]> git.saurik.com Git - apple/xnu.git/blob - bsd/net/if_stf.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-6153.41.3.tar.gz
[apple/xnu.git] / bsd / net / if_stf.c
1 /*
2 * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $FreeBSD: src/sys/net/if_stf.c,v 1.1.2.6 2001/07/24 19:10:18 brooks Exp $ */
30 /* $KAME: if_stf.c,v 1.62 2001/06/07 22:32:16 itojun Exp $ */
31
32 /*
33 * Copyright (C) 2000 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60 /*
61 * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce
62 * support for mandatory and extensible security protections. This notice
63 * is included in support of clause 2.2 (b) of the Apple Public License,
64 * Version 2.0.
65 */
66
67 /*
68 * 6to4 interface, based on RFC3056.
69 *
70 * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting.
71 * There is no address mapping defined from IPv6 multicast address to IPv4
72 * address. Therefore, we do not have IFF_MULTICAST on the interface.
73 *
74 * Due to the lack of address mapping for link-local addresses, we cannot
75 * throw packets toward link-local addresses (fe80::x). Also, we cannot throw
76 * packets to link-local multicast addresses (ff02::x).
77 *
78 * Here are interesting symptoms due to the lack of link-local address:
79 *
80 * Unicast routing exchange:
81 * - RIPng: Impossible. Uses link-local multicast packet toward ff02::9,
82 * and link-local addresses as nexthop.
83 * - OSPFv6: Impossible. OSPFv6 assumes that there's link-local address
84 * assigned to the link, and makes use of them. Also, HELLO packets use
85 * link-local multicast addresses (ff02::5 and ff02::6).
86 * - BGP4+: Maybe. You can only use global address as nexthop, and global
87 * address as TCP endpoint address.
88 *
89 * Multicast routing protocols:
90 * - PIM: Hello packet cannot be used to discover adjacent PIM routers.
91 * Adjacent PIM routers must be configured manually (is it really spec-wise
92 * correct thing to do?).
93 *
94 * ICMPv6:
95 * - Redirects cannot be used due to the lack of link-local address.
96 *
97 * stf interface does not have, and will not need, a link-local address.
98 * It seems to have no real benefit and does not help the above symptoms much.
99 * Even if we assign link-locals to interface, we cannot really
100 * use link-local unicast/multicast on top of 6to4 cloud (since there's no
101 * encapsulation defined for link-local address), and the above analysis does
102 * not change. RFC3056 does not mandate the assignment of link-local address
103 * either.
104 *
105 * 6to4 interface has security issues. Refer to
106 * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt
107 * for details. The code tries to filter out some of malicious packets.
108 * Note that there is no way to be 100% secure.
109 */
110
111 #include <sys/param.h>
112 #include <sys/systm.h>
113 #include <sys/socket.h>
114 #include <sys/sockio.h>
115 #include <sys/mbuf.h>
116 #include <sys/errno.h>
117 #include <sys/protosw.h>
118 #include <sys/kernel.h>
119 #include <sys/syslog.h>
120
121 #include <sys/malloc.h>
122
123 #include <kern/locks.h>
124
125 #include <net/if.h>
126 #include <net/route.h>
127 #include <net/if_types.h>
128
129 #include <netinet/in.h>
130 #include <netinet/in_systm.h>
131 #include <netinet/ip.h>
132 #include <netinet/ip_var.h>
133 #include <netinet/in_var.h>
134
135 #include <netinet/ip6.h>
136 #include <netinet6/ip6_var.h>
137 #include <netinet6/in6_var.h>
138 #include <netinet/ip_ecn.h>
139
140 #include <netinet/ip_encap.h>
141 #include <net/kpi_interface.h>
142 #include <net/kpi_protocol.h>
143
144
145 #include <net/net_osdep.h>
146
147 #include <net/bpf.h>
148
149 #if CONFIG_MACF_NET
150 #include <security/mac_framework.h>
151 #endif
152
153 #define GET_V4(x) ((const struct in_addr *)(const void *)(&(x)->s6_addr16[1]))
154
155 static lck_grp_t *stf_mtx_grp;
156
157 struct stf_softc {
158 ifnet_t sc_if; /* common area */
159 u_int32_t sc_protocol_family; /* dlil protocol attached */
160 union {
161 struct route __sc_ro4;
162 struct route_in6 __sc_ro6; /* just for safety */
163 } __sc_ro46;
164 #define sc_ro __sc_ro46.__sc_ro4
165 decl_lck_mtx_data(, sc_ro_mtx);
166 const struct encaptab *encap_cookie;
167 bpf_tap_mode tap_mode;
168 bpf_packet_func tap_callback;
169 };
170
171 void stfattach(void);
172
173 static int ip_stf_ttl = 40;
174 static int stf_init_done;
175
176 static void in_stf_input(struct mbuf *, int);
177 static void stfinit(void);
178
179 static struct protosw in_stf_protosw =
180 {
181 .pr_type = SOCK_RAW,
182 .pr_protocol = IPPROTO_IPV6,
183 .pr_flags = PR_ATOMIC | PR_ADDR,
184 .pr_input = in_stf_input,
185 .pr_ctloutput = rip_ctloutput,
186 .pr_usrreqs = &rip_usrreqs,
187 .pr_unlock = rip_unlock,
188 };
189
190 static int stf_encapcheck(const struct mbuf *, int, int, void *);
191 static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *);
192 int stf_pre_output(struct ifnet *, protocol_family_t, struct mbuf **,
193 const struct sockaddr *, void *, char *, char *);
194 static int stf_checkaddr4(struct stf_softc *, const struct in_addr *,
195 struct ifnet *);
196 static int stf_checkaddr6(struct stf_softc *, struct in6_addr *,
197 struct ifnet *);
198 static void stf_rtrequest(int, struct rtentry *, struct sockaddr *);
199 static errno_t stf_ioctl(ifnet_t ifp, u_long cmd, void *data);
200 static errno_t stf_output(ifnet_t ifp, mbuf_t m);
201
202 static void
203 stfinit(void)
204 {
205 if (!stf_init_done) {
206 stf_mtx_grp = lck_grp_alloc_init("stf", LCK_GRP_ATTR_NULL);
207 stf_init_done = 1;
208 }
209 }
210
211 /*
212 * gif_input is the input handler for IP and IPv6 attached to gif
213 */
214 static errno_t
215 stf_media_input(
216 __unused ifnet_t ifp,
217 protocol_family_t protocol_family,
218 mbuf_t m,
219 __unused char *frame_header)
220 {
221 if (proto_input(protocol_family, m) != 0) {
222 m_freem(m);
223 }
224
225 return 0;
226 }
227
228
229
230 static errno_t
231 stf_add_proto(
232 ifnet_t ifp,
233 protocol_family_t protocol_family,
234 __unused const struct ifnet_demux_desc *demux_array,
235 __unused u_int32_t demux_count)
236 {
237 /* Only one protocol may be attached at a time */
238 struct stf_softc* stf = ifnet_softc(ifp);
239 if (stf->sc_protocol_family == 0) {
240 stf->sc_protocol_family = protocol_family;
241 } else {
242 printf("stf_add_proto: stf already has a proto\n");
243 return EBUSY;
244 }
245
246 return 0;
247 }
248
249 static errno_t
250 stf_del_proto(
251 ifnet_t ifp,
252 protocol_family_t protocol_family)
253 {
254 if (((struct stf_softc*)ifnet_softc(ifp))->sc_protocol_family == protocol_family) {
255 ((struct stf_softc*)ifnet_softc(ifp))->sc_protocol_family = 0;
256 }
257
258 return 0;
259 }
260
261 static errno_t
262 stf_attach_inet6(
263 ifnet_t ifp,
264 protocol_family_t protocol_family)
265 {
266 struct ifnet_attach_proto_param reg;
267 errno_t stat;
268
269 if (protocol_family != PF_INET6) {
270 return EPROTONOSUPPORT;
271 }
272
273 bzero(&reg, sizeof(reg));
274 reg.input = stf_media_input;
275 reg.pre_output = stf_pre_output;
276
277 stat = ifnet_attach_protocol(ifp, protocol_family, &reg);
278 if (stat && stat != EEXIST) {
279 printf("stf_attach_proto_family can't attach interface fam=%d\n",
280 protocol_family);
281 }
282
283 return stat;
284 }
285
286 static errno_t
287 stf_demux(
288 ifnet_t ifp,
289 __unused mbuf_t m,
290 __unused char *frame_ptr,
291 protocol_family_t *protocol_family)
292 {
293 struct stf_softc* stf = ifnet_softc(ifp);
294 *protocol_family = stf->sc_protocol_family;
295 return 0;
296 }
297
298 static errno_t
299 stf_set_bpf_tap(
300 ifnet_t ifp,
301 bpf_tap_mode mode,
302 bpf_packet_func callback)
303 {
304 struct stf_softc *sc = ifnet_softc(ifp);
305
306 sc->tap_mode = mode;
307 sc->tap_callback = callback;
308
309 return 0;
310 }
311
312 void
313 stfattach(void)
314 {
315 struct stf_softc *sc;
316 int error;
317 const struct encaptab *p;
318 struct ifnet_init_eparams stf_init;
319
320 stfinit();
321
322 error = proto_register_plumber(PF_INET6, APPLE_IF_FAM_STF,
323 stf_attach_inet6, NULL);
324 if (error != 0) {
325 printf("proto_register_plumber failed for AF_INET6 error=%d\n", error);
326 }
327
328 sc = _MALLOC(sizeof(struct stf_softc), M_DEVBUF, M_WAITOK | M_ZERO);
329 if (sc == 0) {
330 printf("stf softc attach failed\n" );
331 return;
332 }
333
334 p = encap_attach_func(AF_INET, IPPROTO_IPV6, stf_encapcheck,
335 &in_stf_protosw, sc);
336 if (p == NULL) {
337 printf("sftattach encap_attach_func failed\n");
338 FREE(sc, M_DEVBUF);
339 return;
340 }
341 sc->encap_cookie = p;
342 lck_mtx_init(&sc->sc_ro_mtx, stf_mtx_grp, LCK_ATTR_NULL);
343
344 bzero(&stf_init, sizeof(stf_init));
345 stf_init.ver = IFNET_INIT_CURRENT_VERSION;
346 stf_init.len = sizeof(stf_init);
347 stf_init.flags = IFNET_INIT_LEGACY;
348 stf_init.name = "stf";
349 stf_init.unit = 0;
350 stf_init.type = IFT_STF;
351 stf_init.family = IFNET_FAMILY_STF;
352 stf_init.output = stf_output;
353 stf_init.demux = stf_demux;
354 stf_init.add_proto = stf_add_proto;
355 stf_init.del_proto = stf_del_proto;
356 stf_init.softc = sc;
357 stf_init.ioctl = stf_ioctl;
358 stf_init.set_bpf_tap = stf_set_bpf_tap;
359
360 error = ifnet_allocate_extended(&stf_init, &sc->sc_if);
361 if (error != 0) {
362 printf("stfattach, ifnet_allocate failed - %d\n", error);
363 encap_detach(sc->encap_cookie);
364 lck_mtx_destroy(&sc->sc_ro_mtx, stf_mtx_grp);
365 FREE(sc, M_DEVBUF);
366 return;
367 }
368 ifnet_set_mtu(sc->sc_if, IPV6_MMTU);
369 ifnet_set_flags(sc->sc_if, 0, 0xffff); /* clear all flags */
370 #if 0
371 /* turn off ingress filter */
372 ifnet_set_flags(sc->sc_if, IFF_LINK2, IFF_LINK2);
373 #endif
374
375 #if CONFIG_MACF_NET
376 mac_ifnet_label_init(&sc->sc_if);
377 #endif
378
379 error = ifnet_attach(sc->sc_if, NULL);
380 if (error != 0) {
381 printf("stfattach: ifnet_attach returned error=%d\n", error);
382 encap_detach(sc->encap_cookie);
383 ifnet_release(sc->sc_if);
384 lck_mtx_destroy(&sc->sc_ro_mtx, stf_mtx_grp);
385 FREE(sc, M_DEVBUF);
386 return;
387 }
388
389 bpfattach(sc->sc_if, DLT_NULL, sizeof(u_int));
390
391 return;
392 }
393
394 static int
395 stf_encapcheck(
396 const struct mbuf *m,
397 __unused int off,
398 int proto,
399 void *arg)
400 {
401 struct ip ip;
402 struct in6_ifaddr *ia6;
403 struct stf_softc *sc;
404 struct in_addr a, b;
405
406 sc = (struct stf_softc *)arg;
407 if (sc == NULL) {
408 return 0;
409 }
410
411 if ((ifnet_flags(sc->sc_if) & IFF_UP) == 0) {
412 return 0;
413 }
414
415 /* IFF_LINK0 means "no decapsulation" */
416 if ((ifnet_flags(sc->sc_if) & IFF_LINK0) != 0) {
417 return 0;
418 }
419
420 if (proto != IPPROTO_IPV6) {
421 return 0;
422 }
423
424 mbuf_copydata((struct mbuf *)(size_t)m, 0, sizeof(ip), &ip);
425
426 if (ip.ip_v != 4) {
427 return 0;
428 }
429
430 ia6 = stf_getsrcifa6(sc->sc_if);
431 if (ia6 == NULL) {
432 return 0;
433 }
434
435 /*
436 * check if IPv4 dst matches the IPv4 address derived from the
437 * local 6to4 address.
438 * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:...
439 */
440 IFA_LOCK(&ia6->ia_ifa);
441 if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst,
442 sizeof(ip.ip_dst)) != 0) {
443 IFA_UNLOCK(&ia6->ia_ifa);
444 IFA_REMREF(&ia6->ia_ifa);
445 return 0;
446 }
447 /*
448 * check if IPv4 src matches the IPv4 address derived from the
449 * local 6to4 address masked by prefixmask.
450 * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24
451 * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24
452 */
453 bzero(&a, sizeof(a));
454 a.s_addr = GET_V4(&ia6->ia_addr.sin6_addr)->s_addr;
455 a.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr;
456 b = ip.ip_src;
457 b.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr;
458 if (a.s_addr != b.s_addr) {
459 IFA_UNLOCK(&ia6->ia_ifa);
460 IFA_REMREF(&ia6->ia_ifa);
461 return 0;
462 }
463 /* stf interface makes single side match only */
464 IFA_UNLOCK(&ia6->ia_ifa);
465 IFA_REMREF(&ia6->ia_ifa);
466 return 32;
467 }
468
469 static struct in6_ifaddr *
470 stf_getsrcifa6(struct ifnet *ifp)
471 {
472 struct ifaddr *ia;
473 struct in_ifaddr *ia4;
474 struct sockaddr_in6 *sin6;
475 struct in_addr in;
476
477 ifnet_lock_shared(ifp);
478 for (ia = ifp->if_addrlist.tqh_first; ia; ia = ia->ifa_list.tqe_next) {
479 IFA_LOCK(ia);
480 if (ia->ifa_addr == NULL) {
481 IFA_UNLOCK(ia);
482 continue;
483 }
484 if (ia->ifa_addr->sa_family != AF_INET6) {
485 IFA_UNLOCK(ia);
486 continue;
487 }
488 sin6 = (struct sockaddr_in6 *)(void *)ia->ifa_addr;
489 if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) {
490 IFA_UNLOCK(ia);
491 continue;
492 }
493 bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in));
494 IFA_UNLOCK(ia);
495 lck_rw_lock_shared(in_ifaddr_rwlock);
496 for (ia4 = TAILQ_FIRST(&in_ifaddrhead);
497 ia4;
498 ia4 = TAILQ_NEXT(ia4, ia_link)) {
499 IFA_LOCK(&ia4->ia_ifa);
500 if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) {
501 IFA_UNLOCK(&ia4->ia_ifa);
502 break;
503 }
504 IFA_UNLOCK(&ia4->ia_ifa);
505 }
506 lck_rw_done(in_ifaddr_rwlock);
507 if (ia4 == NULL) {
508 continue;
509 }
510
511 IFA_ADDREF(ia); /* for caller */
512 ifnet_lock_done(ifp);
513 return (struct in6_ifaddr *)ia;
514 }
515 ifnet_lock_done(ifp);
516
517 return NULL;
518 }
519
520 int
521 stf_pre_output(
522 struct ifnet *ifp,
523 __unused protocol_family_t protocol_family,
524 struct mbuf **m0,
525 const struct sockaddr *dst,
526 __unused void *route,
527 __unused char *desk_linkaddr,
528 __unused char *frame_type)
529 {
530 struct mbuf *m = *m0;
531 struct stf_softc *sc;
532 const struct sockaddr_in6 *dst6;
533 const struct in_addr *in4;
534 u_int8_t tos;
535 struct ip *ip;
536 struct ip6_hdr *ip6;
537 struct in6_ifaddr *ia6;
538 struct sockaddr_in *dst4;
539 struct ip_out_args ipoa;
540 errno_t result = 0;
541
542 bzero(&ipoa, sizeof(ipoa));
543 ipoa.ipoa_boundif = IFSCOPE_NONE;
544 ipoa.ipoa_flags = IPOAF_SELECT_SRCIF;
545 ipoa.ipoa_sotc = SO_TC_UNSPEC;
546 ipoa.ipoa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
547
548 sc = ifnet_softc(ifp);
549 dst6 = (const struct sockaddr_in6 *)(const void *)dst;
550
551 /* just in case */
552 if ((ifnet_flags(ifp) & IFF_UP) == 0) {
553 printf("stf: IFF_DOWN\n");
554 return ENETDOWN;
555 }
556
557 /*
558 * If we don't have an ip4 address that match my inner ip6 address,
559 * we shouldn't generate output. Without this check, we'll end up
560 * using wrong IPv4 source.
561 */
562 ia6 = stf_getsrcifa6(ifp);
563 if (ia6 == NULL) {
564 return ENETDOWN;
565 }
566
567 if (mbuf_len(m) < sizeof(*ip6)) {
568 m = m_pullup(m, sizeof(*ip6));
569 if (!m) {
570 *m0 = NULL; /* makes sure this won't be double freed */
571 IFA_REMREF(&ia6->ia_ifa);
572 return ENOBUFS;
573 }
574 }
575 ip6 = mtod(m, struct ip6_hdr *);
576 tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
577
578 /*
579 * Pickup the right outer dst addr from the list of candidates.
580 * ip6_dst has priority as it may be able to give us shorter IPv4 hops.
581 */
582 if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) {
583 in4 = GET_V4(&ip6->ip6_dst);
584 } else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) {
585 in4 = GET_V4(&dst6->sin6_addr);
586 } else {
587 IFA_REMREF(&ia6->ia_ifa);
588 return ENETUNREACH;
589 }
590
591 if (ifp->if_bpf) {
592 /* We need to prepend the address family as a four byte field. */
593 u_int32_t af = AF_INET6;
594
595 bpf_tap_out(ifp, 0, m, &af, sizeof(af));
596 }
597
598 M_PREPEND(m, sizeof(struct ip), M_DONTWAIT, 1);
599 if (m && mbuf_len(m) < sizeof(struct ip)) {
600 m = m_pullup(m, sizeof(struct ip));
601 }
602 if (m == NULL) {
603 *m0 = NULL;
604 IFA_REMREF(&ia6->ia_ifa);
605 return ENOBUFS;
606 }
607 ip = mtod(m, struct ip *);
608
609 bzero(ip, sizeof(*ip));
610
611 IFA_LOCK_SPIN(&ia6->ia_ifa);
612 bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
613 &ip->ip_src, sizeof(ip->ip_src));
614 IFA_UNLOCK(&ia6->ia_ifa);
615 bcopy(in4, &ip->ip_dst, sizeof(ip->ip_dst));
616 ip->ip_p = IPPROTO_IPV6;
617 ip->ip_ttl = ip_stf_ttl;
618 ip->ip_len = m->m_pkthdr.len; /*host order*/
619 if (ifp->if_flags & IFF_LINK1) {
620 ip_ecn_ingress(ECN_NORMAL, &ip->ip_tos, &tos);
621 } else {
622 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos);
623 }
624
625 lck_mtx_lock(&sc->sc_ro_mtx);
626 dst4 = (struct sockaddr_in *)(void *)&sc->sc_ro.ro_dst;
627 if (ROUTE_UNUSABLE(&sc->sc_ro) || dst4->sin_family != AF_INET ||
628 bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) {
629 ROUTE_RELEASE(&sc->sc_ro);
630 /* cache route doesn't match: always the case during the first use */
631 dst4->sin_family = AF_INET;
632 dst4->sin_len = sizeof(struct sockaddr_in);
633 bcopy(&ip->ip_dst, &dst4->sin_addr, sizeof(dst4->sin_addr));
634 }
635
636 result = ip_output(m, NULL, &sc->sc_ro, IP_OUTARGS, NULL, &ipoa);
637 lck_mtx_unlock(&sc->sc_ro_mtx);
638
639 /* Assumption: ip_output will free mbuf on errors */
640 /* All the output processing is done here, don't let stf_output be called */
641 if (result == 0) {
642 result = EJUSTRETURN;
643 }
644 *m0 = NULL;
645 IFA_REMREF(&ia6->ia_ifa);
646 return result;
647 }
648 static errno_t
649 stf_output(
650 __unused ifnet_t ifp,
651 __unused mbuf_t m)
652 {
653 /* All processing is done in stf_pre_output
654 * this shouldn't be called as the pre_output returns "EJUSTRETURN"
655 */
656 return 0;
657 }
658
659 static int
660 stf_checkaddr4(
661 struct stf_softc *sc,
662 const struct in_addr *in,
663 struct ifnet *inifp) /* incoming interface */
664 {
665 struct in_ifaddr *ia4;
666
667 /*
668 * reject packets with the following address:
669 * 224.0.0.0/4 0.0.0.0/8 127.0.0.0/8 255.0.0.0/8
670 */
671 if (IN_MULTICAST(ntohl(in->s_addr))) {
672 return -1;
673 }
674 switch ((ntohl(in->s_addr) & 0xff000000) >> 24) {
675 case 0: case 127: case 255:
676 return -1;
677 }
678
679 /*
680 * reject packets with broadcast
681 */
682 lck_rw_lock_shared(in_ifaddr_rwlock);
683 for (ia4 = TAILQ_FIRST(&in_ifaddrhead);
684 ia4;
685 ia4 = TAILQ_NEXT(ia4, ia_link)) {
686 IFA_LOCK(&ia4->ia_ifa);
687 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) {
688 IFA_UNLOCK(&ia4->ia_ifa);
689 continue;
690 }
691 if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
692 IFA_UNLOCK(&ia4->ia_ifa);
693 lck_rw_done(in_ifaddr_rwlock);
694 return -1;
695 }
696 IFA_UNLOCK(&ia4->ia_ifa);
697 }
698 lck_rw_done(in_ifaddr_rwlock);
699
700 /*
701 * perform ingress filter
702 */
703 if (sc && (ifnet_flags(sc->sc_if) & IFF_LINK2) == 0 && inifp) {
704 struct sockaddr_in sin;
705 struct rtentry *rt;
706
707 bzero(&sin, sizeof(sin));
708 sin.sin_family = AF_INET;
709 sin.sin_len = sizeof(struct sockaddr_in);
710 sin.sin_addr = *in;
711 rt = rtalloc1((struct sockaddr *)&sin, 0, 0);
712 if (rt != NULL) {
713 RT_LOCK(rt);
714 }
715 if (rt == NULL || rt->rt_ifp != inifp) {
716 #if 1
717 log(LOG_WARNING, "%s: packet from 0x%x dropped "
718 "due to ingress filter\n", if_name(sc->sc_if),
719 (u_int32_t)ntohl(sin.sin_addr.s_addr));
720 #endif
721 if (rt != NULL) {
722 RT_UNLOCK(rt);
723 rtfree(rt);
724 }
725 return -1;
726 }
727 RT_UNLOCK(rt);
728 rtfree(rt);
729 }
730
731 return 0;
732 }
733
734 static int
735 stf_checkaddr6(
736 struct stf_softc *sc,
737 struct in6_addr *in6,
738 struct ifnet *inifp) /* incoming interface */
739 {
740 /*
741 * check 6to4 addresses
742 */
743 if (IN6_IS_ADDR_6TO4(in6)) {
744 return stf_checkaddr4(sc, GET_V4(in6), inifp);
745 }
746
747 /*
748 * reject anything that look suspicious. the test is implemented
749 * in ip6_input too, but we check here as well to
750 * (1) reject bad packets earlier, and
751 * (2) to be safe against future ip6_input change.
752 */
753 if (IN6_IS_ADDR_V4COMPAT(in6) || IN6_IS_ADDR_V4MAPPED(in6)) {
754 return -1;
755 }
756
757 return 0;
758 }
759
760 static void
761 in_stf_input(
762 struct mbuf *m,
763 int off)
764 {
765 struct stf_softc *sc;
766 struct ip *ip;
767 struct ip6_hdr ip6;
768 u_int8_t otos, itos;
769 int proto;
770 struct ifnet *ifp;
771 struct ifnet_stat_increment_param stats;
772
773 ip = mtod(m, struct ip *);
774 proto = ip->ip_p;
775
776 if (proto != IPPROTO_IPV6) {
777 m_freem(m);
778 return;
779 }
780
781 ip = mtod(m, struct ip *);
782
783 sc = (struct stf_softc *)encap_getarg(m);
784
785 if (sc == NULL || (ifnet_flags(sc->sc_if) & IFF_UP) == 0) {
786 m_freem(m);
787 return;
788 }
789
790 ifp = sc->sc_if;
791
792 #if MAC_LABEL
793 mac_mbuf_label_associate_ifnet(ifp, m);
794 #endif
795
796 /*
797 * perform sanity check against outer src/dst.
798 * for source, perform ingress filter as well.
799 */
800 if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 ||
801 stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) {
802 m_freem(m);
803 return;
804 }
805
806 otos = ip->ip_tos;
807 mbuf_copydata(m, off, sizeof(ip6), &ip6);
808
809 /*
810 * perform sanity check against inner src/dst.
811 * for source, perform ingress filter as well.
812 */
813 if (stf_checkaddr6(sc, &ip6.ip6_dst, NULL) < 0 ||
814 stf_checkaddr6(sc, &ip6.ip6_src, m->m_pkthdr.rcvif) < 0) {
815 m_freem(m);
816 return;
817 }
818
819 itos = (ntohl(ip6.ip6_flow) >> 20) & 0xff;
820 if ((ifnet_flags(ifp) & IFF_LINK1) != 0) {
821 ip_ecn_egress(ECN_NORMAL, &otos, &itos);
822 } else {
823 ip_ecn_egress(ECN_NOCARE, &otos, &itos);
824 }
825 ip6.ip6_flow &= ~htonl(0xff << 20);
826 ip6.ip6_flow |= htonl((u_int32_t)itos << 20);
827
828 m->m_pkthdr.rcvif = ifp;
829 mbuf_pkthdr_setheader(m, mbuf_data(m));
830 mbuf_adj(m, off);
831
832 if (ifp->if_bpf) {
833 /* We need to prepend the address family as a four byte field. */
834 u_int32_t af = AF_INET6;
835 bpf_tap_in(ifp, 0, m, &af, sizeof(af));
836 }
837
838 /*
839 * Put the packet to the network layer input queue according to the
840 * specified address family.
841 * See net/if_gif.c for possible issues with packet processing
842 * reorder due to extra queueing.
843 */
844 bzero(&stats, sizeof(stats));
845 stats.packets_in = 1;
846 stats.bytes_in = mbuf_pkthdr_len(m);
847 mbuf_pkthdr_setrcvif(m, ifp);
848 ifnet_input(ifp, m, &stats);
849
850 return;
851 }
852
853 static void
854 stf_rtrequest(
855 __unused int cmd,
856 struct rtentry *rt,
857 __unused struct sockaddr *sa)
858 {
859 if (rt != NULL) {
860 RT_LOCK_ASSERT_HELD(rt);
861 rt->rt_rmx.rmx_mtu = IPV6_MMTU;
862 }
863 }
864
865 static errno_t
866 stf_ioctl(
867 ifnet_t ifp,
868 u_long cmd,
869 void *data)
870 {
871 struct ifaddr *ifa;
872 struct ifreq *ifr;
873 struct sockaddr_in6 *sin6;
874 int error;
875
876 error = 0;
877 switch (cmd) {
878 case SIOCSIFADDR:
879 ifa = (struct ifaddr *)data;
880 if (ifa == NULL) {
881 error = EAFNOSUPPORT;
882 break;
883 }
884 IFA_LOCK(ifa);
885 if (ifa->ifa_addr->sa_family != AF_INET6) {
886 IFA_UNLOCK(ifa);
887 error = EAFNOSUPPORT;
888 break;
889 }
890 sin6 = (struct sockaddr_in6 *)(void *)ifa->ifa_addr;
891 if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) {
892 if (!(ifnet_flags( ifp ) & IFF_UP)) {
893 /* do this only if the interface is not already up */
894 ifa->ifa_rtrequest = stf_rtrequest;
895 IFA_UNLOCK(ifa);
896 ifnet_set_flags(ifp, IFF_UP, IFF_UP);
897 } else {
898 IFA_UNLOCK(ifa);
899 }
900 } else {
901 IFA_UNLOCK(ifa);
902 error = EINVAL;
903 }
904 IFA_LOCK_ASSERT_NOTHELD(ifa);
905 break;
906
907 case SIOCADDMULTI:
908 case SIOCDELMULTI:
909 ifr = (struct ifreq *)data;
910 if (ifr && ifr->ifr_addr.sa_family == AF_INET6) {
911 ;
912 } else {
913 error = EAFNOSUPPORT;
914 }
915 break;
916
917 default:
918 error = EOPNOTSUPP;
919 break;
920 }
921
922 return error;
923 }
mirror of XNU