1/* 2 * Copyright (c) 2003-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29/* 30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 31 * All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the project nor the names of its contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57 58/* 59 * Copyright (c) 1982, 1986, 1991, 1993 60 * The Regents of the University of California. All rights reserved. 61 * 62 * Redistribution and use in source and binary forms, with or without 63 * modification, are permitted provided that the following conditions 64 * are met: 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in the 69 * documentation and/or other materials provided with the distribution. 70 * 3. All advertising materials mentioning features or use of this software 71 * must display the following acknowledgement: 72 * This product includes software developed by the University of 73 * California, Berkeley and its contributors. 74 * 4. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in.c 8.2 (Berkeley) 11/15/93 91 */ 92 93 94#include <sys/param.h> 95#include <sys/ioctl.h> 96#include <sys/errno.h> 97#include <sys/malloc.h> 98#include <sys/socket.h> 99#include <sys/socketvar.h> 100#include <sys/sockio.h> 101#include <sys/systm.h> 102#include <sys/time.h> 103#include <sys/kernel.h> 104#include <sys/syslog.h> 105#include <sys/kern_event.h> 106#include <sys/mcache.h> 107#include <sys/protosw.h> 108 109#include <kern/locks.h> 110#include <kern/zalloc.h> 111#include <libkern/OSAtomic.h> 112#include <machine/machine_routines.h> 113#include <mach/boolean.h> 114 115#include <net/if.h> 116#include <net/if_types.h> 117#include <net/if_var.h> 118#include <net/route.h> 119#include <net/if_dl.h> 120#include <net/kpi_protocol.h> 121 122#include <netinet/in.h> 123#include <netinet/in_var.h> 124#include <netinet/if_ether.h> 125#include <netinet/in_systm.h> 126#include <netinet/ip.h> 127#include <netinet/in_pcb.h> 128#include <netinet/icmp6.h> 129#include <netinet/tcp.h> 130#include <netinet/tcp_seq.h> 131#include <netinet/tcp_var.h> 132 133#include <netinet6/nd6.h> 134#include <netinet/ip6.h> 135#include <netinet6/ip6_var.h> 136#include <netinet6/mld6_var.h> 137#include <netinet6/ip6_mroute.h> 138#include <netinet6/in6_ifattach.h> 139#include <netinet6/scope6_var.h> 140#include <netinet6/in6_var.h> 141#include <netinet6/in6_pcb.h> 142 143#include <net/net_osdep.h> 144 145#if PF 146#include <net/pfvar.h> 147#endif /* PF */ 148 149/* 150 * Definitions of some costant IP6 addresses. 151 */ 152const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 153const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 154const struct in6_addr in6addr_nodelocal_allnodes = 155 IN6ADDR_NODELOCAL_ALLNODES_INIT; 156const struct in6_addr in6addr_linklocal_allnodes = 157 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 158const struct in6_addr in6addr_linklocal_allrouters = 159 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 160const struct in6_addr in6addr_linklocal_allv2routers = 161 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT; 162 163const struct in6_addr in6mask0 = IN6MASK0; 164const struct in6_addr in6mask7 = IN6MASK7; 165const struct in6_addr in6mask16 = IN6MASK16; 166const struct in6_addr in6mask32 = IN6MASK32; 167const struct in6_addr in6mask64 = IN6MASK64; 168const struct in6_addr in6mask96 = IN6MASK96; 169const struct in6_addr in6mask128 = IN6MASK128; 170 171const struct sockaddr_in6 sa6_any = { 172 sizeof (sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 173}; 174 175static int in6ctl_lifaddr(struct ifnet *, u_long, struct if_laddrreq *, 176 boolean_t); 177static int in6ctl_associd(struct socket *, u_long, caddr_t); 178static int in6ctl_connid(struct socket *, u_long, caddr_t); 179static int in6ctl_conninfo(struct socket *, u_long, caddr_t); 180static int in6ctl_llstart(struct ifnet *, u_long, caddr_t); 181static int in6ctl_llstop(struct ifnet *); 182static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t); 183static int in6ctl_gifaddr(struct ifnet *, struct in6_ifaddr *, u_long, 184 struct in6_ifreq *); 185static int in6ctl_gifstat(struct ifnet *, u_long, struct in6_ifreq *); 186static int in6ctl_alifetime(struct in6_ifaddr *, u_long, struct in6_ifreq *, 187 boolean_t); 188static int in6ctl_aifaddr(struct ifnet *, struct in6_aliasreq *); 189static void in6ctl_difaddr(struct ifnet *, struct in6_ifaddr *); 190static int in6_autoconf(struct ifnet *, int); 191static int in6_setrouter(struct ifnet *, int); 192static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 193static int in6_ifaupdate_aux(struct in6_ifaddr *, struct ifnet *, int); 194static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 195static struct in6_ifaddr *in6_ifaddr_alloc(int); 196static void in6_ifaddr_attached(struct ifaddr *); 197static void in6_ifaddr_detached(struct ifaddr *); 198static void in6_ifaddr_free(struct ifaddr *); 199static void in6_ifaddr_trace(struct ifaddr *, int); 200#if defined(__LP64__) 201static void in6_llstartreq_32_to_64(struct in6_llstartreq_32 *, 202 struct in6_llstartreq_64 *); 203#else 204static void in6_llstartreq_64_to_32(struct in6_llstartreq_64 *, 205 struct in6_llstartreq_32 *); 206#endif 207static struct in6_aliasreq *in6_aliasreq_to_native(void *, int, 208 struct in6_aliasreq *); 209static struct in6_llstartreq *in6_llstartreq_to_native(void *, int, 210 struct in6_llstartreq *); 211static int in6_to_kamescope(struct sockaddr_in6 *, struct ifnet *); 212 213static void in6_ifaddr_set_dadprogress(struct in6_ifaddr *); 214 215static int in6_getassocids(struct socket *, uint32_t *, user_addr_t); 216static int in6_getconnids(struct socket *, associd_t, uint32_t *, user_addr_t); 217static int in6_getconninfo(struct socket *, connid_t, uint32_t *, 218 uint32_t *, int32_t *, user_addr_t, socklen_t *, user_addr_t, socklen_t *, 219 uint32_t *, user_addr_t, uint32_t *); 220 221static void in6_if_up_dad_start(struct ifnet *); 222 223extern lck_mtx_t *nd6_mutex; 224extern int in6_init2done; 225 226#define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */ 227 228/* For gdb */ 229__private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE; 230 231struct in6_ifaddr_dbg { 232 struct in6_ifaddr in6ifa; /* in6_ifaddr */ 233 struct in6_ifaddr in6ifa_old; /* saved in6_ifaddr */ 234 u_int16_t in6ifa_refhold_cnt; /* # of IFA_ADDREF */ 235 u_int16_t in6ifa_refrele_cnt; /* # of IFA_REMREF */ 236 /* 237 * Alloc and free callers. 238 */ 239 ctrace_t in6ifa_alloc; 240 ctrace_t in6ifa_free; 241 /* 242 * Circular lists of IFA_ADDREF and IFA_REMREF callers. 243 */ 244 ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE]; 245 ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE]; 246 /* 247 * Trash list linkage 248 */ 249 TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link; 250}; 251 252/* List of trash in6_ifaddr entries protected by in6ifa_trash_lock */ 253static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head; 254static decl_lck_mtx_data(, in6ifa_trash_lock); 255 256#if DEBUG 257static unsigned int in6ifa_debug = 1; /* debugging (enabled) */ 258#else 259static unsigned int in6ifa_debug; /* debugging (disabled) */ 260#endif /* !DEBUG */ 261static unsigned int in6ifa_size; /* size of zone element */ 262static struct zone *in6ifa_zone; /* zone for in6_ifaddr */ 263 264#define IN6IFA_ZONE_MAX 64 /* maximum elements in zone */ 265#define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */ 266 267/* 268 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 269 * This routine does actual work. 270 */ 271static void 272in6_ifloop_request(int cmd, struct ifaddr *ifa) 273{ 274 struct sockaddr_in6 all1_sa; 275 struct rtentry *nrt = NULL; 276 int e; 277 278 bzero(&all1_sa, sizeof (all1_sa)); 279 all1_sa.sin6_family = AF_INET6; 280 all1_sa.sin6_len = sizeof (struct sockaddr_in6); 281 all1_sa.sin6_addr = in6mask128; 282 283 /* 284 * We specify the address itself as the gateway, and set the 285 * RTF_LLINFO flag, so that the corresponding host route would have 286 * the flag, and thus applications that assume traditional behavior 287 * would be happy. Note that we assume the caller of the function 288 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 289 * which changes the outgoing interface to the loopback interface. 290 * ifa_addr for INET6 is set once during init; no need to hold lock. 291 */ 292 lck_mtx_lock(rnh_lock); 293 e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr, 294 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 295 if (e != 0) { 296 log(LOG_ERR, "in6_ifloop_request: " 297 "%s operation failed for %s (errno=%d)\n", 298 cmd == RTM_ADD ? "ADD" : "DELETE", 299 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 300 e); 301 } 302 303 if (nrt != NULL) 304 RT_LOCK(nrt); 305 /* 306 * Make sure rt_ifa be equal to IFA, the second argument of the 307 * function. 308 * We need this because when we refer to rt_ifa->ia6_flags in 309 * ip6_input, we assume that the rt_ifa points to the address instead 310 * of the loopback address. 311 */ 312 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) { 313 rtsetifa(nrt, ifa); 314 } 315 316 /* 317 * Report the addition/removal of the address to the routing socket. 318 * XXX: since we called rtinit for a p2p interface with a destination, 319 * we end up reporting twice in such a case. Should we rather 320 * omit the second report? 321 */ 322 if (nrt != NULL) { 323 rt_newaddrmsg(cmd, ifa, e, nrt); 324 if (cmd == RTM_DELETE) { 325 RT_UNLOCK(nrt); 326 rtfree_locked(nrt); 327 } else { 328 /* the cmd must be RTM_ADD here */ 329 RT_REMREF_LOCKED(nrt); 330 RT_UNLOCK(nrt); 331 } 332 } 333 lck_mtx_unlock(rnh_lock); 334} 335 336/* 337 * Add ownaddr as loopback rtentry. We previously add the route only if 338 * necessary (ex. on a p2p link). However, since we now manage addresses 339 * separately from prefixes, we should always add the route. We can't 340 * rely on the cloning mechanism from the corresponding interface route 341 * any more. 342 */ 343static void 344in6_ifaddloop(struct ifaddr *ifa) 345{ 346 struct rtentry *rt; 347 348 /* 349 * If there is no loopback entry, allocate one. ifa_addr for 350 * INET6 is set once during init; no need to hold lock. 351 */ 352 rt = rtalloc1(ifa->ifa_addr, 0, 0); 353 if (rt != NULL) 354 RT_LOCK(rt); 355 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 356 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) { 357 if (rt != NULL) { 358 RT_REMREF_LOCKED(rt); 359 RT_UNLOCK(rt); 360 } 361 in6_ifloop_request(RTM_ADD, ifa); 362 } else if (rt != NULL) { 363 RT_REMREF_LOCKED(rt); 364 RT_UNLOCK(rt); 365 } 366} 367 368/* 369 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 370 * if it exists. 371 */ 372static void 373in6_ifremloop(struct ifaddr *ifa) 374{ 375 struct in6_ifaddr *ia; 376 struct rtentry *rt; 377 int ia_count = 0; 378 379 /* 380 * Some of BSD variants do not remove cloned routes 381 * from an interface direct route, when removing the direct route 382 * (see comments in net/net_osdep.h). Even for variants that do remove 383 * cloned routes, they could fail to remove the cloned routes when 384 * we handle multple addresses that share a common prefix. 385 * So, we should remove the route corresponding to the deleted address 386 * regardless of the result of in6_is_ifloop_auto(). 387 */ 388 389 /* 390 * Delete the entry only if exact one ifa exists. More than one ifa 391 * can exist if we assign a same single address to multiple 392 * (probably p2p) interfaces. 393 * XXX: we should avoid such a configuration in IPv6... 394 */ 395 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 396 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) { 397 IFA_LOCK(&ia->ia_ifa); 398 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) { 399 ia_count++; 400 if (ia_count > 1) { 401 IFA_UNLOCK(&ia->ia_ifa); 402 break; 403 } 404 } 405 IFA_UNLOCK(&ia->ia_ifa); 406 } 407 lck_rw_done(&in6_ifaddr_rwlock); 408 409 if (ia_count == 1) { 410 /* 411 * Before deleting, check if a corresponding loopbacked host 412 * route surely exists. With this check, we can avoid to 413 * delete an interface direct route whose destination is same 414 * as the address being removed. This can happen when removing 415 * a subnet-router anycast address on an interface attahced 416 * to a shared medium. ifa_addr for INET6 is set once during 417 * init; no need to hold lock. 418 */ 419 rt = rtalloc1(ifa->ifa_addr, 0, 0); 420 if (rt != NULL) { 421 RT_LOCK(rt); 422 if ((rt->rt_flags & RTF_HOST) != 0 && 423 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 424 RT_REMREF_LOCKED(rt); 425 RT_UNLOCK(rt); 426 in6_ifloop_request(RTM_DELETE, ifa); 427 } else { 428 RT_UNLOCK(rt); 429 } 430 } 431 } 432} 433 434 435int 436in6_mask2len(mask, lim0) 437 struct in6_addr *mask; 438 u_char *lim0; 439{ 440 int x = 0, y; 441 u_char *lim = lim0, *p; 442 443 /* ignore the scope_id part */ 444 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof (*mask)) 445 lim = (u_char *)mask + sizeof (*mask); 446 for (p = (u_char *)mask; p < lim; x++, p++) { 447 if (*p != 0xff) 448 break; 449 } 450 y = 0; 451 if (p < lim) { 452 for (y = 0; y < 8; y++) { 453 if ((*p & (0x80 >> y)) == 0) 454 break; 455 } 456 } 457 458 /* 459 * when the limit pointer is given, do a stricter check on the 460 * remaining bits. 461 */ 462 if (p < lim) { 463 if (y != 0 && (*p & (0x00ff >> y)) != 0) 464 return (-1); 465 for (p = p + 1; p < lim; p++) 466 if (*p != 0) 467 return (-1); 468 } 469 470 return (x * 8 + y); 471} 472 473void 474in6_len2mask(mask, len) 475 struct in6_addr *mask; 476 int len; 477{ 478 int i; 479 480 bzero(mask, sizeof (*mask)); 481 for (i = 0; i < len / 8; i++) 482 mask->s6_addr8[i] = 0xff; 483 if (len % 8) 484 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff; 485} 486 487void 488in6_aliasreq_64_to_32(struct in6_aliasreq_64 *src, struct in6_aliasreq_32 *dst) 489{ 490 bzero(dst, sizeof (*dst)); 491 bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name)); 492 dst->ifra_addr = src->ifra_addr; 493 dst->ifra_dstaddr = src->ifra_dstaddr; 494 dst->ifra_prefixmask = src->ifra_prefixmask; 495 dst->ifra_flags = src->ifra_flags; 496 dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire; 497 dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred; 498 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime; 499 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime; 500} 501 502void 503in6_aliasreq_32_to_64(struct in6_aliasreq_32 *src, struct in6_aliasreq_64 *dst) 504{ 505 bzero(dst, sizeof (*dst)); 506 bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name)); 507 dst->ifra_addr = src->ifra_addr; 508 dst->ifra_dstaddr = src->ifra_dstaddr; 509 dst->ifra_prefixmask = src->ifra_prefixmask; 510 dst->ifra_flags = src->ifra_flags; 511 dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire; 512 dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred; 513 dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime; 514 dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime; 515} 516 517#if defined(__LP64__) 518void 519in6_llstartreq_32_to_64(struct in6_llstartreq_32 *src, 520 struct in6_llstartreq_64 *dst) 521{ 522 bzero(dst, sizeof (*dst)); 523 bcopy(src->llsr_name, dst->llsr_name, sizeof (dst->llsr_name)); 524 dst->llsr_flags = src->llsr_flags; 525 bcopy(src->llsr_cgaprep.cga_modifier.octets, 526 dst->llsr_cgaprep.cga_modifier.octets, 527 sizeof (dst->llsr_cgaprep.cga_modifier.octets)); 528 dst->llsr_cgaprep.cga_security_level = 529 src->llsr_cgaprep.cga_security_level; 530 dst->llsr_lifetime.ia6t_expire = src->llsr_lifetime.ia6t_expire; 531 dst->llsr_lifetime.ia6t_preferred = src->llsr_lifetime.ia6t_preferred; 532 dst->llsr_lifetime.ia6t_vltime = src->llsr_lifetime.ia6t_vltime; 533 dst->llsr_lifetime.ia6t_pltime = src->llsr_lifetime.ia6t_pltime; 534} 535#endif 536 537#if !defined(__LP64__) 538void 539in6_llstartreq_64_to_32(struct in6_llstartreq_64 *src, 540 struct in6_llstartreq_32 *dst) 541{ 542 bzero(dst, sizeof (*dst)); 543 bcopy(src->llsr_name, dst->llsr_name, sizeof (dst->llsr_name)); 544 dst->llsr_flags = src->llsr_flags; 545 bcopy(src->llsr_cgaprep.cga_modifier.octets, 546 dst->llsr_cgaprep.cga_modifier.octets, 547 sizeof (dst->llsr_cgaprep.cga_modifier.octets)); 548 dst->llsr_cgaprep.cga_security_level = 549 src->llsr_cgaprep.cga_security_level; 550 dst->llsr_lifetime.ia6t_expire = src->llsr_lifetime.ia6t_expire; 551 dst->llsr_lifetime.ia6t_preferred = src->llsr_lifetime.ia6t_preferred; 552 dst->llsr_lifetime.ia6t_vltime = src->llsr_lifetime.ia6t_vltime; 553 dst->llsr_lifetime.ia6t_pltime = src->llsr_lifetime.ia6t_pltime; 554} 555#endif 556 557static struct in6_aliasreq * 558in6_aliasreq_to_native(void *data, int data_is_64, struct in6_aliasreq *dst) 559{ 560#if defined(__LP64__) 561 if (data_is_64) 562 bcopy(data, dst, sizeof (*dst)); 563 else 564 in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data, 565 (struct in6_aliasreq_64 *)dst); 566#else 567 if (data_is_64) 568 in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data, 569 (struct in6_aliasreq_32 *)dst); 570 else 571 bcopy(data, dst, sizeof (*dst)); 572#endif /* __LP64__ */ 573 return (dst); 574} 575 576static struct in6_llstartreq * 577in6_llstartreq_to_native(void *data, int is64, struct in6_llstartreq *dst) 578{ 579#if defined(__LP64__) 580 if (is64) 581 bcopy(data, dst, sizeof (*dst)); 582 else 583 in6_llstartreq_32_to_64((struct in6_llstartreq_32 *)data, 584 (struct in6_llstartreq_64 *)dst); 585#else 586 if (is64) 587 in6_llstartreq_64_to_32((struct in6_llstartreq_64 *)data, 588 (struct in6_llstartreq_32 *)dst); 589 else 590 bcopy(data, dst, sizeof (*dst)); 591#endif /* __LP64__ */ 592 return (dst); 593} 594 595static __attribute__((noinline)) int 596in6ctl_associd(struct socket *so, u_long cmd, caddr_t data) 597{ 598 int error = 0; 599 union { 600 struct so_aidreq32 a32; 601 struct so_aidreq64 a64; 602 } u; 603 604 VERIFY(so != NULL); 605 606 switch (cmd) { 607 case SIOCGASSOCIDS32: { /* struct so_aidreq32 */ 608 bcopy(data, &u.a32, sizeof (u.a32)); 609 error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp); 610 if (error == 0) 611 bcopy(&u.a32, data, sizeof (u.a32)); 612 break; 613 } 614 615 case SIOCGASSOCIDS64: { /* struct so_aidreq64 */ 616 bcopy(data, &u.a64, sizeof (u.a64)); 617 error = in6_getassocids(so, &u.a64.sar_cnt, u.a64.sar_aidp); 618 if (error == 0) 619 bcopy(&u.a64, data, sizeof (u.a64)); 620 break; 621 } 622 623 default: 624 VERIFY(0); 625 /* NOTREACHED */ 626 } 627 628 return (error); 629} 630 631static __attribute__((noinline)) int 632in6ctl_connid(struct socket *so, u_long cmd, caddr_t data) 633{ 634 int error = 0; 635 union { 636 struct so_cidreq32 c32; 637 struct so_cidreq64 c64; 638 } u; 639 640 VERIFY(so != NULL); 641 642 switch (cmd) { 643 case SIOCGCONNIDS32: { /* struct so_cidreq32 */ 644 bcopy(data, &u.c32, sizeof (u.c32)); 645 error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt, 646 u.c32.scr_cidp); 647 if (error == 0) 648 bcopy(&u.c32, data, sizeof (u.c32)); 649 break; 650 } 651 652 case SIOCGCONNIDS64: { /* struct so_cidreq64 */ 653 bcopy(data, &u.c64, sizeof (u.c64)); 654 error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt, 655 u.c64.scr_cidp); 656 if (error == 0) 657 bcopy(&u.c64, data, sizeof (u.c64)); 658 break; 659 } 660 661 default: 662 VERIFY(0); 663 /* NOTREACHED */ 664 } 665 666 return (error); 667} 668 669static __attribute__((noinline)) int 670in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data) 671{ 672 int error = 0; 673 union { 674 struct so_cinforeq32 ci32; 675 struct so_cinforeq64 ci64; 676 } u; 677 678 VERIFY(so != NULL); 679 680 switch (cmd) { 681 case SIOCGCONNINFO32: { /* struct so_cinforeq32 */ 682 bcopy(data, &u.ci32, sizeof (u.ci32)); 683 error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags, 684 &u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src, 685 &u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len, 686 &u.ci32.scir_aux_type, u.ci32.scir_aux_data, 687 &u.ci32.scir_aux_len); 688 if (error == 0) 689 bcopy(&u.ci32, data, sizeof (u.ci32)); 690 break; 691 } 692 693 case SIOCGCONNINFO64: { /* struct so_cinforeq64 */ 694 bcopy(data, &u.ci64, sizeof (u.ci64)); 695 error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags, 696 &u.ci64.scir_ifindex, &u.ci64.scir_error, u.ci64.scir_src, 697 &u.ci64.scir_src_len, u.ci64.scir_dst, &u.ci64.scir_dst_len, 698 &u.ci64.scir_aux_type, u.ci64.scir_aux_data, 699 &u.ci64.scir_aux_len); 700 if (error == 0) 701 bcopy(&u.ci64, data, sizeof (u.ci64)); 702 break; 703 } 704 705 default: 706 VERIFY(0); 707 /* NOTREACHED */ 708 } 709 710 return (error); 711} 712 713static __attribute__((noinline)) int 714in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data) 715{ 716 struct in6_aliasreq sifra, *ifra = NULL; 717 boolean_t is64; 718 int error = 0; 719 720 VERIFY(ifp != NULL); 721 722 switch (cmd) { 723 case SIOCLL_START_32: /* struct in6_aliasreq_32 */ 724 case SIOCLL_START_64: /* struct in6_aliasreq_64 */ 725 is64 = (cmd == SIOCLL_START_64); 726 /* 727 * Convert user ifra to the kernel form, when appropriate. 728 * This allows the conversion between different data models 729 * to be centralized, so that it can be passed around to other 730 * routines that are expecting the kernel form. 731 */ 732 ifra = in6_aliasreq_to_native(data, is64, &sifra); 733 734 /* 735 * NOTE: All the interface specific DLIL attachements should 736 * be done here. They are currently done in in6_ifattach_aux() 737 * for the interfaces that need it. 738 */ 739 if ((ifp->if_eflags & IFEF_NOAUTOIPV6LL) != 0 && 740 ifra->ifra_addr.sin6_family == AF_INET6 && 741 /* Only check ifra_dstaddr if valid */ 742 (ifra->ifra_dstaddr.sin6_len == 0 || 743 ifra->ifra_dstaddr.sin6_family == AF_INET6)) { 744 /* some interfaces may provide LinkLocal addresses */ 745 error = in6_ifattach_aliasreq(ifp, NULL, ifra); 746 } else { 747 error = in6_ifattach_aliasreq(ifp, NULL, NULL); 748 } 749 if (error == 0) 750 in6_if_up_dad_start(ifp); 751 break; 752 753 default: 754 VERIFY(0); 755 /* NOTREACHED */ 756 } 757 758 return (error); 759} 760 761static __attribute__((noinline)) int 762in6ctl_llstop(struct ifnet *ifp) 763{ 764 struct in6_ifaddr *ia; 765 766 VERIFY(ifp != NULL); 767 768 /* Remove link local addresses from interface */ 769 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 770 ia = in6_ifaddrs; 771 while (ia != NULL) { 772 if (ia->ia_ifa.ifa_ifp != ifp) { 773 ia = ia->ia_next; 774 continue; 775 } 776 IFA_LOCK(&ia->ia_ifa); 777 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { 778 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */ 779 IFA_UNLOCK(&ia->ia_ifa); 780 lck_rw_done(&in6_ifaddr_rwlock); 781 in6_purgeaddr(&ia->ia_ifa); 782 IFA_REMREF(&ia->ia_ifa); /* for us */ 783 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 784 /* 785 * Purging the address caused in6_ifaddr_rwlock 786 * to be dropped and reacquired; 787 * therefore search again from the beginning 788 * of in6_ifaddrs list. 789 */ 790 ia = in6_ifaddrs; 791 continue; 792 } 793 IFA_UNLOCK(&ia->ia_ifa); 794 ia = ia->ia_next; 795 } 796 lck_rw_done(&in6_ifaddr_rwlock); 797 return (0); 798} 799 800static __attribute__((noinline)) int 801in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data) 802{ 803 struct in6_llstartreq llsr; 804 int is64, error = 0; 805 806 VERIFY(ifp != NULL); 807 808 switch (cmd) { 809 case SIOCLL_CGASTART_32: /* struct in6_llstartreq_32 */ 810 case SIOCLL_CGASTART_64: /* struct in6_llstartreq_64 */ 811 is64 = (cmd == SIOCLL_CGASTART_64); 812 /* 813 * Convert user llstartreq to the kernel form, when appropriate. 814 * This allows the conversion between different data models 815 * to be centralized, so that it can be passed around to other 816 * routines that are expecting the kernel form. 817 */ 818 in6_llstartreq_to_native(data, is64, &llsr); 819 820 /* 821 * NOTE: All the interface specific DLIL attachements 822 * should be done here. They are currently done in 823 * in6_ifattach_llstartreq() for the interfaces that 824 * need it. 825 */ 826 error = in6_ifattach_llstartreq(ifp, &llsr); 827 if (error == 0) 828 in6_if_up_dad_start(ifp); 829 break; 830 831 default: 832 VERIFY(0); 833 /* NOTREACHED */ 834 } 835 836 return (error); 837} 838 839/* 840 * Caller passes in the ioctl data pointer directly via "ifr", with the 841 * expectation that this routine always uses bcopy() or other byte-aligned 842 * memory accesses. 843 */ 844static __attribute__((noinline)) int 845in6ctl_gifaddr(struct ifnet *ifp, struct in6_ifaddr *ia, u_long cmd, 846 struct in6_ifreq *ifr) 847{ 848 struct sockaddr_in6 addr; 849 int error = 0; 850 851 VERIFY(ifp != NULL); 852 853 if (ia == NULL) 854 return (EADDRNOTAVAIL); 855 856 switch (cmd) { 857 case SIOCGIFADDR_IN6: /* struct in6_ifreq */ 858 IFA_LOCK(&ia->ia_ifa); 859 bcopy(&ia->ia_addr, &addr, sizeof (addr)); 860 IFA_UNLOCK(&ia->ia_ifa); 861 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) 862 break; 863 bcopy(&addr, &ifr->ifr_addr, sizeof (addr)); 864 break; 865 866 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */ 867 if (!(ifp->if_flags & IFF_POINTOPOINT)) { 868 error = EINVAL; 869 break; 870 } 871 /* 872 * XXX: should we check if ifa_dstaddr is NULL and return 873 * an error? 874 */ 875 IFA_LOCK(&ia->ia_ifa); 876 bcopy(&ia->ia_dstaddr, &addr, sizeof (addr)); 877 IFA_UNLOCK(&ia->ia_ifa); 878 if ((error = sa6_recoverscope(&addr, TRUE)) != 0) 879 break; 880 bcopy(&addr, &ifr->ifr_dstaddr, sizeof (addr)); 881 break; 882 883 default: 884 VERIFY(0); 885 /* NOTREACHED */ 886 } 887 888 return (error); 889} 890 891/* 892 * Caller passes in the ioctl data pointer directly via "ifr", with the 893 * expectation that this routine always uses bcopy() or other byte-aligned 894 * memory accesses. 895 */ 896static __attribute__((noinline)) int 897in6ctl_gifstat(struct ifnet *ifp, u_long cmd, struct in6_ifreq *ifr) 898{ 899 int error = 0, index; 900 901 VERIFY(ifp != NULL); 902 index = ifp->if_index; 903 904 switch (cmd) { 905 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */ 906 /* N.B.: if_inet6data is never freed once set. */ 907 if (IN6_IFEXTRA(ifp) == NULL) { 908 /* return (EAFNOSUPPORT)? */ 909 bzero(&ifr->ifr_ifru.ifru_stat, 910 sizeof (ifr->ifr_ifru.ifru_stat)); 911 } else { 912 bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat, 913 &ifr->ifr_ifru.ifru_stat, 914 sizeof (ifr->ifr_ifru.ifru_stat)); 915 } 916 break; 917 918 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */ 919 /* N.B.: if_inet6data is never freed once set. */ 920 if (IN6_IFEXTRA(ifp) == NULL) { 921 /* return (EAFNOSUPPORT)? */ 922 bzero(&ifr->ifr_ifru.ifru_stat, 923 sizeof (ifr->ifr_ifru.ifru_icmp6stat)); 924 } else { 925 bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat, 926 &ifr->ifr_ifru.ifru_icmp6stat, 927 sizeof (ifr->ifr_ifru.ifru_icmp6stat)); 928 } 929 break; 930 931 default: 932 VERIFY(0); 933 /* NOTREACHED */ 934 } 935 936 return (error); 937} 938 939/* 940 * Caller passes in the ioctl data pointer directly via "ifr", with the 941 * expectation that this routine always uses bcopy() or other byte-aligned 942 * memory accesses. 943 */ 944static __attribute__((noinline)) int 945in6ctl_alifetime(struct in6_ifaddr *ia, u_long cmd, struct in6_ifreq *ifr, 946 boolean_t p64) 947{ 948 uint64_t timenow = net_uptime(); 949 struct in6_addrlifetime ia6_lt; 950 struct timeval caltime; 951 int error = 0; 952 953 if (ia == NULL) 954 return (EADDRNOTAVAIL); 955 956 switch (cmd) { 957 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */ 958 IFA_LOCK(&ia->ia_ifa); 959 /* retrieve time as calendar time (last arg is 1) */ 960 in6ifa_getlifetime(ia, &ia6_lt, 1); 961 if (p64) { 962 struct in6_addrlifetime_64 lt; 963 964 bzero(<, sizeof (lt)); 965 lt.ia6t_expire = ia6_lt.ia6t_expire; 966 lt.ia6t_preferred = ia6_lt.ia6t_preferred; 967 lt.ia6t_vltime = ia6_lt.ia6t_vltime; 968 lt.ia6t_pltime = ia6_lt.ia6t_pltime; 969 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof (lt)); 970 } else { 971 struct in6_addrlifetime_32 lt; 972 973 bzero(<, sizeof (lt)); 974 lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire; 975 lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred; 976 lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime; 977 lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime; 978 bcopy(<, &ifr->ifr_ifru.ifru_lifetime, sizeof (lt)); 979 } 980 IFA_UNLOCK(&ia->ia_ifa); 981 break; 982 983 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */ 984 getmicrotime(&caltime); 985 986 /* sanity for overflow - beware unsigned */ 987 if (p64) { 988 struct in6_addrlifetime_64 lt; 989 990 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof (lt)); 991 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME && 992 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) { 993 error = EINVAL; 994 break; 995 } 996 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME && 997 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) { 998 error = EINVAL; 999 break; 1000 } 1001 } else { 1002 struct in6_addrlifetime_32 lt; 1003 1004 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof (lt)); 1005 if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME && 1006 lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) { 1007 error = EINVAL; 1008 break; 1009 } 1010 if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME && 1011 lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) { 1012 error = EINVAL; 1013 break; 1014 } 1015 } 1016 1017 IFA_LOCK(&ia->ia_ifa); 1018 if (p64) { 1019 struct in6_addrlifetime_64 lt; 1020 1021 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof (lt)); 1022 ia6_lt.ia6t_expire = lt.ia6t_expire; 1023 ia6_lt.ia6t_preferred = lt.ia6t_preferred; 1024 ia6_lt.ia6t_vltime = lt.ia6t_vltime; 1025 ia6_lt.ia6t_pltime = lt.ia6t_pltime; 1026 } else { 1027 struct in6_addrlifetime_32 lt; 1028 1029 bcopy(&ifr->ifr_ifru.ifru_lifetime, <, sizeof (lt)); 1030 ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire; 1031 ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred; 1032 ia6_lt.ia6t_vltime = lt.ia6t_vltime; 1033 ia6_lt.ia6t_pltime = lt.ia6t_pltime; 1034 } 1035 /* for sanity */ 1036 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) 1037 ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime; 1038 else 1039 ia6_lt.ia6t_expire = 0; 1040 1041 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) 1042 ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime; 1043 else 1044 ia6_lt.ia6t_preferred = 0; 1045 1046 in6ifa_setlifetime(ia, &ia6_lt); 1047 IFA_UNLOCK(&ia->ia_ifa); 1048 break; 1049 1050 default: 1051 VERIFY(0); 1052 /* NOTREACHED */ 1053 } 1054 1055 return (error); 1056} 1057 1058#define ifa2ia6(ifa) ((struct in6_ifaddr *)(void *)(ifa)) 1059 1060/* 1061 * Generic INET6 control operations (ioctl's). 1062 * 1063 * ifp is NULL if not an interface-specific ioctl. 1064 * 1065 * Most of the routines called to handle the ioctls would end up being 1066 * tail-call optimized, which unfortunately causes this routine to 1067 * consume too much stack space; this is the reason for the "noinline" 1068 * attribute used on those routines. 1069 * 1070 * If called directly from within the networking stack (as opposed to via 1071 * pru_control), the socket parameter may be NULL. 1072 */ 1073int 1074in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp, 1075 struct proc *p) 1076{ 1077 struct in6_ifreq *ifr = (struct in6_ifreq *)(void *)data; 1078 struct in6_aliasreq sifra, *ifra = NULL; 1079 struct in6_ifaddr *ia = NULL; 1080 struct sockaddr_in6 sin6, *sa6 = NULL; 1081 boolean_t privileged = (proc_suser(p) == 0); 1082 boolean_t p64 = proc_is64bit(p); 1083 boolean_t so_unlocked = FALSE; 1084 int intval, error = 0; 1085 1086 /* In case it's NULL, make sure it came from the kernel */ 1087 VERIFY(so != NULL || p == kernproc); 1088 1089 /* 1090 * ioctls which don't require ifp, may require socket. 1091 */ 1092 switch (cmd) { 1093#if MROUTING 1094 case SIOCGETSGCNT_IN6: /* struct sioc_sg_req6 */ 1095 case SIOCGETMIFCNT_IN6_32: /* struct sioc_mif_req6_32 */ 1096 case SIOCGETMIFCNT_IN6_64: /* struct sioc_mif_req6_64 */ 1097 return (mrt6_ioctl(cmd, data)); 1098 /* NOTREACHED */ 1099#endif /* MROUTING */ 1100 1101 case SIOCAADDRCTL_POLICY: /* struct in6_addrpolicy */ 1102 case SIOCDADDRCTL_POLICY: /* struct in6_addrpolicy */ 1103 if (!privileged) 1104 return (EPERM); 1105 return (in6_src_ioctl(cmd, data)); 1106 /* NOTREACHED */ 1107 1108 case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */ 1109 case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */ 1110 case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */ 1111 case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */ 1112 if (!privileged) 1113 return (EPERM); 1114 return (defrtrlist_ioctl(cmd, data)); 1115 /* NOTREACHED */ 1116 1117 case SIOCGASSOCIDS32: /* struct so_aidreq32 */ 1118 case SIOCGASSOCIDS64: /* struct so_aidreq64 */ 1119 return (in6ctl_associd(so, cmd, data)); 1120 /* NOTREACHED */ 1121 1122 case SIOCGCONNIDS32: /* struct so_cidreq32 */ 1123 case SIOCGCONNIDS64: /* struct so_cidreq64 */ 1124 return (in6ctl_connid(so, cmd, data)); 1125 /* NOTREACHED */ 1126 1127 case SIOCGCONNINFO32: /* struct so_cinforeq32 */ 1128 case SIOCGCONNINFO64: /* struct so_cinforeq64 */ 1129 return (in6ctl_conninfo(so, cmd, data)); 1130 /* NOTREACHED */ 1131 } 1132 1133 /* 1134 * The rest of ioctls require ifp; reject if we don't have one; 1135 * return ENXIO to be consistent with ifioctl(). 1136 */ 1137 if (ifp == NULL) 1138 return (ENXIO); 1139 1140 /* 1141 * ioctls which require ifp but not interface address. 1142 */ 1143 switch (cmd) { 1144 case SIOCAUTOCONF_START: /* struct in6_ifreq */ 1145 if (!privileged) 1146 return (EPERM); 1147 return (in6_autoconf(ifp, TRUE)); 1148 /* NOTREACHED */ 1149 1150 case SIOCAUTOCONF_STOP: /* struct in6_ifreq */ 1151 if (!privileged) 1152 return (EPERM); 1153 return (in6_autoconf(ifp, FALSE)); 1154 /* NOTREACHED */ 1155 1156 case SIOCLL_START_32: /* struct in6_aliasreq_32 */ 1157 case SIOCLL_START_64: /* struct in6_aliasreq_64 */ 1158 if (!privileged) 1159 return (EPERM); 1160 return (in6ctl_llstart(ifp, cmd, data)); 1161 /* NOTREACHED */ 1162 1163 case SIOCLL_STOP: /* struct in6_ifreq */ 1164 if (!privileged) 1165 return (EPERM); 1166 return (in6ctl_llstop(ifp)); 1167 /* NOTREACHED */ 1168 1169 case SIOCSETROUTERMODE_IN6: /* struct in6_ifreq */ 1170 if (!privileged) 1171 return (EPERM); 1172 1173 bcopy(&((struct in6_ifreq *)(void *)data)->ifr_intval, 1174 &intval, sizeof (intval)); 1175 1176 return (in6_setrouter(ifp, intval)); 1177 /* NOTREACHED */ 1178 1179 case SIOCPROTOATTACH_IN6_32: /* struct in6_aliasreq_32 */ 1180 case SIOCPROTOATTACH_IN6_64: /* struct in6_aliasreq_64 */ 1181 if (!privileged) 1182 return (EPERM); 1183 return (in6_domifattach(ifp)); 1184 /* NOTREACHED */ 1185 1186 case SIOCPROTODETACH_IN6: /* struct in6_ifreq */ 1187 if (!privileged) 1188 return (EPERM); 1189 1190 /* Cleanup interface routes and addresses */ 1191 in6_purgeif(ifp); 1192 1193 if ((error = proto_unplumb(PF_INET6, ifp))) 1194 log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n", 1195 if_name(ifp), error); 1196 return (error); 1197 /* NOTREACHED */ 1198 1199 case SIOCSNDFLUSH_IN6: /* struct in6_ifreq */ 1200 case SIOCSPFXFLUSH_IN6: /* struct in6_ifreq */ 1201 case SIOCSRTRFLUSH_IN6: /* struct in6_ifreq */ 1202 case SIOCSDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */ 1203 case SIOCSDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */ 1204 case SIOCSIFINFO_FLAGS: /* struct in6_ndireq */ 1205 if (!privileged) 1206 return (EPERM); 1207 /* FALLTHRU */ 1208 case OSIOCGIFINFO_IN6: /* struct in6_ondireq */ 1209 case SIOCGIFINFO_IN6: /* struct in6_ondireq */ 1210 case SIOCGDRLST_IN6_32: /* struct in6_drlist_32 */ 1211 case SIOCGDRLST_IN6_64: /* struct in6_drlist_64 */ 1212 case SIOCGPRLST_IN6_32: /* struct in6_prlist_32 */ 1213 case SIOCGPRLST_IN6_64: /* struct in6_prlist_64 */ 1214 case SIOCGNBRINFO_IN6_32: /* struct in6_nbrinfo_32 */ 1215 case SIOCGNBRINFO_IN6_64: /* struct in6_nbrinfo_64 */ 1216 case SIOCGDEFIFACE_IN6_32: /* struct in6_ndifreq_32 */ 1217 case SIOCGDEFIFACE_IN6_64: /* struct in6_ndifreq_64 */ 1218 return (nd6_ioctl(cmd, data, ifp)); 1219 /* NOTREACHED */ 1220 1221 case SIOCSIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */ 1222 case SIOCDIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */ 1223 case SIOCAIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */ 1224 case SIOCCIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */ 1225 case SIOCSGIFPREFIX_IN6: /* struct in6_rrenumreq (deprecated) */ 1226 case SIOCGIFPREFIX_IN6: /* struct in6_prefixreq (deprecated) */ 1227 log(LOG_NOTICE, 1228 "prefix ioctls are now invalidated. " 1229 "please use ifconfig.\n"); 1230 return (EOPNOTSUPP); 1231 /* NOTREACHED */ 1232 1233 case SIOCSSCOPE6: /* struct in6_ifreq (deprecated) */ 1234 case SIOCGSCOPE6: /* struct in6_ifreq (deprecated) */ 1235 case SIOCGSCOPE6DEF: /* struct in6_ifreq (deprecated) */ 1236 return (EOPNOTSUPP); 1237 /* NOTREACHED */ 1238 1239 case SIOCALIFADDR: /* struct if_laddrreq */ 1240 case SIOCDLIFADDR: /* struct if_laddrreq */ 1241 if (!privileged) 1242 return (EPERM); 1243 /* FALLTHRU */ 1244 case SIOCGLIFADDR: { /* struct if_laddrreq */ 1245 struct if_laddrreq iflr; 1246 1247 bcopy(data, &iflr, sizeof (iflr)); 1248 error = in6ctl_lifaddr(ifp, cmd, &iflr, p64); 1249 bcopy(&iflr, data, sizeof (iflr)); 1250 return (error); 1251 /* NOTREACHED */ 1252 } 1253 1254 case SIOCLL_CGASTART_32: /* struct in6_llstartreq_32 */ 1255 case SIOCLL_CGASTART_64: /* struct in6_llstartreq_64 */ 1256 if (!privileged) 1257 return (EPERM); 1258 return (in6ctl_cgastart(ifp, cmd, data)); 1259 /* NOTREACHED */ 1260 1261 case SIOCGIFSTAT_IN6: /* struct in6_ifreq */ 1262 case SIOCGIFSTAT_ICMP6: /* struct in6_ifreq */ 1263 return (in6ctl_gifstat(ifp, cmd, ifr)); 1264 /* NOTREACHED */ 1265 } 1266 1267 /* 1268 * ioctls which require interface address; obtain sockaddr_in6. 1269 */ 1270 switch (cmd) { 1271 case SIOCSIFADDR_IN6: /* struct in6_ifreq (deprecated) */ 1272 case SIOCSIFDSTADDR_IN6: /* struct in6_ifreq (deprecated) */ 1273 case SIOCSIFNETMASK_IN6: /* struct in6_ifreq (deprecated) */ 1274 /* 1275 * Since IPv6 allows a node to assign multiple addresses 1276 * on a single interface, SIOCSIFxxx ioctls are deprecated. 1277 */ 1278 /* we decided to obsolete this command (20000704) */ 1279 return (EOPNOTSUPP); 1280 /* NOTREACHED */ 1281 1282 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */ 1283 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */ 1284 if (!privileged) 1285 return (EPERM); 1286 /* 1287 * Convert user ifra to the kernel form, when appropriate. 1288 * This allows the conversion between different data models 1289 * to be centralized, so that it can be passed around to other 1290 * routines that are expecting the kernel form. 1291 */ 1292 ifra = in6_aliasreq_to_native(data, 1293 (cmd == SIOCAIFADDR_IN6_64), &sifra); 1294 bcopy(&ifra->ifra_addr, &sin6, sizeof (sin6)); 1295 sa6 = &sin6; 1296 break; 1297 1298 case SIOCDIFADDR_IN6: /* struct in6_ifreq */ 1299 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */ 1300 if (!privileged) 1301 return (EPERM); 1302 /* FALLTHRU */ 1303 case SIOCGIFADDR_IN6: /* struct in6_ifreq */ 1304 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */ 1305 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */ 1306 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */ 1307 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */ 1308 bcopy(&ifr->ifr_addr, &sin6, sizeof (sin6)); 1309 sa6 = &sin6; 1310 break; 1311 } 1312 1313 /* 1314 * Find address for this interface, if it exists. 1315 * 1316 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 1317 * only, and used the first interface address as the target of other 1318 * operations (without checking ifra_addr). This was because netinet 1319 * code/API assumed at most 1 interface address per interface. 1320 * Since IPv6 allows a node to assign multiple addresses 1321 * on a single interface, we almost always look and check the 1322 * presence of ifra_addr, and reject invalid ones here. 1323 * It also decreases duplicated code among SIOC*_IN6 operations. 1324 */ 1325 VERIFY(ia == NULL); 1326 if (sa6 != NULL && sa6->sin6_family == AF_INET6) { 1327 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 1328 if (sa6->sin6_addr.s6_addr16[1] == 0) { 1329 /* link ID is not embedded by the user */ 1330 sa6->sin6_addr.s6_addr16[1] = 1331 htons(ifp->if_index); 1332 } else if (sa6->sin6_addr.s6_addr16[1] != 1333 htons(ifp->if_index)) { 1334 return (EINVAL); /* link ID contradicts */ 1335 } 1336 if (sa6->sin6_scope_id) { 1337 if (sa6->sin6_scope_id != 1338 (u_int32_t)ifp->if_index) 1339 return (EINVAL); 1340 sa6->sin6_scope_id = 0; /* XXX: good way? */ 1341 } 1342 } 1343 /* 1344 * Any failures from this point on must take into account 1345 * a non-NULL "ia" with an outstanding reference count, and 1346 * therefore requires IFA_REMREF. Jump to "done" label 1347 * instead of calling return if "ia" is valid. 1348 */ 1349 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 1350 } 1351 1352 /* 1353 * SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests. 1354 */ 1355 switch (cmd) { 1356 case SIOCDIFADDR_IN6: /* struct in6_ifreq */ 1357 if (ia == NULL) 1358 return (EADDRNOTAVAIL); 1359 /* FALLTHROUGH */ 1360 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */ 1361 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */ 1362 VERIFY(sa6 != NULL); 1363 /* 1364 * We always require users to specify a valid IPv6 address for 1365 * the corresponding operation. Use "sa6" instead of "ifra" 1366 * since SIOCDIFADDR_IN6 falls thru above. 1367 */ 1368 if (sa6->sin6_family != AF_INET6 || 1369 sa6->sin6_len != sizeof (struct sockaddr_in6)) { 1370 error = EAFNOSUPPORT; 1371 goto done; 1372 } 1373 break; 1374 } 1375 1376 /* 1377 * Unlock the socket since ifnet_ioctl() may be invoked by 1378 * one of the ioctl handlers below. Socket will be re-locked 1379 * prior to returning. 1380 */ 1381 if (so != NULL) { 1382 socket_unlock(so, 0); 1383 so_unlocked = TRUE; 1384 } 1385 1386 /* 1387 * And finally process address-related ioctls. 1388 */ 1389 switch (cmd) { 1390 case SIOCGIFADDR_IN6: /* struct in6_ifreq */ 1391 /* This interface is basically deprecated. use SIOCGIFCONF. */ 1392 /* FALLTHRU */ 1393 case SIOCGIFDSTADDR_IN6: /* struct in6_ifreq */ 1394 error = in6ctl_gifaddr(ifp, ia, cmd, ifr); 1395 break; 1396 1397 case SIOCGIFNETMASK_IN6: /* struct in6_ifreq */ 1398 if (ia != NULL) { 1399 IFA_LOCK(&ia->ia_ifa); 1400 bcopy(&ia->ia_prefixmask, &ifr->ifr_addr, 1401 sizeof (struct sockaddr_in6)); 1402 IFA_UNLOCK(&ia->ia_ifa); 1403 } else { 1404 error = EADDRNOTAVAIL; 1405 } 1406 break; 1407 1408 case SIOCGIFAFLAG_IN6: /* struct in6_ifreq */ 1409 if (ia != NULL) { 1410 IFA_LOCK(&ia->ia_ifa); 1411 bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6, 1412 sizeof (ifr->ifr_ifru.ifru_flags6)); 1413 IFA_UNLOCK(&ia->ia_ifa); 1414 } else { 1415 error = EADDRNOTAVAIL; 1416 } 1417 break; 1418 1419 case SIOCGIFALIFETIME_IN6: /* struct in6_ifreq */ 1420 case SIOCSIFALIFETIME_IN6: /* struct in6_ifreq */ 1421 error = in6ctl_alifetime(ia, cmd, ifr, p64); 1422 break; 1423 1424 case SIOCAIFADDR_IN6_32: /* struct in6_aliasreq_32 */ 1425 case SIOCAIFADDR_IN6_64: /* struct in6_aliasreq_64 */ 1426 error = in6ctl_aifaddr(ifp, ifra); 1427 break; 1428 1429 case SIOCDIFADDR_IN6: 1430 in6ctl_difaddr(ifp, ia); 1431 break; 1432 1433 default: 1434 error = ifnet_ioctl(ifp, PF_INET6, cmd, data); 1435 break; 1436 } 1437 1438done: 1439 if (ia != NULL) 1440 IFA_REMREF(&ia->ia_ifa); 1441 if (so_unlocked) 1442 socket_lock(so, 0); 1443 1444 return (error); 1445} 1446 1447static __attribute__((noinline)) int 1448in6ctl_aifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra) 1449{ 1450 int i, error, addtmp, plen; 1451 struct nd_prefix pr0, *pr; 1452 struct in6_ifaddr *ia; 1453 1454 VERIFY(ifp != NULL && ifra != NULL); 1455 ia = NULL; 1456 1457 /* Attempt to attach the protocol, in case it isn't attached */ 1458 error = in6_domifattach(ifp); 1459 if (error == 0) { 1460 /* PF_INET6 wasn't previously attached */ 1461 error = in6_ifattach_aliasreq(ifp, NULL, NULL); 1462 if (error != 0) 1463 goto done; 1464 1465 in6_if_up_dad_start(ifp); 1466 } else if (error != EEXIST) { 1467 goto done; 1468 } 1469 1470 /* 1471 * First, make or update the interface address structure, and link it 1472 * to the list. 1473 */ 1474 error = in6_update_ifa(ifp, ifra, 0, &ia); 1475 if (error != 0) 1476 goto done; 1477 VERIFY(ia != NULL); 1478 1479 /* Now, make the prefix on-link on the interface. */ 1480 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL); 1481 if (plen == 128) 1482 goto done; 1483 1484 /* 1485 * NOTE: We'd rather create the prefix before the address, but we need 1486 * at least one address to install the corresponding interface route, 1487 * so we configure the address first. 1488 */ 1489 1490 /* 1491 * Convert mask to prefix length (prefixmask has already been validated 1492 * in in6_update_ifa(). 1493 */ 1494 bzero(&pr0, sizeof (pr0)); 1495 pr0.ndpr_plen = plen; 1496 pr0.ndpr_ifp = ifp; 1497 pr0.ndpr_prefix = ifra->ifra_addr; 1498 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr; 1499 1500 /* apply the mask for safety. */ 1501 for (i = 0; i < 4; i++) { 1502 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 1503 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 1504 } 1505 1506 /* 1507 * Since we don't have an API to set prefix (not address) lifetimes, we 1508 * just use the same lifetimes as addresses. The (temporarily) 1509 * installed lifetimes can be overridden by later advertised RAs (when 1510 * accept_rtadv is non 0), which is an intended behavior. 1511 */ 1512 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 1513 pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF); 1514 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 1515 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 1516 pr0.ndpr_stateflags |= NDPRF_STATIC; 1517 lck_mtx_init(&pr0.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr); 1518 1519 /* add the prefix if there's one. */ 1520 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 1521 /* 1522 * nd6_prelist_add will install the corresponding interface 1523 * route. 1524 */ 1525 error = nd6_prelist_add(&pr0, NULL, &pr, FALSE); 1526 if (error != 0) 1527 goto done; 1528 1529 if (pr == NULL) { 1530 log(LOG_ERR, "%s: nd6_prelist_add okay, but" 1531 " no prefix.\n", __func__); 1532 error = EINVAL; 1533 goto done; 1534 } 1535 } 1536 1537 IFA_LOCK(&ia->ia_ifa); 1538 1539 /* if this is a new autoconfed addr */ 1540 addtmp = FALSE; 1541 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && ia->ia6_ndpr == NULL) { 1542 NDPR_LOCK(pr); 1543 ++pr->ndpr_addrcnt; 1544 VERIFY(pr->ndpr_addrcnt != 0); 1545 ia->ia6_ndpr = pr; 1546 NDPR_ADDREF_LOCKED(pr); /* for addr reference */ 1547 1548 /* 1549 * If this is the first autoconf address from the prefix, 1550 * create a temporary address as well (when specified). 1551 */ 1552 addtmp = (ip6_use_tempaddr && pr->ndpr_addrcnt == 1); 1553 NDPR_UNLOCK(pr); 1554 } 1555 1556 IFA_UNLOCK(&ia->ia_ifa); 1557 1558 if (addtmp) { 1559 int e; 1560 e = in6_tmpifadd(ia, 1); 1561 if (e != 0) 1562 log(LOG_NOTICE, "%s: failed to create a" 1563 " temporary address, error=%d\n", 1564 __func__, e); 1565 } 1566 1567 /* 1568 * This might affect the status of autoconfigured addresses, that is, 1569 * this address might make other addresses detached. 1570 */ 1571 lck_mtx_lock(nd6_mutex); 1572 pfxlist_onlink_check(); 1573 lck_mtx_unlock(nd6_mutex); 1574 1575 /* Drop use count held above during lookup/add */ 1576 NDPR_REMREF(pr); 1577 1578done: 1579 if (ia != NULL) 1580 IFA_REMREF(&ia->ia_ifa); 1581 return (error); 1582} 1583 1584static __attribute__((noinline)) void 1585in6ctl_difaddr(struct ifnet *ifp, struct in6_ifaddr *ia) 1586{ 1587 int i = 0; 1588 struct nd_prefix pr0, *pr; 1589 1590 VERIFY(ifp != NULL && ia != NULL); 1591 1592 /* 1593 * If the address being deleted is the only one that owns 1594 * the corresponding prefix, expire the prefix as well. 1595 * XXX: theoretically, we don't have to worry about such 1596 * relationship, since we separate the address management 1597 * and the prefix management. We do this, however, to provide 1598 * as much backward compatibility as possible in terms of 1599 * the ioctl operation. 1600 * Note that in6_purgeaddr() will decrement ndpr_addrcnt. 1601 */ 1602 IFA_LOCK(&ia->ia_ifa); 1603 bzero(&pr0, sizeof (pr0)); 1604 pr0.ndpr_ifp = ifp; 1605 pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1606 if (pr0.ndpr_plen == 128) { 1607 IFA_UNLOCK(&ia->ia_ifa); 1608 goto purgeaddr; 1609 } 1610 pr0.ndpr_prefix = ia->ia_addr; 1611 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr; 1612 for (i = 0; i < 4; i++) { 1613 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 1614 ia->ia_prefixmask.sin6_addr.s6_addr32[i]; 1615 } 1616 IFA_UNLOCK(&ia->ia_ifa); 1617 /* 1618 * The logic of the following condition is a bit complicated. 1619 * We expire the prefix when 1620 * 1. the address obeys autoconfiguration and it is the 1621 * only owner of the associated prefix, or 1622 * 2. the address does not obey autoconf and there is no 1623 * other owner of the prefix. 1624 */ 1625 if ((pr = nd6_prefix_lookup(&pr0)) != NULL) { 1626 IFA_LOCK(&ia->ia_ifa); 1627 NDPR_LOCK(pr); 1628 if (((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && 1629 pr->ndpr_addrcnt == 1) || 1630 ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0 && 1631 pr->ndpr_addrcnt == 0)) { 1632 /* XXX: just for expiration */ 1633 pr->ndpr_expire = 1; 1634 } 1635 NDPR_UNLOCK(pr); 1636 IFA_UNLOCK(&ia->ia_ifa); 1637 1638 /* Drop use count held above during lookup */ 1639 NDPR_REMREF(pr); 1640 } 1641 1642purgeaddr: 1643 in6_purgeaddr(&ia->ia_ifa); 1644} 1645 1646static __attribute__((noinline)) int 1647in6_autoconf(struct ifnet *ifp, int enable) 1648{ 1649 int error = 0; 1650 1651 VERIFY(ifp != NULL); 1652 1653 if (ifp->if_flags & IFF_LOOPBACK) 1654 return (EINVAL); 1655 1656 if (enable) { 1657 /* 1658 * An interface in IPv6 router mode implies that it 1659 * is either configured with a static IP address or 1660 * autoconfigured via a locally-generated RA. Prevent 1661 * SIOCAUTOCONF_START from being set in that mode. 1662 */ 1663 ifnet_lock_exclusive(ifp); 1664 if (ifp->if_eflags & IFEF_IPV6_ROUTER) { 1665 ifp->if_eflags &= ~IFEF_ACCEPT_RTADV; 1666 error = EBUSY; 1667 } else { 1668 ifp->if_eflags |= IFEF_ACCEPT_RTADV; 1669 } 1670 ifnet_lock_done(ifp); 1671 } else { 1672 struct in6_ifaddr *ia = NULL; 1673 1674 ifnet_lock_exclusive(ifp); 1675 ifp->if_eflags &= ~IFEF_ACCEPT_RTADV; 1676 ifnet_lock_done(ifp); 1677 1678 /* Remove autoconfigured address from interface */ 1679 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 1680 ia = in6_ifaddrs; 1681 while (ia != NULL) { 1682 if (ia->ia_ifa.ifa_ifp != ifp) { 1683 ia = ia->ia_next; 1684 continue; 1685 } 1686 IFA_LOCK(&ia->ia_ifa); 1687 if (ia->ia6_flags & IN6_IFF_AUTOCONF) { 1688 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for us */ 1689 IFA_UNLOCK(&ia->ia_ifa); 1690 lck_rw_done(&in6_ifaddr_rwlock); 1691 in6_purgeaddr(&ia->ia_ifa); 1692 IFA_REMREF(&ia->ia_ifa); /* for us */ 1693 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 1694 /* 1695 * Purging the address caused in6_ifaddr_rwlock 1696 * to be dropped and reacquired; 1697 * therefore search again from the beginning 1698 * of in6_ifaddrs list. 1699 */ 1700 ia = in6_ifaddrs; 1701 continue; 1702 } 1703 IFA_UNLOCK(&ia->ia_ifa); 1704 ia = ia->ia_next; 1705 } 1706 lck_rw_done(&in6_ifaddr_rwlock); 1707 } 1708 return (error); 1709} 1710 1711/* 1712 * Handle SIOCSETROUTERMODE_IN6 to set or clear the IPv6 router mode flag on 1713 * the interface. Entering or exiting this mode will result in the removal of 1714 * autoconfigured IPv6 addresses on the interface. 1715 */ 1716static __attribute__((noinline)) int 1717in6_setrouter(struct ifnet *ifp, int enable) 1718{ 1719 VERIFY(ifp != NULL); 1720 1721 if (ifp->if_flags & IFF_LOOPBACK) 1722 return (ENODEV); 1723 1724 if (enable) { 1725 struct nd_ifinfo *ndi; 1726 1727 lck_rw_lock_shared(nd_if_rwlock); 1728 ndi = ND_IFINFO(ifp); 1729 if (ndi != NULL && ndi->initialized) { 1730 lck_mtx_lock(&ndi->lock); 1731 if (ndi->flags & ND6_IFF_PROXY_PREFIXES) { 1732 /* No proxy if we are an advertising router */ 1733 ndi->flags &= ~ND6_IFF_PROXY_PREFIXES; 1734 lck_mtx_unlock(&ndi->lock); 1735 lck_rw_done(nd_if_rwlock); 1736 (void) nd6_if_prproxy(ifp, FALSE); 1737 } else { 1738 lck_mtx_unlock(&ndi->lock); 1739 lck_rw_done(nd_if_rwlock); 1740 } 1741 } else { 1742 lck_rw_done(nd_if_rwlock); 1743 } 1744 } 1745 1746 ifnet_lock_exclusive(ifp); 1747 if (enable) { 1748 ifp->if_eflags |= IFEF_IPV6_ROUTER; 1749 } else { 1750 ifp->if_eflags &= ~IFEF_IPV6_ROUTER; 1751 } 1752 ifnet_lock_done(ifp); 1753 1754 lck_mtx_lock(nd6_mutex); 1755 defrouter_select(ifp); 1756 lck_mtx_unlock(nd6_mutex); 1757 1758 if_allmulti(ifp, enable); 1759 1760 return (in6_autoconf(ifp, FALSE)); 1761} 1762 1763static int 1764in6_to_kamescope(struct sockaddr_in6 *sin6, struct ifnet *ifp) 1765{ 1766 struct sockaddr_in6 tmp; 1767 int error, id; 1768 1769 VERIFY(sin6 != NULL); 1770 tmp = *sin6; 1771 1772 error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp); 1773 if (error != 0) 1774 return (error); 1775 1776 id = in6_addr2scopeid(ifp, &tmp.sin6_addr); 1777 if (tmp.sin6_scope_id == 0) 1778 tmp.sin6_scope_id = id; 1779 else if (tmp.sin6_scope_id != id) 1780 return (EINVAL); /* scope ID mismatch. */ 1781 1782 error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL); 1783 if (error != 0) 1784 return (error); 1785 1786 tmp.sin6_scope_id = 0; 1787 *sin6 = tmp; 1788 return (0); 1789} 1790 1791static int 1792in6_ifaupdate_aux(struct in6_ifaddr *ia, struct ifnet *ifp, int ifaupflags) 1793{ 1794 struct sockaddr_in6 mltaddr, mltmask; 1795 struct in6_addr llsol; 1796 struct ifaddr *ifa; 1797 struct in6_multi *in6m_sol; 1798 struct in6_multi_mship *imm; 1799 struct rtentry *rt; 1800 int delay, error; 1801 1802 VERIFY(ifp != NULL && ia != NULL); 1803 ifa = &ia->ia_ifa; 1804 in6m_sol = NULL; 1805 1806 /* 1807 * Mark the address as tentative before joining multicast addresses, 1808 * so that corresponding MLD responses would not have a tentative 1809 * source address. 1810 */ 1811 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1812 if (in6if_do_dad(ifp)) 1813 in6_ifaddr_set_dadprogress(ia); 1814 1815 /* Join necessary multicast groups */ 1816 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1817 1818 /* join solicited multicast addr for new host id */ 1819 bzero(&llsol, sizeof (struct in6_addr)); 1820 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 1821 llsol.s6_addr32[1] = 0; 1822 llsol.s6_addr32[2] = htonl(1); 1823 llsol.s6_addr32[3] = ia->ia_addr.sin6_addr.s6_addr32[3]; 1824 llsol.s6_addr8[12] = 0xff; 1825 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1826 /* XXX: should not happen */ 1827 log(LOG_ERR, "%s: in6_setscope failed\n", __func__); 1828 goto unwind; 1829 } 1830 delay = 0; 1831 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) { 1832 /* 1833 * We need a random delay for DAD on the address 1834 * being configured. It also means delaying 1835 * transmission of the corresponding MLD report to 1836 * avoid report collision. [RFC 4862] 1837 */ 1838 delay = random() % MAX_RTR_SOLICITATION_DELAY; 1839 } 1840 imm = in6_joingroup(ifp, &llsol, &error, delay); 1841 if (imm == NULL) { 1842 nd6log((LOG_WARNING, 1843 "%s: addmulti failed for %s on %s (errno=%d)\n", 1844 __func__, ip6_sprintf(&llsol), if_name(ifp), 1845 error)); 1846 VERIFY(error != 0); 1847 goto unwind; 1848 } 1849 in6m_sol = imm->i6mm_maddr; 1850 /* take a refcount for this routine */ 1851 IN6M_ADDREF(in6m_sol); 1852 1853 IFA_LOCK_SPIN(ifa); 1854 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1855 IFA_UNLOCK(ifa); 1856 1857 bzero(&mltmask, sizeof (mltmask)); 1858 mltmask.sin6_len = sizeof (struct sockaddr_in6); 1859 mltmask.sin6_family = AF_INET6; 1860 mltmask.sin6_addr = in6mask32; 1861#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1862 1863 /* 1864 * join link-local all-nodes address 1865 */ 1866 bzero(&mltaddr, sizeof (mltaddr)); 1867 mltaddr.sin6_len = sizeof (struct sockaddr_in6); 1868 mltaddr.sin6_family = AF_INET6; 1869 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1870 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1871 goto unwind; /* XXX: should not fail */ 1872 1873 /* 1874 * XXX: do we really need this automatic routes? 1875 * We should probably reconsider this stuff. Most applications 1876 * actually do not need the routes, since they usually specify 1877 * the outgoing interface. 1878 */ 1879 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL, 1880 ia->ia_ifp->if_index); 1881 if (rt) { 1882 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *) 1883 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) { 1884 rtfree(rt); 1885 rt = NULL; 1886 } 1887 } 1888 if (!rt) { 1889 error = rtrequest_scoped(RTM_ADD, 1890 (struct sockaddr *)&mltaddr, 1891 (struct sockaddr *)&ia->ia_addr, 1892 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1893 NULL, ia->ia_ifp->if_index); 1894 if (error) 1895 goto unwind; 1896 } else { 1897 rtfree(rt); 1898 } 1899 1900 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1901 if (!imm) { 1902 nd6log((LOG_WARNING, 1903 "%s: addmulti failed for %s on %s (errno=%d)\n", 1904 __func__, ip6_sprintf(&mltaddr.sin6_addr), 1905 if_name(ifp), error)); 1906 VERIFY(error != 0); 1907 goto unwind; 1908 } 1909 IFA_LOCK_SPIN(ifa); 1910 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1911 IFA_UNLOCK(ifa); 1912 1913 /* 1914 * join node information group address 1915 */ 1916#define hostnamelen strlen(hostname) 1917 delay = 0; 1918 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) { 1919 /* 1920 * The spec doesn't say anything about delay for this 1921 * group, but the same logic should apply. 1922 */ 1923 delay = random() % MAX_RTR_SOLICITATION_DELAY; 1924 } 1925 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr) 1926 == 0) { 1927 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1928 delay); /* XXX jinmei */ 1929 if (!imm) { 1930 nd6log((LOG_WARNING, 1931 "%s: addmulti failed for %s on %s " 1932 "(errno=%d)\n", 1933 __func__, ip6_sprintf(&mltaddr.sin6_addr), 1934 if_name(ifp), error)); 1935 /* XXX not very fatal, go on... */ 1936 error = 0; 1937 } else { 1938 IFA_LOCK_SPIN(ifa); 1939 LIST_INSERT_HEAD(&ia->ia6_memberships, 1940 imm, i6mm_chain); 1941 IFA_UNLOCK(ifa); 1942 } 1943 } 1944#undef hostnamelen 1945 1946 /* 1947 * join interface-local all-nodes address. 1948 * (ff01::1%ifN, and ff01::%ifN/32) 1949 */ 1950 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1951 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1952 goto unwind; /* XXX: should not fail */ 1953 /* XXX: again, do we really need the route? */ 1954 rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, 0, 0UL, 1955 ia->ia_ifp->if_index); 1956 if (rt) { 1957 if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *) 1958 (void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) { 1959 rtfree(rt); 1960 rt = NULL; 1961 } 1962 } 1963 if (!rt) { 1964 error = rtrequest_scoped(RTM_ADD, 1965 (struct sockaddr *)&mltaddr, 1966 (struct sockaddr *)&ia->ia_addr, 1967 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1968 NULL, ia->ia_ifp->if_index); 1969 if (error) 1970 goto unwind; 1971 } else 1972 rtfree(rt); 1973 1974 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1975 if (!imm) { 1976 nd6log((LOG_WARNING, 1977 "%s: addmulti failed for %s on %s (errno=%d)\n", 1978 __func__, ip6_sprintf(&mltaddr.sin6_addr), 1979 if_name(ifp), error)); 1980 VERIFY(error != 0); 1981 goto unwind; 1982 } 1983 IFA_LOCK(ifa); 1984 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1985 IFA_UNLOCK(ifa); 1986 } 1987#undef MLTMASK_LEN 1988 1989 /* 1990 * Make sure to initialize ND6 information. this is to workaround 1991 * issues with interfaces with IPv6 addresses, which have never brought 1992 * up. We are assuming that it is safe to nd6_ifattach multiple times. 1993 * NOTE: this is how stf0 gets initialized 1994 */ 1995 if ((error = nd6_ifattach(ifp)) != 0) 1996 goto unwind; 1997 1998 /* Ensure nd6_service() is scheduled as soon as it's convenient */ 1999 ++nd6_sched_timeout_want; 2000 2001 /* 2002 * Perform DAD, if needed. 2003 * XXX It may be of use, if we can administratively 2004 * disable DAD. 2005 */ 2006 IFA_LOCK_SPIN(ifa); 2007 if (in6if_do_dad(ifp) && ((ifa->ifa_flags & IN6_IFF_NODAD) == 0) && 2008 (ia->ia6_flags & IN6_IFF_DADPROGRESS)) { 2009 int mindelay, maxdelay; 2010 int *delayptr, delayval; 2011 2012 IFA_UNLOCK(ifa); 2013 delayptr = NULL; 2014 if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) { 2015 /* 2016 * We need to impose a delay before sending an NS 2017 * for DAD. Check if we also needed a delay for the 2018 * corresponding MLD message. If we did, the delay 2019 * should be larger than the MLD delay (this could be 2020 * relaxed a bit, but this simple logic is at least 2021 * safe). 2022 */ 2023 mindelay = 0; 2024 if (in6m_sol != NULL) { 2025 IN6M_LOCK(in6m_sol); 2026 if (in6m_sol->in6m_state == 2027 MLD_REPORTING_MEMBER) 2028 mindelay = in6m_sol->in6m_timer; 2029 IN6M_UNLOCK(in6m_sol); 2030 } 2031 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 2032 if (maxdelay - mindelay == 0) 2033 delayval = 0; 2034 else { 2035 delayval = 2036 (random() % (maxdelay - mindelay)) + 2037 mindelay; 2038 } 2039 delayptr = &delayval; 2040 } 2041 2042 nd6_dad_start((struct ifaddr *)ia, delayptr); 2043 } else { 2044 IFA_UNLOCK(ifa); 2045 } 2046 2047 goto done; 2048 2049unwind: 2050 VERIFY(error != 0); 2051 in6_purgeaddr(&ia->ia_ifa); 2052 2053done: 2054 /* release reference held for this routine */ 2055 if (in6m_sol != NULL) 2056 IN6M_REMREF(in6m_sol); 2057 return (error); 2058} 2059 2060/* 2061 * Request an IPv6 interface address. If the address is new, then it will be 2062 * constructed and appended to the interface address chains. The interface 2063 * address structure is optionally returned with a reference for the caller. 2064 */ 2065int 2066in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int ifaupflags, 2067 struct in6_ifaddr **iar) 2068{ 2069 struct in6_addrlifetime ia6_lt; 2070 struct in6_ifaddr *ia; 2071 struct ifaddr *ifa; 2072 struct ifaddr *xifa; 2073 struct in6_addrlifetime *lt; 2074 uint64_t timenow; 2075 int plen, error; 2076 2077 /* Sanity check parameters and initialize locals */ 2078 VERIFY(ifp != NULL && ifra != NULL && iar != NULL); 2079 ia = NULL; 2080 ifa = NULL; 2081 error = 0; 2082 2083 /* 2084 * We always require users to specify a valid IPv6 address for 2085 * the corresponding operation. 2086 */ 2087 if (ifra->ifra_addr.sin6_family != AF_INET6 || 2088 ifra->ifra_addr.sin6_len != sizeof (struct sockaddr_in6)) { 2089 error = EAFNOSUPPORT; 2090 goto unwind; 2091 } 2092 2093 /* Validate ifra_prefixmask.sin6_len is properly bounded. */ 2094 if (ifra->ifra_prefixmask.sin6_len == 0 || 2095 ifra->ifra_prefixmask.sin6_len > sizeof (struct sockaddr_in6)) { 2096 error = EINVAL; 2097 goto unwind; 2098 } 2099 2100 /* Validate prefix length extracted from ifra_prefixmask structure. */ 2101 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 2102 (u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len); 2103 if (plen <= 0) { 2104 error = EINVAL; 2105 goto unwind; 2106 } 2107 2108 /* Validate lifetimes */ 2109 lt = &ifra->ifra_lifetime; 2110 if (lt->ia6t_pltime > lt->ia6t_vltime) { 2111 log(LOG_INFO, 2112 "%s: pltime 0x%x > vltime 0x%x for %s\n", __func__, 2113 lt->ia6t_pltime, lt->ia6t_vltime, 2114 ip6_sprintf(&ifra->ifra_addr.sin6_addr)); 2115 error = EINVAL; 2116 goto unwind; 2117 } 2118 if (lt->ia6t_vltime == 0) { 2119 /* 2120 * the following log might be noisy, but this is a typical 2121 * configuration mistake or a tool's bug. 2122 */ 2123 log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__, 2124 ip6_sprintf(&ifra->ifra_addr.sin6_addr)); 2125 } 2126 2127 /* 2128 * Before we lock the ifnet structure, we first check to see if the 2129 * address already exists. If so, then we don't allocate and link a 2130 * new one here. 2131 */ 2132 ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr); 2133 if (ia != NULL) 2134 ifa = &ia->ia_ifa; 2135 2136 /* 2137 * Validate destination address on interface types that require it. 2138 */ 2139 if ((ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT)) != 0) { 2140 switch (ifra->ifra_dstaddr.sin6_family) { 2141 case AF_INET6: 2142 if (plen != 128) { 2143 /* noisy message for diagnostic purposes */ 2144 log(LOG_INFO, 2145 "%s: prefix length < 128 with" 2146 " explicit dstaddr.\n", __func__); 2147 error = EINVAL; 2148 goto unwind; 2149 } 2150 break; 2151 2152 case AF_UNSPEC: 2153 break; 2154 2155 default: 2156 error = EAFNOSUPPORT; 2157 goto unwind; 2158 } 2159 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) { 2160 log(LOG_INFO, 2161 "%s: dstaddr valid only on p2p and loopback interfaces.\n", 2162 __func__); 2163 error = EINVAL; 2164 goto unwind; 2165 } 2166 2167 timenow = net_uptime(); 2168 2169 if (ia == NULL) { 2170 int how; 2171 2172 /* Is this the first new IPv6 address for the interface? */ 2173 ifaupflags |= IN6_IFAUPDATE_NEWADDR; 2174 2175 /* Allocate memory for IPv6 interface address structure. */ 2176 how = !(ifaupflags & IN6_IFAUPDATE_NOWAIT) ? M_WAITOK : 0; 2177 ia = in6_ifaddr_alloc(how); 2178 if (ia == NULL) { 2179 error = ENOBUFS; 2180 goto unwind; 2181 } 2182 2183 ifa = &ia->ia_ifa; 2184 2185 /* 2186 * Initialize interface address structure. 2187 * 2188 * Note well: none of these sockaddr_in6 structures contain a 2189 * valid sin6_port, sin6_flowinfo or even a sin6_scope_id field. 2190 * We still embed link-local scope identifiers at the end of an 2191 * arbitrary fe80::/32 prefix, for historical reasons. Also, the 2192 * ifa_dstaddr field is always non-NULL on point-to-point and 2193 * loopback interfaces, and conventionally points to a socket 2194 * address of AF_UNSPEC family when there is no destination. 2195 * 2196 * Please enjoy the dancing sea turtle. 2197 */ 2198 IFA_ADDREF(ifa); /* for this and optionally for caller */ 2199 ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr; 2200 if (ifra->ifra_dstaddr.sin6_family == AF_INET6 || 2201 (ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) 2202 ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr; 2203 ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 2204 ifa->ifa_ifp = ifp; 2205 ifa->ifa_metric = ifp->if_metric; 2206 ifa->ifa_rtrequest = nd6_rtrequest; 2207 2208 LIST_INIT(&ia->ia6_memberships); 2209 ia->ia_addr.sin6_family = AF_INET6; 2210 ia->ia_addr.sin6_len = sizeof (ia->ia_addr); 2211 ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr; 2212 ia->ia_prefixmask.sin6_family = AF_INET6; 2213 ia->ia_prefixmask.sin6_len = sizeof (ia->ia_prefixmask); 2214 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr; 2215 error = in6_to_kamescope(&ia->ia_addr, ifp); 2216 if (error != 0) 2217 goto unwind; 2218 if (ifa->ifa_dstaddr != NULL) { 2219 ia->ia_dstaddr = ifra->ifra_dstaddr; 2220 error = in6_to_kamescope(&ia->ia_dstaddr, ifp); 2221 if (error != 0) 2222 goto unwind; 2223 } 2224 2225 /* Append to address chains */ 2226 ifnet_lock_exclusive(ifp); 2227 ifaupflags |= IN6_IFAUPDATE_1STADDR; 2228 TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) { 2229 IFA_LOCK_SPIN(xifa); 2230 if (xifa->ifa_addr->sa_family != AF_INET6) { 2231 IFA_UNLOCK(xifa); 2232 ifaupflags &= ~IN6_IFAUPDATE_1STADDR; 2233 break; 2234 } 2235 IFA_UNLOCK(xifa); 2236 } 2237 2238 IFA_LOCK_SPIN(ifa); 2239 if_attach_ifa(ifp, ifa); /* holds reference for ifnet link */ 2240 IFA_UNLOCK(ifa); 2241 ifnet_lock_done(ifp); 2242 2243 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 2244 if (in6_ifaddrs != NULL) { 2245 struct in6_ifaddr *iac; 2246 for (iac = in6_ifaddrs; iac->ia_next != NULL; 2247 iac = iac->ia_next) 2248 continue; 2249 iac->ia_next = ia; 2250 } else { 2251 in6_ifaddrs = ia; 2252 } 2253 IFA_ADDREF(ifa); /* hold for in6_ifaddrs link */ 2254 lck_rw_done(&in6_ifaddr_rwlock); 2255 } else { 2256 ifa = &ia->ia_ifa; 2257 ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR|IN6_IFAUPDATE_1STADDR); 2258 } 2259 2260 VERIFY(ia != NULL && ifa == &ia->ia_ifa); 2261 IFA_LOCK(ifa); 2262 2263 /* 2264 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 2265 * to see if the address is deprecated or invalidated, but initialize 2266 * these members for applications. 2267 */ 2268 ia->ia6_updatetime = ia->ia6_createtime = timenow; 2269 ia6_lt = *lt; 2270 if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME) 2271 ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime; 2272 else 2273 ia6_lt.ia6t_expire = 0; 2274 if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME) 2275 ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime; 2276 else 2277 ia6_lt.ia6t_preferred = 0; 2278 in6ifa_setlifetime(ia, &ia6_lt); 2279 2280 /* 2281 * Backward compatibility - if IN6_IFF_DEPRECATED is set from the 2282 * userland, make it deprecated. 2283 */ 2284 if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) { 2285 ia->ia6_lifetime.ia6ti_pltime = 0; 2286 ia->ia6_lifetime.ia6ti_preferred = timenow; 2287 } 2288 2289 /* 2290 * Do not delay sending neighbor solicitations when using optimistic 2291 * duplicate address detection, c.f. RFC 4429. 2292 */ 2293 if ((ia->ia6_flags & IN6_IFF_OPTIMISTIC) == 0) 2294 ifaupflags |= IN6_IFAUPDATE_DADDELAY; 2295 2296 /* 2297 * Update flag or prefix length 2298 */ 2299 ia->ia_plen = plen; 2300 ia->ia6_flags = ifra->ifra_flags; 2301 2302 /* Release locks (new address available to concurrent tasks) */ 2303 IFA_UNLOCK(ifa); 2304 2305 /* Further initialization of the interface address */ 2306 error = in6_ifinit(ifp, ia, ifaupflags); 2307 if (error != 0) 2308 goto unwind; 2309 2310 /* Finish updating the address while other tasks are working with it */ 2311 error = in6_ifaupdate_aux(ia, ifp, ifaupflags); 2312 if (error != 0) 2313 goto unwind; 2314 2315 /* Return success (optionally w/ address for caller). */ 2316 VERIFY(error == 0); 2317 (void) ifnet_notify_address(ifp, AF_INET6); 2318 goto done; 2319 2320unwind: 2321 VERIFY(error != 0); 2322 if (ia != NULL) { 2323 VERIFY(ifa == &ia->ia_ifa); 2324 IFA_REMREF(ifa); 2325 ia = NULL; 2326 } 2327 2328done: 2329 *iar = ia; 2330 return (error); 2331} 2332 2333void 2334in6_purgeaddr(struct ifaddr *ifa) 2335{ 2336 struct ifnet *ifp = ifa->ifa_ifp; 2337 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 2338 struct in6_multi_mship *imm; 2339 2340 lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED); 2341 2342 /* stop DAD processing */ 2343 nd6_dad_stop(ifa); 2344 2345 /* 2346 * delete route to the destination of the address being purged. 2347 * The interface must be p2p or loopback in this case. 2348 */ 2349 IFA_LOCK(ifa); 2350 if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128) { 2351 int error, rtf; 2352 2353 IFA_UNLOCK(ifa); 2354 rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0; 2355 error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf); 2356 if (error != 0) { 2357 log(LOG_ERR, "in6_purgeaddr: failed to remove " 2358 "a route to the p2p destination: %s on %s, " 2359 "errno=%d\n", 2360 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 2361 error); 2362 /* proceed anyway... */ 2363 } 2364 IFA_LOCK_SPIN(ifa); 2365 ia->ia_flags &= ~IFA_ROUTE; 2366 } 2367 IFA_UNLOCK(ifa); 2368 2369 /* Remove ownaddr's loopback rtentry, if it exists. */ 2370 in6_ifremloop(&(ia->ia_ifa)); 2371 2372 /* 2373 * leave from multicast groups we have joined for the interface 2374 */ 2375 IFA_LOCK(ifa); 2376 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 2377 LIST_REMOVE(imm, i6mm_chain); 2378 IFA_UNLOCK(ifa); 2379 in6_leavegroup(imm); 2380 IFA_LOCK(ifa); 2381 } 2382 IFA_UNLOCK(ifa); 2383 2384 /* in6_unlink_ifa() will need exclusive access */ 2385 in6_unlink_ifa(ia, ifp); 2386 in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia); 2387 2388 (void) ifnet_notify_address(ifp, AF_INET6); 2389} 2390 2391static void 2392in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 2393{ 2394 struct in6_ifaddr *oia; 2395 struct ifaddr *ifa; 2396 int unlinked; 2397 2398 lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED); 2399 2400 ifa = &ia->ia_ifa; 2401 IFA_ADDREF(ifa); 2402 2403 ifnet_lock_exclusive(ifp); 2404 IFA_LOCK(ifa); 2405 if (ifa->ifa_debug & IFD_ATTACHED) 2406 if_detach_ifa(ifp, ifa); 2407 IFA_UNLOCK(ifa); 2408 ifnet_lock_done(ifp); 2409 2410 unlinked = 1; 2411 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 2412 oia = ia; 2413 if (oia == (ia = in6_ifaddrs)) { 2414 in6_ifaddrs = ia->ia_next; 2415 } else { 2416 while (ia->ia_next && (ia->ia_next != oia)) 2417 ia = ia->ia_next; 2418 if (ia->ia_next) { 2419 ia->ia_next = oia->ia_next; 2420 } else { 2421 /* search failed */ 2422 log(LOG_NOTICE, "%s: search failed.\n", __func__); 2423 unlinked = 0; 2424 } 2425 } 2426 2427 /* 2428 * When an autoconfigured address is being removed, release the 2429 * reference to the base prefix. Also, since the release might 2430 * affect the status of other (detached) addresses, call 2431 * pfxlist_onlink_check(). 2432 */ 2433 ifa = &oia->ia_ifa; 2434 IFA_LOCK(ifa); 2435 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) { 2436 if (oia->ia6_ndpr == NULL) { 2437 log(LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 2438 "0x%llx has no prefix\n", 2439 (uint64_t)VM_KERNEL_ADDRPERM(oia)); 2440 } else { 2441 struct nd_prefix *pr = oia->ia6_ndpr; 2442 2443 oia->ia6_flags &= ~IN6_IFF_AUTOCONF; 2444 oia->ia6_ndpr = NULL; 2445 NDPR_LOCK(pr); 2446 VERIFY(pr->ndpr_addrcnt != 0); 2447 pr->ndpr_addrcnt--; 2448 NDPR_UNLOCK(pr); 2449 NDPR_REMREF(pr); /* release addr reference */ 2450 } 2451 IFA_UNLOCK(ifa); 2452 lck_rw_done(&in6_ifaddr_rwlock); 2453 lck_mtx_lock(nd6_mutex); 2454 pfxlist_onlink_check(); 2455 lck_mtx_unlock(nd6_mutex); 2456 } else { 2457 IFA_UNLOCK(ifa); 2458 lck_rw_done(&in6_ifaddr_rwlock); 2459 } 2460 2461 /* 2462 * release another refcnt for the link from in6_ifaddrs. 2463 * Do this only if it's not already unlinked in the event that we lost 2464 * the race, since in6_ifaddr_rwlock was momentarily dropped above. 2465 */ 2466 if (unlinked) 2467 IFA_REMREF(ifa); 2468 2469 /* release reference held for this routine */ 2470 IFA_REMREF(ifa); 2471 2472 /* invalidate route caches */ 2473 routegenid_inet6_update(); 2474} 2475 2476void 2477in6_purgeif(struct ifnet *ifp) 2478{ 2479 struct in6_ifaddr *ia; 2480 2481 if (ifp == NULL) 2482 return; 2483 2484 lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED); 2485 2486 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 2487 ia = in6_ifaddrs; 2488 while (ia != NULL) { 2489 if (ia->ia_ifa.ifa_ifp != ifp) { 2490 ia = ia->ia_next; 2491 continue; 2492 } 2493 IFA_ADDREF(&ia->ia_ifa); /* for us */ 2494 lck_rw_done(&in6_ifaddr_rwlock); 2495 in6_purgeaddr(&ia->ia_ifa); 2496 IFA_REMREF(&ia->ia_ifa); /* for us */ 2497 lck_rw_lock_exclusive(&in6_ifaddr_rwlock); 2498 /* 2499 * Purging the address would have caused 2500 * in6_ifaddr_rwlock to be dropped and reacquired; 2501 * therefore search again from the beginning 2502 * of in6_ifaddrs list. 2503 */ 2504 ia = in6_ifaddrs; 2505 } 2506 lck_rw_done(&in6_ifaddr_rwlock); 2507 2508 in6_ifdetach(ifp); 2509} 2510 2511/* 2512 * SIOC[GAD]LIFADDR. 2513 * SIOCGLIFADDR: get first address. (?) 2514 * SIOCGLIFADDR with IFLR_PREFIX: 2515 * get first address that matches the specified prefix. 2516 * SIOCALIFADDR: add the specified address. 2517 * SIOCALIFADDR with IFLR_PREFIX: 2518 * add the specified prefix, filling hostaddr part from 2519 * the first link-local address. prefixlen must be <= 64. 2520 * SIOCDLIFADDR: delete the specified address. 2521 * SIOCDLIFADDR with IFLR_PREFIX: 2522 * delete the first address that matches the specified prefix. 2523 * return values: 2524 * EINVAL on invalid parameters 2525 * EADDRNOTAVAIL on prefix match failed/specified address not found 2526 * other values may be returned from in6_ioctl() 2527 * 2528 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 2529 * this is to accomodate address naming scheme other than RFC2374, 2530 * in the future. 2531 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 2532 * address encoding scheme. (see figure on page 8) 2533 */ 2534static __attribute__((noinline)) int 2535in6ctl_lifaddr(struct ifnet *ifp, u_long cmd, struct if_laddrreq *iflr, 2536 boolean_t p64) 2537{ 2538 struct in6_aliasreq ifra; 2539 struct ifaddr *ifa; 2540 struct sockaddr *sa; 2541 2542 VERIFY(ifp != NULL); 2543 2544 switch (cmd) { 2545 case SIOCGLIFADDR: 2546 /* address must be specified on GET with IFLR_PREFIX */ 2547 if (!(iflr->flags & IFLR_PREFIX)) 2548 break; 2549 /* FALLTHROUGH */ 2550 case SIOCALIFADDR: 2551 case SIOCDLIFADDR: 2552 /* address must be specified on ADD and DELETE */ 2553 sa = (struct sockaddr *)&iflr->addr; 2554 if (sa->sa_family != AF_INET6) 2555 return (EINVAL); 2556 if (sa->sa_len != sizeof (struct sockaddr_in6)) 2557 return (EINVAL); 2558 /* XXX need improvement */ 2559 sa = (struct sockaddr *)&iflr->dstaddr; 2560 if (sa->sa_family && sa->sa_family != AF_INET6) 2561 return (EINVAL); 2562 if (sa->sa_len && sa->sa_len != sizeof (struct sockaddr_in6)) 2563 return (EINVAL); 2564 break; 2565 default: 2566 /* shouldn't happen */ 2567 VERIFY(0); 2568 /* NOTREACHED */ 2569 } 2570 if (sizeof (struct in6_addr) * 8 < iflr->prefixlen) 2571 return (EINVAL); 2572 2573 switch (cmd) { 2574 case SIOCALIFADDR: { 2575 struct in6_addr hostaddr; 2576 int prefixlen; 2577 int hostid_found = 0; 2578 2579 if ((iflr->flags & IFLR_PREFIX) != 0) { 2580 struct sockaddr_in6 *sin6; 2581 2582 /* 2583 * hostaddr is to fill in the hostaddr part of the 2584 * address. hostaddr points to the first link-local 2585 * address attached to the interface. 2586 */ 2587 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 2588 if (!ifa) 2589 return (EADDRNOTAVAIL); 2590 IFA_LOCK_SPIN(ifa); 2591 hostaddr = *IFA_IN6(ifa); 2592 IFA_UNLOCK(ifa); 2593 hostid_found = 1; 2594 IFA_REMREF(ifa); 2595 ifa = NULL; 2596 2597 /* prefixlen must be <= 64. */ 2598 if (64 < iflr->prefixlen) 2599 return (EINVAL); 2600 prefixlen = iflr->prefixlen; 2601 2602 /* hostid part must be zero. */ 2603 sin6 = (struct sockaddr_in6 *)&iflr->addr; 2604 if (sin6->sin6_addr.s6_addr32[2] != 0 || 2605 sin6->sin6_addr.s6_addr32[3] != 0) { 2606 return (EINVAL); 2607 } 2608 } else { 2609 prefixlen = iflr->prefixlen; 2610 } 2611 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 2612 bzero(&ifra, sizeof (ifra)); 2613 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof (ifra.ifra_name)); 2614 2615 bcopy(&iflr->addr, &ifra.ifra_addr, 2616 ((struct sockaddr *)&iflr->addr)->sa_len); 2617 if (hostid_found) { 2618 /* fill in hostaddr part */ 2619 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 2620 hostaddr.s6_addr32[2]; 2621 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 2622 hostaddr.s6_addr32[3]; 2623 } 2624 2625 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 2626 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 2627 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 2628 if (hostid_found) { 2629 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 2630 hostaddr.s6_addr32[2]; 2631 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 2632 hostaddr.s6_addr32[3]; 2633 } 2634 } 2635 2636 ifra.ifra_prefixmask.sin6_len = sizeof (struct sockaddr_in6); 2637 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 2638 2639 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 2640 if (!p64) { 2641#if defined(__LP64__) 2642 struct in6_aliasreq_32 ifra_32; 2643 /* 2644 * Use 32-bit ioctl and structure for 32-bit process. 2645 */ 2646 in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)&ifra, 2647 &ifra_32); 2648 return (in6_control(NULL, SIOCAIFADDR_IN6_32, 2649 (caddr_t)&ifra_32, ifp, kernproc)); 2650#else 2651 return (in6_control(NULL, SIOCAIFADDR_IN6, 2652 (caddr_t)&ifra, ifp, kernproc)); 2653#endif /* __LP64__ */ 2654 } else { 2655#if defined(__LP64__) 2656 return (in6_control(NULL, SIOCAIFADDR_IN6, 2657 (caddr_t)&ifra, ifp, kernproc)); 2658#else 2659 struct in6_aliasreq_64 ifra_64; 2660 /* 2661 * Use 64-bit ioctl and structure for 64-bit process. 2662 */ 2663 in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)&ifra, 2664 &ifra_64); 2665 return (in6_control(NULL, SIOCAIFADDR_IN6_64, 2666 (caddr_t)&ifra_64, ifp, kernproc)); 2667#endif /* __LP64__ */ 2668 } 2669 /* NOTREACHED */ 2670 } 2671 2672 case SIOCGLIFADDR: 2673 case SIOCDLIFADDR: { 2674 struct in6_ifaddr *ia; 2675 struct in6_addr mask, candidate, match; 2676 struct sockaddr_in6 *sin6; 2677 int cmp; 2678 2679 bzero(&mask, sizeof (mask)); 2680 if (iflr->flags & IFLR_PREFIX) { 2681 /* lookup a prefix rather than address. */ 2682 in6_prefixlen2mask(&mask, iflr->prefixlen); 2683 2684 sin6 = (struct sockaddr_in6 *)&iflr->addr; 2685 bcopy(&sin6->sin6_addr, &match, sizeof (match)); 2686 match.s6_addr32[0] &= mask.s6_addr32[0]; 2687 match.s6_addr32[1] &= mask.s6_addr32[1]; 2688 match.s6_addr32[2] &= mask.s6_addr32[2]; 2689 match.s6_addr32[3] &= mask.s6_addr32[3]; 2690 2691 /* if you set extra bits, that's wrong */ 2692 if (bcmp(&match, &sin6->sin6_addr, sizeof (match))) 2693 return (EINVAL); 2694 2695 cmp = 1; 2696 } else { 2697 if (cmd == SIOCGLIFADDR) { 2698 /* on getting an address, take the 1st match */ 2699 cmp = 0; /* XXX */ 2700 } else { 2701 /* on deleting an address, do exact match */ 2702 in6_prefixlen2mask(&mask, 128); 2703 sin6 = (struct sockaddr_in6 *)&iflr->addr; 2704 bcopy(&sin6->sin6_addr, &match, sizeof (match)); 2705 2706 cmp = 1; 2707 } 2708 } 2709 2710 ifnet_lock_shared(ifp); 2711 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 2712 IFA_LOCK(ifa); 2713 if (ifa->ifa_addr->sa_family != AF_INET6) { 2714 IFA_UNLOCK(ifa); 2715 continue; 2716 } 2717 if (!cmp) { 2718 IFA_UNLOCK(ifa); 2719 break; 2720 } 2721 2722 bcopy(IFA_IN6(ifa), &candidate, sizeof (candidate)); 2723 IFA_UNLOCK(ifa); 2724 /* 2725 * XXX: this is adhoc, but is necessary to allow 2726 * a user to specify fe80::/64 (not /10) for a 2727 * link-local address. 2728 */ 2729 if (IN6_IS_ADDR_LINKLOCAL(&candidate)) 2730 candidate.s6_addr16[1] = 0; 2731 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 2732 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 2733 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 2734 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 2735 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 2736 break; 2737 } 2738 if (ifa != NULL) 2739 IFA_ADDREF(ifa); 2740 ifnet_lock_done(ifp); 2741 if (!ifa) 2742 return (EADDRNOTAVAIL); 2743 ia = ifa2ia6(ifa); 2744 2745 if (cmd == SIOCGLIFADDR) { 2746 struct sockaddr_in6 *s6; 2747 2748 IFA_LOCK(ifa); 2749 /* fill in the if_laddrreq structure */ 2750 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 2751 s6 = (struct sockaddr_in6 *)&iflr->addr; 2752 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) { 2753 s6->sin6_addr.s6_addr16[1] = 0; 2754 s6->sin6_scope_id = 2755 in6_addr2scopeid(ifp, &s6->sin6_addr); 2756 } 2757 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 2758 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 2759 ia->ia_dstaddr.sin6_len); 2760 s6 = (struct sockaddr_in6 *)&iflr->dstaddr; 2761 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) { 2762 s6->sin6_addr.s6_addr16[1] = 0; 2763 s6->sin6_scope_id = 2764 in6_addr2scopeid(ifp, 2765 &s6->sin6_addr); 2766 } 2767 } else 2768 bzero(&iflr->dstaddr, sizeof (iflr->dstaddr)); 2769 2770 iflr->prefixlen = 2771 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 2772 2773 iflr->flags = ia->ia6_flags; /* XXX */ 2774 IFA_UNLOCK(ifa); 2775 IFA_REMREF(ifa); 2776 return (0); 2777 } else { 2778 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 2779 bzero(&ifra, sizeof (ifra)); 2780 bcopy(iflr->iflr_name, ifra.ifra_name, 2781 sizeof (ifra.ifra_name)); 2782 2783 IFA_LOCK(ifa); 2784 bcopy(&ia->ia_addr, &ifra.ifra_addr, 2785 ia->ia_addr.sin6_len); 2786 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 2787 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 2788 ia->ia_dstaddr.sin6_len); 2789 } else { 2790 bzero(&ifra.ifra_dstaddr, 2791 sizeof (ifra.ifra_dstaddr)); 2792 } 2793 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 2794 ia->ia_prefixmask.sin6_len); 2795 2796 ifra.ifra_flags = ia->ia6_flags; 2797 IFA_UNLOCK(ifa); 2798 IFA_REMREF(ifa); 2799 if (!p64) { 2800#if defined(__LP64__) 2801 struct in6_aliasreq_32 ifra_32; 2802 /* 2803 * Use 32-bit structure for 32-bit process. 2804 * SIOCDIFADDR_IN6 is encoded with in6_ifreq, 2805 * so it stays the same since the size does 2806 * not change. The data part of the ioctl, 2807 * however, is of a different structure, i.e. 2808 * in6_aliasreq. 2809 */ 2810 in6_aliasreq_64_to_32( 2811 (struct in6_aliasreq_64 *)&ifra, &ifra_32); 2812 return (in6_control(NULL, SIOCDIFADDR_IN6, 2813 (caddr_t)&ifra_32, ifp, kernproc)); 2814#else 2815 return (in6_control(NULL, SIOCDIFADDR_IN6, 2816 (caddr_t)&ifra, ifp, kernproc)); 2817#endif /* __LP64__ */ 2818 } else { 2819#if defined(__LP64__) 2820 return (in6_control(NULL, SIOCDIFADDR_IN6, 2821 (caddr_t)&ifra, ifp, kernproc)); 2822#else 2823 struct in6_aliasreq_64 ifra_64; 2824 /* 2825 * Use 64-bit structure for 64-bit process. 2826 * SIOCDIFADDR_IN6 is encoded with in6_ifreq, 2827 * so it stays the same since the size does 2828 * not change. The data part of the ioctl, 2829 * however, is of a different structure, i.e. 2830 * in6_aliasreq. 2831 */ 2832 in6_aliasreq_32_to_64( 2833 (struct in6_aliasreq_32 *)&ifra, &ifra_64); 2834 return (in6_control(NULL, SIOCDIFADDR_IN6, 2835 (caddr_t)&ifra_64, ifp, kernproc)); 2836#endif /* __LP64__ */ 2837 } 2838 /* NOTREACHED */ 2839 } 2840 } 2841 } 2842 2843 return (EOPNOTSUPP); /* just for safety */ 2844} 2845 2846/* 2847 * Initialize an interface's internet6 address and routing table entry. 2848 */ 2849static int 2850in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, int ifaupflags) 2851{ 2852 int error; 2853 struct ifaddr *ifa; 2854 2855 error = 0; 2856 ifa = &ia->ia_ifa; 2857 2858 /* 2859 * NOTE: SIOCSIFADDR is defined with struct ifreq as parameter, 2860 * but here we are sending it down to the interface with a pointer 2861 * to struct ifaddr, for legacy reasons. 2862 */ 2863 if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != 0) { 2864 error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia); 2865 if (error != 0) { 2866 if (error != EOPNOTSUPP) 2867 return (error); 2868 error = 0; 2869 } 2870 } 2871 2872 IFA_LOCK(ifa); 2873 2874 /* 2875 * Special case: 2876 * If the destination address is specified for a point-to-point 2877 * interface, install a route to the destination as an interface 2878 * direct route. 2879 */ 2880 if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == 128 && 2881 ia->ia_dstaddr.sin6_family == AF_INET6) { 2882 IFA_UNLOCK(ifa); 2883 error = rtinit(ifa, RTM_ADD, RTF_UP | RTF_HOST); 2884 if (error != 0) 2885 return (error); 2886 IFA_LOCK(ifa); 2887 ia->ia_flags |= IFA_ROUTE; 2888 } 2889 IFA_LOCK_ASSERT_HELD(ifa); 2890 if (ia->ia_plen < 128) { 2891 /* 2892 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto(). 2893 */ 2894 ia->ia_flags |= RTF_CLONING; 2895 } 2896 2897 IFA_UNLOCK(ifa); 2898 2899 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 2900 if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != 0) 2901 in6_ifaddloop(ifa); 2902 2903 /* invalidate route caches */ 2904 routegenid_inet6_update(); 2905 2906 VERIFY(error == 0); 2907 return (0); 2908} 2909 2910void 2911in6_purgeaddrs(struct ifnet *ifp) 2912{ 2913 in6_purgeif(ifp); 2914} 2915 2916/* 2917 * Find an IPv6 interface link-local address specific to an interface. 2918 */ 2919struct in6_ifaddr * 2920in6ifa_ifpforlinklocal(ifp, ignoreflags) 2921 struct ifnet *ifp; 2922 int ignoreflags; 2923{ 2924 struct ifaddr *ifa; 2925 2926 ifnet_lock_shared(ifp); 2927 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 2928 { 2929 IFA_LOCK_SPIN(ifa); 2930 if (ifa->ifa_addr->sa_family != AF_INET6) { 2931 IFA_UNLOCK(ifa); 2932 continue; 2933 } 2934 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 2935 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 2936 ignoreflags) != 0) { 2937 IFA_UNLOCK(ifa); 2938 continue; 2939 } 2940 IFA_ADDREF_LOCKED(ifa); /* for caller */ 2941 IFA_UNLOCK(ifa); 2942 break; 2943 } 2944 IFA_UNLOCK(ifa); 2945 } 2946 ifnet_lock_done(ifp); 2947 2948 return ((struct in6_ifaddr *)ifa); 2949} 2950 2951/* 2952 * find the internet address corresponding to a given interface and address. 2953 */ 2954struct in6_ifaddr * 2955in6ifa_ifpwithaddr(ifp, addr) 2956 struct ifnet *ifp; 2957 struct in6_addr *addr; 2958{ 2959 struct ifaddr *ifa; 2960 2961 ifnet_lock_shared(ifp); 2962 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 2963 { 2964 IFA_LOCK_SPIN(ifa); 2965 if (ifa->ifa_addr->sa_family != AF_INET6) { 2966 IFA_UNLOCK(ifa); 2967 continue; 2968 } 2969 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) { 2970 IFA_ADDREF_LOCKED(ifa); /* for caller */ 2971 IFA_UNLOCK(ifa); 2972 break; 2973 } 2974 IFA_UNLOCK(ifa); 2975 } 2976 ifnet_lock_done(ifp); 2977 2978 return ((struct in6_ifaddr *)ifa); 2979} 2980 2981struct in6_ifaddr * 2982in6ifa_prproxyaddr(struct in6_addr *addr) 2983{ 2984 struct in6_ifaddr *ia; 2985 2986 lck_rw_lock_shared(&in6_ifaddr_rwlock); 2987 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) { 2988 IFA_LOCK(&ia->ia_ifa); 2989 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(&ia->ia_ifa))) { 2990 IFA_ADDREF_LOCKED(&ia->ia_ifa); /* for caller */ 2991 IFA_UNLOCK(&ia->ia_ifa); 2992 break; 2993 } 2994 IFA_UNLOCK(&ia->ia_ifa); 2995 } 2996 lck_rw_done(&in6_ifaddr_rwlock); 2997 2998 if (ia != NULL && !nd6_prproxy_ifaddr(ia)) { 2999 IFA_REMREF(&ia->ia_ifa); 3000 ia = NULL; 3001 } 3002 3003 return (ia); 3004} 3005 3006void 3007in6ifa_getlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_dst, 3008 int iscalendar) 3009{ 3010 struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime; 3011 struct timeval caltime; 3012 3013 t_dst->ia6t_vltime = t_src->ia6ti_vltime; 3014 t_dst->ia6t_pltime = t_src->ia6ti_pltime; 3015 t_dst->ia6t_expire = 0; 3016 t_dst->ia6t_preferred = 0; 3017 3018 /* account for system time change */ 3019 getmicrotime(&caltime); 3020 t_src->ia6ti_base_calendartime += 3021 NET_CALCULATE_CLOCKSKEW(caltime, 3022 t_src->ia6ti_base_calendartime, net_uptime(), 3023 t_src->ia6ti_base_uptime); 3024 3025 if (iscalendar) { 3026 if (t_src->ia6ti_expire != 0 && 3027 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) 3028 t_dst->ia6t_expire = t_src->ia6ti_base_calendartime + 3029 t_src->ia6ti_expire - t_src->ia6ti_base_uptime; 3030 3031 if (t_src->ia6ti_preferred != 0 && 3032 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) 3033 t_dst->ia6t_preferred = t_src->ia6ti_base_calendartime + 3034 t_src->ia6ti_preferred - t_src->ia6ti_base_uptime; 3035 } else { 3036 if (t_src->ia6ti_expire != 0 && 3037 t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME) 3038 t_dst->ia6t_expire = t_src->ia6ti_expire; 3039 3040 if (t_src->ia6ti_preferred != 0 && 3041 t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME) 3042 t_dst->ia6t_preferred = t_src->ia6ti_preferred; 3043 } 3044} 3045 3046void 3047in6ifa_setlifetime(struct in6_ifaddr *ia6, struct in6_addrlifetime *t_src) 3048{ 3049 struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime; 3050 struct timeval caltime; 3051 3052 /* account for system time change */ 3053 getmicrotime(&caltime); 3054 t_dst->ia6ti_base_calendartime += 3055 NET_CALCULATE_CLOCKSKEW(caltime, 3056 t_dst->ia6ti_base_calendartime, net_uptime(), 3057 t_dst->ia6ti_base_uptime); 3058 3059 /* trust the caller for the values */ 3060 t_dst->ia6ti_expire = t_src->ia6t_expire; 3061 t_dst->ia6ti_preferred = t_src->ia6t_preferred; 3062 t_dst->ia6ti_vltime = t_src->ia6t_vltime; 3063 t_dst->ia6ti_pltime = t_src->ia6t_pltime; 3064} 3065 3066/* 3067 * Convert IP6 address to printable (loggable) representation. 3068 */ 3069char * 3070ip6_sprintf(const struct in6_addr *addr) 3071{ 3072 static const char digits[] = "0123456789abcdef"; 3073 static int ip6round = 0; 3074 static char ip6buf[8][48]; 3075 3076 int i; 3077 char *cp; 3078 const u_short *a = (const u_short *)addr; 3079 const u_char *d; 3080 u_char n; 3081 int dcolon = 0; 3082 int zpad = 0; 3083 3084 ip6round = (ip6round + 1) & 7; 3085 cp = ip6buf[ip6round]; 3086 3087 for (i = 0; i < 8; i++) { 3088 if (dcolon == 1) { 3089 if (*a == 0) { 3090 if (i == 7) 3091 *cp++ = ':'; 3092 a++; 3093 continue; 3094 } else 3095 dcolon = 2; 3096 } 3097 if (*a == 0) { 3098 if (dcolon == 0 && *(a + 1) == 0) { 3099 if (i == 0) 3100 *cp++ = ':'; 3101 *cp++ = ':'; 3102 dcolon = 1; 3103 } else { 3104 *cp++ = '0'; 3105 *cp++ = ':'; 3106 } 3107 a++; 3108 continue; 3109 } 3110 d = (const u_char *)a; 3111 zpad = 0; 3112 if ((n = *d >> 4) != 0) { 3113 *cp++ = digits[n]; 3114 zpad = 1; 3115 } 3116 if ((n = *d++ & 0xf) != 0 || zpad) { 3117 *cp++ = digits[n]; 3118 zpad = 1; 3119 } 3120 if ((n = *d >> 4) != 0 || zpad) { 3121 *cp++ = digits[n]; 3122 zpad = 1; 3123 } 3124 if ((n = *d & 0xf) != 0 || zpad) 3125 *cp++ = digits[n]; 3126 *cp++ = ':'; 3127 a++; 3128 } 3129 *--cp = 0; 3130 return (ip6buf[ip6round]); 3131} 3132 3133int 3134in6addr_local(struct in6_addr *in6) 3135{ 3136 struct rtentry *rt; 3137 struct sockaddr_in6 sin6; 3138 int local = 0; 3139 3140 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_SCOPE_LINKLOCAL(in6)) 3141 return (1); 3142 3143 sin6.sin6_family = AF_INET6; 3144 sin6.sin6_len = sizeof (sin6); 3145 bcopy(in6, &sin6.sin6_addr, sizeof (*in6)); 3146 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0); 3147 3148 if (rt != NULL) { 3149 RT_LOCK_SPIN(rt); 3150 if (rt->rt_gateway->sa_family == AF_LINK) 3151 local = 1; 3152 RT_UNLOCK(rt); 3153 rtfree(rt); 3154 } else { 3155 local = in6_localaddr(in6); 3156 } 3157 return (local); 3158} 3159 3160int 3161in6_localaddr(struct in6_addr *in6) 3162{ 3163 struct in6_ifaddr *ia; 3164 3165 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 3166 return (1); 3167 3168 lck_rw_lock_shared(&in6_ifaddr_rwlock); 3169 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) { 3170 IFA_LOCK_SPIN(&ia->ia_ifa); 3171 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 3172 &ia->ia_prefixmask.sin6_addr)) { 3173 IFA_UNLOCK(&ia->ia_ifa); 3174 lck_rw_done(&in6_ifaddr_rwlock); 3175 return (1); 3176 } 3177 IFA_UNLOCK(&ia->ia_ifa); 3178 } 3179 lck_rw_done(&in6_ifaddr_rwlock); 3180 return (0); 3181} 3182 3183int 3184in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 3185{ 3186 struct in6_ifaddr *ia; 3187 3188 lck_rw_lock_shared(&in6_ifaddr_rwlock); 3189 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) { 3190 IFA_LOCK_SPIN(&ia->ia_ifa); 3191 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 3192 &sa6->sin6_addr) && 3193 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) { 3194 IFA_UNLOCK(&ia->ia_ifa); 3195 lck_rw_done(&in6_ifaddr_rwlock); 3196 return (1); /* true */ 3197 } 3198 /* XXX: do we still have to go thru the rest of the list? */ 3199 IFA_UNLOCK(&ia->ia_ifa); 3200 } 3201 3202 lck_rw_done(&in6_ifaddr_rwlock); 3203 return (0); /* false */ 3204} 3205 3206/* 3207 * return length of part which dst and src are equal 3208 * hard coding... 3209 */ 3210int 3211in6_matchlen(src, dst) 3212struct in6_addr *src, *dst; 3213{ 3214 int match = 0; 3215 u_char *s = (u_char *)src, *d = (u_char *)dst; 3216 u_char *lim = s + 16, r; 3217 3218 while (s < lim) 3219 if ((r = (*d++ ^ *s++)) != 0) { 3220 while (r < 128) { 3221 match++; 3222 r <<= 1; 3223 } 3224 break; 3225 } else 3226 match += 8; 3227 return (match); 3228} 3229 3230/* XXX: to be scope conscious */ 3231int 3232in6_are_prefix_equal(p1, p2, len) 3233 struct in6_addr *p1, *p2; 3234 int len; 3235{ 3236 int bytelen, bitlen; 3237 3238 /* sanity check */ 3239 if (0 > len || len > 128) { 3240 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len); 3241 return (0); 3242 } 3243 3244 bytelen = len / 8; 3245 bitlen = len % 8; 3246 3247 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 3248 return (0); 3249 if (bitlen != 0 && 3250 p1->s6_addr[bytelen] >> (8 - bitlen) != 3251 p2->s6_addr[bytelen] >> (8 - bitlen)) 3252 return (0); 3253 3254 return (1); 3255} 3256 3257void 3258in6_prefixlen2mask(maskp, len) 3259 struct in6_addr *maskp; 3260 int len; 3261{ 3262 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 3263 int bytelen, bitlen, i; 3264 3265 /* sanity check */ 3266 if (0 > len || len > 128) { 3267 log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len); 3268 return; 3269 } 3270 3271 bzero(maskp, sizeof (*maskp)); 3272 bytelen = len / 8; 3273 bitlen = len % 8; 3274 for (i = 0; i < bytelen; i++) 3275 maskp->s6_addr[i] = 0xff; 3276 if (bitlen) 3277 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 3278} 3279 3280/* 3281 * return the best address out of the same scope 3282 */ 3283struct in6_ifaddr * 3284in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst) 3285{ 3286 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 3287 int blen = -1; 3288 struct ifaddr *ifa; 3289 struct ifnet *ifp; 3290 struct in6_ifaddr *ifa_best = NULL; 3291 3292 if (oifp == NULL) { 3293 return (NULL); 3294 } 3295 3296 /* 3297 * We search for all addresses on all interfaces from the beginning. 3298 * Comparing an interface with the outgoing interface will be done 3299 * only at the final stage of tiebreaking. 3300 */ 3301 ifnet_head_lock_shared(); 3302 TAILQ_FOREACH(ifp, &ifnet_head, if_list) { 3303 /* 3304 * We can never take an address that breaks the scope zone 3305 * of the destination. 3306 */ 3307 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) 3308 continue; 3309 3310 ifnet_lock_shared(ifp); 3311 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 3312 int tlen = -1, dscopecmp, bscopecmp, matchcmp; 3313 3314 IFA_LOCK(ifa); 3315 if (ifa->ifa_addr->sa_family != AF_INET6) { 3316 IFA_UNLOCK(ifa); 3317 continue; 3318 } 3319 src_scope = in6_addrscope(IFA_IN6(ifa)); 3320 3321 /* 3322 * Don't use an address before completing DAD 3323 * nor a duplicated address. 3324 */ 3325 if (((struct in6_ifaddr *)ifa)->ia6_flags & 3326 IN6_IFF_NOTREADY) { 3327 IFA_UNLOCK(ifa); 3328 continue; 3329 } 3330 /* XXX: is there any case to allow anycasts? */ 3331 if (((struct in6_ifaddr *)ifa)->ia6_flags & 3332 IN6_IFF_ANYCAST) { 3333 IFA_UNLOCK(ifa); 3334 continue; 3335 } 3336 if (((struct in6_ifaddr *)ifa)->ia6_flags & 3337 IN6_IFF_DETACHED) { 3338 IFA_UNLOCK(ifa); 3339 continue; 3340 } 3341 /* 3342 * If this is the first address we find, 3343 * keep it anyway. 3344 */ 3345 if (ifa_best == NULL) 3346 goto replace; 3347 3348 /* 3349 * ifa_best is never NULL beyond this line except 3350 * within the block labeled "replace". 3351 */ 3352 3353 /* 3354 * If ifa_best has a smaller scope than dst and 3355 * the current address has a larger one than 3356 * (or equal to) dst, always replace ifa_best. 3357 * Also, if the current address has a smaller scope 3358 * than dst, ignore it unless ifa_best also has a 3359 * smaller scope. 3360 * Consequently, after the two if-clause below, 3361 * the followings must be satisfied: 3362 * (scope(src) < scope(dst) && 3363 * scope(best) < scope(dst)) 3364 * OR 3365 * (scope(best) >= scope(dst) && 3366 * scope(src) >= scope(dst)) 3367 */ 3368 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 && 3369 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) 3370 goto replace; /* (A) */ 3371 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 && 3372 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) { 3373 IFA_UNLOCK(ifa); 3374 continue; /* (B) */ 3375 } 3376 /* 3377 * A deprecated address SHOULD NOT be used in new 3378 * communications if an alternate (non-deprecated) 3379 * address is available and has sufficient scope. 3380 * RFC 4862, Section 5.5.4. 3381 */ 3382 if (((struct in6_ifaddr *)ifa)->ia6_flags & 3383 IN6_IFF_DEPRECATED) { 3384 /* 3385 * Ignore any deprecated addresses if 3386 * specified by configuration. 3387 */ 3388 if (!ip6_use_deprecated) { 3389 IFA_UNLOCK(ifa); 3390 continue; 3391 } 3392 /* 3393 * If we have already found a non-deprecated 3394 * candidate, just ignore deprecated addresses. 3395 */ 3396 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) 3397 == 0) { 3398 IFA_UNLOCK(ifa); 3399 continue; 3400 } 3401 } 3402 3403 /* 3404 * A non-deprecated address is always preferred 3405 * to a deprecated one regardless of scopes and 3406 * address matching (Note invariants ensured by the 3407 * conditions (A) and (B) above.) 3408 */ 3409 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) && 3410 (((struct in6_ifaddr *)ifa)->ia6_flags & 3411 IN6_IFF_DEPRECATED) == 0) 3412 goto replace; 3413 3414 /* 3415 * When we use temporary addresses described in 3416 * RFC 4941, we prefer temporary addresses to 3417 * public autoconf addresses. Again, note the 3418 * invariants from (A) and (B). Also note that we 3419 * don't have any preference between static addresses 3420 * and autoconf addresses (despite of whether or not 3421 * the latter is temporary or public.) 3422 */ 3423 if (ip6_use_tempaddr) { 3424 struct in6_ifaddr *ifat; 3425 3426 ifat = (struct in6_ifaddr *)ifa; 3427 if ((ifa_best->ia6_flags & 3428 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 3429 == IN6_IFF_AUTOCONF && 3430 (ifat->ia6_flags & 3431 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 3432 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) { 3433 goto replace; 3434 } 3435 if ((ifa_best->ia6_flags & 3436 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 3437 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY) && 3438 (ifat->ia6_flags & 3439 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 3440 == IN6_IFF_AUTOCONF) { 3441 IFA_UNLOCK(ifa); 3442 continue; 3443 } 3444 } 3445 3446 /* 3447 * At this point, we have two cases: 3448 * 1. we are looking at a non-deprecated address, 3449 * and ifa_best is also non-deprecated. 3450 * 2. we are looking at a deprecated address, 3451 * and ifa_best is also deprecated. 3452 * Also, we do not have to consider a case where 3453 * the scope of if_best is larger(smaller) than dst and 3454 * the scope of the current address is smaller(larger) 3455 * than dst. Such a case has already been covered. 3456 * Tiebreaking is done according to the following 3457 * items: 3458 * - the scope comparison between the address and 3459 * dst (dscopecmp) 3460 * - the scope comparison between the address and 3461 * ifa_best (bscopecmp) 3462 * - if the address match dst longer than ifa_best 3463 * (matchcmp) 3464 * - if the address is on the outgoing I/F (outI/F) 3465 * 3466 * Roughly speaking, the selection policy is 3467 * - the most important item is scope. The same scope 3468 * is best. Then search for a larger scope. 3469 * Smaller scopes are the last resort. 3470 * - A deprecated address is chosen only when we have 3471 * no address that has an enough scope, but is 3472 * prefered to any addresses of smaller scopes 3473 * (this must be already done above.) 3474 * - addresses on the outgoing I/F are preferred to 3475 * ones on other interfaces if none of above 3476 * tiebreaks. In the table below, the column "bI" 3477 * means if the best_ifa is on the outgoing 3478 * interface, and the column "sI" means if the ifa 3479 * is on the outgoing interface. 3480 * - If there is no other reasons to choose one, 3481 * longest address match against dst is considered. 3482 * 3483 * The precise decision table is as follows: 3484 * dscopecmp bscopecmp match bI oI | replace? 3485 * N/A equal N/A Y N | No (1) 3486 * N/A equal N/A N Y | Yes (2) 3487 * N/A equal larger N/A | Yes (3) 3488 * N/A equal !larger N/A | No (4) 3489 * larger larger N/A N/A | No (5) 3490 * larger smaller N/A N/A | Yes (6) 3491 * smaller larger N/A N/A | Yes (7) 3492 * smaller smaller N/A N/A | No (8) 3493 * equal smaller N/A N/A | Yes (9) 3494 * equal larger (already done at A above) 3495 */ 3496 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 3497 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope); 3498 3499 if (bscopecmp == 0) { 3500 struct ifnet *bifp = ifa_best->ia_ifp; 3501 3502 if (bifp == oifp && ifp != oifp) { /* (1) */ 3503 IFA_UNLOCK(ifa); 3504 continue; 3505 } 3506 if (bifp != oifp && ifp == oifp) /* (2) */ 3507 goto replace; 3508 3509 /* 3510 * Both bifp and ifp are on the outgoing 3511 * interface, or both two are on a different 3512 * interface from the outgoing I/F. 3513 * now we need address matching against dst 3514 * for tiebreaking. 3515 */ 3516 tlen = in6_matchlen(IFA_IN6(ifa), dst); 3517 matchcmp = tlen - blen; 3518 if (matchcmp > 0) /* (3) */ 3519 goto replace; 3520 IFA_UNLOCK(ifa); 3521 continue; /* (4) */ 3522 } 3523 if (dscopecmp > 0) { 3524 if (bscopecmp > 0) { /* (5) */ 3525 IFA_UNLOCK(ifa); 3526 continue; 3527 } 3528 goto replace; /* (6) */ 3529 } 3530 if (dscopecmp < 0) { 3531 if (bscopecmp > 0) /* (7) */ 3532 goto replace; 3533 IFA_UNLOCK(ifa); 3534 continue; /* (8) */ 3535 } 3536 3537 /* now dscopecmp must be 0 */ 3538 if (bscopecmp < 0) 3539 goto replace; /* (9) */ 3540 3541replace: 3542 IFA_ADDREF_LOCKED(ifa); /* for ifa_best */ 3543 blen = tlen >= 0 ? tlen : 3544 in6_matchlen(IFA_IN6(ifa), dst); 3545 best_scope = 3546 in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr); 3547 IFA_UNLOCK(ifa); 3548 if (ifa_best) 3549 IFA_REMREF(&ifa_best->ia_ifa); 3550 ifa_best = (struct in6_ifaddr *)ifa; 3551 } 3552 ifnet_lock_done(ifp); 3553 } 3554 ifnet_head_done(); 3555 3556 /* count statistics for future improvements */ 3557 if (ifa_best == NULL) 3558 ip6stat.ip6s_sources_none++; 3559 else { 3560 IFA_LOCK_SPIN(&ifa_best->ia_ifa); 3561 if (oifp == ifa_best->ia_ifp) 3562 ip6stat.ip6s_sources_sameif[best_scope]++; 3563 else 3564 ip6stat.ip6s_sources_otherif[best_scope]++; 3565 3566 if (best_scope == dst_scope) 3567 ip6stat.ip6s_sources_samescope[best_scope]++; 3568 else 3569 ip6stat.ip6s_sources_otherscope[best_scope]++; 3570 3571 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 3572 ip6stat.ip6s_sources_deprecated[best_scope]++; 3573 IFA_UNLOCK(&ifa_best->ia_ifa); 3574 } 3575 3576 return (ifa_best); 3577} 3578 3579/* 3580 * return the best address out of the same scope. if no address was 3581 * found, return the first valid address from designated IF. 3582 */ 3583struct in6_ifaddr * 3584in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 3585{ 3586 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 3587 struct ifaddr *ifa; 3588 struct in6_ifaddr *besta = NULL; 3589 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 3590 3591 dep[0] = dep[1] = NULL; 3592 3593 /* 3594 * We first look for addresses in the same scope. 3595 * If there is one, return it. 3596 * If two or more, return one which matches the dst longest. 3597 * If none, return one of global addresses assigned other ifs. 3598 */ 3599 ifnet_lock_shared(ifp); 3600 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 3601 IFA_LOCK(ifa); 3602 if (ifa->ifa_addr->sa_family != AF_INET6) { 3603 IFA_UNLOCK(ifa); 3604 continue; 3605 } 3606 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) { 3607 IFA_UNLOCK(ifa); 3608 continue; /* XXX: is there any case to allow anycast? */ 3609 } 3610 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_NOTREADY) { 3611 IFA_UNLOCK(ifa); 3612 continue; /* don't use this interface */ 3613 } 3614 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) { 3615 IFA_UNLOCK(ifa); 3616 continue; 3617 } 3618 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 3619 if (ip6_use_deprecated) { 3620 IFA_ADDREF_LOCKED(ifa); /* for dep[0] */ 3621 IFA_UNLOCK(ifa); 3622 if (dep[0] != NULL) 3623 IFA_REMREF(&dep[0]->ia_ifa); 3624 dep[0] = (struct in6_ifaddr *)ifa; 3625 } else { 3626 IFA_UNLOCK(ifa); 3627 } 3628 continue; 3629 } 3630 3631 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 3632 /* 3633 * call in6_matchlen() as few as possible 3634 */ 3635 if (besta) { 3636 if (blen == -1) { 3637 IFA_UNLOCK(ifa); 3638 IFA_LOCK(&besta->ia_ifa); 3639 blen = in6_matchlen( 3640 &besta->ia_addr.sin6_addr, dst); 3641 IFA_UNLOCK(&besta->ia_ifa); 3642 IFA_LOCK(ifa); 3643 } 3644 tlen = in6_matchlen(IFA_IN6(ifa), dst); 3645 if (tlen > blen) { 3646 blen = tlen; 3647 IFA_ADDREF_LOCKED(ifa); /* for besta */ 3648 IFA_UNLOCK(ifa); 3649 IFA_REMREF(&besta->ia_ifa); 3650 besta = (struct in6_ifaddr *)ifa; 3651 } else { 3652 IFA_UNLOCK(ifa); 3653 } 3654 } else { 3655 besta = (struct in6_ifaddr *)ifa; 3656 IFA_ADDREF_LOCKED(ifa); /* for besta */ 3657 IFA_UNLOCK(ifa); 3658 } 3659 } else { 3660 IFA_UNLOCK(ifa); 3661 } 3662 } 3663 if (besta) { 3664 ifnet_lock_done(ifp); 3665 if (dep[0] != NULL) 3666 IFA_REMREF(&dep[0]->ia_ifa); 3667 return (besta); 3668 } 3669 3670 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 3671 IFA_LOCK(ifa); 3672 if (ifa->ifa_addr->sa_family != AF_INET6) { 3673 IFA_UNLOCK(ifa); 3674 continue; 3675 } 3676 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) { 3677 IFA_UNLOCK(ifa); 3678 continue; /* XXX: is there any case to allow anycast? */ 3679 } 3680 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_NOTREADY) { 3681 IFA_UNLOCK(ifa); 3682 continue; /* don't use this interface */ 3683 } 3684 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) { 3685 IFA_UNLOCK(ifa); 3686 continue; 3687 } 3688 if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 3689 if (ip6_use_deprecated) { 3690 IFA_ADDREF_LOCKED(ifa); /* for dep[1] */ 3691 IFA_UNLOCK(ifa); 3692 if (dep[1] != NULL) 3693 IFA_REMREF(&dep[1]->ia_ifa); 3694 dep[1] = (struct in6_ifaddr *)ifa; 3695 } else { 3696 IFA_UNLOCK(ifa); 3697 } 3698 continue; 3699 } 3700 IFA_ADDREF_LOCKED(ifa); /* for caller */ 3701 IFA_UNLOCK(ifa); 3702 ifnet_lock_done(ifp); 3703 if (dep[0] != NULL) 3704 IFA_REMREF(&dep[0]->ia_ifa); 3705 if (dep[1] != NULL) 3706 IFA_REMREF(&dep[1]->ia_ifa); 3707 return ((struct in6_ifaddr *)ifa); 3708 } 3709 ifnet_lock_done(ifp); 3710 3711 /* use the last-resort values, that are, deprecated addresses */ 3712 if (dep[0]) { 3713 if (dep[1] != NULL) 3714 IFA_REMREF(&dep[1]->ia_ifa); 3715 return (dep[0]); 3716 } 3717 if (dep[1]) 3718 return (dep[1]); 3719 3720 return (NULL); 3721} 3722 3723/* 3724 * perform DAD when interface becomes IFF_UP. 3725 */ 3726static void 3727in6_if_up_dad_start(struct ifnet *ifp) 3728{ 3729 struct ifaddr *ifa; 3730 3731 /* start DAD on all the interface addresses */ 3732 ifnet_lock_exclusive(ifp); 3733 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 3734 struct in6_ifaddr *ia6; 3735 3736 IFA_LOCK_SPIN(ifa); 3737 if (ifa->ifa_addr->sa_family != AF_INET6) { 3738 IFA_UNLOCK(ifa); 3739 continue; 3740 } 3741 ia6 = (struct in6_ifaddr *)ifa; 3742 if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) { 3743 int delay = 0; /* delay ticks before DAD output */ 3744 IFA_UNLOCK(ifa); 3745 nd6_dad_start(ifa, &delay); 3746 } else { 3747 IFA_UNLOCK(ifa); 3748 } 3749 } 3750 ifnet_lock_done(ifp); 3751} 3752 3753int 3754in6if_do_dad( 3755 struct ifnet *ifp) 3756{ 3757 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 3758 return (0); 3759 3760 /* 3761 * If we are using the alternative neighbor discovery 3762 * interface on this interface, then skip DAD. 3763 * 3764 * Also, skip it for interfaces marked "local private" 3765 * for now, even when not marked as using the alternative 3766 * interface. This is for historical reasons. 3767 */ 3768 if (ifp->if_eflags & (IFEF_IPV6_ND6ALT|IFEF_LOCALNET_PRIVATE)) 3769 return (0); 3770 3771 switch (ifp->if_type) { 3772#if IFT_DUMMY 3773 case IFT_DUMMY: 3774#endif 3775 case IFT_FAITH: 3776 /* 3777 * These interfaces do not have the IFF_LOOPBACK flag, 3778 * but loop packets back. We do not have to do DAD on such 3779 * interfaces. We should even omit it, because loop-backed 3780 * NS would confuse the DAD procedure. 3781 */ 3782 return (0); 3783 default: 3784 /* 3785 * Our DAD routine requires the interface up and running. 3786 * However, some interfaces can be up before the RUNNING 3787 * status. Additionaly, users may try to assign addresses 3788 * before the interface becomes up (or running). 3789 * We simply skip DAD in such a case as a work around. 3790 * XXX: we should rather mark "tentative" on such addresses, 3791 * and do DAD after the interface becomes ready. 3792 */ 3793 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 3794 (IFF_UP|IFF_RUNNING)) 3795 return (0); 3796 3797 return (1); 3798 } 3799} 3800 3801/* 3802 * Calculate max IPv6 MTU through all the interfaces and store it 3803 * to in6_maxmtu. 3804 */ 3805void 3806in6_setmaxmtu(void) 3807{ 3808 u_int32_t maxmtu = 0; 3809 struct ifnet *ifp; 3810 3811 ifnet_head_lock_shared(); 3812 TAILQ_FOREACH(ifp, &ifnet_head, if_list) { 3813 struct nd_ifinfo *ndi; 3814 3815 lck_rw_lock_shared(nd_if_rwlock); 3816 if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized) 3817 ndi = NULL; 3818 if (ndi != NULL) 3819 lck_mtx_lock(&ndi->lock); 3820 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 3821 IN6_LINKMTU(ifp) > maxmtu) 3822 maxmtu = IN6_LINKMTU(ifp); 3823 if (ndi != NULL) 3824 lck_mtx_unlock(&ndi->lock); 3825 lck_rw_done(nd_if_rwlock); 3826 } 3827 ifnet_head_done(); 3828 if (maxmtu) /* update only when maxmtu is positive */ 3829 in6_maxmtu = maxmtu; 3830} 3831/* 3832 * Provide the length of interface identifiers to be used for the link attached 3833 * to the given interface. The length should be defined in "IPv6 over 3834 * xxx-link" document. Note that address architecture might also define 3835 * the length for a particular set of address prefixes, regardless of the 3836 * link type. Also see RFC 4862 for additional background. 3837 */ 3838int 3839in6_if2idlen(struct ifnet *ifp) 3840{ 3841 switch (ifp->if_type) { 3842 case IFT_ETHER: /* RFC2464 */ 3843 case IFT_IEEE8023ADLAG: /* IEEE802.3ad Link Aggregate */ 3844#ifdef IFT_PROPVIRTUAL 3845 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 3846#endif 3847#ifdef IFT_L2VLAN 3848 case IFT_L2VLAN: /* ditto */ 3849#endif 3850#ifdef IFT_IEEE80211 3851 case IFT_IEEE80211: /* ditto */ 3852#endif 3853#ifdef IFT_MIP 3854 case IFT_MIP: /* ditto */ 3855#endif 3856 return (64); 3857 case IFT_FDDI: /* RFC2467 */ 3858 return (64); 3859 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 3860 return (64); 3861 case IFT_PPP: /* RFC2472 */ 3862 return (64); 3863 case IFT_ARCNET: /* RFC2497 */ 3864 return (64); 3865 case IFT_FRELAY: /* RFC2590 */ 3866 return (64); 3867 case IFT_IEEE1394: /* RFC3146 */ 3868 return (64); 3869 case IFT_GIF: 3870 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 3871 case IFT_LOOP: 3872 return (64); /* XXX: is this really correct? */ 3873 case IFT_OTHER: 3874 return (64); /* for utun interfaces */ 3875 case IFT_CELLULAR: 3876 return (64); /* Packet Data over Cellular */ 3877 case IFT_BRIDGE: 3878 return (64); /* Transparent bridge interface */ 3879 default: 3880 /* 3881 * Unknown link type: 3882 * It might be controversial to use the today's common constant 3883 * of 64 for these cases unconditionally. For full compliance, 3884 * we should return an error in this case. On the other hand, 3885 * if we simply miss the standard for the link type or a new 3886 * standard is defined for a new link type, the IFID length 3887 * is very likely to be the common constant. As a compromise, 3888 * we always use the constant, but make an explicit notice 3889 * indicating the "unknown" case. 3890 */ 3891 log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__, 3892 ifp->if_type); 3893 return (64); 3894 } 3895} 3896/* 3897 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 3898 * v4 mapped addr or v4 compat addr 3899 */ 3900void 3901in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 3902{ 3903 bzero(sin, sizeof (*sin)); 3904 sin->sin_len = sizeof (struct sockaddr_in); 3905 sin->sin_family = AF_INET; 3906 sin->sin_port = sin6->sin6_port; 3907 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 3908} 3909 3910/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 3911void 3912in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 3913{ 3914 bzero(sin6, sizeof (*sin6)); 3915 sin6->sin6_len = sizeof (struct sockaddr_in6); 3916 sin6->sin6_family = AF_INET6; 3917 sin6->sin6_port = sin->sin_port; 3918 sin6->sin6_addr.s6_addr32[0] = 0; 3919 sin6->sin6_addr.s6_addr32[1] = 0; 3920 if (sin->sin_addr.s_addr) { 3921 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 3922 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 3923 } else { 3924 sin6->sin6_addr.s6_addr32[2] = 0; 3925 sin6->sin6_addr.s6_addr32[3] = 0; 3926 } 3927} 3928 3929/* Convert sockaddr_in6 into sockaddr_in. */ 3930void 3931in6_sin6_2_sin_in_sock(struct sockaddr *nam) 3932{ 3933 struct sockaddr_in *sin_p; 3934 struct sockaddr_in6 sin6; 3935 3936 /* 3937 * Save original sockaddr_in6 addr and convert it 3938 * to sockaddr_in. 3939 */ 3940 sin6 = *(struct sockaddr_in6 *)(void *)nam; 3941 sin_p = (struct sockaddr_in *)(void *)nam; 3942 in6_sin6_2_sin(sin_p, &sin6); 3943} 3944 3945/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 3946int 3947in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 3948{ 3949 struct sockaddr_in *sin_p; 3950 struct sockaddr_in6 *sin6_p; 3951 3952 MALLOC(sin6_p, struct sockaddr_in6 *, sizeof (*sin6_p), M_SONAME, 3953 M_WAITOK); 3954 if (sin6_p == NULL) 3955 return (ENOBUFS); 3956 sin_p = (struct sockaddr_in *)(void *)*nam; 3957 in6_sin_2_v4mapsin6(sin_p, sin6_p); 3958 FREE(*nam, M_SONAME); 3959 *nam = (struct sockaddr *)sin6_p; 3960 3961 return (0); 3962} 3963 3964/* 3965 * Posts in6_event_data message kernel events. 3966 * 3967 * To get the same size of kev_in6_data between ILP32 and LP64 data models 3968 * we are using a special version of the in6_addrlifetime structure that 3969 * uses only 32 bits fields to be compatible with Leopard, and that 3970 * are large enough to span 68 years. 3971 */ 3972void 3973in6_post_msg(struct ifnet *ifp, u_int32_t event_code, struct in6_ifaddr *ifa) 3974{ 3975 struct kev_msg ev_msg; 3976 struct kev_in6_data in6_event_data; 3977 struct in6_addrlifetime ia6_lt; 3978 3979 bzero(&in6_event_data, sizeof (struct kev_in6_data)); 3980 bzero(&ev_msg, sizeof (struct kev_msg)); 3981 ev_msg.vendor_code = KEV_VENDOR_APPLE; 3982 ev_msg.kev_class = KEV_NETWORK_CLASS; 3983 ev_msg.kev_subclass = KEV_INET6_SUBCLASS; 3984 ev_msg.event_code = event_code; 3985 3986 IFA_LOCK(&ifa->ia_ifa); 3987 in6_event_data.ia_addr = ifa->ia_addr; 3988 in6_event_data.ia_net = ifa->ia_net; 3989 in6_event_data.ia_dstaddr = ifa->ia_dstaddr; 3990 in6_event_data.ia_prefixmask = ifa->ia_prefixmask; 3991 in6_event_data.ia_plen = ifa->ia_plen; 3992 in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags; 3993 3994 /* retrieve time as calendar time (last arg is 1) */ 3995 in6ifa_getlifetime(ifa, &ia6_lt, 1); 3996 in6_event_data.ia_lifetime.ia6t_expire = ia6_lt.ia6t_expire; 3997 in6_event_data.ia_lifetime.ia6t_preferred = ia6_lt.ia6t_preferred; 3998 in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime; 3999 in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime; 4000 IFA_UNLOCK(&ifa->ia_ifa); 4001 4002 if (ifp != NULL) { 4003 (void) strncpy(&in6_event_data.link_data.if_name[0], 4004 ifp->if_name, IFNAMSIZ); 4005 in6_event_data.link_data.if_family = ifp->if_family; 4006 in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit; 4007 } 4008 4009 ev_msg.dv[0].data_ptr = &in6_event_data; 4010 ev_msg.dv[0].data_length = sizeof (in6_event_data); 4011 ev_msg.dv[1].data_length = 0; 4012 4013 kev_post_msg(&ev_msg); 4014} 4015 4016/* 4017 * Called as part of ip6_init 4018 */ 4019void 4020in6_ifaddr_init(void) 4021{ 4022 in6_cga_init(); 4023 in6_multi_init(); 4024 4025 PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof (in6ifa_debug)); 4026 4027 in6ifa_size = (in6ifa_debug == 0) ? sizeof (struct in6_ifaddr) : 4028 sizeof (struct in6_ifaddr_dbg); 4029 4030 in6ifa_zone = zinit(in6ifa_size, IN6IFA_ZONE_MAX * in6ifa_size, 4031 0, IN6IFA_ZONE_NAME); 4032 if (in6ifa_zone == NULL) { 4033 panic("%s: failed allocating %s", __func__, IN6IFA_ZONE_NAME); 4034 /* NOTREACHED */ 4035 } 4036 zone_change(in6ifa_zone, Z_EXPAND, TRUE); 4037 zone_change(in6ifa_zone, Z_CALLERACCT, FALSE); 4038 4039 lck_mtx_init(&in6ifa_trash_lock, ifa_mtx_grp, ifa_mtx_attr); 4040 TAILQ_INIT(&in6ifa_trash_head); 4041} 4042 4043static struct in6_ifaddr * 4044in6_ifaddr_alloc(int how) 4045{ 4046 struct in6_ifaddr *in6ifa; 4047 4048 in6ifa = (how == M_WAITOK) ? zalloc(in6ifa_zone) : 4049 zalloc_noblock(in6ifa_zone); 4050 if (in6ifa != NULL) { 4051 bzero(in6ifa, in6ifa_size); 4052 in6ifa->ia_ifa.ifa_free = in6_ifaddr_free; 4053 in6ifa->ia_ifa.ifa_debug |= IFD_ALLOC; 4054 ifa_lock_init(&in6ifa->ia_ifa); 4055 if (in6ifa_debug != 0) { 4056 struct in6_ifaddr_dbg *in6ifa_dbg = 4057 (struct in6_ifaddr_dbg *)in6ifa; 4058 in6ifa->ia_ifa.ifa_debug |= IFD_DEBUG; 4059 in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace; 4060 in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached; 4061 in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached; 4062 ctrace_record(&in6ifa_dbg->in6ifa_alloc); 4063 } 4064 } 4065 4066 return (in6ifa); 4067} 4068 4069static void 4070in6_ifaddr_free(struct ifaddr *ifa) 4071{ 4072 IFA_LOCK_ASSERT_HELD(ifa); 4073 4074 if (ifa->ifa_refcnt != 0) { 4075 panic("%s: ifa %p bad ref cnt", __func__, ifa); 4076 /* NOTREACHED */ 4077 } else if (!(ifa->ifa_debug & IFD_ALLOC)) { 4078 panic("%s: ifa %p cannot be freed", __func__, ifa); 4079 /* NOTREACHED */ 4080 } 4081 if (ifa->ifa_debug & IFD_DEBUG) { 4082 struct in6_ifaddr_dbg *in6ifa_dbg = 4083 (struct in6_ifaddr_dbg *)ifa; 4084 ctrace_record(&in6ifa_dbg->in6ifa_free); 4085 bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old, 4086 sizeof (struct in6_ifaddr)); 4087 if (ifa->ifa_debug & IFD_TRASHED) { 4088 /* Become a regular mutex, just in case */ 4089 IFA_CONVERT_LOCK(ifa); 4090 lck_mtx_lock(&in6ifa_trash_lock); 4091 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, 4092 in6ifa_trash_link); 4093 lck_mtx_unlock(&in6ifa_trash_lock); 4094 ifa->ifa_debug &= ~IFD_TRASHED; 4095 } 4096 } 4097 IFA_UNLOCK(ifa); 4098 ifa_lock_destroy(ifa); 4099 bzero(ifa, sizeof (struct in6_ifaddr)); 4100 zfree(in6ifa_zone, ifa); 4101} 4102 4103static void 4104in6_ifaddr_attached(struct ifaddr *ifa) 4105{ 4106 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa; 4107 4108 IFA_LOCK_ASSERT_HELD(ifa); 4109 4110 if (!(ifa->ifa_debug & IFD_DEBUG)) { 4111 panic("%s: ifa %p has no debug structure", __func__, ifa); 4112 /* NOTREACHED */ 4113 } 4114 if (ifa->ifa_debug & IFD_TRASHED) { 4115 /* Become a regular mutex, just in case */ 4116 IFA_CONVERT_LOCK(ifa); 4117 lck_mtx_lock(&in6ifa_trash_lock); 4118 TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link); 4119 lck_mtx_unlock(&in6ifa_trash_lock); 4120 ifa->ifa_debug &= ~IFD_TRASHED; 4121 } 4122} 4123 4124static void 4125in6_ifaddr_detached(struct ifaddr *ifa) 4126{ 4127 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa; 4128 4129 IFA_LOCK_ASSERT_HELD(ifa); 4130 4131 if (!(ifa->ifa_debug & IFD_DEBUG)) { 4132 panic("%s: ifa %p has no debug structure", __func__, ifa); 4133 /* NOTREACHED */ 4134 } else if (ifa->ifa_debug & IFD_TRASHED) { 4135 panic("%s: ifa %p is already in trash list", __func__, ifa); 4136 /* NOTREACHED */ 4137 } 4138 ifa->ifa_debug |= IFD_TRASHED; 4139 /* Become a regular mutex, just in case */ 4140 IFA_CONVERT_LOCK(ifa); 4141 lck_mtx_lock(&in6ifa_trash_lock); 4142 TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link); 4143 lck_mtx_unlock(&in6ifa_trash_lock); 4144} 4145 4146static void 4147in6_ifaddr_trace(struct ifaddr *ifa, int refhold) 4148{ 4149 struct in6_ifaddr_dbg *in6ifa_dbg = (struct in6_ifaddr_dbg *)ifa; 4150 ctrace_t *tr; 4151 u_int32_t idx; 4152 u_int16_t *cnt; 4153 4154 if (!(ifa->ifa_debug & IFD_DEBUG)) { 4155 panic("%s: ifa %p has no debug structure", __func__, ifa); 4156 /* NOTREACHED */ 4157 } 4158 if (refhold) { 4159 cnt = &in6ifa_dbg->in6ifa_refhold_cnt; 4160 tr = in6ifa_dbg->in6ifa_refhold; 4161 } else { 4162 cnt = &in6ifa_dbg->in6ifa_refrele_cnt; 4163 tr = in6ifa_dbg->in6ifa_refrele; 4164 } 4165 4166 idx = atomic_add_16_ov(cnt, 1) % IN6IFA_TRACE_HIST_SIZE; 4167 ctrace_record(&tr[idx]); 4168} 4169 4170static void 4171in6_ifaddr_set_dadprogress(struct in6_ifaddr *ia) 4172{ 4173 uint32_t flags = IN6_IFF_TENTATIVE; 4174 uint32_t optdad = nd6_optimistic_dad; 4175 4176 if (optdad && (ia->ia_ifp->if_eflags & IFEF_IPV6_ROUTER) == 0) { 4177 if ((optdad & ND6_OPTIMISTIC_DAD_LINKLOCAL) && 4178 IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) 4179 flags = IN6_IFF_OPTIMISTIC; 4180 else if ((optdad & ND6_OPTIMISTIC_DAD_AUTOCONF) && 4181 (ia->ia6_flags & IN6_IFF_AUTOCONF)) { 4182 if (ia->ia6_flags & IN6_IFF_TEMPORARY) { 4183 if (optdad & ND6_OPTIMISTIC_DAD_TEMPORARY) 4184 flags = IN6_IFF_OPTIMISTIC; 4185 } else if (ia->ia6_flags & IN6_IFF_SECURED) { 4186 if (optdad & ND6_OPTIMISTIC_DAD_SECURED) 4187 flags = IN6_IFF_OPTIMISTIC; 4188 } 4189 } else if ((optdad & ND6_OPTIMISTIC_DAD_DYNAMIC) && 4190 (ia->ia6_flags & IN6_IFF_DYNAMIC)) { 4191 if (ia->ia6_flags & IN6_IFF_TEMPORARY) { 4192 if (optdad & ND6_OPTIMISTIC_DAD_TEMPORARY) 4193 flags = IN6_IFF_OPTIMISTIC; 4194 } else { 4195 flags = IN6_IFF_OPTIMISTIC; 4196 } 4197 } 4198 } 4199 4200 ia->ia6_flags &= ~(IN6_IFF_DUPLICATED | IN6_IFF_DADPROGRESS); 4201 ia->ia6_flags |= flags; 4202} 4203 4204/* 4205 * Handle SIOCGASSOCIDS ioctl for PF_INET6 domain. 4206 */ 4207static int 4208in6_getassocids(struct socket *so, uint32_t *cnt, user_addr_t aidp) 4209{ 4210 struct in6pcb *in6p = sotoin6pcb(so); 4211 associd_t aid; 4212 4213 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) 4214 return (EINVAL); 4215 4216 /* IN6PCB has no concept of association */ 4217 aid = ASSOCID_ANY; 4218 *cnt = 0; 4219 4220 /* just asking how many there are? */ 4221 if (aidp == USER_ADDR_NULL) 4222 return (0); 4223 4224 return (copyout(&aid, aidp, sizeof (aid))); 4225} 4226 4227/* 4228 * Handle SIOCGCONNIDS ioctl for PF_INET6 domain. 4229 */ 4230static int 4231in6_getconnids(struct socket *so, associd_t aid, uint32_t *cnt, 4232 user_addr_t cidp) 4233{ 4234 struct in6pcb *in6p = sotoin6pcb(so); 4235 connid_t cid; 4236 4237 if (in6p == NULL || in6p->inp_state == INPCB_STATE_DEAD) 4238 return (EINVAL); 4239 4240 if (aid != ASSOCID_ANY && aid != ASSOCID_ALL) 4241 return (EINVAL); 4242 4243 /* if connected, return 1 connection count */ 4244 *cnt = ((so->so_state & SS_ISCONNECTED) ? 1 : 0); 4245 4246 /* just asking how many there are? */ 4247 if (cidp == USER_ADDR_NULL) 4248 return (0); 4249 4250 /* if IN6PCB is connected, assign it connid 1 */ 4251 cid = ((*cnt != 0) ? 1 : CONNID_ANY); 4252 4253 return (copyout(&cid, cidp, sizeof (cid))); 4254} 4255 4256/* 4257 * Handle SIOCGCONNINFO ioctl for PF_INET6 domain. 4258 */ 4259static int 4260in6_getconninfo(struct socket *so, connid_t cid, uint32_t *flags, 4261 uint32_t *ifindex, int32_t *soerror, user_addr_t src, socklen_t *src_len, 4262 user_addr_t dst, socklen_t *dst_len, uint32_t *aux_type, 4263 user_addr_t aux_data, uint32_t *aux_len) 4264{ 4265#pragma unused(aux_data) 4266 struct in6pcb *in6p = sotoin6pcb(so); 4267 struct sockaddr_in6 sin6; 4268 struct ifnet *ifp = NULL; 4269 int error = 0; 4270 u_int32_t copy_len = 0; 4271 4272 /* 4273 * Don't test for INPCB_STATE_DEAD since this may be called 4274 * after SOF_PCBCLEARING is set, e.g. after tcp_close(). 4275 */ 4276 if (in6p == NULL) { 4277 error = EINVAL; 4278 goto out; 4279 } 4280 4281 if (cid != CONNID_ANY && cid != CONNID_ALL && cid != 1) { 4282 error = EINVAL; 4283 goto out; 4284 } 4285 4286 ifp = in6p->in6p_last_outifp; 4287 *ifindex = ((ifp != NULL) ? ifp->if_index : 0); 4288 *soerror = so->so_error; 4289 *flags = 0; 4290 if (so->so_state & SS_ISCONNECTED) 4291 *flags |= (CIF_CONNECTED | CIF_PREFERRED); 4292 if (in6p->in6p_flags & INP_BOUND_IF) 4293 *flags |= CIF_BOUND_IF; 4294 if (!(in6p->in6p_flags & INP_IN6ADDR_ANY)) 4295 *flags |= CIF_BOUND_IP; 4296 if (!(in6p->in6p_flags & INP_ANONPORT)) 4297 *flags |= CIF_BOUND_PORT; 4298 4299 bzero(&sin6, sizeof (sin6)); 4300 sin6.sin6_len = sizeof (sin6); 4301 sin6.sin6_family = AF_INET6; 4302 4303 /* source address and port */ 4304 sin6.sin6_port = in6p->in6p_lport; 4305 bcopy(&in6p->in6p_laddr, &sin6.sin6_addr, sizeof (struct in6_addr)); 4306 if (*src_len == 0) { 4307 *src_len = sin6.sin6_len; 4308 } else { 4309 if (src != USER_ADDR_NULL) { 4310 copy_len = min(*src_len, sizeof (sin6)); 4311 error = copyout(&sin6, src, copy_len); 4312 if (error != 0) 4313 goto out; 4314 *src_len = copy_len; 4315 } 4316 } 4317 4318 /* destination address and port */ 4319 sin6.sin6_port = in6p->in6p_fport; 4320 bcopy(&in6p->in6p_faddr, &sin6.sin6_addr, sizeof (struct in6_addr)); 4321 if (*dst_len == 0) { 4322 *dst_len = sin6.sin6_len; 4323 } else { 4324 if (dst != USER_ADDR_NULL) { 4325 copy_len = min(*dst_len, sizeof (sin6)); 4326 error = copyout(&sin6, dst, copy_len); 4327 if (error != 0) 4328 goto out; 4329 *dst_len = copy_len; 4330 } 4331 } 4332 4333 *aux_type = 0; 4334 *aux_len = 0; 4335 if (SOCK_PROTO(so) == IPPROTO_TCP) { 4336 struct conninfo_tcp tcp_ci; 4337 4338 *aux_type = CIAUX_TCP; 4339 if (*aux_len == 0) { 4340 *aux_len = sizeof (tcp_ci); 4341 } else { 4342 if (aux_data != USER_ADDR_NULL) { 4343 copy_len = min(*aux_len, sizeof (tcp_ci)); 4344 bzero(&tcp_ci, sizeof (tcp_ci)); 4345 tcp_getconninfo(so, &tcp_ci); 4346 error = copyout(&tcp_ci, aux_data, copy_len); 4347 if (error != 0) 4348 goto out; 4349 *aux_len = copy_len; 4350 } 4351 } 4352 } 4353 4354out: 4355 return (error); 4356} 4357 4358/* 4359 * 'u' group ioctls. 4360 * 4361 * The switch statement below does nothing at runtime, as it serves as a 4362 * compile time check to ensure that all of the socket 'u' ioctls (those 4363 * in the 'u' group going thru soo_ioctl) that are made available by the 4364 * networking stack is unique. This works as long as this routine gets 4365 * updated each time a new interface ioctl gets added. 4366 * 4367 * Any failures at compile time indicates duplicated ioctl values. 4368 */ 4369static __attribute__((unused)) void 4370in6ioctl_cassert(void) 4371{ 4372 /* 4373 * This is equivalent to _CASSERT() and the compiler wouldn't 4374 * generate any instructions, thus for compile time only. 4375 */ 4376 switch ((u_long)0) { 4377 case 0: 4378 4379 /* bsd/netinet6/in6_var.h */ 4380 case SIOCGETSGCNT_IN6: 4381 case SIOCGETMIFCNT_IN6_32: 4382 case SIOCGETMIFCNT_IN6_64: 4383 case SIOCAADDRCTL_POLICY: 4384 case SIOCDADDRCTL_POLICY: 4385 case SIOCDRADD_IN6_32: 4386 case SIOCDRADD_IN6_64: 4387 case SIOCDRDEL_IN6_32: 4388 case SIOCDRDEL_IN6_64: 4389 ; 4390 } 4391} 4392