]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/raw_ip6.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4903.221.2.tar.gz
[apple/xnu.git] / bsd / netinet6 / raw_ip6.c
1 /*
2 * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
30 * All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. Neither the name of the project nor the names of its contributors
41 * may be used to endorse or promote products derived from this software
42 * without specific prior written permission.
43 *
44 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
47 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * SUCH DAMAGE.
55 *
56 * $FreeBSD: src/sys/netinet6/raw_ip6.c,v 1.7.2.4 2001/07/29 19:32:40 ume Exp $
57 */
58
59 /*
60 * Copyright (c) 1982, 1986, 1988, 1993
61 * The Regents of the University of California. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 * 1. Redistributions of source code must retain the above copyright
67 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in the
70 * documentation and/or other materials provided with the distribution.
71 * 3. All advertising materials mentioning features or use of this software
72 * must display the following acknowledgement:
73 * This product includes software developed by the University of
74 * California, Berkeley and its contributors.
75 * 4. Neither the name of the University nor the names of its contributors
76 * may be used to endorse or promote products derived from this software
77 * without specific prior written permission.
78 *
79 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
80 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
81 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
82 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
83 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
84 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
85 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
86 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
87 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
88 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
89 * SUCH DAMAGE.
90 *
91 * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94
92 */
93 #include <sys/param.h>
94 #include <sys/malloc.h>
95 #include <sys/proc.h>
96 #include <sys/mcache.h>
97 #include <sys/mbuf.h>
98 #include <sys/socket.h>
99 #include <sys/protosw.h>
100 #include <sys/socketvar.h>
101 #include <sys/errno.h>
102 #include <sys/systm.h>
103
104 #include <net/if.h>
105 #include <net/net_api_stats.h>
106 #include <net/route.h>
107 #include <net/if_types.h>
108
109 #include <netinet/in.h>
110 #include <netinet/in_var.h>
111 #include <netinet/in_systm.h>
112 #include <netinet/in_tclass.h>
113 #include <netinet/ip6.h>
114 #include <netinet6/ip6_var.h>
115 #include <netinet/icmp6.h>
116 #include <netinet/in_pcb.h>
117 #include <netinet6/in6_pcb.h>
118 #include <netinet6/nd6.h>
119 #include <netinet6/ip6protosw.h>
120 #include <netinet6/scope6_var.h>
121 #include <netinet6/raw_ip6.h>
122
123 #if IPSEC
124 #include <netinet6/ipsec.h>
125 #include <netinet6/ipsec6.h>
126 #endif /*IPSEC*/
127
128 #if NECP
129 #include <net/necp.h>
130 #endif
131
132 /*
133 * Raw interface to IP6 protocol.
134 */
135
136 extern struct inpcbhead ripcb;
137 extern struct inpcbinfo ripcbinfo;
138 extern u_int32_t rip_sendspace;
139 extern u_int32_t rip_recvspace;
140
141 struct rip6stat rip6stat;
142
143 /*
144 * Setup generic address and protocol structures
145 * for raw_input routine, then pass them along with
146 * mbuf chain.
147 */
148 int
149 rip6_input(
150 struct mbuf **mp,
151 int *offp,
152 int proto)
153 {
154 struct mbuf *m = *mp;
155 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
156 struct inpcb *in6p;
157 struct inpcb *last = 0;
158 struct mbuf *opts = NULL;
159 struct sockaddr_in6 rip6src;
160 int ret;
161 struct ifnet *ifp = m->m_pkthdr.rcvif;
162
163 /* Expect 32-bit aligned data pointer on strict-align platforms */
164 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
165
166 rip6stat.rip6s_ipackets++;
167
168 init_sin6(&rip6src, m); /* general init */
169
170 lck_rw_lock_shared(ripcbinfo.ipi_lock);
171 LIST_FOREACH(in6p, &ripcb, inp_list) {
172 if ((in6p->in6p_vflag & INP_IPV6) == 0)
173 continue;
174 if (in6p->in6p_ip6_nxt &&
175 in6p->in6p_ip6_nxt != proto)
176 continue;
177 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) &&
178 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst))
179 continue;
180 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) &&
181 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src))
182 continue;
183
184 if (inp_restricted_recv(in6p, ifp))
185 continue;
186
187 if (proto == IPPROTO_ICMPV6 || in6p->in6p_cksum != -1) {
188 rip6stat.rip6s_isum++;
189 if (in6_cksum(m, ip6->ip6_nxt, *offp,
190 m->m_pkthdr.len - *offp)) {
191 rip6stat.rip6s_badsum++;
192 continue;
193 }
194 }
195 if (last) {
196 struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
197
198 #if NECP
199 if (n && !necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
200 &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
201 m_freem(n);
202 /* do not inject data into pcb */
203 } else
204 #endif /* NECP */
205 if (n) {
206 if ((last->in6p_flags & INP_CONTROLOPTS) != 0 ||
207 (last->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
208 (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
209 (last->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
210 ret = ip6_savecontrol(last, n, &opts);
211 if (ret != 0) {
212 m_freem(n);
213 m_freem(opts);
214 last = in6p;
215 continue;
216 }
217 }
218 /* strip intermediate headers */
219 m_adj(n, *offp);
220 so_recv_data_stat(last->in6p_socket, m, 0);
221 if (sbappendaddr(&last->in6p_socket->so_rcv,
222 (struct sockaddr *)&rip6src,
223 n, opts, NULL) == 0) {
224 rip6stat.rip6s_fullsock++;
225 } else
226 sorwakeup(last->in6p_socket);
227 opts = NULL;
228 }
229 }
230 last = in6p;
231 }
232
233 #if NECP
234 if (last && !necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
235 &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
236 m_freem(m);
237 ip6stat.ip6s_delivered--;
238 /* do not inject data into pcb */
239 } else
240 #endif /* NECP */
241 if (last) {
242 if ((last->in6p_flags & INP_CONTROLOPTS) != 0 ||
243 (last->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
244 (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
245 (last->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
246 ret = ip6_savecontrol(last, m, &opts);
247 if (ret != 0) {
248 m_freem(m);
249 m_freem(opts);
250 ip6stat.ip6s_delivered--;
251 goto unlock;
252 }
253
254 }
255 /* strip intermediate headers */
256 m_adj(m, *offp);
257 so_recv_data_stat(last->in6p_socket, m, 0);
258 if (sbappendaddr(&last->in6p_socket->so_rcv,
259 (struct sockaddr *)&rip6src, m, opts, NULL) == 0) {
260 rip6stat.rip6s_fullsock++;
261 } else
262 sorwakeup(last->in6p_socket);
263 } else {
264 rip6stat.rip6s_nosock++;
265 if (m->m_flags & M_MCAST)
266 rip6stat.rip6s_nosockmcast++;
267 if (proto == IPPROTO_NONE)
268 m_freem(m);
269 else {
270 char *prvnxtp = ip6_get_prevhdr(m, *offp); /* XXX */
271 icmp6_error(m, ICMP6_PARAM_PROB,
272 ICMP6_PARAMPROB_NEXTHEADER,
273 prvnxtp - mtod(m, char *));
274 }
275 ip6stat.ip6s_delivered--;
276 }
277
278 unlock:
279 lck_rw_done(ripcbinfo.ipi_lock);
280
281 return IPPROTO_DONE;
282 }
283
284 void
285 rip6_ctlinput(
286 int cmd,
287 struct sockaddr *sa,
288 void *d,
289 __unused struct ifnet *ifp)
290 {
291 struct ip6_hdr *ip6;
292 struct mbuf *m;
293 void *cmdarg = NULL;
294 int off = 0;
295 struct ip6ctlparam *ip6cp = NULL;
296 const struct sockaddr_in6 *sa6_src = NULL;
297 void (*notify)(struct inpcb *, int) = in6_rtchange;
298
299 if (sa->sa_family != AF_INET6 ||
300 sa->sa_len != sizeof(struct sockaddr_in6))
301 return;
302
303 if ((unsigned)cmd >= PRC_NCMDS)
304 return;
305 if (PRC_IS_REDIRECT(cmd)) {
306 notify = in6_rtchange;
307 d = NULL;
308 } else if (cmd == PRC_HOSTDEAD)
309 d = NULL;
310 else if (inet6ctlerrmap[cmd] == 0)
311 return;
312
313 /* if the parameter is from icmp6, decode it. */
314 if (d != NULL) {
315 ip6cp = (struct ip6ctlparam *)d;
316 m = ip6cp->ip6c_m;
317 ip6 = ip6cp->ip6c_ip6;
318 off = ip6cp->ip6c_off;
319 cmdarg = ip6cp->ip6c_cmdarg;
320 sa6_src = ip6cp->ip6c_src;
321 } else {
322 m = NULL;
323 ip6 = NULL;
324 sa6_src = &sa6_any;
325 }
326
327 (void) in6_pcbnotify(&ripcbinfo, sa, 0, (const struct sockaddr *)sa6_src,
328 0, cmd, cmdarg, notify);
329 }
330
331 /*
332 * Generate IPv6 header and pass packet to ip6_output.
333 * Tack on options user may have setup with control call.
334 */
335 int
336 rip6_output(
337 struct mbuf *m,
338 struct socket *so,
339 struct sockaddr_in6 *dstsock,
340 struct mbuf *control,
341 int israw)
342 {
343 struct in6_addr *dst;
344 struct ip6_hdr *ip6;
345 struct inpcb *in6p;
346 u_int plen = m->m_pkthdr.len;
347 int error = 0;
348 struct ip6_pktopts opt, *optp = NULL;
349 struct ip6_moptions *im6o = NULL;
350 struct ifnet *oifp = NULL;
351 int type = 0, code = 0; /* for ICMPv6 output statistics only */
352 int sotc = SO_TC_UNSPEC;
353 int netsvctype = _NET_SERVICE_TYPE_UNSPEC;
354 struct ip6_out_args ip6oa;
355 int flags = IPV6_OUTARGS;
356
357 in6p = sotoin6pcb(so);
358
359 bzero(&ip6oa, sizeof(ip6oa));
360 ip6oa.ip6oa_boundif = IFSCOPE_NONE;
361 ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF;
362
363 if (in6p == NULL
364 #if NECP
365 || (necp_socket_should_use_flow_divert(in6p))
366 #endif /* NECP */
367 ) {
368 if (in6p == NULL)
369 error = EINVAL;
370 else
371 error = EPROTOTYPE;
372 goto bad;
373 }
374 if (dstsock != NULL && IN6_IS_ADDR_V4MAPPED(&dstsock->sin6_addr)) {
375 error = EINVAL;
376 goto bad;
377 }
378
379 if (in6p->inp_flags & INP_BOUND_IF) {
380 ip6oa.ip6oa_boundif = in6p->inp_boundifp->if_index;
381 ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
382 }
383 if (INP_NO_CELLULAR(in6p))
384 ip6oa.ip6oa_flags |= IP6OAF_NO_CELLULAR;
385 if (INP_NO_EXPENSIVE(in6p))
386 ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
387 if (INP_AWDL_UNRESTRICTED(in6p))
388 ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
389 if (INP_INTCOPROC_ALLOWED(in6p))
390 ip6oa.ip6oa_flags |= IP6OAF_INTCOPROC_ALLOWED;
391
392 dst = &dstsock->sin6_addr;
393 if (control) {
394 sotc = so_tc_from_control(control, &netsvctype);
395
396 if ((error = ip6_setpktopts(control, &opt, NULL,
397 SOCK_PROTO(so))) != 0)
398 goto bad;
399 optp = &opt;
400 } else
401 optp = in6p->in6p_outputopts;
402 if (sotc == SO_TC_UNSPEC) {
403 sotc = so->so_traffic_class;
404 netsvctype = so->so_netsvctype;
405 }
406 ip6oa.ip6oa_sotc = sotc;
407 ip6oa.ip6oa_netsvctype = netsvctype;
408
409 /*
410 * For an ICMPv6 packet, we should know its type and code
411 * to update statistics.
412 */
413 if (SOCK_PROTO(so) == IPPROTO_ICMPV6) {
414 struct icmp6_hdr *icmp6;
415 if (m->m_len < sizeof(struct icmp6_hdr) &&
416 (m = m_pullup(m, sizeof(struct icmp6_hdr))) == NULL) {
417 error = ENOBUFS;
418 goto bad;
419 }
420 icmp6 = mtod(m, struct icmp6_hdr *);
421 type = icmp6->icmp6_type;
422 code = icmp6->icmp6_code;
423 }
424
425 if (in6p->inp_flowhash == 0)
426 in6p->inp_flowhash = inp_calc_flowhash(in6p);
427 /* update flowinfo - RFC 6437 */
428 if (in6p->inp_flow == 0 && in6p->in6p_flags & IN6P_AUTOFLOWLABEL) {
429 in6p->inp_flow &= ~IPV6_FLOWLABEL_MASK;
430 in6p->inp_flow |=
431 (htonl(in6p->inp_flowhash) & IPV6_FLOWLABEL_MASK);
432 }
433
434 M_PREPEND(m, sizeof(*ip6), M_WAIT, 1);
435 if (m == NULL) {
436 error = ENOBUFS;
437 goto bad;
438 }
439 ip6 = mtod(m, struct ip6_hdr *);
440
441 /*
442 * Next header might not be ICMP6 but use its pseudo header anyway.
443 */
444 ip6->ip6_dst = *dst;
445
446 im6o = in6p->in6p_moptions;
447
448 /*
449 * If the scope of the destination is link-local, embed the interface
450 * index in the address.
451 *
452 * XXX advanced-api value overrides sin6_scope_id
453 */
454 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) {
455 struct in6_pktinfo *pi;
456 struct ifnet *im6o_multicast_ifp = NULL;
457
458 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && im6o != NULL) {
459 IM6O_LOCK(im6o);
460 im6o_multicast_ifp = im6o->im6o_multicast_ifp;
461 IM6O_UNLOCK(im6o);
462 }
463 /*
464 * XXX Boundary check is assumed to be already done in
465 * ip6_setpktoptions().
466 */
467 ifnet_head_lock_shared();
468 if (optp && (pi = optp->ip6po_pktinfo) && pi->ipi6_ifindex) {
469 ip6->ip6_dst.s6_addr16[1] = htons(pi->ipi6_ifindex);
470 oifp = ifindex2ifnet[pi->ipi6_ifindex];
471 if (oifp != NULL)
472 ifnet_reference(oifp);
473 } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
474 im6o != NULL && im6o_multicast_ifp != NULL) {
475 oifp = im6o_multicast_ifp;
476 ifnet_reference(oifp);
477 ip6->ip6_dst.s6_addr16[1] = htons(oifp->if_index);
478 } else if (dstsock->sin6_scope_id) {
479 /*
480 * boundary check
481 *
482 * Sinced stsock->sin6_scope_id is unsigned, we don't
483 * need to check if it's < 0
484 */
485 if (if_index < dstsock->sin6_scope_id) {
486 error = ENXIO; /* XXX EINVAL? */
487 ifnet_head_done();
488 goto bad;
489 }
490 ip6->ip6_dst.s6_addr16[1]
491 = htons(dstsock->sin6_scope_id & 0xffff);/*XXX*/
492 }
493 ifnet_head_done();
494 }
495
496 /*
497 * Source address selection.
498 */
499 {
500 struct in6_addr *in6a;
501 struct in6_addr storage;
502 u_short index = 0;
503
504 if (israw != 0 && optp && optp->ip6po_pktinfo && !IN6_IS_ADDR_UNSPECIFIED(&optp->ip6po_pktinfo->ipi6_addr)) {
505 in6a = &optp->ip6po_pktinfo->ipi6_addr;
506 flags |= IPV6_FLAG_NOSRCIFSEL;
507 } else if ((in6a = in6_selectsrc(dstsock, optp, in6p,
508 &in6p->in6p_route, NULL, &storage, ip6oa.ip6oa_boundif,
509 &error)) == 0) {
510 if (error == 0)
511 error = EADDRNOTAVAIL;
512 goto bad;
513 } else {
514 ip6oa.ip6oa_flags |= IP6OAF_BOUND_SRCADDR;
515 }
516 ip6->ip6_src = *in6a;
517 if (in6p->in6p_route.ro_rt != NULL) {
518 RT_LOCK(in6p->in6p_route.ro_rt);
519 if (in6p->in6p_route.ro_rt->rt_ifp != NULL)
520 index = in6p->in6p_route.ro_rt->rt_ifp->if_index;
521 RT_UNLOCK(in6p->in6p_route.ro_rt);
522 if (oifp != NULL)
523 ifnet_release(oifp);
524 ifnet_head_lock_shared();
525 if (index == 0 || if_index < index) {
526 panic("bad if_index on interface from route");
527 }
528 oifp = ifindex2ifnet[index];
529 if (oifp != NULL)
530 ifnet_reference(oifp);
531 ifnet_head_done();
532 }
533 }
534 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
535 (in6p->inp_flow & IPV6_FLOWINFO_MASK);
536 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
537 (IPV6_VERSION & IPV6_VERSION_MASK);
538 /* ip6_plen will be filled in ip6_output, so not fill it here. */
539 ip6->ip6_nxt = in6p->in6p_ip6_nxt;
540 ip6->ip6_hlim = in6_selecthlim(in6p, oifp);
541
542 if (SOCK_PROTO(so) == IPPROTO_ICMPV6 || in6p->in6p_cksum != -1) {
543 struct mbuf *n;
544 int off;
545 u_int16_t *p;
546
547 /* compute checksum */
548 if (SOCK_PROTO(so) == IPPROTO_ICMPV6)
549 off = offsetof(struct icmp6_hdr, icmp6_cksum);
550 else
551 off = in6p->in6p_cksum;
552 if (plen < (unsigned int)(off + 1)) {
553 error = EINVAL;
554 goto bad;
555 }
556 off += sizeof(struct ip6_hdr);
557
558 n = m;
559 while (n && n->m_len <= off) {
560 off -= n->m_len;
561 n = n->m_next;
562 }
563 if (!n)
564 goto bad;
565 p = (u_int16_t *)(void *)(mtod(n, caddr_t) + off);
566 *p = 0;
567 *p = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen);
568 }
569
570 #if NECP
571 {
572 necp_kernel_policy_id policy_id;
573 necp_kernel_policy_id skip_policy_id;
574 u_int32_t route_rule_id;
575
576 /*
577 * We need a route to perform NECP route rule checks
578 */
579 if (net_qos_policy_restricted != 0 &&
580 ROUTE_UNUSABLE(&in6p->in6p_route)) {
581 struct sockaddr_in6 to;
582 struct sockaddr_in6 from;
583
584 ROUTE_RELEASE(&in6p->in6p_route);
585
586 bzero(&from, sizeof(struct sockaddr_in6));
587 from.sin6_family = AF_INET6;
588 from.sin6_len = sizeof(struct sockaddr_in6);
589 from.sin6_addr = ip6->ip6_src;
590
591 bzero(&to, sizeof(struct sockaddr_in6));
592 to.sin6_family = AF_INET6;
593 to.sin6_len = sizeof(struct sockaddr_in6);
594 to.sin6_addr = ip6->ip6_dst;
595
596 in6p->in6p_route.ro_dst.sin6_family = AF_INET6;
597 in6p->in6p_route.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
598 ((struct sockaddr_in6 *)(void *)&in6p->in6p_route.ro_dst)->sin6_addr =
599 ip6->ip6_dst;
600
601 rtalloc_scoped((struct route *)&in6p->in6p_route, ip6oa.ip6oa_boundif);
602
603 inp_update_necp_policy(in6p, (struct sockaddr *)&from,
604 (struct sockaddr *)&to, ip6oa.ip6oa_boundif);
605 in6p->inp_policyresult.results.qos_marking_gencount = 0;
606 }
607
608 if (!necp_socket_is_allowed_to_send_recv_v6(in6p, 0, 0,
609 &ip6->ip6_src, &ip6->ip6_dst, NULL, &policy_id, &route_rule_id, &skip_policy_id)) {
610 error = EHOSTUNREACH;
611 goto bad;
612 }
613
614 necp_mark_packet_from_socket(m, in6p, policy_id, route_rule_id, skip_policy_id);
615
616 if (net_qos_policy_restricted != 0) {
617 necp_socket_update_qos_marking(in6p, in6p->in6p_route.ro_rt,
618 NULL, route_rule_id);
619 }
620 }
621 #endif /* NECP */
622 if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED))
623 ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
624
625 #if IPSEC
626 if (in6p->in6p_sp != NULL && ipsec_setsocket(m, so) != 0) {
627 error = ENOBUFS;
628 goto bad;
629 }
630 #endif /*IPSEC*/
631
632 if (ROUTE_UNUSABLE(&in6p->in6p_route))
633 ROUTE_RELEASE(&in6p->in6p_route);
634
635 if (oifp != NULL) {
636 ifnet_release(oifp);
637 oifp = NULL;
638 }
639
640 set_packet_service_class(m, so, sotc, PKT_SCF_IPV6);
641 m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
642 m->m_pkthdr.pkt_flowid = in6p->inp_flowhash;
643 m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC |
644 PKTF_FLOW_RAWSOCK);
645 m->m_pkthdr.pkt_proto = in6p->in6p_ip6_nxt;
646 m->m_pkthdr.tx_rawip_pid = so->last_pid;
647 if (so->so_flags & SOF_DELEGATED)
648 m->m_pkthdr.tx_rawip_e_pid = so->e_pid;
649 else
650 m->m_pkthdr.tx_rawip_e_pid = 0;
651
652 if (im6o != NULL)
653 IM6O_ADDREF(im6o);
654
655 error = ip6_output(m, optp, &in6p->in6p_route, flags, im6o,
656 &oifp, &ip6oa);
657
658 if (im6o != NULL)
659 IM6O_REMREF(im6o);
660
661 if (in6p->in6p_route.ro_rt != NULL) {
662 struct rtentry *rt = in6p->in6p_route.ro_rt;
663 struct ifnet *outif;
664
665 if ((rt->rt_flags & RTF_MULTICAST) ||
666 in6p->in6p_socket == NULL ||
667 !(in6p->in6p_socket->so_state & SS_ISCONNECTED)) {
668 rt = NULL; /* unusable */
669 }
670 /*
671 * Always discard the cached route for unconnected
672 * socket or if it is a multicast route.
673 */
674 if (rt == NULL)
675 ROUTE_RELEASE(&in6p->in6p_route);
676
677 /*
678 * If this is a connected socket and the destination
679 * route is not multicast, update outif with that of
680 * the route interface index used by IP.
681 */
682 if (rt != NULL &&
683 (outif = rt->rt_ifp) != in6p->in6p_last_outifp) {
684 in6p->in6p_last_outifp = outif;
685 }
686 } else {
687 ROUTE_RELEASE(&in6p->in6p_route);
688 }
689
690 /*
691 * If output interface was cellular/expensive, and this socket is
692 * denied access to it, generate an event.
693 */
694 if (error != 0 && (ip6oa.ip6oa_retflags & IP6OARF_IFDENIED) &&
695 (INP_NO_CELLULAR(in6p) || INP_NO_EXPENSIVE(in6p)))
696 soevent(in6p->inp_socket, (SO_FILT_HINT_LOCKED|
697 SO_FILT_HINT_IFDENIED));
698
699 if (SOCK_PROTO(so) == IPPROTO_ICMPV6) {
700 if (oifp)
701 icmp6_ifoutstat_inc(oifp, type, code);
702 icmp6stat.icp6s_outhist[type]++;
703 } else
704 rip6stat.rip6s_opackets++;
705
706 goto freectl;
707
708 bad:
709 if (m != NULL)
710 m_freem(m);
711
712 freectl:
713 if (optp == &opt && optp->ip6po_rthdr)
714 ROUTE_RELEASE(&optp->ip6po_route);
715
716 if (control != NULL) {
717 if (optp == &opt)
718 ip6_clearpktopts(optp, -1);
719 m_freem(control);
720 }
721 if (oifp != NULL)
722 ifnet_release(oifp);
723 return(error);
724 }
725
726 /*
727 * Raw IPv6 socket option processing.
728 */
729 int
730 rip6_ctloutput(
731 struct socket *so,
732 struct sockopt *sopt)
733 {
734 int error, optval;
735
736 /* Allow <SOL_SOCKET,SO_FLUSH> at this level */
737 if (sopt->sopt_level == IPPROTO_ICMPV6)
738 /*
739 * XXX: is it better to call icmp6_ctloutput() directly
740 * from protosw?
741 */
742 return(icmp6_ctloutput(so, sopt));
743 else if (sopt->sopt_level != IPPROTO_IPV6 &&
744 !(sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_FLUSH))
745 return (EINVAL);
746
747 error = 0;
748
749 switch (sopt->sopt_dir) {
750 case SOPT_GET:
751 switch (sopt->sopt_name) {
752 case IPV6_CHECKSUM:
753 error = ip6_raw_ctloutput(so, sopt);
754 break;
755 default:
756 error = ip6_ctloutput(so, sopt);
757 break;
758 }
759 break;
760
761 case SOPT_SET:
762 switch (sopt->sopt_name) {
763 case IPV6_CHECKSUM:
764 error = ip6_raw_ctloutput(so, sopt);
765 break;
766
767 case SO_FLUSH:
768 if ((error = sooptcopyin(sopt, &optval, sizeof (optval),
769 sizeof (optval))) != 0)
770 break;
771
772 error = inp_flush(sotoinpcb(so), optval);
773 break;
774
775 default:
776 error = ip6_ctloutput(so, sopt);
777 break;
778 }
779 break;
780 }
781
782 return (error);
783 }
784
785 static int
786 rip6_attach(struct socket *so, int proto, struct proc *p)
787 {
788 struct inpcb *inp;
789 int error;
790
791 inp = sotoinpcb(so);
792 if (inp)
793 panic("rip6_attach");
794 if ((error = proc_suser(p)) != 0)
795 return error;
796
797 error = soreserve(so, rip_sendspace, rip_recvspace);
798 if (error)
799 return error;
800 error = in_pcballoc(so, &ripcbinfo, p);
801 if (error)
802 return error;
803 inp = (struct inpcb *)so->so_pcb;
804 inp->inp_vflag |= INP_IPV6;
805 inp->in6p_ip6_nxt = (char)proto;
806 inp->in6p_hops = -1; /* use kernel default */
807 inp->in6p_cksum = -1;
808 MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *,
809 sizeof(struct icmp6_filter), M_PCB, M_WAITOK);
810 if (inp->in6p_icmp6filt == NULL)
811 return (ENOMEM);
812 ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt);
813 return 0;
814 }
815
816 static int
817 rip6_detach(struct socket *so)
818 {
819 struct inpcb *inp;
820
821 inp = sotoinpcb(so);
822 if (inp == 0)
823 panic("rip6_detach");
824 /* xxx: RSVP */
825 if (inp->in6p_icmp6filt) {
826 FREE(inp->in6p_icmp6filt, M_PCB);
827 inp->in6p_icmp6filt = NULL;
828 }
829 in6_pcbdetach(inp);
830 return 0;
831 }
832
833 static int
834 rip6_abort(struct socket *so)
835 {
836 soisdisconnected(so);
837 return rip6_detach(so);
838 }
839
840 static int
841 rip6_disconnect(struct socket *so)
842 {
843 struct inpcb *inp = sotoinpcb(so);
844
845 if ((so->so_state & SS_ISCONNECTED) == 0)
846 return ENOTCONN;
847 inp->in6p_faddr = in6addr_any;
848 return rip6_abort(so);
849 }
850
851 static int
852 rip6_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
853 {
854 #pragma unused(p)
855 struct inpcb *inp = sotoinpcb(so);
856 struct sockaddr_in6 sin6;
857 struct ifaddr *ifa = NULL;
858 struct ifnet *outif = NULL;
859 int error;
860
861 if (inp == NULL
862 #if NECP
863 || (necp_socket_should_use_flow_divert(inp))
864 #endif /* NECP */
865 )
866 return (inp == NULL ? EINVAL : EPROTOTYPE);
867
868 if (nam->sa_len != sizeof (struct sockaddr_in6))
869 return (EINVAL);
870
871 if (TAILQ_EMPTY(&ifnet_head) || SIN6(nam)->sin6_family != AF_INET6)
872 return (EADDRNOTAVAIL);
873
874 bzero(&sin6, sizeof (sin6));
875 *(&sin6) = *SIN6(nam);
876
877 if ((error = sa6_embedscope(&sin6, ip6_use_defzone)) != 0)
878 return (error);
879
880 /* Sanitize local copy for address searches */
881 sin6.sin6_flowinfo = 0;
882 sin6.sin6_scope_id = 0;
883 sin6.sin6_port = 0;
884
885 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr) &&
886 (ifa = ifa_ifwithaddr(SA(&sin6))) == 0)
887 return (EADDRNOTAVAIL);
888 if (ifa != NULL) {
889 IFA_LOCK(ifa);
890 if (((struct in6_ifaddr *)ifa)->ia6_flags &
891 (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY | IN6_IFF_CLAT46 |
892 IN6_IFF_DETACHED | IN6_IFF_DEPRECATED)) {
893 IFA_UNLOCK(ifa);
894 IFA_REMREF(ifa);
895 return (EADDRNOTAVAIL);
896 }
897 outif = ifa->ifa_ifp;
898 IFA_UNLOCK(ifa);
899 IFA_REMREF(ifa);
900 }
901 inp->in6p_laddr = sin6.sin6_addr;
902 inp->in6p_last_outifp = outif;
903
904 return (0);
905 }
906
907 static int
908 rip6_connect(struct socket *so, struct sockaddr *nam, __unused struct proc *p)
909 {
910 struct inpcb *inp = sotoinpcb(so);
911 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)(void *)nam;
912 struct in6_addr *in6a = NULL;
913 struct in6_addr storage;
914 int error = 0;
915 #if ENABLE_DEFAULT_SCOPE
916 struct sockaddr_in6 tmp;
917 #endif
918 unsigned int ifscope;
919 struct ifnet *outif = NULL;
920
921 if (inp == NULL
922 #if NECP
923 || (necp_socket_should_use_flow_divert(inp))
924 #endif /* NECP */
925 )
926 return (inp == NULL ? EINVAL : EPROTOTYPE);
927 if (nam->sa_len != sizeof(*addr))
928 return EINVAL;
929 if (TAILQ_EMPTY(&ifnet_head))
930 return EADDRNOTAVAIL;
931 if (addr->sin6_family != AF_INET6)
932 return EAFNOSUPPORT;
933
934 if (!(so->so_flags1 & SOF1_CONNECT_COUNTED)) {
935 so->so_flags1 |= SOF1_CONNECT_COUNTED;
936 INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet6_dgram_connected);
937 }
938
939 #if ENABLE_DEFAULT_SCOPE
940 if (addr->sin6_scope_id == 0) { /* not change if specified */
941 /* avoid overwrites */
942 tmp = *addr;
943 addr = &tmp;
944 addr->sin6_scope_id = scope6_addr2default(&addr->sin6_addr);
945 }
946 #endif
947
948 /* KAME hack: embed scopeid */
949 if (in6_embedscope(&SIN6(nam)->sin6_addr, SIN6(nam), inp, NULL, NULL) != 0)
950 return (EINVAL);
951
952 ifscope = (inp->inp_flags & INP_BOUND_IF) ?
953 inp->inp_boundifp->if_index : IFSCOPE_NONE;
954
955 /* Source address selection. XXX: need pcblookup? */
956 in6a = in6_selectsrc(addr, inp->in6p_outputopts, inp, &inp->in6p_route,
957 NULL, &storage, ifscope, &error);
958 if (in6a == NULL)
959 return (error ? error : EADDRNOTAVAIL);
960 inp->in6p_laddr = *in6a;
961 inp->in6p_faddr = addr->sin6_addr;
962 if (inp->in6p_route.ro_rt != NULL)
963 outif = inp->in6p_route.ro_rt->rt_ifp;
964 inp->in6p_last_outifp = outif;
965
966 soisconnected(so);
967 return 0;
968 }
969
970 static int
971 rip6_shutdown(struct socket *so)
972 {
973 socantsendmore(so);
974 return 0;
975 }
976
977 static int
978 rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
979 struct mbuf *control, struct proc *p)
980 {
981 #pragma unused(flags, p)
982 struct inpcb *inp = sotoinpcb(so);
983 struct sockaddr_in6 tmp;
984 struct sockaddr_in6 *dst = (struct sockaddr_in6 *)(void *)nam;
985 int error = 0;
986
987 if (inp == NULL
988 #if NECP
989 || (necp_socket_should_use_flow_divert(inp))
990 #endif /* NECP */
991 ) {
992 if (inp == NULL)
993 error = EINVAL;
994 else
995 error = EPROTOTYPE;
996 goto bad;
997 }
998
999 /* always copy sockaddr to avoid overwrites */
1000 if (so->so_state & SS_ISCONNECTED) {
1001 if (nam != NULL) {
1002 error = EISCONN;
1003 goto bad;
1004 }
1005 /* XXX */
1006 bzero(&tmp, sizeof(tmp));
1007 tmp.sin6_family = AF_INET6;
1008 tmp.sin6_len = sizeof(struct sockaddr_in6);
1009 bcopy(&inp->in6p_faddr, &tmp.sin6_addr,
1010 sizeof(struct in6_addr));
1011 dst = &tmp;
1012 } else {
1013 if (nam == NULL) {
1014 error = ENOTCONN;
1015 goto bad;
1016 }
1017 tmp = *(struct sockaddr_in6 *)(void *)nam;
1018 dst = &tmp;
1019 }
1020 #if ENABLE_DEFAULT_SCOPE
1021 if (dst->sin6_scope_id == 0) { /* not change if specified */
1022 dst->sin6_scope_id = scope6_addr2default(&dst->sin6_addr);
1023 }
1024 #endif
1025 return (rip6_output(m, so, dst, control, 1));
1026
1027 bad:
1028 VERIFY(error != 0);
1029
1030 if (m != NULL)
1031 m_freem(m);
1032 if (control != NULL)
1033 m_freem(control);
1034
1035 return (error);
1036 }
1037
1038 struct pr_usrreqs rip6_usrreqs = {
1039 .pru_abort = rip6_abort,
1040 .pru_attach = rip6_attach,
1041 .pru_bind = rip6_bind,
1042 .pru_connect = rip6_connect,
1043 .pru_control = in6_control,
1044 .pru_detach = rip6_detach,
1045 .pru_disconnect = rip6_disconnect,
1046 .pru_peeraddr = in6_getpeeraddr,
1047 .pru_send = rip6_send,
1048 .pru_shutdown = rip6_shutdown,
1049 .pru_sockaddr = in6_getsockaddr,
1050 .pru_sosend = sosend,
1051 .pru_soreceive = soreceive,
1052 };
1053
1054 __private_extern__ struct pr_usrreqs icmp6_dgram_usrreqs = {
1055 .pru_abort = rip6_abort,
1056 .pru_attach = icmp6_dgram_attach,
1057 .pru_bind = rip6_bind,
1058 .pru_connect = rip6_connect,
1059 .pru_control = in6_control,
1060 .pru_detach = rip6_detach,
1061 .pru_disconnect = rip6_disconnect,
1062 .pru_peeraddr = in6_getpeeraddr,
1063 .pru_send = icmp6_dgram_send,
1064 .pru_shutdown = rip6_shutdown,
1065 .pru_sockaddr = in6_getsockaddr,
1066 .pru_sosend = sosend,
1067 .pru_soreceive = soreceive,
1068 };
mirror of XNU