]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/in6.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6.c
1 /*
2 * Copyright (c) 2003-2020 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the project nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 /*
59 * Copyright (c) 1982, 1986, 1991, 1993
60 * The Regents of the University of California. All rights reserved.
61 *
62 * Redistribution and use in source and binary forms, with or without
63 * modification, are permitted provided that the following conditions
64 * are met:
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
70 * 3. All advertising materials mentioning features or use of this software
71 * must display the following acknowledgement:
72 * This product includes software developed by the University of
73 * California, Berkeley and its contributors.
74 * 4. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)in.c 8.2 (Berkeley) 11/15/93
91 */
92
93
94 #include <sys/param.h>
95 #include <sys/ioctl.h>
96 #include <sys/errno.h>
97 #include <sys/malloc.h>
98 #include <sys/socket.h>
99 #include <sys/socketvar.h>
100 #include <sys/sockio.h>
101 #include <sys/systm.h>
102 #include <sys/time.h>
103 #include <sys/kernel.h>
104 #include <sys/syslog.h>
105 #include <sys/kern_event.h>
106 #include <sys/mcache.h>
107 #include <sys/protosw.h>
108 #include <sys/sysctl.h>
109
110 #include <kern/locks.h>
111 #include <kern/zalloc.h>
112 #include <kern/clock.h>
113 #include <libkern/OSAtomic.h>
114 #include <machine/machine_routines.h>
115 #include <mach/boolean.h>
116
117 #include <net/if.h>
118 #include <net/if_types.h>
119 #include <net/if_var.h>
120 #include <net/route.h>
121 #include <net/if_dl.h>
122 #include <net/kpi_protocol.h>
123 #include <net/nwk_wq.h>
124
125 #include <netinet/in.h>
126 #include <netinet/in_var.h>
127 #include <netinet/if_ether.h>
128 #include <netinet/in_systm.h>
129 #include <netinet/ip.h>
130 #include <netinet/in_pcb.h>
131 #include <netinet/icmp6.h>
132 #include <netinet/tcp.h>
133 #include <netinet/tcp_seq.h>
134 #include <netinet/tcp_var.h>
135
136 #include <netinet6/nd6.h>
137 #include <netinet/ip6.h>
138 #include <netinet6/ip6_var.h>
139 #include <netinet6/mld6_var.h>
140 #include <netinet6/in6_ifattach.h>
141 #include <netinet6/scope6_var.h>
142 #include <netinet6/in6_var.h>
143 #include <netinet6/in6_pcb.h>
144
145 #include <net/net_osdep.h>
146
147 #include <net/dlil.h>
148 #include <net/if_llatbl.h>
149
150 #if PF
151 #include <net/pfvar.h>
152 #endif /* PF */
153
154 /*
155 * Definitions of some costant IP6 addresses.
156 */
157 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
158 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
159 const struct in6_addr in6addr_nodelocal_allnodes =
160 IN6ADDR_NODELOCAL_ALLNODES_INIT;
161 const struct in6_addr in6addr_linklocal_allnodes =
162 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
163 const struct in6_addr in6addr_linklocal_allrouters =
164 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
165 const struct in6_addr in6addr_linklocal_allv2routers =
166 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
167 const struct in6_addr in6addr_multicast_prefix =
168 IN6ADDR_MULTICAST_PREFIX;
169
170 const struct in6_addr in6mask0 = IN6MASK0;
171 const struct in6_addr in6mask7 = IN6MASK7;
172 const struct in6_addr in6mask8 = IN6MASK8;
173 const struct in6_addr in6mask16 = IN6MASK16;
174 const struct in6_addr in6mask32 = IN6MASK32;
175 const struct in6_addr in6mask64 = IN6MASK64;
176 const struct in6_addr in6mask96 = IN6MASK96;
177 const struct in6_addr in6mask128 = IN6MASK128;
178
179 const struct sockaddr_in6 sa6_any = {
180 .sin6_len = sizeof(sa6_any),
181 .sin6_family = AF_INET6,
182 .sin6_port = 0,
183 .sin6_flowinfo = 0,
184 .sin6_addr = IN6ADDR_ANY_INIT,
185 .sin6_scope_id = 0
186 };
187
188 static int in6ctl_associd(struct socket *, u_long, caddr_t);
189 static int in6ctl_connid(struct socket *, u_long, caddr_t);
190 static int in6ctl_conninfo(struct socket *, u_long, caddr_t);
191 static int in6ctl_llstart(struct ifnet *, u_long, caddr_t);
192 static int in6ctl_llstop(struct ifnet *);
193 static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t);
194 static int in6ctl_gifaddr(struct ifnet *, struct in6_ifaddr *, u_long,
195 struct in6_ifreq *);
196 static int in6ctl_gifstat(struct ifnet *, u_long, struct in6_ifreq *);
197 static int in6ctl_alifetime(struct in6_ifaddr *, u_long, struct in6_ifreq *,
198 boolean_t);
199 static int in6ctl_aifaddr(struct ifnet *, struct in6_aliasreq *);
200 static void in6ctl_difaddr(struct ifnet *, struct in6_ifaddr *);
201 static int in6_autoconf(struct ifnet *, int);
202 static int in6_setrouter(struct ifnet *, ipv6_router_mode_t);
203 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
204 static int in6_ifaupdate_aux(struct in6_ifaddr *, struct ifnet *, int);
205 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
206 static struct in6_ifaddr *in6_ifaddr_alloc(zalloc_flags_t);
207 static void in6_ifaddr_attached(struct ifaddr *);
208 static void in6_ifaddr_detached(struct ifaddr *);
209 static void in6_ifaddr_free(struct ifaddr *);
210 static void in6_ifaddr_trace(struct ifaddr *, int);
211 #if defined(__LP64__)
212 static void in6_cgareq_32_to_64(const struct in6_cgareq_32 *,
213 struct in6_cgareq_64 *);
214 #else
215 static void in6_cgareq_64_to_32(const struct in6_cgareq_64 *,
216 struct in6_cgareq_32 *);
217 #endif
218 static struct in6_aliasreq *in6_aliasreq_to_native(void *, int,
219 struct in6_aliasreq *);
220 static int in6_to_kamescope(struct sockaddr_in6 *, struct ifnet *);
221 static int in6_getassocids(struct socket *, uint32_t *, user_addr_t);
222 static int in6_getconnids(struct socket *, sae_associd_t, uint32_t *,
223 user_addr_t);
224
225 static void in6_if_up_dad_start(struct ifnet *);
226
227 #define IA6_HASH_INIT(ia) { \
228 (ia)->ia6_hash.tqe_next = (void *)(uintptr_t)-1; \
229 (ia)->ia6_hash.tqe_prev = (void *)(uintptr_t)-1; \
230 }
231
232 #define IA6_IS_HASHED(ia) \
233 (!((ia)->ia6_hash.tqe_next == (void *)(uintptr_t)-1 || \
234 (ia)->ia6_hash.tqe_prev == (void *)(uintptr_t)-1))
235
236 static void in6_iahash_remove(struct in6_ifaddr *);
237 static void in6_iahash_insert(struct in6_ifaddr *);
238 static void in6_iahash_insert_ptp(struct in6_ifaddr *);
239
240 extern lck_mtx_t *nd6_mutex;
241
242 #define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */
243
244 /* For gdb */
245 __private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE;
246
247 struct in6_ifaddr_dbg {
248 struct in6_ifaddr in6ifa; /* in6_ifaddr */
249 struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */
250 u_int16_t in6ifa_refhold_cnt; /* # of IFA_ADDREF */
251 u_int16_t in6ifa_refrele_cnt; /* # of IFA_REMREF */
252 /*
253 * Alloc and free callers.
254 */
255 ctrace_t in6ifa_alloc;
256 ctrace_t in6ifa_free;
257 /*
258 * Circular lists of IFA_ADDREF and IFA_REMREF callers.
259 */
260 ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE];
261 ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE];
262 /*
263 * Trash list linkage
264 */
265 TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link;
266 };
267
268 /* List of trash in6_ifaddr entries protected by in6ifa_trash_lock */
269 static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head;
270 static decl_lck_mtx_data(, in6ifa_trash_lock);
271
272 #if DEBUG
273 static unsigned int in6ifa_debug = 1; /* debugging (enabled) */
274 #else
275 static unsigned int in6ifa_debug; /* debugging (disabled) */
276 #endif /* !DEBUG */
277 static struct zone *in6ifa_zone; /* zone for in6_ifaddr */
278 #define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
279
280 struct eventhandler_lists_ctxt in6_evhdlr_ctxt;
281 struct eventhandler_lists_ctxt in6_clat46_evhdlr_ctxt;
282 /*
283 * Subroutine for in6_ifaddloop() and in6_ifremloop().
284 * This routine does actual work.
285 */
286 static void
287 in6_ifloop_request(int cmd, struct ifaddr *ifa)
288 {
289 struct sockaddr_in6 all1_sa;
290 struct rtentry *nrt = NULL;
291 int e;
292
293 bzero(&all1_sa, sizeof(all1_sa));
294 all1_sa.sin6_family = AF_INET6;
295 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
296 all1_sa.sin6_addr = in6mask128;
297
298 /*
299 * We specify the address itself as the gateway, and set the
300 * RTF_LLINFO flag, so that the corresponding host route would have
301 * the flag, and thus applications that assume traditional behavior
302 * would be happy. Note that we assume the caller of the function
303 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
304 * which changes the outgoing interface to the loopback interface.
305 * ifa_addr for INET6 is set once during init; no need to hold lock.
306 */
307 lck_mtx_lock(rnh_lock);
308 e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
309 (struct sockaddr *)&all1_sa, RTF_UP | RTF_HOST | RTF_LLINFO, &nrt);
310 if (e != 0) {
311 log(LOG_ERR, "in6_ifloop_request: "
312 "%s operation failed for %s (errno=%d)\n",
313 cmd == RTM_ADD ? "ADD" : "DELETE",
314 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr),
315 e);
316 }
317
318 if (nrt != NULL) {
319 RT_LOCK(nrt);
320 }
321 /*
322 * Make sure rt_ifa be equal to IFA, the second argument of the
323 * function.
324 * We need this because when we refer to rt_ifa->ia6_flags in
325 * ip6_input, we assume that the rt_ifa points to the address instead
326 * of the loopback address.
327 */
328 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) {
329 rtsetifa(nrt, ifa);
330 }
331
332 /*
333 * Report the addition/removal of the address to the routing socket.
334 * XXX: since we called rtinit for a p2p interface with a destination,
335 * we end up reporting twice in such a case. Should we rather
336 * omit the second report?
337 */
338 if (nrt != NULL) {
339 rt_newaddrmsg(cmd, ifa, e, nrt);
340 if (cmd == RTM_DELETE) {
341 RT_UNLOCK(nrt);
342 rtfree_locked(nrt);
343 } else {
344 /* the cmd must be RTM_ADD here */
345 RT_REMREF_LOCKED(nrt);
346 RT_UNLOCK(nrt);
347 }
348 }
349 lck_mtx_unlock(rnh_lock);
350 }
351
352 /*
353 * Add ownaddr as loopback rtentry. We previously add the route only if
354 * necessary (ex. on a p2p link). However, since we now manage addresses
355 * separately from prefixes, we should always add the route. We can't
356 * rely on the cloning mechanism from the corresponding interface route
357 * any more.
358 */
359 static void
360 in6_ifaddloop(struct ifaddr *ifa)
361 {
362 struct rtentry *rt;
363
364 /*
365 * If there is no loopback entry, allocate one. ifa_addr for
366 * INET6 is set once during init; no need to hold lock.
367 */
368 rt = rtalloc1(ifa->ifa_addr, 0, 0);
369 if (rt != NULL) {
370 RT_LOCK(rt);
371 }
372 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
373 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) {
374 if (rt != NULL) {
375 RT_REMREF_LOCKED(rt);
376 RT_UNLOCK(rt);
377 }
378 in6_ifloop_request(RTM_ADD, ifa);
379 } else if (rt != NULL) {
380 RT_REMREF_LOCKED(rt);
381 RT_UNLOCK(rt);
382 }
383 }
384
385 /*
386 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
387 * if it exists.
388 */
389 static void
390 in6_ifremloop(struct ifaddr *ifa)
391 {
392 struct in6_ifaddr *ia;
393 struct rtentry *rt;
394 int ia_count = 0;
395
396 /*
397 * Some of BSD variants do not remove cloned routes
398 * from an interface direct route, when removing the direct route
399 * (see comments in net/net_osdep.h). Even for variants that do remove
400 * cloned routes, they could fail to remove the cloned routes when
401 * we handle multple addresses that share a common prefix.
402 * So, we should remove the route corresponding to the deleted address
403 * regardless of the result of in6_is_ifloop_auto().
404 */
405
406 /*
407 * Delete the entry only if exact one ifa exists. More than one ifa
408 * can exist if we assign a same single address to multiple
409 * (probably p2p) interfaces.
410 * XXX: we should avoid such a configuration in IPv6...
411 */
412 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
413 TAILQ_FOREACH(ia, IN6ADDR_HASH(IFA_IN6(ifa)), ia6_hash) {
414 IFA_LOCK(&ia->ia_ifa);
415 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
416 ia_count++;
417 if (ia_count > 1) {
418 IFA_UNLOCK(&ia->ia_ifa);
419 break;
420 }
421 }
422 IFA_UNLOCK(&ia->ia_ifa);
423 }
424 lck_rw_done(&in6_ifaddr_rwlock);
425
426 if (ia_count == 1) {
427 /*
428 * Before deleting, check if a corresponding loopbacked host
429 * route surely exists. With this check, we can avoid to
430 * delete an interface direct route whose destination is same
431 * as the address being removed. This can happen when removing
432 * a subnet-router anycast address on an interface attahced
433 * to a shared medium. ifa_addr for INET6 is set once during
434 * init; no need to hold lock.
435 */
436 rt = rtalloc1(ifa->ifa_addr, 0, 0);
437 if (rt != NULL) {
438 RT_LOCK(rt);
439 if ((rt->rt_flags & RTF_HOST) != 0 &&
440 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
441 RT_REMREF_LOCKED(rt);
442 RT_UNLOCK(rt);
443 in6_ifloop_request(RTM_DELETE, ifa);
444 } else {
445 RT_UNLOCK(rt);
446 }
447 }
448 }
449 }
450
451
452 int
453 in6_mask2len(struct in6_addr *mask, u_char *lim0)
454 {
455 int x = 0, y;
456 u_char *lim = lim0, *p;
457
458 /* ignore the scope_id part */
459 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) {
460 lim = (u_char *)mask + sizeof(*mask);
461 }
462 for (p = (u_char *)mask; p < lim; x++, p++) {
463 if (*p != 0xff) {
464 break;
465 }
466 }
467 y = 0;
468 if (p < lim) {
469 for (y = 0; y < 8; y++) {
470 if ((*p & (0x80 >> y)) == 0) {
471 break;
472 }
473 }
474 }
475
476 /*
477 * when the limit pointer is given, do a stricter check on the
478 * remaining bits.
479 */
480 if (p < lim) {
481 if (y != 0 && (*p & (0x00ff >> y)) != 0) {
482 return -1;
483 }
484 for (p = p + 1; p < lim; p++) {
485 if (*p != 0) {
486 return -1;
487 }
488 }
489 }
490
491 return x * 8 + y;
492 }
493
494 void
495 in6_len2mask(struct in6_addr *mask, int len)
496 {
497 int i;
498
499 bzero(mask, sizeof(*mask));
500 for (i = 0; i < len / 8; i++) {
501 mask->s6_addr8[i] = 0xff;
502 }
503 if (len % 8) {
504 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff;
505 }
506 }
507
508 void
509 in6_aliasreq_64_to_32(struct in6_aliasreq_64 *src, struct in6_aliasreq_32 *dst)
510 {
511 bzero(dst, sizeof(*dst));
512 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
513 dst->ifra_addr = src->ifra_addr;
514 dst->ifra_dstaddr = src->ifra_dstaddr;
515 dst->ifra_prefixmask = src->ifra_prefixmask;
516 dst->ifra_flags = src->ifra_flags;
517 dst->ifra_lifetime.ia6t_expire = (u_int32_t)src->ifra_lifetime.ia6t_expire;
518 dst->ifra_lifetime.ia6t_preferred = (u_int32_t)src->ifra_lifetime.ia6t_preferred;
519 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
520 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
521 }
522
523 void
524 in6_aliasreq_32_to_64(struct in6_aliasreq_32 *src, struct in6_aliasreq_64 *dst)
525 {
526 bzero(dst, sizeof(*dst));
527 bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
528 dst->ifra_addr = src->ifra_addr;
529 dst->ifra_dstaddr = src->ifra_dstaddr;
530 dst->ifra_prefixmask = src->ifra_prefixmask;
531 dst->ifra_flags = src->ifra_flags;
532 dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
533 dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
534 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
535 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
536 }
537
538 #if defined(__LP64__)
539 static void
540 in6_cgareq_32_to_64(const struct in6_cgareq_32 *src,
541 struct in6_cgareq_64 *dst)
542 {
543 bzero(dst, sizeof(*dst));
544 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
545 dst->cgar_flags = src->cgar_flags;
546 bcopy(src->cgar_cgaprep.cga_modifier.octets,
547 dst->cgar_cgaprep.cga_modifier.octets,
548 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
549 dst->cgar_cgaprep.cga_security_level =
550 src->cgar_cgaprep.cga_security_level;
551 dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
552 dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
553 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
554 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
555 dst->cgar_collision_count = src->cgar_collision_count;
556 }
557 #endif
558
559 #if !defined(__LP64__)
560 static void
561 in6_cgareq_64_to_32(const struct in6_cgareq_64 *src,
562 struct in6_cgareq_32 *dst)
563 {
564 bzero(dst, sizeof(*dst));
565 bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
566 dst->cgar_flags = src->cgar_flags;
567 bcopy(src->cgar_cgaprep.cga_modifier.octets,
568 dst->cgar_cgaprep.cga_modifier.octets,
569 sizeof(dst->cgar_cgaprep.cga_modifier.octets));
570 dst->cgar_cgaprep.cga_security_level =
571 src->cgar_cgaprep.cga_security_level;
572 dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
573 dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
574 dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
575 dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
576 dst->cgar_collision_count = src->cgar_collision_count;
577 }
578 #endif
579
580 static struct in6_aliasreq *
581 in6_aliasreq_to_native(void *data, int data_is_64, struct in6_aliasreq *dst)
582 {
583 #if defined(__LP64__)
584 if (data_is_64) {
585 bcopy(data, dst, sizeof(*dst));
586 } else {
587 in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data,
588 (struct in6_aliasreq_64 *)dst);
589 }
590 #else
591 if (data_is_64) {
592 in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data,
593 (struct in6_aliasreq_32 *)dst);
594 } else {
595 bcopy(data, dst, sizeof(*dst));
596 }
597 #endif /* __LP64__ */
598 return dst;
599 }
600
601 void
602 in6_cgareq_copy_from_user(const void *user_data, int user_is_64,
603 struct in6_cgareq *cgareq)
604 {
605 #if defined(__LP64__)
606 if (user_is_64) {
607 bcopy(user_data, cgareq, sizeof(*cgareq));
608 } else {
609 in6_cgareq_32_to_64((const struct in6_cgareq_32 *)user_data,
610 (struct in6_cgareq_64 *)cgareq);
611 }
612 #else
613 if (user_is_64) {
614 in6_cgareq_64_to_32((const struct in6_cgareq_64 *)user_data,
615 (struct in6_cgareq_32 *)cgareq);
616 } else {
617 bcopy(user_data, cgareq, sizeof(*cgareq));
618 }
619 #endif /* __LP64__ */
620 }
621
622 static __attribute__((noinline)) int
623 in6ctl_associd(struct socket *so, u_long cmd, caddr_t data)
624 {
625 int error = 0;
626 union {
627 struct so_aidreq32 a32;
628 struct so_aidreq64 a64;
629 } u;
630
631 VERIFY(so != NULL);
632
633 switch (cmd) {
634 case SIOCGASSOCIDS32: { /* struct so_aidreq32 */
635 bcopy(data, &u.a32, sizeof(u.a32));
636 error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
637 if (error == 0) {
638 bcopy(&u.a32, data, sizeof(u.a32));
639 }
640 break;
641 }
642
643 case SIOCGASSOCIDS64: { /* struct so_aidreq64 */
644 bcopy(data, &u.a64, sizeof(u.a64));
645 error = in6_getassocids(so, &u.a64.sar_cnt, u.a64.sar_aidp);
646 if (error == 0) {
647 bcopy(&u.a64, data, sizeof(u.a64));
648 }
649 break;
650 }
651
652 default:
653 VERIFY(0);
654 /* NOTREACHED */
655 }
656
657 return error;
658 }
659
660 static __attribute__((noinline)) int
661 in6ctl_connid(struct socket *so, u_long cmd, caddr_t data)
662 {
663 int error = 0;
664 union {
665 struct so_cidreq32 c32;
666 struct so_cidreq64 c64;
667 } u;
668
669 VERIFY(so != NULL);
670
671 switch (cmd) {
672 case SIOCGCONNIDS32: { /* struct so_cidreq32 */
673 bcopy(data, &u.c32, sizeof(u.c32));
674 error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
675 u.c32.scr_cidp);
676 if (error == 0) {
677 bcopy(&u.c32, data, sizeof(u.c32));
678 }
679 break;
680 }
681
682 case SIOCGCONNIDS64: { /* struct so_cidreq64 */
683 bcopy(data, &u.c64, sizeof(u.c64));
684 error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
685 u.c64.scr_cidp);
686 if (error == 0) {
687 bcopy(&u.c64, data, sizeof(u.c64));
688 }
689 break;
690 }
691
692 default:
693 VERIFY(0);
694 /* NOTREACHED */
695 }
696
697 return error;
698 }
699
700 static __attribute__((noinline)) int
701 in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
702 {
703 int error = 0;
704 union {
705 struct so_cinforeq32 ci32;
706 struct so_cinforeq64 ci64;
707 } u;
708
709 VERIFY(so != NULL);
710
711 switch (cmd) {
712 case SIOCGCONNINFO32: { /* struct so_cinforeq32 */
713 bcopy(data, &u.ci32, sizeof(u.ci32));
714 error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
715 &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
716 &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
717 &u.ci32.scir_aux_type, u.ci32.scir_aux_data,
718 &u.ci32.scir_aux_len);
719 if (error == 0) {
720 bcopy(&u.ci32, data, sizeof(u.ci32));
721 }
722 break;
723 }
724
725 case SIOCGCONNINFO64: { /* struct so_cinforeq64 */
726 bcopy(data, &u.ci64, sizeof(u.ci64));
727 error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
728 &u.ci64.scir_ifindex, &u.ci64.scir_error, u.ci64.scir_src,
729 &u.ci64.scir_src_len, u.ci64.scir_dst, &u.ci64.scir_dst_len,
730 &u.ci64.scir_aux_type, u.ci64.scir_aux_data,
731 &u.ci64.scir_aux_len);
732 if (error == 0) {
733 bcopy(&u.ci64, data, sizeof(u.ci64));
734 }
735 break;
736 }
737
738 default:
739 VERIFY(0);
740 /* NOTREACHED */
741 }
742
743 return error;
744 }
745
746 static __attribute__((noinline)) int
747 in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data)
748 {
749 struct in6_aliasreq sifra, *ifra = NULL;
750 boolean_t is64;
751 int error = 0;
752
753 VERIFY(ifp != NULL);
754
755 switch (cmd) {
756 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
757 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
758 is64 = (cmd == SIOCLL_START_64);
759 /*
760 * Convert user ifra to the kernel form, when appropriate.
761 * This allows the conversion between different data models
762 * to be centralized, so that it can be passed around to other
763 * routines that are expecting the kernel form.
764 */
765 ifra = in6_aliasreq_to_native(data, is64, &sifra);
766
767 /*
768 * NOTE: All the interface specific DLIL attachements should
769 * be done here. They are currently done in in6_ifattach_aux()
770 * for the interfaces that need it.
771 */
772 if (ifra->ifra_addr.sin6_family == AF_INET6 &&
773 /* Only check ifra_dstaddr if valid */
774 (ifra->ifra_dstaddr.sin6_len == 0 ||
775 ifra->ifra_dstaddr.sin6_family == AF_INET6)) {
776 /* some interfaces may provide LinkLocal addresses */
777 error = in6_ifattach_aliasreq(ifp, NULL, ifra);
778 } else {
779 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
780 }
781 if (error == 0) {
782 in6_if_up_dad_start(ifp);
783 }
784 break;
785
786 default:
787 VERIFY(0);
788 /* NOTREACHED */
789 }
790
791 return error;
792 }
793
794 static __attribute__((noinline)) int
795 in6ctl_llstop(struct ifnet *ifp)
796 {
797 struct in6_ifaddr *ia;
798 struct nd_prefix pr0, *pr;
799
800 VERIFY(ifp != NULL);
801
802 /* Remove link local addresses from interface */
803 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
804 boolean_t from_begining = TRUE;
805 while (from_begining) {
806 from_begining = FALSE;
807 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
808 if (ia->ia_ifa.ifa_ifp != ifp) {
809 continue;
810 }
811 IFA_LOCK(&ia->ia_ifa);
812 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
813 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
814 IFA_UNLOCK(&ia->ia_ifa);
815 lck_rw_done(&in6_ifaddr_rwlock);
816 in6_purgeaddr(&ia->ia_ifa);
817 IFA_REMREF(&ia->ia_ifa); /* for us */
818 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
819 /*
820 * Purging the address caused in6_ifaddr_rwlock
821 * to be dropped and reacquired;
822 * therefore search again from the beginning
823 * of in6_ifaddrs list.
824 */
825 from_begining = TRUE;
826 break;
827 }
828 IFA_UNLOCK(&ia->ia_ifa);
829 }
830 }
831 lck_rw_done(&in6_ifaddr_rwlock);
832
833 /* Delete the link local prefix */
834 bzero(&pr0, sizeof(pr0));
835 pr0.ndpr_plen = 64;
836 pr0.ndpr_ifp = ifp;
837 pr0.ndpr_prefix.sin6_addr.s6_addr16[0] = IPV6_ADDR_INT16_ULL;
838 (void)in6_setscope(&pr0.ndpr_prefix.sin6_addr, ifp, NULL);
839 pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC);
840 if (pr) {
841 lck_mtx_lock(nd6_mutex);
842 NDPR_LOCK(pr);
843 prelist_remove(pr);
844 NDPR_UNLOCK(pr);
845 NDPR_REMREF(pr); /* Drop the reference from lookup */
846 lck_mtx_unlock(nd6_mutex);
847 }
848
849 return 0;
850 }
851
852 /*
853 * This routine configures secure link local address
854 */
855 static __attribute__((noinline)) int
856 in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data)
857 {
858 struct in6_cgareq llcgasr;
859 int is64, error = 0;
860
861 VERIFY(ifp != NULL);
862
863 switch (cmd) {
864 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
865 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
866 is64 = (cmd == SIOCLL_CGASTART_64);
867 /*
868 * Convert user cgareq to the kernel form, when appropriate.
869 * This allows the conversion between different data models
870 * to be centralized, so that it can be passed around to other
871 * routines that are expecting the kernel form.
872 */
873 in6_cgareq_copy_from_user(data, is64, &llcgasr);
874
875 /*
876 * NOTE: All the interface specific DLIL attachements
877 * should be done here. They are currently done in
878 * in6_ifattach_cgareq() for the interfaces that
879 * need it.
880 */
881 error = in6_ifattach_llcgareq(ifp, &llcgasr);
882 if (error == 0) {
883 in6_if_up_dad_start(ifp);
884 }
885 break;
886
887 default:
888 VERIFY(0);
889 /* NOTREACHED */
890 }
891
892 return error;
893 }
894
895 /*
896 * Caller passes in the ioctl data pointer directly via "ifr", with the
897 * expectation that this routine always uses bcopy() or other byte-aligned
898 * memory accesses.
899 */
900 static __attribute__((noinline)) int
901 in6ctl_gifaddr(struct ifnet *ifp, struct in6_ifaddr *ia, u_long cmd,
902 struct in6_ifreq *ifr)
903 {
904 struct sockaddr_in6 addr;
905 int error = 0;
906
907 VERIFY(ifp != NULL);
908
909 if (ia == NULL) {
910 return EADDRNOTAVAIL;
911 }
912
913 switch (cmd) {
914 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
915 IFA_LOCK(&ia->ia_ifa);
916 bcopy(&ia->ia_addr, &addr, sizeof(addr));
917 IFA_UNLOCK(&ia->ia_ifa);
918 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
919 break;
920 }
921 bcopy(&addr, &ifr->ifr_addr, sizeof(addr));
922 break;
923
924 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
925 if (!(ifp->if_flags & IFF_POINTOPOINT)) {
926 error = EINVAL;
927 break;
928 }
929 /*
930 * XXX: should we check if ifa_dstaddr is NULL and return
931 * an error?
932 */
933 IFA_LOCK(&ia->ia_ifa);
934 bcopy(&ia->ia_dstaddr, &addr, sizeof(addr));
935 IFA_UNLOCK(&ia->ia_ifa);
936 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
937 break;
938 }
939 bcopy(&addr, &ifr->ifr_dstaddr, sizeof(addr));
940 break;
941
942 default:
943 VERIFY(0);
944 /* NOTREACHED */
945 }
946
947 return error;
948 }
949
950 /*
951 * Caller passes in the ioctl data pointer directly via "ifr", with the
952 * expectation that this routine always uses bcopy() or other byte-aligned
953 * memory accesses.
954 */
955 static __attribute__((noinline)) int
956 in6ctl_gifstat(struct ifnet *ifp, u_long cmd, struct in6_ifreq *ifr)
957 {
958 int error = 0, index;
959
960 VERIFY(ifp != NULL);
961 index = ifp->if_index;
962
963 switch (cmd) {
964 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
965 /* N.B.: if_inet6data is never freed once set. */
966 if (IN6_IFEXTRA(ifp) == NULL) {
967 /* return (EAFNOSUPPORT)? */
968 bzero(&ifr->ifr_ifru.ifru_stat,
969 sizeof(ifr->ifr_ifru.ifru_stat));
970 } else {
971 bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat,
972 &ifr->ifr_ifru.ifru_stat,
973 sizeof(ifr->ifr_ifru.ifru_stat));
974 }
975 break;
976
977 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
978 /* N.B.: if_inet6data is never freed once set. */
979 if (IN6_IFEXTRA(ifp) == NULL) {
980 /* return (EAFNOSUPPORT)? */
981 bzero(&ifr->ifr_ifru.ifru_icmp6stat,
982 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
983 } else {
984 bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat,
985 &ifr->ifr_ifru.ifru_icmp6stat,
986 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
987 }
988 break;
989
990 default:
991 VERIFY(0);
992 /* NOTREACHED */
993 }
994
995 return error;
996 }
997
998 /*
999 * Caller passes in the ioctl data pointer directly via "ifr", with the
1000 * expectation that this routine always uses bcopy() or other byte-aligned
1001 * memory accesses.
1002 */
1003 static __attribute__((noinline)) int
1004 in6ctl_alifetime(struct in6_ifaddr *ia, u_long cmd, struct in6_ifreq *ifr,
1005 boolean_t p64)
1006 {
1007 uint64_t timenow = net_uptime();
1008 struct in6_addrlifetime ia6_lt;
1009 struct timeval caltime;
1010 int error = 0;
1011
1012 if (ia == NULL) {
1013 return EADDRNOTAVAIL;
1014 }
1015
1016 switch (cmd) {
1017 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1018 IFA_LOCK(&ia->ia_ifa);
1019 /* retrieve time as calendar time (last arg is 1) */
1020 in6ifa_getlifetime(ia, &ia6_lt, 1);
1021 if (p64) {
1022 struct in6_addrlifetime_64 lt;
1023
1024 bzero(&lt, sizeof(lt));
1025 lt.ia6t_expire = ia6_lt.ia6t_expire;
1026 lt.ia6t_preferred = ia6_lt.ia6t_preferred;
1027 lt.ia6t_vltime = ia6_lt.ia6t_vltime;
1028 lt.ia6t_pltime = ia6_lt.ia6t_pltime;
1029 bcopy(&lt, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1030 } else {
1031 struct in6_addrlifetime_32 lt;
1032
1033 bzero(&lt, sizeof(lt));
1034 lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire;
1035 lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred;
1036 lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime;
1037 lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime;
1038 bcopy(&lt, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
1039 }
1040 IFA_UNLOCK(&ia->ia_ifa);
1041 break;
1042
1043 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1044 getmicrotime(&caltime);
1045
1046 /* sanity for overflow - beware unsigned */
1047 if (p64) {
1048 struct in6_addrlifetime_64 lt;
1049
1050 bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof(lt));
1051 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1052 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1053 error = EINVAL;
1054 break;
1055 }
1056 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1057 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1058 error = EINVAL;
1059 break;
1060 }
1061 } else {
1062 struct in6_addrlifetime_32 lt;
1063
1064 bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof(lt));
1065 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1066 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1067 error = EINVAL;
1068 break;
1069 }
1070 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1071 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1072 error = EINVAL;
1073 break;
1074 }
1075 }
1076
1077 IFA_LOCK(&ia->ia_ifa);
1078 if (p64) {
1079 struct in6_addrlifetime_64 lt;
1080
1081 bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof(lt));
1082 ia6_lt.ia6t_expire = lt.ia6t_expire;
1083 ia6_lt.ia6t_preferred = lt.ia6t_preferred;
1084 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1085 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1086 } else {
1087 struct in6_addrlifetime_32 lt;
1088
1089 bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof(lt));
1090 ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire;
1091 ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred;
1092 ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1093 ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1094 }
1095 /* for sanity */
1096 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1097 ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
1098 } else {
1099 ia6_lt.ia6t_expire = 0;
1100 }
1101
1102 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1103 ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
1104 } else {
1105 ia6_lt.ia6t_preferred = 0;
1106 }
1107
1108 in6ifa_setlifetime(ia, &ia6_lt);
1109 IFA_UNLOCK(&ia->ia_ifa);
1110 break;
1111
1112 default:
1113 VERIFY(0);
1114 /* NOTREACHED */
1115 }
1116
1117 return error;
1118 }
1119
1120 static int
1121 in6ctl_clat46start(struct ifnet *ifp)
1122 {
1123 struct nd_prefix *pr = NULL;
1124 struct nd_prefix *next = NULL;
1125 struct in6_ifaddr *ia6 = NULL;
1126 int error = 0;
1127
1128 if (ifp == lo_ifp) {
1129 return EINVAL;
1130 }
1131 /*
1132 * Traverse the list of prefixes and find the first non-linklocal
1133 * prefix on the interface.
1134 * For that found eligible prefix, configure a CLAT46 reserved address.
1135 */
1136 lck_mtx_lock(nd6_mutex);
1137 for (pr = nd_prefix.lh_first; pr; pr = next) {
1138 next = pr->ndpr_next;
1139
1140 NDPR_LOCK(pr);
1141 if (pr->ndpr_ifp != ifp) {
1142 NDPR_UNLOCK(pr);
1143 continue;
1144 }
1145
1146 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
1147 NDPR_UNLOCK(pr);
1148 continue; /* XXX */
1149 }
1150
1151 if (pr->ndpr_raf_auto == 0) {
1152 NDPR_UNLOCK(pr);
1153 continue;
1154 }
1155
1156 if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
1157 NDPR_UNLOCK(pr);
1158 continue;
1159 }
1160
1161 if ((pr->ndpr_stateflags & NDPRF_CLAT46) == 0
1162 && pr->ndpr_vltime != 0) {
1163 NDPR_ADDREF(pr); /* Take reference for rest of the processing */
1164 NDPR_UNLOCK(pr);
1165 break;
1166 } else {
1167 NDPR_UNLOCK(pr);
1168 continue;
1169 }
1170 }
1171 lck_mtx_unlock(nd6_mutex);
1172
1173 if (pr != NULL) {
1174 if ((ia6 = in6_pfx_newpersistaddr(pr, FALSE, &error,
1175 TRUE, CLAT46_COLLISION_COUNT_OFFSET)) == NULL) {
1176 nd6log0(error,
1177 "Could not configure CLAT46 address on"
1178 " interface %s.\n", ifp->if_xname);
1179 } else {
1180 IFA_LOCK(&ia6->ia_ifa);
1181 NDPR_LOCK(pr);
1182 ia6->ia6_ndpr = pr;
1183 NDPR_ADDREF(pr); /* for addr reference */
1184 pr->ndpr_stateflags |= NDPRF_CLAT46;
1185 pr->ndpr_addrcnt++;
1186 VERIFY(pr->ndpr_addrcnt != 0);
1187 NDPR_UNLOCK(pr);
1188 IFA_UNLOCK(&ia6->ia_ifa);
1189 IFA_REMREF(&ia6->ia_ifa);
1190 ia6 = NULL;
1191 /*
1192 * A newly added address might affect the status
1193 * of other addresses, so we check and update it.
1194 * XXX: what if address duplication happens?
1195 */
1196 lck_mtx_lock(nd6_mutex);
1197 pfxlist_onlink_check();
1198 lck_mtx_unlock(nd6_mutex);
1199 }
1200 NDPR_REMREF(pr);
1201 }
1202 return error;
1203 }
1204
1205 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(void *)(ifa))
1206
1207 /*
1208 * Generic INET6 control operations (ioctl's).
1209 *
1210 * ifp is NULL if not an interface-specific ioctl.
1211 *
1212 * Most of the routines called to handle the ioctls would end up being
1213 * tail-call optimized, which unfortunately causes this routine to
1214 * consume too much stack space; this is the reason for the "noinline"
1215 * attribute used on those routines.
1216 *
1217 * If called directly from within the networking stack (as opposed to via
1218 * pru_control), the socket parameter may be NULL.
1219 */
1220 int
1221 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
1222 struct proc *p)
1223 {
1224 struct in6_ifreq *ifr = (struct in6_ifreq *)(void *)data;
1225 struct in6_aliasreq sifra, *ifra = NULL;
1226 struct in6_ifaddr *ia = NULL;
1227 struct sockaddr_in6 sin6, *sa6 = NULL;
1228 boolean_t privileged = (proc_suser(p) == 0);
1229 boolean_t p64 = proc_is64bit(p);
1230 boolean_t so_unlocked = FALSE;
1231 int intval, error = 0;
1232
1233 /* In case it's NULL, make sure it came from the kernel */
1234 VERIFY(so != NULL || p == kernproc);
1235
1236 /*
1237 * ioctls which don't require ifp, may require socket.
1238 */
1239 switch (cmd) {
1240 case SIOCAADDRCTL_POLICY: /* struct in6_addrpolicy */
1241 case SIOCDADDRCTL_POLICY: /* struct in6_addrpolicy */
1242 if (!privileged) {
1243 return EPERM;
1244 }
1245 return in6_src_ioctl(cmd, data);
1246 /* NOTREACHED */
1247
1248 case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */
1249 case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */
1250 case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */
1251 case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */
1252 if (!privileged) {
1253 return EPERM;
1254 }
1255 return defrtrlist_ioctl(cmd, data);
1256 /* NOTREACHED */
1257
1258 case SIOCGASSOCIDS32: /* struct so_aidreq32 */
1259 case SIOCGASSOCIDS64: /* struct so_aidreq64 */
1260 return in6ctl_associd(so, cmd, data);
1261 /* NOTREACHED */
1262
1263 case SIOCGCONNIDS32: /* struct so_cidreq32 */
1264 case SIOCGCONNIDS64: /* struct so_cidreq64 */
1265 return in6ctl_connid(so, cmd, data);
1266 /* NOTREACHED */
1267
1268 case SIOCGCONNINFO32: /* struct so_cinforeq32 */
1269 case SIOCGCONNINFO64: /* struct so_cinforeq64 */
1270 return in6ctl_conninfo(so, cmd, data);
1271 /* NOTREACHED */
1272 }
1273
1274 /*
1275 * The rest of ioctls require ifp; reject if we don't have one;
1276 * return ENXIO to be consistent with ifioctl().
1277 */
1278 if (ifp == NULL) {
1279 return ENXIO;
1280 }
1281
1282 /*
1283 * Unlock the socket since ifnet_ioctl() may be invoked by
1284 * one of the ioctl handlers below. Socket will be re-locked
1285 * prior to returning.
1286 */
1287 if (so != NULL) {
1288 socket_unlock(so, 0);
1289 so_unlocked = TRUE;
1290 }
1291
1292 /*
1293 * ioctls which require ifp but not interface address.
1294 */
1295 switch (cmd) {
1296 case SIOCAUTOCONF_START: /* struct in6_ifreq */
1297 if (!privileged) {
1298 error = EPERM;
1299 goto done;
1300 }
1301 error = in6_autoconf(ifp, TRUE);
1302 goto done;
1303
1304 case SIOCAUTOCONF_STOP: /* struct in6_ifreq */
1305 if (!privileged) {
1306 error = EPERM;
1307 goto done;
1308 }
1309 error = in6_autoconf(ifp, FALSE);
1310 goto done;
1311
1312 case SIOCLL_START_32: /* struct in6_aliasreq_32 */
1313 case SIOCLL_START_64: /* struct in6_aliasreq_64 */
1314 if (!privileged) {
1315 error = EPERM;
1316 goto done;
1317 }
1318 error = in6ctl_llstart(ifp, cmd, data);
1319 goto done;
1320
1321 case SIOCLL_STOP: /* struct in6_ifreq */
1322 if (!privileged) {
1323 error = EPERM;
1324 goto done;
1325 }
1326 error = in6ctl_llstop(ifp);
1327 goto done;
1328
1329 case SIOCCLAT46_START: /* struct in6_ifreq */
1330 if (!privileged) {
1331 error = EPERM;
1332 goto done;
1333 }
1334 error = in6ctl_clat46start(ifp);
1335 if (error == 0) {
1336 if_set_eflags(ifp, IFEF_CLAT46);
1337 }
1338 goto done;
1339
1340 case SIOCCLAT46_STOP: /* struct in6_ifreq */
1341 if (!privileged) {
1342 error = EPERM;
1343 goto done;
1344 }
1345
1346 /*
1347 * Not much to be done here and it might not be needed
1348 * It would usually be done when IPv6 configuration is being
1349 * flushed.
1350 * XXX Probably STOP equivalent is not needed here.
1351 */
1352 if_clear_eflags(ifp, IFEF_CLAT46);
1353 goto done;
1354 case SIOCGETROUTERMODE_IN6: /* struct in6_ifreq */
1355 intval = ifp->if_ipv6_router_mode;
1356 bcopy(&intval, &((struct in6_ifreq *)(void *)data)->ifr_intval,
1357 sizeof(intval));
1358 goto done;
1359 case SIOCSETROUTERMODE_IN6: /* struct in6_ifreq */
1360 if (!privileged) {
1361 error = EPERM;
1362 goto done;
1363 }
1364 bcopy(&((struct in6_ifreq *)(void *)data)->ifr_intval,
1365 &intval, sizeof(intval));
1366 switch (intval) {
1367 case IPV6_ROUTER_MODE_DISABLED:
1368 case IPV6_ROUTER_MODE_EXCLUSIVE:
1369 case IPV6_ROUTER_MODE_HYBRID:
1370 break;
1371 default:
1372 error = EINVAL;
1373 goto done;
1374 }
1375 error = in6_setrouter(ifp, (ipv6_router_mode_t)intval);
1376 goto done;
1377
1378 case SIOCPROTOATTACH_IN6_32: /* struct in6_aliasreq_32 */
1379 case SIOCPROTOATTACH_IN6_64: /* struct in6_aliasreq_64 */
1380 if (!privileged) {
1381 error = EPERM;
1382 goto done;
1383 }
1384 error = in6_domifattach(ifp);
1385 goto done;
1386
1387 case SIOCPROTODETACH_IN6: /* struct in6_ifreq */
1388 if (!privileged) {
1389 error = EPERM;
1390 goto done;
1391 }
1392 /* Cleanup interface routes and addresses */
1393 in6_purgeif(ifp);
1394
1395 if ((error = proto_unplumb(PF_INET6, ifp))) {
1396 log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n",
1397 if_name(ifp), error);
1398 }
1399 goto done;
1400
1401 case SIOCSNDFLUSH_IN6: /* struct in6_ifreq */
1402 case SIOCSPFXFLUSH_IN6: /* struct in6_ifreq */
1403 case SIOCSRTRFLUSH_IN6: /* struct in6_ifreq */
1404 case SIOCSDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1405 case SIOCSDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1406 case SIOCSIFINFO_FLAGS: /* struct in6_ndireq */
1407 case SIOCGIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1408 case SIOCGIFCGAPREP_IN6_64: /* struct in6_cgareq_64 */
1409 case SIOCSIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
1410 case SIOCSIFCGAPREP_IN6_64: /* struct in6_cgareq_32 */
1411 if (!privileged) {
1412 error = EPERM;
1413 goto done;
1414 }
1415 OS_FALLTHROUGH;
1416 case OSIOCGIFINFO_IN6: /* struct in6_ondireq */
1417 case SIOCGIFINFO_IN6: /* struct in6_ondireq */
1418 case SIOCGDRLST_IN6_32: /* struct in6_drlist_32 */
1419 case SIOCGDRLST_IN6_64: /* struct in6_drlist_64 */
1420 case SIOCGPRLST_IN6_32: /* struct in6_prlist_32 */
1421 case SIOCGPRLST_IN6_64: /* struct in6_prlist_64 */
1422 case SIOCGNBRINFO_IN6_32: /* struct in6_nbrinfo_32 */
1423 case SIOCGNBRINFO_IN6_64: /* struct in6_nbrinfo_64 */
1424 case SIOCGDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
1425 case SIOCGDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
1426 error = nd6_ioctl(cmd, data, ifp);
1427 goto done;
1428
1429 case SIOCSIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1430 case SIOCDIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1431 case SIOCAIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1432 case SIOCCIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1433 case SIOCSGIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
1434 case SIOCGIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
1435 log(LOG_NOTICE,
1436 "prefix ioctls are now invalidated. "
1437 "please use ifconfig.\n");
1438 error = EOPNOTSUPP;
1439 goto done;
1440
1441 case SIOCSSCOPE6: /* struct in6_ifreq (deprecated) */
1442 case SIOCGSCOPE6: /* struct in6_ifreq (deprecated) */
1443 case SIOCGSCOPE6DEF: /* struct in6_ifreq (deprecated) */
1444 error = EOPNOTSUPP;
1445 goto done;
1446
1447 case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
1448 case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
1449 if (!privileged) {
1450 error = EPERM;
1451 } else {
1452 error = in6ctl_cgastart(ifp, cmd, data);
1453 }
1454 goto done;
1455
1456 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
1457 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
1458 error = in6ctl_gifstat(ifp, cmd, ifr);
1459 goto done;
1460 }
1461
1462 /*
1463 * ioctls which require interface address; obtain sockaddr_in6.
1464 */
1465 switch (cmd) {
1466 case SIOCSIFADDR_IN6: /* struct in6_ifreq (deprecated) */
1467 case SIOCSIFDSTADDR_IN6: /* struct in6_ifreq (deprecated) */
1468 case SIOCSIFNETMASK_IN6: /* struct in6_ifreq (deprecated) */
1469 /*
1470 * Since IPv6 allows a node to assign multiple addresses
1471 * on a single interface, SIOCSIFxxx ioctls are deprecated.
1472 */
1473 /* we decided to obsolete this command (20000704) */
1474 error = EOPNOTSUPP;
1475 goto done;
1476
1477 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1478 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1479 if (!privileged) {
1480 error = EPERM;
1481 goto done;
1482 }
1483 /*
1484 * Convert user ifra to the kernel form, when appropriate.
1485 * This allows the conversion between different data models
1486 * to be centralized, so that it can be passed around to other
1487 * routines that are expecting the kernel form.
1488 */
1489 ifra = in6_aliasreq_to_native(data,
1490 (cmd == SIOCAIFADDR_IN6_64), &sifra);
1491 bcopy(&ifra->ifra_addr, &sin6, sizeof(sin6));
1492 sa6 = &sin6;
1493 break;
1494
1495 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1496 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1497 if (!privileged) {
1498 error = EPERM;
1499 goto done;
1500 }
1501 OS_FALLTHROUGH;
1502 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1503 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1504 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1505 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1506 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1507 bcopy(&ifr->ifr_addr, &sin6, sizeof(sin6));
1508 sa6 = &sin6;
1509 break;
1510 case SIOCGIFDSTADDR:
1511 case SIOCSIFDSTADDR:
1512 case SIOCGIFBRDADDR:
1513 case SIOCSIFBRDADDR:
1514 case SIOCGIFNETMASK:
1515 case SIOCSIFNETMASK:
1516 case SIOCGIFADDR:
1517 case SIOCSIFADDR:
1518 case SIOCAIFADDR:
1519 case SIOCDIFADDR:
1520 /* Do not handle these AF_INET commands in AF_INET6 path */
1521 error = EINVAL;
1522 goto done;
1523 }
1524
1525 /*
1526 * Find address for this interface, if it exists.
1527 *
1528 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
1529 * only, and used the first interface address as the target of other
1530 * operations (without checking ifra_addr). This was because netinet
1531 * code/API assumed at most 1 interface address per interface.
1532 * Since IPv6 allows a node to assign multiple addresses
1533 * on a single interface, we almost always look and check the
1534 * presence of ifra_addr, and reject invalid ones here.
1535 * It also decreases duplicated code among SIOC*_IN6 operations.
1536 */
1537 VERIFY(ia == NULL);
1538 if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
1539 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
1540 if (sa6->sin6_addr.s6_addr16[1] == 0) {
1541 /* link ID is not embedded by the user */
1542 sa6->sin6_addr.s6_addr16[1] =
1543 htons(ifp->if_index);
1544 } else if (sa6->sin6_addr.s6_addr16[1] !=
1545 htons(ifp->if_index)) {
1546 error = EINVAL; /* link ID contradicts */
1547 goto done;
1548 }
1549 if (sa6->sin6_scope_id) {
1550 if (sa6->sin6_scope_id !=
1551 (u_int32_t)ifp->if_index) {
1552 error = EINVAL;
1553 goto done;
1554 }
1555 sa6->sin6_scope_id = 0; /* XXX: good way? */
1556 }
1557 }
1558 /*
1559 * Any failures from this point on must take into account
1560 * a non-NULL "ia" with an outstanding reference count, and
1561 * therefore requires IFA_REMREF. Jump to "done" label
1562 * instead of calling return if "ia" is valid.
1563 */
1564 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
1565 }
1566
1567 /*
1568 * SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests.
1569 */
1570 switch (cmd) {
1571 case SIOCDIFADDR_IN6: /* struct in6_ifreq */
1572 if (ia == NULL) {
1573 error = EADDRNOTAVAIL;
1574 goto done;
1575 }
1576 OS_FALLTHROUGH;
1577 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1578 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1579 VERIFY(sa6 != NULL);
1580 /*
1581 * We always require users to specify a valid IPv6 address for
1582 * the corresponding operation. Use "sa6" instead of "ifra"
1583 * since SIOCDIFADDR_IN6 falls thru above.
1584 */
1585 if (sa6->sin6_family != AF_INET6 ||
1586 sa6->sin6_len != sizeof(struct sockaddr_in6)) {
1587 error = EAFNOSUPPORT;
1588 goto done;
1589 }
1590 break;
1591 }
1592
1593 /*
1594 * And finally process address-related ioctls.
1595 */
1596 switch (cmd) {
1597 case SIOCGIFADDR_IN6: /* struct in6_ifreq */
1598 /* This interface is basically deprecated. use SIOCGIFCONF. */
1599 /* FALLTHRU */
1600 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
1601 error = in6ctl_gifaddr(ifp, ia, cmd, ifr);
1602 break;
1603
1604 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
1605 if (ia != NULL) {
1606 IFA_LOCK(&ia->ia_ifa);
1607 bcopy(&ia->ia_prefixmask, &ifr->ifr_addr,
1608 sizeof(struct sockaddr_in6));
1609 IFA_UNLOCK(&ia->ia_ifa);
1610 } else {
1611 error = EADDRNOTAVAIL;
1612 }
1613 break;
1614
1615 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
1616 if (ia != NULL) {
1617 IFA_LOCK(&ia->ia_ifa);
1618 bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6,
1619 sizeof(ifr->ifr_ifru.ifru_flags6));
1620 IFA_UNLOCK(&ia->ia_ifa);
1621 } else {
1622 error = EADDRNOTAVAIL;
1623 }
1624 break;
1625
1626 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
1627 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
1628 error = in6ctl_alifetime(ia, cmd, ifr, p64);
1629 break;
1630
1631 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
1632 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
1633 error = in6ctl_aifaddr(ifp, ifra);
1634 break;
1635
1636 case SIOCDIFADDR_IN6:
1637 in6ctl_difaddr(ifp, ia);
1638 break;
1639
1640 default:
1641 error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
1642 break;
1643 }
1644
1645 done:
1646 if (ia != NULL) {
1647 IFA_REMREF(&ia->ia_ifa);
1648 }
1649 if (so_unlocked) {
1650 socket_lock(so, 0);
1651 }
1652
1653 return error;
1654 }
1655
1656 static __attribute__((noinline)) int
1657 in6ctl_aifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra)
1658 {
1659 int i, error, addtmp;
1660 uint8_t plen;
1661 struct nd_prefix pr0, *pr;
1662 struct in6_ifaddr *ia;
1663
1664 VERIFY(ifp != NULL && ifra != NULL);
1665 ia = NULL;
1666
1667 /* Attempt to attach the protocol, in case it isn't attached */
1668 error = in6_domifattach(ifp);
1669 if (error == 0) {
1670 /* PF_INET6 wasn't previously attached */
1671 error = in6_ifattach_aliasreq(ifp, NULL, NULL);
1672 if (error != 0) {
1673 goto done;
1674 }
1675
1676 in6_if_up_dad_start(ifp);
1677 } else if (error != EEXIST) {
1678 goto done;
1679 }
1680
1681 /*
1682 * First, make or update the interface address structure, and link it
1683 * to the list.
1684 */
1685 error = in6_update_ifa(ifp, ifra, 0, &ia);
1686 if (error != 0) {
1687 goto done;
1688 }
1689 VERIFY(ia != NULL);
1690
1691 /* Now, make the prefix on-link on the interface. */
1692 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
1693 if (plen == 128) {
1694 goto done;
1695 }
1696
1697 /*
1698 * NOTE: We'd rather create the prefix before the address, but we need
1699 * at least one address to install the corresponding interface route,
1700 * so we configure the address first.
1701 */
1702
1703 /*
1704 * Convert mask to prefix length (prefixmask has already been validated
1705 * in in6_update_ifa().
1706 */
1707 bzero(&pr0, sizeof(pr0));
1708 pr0.ndpr_plen = plen;
1709 pr0.ndpr_ifp = ifp;
1710 pr0.ndpr_prefix = ifra->ifra_addr;
1711 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
1712
1713 /* apply the mask for safety. */
1714 for (i = 0; i < 4; i++) {
1715 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1716 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
1717 }
1718
1719 /*
1720 * Since we don't have an API to set prefix (not address) lifetimes, we
1721 * just use the same lifetimes as addresses. The (temporarily)
1722 * installed lifetimes can be overridden by later advertised RAs (when
1723 * accept_rtadv is non 0), which is an intended behavior.
1724 */
1725 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
1726 pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF);
1727 if (ifra->ifra_flags & (IN6_IFF_AUTOCONF | IN6_IFF_DYNAMIC)) {
1728 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
1729 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
1730 } else {
1731 pr0.ndpr_vltime = ND6_INFINITE_LIFETIME;
1732 pr0.ndpr_pltime = ND6_INFINITE_LIFETIME;
1733 }
1734 pr0.ndpr_stateflags |= NDPRF_STATIC;
1735 lck_mtx_init(&pr0.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
1736
1737 /* add the prefix if there's none. */
1738 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_NEVER)) == NULL) {
1739 /*
1740 * nd6_prelist_add will install the corresponding interface
1741 * route.
1742 */
1743 error = nd6_prelist_add(&pr0, NULL, &pr, FALSE);
1744 if (error != 0) {
1745 goto done;
1746 }
1747
1748 if (pr == NULL) {
1749 log(LOG_ERR, "%s: nd6_prelist_add okay, but"
1750 " no prefix.\n", __func__);
1751 error = EINVAL;
1752 goto done;
1753 }
1754 }
1755
1756 IFA_LOCK(&ia->ia_ifa);
1757
1758 /* if this is a new autoconfed addr */
1759 addtmp = FALSE;
1760 if (ia->ia6_ndpr == NULL) {
1761 NDPR_LOCK(pr);
1762 ++pr->ndpr_addrcnt;
1763 VERIFY(pr->ndpr_addrcnt != 0);
1764 ia->ia6_ndpr = pr;
1765 NDPR_ADDREF(pr); /* for addr reference */
1766
1767 /*
1768 * If this is the first autoconf address from the prefix,
1769 * create a temporary address as well (when specified).
1770 */
1771 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
1772 ip6_use_tempaddr &&
1773 pr->ndpr_addrcnt == 1) {
1774 addtmp = true;
1775 }
1776 NDPR_UNLOCK(pr);
1777 }
1778
1779 IFA_UNLOCK(&ia->ia_ifa);
1780
1781 if (addtmp) {
1782 int e;
1783 e = in6_tmpifadd(ia, 1);
1784 if (e != 0) {
1785 log(LOG_NOTICE, "%s: failed to create a"
1786 " temporary address, error=%d\n",
1787 __func__, e);
1788 }
1789 }
1790
1791 /*
1792 * This might affect the status of autoconfigured addresses, that is,
1793 * this address might make other addresses detached.
1794 */
1795 lck_mtx_lock(nd6_mutex);
1796 pfxlist_onlink_check();
1797 lck_mtx_unlock(nd6_mutex);
1798
1799 /* Drop use count held above during lookup/add */
1800 NDPR_REMREF(pr);
1801
1802 done:
1803 if (ia != NULL) {
1804 IFA_REMREF(&ia->ia_ifa);
1805 }
1806 return error;
1807 }
1808
1809 static __attribute__((noinline)) void
1810 in6ctl_difaddr(struct ifnet *ifp, struct in6_ifaddr *ia)
1811 {
1812 int i = 0;
1813 struct nd_prefix pr0, *pr;
1814
1815 VERIFY(ifp != NULL && ia != NULL);
1816
1817 /*
1818 * If the address being deleted is the only one that owns
1819 * the corresponding prefix, expire the prefix as well.
1820 * XXX: theoretically, we don't have to worry about such
1821 * relationship, since we separate the address management
1822 * and the prefix management. We do this, however, to provide
1823 * as much backward compatibility as possible in terms of
1824 * the ioctl operation.
1825 * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
1826 */
1827 IFA_LOCK(&ia->ia_ifa);
1828 bzero(&pr0, sizeof(pr0));
1829 pr0.ndpr_ifp = ifp;
1830 pr0.ndpr_plen = (uint8_t)in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1831 if (pr0.ndpr_plen == 128) {
1832 IFA_UNLOCK(&ia->ia_ifa);
1833 goto purgeaddr;
1834 }
1835 pr0.ndpr_prefix = ia->ia_addr;
1836 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
1837 for (i = 0; i < 4; i++) {
1838 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1839 ia->ia_prefixmask.sin6_addr.s6_addr32[i];
1840 }
1841 IFA_UNLOCK(&ia->ia_ifa);
1842
1843 if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
1844 IFA_LOCK(&ia->ia_ifa);
1845 NDPR_LOCK(pr);
1846 if (pr->ndpr_addrcnt == 1) {
1847 /* XXX: just for expiration */
1848 pr->ndpr_expire = 1;
1849 }
1850 NDPR_UNLOCK(pr);
1851 IFA_UNLOCK(&ia->ia_ifa);
1852
1853 /* Drop use count held above during lookup */
1854 NDPR_REMREF(pr);
1855 }
1856
1857 purgeaddr:
1858 in6_purgeaddr(&ia->ia_ifa);
1859 }
1860
1861 static __attribute__((noinline)) int
1862 in6_autoconf(struct ifnet *ifp, int enable)
1863 {
1864 int error = 0;
1865
1866 VERIFY(ifp != NULL);
1867
1868 if (ifp->if_flags & IFF_LOOPBACK) {
1869 return EINVAL;
1870 }
1871
1872 if (enable) {
1873 /*
1874 * An interface in IPv6 router mode implies that it
1875 * is either configured with a static IP address or
1876 * autoconfigured via a locally-generated RA. Prevent
1877 * SIOCAUTOCONF_START from being set in that mode.
1878 */
1879 ifnet_lock_exclusive(ifp);
1880 if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
1881 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1882 error = EBUSY;
1883 } else {
1884 if_set_eflags(ifp, IFEF_ACCEPT_RTADV);
1885 }
1886 ifnet_lock_done(ifp);
1887 } else {
1888 struct in6_ifaddr *ia = NULL;
1889
1890 if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
1891
1892 /* Remove autoconfigured address from interface */
1893 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1894 boolean_t from_begining = TRUE;
1895 while (from_begining) {
1896 from_begining = FALSE;
1897 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
1898 if (ia->ia_ifa.ifa_ifp != ifp) {
1899 continue;
1900 }
1901 IFA_LOCK(&ia->ia_ifa);
1902 if (ia->ia6_flags & IN6_IFF_AUTOCONF) {
1903 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
1904 IFA_UNLOCK(&ia->ia_ifa);
1905 lck_rw_done(&in6_ifaddr_rwlock);
1906 in6_purgeaddr(&ia->ia_ifa);
1907 IFA_REMREF(&ia->ia_ifa); /* for us */
1908 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1909 /*
1910 * Purging the address caused in6_ifaddr_rwlock
1911 * to be dropped and reacquired;
1912 * therefore search again from the beginning
1913 * of in6_ifaddrs list.
1914 */
1915 from_begining = TRUE;
1916 break;
1917 }
1918 IFA_UNLOCK(&ia->ia_ifa);
1919 }
1920 }
1921 lck_rw_done(&in6_ifaddr_rwlock);
1922 }
1923 return error;
1924 }
1925
1926 /*
1927 * Handle SIOCSETROUTERMODE_IN6 to set the IPv6 router mode on the interface
1928 * Entering or exiting IPV6_ROUTER_MODE_EXCLUSIVE will result in the removal of
1929 * autoconfigured IPv6 addresses on the interface.
1930 */
1931 static __attribute__((noinline)) int
1932 in6_setrouter(struct ifnet *ifp, ipv6_router_mode_t mode)
1933 {
1934 int error = 0;
1935 ipv6_router_mode_t prev_mode;
1936
1937 VERIFY(ifp != NULL);
1938
1939 if (ifp->if_flags & IFF_LOOPBACK) {
1940 return ENODEV;
1941 }
1942
1943 prev_mode = ifp->if_ipv6_router_mode;
1944 if (prev_mode == mode) {
1945 /* no mode change, there's nothing to do */
1946 return 0;
1947 }
1948 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
1949 struct nd_ifinfo *ndi = NULL;
1950
1951 ndi = ND_IFINFO(ifp);
1952 if (ndi != NULL && ndi->initialized) {
1953 lck_mtx_lock(&ndi->lock);
1954 if (ndi->flags & ND6_IFF_PROXY_PREFIXES) {
1955 /* No proxy if we are an advertising router */
1956 ndi->flags &= ~ND6_IFF_PROXY_PREFIXES;
1957 lck_mtx_unlock(&ndi->lock);
1958 (void) nd6_if_prproxy(ifp, FALSE);
1959 } else {
1960 lck_mtx_unlock(&ndi->lock);
1961 }
1962 }
1963 }
1964
1965 ifp->if_ipv6_router_mode = mode;
1966 lck_mtx_lock(nd6_mutex);
1967 defrouter_select(ifp, NULL);
1968 lck_mtx_unlock(nd6_mutex);
1969 if_allmulti(ifp, (mode == IPV6_ROUTER_MODE_EXCLUSIVE));
1970 if (mode == IPV6_ROUTER_MODE_EXCLUSIVE ||
1971 (prev_mode == IPV6_ROUTER_MODE_EXCLUSIVE
1972 && mode == IPV6_ROUTER_MODE_DISABLED)) {
1973 error = in6_autoconf(ifp, FALSE);
1974 }
1975 return error;
1976 }
1977
1978 static int
1979 in6_to_kamescope(struct sockaddr_in6 *sin6, struct ifnet *ifp)
1980 {
1981 struct sockaddr_in6 tmp;
1982 int error, id;
1983
1984 VERIFY(sin6 != NULL);
1985 tmp = *sin6;
1986
1987 error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp);
1988 if (error != 0) {
1989 return error;
1990 }
1991
1992 id = in6_addr2scopeid(ifp, &tmp.sin6_addr);
1993 if (tmp.sin6_scope_id == 0) {
1994 tmp.sin6_scope_id = id;
1995 } else if (tmp.sin6_scope_id != id) {
1996 return EINVAL; /* scope ID mismatch. */
1997 }
1998 error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL);
1999 if (error != 0) {
2000 return error;
2001 }
2002
2003 tmp.sin6_scope_id = 0;
2004 *sin6 = tmp;
2005 return 0;
2006 }
2007
2008 /*
2009 * When the address is being configured we should clear out certain flags
2010 * coming in from the caller.
2011 */
2012 #define IN6_IFF_CLR_ADDR_FLAG_MASK (~(IN6_IFF_DEPRECATED | IN6_IFF_DETACHED | IN6_IFF_DUPLICATED))
2013
2014 static int
2015 in6_ifaupdate_aux(struct in6_ifaddr *ia, struct ifnet *ifp, int ifaupflags)
2016 {
2017 struct sockaddr_in6 mltaddr, mltmask;
2018 struct in6_addr llsol;
2019 struct ifaddr *ifa;
2020 struct in6_multi *in6m_sol;
2021 struct in6_multi_mship *imm;
2022 struct rtentry *rt;
2023 int delay, error = 0;
2024
2025 VERIFY(ifp != NULL && ia != NULL);
2026 ifa = &ia->ia_ifa;
2027 in6m_sol = NULL;
2028
2029 nd6log2(debug, "%s - %s ifp %s ia6_flags 0x%x ifaupflags 0x%x\n",
2030 __func__,
2031 ip6_sprintf(&ia->ia_addr.sin6_addr),
2032 if_name(ia->ia_ifp),
2033 ia->ia6_flags,
2034 ifaupflags);
2035
2036 /*
2037 * Just to be safe, always clear certain flags when address
2038 * is being configured
2039 */
2040 ia->ia6_flags &= IN6_IFF_CLR_ADDR_FLAG_MASK;
2041
2042 /*
2043 * Mark the address as tentative before joining multicast addresses,
2044 * so that corresponding MLD responses would not have a tentative
2045 * source address.
2046 */
2047 if (in6if_do_dad(ifp)) {
2048 in6_ifaddr_set_dadprogress(ia);
2049 /*
2050 * Do not delay sending neighbor solicitations when using optimistic
2051 * duplicate address detection, c.f. RFC 4429.
2052 */
2053 if (ia->ia6_flags & IN6_IFF_OPTIMISTIC) {
2054 ifaupflags &= ~IN6_IFAUPDATE_DADDELAY;
2055 } else {
2056 ifaupflags |= IN6_IFAUPDATE_DADDELAY;
2057 }
2058 } else {
2059 /*
2060 * If the interface has been marked to not perform
2061 * DAD, make sure to reset DAD in progress flags
2062 * that may come in from the caller.
2063 */
2064 ia->ia6_flags &= ~IN6_IFF_DADPROGRESS;
2065 }
2066
2067 /* Join necessary multicast groups */
2068 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
2069 /* join solicited multicast addr for new host id */
2070 bzero(&llsol, sizeof(struct in6_addr));
2071 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
2072 llsol.s6_addr32[1] = 0;
2073 llsol.s6_addr32[2] = htonl(1);
2074 llsol.s6_addr32[3] = ia->ia_addr.sin6_addr.s6_addr32[3];
2075 llsol.s6_addr8[12] = 0xff;
2076 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) {
2077 /* XXX: should not happen */
2078 log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
2079 goto unwind;
2080 }
2081 delay = 0;
2082 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2083 /*
2084 * We need a random delay for DAD on the address
2085 * being configured. It also means delaying
2086 * transmission of the corresponding MLD report to
2087 * avoid report collision. [RFC 4862]
2088 */
2089 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2090 }
2091 imm = in6_joingroup(ifp, &llsol, &error, delay);
2092 if (imm == NULL) {
2093 nd6log(info,
2094 "%s: addmulti failed for %s on %s (errno=%d)\n",
2095 __func__, ip6_sprintf(&llsol), if_name(ifp),
2096 error);
2097 VERIFY(error != 0);
2098 goto unwind;
2099 }
2100 in6m_sol = imm->i6mm_maddr;
2101 /* take a refcount for this routine */
2102 IN6M_ADDREF(in6m_sol);
2103
2104 IFA_LOCK_SPIN(ifa);
2105 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2106 IFA_UNLOCK(ifa);
2107
2108 bzero(&mltmask, sizeof(mltmask));
2109 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2110 mltmask.sin6_family = AF_INET6;
2111 mltmask.sin6_addr = in6mask32;
2112 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */
2113
2114 /*
2115 * join link-local all-nodes address
2116 */
2117 bzero(&mltaddr, sizeof(mltaddr));
2118 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2119 mltaddr.sin6_family = AF_INET6;
2120 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
2121 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) {
2122 goto unwind; /* XXX: should not fail */
2123 }
2124 /*
2125 * XXX: do we really need this automatic routes?
2126 * We should probably reconsider this stuff. Most applications
2127 * actually do not need the routes, since they usually specify
2128 * the outgoing interface.
2129 */
2130 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2131 ia->ia_ifp->if_index);
2132 if (rt) {
2133 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2134 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2135 rtfree(rt);
2136 rt = NULL;
2137 }
2138 }
2139 if (!rt) {
2140 error = rtrequest_scoped(RTM_ADD,
2141 (struct sockaddr *)&mltaddr,
2142 (struct sockaddr *)&ia->ia_addr,
2143 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2144 NULL, ia->ia_ifp->if_index);
2145 if (error) {
2146 goto unwind;
2147 }
2148 } else {
2149 rtfree(rt);
2150 }
2151
2152 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2153 if (!imm) {
2154 nd6log(info,
2155 "%s: addmulti failed for %s on %s (errno=%d)\n",
2156 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2157 if_name(ifp), error);
2158 VERIFY(error != 0);
2159 goto unwind;
2160 }
2161 IFA_LOCK_SPIN(ifa);
2162 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2163 IFA_UNLOCK(ifa);
2164
2165 /*
2166 * join node information group address
2167 */
2168 #define hostnamelen strlen(hostname)
2169 delay = 0;
2170 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2171 /*
2172 * The spec doesn't say anything about delay for this
2173 * group, but the same logic should apply.
2174 */
2175 delay = random() % MAX_RTR_SOLICITATION_DELAY;
2176 }
2177 lck_mtx_lock(&hostname_lock);
2178 int n = in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr);
2179 lck_mtx_unlock(&hostname_lock);
2180 if (n == 0) {
2181 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
2182 delay); /* XXX jinmei */
2183 if (!imm) {
2184 nd6log(info,
2185 "%s: addmulti failed for %s on %s "
2186 "(errno=%d)\n",
2187 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2188 if_name(ifp), error);
2189 /* XXX not very fatal, go on... */
2190 error = 0;
2191 } else {
2192 IFA_LOCK_SPIN(ifa);
2193 LIST_INSERT_HEAD(&ia->ia6_memberships,
2194 imm, i6mm_chain);
2195 IFA_UNLOCK(ifa);
2196 }
2197 }
2198 #undef hostnamelen
2199
2200 /*
2201 * join interface-local all-nodes address.
2202 * (ff01::1%ifN, and ff01::%ifN/32)
2203 */
2204 mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
2205 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) {
2206 goto unwind; /* XXX: should not fail */
2207 }
2208 /* XXX: again, do we really need the route? */
2209 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2210 ia->ia_ifp->if_index);
2211 if (rt) {
2212 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2213 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2214 rtfree(rt);
2215 rt = NULL;
2216 }
2217 }
2218 if (!rt) {
2219 error = rtrequest_scoped(RTM_ADD,
2220 (struct sockaddr *)&mltaddr,
2221 (struct sockaddr *)&ia->ia_addr,
2222 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2223 NULL, ia->ia_ifp->if_index);
2224 if (error) {
2225 goto unwind;
2226 }
2227 } else {
2228 rtfree(rt);
2229 }
2230
2231 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
2232 if (!imm) {
2233 nd6log(info,
2234 "%s: addmulti failed for %s on %s (errno=%d)\n",
2235 __func__, ip6_sprintf(&mltaddr.sin6_addr),
2236 if_name(ifp), error);
2237 VERIFY(error != 0);
2238 goto unwind;
2239 }
2240 IFA_LOCK(ifa);
2241 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2242 IFA_UNLOCK(ifa);
2243 #undef MLTMASK_LEN
2244
2245 /*
2246 * create a ff00::/8 route
2247 */
2248 bzero(&mltmask, sizeof(mltmask));
2249 mltmask.sin6_len = sizeof(struct sockaddr_in6);
2250 mltmask.sin6_family = AF_INET6;
2251 mltmask.sin6_addr = in6mask8;
2252 #define MLTMASK_LEN_8_BITS 1 /* ff00::/8 mltmask's masklen (=8bit=1octet) */
2253
2254 bzero(&mltaddr, sizeof(mltaddr));
2255 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
2256 mltaddr.sin6_family = AF_INET6;
2257 mltaddr.sin6_addr = in6addr_multicast_prefix;
2258
2259 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
2260 ia->ia_ifp->if_index);
2261 if (rt) {
2262 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2263 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN_8_BITS)) {
2264 rtfree(rt);
2265 rt = NULL;
2266 }
2267 }
2268 if (!rt) {
2269 error = rtrequest_scoped(RTM_ADD,
2270 (struct sockaddr *)&mltaddr,
2271 (struct sockaddr *)&ia->ia_addr,
2272 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
2273 NULL, ia->ia_ifp->if_index);
2274 if (error) {
2275 goto unwind;
2276 }
2277 } else {
2278 rtfree(rt);
2279 }
2280 }
2281 #undef MLTMASK_LEN_8_BITS
2282
2283 /* Ensure nd6_service() is scheduled as soon as it's convenient */
2284 ++nd6_sched_timeout_want;
2285
2286 /*
2287 * Perform DAD, if:
2288 * * Interface is marked to perform DAD, AND
2289 * * Address is not marked to skip DAD, AND
2290 * * Address is in a pre-DAD state (Tentative or Optimistic)
2291 */
2292 IFA_LOCK_SPIN(ifa);
2293 if (in6if_do_dad(ifp) && (ia->ia6_flags & IN6_IFF_NODAD) == 0 &&
2294 (ia->ia6_flags & IN6_IFF_DADPROGRESS) != 0) {
2295 int mindelay, maxdelay;
2296 int *delayptr, delayval;
2297
2298 IFA_UNLOCK(ifa);
2299 delayptr = NULL;
2300 /*
2301 * Avoid the DAD delay if the caller wants us to skip it.
2302 * This is not compliant with RFC 2461, but it's only being
2303 * used for signalling and not for actual DAD.
2304 */
2305 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY) &&
2306 !(ia->ia6_flags & IN6_IFF_SWIFTDAD)) {
2307 /*
2308 * We need to impose a delay before sending an NS
2309 * for DAD. Check if we also needed a delay for the
2310 * corresponding MLD message. If we did, the delay
2311 * should be larger than the MLD delay (this could be
2312 * relaxed a bit, but this simple logic is at least
2313 * safe).
2314 */
2315 mindelay = 0;
2316 if (in6m_sol != NULL) {
2317 IN6M_LOCK(in6m_sol);
2318 if (in6m_sol->in6m_state ==
2319 MLD_REPORTING_MEMBER) {
2320 mindelay = in6m_sol->in6m_timer;
2321 }
2322 IN6M_UNLOCK(in6m_sol);
2323 }
2324 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
2325 if (maxdelay - mindelay == 0) {
2326 delayval = 0;
2327 } else {
2328 delayval =
2329 (random() % (maxdelay - mindelay)) +
2330 mindelay;
2331 }
2332 delayptr = &delayval;
2333 }
2334
2335 nd6_dad_start((struct ifaddr *)ia, delayptr);
2336 } else {
2337 IFA_UNLOCK(ifa);
2338 }
2339
2340 goto done;
2341
2342 unwind:
2343 VERIFY(error != 0);
2344 in6_purgeaddr(&ia->ia_ifa);
2345
2346 done:
2347 /* release reference held for this routine */
2348 if (in6m_sol != NULL) {
2349 IN6M_REMREF(in6m_sol);
2350 }
2351 return error;
2352 }
2353
2354 /*
2355 * Request an IPv6 interface address. If the address is new, then it will be
2356 * constructed and appended to the interface address chains. The interface
2357 * address structure is optionally returned with a reference for the caller.
2358 */
2359 int
2360 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int ifaupflags,
2361 struct in6_ifaddr **iar)
2362 {
2363 struct in6_addrlifetime ia6_lt;
2364 struct in6_ifaddr *ia;
2365 struct ifaddr *ifa;
2366 struct ifaddr *xifa;
2367 struct in6_addrlifetime *lt;
2368 uint64_t timenow;
2369 int plen, error;
2370
2371 /* Sanity check parameters and initialize locals */
2372 VERIFY(ifp != NULL && ifra != NULL && iar != NULL);
2373 ia = NULL;
2374 ifa = NULL;
2375 error = 0;
2376
2377 /*
2378 * We always require users to specify a valid IPv6 address for
2379 * the corresponding operation.
2380 */
2381 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
2382 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
2383 error = EAFNOSUPPORT;
2384 goto unwind;
2385 }
2386
2387 /* Validate ifra_prefixmask.sin6_len is properly bounded. */
2388 if (ifra->ifra_prefixmask.sin6_len == 0 ||
2389 ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) {
2390 error = EINVAL;
2391 goto unwind;
2392 }
2393
2394 /* Validate prefix length extracted from ifra_prefixmask structure. */
2395 plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
2396 (u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len);
2397 if (plen <= 0) {
2398 error = EINVAL;
2399 goto unwind;
2400 }
2401
2402 /* Validate lifetimes */
2403 lt = &ifra->ifra_lifetime;
2404 if (lt->ia6t_pltime > lt->ia6t_vltime) {
2405 log(LOG_INFO,
2406 "%s: pltime 0x%x > vltime 0x%x for %s\n", __func__,
2407 lt->ia6t_pltime, lt->ia6t_vltime,
2408 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2409 error = EINVAL;
2410 goto unwind;
2411 }
2412 if (lt->ia6t_vltime == 0) {
2413 /*
2414 * the following log might be noisy, but this is a typical
2415 * configuration mistake or a tool's bug.
2416 */
2417 log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
2418 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2419 }
2420
2421 /*
2422 * Before we lock the ifnet structure, we first check to see if the
2423 * address already exists. If so, then we don't allocate and link a
2424 * new one here.
2425 */
2426 struct sockaddr_in6 lookup_address = ifra->ifra_addr;
2427 if (IN6_IS_ADDR_LINKLOCAL(&lookup_address.sin6_addr)) {
2428 if (lookup_address.sin6_addr.s6_addr16[1] == 0) {
2429 /* link ID is not embedded by the user */
2430 lookup_address.sin6_addr.s6_addr16[1] =
2431 htons(ifp->if_index);
2432 } else if (lookup_address.sin6_addr.s6_addr16[1] !=
2433 htons(ifp->if_index)) {
2434 error = EINVAL; /* link ID contradicts */
2435 goto done;
2436 }
2437 if (lookup_address.sin6_scope_id != 0 &&
2438 lookup_address.sin6_scope_id !=
2439 (u_int32_t)ifp->if_index) {
2440 error = EINVAL;
2441 goto done;
2442 }
2443 }
2444
2445 ia = in6ifa_ifpwithaddr(ifp, &lookup_address.sin6_addr);
2446 if (ia != NULL) {
2447 ifa = &ia->ia_ifa;
2448 }
2449
2450 /*
2451 * Validate destination address on interface types that require it.
2452 */
2453 if ((ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) {
2454 switch (ifra->ifra_dstaddr.sin6_family) {
2455 case AF_INET6:
2456 if (plen != 128) {
2457 /* noisy message for diagnostic purposes */
2458 log(LOG_INFO,
2459 "%s: prefix length < 128 with"
2460 " explicit dstaddr.\n", __func__);
2461 error = EINVAL;
2462 goto unwind;
2463 }
2464 break;
2465
2466 case AF_UNSPEC:
2467 break;
2468
2469 default:
2470 error = EAFNOSUPPORT;
2471 goto unwind;
2472 }
2473 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) {
2474 log(LOG_INFO,
2475 "%s: dstaddr valid only on p2p and loopback interfaces.\n",
2476 __func__);
2477 error = EINVAL;
2478 goto unwind;
2479 }
2480
2481 timenow = net_uptime();
2482
2483 if (ia == NULL) {
2484 zalloc_flags_t how;
2485
2486 /* Is this the first new IPv6 address for the interface? */
2487 ifaupflags |= IN6_IFAUPDATE_NEWADDR;
2488
2489 /* Allocate memory for IPv6 interface address structure. */
2490 how = (ifaupflags & IN6_IFAUPDATE_NOWAIT) ? Z_NOWAIT : Z_WAITOK;
2491 ia = in6_ifaddr_alloc(how);
2492 if (ia == NULL) {
2493 error = ENOBUFS;
2494 goto unwind;
2495 }
2496
2497 ifa = &ia->ia_ifa;
2498
2499 /*
2500 * Initialize interface address structure.
2501 *
2502 * Note well: none of these sockaddr_in6 structures contain a
2503 * valid sin6_port, sin6_flowinfo or even a sin6_scope_id field.
2504 * We still embed link-local scope identifiers at the end of an
2505 * arbitrary fe80::/32 prefix, for historical reasons. Also, the
2506 * ifa_dstaddr field is always non-NULL on point-to-point and
2507 * loopback interfaces, and conventionally points to a socket
2508 * address of AF_UNSPEC family when there is no destination.
2509 *
2510 * Please enjoy the dancing sea turtle.
2511 */
2512 IFA_ADDREF(ifa); /* for this and optionally for caller */
2513 IA6_HASH_INIT(ia);
2514 ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
2515 if (ifra->ifra_dstaddr.sin6_family == AF_INET6 ||
2516 (ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
2517 ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
2518 }
2519 ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
2520 ifa->ifa_ifp = ifp;
2521 ifa->ifa_metric = ifp->if_metric;
2522 ifa->ifa_rtrequest = nd6_rtrequest;
2523
2524 LIST_INIT(&ia->ia6_memberships);
2525 ia->ia_addr.sin6_family = AF_INET6;
2526 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
2527 ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr;
2528 ia->ia_prefixmask.sin6_family = AF_INET6;
2529 ia->ia_prefixmask.sin6_len = sizeof(ia->ia_prefixmask);
2530 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
2531 error = in6_to_kamescope(&ia->ia_addr, ifp);
2532 if (error != 0) {
2533 goto unwind;
2534 }
2535 if (ifa->ifa_dstaddr != NULL) {
2536 ia->ia_dstaddr = ifra->ifra_dstaddr;
2537 error = in6_to_kamescope(&ia->ia_dstaddr, ifp);
2538 if (error != 0) {
2539 goto unwind;
2540 }
2541 }
2542
2543 /* Append to address chains */
2544 ifnet_lock_exclusive(ifp);
2545 ifaupflags |= IN6_IFAUPDATE_1STADDR;
2546 TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) {
2547 IFA_LOCK_SPIN(xifa);
2548 if (xifa->ifa_addr->sa_family != AF_INET6) {
2549 IFA_UNLOCK(xifa);
2550 ifaupflags &= ~IN6_IFAUPDATE_1STADDR;
2551 break;
2552 }
2553 IFA_UNLOCK(xifa);
2554 }
2555
2556 IFA_LOCK_SPIN(ifa);
2557 if_attach_ifa(ifp, ifa); /* holds reference for ifnet link */
2558 IFA_UNLOCK(ifa);
2559 ifnet_lock_done(ifp);
2560
2561 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2562 TAILQ_INSERT_TAIL(&in6_ifaddrhead, ia, ia6_link);
2563 IFA_ADDREF(ifa); /* hold for in6_ifaddrs link */
2564 lck_rw_done(&in6_ifaddr_rwlock);
2565 } else {
2566 ifa = &ia->ia_ifa;
2567 ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR | IN6_IFAUPDATE_1STADDR);
2568 }
2569
2570 VERIFY(ia != NULL && ifa == &ia->ia_ifa);
2571 IFA_LOCK(ifa);
2572
2573 /*
2574 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
2575 * to see if the address is deprecated or invalidated, but initialize
2576 * these members for applications.
2577 */
2578 ia->ia6_updatetime = ia->ia6_createtime = timenow;
2579 ia6_lt = *lt;
2580 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
2581 ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
2582 } else {
2583 ia6_lt.ia6t_expire = 0;
2584 }
2585 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
2586 ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
2587 } else {
2588 ia6_lt.ia6t_preferred = 0;
2589 }
2590 in6ifa_setlifetime(ia, &ia6_lt);
2591
2592 /*
2593 * Backward compatibility - if IN6_IFF_DEPRECATED is set from the
2594 * userland, make it deprecated.
2595 */
2596 if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
2597 ia->ia6_lifetime.ia6ti_pltime = 0;
2598 ia->ia6_lifetime.ia6ti_preferred = timenow;
2599 }
2600
2601 /*
2602 * Update flag or prefix length
2603 */
2604 ia->ia_plen = plen;
2605 ia->ia6_flags = ifra->ifra_flags;
2606
2607 /* Release locks (new address available to concurrent tasks) */
2608 IFA_UNLOCK(ifa);
2609
2610 /* Further initialization of the interface address */
2611 error = in6_ifinit(ifp, ia, ifaupflags);
2612 if (error != 0) {
2613 goto unwind;
2614 }
2615
2616 /* Finish updating the address while other tasks are working with it */
2617 error = in6_ifaupdate_aux(ia, ifp, ifaupflags);
2618 if (error != 0) {
2619 goto unwind;
2620 }
2621
2622 /* Return success (optionally w/ address for caller). */
2623 VERIFY(error == 0);
2624 (void) ifnet_notify_address(ifp, AF_INET6);
2625 goto done;
2626
2627 unwind:
2628 VERIFY(error != 0);
2629 if (ia != NULL) {
2630 VERIFY(ifa == &ia->ia_ifa);
2631 IFA_REMREF(ifa);
2632 ia = NULL;
2633 }
2634
2635 done:
2636 *iar = ia;
2637 return error;
2638 }
2639
2640 void
2641 in6_purgeaddr(struct ifaddr *ifa)
2642 {
2643 struct ifnet *ifp = ifa->ifa_ifp;
2644 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
2645 struct in6_multi_mship *imm;
2646
2647 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2648
2649 /* stop DAD processing */
2650 nd6_dad_stop(ifa);
2651
2652 /*
2653 * delete route to the destination of the address being purged.
2654 * The interface must be p2p or loopback in this case.
2655 */
2656 IFA_LOCK(ifa);
2657 if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128) {
2658 int error, rtf;
2659
2660 IFA_UNLOCK(ifa);
2661 rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0;
2662 error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf);
2663 if (error != 0) {
2664 log(LOG_ERR, "in6_purgeaddr: failed to remove "
2665 "a route to the p2p destination: %s on %s, "
2666 "errno=%d\n",
2667 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
2668 error);
2669 /* proceed anyway... */
2670 }
2671 IFA_LOCK_SPIN(ifa);
2672 ia->ia_flags &= ~IFA_ROUTE;
2673 }
2674 IFA_UNLOCK(ifa);
2675
2676 /* Remove ownaddr's loopback rtentry, if it exists. */
2677 in6_ifremloop(&(ia->ia_ifa));
2678
2679 /*
2680 * leave from multicast groups we have joined for the interface
2681 */
2682 IFA_LOCK(ifa);
2683 while ((imm = ia->ia6_memberships.lh_first) != NULL) {
2684 LIST_REMOVE(imm, i6mm_chain);
2685 IFA_UNLOCK(ifa);
2686 in6_leavegroup(imm);
2687 IFA_LOCK(ifa);
2688 }
2689 IFA_UNLOCK(ifa);
2690
2691 /* in6_unlink_ifa() will need exclusive access */
2692 in6_unlink_ifa(ia, ifp);
2693 in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia, NULL);
2694
2695 (void) ifnet_notify_address(ifp, AF_INET6);
2696 }
2697
2698 static void
2699 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
2700 {
2701 struct in6_ifaddr *nia;
2702 struct ifaddr *ifa;
2703 int unlinked;
2704
2705 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2706
2707 ifa = &ia->ia_ifa;
2708 IFA_ADDREF(ifa);
2709
2710 ifnet_lock_exclusive(ifp);
2711 IFA_LOCK(ifa);
2712 if (ifa->ifa_debug & IFD_ATTACHED) {
2713 if_detach_ifa(ifp, ifa);
2714 }
2715 IFA_UNLOCK(ifa);
2716 ifnet_lock_done(ifp);
2717
2718 unlinked = 0;
2719 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2720 TAILQ_FOREACH(nia, &in6_ifaddrhead, ia6_link) {
2721 if (ia == nia) {
2722 TAILQ_REMOVE(&in6_ifaddrhead, ia, ia6_link);
2723 IFA_LOCK(ifa);
2724 if (IA6_IS_HASHED(ia)) {
2725 in6_iahash_remove(ia);
2726 }
2727 IFA_UNLOCK(ifa);
2728 unlinked = 1;
2729 break;
2730 }
2731 }
2732
2733 /*
2734 * When IPv6 address is being removed, release the
2735 * reference to the base prefix.
2736 * Also, since the release might, affect the status
2737 * of other (detached) addresses, call
2738 * pfxlist_onlink_check().
2739 */
2740 IFA_LOCK(ifa);
2741 /*
2742 * Only log the below message for addresses other than
2743 * link local.
2744 * Only one LLA (auto-configured or statically) is allowed
2745 * on an interface.
2746 * LLA prefix, while added to the prefix list, is not
2747 * reference countedi (as it is the only one).
2748 * The prefix also never expires on its own as LLAs
2749 * have infinite lifetime.
2750 *
2751 * For now quiece down the log message for LLAs.
2752 */
2753 if (!IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
2754 if (ia->ia6_ndpr == NULL) {
2755 log(LOG_NOTICE, "in6_unlink_ifa: IPv6 address "
2756 "0x%llx has no prefix\n",
2757 (uint64_t)VM_KERNEL_ADDRPERM(ia));
2758 } else {
2759 struct nd_prefix *pr = ia->ia6_ndpr;
2760 ia->ia6_flags &= ~IN6_IFF_AUTOCONF;
2761 ia->ia6_ndpr = NULL;
2762 NDPR_LOCK(pr);
2763 VERIFY(pr->ndpr_addrcnt != 0);
2764 pr->ndpr_addrcnt--;
2765 if (ia->ia6_flags & IN6_IFF_CLAT46) {
2766 pr->ndpr_stateflags &= ~NDPRF_CLAT46;
2767 }
2768 NDPR_UNLOCK(pr);
2769 NDPR_REMREF(pr); /* release addr reference */
2770 }
2771 }
2772 IFA_UNLOCK(ifa);
2773 lck_rw_done(&in6_ifaddr_rwlock);
2774
2775 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
2776 lck_mtx_lock(nd6_mutex);
2777 pfxlist_onlink_check();
2778 lck_mtx_unlock(nd6_mutex);
2779 }
2780 /*
2781 * release another refcnt for the link from in6_ifaddrs.
2782 * Do this only if it's not already unlinked in the event that we lost
2783 * the race, since in6_ifaddr_rwlock was momentarily dropped above.
2784 */
2785 if (unlinked) {
2786 IFA_REMREF(ifa);
2787 }
2788
2789 /* release reference held for this routine */
2790 IFA_REMREF(ifa);
2791
2792 /* invalidate route caches */
2793 routegenid_inet6_update();
2794 }
2795
2796 void
2797 in6_purgeif(struct ifnet *ifp)
2798 {
2799 struct in6_ifaddr *ia;
2800
2801 if (ifp == NULL) {
2802 return;
2803 }
2804
2805 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2806
2807 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2808 boolean_t from_begining = TRUE;
2809 while (from_begining) {
2810 from_begining = FALSE;
2811 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
2812 if (ia->ia_ifa.ifa_ifp != ifp) {
2813 continue;
2814 }
2815 IFA_ADDREF(&ia->ia_ifa); /* for us */
2816 lck_rw_done(&in6_ifaddr_rwlock);
2817 in6_purgeaddr(&ia->ia_ifa);
2818 IFA_REMREF(&ia->ia_ifa); /* for us */
2819 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2820 /*
2821 * Purging the address would have caused
2822 * in6_ifaddr_rwlock to be dropped and reacquired;
2823 * therefore search again from the beginning
2824 * of in6_ifaddrs list.
2825 */
2826 from_begining = TRUE;
2827 break;
2828 }
2829 }
2830 lck_rw_done(&in6_ifaddr_rwlock);
2831
2832 in6_ifdetach(ifp);
2833 }
2834
2835 /*
2836 * Initialize an interface's internet6 address and routing table entry.
2837 */
2838 static int
2839 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, int ifaupflags)
2840 {
2841 int error;
2842 struct ifaddr *ifa;
2843
2844 error = 0;
2845 ifa = &ia->ia_ifa;
2846
2847 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2848 IFA_LOCK(&ia->ia_ifa);
2849 if (IA6_IS_HASHED(ia)) {
2850 in6_iahash_remove(ia);
2851 }
2852 if ((ifp->if_flags & IFF_POINTOPOINT)) {
2853 in6_iahash_insert_ptp(ia);
2854 } else {
2855 in6_iahash_insert(ia);
2856 }
2857 IFA_UNLOCK(&ia->ia_ifa);
2858 lck_rw_done(&in6_ifaddr_rwlock);
2859
2860 /*
2861 * NOTE: SIOCSIFADDR is defined with struct ifreq as parameter,
2862 * but here we are sending it down to the interface with a pointer
2863 * to struct ifaddr, for legacy reasons.
2864 */
2865 if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != 0) {
2866 error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia);
2867 if (error != 0) {
2868 if (error != EOPNOTSUPP) {
2869 goto failed;
2870 }
2871 error = 0;
2872 }
2873 }
2874
2875 IFA_LOCK(ifa);
2876
2877 /*
2878 * Special case:
2879 * If the destination address is specified for a point-to-point
2880 * interface, install a route to the destination as an interface
2881 * direct route.
2882 */
2883 if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128 &&
2884 ia->ia_dstaddr.sin6_family == AF_INET6) {
2885 IFA_UNLOCK(ifa);
2886 error = rtinit(ifa, RTM_ADD, RTF_UP | RTF_HOST);
2887 if (error != 0) {
2888 goto failed;
2889 }
2890 IFA_LOCK(ifa);
2891 ia->ia_flags |= IFA_ROUTE;
2892 }
2893 IFA_LOCK_ASSERT_HELD(ifa);
2894 if (ia->ia_plen < 128) {
2895 /*
2896 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
2897 */
2898 ia->ia_flags |= RTF_CLONING;
2899 }
2900
2901 IFA_UNLOCK(ifa);
2902
2903 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
2904 if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != 0) {
2905 in6_ifaddloop(ifa);
2906 }
2907
2908 /* invalidate route caches */
2909 routegenid_inet6_update();
2910
2911 VERIFY(error == 0);
2912 return 0;
2913 failed:
2914 VERIFY(error != 0);
2915 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2916 IFA_LOCK(&ia->ia_ifa);
2917 if (IA6_IS_HASHED(ia)) {
2918 in6_iahash_remove(ia);
2919 }
2920 IFA_UNLOCK(&ia->ia_ifa);
2921 lck_rw_done(&in6_ifaddr_rwlock);
2922
2923 return error;
2924 }
2925
2926 void
2927 in6_purgeaddrs(struct ifnet *ifp)
2928 {
2929 in6_purgeif(ifp);
2930 }
2931
2932 /*
2933 * Find an IPv6 interface link-local address specific to an interface.
2934 */
2935 struct in6_ifaddr *
2936 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
2937 {
2938 struct ifaddr *ifa;
2939
2940 ifnet_lock_shared(ifp);
2941 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
2942 {
2943 IFA_LOCK_SPIN(ifa);
2944 if (ifa->ifa_addr->sa_family != AF_INET6) {
2945 IFA_UNLOCK(ifa);
2946 continue;
2947 }
2948 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
2949 if ((((struct in6_ifaddr *)ifa)->ia6_flags &
2950 ignoreflags) != 0) {
2951 IFA_UNLOCK(ifa);
2952 continue;
2953 }
2954 IFA_ADDREF_LOCKED(ifa); /* for caller */
2955 IFA_UNLOCK(ifa);
2956 break;
2957 }
2958 IFA_UNLOCK(ifa);
2959 }
2960 ifnet_lock_done(ifp);
2961
2962 return (struct in6_ifaddr *)ifa;
2963 }
2964
2965 struct in6_ifaddr *
2966 in6ifa_ifpwithflag(struct ifnet * ifp, int flag)
2967 {
2968 struct ifaddr *ifa;
2969
2970 ifnet_lock_shared(ifp);
2971 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
2972 {
2973 IFA_LOCK_SPIN(ifa);
2974 if (ifa->ifa_addr->sa_family != AF_INET6) {
2975 IFA_UNLOCK(ifa);
2976 continue;
2977 }
2978 if ((((struct in6_ifaddr *)ifa)->ia6_flags & flag) == flag) {
2979 IFA_ADDREF_LOCKED(ifa);
2980 IFA_UNLOCK(ifa);
2981 break;
2982 }
2983 IFA_UNLOCK(ifa);
2984 }
2985 ifnet_lock_done(ifp);
2986
2987 return (struct in6_ifaddr *)ifa;
2988 }
2989
2990 /*
2991 * find the internet address corresponding to a given interface and address.
2992 */
2993 struct in6_ifaddr *
2994 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
2995 {
2996 struct ifaddr *ifa;
2997
2998 ifnet_lock_shared(ifp);
2999 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3000 {
3001 IFA_LOCK_SPIN(ifa);
3002 if (ifa->ifa_addr->sa_family != AF_INET6) {
3003 IFA_UNLOCK(ifa);
3004 continue;
3005 }
3006 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
3007 IFA_ADDREF_LOCKED(ifa); /* for caller */
3008 IFA_UNLOCK(ifa);
3009 break;
3010 }
3011 IFA_UNLOCK(ifa);
3012 }
3013 ifnet_lock_done(ifp);
3014
3015 return (struct in6_ifaddr *)ifa;
3016 }
3017
3018 struct in6_ifaddr *
3019 in6ifa_prproxyaddr(struct in6_addr *addr)
3020 {
3021 struct in6_ifaddr *ia;
3022
3023 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3024 TAILQ_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
3025 IFA_LOCK(&ia->ia_ifa);
3026 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(&ia->ia_ifa))) {
3027 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for caller */
3028 IFA_UNLOCK(&ia->ia_ifa);
3029 break;
3030 }
3031 IFA_UNLOCK(&ia->ia_ifa);
3032 }
3033 lck_rw_done(&in6_ifaddr_rwlock);
3034
3035 if (ia != NULL && !nd6_prproxy_ifaddr(ia)) {
3036 IFA_REMREF(&ia->ia_ifa);
3037 ia = NULL;
3038 }
3039
3040 return ia;
3041 }
3042
3043 void
3044 in6ifa_getlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_dst,
3045 int iscalendar)
3046 {
3047 struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime;
3048 struct timeval caltime;
3049
3050 t_dst->ia6t_vltime = t_src->ia6ti_vltime;
3051 t_dst->ia6t_pltime = t_src->ia6ti_pltime;
3052 t_dst->ia6t_expire = 0;
3053 t_dst->ia6t_preferred = 0;
3054
3055 /* account for system time change */
3056 getmicrotime(&caltime);
3057 t_src->ia6ti_base_calendartime +=
3058 NET_CALCULATE_CLOCKSKEW(caltime,
3059 t_src->ia6ti_base_calendartime, net_uptime(),
3060 t_src->ia6ti_base_uptime);
3061
3062 if (iscalendar) {
3063 if (t_src->ia6ti_expire != 0 &&
3064 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3065 t_dst->ia6t_expire = t_src->ia6ti_base_calendartime +
3066 t_src->ia6ti_expire - t_src->ia6ti_base_uptime;
3067 }
3068
3069 if (t_src->ia6ti_preferred != 0 &&
3070 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3071 t_dst->ia6t_preferred = t_src->ia6ti_base_calendartime +
3072 t_src->ia6ti_preferred - t_src->ia6ti_base_uptime;
3073 }
3074 } else {
3075 if (t_src->ia6ti_expire != 0 &&
3076 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
3077 t_dst->ia6t_expire = t_src->ia6ti_expire;
3078 }
3079
3080 if (t_src->ia6ti_preferred != 0 &&
3081 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
3082 t_dst->ia6t_preferred = t_src->ia6ti_preferred;
3083 }
3084 }
3085 }
3086
3087 void
3088 in6ifa_setlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_src)
3089 {
3090 struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime;
3091 struct timeval caltime;
3092
3093 /* account for system time change */
3094 getmicrotime(&caltime);
3095 t_dst->ia6ti_base_calendartime +=
3096 NET_CALCULATE_CLOCKSKEW(caltime,
3097 t_dst->ia6ti_base_calendartime, net_uptime(),
3098 t_dst->ia6ti_base_uptime);
3099
3100 /* trust the caller for the values */
3101 t_dst->ia6ti_expire = t_src->ia6t_expire;
3102 t_dst->ia6ti_preferred = t_src->ia6t_preferred;
3103 t_dst->ia6ti_vltime = t_src->ia6t_vltime;
3104 t_dst->ia6ti_pltime = t_src->ia6t_pltime;
3105 }
3106
3107 /*
3108 * Convert IP6 address to printable (loggable) representation.
3109 */
3110 char *
3111 ip6_sprintf(const struct in6_addr *addr)
3112 {
3113 static const char digits[] = "0123456789abcdef";
3114 static int ip6round = 0;
3115 static char ip6buf[8][48];
3116
3117 int i;
3118 char *cp;
3119 const u_short *a = (const u_short *)addr;
3120 const u_char *d;
3121 u_char n;
3122 int dcolon = 0;
3123 int zpad = 0;
3124
3125 ip6round = (ip6round + 1) & 7;
3126 cp = ip6buf[ip6round];
3127
3128 for (i = 0; i < 8; i++) {
3129 if (dcolon == 1) {
3130 if (*a == 0) {
3131 if (i == 7) {
3132 *cp++ = ':';
3133 }
3134 a++;
3135 continue;
3136 } else {
3137 dcolon = 2;
3138 }
3139 }
3140 if (*a == 0) {
3141 if (dcolon == 0 && *(a + 1) == 0) {
3142 if (i == 0) {
3143 *cp++ = ':';
3144 }
3145 *cp++ = ':';
3146 dcolon = 1;
3147 } else {
3148 *cp++ = '0';
3149 *cp++ = ':';
3150 }
3151 a++;
3152 continue;
3153 }
3154 d = (const u_char *)a;
3155 zpad = 0;
3156 if ((n = *d >> 4) != 0) {
3157 *cp++ = digits[n];
3158 zpad = 1;
3159 }
3160 if ((n = *d++ & 0xf) != 0 || zpad) {
3161 *cp++ = digits[n];
3162 zpad = 1;
3163 }
3164 if ((n = *d >> 4) != 0 || zpad) {
3165 *cp++ = digits[n];
3166 zpad = 1;
3167 }
3168 if ((n = *d & 0xf) != 0 || zpad) {
3169 *cp++ = digits[n];
3170 }
3171 *cp++ = ':';
3172 a++;
3173 }
3174 *--cp = 0;
3175 return ip6buf[ip6round];
3176 }
3177
3178 int
3179 in6addr_local(struct in6_addr *in6)
3180 {
3181 struct rtentry *rt;
3182 struct sockaddr_in6 sin6;
3183 int local = 0;
3184
3185 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_SCOPE_LINKLOCAL(in6)) {
3186 return 1;
3187 }
3188
3189 sin6.sin6_family = AF_INET6;
3190 sin6.sin6_len = sizeof(sin6);
3191 bcopy(in6, &sin6.sin6_addr, sizeof(*in6));
3192 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
3193
3194 if (rt != NULL) {
3195 RT_LOCK_SPIN(rt);
3196 if (rt->rt_gateway->sa_family == AF_LINK) {
3197 local = 1;
3198 }
3199 RT_UNLOCK(rt);
3200 rtfree(rt);
3201 } else {
3202 local = in6_localaddr(in6);
3203 }
3204 return local;
3205 }
3206
3207 int
3208 in6_localaddr(struct in6_addr *in6)
3209 {
3210 struct in6_ifaddr *ia;
3211
3212 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_MC_UNICAST_BASED_LINKLOCAL(in6)) {
3213 return 1;
3214 }
3215
3216 lck_rw_lock_shared(&in6_ifaddr_rwlock);
3217 TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
3218 IFA_LOCK_SPIN(&ia->ia_ifa);
3219 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
3220 &ia->ia_prefixmask.sin6_addr)) {
3221 IFA_UNLOCK(&ia->ia_ifa);
3222 lck_rw_done(&in6_ifaddr_rwlock);
3223 return 1;
3224 }
3225 IFA_UNLOCK(&ia->ia_ifa);
3226 }
3227 lck_rw_done(&in6_ifaddr_rwlock);
3228 return 0;
3229 }
3230
3231 /*
3232 * return length of part which dst and src are equal
3233 * hard coding...
3234 */
3235 int
3236 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
3237 {
3238 int match = 0;
3239 u_char *s = (u_char *)src, *d = (u_char *)dst;
3240 u_char *lim = s + 16, r;
3241
3242 while (s < lim) {
3243 if ((r = (*d++ ^ *s++)) != 0) {
3244 while (r < 128) {
3245 match++;
3246 r <<= 1;
3247 }
3248 break;
3249 } else {
3250 match += 8;
3251 }
3252 }
3253 return match;
3254 }
3255
3256 /* XXX: to be scope conscious */
3257 int
3258 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len)
3259 {
3260 int bytelen, bitlen;
3261
3262 /* sanity check */
3263 if (0 > len || len > 128) {
3264 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3265 return 0;
3266 }
3267
3268 bytelen = len / 8;
3269 bitlen = len % 8;
3270
3271 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) {
3272 return 0;
3273 }
3274 if (bitlen != 0 &&
3275 p1->s6_addr[bytelen] >> (8 - bitlen) !=
3276 p2->s6_addr[bytelen] >> (8 - bitlen)) {
3277 return 0;
3278 }
3279
3280 return 1;
3281 }
3282
3283 void
3284 in6_prefixlen2mask(struct in6_addr *maskp, int len)
3285 {
3286 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
3287 int bytelen, bitlen, i;
3288
3289 /* sanity check */
3290 if (0 > len || len > 128) {
3291 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3292 return;
3293 }
3294
3295 bzero(maskp, sizeof(*maskp));
3296 bytelen = len / 8;
3297 bitlen = len % 8;
3298 for (i = 0; i < bytelen; i++) {
3299 maskp->s6_addr[i] = 0xff;
3300 }
3301 if (bitlen) {
3302 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
3303 }
3304 }
3305
3306 /*
3307 * return the best address out of the same scope
3308 */
3309 struct in6_ifaddr *
3310 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst)
3311 {
3312 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
3313 int blen = -1;
3314 struct ifaddr *ifa;
3315 struct ifnet *ifp;
3316 struct in6_ifaddr *ifa_best = NULL;
3317
3318 if (oifp == NULL) {
3319 return NULL;
3320 }
3321
3322 /*
3323 * We search for all addresses on all interfaces from the beginning.
3324 * Comparing an interface with the outgoing interface will be done
3325 * only at the final stage of tiebreaking.
3326 */
3327 ifnet_head_lock_shared();
3328 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3329 /*
3330 * We can never take an address that breaks the scope zone
3331 * of the destination.
3332 */
3333 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) {
3334 continue;
3335 }
3336
3337 ifnet_lock_shared(ifp);
3338 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3339 int tlen = -1, dscopecmp, bscopecmp, matchcmp;
3340
3341 IFA_LOCK(ifa);
3342 if (ifa->ifa_addr->sa_family != AF_INET6) {
3343 IFA_UNLOCK(ifa);
3344 continue;
3345 }
3346 src_scope = in6_addrscope(IFA_IN6(ifa));
3347
3348 /*
3349 * Don't use an address before completing DAD
3350 * nor a duplicated address.
3351 */
3352 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3353 (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3354 IFA_UNLOCK(ifa);
3355 continue;
3356 }
3357 /* XXX: is there any case to allow anycasts? */
3358 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3359 IN6_IFF_ANYCAST) {
3360 IFA_UNLOCK(ifa);
3361 continue;
3362 }
3363 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3364 IN6_IFF_DETACHED) {
3365 IFA_UNLOCK(ifa);
3366 continue;
3367 }
3368 /*
3369 * If this is the first address we find,
3370 * keep it anyway.
3371 */
3372 if (ifa_best == NULL) {
3373 goto replace;
3374 }
3375
3376 /*
3377 * ifa_best is never NULL beyond this line except
3378 * within the block labeled "replace".
3379 */
3380
3381 /*
3382 * If ifa_best has a smaller scope than dst and
3383 * the current address has a larger one than
3384 * (or equal to) dst, always replace ifa_best.
3385 * Also, if the current address has a smaller scope
3386 * than dst, ignore it unless ifa_best also has a
3387 * smaller scope.
3388 * Consequently, after the two if-clause below,
3389 * the followings must be satisfied:
3390 * (scope(src) < scope(dst) &&
3391 * scope(best) < scope(dst))
3392 * OR
3393 * (scope(best) >= scope(dst) &&
3394 * scope(src) >= scope(dst))
3395 */
3396 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 &&
3397 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) {
3398 goto replace; /* (A) */
3399 }
3400 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 &&
3401 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) {
3402 IFA_UNLOCK(ifa);
3403 continue; /* (B) */
3404 }
3405 /*
3406 * A deprecated address SHOULD NOT be used in new
3407 * communications if an alternate (non-deprecated)
3408 * address is available and has sufficient scope.
3409 * RFC 4862, Section 5.5.4.
3410 */
3411 if (((struct in6_ifaddr *)ifa)->ia6_flags &
3412 IN6_IFF_DEPRECATED) {
3413 /*
3414 * Ignore any deprecated addresses if
3415 * specified by configuration.
3416 */
3417 if (!ip6_use_deprecated) {
3418 IFA_UNLOCK(ifa);
3419 continue;
3420 }
3421 /*
3422 * If we have already found a non-deprecated
3423 * candidate, just ignore deprecated addresses.
3424 */
3425 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
3426 == 0) {
3427 IFA_UNLOCK(ifa);
3428 continue;
3429 }
3430 }
3431
3432 /*
3433 * A non-deprecated address is always preferred
3434 * to a deprecated one regardless of scopes and
3435 * address matching (Note invariants ensured by the
3436 * conditions (A) and (B) above.)
3437 */
3438 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
3439 (((struct in6_ifaddr *)ifa)->ia6_flags &
3440 IN6_IFF_DEPRECATED) == 0) {
3441 goto replace;
3442 }
3443
3444 /*
3445 * When we use temporary addresses described in
3446 * RFC 4941, we prefer temporary addresses to
3447 * public autoconf addresses. Again, note the
3448 * invariants from (A) and (B). Also note that we
3449 * don't have any preference between static addresses
3450 * and autoconf addresses (despite of whether or not
3451 * the latter is temporary or public.)
3452 */
3453 if (ip6_use_tempaddr) {
3454 struct in6_ifaddr *ifat;
3455
3456 ifat = (struct in6_ifaddr *)ifa;
3457 if ((ifa_best->ia6_flags &
3458 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3459 == IN6_IFF_AUTOCONF &&
3460 (ifat->ia6_flags &
3461 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3462 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY)) {
3463 goto replace;
3464 }
3465 if ((ifa_best->ia6_flags &
3466 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3467 == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY) &&
3468 (ifat->ia6_flags &
3469 (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
3470 == IN6_IFF_AUTOCONF) {
3471 IFA_UNLOCK(ifa);
3472 continue;
3473 }
3474 }
3475
3476 /*
3477 * At this point, we have two cases:
3478 * 1. we are looking at a non-deprecated address,
3479 * and ifa_best is also non-deprecated.
3480 * 2. we are looking at a deprecated address,
3481 * and ifa_best is also deprecated.
3482 * Also, we do not have to consider a case where
3483 * the scope of if_best is larger(smaller) than dst and
3484 * the scope of the current address is smaller(larger)
3485 * than dst. Such a case has already been covered.
3486 * Tiebreaking is done according to the following
3487 * items:
3488 * - the scope comparison between the address and
3489 * dst (dscopecmp)
3490 * - the scope comparison between the address and
3491 * ifa_best (bscopecmp)
3492 * - if the address match dst longer than ifa_best
3493 * (matchcmp)
3494 * - if the address is on the outgoing I/F (outI/F)
3495 *
3496 * Roughly speaking, the selection policy is
3497 * - the most important item is scope. The same scope
3498 * is best. Then search for a larger scope.
3499 * Smaller scopes are the last resort.
3500 * - A deprecated address is chosen only when we have
3501 * no address that has an enough scope, but is
3502 * prefered to any addresses of smaller scopes
3503 * (this must be already done above.)
3504 * - addresses on the outgoing I/F are preferred to
3505 * ones on other interfaces if none of above
3506 * tiebreaks. In the table below, the column "bI"
3507 * means if the best_ifa is on the outgoing
3508 * interface, and the column "sI" means if the ifa
3509 * is on the outgoing interface.
3510 * - If there is no other reasons to choose one,
3511 * longest address match against dst is considered.
3512 *
3513 * The precise decision table is as follows:
3514 * dscopecmp bscopecmp match bI oI | replace?
3515 * N/A equal N/A Y N | No (1)
3516 * N/A equal N/A N Y | Yes (2)
3517 * N/A equal larger N/A | Yes (3)
3518 * N/A equal !larger N/A | No (4)
3519 * larger larger N/A N/A | No (5)
3520 * larger smaller N/A N/A | Yes (6)
3521 * smaller larger N/A N/A | Yes (7)
3522 * smaller smaller N/A N/A | No (8)
3523 * equal smaller N/A N/A | Yes (9)
3524 * equal larger (already done at A above)
3525 */
3526 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
3527 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
3528
3529 if (bscopecmp == 0) {
3530 struct ifnet *bifp = ifa_best->ia_ifp;
3531
3532 if (bifp == oifp && ifp != oifp) { /* (1) */
3533 IFA_UNLOCK(ifa);
3534 continue;
3535 }
3536 if (bifp != oifp && ifp == oifp) { /* (2) */
3537 goto replace;
3538 }
3539
3540 /*
3541 * Both bifp and ifp are on the outgoing
3542 * interface, or both two are on a different
3543 * interface from the outgoing I/F.
3544 * now we need address matching against dst
3545 * for tiebreaking.
3546 */
3547 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3548 matchcmp = tlen - blen;
3549 if (matchcmp > 0) { /* (3) */
3550 goto replace;
3551 }
3552 IFA_UNLOCK(ifa);
3553 continue; /* (4) */
3554 }
3555 if (dscopecmp > 0) {
3556 if (bscopecmp > 0) { /* (5) */
3557 IFA_UNLOCK(ifa);
3558 continue;
3559 }
3560 goto replace; /* (6) */
3561 }
3562 if (dscopecmp < 0) {
3563 if (bscopecmp > 0) { /* (7) */
3564 goto replace;
3565 }
3566 IFA_UNLOCK(ifa);
3567 continue; /* (8) */
3568 }
3569
3570 /* now dscopecmp must be 0 */
3571 if (bscopecmp < 0) {
3572 goto replace; /* (9) */
3573 }
3574 replace:
3575 IFA_ADDREF_LOCKED(ifa); /* for ifa_best */
3576 blen = tlen >= 0 ? tlen :
3577 in6_matchlen(IFA_IN6(ifa), dst);
3578 best_scope =
3579 in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr);
3580 IFA_UNLOCK(ifa);
3581 if (ifa_best) {
3582 IFA_REMREF(&ifa_best->ia_ifa);
3583 }
3584 ifa_best = (struct in6_ifaddr *)ifa;
3585 }
3586 ifnet_lock_done(ifp);
3587 }
3588 ifnet_head_done();
3589
3590 /* count statistics for future improvements */
3591 if (ifa_best == NULL) {
3592 ip6stat.ip6s_sources_none++;
3593 } else {
3594 IFA_LOCK_SPIN(&ifa_best->ia_ifa);
3595 if (oifp == ifa_best->ia_ifp) {
3596 ip6stat.ip6s_sources_sameif[best_scope]++;
3597 } else {
3598 ip6stat.ip6s_sources_otherif[best_scope]++;
3599 }
3600
3601 if (best_scope == dst_scope) {
3602 ip6stat.ip6s_sources_samescope[best_scope]++;
3603 } else {
3604 ip6stat.ip6s_sources_otherscope[best_scope]++;
3605 }
3606
3607 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
3608 ip6stat.ip6s_sources_deprecated[best_scope]++;
3609 }
3610 IFA_UNLOCK(&ifa_best->ia_ifa);
3611 }
3612
3613 return ifa_best;
3614 }
3615
3616 /*
3617 * return the best address out of the same scope. if no address was
3618 * found, return the first valid address from designated IF.
3619 */
3620 struct in6_ifaddr *
3621 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
3622 {
3623 int dst_scope = in6_addrscope(dst), blen = -1, tlen;
3624 struct ifaddr *ifa;
3625 struct in6_ifaddr *besta = NULL;
3626 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
3627
3628 dep[0] = dep[1] = NULL;
3629
3630 /*
3631 * We first look for addresses in the same scope.
3632 * If there is one, return it.
3633 * If two or more, return one which matches the dst longest.
3634 * If none, return one of global addresses assigned other ifs.
3635 */
3636 ifnet_lock_shared(ifp);
3637 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3638 IFA_LOCK(ifa);
3639 if (ifa->ifa_addr->sa_family != AF_INET6) {
3640 IFA_UNLOCK(ifa);
3641 continue;
3642 }
3643 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3644 IFA_UNLOCK(ifa);
3645 continue; /* XXX: is there any case to allow anycast? */
3646 }
3647 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3648 IFA_UNLOCK(ifa);
3649 continue; /* don't use this interface */
3650 }
3651 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3652 IFA_UNLOCK(ifa);
3653 continue;
3654 }
3655 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3656 if (ip6_use_deprecated) {
3657 IFA_ADDREF_LOCKED(ifa); /* for dep[0] */
3658 IFA_UNLOCK(ifa);
3659 if (dep[0] != NULL) {
3660 IFA_REMREF(&dep[0]->ia_ifa);
3661 }
3662 dep[0] = (struct in6_ifaddr *)ifa;
3663 } else {
3664 IFA_UNLOCK(ifa);
3665 }
3666 continue;
3667 }
3668
3669 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
3670 /*
3671 * call in6_matchlen() as few as possible
3672 */
3673 if (besta) {
3674 if (blen == -1) {
3675 IFA_UNLOCK(ifa);
3676 IFA_LOCK(&besta->ia_ifa);
3677 blen = in6_matchlen(
3678 &besta->ia_addr.sin6_addr, dst);
3679 IFA_UNLOCK(&besta->ia_ifa);
3680 IFA_LOCK(ifa);
3681 }
3682 tlen = in6_matchlen(IFA_IN6(ifa), dst);
3683 if (tlen > blen) {
3684 blen = tlen;
3685 IFA_ADDREF_LOCKED(ifa); /* for besta */
3686 IFA_UNLOCK(ifa);
3687 IFA_REMREF(&besta->ia_ifa);
3688 besta = (struct in6_ifaddr *)ifa;
3689 } else {
3690 IFA_UNLOCK(ifa);
3691 }
3692 } else {
3693 besta = (struct in6_ifaddr *)ifa;
3694 IFA_ADDREF_LOCKED(ifa); /* for besta */
3695 IFA_UNLOCK(ifa);
3696 }
3697 } else {
3698 IFA_UNLOCK(ifa);
3699 }
3700 }
3701 if (besta) {
3702 ifnet_lock_done(ifp);
3703 if (dep[0] != NULL) {
3704 IFA_REMREF(&dep[0]->ia_ifa);
3705 }
3706 return besta;
3707 }
3708
3709 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3710 IFA_LOCK(ifa);
3711 if (ifa->ifa_addr->sa_family != AF_INET6) {
3712 IFA_UNLOCK(ifa);
3713 continue;
3714 }
3715 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3716 IFA_UNLOCK(ifa);
3717 continue; /* XXX: is there any case to allow anycast? */
3718 }
3719 if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
3720 IFA_UNLOCK(ifa);
3721 continue; /* don't use this interface */
3722 }
3723 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3724 IFA_UNLOCK(ifa);
3725 continue;
3726 }
3727 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3728 if (ip6_use_deprecated) {
3729 IFA_ADDREF_LOCKED(ifa); /* for dep[1] */
3730 IFA_UNLOCK(ifa);
3731 if (dep[1] != NULL) {
3732 IFA_REMREF(&dep[1]->ia_ifa);
3733 }
3734 dep[1] = (struct in6_ifaddr *)ifa;
3735 } else {
3736 IFA_UNLOCK(ifa);
3737 }
3738 continue;
3739 }
3740 IFA_ADDREF_LOCKED(ifa); /* for caller */
3741 IFA_UNLOCK(ifa);
3742 ifnet_lock_done(ifp);
3743 if (dep[0] != NULL) {
3744 IFA_REMREF(&dep[0]->ia_ifa);
3745 }
3746 if (dep[1] != NULL) {
3747 IFA_REMREF(&dep[1]->ia_ifa);
3748 }
3749 return (struct in6_ifaddr *)ifa;
3750 }
3751 ifnet_lock_done(ifp);
3752
3753 /* use the last-resort values, that are, deprecated addresses */
3754 if (dep[0]) {
3755 if (dep[1] != NULL) {
3756 IFA_REMREF(&dep[1]->ia_ifa);
3757 }
3758 return dep[0];
3759 }
3760 if (dep[1]) {
3761 return dep[1];
3762 }
3763
3764 return NULL;
3765 }
3766
3767 /*
3768 * perform DAD when interface becomes IFF_UP.
3769 */
3770 static void
3771 in6_if_up_dad_start(struct ifnet *ifp)
3772 {
3773 struct ifaddr *ifa;
3774 struct nd_ifinfo *ndi = NULL;
3775
3776 ndi = ND_IFINFO(ifp);
3777 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3778 if (!(ndi->flags & ND6_IFF_DAD)) {
3779 return;
3780 }
3781
3782 /* start DAD on all the interface addresses */
3783 ifnet_lock_exclusive(ifp);
3784 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3785 struct in6_ifaddr *ia6;
3786
3787 IFA_LOCK_SPIN(ifa);
3788 if (ifa->ifa_addr->sa_family != AF_INET6) {
3789 IFA_UNLOCK(ifa);
3790 continue;
3791 }
3792 ia6 = (struct in6_ifaddr *)ifa;
3793 if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) {
3794 int delay = 0; /* delay ticks before DAD output */
3795 IFA_UNLOCK(ifa);
3796 nd6_dad_start(ifa, &delay);
3797 } else {
3798 IFA_UNLOCK(ifa);
3799 }
3800 }
3801 ifnet_lock_done(ifp);
3802 }
3803
3804 int
3805 in6if_do_dad(
3806 struct ifnet *ifp)
3807 {
3808 struct nd_ifinfo *ndi = NULL;
3809
3810 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
3811 return 0;
3812 }
3813
3814 ndi = ND_IFINFO(ifp);
3815 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3816 if (!(ndi->flags & ND6_IFF_DAD)) {
3817 return 0;
3818 }
3819
3820 /*
3821 * If we are using the alternative neighbor discovery
3822 * interface on this interface, then skip DAD.
3823 *
3824 * Also, skip it for interfaces marked "local private"
3825 * for now, even when not marked as using the alternative
3826 * interface. This is for historical reasons.
3827 */
3828 if (ifp->if_eflags &
3829 (IFEF_IPV6_ND6ALT | IFEF_LOCALNET_PRIVATE | IFEF_DIRECTLINK)) {
3830 return 0;
3831 }
3832
3833 if (ifp->if_family == IFNET_FAMILY_IPSEC ||
3834 ifp->if_family == IFNET_FAMILY_UTUN) {
3835 /*
3836 * Ignore DAD for tunneling virtual interfaces, which get
3837 * their IPv6 address explicitly assigned.
3838 */
3839 return 0;
3840 }
3841
3842 switch (ifp->if_type) {
3843 #if IFT_DUMMY
3844 case IFT_DUMMY:
3845 #endif
3846 case IFT_FAITH:
3847 /*
3848 * These interfaces do not have the IFF_LOOPBACK flag,
3849 * but loop packets back. We do not have to do DAD on such
3850 * interfaces. We should even omit it, because loop-backed
3851 * NS would confuse the DAD procedure.
3852 */
3853 return 0;
3854 default:
3855 /*
3856 * Our DAD routine requires the interface up and running.
3857 * However, some interfaces can be up before the RUNNING
3858 * status. Additionaly, users may try to assign addresses
3859 * before the interface becomes up (or running).
3860 * We simply skip DAD in such a case as a work around.
3861 * XXX: we should rather mark "tentative" on such addresses,
3862 * and do DAD after the interface becomes ready.
3863 */
3864 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) !=
3865 (IFF_UP | IFF_RUNNING)) {
3866 return 0;
3867 }
3868
3869 return 1;
3870 }
3871 }
3872
3873 /*
3874 * Calculate max IPv6 MTU through all the interfaces and store it
3875 * to in6_maxmtu.
3876 */
3877 void
3878 in6_setmaxmtu(void)
3879 {
3880 u_int32_t maxmtu = 0;
3881 struct ifnet *ifp;
3882
3883 ifnet_head_lock_shared();
3884 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3885 struct nd_ifinfo *ndi = NULL;
3886
3887 if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized) {
3888 ndi = NULL;
3889 }
3890 if (ndi != NULL) {
3891 lck_mtx_lock(&ndi->lock);
3892 }
3893 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
3894 IN6_LINKMTU(ifp) > maxmtu) {
3895 maxmtu = IN6_LINKMTU(ifp);
3896 }
3897 if (ndi != NULL) {
3898 lck_mtx_unlock(&ndi->lock);
3899 }
3900 }
3901 ifnet_head_done();
3902 if (maxmtu) { /* update only when maxmtu is positive */
3903 in6_maxmtu = maxmtu;
3904 }
3905 }
3906 /*
3907 * Provide the length of interface identifiers to be used for the link attached
3908 * to the given interface. The length should be defined in "IPv6 over
3909 * xxx-link" document. Note that address architecture might also define
3910 * the length for a particular set of address prefixes, regardless of the
3911 * link type. Also see RFC 4862 for additional background.
3912 */
3913 int
3914 in6_if2idlen(struct ifnet *ifp)
3915 {
3916 switch (ifp->if_type) {
3917 case IFT_ETHER: /* RFC2464 */
3918 case IFT_IEEE8023ADLAG: /* IEEE802.3ad Link Aggregate */
3919 #ifdef IFT_PROPVIRTUAL
3920 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */
3921 #endif
3922 #ifdef IFT_L2VLAN
3923 case IFT_L2VLAN: /* ditto */
3924 #endif
3925 #ifdef IFT_IEEE80211
3926 case IFT_IEEE80211: /* ditto */
3927 #endif
3928 #ifdef IFT_MIP
3929 case IFT_MIP: /* ditto */
3930 #endif
3931 return 64;
3932 case IFT_FDDI: /* RFC2467 */
3933 return 64;
3934 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */
3935 return 64;
3936 case IFT_PPP: /* RFC2472 */
3937 return 64;
3938 case IFT_ARCNET: /* RFC2497 */
3939 return 64;
3940 case IFT_FRELAY: /* RFC2590 */
3941 return 64;
3942 case IFT_IEEE1394: /* RFC3146 */
3943 return 64;
3944 case IFT_GIF:
3945 return 64; /* draft-ietf-v6ops-mech-v2-07 */
3946 case IFT_LOOP:
3947 return 64; /* XXX: is this really correct? */
3948 case IFT_OTHER:
3949 return 64; /* for utun interfaces */
3950 case IFT_CELLULAR:
3951 return 64; /* Packet Data over Cellular */
3952 case IFT_BRIDGE:
3953 return 64; /* Transparent bridge interface */
3954 case IFT_6LOWPAN:
3955 return 64; /* 6LoWPAN */
3956 default:
3957 /*
3958 * Unknown link type:
3959 * It might be controversial to use the today's common constant
3960 * of 64 for these cases unconditionally. For full compliance,
3961 * we should return an error in this case. On the other hand,
3962 * if we simply miss the standard for the link type or a new
3963 * standard is defined for a new link type, the IFID length
3964 * is very likely to be the common constant. As a compromise,
3965 * we always use the constant, but make an explicit notice
3966 * indicating the "unknown" case.
3967 */
3968 log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__,
3969 ifp->if_type);
3970 return 64;
3971 }
3972 }
3973 /*
3974 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
3975 * v4 mapped addr or v4 compat addr
3976 */
3977 void
3978 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
3979 {
3980 bzero(sin, sizeof(*sin));
3981 sin->sin_len = sizeof(struct sockaddr_in);
3982 sin->sin_family = AF_INET;
3983 sin->sin_port = sin6->sin6_port;
3984 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
3985 }
3986
3987 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
3988 void
3989 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
3990 {
3991 bzero(sin6, sizeof(*sin6));
3992 sin6->sin6_len = sizeof(struct sockaddr_in6);
3993 sin6->sin6_family = AF_INET6;
3994 sin6->sin6_port = sin->sin_port;
3995 sin6->sin6_addr.s6_addr32[0] = 0;
3996 sin6->sin6_addr.s6_addr32[1] = 0;
3997 if (sin->sin_addr.s_addr) {
3998 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
3999 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
4000 } else {
4001 sin6->sin6_addr.s6_addr32[2] = 0;
4002 sin6->sin6_addr.s6_addr32[3] = 0;
4003 }
4004 }
4005
4006 /* Convert sockaddr_in6 into sockaddr_in. */
4007 void
4008 in6_sin6_2_sin_in_sock(struct sockaddr *nam)
4009 {
4010 struct sockaddr_in *sin_p;
4011 struct sockaddr_in6 sin6;
4012
4013 /*
4014 * Save original sockaddr_in6 addr and convert it
4015 * to sockaddr_in.
4016 */
4017 sin6 = *(struct sockaddr_in6 *)(void *)nam;
4018 sin_p = (struct sockaddr_in *)(void *)nam;
4019 in6_sin6_2_sin(sin_p, &sin6);
4020 }
4021
4022 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
4023 int
4024 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
4025 {
4026 struct sockaddr_in *sin_p;
4027 struct sockaddr_in6 *sin6_p;
4028
4029 MALLOC(sin6_p, struct sockaddr_in6 *, sizeof(*sin6_p), M_SONAME,
4030 M_WAITOK);
4031 if (sin6_p == NULL) {
4032 return ENOBUFS;
4033 }
4034 sin_p = (struct sockaddr_in *)(void *)*nam;
4035 in6_sin_2_v4mapsin6(sin_p, sin6_p);
4036 FREE(*nam, M_SONAME);
4037 *nam = (struct sockaddr *)sin6_p;
4038
4039 return 0;
4040 }
4041
4042 /*
4043 * Posts in6_event_data message kernel events.
4044 *
4045 * To get the same size of kev_in6_data between ILP32 and LP64 data models
4046 * we are using a special version of the in6_addrlifetime structure that
4047 * uses only 32 bits fields to be compatible with Leopard, and that
4048 * are large enough to span 68 years.
4049 */
4050 void
4051 in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa,
4052 uint8_t *mac)
4053 {
4054 struct kev_msg ev_msg;
4055 struct kev_in6_data in6_event_data;
4056 struct in6_addrlifetime ia6_lt;
4057
4058 bzero(&in6_event_data, sizeof(struct kev_in6_data));
4059 bzero(&ev_msg, sizeof(struct kev_msg));
4060 ev_msg.vendor_code = KEV_VENDOR_APPLE;
4061 ev_msg.kev_class = KEV_NETWORK_CLASS;
4062 ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
4063 ev_msg.event_code = event_code;
4064
4065 if (ifa) {
4066 IFA_LOCK(&ifa->ia_ifa);
4067 in6_event_data.ia_addr = ifa->ia_addr;
4068 in6_event_data.ia_net = ifa->ia_net;
4069 in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
4070 in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
4071 in6_event_data.ia_plen = ifa->ia_plen;
4072 in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
4073
4074 /* retrieve time as calendar time (last arg is 1) */
4075 in6ifa_getlifetime(ifa, &ia6_lt, 1);
4076 in6_event_data.ia_lifetime.ia6t_expire = (u_int32_t)ia6_lt.ia6t_expire;
4077 in6_event_data.ia_lifetime.ia6t_preferred = (u_int32_t)ia6_lt.ia6t_preferred;
4078 in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime;
4079 in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime;
4080 IFA_UNLOCK(&ifa->ia_ifa);
4081 }
4082
4083 if (ifp != NULL) {
4084 (void) strlcpy(&in6_event_data.link_data.if_name[0],
4085 ifp->if_name, IFNAMSIZ);
4086 in6_event_data.link_data.if_family = ifp->if_family;
4087 in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
4088 }
4089
4090 if (mac != NULL) {
4091 memcpy(&in6_event_data.ia_mac, mac,
4092 sizeof(in6_event_data.ia_mac));
4093 }
4094
4095 ev_msg.dv[0].data_ptr = &in6_event_data;
4096 ev_msg.dv[0].data_length = sizeof(in6_event_data);
4097 ev_msg.dv[1].data_length = 0;
4098
4099 dlil_post_complete_msg(NULL, &ev_msg);
4100 }
4101
4102 /*
4103 * Called as part of ip6_init
4104 */
4105 void
4106 in6_ifaddr_init(void)
4107 {
4108 in6_cga_init();
4109 in6_multi_init();
4110
4111 PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof(in6ifa_debug));
4112
4113 vm_size_t in6ifa_size = (in6ifa_debug == 0) ? sizeof(struct in6_ifaddr) :
4114 sizeof(struct in6_ifaddr_dbg);
4115
4116 in6ifa_zone = zone_create(IN6IFA_ZONE_NAME, in6ifa_size, ZC_ZFREE_CLEARMEM);
4117
4118 lck_mtx_init(&in6ifa_trash_lock, ifa_mtx_grp, ifa_mtx_attr);
4119 TAILQ_INIT(&in6ifa_trash_head);
4120 }
4121
4122 static struct in6_ifaddr *
4123 in6_ifaddr_alloc(zalloc_flags_t how)
4124 {
4125 struct in6_ifaddr *in6ifa;
4126
4127 in6ifa = zalloc_flags(in6ifa_zone, how | Z_ZERO);
4128 if (in6ifa != NULL) {
4129 in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
4130 in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC;
4131 in6ifa->ia_ifa.ifa_del_wc = &in6ifa->ia_ifa.ifa_debug;
4132 in6ifa->ia_ifa.ifa_del_waiters = 0;
4133 ifa_lock_init(&in6ifa->ia_ifa);
4134 if (in6ifa_debug != 0) {
4135 struct in6_ifaddr_dbg *in6ifa_dbg =
4136 (struct in6_ifaddr_dbg *)in6ifa;
4137 in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG;
4138 in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
4139 in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached;
4140 in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached;
4141 ctrace_record(&in6ifa_dbg->in6ifa_alloc);
4142 }
4143 }
4144
4145 return in6ifa;
4146 }
4147
4148 static void
4149 in6_ifaddr_free(struct ifaddr *ifa)
4150 {
4151 IFA_LOCK_ASSERT_HELD(ifa);
4152
4153 if (ifa->ifa_refcnt != 0) {
4154 panic("%s: ifa %p bad ref cnt", __func__, ifa);
4155 /* NOTREACHED */
4156 } else if (!(ifa->ifa_debug & IFD_ALLOC)) {
4157 panic("%s: ifa %p cannot be freed", __func__, ifa);
4158 /* NOTREACHED */
4159 }
4160 if (ifa->ifa_debug & IFD_DEBUG) {
4161 struct in6_ifaddr_dbg *in6ifa_dbg =
4162 (struct in6_ifaddr_dbg *)ifa;
4163 ctrace_record(&in6ifa_dbg->in6ifa_free);
4164 bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
4165 sizeof(struct in6_ifaddr));
4166 if (ifa->ifa_debug & IFD_TRASHED) {
4167 /* Become a regular mutex, just in case */
4168 IFA_CONVERT_LOCK(ifa);
4169 lck_mtx_lock(&in6ifa_trash_lock);
4170 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg,
4171 in6ifa_trash_link);
4172 lck_mtx_unlock(&in6ifa_trash_lock);
4173 ifa->ifa_debug &= ~IFD_TRASHED;
4174 }
4175 }
4176 IFA_UNLOCK(ifa);
4177 ifa_lock_destroy(ifa);
4178 bzero(ifa, sizeof(struct in6_ifaddr));
4179 zfree(in6ifa_zone, ifa);
4180 }
4181
4182 static void
4183 in6_ifaddr_attached(struct ifaddr *ifa)
4184 {
4185 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4186
4187 IFA_LOCK_ASSERT_HELD(ifa);
4188
4189 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4190 panic("%s: ifa %p has no debug structure", __func__, ifa);
4191 /* NOTREACHED */
4192 }
4193 if (ifa->ifa_debug & IFD_TRASHED) {
4194 /* Become a regular mutex, just in case */
4195 IFA_CONVERT_LOCK(ifa);
4196 lck_mtx_lock(&in6ifa_trash_lock);
4197 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4198 lck_mtx_unlock(&in6ifa_trash_lock);
4199 ifa->ifa_debug &= ~IFD_TRASHED;
4200 }
4201 }
4202
4203 static void
4204 in6_ifaddr_detached(struct ifaddr *ifa)
4205 {
4206 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4207
4208 IFA_LOCK_ASSERT_HELD(ifa);
4209
4210 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4211 panic("%s: ifa %p has no debug structure", __func__, ifa);
4212 /* NOTREACHED */
4213 } else if (ifa->ifa_debug & IFD_TRASHED) {
4214 panic("%s: ifa %p is already in trash list", __func__, ifa);
4215 /* NOTREACHED */
4216 }
4217 ifa->ifa_debug |= IFD_TRASHED;
4218 /* Become a regular mutex, just in case */
4219 IFA_CONVERT_LOCK(ifa);
4220 lck_mtx_lock(&in6ifa_trash_lock);
4221 TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
4222 lck_mtx_unlock(&in6ifa_trash_lock);
4223 }
4224
4225 static void
4226 in6_ifaddr_trace(struct ifaddr *ifa, int refhold)
4227 {
4228 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
4229 ctrace_t *tr;
4230 u_int32_t idx;
4231 u_int16_t *cnt;
4232
4233 if (!(ifa->ifa_debug & IFD_DEBUG)) {
4234 panic("%s: ifa %p has no debug structure", __func__, ifa);
4235 /* NOTREACHED */
4236 }
4237 if (refhold) {
4238 cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
4239 tr = in6ifa_dbg->in6ifa_refhold;
4240 } else {
4241 cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
4242 tr = in6ifa_dbg->in6ifa_refrele;
4243 }
4244
4245 idx = atomic_add_16_ov(cnt, 1) % IN6IFA_TRACE_HIST_SIZE;
4246 ctrace_record(&tr[idx]);
4247 }
4248
4249 /*
4250 * Handle SIOCGASSOCIDS ioctl for PF_INET6 domain.
4251 */
4252 static int
4253 in6_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp)
4254 {
4255 struct in6pcb *in6p = sotoin6pcb(so);
4256 sae_associd_t aid;
4257
4258 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4259 return EINVAL;
4260 }
4261
4262 /* IN6PCB has no concept of association */
4263 aid = SAE_ASSOCID_ANY;
4264 *cnt = 0;
4265
4266 /* just asking how many there are? */
4267 if (aidp == USER_ADDR_NULL) {
4268 return 0;
4269 }
4270
4271 return copyout(&aid, aidp, sizeof(aid));
4272 }
4273
4274 /*
4275 * Handle SIOCGCONNIDS ioctl for PF_INET6 domain.
4276 */
4277 static int
4278 in6_getconnids(struct socket *so, sae_associd_t aid, uint32_t *cnt,
4279 user_addr_t cidp)
4280 {
4281 struct in6pcb *in6p = sotoin6pcb(so);
4282 sae_connid_t cid;
4283
4284 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
4285 return EINVAL;
4286 }
4287
4288 if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
4289 return EINVAL;
4290 }
4291
4292 /* if connected, return 1 connection count */
4293 *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0);
4294
4295 /* just asking how many there are? */
4296 if (cidp == USER_ADDR_NULL) {
4297 return 0;
4298 }
4299
4300 /* if IN6PCB is connected, assign it connid 1 */
4301 cid = ((*cnt != 0) ? 1 : SAE_CONNID_ANY);
4302
4303 return copyout(&cid, cidp, sizeof(cid));
4304 }
4305
4306 /*
4307 * Handle SIOCGCONNINFO ioctl for PF_INET6 domain.
4308 */
4309 int
4310 in6_getconninfo(struct socket *so, sae_connid_t cid, uint32_t *flags,
4311 uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len,
4312 user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type,
4313 user_addr_t aux_data, uint32_t *aux_len)
4314 {
4315 struct in6pcb *in6p = sotoin6pcb(so);
4316 struct sockaddr_in6 sin6;
4317 struct ifnet *ifp = NULL;
4318 int error = 0;
4319 u_int32_t copy_len = 0;
4320
4321 /*
4322 * Don't test for INPCB_STATE_DEAD since this may be called
4323 * after SOF_PCBCLEARING is set, e.g. after tcp_close().
4324 */
4325 if (in6p == NULL) {
4326 error = EINVAL;
4327 goto out;
4328 }
4329
4330 if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != 1) {
4331 error = EINVAL;
4332 goto out;
4333 }
4334
4335 ifp = in6p->in6p_last_outifp;
4336 *ifindex = ((ifp != NULL) ? ifp->if_index : 0);
4337 *soerror = so->so_error;
4338 *flags = 0;
4339 if (so->so_state & SS_ISCONNECTED) {
4340 *flags |= (CIF_CONNECTED | CIF_PREFERRED);
4341 }
4342 if (in6p->in6p_flags & INP_BOUND_IF) {
4343 *flags |= CIF_BOUND_IF;
4344 }
4345 if (!(in6p->in6p_flags & INP_IN6ADDR_ANY)) {
4346 *flags |= CIF_BOUND_IP;
4347 }
4348 if (!(in6p->in6p_flags & INP_ANONPORT)) {
4349 *flags |= CIF_BOUND_PORT;
4350 }
4351
4352 bzero(&sin6, sizeof(sin6));
4353 sin6.sin6_len = sizeof(sin6);
4354 sin6.sin6_family = AF_INET6;
4355
4356 /* source address and port */
4357 sin6.sin6_port = in6p->in6p_lport;
4358 in6_recoverscope(&sin6, &in6p->in6p_laddr, NULL);
4359 if (*src_len == 0) {
4360 *src_len = sin6.sin6_len;
4361 } else {
4362 if (src != USER_ADDR_NULL) {
4363 copy_len = min(*src_len, sizeof(sin6));
4364 error = copyout(&sin6, src, copy_len);
4365 if (error != 0) {
4366 goto out;
4367 }
4368 *src_len = copy_len;
4369 }
4370 }
4371
4372 /* destination address and port */
4373 sin6.sin6_port = in6p->in6p_fport;
4374 in6_recoverscope(&sin6, &in6p->in6p_faddr, NULL);
4375 if (*dst_len == 0) {
4376 *dst_len = sin6.sin6_len;
4377 } else {
4378 if (dst != USER_ADDR_NULL) {
4379 copy_len = min(*dst_len, sizeof(sin6));
4380 error = copyout(&sin6, dst, copy_len);
4381 if (error != 0) {
4382 goto out;
4383 }
4384 *dst_len = copy_len;
4385 }
4386 }
4387
4388 if (SOCK_PROTO(so) == IPPROTO_TCP) {
4389 struct conninfo_tcp tcp_ci;
4390
4391 *aux_type = CIAUX_TCP;
4392 if (*aux_len == 0) {
4393 *aux_len = sizeof(tcp_ci);
4394 } else {
4395 if (aux_data != USER_ADDR_NULL) {
4396 copy_len = min(*aux_len, sizeof(tcp_ci));
4397 bzero(&tcp_ci, sizeof(tcp_ci));
4398 tcp_getconninfo(so, &tcp_ci);
4399 error = copyout(&tcp_ci, aux_data, copy_len);
4400 if (error != 0) {
4401 goto out;
4402 }
4403 *aux_len = copy_len;
4404 }
4405 }
4406 } else {
4407 *aux_type = 0;
4408 *aux_len = 0;
4409 }
4410
4411 out:
4412 return error;
4413 }
4414
4415 /*
4416 * 'u' group ioctls.
4417 *
4418 * The switch statement below does nothing at runtime, as it serves as a
4419 * compile time check to ensure that all of the socket 'u' ioctls (those
4420 * in the 'u' group going thru soo_ioctl) that are made available by the
4421 * networking stack is unique. This works as long as this routine gets
4422 * updated each time a new interface ioctl gets added.
4423 *
4424 * Any failures at compile time indicates duplicated ioctl values.
4425 */
4426 static __attribute__((unused)) void
4427 in6ioctl_cassert(void)
4428 {
4429 /*
4430 * This is equivalent to _CASSERT() and the compiler wouldn't
4431 * generate any instructions, thus for compile time only.
4432 */
4433 switch ((u_long)0) {
4434 case 0:
4435
4436 /* bsd/netinet6/in6_var.h */
4437 case SIOCAADDRCTL_POLICY:
4438 case SIOCDADDRCTL_POLICY:
4439 case SIOCDRADD_IN6_32:
4440 case SIOCDRADD_IN6_64:
4441 case SIOCDRDEL_IN6_32:
4442 case SIOCDRDEL_IN6_64:
4443 ;
4444 }
4445 }
4446
4447 struct in6_llentry {
4448 struct llentry base;
4449 };
4450
4451 #define IN6_LLTBL_DEFAULT_HSIZE 32
4452 #define IN6_LLTBL_HASH(k, h) \
4453 ((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
4454
4455 /*
4456 * Do actual deallocation of @lle.
4457 */
4458 static void
4459 in6_lltable_destroy_lle_unlocked(struct llentry *lle)
4460 {
4461 LLE_LOCK_DESTROY(lle);
4462 LLE_REQ_DESTROY(lle);
4463 FREE(lle, M_LLTABLE);
4464 }
4465
4466 /*
4467 * Called by LLE_FREE_LOCKED when number of references
4468 * drops to zero.
4469 */
4470 static void
4471 in6_lltable_destroy_lle(struct llentry *lle)
4472 {
4473 LLE_WUNLOCK(lle);
4474 /* XXX TBD */
4475 //thread_call_free(lle->lle_timer);
4476 in6_lltable_destroy_lle_unlocked(lle);
4477 }
4478
4479
4480 static struct llentry *
4481 in6_lltable_new(const struct in6_addr *addr6, uint16_t flags)
4482 {
4483 #pragma unused(flags)
4484 struct in6_llentry *lle;
4485
4486 MALLOC(lle, struct in6_llentry *, sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
4487 if (lle == NULL) { /* NB: caller generates msg */
4488 return NULL;
4489 }
4490
4491 lle->base.r_l3addr.addr6 = *addr6;
4492 lle->base.lle_refcnt = 1;
4493 lle->base.lle_free = in6_lltable_destroy_lle;
4494 LLE_LOCK_INIT(&lle->base);
4495 LLE_REQ_INIT(&lle->base);
4496 #if 0
4497 /* XXX TBD */
4498 lle->base.lle_timer = thread_call_allocate(nd6_llinfo_timer, lle);
4499
4500 if (lle->base.lle_timer == NULL) {
4501 printf("lle_timer thread call could not be allocated.\n");
4502 LLE_LOCK_DESTROY(&lle->base);
4503 LLE_REQ_DESTROY(&lle->base);
4504 FREE(lle, M_LLTABLE);
4505 return NULL;
4506 }
4507 #endif
4508 return &lle->base;
4509 }
4510
4511 static int
4512 in6_lltable_match_prefix(const struct sockaddr *saddr,
4513 const struct sockaddr *smask, uint16_t flags, struct llentry *lle)
4514 {
4515 const struct in6_addr *addr, *mask, *lle_addr;
4516
4517 addr = &((const struct sockaddr_in6 *)(const void *)saddr)->sin6_addr;
4518 mask = &((const struct sockaddr_in6 *)(const void *)smask)->sin6_addr;
4519 lle_addr = &lle->r_l3addr.addr6;
4520
4521 if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0) {
4522 return 0;
4523 }
4524
4525 if (lle->la_flags & LLE_IFADDR) {
4526 /*
4527 * Delete LLE_IFADDR records IFF address & flag matches.
4528 * Note that addr is the interface address within prefix
4529 * being matched.
4530 */
4531 if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) &&
4532 (flags & LLE_STATIC) != 0) {
4533 return 1;
4534 }
4535 return 0;
4536 }
4537
4538 /* flags & LLE_STATIC means deleting both dynamic and static entries */
4539 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) {
4540 return 1;
4541 }
4542
4543 return 0;
4544 }
4545
4546 static void
4547 in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
4548 {
4549 struct ifnet *ifp;
4550
4551 LLE_WLOCK_ASSERT(lle);
4552 KASSERT(llt != NULL, ("lltable is NULL"));
4553
4554 /* Unlink entry from table */
4555 if ((lle->la_flags & LLE_LINKED) != 0) {
4556 ifp = llt->llt_ifp;
4557 if_afdata_wlock_assert(ifp, llt->llt_af);
4558 lltable_unlink_entry(llt, lle);
4559 }
4560
4561 #if 0
4562 /* XXX TBD */
4563 if (thread_call_cancel(lle->lle_timer) == TRUE) {
4564 LLE_REMREF(lle);
4565 }
4566 #endif
4567 llentry_free(lle);
4568 }
4569
4570 static int
4571 in6_lltable_rtcheck(struct ifnet *ifp,
4572 uint16_t flags, const struct sockaddr *l3addr)
4573 {
4574 #pragma unused(flags)
4575 struct rtentry *rt;
4576
4577 KASSERT(l3addr->sa_family == AF_INET6,
4578 ("sin_family %d", l3addr->sa_family));
4579 /* XXX rtalloc1 should take a const param */
4580 rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0);
4581 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
4582 struct ifaddr *ifa;
4583 /*
4584 * Create an ND6 cache for an IPv6 neighbor
4585 * that is not covered by our own prefix.
4586 */
4587 /* XXX ifaof_ifpforaddr should take a const param */
4588 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
4589 if (ifa != NULL) {
4590 IFA_REMREF(ifa);
4591 if (rt != NULL) {
4592 rtfree(rt);
4593 }
4594 return 0;
4595 }
4596 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
4597 ip6_sprintf(&((const struct sockaddr_in6 *)(const void *)l3addr)->sin6_addr));
4598 if (rt != NULL) {
4599 rtfree(rt);
4600 }
4601 return EINVAL;
4602 }
4603 rtfree(rt);
4604 return 0;
4605 }
4606
4607 static inline uint32_t
4608 in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
4609 {
4610 return IN6_LLTBL_HASH(dst->s6_addr32[3], hsize);
4611 }
4612
4613 static uint32_t
4614 in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
4615 {
4616 return in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize);
4617 }
4618
4619 static void
4620 in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
4621 {
4622 struct sockaddr_in6 *sin6;
4623
4624 sin6 = (struct sockaddr_in6 *)(void *)sa;
4625 bzero(sin6, sizeof(*sin6));
4626 sin6->sin6_family = AF_INET6;
4627 sin6->sin6_len = sizeof(*sin6);
4628 sin6->sin6_addr = lle->r_l3addr.addr6;
4629 }
4630
4631 static inline struct llentry *
4632 in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
4633 {
4634 struct llentry *lle;
4635 struct llentries *lleh;
4636 u_int hashidx;
4637
4638 hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
4639 lleh = &llt->lle_head[hashidx];
4640 LIST_FOREACH(lle, lleh, lle_next) {
4641 if (lle->la_flags & LLE_DELETED) {
4642 continue;
4643 }
4644 if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst)) {
4645 break;
4646 }
4647 }
4648
4649 return lle;
4650 }
4651
4652 static void
4653 in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
4654 {
4655 #pragma unused(llt)
4656 lle->la_flags |= LLE_DELETED;
4657 EVENTHANDLER_INVOKE(NULL, lle_event, lle, LLENTRY_DELETED);
4658 #ifdef DIAGNOSTIC
4659 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
4660 #endif
4661 llentry_free(lle);
4662 }
4663
4664 static struct llentry *
4665 in6_lltable_alloc(struct lltable *llt, uint16_t flags,
4666 const struct sockaddr *l3addr)
4667 {
4668 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4669 struct ifnet *ifp = llt->llt_ifp;
4670 struct llentry *lle;
4671
4672 KASSERT(l3addr->sa_family == AF_INET6,
4673 ("sin_family %d", l3addr->sa_family));
4674
4675 /*
4676 * A route that covers the given address must have
4677 * been installed 1st because we are doing a resolution,
4678 * verify this.
4679 */
4680 if (!(flags & LLE_IFADDR) &&
4681 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) {
4682 return NULL;
4683 }
4684
4685 lle = in6_lltable_new(&sin6->sin6_addr, flags);
4686 if (lle == NULL) {
4687 log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
4688 return NULL;
4689 }
4690 lle->la_flags = (uint16_t)flags;
4691 if ((flags & LLE_IFADDR) == LLE_IFADDR) {
4692 lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
4693 lle->la_flags |= LLE_STATIC;
4694 }
4695
4696 if ((lle->la_flags & LLE_STATIC) != 0) {
4697 lle->ln_state = ND6_LLINFO_REACHABLE;
4698 }
4699
4700 return lle;
4701 }
4702
4703 static struct llentry *
4704 in6_lltable_lookup(struct lltable *llt, uint16_t flags,
4705 const struct sockaddr *l3addr)
4706 {
4707 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
4708 struct llentry *lle;
4709
4710 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp, llt->llt_af);
4711 KASSERT(l3addr->sa_family == AF_INET6,
4712 ("sin_family %d", l3addr->sa_family));
4713
4714 lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
4715
4716 if (lle == NULL) {
4717 return NULL;
4718 }
4719
4720 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
4721 (LLE_UNLOCKED | LLE_EXCLUSIVE), ("wrong lle request flags: 0x%X",
4722 flags));
4723
4724 if (flags & LLE_UNLOCKED) {
4725 return lle;
4726 }
4727
4728 if (flags & LLE_EXCLUSIVE) {
4729 LLE_WLOCK(lle);
4730 } else {
4731 LLE_RLOCK(lle);
4732 }
4733 return lle;
4734 }
4735
4736 static int
4737 in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
4738 struct sysctl_req *wr)
4739 {
4740 struct ifnet *ifp = llt->llt_ifp;
4741 /* XXX stack use */
4742 struct {
4743 struct rt_msghdr rtm;
4744 struct sockaddr_in6 sin6;
4745 /*
4746 * ndp.c assumes that sdl is word aligned
4747 */
4748 #ifdef __LP64__
4749 uint32_t pad;
4750 #endif
4751 struct sockaddr_dl sdl;
4752 } ndpc;
4753 struct sockaddr_dl *sdl;
4754 int error;
4755
4756 bzero(&ndpc, sizeof(ndpc));
4757 /* skip deleted entries */
4758 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) {
4759 return 0;
4760 }
4761 /* Skip if jailed and not a valid IP of the prison. */
4762 lltable_fill_sa_entry(lle,
4763 (struct sockaddr *)&ndpc.sin6);
4764 /*
4765 * produce a msg made of:
4766 * struct rt_msghdr;
4767 * struct sockaddr_in6 (IPv6)
4768 * struct sockaddr_dl;
4769 */
4770 ndpc.rtm.rtm_msglen = sizeof(ndpc);
4771 ndpc.rtm.rtm_version = RTM_VERSION;
4772 ndpc.rtm.rtm_type = RTM_GET;
4773 ndpc.rtm.rtm_flags = RTF_UP;
4774 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
4775
4776 /* publish */
4777 if (lle->la_flags & LLE_PUB) {
4778 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
4779 }
4780 sdl = &ndpc.sdl;
4781 sdl->sdl_family = AF_LINK;
4782 sdl->sdl_len = sizeof(*sdl);
4783 sdl->sdl_index = ifp->if_index;
4784 sdl->sdl_type = ifp->if_type;
4785 if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
4786 sdl->sdl_alen = ifp->if_addrlen;
4787 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
4788 } else {
4789 sdl->sdl_alen = 0;
4790 bzero(LLADDR(sdl), ifp->if_addrlen);
4791 }
4792 if (lle->la_expire != 0) {
4793 clock_sec_t secs;
4794 clock_usec_t usecs;
4795
4796 clock_get_calendar_microtime(&secs, &usecs);
4797 ndpc.rtm.rtm_rmx.rmx_expire = (int32_t)(lle->la_expire +
4798 lle->lle_remtime / hz +
4799 secs - net_uptime());
4800 }
4801 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
4802 if (lle->la_flags & LLE_STATIC) {
4803 ndpc.rtm.rtm_flags |= RTF_STATIC;
4804 }
4805 if (lle->la_flags & LLE_IFADDR) {
4806 ndpc.rtm.rtm_flags |= RTF_PINNED;
4807 }
4808 if (lle->ln_router != 0) {
4809 ndpc.rtm.rtm_flags |= RTF_GATEWAY;
4810 }
4811 ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
4812 /* Store state in rmx_weight value */
4813 ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
4814 ndpc.rtm.rtm_index = ifp->if_index;
4815 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
4816
4817 return error;
4818 }
4819
4820 struct lltable *
4821 in6_lltattach(struct ifnet *ifp)
4822 {
4823 struct lltable *llt;
4824
4825 llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
4826 llt->llt_af = AF_INET6;
4827 llt->llt_ifp = ifp;
4828
4829 llt->llt_lookup = in6_lltable_lookup;
4830 llt->llt_alloc_entry = in6_lltable_alloc;
4831 llt->llt_delete_entry = in6_lltable_delete_entry;
4832 llt->llt_dump_entry = in6_lltable_dump_entry;
4833 llt->llt_hash = in6_lltable_hash;
4834 llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
4835 llt->llt_free_entry = in6_lltable_free_entry;
4836 llt->llt_match_prefix = in6_lltable_match_prefix;
4837 lltable_link(llt);
4838
4839 return llt;
4840 }
4841
4842 void
4843 in6_ip6_to_sockaddr(const struct in6_addr *ip6, u_int16_t port,
4844 struct sockaddr_in6 *sin6, u_int32_t maxlen)
4845 {
4846 if (maxlen < sizeof(struct sockaddr_in6)) {
4847 return;
4848 }
4849
4850 *sin6 = (struct sockaddr_in6) {
4851 .sin6_family = AF_INET6,
4852 .sin6_len = sizeof(*sin6),
4853 .sin6_port = port,
4854 .sin6_addr = *ip6,
4855 };
4856
4857 if (IN6_IS_SCOPE_EMBED(&sin6->sin6_addr)) {
4858 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
4859 sin6->sin6_addr.s6_addr16[1] = 0;
4860 }
4861 }
4862
4863 /* IPv6 events */
4864 struct in6_event {
4865 in6_evhdlr_code_t in6_event_code;
4866 struct ifnet *in6_ifp;
4867 struct in6_addr in6_address;
4868 uint32_t val;
4869 };
4870
4871 struct in6_event2kev in6_event2kev_array[IN6_EVENT_MAX] = {
4872 {
4873 .in6_event_code = IN6_ADDR_MARKED_DUPLICATED,
4874 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4875 .in6_event_kev_code = KEV_ND6_DAD_FAILURE,
4876 .in6_event_str = "IN6_ADDR_MARKED_DUPLICATED",
4877 },
4878 {
4879 .in6_event_code = IN6_ADDR_MARKED_DETACHED,
4880 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4881 .in6_event_kev_code = KEV_ND6_ADDR_DETACHED,
4882 .in6_event_str = "IN6_ADDR_MARKED_DETACHED",
4883 },
4884 {
4885 .in6_event_code = IN6_ADDR_MARKED_DEPRECATED,
4886 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4887 .in6_event_kev_code = KEV_ND6_ADDR_DEPRECATED,
4888 .in6_event_str = "IN6_ADDR_MARKED_DEPRECATED",
4889 },
4890 {
4891 .in6_event_code = IN6_NDP_RTR_EXPIRY,
4892 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4893 .in6_event_kev_code = KEV_ND6_RTR_EXPIRED,
4894 .in6_event_str = "IN6_NDP_RTR_EXPIRY",
4895 },
4896 {
4897 .in6_event_code = IN6_NDP_PFX_EXPIRY,
4898 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4899 .in6_event_kev_code = KEV_ND6_PFX_EXPIRED,
4900 .in6_event_str = "IN6_NDP_PFX_EXPIRY",
4901 },
4902 {
4903 .in6_event_code = IN6_NDP_ADDR_EXPIRY,
4904 .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4905 .in6_event_kev_code = KEV_ND6_ADDR_EXPIRED,
4906 .in6_event_str = "IN6_NDP_ADDR_EXPIRY",
4907 },
4908 };
4909
4910 void
4911 in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,
4912 in6_evhdlr_code_t in6_ev_code, struct ifnet *ifp,
4913 struct in6_addr *p_addr6, uint32_t val)
4914 {
4915 struct kev_msg ev_msg;
4916 struct kev_nd6_event nd6_event;
4917
4918 bzero(&ev_msg, sizeof(ev_msg));
4919 bzero(&nd6_event, sizeof(nd6_event));
4920
4921 nd6log0(info, "%s Event %s received for %s\n",
4922 __func__, in6_event2kev_array[in6_ev_code].in6_event_str,
4923 ip6_sprintf(p_addr6));
4924
4925 ev_msg.vendor_code = KEV_VENDOR_APPLE;
4926 ev_msg.kev_class = KEV_NETWORK_CLASS;
4927 ev_msg.kev_subclass =
4928 in6_event2kev_array[in6_ev_code].in6_event_kev_subclass;
4929 ev_msg.event_code =
4930 in6_event2kev_array[in6_ev_code].in6_event_kev_code;
4931
4932 nd6_event.link_data.if_family = ifp->if_family;
4933 nd6_event.link_data.if_unit = ifp->if_unit;
4934 strlcpy(nd6_event.link_data.if_name, ifp->if_name,
4935 sizeof(nd6_event.link_data.if_name));
4936
4937 VERIFY(p_addr6 != NULL);
4938 bcopy(p_addr6, &nd6_event.in6_address,
4939 sizeof(nd6_event.in6_address));
4940 nd6_event.val = val;
4941
4942 ev_msg.dv[0].data_ptr = &nd6_event;
4943 ev_msg.dv[0].data_length = sizeof(nd6_event);
4944
4945 kev_post_msg(&ev_msg);
4946 }
4947
4948 static void
4949 in6_event_callback(void *arg)
4950 {
4951 struct in6_event *p_in6_ev = (struct in6_event *)arg;
4952
4953 EVENTHANDLER_INVOKE(&in6_evhdlr_ctxt, in6_event,
4954 p_in6_ev->in6_event_code, p_in6_ev->in6_ifp,
4955 &p_in6_ev->in6_address, p_in6_ev->val);
4956 }
4957
4958 struct in6_event_nwk_wq_entry {
4959 struct nwk_wq_entry nwk_wqe;
4960 struct in6_event in6_ev_arg;
4961 };
4962
4963 void
4964 in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,
4965 struct ifnet *ifp, struct in6_addr *p_addr6,
4966 uint32_t val)
4967 {
4968 struct in6_event_nwk_wq_entry *p_in6_ev = NULL;
4969
4970 MALLOC(p_in6_ev, struct in6_event_nwk_wq_entry *,
4971 sizeof(struct in6_event_nwk_wq_entry),
4972 M_NWKWQ, M_WAITOK | M_ZERO);
4973
4974 p_in6_ev->nwk_wqe.func = in6_event_callback;
4975 p_in6_ev->nwk_wqe.is_arg_managed = TRUE;
4976 p_in6_ev->nwk_wqe.arg = &p_in6_ev->in6_ev_arg;
4977
4978 p_in6_ev->in6_ev_arg.in6_event_code = in6_event_code;
4979 p_in6_ev->in6_ev_arg.in6_ifp = ifp;
4980 if (p_addr6 != NULL) {
4981 bcopy(p_addr6, &p_in6_ev->in6_ev_arg.in6_address,
4982 sizeof(p_in6_ev->in6_ev_arg.in6_address));
4983 }
4984 p_in6_ev->in6_ev_arg.val = val;
4985
4986 nwk_wq_enqueue((struct nwk_wq_entry*)p_in6_ev);
4987 }
4988
4989 /*
4990 * Caller must hold in6_ifaddr_rwlock as writer.
4991 */
4992 static void
4993 in6_iahash_remove(struct in6_ifaddr *ia)
4994 {
4995 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
4996 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
4997
4998 if (!IA6_IS_HASHED(ia)) {
4999 panic("%s: attempt to remove wrong ia %p from ipv6 hash table\n", __func__, ia);
5000 /* NOTREACHED */
5001 }
5002 TAILQ_REMOVE(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
5003 IA6_HASH_INIT(ia);
5004 if (IFA_REMREF_LOCKED(&ia->ia_ifa) == NULL) {
5005 panic("%s: unexpected (missing) refcnt ifa=%p", __func__,
5006 &ia->ia_ifa);
5007 /* NOTREACHED */
5008 }
5009 }
5010
5011 /*
5012 * Caller must hold in6_ifaddr_rwlock as writer.
5013 */
5014 static void
5015 in6_iahash_insert(struct in6_ifaddr *ia)
5016 {
5017 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5018 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5019
5020 if (ia->ia_addr.sin6_family != AF_INET6) {
5021 panic("%s: attempt to insert wrong ia %p into hash table\n", __func__, ia);
5022 /* NOTREACHED */
5023 } else if (IA6_IS_HASHED(ia)) {
5024 panic("%s: attempt to double-insert ia %p into hash table\n", __func__, ia);
5025 /* NOTREACHED */
5026 }
5027 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5028 ia, ia6_hash);
5029 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5030 }
5031
5032 /*
5033 * Some point to point interfaces that are tunnels borrow the address from
5034 * an underlying interface (e.g. VPN server). In order for source address
5035 * selection logic to find the underlying interface first, we add the address
5036 * of borrowing point to point interfaces at the end of the list.
5037 * (see rdar://6733789)
5038 *
5039 * Caller must hold in6_ifaddr_rwlock as writer.
5040 */
5041 static void
5042 in6_iahash_insert_ptp(struct in6_ifaddr *ia)
5043 {
5044 struct in6_ifaddr *tmp_ifa;
5045 struct ifnet *tmp_ifp;
5046
5047 LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
5048 IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
5049
5050 if (ia->ia_addr.sin6_family != AF_INET6) {
5051 panic("%s: attempt to insert wrong ia %p into hash table\n", __func__, ia);
5052 /* NOTREACHED */
5053 } else if (IA6_IS_HASHED(ia)) {
5054 panic("%s: attempt to double-insert ia %p into hash table\n", __func__, ia);
5055 /* NOTREACHED */
5056 }
5057 IFA_UNLOCK(&ia->ia_ifa);
5058 TAILQ_FOREACH(tmp_ifa, IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia6_hash) {
5059 IFA_LOCK(&tmp_ifa->ia_ifa);
5060 /* ia->ia_addr won't change, so check without lock */
5061 if (IN6_ARE_ADDR_EQUAL(&tmp_ifa->ia_addr.sin6_addr, &ia->ia_addr.sin6_addr)) {
5062 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5063 break;
5064 }
5065 IFA_UNLOCK(&tmp_ifa->ia_ifa);
5066 }
5067 tmp_ifp = (tmp_ifa == NULL) ? NULL : tmp_ifa->ia_ifp;
5068
5069 IFA_LOCK(&ia->ia_ifa);
5070 if (tmp_ifp == NULL) {
5071 TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5072 ia, ia6_hash);
5073 } else {
5074 TAILQ_INSERT_TAIL(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
5075 ia, ia6_hash);
5076 }
5077 IFA_ADDREF_LOCKED(&ia->ia_ifa);
5078 }
mirror of XNU