/*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2018 Apple Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
- *
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License"). You may not use this file except in compliance with the
- * License. Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
- * License for the specific language governing rights and limitations
- * under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
-/* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */
+/* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
#include <sys/sysctl.h>
#include <sys/malloc.h>
+#include <libkern/OSAtomic.h>
#include <net/if.h>
#include <net/route.h>
#include <netinet/ip6.h>
#endif
-#if MROUTING
-#include <netinet/ip_mroute.h>
-#endif /* MROUTING */
-
-#include <net/if_gif.h>
+#include <net/if_gif.h>
#include <net/net_osdep.h>
int ip_gif_ttl = GIF_TTL;
-SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
+SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW | CTLFLAG_LOCKED,
&ip_gif_ttl, 0, "");
int
-in_gif_output(ifp, family, m, rt)
- struct ifnet *ifp;
- int family;
- struct mbuf *m;
- struct rtentry *rt;
+in_gif_output(
+ struct ifnet *ifp,
+ int family,
+ struct mbuf *m,
+ __unused struct rtentry *rt)
{
- struct gif_softc *sc = (struct gif_softc*)ifp;
- struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst;
- struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc;
- struct sockaddr_in *sin_dst = (struct sockaddr_in *)sc->gif_pdst;
+ struct gif_softc *sc = ifnet_softc(ifp);
+ struct sockaddr_in *dst = (struct sockaddr_in *)
+ (void *)&sc->gif_ro.ro_dst;
+ struct sockaddr_in *sin_src = (struct sockaddr_in *)
+ (void *)sc->gif_psrc;
+ struct sockaddr_in *sin_dst = (struct sockaddr_in *)
+ (void *)sc->gif_pdst;
struct ip iphdr; /* capsule IP header, host byte ordered */
int proto, error;
u_int8_t tos;
+ struct ip_out_args ipoa;
+
+ bzero(&ipoa, sizeof(ipoa));
+ ipoa.ipoa_boundif = IFSCOPE_NONE;
+ ipoa.ipoa_flags = IPOAF_SELECT_SRCIF;
+ ipoa.ipoa_sotc = SO_TC_UNSPEC;
+ ipoa.ipoa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
+
+ GIF_LOCK_ASSERT(sc);
if (sin_src == NULL || sin_dst == NULL ||
sin_src->sin_family != AF_INET ||
sin_dst->sin_family != AF_INET) {
m_freem(m);
- return EAFNOSUPPORT;
+ return (EAFNOSUPPORT);
}
switch (family) {
struct ip *ip;
proto = IPPROTO_IPV4;
- if (m->m_len < sizeof(*ip)) {
- m = m_pullup(m, sizeof(*ip));
+ if (mbuf_len(m) < sizeof (*ip)) {
+ m = m_pullup(m, sizeof (*ip));
if (!m)
- return ENOBUFS;
+ return (ENOBUFS);
}
ip = mtod(m, struct ip *);
tos = ip->ip_tos;
break;
}
-#endif /*INET*/
+#endif /* INET */
#if INET6
case AF_INET6:
{
struct ip6_hdr *ip6;
proto = IPPROTO_IPV6;
- if (m->m_len < sizeof(*ip6)) {
- m = m_pullup(m, sizeof(*ip6));
+ if (mbuf_len(m) < sizeof (*ip6)) {
+ m = m_pullup(m, sizeof (*ip6));
if (!m)
- return ENOBUFS;
+ return (ENOBUFS);
}
ip6 = mtod(m, struct ip6_hdr *);
tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
break;
}
-#endif /*INET6*/
+#endif /* INET6 */
default:
#if DEBUG
printf("in_gif_output: warning: unknown family %d passed\n",
family);
#endif
m_freem(m);
- return EAFNOSUPPORT;
+ return (EAFNOSUPPORT);
}
- bzero(&iphdr, sizeof(iphdr));
+ bzero(&iphdr, sizeof (iphdr));
iphdr.ip_src = sin_src->sin_addr;
/* bidirectional configured tunnel mode */
if (sin_dst->sin_addr.s_addr != INADDR_ANY)
iphdr.ip_dst = sin_dst->sin_addr;
else {
m_freem(m);
- return ENETUNREACH;
+ return (ENETUNREACH);
}
iphdr.ip_p = proto;
/* version will be set in ip_output() */
iphdr.ip_ttl = ip_gif_ttl;
- iphdr.ip_len = m->m_pkthdr.len + sizeof(struct ip);
+ iphdr.ip_len = m->m_pkthdr.len + sizeof (struct ip);
if (ifp->if_flags & IFF_LINK1)
- ip_ecn_ingress(ECN_ALLOWED, &iphdr.ip_tos, &tos);
+ ip_ecn_ingress(ECN_NORMAL, &iphdr.ip_tos, &tos);
else
ip_ecn_ingress(ECN_NOCARE, &iphdr.ip_tos, &tos);
/* prepend new IP header */
- M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
- if (m && m->m_len < sizeof(struct ip))
- m = m_pullup(m, sizeof(struct ip));
+ M_PREPEND(m, sizeof (struct ip), M_DONTWAIT, 0);
+ if (m && mbuf_len(m) < sizeof (struct ip))
+ m = m_pullup(m, sizeof (struct ip));
if (m == NULL) {
printf("ENOBUFS in in_gif_output %d\n", __LINE__);
- return ENOBUFS;
+ return (ENOBUFS);
}
- bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip));
+ bcopy(&iphdr, mtod(m, struct ip *), sizeof (struct ip));
- if (dst->sin_family != sin_dst->sin_family ||
- dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr) {
- /* cache route doesn't match */
+ if (ROUTE_UNUSABLE(&sc->gif_ro) ||
+ dst->sin_family != sin_dst->sin_family ||
+ dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr ||
+ (sc->gif_ro.ro_rt != NULL && sc->gif_ro.ro_rt->rt_ifp == ifp)) {
+ /* cache route doesn't match or recursive route */
dst->sin_family = sin_dst->sin_family;
- dst->sin_len = sizeof(struct sockaddr_in);
+ dst->sin_len = sizeof (struct sockaddr_in);
dst->sin_addr = sin_dst->sin_addr;
- if (sc->gif_ro.ro_rt) {
- rtfree(sc->gif_ro.ro_rt);
- sc->gif_ro.ro_rt = NULL;
- }
+ ROUTE_RELEASE(&sc->gif_ro);
#if 0
sc->gif_if.if_mtu = GIF_MTU;
#endif
rtalloc(&sc->gif_ro);
if (sc->gif_ro.ro_rt == NULL) {
m_freem(m);
- return ENETUNREACH;
+ return (ENETUNREACH);
}
/* if it constitutes infinite encapsulation, punt. */
+ RT_LOCK(sc->gif_ro.ro_rt);
if (sc->gif_ro.ro_rt->rt_ifp == ifp) {
+ RT_UNLOCK(sc->gif_ro.ro_rt);
m_freem(m);
- return ENETUNREACH; /*XXX*/
+ return (ENETUNREACH); /* XXX */
}
#if 0
ifp->if_mtu = sc->gif_ro.ro_rt->rt_ifp->if_mtu
- - sizeof(struct ip);
+ - sizeof (struct ip);
#endif
+ RT_UNLOCK(sc->gif_ro.ro_rt);
}
- error = ip_output(m, NULL, &sc->gif_ro, 0, NULL);
- return(error);
+ error = ip_output(m, NULL, &sc->gif_ro, IP_OUTARGS, NULL, &ipoa);
+
+ return (error);
}
void
-in_gif_input(m, off)
- struct mbuf *m;
- int off;
+in_gif_input(struct mbuf *m, int off)
{
struct ifnet *gifp = NULL;
struct ip *ip;
- int i, af, proto;
- u_int8_t otos;
+ int af, proto;
+ u_int8_t otos, old_tos;
+ int egress_success = 0;
+ int sum;
ip = mtod(m, struct ip *);
proto = ip->ip_p;
- gifp = (struct ifnet *)encap_getarg(m);
+ gifp = ((struct gif_softc *)encap_getarg(m))->gif_if;
if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
m_freem(m);
- ipstat.ips_nogif++;
+ OSAddAtomic(1, &ipstat.ips_nogif);
return;
}
#if INET
case IPPROTO_IPV4:
{
- struct ip *ip;
af = AF_INET;
- if (m->m_len < sizeof(*ip)) {
- m = m_pullup(m, sizeof(*ip));
+ if (mbuf_len(m) < sizeof (*ip)) {
+ m = m_pullup(m, sizeof (*ip));
if (!m)
return;
}
ip = mtod(m, struct ip *);
- if (gifp->if_flags & IFF_LINK1)
- ip_ecn_egress(ECN_ALLOWED, &otos, &ip->ip_tos);
- else
- ip_ecn_egress(ECN_NOCARE, &otos, &ip->ip_tos);
+ if (gifp->if_flags & IFF_LINK1) {
+ old_tos = ip->ip_tos;
+ egress_success = ip_ecn_egress(ECN_NORMAL, &otos, &ip->ip_tos);
+ if (old_tos != ip->ip_tos) {
+ sum = ~ntohs(ip->ip_sum) & 0xffff;
+ sum += (~otos & 0xffff) + ip->ip_tos;
+ sum = (sum >> 16) + (sum & 0xffff);
+ sum += (sum >> 16); /* add carry */
+ ip->ip_sum = htons(~sum & 0xffff);
+ }
+ } else
+ egress_success = ip_ecn_egress(ECN_NOCARE, &otos, &ip->ip_tos);
break;
}
#endif
struct ip6_hdr *ip6;
u_int8_t itos;
af = AF_INET6;
- if (m->m_len < sizeof(*ip6)) {
- m = m_pullup(m, sizeof(*ip6));
+ if (mbuf_len(m) < sizeof (*ip6)) {
+ m = m_pullup(m, sizeof (*ip6));
if (!m)
return;
}
ip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if (gifp->if_flags & IFF_LINK1)
- ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
+ egress_success = ip_ecn_egress(ECN_NORMAL, &otos, &itos);
else
- ip_ecn_egress(ECN_NOCARE, &otos, &itos);
+ egress_success = ip_ecn_egress(ECN_NOCARE, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
break;
}
#endif /* INET6 */
default:
- ipstat.ips_nogif++;
+ OSAddAtomic(1, &ipstat.ips_nogif);
+ m_freem(m);
+ return;
+ }
+
+ if (egress_success == 0) {
+ OSAddAtomic(1, &ipstat.ips_nogif);
m_freem(m);
return;
}
+
#ifdef __APPLE__
- /* Should we free m if dlil_input returns an error? */
- if (m->m_pkthdr.rcvif) /* replace the rcvif by gifp for dlil to route it correctly */
+ /* Replace the rcvif by gifp for dlil to route it correctly */
+ if (m->m_pkthdr.rcvif)
m->m_pkthdr.rcvif = gifp;
- dlil_input_packet(gifp, m, NULL);
+ ifnet_input(gifp, m, NULL);
#else
gif_input(m, af, gifp);
#endif
- return;
}
/*
- * we know that we are in IFF_UP, outer address available, and outer family
+ * We know that we are in IFF_UP, outer address available, and outer family
* matched the physical addr family. see gif_encapcheck().
*/
int
-gif_encapcheck4(m, off, proto, arg)
- const struct mbuf *m;
- int off;
- int proto;
- void *arg;
+gif_encapcheck4(
+ const struct mbuf *m,
+ __unused int off,
+ __unused int proto,
+ void *arg)
{
struct ip ip;
struct gif_softc *sc;
/* sanity check done in caller */
sc = (struct gif_softc *)arg;
- src = (struct sockaddr_in *)sc->gif_psrc;
- dst = (struct sockaddr_in *)sc->gif_pdst;
+ src = (struct sockaddr_in *)(void *)sc->gif_psrc;
+ dst = (struct sockaddr_in *)(void *)sc->gif_pdst;
+
+ GIF_LOCK_ASSERT(sc);
- /* LINTED const cast */
- m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip);
+ mbuf_copydata((struct mbuf *)(size_t)m, 0, sizeof (ip), &ip);
/* check for address match */
addrmatch = 0;
if (dst->sin_addr.s_addr == ip.ip_src.s_addr)
addrmatch |= 2;
if (addrmatch != 3)
- return 0;
+ return (0);
/* martian filters on outer source - NOT done in ip_input! */
if (IN_MULTICAST(ntohl(ip.ip_src.s_addr)))
- return 0;
+ return (0);
switch ((ntohl(ip.ip_src.s_addr) & 0xff000000) >> 24) {
case 0: case 127: case 255:
- return 0;
+ return (0);
}
/* reject packets with broadcast on source */
+ lck_rw_lock_shared(in_ifaddr_rwlock);
for (ia4 = TAILQ_FIRST(&in_ifaddrhead); ia4;
- ia4 = TAILQ_NEXT(ia4, ia_link))
- {
- if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
+ ia4 = TAILQ_NEXT(ia4, ia_link)) {
+ if ((ifnet_flags(ia4->ia_ifa.ifa_ifp) & IFF_BROADCAST) == 0)
continue;
- if (ip.ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr)
- return 0;
+ IFA_LOCK(&ia4->ia_ifa);
+ if (ip.ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
+ IFA_UNLOCK(&ia4->ia_ifa);
+ lck_rw_done(in_ifaddr_rwlock);
+ return (0);
+ }
+ IFA_UNLOCK(&ia4->ia_ifa);
}
+ lck_rw_done(in_ifaddr_rwlock);
/* ingress filters on outer source */
- if ((sc->gif_if.if_flags & IFF_LINK2) == 0 &&
+ if ((ifnet_flags(sc->gif_if) & IFF_LINK2) == 0 &&
(m->m_flags & M_PKTHDR) != 0 && m->m_pkthdr.rcvif) {
struct sockaddr_in sin;
struct rtentry *rt;
- bzero(&sin, sizeof(sin));
+ bzero(&sin, sizeof (sin));
sin.sin_family = AF_INET;
- sin.sin_len = sizeof(struct sockaddr_in);
+ sin.sin_len = sizeof (struct sockaddr_in);
sin.sin_addr = ip.ip_src;
- rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
- if (!rt || rt->rt_ifp != m->m_pkthdr.rcvif) {
-#if 0
- log(LOG_WARNING, "%s: packet from 0x%x dropped "
- "due to ingress filter\n", if_name(&sc->gif_if),
- (u_int32_t)ntohl(sin.sin_addr.s_addr));
-#endif
- if (rt)
+ rt = rtalloc1_scoped((struct sockaddr *)&sin, 0, 0,
+ m->m_pkthdr.rcvif->if_index);
+ if (rt != NULL)
+ RT_LOCK(rt);
+ if (rt == NULL || rt->rt_ifp != m->m_pkthdr.rcvif) {
+ if (rt != NULL) {
+ RT_UNLOCK(rt);
rtfree(rt);
- return 0;
+ }
+ return (0);
}
+ RT_UNLOCK(rt);
rtfree(rt);
}
- return 32 * 2;
+ return (32 * 2);
}