X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/eb6b6ca394357805f2bdba989abae309f718b4d8..f427ee49d309d8fc33ebf3042c3a775f2f530ded:/bsd/netinet6/in6_proto.c

diff --git a/bsd/netinet6/in6_proto.c b/bsd/netinet6/in6_proto.c
index 7a1f23c44..6ee55d379 100644
--- a/bsd/netinet6/in6_proto.c
+++ b/bsd/netinet6/in6_proto.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (c) 2008-2020 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
@@ -130,19 +130,13 @@
 
 #if IPSEC
 #include <netinet6/ipsec.h>
-#if INET6
 #include <netinet6/ipsec6.h>
-#endif
 #include <netinet6/ah.h>
-#if INET6
 #include <netinet6/ah6.h>
-#endif
 #if IPSEC_ESP
 #include <netinet6/esp.h>
-#if INET6
 #include <netinet6/esp6.h>
 #endif
-#endif
 #endif /*IPSEC*/
 
 #include <netinet6/ip6protosw.h>
@@ -461,7 +455,7 @@ int     ip6_v6only = 0;         /* Mapped addresses off by default -  Radar 3347
 
 int     ip6_neighborgcthresh = 1024;    /* Threshold # of NDP entries for GC */
 int     ip6_maxifprefixes = 16;         /* Max acceptable prefixes via RA per IF */
-int     ip6_maxifdefrouters = 16;       /* Max acceptable def routers via RA */
+int     ip6_maxifdefrouters = 64;       /* Max acceptable default or RTI routers via RA */
 int     ip6_maxdynroutes = 1024;        /* Max # of routes created via redirect */
 int     ip6_only_allow_rfc4193_prefix = 0;      /* Only allow RFC4193 style Unique Local IPv6 Unicast prefixes */
 
@@ -526,20 +520,24 @@ sysctl_ip6_temppltime SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg2)
 	int error = 0;
-	int old;
+	int value = 0;
 
 	error = SYSCTL_OUT(req, arg1, sizeof(int));
 	if (error || !req->newptr) {
 		return error;
 	}
-	old = ip6_temp_preferred_lifetime;
-	error = SYSCTL_IN(req, arg1, sizeof(int));
-	if (ip6_temp_preferred_lifetime > ND6_MAX_LIFETIME ||
-	    ip6_temp_preferred_lifetime <
-	    ip6_desync_factor + ip6_temp_regen_advance) {
-		ip6_temp_preferred_lifetime = old;
+
+	error = SYSCTL_IN(req, &value, sizeof(value));
+	if (error) {
+		return error;
+	}
+
+	if (value > ND6_MAX_LIFETIME ||
+	    value < ip6_desync_factor + ip6_temp_regen_advance) {
 		return EINVAL;
 	}
+
+	ip6_temp_preferred_lifetime = value;
 	return error;
 }
 
@@ -548,22 +546,51 @@ sysctl_ip6_tempvltime SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg2)
 	int error = 0;
-	int old;
+	int value = 0;
 
 	error = SYSCTL_OUT(req, arg1, sizeof(int));
 	if (error || !req->newptr) {
 		return error;
 	}
-	old = ip6_temp_valid_lifetime;
-	error = SYSCTL_IN(req, arg1, sizeof(int));
-	if (ip6_temp_valid_lifetime > ND6_MAX_LIFETIME ||
-	    ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) {
-		ip6_temp_valid_lifetime = old;
+
+	error = SYSCTL_IN(req, &value, sizeof(value));
+	if (error) {
+		return error;
+	}
+
+	if (value > ND6_MAX_LIFETIME ||
+	    value < ip6_temp_preferred_lifetime) {
 		return EINVAL;
 	}
+
+	ip6_temp_valid_lifetime = value;
 	return error;
 }
 
+static int
+sysctl_ip6_cga_conflict_retries SYSCTL_HANDLER_ARGS
+{
+#pragma unused(oidp, arg2)
+	int error = 0;
+	int value = 0;
+
+	error = SYSCTL_OUT(req, arg1, sizeof(int));
+	if (error || !req->newptr) {
+		return error;
+	}
+
+	error = SYSCTL_IN(req, &value, sizeof(value));
+	if (error) {
+		return error;
+	}
+	if (value > IPV6_CGA_CONFLICT_RETRIES_MAX || value < 0) {
+		return EINVAL;
+	}
+
+	ip6_cga_conflict_retries = value;
+	return 0;
+}
+
 static int
 ip6_getstat SYSCTL_HANDLER_ARGS
 {
@@ -648,6 +675,55 @@ SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
 SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
     clat_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &clat_debug, 0, "");
 
+SYSCTL_PROC(_net_inet6_ip6, OID_AUTO,
+    cga_conflict_retries, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
+    &ip6_cga_conflict_retries, 0, sysctl_ip6_cga_conflict_retries, "IU", "");
+
+/*
+ * One single sysctl to set v6 stack profile for IPv6 compliance testing.
+ * A lot of compliance test suites are not aware of other enhancements in IPv6
+ * protocol and expect some arguably obsolete behavior.
+ */
+int v6_compliance_profile = 0;
+static int
+sysctl_set_v6_compliance_profile SYSCTL_HANDLER_ARGS
+{
+#pragma unused(oidp, arg2)
+	int changed, error;
+	int value = *(int *) arg1;
+
+	error = sysctl_io_number(req, value, sizeof(value), &value, &changed);
+	if (error || !changed) {
+		return error;
+	}
+
+	if (value != 0 && value != 1) {
+		return ERANGE;
+	}
+
+	if (value == 1) {
+		ip6_use_tempaddr = 0;
+		dad_enhanced = 0;
+		icmp6_rediraccept = 1;
+		nd6_optimistic_dad = 0;
+		nd6_process_rti = ND6_PROCESS_RTI_ENABLE;
+	} else {
+		ip6_use_tempaddr = IP6_USE_TMPADDR_DEFAULT;
+		dad_enhanced = ND6_DAD_ENHANCED_DEFAULT;
+		icmp6_rediraccept = ICMP6_REDIRACCEPT_DEFAULT;
+		nd6_optimistic_dad = ND6_OPTIMISTIC_DAD_DEFAULT;
+		nd6_process_rti = ND6_PROCESS_RTI_DEFAULT;
+	}
+
+	v6_compliance_profile = value;
+	return 0;
+}
+
+SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, compliance_profile,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
+    &v6_compliance_profile, 0, sysctl_set_v6_compliance_profile,
+    "I", "set IPv6 compliance profile");
+
 /* net.inet6.icmp6 */
 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
     rediraccept, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_rediraccept, 0, "");