/*
- * Copyright (c) 2003-2008 Apple Inc. All rights reserved.
+ * Copyright (c) 2003-2020 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
-/* $FreeBSD: src/sys/netinet6/in6.c,v 1.7.2.7 2001/08/06 20:26:22 ume Exp $ */
-/* $KAME: in6.c,v 1.187 2001/05/24 07:43:59 itojun Exp $ */
-
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
#include <sys/kernel.h>
#include <sys/syslog.h>
#include <sys/kern_event.h>
+#include <sys/mcache.h>
+#include <sys/protosw.h>
+#include <sys/sysctl.h>
#include <kern/locks.h>
#include <kern/zalloc.h>
+#include <kern/clock.h>
#include <libkern/OSAtomic.h>
#include <machine/machine_routines.h>
+#include <mach/boolean.h>
#include <net/if.h>
#include <net/if_types.h>
#include <net/route.h>
#include <net/if_dl.h>
#include <net/kpi_protocol.h>
+#include <net/nwk_wq.h>
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/if_ether.h>
-#ifndef SCOPEDROUTING
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
-#endif
+#include <netinet/icmp6.h>
+#include <netinet/tcp.h>
+#include <netinet/tcp_seq.h>
+#include <netinet/tcp_var.h>
#include <netinet6/nd6.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/mld6_var.h>
-#include <netinet6/ip6_mroute.h>
#include <netinet6/in6_ifattach.h>
#include <netinet6/scope6_var.h>
-#ifndef SCOPEDROUTING
+#include <netinet6/in6_var.h>
#include <netinet6/in6_pcb.h>
-#endif
#include <net/net_osdep.h>
+#include <net/dlil.h>
+#include <net/if_llatbl.h>
+
#if PF
#include <net/pfvar.h>
#endif /* PF */
-#ifndef __APPLE__
-MALLOC_DEFINE(M_IPMADDR, "in6_multi", "internet multicast address");
-#endif
- /*
+/*
* Definitions of some costant IP6 addresses.
*/
const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
const struct in6_addr in6addr_nodelocal_allnodes =
- IN6ADDR_NODELOCAL_ALLNODES_INIT;
+ IN6ADDR_NODELOCAL_ALLNODES_INIT;
const struct in6_addr in6addr_linklocal_allnodes =
- IN6ADDR_LINKLOCAL_ALLNODES_INIT;
+ IN6ADDR_LINKLOCAL_ALLNODES_INIT;
const struct in6_addr in6addr_linklocal_allrouters =
- IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
+ IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
+const struct in6_addr in6addr_linklocal_allv2routers =
+ IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
+const struct in6_addr in6addr_multicast_prefix =
+ IN6ADDR_MULTICAST_PREFIX;
const struct in6_addr in6mask0 = IN6MASK0;
+const struct in6_addr in6mask7 = IN6MASK7;
+const struct in6_addr in6mask8 = IN6MASK8;
+const struct in6_addr in6mask16 = IN6MASK16;
const struct in6_addr in6mask32 = IN6MASK32;
const struct in6_addr in6mask64 = IN6MASK64;
const struct in6_addr in6mask96 = IN6MASK96;
const struct in6_addr in6mask128 = IN6MASK128;
-const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6,
- 0, 0, IN6ADDR_ANY_INIT, 0};
+const struct sockaddr_in6 sa6_any = {
+ .sin6_len = sizeof(sa6_any),
+ .sin6_family = AF_INET6,
+ .sin6_port = 0,
+ .sin6_flowinfo = 0,
+ .sin6_addr = IN6ADDR_ANY_INIT,
+ .sin6_scope_id = 0
+};
-static int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t,
- struct ifnet *, struct proc *);
-static int in6_ifinit(struct ifnet *, struct in6_ifaddr *,
- struct sockaddr_in6 *, int);
-static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *, int);
-static struct in6_ifaddr *in6_ifaddr_alloc(int);
+static int in6ctl_associd(struct socket *, u_long, caddr_t);
+static int in6ctl_connid(struct socket *, u_long, caddr_t);
+static int in6ctl_conninfo(struct socket *, u_long, caddr_t);
+static int in6ctl_llstart(struct ifnet *, u_long, caddr_t);
+static int in6ctl_llstop(struct ifnet *);
+static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t);
+static int in6ctl_gifaddr(struct ifnet *, struct in6_ifaddr *, u_long,
+ struct in6_ifreq *);
+static int in6ctl_gifstat(struct ifnet *, u_long, struct in6_ifreq *);
+static int in6ctl_alifetime(struct in6_ifaddr *, u_long, struct in6_ifreq *,
+ boolean_t);
+static int in6ctl_aifaddr(struct ifnet *, struct in6_aliasreq *);
+static void in6ctl_difaddr(struct ifnet *, struct in6_ifaddr *);
+static int in6_autoconf(struct ifnet *, int);
+static int in6_setrouter(struct ifnet *, ipv6_router_mode_t);
+static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
+static int in6_ifaupdate_aux(struct in6_ifaddr *, struct ifnet *, int);
+static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
+static struct in6_ifaddr *in6_ifaddr_alloc(zalloc_flags_t);
+static void in6_ifaddr_attached(struct ifaddr *);
+static void in6_ifaddr_detached(struct ifaddr *);
static void in6_ifaddr_free(struct ifaddr *);
static void in6_ifaddr_trace(struct ifaddr *, int);
+#if defined(__LP64__)
+static void in6_cgareq_32_to_64(const struct in6_cgareq_32 *,
+ struct in6_cgareq_64 *);
+#else
+static void in6_cgareq_64_to_32(const struct in6_cgareq_64 *,
+ struct in6_cgareq_32 *);
+#endif
static struct in6_aliasreq *in6_aliasreq_to_native(void *, int,
struct in6_aliasreq *);
+static int in6_to_kamescope(struct sockaddr_in6 *, struct ifnet *);
+static int in6_getassocids(struct socket *, uint32_t *, user_addr_t);
+static int in6_getconnids(struct socket *, sae_associd_t, uint32_t *,
+ user_addr_t);
+
+static void in6_if_up_dad_start(struct ifnet *);
+
+#define IA6_HASH_INIT(ia) { \
+ (ia)->ia6_hash.tqe_next = (void *)(uintptr_t)-1; \
+ (ia)->ia6_hash.tqe_prev = (void *)(uintptr_t)-1; \
+}
+
+#define IA6_IS_HASHED(ia) \
+ (!((ia)->ia6_hash.tqe_next == (void *)(uintptr_t)-1 || \
+ (ia)->ia6_hash.tqe_prev == (void *)(uintptr_t)-1))
+
+static void in6_iahash_remove(struct in6_ifaddr *);
+static void in6_iahash_insert(struct in6_ifaddr *);
+static void in6_iahash_insert_ptp(struct in6_ifaddr *);
-struct in6_multihead in6_multihead; /* XXX BSS initialization */
extern lck_mtx_t *nd6_mutex;
-extern lck_mtx_t *ip6_mutex;
-extern int in6_init2done;
+
+#define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */
+
+/* For gdb */
+__private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE;
struct in6_ifaddr_dbg {
- struct in6_ifaddr in6ifa; /* in6_ifaddr */
- struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */
- u_int16_t in6ifa_refhold_cnt; /* # of ifaref */
- u_int16_t in6ifa_refrele_cnt; /* # of ifafree */
+ struct in6_ifaddr in6ifa; /* in6_ifaddr */
+ struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */
+ u_int16_t in6ifa_refhold_cnt; /* # of IFA_ADDREF */
+ u_int16_t in6ifa_refrele_cnt; /* # of IFA_REMREF */
/*
* Alloc and free callers.
*/
- ctrace_t in6ifa_alloc;
- ctrace_t in6ifa_free;
+ ctrace_t in6ifa_alloc;
+ ctrace_t in6ifa_free;
+ /*
+ * Circular lists of IFA_ADDREF and IFA_REMREF callers.
+ */
+ ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE];
+ ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE];
/*
- * Circular lists of ifaref and ifafree callers.
+ * Trash list linkage
*/
- ctrace_t in6ifa_refhold[CTRACE_HIST_SIZE];
- ctrace_t in6ifa_refrele[CTRACE_HIST_SIZE];
+ TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link;
};
-static unsigned int in6ifa_debug; /* debug flags */
-static unsigned int in6ifa_size; /* size of zone element */
-static struct zone *in6ifa_zone; /* zone for in6_ifaddr */
+/* List of trash in6_ifaddr entries protected by in6ifa_trash_lock */
+static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head;
+static decl_lck_mtx_data(, in6ifa_trash_lock);
-#define IN6IFA_ZONE_MAX 64 /* maximum elements in zone */
-#define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
+#if DEBUG
+static unsigned int in6ifa_debug = 1; /* debugging (enabled) */
+#else
+static unsigned int in6ifa_debug; /* debugging (disabled) */
+#endif /* !DEBUG */
+static struct zone *in6ifa_zone; /* zone for in6_ifaddr */
+#define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
+struct eventhandler_lists_ctxt in6_evhdlr_ctxt;
+struct eventhandler_lists_ctxt in6_clat46_evhdlr_ctxt;
/*
* Subroutine for in6_ifaddloop() and in6_ifremloop().
* This routine does actual work.
* would be happy. Note that we assume the caller of the function
* (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
* which changes the outgoing interface to the loopback interface.
+ * ifa_addr for INET6 is set once during init; no need to hold lock.
*/
lck_mtx_lock(rnh_lock);
e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
- (struct sockaddr *)&all1_sa,
- RTF_UP|RTF_HOST|RTF_LLINFO, &nrt);
+ (struct sockaddr *)&all1_sa, RTF_UP | RTF_HOST | RTF_LLINFO, &nrt);
if (e != 0) {
log(LOG_ERR, "in6_ifloop_request: "
"%s operation failed for %s (errno=%d)\n",
e);
}
- if (nrt != NULL)
+ if (nrt != NULL) {
RT_LOCK(nrt);
+ }
/*
* Make sure rt_ifa be equal to IFA, the second argument of the
* function.
/*
* Report the addition/removal of the address to the routing socket.
* XXX: since we called rtinit for a p2p interface with a destination,
- * we end up reporting twice in such a case. Should we rather
- * omit the second report?
+ * we end up reporting twice in such a case. Should we rather
+ * omit the second report?
*/
if (nrt != NULL) {
rt_newaddrmsg(cmd, ifa, e, nrt);
{
struct rtentry *rt;
- /* If there is no loopback entry, allocate one. */
+ /*
+ * If there is no loopback entry, allocate one. ifa_addr for
+ * INET6 is set once during init; no need to hold lock.
+ */
rt = rtalloc1(ifa->ifa_addr, 0, 0);
- if (rt != NULL)
+ if (rt != NULL) {
RT_LOCK(rt);
+ }
if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
(rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) {
if (rt != NULL) {
* if it exists.
*/
static void
-in6_ifremloop(struct ifaddr *ifa, int locked)
+in6_ifremloop(struct ifaddr *ifa)
{
struct in6_ifaddr *ia;
struct rtentry *rt;
* (probably p2p) interfaces.
* XXX: we should avoid such a configuration in IPv6...
*/
- if (!locked)
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ TAILQ_FOREACH(ia, IN6ADDR_HASH(IFA_IN6(ifa)), ia6_hash) {
+ IFA_LOCK(&ia->ia_ifa);
if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
ia_count++;
- if (ia_count > 1)
+ if (ia_count > 1) {
+ IFA_UNLOCK(&ia->ia_ifa);
break;
+ }
}
+ IFA_UNLOCK(&ia->ia_ifa);
}
- if (!locked)
- lck_mtx_unlock(nd6_mutex);
+ lck_rw_done(&in6_ifaddr_rwlock);
if (ia_count == 1) {
/*
* Before deleting, check if a corresponding loopbacked host
* route surely exists. With this check, we can avoid to
* delete an interface direct route whose destination is same
- * as the address being removed. This can happen when remofing
+ * as the address being removed. This can happen when removing
* a subnet-router anycast address on an interface attahced
- * to a shared medium.
+ * to a shared medium. ifa_addr for INET6 is set once during
+ * init; no need to hold lock.
*/
rt = rtalloc1(ifa->ifa_addr, 0, 0);
if (rt != NULL) {
}
}
-#if 0
-/* Not used */
-int
-in6_ifindex2scopeid(idx)
- int idx;
-{
- struct ifnet *ifp;
- struct ifaddr *ifa;
- struct sockaddr_in6 *sin6;
-
- ifnet_head_lock_shared();
- if (idx <= 0 || if_index < idx) {
- ifnet_head_done();
- return -1;
- }
-
- ifp = ifindex2ifnet[idx];
- ifnet_head_done();
-
- ifnet_lock_shared(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
- if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
- int scopeid = sin6->sin6_scope_id & 0xffff;
- ifnet_lock_done(ifp);
- return scopeid;
- }
- }
- ifnet_lock_done(ifp);
-
- return -1;
-}
-#endif
-
int
-in6_mask2len(mask, lim0)
- struct in6_addr *mask;
- u_char *lim0;
+in6_mask2len(struct in6_addr *mask, u_char *lim0)
{
int x = 0, y;
u_char *lim = lim0, *p;
- if (lim0 == NULL ||
- lim0 - (u_char *)mask > sizeof(*mask)) /* ignore the scope_id part */
+ /* ignore the scope_id part */
+ if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) {
lim = (u_char *)mask + sizeof(*mask);
+ }
for (p = (u_char *)mask; p < lim; x++, p++) {
- if (*p != 0xff)
+ if (*p != 0xff) {
break;
+ }
}
y = 0;
if (p < lim) {
for (y = 0; y < 8; y++) {
- if ((*p & (0x80 >> y)) == 0)
+ if ((*p & (0x80 >> y)) == 0) {
break;
+ }
}
}
* remaining bits.
*/
if (p < lim) {
- if (y != 0 && (*p & (0x00ff >> y)) != 0)
- return(-1);
- for (p = p + 1; p < lim; p++)
- if (*p != 0)
- return(-1);
+ if (y != 0 && (*p & (0x00ff >> y)) != 0) {
+ return -1;
+ }
+ for (p = p + 1; p < lim; p++) {
+ if (*p != 0) {
+ return -1;
+ }
+ }
}
-
+
return x * 8 + y;
}
void
-in6_len2mask(mask, len)
- struct in6_addr *mask;
- int len;
+in6_len2mask(struct in6_addr *mask, int len)
{
int i;
bzero(mask, sizeof(*mask));
- for (i = 0; i < len / 8; i++)
+ for (i = 0; i < len / 8; i++) {
mask->s6_addr8[i] = 0xff;
- if (len % 8)
+ }
+ if (len % 8) {
mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff;
+ }
}
void
in6_aliasreq_64_to_32(struct in6_aliasreq_64 *src, struct in6_aliasreq_32 *dst)
{
- bzero(dst, sizeof (*dst));
- bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name));
+ bzero(dst, sizeof(*dst));
+ bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
dst->ifra_addr = src->ifra_addr;
dst->ifra_dstaddr = src->ifra_dstaddr;
dst->ifra_prefixmask = src->ifra_prefixmask;
dst->ifra_flags = src->ifra_flags;
- dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
- dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
+ dst->ifra_lifetime.ia6t_expire = (u_int32_t)src->ifra_lifetime.ia6t_expire;
+ dst->ifra_lifetime.ia6t_preferred = (u_int32_t)src->ifra_lifetime.ia6t_preferred;
dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
}
void
in6_aliasreq_32_to_64(struct in6_aliasreq_32 *src, struct in6_aliasreq_64 *dst)
{
- bzero(dst, sizeof (*dst));
- bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name));
+ bzero(dst, sizeof(*dst));
+ bcopy(src->ifra_name, dst->ifra_name, sizeof(dst->ifra_name));
dst->ifra_addr = src->ifra_addr;
dst->ifra_dstaddr = src->ifra_dstaddr;
dst->ifra_prefixmask = src->ifra_prefixmask;
dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
}
+#if defined(__LP64__)
+static void
+in6_cgareq_32_to_64(const struct in6_cgareq_32 *src,
+ struct in6_cgareq_64 *dst)
+{
+ bzero(dst, sizeof(*dst));
+ bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
+ dst->cgar_flags = src->cgar_flags;
+ bcopy(src->cgar_cgaprep.cga_modifier.octets,
+ dst->cgar_cgaprep.cga_modifier.octets,
+ sizeof(dst->cgar_cgaprep.cga_modifier.octets));
+ dst->cgar_cgaprep.cga_security_level =
+ src->cgar_cgaprep.cga_security_level;
+ dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
+ dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
+ dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
+ dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
+ dst->cgar_collision_count = src->cgar_collision_count;
+}
+#endif
+
+#if !defined(__LP64__)
+static void
+in6_cgareq_64_to_32(const struct in6_cgareq_64 *src,
+ struct in6_cgareq_32 *dst)
+{
+ bzero(dst, sizeof(*dst));
+ bcopy(src->cgar_name, dst->cgar_name, sizeof(dst->cgar_name));
+ dst->cgar_flags = src->cgar_flags;
+ bcopy(src->cgar_cgaprep.cga_modifier.octets,
+ dst->cgar_cgaprep.cga_modifier.octets,
+ sizeof(dst->cgar_cgaprep.cga_modifier.octets));
+ dst->cgar_cgaprep.cga_security_level =
+ src->cgar_cgaprep.cga_security_level;
+ dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
+ dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
+ dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
+ dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
+ dst->cgar_collision_count = src->cgar_collision_count;
+}
+#endif
+
static struct in6_aliasreq *
in6_aliasreq_to_native(void *data, int data_is_64, struct in6_aliasreq *dst)
{
#if defined(__LP64__)
- if (data_is_64)
- dst = data;
- else
+ if (data_is_64) {
+ bcopy(data, dst, sizeof(*dst));
+ } else {
in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data,
(struct in6_aliasreq_64 *)dst);
+ }
#else
- if (data_is_64)
+ if (data_is_64) {
in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data,
(struct in6_aliasreq_32 *)dst);
- else
- dst = data;
+ } else {
+ bcopy(data, dst, sizeof(*dst));
+ }
#endif /* __LP64__ */
- return (dst);
+ return dst;
}
-#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
-#define ia62ifa(ia6) (&((ia6)->ia_ifa))
-
-int
-in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
- struct proc *p)
+void
+in6_cgareq_copy_from_user(const void *user_data, int user_is_64,
+ struct in6_cgareq *cgareq)
{
- struct in6_ifreq *ifr = (struct in6_ifreq *)data;
- struct in6_ifaddr *ia = NULL;
- struct in6_aliasreq sifra;
- struct in6_aliasreq *ifra = NULL;
- struct sockaddr_in6 *sa6;
- int index, privileged, error = 0;
- struct timeval timenow;
- int p64 = proc_is64bit(p);
+#if defined(__LP64__)
+ if (user_is_64) {
+ bcopy(user_data, cgareq, sizeof(*cgareq));
+ } else {
+ in6_cgareq_32_to_64((const struct in6_cgareq_32 *)user_data,
+ (struct in6_cgareq_64 *)cgareq);
+ }
+#else
+ if (user_is_64) {
+ in6_cgareq_64_to_32((const struct in6_cgareq_64 *)user_data,
+ (struct in6_cgareq_32 *)cgareq);
+ } else {
+ bcopy(user_data, cgareq, sizeof(*cgareq));
+ }
+#endif /* __LP64__ */
+}
- getmicrotime(&timenow);
+static __attribute__((noinline)) int
+in6ctl_associd(struct socket *so, u_long cmd, caddr_t data)
+{
+ int error = 0;
+ union {
+ struct so_aidreq32 a32;
+ struct so_aidreq64 a64;
+ } u;
- privileged = (proc_suser(p) == 0);
+ VERIFY(so != NULL);
switch (cmd) {
- case SIOCGETSGCNT_IN6:
- case SIOCGETMIFCNT_IN6_32:
- case SIOCGETMIFCNT_IN6_64:
- return (mrt6_ioctl(cmd, data));
+ case SIOCGASSOCIDS32: { /* struct so_aidreq32 */
+ bcopy(data, &u.a32, sizeof(u.a32));
+ error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
+ if (error == 0) {
+ bcopy(&u.a32, data, sizeof(u.a32));
+ }
+ break;
}
- if (ifp == NULL)
- return (EOPNOTSUPP);
-
- switch (cmd) {
- case SIOCAUTOCONF_START:
- case SIOCAUTOCONF_STOP:
- case SIOCLL_START_32:
- case SIOCLL_START_64:
- case SIOCLL_STOP:
- case SIOCPROTOATTACH_IN6_32:
- case SIOCPROTOATTACH_IN6_64:
- case SIOCPROTODETACH_IN6:
- if (!privileged)
- return (EPERM);
+ case SIOCGASSOCIDS64: { /* struct so_aidreq64 */
+ bcopy(data, &u.a64, sizeof(u.a64));
+ error = in6_getassocids(so, &u.a64.sar_cnt, u.a64.sar_aidp);
+ if (error == 0) {
+ bcopy(&u.a64, data, sizeof(u.a64));
+ }
break;
- case SIOCSNDFLUSH_IN6:
- case SIOCSPFXFLUSH_IN6:
- case SIOCSRTRFLUSH_IN6:
- case SIOCSDEFIFACE_IN6_32:
- case SIOCSDEFIFACE_IN6_64:
- case SIOCSIFINFO_FLAGS:
- if (!privileged)
- return (EPERM);
- /* fall through */
- case OSIOCGIFINFO_IN6:
- case SIOCGIFINFO_IN6:
- case SIOCGDRLST_IN6_32:
- case SIOCGDRLST_IN6_64:
- case SIOCGPRLST_IN6_32:
- case SIOCGPRLST_IN6_64:
- case SIOCGNBRINFO_IN6_32:
- case SIOCGNBRINFO_IN6_64:
- case SIOCGDEFIFACE_IN6_32:
- case SIOCGDEFIFACE_IN6_64:
- return (nd6_ioctl(cmd, data, ifp));
}
- switch (cmd) {
- case SIOCSIFPREFIX_IN6:
- case SIOCDIFPREFIX_IN6:
- case SIOCAIFPREFIX_IN6:
- case SIOCCIFPREFIX_IN6:
- case SIOCSGIFPREFIX_IN6:
- case SIOCGIFPREFIX_IN6:
- log(LOG_NOTICE,
- "prefix ioctls are now invalidated. "
- "please use ifconfig.\n");
- return (EOPNOTSUPP);
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
}
- switch (cmd) {
- case SIOCSSCOPE6:
- if (!privileged)
- return (EPERM);
- return (scope6_set(ifp, ifr->ifr_ifru.ifru_scope_id));
- /* NOTREACHED */
+ return error;
+}
- case SIOCGSCOPE6:
- return (scope6_get(ifp, ifr->ifr_ifru.ifru_scope_id));
- /* NOTREACHED */
+static __attribute__((noinline)) int
+in6ctl_connid(struct socket *so, u_long cmd, caddr_t data)
+{
+ int error = 0;
+ union {
+ struct so_cidreq32 c32;
+ struct so_cidreq64 c64;
+ } u;
- case SIOCGSCOPE6DEF:
- return (scope6_get_default(ifr->ifr_ifru.ifru_scope_id));
- }
+ VERIFY(so != NULL);
switch (cmd) {
- case SIOCALIFADDR:
- case SIOCDLIFADDR:
- if (!privileged)
- return(EPERM);
- /* fall through */
- case SIOCGLIFADDR:
- return (in6_lifaddr_ioctl(so, cmd, data, ifp, p));
+ case SIOCGCONNIDS32: { /* struct so_cidreq32 */
+ bcopy(data, &u.c32, sizeof(u.c32));
+ error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
+ u.c32.scr_cidp);
+ if (error == 0) {
+ bcopy(&u.c32, data, sizeof(u.c32));
+ }
+ break;
}
- /*
- * Point ifra and sa6 to the right places depending on the command.
- */
- switch (cmd) {
- case SIOCLL_START_32:
- case SIOCAIFADDR_IN6_32:
- /*
- * Convert user ifra to the kernel form, when appropriate.
- * This allows the conversion between different data models
- * to be centralized, so that it can be passed around to other
- * routines that are expecting the kernel form.
- */
- ifra = in6_aliasreq_to_native(data, 0, &sifra);
- sa6 = (struct sockaddr_in6 *)&ifra->ifra_addr;
+ case SIOCGCONNIDS64: { /* struct so_cidreq64 */
+ bcopy(data, &u.c64, sizeof(u.c64));
+ error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
+ u.c64.scr_cidp);
+ if (error == 0) {
+ bcopy(&u.c64, data, sizeof(u.c64));
+ }
break;
+ }
- case SIOCLL_START_64:
- case SIOCAIFADDR_IN6_64:
- ifra = in6_aliasreq_to_native(data, 1, &sifra);
- sa6 = (struct sockaddr_in6 *)&ifra->ifra_addr;
- break;
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
- case SIOCSIFADDR_IN6: /* deprecated */
- case SIOCGIFADDR_IN6:
- case SIOCSIFDSTADDR_IN6: /* deprecated */
- case SIOCSIFNETMASK_IN6: /* deprecated */
- case SIOCGIFDSTADDR_IN6:
- case SIOCGIFNETMASK_IN6:
- case SIOCDIFADDR_IN6:
- case SIOCGIFPSRCADDR_IN6:
- case SIOCGIFPDSTADDR_IN6:
- case SIOCGIFAFLAG_IN6:
- case SIOCGIFALIFETIME_IN6:
- case SIOCSIFALIFETIME_IN6:
- case SIOCGIFSTAT_IN6:
- case SIOCGIFSTAT_ICMP6:
- sa6 = &ifr->ifr_addr;
- break;
+ return error;
+}
- default:
- sa6 = NULL;
+static __attribute__((noinline)) int
+in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
+{
+ int error = 0;
+ union {
+ struct so_cinforeq32 ci32;
+ struct so_cinforeq64 ci64;
+ } u;
+
+ VERIFY(so != NULL);
+
+ switch (cmd) {
+ case SIOCGCONNINFO32: { /* struct so_cinforeq32 */
+ bcopy(data, &u.ci32, sizeof(u.ci32));
+ error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
+ &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
+ &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
+ &u.ci32.scir_aux_type, u.ci32.scir_aux_data,
+ &u.ci32.scir_aux_len);
+ if (error == 0) {
+ bcopy(&u.ci32, data, sizeof(u.ci32));
+ }
break;
}
- switch (cmd) {
+ case SIOCGCONNINFO64: { /* struct so_cinforeq64 */
+ bcopy(data, &u.ci64, sizeof(u.ci64));
+ error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
+ &u.ci64.scir_ifindex, &u.ci64.scir_error, u.ci64.scir_src,
+ &u.ci64.scir_src_len, u.ci64.scir_dst, &u.ci64.scir_dst_len,
+ &u.ci64.scir_aux_type, u.ci64.scir_aux_data,
+ &u.ci64.scir_aux_len);
+ if (error == 0) {
+ bcopy(&u.ci64, data, sizeof(u.ci64));
+ }
+ break;
+ }
- case SIOCAUTOCONF_START:
- ifnet_lock_exclusive(ifp);
- ifp->if_eflags |= IFEF_ACCEPT_RTADVD;
- ifnet_lock_done(ifp);
- return (0);
+ default:
+ VERIFY(0);
/* NOTREACHED */
+ }
- case SIOCAUTOCONF_STOP: {
- struct in6_ifaddr *nia = NULL;
+ return error;
+}
- ifnet_lock_exclusive(ifp);
- ifp->if_eflags &= ~IFEF_ACCEPT_RTADVD;
- ifnet_lock_done(ifp);
+static __attribute__((noinline)) int
+in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct in6_aliasreq sifra, *ifra = NULL;
+ boolean_t is64;
+ int error = 0;
- /* nuke prefix list. this may try to remove some ifaddrs as well */
- in6_purgeprefix(ifp);
+ VERIFY(ifp != NULL);
- /* removed autoconfigured address from interface */
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
- nia = ia->ia_next;
- if (ia->ia_ifa.ifa_ifp != ifp)
- continue;
- if (ia->ia6_flags & IN6_IFF_AUTOCONF)
- in6_purgeaddr(&ia->ia_ifa, 1);
- }
- lck_mtx_unlock(nd6_mutex);
- return (0);
- }
+ switch (cmd) {
+ case SIOCLL_START_32: /* struct in6_aliasreq_32 */
+ case SIOCLL_START_64: /* struct in6_aliasreq_64 */
+ is64 = (cmd == SIOCLL_START_64);
+ /*
+ * Convert user ifra to the kernel form, when appropriate.
+ * This allows the conversion between different data models
+ * to be centralized, so that it can be passed around to other
+ * routines that are expecting the kernel form.
+ */
+ ifra = in6_aliasreq_to_native(data, is64, &sifra);
- case SIOCLL_START_32:
- case SIOCLL_START_64:
/*
* NOTE: All the interface specific DLIL attachements should
- * be done here. They are currently done in in6_ifattach()
+ * be done here. They are currently done in in6_ifattach_aux()
* for the interfaces that need it.
*/
- if (((ifp->if_type == IFT_PPP) || ((ifp->if_eflags & IFEF_NOAUTOIPV6LL) != 0)) &&
- ifra->ifra_addr.sin6_family == AF_INET6 &&
- ifra->ifra_dstaddr.sin6_family == AF_INET6) {
+ if (ifra->ifra_addr.sin6_family == AF_INET6 &&
+ /* Only check ifra_dstaddr if valid */
+ (ifra->ifra_dstaddr.sin6_len == 0 ||
+ ifra->ifra_dstaddr.sin6_family == AF_INET6)) {
/* some interfaces may provide LinkLocal addresses */
- error = in6_if_up(ifp, ifra);
+ error = in6_ifattach_aliasreq(ifp, NULL, ifra);
} else {
- error = in6_if_up(ifp, 0);
+ error = in6_ifattach_aliasreq(ifp, NULL, NULL);
}
- return (error);
+ if (error == 0) {
+ in6_if_up_dad_start(ifp);
+ }
+ break;
+
+ default:
+ VERIFY(0);
/* NOTREACHED */
+ }
+
+ return error;
+}
- case SIOCLL_STOP: {
- struct in6_ifaddr *nia = NULL;
+static __attribute__((noinline)) int
+in6ctl_llstop(struct ifnet *ifp)
+{
+ struct in6_ifaddr *ia;
+ struct nd_prefix pr0, *pr;
- /* removed link local addresses from interface */
+ VERIFY(ifp != NULL);
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
- nia = ia->ia_next;
- if (ia->ia_ifa.ifa_ifp != ifp)
+ /* Remove link local addresses from interface */
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ boolean_t from_begining = TRUE;
+ while (from_begining) {
+ from_begining = FALSE;
+ TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
+ if (ia->ia_ifa.ifa_ifp != ifp) {
continue;
- if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr))
- in6_purgeaddr(&ia->ia_ifa, 1);
+ }
+ IFA_LOCK(&ia->ia_ifa);
+ if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
+ IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
+ in6_purgeaddr(&ia->ia_ifa);
+ IFA_REMREF(&ia->ia_ifa); /* for us */
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ /*
+ * Purging the address caused in6_ifaddr_rwlock
+ * to be dropped and reacquired;
+ * therefore search again from the beginning
+ * of in6_ifaddrs list.
+ */
+ from_begining = TRUE;
+ break;
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
}
+ }
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ /* Delete the link local prefix */
+ bzero(&pr0, sizeof(pr0));
+ pr0.ndpr_plen = 64;
+ pr0.ndpr_ifp = ifp;
+ pr0.ndpr_prefix.sin6_addr.s6_addr16[0] = IPV6_ADDR_INT16_ULL;
+ (void)in6_setscope(&pr0.ndpr_prefix.sin6_addr, ifp, NULL);
+ pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC);
+ if (pr) {
+ lck_mtx_lock(nd6_mutex);
+ NDPR_LOCK(pr);
+ prelist_remove(pr);
+ NDPR_UNLOCK(pr);
+ NDPR_REMREF(pr); /* Drop the reference from lookup */
lck_mtx_unlock(nd6_mutex);
- return (0);
}
- case SIOCPROTOATTACH_IN6_32:
- case SIOCPROTOATTACH_IN6_64:
- switch (ifp->if_type) {
-#if IFT_BRIDGE /*OpenBSD 2.8*/
- /* some of the interfaces are inherently not IPv6 capable */
- case IFT_BRIDGE:
- return;
- /* NOTREACHED */
-#endif
- default:
- if ((error = proto_plumb(PF_INET6, ifp)))
- printf("SIOCPROTOATTACH_IN6: %s "
- "error=%d\n", if_name(ifp), error);
- break;
-
- }
- return (error);
- /* NOTREACHED */
-
- case SIOCPROTODETACH_IN6:
- /* Cleanup interface routes and addresses */
- in6_purgeif(ifp);
+ return 0;
+}
- if ((error = proto_unplumb(PF_INET6, ifp)))
- printf("SIOCPROTODETACH_IN6: %s error=%d\n",
- if_name(ifp), error);
- return (error);
- }
+/*
+ * This routine configures secure link local address
+ */
+static __attribute__((noinline)) int
+in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct in6_cgareq llcgasr;
+ int is64, error = 0;
- /*
- * Find address for this interface, if it exists; depending
- * on the ioctl command, sa6 points to the address in ifra/ifr.
- */
- if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
- if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
- if (sa6->sin6_addr.s6_addr16[1] == 0) {
- /* link ID is not embedded by the user */
- sa6->sin6_addr.s6_addr16[1] =
- htons(ifp->if_index);
- } else if (sa6->sin6_addr.s6_addr16[1] !=
- htons(ifp->if_index)) {
- return (EINVAL); /* link ID contradicts */
- }
- if (sa6->sin6_scope_id) {
- if (sa6->sin6_scope_id !=
- (u_int32_t)ifp->if_index)
- return (EINVAL);
- sa6->sin6_scope_id = 0; /* XXX: good way? */
- }
- }
- ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
- } else {
- ia = NULL;
- }
+ VERIFY(ifp != NULL);
switch (cmd) {
- case SIOCSIFADDR_IN6:
- case SIOCSIFDSTADDR_IN6:
- case SIOCSIFNETMASK_IN6:
+ case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
+ case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
+ is64 = (cmd == SIOCLL_CGASTART_64);
/*
- * Since IPv6 allows a node to assign multiple addresses
- * on a single interface, SIOCSIFxxx ioctls are not suitable
- * and should be unused.
+ * Convert user cgareq to the kernel form, when appropriate.
+ * This allows the conversion between different data models
+ * to be centralized, so that it can be passed around to other
+ * routines that are expecting the kernel form.
*/
- /* we decided to obsolete this command (20000704) */
- error = EINVAL;
- goto ioctl_cleanup;
+ in6_cgareq_copy_from_user(data, is64, &llcgasr);
- case SIOCDIFADDR_IN6:
- /*
- * for IPv4, we look for existing in_ifaddr here to allow
- * "ifconfig if0 delete" to remove first IPv4 address on the
- * interface. For IPv6, as the spec allow multiple interface
- * address from the day one, we consider "remove the first one"
- * semantics to be not preferable.
- */
- if (ia == NULL) {
- error = EADDRNOTAVAIL;
- goto ioctl_cleanup;
- }
- /* FALLTHROUGH */
- case SIOCAIFADDR_IN6_32:
- case SIOCAIFADDR_IN6_64:
/*
- * We always require users to specify a valid IPv6 address for
- * the corresponding operation. Use "sa6" instead of "ifra"
- * since SIOCDIFADDR_IN6 falls thru above.
+ * NOTE: All the interface specific DLIL attachements
+ * should be done here. They are currently done in
+ * in6_ifattach_cgareq() for the interfaces that
+ * need it.
*/
- if (sa6->sin6_family != AF_INET6 ||
- sa6->sin6_len != sizeof(struct sockaddr_in6)) {
- error = EAFNOSUPPORT;
- goto ioctl_cleanup;
+ error = in6_ifattach_llcgareq(ifp, &llcgasr);
+ if (error == 0) {
+ in6_if_up_dad_start(ifp);
}
- if (!privileged) {
- error = EPERM;
- goto ioctl_cleanup;
- }
-
break;
- case SIOCGIFADDR_IN6:
- /* This interface is basically deprecated. use SIOCGIFCONF. */
- /* fall through */
- case SIOCGIFAFLAG_IN6:
- case SIOCGIFNETMASK_IN6:
- case SIOCGIFDSTADDR_IN6:
- case SIOCGIFALIFETIME_IN6:
- /* must think again about its semantics */
- if (ia == NULL) {
- error = EADDRNOTAVAIL;
- goto ioctl_cleanup;
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return error;
+}
+
+/*
+ * Caller passes in the ioctl data pointer directly via "ifr", with the
+ * expectation that this routine always uses bcopy() or other byte-aligned
+ * memory accesses.
+ */
+static __attribute__((noinline)) int
+in6ctl_gifaddr(struct ifnet *ifp, struct in6_ifaddr *ia, u_long cmd,
+ struct in6_ifreq *ifr)
+{
+ struct sockaddr_in6 addr;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ if (ia == NULL) {
+ return EADDRNOTAVAIL;
+ }
+
+ switch (cmd) {
+ case SIOCGIFADDR_IN6: /* struct in6_ifreq */
+ IFA_LOCK(&ia->ia_ifa);
+ bcopy(&ia->ia_addr, &addr, sizeof(addr));
+ IFA_UNLOCK(&ia->ia_ifa);
+ if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
+ break;
}
+ bcopy(&addr, &ifr->ifr_addr, sizeof(addr));
break;
- case SIOCSIFALIFETIME_IN6:
- if (!privileged) {
- error = EPERM;
- goto ioctl_cleanup;
- }
- if (ia == NULL) {
- error = EADDRNOTAVAIL;
- goto ioctl_cleanup;
- }
- /* sanity for overflow - beware unsigned */
- if (p64) {
- struct in6_addrlifetime_64 *lt;
-
- lt = (struct in6_addrlifetime_64 *)
- &ifr->ifr_ifru.ifru_lifetime;
- if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- } else {
- struct in6_addrlifetime_32 *lt;
-
- lt = (struct in6_addrlifetime_32 *)
- &ifr->ifr_ifru.ifru_lifetime;
- if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- }
- break;
- }
-
- switch (cmd) {
- case SIOCGIFADDR_IN6:
- ifr->ifr_addr = ia->ia_addr;
- break;
-
- case SIOCGIFDSTADDR_IN6:
- if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
- error = EINVAL;
- goto ioctl_cleanup;
+ case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
+ if (!(ifp->if_flags & IFF_POINTOPOINT)) {
+ error = EINVAL;
+ break;
}
/*
* XXX: should we check if ifa_dstaddr is NULL and return
* an error?
*/
- ifr->ifr_dstaddr = ia->ia_dstaddr;
+ IFA_LOCK(&ia->ia_ifa);
+ bcopy(&ia->ia_dstaddr, &addr, sizeof(addr));
+ IFA_UNLOCK(&ia->ia_ifa);
+ if ((error = sa6_recoverscope(&addr, TRUE)) != 0) {
+ break;
+ }
+ bcopy(&addr, &ifr->ifr_dstaddr, sizeof(addr));
break;
- case SIOCGIFNETMASK_IN6:
- ifr->ifr_addr = ia->ia_prefixmask;
- break;
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
- case SIOCGIFAFLAG_IN6:
- ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
- break;
+ return error;
+}
- case SIOCGIFSTAT_IN6:
- if (ifp == NULL) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- index = ifp->if_index;
- lck_mtx_lock(ip6_mutex);
- if (in6_ifstat == NULL || index >= in6_ifstatmax
- || in6_ifstat[index] == NULL) {
- /* return EAFNOSUPPORT? */
- bzero(&ifr->ifr_ifru.ifru_stat,
- sizeof (ifr->ifr_ifru.ifru_stat));
- } else {
- ifr->ifr_ifru.ifru_stat = *in6_ifstat[index];
- }
- lck_mtx_unlock(ip6_mutex);
- break;
+/*
+ * Caller passes in the ioctl data pointer directly via "ifr", with the
+ * expectation that this routine always uses bcopy() or other byte-aligned
+ * memory accesses.
+ */
+static __attribute__((noinline)) int
+in6ctl_gifstat(struct ifnet *ifp, u_long cmd, struct in6_ifreq *ifr)
+{
+ int error = 0, index;
- case SIOCGIFSTAT_ICMP6:
- if (ifp == NULL) {
- error = EINVAL;
- goto ioctl_cleanup;
- }
- index = ifp->if_index;
- lck_mtx_lock(ip6_mutex);
- if (icmp6_ifstat == NULL || index >= icmp6_ifstatmax ||
- icmp6_ifstat[index] == NULL) {
- /* return EAFNOSUPPORT? */
+ VERIFY(ifp != NULL);
+ index = ifp->if_index;
+
+ switch (cmd) {
+ case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
+ /* N.B.: if_inet6data is never freed once set. */
+ if (IN6_IFEXTRA(ifp) == NULL) {
+ /* return (EAFNOSUPPORT)? */
bzero(&ifr->ifr_ifru.ifru_stat,
- sizeof (ifr->ifr_ifru.ifru_icmp6stat));
+ sizeof(ifr->ifr_ifru.ifru_stat));
} else {
- ifr->ifr_ifru.ifru_icmp6stat = *icmp6_ifstat[index];
+ bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat,
+ &ifr->ifr_ifru.ifru_stat,
+ sizeof(ifr->ifr_ifru.ifru_stat));
}
- lck_mtx_unlock(ip6_mutex);
break;
- case SIOCGIFALIFETIME_IN6:
- if (p64) {
- struct in6_addrlifetime_64 *lt;
-
- lt = (struct in6_addrlifetime_64 *)
- &ifr->ifr_ifru.ifru_lifetime;
- lt->ia6t_expire = ia->ia6_lifetime.ia6t_expire;
- lt->ia6t_preferred = ia->ia6_lifetime.ia6t_preferred;
- lt->ia6t_vltime = ia->ia6_lifetime.ia6t_vltime;
- lt->ia6t_pltime = ia->ia6_lifetime.ia6t_pltime;
+ case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
+ /* N.B.: if_inet6data is never freed once set. */
+ if (IN6_IFEXTRA(ifp) == NULL) {
+ /* return (EAFNOSUPPORT)? */
+ bzero(&ifr->ifr_ifru.ifru_icmp6stat,
+ sizeof(ifr->ifr_ifru.ifru_icmp6stat));
} else {
- struct in6_addrlifetime_32 *lt;
-
- lt = (struct in6_addrlifetime_32 *)
- &ifr->ifr_ifru.ifru_lifetime;
- lt->ia6t_expire =
- (uint32_t)ia->ia6_lifetime.ia6t_expire;
- lt->ia6t_preferred =
- (uint32_t)ia->ia6_lifetime.ia6t_preferred;
- lt->ia6t_vltime =
- (uint32_t)ia->ia6_lifetime.ia6t_vltime;
- lt->ia6t_pltime =
- (uint32_t)ia->ia6_lifetime.ia6t_pltime;
+ bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat,
+ &ifr->ifr_ifru.ifru_icmp6stat,
+ sizeof(ifr->ifr_ifru.ifru_icmp6stat));
}
break;
- case SIOCSIFALIFETIME_IN6:
- if (p64) {
- struct in6_addrlifetime_64 *lt;
-
- lt = (struct in6_addrlifetime_64 *)
- &ifr->ifr_ifru.ifru_lifetime;
- ia->ia6_lifetime.ia6t_expire = lt->ia6t_expire;
- ia->ia6_lifetime.ia6t_preferred = lt->ia6t_preferred;
- ia->ia6_lifetime.ia6t_vltime = lt->ia6t_vltime;
- ia->ia6_lifetime.ia6t_pltime = lt->ia6t_pltime;
- } else {
- struct in6_addrlifetime_32 *lt;
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
- lt = (struct in6_addrlifetime_32 *)
- &ifr->ifr_ifru.ifru_lifetime;
- ia->ia6_lifetime.ia6t_expire =
- (uint32_t)lt->ia6t_expire;
- ia->ia6_lifetime.ia6t_preferred =
- (uint32_t)lt->ia6t_preferred;
- ia->ia6_lifetime.ia6t_vltime = lt->ia6t_vltime;
- ia->ia6_lifetime.ia6t_pltime = lt->ia6t_pltime;
- }
- /* for sanity */
- if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
- ia->ia6_lifetime.ia6t_expire =
- timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
- } else
- ia->ia6_lifetime.ia6t_expire = 0;
- if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
- ia->ia6_lifetime.ia6t_preferred =
- timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
- } else
- ia->ia6_lifetime.ia6t_preferred = 0;
- break;
+ return error;
+}
- case SIOCAIFADDR_IN6_32:
- case SIOCAIFADDR_IN6_64: {
- int i;
- struct nd_prefix pr0, *pr;
-
- /* Attempt to attache the protocol, in case it isn't attached */
- error = proto_plumb(PF_INET6, ifp);
- if (error) {
- if (error != EEXIST) {
- printf("SIOCAIFADDR_IN6: %s can't plumb "
- "protocol error=%d\n", if_name(ifp), error);
- goto ioctl_cleanup;
- }
+/*
+ * Caller passes in the ioctl data pointer directly via "ifr", with the
+ * expectation that this routine always uses bcopy() or other byte-aligned
+ * memory accesses.
+ */
+static __attribute__((noinline)) int
+in6ctl_alifetime(struct in6_ifaddr *ia, u_long cmd, struct in6_ifreq *ifr,
+ boolean_t p64)
+{
+ uint64_t timenow = net_uptime();
+ struct in6_addrlifetime ia6_lt;
+ struct timeval caltime;
+ int error = 0;
- /* Ignore, EEXIST */
- error = 0;
+ if (ia == NULL) {
+ return EADDRNOTAVAIL;
+ }
+
+ switch (cmd) {
+ case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
+ IFA_LOCK(&ia->ia_ifa);
+ /* retrieve time as calendar time (last arg is 1) */
+ in6ifa_getlifetime(ia, &ia6_lt, 1);
+ if (p64) {
+ struct in6_addrlifetime_64 lt;
+
+ bzero(<, sizeof(lt));
+ lt.ia6t_expire = ia6_lt.ia6t_expire;
+ lt.ia6t_preferred = ia6_lt.ia6t_preferred;
+ lt.ia6t_vltime = ia6_lt.ia6t_vltime;
+ lt.ia6t_pltime = ia6_lt.ia6t_pltime;
+ bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
} else {
- /* PF_INET6 wasn't previously attached */
- if ((error = in6_if_up(ifp, NULL)) != 0)
- goto ioctl_cleanup;
+ struct in6_addrlifetime_32 lt;
+
+ bzero(<, sizeof(lt));
+ lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire;
+ lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred;
+ lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime;
+ lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime;
+ bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof(ifr->ifr_ifru.ifru_lifetime));
}
+ IFA_UNLOCK(&ia->ia_ifa);
+ break;
- /*
- * first, make or update the interface address structure,
- * and link it to the list.
- */
- if ((error = in6_update_ifa(ifp, ifra, ia, M_WAITOK)) != 0)
- goto ioctl_cleanup;
-
- /*
- * then, make the prefix on-link on the interface.
- * XXX: we'd rather create the prefix before the address, but
- * we need at least one address to install the corresponding
- * interface route, so we configure the address first.
- */
+ case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
+ getmicrotime(&caltime);
- /*
- * convert mask to prefix length (prefixmask has already
- * been validated in in6_update_ifa().
- */
- bzero(&pr0, sizeof(pr0));
- pr0.ndpr_ifp = ifp;
- pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
- NULL);
- if (pr0.ndpr_plen == 128)
- break; /* we don't need to install a host route. */
- pr0.ndpr_prefix = ifra->ifra_addr;
- pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
- /* apply the mask for safety. */
- for (i = 0; i < 4; i++) {
- pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
- ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
- }
- /*
- * XXX: since we don't have an API to set prefix (not address)
- * lifetimes, we just use the same lifetimes as addresses.
- * The (temporarily) installed lifetimes can be overridden by
- * later advertised RAs (when accept_rtadv is non 0), which is
- * an intended behavior.
- */
- pr0.ndpr_raf_onlink = 1; /* should be configurable? */
- pr0.ndpr_raf_auto =
- ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
- pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
- pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
+ /* sanity for overflow - beware unsigned */
+ if (p64) {
+ struct in6_addrlifetime_64 lt;
- /* add the prefix if there's one. */
- if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
- /*
- * nd6_prelist_add will install the corresponding
- * interface route.
- */
- if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
- goto ioctl_cleanup;
- if (pr == NULL) {
- log(LOG_ERR, "nd6_prelist_add succedded but "
- "no prefix\n");
+ bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
+ if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
+ lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
error = EINVAL;
- goto ioctl_cleanup;
+ break;
+ }
+ if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
+ lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
+ error = EINVAL;
+ break;
}
- }
- if (ia != NULL)
- ifafree(&ia->ia_ifa);
- if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
- == NULL) {
- /* XXX: this should not happen! */
- log(LOG_ERR, "in6_control: addition succeeded, but"
- " no ifaddr\n");
} else {
- if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
- ia->ia6_ndpr == NULL) { /* new autoconfed addr */
- lck_mtx_lock(nd6_mutex);
- pr->ndpr_refcnt++;
- lck_mtx_unlock(nd6_mutex);
- ia->ia6_ndpr = pr;
+ struct in6_addrlifetime_32 lt;
- /*
- * If this is the first autoconf address from
- * the prefix, create a temporary address
- * as well (when specified).
- */
- if (ip6_use_tempaddr &&
- pr->ndpr_refcnt == 1) {
- int e;
- if ((e = in6_tmpifadd(ia, 1,
- M_WAITOK)) != 0) {
- log(LOG_NOTICE, "in6_control: "
- "failed to create a "
- "temporary address, "
- "errno=%d\n",
- e);
- }
- }
+ bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
+ if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
+ lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
+ error = EINVAL;
+ break;
+ }
+ if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
+ lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
+ error = EINVAL;
+ break;
}
-
- /*
- * this might affect the status of autoconfigured
- * addresses, that is, this address might make
- * other addresses detached.
- */
- pfxlist_onlink_check(0);
}
- /* Drop use count held above during lookup/add */
- ndpr_rele(pr, FALSE);
-#if PF
- pf_ifaddr_hook(ifp, cmd);
-#endif /* PF */
- break;
- }
+ IFA_LOCK(&ia->ia_ifa);
+ if (p64) {
+ struct in6_addrlifetime_64 lt;
- case SIOCDIFADDR_IN6: {
- int i = 0;
- struct nd_prefix pr0, *pr;
+ bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
+ ia6_lt.ia6t_expire = lt.ia6t_expire;
+ ia6_lt.ia6t_preferred = lt.ia6t_preferred;
+ ia6_lt.ia6t_vltime = lt.ia6t_vltime;
+ ia6_lt.ia6t_pltime = lt.ia6t_pltime;
+ } else {
+ struct in6_addrlifetime_32 lt;
- /*
- * If the address being deleted is the only one that owns
- * the corresponding prefix, expire the prefix as well.
- * XXX: theoretically, we don't have to warry about such
- * relationship, since we separate the address management
- * and the prefix management. We do this, however, to provide
- * as much backward compatibility as possible in terms of
- * the ioctl operation.
- */
- bzero(&pr0, sizeof(pr0));
- pr0.ndpr_ifp = ifp;
- pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr,
- NULL);
- if (pr0.ndpr_plen == 128)
- goto purgeaddr;
- pr0.ndpr_prefix = ia->ia_addr;
- pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
- for (i = 0; i < 4; i++) {
- pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
- ia->ia_prefixmask.sin6_addr.s6_addr32[i];
+ bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof(lt));
+ ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire;
+ ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred;
+ ia6_lt.ia6t_vltime = lt.ia6t_vltime;
+ ia6_lt.ia6t_pltime = lt.ia6t_pltime;
}
- /*
- * The logic of the following condition is a bit complicated.
- * We expire the prefix when
- * 1. the address obeys autoconfiguration and it is the
- * only owner of the associated prefix, or
- * 2. the address does not obey autoconf and there is no
- * other owner of the prefix.
- */
- if ((pr = nd6_prefix_lookup(&pr0)) != NULL &&
- (((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
- pr->ndpr_refcnt == 1) ||
- ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0 &&
- pr->ndpr_refcnt == 0))) {
- pr->ndpr_expire = 1; /* XXX: just for expiration */
+ /* for sanity */
+ if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
+ ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
+ } else {
+ ia6_lt.ia6t_expire = 0;
}
- /* Drop use count held above during lookup */
- if (pr != NULL)
- ndpr_rele(pr, FALSE);
+ if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
+ ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
+ } else {
+ ia6_lt.ia6t_preferred = 0;
+ }
-purgeaddr:
- in6_purgeaddr(&ia->ia_ifa, 0);
-#if PF
- pf_ifaddr_hook(ifp, cmd);
-#endif /* PF */
+ in6ifa_setlifetime(ia, &ia6_lt);
+ IFA_UNLOCK(&ia->ia_ifa);
break;
- }
default:
- error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
- goto ioctl_cleanup;
+ VERIFY(0);
+ /* NOTREACHED */
}
-ioctl_cleanup:
- if (ia != NULL)
- ifafree(&ia->ia_ifa);
- return (error);
+
+ return error;
}
-/*
- * Update parameters of an IPv6 interface address.
- * If necessary, a new entry is created and linked into address chains.
- * This function is separated from in6_control().
- * XXX: should this be performed under splnet()?
- */
-int
-in6_update_ifa(ifp, ifra, ia, how)
- struct ifnet *ifp;
- struct in6_aliasreq *ifra;
- struct in6_ifaddr *ia;
- int how;
+static int
+in6ctl_clat46start(struct ifnet *ifp)
{
- int error = 0, hostIsNew = 0, plen = -1;
- struct in6_ifaddr *oia;
- struct sockaddr_in6 dst6;
- struct in6_addrlifetime *lt;
- struct timeval timenow;
-
-
- lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
- /* Validate parameters */
- if (ifp == NULL || ifra == NULL) /* this maybe redundant */
- return(EINVAL);
+ struct nd_prefix *pr = NULL;
+ struct nd_prefix *next = NULL;
+ struct in6_ifaddr *ia6 = NULL;
+ int error = 0;
- /*
- * The destination address for a p2p link must have a family
- * of AF_UNSPEC or AF_INET6.
- */
- if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
- ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
- ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
- return(EAFNOSUPPORT);
- /*
- * validate ifra_prefixmask. don't check sin6_family, netmask
- * does not carry fields other than sin6_len.
- */
- if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
- return(EINVAL);
- /*
- * Set the address family value for the mask if it was not set.
- * Radar 3899482.
- */
- if (ifra->ifra_prefixmask.sin6_len == sizeof(struct sockaddr_in6) &&
- ifra->ifra_prefixmask.sin6_family == 0) {
- ifra->ifra_prefixmask.sin6_family = AF_INET6;
- }
- /*
- * Because the IPv6 address architecture is classless, we require
- * users to specify a (non 0) prefix length (mask) for a new address.
- * We also require the prefix (when specified) mask is valid, and thus
- * reject a non-consecutive mask.
- */
- if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
- return(EINVAL);
- if (ifra->ifra_prefixmask.sin6_len != 0) {
- plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
- (u_char *)&ifra->ifra_prefixmask +
- ifra->ifra_prefixmask.sin6_len);
- if (plen <= 0)
- return(EINVAL);
- }
- else {
- /*
- * In this case, ia must not be NULL. We just use its prefix
- * length.
- */
- plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
+ if (ifp == lo_ifp) {
+ return EINVAL;
}
/*
- * If the destination address on a p2p interface is specified,
- * and the address is a scoped one, validate/set the scope
- * zone identifier.
+ * Traverse the list of prefixes and find the first non-linklocal
+ * prefix on the interface.
+ * For that found eligible prefix, configure a CLAT46 reserved address.
*/
- dst6 = ifra->ifra_dstaddr;
- if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) &&
- (dst6.sin6_family == AF_INET6)) {
- int scopeid;
-
-#ifndef SCOPEDROUTING
- if ((error = in6_recoverscope(&dst6,
- &ifra->ifra_dstaddr.sin6_addr,
- ifp)) != 0)
- return(error);
-#endif
- scopeid = in6_addr2scopeid(ifp, &dst6.sin6_addr);
- if (dst6.sin6_scope_id == 0) /* user omit to specify the ID. */
- dst6.sin6_scope_id = scopeid;
- else if (dst6.sin6_scope_id != scopeid)
- return(EINVAL); /* scope ID mismatch. */
-#ifndef SCOPEDROUTING
- if ((error = in6_embedscope(&dst6.sin6_addr, &dst6, NULL, NULL))
- != 0)
- return(error);
- dst6.sin6_scope_id = 0; /* XXX */
-#endif
+ lck_mtx_lock(nd6_mutex);
+ for (pr = nd_prefix.lh_first; pr; pr = next) {
+ next = pr->ndpr_next;
+
+ NDPR_LOCK(pr);
+ if (pr->ndpr_ifp != ifp) {
+ NDPR_UNLOCK(pr);
+ continue;
+ }
+
+ if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
+ NDPR_UNLOCK(pr);
+ continue; /* XXX */
+ }
+
+ if (pr->ndpr_raf_auto == 0) {
+ NDPR_UNLOCK(pr);
+ continue;
+ }
+
+ if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
+ NDPR_UNLOCK(pr);
+ continue;
+ }
+
+ if ((pr->ndpr_stateflags & NDPRF_CLAT46) == 0
+ && pr->ndpr_vltime != 0) {
+ NDPR_ADDREF(pr); /* Take reference for rest of the processing */
+ NDPR_UNLOCK(pr);
+ break;
+ } else {
+ NDPR_UNLOCK(pr);
+ continue;
+ }
}
- /*
- * The destination address can be specified only for a p2p or a
- * loopback interface. If specified, the corresponding prefix length
- * must be 128.
- */
- if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
- if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
- /* XXX: noisy message */
- log(LOG_INFO, "in6_update_ifa: a destination can be "
- "specified for a p2p or a loopback IF only\n");
- return(EINVAL);
- }
- if (plen != 128) {
+ lck_mtx_unlock(nd6_mutex);
+
+ if (pr != NULL) {
+ if ((ia6 = in6_pfx_newpersistaddr(pr, FALSE, &error,
+ TRUE, CLAT46_COLLISION_COUNT_OFFSET)) == NULL) {
+ nd6log0(error,
+ "Could not configure CLAT46 address on"
+ " interface %s.\n", ifp->if_xname);
+ } else {
+ IFA_LOCK(&ia6->ia_ifa);
+ NDPR_LOCK(pr);
+ ia6->ia6_ndpr = pr;
+ NDPR_ADDREF(pr); /* for addr reference */
+ pr->ndpr_stateflags |= NDPRF_CLAT46;
+ pr->ndpr_addrcnt++;
+ VERIFY(pr->ndpr_addrcnt != 0);
+ NDPR_UNLOCK(pr);
+ IFA_UNLOCK(&ia6->ia_ifa);
+ IFA_REMREF(&ia6->ia_ifa);
+ ia6 = NULL;
/*
- * The following message seems noisy, but we dare to
- * add it for diagnosis.
+ * A newly added address might affect the status
+ * of other addresses, so we check and update it.
+ * XXX: what if address duplication happens?
*/
- log(LOG_INFO, "in6_update_ifa: prefixlen must be 128 "
- "when dstaddr is specified\n");
- return(EINVAL);
+ lck_mtx_lock(nd6_mutex);
+ pfxlist_onlink_check();
+ lck_mtx_unlock(nd6_mutex);
}
+ NDPR_REMREF(pr);
}
- /* lifetime consistency check */
+ return error;
+}
- getmicrotime(&timenow);
- lt = &ifra->ifra_lifetime;
- if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
- return EINVAL;
- }
- if (lt->ia6t_vltime == 0) {
- /*
- * the following log might be noisy, but this is a typical
- * configuration mistake or a tool's bug.
- */
- log(LOG_INFO,
- "in6_update_ifa: valid lifetime is 0 for %s\n",
- ip6_sprintf(&ifra->ifra_addr.sin6_addr));
- }
- if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
- && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
- return EINVAL;
- }
+#define ifa2ia6(ifa) ((struct in6_ifaddr *)(void *)(ifa))
+
+/*
+ * Generic INET6 control operations (ioctl's).
+ *
+ * ifp is NULL if not an interface-specific ioctl.
+ *
+ * Most of the routines called to handle the ioctls would end up being
+ * tail-call optimized, which unfortunately causes this routine to
+ * consume too much stack space; this is the reason for the "noinline"
+ * attribute used on those routines.
+ *
+ * If called directly from within the networking stack (as opposed to via
+ * pru_control), the socket parameter may be NULL.
+ */
+int
+in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp,
+ struct proc *p)
+{
+ struct in6_ifreq *ifr = (struct in6_ifreq *)(void *)data;
+ struct in6_aliasreq sifra, *ifra = NULL;
+ struct in6_ifaddr *ia = NULL;
+ struct sockaddr_in6 sin6, *sa6 = NULL;
+ boolean_t privileged = (proc_suser(p) == 0);
+ boolean_t p64 = proc_is64bit(p);
+ boolean_t so_unlocked = FALSE;
+ int intval, error = 0;
+
+ /* In case it's NULL, make sure it came from the kernel */
+ VERIFY(so != NULL || p == kernproc);
/*
- * If this is a new address, allocate a new ifaddr and link it
- * into chains.
+ * ioctls which don't require ifp, may require socket.
*/
- if (ia == NULL) {
- hostIsNew = 1;
- /*
- * in6_update_ifa() may be called in a process of a received
- * RA; in such a case, we should call malloc with M_NOWAIT.
- * The exception to this is during init time or as part of
- * handling an ioctl, when we know it's okay to do M_WAITOK.
- */
- ia = in6_ifaddr_alloc(how);
- if (ia == NULL)
- return ENOBUFS;
- /* Initialize the address and masks */
- ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
- ia->ia_addr.sin6_family = AF_INET6;
- ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
- if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
- /*
- * XXX: some functions expect that ifa_dstaddr is not
- * NULL for p2p interfaces.
- */
- ia->ia_ifa.ifa_dstaddr
- = (struct sockaddr *)&ia->ia_dstaddr;
- } else {
- ia->ia_ifa.ifa_dstaddr = NULL;
+ switch (cmd) {
+ case SIOCAADDRCTL_POLICY: /* struct in6_addrpolicy */
+ case SIOCDADDRCTL_POLICY: /* struct in6_addrpolicy */
+ if (!privileged) {
+ return EPERM;
}
- ia->ia_ifa.ifa_netmask
- = (struct sockaddr *)&ia->ia_prefixmask;
-
- ia->ia_ifp = ifp;
- ifaref(&ia->ia_ifa);
- lck_mtx_lock(nd6_mutex);
- if ((oia = in6_ifaddrs) != NULL) {
- for ( ; oia->ia_next; oia = oia->ia_next)
- continue;
- oia->ia_next = ia;
- } else
- in6_ifaddrs = ia;
- lck_mtx_unlock(nd6_mutex);
-
- ifnet_lock_exclusive(ifp);
- if_attach_ifa(ifp, &ia->ia_ifa);
- ifnet_lock_done(ifp);
- }
+ return in6_src_ioctl(cmd, data);
+ /* NOTREACHED */
- /* set prefix mask */
- if (ifra->ifra_prefixmask.sin6_len) {
- /*
- * We prohibit changing the prefix length of an existing
- * address, because
- * + such an operation should be rare in IPv6, and
- * + the operation would confuse prefix management.
- */
- if (ia->ia_prefixmask.sin6_len &&
- in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
- log(LOG_INFO, "in6_update_ifa: the prefix length of an"
- " existing (%s) address should not be changed\n",
- ip6_sprintf(&ia->ia_addr.sin6_addr));
- error = EINVAL;
- goto unlink;
+ case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */
+ case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */
+ case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */
+ case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */
+ if (!privileged) {
+ return EPERM;
}
- ia->ia_prefixmask = ifra->ifra_prefixmask;
+ return defrtrlist_ioctl(cmd, data);
+ /* NOTREACHED */
+
+ case SIOCGASSOCIDS32: /* struct so_aidreq32 */
+ case SIOCGASSOCIDS64: /* struct so_aidreq64 */
+ return in6ctl_associd(so, cmd, data);
+ /* NOTREACHED */
+
+ case SIOCGCONNIDS32: /* struct so_cidreq32 */
+ case SIOCGCONNIDS64: /* struct so_cidreq64 */
+ return in6ctl_connid(so, cmd, data);
+ /* NOTREACHED */
+
+ case SIOCGCONNINFO32: /* struct so_cinforeq32 */
+ case SIOCGCONNINFO64: /* struct so_cinforeq64 */
+ return in6ctl_conninfo(so, cmd, data);
+ /* NOTREACHED */
}
/*
- * If a new destination address is specified, scrub the old one and
- * install the new destination. Note that the interface must be
- * p2p or loopback (see the check above.)
+ * The rest of ioctls require ifp; reject if we don't have one;
+ * return ENXIO to be consistent with ifioctl().
*/
- if (dst6.sin6_family == AF_INET6 &&
- !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr,
- &ia->ia_dstaddr.sin6_addr)) {
- int e;
-
- if ((ia->ia_flags & IFA_ROUTE) != 0 &&
- (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST))
- != 0) {
- log(LOG_ERR, "in6_update_ifa: failed to remove "
- "a route to the old destination: %s\n",
- ip6_sprintf(&ia->ia_addr.sin6_addr));
- /* proceed anyway... */
- }
- else
- ia->ia_flags &= ~IFA_ROUTE;
- ia->ia_dstaddr = dst6;
+ if (ifp == NULL) {
+ return ENXIO;
}
- /* reset the interface and routing table appropriately. */
- if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0)
- goto unlink;
+ /*
+ * Unlock the socket since ifnet_ioctl() may be invoked by
+ * one of the ioctl handlers below. Socket will be re-locked
+ * prior to returning.
+ */
+ if (so != NULL) {
+ socket_unlock(so, 0);
+ so_unlocked = TRUE;
+ }
/*
- * Beyond this point, we should call in6_purgeaddr upon an error,
- * not just go to unlink.
+ * ioctls which require ifp but not interface address.
*/
+ switch (cmd) {
+ case SIOCAUTOCONF_START: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ error = in6_autoconf(ifp, TRUE);
+ goto done;
-#if 0 /* disable this mechanism for now */
- /* update prefix list */
- if (hostIsNew &&
- (ifra->ifra_flags & IN6_IFF_NOPFX) == 0) { /* XXX */
- int iilen;
+ case SIOCAUTOCONF_STOP: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ error = in6_autoconf(ifp, FALSE);
+ goto done;
- iilen = (sizeof(ia->ia_prefixmask.sin6_addr) << 3) - plen;
- if ((error = in6_prefix_add_ifid(iilen, ia)) != 0) {
- in6_purgeaddr((struct ifaddr *)ia, 0);
- return(error);
+ case SIOCLL_START_32: /* struct in6_aliasreq_32 */
+ case SIOCLL_START_64: /* struct in6_aliasreq_64 */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
}
- }
-#endif
+ error = in6ctl_llstart(ifp, cmd, data);
+ goto done;
- if ((ifp->if_flags & IFF_MULTICAST) != 0) {
- struct sockaddr_in6 mltaddr, mltmask;
- struct in6_multi *in6m;
+ case SIOCLL_STOP: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ error = in6ctl_llstop(ifp);
+ goto done;
- if (hostIsNew) {
- /*
- * join solicited multicast addr for new host id
- */
- struct in6_addr llsol;
- bzero(&llsol, sizeof(struct in6_addr));
- llsol.s6_addr16[0] = htons(0xff02);
- llsol.s6_addr16[1] = htons(ifp->if_index);
- llsol.s6_addr32[1] = 0;
- llsol.s6_addr32[2] = htonl(1);
- llsol.s6_addr32[3] =
- ifra->ifra_addr.sin6_addr.s6_addr32[3];
- llsol.s6_addr8[12] = 0xff;
- (void)in6_addmulti(&llsol, ifp, &error, 0);
- if (error != 0) {
- log(LOG_WARNING,
- "in6_update_ifa: addmulti failed for "
- "%s on %s (errno=%d)\n",
- ip6_sprintf(&llsol), if_name(ifp),
- error);
- in6_purgeaddr((struct ifaddr *)ia, 0);
- return(error);
- }
+ case SIOCCLAT46_START: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ error = in6ctl_clat46start(ifp);
+ if (error == 0) {
+ if_set_eflags(ifp, IFEF_CLAT46);
}
+ goto done;
- bzero(&mltmask, sizeof(mltmask));
- mltmask.sin6_len = sizeof(struct sockaddr_in6);
- mltmask.sin6_family = AF_INET6;
- mltmask.sin6_addr = in6mask32;
+ case SIOCCLAT46_STOP: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
/*
- * join link-local all-nodes address
+ * Not much to be done here and it might not be needed
+ * It would usually be done when IPv6 configuration is being
+ * flushed.
+ * XXX Probably STOP equivalent is not needed here.
*/
- bzero(&mltaddr, sizeof(mltaddr));
- mltaddr.sin6_len = sizeof(struct sockaddr_in6);
- mltaddr.sin6_family = AF_INET6;
- mltaddr.sin6_addr = in6addr_linklocal_allnodes;
- mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
+ if_clear_eflags(ifp, IFEF_CLAT46);
+ goto done;
+ case SIOCGETROUTERMODE_IN6: /* struct in6_ifreq */
+ intval = ifp->if_ipv6_router_mode;
+ bcopy(&intval, &((struct in6_ifreq *)(void *)data)->ifr_intval,
+ sizeof(intval));
+ goto done;
+ case SIOCSETROUTERMODE_IN6: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ bcopy(&((struct in6_ifreq *)(void *)data)->ifr_intval,
+ &intval, sizeof(intval));
+ switch (intval) {
+ case IPV6_ROUTER_MODE_DISABLED:
+ case IPV6_ROUTER_MODE_EXCLUSIVE:
+ case IPV6_ROUTER_MODE_HYBRID:
+ break;
+ default:
+ error = EINVAL;
+ goto done;
+ }
+ error = in6_setrouter(ifp, (ipv6_router_mode_t)intval);
+ goto done;
- ifnet_lock_shared(ifp);
- IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
- ifnet_lock_done(ifp);
- if (in6m == NULL) {
- rtrequest(RTM_ADD,
- (struct sockaddr *)&mltaddr,
- (struct sockaddr *)&ia->ia_addr,
- (struct sockaddr *)&mltmask,
- RTF_UP|RTF_CLONING, /* xxx */
- (struct rtentry **)0);
- (void)in6_addmulti(&mltaddr.sin6_addr, ifp, &error, 0);
- if (error != 0) {
- log(LOG_WARNING,
- "in6_update_ifa: addmulti failed for "
- "%s on %s (errno=%d)\n",
- ip6_sprintf(&mltaddr.sin6_addr),
- if_name(ifp), error);
- }
+ case SIOCPROTOATTACH_IN6_32: /* struct in6_aliasreq_32 */
+ case SIOCPROTOATTACH_IN6_64: /* struct in6_aliasreq_64 */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ error = in6_domifattach(ifp);
+ goto done;
+
+ case SIOCPROTODETACH_IN6: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ /* Cleanup interface routes and addresses */
+ in6_purgeif(ifp);
+
+ if ((error = proto_unplumb(PF_INET6, ifp))) {
+ log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n",
+ if_name(ifp), error);
+ }
+ goto done;
+
+ case SIOCSNDFLUSH_IN6: /* struct in6_ifreq */
+ case SIOCSPFXFLUSH_IN6: /* struct in6_ifreq */
+ case SIOCSRTRFLUSH_IN6: /* struct in6_ifreq */
+ case SIOCSDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
+ case SIOCSDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
+ case SIOCSIFINFO_FLAGS: /* struct in6_ndireq */
+ case SIOCGIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
+ case SIOCGIFCGAPREP_IN6_64: /* struct in6_cgareq_64 */
+ case SIOCSIFCGAPREP_IN6_32: /* struct in6_cgareq_32 */
+ case SIOCSIFCGAPREP_IN6_64: /* struct in6_cgareq_32 */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ OS_FALLTHROUGH;
+ case OSIOCGIFINFO_IN6: /* struct in6_ondireq */
+ case SIOCGIFINFO_IN6: /* struct in6_ondireq */
+ case SIOCGDRLST_IN6_32: /* struct in6_drlist_32 */
+ case SIOCGDRLST_IN6_64: /* struct in6_drlist_64 */
+ case SIOCGPRLST_IN6_32: /* struct in6_prlist_32 */
+ case SIOCGPRLST_IN6_64: /* struct in6_prlist_64 */
+ case SIOCGNBRINFO_IN6_32: /* struct in6_nbrinfo_32 */
+ case SIOCGNBRINFO_IN6_64: /* struct in6_nbrinfo_64 */
+ case SIOCGDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */
+ case SIOCGDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */
+ error = nd6_ioctl(cmd, data, ifp);
+ goto done;
+
+ case SIOCSIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
+ case SIOCDIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
+ case SIOCAIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
+ case SIOCCIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
+ case SIOCSGIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */
+ case SIOCGIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */
+ log(LOG_NOTICE,
+ "prefix ioctls are now invalidated. "
+ "please use ifconfig.\n");
+ error = EOPNOTSUPP;
+ goto done;
+
+ case SIOCSSCOPE6: /* struct in6_ifreq (deprecated) */
+ case SIOCGSCOPE6: /* struct in6_ifreq (deprecated) */
+ case SIOCGSCOPE6DEF: /* struct in6_ifreq (deprecated) */
+ error = EOPNOTSUPP;
+ goto done;
+
+ case SIOCLL_CGASTART_32: /* struct in6_cgareq_32 */
+ case SIOCLL_CGASTART_64: /* struct in6_cgareq_64 */
+ if (!privileged) {
+ error = EPERM;
+ } else {
+ error = in6ctl_cgastart(ifp, cmd, data);
}
+ goto done;
+
+ case SIOCGIFSTAT_IN6: /* struct in6_ifreq */
+ case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */
+ error = in6ctl_gifstat(ifp, cmd, ifr);
+ goto done;
+ }
+ /*
+ * ioctls which require interface address; obtain sockaddr_in6.
+ */
+ switch (cmd) {
+ case SIOCSIFADDR_IN6: /* struct in6_ifreq (deprecated) */
+ case SIOCSIFDSTADDR_IN6: /* struct in6_ifreq (deprecated) */
+ case SIOCSIFNETMASK_IN6: /* struct in6_ifreq (deprecated) */
/*
- * join node information group address
+ * Since IPv6 allows a node to assign multiple addresses
+ * on a single interface, SIOCSIFxxx ioctls are deprecated.
*/
-#define hostnamelen strlen(hostname)
- if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
- == 0) {
- ifnet_lock_shared(ifp);
- IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
- ifnet_lock_done(ifp);
- if (in6m == NULL && ia != NULL) {
- (void)in6_addmulti(&mltaddr.sin6_addr,
- ifp, &error, 0);
- if (error != 0) {
- log(LOG_WARNING, "in6_update_ifa: "
- "addmulti failed for "
- "%s on %s (errno=%d)\n",
- ip6_sprintf(&mltaddr.sin6_addr),
- if_name(ifp), error);
- }
- }
- }
-#undef hostnamelen
+ /* we decided to obsolete this command (20000704) */
+ error = EOPNOTSUPP;
+ goto done;
+ case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
+ case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
/*
- * join node-local all-nodes address, on loopback.
- * XXX: since "node-local" is obsoleted by interface-local,
- * we have to join the group on every interface with
- * some interface-boundary restriction.
+ * Convert user ifra to the kernel form, when appropriate.
+ * This allows the conversion between different data models
+ * to be centralized, so that it can be passed around to other
+ * routines that are expecting the kernel form.
*/
- if (ifp->if_flags & IFF_LOOPBACK) {
- struct in6_ifaddr *ia_loop;
-
- struct in6_addr loop6 = in6addr_loopback;
- ia_loop = in6ifa_ifpwithaddr(ifp, &loop6);
-
- mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
-
- ifnet_lock_shared(ifp);
- IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
- ifnet_lock_done(ifp);
- if (in6m == NULL && ia_loop != NULL) {
- rtrequest(RTM_ADD,
- (struct sockaddr *)&mltaddr,
- (struct sockaddr *)&ia_loop->ia_addr,
- (struct sockaddr *)&mltmask,
- RTF_UP,
- (struct rtentry **)0);
- (void)in6_addmulti(&mltaddr.sin6_addr, ifp,
- &error, 0);
- if (error != 0) {
- log(LOG_WARNING, "in6_update_ifa: "
- "addmulti failed for %s on %s "
- "(errno=%d)\n",
- ip6_sprintf(&mltaddr.sin6_addr),
- if_name(ifp), error);
+ ifra = in6_aliasreq_to_native(data,
+ (cmd == SIOCAIFADDR_IN6_64), &sifra);
+ bcopy(&ifra->ifra_addr, &sin6, sizeof(sin6));
+ sa6 = &sin6;
+ break;
+
+ case SIOCDIFADDR_IN6: /* struct in6_ifreq */
+ case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
+ if (!privileged) {
+ error = EPERM;
+ goto done;
+ }
+ OS_FALLTHROUGH;
+ case SIOCGIFADDR_IN6: /* struct in6_ifreq */
+ case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
+ case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
+ case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
+ case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
+ bcopy(&ifr->ifr_addr, &sin6, sizeof(sin6));
+ sa6 = &sin6;
+ break;
+ case SIOCGIFDSTADDR:
+ case SIOCSIFDSTADDR:
+ case SIOCGIFBRDADDR:
+ case SIOCSIFBRDADDR:
+ case SIOCGIFNETMASK:
+ case SIOCSIFNETMASK:
+ case SIOCGIFADDR:
+ case SIOCSIFADDR:
+ case SIOCAIFADDR:
+ case SIOCDIFADDR:
+ /* Do not handle these AF_INET commands in AF_INET6 path */
+ error = EINVAL;
+ goto done;
+ }
+
+ /*
+ * Find address for this interface, if it exists.
+ *
+ * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
+ * only, and used the first interface address as the target of other
+ * operations (without checking ifra_addr). This was because netinet
+ * code/API assumed at most 1 interface address per interface.
+ * Since IPv6 allows a node to assign multiple addresses
+ * on a single interface, we almost always look and check the
+ * presence of ifra_addr, and reject invalid ones here.
+ * It also decreases duplicated code among SIOC*_IN6 operations.
+ */
+ VERIFY(ia == NULL);
+ if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
+ if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
+ if (sa6->sin6_addr.s6_addr16[1] == 0) {
+ /* link ID is not embedded by the user */
+ sa6->sin6_addr.s6_addr16[1] =
+ htons(ifp->if_index);
+ } else if (sa6->sin6_addr.s6_addr16[1] !=
+ htons(ifp->if_index)) {
+ error = EINVAL; /* link ID contradicts */
+ goto done;
+ }
+ if (sa6->sin6_scope_id) {
+ if (sa6->sin6_scope_id !=
+ (u_int32_t)ifp->if_index) {
+ error = EINVAL;
+ goto done;
}
+ sa6->sin6_scope_id = 0; /* XXX: good way? */
}
- if (ia_loop != NULL)
- ifafree(&ia_loop->ia_ifa);
}
+ /*
+ * Any failures from this point on must take into account
+ * a non-NULL "ia" with an outstanding reference count, and
+ * therefore requires IFA_REMREF. Jump to "done" label
+ * instead of calling return if "ia" is valid.
+ */
+ ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
}
- ia->ia6_flags = ifra->ifra_flags;
- ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /*safety*/
- ia->ia6_flags &= ~IN6_IFF_NODAD; /* Mobile IPv6 */
-
- ia->ia6_lifetime = ifra->ifra_lifetime;
- /* for sanity */
- if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
- ia->ia6_lifetime.ia6t_expire =
- timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
- } else
- ia->ia6_lifetime.ia6t_expire = 0;
- if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
- ia->ia6_lifetime.ia6t_preferred =
- timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
- } else
- ia->ia6_lifetime.ia6t_preferred = 0;
-
/*
- * make sure to initialize ND6 information. this is to workaround
- * issues with interfaces with IPv6 addresses, which have never brought
- * up. We are assuming that it is safe to nd6_ifattach multiple times.
+ * SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests.
*/
- if ((error = nd6_ifattach(ifp)) != 0)
- return error;
+ switch (cmd) {
+ case SIOCDIFADDR_IN6: /* struct in6_ifreq */
+ if (ia == NULL) {
+ error = EADDRNOTAVAIL;
+ goto done;
+ }
+ OS_FALLTHROUGH;
+ case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
+ case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
+ VERIFY(sa6 != NULL);
+ /*
+ * We always require users to specify a valid IPv6 address for
+ * the corresponding operation. Use "sa6" instead of "ifra"
+ * since SIOCDIFADDR_IN6 falls thru above.
+ */
+ if (sa6->sin6_family != AF_INET6 ||
+ sa6->sin6_len != sizeof(struct sockaddr_in6)) {
+ error = EAFNOSUPPORT;
+ goto done;
+ }
+ break;
+ }
/*
- * Perform DAD, if needed.
- * XXX It may be of use, if we can administratively
- * disable DAD.
+ * And finally process address-related ioctls.
*/
- if (in6if_do_dad(ifp) && (ifra->ifra_flags & IN6_IFF_NODAD) == 0) {
- ia->ia6_flags |= IN6_IFF_TENTATIVE;
- nd6_dad_start((struct ifaddr *)ia, NULL);
+ switch (cmd) {
+ case SIOCGIFADDR_IN6: /* struct in6_ifreq */
+ /* This interface is basically deprecated. use SIOCGIFCONF. */
+ /* FALLTHRU */
+ case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */
+ error = in6ctl_gifaddr(ifp, ia, cmd, ifr);
+ break;
+
+ case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */
+ if (ia != NULL) {
+ IFA_LOCK(&ia->ia_ifa);
+ bcopy(&ia->ia_prefixmask, &ifr->ifr_addr,
+ sizeof(struct sockaddr_in6));
+ IFA_UNLOCK(&ia->ia_ifa);
+ } else {
+ error = EADDRNOTAVAIL;
+ }
+ break;
+
+ case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */
+ if (ia != NULL) {
+ IFA_LOCK(&ia->ia_ifa);
+ bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6,
+ sizeof(ifr->ifr_ifru.ifru_flags6));
+ IFA_UNLOCK(&ia->ia_ifa);
+ } else {
+ error = EADDRNOTAVAIL;
+ }
+ break;
+
+ case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */
+ case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */
+ error = in6ctl_alifetime(ia, cmd, ifr, p64);
+ break;
+
+ case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */
+ case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */
+ error = in6ctl_aifaddr(ifp, ifra);
+ break;
+
+ case SIOCDIFADDR_IN6:
+ in6ctl_difaddr(ifp, ia);
+ break;
+
+ default:
+ error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
+ break;
}
- return(error);
+done:
+ if (ia != NULL) {
+ IFA_REMREF(&ia->ia_ifa);
+ }
+ if (so_unlocked) {
+ socket_lock(so, 0);
+ }
- unlink:
- /*
- * XXX: if a change of an existing address failed, keep the entry
- * anyway.
- */
- if (hostIsNew)
- in6_unlink_ifa(ia, ifp, 0);
- return(error);
+ return error;
}
-void
-in6_purgeaddr(
- struct ifaddr *ifa, int nd6_locked)
+static __attribute__((noinline)) int
+in6ctl_aifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra)
{
- struct ifnet *ifp = ifa->ifa_ifp;
- struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
+ int i, error, addtmp;
+ uint8_t plen;
+ struct nd_prefix pr0, *pr;
+ struct in6_ifaddr *ia;
- /* stop DAD processing */
- nd6_dad_stop(ifa);
+ VERIFY(ifp != NULL && ifra != NULL);
+ ia = NULL;
+
+ /* Attempt to attach the protocol, in case it isn't attached */
+ error = in6_domifattach(ifp);
+ if (error == 0) {
+ /* PF_INET6 wasn't previously attached */
+ error = in6_ifattach_aliasreq(ifp, NULL, NULL);
+ if (error != 0) {
+ goto done;
+ }
+
+ in6_if_up_dad_start(ifp);
+ } else if (error != EEXIST) {
+ goto done;
+ }
/*
- * delete route to the destination of the address being purged.
- * The interface must be p2p or loopback in this case.
+ * First, make or update the interface address structure, and link it
+ * to the list.
*/
- if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) {
- int e;
+ error = in6_update_ifa(ifp, ifra, 0, &ia);
+ if (error != 0) {
+ goto done;
+ }
+ VERIFY(ia != NULL);
- if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST))
- != 0) {
- log(LOG_ERR, "in6_purgeaddr: failed to remove "
- "a route to the p2p destination: %s on %s, "
- "errno=%d\n",
- ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
- e);
- /* proceed anyway... */
- }
- else
- ia->ia_flags &= ~IFA_ROUTE;
+ /* Now, make the prefix on-link on the interface. */
+ plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
+ if (plen == 128) {
+ goto done;
}
- /* Remove ownaddr's loopback rtentry, if it exists. */
- in6_ifremloop(&(ia->ia_ifa), nd6_locked);
+ /*
+ * NOTE: We'd rather create the prefix before the address, but we need
+ * at least one address to install the corresponding interface route,
+ * so we configure the address first.
+ */
+
+ /*
+ * Convert mask to prefix length (prefixmask has already been validated
+ * in in6_update_ifa().
+ */
+ bzero(&pr0, sizeof(pr0));
+ pr0.ndpr_plen = plen;
+ pr0.ndpr_ifp = ifp;
+ pr0.ndpr_prefix = ifra->ifra_addr;
+ pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
+
+ /* apply the mask for safety. */
+ for (i = 0; i < 4; i++) {
+ pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
+ ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
+ }
- if (ifp->if_flags & IFF_MULTICAST) {
+ /*
+ * Since we don't have an API to set prefix (not address) lifetimes, we
+ * just use the same lifetimes as addresses. The (temporarily)
+ * installed lifetimes can be overridden by later advertised RAs (when
+ * accept_rtadv is non 0), which is an intended behavior.
+ */
+ pr0.ndpr_raf_onlink = 1; /* should be configurable? */
+ pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF);
+ if (ifra->ifra_flags & (IN6_IFF_AUTOCONF | IN6_IFF_DYNAMIC)) {
+ pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
+ pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
+ } else {
+ pr0.ndpr_vltime = ND6_INFINITE_LIFETIME;
+ pr0.ndpr_pltime = ND6_INFINITE_LIFETIME;
+ }
+ pr0.ndpr_stateflags |= NDPRF_STATIC;
+ lck_mtx_init(&pr0.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
+
+ /* add the prefix if there's none. */
+ if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_NEVER)) == NULL) {
/*
- * delete solicited multicast addr for deleting host id
+ * nd6_prelist_add will install the corresponding interface
+ * route.
*/
- struct in6_multi *in6m;
- struct in6_addr llsol;
- bzero(&llsol, sizeof(struct in6_addr));
- llsol.s6_addr16[0] = htons(0xff02);
- llsol.s6_addr16[1] = htons(ifp->if_index);
- llsol.s6_addr32[1] = 0;
- llsol.s6_addr32[2] = htonl(1);
- llsol.s6_addr32[3] =
- ia->ia_addr.sin6_addr.s6_addr32[3];
- llsol.s6_addr8[12] = 0xff;
+ error = nd6_prelist_add(&pr0, NULL, &pr, FALSE);
+ if (error != 0) {
+ goto done;
+ }
- ifnet_lock_shared(ifp);
- IN6_LOOKUP_MULTI(llsol, ifp, in6m);
- ifnet_lock_done(ifp);
- if (in6m)
- in6_delmulti(in6m, nd6_locked);
+ if (pr == NULL) {
+ log(LOG_ERR, "%s: nd6_prelist_add okay, but"
+ " no prefix.\n", __func__);
+ error = EINVAL;
+ goto done;
+ }
}
- in6_unlink_ifa(ia, ifp, nd6_locked);
- in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia);
-}
-
-static void
-in6_unlink_ifa(ia, ifp, nd6_locked)
- struct in6_ifaddr *ia;
- struct ifnet *ifp;
- int nd6_locked;
-{
- int plen, iilen;
- struct in6_ifaddr *oia;
+ IFA_LOCK(&ia->ia_ifa);
- ifnet_lock_exclusive(ifp);
- if_detach_ifa(ifp, &ia->ia_ifa);
- ifnet_lock_done(ifp);
+ /* if this is a new autoconfed addr */
+ addtmp = FALSE;
+ if (ia->ia6_ndpr == NULL) {
+ NDPR_LOCK(pr);
+ ++pr->ndpr_addrcnt;
+ VERIFY(pr->ndpr_addrcnt != 0);
+ ia->ia6_ndpr = pr;
+ NDPR_ADDREF(pr); /* for addr reference */
- if (!nd6_locked)
- lck_mtx_lock(nd6_mutex);
- oia = ia;
- if (oia == (ia = in6_ifaddrs))
- in6_ifaddrs = ia->ia_next;
- else {
- while (ia->ia_next && (ia->ia_next != oia))
- ia = ia->ia_next;
- if (ia->ia_next)
- ia->ia_next = oia->ia_next;
- else {
- /* search failed */
- printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n");
+ /*
+ * If this is the first autoconf address from the prefix,
+ * create a temporary address as well (when specified).
+ */
+ if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
+ ip6_use_tempaddr &&
+ pr->ndpr_addrcnt == 1) {
+ addtmp = true;
}
+ NDPR_UNLOCK(pr);
}
- if (oia->ia6_ifpr) { /* check for safety */
- plen = in6_mask2len(&oia->ia_prefixmask.sin6_addr, NULL);
- iilen = (sizeof(oia->ia_prefixmask.sin6_addr) << 3) - plen;
- in6_prefix_remove_ifid(iilen, oia);
+
+ IFA_UNLOCK(&ia->ia_ifa);
+
+ if (addtmp) {
+ int e;
+ e = in6_tmpifadd(ia, 1);
+ if (e != 0) {
+ log(LOG_NOTICE, "%s: failed to create a"
+ " temporary address, error=%d\n",
+ __func__, e);
+ }
}
/*
- * When an autoconfigured address is being removed, release the
- * reference to the base prefix. Also, since the release might
- * affect the status of other (detached) addresses, call
- * pfxlist_onlink_check().
+ * This might affect the status of autoconfigured addresses, that is,
+ * this address might make other addresses detached.
*/
- if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
- if (oia->ia6_ndpr == NULL) {
- log(LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address "
- "%p has no prefix\n", oia);
- } else {
- oia->ia6_ndpr->ndpr_refcnt--;
- oia->ia6_flags &= ~IN6_IFF_AUTOCONF;
- oia->ia6_ndpr = NULL;
- }
+ lck_mtx_lock(nd6_mutex);
+ pfxlist_onlink_check();
+ lck_mtx_unlock(nd6_mutex);
- pfxlist_onlink_check(1);
+ /* Drop use count held above during lookup/add */
+ NDPR_REMREF(pr);
+
+done:
+ if (ia != NULL) {
+ IFA_REMREF(&ia->ia_ifa);
}
- if (!nd6_locked)
- lck_mtx_unlock(nd6_mutex);
+ return error;
+}
+
+static __attribute__((noinline)) void
+in6ctl_difaddr(struct ifnet *ifp, struct in6_ifaddr *ia)
+{
+ int i = 0;
+ struct nd_prefix pr0, *pr;
+ VERIFY(ifp != NULL && ia != NULL);
/*
- * release another refcnt for the link from in6_ifaddrs.
- * Note that we should decrement the refcnt at least once for all *BSD.
+ * If the address being deleted is the only one that owns
+ * the corresponding prefix, expire the prefix as well.
+ * XXX: theoretically, we don't have to worry about such
+ * relationship, since we separate the address management
+ * and the prefix management. We do this, however, to provide
+ * as much backward compatibility as possible in terms of
+ * the ioctl operation.
+ * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
*/
- ifafree(&oia->ia_ifa);
+ IFA_LOCK(&ia->ia_ifa);
+ bzero(&pr0, sizeof(pr0));
+ pr0.ndpr_ifp = ifp;
+ pr0.ndpr_plen = (uint8_t)in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
+ if (pr0.ndpr_plen == 128) {
+ IFA_UNLOCK(&ia->ia_ifa);
+ goto purgeaddr;
+ }
+ pr0.ndpr_prefix = ia->ia_addr;
+ pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
+ for (i = 0; i < 4; i++) {
+ pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
+ ia->ia_prefixmask.sin6_addr.s6_addr32[i];
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+
+ if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
+ IFA_LOCK(&ia->ia_ifa);
+ NDPR_LOCK(pr);
+ if (pr->ndpr_addrcnt == 1) {
+ /* XXX: just for expiration */
+ pr->ndpr_expire = 1;
+ }
+ NDPR_UNLOCK(pr);
+ IFA_UNLOCK(&ia->ia_ifa);
+
+ /* Drop use count held above during lookup */
+ NDPR_REMREF(pr);
+ }
+purgeaddr:
+ in6_purgeaddr(&ia->ia_ifa);
}
-void
-in6_purgeif(ifp)
- struct ifnet *ifp;
+static __attribute__((noinline)) int
+in6_autoconf(struct ifnet *ifp, int enable)
{
- struct in6_ifaddr *ia, *nia = NULL;
+ int error = 0;
- if (ifp == NULL || &ifp->if_addrlist == NULL)
- return;
-
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia != NULL; ia = nia)
- {
- nia = ia->ia_next;
- if (ia->ia_ifa.ifa_ifp != ifp)
- continue;
- in6_purgeaddr(&ia->ia_ifa, 1);
+ VERIFY(ifp != NULL);
+
+ if (ifp->if_flags & IFF_LOOPBACK) {
+ return EINVAL;
}
- lck_mtx_unlock(nd6_mutex);
- in6_ifdetach(ifp);
+ if (enable) {
+ /*
+ * An interface in IPv6 router mode implies that it
+ * is either configured with a static IP address or
+ * autoconfigured via a locally-generated RA. Prevent
+ * SIOCAUTOCONF_START from being set in that mode.
+ */
+ ifnet_lock_exclusive(ifp);
+ if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
+ if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
+ error = EBUSY;
+ } else {
+ if_set_eflags(ifp, IFEF_ACCEPT_RTADV);
+ }
+ ifnet_lock_done(ifp);
+ } else {
+ struct in6_ifaddr *ia = NULL;
+
+ if_clear_eflags(ifp, IFEF_ACCEPT_RTADV);
+
+ /* Remove autoconfigured address from interface */
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ boolean_t from_begining = TRUE;
+ while (from_begining) {
+ from_begining = FALSE;
+ TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
+ if (ia->ia_ifa.ifa_ifp != ifp) {
+ continue;
+ }
+ IFA_LOCK(&ia->ia_ifa);
+ if (ia->ia6_flags & IN6_IFF_AUTOCONF) {
+ IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
+ in6_purgeaddr(&ia->ia_ifa);
+ IFA_REMREF(&ia->ia_ifa); /* for us */
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ /*
+ * Purging the address caused in6_ifaddr_rwlock
+ * to be dropped and reacquired;
+ * therefore search again from the beginning
+ * of in6_ifaddrs list.
+ */
+ from_begining = TRUE;
+ break;
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+ }
+ }
+ lck_rw_done(&in6_ifaddr_rwlock);
+ }
+ return error;
}
/*
- * SIOC[GAD]LIFADDR.
- * SIOCGLIFADDR: get first address. (?)
- * SIOCGLIFADDR with IFLR_PREFIX:
- * get first address that matches the specified prefix.
- * SIOCALIFADDR: add the specified address.
- * SIOCALIFADDR with IFLR_PREFIX:
- * add the specified prefix, filling hostaddr part from
- * the first link-local address. prefixlen must be <= 64.
- * SIOCDLIFADDR: delete the specified address.
- * SIOCDLIFADDR with IFLR_PREFIX:
- * delete the first address that matches the specified prefix.
- * return values:
- * EINVAL on invalid parameters
- * EADDRNOTAVAIL on prefix match failed/specified address not found
- * other values may be returned from in6_ioctl()
- *
- * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64.
- * this is to accomodate address naming scheme other than RFC2374,
- * in the future.
- * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374
- * address encoding scheme. (see figure on page 8)
+ * Handle SIOCSETROUTERMODE_IN6 to set the IPv6 router mode on the interface
+ * Entering or exiting IPV6_ROUTER_MODE_EXCLUSIVE will result in the removal of
+ * autoconfigured IPv6 addresses on the interface.
*/
-static int
-in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data,
- struct ifnet *ifp, struct proc *p)
+static __attribute__((noinline)) int
+in6_setrouter(struct ifnet *ifp, ipv6_router_mode_t mode)
{
- struct if_laddrreq *iflr = (struct if_laddrreq *)data;
- struct ifaddr *ifa = NULL;
- struct sockaddr *sa;
- int p64 = proc_is64bit(p);
+ int error = 0;
+ ipv6_router_mode_t prev_mode;
- /* sanity checks */
- if (!data || !ifp) {
- panic("invalid argument to in6_lifaddr_ioctl");
- /*NOTRECHED*/
+ VERIFY(ifp != NULL);
+
+ if (ifp->if_flags & IFF_LOOPBACK) {
+ return ENODEV;
}
- switch (cmd) {
- case SIOCGLIFADDR:
- /* address must be specified on GET with IFLR_PREFIX */
- if ((iflr->flags & IFLR_PREFIX) == 0)
- break;
- /* FALLTHROUGH */
- case SIOCALIFADDR:
- case SIOCDLIFADDR:
- /* address must be specified on ADD and DELETE */
- sa = (struct sockaddr *)&iflr->addr;
- if (sa->sa_family != AF_INET6)
- return EINVAL;
- if (sa->sa_len != sizeof(struct sockaddr_in6))
- return EINVAL;
- /* XXX need improvement */
- sa = (struct sockaddr *)&iflr->dstaddr;
- if (sa->sa_family && sa->sa_family != AF_INET6)
- return EINVAL;
- if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6))
- return EINVAL;
- break;
- default: /* shouldn't happen */
-#if 0
- panic("invalid cmd to in6_lifaddr_ioctl");
- /* NOTREACHED */
-#else
- return EOPNOTSUPP;
-#endif
+ prev_mode = ifp->if_ipv6_router_mode;
+ if (prev_mode == mode) {
+ /* no mode change, there's nothing to do */
+ return 0;
+ }
+ if (mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
+ struct nd_ifinfo *ndi = NULL;
+
+ ndi = ND_IFINFO(ifp);
+ if (ndi != NULL && ndi->initialized) {
+ lck_mtx_lock(&ndi->lock);
+ if (ndi->flags & ND6_IFF_PROXY_PREFIXES) {
+ /* No proxy if we are an advertising router */
+ ndi->flags &= ~ND6_IFF_PROXY_PREFIXES;
+ lck_mtx_unlock(&ndi->lock);
+ (void) nd6_if_prproxy(ifp, FALSE);
+ } else {
+ lck_mtx_unlock(&ndi->lock);
+ }
+ }
}
- if (sizeof(struct in6_addr) * 8 < iflr->prefixlen)
- return EINVAL;
- switch (cmd) {
- case SIOCALIFADDR:
- {
- struct in6_aliasreq ifra;
- struct in6_addr hostaddr;
- int prefixlen;
- int hostid_found = 0;
+ ifp->if_ipv6_router_mode = mode;
+ lck_mtx_lock(nd6_mutex);
+ defrouter_select(ifp, NULL);
+ lck_mtx_unlock(nd6_mutex);
+ if_allmulti(ifp, (mode == IPV6_ROUTER_MODE_EXCLUSIVE));
+ if (mode == IPV6_ROUTER_MODE_EXCLUSIVE ||
+ (prev_mode == IPV6_ROUTER_MODE_EXCLUSIVE
+ && mode == IPV6_ROUTER_MODE_DISABLED)) {
+ error = in6_autoconf(ifp, FALSE);
+ }
+ return error;
+}
- if ((iflr->flags & IFLR_PREFIX) != 0) {
- struct sockaddr_in6 *sin6;
+static int
+in6_to_kamescope(struct sockaddr_in6 *sin6, struct ifnet *ifp)
+{
+ struct sockaddr_in6 tmp;
+ int error, id;
- /*
- * hostaddr is to fill in the hostaddr part of the
- * address. hostaddr points to the first link-local
- * address attached to the interface.
- */
- ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0);
- if (!ifa)
- return EADDRNOTAVAIL;
- hostaddr = *IFA_IN6(ifa);
- hostid_found = 1;
- ifafree(ifa);
- ifa = NULL;
-
- /* prefixlen must be <= 64. */
- if (64 < iflr->prefixlen)
- return EINVAL;
- prefixlen = iflr->prefixlen;
-
- /* hostaddr part must be zero. */
- sin6 = (struct sockaddr_in6 *)&iflr->addr;
- if (sin6->sin6_addr.s6_addr32[2] != 0
- || sin6->sin6_addr.s6_addr32[3] != 0) {
- return EINVAL;
- }
- } else
- prefixlen = iflr->prefixlen;
-
- /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */
- bzero(&ifra, sizeof(ifra));
- bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name));
-
- bcopy(&iflr->addr, &ifra.ifra_addr,
- ((struct sockaddr *)&iflr->addr)->sa_len);
- if (hostid_found) {
- /* fill in hostaddr part */
- ifra.ifra_addr.sin6_addr.s6_addr32[2] =
- hostaddr.s6_addr32[2];
- ifra.ifra_addr.sin6_addr.s6_addr32[3] =
- hostaddr.s6_addr32[3];
- }
-
- if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/
- bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr,
- ((struct sockaddr *)&iflr->dstaddr)->sa_len);
- if (hostid_found) {
- ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] =
- hostaddr.s6_addr32[2];
- ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] =
- hostaddr.s6_addr32[3];
- }
- }
+ VERIFY(sin6 != NULL);
+ tmp = *sin6;
- ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
- in6_len2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen);
+ error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp);
+ if (error != 0) {
+ return error;
+ }
- ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX;
- if (!p64) {
-#if defined(__LP64__)
- struct in6_aliasreq_32 ifra_32;
- /*
- * Use 32-bit ioctl and structure for 32-bit process.
- */
- in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)&ifra,
- &ifra_32);
- return (in6_control(so, SIOCAIFADDR_IN6_32,
- (caddr_t)&ifra_32, ifp, p));
-#else
- return (in6_control(so, SIOCAIFADDR_IN6,
- (caddr_t)&ifra, ifp, p));
-#endif /* __LP64__ */
+ id = in6_addr2scopeid(ifp, &tmp.sin6_addr);
+ if (tmp.sin6_scope_id == 0) {
+ tmp.sin6_scope_id = id;
+ } else if (tmp.sin6_scope_id != id) {
+ return EINVAL; /* scope ID mismatch. */
+ }
+ error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL);
+ if (error != 0) {
+ return error;
+ }
+
+ tmp.sin6_scope_id = 0;
+ *sin6 = tmp;
+ return 0;
+}
+
+/*
+ * When the address is being configured we should clear out certain flags
+ * coming in from the caller.
+ */
+#define IN6_IFF_CLR_ADDR_FLAG_MASK (~(IN6_IFF_DEPRECATED | IN6_IFF_DETACHED | IN6_IFF_DUPLICATED))
+
+static int
+in6_ifaupdate_aux(struct in6_ifaddr *ia, struct ifnet *ifp, int ifaupflags)
+{
+ struct sockaddr_in6 mltaddr, mltmask;
+ struct in6_addr llsol;
+ struct ifaddr *ifa;
+ struct in6_multi *in6m_sol;
+ struct in6_multi_mship *imm;
+ struct rtentry *rt;
+ int delay, error = 0;
+
+ VERIFY(ifp != NULL && ia != NULL);
+ ifa = &ia->ia_ifa;
+ in6m_sol = NULL;
+
+ nd6log2(debug, "%s - %s ifp %s ia6_flags 0x%x ifaupflags 0x%x\n",
+ __func__,
+ ip6_sprintf(&ia->ia_addr.sin6_addr),
+ if_name(ia->ia_ifp),
+ ia->ia6_flags,
+ ifaupflags);
+
+ /*
+ * Just to be safe, always clear certain flags when address
+ * is being configured
+ */
+ ia->ia6_flags &= IN6_IFF_CLR_ADDR_FLAG_MASK;
+
+ /*
+ * Mark the address as tentative before joining multicast addresses,
+ * so that corresponding MLD responses would not have a tentative
+ * source address.
+ */
+ if (in6if_do_dad(ifp)) {
+ in6_ifaddr_set_dadprogress(ia);
+ /*
+ * Do not delay sending neighbor solicitations when using optimistic
+ * duplicate address detection, c.f. RFC 4429.
+ */
+ if (ia->ia6_flags & IN6_IFF_OPTIMISTIC) {
+ ifaupflags &= ~IN6_IFAUPDATE_DADDELAY;
} else {
-#if defined(__LP64__)
- return (in6_control(so, SIOCAIFADDR_IN6,
- (caddr_t)&ifra, ifp, p));
-#else
- struct in6_aliasreq_64 ifra_64;
+ ifaupflags |= IN6_IFAUPDATE_DADDELAY;
+ }
+ } else {
+ /*
+ * If the interface has been marked to not perform
+ * DAD, make sure to reset DAD in progress flags
+ * that may come in from the caller.
+ */
+ ia->ia6_flags &= ~IN6_IFF_DADPROGRESS;
+ }
+
+ /* Join necessary multicast groups */
+ if ((ifp->if_flags & IFF_MULTICAST) != 0) {
+ /* join solicited multicast addr for new host id */
+ bzero(&llsol, sizeof(struct in6_addr));
+ llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
+ llsol.s6_addr32[1] = 0;
+ llsol.s6_addr32[2] = htonl(1);
+ llsol.s6_addr32[3] = ia->ia_addr.sin6_addr.s6_addr32[3];
+ llsol.s6_addr8[12] = 0xff;
+ if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) {
+ /* XXX: should not happen */
+ log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
+ goto unwind;
+ }
+ delay = 0;
+ if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
/*
- * Use 64-bit ioctl and structure for 64-bit process.
+ * We need a random delay for DAD on the address
+ * being configured. It also means delaying
+ * transmission of the corresponding MLD report to
+ * avoid report collision. [RFC 4862]
*/
- in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)&ifra,
- &ifra_64);
- return (in6_control(so, SIOCAIFADDR_IN6_64,
- (caddr_t)&ifra_64, ifp, p));
-#endif /* __LP64__ */
+ delay = random() % MAX_RTR_SOLICITATION_DELAY;
}
- /* NOTREACHED */
- }
- case SIOCGLIFADDR:
- case SIOCDLIFADDR:
- {
- struct in6_ifaddr *ia;
- struct in6_addr mask, candidate, match;
- struct sockaddr_in6 *sin6;
- int cmp;
-
- bzero(&mask, sizeof(mask));
- if (iflr->flags & IFLR_PREFIX) {
- /* lookup a prefix rather than address. */
- in6_len2mask(&mask, iflr->prefixlen);
-
- sin6 = (struct sockaddr_in6 *)&iflr->addr;
- bcopy(&sin6->sin6_addr, &match, sizeof(match));
- match.s6_addr32[0] &= mask.s6_addr32[0];
- match.s6_addr32[1] &= mask.s6_addr32[1];
- match.s6_addr32[2] &= mask.s6_addr32[2];
- match.s6_addr32[3] &= mask.s6_addr32[3];
-
- /* if you set extra bits, that's wrong */
- if (bcmp(&match, &sin6->sin6_addr, sizeof(match)))
- return EINVAL;
-
- cmp = 1;
- } else {
- if (cmd == SIOCGLIFADDR) {
- /* on getting an address, take the 1st match */
- cmp = 0; /* XXX */
- } else {
- /* on deleting an address, do exact match */
- in6_len2mask(&mask, 128);
- sin6 = (struct sockaddr_in6 *)&iflr->addr;
- bcopy(&sin6->sin6_addr, &match, sizeof(match));
+ imm = in6_joingroup(ifp, &llsol, &error, delay);
+ if (imm == NULL) {
+ nd6log(info,
+ "%s: addmulti failed for %s on %s (errno=%d)\n",
+ __func__, ip6_sprintf(&llsol), if_name(ifp),
+ error);
+ VERIFY(error != 0);
+ goto unwind;
+ }
+ in6m_sol = imm->i6mm_maddr;
+ /* take a refcount for this routine */
+ IN6M_ADDREF(in6m_sol);
- cmp = 1;
+ IFA_LOCK_SPIN(ifa);
+ LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
+ IFA_UNLOCK(ifa);
+
+ bzero(&mltmask, sizeof(mltmask));
+ mltmask.sin6_len = sizeof(struct sockaddr_in6);
+ mltmask.sin6_family = AF_INET6;
+ mltmask.sin6_addr = in6mask32;
+#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */
+
+ /*
+ * join link-local all-nodes address
+ */
+ bzero(&mltaddr, sizeof(mltaddr));
+ mltaddr.sin6_len = sizeof(struct sockaddr_in6);
+ mltaddr.sin6_family = AF_INET6;
+ mltaddr.sin6_addr = in6addr_linklocal_allnodes;
+ if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) {
+ goto unwind; /* XXX: should not fail */
+ }
+ /*
+ * XXX: do we really need this automatic routes?
+ * We should probably reconsider this stuff. Most applications
+ * actually do not need the routes, since they usually specify
+ * the outgoing interface.
+ */
+ rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
+ ia->ia_ifp->if_index);
+ if (rt) {
+ if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
+ (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
+ rtfree(rt);
+ rt = NULL;
}
}
+ if (!rt) {
+ error = rtrequest_scoped(RTM_ADD,
+ (struct sockaddr *)&mltaddr,
+ (struct sockaddr *)&ia->ia_addr,
+ (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
+ NULL, ia->ia_ifp->if_index);
+ if (error) {
+ goto unwind;
+ }
+ } else {
+ rtfree(rt);
+ }
- ifnet_lock_shared(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- if (!cmp)
- break;
+ imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
+ if (!imm) {
+ nd6log(info,
+ "%s: addmulti failed for %s on %s (errno=%d)\n",
+ __func__, ip6_sprintf(&mltaddr.sin6_addr),
+ if_name(ifp), error);
+ VERIFY(error != 0);
+ goto unwind;
+ }
+ IFA_LOCK_SPIN(ifa);
+ LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
+ IFA_UNLOCK(ifa);
- bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate));
-#ifndef SCOPEDROUTING
+ /*
+ * join node information group address
+ */
+#define hostnamelen strlen(hostname)
+ delay = 0;
+ if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
/*
- * XXX: this is adhoc, but is necessary to allow
- * a user to specify fe80::/64 (not /10) for a
- * link-local address.
+ * The spec doesn't say anything about delay for this
+ * group, but the same logic should apply.
*/
- if (IN6_IS_ADDR_LINKLOCAL(&candidate))
- candidate.s6_addr16[1] = 0;
-#endif
- candidate.s6_addr32[0] &= mask.s6_addr32[0];
- candidate.s6_addr32[1] &= mask.s6_addr32[1];
- candidate.s6_addr32[2] &= mask.s6_addr32[2];
- candidate.s6_addr32[3] &= mask.s6_addr32[3];
- if (IN6_ARE_ADDR_EQUAL(&candidate, &match))
- break;
+ delay = random() % MAX_RTR_SOLICITATION_DELAY;
}
- ifnet_lock_done(ifp);
- if (!ifa)
- return EADDRNOTAVAIL;
- ia = ifa2ia6(ifa);
-
- if (cmd == SIOCGLIFADDR) {
-#ifndef SCOPEDROUTING
- struct sockaddr_in6 *s6;
-#endif
+ lck_mtx_lock(&hostname_lock);
+ int n = in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr);
+ lck_mtx_unlock(&hostname_lock);
+ if (n == 0) {
+ imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
+ delay); /* XXX jinmei */
+ if (!imm) {
+ nd6log(info,
+ "%s: addmulti failed for %s on %s "
+ "(errno=%d)\n",
+ __func__, ip6_sprintf(&mltaddr.sin6_addr),
+ if_name(ifp), error);
+ /* XXX not very fatal, go on... */
+ error = 0;
+ } else {
+ IFA_LOCK_SPIN(ifa);
+ LIST_INSERT_HEAD(&ia->ia6_memberships,
+ imm, i6mm_chain);
+ IFA_UNLOCK(ifa);
+ }
+ }
+#undef hostnamelen
- /* fill in the if_laddrreq structure */
- bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len);
-#ifndef SCOPEDROUTING /* XXX see above */
- s6 = (struct sockaddr_in6 *)&iflr->addr;
- if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) {
- s6->sin6_addr.s6_addr16[1] = 0;
- s6->sin6_scope_id =
- in6_addr2scopeid(ifp, &s6->sin6_addr);
+ /*
+ * join interface-local all-nodes address.
+ * (ff01::1%ifN, and ff01::%ifN/32)
+ */
+ mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
+ if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) {
+ goto unwind; /* XXX: should not fail */
+ }
+ /* XXX: again, do we really need the route? */
+ rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
+ ia->ia_ifp->if_index);
+ if (rt) {
+ if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
+ (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
+ rtfree(rt);
+ rt = NULL;
}
-#endif
- if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
- bcopy(&ia->ia_dstaddr, &iflr->dstaddr,
- ia->ia_dstaddr.sin6_len);
-#ifndef SCOPEDROUTING /* XXX see above */
- s6 = (struct sockaddr_in6 *)&iflr->dstaddr;
- if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) {
- s6->sin6_addr.s6_addr16[1] = 0;
- s6->sin6_scope_id =
- in6_addr2scopeid(ifp,
- &s6->sin6_addr);
- }
-#endif
- } else
- bzero(&iflr->dstaddr, sizeof(iflr->dstaddr));
+ }
+ if (!rt) {
+ error = rtrequest_scoped(RTM_ADD,
+ (struct sockaddr *)&mltaddr,
+ (struct sockaddr *)&ia->ia_addr,
+ (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
+ NULL, ia->ia_ifp->if_index);
+ if (error) {
+ goto unwind;
+ }
+ } else {
+ rtfree(rt);
+ }
- iflr->prefixlen =
- in6_mask2len(&ia->ia_prefixmask.sin6_addr,
- NULL);
+ imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
+ if (!imm) {
+ nd6log(info,
+ "%s: addmulti failed for %s on %s (errno=%d)\n",
+ __func__, ip6_sprintf(&mltaddr.sin6_addr),
+ if_name(ifp), error);
+ VERIFY(error != 0);
+ goto unwind;
+ }
+ IFA_LOCK(ifa);
+ LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
+ IFA_UNLOCK(ifa);
+#undef MLTMASK_LEN
- iflr->flags = ia->ia6_flags; /* XXX */
+ /*
+ * create a ff00::/8 route
+ */
+ bzero(&mltmask, sizeof(mltmask));
+ mltmask.sin6_len = sizeof(struct sockaddr_in6);
+ mltmask.sin6_family = AF_INET6;
+ mltmask.sin6_addr = in6mask8;
+#define MLTMASK_LEN_8_BITS 1 /* ff00::/8 mltmask's masklen (=8bit=1octet) */
- return 0;
- } else {
- struct in6_aliasreq ifra;
-
- /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */
- bzero(&ifra, sizeof(ifra));
- bcopy(iflr->iflr_name, ifra.ifra_name,
- sizeof(ifra.ifra_name));
-
- bcopy(&ia->ia_addr, &ifra.ifra_addr,
- ia->ia_addr.sin6_len);
- if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
- bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr,
- ia->ia_dstaddr.sin6_len);
- } else {
- bzero(&ifra.ifra_dstaddr,
- sizeof(ifra.ifra_dstaddr));
+ bzero(&mltaddr, sizeof(mltaddr));
+ mltaddr.sin6_len = sizeof(struct sockaddr_in6);
+ mltaddr.sin6_family = AF_INET6;
+ mltaddr.sin6_addr = in6addr_multicast_prefix;
+
+ rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL,
+ ia->ia_ifp->if_index);
+ if (rt) {
+ if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
+ (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN_8_BITS)) {
+ rtfree(rt);
+ rt = NULL;
}
- bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr,
- ia->ia_prefixmask.sin6_len);
+ }
+ if (!rt) {
+ error = rtrequest_scoped(RTM_ADD,
+ (struct sockaddr *)&mltaddr,
+ (struct sockaddr *)&ia->ia_addr,
+ (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING,
+ NULL, ia->ia_ifp->if_index);
+ if (error) {
+ goto unwind;
+ }
+ } else {
+ rtfree(rt);
+ }
+ }
+#undef MLTMASK_LEN_8_BITS
- ifra.ifra_flags = ia->ia6_flags;
- if (!p64) {
-#if defined(__LP64__)
- struct in6_aliasreq_32 ifra_32;
- /*
- * Use 32-bit structure for 32-bit process.
- * SIOCDIFADDR_IN6 is encoded with in6_ifreq,
- * so it stays the same since the size does
- * not change. The data part of the ioctl,
- * however, is of a different structure, i.e.
- * in6_aliasreq.
- */
- in6_aliasreq_64_to_32(
- (struct in6_aliasreq_64 *)&ifra, &ifra_32);
- return (in6_control(so, SIOCDIFADDR_IN6,
- (caddr_t)&ifra_32, ifp, p));
-#else
- return (in6_control(so, SIOCDIFADDR_IN6,
- (caddr_t)&ifra, ifp, p));
-#endif /* __LP64__ */
+ /* Ensure nd6_service() is scheduled as soon as it's convenient */
+ ++nd6_sched_timeout_want;
+
+ /*
+ * Perform DAD, if:
+ * * Interface is marked to perform DAD, AND
+ * * Address is not marked to skip DAD, AND
+ * * Address is in a pre-DAD state (Tentative or Optimistic)
+ */
+ IFA_LOCK_SPIN(ifa);
+ if (in6if_do_dad(ifp) && (ia->ia6_flags & IN6_IFF_NODAD) == 0 &&
+ (ia->ia6_flags & IN6_IFF_DADPROGRESS) != 0) {
+ int mindelay, maxdelay;
+ int *delayptr, delayval;
+
+ IFA_UNLOCK(ifa);
+ delayptr = NULL;
+ /*
+ * Avoid the DAD delay if the caller wants us to skip it.
+ * This is not compliant with RFC 2461, but it's only being
+ * used for signalling and not for actual DAD.
+ */
+ if ((ifaupflags & IN6_IFAUPDATE_DADDELAY) &&
+ !(ia->ia6_flags & IN6_IFF_SWIFTDAD)) {
+ /*
+ * We need to impose a delay before sending an NS
+ * for DAD. Check if we also needed a delay for the
+ * corresponding MLD message. If we did, the delay
+ * should be larger than the MLD delay (this could be
+ * relaxed a bit, but this simple logic is at least
+ * safe).
+ */
+ mindelay = 0;
+ if (in6m_sol != NULL) {
+ IN6M_LOCK(in6m_sol);
+ if (in6m_sol->in6m_state ==
+ MLD_REPORTING_MEMBER) {
+ mindelay = in6m_sol->in6m_timer;
+ }
+ IN6M_UNLOCK(in6m_sol);
+ }
+ maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
+ if (maxdelay - mindelay == 0) {
+ delayval = 0;
} else {
-#if defined(__LP64__)
- return (in6_control(so, SIOCDIFADDR_IN6,
- (caddr_t)&ifra, ifp, p));
-#else
- struct in6_aliasreq_64 ifra_64;
- /*
- * Use 64-bit structure for 64-bit process.
- * SIOCDIFADDR_IN6 is encoded with in6_ifreq,
- * so it stays the same since the size does
- * not change. The data part of the ioctl,
- * however, is of a different structure, i.e.
- * in6_aliasreq.
- */
- in6_aliasreq_32_to_64(
- (struct in6_aliasreq_32 *)&ifra, &ifra_64);
- return (in6_control(so, SIOCDIFADDR_IN6,
- (caddr_t)&ifra_64, ifp, p));
-#endif /* __LP64__ */
+ delayval =
+ (random() % (maxdelay - mindelay)) +
+ mindelay;
}
- /* NOTREACHED */
+ delayptr = &delayval;
}
- }
+
+ nd6_dad_start((struct ifaddr *)ia, delayptr);
+ } else {
+ IFA_UNLOCK(ifa);
}
- return EOPNOTSUPP; /* just for safety */
+ goto done;
+
+unwind:
+ VERIFY(error != 0);
+ in6_purgeaddr(&ia->ia_ifa);
+
+done:
+ /* release reference held for this routine */
+ if (in6m_sol != NULL) {
+ IN6M_REMREF(in6m_sol);
+ }
+ return error;
}
/*
- * Initialize an interface's intetnet6 address
- * and routing table entry.
+ * Request an IPv6 interface address. If the address is new, then it will be
+ * constructed and appended to the interface address chains. The interface
+ * address structure is optionally returned with a reference for the caller.
*/
-static int
-in6_ifinit(ifp, ia, sin6, newhost)
- struct ifnet *ifp;
- struct in6_ifaddr *ia;
- struct sockaddr_in6 *sin6;
- int newhost;
+int
+in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int ifaupflags,
+ struct in6_ifaddr **iar)
{
- int error = 0, plen, ifacount = 0;
+ struct in6_addrlifetime ia6_lt;
+ struct in6_ifaddr *ia;
struct ifaddr *ifa;
+ struct ifaddr *xifa;
+ struct in6_addrlifetime *lt;
+ uint64_t timenow;
+ int plen, error;
+
+ /* Sanity check parameters and initialize locals */
+ VERIFY(ifp != NULL && ifra != NULL && iar != NULL);
+ ia = NULL;
+ ifa = NULL;
+ error = 0;
/*
- * Give the interface a chance to initialize
- * if this is its first address,
- * and to validate the address if necessary.
+ * We always require users to specify a valid IPv6 address for
+ * the corresponding operation.
*/
- ifnet_lock_shared(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr == NULL)
- continue; /* just for safety */
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- ifacount++;
+ if (ifra->ifra_addr.sin6_family != AF_INET6 ||
+ ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
+ error = EAFNOSUPPORT;
+ goto unwind;
}
- ifnet_lock_done(ifp);
- ia->ia_addr = *sin6;
+ /* Validate ifra_prefixmask.sin6_len is properly bounded. */
+ if (ifra->ifra_prefixmask.sin6_len == 0 ||
+ ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) {
+ error = EINVAL;
+ goto unwind;
+ }
+ /* Validate prefix length extracted from ifra_prefixmask structure. */
+ plen = (uint8_t)in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
+ (u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len);
+ if (plen <= 0) {
+ error = EINVAL;
+ goto unwind;
+ }
- if (ifacount <= 1 &&
- (error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia))) {
- if (error) {
- return(error);
- }
+ /* Validate lifetimes */
+ lt = &ifra->ifra_lifetime;
+ if (lt->ia6t_pltime > lt->ia6t_vltime) {
+ log(LOG_INFO,
+ "%s: pltime 0x%x > vltime 0x%x for %s\n", __func__,
+ lt->ia6t_pltime, lt->ia6t_vltime,
+ ip6_sprintf(&ifra->ifra_addr.sin6_addr));
+ error = EINVAL;
+ goto unwind;
+ }
+ if (lt->ia6t_vltime == 0) {
+ /*
+ * the following log might be noisy, but this is a typical
+ * configuration mistake or a tool's bug.
+ */
+ log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
+ ip6_sprintf(&ifra->ifra_addr.sin6_addr));
}
- ia->ia_ifa.ifa_metric = ifp->if_metric;
+ /*
+ * Before we lock the ifnet structure, we first check to see if the
+ * address already exists. If so, then we don't allocate and link a
+ * new one here.
+ */
+ struct sockaddr_in6 lookup_address = ifra->ifra_addr;
+ if (IN6_IS_ADDR_LINKLOCAL(&lookup_address.sin6_addr)) {
+ if (lookup_address.sin6_addr.s6_addr16[1] == 0) {
+ /* link ID is not embedded by the user */
+ lookup_address.sin6_addr.s6_addr16[1] =
+ htons(ifp->if_index);
+ } else if (lookup_address.sin6_addr.s6_addr16[1] !=
+ htons(ifp->if_index)) {
+ error = EINVAL; /* link ID contradicts */
+ goto done;
+ }
+ if (lookup_address.sin6_scope_id != 0 &&
+ lookup_address.sin6_scope_id !=
+ (u_int32_t)ifp->if_index) {
+ error = EINVAL;
+ goto done;
+ }
+ }
- /* we could do in(6)_socktrim here, but just omit it at this moment. */
+ ia = in6ifa_ifpwithaddr(ifp, &lookup_address.sin6_addr);
+ if (ia != NULL) {
+ ifa = &ia->ia_ifa;
+ }
/*
- * Special case:
- * If the destination address is specified for a point-to-point
- * interface, install a route to the destination as an interface
- * direct route.
+ * Validate destination address on interface types that require it.
*/
- plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
- if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) {
- if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD,
- RTF_UP | RTF_HOST)) != 0)
- return(error);
- ia->ia_flags |= IFA_ROUTE;
+ if ((ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) {
+ switch (ifra->ifra_dstaddr.sin6_family) {
+ case AF_INET6:
+ if (plen != 128) {
+ /* noisy message for diagnostic purposes */
+ log(LOG_INFO,
+ "%s: prefix length < 128 with"
+ " explicit dstaddr.\n", __func__);
+ error = EINVAL;
+ goto unwind;
+ }
+ break;
+
+ case AF_UNSPEC:
+ break;
+
+ default:
+ error = EAFNOSUPPORT;
+ goto unwind;
+ }
+ } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) {
+ log(LOG_INFO,
+ "%s: dstaddr valid only on p2p and loopback interfaces.\n",
+ __func__);
+ error = EINVAL;
+ goto unwind;
}
- if (plen < 128) {
+
+ timenow = net_uptime();
+
+ if (ia == NULL) {
+ zalloc_flags_t how;
+
+ /* Is this the first new IPv6 address for the interface? */
+ ifaupflags |= IN6_IFAUPDATE_NEWADDR;
+
+ /* Allocate memory for IPv6 interface address structure. */
+ how = (ifaupflags & IN6_IFAUPDATE_NOWAIT) ? Z_NOWAIT : Z_WAITOK;
+ ia = in6_ifaddr_alloc(how);
+ if (ia == NULL) {
+ error = ENOBUFS;
+ goto unwind;
+ }
+
+ ifa = &ia->ia_ifa;
+
/*
- * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
+ * Initialize interface address structure.
+ *
+ * Note well: none of these sockaddr_in6 structures contain a
+ * valid sin6_port, sin6_flowinfo or even a sin6_scope_id field.
+ * We still embed link-local scope identifiers at the end of an
+ * arbitrary fe80::/32 prefix, for historical reasons. Also, the
+ * ifa_dstaddr field is always non-NULL on point-to-point and
+ * loopback interfaces, and conventionally points to a socket
+ * address of AF_UNSPEC family when there is no destination.
+ *
+ * Please enjoy the dancing sea turtle.
*/
- ia->ia_ifa.ifa_flags |= RTF_CLONING;
- }
+ IFA_ADDREF(ifa); /* for this and optionally for caller */
+ IA6_HASH_INIT(ia);
+ ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
+ if (ifra->ifra_dstaddr.sin6_family == AF_INET6 ||
+ (ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
+ ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
+ }
+ ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
+ ifa->ifa_ifp = ifp;
+ ifa->ifa_metric = ifp->if_metric;
+ ifa->ifa_rtrequest = nd6_rtrequest;
- /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
- if (newhost) {
- /* set the rtrequest function to create llinfo */
- ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
- in6_ifaddloop(&(ia->ia_ifa));
- }
+ LIST_INIT(&ia->ia6_memberships);
+ ia->ia_addr.sin6_family = AF_INET6;
+ ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
+ ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr;
+ ia->ia_prefixmask.sin6_family = AF_INET6;
+ ia->ia_prefixmask.sin6_len = sizeof(ia->ia_prefixmask);
+ ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
+ error = in6_to_kamescope(&ia->ia_addr, ifp);
+ if (error != 0) {
+ goto unwind;
+ }
+ if (ifa->ifa_dstaddr != NULL) {
+ ia->ia_dstaddr = ifra->ifra_dstaddr;
+ error = in6_to_kamescope(&ia->ia_dstaddr, ifp);
+ if (error != 0) {
+ goto unwind;
+ }
+ }
- return(error);
-}
+ /* Append to address chains */
+ ifnet_lock_exclusive(ifp);
+ ifaupflags |= IN6_IFAUPDATE_1STADDR;
+ TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) {
+ IFA_LOCK_SPIN(xifa);
+ if (xifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(xifa);
+ ifaupflags &= ~IN6_IFAUPDATE_1STADDR;
+ break;
+ }
+ IFA_UNLOCK(xifa);
+ }
-/*
- * Add an address to the list of IP6 multicast addresses for a
- * given interface.
- */
-struct in6_multi *
-in6_addmulti(maddr6, ifp, errorp, nd6_locked)
- struct in6_addr *maddr6;
- struct ifnet *ifp;
- int *errorp;
- int nd6_locked;
-{
- struct in6_multi *in6m;
- struct sockaddr_in6 sin6;
- struct ifmultiaddr *ifma;
+ IFA_LOCK_SPIN(ifa);
+ if_attach_ifa(ifp, ifa); /* holds reference for ifnet link */
+ IFA_UNLOCK(ifa);
+ ifnet_lock_done(ifp);
- *errorp = 0;
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ TAILQ_INSERT_TAIL(&in6_ifaddrhead, ia, ia6_link);
+ IFA_ADDREF(ifa); /* hold for in6_ifaddrs link */
+ lck_rw_done(&in6_ifaddr_rwlock);
+ } else {
+ ifa = &ia->ia_ifa;
+ ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR | IN6_IFAUPDATE_1STADDR);
+ }
+
+ VERIFY(ia != NULL && ifa == &ia->ia_ifa);
+ IFA_LOCK(ifa);
/*
- * Call generic routine to add membership or increment
- * refcount. It wants addresses in the form of a sockaddr,
- * so we build one here (being careful to zero the unused bytes).
+ * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
+ * to see if the address is deprecated or invalidated, but initialize
+ * these members for applications.
*/
- bzero(&sin6, sizeof sin6);
- sin6.sin6_family = AF_INET6;
- sin6.sin6_len = sizeof sin6;
- sin6.sin6_addr = *maddr6;
- *errorp = if_addmulti(ifp, (struct sockaddr *)&sin6, &ifma);
- if (*errorp) {
- return 0;
+ ia->ia6_updatetime = ia->ia6_createtime = timenow;
+ ia6_lt = *lt;
+ if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) {
+ ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
+ } else {
+ ia6_lt.ia6t_expire = 0;
+ }
+ if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) {
+ ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
+ } else {
+ ia6_lt.ia6t_preferred = 0;
}
+ in6ifa_setlifetime(ia, &ia6_lt);
/*
- * If ifma->ifma_protospec is null, then if_addmulti() created
- * a new record. Otherwise, we are done.
+ * Backward compatibility - if IN6_IFF_DEPRECATED is set from the
+ * userland, make it deprecated.
*/
- if (ifma->ifma_protospec != 0)
- return ifma->ifma_protospec;
-
- /* XXX - if_addmulti uses M_WAITOK. Can this really be called
- at interrupt time? If so, need to fix if_addmulti. XXX */
- in6m = (struct in6_multi *)_MALLOC(sizeof(*in6m), M_IPMADDR, M_NOWAIT);
- if (in6m == NULL) {
- return (NULL);
- }
-
- bzero(in6m, sizeof *in6m);
- in6m->in6m_addr = *maddr6;
- in6m->in6m_ifp = ifp;
- in6m->in6m_ifma = ifma;
- ifma->ifma_protospec = in6m;
- if (nd6_locked == 0)
- lck_mtx_lock(nd6_mutex);
- LIST_INSERT_HEAD(&in6_multihead, in6m, in6m_entry);
- if (nd6_locked == 0)
- lck_mtx_unlock(nd6_mutex);
+ if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
+ ia->ia6_lifetime.ia6ti_pltime = 0;
+ ia->ia6_lifetime.ia6ti_preferred = timenow;
+ }
/*
- * Let MLD6 know that we have joined a new IP6 multicast
- * group.
+ * Update flag or prefix length
*/
- mld6_start_listening(in6m);
- return(in6m);
-}
+ ia->ia_plen = plen;
+ ia->ia6_flags = ifra->ifra_flags;
-/*
- * Delete a multicast address record.
- */
-void
-in6_delmulti(
- struct in6_multi *in6m, int nd6locked)
-{
- struct ifmultiaddr *ifma = in6m->in6m_ifma;
+ /* Release locks (new address available to concurrent tasks) */
+ IFA_UNLOCK(ifa);
- if (ifma && ifma->ifma_usecount == 1) {
- /*
- * No remaining claims to this record; let MLD6 know
- * that we are leaving the multicast group.
- */
- mld6_stop_listening(in6m);
- ifma->ifma_protospec = 0;
- if (nd6locked == 0)
- lck_mtx_lock(nd6_mutex);
- LIST_REMOVE(in6m, in6m_entry);
- if (nd6locked == 0)
- lck_mtx_unlock(nd6_mutex);
- FREE(in6m, M_IPMADDR);
+ /* Further initialization of the interface address */
+ error = in6_ifinit(ifp, ia, ifaupflags);
+ if (error != 0) {
+ goto unwind;
+ }
+
+ /* Finish updating the address while other tasks are working with it */
+ error = in6_ifaupdate_aux(ia, ifp, ifaupflags);
+ if (error != 0) {
+ goto unwind;
}
- /* XXX - should be separate API for when we have an ifma? */
- if (ifma) {
- if_delmultiaddr(ifma, 0);
- ifma_release(ifma);
+
+ /* Return success (optionally w/ address for caller). */
+ VERIFY(error == 0);
+ (void) ifnet_notify_address(ifp, AF_INET6);
+ goto done;
+
+unwind:
+ VERIFY(error != 0);
+ if (ia != NULL) {
+ VERIFY(ifa == &ia->ia_ifa);
+ IFA_REMREF(ifa);
+ ia = NULL;
}
+
+done:
+ *iar = ia;
+ return error;
}
-/*
- * Find an IPv6 interface link-local address specific to an interface.
- */
-struct in6_ifaddr *
-in6ifa_ifpforlinklocal(ifp, ignoreflags)
- struct ifnet *ifp;
- int ignoreflags;
+void
+in6_purgeaddr(struct ifaddr *ifa)
{
- struct ifaddr *ifa;
+ struct ifnet *ifp = ifa->ifa_ifp;
+ struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
+ struct in6_multi_mship *imm;
- ifnet_lock_shared(ifp);
+ LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ /* stop DAD processing */
+ nd6_dad_stop(ifa);
+
+ /*
+ * delete route to the destination of the address being purged.
+ * The interface must be p2p or loopback in this case.
+ */
+ IFA_LOCK(ifa);
+ if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128) {
+ int error, rtf;
+
+ IFA_UNLOCK(ifa);
+ rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0;
+ error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf);
+ if (error != 0) {
+ log(LOG_ERR, "in6_purgeaddr: failed to remove "
+ "a route to the p2p destination: %s on %s, "
+ "errno=%d\n",
+ ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
+ error);
+ /* proceed anyway... */
+ }
+ IFA_LOCK_SPIN(ifa);
+ ia->ia_flags &= ~IFA_ROUTE;
+ }
+ IFA_UNLOCK(ifa);
+
+ /* Remove ownaddr's loopback rtentry, if it exists. */
+ in6_ifremloop(&(ia->ia_ifa));
+
+ /*
+ * leave from multicast groups we have joined for the interface
+ */
+ IFA_LOCK(ifa);
+ while ((imm = ia->ia6_memberships.lh_first) != NULL) {
+ LIST_REMOVE(imm, i6mm_chain);
+ IFA_UNLOCK(ifa);
+ in6_leavegroup(imm);
+ IFA_LOCK(ifa);
+ }
+ IFA_UNLOCK(ifa);
+
+ /* in6_unlink_ifa() will need exclusive access */
+ in6_unlink_ifa(ia, ifp);
+ in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia, NULL);
+
+ (void) ifnet_notify_address(ifp, AF_INET6);
+}
+
+static void
+in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
+{
+ struct in6_ifaddr *nia;
+ struct ifaddr *ifa;
+ int unlinked;
+
+ LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ ifa = &ia->ia_ifa;
+ IFA_ADDREF(ifa);
+
+ ifnet_lock_exclusive(ifp);
+ IFA_LOCK(ifa);
+ if (ifa->ifa_debug & IFD_ATTACHED) {
+ if_detach_ifa(ifp, ifa);
+ }
+ IFA_UNLOCK(ifa);
+ ifnet_lock_done(ifp);
+
+ unlinked = 0;
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ TAILQ_FOREACH(nia, &in6_ifaddrhead, ia6_link) {
+ if (ia == nia) {
+ TAILQ_REMOVE(&in6_ifaddrhead, ia, ia6_link);
+ IFA_LOCK(ifa);
+ if (IA6_IS_HASHED(ia)) {
+ in6_iahash_remove(ia);
+ }
+ IFA_UNLOCK(ifa);
+ unlinked = 1;
+ break;
+ }
+ }
+
+ /*
+ * When IPv6 address is being removed, release the
+ * reference to the base prefix.
+ * Also, since the release might, affect the status
+ * of other (detached) addresses, call
+ * pfxlist_onlink_check().
+ */
+ IFA_LOCK(ifa);
+ /*
+ * Only log the below message for addresses other than
+ * link local.
+ * Only one LLA (auto-configured or statically) is allowed
+ * on an interface.
+ * LLA prefix, while added to the prefix list, is not
+ * reference countedi (as it is the only one).
+ * The prefix also never expires on its own as LLAs
+ * have infinite lifetime.
+ *
+ * For now quiece down the log message for LLAs.
+ */
+ if (!IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
+ if (ia->ia6_ndpr == NULL) {
+ log(LOG_NOTICE, "in6_unlink_ifa: IPv6 address "
+ "0x%llx has no prefix\n",
+ (uint64_t)VM_KERNEL_ADDRPERM(ia));
+ } else {
+ struct nd_prefix *pr = ia->ia6_ndpr;
+ ia->ia6_flags &= ~IN6_IFF_AUTOCONF;
+ ia->ia6_ndpr = NULL;
+ NDPR_LOCK(pr);
+ VERIFY(pr->ndpr_addrcnt != 0);
+ pr->ndpr_addrcnt--;
+ if (ia->ia6_flags & IN6_IFF_CLAT46) {
+ pr->ndpr_stateflags &= ~NDPRF_CLAT46;
+ }
+ NDPR_UNLOCK(pr);
+ NDPR_REMREF(pr); /* release addr reference */
+ }
+ }
+ IFA_UNLOCK(ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
+ lck_mtx_lock(nd6_mutex);
+ pfxlist_onlink_check();
+ lck_mtx_unlock(nd6_mutex);
+ }
+ /*
+ * release another refcnt for the link from in6_ifaddrs.
+ * Do this only if it's not already unlinked in the event that we lost
+ * the race, since in6_ifaddr_rwlock was momentarily dropped above.
+ */
+ if (unlinked) {
+ IFA_REMREF(ifa);
+ }
+
+ /* release reference held for this routine */
+ IFA_REMREF(ifa);
+
+ /* invalidate route caches */
+ routegenid_inet6_update();
+}
+
+void
+in6_purgeif(struct ifnet *ifp)
+{
+ struct in6_ifaddr *ia;
+
+ if (ifp == NULL) {
+ return;
+ }
+
+ LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ boolean_t from_begining = TRUE;
+ while (from_begining) {
+ from_begining = FALSE;
+ TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
+ if (ia->ia_ifa.ifa_ifp != ifp) {
+ continue;
+ }
+ IFA_ADDREF(&ia->ia_ifa); /* for us */
+ lck_rw_done(&in6_ifaddr_rwlock);
+ in6_purgeaddr(&ia->ia_ifa);
+ IFA_REMREF(&ia->ia_ifa); /* for us */
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ /*
+ * Purging the address would have caused
+ * in6_ifaddr_rwlock to be dropped and reacquired;
+ * therefore search again from the beginning
+ * of in6_ifaddrs list.
+ */
+ from_begining = TRUE;
+ break;
+ }
+ }
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ in6_ifdetach(ifp);
+}
+
+/*
+ * Initialize an interface's internet6 address and routing table entry.
+ */
+static int
+in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, int ifaupflags)
+{
+ int error;
+ struct ifaddr *ifa;
+
+ error = 0;
+ ifa = &ia->ia_ifa;
+
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ IFA_LOCK(&ia->ia_ifa);
+ if (IA6_IS_HASHED(ia)) {
+ in6_iahash_remove(ia);
+ }
+ if ((ifp->if_flags & IFF_POINTOPOINT)) {
+ in6_iahash_insert_ptp(ia);
+ } else {
+ in6_iahash_insert(ia);
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ /*
+ * NOTE: SIOCSIFADDR is defined with struct ifreq as parameter,
+ * but here we are sending it down to the interface with a pointer
+ * to struct ifaddr, for legacy reasons.
+ */
+ if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != 0) {
+ error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia);
+ if (error != 0) {
+ if (error != EOPNOTSUPP) {
+ goto failed;
+ }
+ error = 0;
+ }
+ }
+
+ IFA_LOCK(ifa);
+
+ /*
+ * Special case:
+ * If the destination address is specified for a point-to-point
+ * interface, install a route to the destination as an interface
+ * direct route.
+ */
+ if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128 &&
+ ia->ia_dstaddr.sin6_family == AF_INET6) {
+ IFA_UNLOCK(ifa);
+ error = rtinit(ifa, RTM_ADD, RTF_UP | RTF_HOST);
+ if (error != 0) {
+ goto failed;
+ }
+ IFA_LOCK(ifa);
+ ia->ia_flags |= IFA_ROUTE;
+ }
+ IFA_LOCK_ASSERT_HELD(ifa);
+ if (ia->ia_plen < 128) {
+ /*
+ * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
+ */
+ ia->ia_flags |= RTF_CLONING;
+ }
+
+ IFA_UNLOCK(ifa);
+
+ /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
+ if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != 0) {
+ in6_ifaddloop(ifa);
+ }
+
+ /* invalidate route caches */
+ routegenid_inet6_update();
+
+ VERIFY(error == 0);
+ return 0;
+failed:
+ VERIFY(error != 0);
+ lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
+ IFA_LOCK(&ia->ia_ifa);
+ if (IA6_IS_HASHED(ia)) {
+ in6_iahash_remove(ia);
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ return error;
+}
+
+void
+in6_purgeaddrs(struct ifnet *ifp)
+{
+ in6_purgeif(ifp);
+}
+
+/*
+ * Find an IPv6 interface link-local address specific to an interface.
+ */
+struct in6_ifaddr *
+in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
+{
+ struct ifaddr *ifa;
+
+ ifnet_lock_shared(ifp);
TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
{
- if (ifa->ifa_addr == NULL)
- continue; /* just for safety */
- if (ifa->ifa_addr->sa_family != AF_INET6)
+ IFA_LOCK_SPIN(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
continue;
+ }
if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
if ((((struct in6_ifaddr *)ifa)->ia6_flags &
- ignoreflags) != 0)
+ ignoreflags) != 0) {
+ IFA_UNLOCK(ifa);
continue;
+ }
+ IFA_ADDREF_LOCKED(ifa); /* for caller */
+ IFA_UNLOCK(ifa);
+ break;
+ }
+ IFA_UNLOCK(ifa);
+ }
+ ifnet_lock_done(ifp);
+
+ return (struct in6_ifaddr *)ifa;
+}
+
+struct in6_ifaddr *
+in6ifa_ifpwithflag(struct ifnet * ifp, int flag)
+{
+ struct ifaddr *ifa;
+
+ ifnet_lock_shared(ifp);
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
+ {
+ IFA_LOCK_SPIN(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
+ continue;
+ }
+ if ((((struct in6_ifaddr *)ifa)->ia6_flags & flag) == flag) {
+ IFA_ADDREF_LOCKED(ifa);
+ IFA_UNLOCK(ifa);
break;
}
+ IFA_UNLOCK(ifa);
}
- if (ifa != NULL)
- ifaref(ifa);
ifnet_lock_done(ifp);
- return((struct in6_ifaddr *)ifa);
+ return (struct in6_ifaddr *)ifa;
}
/*
* find the internet address corresponding to a given interface and address.
*/
struct in6_ifaddr *
-in6ifa_ifpwithaddr(ifp, addr)
- struct ifnet *ifp;
- struct in6_addr *addr;
+in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
{
struct ifaddr *ifa;
ifnet_lock_shared(ifp);
TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
{
- if (ifa->ifa_addr == NULL)
- continue; /* just for safety */
- if (ifa->ifa_addr->sa_family != AF_INET6)
+ IFA_LOCK_SPIN(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
continue;
- if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
+ }
+ if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
+ IFA_ADDREF_LOCKED(ifa); /* for caller */
+ IFA_UNLOCK(ifa);
break;
+ }
+ IFA_UNLOCK(ifa);
}
- if (ifa != NULL)
- ifaref(ifa);
ifnet_lock_done(ifp);
- return((struct in6_ifaddr *)ifa);
+ return (struct in6_ifaddr *)ifa;
+}
+
+struct in6_ifaddr *
+in6ifa_prproxyaddr(struct in6_addr *addr)
+{
+ struct in6_ifaddr *ia;
+
+ lck_rw_lock_shared(&in6_ifaddr_rwlock);
+ TAILQ_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
+ IFA_LOCK(&ia->ia_ifa);
+ if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(&ia->ia_ifa))) {
+ IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for caller */
+ IFA_UNLOCK(&ia->ia_ifa);
+ break;
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+ }
+ lck_rw_done(&in6_ifaddr_rwlock);
+
+ if (ia != NULL && !nd6_prproxy_ifaddr(ia)) {
+ IFA_REMREF(&ia->ia_ifa);
+ ia = NULL;
+ }
+
+ return ia;
+}
+
+void
+in6ifa_getlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_dst,
+ int iscalendar)
+{
+ struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime;
+ struct timeval caltime;
+
+ t_dst->ia6t_vltime = t_src->ia6ti_vltime;
+ t_dst->ia6t_pltime = t_src->ia6ti_pltime;
+ t_dst->ia6t_expire = 0;
+ t_dst->ia6t_preferred = 0;
+
+ /* account for system time change */
+ getmicrotime(&caltime);
+ t_src->ia6ti_base_calendartime +=
+ NET_CALCULATE_CLOCKSKEW(caltime,
+ t_src->ia6ti_base_calendartime, net_uptime(),
+ t_src->ia6ti_base_uptime);
+
+ if (iscalendar) {
+ if (t_src->ia6ti_expire != 0 &&
+ t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
+ t_dst->ia6t_expire = t_src->ia6ti_base_calendartime +
+ t_src->ia6ti_expire - t_src->ia6ti_base_uptime;
+ }
+
+ if (t_src->ia6ti_preferred != 0 &&
+ t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
+ t_dst->ia6t_preferred = t_src->ia6ti_base_calendartime +
+ t_src->ia6ti_preferred - t_src->ia6ti_base_uptime;
+ }
+ } else {
+ if (t_src->ia6ti_expire != 0 &&
+ t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) {
+ t_dst->ia6t_expire = t_src->ia6ti_expire;
+ }
+
+ if (t_src->ia6ti_preferred != 0 &&
+ t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) {
+ t_dst->ia6t_preferred = t_src->ia6ti_preferred;
+ }
+ }
+}
+
+void
+in6ifa_setlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_src)
+{
+ struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime;
+ struct timeval caltime;
+
+ /* account for system time change */
+ getmicrotime(&caltime);
+ t_dst->ia6ti_base_calendartime +=
+ NET_CALCULATE_CLOCKSKEW(caltime,
+ t_dst->ia6ti_base_calendartime, net_uptime(),
+ t_dst->ia6ti_base_uptime);
+
+ /* trust the caller for the values */
+ t_dst->ia6ti_expire = t_src->ia6t_expire;
+ t_dst->ia6ti_preferred = t_src->ia6t_preferred;
+ t_dst->ia6ti_vltime = t_src->ia6t_vltime;
+ t_dst->ia6ti_pltime = t_src->ia6t_pltime;
}
/*
* Convert IP6 address to printable (loggable) representation.
*/
-static char digits[] = "0123456789abcdef";
-static int ip6round = 0;
char *
-ip6_sprintf(addr)
- const struct in6_addr *addr;
+ip6_sprintf(const struct in6_addr *addr)
{
+ static const char digits[] = "0123456789abcdef";
+ static int ip6round = 0;
static char ip6buf[8][48];
+
int i;
char *cp;
const u_short *a = (const u_short *)addr;
const u_char *d;
+ u_char n;
int dcolon = 0;
+ int zpad = 0;
ip6round = (ip6round + 1) & 7;
cp = ip6buf[ip6round];
for (i = 0; i < 8; i++) {
if (dcolon == 1) {
if (*a == 0) {
- if (i == 7)
+ if (i == 7) {
*cp++ = ':';
+ }
a++;
continue;
- } else
+ } else {
dcolon = 2;
+ }
}
if (*a == 0) {
if (dcolon == 0 && *(a + 1) == 0) {
- if (i == 0)
+ if (i == 0) {
*cp++ = ':';
+ }
*cp++ = ':';
dcolon = 1;
} else {
continue;
}
d = (const u_char *)a;
- *cp++ = digits[*d >> 4];
- *cp++ = digits[*d++ & 0xf];
- *cp++ = digits[*d >> 4];
- *cp++ = digits[*d & 0xf];
+ zpad = 0;
+ if ((n = *d >> 4) != 0) {
+ *cp++ = digits[n];
+ zpad = 1;
+ }
+ if ((n = *d++ & 0xf) != 0 || zpad) {
+ *cp++ = digits[n];
+ zpad = 1;
+ }
+ if ((n = *d >> 4) != 0 || zpad) {
+ *cp++ = digits[n];
+ zpad = 1;
+ }
+ if ((n = *d & 0xf) != 0 || zpad) {
+ *cp++ = digits[n];
+ }
*cp++ = ':';
a++;
}
*--cp = 0;
- return(ip6buf[ip6round]);
+ return ip6buf[ip6round];
}
int
struct sockaddr_in6 sin6;
int local = 0;
- if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
- return (1);
+ if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_SCOPE_LINKLOCAL(in6)) {
+ return 1;
+ }
sin6.sin6_family = AF_INET6;
- sin6.sin6_len = sizeof (sin6);
- bcopy(in6, &sin6.sin6_addr, sizeof (*in6));
+ sin6.sin6_len = sizeof(sin6);
+ bcopy(in6, &sin6.sin6_addr, sizeof(*in6));
rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
if (rt != NULL) {
RT_LOCK_SPIN(rt);
- if (rt->rt_gateway->sa_family == AF_LINK)
+ if (rt->rt_gateway->sa_family == AF_LINK) {
local = 1;
+ }
RT_UNLOCK(rt);
rtfree(rt);
} else {
local = in6_localaddr(in6);
}
- return (local);
+ return local;
}
int
-in6_localaddr(in6)
- struct in6_addr *in6;
+in6_localaddr(struct in6_addr *in6)
{
struct in6_ifaddr *ia;
- if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
+ if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_MC_UNICAST_BASED_LINKLOCAL(in6)) {
return 1;
+ }
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia; ia = ia->ia_next)
+ lck_rw_lock_shared(&in6_ifaddr_rwlock);
+ TAILQ_FOREACH(ia, &in6_ifaddrhead, ia6_link) {
+ IFA_LOCK_SPIN(&ia->ia_ifa);
if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
- &ia->ia_prefixmask.sin6_addr)) {
- lck_mtx_unlock(nd6_mutex);
+ &ia->ia_prefixmask.sin6_addr)) {
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
return 1;
}
-
- lck_mtx_unlock(nd6_mutex);
- return (0);
-}
-
-int
-in6_is_addr_deprecated(sa6)
- struct sockaddr_in6 *sa6;
-{
- struct in6_ifaddr *ia;
-
- lck_mtx_lock(nd6_mutex);
- for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
- if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr,
- &sa6->sin6_addr) &&
-#if SCOPEDROUTING
- ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id &&
-#endif
- (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
- lck_mtx_unlock(nd6_mutex);
- return(1); /* true */
- }
-
- /* XXX: do we still have to go thru the rest of the list? */
+ IFA_UNLOCK(&ia->ia_ifa);
}
-
- lck_mtx_unlock(nd6_mutex);
- return(0); /* false */
+ lck_rw_done(&in6_ifaddr_rwlock);
+ return 0;
}
/*
* hard coding...
*/
int
-in6_matchlen(src, dst)
-struct in6_addr *src, *dst;
+in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
{
int match = 0;
u_char *s = (u_char *)src, *d = (u_char *)dst;
u_char *lim = s + 16, r;
- while (s < lim)
+ while (s < lim) {
if ((r = (*d++ ^ *s++)) != 0) {
while (r < 128) {
match++;
r <<= 1;
}
break;
- } else
+ } else {
match += 8;
+ }
+ }
return match;
}
/* XXX: to be scope conscious */
int
-in6_are_prefix_equal(p1, p2, len)
- struct in6_addr *p1, *p2;
- int len;
+in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len)
{
int bytelen, bitlen;
/* sanity check */
if (0 > len || len > 128) {
- log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n",
- len);
- return(0);
+ log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
+ return 0;
}
bytelen = len / 8;
bitlen = len % 8;
- if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
- return(0);
- if (bitlen != 0 &&
+ if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) {
+ return 0;
+ }
+ if (bitlen != 0 &&
p1->s6_addr[bytelen] >> (8 - bitlen) !=
- p2->s6_addr[bytelen] >> (8 - bitlen))
- return(0);
+ p2->s6_addr[bytelen] >> (8 - bitlen)) {
+ return 0;
+ }
- return(1);
+ return 1;
}
void
-in6_prefixlen2mask(maskp, len)
- struct in6_addr *maskp;
- int len;
+in6_prefixlen2mask(struct in6_addr *maskp, int len)
{
u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
int bytelen, bitlen, i;
/* sanity check */
if (0 > len || len > 128) {
- log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
- len);
+ log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
return;
}
bzero(maskp, sizeof(*maskp));
bytelen = len / 8;
bitlen = len % 8;
- for (i = 0; i < bytelen; i++)
+ for (i = 0; i < bytelen; i++) {
maskp->s6_addr[i] = 0xff;
- if (bitlen)
+ }
+ if (bitlen) {
maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
+ }
}
/*
* return the best address out of the same scope
*/
struct in6_ifaddr *
-in6_ifawithscope(
- struct ifnet *oifp,
- struct in6_addr *dst)
+in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst)
{
- int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
+ int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
int blen = -1;
struct ifaddr *ifa;
struct ifnet *ifp;
struct in6_ifaddr *ifa_best = NULL;
-
+
if (oifp == NULL) {
-#if 0
- printf("in6_ifawithscope: output interface is not specified\n");
-#endif
- return(NULL);
+ return NULL;
}
/*
* We can never take an address that breaks the scope zone
* of the destination.
*/
- if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst))
+ if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) {
continue;
+ }
ifnet_lock_shared(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
int tlen = -1, dscopecmp, bscopecmp, matchcmp;
- if (ifa->ifa_addr->sa_family != AF_INET6)
+ IFA_LOCK(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
continue;
-
+ }
src_scope = in6_addrscope(IFA_IN6(ifa));
/*
* nor a duplicated address.
*/
if (((struct in6_ifaddr *)ifa)->ia6_flags &
- IN6_IFF_NOTREADY)
+ (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
+ IFA_UNLOCK(ifa);
continue;
-
+ }
/* XXX: is there any case to allow anycasts? */
if (((struct in6_ifaddr *)ifa)->ia6_flags &
- IN6_IFF_ANYCAST)
+ IN6_IFF_ANYCAST) {
+ IFA_UNLOCK(ifa);
continue;
-
+ }
if (((struct in6_ifaddr *)ifa)->ia6_flags &
- IN6_IFF_DETACHED)
+ IN6_IFF_DETACHED) {
+ IFA_UNLOCK(ifa);
continue;
-
+ }
/*
* If this is the first address we find,
* keep it anyway.
*/
- if (ifa_best == NULL)
+ if (ifa_best == NULL) {
goto replace;
+ }
/*
* ifa_best is never NULL beyond this line except
* scope(src) >= scope(dst))
*/
if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 &&
- IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0)
+ IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) {
goto replace; /* (A) */
+ }
if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 &&
- IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0)
+ IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) {
+ IFA_UNLOCK(ifa);
continue; /* (B) */
-
+ }
/*
* A deprecated address SHOULD NOT be used in new
* communications if an alternate (non-deprecated)
* address is available and has sufficient scope.
- * RFC 2462, Section 5.5.4.
+ * RFC 4862, Section 5.5.4.
*/
if (((struct in6_ifaddr *)ifa)->ia6_flags &
IN6_IFF_DEPRECATED) {
* Ignore any deprecated addresses if
* specified by configuration.
*/
- if (!ip6_use_deprecated)
+ if (!ip6_use_deprecated) {
+ IFA_UNLOCK(ifa);
continue;
-
+ }
/*
* If we have already found a non-deprecated
* candidate, just ignore deprecated addresses.
*/
if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
- == 0)
+ == 0) {
+ IFA_UNLOCK(ifa);
continue;
+ }
}
/*
*/
if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
(((struct in6_ifaddr *)ifa)->ia6_flags &
- IN6_IFF_DEPRECATED) == 0)
+ IN6_IFF_DEPRECATED) == 0) {
goto replace;
+ }
/*
* When we use temporary addresses described in
- * RFC 3041, we prefer temporary addresses to
+ * RFC 4941, we prefer temporary addresses to
* public autoconf addresses. Again, note the
* invariants from (A) and (B). Also note that we
* don't have any preference between static addresses
ifat = (struct in6_ifaddr *)ifa;
if ((ifa_best->ia6_flags &
- (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
- == IN6_IFF_AUTOCONF &&
+ (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
+ == IN6_IFF_AUTOCONF &&
(ifat->ia6_flags &
- (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
- == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) {
+ (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
+ == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY)) {
goto replace;
}
if ((ifa_best->ia6_flags &
- (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
- == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY) &&
+ (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
+ == (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY) &&
(ifat->ia6_flags &
- (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
- == IN6_IFF_AUTOCONF) {
+ (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY))
+ == IN6_IFF_AUTOCONF) {
+ IFA_UNLOCK(ifa);
continue;
}
}
* longest address match against dst is considered.
*
* The precise decision table is as follows:
- * dscopecmp bscopecmp match bI oI | replace?
- * N/A equal N/A Y N | No (1)
- * N/A equal N/A N Y | Yes (2)
- * N/A equal larger N/A | Yes (3)
- * N/A equal !larger N/A | No (4)
- * larger larger N/A N/A | No (5)
- * larger smaller N/A N/A | Yes (6)
- * smaller larger N/A N/A | Yes (7)
- * smaller smaller N/A N/A | No (8)
- * equal smaller N/A N/A | Yes (9)
- * equal larger (already done at A above)
+ * dscopecmp bscopecmp match bI oI | replace?
+ * N/A equal N/A Y N | No (1)
+ * N/A equal N/A N Y | Yes (2)
+ * N/A equal larger N/A | Yes (3)
+ * N/A equal !larger N/A | No (4)
+ * larger larger N/A N/A | No (5)
+ * larger smaller N/A N/A | Yes (6)
+ * smaller larger N/A N/A | Yes (7)
+ * smaller smaller N/A N/A | No (8)
+ * equal smaller N/A N/A | Yes (9)
+ * equal larger (already done at A above)
*/
dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
if (bscopecmp == 0) {
struct ifnet *bifp = ifa_best->ia_ifp;
- if (bifp == oifp && ifp != oifp) /* (1) */
+ if (bifp == oifp && ifp != oifp) { /* (1) */
+ IFA_UNLOCK(ifa);
continue;
- if (bifp != oifp && ifp == oifp) /* (2) */
+ }
+ if (bifp != oifp && ifp == oifp) { /* (2) */
goto replace;
+ }
/*
* Both bifp and ifp are on the outgoing
*/
tlen = in6_matchlen(IFA_IN6(ifa), dst);
matchcmp = tlen - blen;
- if (matchcmp > 0) /* (3) */
+ if (matchcmp > 0) { /* (3) */
goto replace;
+ }
+ IFA_UNLOCK(ifa);
continue; /* (4) */
}
if (dscopecmp > 0) {
- if (bscopecmp > 0) /* (5) */
+ if (bscopecmp > 0) { /* (5) */
+ IFA_UNLOCK(ifa);
continue;
+ }
goto replace; /* (6) */
}
if (dscopecmp < 0) {
- if (bscopecmp > 0) /* (7) */
+ if (bscopecmp > 0) { /* (7) */
goto replace;
+ }
+ IFA_UNLOCK(ifa);
continue; /* (8) */
}
/* now dscopecmp must be 0 */
- if (bscopecmp < 0)
+ if (bscopecmp < 0) {
goto replace; /* (9) */
-
- replace:
- ifaref(ifa);
- if (ifa_best)
- ifafree(&ifa_best->ia_ifa);
- ifa_best = (struct in6_ifaddr *)ifa;
+ }
+replace:
+ IFA_ADDREF_LOCKED(ifa); /* for ifa_best */
blen = tlen >= 0 ? tlen :
- in6_matchlen(IFA_IN6(ifa), dst);
- best_scope = in6_addrscope(&ifa_best->ia_addr.sin6_addr);
- }
+ in6_matchlen(IFA_IN6(ifa), dst);
+ best_scope =
+ in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr);
+ IFA_UNLOCK(ifa);
+ if (ifa_best) {
+ IFA_REMREF(&ifa_best->ia_ifa);
+ }
+ ifa_best = (struct in6_ifaddr *)ifa;
+ }
ifnet_lock_done(ifp);
}
ifnet_head_done();
/* count statistics for future improvements */
- if (ifa_best == NULL)
+ if (ifa_best == NULL) {
ip6stat.ip6s_sources_none++;
- else {
- if (oifp == ifa_best->ia_ifp)
+ } else {
+ IFA_LOCK_SPIN(&ifa_best->ia_ifa);
+ if (oifp == ifa_best->ia_ifp) {
ip6stat.ip6s_sources_sameif[best_scope]++;
- else
+ } else {
ip6stat.ip6s_sources_otherif[best_scope]++;
+ }
- if (best_scope == dst_scope)
+ if (best_scope == dst_scope) {
ip6stat.ip6s_sources_samescope[best_scope]++;
- else
+ } else {
ip6stat.ip6s_sources_otherscope[best_scope]++;
+ }
- if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0)
+ if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
ip6stat.ip6s_sources_deprecated[best_scope]++;
+ }
+ IFA_UNLOCK(&ifa_best->ia_ifa);
}
- return(ifa_best);
+ return ifa_best;
}
/*
* found, return the first valid address from designated IF.
*/
struct in6_ifaddr *
-in6_ifawithifp(
- struct ifnet *ifp,
- struct in6_addr *dst)
+in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
{
- int dst_scope = in6_addrscope(dst), blen = -1, tlen;
+ int dst_scope = in6_addrscope(dst), blen = -1, tlen;
struct ifaddr *ifa;
- struct in6_ifaddr *besta = 0;
- struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
+ struct in6_ifaddr *besta = NULL;
+ struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
dep[0] = dep[1] = NULL;
* If none, return one of global addresses assigned other ifs.
*/
ifnet_lock_shared(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr->sa_family != AF_INET6)
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ IFA_LOCK(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
continue;
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
+ IFA_UNLOCK(ifa);
continue; /* XXX: is there any case to allow anycast? */
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
+ }
+ if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
+ IFA_UNLOCK(ifa);
continue; /* don't use this interface */
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
+ IFA_UNLOCK(ifa);
continue;
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
if (ip6_use_deprecated) {
- if (dep[0] != NULL)
- ifafree(&dep[0]->ia_ifa);
+ IFA_ADDREF_LOCKED(ifa); /* for dep[0] */
+ IFA_UNLOCK(ifa);
+ if (dep[0] != NULL) {
+ IFA_REMREF(&dep[0]->ia_ifa);
+ }
dep[0] = (struct in6_ifaddr *)ifa;
- ifaref(ifa);
+ } else {
+ IFA_UNLOCK(ifa);
}
continue;
}
* call in6_matchlen() as few as possible
*/
if (besta) {
- if (blen == -1)
- blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst);
+ if (blen == -1) {
+ IFA_UNLOCK(ifa);
+ IFA_LOCK(&besta->ia_ifa);
+ blen = in6_matchlen(
+ &besta->ia_addr.sin6_addr, dst);
+ IFA_UNLOCK(&besta->ia_ifa);
+ IFA_LOCK(ifa);
+ }
tlen = in6_matchlen(IFA_IN6(ifa), dst);
if (tlen > blen) {
blen = tlen;
+ IFA_ADDREF_LOCKED(ifa); /* for besta */
+ IFA_UNLOCK(ifa);
+ IFA_REMREF(&besta->ia_ifa);
besta = (struct in6_ifaddr *)ifa;
+ } else {
+ IFA_UNLOCK(ifa);
}
- } else
+ } else {
besta = (struct in6_ifaddr *)ifa;
+ IFA_ADDREF_LOCKED(ifa); /* for besta */
+ IFA_UNLOCK(ifa);
+ }
+ } else {
+ IFA_UNLOCK(ifa);
}
}
if (besta) {
- ifaref(&besta->ia_ifa);
ifnet_lock_done(ifp);
- if (dep[0] != NULL)
- ifafree(&dep[0]->ia_ifa);
- return(besta);
+ if (dep[0] != NULL) {
+ IFA_REMREF(&dep[0]->ia_ifa);
+ }
+ return besta;
+ }
+
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ IFA_LOCK(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
+ continue;
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
+ IFA_UNLOCK(ifa);
+ continue; /* XXX: is there any case to allow anycast? */
+ }
+ if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_CLAT46)) {
+ IFA_UNLOCK(ifa);
+ continue; /* don't use this interface */
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
+ IFA_UNLOCK(ifa);
+ continue;
+ }
+ if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
+ if (ip6_use_deprecated) {
+ IFA_ADDREF_LOCKED(ifa); /* for dep[1] */
+ IFA_UNLOCK(ifa);
+ if (dep[1] != NULL) {
+ IFA_REMREF(&dep[1]->ia_ifa);
+ }
+ dep[1] = (struct in6_ifaddr *)ifa;
+ } else {
+ IFA_UNLOCK(ifa);
+ }
+ continue;
+ }
+ IFA_ADDREF_LOCKED(ifa); /* for caller */
+ IFA_UNLOCK(ifa);
+ ifnet_lock_done(ifp);
+ if (dep[0] != NULL) {
+ IFA_REMREF(&dep[0]->ia_ifa);
+ }
+ if (dep[1] != NULL) {
+ IFA_REMREF(&dep[1]->ia_ifa);
+ }
+ return (struct in6_ifaddr *)ifa;
+ }
+ ifnet_lock_done(ifp);
+
+ /* use the last-resort values, that are, deprecated addresses */
+ if (dep[0]) {
+ if (dep[1] != NULL) {
+ IFA_REMREF(&dep[1]->ia_ifa);
+ }
+ return dep[0];
+ }
+ if (dep[1]) {
+ return dep[1];
+ }
+
+ return NULL;
+}
+
+/*
+ * perform DAD when interface becomes IFF_UP.
+ */
+static void
+in6_if_up_dad_start(struct ifnet *ifp)
+{
+ struct ifaddr *ifa;
+ struct nd_ifinfo *ndi = NULL;
+
+ ndi = ND_IFINFO(ifp);
+ VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
+ if (!(ndi->flags & ND6_IFF_DAD)) {
+ return;
+ }
+
+ /* start DAD on all the interface addresses */
+ ifnet_lock_exclusive(ifp);
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ struct in6_ifaddr *ia6;
+
+ IFA_LOCK_SPIN(ifa);
+ if (ifa->ifa_addr->sa_family != AF_INET6) {
+ IFA_UNLOCK(ifa);
+ continue;
+ }
+ ia6 = (struct in6_ifaddr *)ifa;
+ if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) {
+ int delay = 0; /* delay ticks before DAD output */
+ IFA_UNLOCK(ifa);
+ nd6_dad_start(ifa, &delay);
+ } else {
+ IFA_UNLOCK(ifa);
+ }
+ }
+ ifnet_lock_done(ifp);
+}
+
+int
+in6if_do_dad(
+ struct ifnet *ifp)
+{
+ struct nd_ifinfo *ndi = NULL;
+
+ if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
+ return 0;
+ }
+
+ ndi = ND_IFINFO(ifp);
+ VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
+ if (!(ndi->flags & ND6_IFF_DAD)) {
+ return 0;
+ }
+
+ /*
+ * If we are using the alternative neighbor discovery
+ * interface on this interface, then skip DAD.
+ *
+ * Also, skip it for interfaces marked "local private"
+ * for now, even when not marked as using the alternative
+ * interface. This is for historical reasons.
+ */
+ if (ifp->if_eflags &
+ (IFEF_IPV6_ND6ALT | IFEF_LOCALNET_PRIVATE | IFEF_DIRECTLINK)) {
+ return 0;
+ }
+
+ if (ifp->if_family == IFNET_FAMILY_IPSEC ||
+ ifp->if_family == IFNET_FAMILY_UTUN) {
+ /*
+ * Ignore DAD for tunneling virtual interfaces, which get
+ * their IPv6 address explicitly assigned.
+ */
+ return 0;
+ }
+
+ switch (ifp->if_type) {
+#if IFT_DUMMY
+ case IFT_DUMMY:
+#endif
+ case IFT_FAITH:
+ /*
+ * These interfaces do not have the IFF_LOOPBACK flag,
+ * but loop packets back. We do not have to do DAD on such
+ * interfaces. We should even omit it, because loop-backed
+ * NS would confuse the DAD procedure.
+ */
+ return 0;
+ default:
+ /*
+ * Our DAD routine requires the interface up and running.
+ * However, some interfaces can be up before the RUNNING
+ * status. Additionaly, users may try to assign addresses
+ * before the interface becomes up (or running).
+ * We simply skip DAD in such a case as a work around.
+ * XXX: we should rather mark "tentative" on such addresses,
+ * and do DAD after the interface becomes ready.
+ */
+ if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) !=
+ (IFF_UP | IFF_RUNNING)) {
+ return 0;
+ }
+
+ return 1;
+ }
+}
+
+/*
+ * Calculate max IPv6 MTU through all the interfaces and store it
+ * to in6_maxmtu.
+ */
+void
+in6_setmaxmtu(void)
+{
+ u_int32_t maxmtu = 0;
+ struct ifnet *ifp;
+
+ ifnet_head_lock_shared();
+ TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
+ struct nd_ifinfo *ndi = NULL;
+
+ if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized) {
+ ndi = NULL;
+ }
+ if (ndi != NULL) {
+ lck_mtx_lock(&ndi->lock);
+ }
+ if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
+ IN6_LINKMTU(ifp) > maxmtu) {
+ maxmtu = IN6_LINKMTU(ifp);
+ }
+ if (ndi != NULL) {
+ lck_mtx_unlock(&ndi->lock);
+ }
+ }
+ ifnet_head_done();
+ if (maxmtu) { /* update only when maxmtu is positive */
+ in6_maxmtu = maxmtu;
+ }
+}
+/*
+ * Provide the length of interface identifiers to be used for the link attached
+ * to the given interface. The length should be defined in "IPv6 over
+ * xxx-link" document. Note that address architecture might also define
+ * the length for a particular set of address prefixes, regardless of the
+ * link type. Also see RFC 4862 for additional background.
+ */
+int
+in6_if2idlen(struct ifnet *ifp)
+{
+ switch (ifp->if_type) {
+ case IFT_ETHER: /* RFC2464 */
+ case IFT_IEEE8023ADLAG: /* IEEE802.3ad Link Aggregate */
+#ifdef IFT_PROPVIRTUAL
+ case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */
+#endif
+#ifdef IFT_L2VLAN
+ case IFT_L2VLAN: /* ditto */
+#endif
+#ifdef IFT_IEEE80211
+ case IFT_IEEE80211: /* ditto */
+#endif
+#ifdef IFT_MIP
+ case IFT_MIP: /* ditto */
+#endif
+ return 64;
+ case IFT_FDDI: /* RFC2467 */
+ return 64;
+ case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */
+ return 64;
+ case IFT_PPP: /* RFC2472 */
+ return 64;
+ case IFT_ARCNET: /* RFC2497 */
+ return 64;
+ case IFT_FRELAY: /* RFC2590 */
+ return 64;
+ case IFT_IEEE1394: /* RFC3146 */
+ return 64;
+ case IFT_GIF:
+ return 64; /* draft-ietf-v6ops-mech-v2-07 */
+ case IFT_LOOP:
+ return 64; /* XXX: is this really correct? */
+ case IFT_OTHER:
+ return 64; /* for utun interfaces */
+ case IFT_CELLULAR:
+ return 64; /* Packet Data over Cellular */
+ case IFT_BRIDGE:
+ return 64; /* Transparent bridge interface */
+ case IFT_6LOWPAN:
+ return 64; /* 6LoWPAN */
+ default:
+ /*
+ * Unknown link type:
+ * It might be controversial to use the today's common constant
+ * of 64 for these cases unconditionally. For full compliance,
+ * we should return an error in this case. On the other hand,
+ * if we simply miss the standard for the link type or a new
+ * standard is defined for a new link type, the IFID length
+ * is very likely to be the common constant. As a compromise,
+ * we always use the constant, but make an explicit notice
+ * indicating the "unknown" case.
+ */
+ log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__,
+ ifp->if_type);
+ return 64;
+ }
+}
+/*
+ * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
+ * v4 mapped addr or v4 compat addr
+ */
+void
+in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+{
+ bzero(sin, sizeof(*sin));
+ sin->sin_len = sizeof(struct sockaddr_in);
+ sin->sin_family = AF_INET;
+ sin->sin_port = sin6->sin6_port;
+ sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
+}
+
+/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
+void
+in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+{
+ bzero(sin6, sizeof(*sin6));
+ sin6->sin6_len = sizeof(struct sockaddr_in6);
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_port = sin->sin_port;
+ sin6->sin6_addr.s6_addr32[0] = 0;
+ sin6->sin6_addr.s6_addr32[1] = 0;
+ if (sin->sin_addr.s_addr) {
+ sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
+ sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
+ } else {
+ sin6->sin6_addr.s6_addr32[2] = 0;
+ sin6->sin6_addr.s6_addr32[3] = 0;
+ }
+}
+
+/* Convert sockaddr_in6 into sockaddr_in. */
+void
+in6_sin6_2_sin_in_sock(struct sockaddr *nam)
+{
+ struct sockaddr_in *sin_p;
+ struct sockaddr_in6 sin6;
+
+ /*
+ * Save original sockaddr_in6 addr and convert it
+ * to sockaddr_in.
+ */
+ sin6 = *(struct sockaddr_in6 *)(void *)nam;
+ sin_p = (struct sockaddr_in *)(void *)nam;
+ in6_sin6_2_sin(sin_p, &sin6);
+}
+
+/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
+int
+in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
+{
+ struct sockaddr_in *sin_p;
+ struct sockaddr_in6 *sin6_p;
+
+ MALLOC(sin6_p, struct sockaddr_in6 *, sizeof(*sin6_p), M_SONAME,
+ M_WAITOK);
+ if (sin6_p == NULL) {
+ return ENOBUFS;
+ }
+ sin_p = (struct sockaddr_in *)(void *)*nam;
+ in6_sin_2_v4mapsin6(sin_p, sin6_p);
+ FREE(*nam, M_SONAME);
+ *nam = (struct sockaddr *)sin6_p;
+
+ return 0;
+}
+
+/*
+ * Posts in6_event_data message kernel events.
+ *
+ * To get the same size of kev_in6_data between ILP32 and LP64 data models
+ * we are using a special version of the in6_addrlifetime structure that
+ * uses only 32 bits fields to be compatible with Leopard, and that
+ * are large enough to span 68 years.
+ */
+void
+in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa,
+ uint8_t *mac)
+{
+ struct kev_msg ev_msg;
+ struct kev_in6_data in6_event_data;
+ struct in6_addrlifetime ia6_lt;
+
+ bzero(&in6_event_data, sizeof(struct kev_in6_data));
+ bzero(&ev_msg, sizeof(struct kev_msg));
+ ev_msg.vendor_code = KEV_VENDOR_APPLE;
+ ev_msg.kev_class = KEV_NETWORK_CLASS;
+ ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
+ ev_msg.event_code = event_code;
+
+ if (ifa) {
+ IFA_LOCK(&ifa->ia_ifa);
+ in6_event_data.ia_addr = ifa->ia_addr;
+ in6_event_data.ia_net = ifa->ia_net;
+ in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
+ in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
+ in6_event_data.ia_plen = ifa->ia_plen;
+ in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
+
+ /* retrieve time as calendar time (last arg is 1) */
+ in6ifa_getlifetime(ifa, &ia6_lt, 1);
+ in6_event_data.ia_lifetime.ia6t_expire = (u_int32_t)ia6_lt.ia6t_expire;
+ in6_event_data.ia_lifetime.ia6t_preferred = (u_int32_t)ia6_lt.ia6t_preferred;
+ in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime;
+ in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime;
+ IFA_UNLOCK(&ifa->ia_ifa);
+ }
+
+ if (ifp != NULL) {
+ (void) strlcpy(&in6_event_data.link_data.if_name[0],
+ ifp->if_name, IFNAMSIZ);
+ in6_event_data.link_data.if_family = ifp->if_family;
+ in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
+ }
+
+ if (mac != NULL) {
+ memcpy(&in6_event_data.ia_mac, mac,
+ sizeof(in6_event_data.ia_mac));
+ }
+
+ ev_msg.dv[0].data_ptr = &in6_event_data;
+ ev_msg.dv[0].data_length = sizeof(in6_event_data);
+ ev_msg.dv[1].data_length = 0;
+
+ dlil_post_complete_msg(NULL, &ev_msg);
+}
+
+/*
+ * Called as part of ip6_init
+ */
+void
+in6_ifaddr_init(void)
+{
+ in6_cga_init();
+ in6_multi_init();
+
+ PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof(in6ifa_debug));
+
+ vm_size_t in6ifa_size = (in6ifa_debug == 0) ? sizeof(struct in6_ifaddr) :
+ sizeof(struct in6_ifaddr_dbg);
+
+ in6ifa_zone = zone_create(IN6IFA_ZONE_NAME, in6ifa_size, ZC_ZFREE_CLEARMEM);
+
+ lck_mtx_init(&in6ifa_trash_lock, ifa_mtx_grp, ifa_mtx_attr);
+ TAILQ_INIT(&in6ifa_trash_head);
+}
+
+static struct in6_ifaddr *
+in6_ifaddr_alloc(zalloc_flags_t how)
+{
+ struct in6_ifaddr *in6ifa;
+
+ in6ifa = zalloc_flags(in6ifa_zone, how | Z_ZERO);
+ if (in6ifa != NULL) {
+ in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
+ in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC;
+ in6ifa->ia_ifa.ifa_del_wc = &in6ifa->ia_ifa.ifa_debug;
+ in6ifa->ia_ifa.ifa_del_waiters = 0;
+ ifa_lock_init(&in6ifa->ia_ifa);
+ if (in6ifa_debug != 0) {
+ struct in6_ifaddr_dbg *in6ifa_dbg =
+ (struct in6_ifaddr_dbg *)in6ifa;
+ in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG;
+ in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
+ in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached;
+ in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached;
+ ctrace_record(&in6ifa_dbg->in6ifa_alloc);
+ }
+ }
+
+ return in6ifa;
+}
+
+static void
+in6_ifaddr_free(struct ifaddr *ifa)
+{
+ IFA_LOCK_ASSERT_HELD(ifa);
+
+ if (ifa->ifa_refcnt != 0) {
+ panic("%s: ifa %p bad ref cnt", __func__, ifa);
+ /* NOTREACHED */
+ } else if (!(ifa->ifa_debug & IFD_ALLOC)) {
+ panic("%s: ifa %p cannot be freed", __func__, ifa);
+ /* NOTREACHED */
+ }
+ if (ifa->ifa_debug & IFD_DEBUG) {
+ struct in6_ifaddr_dbg *in6ifa_dbg =
+ (struct in6_ifaddr_dbg *)ifa;
+ ctrace_record(&in6ifa_dbg->in6ifa_free);
+ bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
+ sizeof(struct in6_ifaddr));
+ if (ifa->ifa_debug & IFD_TRASHED) {
+ /* Become a regular mutex, just in case */
+ IFA_CONVERT_LOCK(ifa);
+ lck_mtx_lock(&in6ifa_trash_lock);
+ TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg,
+ in6ifa_trash_link);
+ lck_mtx_unlock(&in6ifa_trash_lock);
+ ifa->ifa_debug &= ~IFD_TRASHED;
+ }
+ }
+ IFA_UNLOCK(ifa);
+ ifa_lock_destroy(ifa);
+ bzero(ifa, sizeof(struct in6_ifaddr));
+ zfree(in6ifa_zone, ifa);
+}
+
+static void
+in6_ifaddr_attached(struct ifaddr *ifa)
+{
+ struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
+
+ IFA_LOCK_ASSERT_HELD(ifa);
+
+ if (!(ifa->ifa_debug & IFD_DEBUG)) {
+ panic("%s: ifa %p has no debug structure", __func__, ifa);
+ /* NOTREACHED */
+ }
+ if (ifa->ifa_debug & IFD_TRASHED) {
+ /* Become a regular mutex, just in case */
+ IFA_CONVERT_LOCK(ifa);
+ lck_mtx_lock(&in6ifa_trash_lock);
+ TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
+ lck_mtx_unlock(&in6ifa_trash_lock);
+ ifa->ifa_debug &= ~IFD_TRASHED;
+ }
+}
+
+static void
+in6_ifaddr_detached(struct ifaddr *ifa)
+{
+ struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
+
+ IFA_LOCK_ASSERT_HELD(ifa);
+
+ if (!(ifa->ifa_debug & IFD_DEBUG)) {
+ panic("%s: ifa %p has no debug structure", __func__, ifa);
+ /* NOTREACHED */
+ } else if (ifa->ifa_debug & IFD_TRASHED) {
+ panic("%s: ifa %p is already in trash list", __func__, ifa);
+ /* NOTREACHED */
+ }
+ ifa->ifa_debug |= IFD_TRASHED;
+ /* Become a regular mutex, just in case */
+ IFA_CONVERT_LOCK(ifa);
+ lck_mtx_lock(&in6ifa_trash_lock);
+ TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
+ lck_mtx_unlock(&in6ifa_trash_lock);
+}
+
+static void
+in6_ifaddr_trace(struct ifaddr *ifa, int refhold)
+{
+ struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
+ ctrace_t *tr;
+ u_int32_t idx;
+ u_int16_t *cnt;
+
+ if (!(ifa->ifa_debug & IFD_DEBUG)) {
+ panic("%s: ifa %p has no debug structure", __func__, ifa);
+ /* NOTREACHED */
+ }
+ if (refhold) {
+ cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
+ tr = in6ifa_dbg->in6ifa_refhold;
+ } else {
+ cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
+ tr = in6ifa_dbg->in6ifa_refrele;
+ }
+
+ idx = atomic_add_16_ov(cnt, 1) % IN6IFA_TRACE_HIST_SIZE;
+ ctrace_record(&tr[idx]);
+}
+
+/*
+ * Handle SIOCGASSOCIDS ioctl for PF_INET6 domain.
+ */
+static int
+in6_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp)
+{
+ struct in6pcb *in6p = sotoin6pcb(so);
+ sae_associd_t aid;
+
+ if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
+ return EINVAL;
+ }
+
+ /* IN6PCB has no concept of association */
+ aid = SAE_ASSOCID_ANY;
+ *cnt = 0;
+
+ /* just asking how many there are? */
+ if (aidp == USER_ADDR_NULL) {
+ return 0;
+ }
+
+ return copyout(&aid, aidp, sizeof(aid));
+}
+
+/*
+ * Handle SIOCGCONNIDS ioctl for PF_INET6 domain.
+ */
+static int
+in6_getconnids(struct socket *so, sae_associd_t aid, uint32_t *cnt,
+ user_addr_t cidp)
+{
+ struct in6pcb *in6p = sotoin6pcb(so);
+ sae_connid_t cid;
+
+ if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) {
+ return EINVAL;
+ }
+
+ if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
+ return EINVAL;
+ }
+
+ /* if connected, return 1 connection count */
+ *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0);
+
+ /* just asking how many there are? */
+ if (cidp == USER_ADDR_NULL) {
+ return 0;
+ }
+
+ /* if IN6PCB is connected, assign it connid 1 */
+ cid = ((*cnt != 0) ? 1 : SAE_CONNID_ANY);
+
+ return copyout(&cid, cidp, sizeof(cid));
+}
+
+/*
+ * Handle SIOCGCONNINFO ioctl for PF_INET6 domain.
+ */
+int
+in6_getconninfo(struct socket *so, sae_connid_t cid, uint32_t *flags,
+ uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len,
+ user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type,
+ user_addr_t aux_data, uint32_t *aux_len)
+{
+ struct in6pcb *in6p = sotoin6pcb(so);
+ struct sockaddr_in6 sin6;
+ struct ifnet *ifp = NULL;
+ int error = 0;
+ u_int32_t copy_len = 0;
+
+ /*
+ * Don't test for INPCB_STATE_DEAD since this may be called
+ * after SOF_PCBCLEARING is set, e.g. after tcp_close().
+ */
+ if (in6p == NULL) {
+ error = EINVAL;
+ goto out;
+ }
+
+ if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != 1) {
+ error = EINVAL;
+ goto out;
+ }
+
+ ifp = in6p->in6p_last_outifp;
+ *ifindex = ((ifp != NULL) ? ifp->if_index : 0);
+ *soerror = so->so_error;
+ *flags = 0;
+ if (so->so_state & SS_ISCONNECTED) {
+ *flags |= (CIF_CONNECTED | CIF_PREFERRED);
+ }
+ if (in6p->in6p_flags & INP_BOUND_IF) {
+ *flags |= CIF_BOUND_IF;
+ }
+ if (!(in6p->in6p_flags & INP_IN6ADDR_ANY)) {
+ *flags |= CIF_BOUND_IP;
+ }
+ if (!(in6p->in6p_flags & INP_ANONPORT)) {
+ *flags |= CIF_BOUND_PORT;
+ }
+
+ bzero(&sin6, sizeof(sin6));
+ sin6.sin6_len = sizeof(sin6);
+ sin6.sin6_family = AF_INET6;
+
+ /* source address and port */
+ sin6.sin6_port = in6p->in6p_lport;
+ in6_recoverscope(&sin6, &in6p->in6p_laddr, NULL);
+ if (*src_len == 0) {
+ *src_len = sin6.sin6_len;
+ } else {
+ if (src != USER_ADDR_NULL) {
+ copy_len = min(*src_len, sizeof(sin6));
+ error = copyout(&sin6, src, copy_len);
+ if (error != 0) {
+ goto out;
+ }
+ *src_len = copy_len;
+ }
+ }
+
+ /* destination address and port */
+ sin6.sin6_port = in6p->in6p_fport;
+ in6_recoverscope(&sin6, &in6p->in6p_faddr, NULL);
+ if (*dst_len == 0) {
+ *dst_len = sin6.sin6_len;
+ } else {
+ if (dst != USER_ADDR_NULL) {
+ copy_len = min(*dst_len, sizeof(sin6));
+ error = copyout(&sin6, dst, copy_len);
+ if (error != 0) {
+ goto out;
+ }
+ *dst_len = copy_len;
+ }
+ }
+
+ if (SOCK_PROTO(so) == IPPROTO_TCP) {
+ struct conninfo_tcp tcp_ci;
+
+ *aux_type = CIAUX_TCP;
+ if (*aux_len == 0) {
+ *aux_len = sizeof(tcp_ci);
+ } else {
+ if (aux_data != USER_ADDR_NULL) {
+ copy_len = min(*aux_len, sizeof(tcp_ci));
+ bzero(&tcp_ci, sizeof(tcp_ci));
+ tcp_getconninfo(so, &tcp_ci);
+ error = copyout(&tcp_ci, aux_data, copy_len);
+ if (error != 0) {
+ goto out;
+ }
+ *aux_len = copy_len;
+ }
+ }
+ } else {
+ *aux_type = 0;
+ *aux_len = 0;
+ }
+
+out:
+ return error;
+}
+
+/*
+ * 'u' group ioctls.
+ *
+ * The switch statement below does nothing at runtime, as it serves as a
+ * compile time check to ensure that all of the socket 'u' ioctls (those
+ * in the 'u' group going thru soo_ioctl) that are made available by the
+ * networking stack is unique. This works as long as this routine gets
+ * updated each time a new interface ioctl gets added.
+ *
+ * Any failures at compile time indicates duplicated ioctl values.
+ */
+static __attribute__((unused)) void
+in6ioctl_cassert(void)
+{
+ /*
+ * This is equivalent to _CASSERT() and the compiler wouldn't
+ * generate any instructions, thus for compile time only.
+ */
+ switch ((u_long)0) {
+ case 0:
+
+ /* bsd/netinet6/in6_var.h */
+ case SIOCAADDRCTL_POLICY:
+ case SIOCDADDRCTL_POLICY:
+ case SIOCDRADD_IN6_32:
+ case SIOCDRADD_IN6_64:
+ case SIOCDRDEL_IN6_32:
+ case SIOCDRDEL_IN6_64:
+ ;
+ }
+}
+
+struct in6_llentry {
+ struct llentry base;
+};
+
+#define IN6_LLTBL_DEFAULT_HSIZE 32
+#define IN6_LLTBL_HASH(k, h) \
+ ((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
+
+/*
+ * Do actual deallocation of @lle.
+ */
+static void
+in6_lltable_destroy_lle_unlocked(struct llentry *lle)
+{
+ LLE_LOCK_DESTROY(lle);
+ LLE_REQ_DESTROY(lle);
+ FREE(lle, M_LLTABLE);
+}
+
+/*
+ * Called by LLE_FREE_LOCKED when number of references
+ * drops to zero.
+ */
+static void
+in6_lltable_destroy_lle(struct llentry *lle)
+{
+ LLE_WUNLOCK(lle);
+ /* XXX TBD */
+ //thread_call_free(lle->lle_timer);
+ in6_lltable_destroy_lle_unlocked(lle);
+}
+
+
+static struct llentry *
+in6_lltable_new(const struct in6_addr *addr6, uint16_t flags)
+{
+#pragma unused(flags)
+ struct in6_llentry *lle;
+
+ MALLOC(lle, struct in6_llentry *, sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
+ if (lle == NULL) { /* NB: caller generates msg */
+ return NULL;
+ }
+
+ lle->base.r_l3addr.addr6 = *addr6;
+ lle->base.lle_refcnt = 1;
+ lle->base.lle_free = in6_lltable_destroy_lle;
+ LLE_LOCK_INIT(&lle->base);
+ LLE_REQ_INIT(&lle->base);
+#if 0
+ /* XXX TBD */
+ lle->base.lle_timer = thread_call_allocate(nd6_llinfo_timer, lle);
+
+ if (lle->base.lle_timer == NULL) {
+ printf("lle_timer thread call could not be allocated.\n");
+ LLE_LOCK_DESTROY(&lle->base);
+ LLE_REQ_DESTROY(&lle->base);
+ FREE(lle, M_LLTABLE);
+ return NULL;
+ }
+#endif
+ return &lle->base;
+}
+
+static int
+in6_lltable_match_prefix(const struct sockaddr *saddr,
+ const struct sockaddr *smask, uint16_t flags, struct llentry *lle)
+{
+ const struct in6_addr *addr, *mask, *lle_addr;
+
+ addr = &((const struct sockaddr_in6 *)(const void *)saddr)->sin6_addr;
+ mask = &((const struct sockaddr_in6 *)(const void *)smask)->sin6_addr;
+ lle_addr = &lle->r_l3addr.addr6;
+
+ if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0) {
+ return 0;
+ }
+
+ if (lle->la_flags & LLE_IFADDR) {
+ /*
+ * Delete LLE_IFADDR records IFF address & flag matches.
+ * Note that addr is the interface address within prefix
+ * being matched.
+ */
+ if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) &&
+ (flags & LLE_STATIC) != 0) {
+ return 1;
+ }
+ return 0;
+ }
+
+ /* flags & LLE_STATIC means deleting both dynamic and static entries */
+ if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static void
+in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
+{
+ struct ifnet *ifp;
+
+ LLE_WLOCK_ASSERT(lle);
+ KASSERT(llt != NULL, ("lltable is NULL"));
+
+ /* Unlink entry from table */
+ if ((lle->la_flags & LLE_LINKED) != 0) {
+ ifp = llt->llt_ifp;
+ if_afdata_wlock_assert(ifp, llt->llt_af);
+ lltable_unlink_entry(llt, lle);
+ }
+
+#if 0
+ /* XXX TBD */
+ if (thread_call_cancel(lle->lle_timer) == TRUE) {
+ LLE_REMREF(lle);
+ }
+#endif
+ llentry_free(lle);
+}
+
+static int
+in6_lltable_rtcheck(struct ifnet *ifp,
+ uint16_t flags, const struct sockaddr *l3addr)
+{
+#pragma unused(flags)
+ struct rtentry *rt;
+
+ KASSERT(l3addr->sa_family == AF_INET6,
+ ("sin_family %d", l3addr->sa_family));
+ /* XXX rtalloc1 should take a const param */
+ rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0);
+ if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
+ struct ifaddr *ifa;
+ /*
+ * Create an ND6 cache for an IPv6 neighbor
+ * that is not covered by our own prefix.
+ */
+ /* XXX ifaof_ifpforaddr should take a const param */
+ ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
+ if (ifa != NULL) {
+ IFA_REMREF(ifa);
+ if (rt != NULL) {
+ rtfree(rt);
+ }
+ return 0;
+ }
+ log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
+ ip6_sprintf(&((const struct sockaddr_in6 *)(const void *)l3addr)->sin6_addr));
+ if (rt != NULL) {
+ rtfree(rt);
+ }
+ return EINVAL;
}
+ rtfree(rt);
+ return 0;
+}
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
- continue; /* XXX: is there any case to allow anycast? */
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
- continue; /* don't use this interface */
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
- continue;
- if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
- if (ip6_use_deprecated) {
- if (dep[1] != NULL)
- ifafree(&dep[1]->ia_ifa);
- dep[1] = (struct in6_ifaddr *)ifa;
- ifaref(ifa);
- }
+static inline uint32_t
+in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
+{
+ return IN6_LLTBL_HASH(dst->s6_addr32[3], hsize);
+}
+
+static uint32_t
+in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
+{
+ return in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize);
+}
+
+static void
+in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
+{
+ struct sockaddr_in6 *sin6;
+
+ sin6 = (struct sockaddr_in6 *)(void *)sa;
+ bzero(sin6, sizeof(*sin6));
+ sin6->sin6_family = AF_INET6;
+ sin6->sin6_len = sizeof(*sin6);
+ sin6->sin6_addr = lle->r_l3addr.addr6;
+}
+
+static inline struct llentry *
+in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
+{
+ struct llentry *lle;
+ struct llentries *lleh;
+ u_int hashidx;
+
+ hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
+ lleh = &llt->lle_head[hashidx];
+ LIST_FOREACH(lle, lleh, lle_next) {
+ if (lle->la_flags & LLE_DELETED) {
continue;
}
- if (ifa != NULL)
- ifaref(ifa);
- ifnet_lock_done(ifp);
- if (dep[0] != NULL)
- ifafree(&dep[0]->ia_ifa);
- if (dep[1] != NULL)
- ifafree(&dep[1]->ia_ifa);
- return (struct in6_ifaddr *)ifa;
+ if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst)) {
+ break;
+ }
}
- ifnet_lock_done(ifp);
- /* use the last-resort values, that are, deprecated addresses */
- if (dep[0]) {
- if (dep[1] != NULL)
- ifafree(&dep[1]->ia_ifa);
- return dep[0];
- }
- if (dep[1])
- return dep[1];
+ return lle;
+}
- return NULL;
+static void
+in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
+{
+#pragma unused(llt)
+ lle->la_flags |= LLE_DELETED;
+ EVENTHANDLER_INVOKE(NULL, lle_event, lle, LLENTRY_DELETED);
+#ifdef DIAGNOSTIC
+ log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
+#endif
+ llentry_free(lle);
}
-/*
- * perform DAD when interface becomes IFF_UP.
- */
-int
-in6_if_up(
- struct ifnet *ifp,
- struct in6_aliasreq *ifra)
+static struct llentry *
+in6_lltable_alloc(struct lltable *llt, uint16_t flags,
+ const struct sockaddr *l3addr)
{
- struct ifaddr *ifa;
- struct in6_ifaddr *ia;
- int dad_delay; /* delay ticks before DAD output */
- int error;
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
+ struct ifnet *ifp = llt->llt_ifp;
+ struct llentry *lle;
- if (!in6_init2done)
- return ENXIO;
+ KASSERT(l3addr->sa_family == AF_INET6,
+ ("sin_family %d", l3addr->sa_family));
/*
- * special cases, like 6to4, are handled in in6_ifattach
+ * A route that covers the given address must have
+ * been installed 1st because we are doing a resolution,
+ * verify this.
*/
- error = in6_ifattach(ifp, NULL, ifra);
- if (error != 0)
- return error;
+ if (!(flags & LLE_IFADDR) &&
+ in6_lltable_rtcheck(ifp, flags, l3addr) != 0) {
+ return NULL;
+ }
- dad_delay = 0;
- ifnet_lock_exclusive(ifp);
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
- {
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- ia = (struct in6_ifaddr *)ifa;
- if (ia->ia6_flags & IN6_IFF_TENTATIVE)
- nd6_dad_start(ifa, &dad_delay);
+ lle = in6_lltable_new(&sin6->sin6_addr, flags);
+ if (lle == NULL) {
+ log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
+ return NULL;
+ }
+ lle->la_flags = (uint16_t)flags;
+ if ((flags & LLE_IFADDR) == LLE_IFADDR) {
+ lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
+ lle->la_flags |= LLE_STATIC;
}
- ifnet_lock_done(ifp);
- return 0;
+ if ((lle->la_flags & LLE_STATIC) != 0) {
+ lle->ln_state = ND6_LLINFO_REACHABLE;
+ }
+
+ return lle;
}
-int
-in6if_do_dad(
- struct ifnet *ifp)
+static struct llentry *
+in6_lltable_lookup(struct lltable *llt, uint16_t flags,
+ const struct sockaddr *l3addr)
{
- if ((ifp->if_flags & IFF_LOOPBACK) != 0)
- return(0);
+ const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)(const void *)l3addr;
+ struct llentry *lle;
- switch (ifp->if_type) {
-#if IFT_DUMMY
- case IFT_DUMMY:
-#endif
- case IFT_FAITH:
- /*
- * These interfaces do not have the IFF_LOOPBACK flag,
- * but loop packets back. We do not have to do DAD on such
- * interfaces. We should even omit it, because loop-backed
- * NS would confuse the DAD procedure.
- */
- return(0);
- default:
- /*
- * Our DAD routine requires the interface up and running.
- * However, some interfaces can be up before the RUNNING
- * status. Additionaly, users may try to assign addresses
- * before the interface becomes up (or running).
- * We simply skip DAD in such a case as a work around.
- * XXX: we should rather mark "tentative" on such addresses,
- * and do DAD after the interface becomes ready.
- */
- if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) !=
- (IFF_UP|IFF_RUNNING))
- return(0);
+ IF_AFDATA_LOCK_ASSERT(llt->llt_ifp, llt->llt_af);
+ KASSERT(l3addr->sa_family == AF_INET6,
+ ("sin_family %d", l3addr->sa_family));
- return(1);
+ lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
+
+ if (lle == NULL) {
+ return NULL;
}
-}
-/*
- * Calculate max IPv6 MTU through all the interfaces and store it
- * to in6_maxmtu.
- */
-void
-in6_setmaxmtu()
-{
- u_int32_t maxmtu = 0;
- struct ifnet *ifp;
+ KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
+ (LLE_UNLOCKED | LLE_EXCLUSIVE), ("wrong lle request flags: 0x%X",
+ flags));
- ifnet_head_lock_shared();
- TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
- lck_rw_lock_shared(nd_if_rwlock);
- if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
- IN6_LINKMTU(ifp) > maxmtu)
- maxmtu = IN6_LINKMTU(ifp);
- lck_rw_done(nd_if_rwlock);
+ if (flags & LLE_UNLOCKED) {
+ return lle;
}
- ifnet_head_done();
- if (maxmtu) /* update only when maxmtu is positive */
- in6_maxmtu = maxmtu;
+
+ if (flags & LLE_EXCLUSIVE) {
+ LLE_WLOCK(lle);
+ } else {
+ LLE_RLOCK(lle);
+ }
+ return lle;
}
-/*
- * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
- * v4 mapped addr or v4 compat addr
- */
-void
-in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+static int
+in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
+ struct sysctl_req *wr)
{
- bzero(sin, sizeof(*sin));
- sin->sin_len = sizeof(struct sockaddr_in);
- sin->sin_family = AF_INET;
- sin->sin_port = sin6->sin6_port;
- sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
+ struct ifnet *ifp = llt->llt_ifp;
+ /* XXX stack use */
+ struct {
+ struct rt_msghdr rtm;
+ struct sockaddr_in6 sin6;
+ /*
+ * ndp.c assumes that sdl is word aligned
+ */
+#ifdef __LP64__
+ uint32_t pad;
+#endif
+ struct sockaddr_dl sdl;
+ } ndpc;
+ struct sockaddr_dl *sdl;
+ int error;
+
+ bzero(&ndpc, sizeof(ndpc));
+ /* skip deleted entries */
+ if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) {
+ return 0;
+ }
+ /* Skip if jailed and not a valid IP of the prison. */
+ lltable_fill_sa_entry(lle,
+ (struct sockaddr *)&ndpc.sin6);
+ /*
+ * produce a msg made of:
+ * struct rt_msghdr;
+ * struct sockaddr_in6 (IPv6)
+ * struct sockaddr_dl;
+ */
+ ndpc.rtm.rtm_msglen = sizeof(ndpc);
+ ndpc.rtm.rtm_version = RTM_VERSION;
+ ndpc.rtm.rtm_type = RTM_GET;
+ ndpc.rtm.rtm_flags = RTF_UP;
+ ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
+
+ /* publish */
+ if (lle->la_flags & LLE_PUB) {
+ ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
+ }
+ sdl = &ndpc.sdl;
+ sdl->sdl_family = AF_LINK;
+ sdl->sdl_len = sizeof(*sdl);
+ sdl->sdl_index = ifp->if_index;
+ sdl->sdl_type = ifp->if_type;
+ if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
+ sdl->sdl_alen = ifp->if_addrlen;
+ bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
+ } else {
+ sdl->sdl_alen = 0;
+ bzero(LLADDR(sdl), ifp->if_addrlen);
+ }
+ if (lle->la_expire != 0) {
+ clock_sec_t secs;
+ clock_usec_t usecs;
+
+ clock_get_calendar_microtime(&secs, &usecs);
+ ndpc.rtm.rtm_rmx.rmx_expire = (int32_t)(lle->la_expire +
+ lle->lle_remtime / hz +
+ secs - net_uptime());
+ }
+ ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
+ if (lle->la_flags & LLE_STATIC) {
+ ndpc.rtm.rtm_flags |= RTF_STATIC;
+ }
+ if (lle->la_flags & LLE_IFADDR) {
+ ndpc.rtm.rtm_flags |= RTF_PINNED;
+ }
+ if (lle->ln_router != 0) {
+ ndpc.rtm.rtm_flags |= RTF_GATEWAY;
+ }
+ ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
+ /* Store state in rmx_weight value */
+ ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
+ ndpc.rtm.rtm_index = ifp->if_index;
+ error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
+
+ return error;
}
-/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
-void
-in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
+struct lltable *
+in6_lltattach(struct ifnet *ifp)
{
- bzero(sin6, sizeof(*sin6));
- sin6->sin6_len = sizeof(struct sockaddr_in6);
- sin6->sin6_family = AF_INET6;
- sin6->sin6_port = sin->sin_port;
- sin6->sin6_addr.s6_addr32[0] = 0;
- sin6->sin6_addr.s6_addr32[1] = 0;
- sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
- sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
+ struct lltable *llt;
+
+ llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
+ llt->llt_af = AF_INET6;
+ llt->llt_ifp = ifp;
+
+ llt->llt_lookup = in6_lltable_lookup;
+ llt->llt_alloc_entry = in6_lltable_alloc;
+ llt->llt_delete_entry = in6_lltable_delete_entry;
+ llt->llt_dump_entry = in6_lltable_dump_entry;
+ llt->llt_hash = in6_lltable_hash;
+ llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
+ llt->llt_free_entry = in6_lltable_free_entry;
+ llt->llt_match_prefix = in6_lltable_match_prefix;
+ lltable_link(llt);
+
+ return llt;
}
-/* Convert sockaddr_in6 into sockaddr_in. */
void
-in6_sin6_2_sin_in_sock(struct sockaddr *nam)
+in6_ip6_to_sockaddr(const struct in6_addr *ip6, u_int16_t port,
+ struct sockaddr_in6 *sin6, u_int32_t maxlen)
{
- struct sockaddr_in *sin_p;
- struct sockaddr_in6 sin6;
+ if (maxlen < sizeof(struct sockaddr_in6)) {
+ return;
+ }
- /*
- * Save original sockaddr_in6 addr and convert it
- * to sockaddr_in.
- */
- sin6 = *(struct sockaddr_in6 *)nam;
- sin_p = (struct sockaddr_in *)nam;
- in6_sin6_2_sin(sin_p, &sin6);
+ *sin6 = (struct sockaddr_in6) {
+ .sin6_family = AF_INET6,
+ .sin6_len = sizeof(*sin6),
+ .sin6_port = port,
+ .sin6_addr = *ip6,
+ };
+
+ if (IN6_IS_SCOPE_EMBED(&sin6->sin6_addr)) {
+ sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]);
+ sin6->sin6_addr.s6_addr16[1] = 0;
+ }
}
-/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
-int
-in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
+/* IPv6 events */
+struct in6_event {
+ in6_evhdlr_code_t in6_event_code;
+ struct ifnet *in6_ifp;
+ struct in6_addr in6_address;
+ uint32_t val;
+};
+
+struct in6_event2kev in6_event2kev_array[IN6_EVENT_MAX] = {
+ {
+ .in6_event_code = IN6_ADDR_MARKED_DUPLICATED,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_DAD_FAILURE,
+ .in6_event_str = "IN6_ADDR_MARKED_DUPLICATED",
+ },
+ {
+ .in6_event_code = IN6_ADDR_MARKED_DETACHED,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_ADDR_DETACHED,
+ .in6_event_str = "IN6_ADDR_MARKED_DETACHED",
+ },
+ {
+ .in6_event_code = IN6_ADDR_MARKED_DEPRECATED,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_ADDR_DEPRECATED,
+ .in6_event_str = "IN6_ADDR_MARKED_DEPRECATED",
+ },
+ {
+ .in6_event_code = IN6_NDP_RTR_EXPIRY,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_RTR_EXPIRED,
+ .in6_event_str = "IN6_NDP_RTR_EXPIRY",
+ },
+ {
+ .in6_event_code = IN6_NDP_PFX_EXPIRY,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_PFX_EXPIRED,
+ .in6_event_str = "IN6_NDP_PFX_EXPIRY",
+ },
+ {
+ .in6_event_code = IN6_NDP_ADDR_EXPIRY,
+ .in6_event_kev_subclass = KEV_ND6_SUBCLASS,
+ .in6_event_kev_code = KEV_ND6_ADDR_EXPIRED,
+ .in6_event_str = "IN6_NDP_ADDR_EXPIRY",
+ },
+};
+
+void
+in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,
+ in6_evhdlr_code_t in6_ev_code, struct ifnet *ifp,
+ struct in6_addr *p_addr6, uint32_t val)
{
- struct sockaddr_in *sin_p;
- struct sockaddr_in6 *sin6_p;
+ struct kev_msg ev_msg;
+ struct kev_nd6_event nd6_event;
- MALLOC(sin6_p, struct sockaddr_in6 *, sizeof *sin6_p, M_SONAME,
- M_WAITOK);
- if (sin6_p == NULL)
- return ENOBUFS;
- sin_p = (struct sockaddr_in *)*nam;
- in6_sin_2_v4mapsin6(sin_p, sin6_p);
- FREE(*nam, M_SONAME);
- *nam = (struct sockaddr *)sin6_p;
+ bzero(&ev_msg, sizeof(ev_msg));
+ bzero(&nd6_event, sizeof(nd6_event));
- return 0;
-}
+ nd6log0(info, "%s Event %s received for %s\n",
+ __func__, in6_event2kev_array[in6_ev_code].in6_event_str,
+ ip6_sprintf(p_addr6));
-/*
- * Posts in6_event_data message kernel events.
- *
- * To get the same size of kev_in6_data between ILP32 and LP64 data models
- * we are using a special version of the in6_addrlifetime structure that
- * uses only 32 bits fields to be compatible with Leopard, and that
- * are large enough to span 68 years.
- */
-void
-in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa)
-{
- struct kev_msg ev_msg;
- struct kev_in6_data in6_event_data;
-
- ev_msg.vendor_code = KEV_VENDOR_APPLE;
- ev_msg.kev_class = KEV_NETWORK_CLASS;
- ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
- ev_msg.event_code = event_code;
-
- in6_event_data.ia_addr = ifa->ia_addr;
- in6_event_data.ia_net = ifa->ia_net;
- in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
- in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
- in6_event_data.ia_plen = ifa->ia_plen;
- in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
-
- in6_event_data.ia_lifetime.ia6t_expire =
- ifa->ia6_lifetime.ia6t_expire;
- in6_event_data.ia_lifetime.ia6t_preferred =
- ifa->ia6_lifetime.ia6t_preferred;
- in6_event_data.ia_lifetime.ia6t_vltime =
- ifa->ia6_lifetime.ia6t_vltime;
- in6_event_data.ia_lifetime.ia6t_pltime =
- ifa->ia6_lifetime.ia6t_pltime;
+ ev_msg.vendor_code = KEV_VENDOR_APPLE;
+ ev_msg.kev_class = KEV_NETWORK_CLASS;
+ ev_msg.kev_subclass =
+ in6_event2kev_array[in6_ev_code].in6_event_kev_subclass;
+ ev_msg.event_code =
+ in6_event2kev_array[in6_ev_code].in6_event_kev_code;
- if (ifp != NULL) {
- strncpy(&in6_event_data.link_data.if_name[0],
- ifp->if_name, IFNAMSIZ);
- in6_event_data.link_data.if_family = ifp->if_family;
- in6_event_data.link_data.if_unit = (u_int32_t) ifp->if_unit;
- }
+ nd6_event.link_data.if_family = ifp->if_family;
+ nd6_event.link_data.if_unit = ifp->if_unit;
+ strlcpy(nd6_event.link_data.if_name, ifp->if_name,
+ sizeof(nd6_event.link_data.if_name));
- ev_msg.dv[0].data_ptr = &in6_event_data;
- ev_msg.dv[0].data_length = sizeof (in6_event_data);
- ev_msg.dv[1].data_length = 0;
+ VERIFY(p_addr6 != NULL);
+ bcopy(p_addr6, &nd6_event.in6_address,
+ sizeof(nd6_event.in6_address));
+ nd6_event.val = val;
+
+ ev_msg.dv[0].data_ptr = &nd6_event;
+ ev_msg.dv[0].data_length = sizeof(nd6_event);
kev_post_msg(&ev_msg);
}
-/*
- * Called as part of ip6_init
- */
+static void
+in6_event_callback(void *arg)
+{
+ struct in6_event *p_in6_ev = (struct in6_event *)arg;
+
+ EVENTHANDLER_INVOKE(&in6_evhdlr_ctxt, in6_event,
+ p_in6_ev->in6_event_code, p_in6_ev->in6_ifp,
+ &p_in6_ev->in6_address, p_in6_ev->val);
+}
+
+struct in6_event_nwk_wq_entry {
+ struct nwk_wq_entry nwk_wqe;
+ struct in6_event in6_ev_arg;
+};
+
void
-in6_ifaddr_init(void)
+in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,
+ struct ifnet *ifp, struct in6_addr *p_addr6,
+ uint32_t val)
{
- PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof (in6ifa_debug));
+ struct in6_event_nwk_wq_entry *p_in6_ev = NULL;
- in6ifa_size = (in6ifa_debug == 0) ? sizeof (struct in6_ifaddr) :
- sizeof (struct in6_ifaddr_dbg);
+ MALLOC(p_in6_ev, struct in6_event_nwk_wq_entry *,
+ sizeof(struct in6_event_nwk_wq_entry),
+ M_NWKWQ, M_WAITOK | M_ZERO);
- in6ifa_zone = zinit(in6ifa_size, IN6IFA_ZONE_MAX * in6ifa_size,
- 0, IN6IFA_ZONE_NAME);
- if (in6ifa_zone == NULL)
- panic("%s: failed allocating %s", __func__, IN6IFA_ZONE_NAME);
+ p_in6_ev->nwk_wqe.func = in6_event_callback;
+ p_in6_ev->nwk_wqe.is_arg_managed = TRUE;
+ p_in6_ev->nwk_wqe.arg = &p_in6_ev->in6_ev_arg;
- zone_change(in6ifa_zone, Z_EXPAND, TRUE);
+ p_in6_ev->in6_ev_arg.in6_event_code = in6_event_code;
+ p_in6_ev->in6_ev_arg.in6_ifp = ifp;
+ if (p_addr6 != NULL) {
+ bcopy(p_addr6, &p_in6_ev->in6_ev_arg.in6_address,
+ sizeof(p_in6_ev->in6_ev_arg.in6_address));
+ }
+ p_in6_ev->in6_ev_arg.val = val;
+
+ nwk_wq_enqueue((struct nwk_wq_entry*)p_in6_ev);
}
-static struct in6_ifaddr *
-in6_ifaddr_alloc(int how)
+/*
+ * Caller must hold in6_ifaddr_rwlock as writer.
+ */
+static void
+in6_iahash_remove(struct in6_ifaddr *ia)
{
- struct in6_ifaddr *in6ifa;
+ LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
+ IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
- in6ifa = (how == M_WAITOK) ? zalloc(in6ifa_zone) :
- zalloc_noblock(in6ifa_zone);
- if (in6ifa != NULL) {
- bzero(in6ifa, in6ifa_size);
- in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
- in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC;
- if (in6ifa_debug != 0) {
- struct in6_ifaddr_dbg *in6ifa_dbg =
- (struct in6_ifaddr_dbg *)in6ifa;
- in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG;
- in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
- ctrace_record(&in6ifa_dbg->in6ifa_alloc);
- }
+ if (!IA6_IS_HASHED(ia)) {
+ panic("%s: attempt to remove wrong ia %p from ipv6 hash table\n", __func__, ia);
+ /* NOTREACHED */
+ }
+ TAILQ_REMOVE(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
+ IA6_HASH_INIT(ia);
+ if (IFA_REMREF_LOCKED(&ia->ia_ifa) == NULL) {
+ panic("%s: unexpected (missing) refcnt ifa=%p", __func__,
+ &ia->ia_ifa);
+ /* NOTREACHED */
}
- return (in6ifa);
}
+/*
+ * Caller must hold in6_ifaddr_rwlock as writer.
+ */
static void
-in6_ifaddr_free(struct ifaddr *ifa)
+in6_iahash_insert(struct in6_ifaddr *ia)
{
- if (ifa->ifa_refcnt != 0)
- panic("%s: ifa %p bad ref cnt", __func__, ifa);
- if (!(ifa->ifa_debug & IFD_ALLOC))
- panic("%s: ifa %p cannot be freed", __func__, ifa);
+ LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
+ IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
- if (ifa->ifa_debug & IFD_DEBUG) {
- struct in6_ifaddr_dbg *in6ifa_dbg =
- (struct in6_ifaddr_dbg *)ifa;
- ctrace_record(&in6ifa_dbg->in6ifa_free);
- bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
- sizeof (struct in6_ifaddr));
+ if (ia->ia_addr.sin6_family != AF_INET6) {
+ panic("%s: attempt to insert wrong ia %p into hash table\n", __func__, ia);
+ /* NOTREACHED */
+ } else if (IA6_IS_HASHED(ia)) {
+ panic("%s: attempt to double-insert ia %p into hash table\n", __func__, ia);
+ /* NOTREACHED */
}
- bzero(ifa, sizeof (struct in6_ifaddr));
- zfree(in6ifa_zone, ifa);
+ TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
+ ia, ia6_hash);
+ IFA_ADDREF_LOCKED(&ia->ia_ifa);
}
+/*
+ * Some point to point interfaces that are tunnels borrow the address from
+ * an underlying interface (e.g. VPN server). In order for source address
+ * selection logic to find the underlying interface first, we add the address
+ * of borrowing point to point interfaces at the end of the list.
+ * (see rdar://6733789)
+ *
+ * Caller must hold in6_ifaddr_rwlock as writer.
+ */
static void
-in6_ifaddr_trace(struct ifaddr *ifa, int refhold)
+in6_iahash_insert_ptp(struct in6_ifaddr *ia)
{
- struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa;
- ctrace_t *tr;
- u_int32_t idx;
- u_int16_t *cnt;
+ struct in6_ifaddr *tmp_ifa;
+ struct ifnet *tmp_ifp;
- if (!(ifa->ifa_debug & IFD_DEBUG))
- panic("%s: ifa %p has no debug structure", __func__, ifa);
+ LCK_RW_ASSERT(&in6_ifaddr_rwlock, LCK_RW_ASSERT_EXCLUSIVE);
+ IFA_LOCK_ASSERT_HELD(&ia->ia_ifa);
- if (refhold) {
- cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
- tr = in6ifa_dbg->in6ifa_refhold;
- } else {
- cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
- tr = in6ifa_dbg->in6ifa_refrele;
+ if (ia->ia_addr.sin6_family != AF_INET6) {
+ panic("%s: attempt to insert wrong ia %p into hash table\n", __func__, ia);
+ /* NOTREACHED */
+ } else if (IA6_IS_HASHED(ia)) {
+ panic("%s: attempt to double-insert ia %p into hash table\n", __func__, ia);
+ /* NOTREACHED */
+ }
+ IFA_UNLOCK(&ia->ia_ifa);
+ TAILQ_FOREACH(tmp_ifa, IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia6_hash) {
+ IFA_LOCK(&tmp_ifa->ia_ifa);
+ /* ia->ia_addr won't change, so check without lock */
+ if (IN6_ARE_ADDR_EQUAL(&tmp_ifa->ia_addr.sin6_addr, &ia->ia_addr.sin6_addr)) {
+ IFA_UNLOCK(&tmp_ifa->ia_ifa);
+ break;
+ }
+ IFA_UNLOCK(&tmp_ifa->ia_ifa);
}
+ tmp_ifp = (tmp_ifa == NULL) ? NULL : tmp_ifa->ia_ifp;
- idx = OSAddAtomic16(1, (volatile SInt16 *)cnt) % CTRACE_HIST_SIZE;
- ctrace_record(&tr[idx]);
+ IFA_LOCK(&ia->ia_ifa);
+ if (tmp_ifp == NULL) {
+ TAILQ_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
+ ia, ia6_hash);
+ } else {
+ TAILQ_INSERT_TAIL(IN6ADDR_HASH(&ia->ia_addr.sin6_addr),
+ ia, ia6_hash);
+ }
+ IFA_ADDREF_LOCKED(&ia->ia_ifa);
}
projects / apple / xnu.git / blobdiff