1/* 2 * Copyright (c) 2003-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* 29 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 30 * All rights reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions 34 * are met: 35 * 1. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 2. Redistributions in binary form must reproduce the above copyright 38 * notice, this list of conditions and the following disclaimer in the 39 * documentation and/or other materials provided with the distribution. 40 * 3. Neither the name of the project nor the names of its contributors 41 * may be used to endorse or promote products derived from this software 42 * without specific prior written permission. 43 * 44 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 47 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 54 * SUCH DAMAGE. 55 * 56 */ 57 58/* 59 * Copyright (c) 1982, 1986, 1991, 1993 60 * The Regents of the University of California. All rights reserved. 61 * 62 * Redistribution and use in source and binary forms, with or without 63 * modification, are permitted provided that the following conditions 64 * are met: 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in the 69 * documentation and/or other materials provided with the distribution. 70 * 3. All advertising materials mentioning features or use of this software 71 * must display the following acknowledgement: 72 * This product includes software developed by the University of 73 * California, Berkeley and its contributors. 74 * 4. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 91 */ 92 93#include <sys/param.h> 94#include <sys/systm.h> 95#include <sys/malloc.h> 96#include <sys/mbuf.h> 97#include <sys/domain.h> 98#include <sys/protosw.h> 99#include <sys/socket.h> 100#include <sys/socketvar.h> 101#include <sys/sockio.h> 102#include <sys/errno.h> 103#include <sys/time.h> 104#include <sys/proc.h> 105#include <sys/kauth.h> 106#include <sys/priv.h> 107 108#include <net/if.h> 109#include <net/if_types.h> 110#include <net/route.h> 111 112#include <netinet/in.h> 113#include <netinet/in_var.h> 114#include <netinet/in_systm.h> 115#include <netinet/ip6.h> 116#include <netinet/ip_var.h> 117#include <netinet6/ip6_var.h> 118#include <netinet6/nd6.h> 119#include <netinet/in_pcb.h> 120#include <netinet6/in6_pcb.h> 121#include <net/if_types.h> 122#include <net/if_var.h> 123 124#include <kern/kern_types.h> 125#include <kern/zalloc.h> 126 127#if IPSEC 128#include <netinet6/ipsec.h> 129#if INET6 130#include <netinet6/ipsec6.h> 131#endif 132#include <netinet6/ah.h> 133#if INET6 134#include <netinet6/ah6.h> 135#endif 136#include <netkey/key.h> 137#endif /* IPSEC */ 138 139/* 140 * in6_pcblookup_local_and_cleanup does everything 141 * in6_pcblookup_local does but it checks for a socket 142 * that's going away. Since we know that the lock is 143 * held read+write when this function is called, we 144 * can safely dispose of this socket like the slow 145 * timer would usually do and return NULL. This is 146 * great for bind. 147 */ 148static struct inpcb * 149in6_pcblookup_local_and_cleanup(struct inpcbinfo *pcbinfo, 150 struct in6_addr *laddr, u_int lport_arg, int wild_okay) 151{ 152 struct inpcb *inp; 153 154 /* Perform normal lookup */ 155 inp = in6_pcblookup_local(pcbinfo, laddr, lport_arg, wild_okay); 156 157 /* Check if we found a match but it's waiting to be disposed */ 158 if (inp != NULL && inp->inp_wantcnt == WNT_STOPUSING) { 159 struct socket *so = inp->inp_socket; 160 161 lck_mtx_lock(&inp->inpcb_mtx); 162 163 if (so->so_usecount == 0) { 164 if (inp->inp_state != INPCB_STATE_DEAD) 165 in6_pcbdetach(inp); 166 in_pcbdispose(inp); /* will unlock & destroy */ 167 inp = NULL; 168 } else { 169 lck_mtx_unlock(&inp->inpcb_mtx); 170 } 171 } 172 173 return (inp); 174} 175 176/* 177 * Bind an INPCB to an address and/or port. This routine should not alter 178 * the caller-supplied local address "nam". 179 */ 180int 181in6_pcbbind(struct inpcb *inp, struct sockaddr *nam, struct proc *p) 182{ 183 struct socket *so = inp->inp_socket; 184 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 185 u_short lport = 0; 186 int wild = 0, reuseport = (so->so_options & SO_REUSEPORT); 187 int error; 188 kauth_cred_t cred; 189 190 if (!in6_ifaddrs) /* XXX broken! */ 191 return (EADDRNOTAVAIL); 192 if (inp->inp_lport || !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) 193 return (EINVAL); 194 if (!(so->so_options & (SO_REUSEADDR|SO_REUSEPORT))) 195 wild = 1; 196 socket_unlock(so, 0); /* keep reference */ 197 lck_rw_lock_exclusive(pcbinfo->ipi_lock); 198 if (nam != NULL) { 199 struct ifnet *outif = NULL; 200 struct sockaddr_in6 sin6; 201 202 if (nam->sa_len != sizeof (struct sockaddr_in6)) { 203 lck_rw_done(pcbinfo->ipi_lock); 204 socket_lock(so, 0); 205 return (EINVAL); 206 } 207 /* 208 * family check. 209 */ 210 if (nam->sa_family != AF_INET6) { 211 lck_rw_done(pcbinfo->ipi_lock); 212 socket_lock(so, 0); 213 return (EAFNOSUPPORT); 214 } 215 lport = SIN6(nam)->sin6_port; 216 217 bzero(&sin6, sizeof (sin6)); 218 *(&sin6) = *SIN6(nam); 219 220 /* KAME hack: embed scopeid */ 221 if (in6_embedscope(&sin6.sin6_addr, &sin6, inp, NULL, 222 NULL) != 0) { 223 lck_rw_done(pcbinfo->ipi_lock); 224 socket_lock(so, 0); 225 return (EINVAL); 226 } 227 228 /* Sanitize local copy for address searches */ 229 sin6.sin6_flowinfo = 0; 230 sin6.sin6_scope_id = 0; 231 sin6.sin6_port = 0; 232 233 if (IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr)) { 234 /* 235 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 236 * allow compepte duplication of binding if 237 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 238 * and a multicast address is bound on both 239 * new and duplicated sockets. 240 */ 241 if (so->so_options & SO_REUSEADDR) 242 reuseport = SO_REUSEADDR|SO_REUSEPORT; 243 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 244 struct ifaddr *ifa; 245 246 ifa = ifa_ifwithaddr(SA(&sin6)); 247 if (ifa == NULL) { 248 lck_rw_done(pcbinfo->ipi_lock); 249 socket_lock(so, 0); 250 return (EADDRNOTAVAIL); 251 } else { 252 /* 253 * XXX: bind to an anycast address might 254 * accidentally cause sending a packet with 255 * anycast source address. We should allow 256 * to bind to a deprecated address, since 257 * the application dare to use it. 258 */ 259 IFA_LOCK_SPIN(ifa); 260 if (((struct in6_ifaddr *)ifa)->ia6_flags & 261 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| 262 IN6_IFF_DETACHED)) { 263 IFA_UNLOCK(ifa); 264 IFA_REMREF(ifa); 265 lck_rw_done(pcbinfo->ipi_lock); 266 socket_lock(so, 0); 267 return (EADDRNOTAVAIL); 268 } 269 /* 270 * Opportunistically determine the outbound 271 * interface that may be used; this may not 272 * hold true if we end up using a route 273 * going over a different interface, e.g. 274 * when sending to a local address. This 275 * will get updated again after sending. 276 */ 277 outif = ifa->ifa_ifp; 278 IFA_UNLOCK(ifa); 279 IFA_REMREF(ifa); 280 } 281 } 282 if (lport != 0) { 283 struct inpcb *t; 284 uid_t u; 285 286 /* GROSS */ 287 if (ntohs(lport) < IPV6PORT_RESERVED) { 288 cred = kauth_cred_proc_ref(p); 289 error = priv_check_cred(cred, 290 PRIV_NETINET_RESERVEDPORT, 0); 291 kauth_cred_unref(&cred); 292 if (error != 0) { 293 lck_rw_done(pcbinfo->ipi_lock); 294 socket_lock(so, 0); 295 return (EACCES); 296 } 297 } 298 if (!IN6_IS_ADDR_MULTICAST(&sin6.sin6_addr) && 299 (u = kauth_cred_getuid(so->so_cred)) != 0) { 300 t = in6_pcblookup_local_and_cleanup(pcbinfo, 301 &sin6.sin6_addr, lport, 302 INPLOOKUP_WILDCARD); 303 if (t != NULL && (!IN6_IS_ADDR_UNSPECIFIED( 304 &sin6.sin6_addr) || 305 !IN6_IS_ADDR_UNSPECIFIED(&t->in6p_laddr) || 306 !(t->inp_socket->so_options & 307 SO_REUSEPORT)) && (u != kauth_cred_getuid( 308 t->inp_socket->so_cred)) && 309 !(t->inp_socket->so_flags & 310 SOF_REUSESHAREUID)) { 311 lck_rw_done(pcbinfo->ipi_lock); 312 socket_lock(so, 0); 313 return (EADDRINUSE); 314 } 315 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) && 316 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 317 struct sockaddr_in sin; 318 319 in6_sin6_2_sin(&sin, &sin6); 320 t = in_pcblookup_local_and_cleanup( 321 pcbinfo, sin.sin_addr, lport, 322 INPLOOKUP_WILDCARD); 323 if (t != NULL && 324 !(t->inp_socket->so_options & 325 SO_REUSEPORT) && 326 (kauth_cred_getuid(so->so_cred) != 327 kauth_cred_getuid(t->inp_socket-> 328 so_cred)) && (t->inp_laddr.s_addr != 329 INADDR_ANY || SOCK_DOM(so) == 330 SOCK_DOM(t->inp_socket))) { 331 lck_rw_done(pcbinfo->ipi_lock); 332 socket_lock(so, 0); 333 return (EADDRINUSE); 334 } 335 } 336 } 337 t = in6_pcblookup_local_and_cleanup(pcbinfo, 338 &sin6.sin6_addr, lport, wild); 339 if (t != NULL && 340 (reuseport & t->inp_socket->so_options) == 0) { 341 lck_rw_done(pcbinfo->ipi_lock); 342 socket_lock(so, 0); 343 return (EADDRINUSE); 344 } 345 if (!(inp->inp_flags & IN6P_IPV6_V6ONLY) && 346 IN6_IS_ADDR_UNSPECIFIED(&sin6.sin6_addr)) { 347 struct sockaddr_in sin; 348 349 in6_sin6_2_sin(&sin, &sin6); 350 t = in_pcblookup_local_and_cleanup(pcbinfo, 351 sin.sin_addr, lport, wild); 352 if (t != NULL && (reuseport & 353 t->inp_socket->so_options) == 0 && 354 (t->inp_laddr.s_addr != INADDR_ANY || 355 SOCK_DOM(so) == SOCK_DOM(t->inp_socket))) { 356 lck_rw_done(pcbinfo->ipi_lock); 357 socket_lock(so, 0); 358 return (EADDRINUSE); 359 } 360 } 361 } 362 inp->in6p_laddr = sin6.sin6_addr; 363 inp->in6p_last_outifp = outif; 364 } 365 socket_lock(so, 0); 366 if (lport == 0) { 367 int e; 368 if ((e = in6_pcbsetport(&inp->in6p_laddr, inp, p, 1)) != 0) { 369 lck_rw_done(pcbinfo->ipi_lock); 370 return (e); 371 } 372 } else { 373 inp->inp_lport = lport; 374 if (in_pcbinshash(inp, 1) != 0) { 375 inp->in6p_laddr = in6addr_any; 376 inp->inp_lport = 0; 377 inp->in6p_last_outifp = NULL; 378 lck_rw_done(pcbinfo->ipi_lock); 379 return (EAGAIN); 380 } 381 } 382 lck_rw_done(pcbinfo->ipi_lock); 383 sflt_notify(so, sock_evt_bound, NULL); 384 return (0); 385} 386 387/* 388 * Transform old in6_pcbconnect() into an inner subroutine for new 389 * in6_pcbconnect(); do some validity-checking on the remote address 390 * (in "nam") and then determine local host address (i.e., which 391 * interface) to use to access that remote host. 392 * 393 * This routine may alter the caller-supplied remote address "nam". 394 * 395 * This routine might return an ifp with a reference held if the caller 396 * provides a non-NULL outif, even in the error case. The caller is 397 * responsible for releasing its reference. 398 */ 399int 400in6_pcbladdr(struct inpcb *inp, struct sockaddr *nam, 401 struct in6_addr *plocal_addr6, struct ifnet **outif) 402{ 403 struct in6_addr *addr6 = NULL; 404 struct in6_addr src_storage; 405 int error = 0; 406 unsigned int ifscope; 407 408 if (outif != NULL) 409 *outif = NULL; 410 if (nam->sa_len != sizeof (struct sockaddr_in6)) 411 return (EINVAL); 412 if (SIN6(nam)->sin6_family != AF_INET6) 413 return (EAFNOSUPPORT); 414 if (SIN6(nam)->sin6_port == 0) 415 return (EADDRNOTAVAIL); 416 417 /* KAME hack: embed scopeid */ 418 if (in6_embedscope(&SIN6(nam)->sin6_addr, SIN6(nam), inp, NULL, NULL) != 0) 419 return (EINVAL); 420 421 if (in6_ifaddrs) { 422 /* 423 * If the destination address is UNSPECIFIED addr, 424 * use the loopback addr, e.g ::1. 425 */ 426 if (IN6_IS_ADDR_UNSPECIFIED(&SIN6(nam)->sin6_addr)) 427 SIN6(nam)->sin6_addr = in6addr_loopback; 428 } 429 430 ifscope = (inp->inp_flags & INP_BOUND_IF) ? 431 inp->inp_boundifp->if_index : IFSCOPE_NONE; 432 433 /* 434 * XXX: in6_selectsrc might replace the bound local address 435 * with the address specified by setsockopt(IPV6_PKTINFO). 436 * Is it the intended behavior? 437 * 438 * in6_selectsrc() might return outif with its reference held 439 * even in the error case; caller always needs to release it 440 * if non-NULL. 441 */ 442 addr6 = in6_selectsrc(SIN6(nam), inp->in6p_outputopts, inp, 443 &inp->in6p_route, outif, &src_storage, ifscope, &error); 444 445 if (outif != NULL) { 446 struct rtentry *rt = inp->in6p_route.ro_rt; 447 /* 448 * If in6_selectsrc() returns a route, it should be one 449 * which points to the same ifp as outif. Just in case 450 * it isn't, use the one from the route for consistency. 451 * Otherwise if there is no route, leave outif alone as 452 * it could still be useful to the caller. 453 */ 454 if (rt != NULL && rt->rt_ifp != *outif) { 455 ifnet_reference(rt->rt_ifp); /* for caller */ 456 if (*outif != NULL) 457 ifnet_release(*outif); 458 *outif = rt->rt_ifp; 459 } 460 } 461 462 if (addr6 == NULL) { 463 if (outif != NULL && (*outif) != NULL && 464 (inp->inp_flags & INP_NO_IFT_CELLULAR) && 465 IFNET_IS_CELLULAR(*outif)) { 466 soevent(inp->inp_socket, 467 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED)); 468 error = EHOSTUNREACH; 469 } 470 if (error == 0) 471 error = EADDRNOTAVAIL; 472 return (error); 473 } 474 475 *plocal_addr6 = *addr6; 476 /* 477 * Don't do pcblookup call here; return interface in 478 * plocal_addr6 and exit to caller, that will do the lookup. 479 */ 480 return (0); 481} 482 483/* 484 * Outer subroutine: 485 * Connect from a socket to a specified address. 486 * Both address and port must be specified in argument sin. 487 * If don't have a local address for this socket yet, 488 * then pick one. 489 */ 490int 491in6_pcbconnect(struct inpcb *inp, struct sockaddr *nam, struct proc *p) 492{ 493 struct in6_addr addr6; 494 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)(void *)nam; 495 struct inpcb *pcb; 496 int error = 0; 497 struct ifnet *outif = NULL; 498 499 /* 500 * Call inner routine, to assign local interface address. 501 * in6_pcbladdr() may automatically fill in sin6_scope_id. 502 * 503 * in6_pcbladdr() might return an ifp with its reference held 504 * even in the error case, so make sure that it's released 505 * whenever it's non-NULL. 506 */ 507 if ((error = in6_pcbladdr(inp, nam, &addr6, &outif)) != 0) { 508 if ((inp->inp_flags & INP_NO_IFT_CELLULAR) && outif != NULL && 509 IFNET_IS_CELLULAR(outif)) 510 soevent(inp->inp_socket, 511 (SO_FILT_HINT_LOCKED | SO_FILT_HINT_IFDENIED)); 512 goto done; 513 } 514 socket_unlock(inp->inp_socket, 0); 515 pcb = in6_pcblookup_hash(inp->inp_pcbinfo, &sin6->sin6_addr, 516 sin6->sin6_port, IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ? 517 &addr6 : &inp->in6p_laddr, inp->inp_lport, 0, NULL); 518 socket_lock(inp->inp_socket, 0); 519 if (pcb != NULL) { 520 in_pcb_checkstate(pcb, WNT_RELEASE, pcb == inp ? 1 : 0); 521 error = EADDRINUSE; 522 goto done; 523 } 524 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 525 if (inp->inp_lport == 0) { 526 error = in6_pcbbind(inp, NULL, p); 527 if (error) 528 goto done; 529 } 530 inp->in6p_laddr = addr6; 531 inp->in6p_last_outifp = outif; /* no reference needed */ 532 inp->in6p_flags |= INP_IN6ADDR_ANY; 533 } 534 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) { 535 /* lock inversion issue, mostly with udp multicast packets */ 536 socket_unlock(inp->inp_socket, 0); 537 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock); 538 socket_lock(inp->inp_socket, 0); 539 } 540 inp->in6p_faddr = sin6->sin6_addr; 541 inp->inp_fport = sin6->sin6_port; 542 543 in_pcbrehash(inp); 544 lck_rw_done(inp->inp_pcbinfo->ipi_lock); 545 546done: 547 if (outif != NULL) 548 ifnet_release(outif); 549 550 return (error); 551} 552 553void 554in6_pcbdisconnect(struct inpcb *inp) 555{ 556 struct socket *so = inp->inp_socket; 557 558 if (!lck_rw_try_lock_exclusive(inp->inp_pcbinfo->ipi_lock)) { 559 /* lock inversion issue, mostly with udp multicast packets */ 560 socket_unlock(so, 0); 561 lck_rw_lock_exclusive(inp->inp_pcbinfo->ipi_lock); 562 socket_lock(so, 0); 563 } 564 bzero((caddr_t)&inp->in6p_faddr, sizeof (inp->in6p_faddr)); 565 inp->inp_fport = 0; 566 /* clear flowinfo - RFC 6437 */ 567 inp->inp_flow &= ~IPV6_FLOWLABEL_MASK; 568 in_pcbrehash(inp); 569 lck_rw_done(inp->inp_pcbinfo->ipi_lock); 570 /* 571 * A multipath subflow socket would have its SS_NOFDREF set by default, 572 * so check for SOF_MP_SUBFLOW socket flag before detaching the PCB; 573 * when the socket is closed for real, SOF_MP_SUBFLOW would be cleared. 574 */ 575 if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF)) 576 in6_pcbdetach(inp); 577} 578 579void 580in6_pcbdetach(struct inpcb *inp) 581{ 582 struct socket *so = inp->inp_socket; 583 584 if (so->so_pcb == NULL) { 585 /* PCB has been disposed */ 586 panic("%s: inp=%p so=%p proto=%d so_pcb is null!\n", __func__, 587 inp, so, SOCK_PROTO(so)); 588 /* NOTREACHED */ 589 } 590 591#if IPSEC 592 if (inp->in6p_sp != NULL) { 593 (void) ipsec6_delete_pcbpolicy(inp); 594 } 595#endif /* IPSEC */ 596 597 /* mark socket state as dead */ 598 if (in_pcb_checkstate(inp, WNT_STOPUSING, 1) != WNT_STOPUSING) { 599 panic("%s: so=%p proto=%d couldn't set to STOPUSING\n", 600 __func__, so, SOCK_PROTO(so)); 601 /* NOTREACHED */ 602 } 603 604 if (!(so->so_flags & SOF_PCBCLEARING)) { 605 struct ip_moptions *imo; 606 struct ip6_moptions *im6o; 607 608 inp->inp_vflag = 0; 609 if (inp->in6p_options != NULL) { 610 m_freem(inp->in6p_options); 611 inp->in6p_options = NULL; 612 } 613 ip6_freepcbopts(inp->in6p_outputopts); 614 ROUTE_RELEASE(&inp->in6p_route); 615 /* free IPv4 related resources in case of mapped addr */ 616 if (inp->inp_options != NULL) { 617 (void) m_free(inp->inp_options); 618 inp->inp_options = NULL; 619 } 620 im6o = inp->in6p_moptions; 621 inp->in6p_moptions = NULL; 622 if (im6o != NULL) 623 IM6O_REMREF(im6o); 624 625 imo = inp->inp_moptions; 626 inp->inp_moptions = NULL; 627 if (imo != NULL) 628 IMO_REMREF(imo); 629 sofreelastref(so, 0); 630 inp->inp_state = INPCB_STATE_DEAD; 631 /* makes sure we're not called twice from so_close */ 632 so->so_flags |= SOF_PCBCLEARING; 633 634 inpcb_gc_sched(inp->inp_pcbinfo, INPCB_TIMER_FAST); 635 } 636} 637 638struct sockaddr * 639in6_sockaddr(in_port_t port, struct in6_addr *addr_p) 640{ 641 struct sockaddr_in6 *sin6; 642 643 MALLOC(sin6, struct sockaddr_in6 *, sizeof (*sin6), M_SONAME, M_WAITOK); 644 if (sin6 == NULL) 645 return (NULL); 646 bzero(sin6, sizeof (*sin6)); 647 sin6->sin6_family = AF_INET6; 648 sin6->sin6_len = sizeof (*sin6); 649 sin6->sin6_port = port; 650 sin6->sin6_addr = *addr_p; 651 652 /* would be good to use sa6_recoverscope(), except for locking */ 653 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 654 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]); 655 else 656 sin6->sin6_scope_id = 0; /* XXX */ 657 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 658 sin6->sin6_addr.s6_addr16[1] = 0; 659 660 return ((struct sockaddr *)sin6); 661} 662 663void 664in6_sockaddr_s(in_port_t port, struct in6_addr *addr_p, 665 struct sockaddr_in6 *sin6) 666{ 667 bzero(sin6, sizeof (*sin6)); 668 sin6->sin6_family = AF_INET6; 669 sin6->sin6_len = sizeof (*sin6); 670 sin6->sin6_port = port; 671 sin6->sin6_addr = *addr_p; 672 673 /* would be good to use sa6_recoverscope(), except for locking */ 674 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 675 sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[1]); 676 else 677 sin6->sin6_scope_id = 0; /* XXX */ 678 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 679 sin6->sin6_addr.s6_addr16[1] = 0; 680} 681 682/* 683 * The calling convention of in6_getsockaddr() and in6_getpeeraddr() was 684 * modified to match the pru_sockaddr() and pru_peeraddr() entry points 685 * in struct pr_usrreqs, so that protocols can just reference then directly 686 * without the need for a wrapper function. 687 */ 688int 689in6_getsockaddr(struct socket *so, struct sockaddr **nam) 690{ 691 struct inpcb *inp; 692 struct in6_addr addr; 693 in_port_t port; 694 695 if ((inp = sotoinpcb(so)) == NULL) 696 return (EINVAL); 697 698 port = inp->inp_lport; 699 addr = inp->in6p_laddr; 700 701 *nam = in6_sockaddr(port, &addr); 702 if (*nam == NULL) 703 return (ENOBUFS); 704 return (0); 705} 706 707int 708in6_getsockaddr_s(struct socket *so, struct sockaddr_storage *ss) 709{ 710 struct inpcb *inp; 711 struct in6_addr addr; 712 in_port_t port; 713 714 VERIFY(ss != NULL); 715 bzero(ss, sizeof (*ss)); 716 717 if ((inp = sotoinpcb(so)) == NULL || 718 (inp->inp_flags2 & INP2_WANT_FLOW_DIVERT)) 719 return (inp == NULL ? EINVAL : EPROTOTYPE); 720 721 port = inp->inp_lport; 722 addr = inp->in6p_laddr; 723 724 in6_sockaddr_s(port, &addr, SIN6(ss)); 725 return (0); 726} 727 728int 729in6_getpeeraddr(struct socket *so, struct sockaddr **nam) 730{ 731 struct inpcb *inp; 732 struct in6_addr addr; 733 in_port_t port; 734 735 if ((inp = sotoinpcb(so)) == NULL) 736 return (EINVAL); 737 738 port = inp->inp_fport; 739 addr = inp->in6p_faddr; 740 741 *nam = in6_sockaddr(port, &addr); 742 if (*nam == NULL) 743 return (ENOBUFS); 744 return (0); 745} 746 747int 748in6_getpeeraddr_s(struct socket *so, struct sockaddr_storage *ss) 749{ 750 struct inpcb *inp; 751 struct in6_addr addr; 752 in_port_t port; 753 754 VERIFY(ss != NULL); 755 bzero(ss, sizeof (*ss)); 756 757 if ((inp = sotoinpcb(so)) == NULL || 758 (inp->inp_flags2 & INP2_WANT_FLOW_DIVERT)) 759 return (inp == NULL ? EINVAL : EPROTOTYPE); 760 761 port = inp->inp_fport; 762 addr = inp->in6p_faddr; 763 764 in6_sockaddr_s(port, &addr, SIN6(ss)); 765 return (0); 766} 767 768int 769in6_mapped_sockaddr(struct socket *so, struct sockaddr **nam) 770{ 771 struct inpcb *inp = sotoinpcb(so); 772 int error; 773 774 if (inp == NULL) 775 return (EINVAL); 776 if (inp->inp_vflag & INP_IPV4) { 777 error = in_getsockaddr(so, nam); 778 if (error == 0) 779 error = in6_sin_2_v4mapsin6_in_sock(nam); 780 } else { 781 /* scope issues will be handled in in6_getsockaddr(). */ 782 error = in6_getsockaddr(so, nam); 783 } 784 return (error); 785} 786 787int 788in6_mapped_peeraddr(struct socket *so, struct sockaddr **nam) 789{ 790 struct inpcb *inp = sotoinpcb(so); 791 int error; 792 793 if (inp == NULL) 794 return (EINVAL); 795 if (inp->inp_vflag & INP_IPV4) { 796 error = in_getpeeraddr(so, nam); 797 if (error == 0) 798 error = in6_sin_2_v4mapsin6_in_sock(nam); 799 } else { 800 /* scope issues will be handled in in6_getpeeraddr(). */ 801 error = in6_getpeeraddr(so, nam); 802 } 803 return (error); 804} 805 806/* 807 * Pass some notification to all connections of a protocol 808 * associated with address dst. The local address and/or port numbers 809 * may be specified to limit the search. The "usual action" will be 810 * taken, depending on the ctlinput cmd. The caller must filter any 811 * cmds that are uninteresting (e.g., no error in the map). 812 * Call the protocol specific routine (if any) to report 813 * any errors for each matching socket. 814 */ 815void 816in6_pcbnotify(struct inpcbinfo *pcbinfo, struct sockaddr *dst, u_int fport_arg, 817 const struct sockaddr *src, u_int lport_arg, int cmd, void *cmdarg, 818 void (*notify)(struct inpcb *, int)) 819{ 820 struct inpcbhead *head = pcbinfo->ipi_listhead; 821 struct inpcb *inp, *ninp; 822 struct sockaddr_in6 sa6_src, *sa6_dst; 823 u_short fport = fport_arg, lport = lport_arg; 824 u_int32_t flowinfo; 825 int errno; 826 827 if ((unsigned)cmd > PRC_NCMDS || dst->sa_family != AF_INET6) 828 return; 829 830 sa6_dst = (struct sockaddr_in6 *)(void *)dst; 831 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr)) 832 return; 833 834 /* 835 * note that src can be NULL when we get notify by local fragmentation. 836 */ 837 sa6_src = (src == NULL) ? 838 sa6_any : *(struct sockaddr_in6 *)(uintptr_t)(size_t)src; 839 flowinfo = sa6_src.sin6_flowinfo; 840 841 /* 842 * Redirects go to all references to the destination, 843 * and use in6_rtchange to invalidate the route cache. 844 * Dead host indications: also use in6_rtchange to invalidate 845 * the cache, and deliver the error to all the sockets. 846 * Otherwise, if we have knowledge of the local port and address, 847 * deliver only to that socket. 848 */ 849 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 850 fport = 0; 851 lport = 0; 852 bzero((caddr_t)&sa6_src.sin6_addr, sizeof (sa6_src.sin6_addr)); 853 854 if (cmd != PRC_HOSTDEAD) 855 notify = in6_rtchange; 856 } 857 errno = inet6ctlerrmap[cmd]; 858 lck_rw_lock_shared(pcbinfo->ipi_lock); 859 for (inp = LIST_FIRST(head); inp != NULL; inp = ninp) { 860 ninp = LIST_NEXT(inp, inp_list); 861 862 if (!(inp->inp_vflag & INP_IPV6)) 863 continue; 864 865 /* 866 * If the error designates a new path MTU for a destination 867 * and the application (associated with this socket) wanted to 868 * know the value, notify. Note that we notify for all 869 * disconnected sockets if the corresponding application 870 * wanted. This is because some UDP applications keep sending 871 * sockets disconnected. 872 * XXX: should we avoid to notify the value to TCP sockets? 873 */ 874 if (cmd == PRC_MSGSIZE && (inp->inp_flags & IN6P_MTU) != 0 && 875 (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) || 876 IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 877 &sa6_dst->sin6_addr))) { 878 ip6_notify_pmtu(inp, (struct sockaddr_in6 *)(void *)dst, 879 (u_int32_t *)cmdarg); 880 } 881 882 /* 883 * Detect if we should notify the error. If no source and 884 * destination ports are specifed, but non-zero flowinfo and 885 * local address match, notify the error. This is the case 886 * when the error is delivered with an encrypted buffer 887 * by ESP. Otherwise, just compare addresses and ports 888 * as usual. 889 */ 890 if (lport == 0 && fport == 0 && flowinfo && 891 inp->inp_socket != NULL && 892 flowinfo == (inp->inp_flow & IPV6_FLOWLABEL_MASK) && 893 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, &sa6_src.sin6_addr)) 894 goto do_notify; 895 else if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 896 &sa6_dst->sin6_addr) || inp->inp_socket == NULL || 897 (lport && inp->inp_lport != lport) || 898 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) && 899 !IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 900 &sa6_src.sin6_addr)) || (fport && inp->inp_fport != fport)) 901 continue; 902 903do_notify: 904 if (notify) { 905 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == 906 WNT_STOPUSING) 907 continue; 908 socket_lock(inp->inp_socket, 1); 909 (*notify)(inp, errno); 910 (void) in_pcb_checkstate(inp, WNT_RELEASE, 1); 911 socket_unlock(inp->inp_socket, 1); 912 } 913 } 914 lck_rw_done(pcbinfo->ipi_lock); 915} 916 917/* 918 * Lookup a PCB based on the local address and port. 919 */ 920struct inpcb * 921in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, 922 u_int lport_arg, int wild_okay) 923{ 924 struct inpcb *inp; 925 int matchwild = 3, wildcard; 926 u_short lport = lport_arg; 927 struct inpcbporthead *porthash; 928 struct inpcb *match = NULL; 929 struct inpcbport *phd; 930 931 if (!wild_okay) { 932 struct inpcbhead *head; 933 /* 934 * Look for an unconnected (wildcard foreign addr) PCB that 935 * matches the local address and port we're looking for. 936 */ 937 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 938 pcbinfo->ipi_hashmask)]; 939 LIST_FOREACH(inp, head, inp_hash) { 940 if (!(inp->inp_vflag & INP_IPV6)) 941 continue; 942 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 943 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 944 inp->inp_lport == lport) { 945 /* 946 * Found. 947 */ 948 return (inp); 949 } 950 } 951 /* 952 * Not found. 953 */ 954 return (NULL); 955 } 956 /* 957 * Best fit PCB lookup. 958 * 959 * First see if this local port is in use by looking on the 960 * port hash list. 961 */ 962 porthash = &pcbinfo->ipi_porthashbase[INP_PCBPORTHASH(lport, 963 pcbinfo->ipi_porthashmask)]; 964 LIST_FOREACH(phd, porthash, phd_hash) { 965 if (phd->phd_port == lport) 966 break; 967 } 968 if (phd != NULL) { 969 /* 970 * Port is in use by one or more PCBs. Look for best 971 * fit. 972 */ 973 LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { 974 wildcard = 0; 975 if (!(inp->inp_vflag & INP_IPV6)) 976 continue; 977 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) 978 wildcard++; 979 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 980 if (IN6_IS_ADDR_UNSPECIFIED(laddr)) 981 wildcard++; 982 else if (!IN6_ARE_ADDR_EQUAL( 983 &inp->in6p_laddr, laddr)) 984 continue; 985 } else { 986 if (!IN6_IS_ADDR_UNSPECIFIED(laddr)) 987 wildcard++; 988 } 989 if (wildcard < matchwild) { 990 match = inp; 991 matchwild = wildcard; 992 if (matchwild == 0) { 993 break; 994 } 995 } 996 } 997 } 998 return (match); 999} 1000 1001/* 1002 * Check for alternatives when higher level complains 1003 * about service problems. For now, invalidate cached 1004 * routing information. If the route was created dynamically 1005 * (by a redirect), time to try a default gateway again. 1006 */ 1007void 1008in6_losing(struct inpcb *in6p) 1009{ 1010 struct rtentry *rt; 1011 struct rt_addrinfo info; 1012 1013 if ((rt = in6p->in6p_route.ro_rt) != NULL) { 1014 RT_LOCK(rt); 1015 bzero((caddr_t)&info, sizeof (info)); 1016 info.rti_info[RTAX_DST] = 1017 (struct sockaddr *)&in6p->in6p_route.ro_dst; 1018 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 1019 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 1020 rt_missmsg(RTM_LOSING, &info, rt->rt_flags, 0); 1021 if (rt->rt_flags & RTF_DYNAMIC) { 1022 /* 1023 * Prevent another thread from modifying rt_key, 1024 * rt_gateway via rt_setgate() after the rt_lock 1025 * is dropped by marking the route as defunct. 1026 */ 1027 rt->rt_flags |= RTF_CONDEMNED; 1028 RT_UNLOCK(rt); 1029 (void) rtrequest(RTM_DELETE, rt_key(rt), 1030 rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL); 1031 } else { 1032 RT_UNLOCK(rt); 1033 } 1034 /* 1035 * A new route can be allocated 1036 * the next time output is attempted. 1037 */ 1038 } 1039 ROUTE_RELEASE(&in6p->in6p_route); 1040} 1041 1042/* 1043 * After a routing change, flush old routing 1044 * and allocate a (hopefully) better one. 1045 */ 1046void 1047in6_rtchange(struct inpcb *inp, int errno) 1048{ 1049#pragma unused(errno) 1050 /* 1051 * A new route can be allocated the next time 1052 * output is attempted. 1053 */ 1054 ROUTE_RELEASE(&inp->in6p_route); 1055} 1056 1057/* 1058 * Check if PCB exists hash list. Also returns uid and gid of socket 1059 */ 1060int 1061in6_pcblookup_hash_exists(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, 1062 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard, 1063 uid_t *uid, gid_t *gid, struct ifnet *ifp) 1064{ 1065 struct inpcbhead *head; 1066 struct inpcb *inp; 1067 u_short fport = fport_arg, lport = lport_arg; 1068 int found; 1069 1070 *uid = UID_MAX; 1071 *gid = GID_MAX; 1072 1073 lck_rw_lock_shared(pcbinfo->ipi_lock); 1074 1075 /* 1076 * First look for an exact match. 1077 */ 1078 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */, 1079 lport, fport, pcbinfo->ipi_hashmask)]; 1080 LIST_FOREACH(inp, head, inp_hash) { 1081 if (!(inp->inp_vflag & INP_IPV6)) 1082 continue; 1083 1084 if (inp_restricted(inp, ifp)) 1085 continue; 1086 1087 if (ifp != NULL && IFNET_IS_CELLULAR(ifp) && 1088 (inp->in6p_flags & INP_NO_IFT_CELLULAR)) 1089 continue; 1090 1091 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) && 1092 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 1093 inp->inp_fport == fport && 1094 inp->inp_lport == lport) { 1095 if ((found = (inp->inp_socket != NULL))) { 1096 /* 1097 * Found. Check if pcb is still valid 1098 */ 1099 *uid = kauth_cred_getuid( 1100 inp->inp_socket->so_cred); 1101 *gid = kauth_cred_getgid( 1102 inp->inp_socket->so_cred); 1103 } 1104 lck_rw_done(pcbinfo->ipi_lock); 1105 return (found); 1106 } 1107 } 1108 if (wildcard) { 1109 struct inpcb *local_wild = NULL; 1110 1111 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 1112 pcbinfo->ipi_hashmask)]; 1113 LIST_FOREACH(inp, head, inp_hash) { 1114 if (!(inp->inp_vflag & INP_IPV6)) 1115 continue; 1116 1117 if (inp_restricted(inp, ifp)) 1118 continue; 1119 1120 if (ifp != NULL && IFNET_IS_CELLULAR(ifp) && 1121 (inp->in6p_flags & INP_NO_IFT_CELLULAR)) 1122 continue; 1123 1124 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 1125 inp->inp_lport == lport) { 1126 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 1127 laddr)) { 1128 found = (inp->inp_socket != NULL); 1129 if (found) { 1130 *uid = kauth_cred_getuid( 1131 inp->inp_socket->so_cred); 1132 *gid = kauth_cred_getgid( 1133 inp->inp_socket->so_cred); 1134 } 1135 lck_rw_done(pcbinfo->ipi_lock); 1136 return (found); 1137 } else if (IN6_IS_ADDR_UNSPECIFIED( 1138 &inp->in6p_laddr)) { 1139 local_wild = inp; 1140 } 1141 } 1142 } 1143 if (local_wild) { 1144 if ((found = (local_wild->inp_socket != NULL))) { 1145 *uid = kauth_cred_getuid( 1146 local_wild->inp_socket->so_cred); 1147 *gid = kauth_cred_getgid( 1148 local_wild->inp_socket->so_cred); 1149 } 1150 lck_rw_done(pcbinfo->ipi_lock); 1151 return (found); 1152 } 1153 } 1154 1155 /* 1156 * Not found. 1157 */ 1158 lck_rw_done(pcbinfo->ipi_lock); 1159 return (0); 1160} 1161 1162/* 1163 * Lookup PCB in hash list. 1164 */ 1165struct inpcb * 1166in6_pcblookup_hash(struct inpcbinfo *pcbinfo, struct in6_addr *faddr, 1167 u_int fport_arg, struct in6_addr *laddr, u_int lport_arg, int wildcard, 1168 struct ifnet *ifp) 1169{ 1170 struct inpcbhead *head; 1171 struct inpcb *inp; 1172 u_short fport = fport_arg, lport = lport_arg; 1173 1174 lck_rw_lock_shared(pcbinfo->ipi_lock); 1175 1176 /* 1177 * First look for an exact match. 1178 */ 1179 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(faddr->s6_addr32[3] /* XXX */, 1180 lport, fport, pcbinfo->ipi_hashmask)]; 1181 LIST_FOREACH(inp, head, inp_hash) { 1182 if (!(inp->inp_vflag & INP_IPV6)) 1183 continue; 1184 1185 if (inp_restricted(inp, ifp)) 1186 continue; 1187 1188 if (ifp != NULL && IFNET_IS_CELLULAR(ifp) && 1189 (inp->in6p_flags & INP_NO_IFT_CELLULAR)) 1190 continue; 1191 1192 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, faddr) && 1193 IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && 1194 inp->inp_fport == fport && 1195 inp->inp_lport == lport) { 1196 /* 1197 * Found. Check if pcb is still valid 1198 */ 1199 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) != 1200 WNT_STOPUSING) { 1201 lck_rw_done(pcbinfo->ipi_lock); 1202 return (inp); 1203 } else { 1204 /* it's there but dead, say it isn't found */ 1205 lck_rw_done(pcbinfo->ipi_lock); 1206 return (NULL); 1207 } 1208 } 1209 } 1210 if (wildcard) { 1211 struct inpcb *local_wild = NULL; 1212 1213 head = &pcbinfo->ipi_hashbase[INP_PCBHASH(INADDR_ANY, lport, 0, 1214 pcbinfo->ipi_hashmask)]; 1215 LIST_FOREACH(inp, head, inp_hash) { 1216 if (!(inp->inp_vflag & INP_IPV6)) 1217 continue; 1218 1219 if (inp_restricted(inp, ifp)) 1220 continue; 1221 1222 if (ifp != NULL && IFNET_IS_CELLULAR(ifp) && 1223 (inp->in6p_flags & INP_NO_IFT_CELLULAR)) 1224 continue; 1225 1226 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) && 1227 inp->inp_lport == lport) { 1228 if (IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 1229 laddr)) { 1230 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 1231 0) != WNT_STOPUSING) { 1232 lck_rw_done(pcbinfo->ipi_lock); 1233 return (inp); 1234 } else { 1235 /* dead; say it isn't found */ 1236 lck_rw_done(pcbinfo->ipi_lock); 1237 return (NULL); 1238 } 1239 } else if (IN6_IS_ADDR_UNSPECIFIED( 1240 &inp->in6p_laddr)) { 1241 local_wild = inp; 1242 } 1243 } 1244 } 1245 if (local_wild && in_pcb_checkstate(local_wild, 1246 WNT_ACQUIRE, 0) != WNT_STOPUSING) { 1247 lck_rw_done(pcbinfo->ipi_lock); 1248 return (local_wild); 1249 } else { 1250 lck_rw_done(pcbinfo->ipi_lock); 1251 return (NULL); 1252 } 1253 } 1254 1255 /* 1256 * Not found. 1257 */ 1258 lck_rw_done(pcbinfo->ipi_lock); 1259 return (NULL); 1260} 1261 1262void 1263init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m) 1264{ 1265 struct ip6_hdr *ip; 1266 1267 ip = mtod(m, struct ip6_hdr *); 1268 bzero(sin6, sizeof (*sin6)); 1269 sin6->sin6_len = sizeof (*sin6); 1270 sin6->sin6_family = AF_INET6; 1271 sin6->sin6_addr = ip->ip6_src; 1272 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) { 1273 sin6->sin6_addr.s6_addr16[1] = 0; 1274 if ((m->m_pkthdr.pkt_flags & (PKTF_LOOP|PKTF_IFAINFO)) == 1275 (PKTF_LOOP|PKTF_IFAINFO)) 1276 sin6->sin6_scope_id = m->m_pkthdr.src_ifindex; 1277 else if (m->m_pkthdr.rcvif != NULL) 1278 sin6->sin6_scope_id = m->m_pkthdr.rcvif->if_index; 1279 } 1280} 1281 1282/* 1283 * The following routines implement this scheme: 1284 * 1285 * Callers of ip6_output() that intend to cache the route in the inpcb pass 1286 * a local copy of the struct route to ip6_output(). Using a local copy of 1287 * the cached route significantly simplifies things as IP no longer has to 1288 * worry about having exclusive access to the passed in struct route, since 1289 * it's defined in the caller's stack; in essence, this allows for a lock- 1290 * less operation when updating the struct route at the IP level and below, 1291 * whenever necessary. The scheme works as follows: 1292 * 1293 * Prior to dropping the socket's lock and calling ip6_output(), the caller 1294 * copies the struct route from the inpcb into its stack, and adds a reference 1295 * to the cached route entry, if there was any. The socket's lock is then 1296 * dropped and ip6_output() is called with a pointer to the copy of struct 1297 * route defined on the stack (not to the one in the inpcb.) 1298 * 1299 * Upon returning from ip6_output(), the caller then acquires the socket's 1300 * lock and synchronizes the cache; if there is no route cached in the inpcb, 1301 * it copies the local copy of struct route (which may or may not contain any 1302 * route) back into the cache; otherwise, if the inpcb has a route cached in 1303 * it, the one in the local copy will be freed, if there's any. Trashing the 1304 * cached route in the inpcb can be avoided because ip6_output() is single- 1305 * threaded per-PCB (i.e. multiple transmits on a PCB are always serialized 1306 * by the socket/transport layer.) 1307 */ 1308void 1309in6p_route_copyout(struct inpcb *inp, struct route_in6 *dst) 1310{ 1311 struct route_in6 *src = &inp->in6p_route; 1312 1313 lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED); 1314 1315 /* Minor sanity check */ 1316 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) 1317 panic("%s: wrong or corrupted route: %p", __func__, src); 1318 1319 route_copyout((struct route *)dst, (struct route *)src, sizeof (*dst)); 1320} 1321 1322void 1323in6p_route_copyin(struct inpcb *inp, struct route_in6 *src) 1324{ 1325 struct route_in6 *dst = &inp->in6p_route; 1326 1327 lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED); 1328 1329 /* Minor sanity check */ 1330 if (src->ro_rt != NULL && rt_key(src->ro_rt)->sa_family != AF_INET6) 1331 panic("%s: wrong or corrupted route: %p", __func__, src); 1332 1333 route_copyin((struct route *)src, (struct route *)dst, sizeof (*src)); 1334} 1335