1/* 2 * Copyright (c) 2003-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* 29 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 30 * All rights reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions 34 * are met: 35 * 1. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 2. Redistributions in binary form must reproduce the above copyright 38 * notice, this list of conditions and the following disclaimer in the 39 * documentation and/or other materials provided with the distribution. 40 * 3. Neither the name of the project nor the names of its contributors 41 * may be used to endorse or promote products derived from this software 42 * without specific prior written permission. 43 * 44 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 47 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 54 * SUCH DAMAGE. 55 * 56 */ 57 58/* 59 * Copyright (c) 1982, 1986, 1991, 1993 60 * The Regents of the University of California. All rights reserved. 61 * 62 * Redistribution and use in source and binary forms, with or without 63 * modification, are permitted provided that the following conditions 64 * are met: 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in the 69 * documentation and/or other materials provided with the distribution. 70 * 3. All advertising materials mentioning features or use of this software 71 * must display the following acknowledgement: 72 * This product includes software developed by the University of 73 * California, Berkeley and its contributors. 74 * 4. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 91 */ 92 93#include <sys/param.h> 94#include <sys/systm.h> 95#include <sys/malloc.h> 96#include <sys/mbuf.h> 97#include <sys/domain.h> 98#include <sys/protosw.h> 99#include <sys/socket.h> 100#include <sys/socketvar.h> 101#include <sys/sockio.h> 102#include <sys/errno.h> 103#include <sys/time.h> 104#include <sys/proc.h> 105#include <sys/kauth.h> 106#include <sys/priv.h> 107 108#include <net/if.h> 109#include <net/if_types.h> 110#include <net/route.h> 111#include <net/ntstat.h> 112 113#include <netinet/in.h> 114#include <netinet/in_var.h> 115#include <netinet/in_systm.h> 116#include <netinet/ip6.h> 117#include <netinet/ip_var.h> 118#include <netinet6/ip6_var.h> 119#include <netinet6/nd6.h> 120#include <netinet/in_pcb.h> 121#include <netinet6/in6_pcb.h> 122#include <net/if_types.h> 123#include <net/if_var.h> 124 125#include <kern/kern_types.h> 126#include <kern/zalloc.h> 127 128#if IPSEC 129#include <netinet6/ipsec.h> 130#if INET6 131#include <netinet6/ipsec6.h> 132#endif 133#include <netinet6/ah.h> 134#if INET6 135#include <netinet6/ah6.h> 136#endif 137#include <netkey/key.h> 138#endif /* IPSEC */ 139 140#if NECP 141#include <net/necp.h> 142#endif /* NECP */ 143 144/* 145 * in6_pcblookup_local_and_cleanup does everything 146 * in6_pcblookup_local does but it checks for a socket 147 * that's going away. Since we know that the lock is 148 * held read+write when this function is called, we 149 * can safely dispose of this socket like the slow 150 * timer would usually do and return NULL. This is 151 * great for bind. 152 */ 153static struct inpcb * 154in6_pcblookup_local_and_cleanup(struct inpcbinfo *pcbinfo, 155 struct in6_addr *laddr, u_int lport_arg, int wild_okay) 156{ 157 struct inpcb *inp; 158 159 /* Perform normal lookup */ 160 inp = in6_pcblookup_local(pcbinfo, laddr, lport_arg, wild_okay); 161 162 /* Check if we found a match but it's waiting to be disposed */ 163 if (inp != NULL && inp->inp_wantcnt == WNT_STOPUSING) { 164 struct socket *so = inp->inp_socket; 165 166 lck_mtx_lock(&inp->inpcb_mtx); 167 168 if (so->so_usecount == 0) { 169 if (inp->inp_state != INPCB_STATE_DEAD) 170 in6_pcbdetach(inp); 171 in_pcbdispose(inp); /* will unlock & destroy */ 172 inp = NULL; 173 } else { 174 lck_mtx_unlock(&inp->inpcb_mtx); 175 } 176 } 177 178 return (inp); 179} 180 181/* 182 * Bind an INPCB to an address and/or port. This routine should not alter 183 * the caller-supplied local address "nam". 184 */ 185int 186in6_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct proc *p) 187{ 188 struct socket *so = inp->inp_socket; 189 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 190 u_short lport = 0; 191 int wild = 0, reuseport = (so->so_options & SO_REUSEPORT); 192 struct ifnet *outif = NULL; 193 struct sockaddr_in6 sin6; 194 int error; 195 kauth_cred_t cred; 196 197 if (!in6_ifaddrs) /* XXX broken! */ 198 return (EADDRNOTAVAIL); 199 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) 200 return (EINVAL); 201 if (!(so->so_options & (SO_REUSEADDR|SO_REUSEPORT))) 202 wild = 1; 203 socket_unlock(so, 0); /* keep reference */ 204 lck_rw_lock_exclusive(pcbinfo->ipi_lock); 205 206 bzero(&sin6, sizeof (sin6)); 207 if (nam != NULL) { 208 if (nam->sa_len != sizeof (struct sockaddr_in6)) { 209 lck_rw_done(pcbinfo->ipi_lock); 210 socket_lock(so, 0); 211 return (EINVAL); 212 } 213 /* 214 * family check. 215 */ 216 if (nam->sa_family != AF_INET6) { 217 lck_rw_done(pcbinfo->ipi_lock); 218 socket_lock(so, 0); 219 return (EAFNOSUPPORT); 220 } 221 lport = SIN6(nam)->sin6_port; 222 223 *(&sin6) = *SIN6(nam); 224 225 /* KAME hack: embed scopeid */ 226 if (in6_embedscope(&sin6.sin6_addr, &sin6, inp, NULL, 227 NULL) != 0) { 228 lck_rw_done(pcbinfo->ipi_lock); 229 socket_lock(so, 0); 230 return (EINVAL); 231 } 232 233 /* Sanitize local copy for address searches */ 234 sin6.sin6_flowinfo = 0; 235 sin6.sin6_scope_id = 0; 236 sin6.sin6_port = 0; 237 238 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 239 /* 240 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 241 * allow compepte duplication of binding if 242 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 243 * and a multicast address is bound on both 244 * new and duplicated sockets. 245 */ 246 if (so->so_options & SO_REUSEADDR) 247 reuseport = SO_REUSEADDR|SO_REUSEPORT; 248 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 249 struct ifaddr *ifa; 250 251 ifa = ifa_ifwithaddr(SA(&sin6)); 252 if (ifa == NULL) { 253 lck_rw_done(pcbinfo->ipi_lock); 254 socket_lock(so, 0); 255 return (EADDRNOTAVAIL); 256 } else { 257 /* 258 * XXX: bind to an anycast address might 259 * accidentally cause sending a packet with 260 * anycast source address. We should allow 261 * to bind to a deprecated address, since 262 * the application dare to use it. 263 */ 264 IFA_LOCK_SPIN(ifa); 265 if (((struct in6_ifaddr *)ifa)->ia6_flags & 266 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| 267 IN6_IFF_DETACHED)) { 268 IFA_UNLOCK(ifa); 269 IFA_REMREF(ifa); 270 lck_rw_done(pcbinfo->ipi_lock); 271 socket_lock(so, 0); 272 return (EADDRNOTAVAIL); 273 } 274 /* 275 * Opportunistically determine the outbound 276 * interface that may be used; this may not 277 * hold true if we end up using a route 278 * going over a different interface, e.g. 279 * when sending to a local address. This 280 * will get updated again after sending. 281 */ 282 outif = ifa->ifa_ifp; 283 IFA_UNLOCK(ifa); 284 IFA_REMREF(ifa); 285 } 286 } 287 if (lport != 0) { 288 struct inpcb *t; 289 uid_t u; 290 291 /* GROSS */ 292 if (ntohs(lport) < IPV6PORT_RESERVED) { 293 cred = kauth_cred_proc_ref(p); 294 error = priv_check_cred(cred, 295 PRIV_NETINET_RESERVEDPORT, 0); 296 kauth_cred_unref(&cred); 297 if (error != 0) { 298 lck_rw_done(pcbinfo->ipi_lock); 299 socket_lock(so, 0); 300 return (EACCES); 301 } 302 } 303 if (!IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr) && 304 (u = kauth_cred_getuid(so->so_cred)) != 0) { 305 t = in6_pcblookup_local_and_cleanup(pcbinfo, 306 &sin6.sin6_addr, lport, 307 INPLOOKUP_WILDCARD); 308 if (t != NULL && (!IN6_IS_ADDR_UNSPECIFIED( 309 &sin6.sin6_addr) || 310 !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) || 311 !(t->inp_socket->so_options & 312 SO_REUSEPORT)) && (u != kauth_cred_getuid( 313 t->inp_socket->so_cred)) && 314 !(t->inp_socket->so_flags & 315 SOF_REUSESHAREUID)) { 316 lck_rw_done(pcbinfo->ipi_lock); 317 socket_lock(so, 0); 318 return (EADDRINUSE); 319 } 320 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) && 321 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 322 struct sockaddr_in sin; 323 324 in6_sin6_2_sin(&sin, &sin6); 325 t = in_pcblookup_local_and_cleanup( 326 pcbinfo, sin.sin_addr, lport, 327 INPLOOKUP_WILDCARD); 328 if (t != NULL && 329 !(t->inp_socket->so_options & 330 SO_REUSEPORT) && 331 (kauth_cred_getuid(so->so_cred) != 332 kauth_cred_getuid(t->inp_socket-> 333 so_cred)) && (t->inp_laddr.s_addr != 334 INADDR_ANY || SOCK_DOM(so) == 335 SOCK_DOM(t->inp_socket))) { 336 lck_rw_done(pcbinfo->ipi_lock); 337 socket_lock(so, 0); 338 return (EADDRINUSE); 339 } 340 } 341 } 342 t = in6_pcblookup_local_and_cleanup(pcbinfo, 343 &sin6.sin6_addr, lport, wild); 344 if (t != NULL && 345 (reuseport & t->inp_socket->so_options) == 0) { 346 lck_rw_done(pcbinfo->ipi_lock); 347 socket_lock(so, 0); 348 return (EADDRINUSE); 349 } 350 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) && 351 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 352 struct sockaddr_in sin; 353 354 in6_sin6_2_sin(&sin, &sin6); 355 t = in_pcblookup_local_and_cleanup(pcbinfo, 356 sin.sin_addr, lport, wild); 357 if (t != NULL && (reuseport & 358 t->inp_socket->so_options) == 0 && 359 (t->inp_laddr.s_addr != INADDR_ANY || 360 SOCK_DOM(so) == SOCK_DOM(t->inp_socket))) { 361 lck_rw_done(pcbinfo->ipi_lock); 362 socket_lock(so, 0); 363 return (EADDRINUSE); 364 } 365 } 366 } 367 } 368 369 socket_lock(so, 0); 370 /* check if the socket got bound when the lock was released */ 371 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 372 lck_rw_done(pcbinfo->ipi_lock); 373 return (EINVAL); 374 } 375 376 if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 377 inp->in6p_laddr = sin6.sin6_addr; 378 inp->in6p_last_outifp = outif; 379 } 380 381 if (lport == 0) { 382 int e; 383 if ((e = in6_pcbsetport(&inp->in6p_laddr, inp, p, 1)) != 0) { 384 /* Undo any address bind from above. */ 385 inp->in6p_laddr = in6addr_any; 386 inp->in6p_last_outifp = NULL; 387 lck_rw_done(pcbinfo->ipi_lock); 388 return (e); 389 } 390 } else { 391 inp->inp_lport = lport; 392 if (in_pcbinshash(inp, 1) != 0) { 393 inp->in6p_laddr = in6addr_any; 394 inp->inp_lport = 0; 395 inp->in6p_last_outifp = NULL; 396 lck_rw_done(pcbinfo->ipi_lock); 397 return (EAGAIN); 398 } 399 } 400 lck_rw_done(pcbinfo->ipi_lock); 401 sflt_notify(so, sock_evt_bound, NULL); 402 return (0); 403} 404 405/* 406 * Transform old in6_pcbconnect() into an inner subroutine for new 407 * in6_pcbconnect(); do some validity-checking on the remote address 408 * (in "nam") and then determine local host address (i.e., which 409 * interface) to use to access that remote host. 410 * 411 * This routine may alter the caller-supplied remote address "nam". 412 * 413 * This routine might return an ifp with a reference held if the caller 414 * provides a non-NULL outif, even in the error case. The caller is 415 * responsible for releasing its reference. 416 */ 417int 418in6_pcbladdr(struct inpcb *inp, struct sockaddr *nam, 419 struct in6_addr *plocal_addr6, struct ifnet **outif) 420{ 421 struct in6_addr *addr6 = NULL; 422 struct in6_addr src_storage; 423 int error = 0; 424 unsigned int ifscope; 425 426 if (outif != NULL) 427 *outif = NULL; 428 if (nam->sa_len != sizeof (struct sockaddr_in6)) 429 return (EINVAL); 430 if (SIN6(nam)->sin6_family != AF_INET6) 431 return (EAFNOSUPPORT); 432 if (SIN6(nam)->sin6_port == 0) 433 return (EADDRNOTAVAIL); 434 435 /* KAME hack: embed scopeid */ 436 if (in6_embedscope(&SIN6(nam)->sin6_addr, SIN6(nam), inp, NULL, NULL) != 0) 437 return (EINVAL); 438 439 if (in6_ifaddrs) { 440 /* 441 * If the destination address is UNSPECIFIED addr, 442 * use the loopback addr, e.g ::1. 443 */ 444 if (IN6_IS_ADDR_UNSPECIFIED(&SIN6(nam)->sin6_addr)) 445 SIN6(nam)->sin6_addr = in6addr_loopback; 446 } 447 448 ifscope = (inp->inp_flags & INP_BOUND_IF) ? 449 inp->inp_boundifp->if_index : IFSCOPE_NONE; 450 451 /* 452 * XXX: in6_selectsrc might replace the bound local address 453 * with the address specified by setsockopt(IPV6_PKTINFO). 454 * Is it the intended behavior? 455 * 456 * in6_selectsrc() might return outif with its reference held 457 * even in the error case; caller always needs to release it 458 * if non-NULL. 459 */ 460 addr6 = in6_selectsrc(SIN6(nam), inp->in6p_outputopts, inp, 461 &inp->in6p_route, outif, &src_storage, ifscope, &error); 462 463 if (outif != NULL) { 464 struct rtentry *rt = inp->in6p_route.ro_rt; 465 /* 466 * If in6_selectsrc() returns a route, it should be one 467 * which points to the same ifp as outif. Just in case 468 * it isn't, use the one from the route for consistency. 469 * Otherwise if there is no route, leave outif alone as 470 * it could still be useful to the caller. 471 */ 472 if (rt != NULL && rt->rt_ifp != *outif) { 473 ifnet_reference(rt->rt_ifp); /* for caller */ 474 if (*outif != NULL) 475 ifnet_release(*outif); 476 *outif = rt->rt_ifp; 477 } 478 } 479 480 if (addr6 == NULL) { 481 if (outif != NULL && (*outif) != NULL && 482 inp_restricted_send(inp, *outif)) { 483 soevent(inp->inp_socket, 484 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED)); 485 error = EHOSTUNREACH; 486 } 487 if (error == 0) 488 error = EADDRNOTAVAIL; 489 return (error); 490 } 491 492 *plocal_addr6 = *addr6; 493 /* 494 * Don't do pcblookup call here; return interface in 495 * plocal_addr6 and exit to caller, that will do the lookup. 496 */ 497 return (0); 498} 499 500/* 501 * Outer subroutine: 502 * Connect from a socket to a specified address. 503 * Both address and port must be specified in argument sin. 504 * If don't have a local address for this socket yet, 505 * then pick one. 506 */ 507int 508in6_pcbconnect(struct inpcb *inp, struct sockaddr *nam, struct proc *p) 509{ 510 struct in6_addr addr6; 511 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)(void *)nam; 512 struct inpcb *pcb; 513 int error = 0; 514 struct ifnet *outif = NULL; 515 struct socket *so = inp->inp_socket; 516 517 /* 518 * Call inner routine, to assign local interface address. 519 * in6_pcbladdr() may automatically fill in sin6_scope_id. 520 * 521 * in6_pcbladdr() might return an ifp with its reference held 522 * even in the error case, so make sure that it's released 523 * whenever it's non-NULL. 524 */ 525 if ((error = in6_pcbladdr(inp, nam, &addr6, &outif)) != 0) { 526 if (outif != NULL && inp_restricted_send(inp, outif)) 527 soevent(so, 528 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED)); 529 goto done; 530 } 531 socket_unlock(so, 0); 532 pcb = in6_pcblookup_hash(inp->inp_pcbinfo, &sin6->sin6_addr, 533 sin6->sin6_port, IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ? 534 &addr6 : &inp->in6p_laddr, inp->inp_lport, 0, NULL); 535 socket_lock(so, 0); 536 if (pcb != NULL) { 537 in_pcb_checkstate(pcb, WNT_RELEASE, pcb == inp ? 1 : 0); 538 error = EADDRINUSE; 539 goto done; 540 } 541 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 542 if (inp->inp_lport == 0) { 543 error = in6_pcbbind(inp, NULL, p); 544 if (error) 545 goto done; 546 } 547 inp->in6p_laddr = addr6; 548 inp->in6p_last_outifp = outif; /* no reference needed */ 549 inp->in6p_flags |= INP_IN6ADDR_ANY; 550 } 551 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) { 552 /* lock inversion issue, mostly with udp multicast packets */ 553 socket_unlock(so, 0); 554 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock); 555 socket_lock(so, 0); 556 } 557 inp->in6p_faddr = sin6->sin6_addr; 558 inp->inp_fport = sin6->sin6_port; 559 if (nstat_collect && SOCK_PROTO(so) == IPPROTO_UDP) 560 nstat_pcb_invalidate_cache(inp); 561 in_pcbrehash(inp); 562 lck_rw_done(inp->inp_pcbinfo->ipi_lock); 563 564done: 565 if (outif != NULL) 566 ifnet_release(outif); 567 568 return (error); 569} 570 571void 572in6_pcbdisconnect(struct inpcb *inp) 573{ 574 struct socket *so = inp->inp_socket; 575 576 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) { 577 /* lock inversion issue, mostly with udp multicast packets */ 578 socket_unlock(so, 0); 579 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock); 580 socket_lock(so, 0); 581 } 582 if (nstat_collect && SOCK_PROTO(so) == IPPROTO_UDP) 583 nstat_pcb_cache(inp); 584 bzero((caddr_t)&inp->in6p_faddr, sizeof (inp->in6p_faddr)); 585 inp->inp_fport = 0; 586 /* clear flowinfo - RFC 6437 */ 587 inp->inp_flow &= ~IPV6_FLOWLABEL_MASK; 588 in_pcbrehash(inp); 589 lck_rw_done(inp->inp_pcbinfo->ipi_lock); 590 /* 591 * A multipath subflow socket would have its SS_NOFDREF set by default, 592 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB; 593 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared. 594 */ 595 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) 596 in6_pcbdetach(inp); 597} 598 599void 600in6_pcbdetach(struct inpcb *inp) 601{ 602 struct socket *so = inp->inp_socket; 603 604 if (so->so_pcb == NULL) { 605 /* PCB has been disposed */ 606 panic("%s: inp=%p so=%p proto=%d so_pcb is null!\n", __func__, 607 inp, so, SOCK_PROTO(so)); 608 /* NOTREACHED */ 609 } 610 611#if IPSEC 612 if (inp->in6p_sp != NULL) { 613 (void) ipsec6_delete_pcbpolicy(inp); 614 } 615#endif /* IPSEC */ 616 617 /* 618 * Let NetworkStatistics know this PCB is going away 619 * before we detach it. 620 */ 621 if (nstat_collect && 622 (SOCK_PROTO(so) == IPPROTO_TCP || SOCK_PROTO(so) == IPPROTO_UDP)) 623 nstat_pcb_detach(inp); 624 /* mark socket state as dead */ 625 if (in_pcb_checkstate(inp, WNT_STOPUSING, 1) != WNT_STOPUSING) { 626 panic("%s: so=%p proto=%d couldn't set to STOPUSING\n", 627 __func__, so, SOCK_PROTO(so)); 628 /* NOTREACHED */ 629 } 630 631 if (!(so->so_flags & SOF_PCBCLEARING)) { 632 struct ip_moptions *imo; 633 struct ip6_moptions *im6o; 634 635 inp->inp_vflag = 0; 636 if (inp->in6p_options != NULL) { 637 m_freem(inp->in6p_options); 638 inp->in6p_options = NULL; 639 } 640 ip6_freepcbopts(inp->in6p_outputopts); 641 ROUTE_RELEASE(&inp->in6p_route); 642 /* free IPv4 related resources in case of mapped addr */ 643 if (inp->inp_options != NULL) { 644 (void) m_free(inp->inp_options); 645 inp->inp_options = NULL; 646 } 647 im6o = inp->in6p_moptions; 648 inp->in6p_moptions = NULL; 649 if (im6o != NULL) 650 IM6O_REMREF(im6o); 651 652 imo = inp->inp_moptions; 653 inp->inp_moptions = NULL; 654 if (imo != NULL) 655 IMO_REMREF(imo); 656 sofreelastref(so, 0); 657 inp->inp_state = INPCB_STATE_DEAD; 658 /* makes sure we're not called twice from so_close */ 659 so->so_flags |= SOF_PCBCLEARING; 660 661 inpcb_gc_sched(inp->inp_pcbinfo, INPCB_TIMER_FAST); 662 } 663} 664 665struct sockaddr * 666in6_sockaddr(in_port_t port, struct in6_addr *addr_p) 667{ 668 struct sockaddr_in6 *sin6; 669 670 MALLOC(sin6, struct sockaddr_in6 *, sizeof (*sin6), M_SONAME, M_WAITOK); 671 if (sin6 == NULL) 672 return (NULL); 673 bzero(sin6, sizeof (*sin6)); 674 sin6->sin6_family = AF_INET6; 675 sin6->sin6_len = sizeof (*sin6); 676 sin6->sin6_port = port; 677 sin6->sin6_addr = *addr_p; 678 679 /* would be good to use sa6_recoverscope(), except for locking */ 680 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 681 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]); 682 else 683 sin6->sin6_scope_id = 0; /* XXX */ 684 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 685 sin6->sin6_addr.s6_addr16[1] = 0; 686 687 return ((struct sockaddr *)sin6); 688} 689 690void 691in6_sockaddr_s(in_port_t port, struct in6_addr *addr_p, 692 struct sockaddr_in6 *sin6) 693{ 694 bzero(sin6, sizeof (*sin6)); 695 sin6->sin6_family = AF_INET6; 696 sin6->sin6_len = sizeof (*sin6); 697 sin6->sin6_port = port; 698 sin6->sin6_addr = *addr_p; 699 700 /* would be good to use sa6_recoverscope(), except for locking */ 701 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 702 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]); 703 else 704 sin6->sin6_scope_id = 0; /* XXX */ 705 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 706 sin6->sin6_addr.s6_addr16[1] = 0; 707} 708 709/* 710 * The calling convention of in6_getsockaddr() and in6_getpeeraddr() was 711 * modified to match the pru_sockaddr() and pru_peeraddr() entry points 712 * in struct pr_usrreqs, so that protocols can just reference then directly 713 * without the need for a wrapper function. 714 */ 715int 716in6_getsockaddr(struct socket *so, struct sockaddr **nam) 717{ 718 struct inpcb *inp; 719 struct in6_addr addr; 720 in_port_t port; 721 722 if ((inp = sotoinpcb(so)) == NULL) 723 return (EINVAL); 724 725 port = inp->inp_lport; 726 addr = inp->in6p_laddr; 727 728 *nam = in6_sockaddr(port, &addr); 729 if (*nam == NULL) 730 return (ENOBUFS); 731 return (0); 732} 733 734int 735in6_getsockaddr_s(struct socket *so, struct sockaddr_storage *ss) 736{ 737 struct inpcb *inp; 738 struct in6_addr addr; 739 in_port_t port; 740 741 VERIFY(ss != NULL); 742 bzero(ss, sizeof (*ss)); 743 744 if ((inp = sotoinpcb(so)) == NULL 745#if NECP 746 || (necp_socket_should_use_flow_divert(inp)) 747#endif /* NECP */ 748 ) 749 return (inp == NULL ? EINVAL : EPROTOTYPE); 750 751 port = inp->inp_lport; 752 addr = inp->in6p_laddr; 753 754 in6_sockaddr_s(port, &addr, SIN6(ss)); 755 return (0); 756} 757 758int 759in6_getpeeraddr(struct socket *so, struct sockaddr **nam) 760{ 761 struct inpcb *inp; 762 struct in6_addr addr; 763 in_port_t port; 764 765 if ((inp = sotoinpcb(so)) == NULL) 766 return (EINVAL); 767 768 port = inp->inp_fport; 769 addr = inp->in6p_faddr; 770 771 *nam = in6_sockaddr(port, &addr); 772 if (*nam == NULL) 773 return (ENOBUFS); 774 return (0); 775} 776 777int 778in6_getpeeraddr_s(struct socket *so, struct sockaddr_storage *ss) 779{ 780 struct inpcb *inp; 781 struct in6_addr addr; 782 in_port_t port; 783 784 VERIFY(ss != NULL); 785 bzero(ss, sizeof (*ss)); 786 787 if ((inp = sotoinpcb(so)) == NULL 788#if NECP 789 || (necp_socket_should_use_flow_divert(inp)) 790#endif /* NECP */ 791 ) 792 return (inp == NULL ? EINVAL : EPROTOTYPE); 793 794 port = inp->inp_fport; 795 addr = inp->in6p_faddr; 796 797 in6_sockaddr_s(port, &addr, SIN6(ss)); 798 return (0); 799} 800 801int 802in6_mapped_sockaddr(struct socket *so, struct sockaddr **nam) 803{ 804 struct inpcb *inp = sotoinpcb(so); 805 int error; 806 807 if (inp == NULL) 808 return (EINVAL); 809 if (inp->inp_vflag & INP_IPV4) { 810 error = in_getsockaddr(so, nam); 811 if (error == 0) 812 error = in6_sin_2_v4mapsin6_in_sock(nam); 813 } else { 814 /* scope issues will be handled in in6_getsockaddr(). */ 815 error = in6_getsockaddr(so, nam); 816 } 817 return (error); 818} 819 820int 821in6_mapped_peeraddr(struct socket *so, struct sockaddr **nam) 822{ 823 struct inpcb *inp = sotoinpcb(so); 824 int error; 825 826 if (inp == NULL) 827 return (EINVAL); 828 if (inp->inp_vflag & INP_IPV4) { 829 error = in_getpeeraddr(so, nam); 830 if (error == 0) 831 error = in6_sin_2_v4mapsin6_in_sock(nam); 832 } else { 833 /* scope issues will be handled in in6_getpeeraddr(). */ 834 error = in6_getpeeraddr(so, nam); 835 } 836 return (error); 837} 838 839/* 840 * Pass some notification to all connections of a protocol 841 * associated with address dst. The local address and/or port numbers 842 * may be specified to limit the search. The "usual action" will be 843 * taken, depending on the ctlinput cmd. The caller must filter any 844 * cmds that are uninteresting (e.g., no error in the map). 845 * Call the protocol specific routine (if any) to report 846 * any errors for each matching socket. 847 */ 848void 849in6_pcbnotify(struct inpcbinfo *pcbinfo, struct sockaddr *dst, u_int fport_arg, 850 const struct sockaddr *src, u_int lport_arg, int cmd, void *cmdarg, 851 void (*notify)(struct inpcb *, int)) 852{ 853 struct inpcbhead *head = pcbinfo->ipi_listhead; 854 struct inpcb *inp, *ninp; 855 struct sockaddr_in6 sa6_src, *sa6_dst; 856 u_short fport = fport_arg, lport = lport_arg; 857 u_int32_t flowinfo; 858 int errno; 859 860 if ((unsigned)cmd > PRC_NCMDS || dst->sa_family != AF_INET6) 861 return; 862 863 sa6_dst = (struct sockaddr_in6 *)(void *)dst; 864 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr)) 865 return; 866 867 /* 868 * note that src can be NULL when we get notify by local fragmentation. 869 */ 870 sa6_src = (src == NULL) ? 871 sa6_any : *(struct sockaddr_in6 *)(uintptr_t)(size_t)src; 872 flowinfo = sa6_src.sin6_flowinfo; 873 874 /* 875 * Redirects go to all references to the destination, 876 * and use in6_rtchange to invalidate the route cache. 877 * Dead host indications: also use in6_rtchange to invalidate 878 * the cache, and deliver the error to all the sockets. 879 * Otherwise, if we have knowledge of the local port and address, 880 * deliver only to that socket. 881 */ 882 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 883 fport = 0; 884 lport = 0; 885 bzero((caddr_t)&sa6_src.sin6_addr, sizeof (sa6_src.sin6_addr)); 886 887 if (cmd != PRC_HOSTDEAD) 888 notify = in6_rtchange; 889 } 890 errno = inet6ctlerrmap[cmd]; 891 lck_rw_lock_shared(pcbinfo->ipi_lock); 892 for (inp = LIST_FIRST(head); inp != NULL; inp = ninp) { 893 ninp = LIST_NEXT(inp, inp_list); 894 895 if (!(inp->inp_vflag & INP_IPV6)) 896 continue; 897 898 /* 899 * If the error designates a new path MTU for a destination 900 * and the application (associated with this socket) wanted to 901 * know the value, notify. Note that we notify for all 902 * disconnected sockets if the corresponding application 903 * wanted. This is because some UDP applications keep sending 904 * sockets disconnected. 905 * XXX: should we avoid to notify the value to TCP sockets? 906 */ 907 if (cmd == PRC_MSGSIZE && (inp->inp_flags & IN6P_MTU) != 0 && 908 (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) || 909 IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 910 &sa6_dst->sin6_addr))) { 911 ip6_notify_pmtu(inp, (struct sockaddr_in6 *)(void *)dst, 912 (u_int32_t *)cmdarg); 913 } 914 915 /* 916 * Detect if we should notify the error. If no source and 917 * destination ports are specifed, but non-zero flowinfo and 918 * local address match, notify the error. This is the case 919 * when the error is delivered with an encrypted buffer 920 * by ESP. Otherwise, just compare addresses and ports 921 * as usual. 922 */ 923 if (lport == 0 && fport == 0 && flowinfo && 924 inp->inp_socket != NULL && 925 flowinfo == (inp->inp_flow & IPV6_FLOWLABEL_MASK) && 926 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, &sa6_src.sin6_addr)) 927 goto do_notify; 928 else if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 929 &sa6_dst->sin6_addr) || inp->inp_socket == NULL || 930 (lport && inp->inp_lport != lport) || 931 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) && 932 !IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 933 &sa6_src.sin6_addr)) || (fport && inp->inp_fport != fport)) 934 continue; 935 936do_notify: 937 if (notify) { 938 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == 939 WNT_STOPUSING) 940 continue; 941 socket_lock(inp->inp_socket, 1); 942 (*notify)(inp, errno); 943 (void) in_pcb_checkstate(inp, WNT_RELEASE, 1); 944 socket_unlock(inp->inp_socket, 1); 945 } 946 } 947 lck_rw_done(pcbinfo->ipi_lock); 948} 949 950/* 951 * Lookup a PCB based on the local address and port. 952 */ 953struct inpcb * 954in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, 955 u_int lport_arg, int wild_okay) 956{ 957 struct inpcb *inp; 958 int matchwild = 3, wildcard; 959 u_short lport = lport_arg; 960 struct inpcbporthead *porthash; 961 struct inpcb *match = NULL; 962 struct inpcbport *phd; 963 964 if (!wild_okay) { 965 struct inpcbhead *head; 966 /* 967 * Look for an unconnected (wildcard foreign addr) PCB that 968 * matches the local address and port we're looking for. 969 */ 970 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 971 pcbinfo->ipi_hashmask)]; 972 LIST_FOREACH(inp, head, inp_hash) { 973 if (!(inp->inp_vflag & INP_IPV6)) 974 continue; 975 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 976 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 977 inp->inp_lport == lport) { 978 /* 979 * Found. 980 */ 981 return (inp); 982 } 983 } 984 /* 985 * Not found. 986 */ 987 return (NULL); 988 } 989 /* 990 * Best fit PCB lookup. 991 * 992 * First see if this local port is in use by looking on the 993 * port hash list. 994 */ 995 porthash = &pcbinfo->ipi_porthashbase[INP_PCBPORTHASH(lport, 996 pcbinfo->ipi_porthashmask)]; 997 LIST_FOREACH(phd, porthash, phd_hash) { 998 if (phd->phd_port == lport) 999 break; 1000 } 1001 if (phd != NULL) { 1002 /* 1003 * Port is in use by one or more PCBs. Look for best 1004 * fit. 1005 */ 1006 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { 1007 wildcard = 0; 1008 if (!(inp->inp_vflag & INP_IPV6)) 1009 continue; 1010 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) 1011 wildcard++; 1012 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 1013 if (IN6_IS_ADDR_UNSPECIFIED(laddr)) 1014 wildcard++; 1015 else if (!IN6_ARE_ADDR_EQUAL( 1016 &inp->in6p_laddr, laddr)) 1017 continue; 1018 } else { 1019 if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) 1020 wildcard++; 1021 } 1022 if (wildcard < matchwild) { 1023 match = inp; 1024 matchwild = wildcard; 1025 if (matchwild == 0) { 1026 break; 1027 } 1028 } 1029 } 1030 } 1031 return (match); 1032} 1033 1034/* 1035 * Check for alternatives when higher level complains 1036 * about service problems. For now, invalidate cached 1037 * routing information. If the route was created dynamically 1038 * (by a redirect), time to try a default gateway again. 1039 */ 1040void 1041in6_losing(struct inpcb *in6p) 1042{ 1043 struct rtentry *rt; 1044 struct rt_addrinfo info; 1045 1046 if ((rt = in6p->in6p_route.ro_rt) != NULL) { 1047 RT_LOCK(rt); 1048 bzero((caddr_t)&info, sizeof (info)); 1049 info.rti_info[RTAX_DST] = 1050 (struct sockaddr *)&in6p->in6p_route.ro_dst; 1051 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 1052 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 1053 rt_missmsg(RTM_LOSING, &info, rt->rt_flags, 0); 1054 if (rt->rt_flags & RTF_DYNAMIC) { 1055 /* 1056 * Prevent another thread from modifying rt_key, 1057 * rt_gateway via rt_setgate() after the rt_lock 1058 * is dropped by marking the route as defunct. 1059 */ 1060 rt->rt_flags |= RTF_CONDEMNED; 1061 RT_UNLOCK(rt); 1062 (void) rtrequest(RTM_DELETE, rt_key(rt), 1063 rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL); 1064 } else { 1065 RT_UNLOCK(rt); 1066 } 1067 /* 1068 * A new route can be allocated 1069 * the next time output is attempted. 1070 */ 1071 } 1072 ROUTE_RELEASE(&in6p->in6p_route); 1073} 1074 1075/* 1076 * After a routing change, flush old routing 1077 * and allocate a (hopefully) better one. 1078 */ 1079void 1080in6_rtchange(struct inpcb *inp, int errno) 1081{ 1082#pragma unused(errno) 1083 /* 1084 * A new route can be allocated the next time 1085 * output is attempted. 1086 */ 1087 ROUTE_RELEASE(&inp->in6p_route); 1088} 1089 1090/* 1091 * Check if PCB exists hash list. Also returns uid and gid of socket 1092 */ 1093int 1094in6_pcblookup_hash_exists(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, 1095 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard, 1096 uid_t *uid, gid_t *gid, struct ifnet *ifp) 1097{ 1098 struct inpcbhead *head; 1099 struct inpcb *inp; 1100 u_short fport = fport_arg, lport = lport_arg; 1101 int found; 1102 1103 *uid = UID_MAX; 1104 *gid = GID_MAX; 1105 1106 lck_rw_lock_shared(pcbinfo->ipi_lock); 1107 1108 /* 1109 * First look for an exact match. 1110 */ 1111 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */, 1112 lport, fport, pcbinfo->ipi_hashmask)]; 1113 LIST_FOREACH(inp, head, inp_hash) { 1114 if (!(inp->inp_vflag & INP_IPV6)) 1115 continue; 1116 1117 if (inp_restricted_recv(inp, ifp)) 1118 continue; 1119 1120 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) && 1121 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 1122 inp->inp_fport == fport && 1123 inp->inp_lport == lport) { 1124 if ((found = (inp->inp_socket != NULL))) { 1125 /* 1126 * Found. Check if pcb is still valid 1127 */ 1128 *uid = kauth_cred_getuid( 1129 inp->inp_socket->so_cred); 1130 *gid = kauth_cred_getgid( 1131 inp->inp_socket->so_cred); 1132 } 1133 lck_rw_done(pcbinfo->ipi_lock); 1134 return (found); 1135 } 1136 } 1137 if (wildcard) { 1138 struct inpcb *local_wild = NULL; 1139 1140 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 1141 pcbinfo->ipi_hashmask)]; 1142 LIST_FOREACH(inp, head, inp_hash) { 1143 if (!(inp->inp_vflag & INP_IPV6)) 1144 continue; 1145 1146 if (inp_restricted_recv(inp, ifp)) 1147 continue; 1148 1149 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 1150 inp->inp_lport == lport) { 1151 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 1152 laddr)) { 1153 found = (inp->inp_socket != NULL); 1154 if (found) { 1155 *uid = kauth_cred_getuid( 1156 inp->inp_socket->so_cred); 1157 *gid = kauth_cred_getgid( 1158 inp->inp_socket->so_cred); 1159 } 1160 lck_rw_done(pcbinfo->ipi_lock); 1161 return (found); 1162 } else if (IN6_IS_ADDR_UNSPECIFIED( 1163 &inp->in6p_laddr)) { 1164 local_wild = inp; 1165 } 1166 } 1167 } 1168 if (local_wild) { 1169 if ((found = (local_wild->inp_socket != NULL))) { 1170 *uid = kauth_cred_getuid( 1171 local_wild->inp_socket->so_cred); 1172 *gid = kauth_cred_getgid( 1173 local_wild->inp_socket->so_cred); 1174 } 1175 lck_rw_done(pcbinfo->ipi_lock); 1176 return (found); 1177 } 1178 } 1179 1180 /* 1181 * Not found. 1182 */ 1183 lck_rw_done(pcbinfo->ipi_lock); 1184 return (0); 1185} 1186 1187/* 1188 * Lookup PCB in hash list. 1189 */ 1190struct inpcb * 1191in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, 1192 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard, 1193 struct ifnet *ifp) 1194{ 1195 struct inpcbhead *head; 1196 struct inpcb *inp; 1197 u_short fport = fport_arg, lport = lport_arg; 1198 1199 lck_rw_lock_shared(pcbinfo->ipi_lock); 1200 1201 /* 1202 * First look for an exact match. 1203 */ 1204 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */, 1205 lport, fport, pcbinfo->ipi_hashmask)]; 1206 LIST_FOREACH(inp, head, inp_hash) { 1207 if (!(inp->inp_vflag & INP_IPV6)) 1208 continue; 1209 1210 if (inp_restricted_recv(inp, ifp)) 1211 continue; 1212 1213 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) && 1214 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 1215 inp->inp_fport == fport && 1216 inp->inp_lport == lport) { 1217 /* 1218 * Found. Check if pcb is still valid 1219 */ 1220 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) != 1221 WNT_STOPUSING) { 1222 lck_rw_done(pcbinfo->ipi_lock); 1223 return (inp); 1224 } else { 1225 /* it's there but dead, say it isn't found */ 1226 lck_rw_done(pcbinfo->ipi_lock); 1227 return (NULL); 1228 } 1229 } 1230 } 1231 if (wildcard) { 1232 struct inpcb *local_wild = NULL; 1233 1234 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 1235 pcbinfo->ipi_hashmask)]; 1236 LIST_FOREACH(inp, head, inp_hash) { 1237 if (!(inp->inp_vflag & INP_IPV6)) 1238 continue; 1239 1240 if (inp_restricted_recv(inp, ifp)) 1241 continue; 1242 1243 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 1244 inp->inp_lport == lport) { 1245 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 1246 laddr)) { 1247 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 1248 0) != WNT_STOPUSING) { 1249 lck_rw_done(pcbinfo->ipi_lock); 1250 return (inp); 1251 } else { 1252 /* dead; say it isn't found */ 1253 lck_rw_done(pcbinfo->ipi_lock); 1254 return (NULL); 1255 } 1256 } else if (IN6_IS_ADDR_UNSPECIFIED( 1257 &inp->in6p_laddr)) { 1258 local_wild = inp; 1259 } 1260 } 1261 } 1262 if (local_wild && in_pcb_checkstate(local_wild, 1263 WNT_ACQUIRE, 0) != WNT_STOPUSING) { 1264 lck_rw_done(pcbinfo->ipi_lock); 1265 return (local_wild); 1266 } else { 1267 lck_rw_done(pcbinfo->ipi_lock); 1268 return (NULL); 1269 } 1270 } 1271 1272 /* 1273 * Not found. 1274 */ 1275 lck_rw_done(pcbinfo->ipi_lock); 1276 return (NULL); 1277} 1278 1279void 1280init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m) 1281{ 1282 struct ip6_hdr *ip; 1283 1284 ip = mtod(m, struct ip6_hdr *); 1285 bzero(sin6, sizeof (*sin6)); 1286 sin6->sin6_len = sizeof (*sin6); 1287 sin6->sin6_family = AF_INET6; 1288 sin6->sin6_addr = ip->ip6_src; 1289 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 1290 sin6->sin6_addr.s6_addr16[1] = 0; 1291 if ((m->m_pkthdr.pkt_flags & (PKTF_LOOP|PKTF_IFAINFO)) == 1292 (PKTF_LOOP|PKTF_IFAINFO)) 1293 sin6->sin6_scope_id = m->m_pkthdr.src_ifindex; 1294 else if (m->m_pkthdr.rcvif != NULL) 1295 sin6->sin6_scope_id = m->m_pkthdr.rcvif->if_index; 1296 } 1297} 1298 1299/* 1300 * The following routines implement this scheme: 1301 * 1302 * Callers of ip6_output() that intend to cache the route in the inpcb pass 1303 * a local copy of the struct route to ip6_output(). Using a local copy of 1304 * the cached route significantly simplifies things as IP no longer has to 1305 * worry about having exclusive access to the passed in struct route, since 1306 * it's defined in the caller's stack; in essence, this allows for a lock- 1307 * less operation when updating the struct route at the IP level and below, 1308 * whenever necessary. The scheme works as follows: 1309 * 1310 * Prior to dropping the socket's lock and calling ip6_output(), the caller 1311 * copies the struct route from the inpcb into its stack, and adds a reference 1312 * to the cached route entry, if there was any. The socket's lock is then 1313 * dropped and ip6_output() is called with a pointer to the copy of struct 1314 * route defined on the stack (not to the one in the inpcb.) 1315 * 1316 * Upon returning from ip6_output(), the caller then acquires the socket's 1317 * lock and synchronizes the cache; if there is no route cached in the inpcb, 1318 * it copies the local copy of struct route (which may or may not contain any 1319 * route) back into the cache; otherwise, if the inpcb has a route cached in 1320 * it, the one in the local copy will be freed, if there's any. Trashing the 1321 * cached route in the inpcb can be avoided because ip6_output() is single- 1322 * threaded per-PCB (i.e. multiple transmits on a PCB are always serialized 1323 * by the socket/transport layer.) 1324 */ 1325void 1326in6p_route_copyout(struct inpcb *inp, struct route_in6 *dst) 1327{ 1328 struct route_in6 *src = &inp->in6p_route; 1329 1330 lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED); 1331 1332 /* Minor sanity check */ 1333 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) 1334 panic("%s: wrong or corrupted route: %p", __func__, src); 1335 1336 route_copyout((struct route *)dst, (struct route *)src, sizeof (*dst)); 1337} 1338 1339void 1340in6p_route_copyin(struct inpcb *inp, struct route_in6 *src) 1341{ 1342 struct route_in6 *dst = &inp->in6p_route; 1343 1344 lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED); 1345 1346 /* Minor sanity check */ 1347 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) 1348 panic("%s: wrong or corrupted route: %p", __func__, src); 1349 1350 route_copyin((struct route *)src, (struct route *)dst, sizeof (*src)); 1351} 1352