]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/in6_pcb.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6_pcb.c
1 /*
2 * Copyright (c) 2003-2020 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
30 * All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. Neither the name of the project nor the names of its contributors
41 * may be used to endorse or promote products derived from this software
42 * without specific prior written permission.
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
47 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * SUCH DAMAGE.
55 *
56 */
57
58 /*
59 * Copyright (c) 1982, 1986, 1991, 1993
60 * The Regents of the University of California. All rights reserved.
61 *
62 * Redistribution and use in source and binary forms, with or without
63 * modification, are permitted provided that the following conditions
64 * are met:
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
70 * 3. All advertising materials mentioning features or use of this software
71 * must display the following acknowledgement:
72 * This product includes software developed by the University of
73 * California, Berkeley and its contributors.
74 * 4. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
91 */
92
93 #include <sys/param.h>
94 #include <sys/systm.h>
95 #include <sys/malloc.h>
96 #include <sys/mbuf.h>
97 #include <sys/domain.h>
98 #include <sys/protosw.h>
99 #include <sys/socket.h>
100 #include <sys/socketvar.h>
101 #include <sys/sockio.h>
102 #include <sys/errno.h>
103 #include <sys/time.h>
104 #include <sys/proc.h>
105 #include <sys/kauth.h>
106 #include <sys/priv.h>
107
108 #include <net/if.h>
109 #include <net/if_types.h>
110 #include <net/route.h>
111 #include <net/ntstat.h>
112 #include <net/restricted_in_port.h>
113
114 #include <netinet/in.h>
115 #include <netinet/in_var.h>
116 #include <netinet/in_systm.h>
117 #include <netinet/ip6.h>
118 #include <netinet/ip_var.h>
119
120 #include <netinet6/ip6_var.h>
121 #include <netinet6/nd6.h>
122 #include <netinet/in_pcb.h>
123 #include <netinet6/in6_pcb.h>
124
125 #include <net/if_types.h>
126 #include <net/if_var.h>
127
128 #include <kern/kern_types.h>
129 #include <kern/zalloc.h>
130
131 #if IPSEC
132 #include <netinet6/ipsec.h>
133 #include <netinet6/ipsec6.h>
134 #include <netinet6/ah.h>
135 #include <netinet6/ah6.h>
136 #include <netkey/key.h>
137 #endif /* IPSEC */
138
139 #if NECP
140 #include <net/necp.h>
141 #endif /* NECP */
142
143 /*
144 * in6_pcblookup_local_and_cleanup does everything
145 * in6_pcblookup_local does but it checks for a socket
146 * that's going away. Since we know that the lock is
147 * held read+write when this function is called, we
148 * can safely dispose of this socket like the slow
149 * timer would usually do and return NULL. This is
150 * great for bind.
151 */
152 static struct inpcb *
153 in6_pcblookup_local_and_cleanup(struct inpcbinfo *pcbinfo,
154 struct in6_addr *laddr, u_int lport_arg, int wild_okay)
155 {
156 struct inpcb *inp;
157
158 /* Perform normal lookup */
159 inp = in6_pcblookup_local(pcbinfo, laddr, lport_arg, wild_okay);
160
161 /* Check if we found a match but it's waiting to be disposed */
162 if (inp != NULL && inp->inp_wantcnt == WNT_STOPUSING) {
163 struct socket *so = inp->inp_socket;
164
165 socket_lock(so, 0);
166
167 if (so->so_usecount == 0) {
168 if (inp->inp_state != INPCB_STATE_DEAD) {
169 in6_pcbdetach(inp);
170 }
171 in_pcbdispose(inp); /* will unlock & destroy */
172 inp = NULL;
173 } else {
174 socket_unlock(so, 0);
175 }
176 }
177
178 return inp;
179 }
180
181 /*
182 * Bind an INPCB to an address and/or port. This routine should not alter
183 * the caller-supplied local address "nam".
184 */
185 int
186 in6_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct proc *p)
187 {
188 struct socket *so = inp->inp_socket;
189 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
190 u_short lport = 0;
191 int wild = 0, reuseport = (so->so_options & SO_REUSEPORT);
192 struct ifnet *outif = NULL;
193 struct sockaddr_in6 sin6;
194 #if XNU_TARGET_OS_OSX
195 int error;
196 kauth_cred_t cred;
197 #endif /* XNU_TARGET_OS_OSX */
198
199 if (TAILQ_EMPTY(&in6_ifaddrhead)) { /* XXX broken! */
200 return EADDRNOTAVAIL;
201 }
202 if (!(so->so_options & (SO_REUSEADDR | SO_REUSEPORT))) {
203 wild = 1;
204 }
205
206 socket_unlock(so, 0); /* keep reference */
207 lck_rw_lock_exclusive(pcbinfo->ipi_lock);
208 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
209 /* another thread completed the bind */
210 lck_rw_done(pcbinfo->ipi_lock);
211 socket_lock(so, 0);
212 return EINVAL;
213 }
214
215 bzero(&sin6, sizeof(sin6));
216 if (nam != NULL) {
217 if (nam->sa_len != sizeof(struct sockaddr_in6)) {
218 lck_rw_done(pcbinfo->ipi_lock);
219 socket_lock(so, 0);
220 return EINVAL;
221 }
222 /*
223 * family check.
224 */
225 if (nam->sa_family != AF_INET6) {
226 lck_rw_done(pcbinfo->ipi_lock);
227 socket_lock(so, 0);
228 return EAFNOSUPPORT;
229 }
230 lport = SIN6(nam)->sin6_port;
231
232 *(&sin6) = *SIN6(nam);
233
234 /* KAME hack: embed scopeid */
235 if (in6_embedscope(&sin6.sin6_addr, &sin6, inp, NULL,
236 NULL) != 0) {
237 lck_rw_done(pcbinfo->ipi_lock);
238 socket_lock(so, 0);
239 return EINVAL;
240 }
241
242 /* Sanitize local copy for address searches */
243 sin6.sin6_flowinfo = 0;
244 sin6.sin6_scope_id = 0;
245 sin6.sin6_port = 0;
246
247 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) {
248 /*
249 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast;
250 * allow compepte duplication of binding if
251 * SO_REUSEPORT is set, or if SO_REUSEADDR is set
252 * and a multicast address is bound on both
253 * new and duplicated sockets.
254 */
255 if (so->so_options & SO_REUSEADDR) {
256 reuseport = SO_REUSEADDR | SO_REUSEPORT;
257 }
258 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) {
259 struct ifaddr *ifa;
260
261 ifa = ifa_ifwithaddr(SA(&sin6));
262 if (ifa == NULL) {
263 lck_rw_done(pcbinfo->ipi_lock);
264 socket_lock(so, 0);
265 return EADDRNOTAVAIL;
266 } else {
267 /*
268 * XXX: bind to an anycast address might
269 * accidentally cause sending a packet with
270 * anycast source address. We should allow
271 * to bind to a deprecated address, since
272 * the application dare to use it.
273 */
274 IFA_LOCK_SPIN(ifa);
275 if (((struct in6_ifaddr *)ifa)->ia6_flags &
276 (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY |
277 IN6_IFF_DETACHED | IN6_IFF_CLAT46)) {
278 IFA_UNLOCK(ifa);
279 IFA_REMREF(ifa);
280 lck_rw_done(pcbinfo->ipi_lock);
281 socket_lock(so, 0);
282 return EADDRNOTAVAIL;
283 }
284 /*
285 * Opportunistically determine the outbound
286 * interface that may be used; this may not
287 * hold true if we end up using a route
288 * going over a different interface, e.g.
289 * when sending to a local address. This
290 * will get updated again after sending.
291 */
292 outif = ifa->ifa_ifp;
293 IFA_UNLOCK(ifa);
294 IFA_REMREF(ifa);
295 }
296 }
297
298
299 if (lport != 0) {
300 struct inpcb *t;
301 uid_t u;
302
303 #if XNU_TARGET_OS_OSX
304 if (ntohs(lport) < IPV6PORT_RESERVED &&
305 !IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) &&
306 !(inp->inp_flags2 & INP2_EXTERNAL_PORT)) {
307 cred = kauth_cred_proc_ref(p);
308 error = priv_check_cred(cred,
309 PRIV_NETINET_RESERVEDPORT, 0);
310 kauth_cred_unref(&cred);
311 if (error != 0) {
312 lck_rw_done(pcbinfo->ipi_lock);
313 socket_lock(so, 0);
314 return EACCES;
315 }
316 }
317 #endif /* XNU_TARGET_OS_OSX */
318 /*
319 * Check wether the process is allowed to bind to a restricted port
320 */
321 if (!current_task_can_use_restricted_in_port(lport,
322 (uint8_t)SOCK_PROTO(so), PORT_FLAGS_BSD)) {
323 lck_rw_done(pcbinfo->ipi_lock);
324 socket_lock(so, 0);
325 return EADDRINUSE;
326 }
327
328 if (!IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr) &&
329 (u = kauth_cred_getuid(so->so_cred)) != 0) {
330 t = in6_pcblookup_local_and_cleanup(pcbinfo,
331 &sin6.sin6_addr, lport,
332 INPLOOKUP_WILDCARD);
333 if (t != NULL &&
334 (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) ||
335 !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) ||
336 !(t->inp_socket->so_options & SO_REUSEPORT)) &&
337 (u != kauth_cred_getuid(t->inp_socket->so_cred)) &&
338 !(t->inp_socket->so_flags & SOF_REUSESHAREUID) &&
339 (!(t->inp_flags2 & INP2_EXTERNAL_PORT) ||
340 !(inp->inp_flags2 & INP2_EXTERNAL_PORT) ||
341 uuid_compare(t->necp_client_uuid, inp->necp_client_uuid) != 0)) {
342 lck_rw_done(pcbinfo->ipi_lock);
343 socket_lock(so, 0);
344 return EADDRINUSE;
345 }
346 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) &&
347 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) {
348 struct sockaddr_in sin;
349
350 in6_sin6_2_sin(&sin, &sin6);
351 t = in_pcblookup_local_and_cleanup(
352 pcbinfo, sin.sin_addr, lport,
353 INPLOOKUP_WILDCARD);
354 if (t != NULL &&
355 !(t->inp_socket->so_options & SO_REUSEPORT) &&
356 (kauth_cred_getuid(so->so_cred) !=
357 kauth_cred_getuid(t->inp_socket->so_cred)) &&
358 (t->inp_laddr.s_addr != INADDR_ANY ||
359 SOCK_DOM(so) == SOCK_DOM(t->inp_socket)) &&
360 (!(t->inp_flags2 & INP2_EXTERNAL_PORT) ||
361 !(inp->inp_flags2 & INP2_EXTERNAL_PORT) ||
362 uuid_compare(t->necp_client_uuid, inp->necp_client_uuid) != 0)) {
363 lck_rw_done(pcbinfo->ipi_lock);
364 socket_lock(so, 0);
365 return EADDRINUSE;
366 }
367
368 }
369 }
370 t = in6_pcblookup_local_and_cleanup(pcbinfo,
371 &sin6.sin6_addr, lport, wild);
372 if (t != NULL &&
373 (reuseport & t->inp_socket->so_options) == 0 &&
374 (!(t->inp_flags2 & INP2_EXTERNAL_PORT) ||
375 !(inp->inp_flags2 & INP2_EXTERNAL_PORT) ||
376 uuid_compare(t->necp_client_uuid, inp->necp_client_uuid) != 0)) {
377 lck_rw_done(pcbinfo->ipi_lock);
378 socket_lock(so, 0);
379 return EADDRINUSE;
380 }
381 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) &&
382 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) {
383 struct sockaddr_in sin;
384
385 in6_sin6_2_sin(&sin, &sin6);
386 t = in_pcblookup_local_and_cleanup(pcbinfo,
387 sin.sin_addr, lport, wild);
388 if (t != NULL && (reuseport &
389 t->inp_socket->so_options) == 0 &&
390 (t->inp_laddr.s_addr != INADDR_ANY ||
391 SOCK_DOM(so) == SOCK_DOM(t->inp_socket)) &&
392 (!(t->inp_flags2 & INP2_EXTERNAL_PORT) ||
393 !(inp->inp_flags2 & INP2_EXTERNAL_PORT) ||
394 uuid_compare(t->necp_client_uuid, inp->necp_client_uuid) != 0)) {
395 lck_rw_done(pcbinfo->ipi_lock);
396 socket_lock(so, 0);
397 return EADDRINUSE;
398 }
399 }
400 }
401 }
402
403 socket_lock(so, 0);
404 /*
405 * We unlocked socket's protocol lock for a long time.
406 * The socket might have been dropped/defuncted.
407 * Checking if world has changed since.
408 */
409 if (inp->inp_state == INPCB_STATE_DEAD) {
410 lck_rw_done(pcbinfo->ipi_lock);
411 return ECONNABORTED;
412 }
413
414 /* check if the socket got bound when the lock was released */
415 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
416 lck_rw_done(pcbinfo->ipi_lock);
417 return EINVAL;
418 }
419
420 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) {
421 inp->in6p_laddr = sin6.sin6_addr;
422 inp->in6p_last_outifp = outif;
423 }
424
425 if (lport == 0) {
426 int e;
427 if ((e = in6_pcbsetport(&inp->in6p_laddr, inp, p, 1)) != 0) {
428 /* Undo any address bind from above. */
429 inp->in6p_laddr = in6addr_any;
430 inp->in6p_last_outifp = NULL;
431 lck_rw_done(pcbinfo->ipi_lock);
432 return e;
433 }
434 } else {
435 inp->inp_lport = lport;
436 if (in_pcbinshash(inp, 1) != 0) {
437 inp->in6p_laddr = in6addr_any;
438 inp->inp_lport = 0;
439 inp->in6p_last_outifp = NULL;
440 lck_rw_done(pcbinfo->ipi_lock);
441 return EAGAIN;
442 }
443 }
444 lck_rw_done(pcbinfo->ipi_lock);
445 sflt_notify(so, sock_evt_bound, NULL);
446 return 0;
447 }
448
449 /*
450 * Transform old in6_pcbconnect() into an inner subroutine for new
451 * in6_pcbconnect(); do some validity-checking on the remote address
452 * (in "nam") and then determine local host address (i.e., which
453 * interface) to use to access that remote host.
454 *
455 * This routine may alter the caller-supplied remote address "nam".
456 *
457 * This routine might return an ifp with a reference held if the caller
458 * provides a non-NULL outif, even in the error case. The caller is
459 * responsible for releasing its reference.
460 */
461 int
462 in6_pcbladdr(struct inpcb *inp, struct sockaddr *nam,
463 struct in6_addr *plocal_addr6, struct ifnet **outif)
464 {
465 struct in6_addr *addr6 = NULL;
466 struct in6_addr src_storage;
467 int error = 0;
468 unsigned int ifscope;
469
470 if (outif != NULL) {
471 *outif = NULL;
472 }
473 if (nam->sa_len != sizeof(struct sockaddr_in6)) {
474 return EINVAL;
475 }
476 if (SIN6(nam)->sin6_family != AF_INET6) {
477 return EAFNOSUPPORT;
478 }
479 if (SIN6(nam)->sin6_port == 0) {
480 return EADDRNOTAVAIL;
481 }
482
483 /* KAME hack: embed scopeid */
484 if (in6_embedscope(&SIN6(nam)->sin6_addr, SIN6(nam), inp, NULL, NULL) != 0) {
485 return EINVAL;
486 }
487
488 if (!TAILQ_EMPTY(&in6_ifaddrhead)) {
489 /*
490 * If the destination address is UNSPECIFIED addr,
491 * use the loopback addr, e.g ::1.
492 */
493 if (IN6_IS_ADDR_UNSPECIFIED(&SIN6(nam)->sin6_addr)) {
494 SIN6(nam)->sin6_addr = in6addr_loopback;
495 }
496 }
497
498 ifscope = (inp->inp_flags & INP_BOUND_IF) ?
499 inp->inp_boundifp->if_index : IFSCOPE_NONE;
500
501 /*
502 * XXX: in6_selectsrc might replace the bound local address
503 * with the address specified by setsockopt(IPV6_PKTINFO).
504 * Is it the intended behavior?
505 *
506 * in6_selectsrc() might return outif with its reference held
507 * even in the error case; caller always needs to release it
508 * if non-NULL.
509 */
510 addr6 = in6_selectsrc(SIN6(nam), inp->in6p_outputopts, inp,
511 &inp->in6p_route, outif, &src_storage, ifscope, &error);
512
513 if (outif != NULL) {
514 struct rtentry *rt = inp->in6p_route.ro_rt;
515 /*
516 * If in6_selectsrc() returns a route, it should be one
517 * which points to the same ifp as outif. Just in case
518 * it isn't, use the one from the route for consistency.
519 * Otherwise if there is no route, leave outif alone as
520 * it could still be useful to the caller.
521 */
522 if (rt != NULL && rt->rt_ifp != *outif) {
523 ifnet_reference(rt->rt_ifp); /* for caller */
524 if (*outif != NULL) {
525 ifnet_release(*outif);
526 }
527 *outif = rt->rt_ifp;
528 }
529 }
530
531 if (addr6 == NULL) {
532 if (outif != NULL && (*outif) != NULL &&
533 inp_restricted_send(inp, *outif)) {
534 soevent(inp->inp_socket,
535 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED));
536 error = EHOSTUNREACH;
537 }
538 if (error == 0) {
539 error = EADDRNOTAVAIL;
540 }
541 return error;
542 }
543
544 *plocal_addr6 = *addr6;
545 /*
546 * Don't do pcblookup call here; return interface in
547 * plocal_addr6 and exit to caller, that will do the lookup.
548 */
549 return 0;
550 }
551
552 /*
553 * Outer subroutine:
554 * Connect from a socket to a specified address.
555 * Both address and port must be specified in argument sin.
556 * If don't have a local address for this socket yet,
557 * then pick one.
558 */
559 int
560 in6_pcbconnect(struct inpcb *inp, struct sockaddr *nam, struct proc *p)
561 {
562 struct in6_addr addr6;
563 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)(void *)nam;
564 struct inpcb *pcb;
565 int error = 0;
566 struct ifnet *outif = NULL;
567 struct socket *so = inp->inp_socket;
568
569 #if CONTENT_FILTER
570 so->so_state_change_cnt++;
571 #endif
572
573 if (so->so_proto->pr_protocol == IPPROTO_UDP &&
574 sin6->sin6_port == htons(53) && !(so->so_flags1 & SOF1_DNS_COUNTED)) {
575 so->so_flags1 |= SOF1_DNS_COUNTED;
576 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet_dgram_dns);
577 }
578
579 /*
580 * Call inner routine, to assign local interface address.
581 * in6_pcbladdr() may automatically fill in sin6_scope_id.
582 *
583 * in6_pcbladdr() might return an ifp with its reference held
584 * even in the error case, so make sure that it's released
585 * whenever it's non-NULL.
586 */
587 if ((error = in6_pcbladdr(inp, nam, &addr6, &outif)) != 0) {
588 if (outif != NULL && inp_restricted_send(inp, outif)) {
589 soevent(so,
590 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED));
591 }
592 goto done;
593 }
594 socket_unlock(so, 0);
595 pcb = in6_pcblookup_hash(inp->inp_pcbinfo, &sin6->sin6_addr,
596 sin6->sin6_port, IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ?
597 &addr6 : &inp->in6p_laddr, inp->inp_lport, 0, NULL);
598 socket_lock(so, 0);
599 if (pcb != NULL) {
600 in_pcb_checkstate(pcb, WNT_RELEASE, pcb == inp ? 1 : 0);
601 error = EADDRINUSE;
602 goto done;
603 }
604 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
605 if (inp->inp_lport == 0) {
606 error = in6_pcbbind(inp, NULL, p);
607 if (error) {
608 goto done;
609 }
610 }
611 inp->in6p_laddr = addr6;
612 inp->in6p_last_outifp = outif; /* no reference needed */
613 inp->in6p_flags |= INP_IN6ADDR_ANY;
614 }
615 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) {
616 /* lock inversion issue, mostly with udp multicast packets */
617 socket_unlock(so, 0);
618 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock);
619 socket_lock(so, 0);
620 }
621 inp->in6p_faddr = sin6->sin6_addr;
622 inp->inp_fport = sin6->sin6_port;
623 if (nstat_collect && SOCK_PROTO(so) == IPPROTO_UDP) {
624 nstat_pcb_invalidate_cache(inp);
625 }
626 in_pcbrehash(inp);
627 lck_rw_done(inp->inp_pcbinfo->ipi_lock);
628
629 done:
630 if (outif != NULL) {
631 ifnet_release(outif);
632 }
633
634 return error;
635 }
636
637 void
638 in6_pcbdisconnect(struct inpcb *inp)
639 {
640 struct socket *so = inp->inp_socket;
641
642 #if CONTENT_FILTER
643 if (so) {
644 so->so_state_change_cnt++;
645 }
646 #endif
647
648 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) {
649 /* lock inversion issue, mostly with udp multicast packets */
650 socket_unlock(so, 0);
651 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock);
652 socket_lock(so, 0);
653 }
654 if (nstat_collect && SOCK_PROTO(so) == IPPROTO_UDP) {
655 nstat_pcb_cache(inp);
656 }
657 bzero((caddr_t)&inp->in6p_faddr, sizeof(inp->in6p_faddr));
658 inp->inp_fport = 0;
659 /* clear flowinfo - RFC 6437 */
660 inp->inp_flow &= ~IPV6_FLOWLABEL_MASK;
661 in_pcbrehash(inp);
662 lck_rw_done(inp->inp_pcbinfo->ipi_lock);
663 /*
664 * A multipath subflow socket would have its SS_NOFDREF set by default,
665 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB;
666 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared.
667 */
668 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) {
669 in6_pcbdetach(inp);
670 }
671 }
672
673 void
674 in6_pcbdetach(struct inpcb *inp)
675 {
676 struct socket *so = inp->inp_socket;
677
678 if (so->so_pcb == NULL) {
679 /* PCB has been disposed */
680 panic("%s: inp=%p so=%p proto=%d so_pcb is null!\n", __func__,
681 inp, so, SOCK_PROTO(so));
682 /* NOTREACHED */
683 }
684
685 #if IPSEC
686 if (inp->in6p_sp != NULL) {
687 (void) ipsec6_delete_pcbpolicy(inp);
688 }
689 #endif /* IPSEC */
690
691 if (inp->inp_stat != NULL && SOCK_PROTO(so) == IPPROTO_UDP) {
692 if (inp->inp_stat->rxpackets == 0 && inp->inp_stat->txpackets == 0) {
693 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet6_dgram_no_data);
694 }
695 }
696
697 /*
698 * Let NetworkStatistics know this PCB is going away
699 * before we detach it.
700 */
701 if (nstat_collect &&
702 (SOCK_PROTO(so) == IPPROTO_TCP || SOCK_PROTO(so) == IPPROTO_UDP)) {
703 nstat_pcb_detach(inp);
704 }
705 /* mark socket state as dead */
706 if (in_pcb_checkstate(inp, WNT_STOPUSING, 1) != WNT_STOPUSING) {
707 panic("%s: so=%p proto=%d couldn't set to STOPUSING\n",
708 __func__, so, SOCK_PROTO(so));
709 /* NOTREACHED */
710 }
711
712 if (!(so->so_flags & SOF_PCBCLEARING)) {
713 struct ip_moptions *imo;
714 struct ip6_moptions *im6o;
715
716 inp->inp_vflag = 0;
717 if (inp->in6p_options != NULL) {
718 m_freem(inp->in6p_options);
719 inp->in6p_options = NULL;
720 }
721 ip6_freepcbopts(inp->in6p_outputopts);
722 inp->in6p_outputopts = NULL;
723 ROUTE_RELEASE(&inp->in6p_route);
724 /* free IPv4 related resources in case of mapped addr */
725 if (inp->inp_options != NULL) {
726 (void) m_free(inp->inp_options);
727 inp->inp_options = NULL;
728 }
729 im6o = inp->in6p_moptions;
730 inp->in6p_moptions = NULL;
731
732 imo = inp->inp_moptions;
733 inp->inp_moptions = NULL;
734
735 sofreelastref(so, 0);
736 inp->inp_state = INPCB_STATE_DEAD;
737 /* makes sure we're not called twice from so_close */
738 so->so_flags |= SOF_PCBCLEARING;
739
740 inpcb_gc_sched(inp->inp_pcbinfo, INPCB_TIMER_FAST);
741
742 /*
743 * See inp_join_group() for why we need to unlock
744 */
745 if (im6o != NULL || imo != NULL) {
746 socket_unlock(so, 0);
747 if (im6o != NULL) {
748 IM6O_REMREF(im6o);
749 }
750 if (imo != NULL) {
751 IMO_REMREF(imo);
752 }
753 socket_lock(so, 0);
754 }
755 }
756 }
757
758 struct sockaddr *
759 in6_sockaddr(in_port_t port, struct in6_addr *addr_p)
760 {
761 struct sockaddr_in6 *sin6;
762
763 MALLOC(sin6, struct sockaddr_in6 *, sizeof(*sin6), M_SONAME, M_WAITOK);
764 if (sin6 == NULL) {
765 return NULL;
766 }
767 bzero(sin6, sizeof(*sin6));
768 sin6->sin6_family = AF_INET6;
769 sin6->sin6_len = sizeof(*sin6);
770 sin6->sin6_port = port;
771 sin6->sin6_addr = *addr_p;
772
773 /* would be good to use sa6_recoverscope(), except for locking */
774 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
775 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
776 } else {
777 sin6->sin6_scope_id = 0; /* XXX */
778 }
779 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
780 sin6->sin6_addr.s6_addr16[1] = 0;
781 }
782
783 return (struct sockaddr *)sin6;
784 }
785
786 void
787 in6_sockaddr_s(in_port_t port, struct in6_addr *addr_p,
788 struct sockaddr_in6 *sin6)
789 {
790 bzero(sin6, sizeof(*sin6));
791 sin6->sin6_family = AF_INET6;
792 sin6->sin6_len = sizeof(*sin6);
793 sin6->sin6_port = port;
794 sin6->sin6_addr = *addr_p;
795
796 /* would be good to use sa6_recoverscope(), except for locking */
797 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
798 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
799 } else {
800 sin6->sin6_scope_id = 0; /* XXX */
801 }
802 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
803 sin6->sin6_addr.s6_addr16[1] = 0;
804 }
805 }
806
807 /*
808 * The calling convention of in6_getsockaddr() and in6_getpeeraddr() was
809 * modified to match the pru_sockaddr() and pru_peeraddr() entry points
810 * in struct pr_usrreqs, so that protocols can just reference then directly
811 * without the need for a wrapper function.
812 */
813 int
814 in6_getsockaddr(struct socket *so, struct sockaddr **nam)
815 {
816 struct inpcb *inp;
817 struct in6_addr addr;
818 in_port_t port;
819
820 if ((inp = sotoinpcb(so)) == NULL) {
821 return EINVAL;
822 }
823
824 port = inp->inp_lport;
825 addr = inp->in6p_laddr;
826
827 *nam = in6_sockaddr(port, &addr);
828 if (*nam == NULL) {
829 return ENOBUFS;
830 }
831 return 0;
832 }
833
834 int
835 in6_getsockaddr_s(struct socket *so, struct sockaddr_in6 *ss)
836 {
837 struct inpcb *inp;
838 struct in6_addr addr;
839 in_port_t port;
840
841 VERIFY(ss != NULL);
842 bzero(ss, sizeof(*ss));
843
844 if ((inp = sotoinpcb(so)) == NULL) {
845 return EINVAL;
846 }
847
848 port = inp->inp_lport;
849 addr = inp->in6p_laddr;
850
851 in6_sockaddr_s(port, &addr, ss);
852 return 0;
853 }
854
855 int
856 in6_getpeeraddr(struct socket *so, struct sockaddr **nam)
857 {
858 struct inpcb *inp;
859 struct in6_addr addr;
860 in_port_t port;
861
862 if ((inp = sotoinpcb(so)) == NULL) {
863 return EINVAL;
864 }
865
866 port = inp->inp_fport;
867 addr = inp->in6p_faddr;
868
869 *nam = in6_sockaddr(port, &addr);
870 if (*nam == NULL) {
871 return ENOBUFS;
872 }
873 return 0;
874 }
875
876 int
877 in6_mapped_sockaddr(struct socket *so, struct sockaddr **nam)
878 {
879 struct inpcb *inp = sotoinpcb(so);
880 int error;
881
882 if (inp == NULL) {
883 return EINVAL;
884 }
885 if (inp->inp_vflag & INP_IPV4) {
886 error = in_getsockaddr(so, nam);
887 if (error == 0) {
888 error = in6_sin_2_v4mapsin6_in_sock(nam);
889 }
890 } else {
891 /* scope issues will be handled in in6_getsockaddr(). */
892 error = in6_getsockaddr(so, nam);
893 }
894 return error;
895 }
896
897 int
898 in6_mapped_peeraddr(struct socket *so, struct sockaddr **nam)
899 {
900 struct inpcb *inp = sotoinpcb(so);
901 int error;
902
903 if (inp == NULL) {
904 return EINVAL;
905 }
906 if (inp->inp_vflag & INP_IPV4) {
907 error = in_getpeeraddr(so, nam);
908 if (error == 0) {
909 error = in6_sin_2_v4mapsin6_in_sock(nam);
910 }
911 } else {
912 /* scope issues will be handled in in6_getpeeraddr(). */
913 error = in6_getpeeraddr(so, nam);
914 }
915 return error;
916 }
917
918 /*
919 * Pass some notification to all connections of a protocol
920 * associated with address dst. The local address and/or port numbers
921 * may be specified to limit the search. The "usual action" will be
922 * taken, depending on the ctlinput cmd. The caller must filter any
923 * cmds that are uninteresting (e.g., no error in the map).
924 * Call the protocol specific routine (if any) to report
925 * any errors for each matching socket.
926 */
927 void
928 in6_pcbnotify(struct inpcbinfo *pcbinfo, struct sockaddr *dst, u_int fport_arg,
929 const struct sockaddr *src, u_int lport_arg, int cmd, void *cmdarg,
930 void (*notify)(struct inpcb *, int))
931 {
932 struct inpcbhead *head = pcbinfo->ipi_listhead;
933 struct inpcb *inp, *ninp;
934 struct sockaddr_in6 sa6_src, *sa6_dst;
935 uint16_t fport = (uint16_t)fport_arg, lport = (uint16_t)lport_arg;
936 u_int32_t flowinfo;
937 int errno;
938
939 if ((unsigned)cmd >= PRC_NCMDS || dst->sa_family != AF_INET6) {
940 return;
941 }
942
943 sa6_dst = (struct sockaddr_in6 *)(void *)dst;
944 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr)) {
945 return;
946 }
947
948 /*
949 * note that src can be NULL when we get notify by local fragmentation.
950 */
951 sa6_src = (src == NULL) ?
952 sa6_any : *(struct sockaddr_in6 *)(uintptr_t)(size_t)src;
953 flowinfo = sa6_src.sin6_flowinfo;
954
955 /*
956 * Redirects go to all references to the destination,
957 * and use in6_rtchange to invalidate the route cache.
958 * Dead host indications: also use in6_rtchange to invalidate
959 * the cache, and deliver the error to all the sockets.
960 * Otherwise, if we have knowledge of the local port and address,
961 * deliver only to that socket.
962 */
963 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) {
964 fport = 0;
965 lport = 0;
966 bzero((caddr_t)&sa6_src.sin6_addr, sizeof(sa6_src.sin6_addr));
967
968 if (cmd != PRC_HOSTDEAD) {
969 notify = in6_rtchange;
970 }
971 }
972 errno = inet6ctlerrmap[cmd];
973 lck_rw_lock_shared(pcbinfo->ipi_lock);
974 for (inp = LIST_FIRST(head); inp != NULL; inp = ninp) {
975 ninp = LIST_NEXT(inp, inp_list);
976
977 if (!(inp->inp_vflag & INP_IPV6)) {
978 continue;
979 }
980
981 /*
982 * If the error designates a new path MTU for a destination
983 * and the application (associated with this socket) wanted to
984 * know the value, notify. Note that we notify for all
985 * disconnected sockets if the corresponding application
986 * wanted. This is because some UDP applications keep sending
987 * sockets disconnected.
988 * XXX: should we avoid to notify the value to TCP sockets?
989 */
990 if (cmd == PRC_MSGSIZE && cmdarg != NULL) {
991 socket_lock(inp->inp_socket, 1);
992 ip6_notify_pmtu(inp, (struct sockaddr_in6 *)(void *)dst,
993 (u_int32_t *)cmdarg);
994 socket_unlock(inp->inp_socket, 1);
995 }
996
997 /*
998 * Detect if we should notify the error. If no source and
999 * destination ports are specifed, but non-zero flowinfo and
1000 * local address match, notify the error. This is the case
1001 * when the error is delivered with an encrypted buffer
1002 * by ESP. Otherwise, just compare addresses and ports
1003 * as usual.
1004 */
1005 if (lport == 0 && fport == 0 && flowinfo &&
1006 inp->inp_socket != NULL &&
1007 flowinfo == (inp->inp_flow & IPV6_FLOWLABEL_MASK) &&
1008 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, &sa6_src.sin6_addr)) {
1009 goto do_notify;
1010 } else if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
1011 &sa6_dst->sin6_addr) || inp->inp_socket == NULL ||
1012 (lport && inp->inp_lport != lport) ||
1013 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) &&
1014 !IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
1015 &sa6_src.sin6_addr)) || (fport && inp->inp_fport != fport)) {
1016 continue;
1017 }
1018
1019 do_notify:
1020 if (notify) {
1021 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) ==
1022 WNT_STOPUSING) {
1023 continue;
1024 }
1025 socket_lock(inp->inp_socket, 1);
1026 (*notify)(inp, errno);
1027 (void) in_pcb_checkstate(inp, WNT_RELEASE, 1);
1028 socket_unlock(inp->inp_socket, 1);
1029 }
1030 }
1031 lck_rw_done(pcbinfo->ipi_lock);
1032 }
1033
1034 /*
1035 * Lookup a PCB based on the local address and port.
1036 */
1037 struct inpcb *
1038 in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr,
1039 u_int lport_arg, int wild_okay)
1040 {
1041 struct inpcb *inp;
1042 int matchwild = 3, wildcard;
1043 uint16_t lport = (uint16_t)lport_arg;
1044 struct inpcbporthead *porthash;
1045 struct inpcb *match = NULL;
1046 struct inpcbport *phd;
1047
1048 if (!wild_okay) {
1049 struct inpcbhead *head;
1050 /*
1051 * Look for an unconnected (wildcard foreign addr) PCB that
1052 * matches the local address and port we're looking for.
1053 */
1054 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0,
1055 pcbinfo->ipi_hashmask)];
1056 LIST_FOREACH(inp, head, inp_hash) {
1057 if (!(inp->inp_vflag & INP_IPV6)) {
1058 continue;
1059 }
1060 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) &&
1061 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
1062 inp->inp_lport == lport) {
1063 /*
1064 * Found.
1065 */
1066 return inp;
1067 }
1068 }
1069 /*
1070 * Not found.
1071 */
1072 return NULL;
1073 }
1074 /*
1075 * Best fit PCB lookup.
1076 *
1077 * First see if this local port is in use by looking on the
1078 * port hash list.
1079 */
1080 porthash = &pcbinfo->ipi_porthashbase[INP_PCBPORTHASH(lport,
1081 pcbinfo->ipi_porthashmask)];
1082 LIST_FOREACH(phd, porthash, phd_hash) {
1083 if (phd->phd_port == lport) {
1084 break;
1085 }
1086 }
1087 if (phd != NULL) {
1088 /*
1089 * Port is in use by one or more PCBs. Look for best
1090 * fit.
1091 */
1092 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
1093 wildcard = 0;
1094 if (!(inp->inp_vflag & INP_IPV6)) {
1095 continue;
1096 }
1097 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1098 wildcard++;
1099 }
1100 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
1101 if (IN6_IS_ADDR_UNSPECIFIED(laddr)) {
1102 wildcard++;
1103 } else if (!IN6_ARE_ADDR_EQUAL(
1104 &inp->in6p_laddr, laddr)) {
1105 continue;
1106 }
1107 } else {
1108 if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) {
1109 wildcard++;
1110 }
1111 }
1112 if (wildcard < matchwild) {
1113 match = inp;
1114 matchwild = wildcard;
1115 if (matchwild == 0) {
1116 break;
1117 }
1118 }
1119 }
1120 }
1121 return match;
1122 }
1123
1124 /*
1125 * Check for alternatives when higher level complains
1126 * about service problems. For now, invalidate cached
1127 * routing information. If the route was created dynamically
1128 * (by a redirect), time to try a default gateway again.
1129 */
1130 void
1131 in6_losing(struct inpcb *in6p)
1132 {
1133 struct rtentry *rt;
1134
1135 if ((rt = in6p->in6p_route.ro_rt) != NULL) {
1136 RT_LOCK(rt);
1137 if (rt->rt_flags & RTF_DYNAMIC) {
1138 /*
1139 * Prevent another thread from modifying rt_key,
1140 * rt_gateway via rt_setgate() after the rt_lock
1141 * is dropped by marking the route as defunct.
1142 */
1143 rt->rt_flags |= RTF_CONDEMNED;
1144 RT_UNLOCK(rt);
1145 (void) rtrequest(RTM_DELETE, rt_key(rt),
1146 rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
1147 } else {
1148 RT_UNLOCK(rt);
1149 }
1150 /*
1151 * A new route can be allocated
1152 * the next time output is attempted.
1153 */
1154 }
1155 ROUTE_RELEASE(&in6p->in6p_route);
1156 }
1157
1158 /*
1159 * After a routing change, flush old routing
1160 * and allocate a (hopefully) better one.
1161 */
1162 void
1163 in6_rtchange(struct inpcb *inp, int errno)
1164 {
1165 #pragma unused(errno)
1166 /*
1167 * A new route can be allocated the next time
1168 * output is attempted.
1169 */
1170 ROUTE_RELEASE(&inp->in6p_route);
1171 }
1172
1173 /*
1174 * Check if PCB exists hash list. Also returns uid and gid of socket
1175 */
1176 int
1177 in6_pcblookup_hash_exists(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
1178 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard,
1179 uid_t *uid, gid_t *gid, struct ifnet *ifp)
1180 {
1181 struct inpcbhead *head;
1182 struct inpcb *inp;
1183 uint16_t fport = (uint16_t)fport_arg, lport = (uint16_t)lport_arg;
1184 int found;
1185
1186 *uid = UID_MAX;
1187 *gid = GID_MAX;
1188
1189 lck_rw_lock_shared(pcbinfo->ipi_lock);
1190
1191 /*
1192 * First look for an exact match.
1193 */
1194 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */,
1195 lport, fport, pcbinfo->ipi_hashmask)];
1196 LIST_FOREACH(inp, head, inp_hash) {
1197 if (!(inp->inp_vflag & INP_IPV6)) {
1198 continue;
1199 }
1200
1201 if (inp_restricted_recv(inp, ifp)) {
1202 continue;
1203 }
1204
1205 #if NECP
1206 if (!necp_socket_is_allowed_to_recv_on_interface(inp, ifp)) {
1207 continue;
1208 }
1209 #endif /* NECP */
1210
1211 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) &&
1212 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
1213 inp->inp_fport == fport &&
1214 inp->inp_lport == lport) {
1215 if ((found = (inp->inp_socket != NULL))) {
1216 /*
1217 * Found. Check if pcb is still valid
1218 */
1219 *uid = kauth_cred_getuid(
1220 inp->inp_socket->so_cred);
1221 *gid = kauth_cred_getgid(
1222 inp->inp_socket->so_cred);
1223 }
1224 lck_rw_done(pcbinfo->ipi_lock);
1225 return found;
1226 }
1227 }
1228 if (wildcard) {
1229 struct inpcb *local_wild = NULL;
1230
1231 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0,
1232 pcbinfo->ipi_hashmask)];
1233 LIST_FOREACH(inp, head, inp_hash) {
1234 if (!(inp->inp_vflag & INP_IPV6)) {
1235 continue;
1236 }
1237
1238 if (inp_restricted_recv(inp, ifp)) {
1239 continue;
1240 }
1241
1242 #if NECP
1243 if (!necp_socket_is_allowed_to_recv_on_interface(inp, ifp)) {
1244 continue;
1245 }
1246 #endif /* NECP */
1247
1248 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) &&
1249 inp->inp_lport == lport) {
1250 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
1251 laddr)) {
1252 found = (inp->inp_socket != NULL);
1253 if (found) {
1254 *uid = kauth_cred_getuid(
1255 inp->inp_socket->so_cred);
1256 *gid = kauth_cred_getgid(
1257 inp->inp_socket->so_cred);
1258 }
1259 lck_rw_done(pcbinfo->ipi_lock);
1260 return found;
1261 } else if (IN6_IS_ADDR_UNSPECIFIED(
1262 &inp->in6p_laddr)) {
1263 local_wild = inp;
1264 }
1265 }
1266 }
1267 if (local_wild) {
1268 if ((found = (local_wild->inp_socket != NULL))) {
1269 *uid = kauth_cred_getuid(
1270 local_wild->inp_socket->so_cred);
1271 *gid = kauth_cred_getgid(
1272 local_wild->inp_socket->so_cred);
1273 }
1274 lck_rw_done(pcbinfo->ipi_lock);
1275 return found;
1276 }
1277 }
1278
1279 /*
1280 * Not found.
1281 */
1282 lck_rw_done(pcbinfo->ipi_lock);
1283 return 0;
1284 }
1285
1286 /*
1287 * Lookup PCB in hash list.
1288 */
1289 struct inpcb *
1290 in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
1291 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard,
1292 struct ifnet *ifp)
1293 {
1294 struct inpcbhead *head;
1295 struct inpcb *inp;
1296 uint16_t fport = (uint16_t)fport_arg, lport = (uint16_t)lport_arg;
1297
1298 lck_rw_lock_shared(pcbinfo->ipi_lock);
1299
1300 /*
1301 * First look for an exact match.
1302 */
1303 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */,
1304 lport, fport, pcbinfo->ipi_hashmask)];
1305 LIST_FOREACH(inp, head, inp_hash) {
1306 if (!(inp->inp_vflag & INP_IPV6)) {
1307 continue;
1308 }
1309
1310 if (inp_restricted_recv(inp, ifp)) {
1311 continue;
1312 }
1313
1314 #if NECP
1315 if (!necp_socket_is_allowed_to_recv_on_interface(inp, ifp)) {
1316 continue;
1317 }
1318 #endif /* NECP */
1319
1320 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) &&
1321 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
1322 inp->inp_fport == fport &&
1323 inp->inp_lport == lport) {
1324 /*
1325 * Found. Check if pcb is still valid
1326 */
1327 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) !=
1328 WNT_STOPUSING) {
1329 lck_rw_done(pcbinfo->ipi_lock);
1330 return inp;
1331 } else {
1332 /* it's there but dead, say it isn't found */
1333 lck_rw_done(pcbinfo->ipi_lock);
1334 return NULL;
1335 }
1336 }
1337 }
1338 if (wildcard) {
1339 struct inpcb *local_wild = NULL;
1340
1341 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0,
1342 pcbinfo->ipi_hashmask)];
1343 LIST_FOREACH(inp, head, inp_hash) {
1344 if (!(inp->inp_vflag & INP_IPV6)) {
1345 continue;
1346 }
1347
1348 if (inp_restricted_recv(inp, ifp)) {
1349 continue;
1350 }
1351
1352 #if NECP
1353 if (!necp_socket_is_allowed_to_recv_on_interface(inp, ifp)) {
1354 continue;
1355 }
1356 #endif /* NECP */
1357
1358 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) &&
1359 inp->inp_lport == lport) {
1360 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
1361 laddr)) {
1362 if (in_pcb_checkstate(inp, WNT_ACQUIRE,
1363 0) != WNT_STOPUSING) {
1364 lck_rw_done(pcbinfo->ipi_lock);
1365 return inp;
1366 } else {
1367 /* dead; say it isn't found */
1368 lck_rw_done(pcbinfo->ipi_lock);
1369 return NULL;
1370 }
1371 } else if (IN6_IS_ADDR_UNSPECIFIED(
1372 &inp->in6p_laddr)) {
1373 local_wild = inp;
1374 }
1375 }
1376 }
1377 if (local_wild && in_pcb_checkstate(local_wild,
1378 WNT_ACQUIRE, 0) != WNT_STOPUSING) {
1379 lck_rw_done(pcbinfo->ipi_lock);
1380 return local_wild;
1381 } else {
1382 lck_rw_done(pcbinfo->ipi_lock);
1383 return NULL;
1384 }
1385 }
1386
1387 /*
1388 * Not found.
1389 */
1390 lck_rw_done(pcbinfo->ipi_lock);
1391 return NULL;
1392 }
1393
1394 void
1395 init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m)
1396 {
1397 struct ip6_hdr *ip;
1398
1399 ip = mtod(m, struct ip6_hdr *);
1400 bzero(sin6, sizeof(*sin6));
1401 sin6->sin6_len = sizeof(*sin6);
1402 sin6->sin6_family = AF_INET6;
1403 sin6->sin6_addr = ip->ip6_src;
1404 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) {
1405 sin6->sin6_addr.s6_addr16[1] = 0;
1406 if ((m->m_pkthdr.pkt_flags & (PKTF_LOOP | PKTF_IFAINFO)) ==
1407 (PKTF_LOOP | PKTF_IFAINFO)) {
1408 sin6->sin6_scope_id = m->m_pkthdr.src_ifindex;
1409 } else if (m->m_pkthdr.rcvif != NULL) {
1410 sin6->sin6_scope_id = m->m_pkthdr.rcvif->if_index;
1411 }
1412 }
1413 }
1414
1415 /*
1416 * The following routines implement this scheme:
1417 *
1418 * Callers of ip6_output() that intend to cache the route in the inpcb pass
1419 * a local copy of the struct route to ip6_output(). Using a local copy of
1420 * the cached route significantly simplifies things as IP no longer has to
1421 * worry about having exclusive access to the passed in struct route, since
1422 * it's defined in the caller's stack; in essence, this allows for a lock-
1423 * less operation when updating the struct route at the IP level and below,
1424 * whenever necessary. The scheme works as follows:
1425 *
1426 * Prior to dropping the socket's lock and calling ip6_output(), the caller
1427 * copies the struct route from the inpcb into its stack, and adds a reference
1428 * to the cached route entry, if there was any. The socket's lock is then
1429 * dropped and ip6_output() is called with a pointer to the copy of struct
1430 * route defined on the stack (not to the one in the inpcb.)
1431 *
1432 * Upon returning from ip6_output(), the caller then acquires the socket's
1433 * lock and synchronizes the cache; if there is no route cached in the inpcb,
1434 * it copies the local copy of struct route (which may or may not contain any
1435 * route) back into the cache; otherwise, if the inpcb has a route cached in
1436 * it, the one in the local copy will be freed, if there's any. Trashing the
1437 * cached route in the inpcb can be avoided because ip6_output() is single-
1438 * threaded per-PCB (i.e. multiple transmits on a PCB are always serialized
1439 * by the socket/transport layer.)
1440 */
1441 void
1442 in6p_route_copyout(struct inpcb *inp, struct route_in6 *dst)
1443 {
1444 struct route_in6 *src = &inp->in6p_route;
1445
1446 socket_lock_assert_owned(inp->inp_socket);
1447
1448 /* Minor sanity check */
1449 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) {
1450 panic("%s: wrong or corrupted route: %p", __func__, src);
1451 }
1452
1453 route_copyout((struct route *)dst, (struct route *)src, sizeof(*dst));
1454 }
1455
1456 void
1457 in6p_route_copyin(struct inpcb *inp, struct route_in6 *src)
1458 {
1459 struct route_in6 *dst = &inp->in6p_route;
1460
1461 socket_lock_assert_owned(inp->inp_socket);
1462
1463 /* Minor sanity check */
1464 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) {
1465 panic("%s: wrong or corrupted route: %p", __func__, src);
1466 }
1467
1468 route_copyin((struct route *)src, (struct route *)dst, sizeof(*src));
1469 }
mirror of XNU