+ if (ifunit_extract(name, namebuf, sizeof (namebuf), &unit) < 0)
+ return (NULL);
+
+ /* for safety, since we use strcmp() below */
+ namebuf[sizeof (namebuf) - 1] = '\0';
+
+ /*
+ * Now search all the interfaces for this name/number
+ */
+ ifnet_head_lock_shared();
+ TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+ /*
+ * Use strcmp() rather than strncmp() here,
+ * since we want to match the entire string.
+ */
+ if (strcmp(ifp->if_name, namebuf))
+ continue;
+ if (unit == ifp->if_unit)
+ break;
+ }
+
+ /* if called from ifunit_ref() and ifnet is not attached, bail */
+ if (hold && ifp != NULL && !ifnet_is_attached(ifp, 1))
+ ifp = NULL;
+
+ ifnet_head_done();
+ return (ifp);
+}
+
+struct ifnet *
+ifunit(const char *name)
+{
+ return (ifunit_common(name, FALSE));
+}
+
+/*
+ * Similar to ifunit(), except that we hold an I/O reference count on an
+ * attached interface, which must later be released via ifnet_decr_iorefcnt().
+ * Will return NULL unless interface exists and is fully attached.
+ */
+struct ifnet *
+ifunit_ref(const char *name)
+{
+ return (ifunit_common(name, TRUE));
+}
+
+/*
+ * Map interface name in a sockaddr_dl to
+ * interface structure pointer.
+ */
+struct ifnet *
+if_withname(struct sockaddr *sa)
+{
+ char ifname[IFNAMSIZ+1];
+ struct sockaddr_dl *sdl = (struct sockaddr_dl *)(void *)sa;
+
+ if ((sa->sa_family != AF_LINK) || (sdl->sdl_nlen == 0) ||
+ (sdl->sdl_nlen > IFNAMSIZ))
+ return (NULL);
+
+ /*
+ * ifunit wants a null-terminated name. It may not be null-terminated
+ * in the sockaddr. We don't want to change the caller's sockaddr,
+ * and there might not be room to put the trailing null anyway, so we
+ * make a local copy that we know we can null terminate safely.
+ */
+
+ bcopy(sdl->sdl_data, ifname, sdl->sdl_nlen);
+ ifname[sdl->sdl_nlen] = '\0';
+ return (ifunit(ifname));
+}
+
+static __attribute__((noinline)) int
+ifioctl_ifconf(u_long cmd, caddr_t data)
+{
+ int error = 0;
+
+ switch (cmd) {
+ case OSIOCGIFCONF32: /* struct ifconf32 */
+ case SIOCGIFCONF32: { /* struct ifconf32 */
+ struct ifconf32 ifc;
+ bcopy(data, &ifc, sizeof (ifc));
+ error = ifconf(cmd, CAST_USER_ADDR_T(ifc.ifc_req),
+ &ifc.ifc_len);
+ bcopy(&ifc, data, sizeof (ifc));
+ break;
+ }
+
+ case SIOCGIFCONF64: /* struct ifconf64 */
+ case OSIOCGIFCONF64: { /* struct ifconf64 */
+ struct ifconf64 ifc;
+ bcopy(data, &ifc, sizeof (ifc));
+ error = ifconf(cmd, ifc.ifc_req, &ifc.ifc_len);
+ bcopy(&ifc, data, sizeof (ifc));
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_ifclone(u_long cmd, caddr_t data)
+{
+ int error = 0;
+
+ switch (cmd) {
+ case SIOCIFGCLONERS32: { /* struct if_clonereq32 */
+ struct if_clonereq32 ifcr;
+ bcopy(data, &ifcr, sizeof (ifcr));
+ error = if_clone_list(ifcr.ifcr_count, &ifcr.ifcr_total,
+ CAST_USER_ADDR_T(ifcr.ifcru_buffer));
+ bcopy(&ifcr, data, sizeof (ifcr));
+ break;
+ }
+
+ case SIOCIFGCLONERS64: { /* struct if_clonereq64 */
+ struct if_clonereq64 ifcr;
+ bcopy(data, &ifcr, sizeof (ifcr));
+ error = if_clone_list(ifcr.ifcr_count, &ifcr.ifcr_total,
+ ifcr.ifcru_buffer);
+ bcopy(&ifcr, data, sizeof (ifcr));
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_ifdesc(struct ifnet *ifp, u_long cmd, caddr_t data, struct proc *p)
+{
+ struct if_descreq *ifdr = (struct if_descreq *)(void *)data;
+ u_int32_t ifdr_len;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCSIFDESC: { /* struct if_descreq */
+ if ((error = proc_suser(p)) != 0)
+ break;
+
+ ifnet_lock_exclusive(ifp);
+ bcopy(&ifdr->ifdr_len, &ifdr_len, sizeof (ifdr_len));
+ if (ifdr_len > sizeof (ifdr->ifdr_desc) ||
+ ifdr_len > ifp->if_desc.ifd_maxlen) {
+ error = EINVAL;
+ ifnet_lock_done(ifp);
+ break;
+ }
+
+ bzero(ifp->if_desc.ifd_desc, ifp->if_desc.ifd_maxlen);
+ if ((ifp->if_desc.ifd_len = ifdr_len) > 0) {
+ bcopy(ifdr->ifdr_desc, ifp->if_desc.ifd_desc,
+ MIN(ifdr_len, ifp->if_desc.ifd_maxlen));
+ }
+ ifnet_lock_done(ifp);
+ break;
+ }
+
+ case SIOCGIFDESC: { /* struct if_descreq */
+ ifnet_lock_shared(ifp);
+ ifdr_len = MIN(ifp->if_desc.ifd_len, sizeof (ifdr->ifdr_desc));
+ bcopy(&ifdr_len, &ifdr->ifdr_len, sizeof (ifdr_len));
+ bzero(&ifdr->ifdr_desc, sizeof (ifdr->ifdr_desc));
+ if (ifdr_len > 0) {
+ bcopy(ifp->if_desc.ifd_desc, ifdr->ifdr_desc, ifdr_len);
+ }
+ ifnet_lock_done(ifp);
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_linkparams(struct ifnet *ifp, u_long cmd, caddr_t data, struct proc *p)
+{
+ struct if_linkparamsreq *iflpr =
+ (struct if_linkparamsreq *)(void *)data;
+ struct ifclassq *ifq;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+ ifq = &ifp->if_snd;
+
+ switch (cmd) {
+ case SIOCSIFLINKPARAMS: { /* struct if_linkparamsreq */
+ struct tb_profile tb = { 0, 0, 0 };
+
+ if ((error = proc_suser(p)) != 0)
+ break;
+
+
+ IFCQ_LOCK(ifq);
+ if (!IFCQ_IS_READY(ifq)) {
+ error = ENXIO;
+ IFCQ_UNLOCK(ifq);
+ break;
+ }
+ bcopy(&iflpr->iflpr_output_tbr_rate, &tb.rate,
+ sizeof (tb.rate));
+ bcopy(&iflpr->iflpr_output_tbr_percent, &tb.percent,
+ sizeof (tb.percent));
+ error = ifclassq_tbr_set(ifq, &tb, TRUE);
+ IFCQ_UNLOCK(ifq);
+ break;
+ }
+
+ case SIOCGIFLINKPARAMS: { /* struct if_linkparamsreq */
+ u_int32_t sched_type = PKTSCHEDT_NONE, flags = 0;
+ u_int64_t tbr_bw = 0, tbr_pct = 0;
+
+ IFCQ_LOCK(ifq);
+
+ if (IFCQ_IS_ENABLED(ifq))
+ sched_type = ifq->ifcq_type;
+
+ bcopy(&sched_type, &iflpr->iflpr_output_sched,
+ sizeof (iflpr->iflpr_output_sched));
+
+ if (IFCQ_TBR_IS_ENABLED(ifq)) {
+ tbr_bw = ifq->ifcq_tbr.tbr_rate_raw;
+ tbr_pct = ifq->ifcq_tbr.tbr_percent;
+ }
+ bcopy(&tbr_bw, &iflpr->iflpr_output_tbr_rate,
+ sizeof (iflpr->iflpr_output_tbr_rate));
+ bcopy(&tbr_pct, &iflpr->iflpr_output_tbr_percent,
+ sizeof (iflpr->iflpr_output_tbr_percent));
+ IFCQ_UNLOCK(ifq);
+
+ if (ifp->if_output_sched_model ==
+ IFNET_SCHED_MODEL_DRIVER_MANAGED)
+ flags |= IFLPRF_DRVMANAGED;
+ bcopy(&flags, &iflpr->iflpr_flags, sizeof (iflpr->iflpr_flags));
+ bcopy(&ifp->if_output_bw, &iflpr->iflpr_output_bw,
+ sizeof (iflpr->iflpr_output_bw));
+ bcopy(&ifp->if_input_bw, &iflpr->iflpr_input_bw,
+ sizeof (iflpr->iflpr_input_bw));
+ bcopy(&ifp->if_output_lt, &iflpr->iflpr_output_lt,
+ sizeof (iflpr->iflpr_output_lt));
+ bcopy(&ifp->if_input_lt, &iflpr->iflpr_input_lt,
+ sizeof (iflpr->iflpr_input_lt));
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_qstats(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct if_qstatsreq *ifqr = (struct if_qstatsreq *)(void *)data;
+ u_int32_t ifqr_len, ifqr_slot;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCGIFQUEUESTATS: { /* struct if_qstatsreq */
+ bcopy(&ifqr->ifqr_slot, &ifqr_slot, sizeof (ifqr_slot));
+ bcopy(&ifqr->ifqr_len, &ifqr_len, sizeof (ifqr_len));
+ error = ifclassq_getqstats(&ifp->if_snd, ifqr_slot,
+ ifqr->ifqr_buf, &ifqr_len);
+ if (error != 0)
+ ifqr_len = 0;
+ bcopy(&ifqr_len, &ifqr->ifqr_len, sizeof (ifqr_len));
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_throttle(struct ifnet *ifp, u_long cmd, caddr_t data, struct proc *p)
+{
+ struct if_throttlereq *ifthr = (struct if_throttlereq *)(void *)data;
+ u_int32_t ifthr_level;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCSIFTHROTTLE: { /* struct if_throttlereq */
+ /*
+ * XXX: Use priv_check_cred() instead of root check?
+ */
+ if ((error = proc_suser(p)) != 0)
+ break;
+
+ bcopy(&ifthr->ifthr_level, &ifthr_level, sizeof (ifthr_level));
+ error = ifnet_set_throttle(ifp, ifthr_level);
+ if (error == EALREADY)
+ error = 0;
+ break;
+ }
+
+ case SIOCGIFTHROTTLE: { /* struct if_throttlereq */
+ if ((error = ifnet_get_throttle(ifp, &ifthr_level)) == 0) {
+ bcopy(&ifthr_level, &ifthr->ifthr_level,
+ sizeof (ifthr_level));
+ }
+ break;
+ }
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static int
+ifioctl_getnetagents(struct ifnet *ifp, u_int32_t *count, user_addr_t uuid_p)
+{
+ int error = 0;
+ u_int32_t index = 0;
+ u_int32_t valid_netagent_count = 0;
+ *count = 0;
+
+ ifnet_lock_assert(ifp, IFNET_LCK_ASSERT_SHARED);
+
+ if (ifp->if_agentids != NULL) {
+ for (index = 0; index < ifp->if_agentcount; index++) {
+ uuid_t *netagent_uuid = &(ifp->if_agentids[index]);
+ if (!uuid_is_null(*netagent_uuid)) {
+ if (uuid_p != USER_ADDR_NULL) {
+ error = copyout(netagent_uuid,
+ uuid_p + sizeof(uuid_t) * valid_netagent_count,
+ sizeof(uuid_t));
+ if (error != 0) {
+ return (error);
+ }
+ }
+ valid_netagent_count++;
+ }
+ }
+ }
+ *count = valid_netagent_count;
+
+ return (0);
+}
+
+#define IF_MAXAGENTS 64
+#define IF_AGENT_INCREMENT 8
+static int
+if_add_netagent_locked(struct ifnet *ifp, uuid_t new_agent_uuid)
+{
+ uuid_t *first_empty_slot = NULL;
+ u_int32_t index = 0;
+ bool already_added = FALSE;
+
+ if (ifp->if_agentids != NULL) {
+ for (index = 0; index < ifp->if_agentcount; index++) {
+ uuid_t *netagent_uuid = &(ifp->if_agentids[index]);
+ if (uuid_compare(*netagent_uuid, new_agent_uuid) == 0) {
+ /* Already present, ignore */
+ already_added = TRUE;
+ break;
+ }
+ if (first_empty_slot == NULL &&
+ uuid_is_null(*netagent_uuid)) {
+ first_empty_slot = netagent_uuid;
+ }
+ }
+ }
+ if (already_added) {
+ /* Already added agent, don't return an error */
+ return (0);
+ }
+ if (first_empty_slot == NULL) {
+ if (ifp->if_agentcount >= IF_MAXAGENTS) {
+ /* No room for another netagent UUID, bail */
+ return (ENOMEM);
+ } else {
+ /* Calculate new array size */
+ u_int32_t new_agent_count =
+ MIN(ifp->if_agentcount + IF_AGENT_INCREMENT,
+ IF_MAXAGENTS);
+
+ /* Reallocate array */
+ uuid_t *new_agent_array = _REALLOC(ifp->if_agentids,
+ sizeof(uuid_t) * new_agent_count, M_NETAGENT,
+ M_WAITOK | M_ZERO);
+ if (new_agent_array == NULL) {
+ return (ENOMEM);
+ }
+
+ /* Save new array */
+ ifp->if_agentids = new_agent_array;
+
+ /* Set first empty slot */
+ first_empty_slot =
+ &(ifp->if_agentids[ifp->if_agentcount]);
+
+ /* Save new array length */
+ ifp->if_agentcount = new_agent_count;
+ }
+ }
+ uuid_copy(*first_empty_slot, new_agent_uuid);
+ netagent_post_updated_interfaces(new_agent_uuid);
+ return (0);
+}
+
+int
+if_add_netagent(struct ifnet *ifp, uuid_t new_agent_uuid)
+{
+ VERIFY(ifp != NULL);
+
+ ifnet_lock_exclusive(ifp);
+
+ int error = if_add_netagent_locked(ifp, new_agent_uuid);
+
+ ifnet_lock_done(ifp);
+
+ return (error);
+}
+
+static int
+if_delete_netagent_locked(struct ifnet *ifp, uuid_t remove_agent_uuid)
+{
+ u_int32_t index = 0;
+ bool removed_agent_id = FALSE;
+
+ if (ifp->if_agentids != NULL) {
+ for (index = 0; index < ifp->if_agentcount; index++) {
+ uuid_t *netagent_uuid = &(ifp->if_agentids[index]);
+ if (uuid_compare(*netagent_uuid,
+ remove_agent_uuid) == 0) {
+ uuid_clear(*netagent_uuid);
+ removed_agent_id = TRUE;
+ break;
+ }
+ }
+ }
+ if (removed_agent_id)
+ netagent_post_updated_interfaces(remove_agent_uuid);
+
+ return (0);
+}
+
+int
+if_delete_netagent(struct ifnet *ifp, uuid_t remove_agent_uuid)
+{
+ VERIFY(ifp != NULL);
+
+ ifnet_lock_exclusive(ifp);
+
+ int error = if_delete_netagent_locked(ifp, remove_agent_uuid);
+
+ ifnet_lock_done(ifp);
+
+ return (error);
+}
+
+boolean_t
+if_check_netagent(struct ifnet *ifp, uuid_t find_agent_uuid)
+{
+ boolean_t found = FALSE;
+
+ if (!ifp || uuid_is_null(find_agent_uuid))
+ return FALSE;
+
+ ifnet_lock_shared(ifp);
+
+ if (ifp->if_agentids != NULL) {
+ for (uint32_t index = 0; index < ifp->if_agentcount; index++) {
+ if (uuid_compare(ifp->if_agentids[index], find_agent_uuid) == 0) {
+ found = TRUE;
+ break;
+ }
+ }
+ }
+
+ ifnet_lock_done(ifp);
+
+ return found;
+}
+
+static __attribute__((noinline)) int
+ifioctl_netagent(struct ifnet *ifp, u_long cmd, caddr_t data, struct proc *p)
+{
+ struct if_agentidreq *ifar = (struct if_agentidreq *)(void *)data;
+ union {
+ struct if_agentidsreq32 s32;
+ struct if_agentidsreq64 s64;
+ } u;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ /* Get an io ref count if the interface is attached */
+ if (!ifnet_is_attached(ifp, 1)) {
+ return (EOPNOTSUPP);
+ }
+
+ if (cmd == SIOCAIFAGENTID ||
+ cmd == SIOCDIFAGENTID) {
+ ifnet_lock_exclusive(ifp);
+ } else {
+ ifnet_lock_shared(ifp);
+ }
+
+ switch (cmd) {
+ case SIOCAIFAGENTID: { /* struct if_agentidreq */
+ // TODO: Use priv_check_cred() instead of root check
+ if ((error = proc_suser(p)) != 0) {
+ break;
+ }
+ error = if_add_netagent_locked(ifp, ifar->ifar_uuid);
+ break;
+ }
+ case SIOCDIFAGENTID: { /* struct if_agentidreq */
+ // TODO: Use priv_check_cred() instead of root check
+ if ((error = proc_suser(p)) != 0) {
+ break;
+ }
+ error = if_delete_netagent_locked(ifp, ifar->ifar_uuid);
+ break;
+ }
+ case SIOCGIFAGENTIDS32: { /* struct if_agentidsreq32 */
+ bcopy(data, &u.s32, sizeof(u.s32));
+ error = ifioctl_getnetagents(ifp, &u.s32.ifar_count,
+ u.s32.ifar_uuids);
+ if (error == 0) {
+ bcopy(&u.s32, data, sizeof(u.s32));
+ }
+ break;
+ }
+ case SIOCGIFAGENTIDS64: { /* struct if_agentidsreq64 */
+ bcopy(data, &u.s64, sizeof(u.s64));
+ error = ifioctl_getnetagents(ifp, &u.s64.ifar_count,
+ u.s64.ifar_uuids);
+ if (error == 0) {
+ bcopy(&u.s64, data, sizeof(u.s64));
+ }
+ break;
+ }
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ ifnet_lock_done(ifp);
+ ifnet_decr_iorefcnt(ifp);
+
+ return (error);
+}
+
+void
+ifnet_clear_netagent(uuid_t netagent_uuid)
+{
+ struct ifnet *ifp = NULL;
+ u_int32_t index = 0;
+
+ ifnet_head_lock_shared();
+
+ TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+ ifnet_lock_shared(ifp);
+ if (ifp->if_agentids != NULL) {
+ for (index = 0; index < ifp->if_agentcount; index++) {
+ uuid_t *ifp_netagent_uuid = &(ifp->if_agentids[index]);
+ if (uuid_compare(*ifp_netagent_uuid, netagent_uuid) == 0) {
+ uuid_clear(*ifp_netagent_uuid);
+ }
+ }
+ }
+ ifnet_lock_done(ifp);
+ }
+
+ ifnet_head_done();
+}
+
+void
+ifnet_increment_generation(ifnet_t interface)
+{
+ OSIncrementAtomic(&interface->if_generation);
+}
+
+u_int32_t
+ifnet_get_generation(ifnet_t interface)
+{
+ return (interface->if_generation);
+}
+
+void
+ifnet_remove_from_ordered_list(struct ifnet *ifp)
+{
+ ifnet_head_assert_exclusive();
+
+ // Remove from list
+ TAILQ_REMOVE(&ifnet_ordered_head, ifp, if_ordered_link);
+ ifp->if_ordered_link.tqe_next = NULL;
+ ifp->if_ordered_link.tqe_prev = NULL;
+
+ // Update ordered count
+ VERIFY(if_ordered_count > 0);
+ if_ordered_count--;
+}
+
+static int
+ifnet_reset_order(u_int32_t *ordered_indices, u_int32_t count)
+{
+ struct ifnet *ifp = NULL;
+ int error = 0;
+
+ ifnet_head_lock_exclusive();
+ for (u_int32_t order_index = 0; order_index < count; order_index++) {
+ if (ordered_indices[order_index] == IFSCOPE_NONE ||
+ ordered_indices[order_index] > (uint32_t)if_index) {
+ error = EINVAL;
+ ifnet_head_done();
+ return (error);
+ }
+ }
+ // Flush current ordered list
+ for (ifp = TAILQ_FIRST(&ifnet_ordered_head); ifp != NULL;
+ ifp = TAILQ_FIRST(&ifnet_ordered_head)) {
+ ifnet_lock_exclusive(ifp);
+ ifnet_remove_from_ordered_list(ifp);
+ ifnet_lock_done(ifp);
+ }
+
+ VERIFY(if_ordered_count == 0);
+
+ for (u_int32_t order_index = 0; order_index < count; order_index++) {
+ u_int32_t interface_index = ordered_indices[order_index];
+ ifp = ifindex2ifnet[interface_index];
+ if (ifp == NULL) {
+ continue;
+ }
+ ifnet_lock_exclusive(ifp);
+ TAILQ_INSERT_TAIL(&ifnet_ordered_head, ifp, if_ordered_link);
+ ifnet_lock_done(ifp);
+ if_ordered_count++;
+ }
+
+ ifnet_head_done();
+
+ necp_update_all_clients();
+
+ return (error);
+}
+
+int
+if_set_qosmarking_mode(struct ifnet *ifp, u_int32_t mode)
+{
+ int error = 0;
+ u_int32_t old_mode = ifp->if_qosmarking_mode;
+
+ switch (mode) {
+ case IFRTYPE_QOSMARKING_MODE_NONE:
+ ifp->if_qosmarking_mode = IFRTYPE_QOSMARKING_MODE_NONE;
+ ifp->if_eflags &= ~IFEF_QOSMARKING_CAPABLE;
+ break;
+ case IFRTYPE_QOSMARKING_FASTLANE:
+ ifp->if_qosmarking_mode = IFRTYPE_QOSMARKING_FASTLANE;
+ ifp->if_eflags |= IFEF_QOSMARKING_CAPABLE;
+ if (net_qos_policy_capable_enabled != 0)
+ ifp->if_eflags |= IFEF_QOSMARKING_ENABLED;
+ break;
+ default:
+ error = EINVAL;
+ break;
+ }
+ if (error == 0 && old_mode != ifp->if_qosmarking_mode) {
+ dlil_post_msg(ifp, KEV_DL_SUBCLASS, KEV_DL_QOS_MODE_CHANGED,
+ NULL, sizeof(struct kev_dl_rrc_state));
+
+ }
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_iforder(u_long cmd, caddr_t data)
+{
+ int error = 0;
+ u_int32_t *ordered_indices = NULL;
+ if (data == NULL) {
+ return (EINVAL);
+ }
+
+ switch (cmd) {
+ case SIOCSIFORDER: { /* struct if_order */
+ struct if_order *ifo = (struct if_order *)(void *)data;
+
+ if (ifo->ifo_count > (u_int32_t)if_index) {
+ error = EINVAL;
+ break;
+ }
+
+ size_t length = (ifo->ifo_count * sizeof(u_int32_t));
+ if (length > 0) {
+ if (ifo->ifo_ordered_indices == USER_ADDR_NULL) {
+ error = EINVAL;
+ break;
+ }
+ ordered_indices = _MALLOC(length, M_NECP, M_WAITOK);
+ if (ordered_indices == NULL) {
+ error = ENOMEM;
+ break;
+ }
+
+ error = copyin(ifo->ifo_ordered_indices,
+ ordered_indices, length);
+ if (error != 0) {
+ break;
+ }
+
+ /* ordered_indices should not contain duplicates */
+ bool found_duplicate = FALSE;
+ for (uint32_t i = 0; i < (ifo->ifo_count - 1) && !found_duplicate ; i++){
+ for (uint32_t j = i + 1; j < ifo->ifo_count && !found_duplicate ; j++){
+ if (ordered_indices[j] == ordered_indices[i]){
+ error = EINVAL;
+ found_duplicate = TRUE;
+ break;
+ }
+ }
+ }
+ if (found_duplicate) {
+ break;
+ }
+ }
+
+ error = ifnet_reset_order(ordered_indices, ifo->ifo_count);
+
+ break;
+ }
+
+ default: {
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+ }
+
+ if (ordered_indices != NULL) {
+ _FREE(ordered_indices, M_NECP);
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_netsignature(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct if_nsreq *ifnsr = (struct if_nsreq *)(void *)data;
+ u_int16_t flags;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCSIFNETSIGNATURE: /* struct if_nsreq */
+ if (ifnsr->ifnsr_len > sizeof (ifnsr->ifnsr_data)) {
+ error = EINVAL;
+ break;
+ }
+ bcopy(&ifnsr->ifnsr_flags, &flags, sizeof (flags));
+ error = ifnet_set_netsignature(ifp, ifnsr->ifnsr_family,
+ ifnsr->ifnsr_len, flags, ifnsr->ifnsr_data);
+ break;
+
+ case SIOCGIFNETSIGNATURE: /* struct if_nsreq */
+ ifnsr->ifnsr_len = sizeof (ifnsr->ifnsr_data);
+ error = ifnet_get_netsignature(ifp, ifnsr->ifnsr_family,
+ &ifnsr->ifnsr_len, &flags, ifnsr->ifnsr_data);
+ if (error == 0)
+ bcopy(&flags, &ifnsr->ifnsr_flags, sizeof (flags));
+ else
+ ifnsr->ifnsr_len = 0;
+ break;
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+#if INET6
+static __attribute__((noinline)) int
+ifioctl_nat64prefix(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct if_nat64req *ifnat64 = (struct if_nat64req *)(void *)data;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCSIFNAT64PREFIX: /* struct if_nat64req */
+ error = ifnet_set_nat64prefix(ifp, ifnat64->ifnat64_prefixes);
+ if (error != 0)
+ ip6stat.ip6s_clat464_plat64_pfx_setfail++;
+ break;
+
+ case SIOCGIFNAT64PREFIX: /* struct if_nat64req */
+ error = ifnet_get_nat64prefix(ifp, ifnat64->ifnat64_prefixes);
+ if (error != 0)
+ ip6stat.ip6s_clat464_plat64_pfx_getfail++;
+ break;
+
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_clat46addr(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ struct if_clat46req *ifclat46 = (struct if_clat46req *)(void *)data;
+ struct in6_ifaddr *ia6_clat = NULL;
+ int error = 0;
+
+ VERIFY(ifp != NULL);
+
+ switch (cmd) {
+ case SIOCGIFCLAT46ADDR:
+ ia6_clat = in6ifa_ifpwithflag(ifp, IN6_IFF_CLAT46);
+ if (ia6_clat == NULL) {
+ error = ENOENT;
+ break;
+ }
+
+ bcopy(&ia6_clat->ia_addr.sin6_addr, &ifclat46->ifclat46_addr.v6_address,
+ sizeof(ifclat46->ifclat46_addr.v6_address));
+ ifclat46->ifclat46_addr.v6_prefixlen = ia6_clat->ia_plen;
+ IFA_REMREF(&ia6_clat->ia_ifa);
+ break;
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+#endif
+
+
+static int
+ifioctl_get_protolist(struct ifnet *ifp, u_int32_t * ret_count,
+ user_addr_t ifpl)
+{
+ u_int32_t actual_count;
+ u_int32_t count;
+ int error = 0;
+ u_int32_t *list = NULL;
+
+ /* find out how many */
+ count = if_get_protolist(ifp, NULL, 0);
+ if (ifpl == USER_ADDR_NULL) {
+ goto done;
+ }
+
+ /* copy out how many there's space for */
+ if (*ret_count < count) {
+ count = *ret_count;
+ }
+ if (count == 0) {
+ goto done;
+ }
+ list = _MALLOC(count * sizeof(*list), M_TEMP, M_WAITOK | M_ZERO);
+ if (list == NULL) {
+ error = ENOMEM;
+ goto done;
+ }
+ actual_count = if_get_protolist(ifp, list, count);
+ if (actual_count < count) {
+ count = actual_count;
+ }
+ if (count != 0) {
+ error = copyout((caddr_t)list, ifpl, count * sizeof(*list));
+ }
+
+ done:
+ if (list != NULL) {
+ if_free_protolist(list);
+ }
+ *ret_count = count;
+ return (error);
+}
+
+static __attribute__((noinline)) int
+ifioctl_protolist(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
+ int error = 0;
+
+ switch (cmd) {
+ case SIOCGIFPROTOLIST32: { /* struct if_protolistreq32 */
+ struct if_protolistreq32 ifpl;
+
+ bcopy(data, &ifpl, sizeof(ifpl));
+ if (ifpl.ifpl_reserved != 0) {
+ error = EINVAL;
+ break;
+ }
+ error = ifioctl_get_protolist(ifp, &ifpl.ifpl_count,
+ CAST_USER_ADDR_T(ifpl.ifpl_list));
+ bcopy(&ifpl, data, sizeof(ifpl));
+ break;
+ }
+ case SIOCGIFPROTOLIST64: { /* struct if_protolistreq64 */
+ struct if_protolistreq64 ifpl;
+
+ bcopy(data, &ifpl, sizeof(ifpl));
+ if (ifpl.ifpl_reserved != 0) {
+ error = EINVAL;
+ break;
+ }
+ error = ifioctl_get_protolist(ifp, &ifpl.ifpl_count,
+ ifpl.ifpl_list);
+ bcopy(&ifpl, data, sizeof(ifpl));
+ break;
+ }
+ default:
+ VERIFY(0);
+ /* NOTREACHED */
+ }
+
+ return (error);
+}
+
+/*
+ * List the ioctl()s we can perform on restricted INTCOPROC interfaces.
+ */
+static bool
+ifioctl_restrict_intcoproc(unsigned long cmd, const char *ifname,
+ struct ifnet *ifp, struct proc *p)
+{
+
+ if (intcoproc_unrestricted == TRUE) {
+ return (false);
+ }
+ if (proc_pid(p) == 0) {
+ return (false);
+ }
+ if (ifname) {
+ ifp = ifunit(ifname);
+ }
+ if (ifp == NULL) {
+ return (false);
+ }
+ if (!IFNET_IS_INTCOPROC(ifp)) {
+ return (false);
+ }
+ switch (cmd) {
+ case SIOCGIFBRDADDR:
+ case SIOCGIFCONF32:
+ case SIOCGIFCONF64:
+ case SIOCGIFFLAGS:
+ case SIOCGIFEFLAGS:
+ case SIOCGIFCAP:
+ case SIOCGIFMAC:
+ case SIOCGIFMETRIC:
+ case SIOCGIFMTU:
+ case SIOCGIFPHYS:
+ case SIOCGIFTYPE:
+ case SIOCGIFFUNCTIONALTYPE:
+ case SIOCGIFPSRCADDR:
+ case SIOCGIFPDSTADDR:
+ case SIOCGIFGENERIC:
+ case SIOCGIFDEVMTU:
+ case SIOCGIFVLAN:
+ case SIOCGIFBOND:
+ case SIOCGIFWAKEFLAGS:
+ case SIOCGIFGETRTREFCNT:
+ case SIOCGIFOPPORTUNISTIC:
+ case SIOCGIFLINKQUALITYMETRIC:
+ case SIOCGIFLOG:
+ case SIOCGIFDELEGATE:
+ case SIOCGIFEXPENSIVE:
+ case SIOCGIFINTERFACESTATE:
+ case SIOCGIFPROBECONNECTIVITY:
+ case SIOCGIFTIMESTAMPENABLED:
+ case SIOCGECNMODE:
+ case SIOCGQOSMARKINGMODE:
+ case SIOCGQOSMARKINGENABLED:
+ case SIOCGIFLOWINTERNET:
+ case SIOCGIFSTATUS:
+ case SIOCGIFMEDIA32:
+ case SIOCGIFMEDIA64:
+ case SIOCGIFDESC:
+ case SIOCGIFLINKPARAMS:
+ case SIOCGIFQUEUESTATS:
+ case SIOCGIFTHROTTLE:
+ case SIOCGIFAGENTIDS32:
+ case SIOCGIFAGENTIDS64:
+ case SIOCGIFNETSIGNATURE:
+ case SIOCGIFINFO_IN6:
+ case SIOCGIFAFLAG_IN6:
+ case SIOCGNBRINFO_IN6:
+ case SIOCGIFALIFETIME_IN6:
+ case SIOCGIFNETMASK_IN6:
+ case SIOCGIFPROTOLIST32:
+ case SIOCGIFPROTOLIST64:
+ return (false);
+ default:
+#if (DEBUG || DEVELOPMENT)
+ printf("%s: cmd 0x%lx not allowed (pid %u)\n",
+ __func__, cmd, proc_pid(p));
+#endif
+ return (true);
+ }
+ return (false);
+}
+
+/*
+ * Interface ioctls.
+ *
+ * Most of the routines called to handle the ioctls would end up being
+ * tail-call optimized, which unfortunately causes this routine to
+ * consume too much stack space; this is the reason for the "noinline"
+ * attribute used on those routines.
+ */
+int
+ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p)
+{
+ char ifname[IFNAMSIZ + 1];
+ struct ifnet *ifp = NULL;
+ struct ifstat *ifs = NULL;
+ int error = 0;
+
+ bzero(ifname, sizeof (ifname));
+
+ /*
+ * ioctls which don't require ifp, or ifreq ioctls
+ */
+ switch (cmd) {
+ case OSIOCGIFCONF32: /* struct ifconf32 */
+ case SIOCGIFCONF32: /* struct ifconf32 */
+ case SIOCGIFCONF64: /* struct ifconf64 */
+ case OSIOCGIFCONF64: /* struct ifconf64 */
+ error = ifioctl_ifconf(cmd, data);
+ goto done;
+
+ case SIOCIFGCLONERS32: /* struct if_clonereq32 */
+ case SIOCIFGCLONERS64: /* struct if_clonereq64 */
+ error = ifioctl_ifclone(cmd, data);
+ goto done;
+
+ case SIOCGIFAGENTDATA32: /* struct netagent_req32 */
+ case SIOCGIFAGENTDATA64: /* struct netagent_req64 */
+ case SIOCGIFAGENTLIST32: /* struct netagentlist_req32 */
+ case SIOCGIFAGENTLIST64: /* struct netagentlist_req64 */
+ error = netagent_ioctl(cmd, data);
+ goto done;
+
+ case SIOCSIFORDER: /* struct if_order */
+ error = ifioctl_iforder(cmd, data);
+ goto done;
+
+ case SIOCSIFDSTADDR: /* struct ifreq */
+ case SIOCSIFADDR: /* struct ifreq */
+ case SIOCSIFBRDADDR: /* struct ifreq */
+ case SIOCSIFNETMASK: /* struct ifreq */
+ case OSIOCGIFADDR: /* struct ifreq */
+ case OSIOCGIFDSTADDR: /* struct ifreq */
+ case OSIOCGIFBRDADDR: /* struct ifreq */
+ case OSIOCGIFNETMASK: /* struct ifreq */
+ case SIOCSIFKPI: /* struct ifreq */
+ if (so->so_proto == NULL) {
+ error = EOPNOTSUPP;
+ goto done;
+ }
+ /* FALLTHRU */
+ case SIOCIFCREATE: /* struct ifreq */
+ case SIOCIFCREATE2: /* struct ifreq */
+ case SIOCIFDESTROY: /* struct ifreq */
+ case SIOCGIFFLAGS: /* struct ifreq */
+ case SIOCGIFEFLAGS: /* struct ifreq */
+ case SIOCGIFCAP: /* struct ifreq */
+#if CONFIG_MACF_NET
+ case SIOCGIFMAC: /* struct ifreq */
+ case SIOCSIFMAC: /* struct ifreq */
+#endif /* CONFIG_MACF_NET */
+ case SIOCGIFMETRIC: /* struct ifreq */
+ case SIOCGIFMTU: /* struct ifreq */
+ case SIOCGIFPHYS: /* struct ifreq */
+ case SIOCSIFFLAGS: /* struct ifreq */
+ case SIOCSIFCAP: /* struct ifreq */
+ case SIOCSIFMETRIC: /* struct ifreq */
+ case SIOCSIFPHYS: /* struct ifreq */
+ case SIOCSIFMTU: /* struct ifreq */
+ case SIOCADDMULTI: /* struct ifreq */
+ case SIOCDELMULTI: /* struct ifreq */
+ case SIOCDIFPHYADDR: /* struct ifreq */
+ case SIOCSIFMEDIA: /* struct ifreq */
+ case SIOCSIFGENERIC: /* struct ifreq */
+ case SIOCSIFLLADDR: /* struct ifreq */
+ case SIOCSIFALTMTU: /* struct ifreq */
+ case SIOCSIFVLAN: /* struct ifreq */
+ case SIOCSIFBOND: /* struct ifreq */
+ case SIOCGIFLLADDR: /* struct ifreq */
+ case SIOCGIFTYPE: /* struct ifreq */
+ case SIOCGIFFUNCTIONALTYPE: /* struct ifreq */
+ case SIOCGIFPSRCADDR: /* struct ifreq */
+ case SIOCGIFPDSTADDR: /* struct ifreq */
+ case SIOCGIFGENERIC: /* struct ifreq */
+ case SIOCGIFDEVMTU: /* struct ifreq */
+ case SIOCGIFVLAN: /* struct ifreq */
+ case SIOCGIFBOND: /* struct ifreq */
+ case SIOCGIFWAKEFLAGS: /* struct ifreq */
+ case SIOCGIFGETRTREFCNT: /* struct ifreq */
+ case SIOCSIFOPPORTUNISTIC: /* struct ifreq */
+ case SIOCGIFOPPORTUNISTIC: /* struct ifreq */
+ case SIOCGIFLINKQUALITYMETRIC: /* struct ifreq */
+ case SIOCSIFLOG: /* struct ifreq */
+ case SIOCGIFLOG: /* struct ifreq */
+ case SIOCGIFDELEGATE: /* struct ifreq */
+ case SIOCGIFEXPENSIVE: /* struct ifreq */
+ case SIOCSIFEXPENSIVE: /* struct ifreq */
+ case SIOCSIF2KCL: /* struct ifreq */
+ case SIOCGIF2KCL: /* struct ifreq */
+ case SIOCSIFINTERFACESTATE: /* struct ifreq */
+ case SIOCGIFINTERFACESTATE: /* struct ifreq */
+ case SIOCSIFPROBECONNECTIVITY: /* struct ifreq */
+ case SIOCGIFPROBECONNECTIVITY: /* struct ifreq */
+ case SIOCGSTARTDELAY: /* struct ifreq */
+ case SIOCSIFTIMESTAMPENABLE: /* struct ifreq */
+ case SIOCSIFTIMESTAMPDISABLE: /* struct ifreq */
+ case SIOCGIFTIMESTAMPENABLED: /* struct ifreq */
+#if (DEBUG || DEVELOPMENT)
+ case SIOCSIFDISABLEOUTPUT: /* struct ifreq */
+#endif /* (DEBUG || DEVELOPMENT) */
+ case SIOCGECNMODE: /* struct ifreq */
+ case SIOCSECNMODE:
+ case SIOCSQOSMARKINGMODE: /* struct ifreq */
+ case SIOCSQOSMARKINGENABLED: /* struct ifreq */
+ case SIOCGQOSMARKINGMODE: /* struct ifreq */
+ case SIOCGQOSMARKINGENABLED: /* struct ifreq */
+ case SIOCSIFLOWINTERNET: /* struct ifreq */
+ case SIOCGIFLOWINTERNET: /* struct ifreq */
+ case SIOCGIFLOWPOWER: /* struct ifreq */
+ case SIOCSIFLOWPOWER: /* struct ifreq */
+ { /* struct ifreq */
+ struct ifreq ifr;
+ bcopy(data, &ifr, sizeof (ifr));
+ ifr.ifr_name[IFNAMSIZ - 1] = '\0';
+ bcopy(&ifr.ifr_name, ifname, IFNAMSIZ);
+ if (ifioctl_restrict_intcoproc(cmd, ifname, NULL, p) == true) {
+ error = EPERM;
+ goto done;
+ }
+ error = ifioctl_ifreq(so, cmd, &ifr, p);
+ bcopy(&ifr, data, sizeof (ifr));
+ goto done;
+ }
+ }
+
+ /*
+ * ioctls which require ifp. Note that we acquire dlil_ifnet_lock
+ * here to ensure that the ifnet, if found, has been fully attached.
+ */
+ dlil_if_lock();
+ switch (cmd) {
+ case SIOCSIFPHYADDR: /* struct {if,in_}aliasreq */
+ bcopy(((struct in_aliasreq *)(void *)data)->ifra_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+#if INET6
+ case SIOCSIFPHYADDR_IN6_32: /* struct in6_aliasreq_32 */
+ bcopy(((struct in6_aliasreq_32 *)(void *)data)->ifra_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCSIFPHYADDR_IN6_64: /* struct in6_aliasreq_64 */
+ bcopy(((struct in6_aliasreq_64 *)(void *)data)->ifra_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+#endif /* INET6 */
+
+ case SIOCGIFSTATUS: /* struct ifstat */
+ ifs = _MALLOC(sizeof (*ifs), M_DEVBUF, M_WAITOK);
+ if (ifs == NULL) {
+ error = ENOMEM;
+ dlil_if_unlock();
+ goto done;
+ }
+ bcopy(data, ifs, sizeof (*ifs));
+ ifs->ifs_name[IFNAMSIZ - 1] = '\0';
+ bcopy(ifs->ifs_name, ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCGIFMEDIA32: /* struct ifmediareq32 */
+ bcopy(((struct ifmediareq32 *)(void *)data)->ifm_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCGIFMEDIA64: /* struct ifmediareq64 */
+ bcopy(((struct ifmediareq64 *)(void *)data)->ifm_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCSIFDESC: /* struct if_descreq */
+ case SIOCGIFDESC: /* struct if_descreq */
+ bcopy(((struct if_descreq *)(void *)data)->ifdr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCSIFLINKPARAMS: /* struct if_linkparamsreq */
+ case SIOCGIFLINKPARAMS: /* struct if_linkparamsreq */
+ bcopy(((struct if_linkparamsreq *)(void *)data)->iflpr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCGIFQUEUESTATS: /* struct if_qstatsreq */
+ bcopy(((struct if_qstatsreq *)(void *)data)->ifqr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCSIFTHROTTLE: /* struct if_throttlereq */
+ case SIOCGIFTHROTTLE: /* struct if_throttlereq */
+ bcopy(((struct if_throttlereq *)(void *)data)->ifthr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCAIFAGENTID: /* struct if_agentidreq */
+ case SIOCDIFAGENTID: /* struct if_agentidreq */
+ case SIOCGIFAGENTIDS32: /* struct if_agentidsreq32 */
+ case SIOCGIFAGENTIDS64: /* struct if_agentidsreq64 */
+ bcopy(((struct if_agentidreq *)(void *)data)->ifar_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCSIFNETSIGNATURE: /* struct if_nsreq */
+ case SIOCGIFNETSIGNATURE: /* struct if_nsreq */
+ bcopy(((struct if_nsreq *)(void *)data)->ifnsr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+
+ case SIOCGIFPROTOLIST32: /* struct if_protolistreq32 */
+ case SIOCGIFPROTOLIST64: /* struct if_protolistreq64 */
+ bcopy(((struct if_protolistreq *)(void *)data)->ifpl_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
+ default:
+ /*
+ * This is a bad assumption, but the code seems to
+ * have been doing this in the past; caveat emptor.
+ */
+ bcopy(((struct ifreq *)(void *)data)->ifr_name,
+ ifname, IFNAMSIZ);
+ ifp = ifunit(ifname);
+ break;
projects / apple / xnu.git / blobdiff