]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/ip_divert.c
xnu-2050.7.9.tar.gz
[apple/xnu.git] / bsd / netinet / ip_divert.c
index f685060e55231ee6bb3fe8989cbfb70e004d4875..1af24caecc1e79be52ba72a02df81e4161e8b694 100644 (file)
@@ -1,14 +1,19 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ * 
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * 
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
@@ -18,7 +23,7 @@
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * Copyright (c) 1982, 1986, 1988, 1993
@@ -55,7 +60,7 @@
  * $FreeBSD: src/sys/netinet/ip_divert.c,v 1.98 2004/08/17 22:05:54 andre Exp $
  */
 
-#ifndef INET
+#if !INET
 #error "IPDIVERT requires INET."
 #endif
 
 #include <sys/systm.h>
 #include <sys/proc.h>
 
+#include <machine/endian.h>
 
 #include <net/if.h>
 #include <net/route.h>
+#include <net/kpi_protocol.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -85,6 +92,7 @@
 #include <netinet/ip_divert.h>
 
 #include <kern/zalloc.h>
+#include <libkern/OSAtomic.h>
 
 /*
  * Divert sockets
 static struct inpcbhead divcb;
 static struct inpcbinfo divcbinfo;
 
-static u_long  div_sendspace = DIVSNDQ;        /* XXX sysctl ? */
-static u_long  div_recvspace = DIVRCVQ;        /* XXX sysctl ? */
+static u_int32_t       div_sendspace = DIVSNDQ;        /* XXX sysctl ? */
+static u_int32_t       div_recvspace = DIVRCVQ;        /* XXX sysctl ? */
 
 /* Optimization: have this preinitialized */
-static struct sockaddr_in divsrc = { sizeof(divsrc), AF_INET,  };
+static struct sockaddr_in divsrc = { sizeof(divsrc), AF_INET, 0, { 0 }, { 0,0,0,0,0,0,0,0 } };
 
 /* Internal functions */
 static int div_output(struct socket *so,
@@ -165,14 +173,15 @@ div_init(void)
         * allocate the lock attribute for divert pcb mutexes
         */
        pcbinfo->mtx_attr = lck_attr_alloc_init();
-       lck_attr_setdefault(pcbinfo->mtx_attr);
 
        if ((pcbinfo->mtx = lck_rw_alloc_init(pcbinfo->mtx_grp, pcbinfo->mtx_attr)) == NULL)
                return; /* pretty much dead if this fails... */
 
+#if IPFIREWALL
        if (!IPFW_LOADED) {
                load_ipfw();
        }
+#endif
 }
 
 /*
@@ -182,7 +191,7 @@ div_init(void)
 void
 div_input(struct mbuf *m, __unused int off)
 {
-       ipstat.ips_noproto++;
+       OSAddAtomic(1, &ipstat.ips_noproto);
        m_freem(m);
 }
 
@@ -227,12 +236,14 @@ divert_packet(struct mbuf *m, int incoming, int port, int rule)
                /* Find IP address for receive interface */
                ifnet_lock_shared(m->m_pkthdr.rcvif);
                TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
-                       if (ifa->ifa_addr == NULL)
-                               continue;
-                       if (ifa->ifa_addr->sa_family != AF_INET)
+                       IFA_LOCK(ifa);
+                       if (ifa->ifa_addr->sa_family != AF_INET) {
+                               IFA_UNLOCK(ifa);
                                continue;
+                       }
                        divsrc.sin_addr =
-                           ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
+                           ((struct sockaddr_in *)(void *) ifa->ifa_addr)->sin_addr;
+                       IFA_UNLOCK(ifa);
                        break;
                }
                ifnet_lock_done(m->m_pkthdr.rcvif);
@@ -283,8 +294,8 @@ divert_packet(struct mbuf *m, int incoming, int port, int rule)
                socket_unlock(sa, 1);
        } else {
                m_freem(m);
-               ipstat.ips_noproto++;
-               ipstat.ips_delivered--;
+               OSAddAtomic(1, &ipstat.ips_noproto);
+               OSAddAtomic(-1, &ipstat.ips_delivered);
         }
        lck_rw_done(divcbinfo.mtx);     
 }
@@ -298,20 +309,20 @@ divert_packet(struct mbuf *m, int incoming, int port, int rule)
  * ###LOCK  called in inet_proto mutex when from div_send. 
  */
 static int
-div_output(so, m, addr, control)
-       struct socket *so;
-       register struct mbuf *m;
-       struct sockaddr *addr;
-       struct mbuf *control;
+div_output(struct socket *so, struct mbuf *m, struct sockaddr *addr,
+          struct mbuf *control)
 {
-       register struct inpcb *const inp = sotoinpcb(so);
-       register struct ip *const ip = mtod(m, struct ip *);
-       struct sockaddr_in *sin = (struct sockaddr_in *)addr;
+       struct inpcb *const inp = sotoinpcb(so);
+       struct ip *const ip = mtod(m, struct ip *);
+       struct sockaddr_in *sin = (struct sockaddr_in *)(void *)addr;
        int error = 0;
+       mbuf_svc_class_t msc = MBUF_SC_UNSPEC;
 
-       if (control)
-               m_freem(control);               /* XXX */
+       if (control != NULL) {
+               msc = mbuf_service_class_from_control(control);
 
+               m_freem(control);               /* XXX */
+       }
        /* Loopback avoidance and state recovery */
        if (sin) {
                struct m_tag *mtag;
@@ -319,8 +330,8 @@ div_output(so, m, addr, control)
                int     len = 0;
                char    *c = sin->sin_zero;
 
-               mtag = m_tag_alloc(KERNEL_MODULE_TAG_ID, KERNEL_TAG_TYPE_DIVERT,
-                               sizeof(struct divert_tag), M_NOWAIT);
+               mtag = m_tag_create(KERNEL_MODULE_TAG_ID, KERNEL_TAG_TYPE_DIVERT,
+                               sizeof(struct divert_tag), M_NOWAIT, m);
                if (mtag == NULL) {
                        error = ENOBUFS;
                        goto cantsend;
@@ -346,6 +357,11 @@ div_output(so, m, addr, control)
 
        /* Reinject packet into the system as incoming or outgoing */
        if (!sin || sin->sin_addr.s_addr == 0) {
+               struct ip_out_args ipoa =
+                   { IFSCOPE_NONE, { 0 }, IPOAF_SELECT_SRCIF };
+               struct route ro;
+               struct ip_moptions *imo;
+
                /*
                 * Don't allow both user specified and setsockopt options,
                 * and don't allow packet length sizes that will crash
@@ -357,18 +373,35 @@ div_output(so, m, addr, control)
                }
 
                /* Convert fields to host order for ip_output() */
+#if BYTE_ORDER != BIG_ENDIAN
                NTOHS(ip->ip_len);
                NTOHS(ip->ip_off);
+#endif
 
-               /* Send packet to output processing */
-               ipstat.ips_rawout++;                    /* XXX */
+               OSAddAtomic(1, &ipstat.ips_rawout);
+               /* Copy the cached route and take an extra reference */
+               inp_route_copyout(inp, &ro);
+
+               set_packet_service_class(m, so, msc, 0);
+
+               imo = inp->inp_moptions;
+               if (imo != NULL)
+                       IMO_ADDREF(imo);
                socket_unlock(so, 0);
-               error = ip_output(m,
-                           inp->inp_options, &inp->inp_route,
+#if CONFIG_MACF_NET
+               mac_mbuf_label_associate_inpcb(inp, m);
+#endif
+               /* Send packet to output processing */
+               error = ip_output(m, inp->inp_options, &ro,
                        (so->so_options & SO_DONTROUTE) |
-                       IP_ALLOWBROADCAST | IP_RAWOUTPUT,
-                       inp->inp_moptions);
+                       IP_ALLOWBROADCAST | IP_RAWOUTPUT | IP_OUTARGS,
+                       imo, &ipoa);
+
                socket_lock(so, 0);
+               if (imo != NULL)
+                       IMO_REMREF(imo);
+               /* Synchronize cached PCB route */
+               inp_route_copyin(inp, &ro);
        } else {
                struct  ifaddr *ifa;
 
@@ -387,32 +420,11 @@ div_output(so, m, addr, control)
                                goto cantsend;
                        }
                        m->m_pkthdr.rcvif = ifa->ifa_ifp;
-                       ifafree(ifa);
-               }
-               
-               if ((~IF_HWASSIST_CSUM_FLAGS(m->m_pkthdr.rcvif->if_hwassist) & 
-                               m->m_pkthdr.csum_flags) == 0) {
-                       if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
-                               m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
-                       }
-                       m->m_pkthdr.csum_flags |=
-                               CSUM_DATA_VALID | CSUM_PSEUDO_HDR |
-                               CSUM_IP_CHECKED | CSUM_IP_VALID;
-                       m->m_pkthdr.csum_data = 0xffff;
+                       IFA_REMREF(ifa);
                }
-               else if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
-                       int     hlen;
-                       
-#ifdef _IP_VHL
-                       hlen = IP_VHL_HL(ip->ip_vhl) << 2;
-#else
-                       hlen = ip->ip_hl << 2;
+#if CONFIG_MACF_NET
+               mac_mbuf_label_associate_socket(so, m);
 #endif
-                       in_delayed_cksum(m);
-                       m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
-                       ip->ip_sum = in_cksum(m, hlen);
-               }
-
                /* Send packet to input processing */
                proto_inject(PF_INET, m);
        }
@@ -434,7 +446,7 @@ div_attach(struct socket *so, int proto, struct proc *p)
        inp  = sotoinpcb(so);
        if (inp)
                panic("div_attach");
-       if (p && (error = proc_suser(p)) != 0)
+       if ((error = proc_suser(p)) != 0)
                return error;
 
        error = soreserve(so, div_sendspace, div_recvspace);
@@ -452,8 +464,8 @@ div_attach(struct socket *so, int proto, struct proc *p)
        so->so_state |= SS_ISCONNECTED;
 
 #ifdef MORE_DICVLOCK_DEBUG
-       printf("div_attach: so=%x sopcb=%x lock=%x ref=%x\n",
-                       so, so->so_pcb, ((struct inpcb *)so->so_pcb)->inpcb_mtx, so->so_usecount);
+       printf("div_attach: so=%p sopcb=%p lock=%x ref=%x\n",
+                       so, so->so_pcb, &(((struct inpcb *)so->so_pcb)->inpcb_mtx), so->so_usecount);
 #endif
        return 0;
 }
@@ -464,12 +476,12 @@ div_detach(struct socket *so)
        struct inpcb *inp;
 
 #ifdef MORE_DICVLOCK_DEBUG
-       printf("div_detach: so=%x sopcb=%x lock=%x ref=%x\n",
-                       so, so->so_pcb, ((struct inpcb *)so->so_pcb)->inpcb_mtx, so->so_usecount);
+       printf("div_detach: so=%p sopcb=%p lock=%x ref=%x\n",
+                       so, so->so_pcb, &(((struct inpcb *)so->so_pcb)->inpcb_mtx), so->so_usecount);
 #endif
        inp = sotoinpcb(so);
        if (inp == 0)
-               panic("div_detach: so=%x null inp\n", so);
+               panic("div_detach: so=%p null inp\n", so);
        in_pcbdetach(inp);
        inp->inp_state = INPCB_STATE_DEAD;
        return 0;
@@ -507,7 +519,7 @@ div_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
        if (nam->sa_family != AF_INET) {
                error = EAFNOSUPPORT;
        } else {
-               ((struct sockaddr_in *)nam)->sin_addr.s_addr = INADDR_ANY;
+               ((struct sockaddr_in *)(void *)nam)->sin_addr.s_addr = INADDR_ANY;
                error = in_pcbbind(inp, nam, p);
        }
        return error;
@@ -527,7 +539,7 @@ div_send(struct socket *so, __unused int flags, struct mbuf *m, struct sockaddr
        /* Packet must have a header (but that's about it) */
        if (m->m_len < sizeof (struct ip) &&
            (m = m_pullup(m, sizeof (struct ip))) == 0) {
-               ipstat.ips_toosmall++;
+               OSAddAtomic(1, &ipstat.ips_toosmall);
                m_freem(m);
                return EINVAL;
        }
@@ -536,9 +548,11 @@ div_send(struct socket *so, __unused int flags, struct mbuf *m, struct sockaddr
        return div_output(so, m, nam, control);
 }
 
+#if 0
 static int
 div_pcblist SYSCTL_HANDLER_ARGS
 {
+#pragma unused(oidp, arg1, arg2)
        int error, i, n;
        struct inpcb *inp, **inp_list;
        inp_gen_t gencnt;
@@ -630,86 +644,92 @@ div_pcblist SYSCTL_HANDLER_ARGS
        lck_rw_done(divcbinfo.mtx);
        return error;
 }
+#endif
 
 __private_extern__ int
-div_lock(struct socket *so, int refcount, int lr)
- {
-       int lr_saved;
-#ifdef __ppc__
-       if (lr == 0) {
-                       __asm__ volatile("mflr %0" : "=r" (lr_saved));
-       }
-       else lr_saved = lr;
-#endif
-       
+div_lock(struct socket *so, int refcount, void *lr)
+{
+       void *lr_saved;
+
+       if (lr == NULL)
+               lr_saved = __builtin_return_address(0);
+       else
+               lr_saved = lr;
+
 #ifdef MORE_DICVLOCK_DEBUG
-       printf("div_lock: so=%x sopcb=%x lock=%x ref=%x lr=%x\n",
-                       so, 
-                       so->so_pcb, 
-                       so->so_pcb ? ((struct inpcb *)so->so_pcb)->inpcb_mtx : 0, 
-                       so->so_usecount, 
-                       lr_saved);
+       printf("div_lock: so=%p sopcb=%p lock=%p ref=%x lr=%p\n",
+           so, so->so_pcb, so->so_pcb ?
+           &(((struct inpcb *)so->so_pcb)->inpcb_mtx) : NULL,
+           so->so_usecount, lr_saved);
 #endif
        if (so->so_pcb) {
-               lck_mtx_lock(((struct inpcb *)so->so_pcb)->inpcb_mtx);
+               lck_mtx_lock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
        } else  {
-               panic("div_lock: so=%x NO PCB! lr=%x\n", so, lr_saved);
-               lck_mtx_lock(so->so_proto->pr_domain->dom_mtx);
+               panic("div_lock: so=%p NO PCB! lr=%p lrh= lrh= %s\n", 
+                   so, lr_saved, solockhistory_nr(so));
+               /* NOTREACHED */
        }
-       
-       if (so->so_usecount < 0)
-               panic("div_lock: so=%x so_pcb=%x lr=%x ref=%x\n",
-               so, so->so_pcb, lr_saved, so->so_usecount);
-       
+
+       if (so->so_usecount < 0) {
+               panic("div_lock: so=%p so_pcb=%p lr=%p ref=%x lrh= %s\n",
+                   so, so->so_pcb, lr_saved, so->so_usecount,
+                   solockhistory_nr(so));
+               /* NOTREACHED */
+       }
+
        if (refcount)
                so->so_usecount++;
-       so->reserved3 = (void *)lr_saved;
+       so->lock_lr[so->next_lock_lr] = lr_saved;
+       so->next_lock_lr = (so->next_lock_lr+1) % SO_LCKDBG_MAX;
 
        return (0);
 }
 
 __private_extern__ int
-div_unlock(struct socket *so, int refcount, int lr)
+div_unlock(struct socket *so, int refcount, void *lr)
 {
-       int lr_saved;
+       void *lr_saved;
        lck_mtx_t * mutex_held;
-       struct inpcb *inp = sotoinpcb(so);      
-#ifdef __ppc__
-       if (lr == 0) {
-               __asm__ volatile("mflr %0" : "=r" (lr_saved));
-       }
-       else lr_saved = lr;
-#endif
-       
+       struct inpcb *inp = sotoinpcb(so);
+
+       if (lr == NULL)
+               lr_saved = __builtin_return_address(0);
+       else
+               lr_saved = lr;
+
 #ifdef MORE_DICVLOCK_DEBUG
-       printf("div_unlock: so=%x sopcb=%x lock=%x ref=%x lr=%x\n",
-                       so, 
-                       so->so_pcb, 
-                       so->so_pcb ? ((struct inpcb *)so->so_pcb)->inpcb_mtx : 0, 
-                       so->so_usecount, 
-                       lr_saved);
+       printf("div_unlock: so=%p sopcb=%p lock=%p ref=%x lr=%p\n",
+           so, so->so_pcb, so->so_pcb ?
+           &(((struct inpcb *)so->so_pcb)->inpcb_mtx) : NULL,
+           so->so_usecount, lr_saved);
 #endif
        if (refcount)
                so->so_usecount--;
-       
-       if (so->so_usecount < 0)
-               panic("div_unlock: so=%x usecount=%x\n", so, so->so_usecount);
+
+       if (so->so_usecount < 0) {
+               panic("div_unlock: so=%p usecount=%x lrh= %s\n", 
+                   so, so->so_usecount, solockhistory_nr(so));
+               /* NOTREACHED */
+       }
        if (so->so_pcb == NULL) {
-               panic("div_unlock: so=%x NO PCB usecount=%x lr=%x\n", so, so->so_usecount, lr_saved);
-               mutex_held = so->so_proto->pr_domain->dom_mtx;
-       } else {
-               mutex_held = ((struct inpcb *)so->so_pcb)->inpcb_mtx;
+               panic("div_unlock: so=%p NO PCB usecount=%x lr=%p lrh= %s\n",
+                   so, so->so_usecount, lr_saved, solockhistory_nr(so));
+               /* NOTREACHED */
        }
+       mutex_held = &((struct inpcb *)so->so_pcb)->inpcb_mtx;
 
        if (so->so_usecount == 0 && (inp->inp_wantcnt == WNT_STOPUSING)) {
                lck_rw_lock_exclusive(divcbinfo.mtx);
+               if (inp->inp_state != INPCB_STATE_DEAD)
+                       in_pcbdetach(inp);
                in_pcbdispose(inp);
                lck_rw_done(divcbinfo.mtx);
                return (0);
        }
        lck_mtx_assert(mutex_held, LCK_MTX_ASSERT_OWNED);
+       so->unlock_lr[so->next_unlock_lr] = lr_saved;
+       so->next_unlock_lr = (so->next_unlock_lr+1) % SO_LCKDBG_MAX;
        lck_mtx_unlock(mutex_held);
-       so->reserved4 = (void *)lr_saved;
        return (0);
 }
 
@@ -720,10 +740,12 @@ div_getlock(struct socket *so, __unused int locktype)
        
        if (so->so_pcb)  {
                if (so->so_usecount < 0)
-                       panic("div_getlock: so=%x usecount=%x\n", so, so->so_usecount);
-               return(inpcb->inpcb_mtx);
+                       panic("div_getlock: so=%p usecount=%x lrh= %s\n", 
+                           so, so->so_usecount, solockhistory_nr(so));
+               return(&inpcb->inpcb_mtx);
        } else {
-               panic("div_getlock: so=%x NULL so_pcb\n", so);
+               panic("div_getlock: so=%p NULL NO PCB lrh= %s\n", 
+                   so, solockhistory_nr(so));
                return (so->so_proto->pr_domain->dom_mtx);
        }
 }