherwise, prepare to respond to the
1235 * group-specific or group-and-source query.
1236 */
1237 IGI_LOCK(igi);
1238 itp.it = igi->igi_v3_timer;
1239 IGI_UNLOCK(igi);
1240 if (itp.it == 0 || itp.it >= timer) {
1241 (void) igmp_input_v3_group_query(inm, timer, igmpv3);
1242 itp.cst = inm->inm_timer;
1243 }
1244 INM_UNLOCK(inm);
1245 INM_REMREF(inm); /* from IN_LOOKUP_MULTI */
1246 }
1247 done:
1248 if (itp.it > 0) {
1249 IGMP_PRINTF(("%s: v3 general query response scheduled in "
1250 "T+%d seconds on ifp 0x%llx(%s)\n", __func__, itp.it,
1251 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1252 }
1253 igmp_set_timeout(&itp);
1254
1255 return (0);
1256 }
1257
1258 /*
1259 * Process a recieved IGMPv3 group-specific or group-and-source-specific
1260 * query.
1261 * Return <0 if any error occured. Currently this is ignored.
1262 */
1263 static int
1264 igmp_input_v3_group_query(struct in_multi *inm,
1265 int timer, /*const*/ struct igmpv3 *igmpv3)
1266 {
1267 int retval;
1268 uint16_t nsrc;
1269
1270 INM_LOCK_ASSERT_HELD(inm);
1271
1272 retval = 0;
1273
1274 switch (inm->inm_state) {
1275 case IGMP_NOT_MEMBER:
1276 case IGMP_SILENT_MEMBER:
1277 case IGMP_SLEEPING_MEMBER:
1278 case IGMP_LAZY_MEMBER:
1279 case IGMP_AWAKENING_MEMBER:
1280 case IGMP_IDLE_MEMBER:
1281 case IGMP_LEAVING_MEMBER:
1282 return (retval);
1283 case IGMP_REPORTING_MEMBER:
1284 case IGMP_G_QUERY_PENDING_MEMBER:
1285 case IGMP_SG_QUERY_PENDING_MEMBER:
1286 break;
1287 }
1288
1289 nsrc = ntohs(igmpv3->igmp_numsrc);
1290
1291 /*
1292 * Deal with group-specific queries upfront.
1293 * If any group query is already pending, purge any recorded
1294 * source-list state if it exists, and schedule a query response
1295 * for this group-specific query.
1296 */
1297 if (nsrc == 0) {
1298 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER ||
1299 inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER) {
1300 inm_clear_recorded(inm);
1301 timer = min(inm->inm_timer, timer);
1302 }
1303 inm->inm_state = IGMP_G_QUERY_PENDING_MEMBER;
1304 inm->inm_timer = IGMP_RANDOM_DELAY(timer);
1305 return (retval);
1306 }
1307
1308 /*
1309 * Deal with the case where a group-and-source-specific query has
1310 * been received but a group-specific query is already pending.
1311 */
1312 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER) {
1313 timer = min(inm->inm_timer, timer);
1314 inm->inm_timer = IGMP_RANDOM_DELAY(timer);
1315 return (retval);
1316 }
1317
1318 /*
1319 * Finally, deal with the case where a group-and-source-specific
1320 * query has been received, where a response to a previous g-s-r
1321 * query exists, or none exists.
1322 * In this case, we need to parse the source-list which the Querier
1323 * has provided us with and check if we have any source list filter
1324 * entries at T1 for these sources. If we do not, there is no need
1325 * schedule a report and the query may be dropped.
1326 * If we do, we must record them and schedule a current-state
1327 * report for those sources.
1328 * FIXME: Handling source lists larger than 1 mbuf requires that
1329 * we pass the mbuf chain pointer down to this function, and use
1330 * m_getptr() to walk the chain.
1331 */
1332 if (inm->inm_nsrc > 0) {
1333 const struct in_addr *ap;
1334 int i, nrecorded;
1335
1336 ap = (const struct in_addr *)(igmpv3 + 1);
1337 nrecorded = 0;
1338 for (i = 0; i < nsrc; i++, ap++) {
1339 retval = inm_record_source(inm, ap->s_addr);
1340 if (retval < 0)
1341 break;
1342 nrecorded += retval;
1343 }
1344 if (nrecorded > 0) {
1345 IGMP_PRINTF(("%s: schedule response to SG query\n",
1346 __func__));
1347 inm->inm_state = IGMP_SG_QUERY_PENDING_MEMBER;
1348 inm->inm_timer = IGMP_RANDOM_DELAY(timer);
1349 }
1350 }
1351
1352 return (retval);
1353 }
1354
1355 /*
1356 * Process a received IGMPv1 host membership report.
1357 *
1358 * NOTE: 0.0.0.0 workaround breaks const correctness.
1359 */
1360 static int
1361 igmp_input_v1_report(struct ifnet *ifp, struct mbuf *m, /*const*/ struct ip *ip,
1362 /*const*/ struct igmp *igmp)
1363 {
1364 struct in_ifaddr *ia;
1365 struct in_multi *inm;
1366
1367 IGMPSTAT_INC(igps_rcv_reports);
1368 OIGMPSTAT_INC(igps_rcv_reports);
1369
1370 if ((ifp->if_flags & IFF_LOOPBACK) ||
1371 (m->m_pkthdr.pkt_flags & PKTF_LOOP))
1372 return (0);
1373
1374 if (!IN_MULTICAST(ntohl(igmp->igmp_group.s_addr) ||
1375 !in_hosteq(igmp->igmp_group, ip->ip_dst))) {
1376 IGMPSTAT_INC(igps_rcv_badreports);
1377 OIGMPSTAT_INC(igps_rcv_badreports);
1378 return (EINVAL);
1379 }
1380
1381 /*
1382 * RFC 3376, Section 4.2.13, 9.2, 9.3:
1383 * Booting clients may use the source address 0.0.0.0. Some
1384 * IGMP daemons may not know how to use IP_RECVIF to determine
1385 * the interface upon which this message was received.
1386 * Replace 0.0.0.0 with the subnet address if told to do so.
1387 */
1388 if (igmp_recvifkludge && in_nullhost(ip->ip_src)) {
1389 IFP_TO_IA(ifp, ia);
1390 if (ia != NULL) {
1391 IFA_LOCK(&ia->ia_ifa);
1392 ip->ip_src.s_addr = htonl(ia->ia_subnet);
1393 IFA_UNLOCK(&ia->ia_ifa);
1394 IFA_REMREF(&ia->ia_ifa);
1395 }
1396 }
1397
1398 IGMP_INET_PRINTF(igmp->igmp_group,
1399 ("process v1 report %s on ifp 0x%llx(%s)\n", _igmp_inet_buf,
1400 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1401
1402 /*
1403 * IGMPv1 report suppression.
1404 * If we are a member of this group, and our membership should be
1405 * reported, stop our group timer and transition to the 'lazy' state.
1406 */
1407 in_multihead_lock_shared();
1408 IN_LOOKUP_MULTI(&igmp->igmp_group, ifp, inm);
1409 in_multihead_lock_done();
1410 if (inm != NULL) {
1411 struct igmp_ifinfo *igi;
1412
1413 INM_LOCK(inm);
1414
1415 igi = inm->inm_igi;
1416 VERIFY(igi != NULL);
1417
1418 IGMPSTAT_INC(igps_rcv_ourreports);
1419 OIGMPSTAT_INC(igps_rcv_ourreports);
1420
1421 /*
1422 * If we are in IGMPv3 host mode, do not allow the
1423 * other host's IGMPv1 report to suppress our reports
1424 * unless explicitly configured to do so.
1425 */
1426 IGI_LOCK(igi);
1427 if (igi->igi_version == IGMP_VERSION_3) {
1428 if (igmp_legacysupp)
1429 igmp_v3_suppress_group_record(inm);
1430 IGI_UNLOCK(igi);
1431 INM_UNLOCK(inm);
1432 INM_REMREF(inm); /* from IN_LOOKUP_MULTI */
1433 return (0);
1434 }
1435
1436 INM_LOCK_ASSERT_HELD(inm);
1437 inm->inm_timer = 0;
1438
1439 switch (inm->inm_state) {
1440 case IGMP_NOT_MEMBER:
1441 case IGMP_SILENT_MEMBER:
1442 break;
1443 case IGMP_IDLE_MEMBER:
1444 case IGMP_LAZY_MEMBER:
1445 case IGMP_AWAKENING_MEMBER:
1446 IGMP_INET_PRINTF(igmp->igmp_group,
1447 ("report suppressed for %s on ifp 0x%llx(%s)\n",
1448 _igmp_inet_buf,
1449 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1450 case IGMP_SLEEPING_MEMBER:
1451 inm->inm_state = IGMP_SLEEPING_MEMBER;
1452 break;
1453 case IGMP_REPORTING_MEMBER:
1454 IGMP_INET_PRINTF(igmp->igmp_group,
1455 ("report suppressed for %s on ifp 0x%llx(%s)\n",
1456 _igmp_inet_buf,
1457 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1458 if (igi->igi_version == IGMP_VERSION_1)
1459 inm->inm_state = IGMP_LAZY_MEMBER;
1460 else if (igi->igi_version == IGMP_VERSION_2)
1461 inm->inm_state = IGMP_SLEEPING_MEMBER;
1462 break;
1463 case IGMP_G_QUERY_PENDING_MEMBER:
1464 case IGMP_SG_QUERY_PENDING_MEMBER:
1465 case IGMP_LEAVING_MEMBER:
1466 break;
1467 }
1468 IGI_UNLOCK(igi);
1469 INM_UNLOCK(inm);
1470 INM_REMREF(inm); /* from IN_LOOKUP_MULTI */
1471 }
1472
1473 return (0);
1474 }
1475
1476 /*
1477 * Process a received IGMPv2 host membership report.
1478 *
1479 * NOTE: 0.0.0.0 workaround breaks const correctness.
1480 */
1481 static int
1482 igmp_input_v2_report(struct ifnet *ifp, struct mbuf *m, /*const*/ struct ip *ip,
1483 /*const*/ struct igmp *igmp)
1484 {
1485 struct in_ifaddr *ia;
1486 struct in_multi *inm;
1487
1488 /*
1489 * Make sure we don't hear our own membership report. Fast
1490 * leave requires knowing that we are the only member of a
1491 * group.
1492 */
1493 IFP_TO_IA(ifp, ia);
1494 if (ia != NULL) {
1495 IFA_LOCK(&ia->ia_ifa);
1496 if (in_hosteq(ip->ip_src, IA_SIN(ia)->sin_addr)) {
1497 IFA_UNLOCK(&ia->ia_ifa);
1498 IFA_REMREF(&ia->ia_ifa);
1499 return (0);
1500 }
1501 IFA_UNLOCK(&ia->ia_ifa);
1502 }
1503
1504 IGMPSTAT_INC(igps_rcv_reports);
1505 OIGMPSTAT_INC(igps_rcv_reports);
1506
1507 if ((ifp->if_flags & IFF_LOOPBACK) ||
1508 (m->m_pkthdr.pkt_flags & PKTF_LOOP)) {
1509 if (ia != NULL)
1510 IFA_REMREF(&ia->ia_ifa);
1511 return (0);
1512 }
1513
1514 if (!IN_MULTICAST(ntohl(igmp->igmp_group.s_addr)) ||
1515 !in_hosteq(igmp->igmp_group, ip->ip_dst)) {
1516 if (ia != NULL)
1517 IFA_REMREF(&ia->ia_ifa);
1518 IGMPSTAT_INC(igps_rcv_badreports);
1519 OIGMPSTAT_INC(igps_rcv_badreports);
1520 return (EINVAL);
1521 }
1522
1523 /*
1524 * RFC 3376, Section 4.2.13, 9.2, 9.3:
1525 * Booting clients may use the source address 0.0.0.0. Some
1526 * IGMP daemons may not know how to use IP_RECVIF to determine
1527 * the interface upon which this message was received.
1528 * Replace 0.0.0.0 with the subnet address if told to do so.
1529 */
1530 if (igmp_recvifkludge && in_nullhost(ip->ip_src)) {
1531 if (ia != NULL) {
1532 IFA_LOCK(&ia->ia_ifa);
1533 ip->ip_src.s_addr = htonl(ia->ia_subnet);
1534 IFA_UNLOCK(&ia->ia_ifa);
1535 }
1536 }
1537 if (ia != NULL)
1538 IFA_REMREF(&ia->ia_ifa);
1539
1540 IGMP_INET_PRINTF(igmp->igmp_group,
1541 ("process v2 report %s on ifp 0x%llx(%s)\n", _igmp_inet_buf,
1542 (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1543
1544 /*
1545 * IGMPv2 report suppression.
1546 * If we are a member of this group, and our membership should be
1547 * reported, and our group timer is pending or about to be reset,
1548 * stop our group timer by transitioning to the 'lazy' state.
1549 */
1550 in_multihead_lock_shared();
1551 IN_LOOKUP_MULTI(&igmp->igmp_group, ifp, inm);
1552 in_multihead_lock_done();
1553 if (inm != NULL) {
1554 struct igmp_ifinfo *igi;
1555
1556 INM_LOCK(inm);
1557 igi = inm->inm_igi;
1558 VERIFY(igi != NULL);
1559
1560 IGMPSTAT_INC(igps_rcv_ourreports);
1561 OIGMPSTAT_INC(igps_rcv_ourreports);
1562
1563 /*
1564 * If we are in IGMPv3 host mode, do not allow the
1565 * other host's IGMPv1 report to suppress our reports
1566 * unless explicitly configured to do so.
1567 */
1568 IGI_LOCK(igi);
1569 if (igi->igi_version == IGMP_VERSION_3) {
1570 if (igmp_legacysupp)
1571 igmp_v3_suppress_group_record(inm);
1572 IGI_UNLOCK(igi);
1573 INM_UNLOCK(inm);
1574 INM_REMREF(inm);
1575 return (0);
1576 }
1577
1578 inm->inm_timer = 0;
1579
1580 switch (inm->inm_state) {
1581 case IGMP_NOT_MEMBER:
1582 case IGMP_SILENT_MEMBER:
1583 case IGMP_SLEEPING_MEMBER:
1584 break;
1585 case IGMP_REPORTING_MEMBER:
1586 case IGMP_IDLE_MEMBER:
1587 case IGMP_AWAKENING_MEMBER:
1588 IGMP_INET_PRINTF(igmp->igmp_group,
1589 ("report suppressed for %s on ifp 0x%llx(%s)\n",
1590 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp),
1591 if_name(ifp)));
1592 case IGMP_LAZY_MEMBER:
1593 inm->inm_state = IGMP_LAZY_MEMBER;
1594 break;
1595 case IGMP_G_QUERY_PENDING_MEMBER:
1596 case IGMP_SG_QUERY_PENDING_MEMBER:
1597 case IGMP_LEAVING_MEMBER:
1598 break;
1599 }
1600 IGI_UNLOCK(igi);
1601 INM_UNLOCK(inm);
1602 INM_REMREF(inm);
1603 }
1604
1605 return (0);
1606 }
1607
1608 void
1609 igmp_input(struct mbuf *m, int off)
1610 {
1611 int iphlen;
1612 struct ifnet *ifp;
1613 struct igmp *igmp;
1614 struct ip *ip;
1615 int igmplen;
1616 int minlen;
1617 int queryver;
1618
1619 IGMP_PRINTF(("%s: called w/mbuf (0x%llx,%d)\n", __func__,
1620 (uint64_t)VM_KERNEL_ADDRPERM(m), off));
1621
1622 ifp = m->m_pkthdr.rcvif;
1623
1624 IGMPSTAT_INC(igps_rcv_total);
1625 OIGMPSTAT_INC(igps_rcv_total);
1626
1627 /* Expect 32-bit aligned data pointer on strict-align platforms */
1628 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
1629
1630 ip = mtod(m, struct ip *);
1631 iphlen = off;
1632
1633 /* By now, ip_len no longer contains the length of IP header */
1634 igmplen = ip->ip_len;
1635
1636 /*
1637 * Validate lengths.
1638 */
1639 if (igmplen < IGMP_MINLEN) {
1640 IGMPSTAT_INC(igps_rcv_tooshort);
1641 OIGMPSTAT_INC(igps_rcv_tooshort);
1642 m_freem(m);
1643 return;
1644 }
1645
1646 /*
1647 * Always pullup to the minimum size for v1/v2 or v3
1648 * to amortize calls to m_pulldown().
1649 */
1650 if (igmplen >= IGMP_V3_QUERY_MINLEN)
1651 minlen = IGMP_V3_QUERY_MINLEN;
1652 else
1653 minlen = IGMP_MINLEN;
1654
1655 /* A bit more expensive than M_STRUCT_GET, but ensures alignment */
1656 M_STRUCT_GET0(igmp, struct igmp *, m, off, minlen);
1657 if (igmp == NULL) {
1658 IGMPSTAT_INC(igps_rcv_tooshort);
1659 OIGMPSTAT_INC(igps_rcv_tooshort);
1660 return;
1661 }
1662 /* N.B.: we assume the packet was correctly aligned in ip_input. */
1663
1664 /*
1665 * Validate checksum.
1666 */
1667 m->m_data += iphlen;
1668 m->m_len -= iphlen;
1669 if (in_cksum(m, igmplen)) {
1670 IGMPSTAT_INC(igps_rcv_badsum);
1671 OIGMPSTAT_INC(igps_rcv_badsum);
1672 m_freem(m);
1673 return;
1674 }
1675 m->m_data -= iphlen;
1676 m->m_len += iphlen;
1677
1678 /*
1679 * IGMP control traffic is link-scope, and must have a TTL of 1.
1680 * DVMRP traffic (e.g. mrinfo, mtrace) is an exception;
1681 * probe packets may come from beyond the LAN.
1682 */
1683 if (igmp->igmp_type != IGMP_DVMRP && ip->ip_ttl != 1) {
1684 IGMPSTAT_INC(igps_rcv_badttl);
1685 m_freem(m);
1686 return;
1687 }
1688
1689 switch (igmp->igmp_type) {
1690 case IGMP_HOST_MEMBERSHIP_QUERY:
1691 if (igmplen == IGMP_MINLEN) {
1692 if (igmp->igmp_code == 0)
1693 queryver = IGMP_VERSION_1;
1694 else
1695 queryver = IGMP_VERSION_2;
1696 } else if (igmplen >= IGMP_V3_QUERY_MINLEN) {
1697 queryver = IGMP_VERSION_3;
1698 } else {
1699 IGMPSTAT_INC(igps_rcv_tooshort);
1700 OIGMPSTAT_INC(igps_rcv_tooshort);
1701 m_freem(m);
1702 return;
1703 }
1704
1705 OIGMPSTAT_INC(igps_rcv_queries);
1706
1707 switch (queryver) {
1708 case IGMP_VERSION_1:
1709 IGMPSTAT_INC(igps_rcv_v1v2_queries);
1710 if (!igmp_v1enable)
1711 break;
1712 if (igmp_input_v1_query(ifp, ip, igmp) != 0) {
1713 m_freem(m);
1714 return;
1715 }
1716 break;
1717
1718 case IGMP_VERSION_2:
1719 IGMPSTAT_INC(igps_rcv_v1v2_queries);
1720 if (!igmp_v2enable)
1721 break;
1722 if (igmp_input_v2_query(ifp, ip, igmp) != 0) {
1723 m_freem(m);
1724 return;
1725 }
1726 break;
1727
1728 case IGMP_VERSION_3: {
1729 struct igmpv3 *igmpv3;
1730 uint16_t igmpv3len;
1731 uint16_t srclen;
1732 int nsrc;
1733
1734 IGMPSTAT_INC(igps_rcv_v3_queries);
1735 igmpv3 = (struct igmpv3 *)igmp;
1736 /*
1737 * Validate length based on source count.
1738 */
1739 nsrc = ntohs(igmpv3->igmp_numsrc);
1740 srclen = sizeof(struct in_addr) * nsrc;
1741 if (igmplen < (IGMP_V3_QUERY_MINLEN + srclen)) {
1742 IGMPSTAT_INC(igps_rcv_tooshort);
1743 OIGMPSTAT_INC(igps_rcv_tooshort);
1744 m_freem(m);
1745 return;
1746 }
1747 igmpv3len = IGMP_V3_QUERY_MINLEN + srclen;
1748 /*
1749 * A bit more expensive than M_STRUCT_GET,
1750 * but ensures alignment.
1751 */
1752 M_STRUCT_GET0(igmpv3, struct igmpv3 *, m,
1753 off, igmpv3len);
1754 if (igmpv3 == NULL) {
1755 IGMPSTAT_INC(igps_rcv_tooshort);
1756 OIGMPSTAT_INC(igps_rcv_tooshort);
1757 return;
1758 }
1759 /*
1760 * N.B.: we assume the packet was correctly
1761 * aligned in ip_input.
1762 */
1763 if (igmp_input_v3_query(ifp, ip, igmpv3) != 0) {
1764 m_freem(m);
1765 return;
1766 }
1767 }
1768 break;
1769 }
1770 break;
1771
1772 case IGMP_v1_HOST_MEMBERSHIP_REPORT:
1773 if (!igmp_v1enable)
1774 break;
1775 if (igmp_input_v1_report(ifp, m, ip, igmp) != 0) {
1776 m_freem(m);
1777 return;
1778 }
1779 break;
1780
1781 case IGMP_v2_HOST_MEMBERSHIP_REPORT:
1782 if (!igmp_v2enable)
1783 break;
1784 if (!ip_checkrouteralert(m))
1785 IGMPSTAT_INC(igps_rcv_nora);
1786 if (igmp_input_v2_report(ifp, m, ip, igmp) != 0) {
1787 m_freem(m);
1788 return;
1789 }
1790 break;
1791
1792 case IGMP_v3_HOST_MEMBERSHIP_REPORT:
1793 /*
1794 * Hosts do not need to process IGMPv3 membership reports,
1795 * as report suppression is no longer required.
1796 */
1797 if (!ip_checkrouteralert(m))
1798 IGMPSTAT_INC(igps_rcv_nora);
1799 break;
1800
1801 default:
1802 break;
1803 }
1804
1805 IGMP_LOCK_ASSERT_NOTHELD();
1806 /*
1807 * Pass all valid IGMP packets up to any process(es) listening on a
1808 * raw IGMP socket.
1809 */
1810 rip_input(m, off);
1811 }
1812
1813 /*
1814 * Schedule IGMP timer based on various parameters; caller must ensure that
1815 * lock ordering is maintained as this routine acquires IGMP global lock.
1816 */
1817 void
1818 igmp_set_timeout(struct igmp_tparams *itp)
1819 {
1820 IGMP_LOCK_ASSERT_NOTHELD();
1821 VERIFY(itp != NULL);
1822
1823 if (itp->qpt != 0 || itp->it != 0 || itp->cst != 0 || itp->sct != 0) {
1824 IGMP_LOCK();
1825 if (itp->qpt != 0)
1826 querier_present_timers_running = 1;
1827 if (itp->it != 0)
1828 interface_timers_running = 1;
1829 if (itp->cst != 0)
1830 current_state_timers_running = 1;
1831 if (itp->sct != 0)
1832 state_change_timers_running = 1;
1833 igmp_sched_timeout();
1834 IGMP_UNLOCK();
1835 }
1836 }
1837
1838 /*
1839 * IGMP timer handler (per 1 second).
1840 */
1841 static void
1842 igmp_timeout(void *arg)
1843 {
1844 #pragma unused(arg)
1845 struct ifqueue scq; /* State-change packets */
1846 struct ifqueue qrq; /* Query response packets */
1847 struct ifnet *ifp;
1848 struct igmp_ifinfo *igi;
1849 struct in_multi *inm;
1850 int loop = 0, uri_sec = 0;
1851 SLIST_HEAD(, in_multi) inm_dthead;
1852
1853 SLIST_INIT(&inm_dthead);
1854
1855 /*
1856 * Update coarse-grained networking timestamp (in sec.); the idea
1857 * is to piggy-back on the timeout callout to update the counter
1858 * returnable via net_uptime().
1859 */
1860 net_update_uptime();
1861
1862 IGMP_LOCK();
1863
1864 IGMP_PRINTF(("%s: qpt %d, it %d, cst %d, sct %d\n", __func__,
1865 querier_present_timers_running, interface_timers_running,
1866 current_state_timers_running, state_change_timers_running));
1867
1868 /*
1869 * IGMPv1/v2 querier present timer processing.
1870 */
1871 if (querier_present_timers_running) {
1872 querier_present_timers_running = 0;
1873 LIST_FOREACH(igi, &igi_head, igi_link) {
1874 IGI_LOCK(igi);
1875 igmp_v1v2_process_querier_timers(igi);
1876 if (igi->igi_v1_timer > 0 || igi->igi_v2_timer > 0)
1877 querier_present_timers_running = 1;
1878 IGI_UNLOCK(igi);
1879 }
1880 }
1881
1882 /*
1883 * IGMPv3 General Query response timer processing.
1884 */
1885 if (interface_timers_running) {
1886 IGMP_PRINTF(("%s: interface timers running\n", __func__));
1887 interface_timers_running = 0;
1888 LIST_FOREACH(igi, &igi_head, igi_link) {
1889 IGI_LOCK(igi);
1890 if (igi->igi_v3_timer == 0) {
1891 /* Do nothing. */
1892 } else if (--igi->igi_v3_timer == 0) {
1893 if (igmp_v3_dispatch_general_query(igi) > 0)
1894 interface_timers_running = 1;
1895 } else {
1896 interface_timers_running = 1;
1897 }
1898 IGI_UNLOCK(igi);
1899 }
1900 }
1901
1902 if (!current_state_timers_running &&
1903 !state_change_timers_running)
1904 goto out_locked;
1905
1906 current_state_timers_running = 0;
1907 state_change_timers_running = 0;
1908
1909 memset(&qrq, 0, sizeof(struct ifqueue));
1910 qrq.ifq_maxlen = IGMP_MAX_G_GS_PACKETS;
1911
1912 memset(&scq, 0, sizeof(struct ifqueue));
1913 scq.ifq_maxlen = IGMP_MAX_STATE_CHANGE_PACKETS;
1914
1915 IGMP_PRINTF(("%s: state change timers running\n", __func__));
1916
1917 /*
1918 * IGMPv1/v2/v3 host report and state-change timer processing.
1919 * Note: Processing a v3 group timer may remove a node.
1920 */
1921 LIST_FOREACH(igi, &igi_head, igi_link) {
1922 struct in_multistep step;
1923
1924 IGI_LOCK(igi);
1925 ifp = igi->igi_ifp;
1926 loop = (igi->igi_flags & IGIF_LOOPBACK) ? 1 : 0;
1927 uri_sec = IGMP_RANDOM_DELAY(igi->igi_uri);
1928 IGI_UNLOCK(igi);
1929
1930 in_multihead_lock_shared();
1931 IN_FIRST_MULTI(step, inm);
1932 while (inm != NULL) {
1933 INM_LOCK(inm);
1934 if (inm->inm_ifp != ifp)
1935 goto next;
1936
1937 IGI_LOCK(igi);
1938 switch (igi->igi_version) {
1939 case IGMP_VERSION_1:
1940 case IGMP_VERSION_2:
1941 igmp_v1v2_process_group_timer(inm,
1942 igi->igi_version);
1943 break;
1944 case IGMP_VERSION_3:
1945 igmp_v3_process_group_timers(igi, &qrq,
1946 &scq, inm, uri_sec);
1947 break;
1948 }
1949 IGI_UNLOCK(igi);
1950 next:
1951 INM_UNLOCK(inm);
1952 IN_NEXT_MULTI(step, inm);
1953 }
1954 in_multihead_lock_done();
1955
1956 IGI_LOCK(igi);
1957 if (igi->igi_version == IGMP_VERSION_1 ||
1958 igi->igi_version == IGMP_VERSION_2) {
1959 igmp_dispatch_queue(igi, &igi->igi_v2q, 0, loop);
1960 } else if (igi->igi_version == IGMP_VERSION_3) {
1961 IGI_UNLOCK(igi);
1962 igmp_dispatch_queue(NULL, &qrq, 0, loop);
1963 igmp_dispatch_queue(NULL, &scq, 0, loop);
1964 VERIFY(qrq.ifq_len == 0);
1965 VERIFY(scq.ifq_len == 0);
1966 IGI_LOCK(igi);
1967 }
1968 /*
1969 * In case there are still any pending membership reports
1970 * which didn't get drained at version change time.
1971 */
1972 IF_DRAIN(&igi->igi_v2q);
1973 /*
1974 * Release all deferred inm records, and drain any locally
1975 * enqueued packets; do it even if the current IGMP version
1976 * for the link is no longer IGMPv3, in order to handle the
1977 * version change case.
1978 */
1979 igmp_flush_relq(igi, (struct igmp_inm_relhead *)&inm_dthead);
1980 VERIFY(SLIST_EMPTY(&igi->igi_relinmhead));
1981 IGI_UNLOCK(igi);
1982
1983 IF_DRAIN(&qrq);
1984 IF_DRAIN(&scq);
1985 }
1986
1987 out_locked:
1988 /* re-arm the timer if there's work to do */
1989 igmp_timeout_run = 0;
1990 igmp_sched_timeout();
1991 IGMP_UNLOCK();
1992
1993 /* Now that we're dropped all locks, release detached records */
1994 IGMP_REMOVE_DETACHED_INM(&inm_dthead);
1995 }
1996
1997 static void
1998 igmp_sched_timeout(void)
1999 {
2000 IGMP_LOCK_ASSERT_HELD();
2001
2002 if (!igmp_timeout_run &&
2003 (querier_present_timers_running || current_state_timers_running ||
2004 interface_timers_running || state_change_timers_running)) {
2005 igmp_timeout_run = 1;
2006 timeout(igmp_timeout, NULL, hz);
2007 }
2008 }
2009
2010 /*
2011 * Free the in_multi reference(s) for this IGMP lifecycle.
2012 *
2013 * Caller must be holding igi_lock.
2014 */
2015 static void
2016 igmp_flush_relq(struct igmp_ifinfo *igi, struct igmp_inm_relhead *inm_dthead)
2017 {
2018 struct in_multi *inm;
2019
2020 again:
2021 IGI_LOCK_ASSERT_HELD(igi);
2022 inm = SLIST_FIRST(&igi->igi_relinmhead);
2023 if (inm != NULL) {
2024 int lastref;
2025
2026 SLIST_REMOVE_HEAD(&igi->igi_relinmhead, inm_nrele);
2027 IGI_UNLOCK(igi);
2028
2029 in_multihead_lock_exclusive();
2030 INM_LOCK(inm);
2031 VERIFY(inm->inm_nrelecnt != 0);
2032 inm->inm_nrelecnt--;
2033 lastref = in_multi_detach(inm);
2034 VERIFY(!lastref || (!(inm->inm_debug & IFD_ATTACHED) &&
2035 inm->inm_reqcnt == 0));
2036 INM_UNLOCK(inm);
2037 in_multihead_lock_done();
2038 /* from igi_relinmhead */
2039 INM_REMREF(inm);
2040 /* from in_multihead list */
2041 if (lastref) {
2042 /*
2043 * Defer releasing our final reference, as we
2044 * are holding the IGMP lock at this point, and
2045 * we could end up with locking issues later on
2046 * (while issuing SIOCDELMULTI) when this is the
2047 * final reference count. Let the caller do it
2048 * when it is safe.
2049 */
2050 IGMP_ADD_DETACHED_INM(inm_dthead, inm);
2051 }
2052 IGI_LOCK(igi);
2053 goto again;
2054 }
2055 }
2056
2057 /*
2058 * Update host report group timer for IGMPv1/v2.
2059 * Will update the global pending timer flags.
2060 */
2061 static void
2062 igmp_v1v2_process_group_timer(struct in_multi *inm, const int igmp_version)
2063 {
2064 int report_timer_expired;
2065
2066 IGMP_LOCK_ASSERT_HELD();
2067 INM_LOCK_ASSERT_HELD(inm);
2068 IGI_LOCK_ASSERT_HELD(inm->inm_igi);
2069
2070 if (inm->inm_timer == 0) {
2071 report_timer_expired = 0;
2072 } else if (--inm->inm_timer == 0) {
2073 report_timer_expired = 1;
2074 } else {
2075 current_state_timers_running = 1;
2076 /* caller will schedule timer */
2077 return;
2078 }
2079
2080 switch (inm->inm_state) {
2081 case IGMP_NOT_MEMBER:
2082 case IGMP_SILENT_MEMBER:
2083 case IGMP_IDLE_MEMBER:
2084 case IGMP_LAZY_MEMBER:
2085 case IGMP_SLEEPING_MEMBER:
2086 case IGMP_AWAKENING_MEMBER:
2087 break;
2088 case IGMP_REPORTING_MEMBER:
2089 if (report_timer_expired) {
2090 inm->inm_state = IGMP_IDLE_MEMBER;
2091 (void) igmp_v1v2_queue_report(inm,
2092 (igmp_version == IGMP_VERSION_2) ?
2093 IGMP_v2_HOST_MEMBERSHIP_REPORT :
2094 IGMP_v1_HOST_MEMBERSHIP_REPORT);
2095 INM_LOCK_ASSERT_HELD(inm);
2096 IGI_LOCK_ASSERT_HELD(inm->inm_igi);
2097 }
2098 break;
2099 case IGMP_G_QUERY_PENDING_MEMBER:
2100 case IGMP_SG_QUERY_PENDING_MEMBER:
2101 case IGMP_LEAVING_MEMBER:
2102 break;
2103 }
2104 }
2105
2106 /*
2107 * Update a group's timers for IGMPv3.
2108 * Will update the global pending timer flags.
2109 * Note: Unlocked read from igi.
2110 */
2111 static void
2112 igmp_v3_process_group_timers(struct igmp_ifinfo *igi,
2113 struct ifqueue *qrq, struct ifqueue *scq,
2114 struct in_multi *inm, const int uri_sec)
2115 {
2116 int query_response_timer_expired;
2117 int state_change_retransmit_timer_expired;
2118
2119 IGMP_LOCK_ASSERT_HELD();
2120 INM_LOCK_ASSERT_HELD(inm);
2121 IGI_LOCK_ASSERT_HELD(igi);
2122 VERIFY(igi == inm->inm_igi);
2123
2124 query_response_timer_expired = 0;
2125 state_change_retransmit_timer_expired = 0;
2126
2127 /*
2128 * During a transition from v1/v2 compatibility mode back to v3,
2129 * a group record in REPORTING state may still have its group
2130 * timer active. This is a no-op in this function; it is easier
2131 * to deal with it here than to complicate the timeout path.
2132 */
2133 if (inm->inm_timer == 0) {
2134 query_response_timer_expired = 0;
2135 } else if (--inm->inm_timer == 0) {
2136 query_response_timer_expired = 1;
2137 } else {
2138 current_state_timers_running = 1;
2139 /* caller will schedule timer */
2140 }
2141
2142 if (inm->inm_sctimer == 0) {
2143 state_change_retransmit_timer_expired = 0;
2144 } else if (--inm->inm_sctimer == 0) {
2145 state_change_retransmit_timer_expired = 1;
2146 } else {
2147 state_change_timers_running = 1;
2148 /* caller will schedule timer */
2149 }
2150
2151 /* We are in timer callback, so be quick about it. */
2152 if (!state_change_retransmit_timer_expired &&
2153 !query_response_timer_expired)
2154 return;
2155
2156 switch (inm->inm_state) {
2157 case IGMP_NOT_MEMBER:
2158 case IGMP_SILENT_MEMBER:
2159 case IGMP_SLEEPING_MEMBER:
2160 case IGMP_LAZY_MEMBER:
2161 case IGMP_AWAKENING_MEMBER:
2162 case IGMP_IDLE_MEMBER:
2163 break;
2164 case IGMP_G_QUERY_PENDING_MEMBER:
2165 case IGMP_SG_QUERY_PENDING_MEMBER:
2166 /*
2167 * Respond to a previously pending Group-Specific
2168 * or Group-and-Source-Specific query by enqueueing
2169 * the appropriate Current-State report for
2170 * immediate transmission.
2171 */
2172 if (query_response_timer_expired) {
2173 int retval;
2174
2175 retval = igmp_v3_enqueue_group_record(qrq, inm, 0, 1,
2176 (inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER));
2177 IGMP_PRINTF(("%s: enqueue record = %d\n",
2178 __func__, retval));
2179 inm->inm_state = IGMP_REPORTING_MEMBER;
2180 /* XXX Clear recorded sources for next time. */
2181 inm_clear_recorded(inm);
2182 }
2183 /* FALLTHROUGH */
2184 case IGMP_REPORTING_MEMBER:
2185 case IGMP_LEAVING_MEMBER:
2186 if (state_change_retransmit_timer_expired) {
2187 /*
2188 * State-change retransmission timer fired.
2189 * If there are any further pending retransmissions,
2190 * set the global pending state-change flag, and
2191 * reset the timer.
2192 */
2193 if (--inm->inm_scrv > 0) {
2194 inm->inm_sctimer = uri_sec;
2195 state_change_timers_running = 1;
2196 /* caller will schedule timer */
2197 }
2198 /*
2199 * Retransmit the previously computed state-change
2200 * report. If there are no further pending
2201 * retransmissions, the mbuf queue will be consumed.
2202 * Update T0 state to T1 as we have now sent
2203 * a state-change.
2204 */
2205 (void) igmp_v3_merge_state_changes(inm, scq);
2206
2207 inm_commit(inm);
2208 IGMP_INET_PRINTF(inm->inm_addr,
2209 ("%s: T1 -> T0 for %s/%s\n", __func__,
2210 _igmp_inet_buf, if_name(inm->inm_ifp)));
2211
2212 /*
2213 * If we are leaving the group for good, make sure
2214 * we release IGMP's reference to it.
2215 * This release must be deferred using a SLIST,
2216 * as we are called from a loop which traverses
2217 * the in_multihead list.
2218 */
2219 if (inm->inm_state == IGMP_LEAVING_MEMBER &&
2220 inm->inm_scrv == 0) {
2221 inm->inm_state = IGMP_NOT_MEMBER;
2222 /*
2223 * A reference has already been held in
2224 * igmp_final_leave() for this inm, so
2225 * no need to hold another one. We also
2226 * bumped up its request count then, so
2227 * that it stays in in_multihead. Both
2228 * of them will be released when it is
2229 * dequeued later on.
2230 */
2231 VERIFY(inm->inm_nrelecnt != 0);
2232 SLIST_INSERT_HEAD(&igi->igi_relinmhead,
2233 inm, inm_nrele);
2234 }
2235 }
2236 break;
2237 }
2238 }
2239
2240 /*
2241 * Suppress a group's pending response to a group or source/group query.
2242 *
2243 * Do NOT suppress state changes. This leads to IGMPv3 inconsistency.
2244 * Do NOT update ST1/ST0 as this operation merely suppresses
2245 * the currently pending group record.
2246 * Do NOT suppress the response to a general query. It is possible but
2247 * it would require adding another state or flag.
2248 */
2249 static void
2250 igmp_v3_suppress_group_record(struct in_multi *inm)
2251 {
2252
2253 INM_LOCK_ASSERT_HELD(inm);
2254 IGI_LOCK_ASSERT_HELD(inm->inm_igi);
2255
2256 VERIFY(inm->inm_igi->igi_version == IGMP_VERSION_3);
2257
2258 if (inm->inm_state != IGMP_G_QUERY_PENDING_MEMBER ||
2259 inm->inm_state != IGMP_SG_QUERY_PENDING_MEMBER)
2260 return;
2261
2262 if (inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER)
2263 inm_clear_recorded(inm);
2264
2265 inm->inm_timer = 0;
2266 inm->inm_state = IGMP_REPORTING_MEMBER;
2267 }
2268
2269 /*
2270 * Switch to a different IGMP version on the given interface,
2271 * as per Section 7.2.1.
2272 */
2273 static uint32_t
2274 igmp_set_version(struct igmp_ifinfo *igi, const int igmp_version)
2275 {
2276 int old_version_timer;
2277
2278 IGI_LOCK_ASSERT_HELD(igi);
2279
2280 IGMP_PRINTF(("%s: switching to v%d on ifp 0x%llx(%s)\n", __func__,
2281 igmp_version, (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2282 if_name(igi->igi_ifp)));
2283
2284 if (igmp_version == IGMP_VERSION_1 || igmp_version == IGMP_VERSION_2) {
2285 /*
2286 * Compute the "Older Version Querier Present" timer as per
2287 * Section 8.12, in seconds.
2288 */
2289 old_version_timer = igi->igi_rv * igi->igi_qi + igi->igi_qri;
2290
2291 if (igmp_version == IGMP_VERSION_1) {
2292 igi->igi_v1_timer = old_version_timer;
2293 igi->igi_v2_timer = 0;
2294 } else if (igmp_version == IGMP_VERSION_2) {
2295 igi->igi_v1_timer = 0;
2296 igi->igi_v2_timer = old_version_timer;
2297 }
2298 }
2299
2300 if (igi->igi_v1_timer == 0 && igi->igi_v2_timer > 0) {
2301 if (igi->igi_version != IGMP_VERSION_2) {
2302 igi->igi_version = IGMP_VERSION_2;
2303 igmp_v3_cancel_link_timers(igi);
2304 }
2305 } else if (igi->igi_v1_timer > 0) {
2306 if (igi->igi_version != IGMP_VERSION_1) {
2307 igi->igi_version = IGMP_VERSION_1;
2308 igmp_v3_cancel_link_timers(igi);
2309 }
2310 }
2311
2312 IGI_LOCK_ASSERT_HELD(igi);
2313
2314 return (MAX(igi->igi_v1_timer, igi->igi_v2_timer));
2315 }
2316
2317 /*
2318 * Cancel pending IGMPv3 timers for the given link and all groups
2319 * joined on it; state-change, general-query, and group-query timers.
2320 *
2321 * Only ever called on a transition from v3 to Compatibility mode. Kill
2322 * the timers stone dead (this may be expensive for large N groups), they
2323 * will be restarted if Compatibility Mode deems that they must be due to
2324 * query processing.
2325 */
2326 static void
2327 igmp_v3_cancel_link_timers(struct igmp_ifinfo *igi)
2328 {
2329 struct ifnet *ifp;
2330 struct in_multi *inm;
2331 struct in_multistep step;
2332
2333 IGI_LOCK_ASSERT_HELD(igi);
2334
2335 IGMP_PRINTF(("%s: cancel v3 timers on ifp 0x%llx(%s)\n", __func__,
2336 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp), if_name(igi->igi_ifp)));
2337
2338 /*
2339 * Stop the v3 General Query Response on this link stone dead.
2340 * If timer is woken up due to interface_timers_running,
2341 * the flag will be cleared if there are no pending link timers.
2342 */
2343 igi->igi_v3_timer = 0;
2344
2345 /*
2346 * Now clear the current-state and state-change report timers
2347 * for all memberships scoped to this link.
2348 */
2349 ifp = igi->igi_ifp;
2350 IGI_UNLOCK(igi);
2351
2352 in_multihead_lock_shared();
2353 IN_FIRST_MULTI(step, inm);
2354 while (inm != NULL) {
2355 INM_LOCK(inm);
2356 if (inm->inm_ifp != ifp)
2357 goto next;
2358
2359 switch (inm->inm_state) {
2360 case IGMP_NOT_MEMBER:
2361 case IGMP_SILENT_MEMBER:
2362 case IGMP_IDLE_MEMBER:
2363 case IGMP_LAZY_MEMBER:
2364 case IGMP_SLEEPING_MEMBER:
2365 case IGMP_AWAKENING_MEMBER:
2366 /*
2367 * These states are either not relevant in v3 mode,
2368 * or are unreported. Do nothing.
2369 */
2370 break;
2371 case IGMP_LEAVING_MEMBER:
2372 /*
2373 * If we are leaving the group and switching to
2374 * compatibility mode, we need to release the final
2375 * reference held for issuing the INCLUDE {}, and
2376 * transition to REPORTING to ensure the host leave
2377 * message is sent upstream to the old querier --
2378 * transition to NOT would lose the leave and race.
2379 * During igmp_final_leave(), we bumped up both the
2380 * request and reference counts. Since we cannot
2381 * call in_multi_detach() here, defer this task to
2382 * the timer routine.
2383 */
2384 VERIFY(inm->inm_nrelecnt != 0);
2385 IGI_LOCK(igi);
2386 SLIST_INSERT_HEAD(&igi->igi_relinmhead, inm, inm_nrele);
2387 IGI_UNLOCK(igi);
2388 /* FALLTHROUGH */
2389 case IGMP_G_QUERY_PENDING_MEMBER:
2390 case IGMP_SG_QUERY_PENDING_MEMBER:
2391 inm_clear_recorded(inm);
2392 /* FALLTHROUGH */
2393 case IGMP_REPORTING_MEMBER:
2394 inm->inm_state = IGMP_REPORTING_MEMBER;
2395 break;
2396 }
2397 /*
2398 * Always clear state-change and group report timers.
2399 * Free any pending IGMPv3 state-change records.
2400 */
2401 inm->inm_sctimer = 0;
2402 inm->inm_timer = 0;
2403 IF_DRAIN(&inm->inm_scq);
2404 next:
2405 INM_UNLOCK(inm);
2406 IN_NEXT_MULTI(step, inm);
2407 }
2408 in_multihead_lock_done();
2409
2410 IGI_LOCK(igi);
2411 }
2412
2413 /*
2414 * Update the Older Version Querier Present timers for a link.
2415 * See Section 7.2.1 of RFC 3376.
2416 */
2417 static void
2418 igmp_v1v2_process_querier_timers(struct igmp_ifinfo *igi)
2419 {
2420 IGI_LOCK_ASSERT_HELD(igi);
2421
2422 if (igi->igi_v1_timer == 0 && igi->igi_v2_timer == 0) {
2423 /*
2424 * IGMPv1 and IGMPv2 Querier Present timers expired.
2425 *
2426 * Revert to IGMPv3.
2427 */
2428 if (igi->igi_version != IGMP_VERSION_3) {
2429 IGMP_PRINTF(("%s: transition from v%d -> v%d "
2430 "on 0x%llx(%s)\n", __func__,
2431 igi->igi_version, IGMP_VERSION_3,
2432 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2433 if_name(igi->igi_ifp)));
2434 igi->igi_version = IGMP_VERSION_3;
2435 IF_DRAIN(&igi->igi_v2q);
2436 }
2437 } else if (igi->igi_v1_timer == 0 && igi->igi_v2_timer > 0) {
2438 /*
2439 * IGMPv1 Querier Present timer expired,
2440 * IGMPv2 Querier Present timer running.
2441 * If IGMPv2 was disabled since last timeout,
2442 * revert to IGMPv3.
2443 * If IGMPv2 is enabled, revert to IGMPv2.
2444 */
2445 if (!igmp_v2enable) {
2446 IGMP_PRINTF(("%s: transition from v%d -> v%d "
2447 "on 0x%llx(%s%d)\n", __func__,
2448 igi->igi_version, IGMP_VERSION_3,
2449 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2450 igi->igi_ifp->if_name, igi->igi_ifp->if_unit));
2451 igi->igi_v2_timer = 0;
2452 igi->igi_version = IGMP_VERSION_3;
2453 IF_DRAIN(&igi->igi_v2q);
2454 } else {
2455 --igi->igi_v2_timer;
2456 if (igi->igi_version != IGMP_VERSION_2) {
2457 IGMP_PRINTF(("%s: transition from v%d -> v%d "
2458 "on 0x%llx(%s)\n", __func__,
2459 igi->igi_version, IGMP_VERSION_2,
2460 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2461 if_name(igi->igi_ifp)));
2462 igi->igi_version = IGMP_VERSION_2;
2463 IF_DRAIN(&igi->igi_gq);
2464 igmp_v3_cancel_link_timers(igi);
2465 }
2466 }
2467 } else if (igi->igi_v1_timer > 0) {
2468 /*
2469 * IGMPv1 Querier Present timer running.
2470 * Stop IGMPv2 timer if running.
2471 *
2472 * If IGMPv1 was disabled since last timeout,
2473 * revert to IGMPv3.
2474 * If IGMPv1 is enabled, reset IGMPv2 timer if running.
2475 */
2476 if (!igmp_v1enable) {
2477 IGMP_PRINTF(("%s: transition from v%d -> v%d "
2478 "on 0x%llx(%s%d)\n", __func__,
2479 igi->igi_version, IGMP_VERSION_3,
2480 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2481 igi->igi_ifp->if_name, igi->igi_ifp->if_unit));
2482 igi->igi_v1_timer = 0;
2483 igi->igi_version = IGMP_VERSION_3;
2484 IF_DRAIN(&igi->igi_v2q);
2485 } else {
2486 --igi->igi_v1_timer;
2487 }
2488 if (igi->igi_v2_timer > 0) {
2489 IGMP_PRINTF(("%s: cancel v2 timer on 0x%llx(%s%d)\n",
2490 __func__,
2491 (uint64_t)VM_KERNEL_ADDRPERM(igi->igi_ifp),
2492 igi->igi_ifp->if_name, igi->igi_ifp->if_unit));
2493 igi->igi_v2_timer = 0;
2494 }
2495 }
2496 }
2497
2498 /*
2499 * Dispatch an IGMPv1/v2 host report or leave message.
2500 * These are always small enough to fit inside a single mbuf.
2501 */
2502 static int
2503 igmp_v1v2_queue_report(struct in_multi *inm, const int type)
2504 {
2505 struct ifnet *ifp;
2506 struct igmp *igmp;
2507 struct ip *ip;
2508 struct mbuf *m;
2509 int error = 0;
2510
2511 INM_LOCK_ASSERT_HELD(inm);
2512 IGI_LOCK_ASSERT_HELD(inm->inm_igi);
2513
2514 ifp = inm->inm_ifp;
2515
2516 MGETHDR(m, M_DONTWAIT, MT_DATA);
2517 if (m == NULL)
2518 return (ENOMEM);
2519 MH_ALIGN(m, sizeof(struct ip) + sizeof(struct igmp));
2520
2521 m->m_pkthdr.len = sizeof(struct ip) + sizeof(struct igmp);
2522
2523 m->m_data += sizeof(struct ip);
2524 m->m_len = sizeof(struct igmp);
2525
2526 igmp = mtod(m, struct igmp *);
2527 igmp->igmp_type = type;
2528 igmp->igmp_code = 0;
2529 igmp->igmp_group = inm->inm_addr;
2530 igmp->igmp_cksum = 0;
2531 igmp->igmp_cksum = in_cksum(m, sizeof(struct igmp));
2532
2533 m->m_data -= sizeof(struct ip);
2534 m->m_len += sizeof(struct ip);
2535
2536 ip = mtod(m, struct ip *);
2537 ip->ip_tos = 0;
2538 ip->ip_len = sizeof(struct ip) + sizeof(struct igmp);
2539 ip->ip_off = 0;
2540 ip->ip_p = IPPROTO_IGMP;
2541 ip->ip_src.s_addr = INADDR_ANY;
2542
2543 if (type == IGMP_HOST_LEAVE_MESSAGE)
2544 ip->ip_dst.s_addr = htonl(INADDR_ALLRTRS_GROUP);
2545 else
2546 ip->ip_dst = inm->inm_addr;
2547
2548 igmp_save_context(m, ifp);
2549
2550 m->m_flags |= M_IGMPV2;
2551 if (inm->inm_igi->igi_flags & IGIF_LOOPBACK)
2552 m->m_flags |= M_IGMP_LOOP;
2553
2554 /*
2555 * Due to the fact that at this point we are possibly holding
2556 * in_multihead_lock in shared or exclusive mode, we can't call
2557 * igmp_sendpkt() here since that will eventually call ip_output(),
2558 * which will try to lock in_multihead_lock and cause a deadlock.
2559 * Instead we defer the work to the igmp_timeout() thread, thus
2560 * avoiding unlocking in_multihead_lock here.
2561 */
2562 if (IF_QFULL(&inm->inm_igi->igi_v2q)) {
2563 IGMP_PRINTF(("%s: v1/v2 outbound queue full\n", __func__));
2564 error = ENOMEM;
2565 m_freem(m);
2566 } else {
2567 IF_ENQUEUE(&inm->inm_igi->igi_v2q, m);
2568 VERIFY(error == 0);
2569 }
2570 return (error);
2571 }
2572
2573 /*
2574 * Process a state change from the upper layer for the given IPv4 group.
2575 *
2576 * Each socket holds a reference on the in_multi in its own ip_moptions.
2577 * The socket layer will have made the necessary updates to the group
2578 * state, it is now up to IGMP to issue a state change report if there
2579 * has been any change between T0 (when the last state-change was issued)
2580 * and T1 (now).
2581 *
2582 * We use the IGMPv3 state machine at group level. The IGMP module
2583 * however makes the decision as to which IGMP protocol version to speak.
2584 * A state change *from* INCLUDE {} always means an initial join.
2585 * A state change *to* INCLUDE {} always means a final leave.
2586 *
2587 * FUTURE: If IGIF_V3LITE is enabled for this interface, then we can
2588 * save ourselves a bunch of work; any exclusive mode groups need not
2589 * compute source filter lists.
2590 */
2591 int
2592 igmp_change_state(struct in_multi *inm, struct igmp_tparams *itp)
2593 {
2594 struct igmp_ifinfo *igi;
2595 struct ifnet *ifp;
2596 int error = 0;
2597
2598 VERIFY(itp != NULL);
2599 bzero(itp, sizeof (*itp));
2600
2601 INM_LOCK_ASSERT_HELD(inm);
2602 VERIFY(inm->inm_igi != NULL);
2603 IGI_LOCK_ASSERT_NOTHELD(inm->inm_igi);
2604
2605 /*
2606 * Try to detect if the upper layer just asked us to change state
2607 * for an interface which has now gone away.
2608 */
2609 VERIFY(inm->inm_ifma != NULL);
2610 ifp = inm->inm_ifma->ifma_ifp;
2611 /*
2612 * Sanity check that netinet's notion of ifp is the same as net's.
2613 */
2614 VERIFY(inm->inm_ifp == ifp);
2615
2616 igi = IGMP_IFINFO(ifp);
2617 VERIFY(igi != NULL);
2618
2619 /*
2620 * If we detect a state transition to or from MCAST_UNDEFINED
2621 * for this group, then we are starting or finishing an IGMP
2622 * life cycle for this group.
2623 */
2624 if (inm->inm_st[1].iss_fmode != inm->inm_st[0].iss_fmode) {
2625 IGMP_PRINTF(("%s: inm transition %d -> %d\n", __func__,
2626 inm->inm_st[0].iss_fmode, inm->inm_st[1].iss_fmode));
2627 if (inm->inm_st[0].iss_fmode == MCAST_UNDEFINED) {
2628 IGMP_PRINTF(("%s: initial join\n", __func__));
2629 error = igmp_initial_join(inm, igi, itp);
2630 goto out;
2631 } else if (inm->inm_st[1].iss_fmode == MCAST_UNDEFINED) {
2632 IGMP_PRINTF(("%s: final leave\n", __func__));
2633 igmp_final_leave(inm, igi, itp);
2634 goto out;
2635 }
2636 } else {
2637 IGMP_PRINTF(("%s: filter set change\n", __func__));
2638 }
2639
2640 error = igmp_handle_state_change(inm, igi, itp);
2641 out:
2642 return (error);
2643 }
2644
2645 /*
2646 * Perform the initial join for an IGMP group.
2647 *
2648 * When joining a group:
2649 * If the group should have its IGMP traffic suppressed, do nothing.
2650 * IGMPv1 starts sending IGMPv1 host membership reports.
2651 * IGMPv2 starts sending IGMPv2 host membership reports.
2652 * IGMPv3 will schedule an IGMPv3 state-change report containing the
2653 * initial state of the membership.
2654 */
2655 static int
2656 igmp_initial_join(struct in_multi *inm, struct igmp_ifinfo *igi,
2657 struct igmp_tparams *itp)
2658 {
2659 struct ifnet *ifp;
2660 struct ifqueue *ifq;
2661 int error, retval, syncstates;
2662
2663 INM_LOCK_ASSERT_HELD(inm);
2664 IGI_LOCK_ASSERT_NOTHELD(igi);
2665 VERIFY(itp != NULL);
2666
2667 IGMP_INET_PRINTF(inm->inm_addr,
2668 ("%s: initial join %s on ifp 0x%llx(%s)\n", __func__,
2669 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
2670 if_name(inm->inm_ifp)));
2671
2672 error = 0;
2673 syncstates = 1;
2674
2675 ifp = inm->inm_ifp;
2676
2677 IGI_LOCK(igi);
2678 VERIFY(igi->igi_ifp == ifp);
2679
2680 /*
2681 * Groups joined on loopback or marked as 'not reported',
2682 * e.g. 224.0.0.1, enter the IGMP_SILENT_MEMBER state and
2683 * are never reported in any IGMP protocol exchanges.
2684 * All other groups enter the appropriate IGMP state machine
2685 * for the version in use on this link.
2686 * A link marked as IGIF_SILENT causes IGMP to be completely
2687 * disabled for the link.
2688 */
2689 if ((ifp->if_flags & IFF_LOOPBACK) ||
2690 (igi->igi_flags & IGIF_SILENT) ||
2691 !igmp_isgroupreported(inm->inm_addr)) {
2692 IGMP_PRINTF(("%s: not kicking state machine for silent group\n",
2693 __func__));
2694 inm->inm_state = IGMP_SILENT_MEMBER;
2695 inm->inm_timer = 0;
2696 } else {
2697 /*
2698 * Deal with overlapping in_multi lifecycle.
2699 * If this group was LEAVING, then make sure
2700 * we drop the reference we picked up to keep the
2701 * group around for the final INCLUDE {} enqueue.
2702 * Since we cannot call in_multi_detach() here,
2703 * defer this task to the timer routine.
2704 */
2705 if (igi->igi_version == IGMP_VERSION_3 &&
2706 inm->inm_state == IGMP_LEAVING_MEMBER) {
2707 VERIFY(inm->inm_nrelecnt != 0);
2708 SLIST_INSERT_HEAD(&igi->igi_relinmhead, inm, inm_nrele);
2709 }
2710
2711 inm->inm_state = IGMP_REPORTING_MEMBER;
2712
2713 switch (igi->igi_version) {
2714 case IGMP_VERSION_1:
2715 case IGMP_VERSION_2:
2716 inm->inm_state = IGMP_IDLE_MEMBER;
2717 error = igmp_v1v2_queue_report(inm,
2718 (igi->igi_version == IGMP_VERSION_2) ?
2719 IGMP_v2_HOST_MEMBERSHIP_REPORT :
2720 IGMP_v1_HOST_MEMBERSHIP_REPORT);
2721
2722 INM_LOCK_ASSERT_HELD(inm);
2723 IGI_LOCK_ASSERT_HELD(igi);
2724
2725 if (error == 0) {
2726 inm->inm_timer =
2727 IGMP_RANDOM_DELAY(IGMP_V1V2_MAX_RI);
2728 itp->cst = 1;
2729 }
2730 break;
2731
2732 case IGMP_VERSION_3:
2733 /*
2734 * Defer update of T0 to T1, until the first copy
2735 * of the state change has been transmitted.
2736 */
2737 syncstates = 0;
2738
2739 /*
2740 * Immediately enqueue a State-Change Report for
2741 * this interface, freeing any previous reports.
2742 * Don't kick the timers if there is nothing to do,
2743 * or if an error occurred.
2744 */
2745 ifq = &inm->inm_scq;
2746 IF_DRAIN(ifq);
2747 retval = igmp_v3_enqueue_group_record(ifq, inm, 1,
2748 0, 0);
2749 itp->cst = (ifq->ifq_len > 0);
2750 IGMP_PRINTF(("%s: enqueue record = %d\n",
2751 __func__, retval));
2752 if (retval <= 0) {
2753 error = retval * -1;
2754 break;
2755 }
2756
2757 /*
2758 * Schedule transmission of pending state-change
2759 * report up to RV times for this link. The timer
2760 * will fire at the next igmp_timeout (1 second),
2761 * giving us an opportunity to merge the reports.
2762 */
2763 if (igi->igi_flags & IGIF_LOOPBACK) {
2764 inm->inm_scrv = 1;
2765 } else {
2766 VERIFY(igi->igi_rv > 1);
2767 inm->inm_scrv = igi->igi_rv;
2768 }
2769 inm->inm_sctimer = 1;
2770 itp->sct = 1;
2771
2772 error = 0;
2773 break;
2774 }
2775 }
2776 IGI_UNLOCK(igi);
2777
2778 /*
2779 * Only update the T0 state if state change is atomic,
2780 * i.e. we don't need to wait for a timer to fire before we
2781 * can consider the state change to have been communicated.
2782 */
2783 if (syncstates) {
2784 inm_commit(inm);
2785 IGMP_INET_PRINTF(inm->inm_addr,
2786 ("%s: T1 -> T0 for %s/%s\n", __func__,
2787 _igmp_inet_buf, if_name(inm->inm_ifp)));
2788 }
2789
2790 return (error);
2791 }
2792
2793 /*
2794 * Issue an intermediate state change during the IGMP life-cycle.
2795 */
2796 static int
2797 igmp_handle_state_change(struct in_multi *inm, struct igmp_ifinfo *igi,
2798 struct igmp_tparams *itp)
2799 {
2800 struct ifnet *ifp;
2801 int retval = 0;
2802
2803 INM_LOCK_ASSERT_HELD(inm);
2804 IGI_LOCK_ASSERT_NOTHELD(igi);
2805 VERIFY(itp != NULL);
2806
2807 IGMP_INET_PRINTF(inm->inm_addr,
2808 ("%s: state change for %s on ifp 0x%llx(%s)\n", __func__,
2809 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
2810 if_name(inm->inm_ifp)));
2811
2812 ifp = inm->inm_ifp;
2813
2814 IGI_LOCK(igi);
2815 VERIFY(igi->igi_ifp == ifp);
2816
2817 if ((ifp->if_flags & IFF_LOOPBACK) ||
2818 (igi->igi_flags & IGIF_SILENT) ||
2819 !igmp_isgroupreported(inm->inm_addr) ||
2820 (igi->igi_version != IGMP_VERSION_3)) {
2821 IGI_UNLOCK(igi);
2822 if (!igmp_isgroupreported(inm->inm_addr)) {
2823 IGMP_PRINTF(("%s: not kicking state "
2824 "machine for silent group\n", __func__));
2825 }
2826 IGMP_PRINTF(("%s: nothing to do\n", __func__));
2827 inm_commit(inm);
2828 IGMP_INET_PRINTF(inm->inm_addr,
2829 ("%s: T1 -> T0 for %s/%s\n", __func__,
2830 _igmp_inet_buf, inm->inm_ifp->if_name));
2831 goto done;
2832 }
2833
2834 IF_DRAIN(&inm->inm_scq);
2835
2836 retval = igmp_v3_enqueue_group_record(&inm->inm_scq, inm, 1, 0, 0);
2837 itp->cst = (inm->inm_scq.ifq_len > 0);
2838 IGMP_PRINTF(("%s: enqueue record = %d\n", __func__, retval));
2839 if (retval <= 0) {
2840 IGI_UNLOCK(igi);
2841 retval *= -1;
2842 goto done;
2843 }
2844 /*
2845 * If record(s) were enqueued, start the state-change
2846 * report timer for this group.
2847 */
2848 inm->inm_scrv = ((igi->igi_flags & IGIF_LOOPBACK) ? 1 : igi->igi_rv);
2849 inm->inm_sctimer = 1;
2850 itp->sct = 1;
2851 IGI_UNLOCK(igi);
2852 done:
2853 return (retval);
2854 }
2855
2856 /*
2857 * Perform the final leave for an IGMP group.
2858 *
2859 * When leaving a group:
2860 * IGMPv1 does nothing.
2861 * IGMPv2 sends a host leave message, if and only if we are the reporter.
2862 * IGMPv3 enqueues a state-change report containing a transition
2863 * to INCLUDE {} for immediate transmission.
2864 */
2865 static void
2866 igmp_final_leave(struct in_multi *inm, struct igmp_ifinfo *igi,
2867 struct igmp_tparams *itp)
2868 {
2869 int syncstates = 1;
2870
2871 INM_LOCK_ASSERT_HELD(inm);
2872 IGI_LOCK_ASSERT_NOTHELD(igi);
2873 VERIFY(itp != NULL);
2874
2875 IGMP_INET_PRINTF(inm->inm_addr,
2876 ("%s: final leave %s on ifp 0x%llx(%s)\n", __func__,
2877 _igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
2878 if_name(inm->inm_ifp)));
2879
2880 switch (inm->inm_state) {
2881 case IGMP_NOT_MEMBER:
2882 case IGMP_SILENT_MEMBER:
2883 case IGMP_LEAVING_MEMBER:
2884 /* Already leaving or left; do nothing. */
2885 IGMP_PRINTF(("%s: not kicking state machine for silent group\n",
2886 __func__));
2887 break;
2888 case IGMP_REPORTING_MEMBER:
2889 case IGMP_IDLE_MEMBER:
2890 case IGMP_G_QUERY_PENDING_MEMBER:
2891 case IGMP_SG_QUERY_PENDING_MEMBER:
2892 IGI_LOCK(igi);
2893 if (igi->igi_version == IGMP_VERSION_2) {
2894 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER ||
2895 inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER) {
2896 panic("%s: IGMPv3 state reached, not IGMPv3 "
2897 "mode\n", __func__);
2898 /* NOTREACHED */
2899 }
2900 /* scheduler timer if enqueue is successful */
2901 itp->cst = (igmp_v1v2_queue_report(inm,
2902 IGMP_HOST_LEAVE_MESSAGE) == 0);
2903
2904 INM_LOCK_ASSERT_HELD(inm);
2905 IGI_LOCK_ASSERT_HELD(igi);
2906
2907 inm->inm_state = IGMP_NOT_MEMBER;
2908 } else if (igi->igi_version == IGMP_VERSION_3) {
2909 /*
2910 * Stop group timer and all pending reports.
2911 * Immediately enqueue a state-change report
2912 * TO_IN {} to be sent on the next timeout,
2913 * giving us an opportunity to merge reports.
2914 */
2915 IF_DRAIN(&inm->inm_scq);
2916 inm->inm_timer = 0;
2917 if (igi->igi_flags & IGIF_LOOPBACK) {
2918 inm->inm_scrv = 1;
2919 } else {
2920 inm->inm_scrv = igi->igi_rv;
2921 }
2922 IGMP_INET_PRINTF(inm->inm_addr,
2923 ("%s: Leaving %s/%s with %d "
2924 "pending retransmissions.\n", __func__,
2925 _igmp_inet_buf, if_name(inm->inm_ifp),
2926 inm->inm_scrv));
2927 if (inm->inm_scrv == 0) {
2928 inm->inm_state = IGMP_NOT_MEMBER;
2929 inm->inm_sctimer = 0;
2930 } else {
2931 int retval;
2932 /*
2933 * Stick around in the in_multihead list;
2934 * the final detach will be issued by
2935 * igmp_v3_process_group_timers() when
2936 * the retransmit timer expires.
2937 */
2938 INM_ADDREF_LOCKED(inm);
2939 VERIFY(inm->inm_debug & IFD_ATTACHED);
2940 inm->inm_reqcnt++;
2941 VERIFY(inm->inm_reqcnt >= 1);
2942 inm->inm_nrelecnt++;
2943 VERIFY(inm->inm_nrelecnt != 0);
2944
2945 retval = igmp_v3_enqueue_group_record(
2946 &inm->inm_scq, inm, 1, 0, 0);
2947 itp->cst = (inm->inm_scq.ifq_len > 0);
2948 KASSERT(retval != 0,
2949 ("%s: enqueue record = %d\n", __func__,
2950 retval));
2951
2952 inm->inm_state = IGMP_LEAVING_MEMBER;
2953 inm->inm_sctimer = 1;
2954 itp->sct = 1;
2955 syncstates = 0;
2956 }
2957 }
2958 IGI_UNLOCK(igi);
2959 break;
2960 case IGMP_LAZY_MEMBER:
2961 case IGMP_SLEEPING_MEMBER:
2962 case IGMP_AWAKENING_MEMBER:
2963 /* Our reports are suppressed; do nothing. */
2964 break;
2965 }
2966
2967 if (syncstates) {
2968 inm_commit(inm);
2969 IGMP_INET_PRINTF(inm->inm_addr,
2970 ("%s: T1 -> T0 for %s/%s\n", __func__,
2971 _igmp_inet_buf, if_name(inm->inm_ifp)));
2972 inm->inm_st[1].iss_fmode = MCAST_UNDEFINED;
2973 IGMP_INET_PRINTF(inm->inm_addr,
2974 ("%s: T1 now MCAST_UNDEFINED for %s/%s\n",
2975 __func__, _igmp_inet_buf, if_name(inm->inm_ifp)));
2976 }
2977 }
2978
2979 /*
2980 * Enqueue an IGMPv3 group record to the given output queue.
2981 *
2982 * XXX This function could do with having the allocation code
2983 * split out, and the multiple-tree-walks coalesced into a single
2984 * routine as has been done in igmp_v3_enqueue_filter_change().
2985 *
2986 * If is_state_change is zero, a current-state record is appended.
2987 * If is_state_change is non-zero, a state-change report is appended.
2988 *
2989 * If is_group_query is non-zero, an mbuf packet chain is allocated.
2990 * If is_group_query is zero, and if there is a packet with free space
2991 * at the tail of the queue, it will be appended to providing there
2992 * is enough free space.
2993 * Otherwise a new mbuf packet chain is allocated.
2994 *
2995 * If is_source_query is non-zero, each source is checked to see if
2996 * it was recorded for a Group-Source query, and will be omitted if
2997 * it is not both in-mode and recorded.
2998 *
2999 * The function will attempt to allocate leading space in the packet
3000 * for the IP/IGMP header to be prepended without fragmenting the chain.
3001 *
3002 * If successful the size of all data appended to the queue is returned,
3003 * otherwise an error code less than zero is returned, or zero if
3004 * no record(s) were appended.
3005 */
3006 static int
3007 igmp_v3_enqueue_group_record(struct ifqueue *ifq, struct in_multi *inm,
3008 const int is_state_change, const int is_group_query,
3009 const int is_source_query)
3010 {
3011 struct igmp_grouprec ig;
3012 struct igmp_grouprec *pig;
3013 struct ifnet *ifp;
3014 struct ip_msource *ims, *nims;
3015 struct mbuf *m0, *m, *md;
3016 int error, is_filter_list_change;
3017 int minrec0len, m0srcs, msrcs, nbytes, off;
3018 int record_has_sources;
3019 int now;
3020 int type;
3021 in_addr_t naddr;
3022 uint8_t mode;
3023 u_int16_t ig_numsrc;
3024
3025 INM_LOCK_ASSERT_HELD(inm);
3026 IGI_LOCK_ASSERT_HELD(inm->inm_igi);
3027
3028 error = 0;
3029 ifp = inm->inm_ifp;
3030 is_filter_list_change = 0;
3031 m = NULL;
3032 m0 = NULL;
3033 m0srcs = 0;
3034 msrcs = 0;
3035 nbytes = 0;
3036 nims = NULL;
3037 record_has_sources = 1;
3038 pig = NULL;
3039 type = IGMP_DO_NOTHING;
3040 mode = inm->inm_st[1].iss_fmode;
3041
3042 /*
3043 * If we did not transition out of ASM mode during t0->t1,
3044 * and there are no source nodes to process, we can skip
3045 * the generation of source records.
3046 */
3047 if (inm->inm_st[0].iss_asm > 0 && inm->inm_st[1].iss_asm > 0 &&
3048 inm->inm_nsrc == 0)
3049 record_has_sources = 0;
3050
3051 if (is_state_change) {
3052 /*
3053 * Queue a state change record.
3054 * If the mode did not change, and there are non-ASM
3055 * listeners or source filters present,
3056 * we potentially need to issue two records for the group.
3057 * If we are transitioning to MCAST_UNDEFINED, we need
3058 * not send any sources.
3059 * If there are ASM listeners, and there was no filter
3060 * mode transition of any kind, do nothing.
3061 */
3062 if (mode != inm->inm_st[0].iss_fmode) {
3063 if (mode == MCAST_EXCLUDE) {
3064 IGMP_PRINTF(("%s: change to EXCLUDE\n",
3065 __func__));
3066 type = IGMP_CHANGE_TO_EXCLUDE_MODE;
3067 } else {
3068 IGMP_PRINTF(("%s: change to INCLUDE\n",
3069 __func__));
3070 type = IGMP_CHANGE_TO_INCLUDE_MODE;
3071 if (mode == MCAST_UNDEFINED)
3072 record_has_sources = 0;
3073 }
3074 } else {
3075 if (record_has_sources) {
3076 is_filter_list_change = 1;
3077 } else {
3078 type = IGMP_DO_NOTHING;
3079 }
3080 }
3081 } else {
3082 /*
3083 * Queue a current state record.
3084 */
3085 if (mode == MCAST_EXCLUDE) {
3086 type = IGMP_MODE_IS_EXCLUDE;
3087 } else if (mode == MCAST_INCLUDE) {
3088 type = IGMP_MODE_IS_INCLUDE;
3089 VERIFY(inm->inm_st[1].iss_asm == 0);
3090 }
3091 }
3092
3093 /*
3094 * Generate the filter list changes using a separate function.
3095 */
3096 if (is_filter_list_change)
3097 return (igmp_v3_enqueue_filter_change(ifq, inm));
3098
3099 if (type == IGMP_DO_NOTHING) {
3100 IGMP_INET_PRINTF(inm->inm_addr,
3101 ("%s: nothing to do for %s/%s\n",
3102 __func__, _igmp_inet_buf,
3103 if_name(inm->inm_ifp)));
3104 return (0);
3105 }
3106
3107 /*
3108 * If any sources are present, we must be able to fit at least
3109 * one in the trailing space of the tail packet's mbuf,
3110 * ideally more.
3111 */
3112 minrec0len = sizeof(struct igmp_grouprec);
3113 if (record_has_sources)
3114 minrec0len += sizeof(in_addr_t);
3115
3116 IGMP_INET_PRINTF(inm->inm_addr,
3117 ("%s: queueing %s for %s/%s\n", __func__,
3118 igmp_rec_type_to_str(type), _igmp_inet_buf,
3119 if_name(inm->inm_ifp)));
3120
3121 /*
3122 * Check if we have a packet in the tail of the queue for this
3123 * group into which the first group record for this group will fit.
3124 * Otherwise allocate a new packet.
3125 * Always allocate leading space for IP+RA_OPT+IGMP+REPORT.
3126 * Note: Group records for G/GSR query responses MUST be sent
3127 * in their own packet.
3128 */
3129 m0 = ifq->ifq_tail;
3130 if (!is_group_query &&
3131 m0 != NULL &&
3132 (m0->m_pkthdr.vt_nrecs + 1 <= IGMP_V3_REPORT_MAXRECS) &&
3133 (m0->m_pkthdr.len + minrec0len) <
3134 (ifp->if_mtu - IGMP_LEADINGSPACE)) {
3135 m0srcs = (ifp->if_mtu - m0->m_pkthdr.len -
3136 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t);
3137 m = m0;
3138 IGMP_PRINTF(("%s: use existing packet\n", __func__));
3139 } else {
3140 if (IF_QFULL(ifq)) {
3141 IGMP_PRINTF(("%s: outbound queue full\n", __func__));
3142 return (-ENOMEM);
3143 }
3144 m = NULL;
3145 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE -
3146 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t);
3147 if (!is_state_change && !is_group_query) {
3148 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
3149 if (m)
3150 m->m_data += IGMP_LEADINGSPACE;
3151 }
3152 if (m == NULL) {
3153 m = m_gethdr(M_DONTWAIT, MT_DATA);
3154 if (m)
3155 MH_ALIGN(m, IGMP_LEADINGSPACE);
3156 }
3157 if (m == NULL)
3158 return (-ENOMEM);
3159
3160 igmp_save_context(m, ifp);
3161
3162 IGMP_PRINTF(("%s: allocated first packet\n", __func__));
3163 }
3164
3165 /*
3166 * Append group record.
3167 * If we have sources, we don't know how many yet.
3168 */
3169 ig.ig_type = type;
3170 ig.ig_datalen = 0;
3171 ig.ig_numsrc = 0;
3172 ig.ig_group = inm->inm_addr;
3173 if (!m_append(m, sizeof(struct igmp_grouprec), (void *)&ig)) {
3174 if (m != m0)
3175 m_freem(m);
3176 IGMP_PRINTF(("%s: m_append() failed.\n", __func__));
3177 return (-ENOMEM);
3178 }
3179 nbytes += sizeof(struct igmp_grouprec);
3180
3181 /*
3182 * Append as many sources as will fit in the first packet.
3183 * If we are appending to a new packet, the chain allocation
3184 * may potentially use clusters; use m_getptr() in this case.
3185 * If we are appending to an existing packet, we need to obtain
3186 * a pointer to the group record after m_append(), in case a new
3187 * mbuf was allocated.
3188 * Only append sources which are in-mode at t1. If we are
3189 * transitioning to MCAST_UNDEFINED state on the group, do not
3190 * include source entries.
3191 * Only report recorded sources in our filter set when responding
3192 * to a group-source query.
3193 */
3194 if (record_has_sources) {
3195 if (m == m0) {
3196 md = m_last(m);
3197 pig = (struct igmp_grouprec *)(void *)
3198 (mtod(md, uint8_t *) + md->m_len - nbytes);
3199 } else {
3200 md = m_getptr(m, 0, &off);
3201 pig = (struct igmp_grouprec *)(void *)
3202 (mtod(md, uint8_t *) + off);
3203 }
3204 msrcs = 0;
3205 RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, nims) {
3206 #ifdef IGMP_DEBUG
3207 char buf[MAX_IPv4_STR_LEN];
3208
3209 inet_ntop_haddr(ims->ims_haddr, buf, sizeof(buf));
3210 IGMP_PRINTF(("%s: visit node %s\n", __func__, buf));
3211 #endif
3212 now = ims_get_mode(inm, ims, 1);
3213 IGMP_PRINTF(("%s: node is %d\n", __func__, now));
3214 if ((now != mode) ||
3215 (now == mode && mode == MCAST_UNDEFINED)) {
3216 IGMP_PRINTF(("%s: skip node\n", __func__));
3217 continue;
3218 }
3219 if (is_source_query && ims->ims_stp == 0) {
3220 IGMP_PRINTF(("%s: skip unrecorded node\n",
3221 __func__));
3222 continue;
3223 }
3224 IGMP_PRINTF(("%s: append node\n", __func__));
3225 naddr = htonl(ims->ims_haddr);
3226 if (!m_append(m, sizeof(in_addr_t), (void *)&naddr)) {
3227 if (m != m0)
3228 m_freem(m);
3229 IGMP_PRINTF(("%s: m_append() failed.\n",
3230 __func__));
3231 return (-ENOMEM);
3232 }
3233 nbytes += sizeof(in_addr_t);
3234 ++msrcs;
3235 if (msrcs == m0srcs)
3236 break;
3237 }
3238 IGMP_PRINTF(("%s: msrcs is %d this packet\n", __func__,
3239 msrcs));
3240 ig_numsrc = htons(msrcs);
3241 bcopy(&ig_numsrc, &pig->ig_numsrc, sizeof (ig_numsrc));
3242 nbytes += (msrcs * sizeof(in_addr_t));
3243 }
3244
3245 if (is_source_query && msrcs == 0) {
3246 IGMP_PRINTF(("%s: no recorded sources to report\n", __func__));
3247 if (m != m0)
3248 m_freem(m);
3249 return (0);
3250 }
3251
3252 /*
3253 * We are good to go with first packet.
3254 */
3255 if (m != m0) {
3256 IGMP_PRINTF(("%s: enqueueing first packet\n", __func__));
3257 m->m_pkthdr.vt_nrecs = 1;
3258 IF_ENQUEUE(ifq, m);
3259 } else {
3260 m->m_pkthdr.vt_nrecs++;
3261 }
3262 /*
3263 * No further work needed if no source list in packet(s).
3264 */
3265 if (!record_has_sources)
3266 return (nbytes);
3267
3268 /*
3269 * Whilst sources remain to be announced, we need to allocate
3270 * a new packet and fill out as many sources as will fit.
3271 * Always try for a cluster first.
3272 */
3273 while (nims != NULL) {
3274 if (IF_QFULL(ifq)) {
3275 IGMP_PRINTF(("%s: outbound queue full\n", __func__));
3276 return (-ENOMEM);
3277 }
3278 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
3279 if (m)
3280 m->m_data += IGMP_LEADINGSPACE;
3281 if (m == NULL) {
3282 m = m_gethdr(M_DONTWAIT, MT_DATA);
3283 if (m)
3284 MH_ALIGN(m, IGMP_LEADINGSPACE);
3285 }
3286 if (m == NULL)
3287 return (-ENOMEM);
3288 igmp_save_context(m, ifp);
3289 md = m_getptr(m, 0, &off);
3290 pig = (struct igmp_grouprec *)(void *)
3291 (mtod(md, uint8_t *) + off);
3292 IGMP_PRINTF(("%s: allocated next packet\n", __func__));
3293
3294 if (!m_append(m, sizeof(struct igmp_grouprec), (void *)&ig)) {
3295 if (m != m0)
3296 m_freem(m);
3297 IGMP_PRINTF(("%s: m_append() failed.\n", __func__));
3298 return (-ENOMEM);
3299 }
3300 m->m_pkthdr.vt_nrecs = 1;
3301 nbytes += sizeof(struct igmp_grouprec);
3302
3303 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE -
3304 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t);
3305
3306 msrcs = 0;
3307 RB_FOREACH_FROM(ims, ip_msource_tree, nims) {
3308 #ifdef IGMP_DEBUG
3309 char buf[MAX_IPv4_STR_LEN];
3310
3311 inet_ntop_haddr(ims->ims_haddr, buf, sizeof(buf));
3312 IGMP_PRINTF(("%s: visit node %s\n", __func__, buf));
3313 #endif
3314 now = ims_get_mode(inm, ims, 1);
3315 if ((now != mode) ||
3316 (now == mode && mode == MCAST_UNDEFINED)) {
3317 IGMP_PRINTF(("%s: skip node\n", __func__));
3318 continue;
3319 }
3320 if (is_source_query && ims->ims_stp == 0) {
3321 IGMP_PRINTF(("%s: skip unrecorded node\n",
3322 __func__));
3323 continue;
3324 }
3325 IGMP_PRINTF(("%s: append node\n", __func__));
3326 naddr = htonl(ims->ims_haddr);
3327 if (!m_append(m, sizeof(in_addr_t), (void *)&naddr)) {
3328 if (m != m0)
3329 m_freem(m);
3330 IGMP_PRINTF(("%s: m_append() failed.\n",
3331 __func__));
3332 return (-ENOMEM);
3333 }
3334 ++msrcs;
3335 if (msrcs == m0srcs)
3336 break;
3337 }
3338 ig_numsrc = htons(msrcs);
3339 bcopy(&ig_numsrc, &pig->ig_numsrc, sizeof (ig_numsrc));
3340 nbytes += (msrcs * sizeof(in_addr_t));
3341
3342 IGMP_PRINTF(("%s: enqueueing next packet\n", __func__));
3343 IF_ENQUEUE(ifq, m);
3344 }
3345
3346 return (nbytes);
3347 }
3348
3349 /*
3350 * Type used to mark record pass completion.
3351 * We exploit the fact we can cast to this easily from the
3352 * current filter modes on each ip_msource node.
3353 */
3354 typedef enum {
3355 REC_NONE = 0x00, /* MCAST_UNDEFINED */
3356 REC_ALLOW = 0x01, /* MCAST_INCLUDE */
3357 REC_BLOCK = 0x02, /* MCAST_EXCLUDE */
3358 REC_FULL = REC_ALLOW | REC_BLOCK
3359 } rectype_t;
3360
3361 /*
3362 * Enqueue an IGMPv3 filter list change to the given output queue.
3363 *
3364 * Source list filter state is held in an RB-tree. When the filter list
3365 * for a group is changed without changing its mode, we need to compute
3366 * the deltas between T0 and T1 for each source in the filter set,
3367 * and enqueue the appropriate ALLOW_NEW/BLOCK_OLD records.
3368 *
3369 * As we may potentially queue two record types, and the entire R-B tree
3370 * needs to be walked at once, we break this out into its own function
3371 * so we can generate a tightly packed queue of packets.
3372 *
3373 * XXX This could be written to only use one tree walk, although that makes
3374 * serializing into the mbuf chains a bit harder. For now we do two walks
3375 * which makes things easier on us, and it may or may not be harder on
3376 * the L2 cache.
3377 *
3378 * If successful the size of all data appended to the queue is returned,
3379 * otherwise an error code less than zero is returned, or zero if
3380 * no record(s) were appended.
3381 */
3382 static int
3383 igmp_v3_enqueue_filter_change(struct ifqueue *ifq, struct in_multi *inm)
3384 {
3385 static const int MINRECLEN =
3386 sizeof(struct igmp_grouprec) + sizeof(in_addr_t);
3387 struct ifnet *ifp;
3388 struct igmp_grouprec ig;
3389 struct igmp_grouprec *pig;
3390 struct ip_msource *ims, *nims;
3391 struct mbuf *m, *m0, *md;
3392 in_addr_t naddr;
3393 int m0srcs, nbytes, npbytes, off, rsrcs, schanged;
3394 int nallow, nblock;
3395 uint8_t mode, now, then;
3396 rectype_t crt, drt, nrt;
3397 u_int16_t ig_numsrc;
3398
3399 INM_LOCK_ASSERT_HELD(inm);
3400
3401 if (inm->inm_nsrc == 0 ||
3402 (inm->inm_st[0].iss_asm > 0 && inm->inm_st[1].iss_asm > 0))
3403 return (0);
3404
3405 ifp = inm->inm_ifp; /* interface */
3406 mode = inm->inm_st[1].iss_fmode; /* filter mode at t1 */
3407 crt = REC_NONE; /* current group record type */
3408 drt = REC_NONE; /* mask of completed group record types */
3409 nrt = REC_NONE; /* record type for current node */
3410 m0srcs = 0; /* # source which will fit in current mbuf chain */
3411 nbytes = 0; /* # of bytes appended to group's state-change queue */
3412 npbytes = 0; /* # of bytes appended this packet */
3413 rsrcs = 0; /* # sources encoded in current record */
3414 schanged = 0; /* # nodes encoded in overall filter change */
3415 nallow = 0; /* # of source entries in ALLOW_NEW */
3416 nblock = 0; /* # of source entries in BLOCK_OLD */
3417 nims = NULL; /* next tree node pointer */
3418
3419 /*
3420 * For each possible filter record mode.
3421 * The first kind of source we encounter tells us which
3422 * is the first kind of record we start appending.
3423 * If a node transitioned to UNDEFINED at t1, its mode is treated
3424 * as the inverse of the group's filter mode.
3425 */
3426 while (drt != REC_FULL) {
3427 do {
3428 m0 = ifq->ifq_tail;
3429 if (m0 != NULL &&
3430 (m0->m_pkthdr.vt_nrecs + 1 <=
3431 IGMP_V3_REPORT_MAXRECS) &&
3432 (m0->m_pkthdr.len + MINRECLEN) <
3433 (ifp->if_mtu - IGMP_LEADINGSPACE)) {
3434 m = m0;
3435 m0srcs = (ifp->if_mtu - m0->m_pkthdr.len -
3436 sizeof(struct igmp_grouprec)) /
3437 sizeof(in_addr_t);
3438 IGMP_PRINTF(("%s: use previous packet\n",
3439 __func__));
3440 } else {
3441 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
3442 if (m)
3443 m->m_data += IGMP_LEADINGSPACE;
3444 if (m == NULL) {
3445 m = m_gethdr(M_DONTWAIT, MT_DATA);
3446 if (m)
3447 MH_ALIGN(m, IGMP_LEADINGSPACE);
3448 }
3449 if (m == NULL) {
3450 IGMP_PRINTF(("%s: m_get*() failed\n",
3451 __func__));
3452 return (-ENOMEM);
3453 }
3454 m->m_pkthdr.vt_nrecs = 0;
3455 igmp_save_context(m, ifp);
3456 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE -
3457 sizeof(struct igmp_grouprec)) /
3458 sizeof(in_addr_t);
3459 npbytes = 0;
3460 IGMP_PRINTF(("%s: allocated new packet\n",
3461 __func__));
3462 }
3463 /*
3464 * Append the IGMP group record header to the
3465 * current packet's data area.
3466 * Recalculate pointer to free space for next
3467 * group record, in case m_append() allocated
3468 * a new mbuf or cluster.
3469 */
3470 memset(&ig, 0, sizeof(ig));
3471 ig.ig_group = inm->inm_addr;
3472 if (!m_append(m, sizeof(ig), (void *)&ig)) {
3473 if (m != m0)
3474 m_freem(m);
3475 IGMP_PRINTF(("%s: m_append() failed\n",
3476 __func__));
3477 return (-ENOMEM);
3478 }
3479 npbytes += sizeof(struct igmp_grouprec);
3480 if (m != m0) {
3481 /* new packet; offset in c hain */
3482 md = m_getptr(m, npbytes -
3483 sizeof(struct igmp_grouprec), &off);
3484 pig = (struct igmp_grouprec *)(void *)(mtod(md,
3485 uint8_t *) + off);
3486 } else {
3487 /* current packet; offset from last append */
3488 md = m_last(m);
3489 pig = (struct igmp_grouprec *)(void *)(mtod(md,
3490 uint8_t *) + md->m_len -
3491 sizeof(struct igmp_grouprec));
3492 }
3493 /*
3494 * Begin walking the tree for this record type
3495 * pass, or continue from where we left off
3496 * previously if we had to allocate a new packet.
3497 * Only report deltas in-mode at t1.
3498 * We need not report included sources as allowed
3499 * if we are in inclusive mode on the group,
3500 * however the converse is not true.
3501 */
3502 rsrcs = 0;
3503 if (nims == NULL)
3504 nims = RB_MIN(ip_msource_tree, &inm->inm_srcs);
3505 RB_FOREACH_FROM(ims, ip_msource_tree, nims) {
3506 #ifdef IGMP_DEBUG
3507 char buf[MAX_IPv4_STR_LEN];
3508
3509 inet_ntop_haddr(ims->ims_haddr, buf, sizeof(buf));
3510 IGMP_PRINTF(("%s: visit node %s\n", __func__, buf));
3511 #endif
3512 now = ims_get_mode(inm, ims, 1);
3513 then = ims_get_mode(inm, ims, 0);
3514 IGMP_PRINTF(("%s: mode: t0 %d, t1 %d\n",
3515 __func__, then, now));
3516 if (now == then) {
3517 IGMP_PRINTF(("%s: skip unchanged\n",
3518 __func__));
3519 continue;
3520 }
3521 if (mode == MCAST_EXCLUDE &&
3522 now == MCAST_INCLUDE) {
3523 IGMP_PRINTF(("%s: skip IN src on EX "
3524 "group\n", __func__));
3525 continue;
3526 }
3527 nrt = (rectype_t)now;
3528 if (nrt == REC_NONE)
3529 nrt = (rectype_t)(~mode & REC_FULL);
3530 if (schanged++ == 0) {
3531 crt = nrt;
3532 } else if (crt != nrt)
3533 continue;
3534 naddr = htonl(ims->ims_haddr);
3535 if (!m_append(m, sizeof(in_addr_t),
3536 (void *)&naddr)) {
3537 if (m != m0)
3538 m_freem(m);
3539 IGMP_PRINTF(("%s: m_append() failed\n",
3540 __func__));
3541 return (-ENOMEM);
3542 }
3543 nallow += !!(crt == REC_ALLOW);
3544 nblock += !!(crt == REC_BLOCK);
3545 if (++rsrcs == m0srcs)
3546 break;
3547 }
3548 /*
3549 * If we did not append any tree nodes on this
3550 * pass, back out of allocations.
3551 */
3552 if (rsrcs == 0) {
3553 npbytes -= sizeof(struct igmp_grouprec);
3554 if (m != m0) {
3555 IGMP_PRINTF(("%s: m_free(m)\n",
3556 __func__));
3557 m_freem(m);
3558 } else {
3559 IGMP_PRINTF(("%s: m_adj(m, -ig)\n",
3560 __func__));
3561 m_adj(m, -((int)sizeof(
3562 struct igmp_grouprec)));
3563 }
3564 continue;
3565 }
3566 npbytes += (rsrcs * sizeof(in_addr_t));
3567 if (crt == REC_ALLOW)
3568 pig->ig_type = IGMP_ALLOW_NEW_SOURCES;
3569 else if (crt == REC_BLOCK)
3570 pig->ig_type = IGMP_BLOCK_OLD_SOURCES;
3571 ig_numsrc = htons(rsrcs);
3572 bcopy(&ig_numsrc, &pig->ig_numsrc, sizeof (ig_numsrc));
3573 /*
3574 * Count the new group record, and enqueue this
3575 * packet if it wasn't already queued.
3576 */
3577 m->m_pkthdr.vt_nrecs++;
3578 if (m != m0)
3579 IF_ENQUEUE(ifq, m);
3580 nbytes += npbytes;
3581 } while (nims != NULL);
3582 drt |= crt;
3583 crt = (~crt & REC_FULL);
3584 }
3585
3586 IGMP_PRINTF(("%s: queued %d ALLOW_NEW, %d BLOCK_OLD\n", __func__,
3587 nallow, nblock));
3588
3589 return (nbytes);
3590 }
3591
3592 static int
3593 igmp_v3_merge_state_changes(struct in_multi *inm, struct ifqueue *ifscq)
3594 {
3595 struct ifqueue *gq;
3596 struct mbuf *m; /* pending state-change */
3597 struct mbuf *m0; /* copy of pending state-change */
3598 struct mbuf *mt; /* last state-change in packet */
3599 struct mbuf *n;
3600 int docopy, domerge;
3601 u_int recslen;
3602
3603 INM_LOCK_ASSERT_HELD(inm);
3604
3605 docopy = 0;
3606 domerge = 0;
3607 recslen = 0;
3608
3609 /*
3610 * If there are further pending retransmissions, make a writable
3611 * copy of each queued state-change message before merging.
3612 */
3613 if (inm->inm_scrv > 0)
3614 docopy = 1;
3615
3616 gq = &inm->inm_scq;
3617 #ifdef IGMP_DEBUG
3618 if (gq->ifq_head == NULL) {
3619 IGMP_PRINTF(("%s: WARNING: queue for inm 0x%llx is empty\n",
3620 __func__, (uint64_t)VM_KERNEL_ADDRPERM(inm)));
3621 }
3622 #endif
3623
3624 /*
3625 * Use IF_REMQUEUE() instead of IF_DEQUEUE() below, since the
3626 * packet might not always be at the head of the ifqueue.
3627 */
3628 m = gq->ifq_head;
3629 while (m != NULL) {
3630 /*
3631 * Only merge the report into the current packet if
3632 * there is sufficient space to do so; an IGMPv3 report
3633 * packet may only contain 65,535 group records.
3634 * Always use a simple mbuf chain concatentation to do this,
3635 * as large state changes for single groups may have
3636 * allocated clusters.
3637 */
3638 domerge = 0;
3639 mt = ifscq->ifq_tail;
3640 if (mt != NULL) {
3641 recslen = m_length(m);
3642
3643 if ((mt->m_pkthdr.vt_nrecs +
3644 m->m_pkthdr.vt_nrecs <=
3645 IGMP_V3_REPORT_MAXRECS) &&
3646 (mt->m_pkthdr.len + recslen <=
3647 (inm->inm_ifp->if_mtu - IGMP_LEADINGSPACE)))
3648 domerge = 1;
3649 }
3650
3651 if (!domerge && IF_QFULL(gq)) {
3652 IGMP_PRINTF(("%s: outbound queue full, skipping whole "
3653 "packet 0x%llx\n", __func__,
3654 (uint64_t)VM_KERNEL_ADDRPERM(m)));
3655 n = m->m_nextpkt;
3656 if (!docopy) {
3657 IF_REMQUEUE(gq, m);
3658 m_freem(m);
3659 }
3660 m = n;
3661 continue;
3662 }
3663
3664 if (!docopy) {
3665 IGMP_PRINTF(("%s: dequeueing 0x%llx\n", __func__,
3666 (uint64_t)VM_KERNEL_ADDRPERM(m)));
3667 n = m->m_nextpkt;
3668 IF_REMQUEUE(gq, m);
3669 m0 = m;
3670 m = n;
3671 } else {
3672 IGMP_PRINTF(("%s: copying 0x%llx\n", __func__,
3673 (uint64_t)VM_KERNEL_ADDRPERM(m)));
3674 m0 = m_dup(m, M_NOWAIT);
3675 if (m0 == NULL)
3676 return (ENOMEM);
3677 m0->m_nextpkt = NULL;
3678 m = m->m_nextpkt;
3679 }
3680
3681 if (!domerge) {
3682 IGMP_PRINTF(("%s: queueing 0x%llx to ifscq 0x%llx)\n",
3683 __func__, (uint64_t)VM_KERNEL_ADDRPERM(m0),
3684 (uint64_t)VM_KERNEL_ADDRPERM(ifscq)));
3685 IF_ENQUEUE(ifscq, m0);
3686 } else {
3687 struct mbuf *mtl; /* last mbuf of packet mt */
3688
3689 IGMP_PRINTF(("%s: merging 0x%llx with ifscq tail "
3690 "0x%llx)\n", __func__,
3691 (uint64_t)VM_KERNEL_ADDRPERM(m0),
3692 (uint64_t)VM_KERNEL_ADDRPERM(mt)));
3693
3694 mtl = m_last(mt);
3695 m0->m_flags &= ~M_PKTHDR;
3696 mt->m_pkthdr.len += recslen;
3697 mt->m_pkthdr.vt_nrecs +=
3698 m0->m_pkthdr.vt_nrecs;
3699
3700 mtl->m_next = m0;
3701 }
3702 }
3703
3704 return (0);
3705 }
3706
3707 /*
3708 * Respond to a pending IGMPv3 General Query.
3709 */
3710 static uint32_t
3711 igmp_v3_dispatch_general_query(struct igmp_ifinfo *igi)
3712 {
3713 struct ifnet *ifp;
3714 struct in_multi *inm;
3715 struct in_multistep step;
3716 int retval, loop;
3717
3718 IGI_LOCK_ASSERT_HELD(igi);
3719
3720 VERIFY(igi->igi_version == IGMP_VERSION_3);
3721
3722 ifp = igi->igi_ifp;
3723 IGI_UNLOCK(igi);
3724
3725 in_multihead_lock_shared();
3726 IN_FIRST_MULTI(step, inm);
3727 while (inm != NULL) {
3728 INM_LOCK(inm);
3729 if (inm->inm_ifp != ifp)
3730 goto next;
3731
3732 switch (inm->inm_state) {
3733 case IGMP_NOT_MEMBER:
3734 case IGMP_SILENT_MEMBER:
3735 break;
3736 case IGMP_REPORTING_MEMBER:
3737 case IGMP_IDLE_MEMBER:
3738 case IGMP_LAZY_MEMBER:
3739 case IGMP_SLEEPING_MEMBER:
3740 case IGMP_AWAKENING_MEMBER:
3741 inm->inm_state = IGMP_REPORTING_MEMBER;
3742 IGI_LOCK(igi);
3743 retval = igmp_v3_enqueue_group_record(&igi->igi_gq,
3744 inm, 0, 0, 0);
3745 IGI_UNLOCK(igi);
3746 IGMP_PRINTF(("%s: enqueue record = %d\n",
3747 __func__, retval));
3748 break;
3749 case IGMP_G_QUERY_PENDING_MEMBER:
3750 case IGMP_SG_QUERY_PENDING_MEMBER:
3751 case IGMP_LEAVING_MEMBER:
3752 break;
3753 }
3754 next:
3755 INM_UNLOCK(inm);
3756 IN_NEXT_MULTI(step, inm);
3757 }
3758 in_multihead_lock_done();
3759
3760 IGI_LOCK(igi);
3761 loop = (igi->igi_flags & IGIF_LOOPBACK) ? 1 : 0;
3762 igmp_dispatch_queue(igi, &igi->igi_gq, IGMP_MAX_RESPONSE_BURST,
3763 loop);
3764 IGI_LOCK_ASSERT_HELD(igi);
3765 /*
3766 * Slew transmission of bursts over 1 second intervals.
3767 */
3768 if (igi->igi_gq.ifq_head != NULL) {
3769 igi->igi_v3_timer = 1 + IGMP_RANDOM_DELAY(
3770 IGMP_RESPONSE_BURST_INTERVAL);
3771 }
3772
3773 return (igi->igi_v3_timer);
3774 }
3775
3776 /*
3777 * Transmit the next pending IGMP message in the output queue.
3778 *
3779 * Must not be called with inm_lock or igi_lock held.
3780 */
3781 static void
3782 igmp_sendpkt(struct mbuf *m)
3783 {
3784 struct ip_moptions *imo;
3785 struct mbuf *ipopts, *m0;
3786 int error;
3787 struct route ro;
3788 struct ifnet *ifp;
3789
3790 IGMP_PRINTF(("%s: transmit 0x%llx\n", __func__,
3791 (uint64_t)VM_KERNEL_ADDRPERM(m)));
3792
3793 ifp = igmp_restore_context(m);
3794 /*
3795 * Check if the ifnet is still attached.
3796 */
3797 if (ifp == NULL || !ifnet_is_attached(ifp, 0)) {
3798 IGMP_PRINTF(("%s: dropped 0x%llx as ifp went away.\n",
3799 __func__, (uint64_t)VM_KERNEL_ADDRPERM(m)));
3800 m_freem(m);
3801 OSAddAtomic(1, &ipstat.ips_noroute);
3802 return;
3803 }
3804
3805 ipopts = igmp_sendra ? m_raopt : NULL;
3806
3807 imo = ip_allocmoptions(M_WAITOK);
3808 if (imo == NULL) {
3809 m_freem(m);
3810 return;
3811 }
3812
3813 imo->imo_multicast_ttl = 1;
3814 imo->imo_multicast_vif = -1;
3815 #if MROUTING
3816 imo->imo_multicast_loop = (ip_mrouter != NULL);
3817 #else
3818 imo->imo_multicast_loop = 0;
3819 #endif
3820
3821 /*
3822 * If the user requested that IGMP traffic be explicitly
3823 * redirected to the loopback interface (e.g. they are running a
3824 * MANET interface and the routing protocol needs to see the
3825 * updates), handle this now.
3826 */
3827 if (m->m_flags & M_IGMP_LOOP)
3828 imo->imo_multicast_ifp = lo_ifp;
3829 else
3830 imo->imo_multicast_ifp = ifp;
3831
3832 if (m->m_flags & M_IGMPV2) {
3833 m0 = m;
3834 } else {
3835 m0 = igmp_v3_encap_report(ifp, m);
3836 if (m0 == NULL) {
3837 /*
3838 * If igmp_v3_encap_report() failed, then M_PREPEND()
3839 * already freed the original mbuf chain.
3840 * This means that we don't have to m_freem(m) here.
3841 */
3842 IGMP_PRINTF(("%s: dropped 0x%llx\n", __func__,
3843 (uint64_t)VM_KERNEL_ADDRPERM(m)));
3844 IMO_REMREF(imo);
3845 atomic_add_32(&ipstat.ips_odropped, 1);
3846 return;
3847 }
3848 }
3849
3850 igmp_scrub_context(m0);
3851 m->m_flags &= ~(M_PROTOFLAGS | M_IGMP_LOOP);
3852 m0->m_pkthdr.rcvif = lo_ifp;
3853 #ifdef MAC
3854 mac_netinet_igmp_send(ifp, m0);
3855 #endif
3856
3857 if (ifp->if_eflags & IFEF_TXSTART) {
3858 /*
3859 * Use control service class if the interface supports
3860 * transmit-start model.
3861 */
3862 (void) m_set_service_class(m0, MBUF_SC_CTL);
3863 }
3864 bzero(&ro, sizeof (ro));
3865 error = ip_output(m0, ipopts, &ro, 0, imo, NULL);
3866 ROUTE_RELEASE(&ro);
3867
3868 IMO_REMREF(imo);
3869
3870 if (error) {
3871 IGMP_PRINTF(("%s: ip_output(0x%llx) = %d\n", __func__,
3872 (uint64_t)VM_KERNEL_ADDRPERM(m0), error));
3873 return;
3874 }
3875
3876 IGMPSTAT_INC(igps_snd_reports);
3877 OIGMPSTAT_INC(igps_snd_reports);
3878 }
3879 /*
3880 * Encapsulate an IGMPv3 report.
3881 *
3882 * The internal mbuf flag M_IGMPV3_HDR is used to indicate that the mbuf
3883 * chain has already had its IP/IGMPv3 header prepended. In this case
3884 * the function will not attempt to prepend; the lengths and checksums
3885 * will however be re-computed.
3886 *
3887 * Returns a pointer to the new mbuf chain head, or NULL if the
3888 * allocation failed.
3889 */
3890 static struct mbuf *
3891 igmp_v3_encap_report(struct ifnet *ifp, struct mbuf *m)
3892 {
3893 struct igmp_report *igmp;
3894 struct ip *ip;
3895 int hdrlen, igmpreclen;
3896
3897 VERIFY((m->m_flags & M_PKTHDR));
3898
3899 igmpreclen = m_length(m);
3900 hdrlen = sizeof(struct ip) + sizeof(struct igmp_report);
3901
3902 if (m->m_flags & M_IGMPV3_HDR) {
3903 igmpreclen -= hdrlen;
3904 } else {
3905 M_PREPEND(m, hdrlen, M_DONTWAIT);
3906 if (m == NULL)
3907 return (NULL);
3908 m->m_flags |= M_IGMPV3_HDR;
3909 }
3910
3911 IGMP_PRINTF(("%s: igmpreclen is %d\n", __func__, igmpreclen));
3912
3913 m->m_data += sizeof(struct ip);
3914 m->m_len -= sizeof(struct ip);
3915
3916 igmp = mtod(m, struct igmp_report *);
3917 igmp->ir_type = IGMP_v3_HOST_MEMBERSHIP_REPORT;
3918 igmp->ir_rsv1 = 0;
3919 igmp->ir_rsv2 = 0;
3920 igmp->ir_numgrps = htons(m->m_pkthdr.vt_nrecs);
3921 igmp->ir_cksum = 0;
3922 igmp->ir_cksum = in_cksum(m, sizeof(struct igmp_report) + igmpreclen);
3923 m->m_pkthdr.vt_nrecs = 0;
3924
3925 m->m_data -= sizeof(struct ip);
3926 m->m_len += sizeof(struct ip);
3927
3928 ip = mtod(m, struct ip *);
3929 ip->ip_tos = IPTOS_PREC_INTERNETCONTROL;
3930 ip->ip_len = hdrlen + igmpreclen;
3931 ip->ip_off = IP_DF;
3932 ip->ip_p = IPPROTO_IGMP;
3933 ip->ip_sum = 0;
3934
3935 ip->ip_src.s_addr = INADDR_ANY;
3936
3937 if (m->m_flags & M_IGMP_LOOP) {
3938 struct in_ifaddr *ia;
3939
3940 IFP_TO_IA(ifp, ia);
3941 if (ia != NULL) {
3942 IFA_LOCK(&ia->ia_ifa);
3943 ip->ip_src = ia->ia_addr.sin_addr;
3944 IFA_UNLOCK(&ia->ia_ifa);
3945 IFA_REMREF(&ia->ia_ifa);
3946 }
3947 }
3948
3949 ip->ip_dst.s_addr = htonl(INADDR_ALLRPTS_GROUP);
3950
3951 return (m);
3952 }
3953
3954 #ifdef IGMP_DEBUG
3955 static const char *
3956 igmp_rec_type_to_str(const int type)
3957 {
3958 switch (type) {
3959 case IGMP_CHANGE_TO_EXCLUDE_MODE:
3960 return "TO_EX";
3961 break;
3962 case IGMP_CHANGE_TO_INCLUDE_MODE:
3963 return "TO_IN";
3964 break;
3965 case IGMP_MODE_IS_EXCLUDE:
3966 return "MODE_EX";
3967 break;
3968 case IGMP_MODE_IS_INCLUDE:
3969 return "MODE_IN";
3970 break;
3971 case IGMP_ALLOW_NEW_SOURCES:
3972 return "ALLOW_NEW";
3973 break;
3974 case IGMP_BLOCK_OLD_SOURCES:
3975 return "BLOCK_OLD";
3976 break;
3977 default:
3978 break;
3979 }
3980 return "unknown";
3981 }
3982 #endif
3983
3984 void
3985 igmp_init(struct protosw *pp, struct domain *dp)
3986 {
3987 #pragma unused(dp)
3988 static int igmp_initialized = 0;
3989
3990 VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
3991
3992 if (igmp_initialized)
3993 return;
3994 igmp_initialized = 1;
3995
3996 IGMP_PRINTF(("%s: initializing\n", __func__));
3997
3998 igmp_timers_are_running = 0;
3999
4000 /* Setup lock group and attribute for igmp_mtx */
4001 igmp_mtx_grp_attr = lck_grp_attr_alloc_init();
4002 igmp_mtx_grp = lck_grp_alloc_init("igmp_mtx", igmp_mtx_grp_attr);
4003 igmp_mtx_attr = lck_attr_alloc_init();
4004 lck_mtx_init(&igmp_mtx, igmp_mtx_grp, igmp_mtx_attr);
4005
4006 LIST_INIT(&igi_head);
4007 m_raopt = igmp_ra_alloc();
4008
4009 igi_size = sizeof (struct igmp_ifinfo);
4010 igi_zone = zinit(igi_size, IGI_ZONE_MAX * igi_size,
4011 0, IGI_ZONE_NAME);
4012 if (igi_zone == NULL) {
4013 panic("%s: failed allocating %s", __func__, IGI_ZONE_NAME);
4014 /* NOTREACHED */
4015 }
4016 zone_change(igi_zone, Z_EXPAND, TRUE);
4017 zone_change(igi_zone, Z_CALLERACCT, FALSE);
4018 }
mirror of XNU