in_mcast.c source code [xnu/bsd/netinet/in_mcast.c]

1	/*
2	* Copyright (c) 2010-2017 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28	/-*
29	* Copyright (c) 2007-2009 Bruce Simpson.
30	* Copyright (c) 2005 Robert N. M. Watson.
31	* All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	* 1. Redistributions of source code must retain the above copyright
37	* notice, this list of conditions and the following disclaimer.
38	* 2. Redistributions in binary form must reproduce the above copyright
39	* notice, this list of conditions and the following disclaimer in the
40	* documentation and/or other materials provided with the distribution.
41	* 3. The name of the author may not be used to endorse or promote
42	* products derived from this software without specific prior written
43	* permission.
44	*
45	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
46	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
49	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55	* SUCH DAMAGE.
56	*/
57
58	/*
59	* IPv4 multicast socket, group, and socket option processing module.
60	*/
61
62	#include <sys/cdefs.h>
63
64	#include <sys/param.h>
65	#include <sys/systm.h>
66	#include <sys/kernel.h>
67	#include <sys/malloc.h>
68	#include <sys/mbuf.h>
69	#include <sys/protosw.h>
70	#include <sys/socket.h>
71	#include <sys/socketvar.h>
72	#include <sys/protosw.h>
73	#include <sys/sysctl.h>
74	#include <sys/tree.h>
75	#include <sys/mcache.h>
76
77	#include <kern/zalloc.h>
78
79	#include <pexpert/pexpert.h>
80
81	#include <net/if.h>
82	#include <net/if_dl.h>
83	#include <net/net_api_stats.h>
84	#include <net/route.h>
85
86	#include <netinet/in.h>
87	#include <netinet/in_systm.h>
88	#include <netinet/in_pcb.h>
89	#include <netinet/in_var.h>
90	#include <netinet/ip_var.h>
91	#include <netinet/igmp_var.h>
92
93	/*
94	* Functions with non-static linkage defined in this file should be
95	* declared in in_var.h:
96	* imo_multi_filter()
97	* in_addmulti()
98	* in_delmulti()
99	* in_joingroup()
100	* in_leavegroup()
101	* and ip_var.h:
102	* inp_freemoptions()
103	* inp_getmoptions()
104	* inp_setmoptions()
105	*
106	* XXX: Both carp and pf need to use the legacy (*,G) KPIs in_addmulti()
107	* and in_delmulti().
108	*/
109	static void imf_commit(struct in_mfilter *);
110	static int imf_get_source(struct in_mfilter *imf,
111	const struct sockaddr_in *psin,
112	struct in_msource **);
113	static struct in_msource *
114	imf_graft(struct in_mfilter , const* uint8_t,
115	const struct sockaddr_in *);
116	static int imf_prune(struct in_mfilter , const* struct sockaddr_in *);
117	static void imf_rollback(struct in_mfilter *);
118	static void imf_reap(struct in_mfilter *);
119	static int imo_grow(struct ip_moptions *, size_t);
120	static size_t imo_match_group(const struct ip_moptions *,
121	const struct ifnet , const* struct sockaddr_in *);
122	static struct in_msource *
123	imo_match_source(const struct ip_moptions , const* size_t,
124	const struct sockaddr_in *);
125	static void ims_merge(struct ip_msource *ims,
126	const struct in_msource lims, const* int rollback);
127	static int in_getmulti(struct ifnet , const* struct in_addr *,
128	struct in_multi **);
129	static int in_joingroup(struct ifnet , const* struct in_addr *,
130	struct in_mfilter , struct* in_multi **);
131	static int inm_get_source(struct in_multi inm, const* in_addr_t haddr,
132	const int noalloc, struct ip_msource **pims);
133	static int inm_is_ifp_detached(const struct in_multi *);
134	static int inm_merge(struct in_multi , /const/* struct in_mfilter *);
135	static void inm_reap(struct in_multi *);
136	static struct ip_moptions *
137	inp_findmoptions(struct inpcb *);
138	static int inp_get_source_filters(struct inpcb , struct* sockopt *);
139	static struct ifnet *
140	inp_lookup_mcast_ifp(const struct inpcb *,
141	const struct sockaddr_in , const* struct in_addr);
142	static int inp_block_unblock_source(struct inpcb , struct* sockopt *);
143	static int inp_set_multicast_if(struct inpcb , struct* sockopt *);
144	static int inp_set_source_filters(struct inpcb , struct* sockopt *);
145	static int sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS;
146	static struct ifnet * ip_multicast_if(struct in_addr , unsigned* int *);
147	static __inline__ int ip_msource_cmp(const struct ip_msource *,
148	const struct ip_msource *);
149
150	SYSCTL_NODE(_net_inet_ip, OID_AUTO, mcast, CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "IPv4 multicast");
151
152	static u_long in_mcast_maxgrpsrc = IP_MAX_GROUP_SRC_FILTER;
153	SYSCTL_LONG(_net_inet_ip_mcast, OID_AUTO, maxgrpsrc,
154	CTLFLAG_RW \| CTLFLAG_LOCKED, &in_mcast_maxgrpsrc, "Max source filters per group");
155
156	static u_long in_mcast_maxsocksrc = IP_MAX_SOCK_SRC_FILTER;
157	SYSCTL_LONG(_net_inet_ip_mcast, OID_AUTO, maxsocksrc,
158	CTLFLAG_RW \| CTLFLAG_LOCKED, &in_mcast_maxsocksrc,
159	"Max source filters per socket");
160
161	int in_mcast_loop = IP_DEFAULT_MULTICAST_LOOP;
162	SYSCTL_INT(_net_inet_ip_mcast, OID_AUTO, loop, CTLFLAG_RW \| CTLFLAG_LOCKED,
163	&in_mcast_loop, `0`, "Loopback multicast datagrams by default");
164
165	SYSCTL_NODE(_net_inet_ip_mcast, OID_AUTO, filters,
166	CTLFLAG_RD \| CTLFLAG_LOCKED, sysctl_ip_mcast_filters,
167	"Per-interface stack-wide source filters");
168
169	RB_GENERATE_PREV(ip_msource_tree, ip_msource, ims_link, ip_msource_cmp);
170
171	#define INM_TRACE_HIST_SIZE 32 /* size of trace history */
172
173	/ For gdb /
174	__private_extern__ unsigned int inm_trace_hist_size = INM_TRACE_HIST_SIZE;
175
176	struct in_multi_dbg {
177	struct in_multi inm; / in_multi /
178	u_int16_t inm_refhold_cnt; / # of ref /
179	u_int16_t inm_refrele_cnt; / # of rele /
180	/*
181	* Circular lists of inm_addref and inm_remref callers.
182	*/
183	ctrace_t inm_refhold[INM_TRACE_HIST_SIZE];
184	ctrace_t inm_refrele[INM_TRACE_HIST_SIZE];
185	/*
186	* Trash list linkage
187	*/
188	TAILQ_ENTRY(in_multi_dbg) inm_trash_link;
189	};
190
191	/ List of trash in_multi entries protected by inm_trash_lock /
192	static TAILQ_HEAD(, in_multi_dbg) inm_trash_head;
193	static decl_lck_mtx_data(, inm_trash_lock);
194
195	#define INM_ZONE_MAX 64 /* maximum elements in zone */
196	#define INM_ZONE_NAME "in_multi" /* zone name */
197
198	#if DEBUG
199	static unsigned int inm_debug = `1`; / debugging (enabled) /
200	#else
201	static unsigned int inm_debug; / debugging (disabled) /
202	#endif /* !DEBUG */
203	static unsigned int inm_size; / size of zone element /
204	static struct zone inm_zone; /* zone for in_multi /
205
206	#define IPMS_ZONE_MAX 64 /* maximum elements in zone */
207	#define IPMS_ZONE_NAME "ip_msource" /* zone name */
208
209	static unsigned int ipms_size; / size of zone element /
210	static struct zone ipms_zone; /* zone for ip_msource /
211
212	#define INMS_ZONE_MAX 64 /* maximum elements in zone */
213	#define INMS_ZONE_NAME "in_msource" /* zone name */
214
215	static unsigned int inms_size; / size of zone element /
216	static struct zone inms_zone; /* zone for in_msource /
217
218	/ Lock group and attribute for in_multihead_lock lock /
219	static lck_attr_t *in_multihead_lock_attr;
220	static lck_grp_t *in_multihead_lock_grp;
221	static lck_grp_attr_t *in_multihead_lock_grp_attr;
222
223	static decl_lck_rw_data(, in_multihead_lock);
224	struct in_multihead in_multihead;
225
226	static struct in_multi in_multi_alloc(int*);
227	static void in_multi_free(struct in_multi *);
228	static void in_multi_attach(struct in_multi *);
229	static void inm_trace(struct in_multi , int*);
230
231	static struct ip_msource ipms_alloc(int*);
232	static void ipms_free(struct ip_msource *);
233	static struct in_msource inms_alloc(int*);
234	static void inms_free(struct in_msource *);
235
236	static __inline int
237	ip_msource_cmp(const struct ip_msource a, const* struct ip_msource *b)
238	{
239
240	if (a->ims_haddr < b->ims_haddr)
241	return (-`1`);
242	if (a->ims_haddr == b->ims_haddr)
243	return (`0`);
244	return (`1`);
245	}
246
247	/*
248	* Inline function which wraps assertions for a valid ifp.
249	*/
250	static __inline__ int
251	inm_is_ifp_detached(const struct in_multi *inm)
252	{
253	VERIFY(inm->inm_ifma != NULL);
254	VERIFY(inm->inm_ifp == inm->inm_ifma->ifma_ifp);
255
256	return (!ifnet_is_attached(inm->inm_ifp, `0`));
257	}
258
259	/*
260	* Initialize an in_mfilter structure to a known state at t0, t1
261	* with an empty source filter list.
262	*/
263	static __inline__ void
264	imf_init(struct in_mfilter imf, const* int st0, const int st1)
265	{
266	memset(imf, `0`, sizeof(struct in_mfilter));
267	RB_INIT(&imf->imf_sources);
268	imf->imf_st[`0`] = st0;
269	imf->imf_st[`1`] = st1;
270	}
271
272	/*
273	* Resize the ip_moptions vector to the next power-of-two minus 1.
274	*/
275	static int
276	imo_grow(struct ip_moptions *imo, size_t newmax)
277	{
278	struct in_multi **nmships;
279	struct in_multi **omships;
280	struct in_mfilter *nmfilters;
281	struct in_mfilter *omfilters;
282	size_t idx;
283	size_t oldmax;
284
285	IMO_LOCK_ASSERT_HELD(imo);
286
287	nmships = NULL;
288	nmfilters = NULL;
289	omships = imo->imo_membership;
290	omfilters = imo->imo_mfilters;
291	oldmax = imo->imo_max_memberships;
292	if (newmax == `0`)
293	newmax = ((oldmax + `1`) * `2`) - `1`;
294
295	if (newmax > IP_MAX_MEMBERSHIPS)
296	return (ETOOMANYREFS);
297
298	if ((nmships = (struct in_multi **)_REALLOC(omships,
299	sizeof (struct in_multi ) newmax, M_IPMOPTS,
300	M_WAITOK \| M_ZERO)) == NULL)
301	return (ENOMEM);
302
303	imo->imo_membership = nmships;
304
305	if ((nmfilters = (struct in_mfilter *)_REALLOC(omfilters,
306	sizeof (struct in_mfilter) * newmax, M_INMFILTER,
307	M_WAITOK \| M_ZERO)) == NULL)
308	return (ENOMEM);
309
310	imo->imo_mfilters = nmfilters;
311
312	/ Initialize newly allocated source filter heads. /
313	for (idx = oldmax; idx < newmax; idx++)
314	imf_init(&nmfilters[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
315
316	imo->imo_max_memberships = newmax;
317
318	return (`0`);
319	}
320
321	/*
322	* Find an IPv4 multicast group entry for this ip_moptions instance
323	* which matches the specified group, and optionally an interface.
324	* Return its index into the array, or -1 if not found.
325	*/
326	static size_t
327	imo_match_group(const struct ip_moptions imo, const* struct ifnet *ifp,
328	const struct sockaddr_in *group)
329	{
330	struct in_multi *pinm;
331	int idx;
332	int nmships;
333
334	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
335
336
337	/ The imo_membership array may be lazy allocated. /
338	if (imo->imo_membership == NULL \|\| imo->imo_num_memberships == `0`)
339	return (-`1`);
340
341	nmships = imo->imo_num_memberships;
342	for (idx = `0`; idx < nmships; idx++) {
343	pinm = imo->imo_membership[idx];
344	if (pinm == NULL)
345	continue;
346	INM_LOCK(pinm);
347	if ((ifp == NULL \|\| (pinm->inm_ifp == ifp)) &&
348	in_hosteq(pinm->inm_addr, group->sin_addr)) {
349	INM_UNLOCK(pinm);
350	break;
351	}
352	INM_UNLOCK(pinm);
353	}
354	if (idx >= nmships)
355	idx = -`1`;
356
357	return (idx);
358	}
359
360	/*
361	* Find an IPv4 multicast source entry for this imo which matches
362	* the given group index for this socket, and source address.
363	*
364	* NOTE: This does not check if the entry is in-mode, merely if
365	* it exists, which may not be the desired behaviour.
366	*/
367	static struct in_msource *
368	imo_match_source(const struct ip_moptions imo, const* size_t gidx,
369	const struct sockaddr_in *src)
370	{
371	struct ip_msource find;
372	struct in_mfilter *imf;
373	struct ip_msource *ims;
374
375	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
376
377	VERIFY(src->sin_family == AF_INET);
378	VERIFY(gidx != (size_t)-`1` && gidx < imo->imo_num_memberships);
379
380	/ The imo_mfilters array may be lazy allocated. /
381	if (imo->imo_mfilters == NULL)
382	return (NULL);
383	imf = &imo->imo_mfilters[gidx];
384
385	/ Source trees are keyed in host byte order. /
386	find.ims_haddr = ntohl(src->sin_addr.s_addr);
387	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
388
389	return ((struct in_msource *)ims);
390	}
391
392	/*
393	* Perform filtering for multicast datagrams on a socket by group and source.
394	*
395	* Returns 0 if a datagram should be allowed through, or various error codes
396	* if the socket was not a member of the group, or the source was muted, etc.
397	*/
398	int
399	imo_multi_filter(const struct ip_moptions imo, const* struct ifnet *ifp,
400	const struct sockaddr_in group, const* struct sockaddr_in *src)
401	{
402	size_t gidx;
403	struct in_msource *ims;
404	int mode;
405
406	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
407	VERIFY(ifp != NULL);
408
409	gidx = imo_match_group(imo, ifp, group);
410	if (gidx == (size_t)-`1`)
411	return (MCAST_NOTGMEMBER);
412
413	/*
414	* Check if the source was included in an (S,G) join.
415	* Allow reception on exclusive memberships by default,
416	* reject reception on inclusive memberships by default.
417	* Exclude source only if an in-mode exclude filter exists.
418	* Include source only if an in-mode include filter exists.
419	* NOTE: We are comparing group state here at IGMP t1 (now)
420	* with socket-layer t0 (since last downcall).
421	*/
422	mode = imo->imo_mfilters[gidx].imf_st[`1`];
423	ims = imo_match_source(imo, gidx, src);
424
425	if ((ims == NULL && mode == MCAST_INCLUDE) \|\|
426	(ims != NULL && ims->imsl_st[`0`] != mode)) {
427	return (MCAST_NOTSMEMBER);
428	}
429
430	return (MCAST_PASS);
431	}
432
433	int
434	imo_clone(struct inpcb from_inp, struct* inpcb *to_inp)
435	{
436	int i, err = `0`;
437	struct ip_moptions *from;
438	struct ip_moptions *to;
439
440	from = inp_findmoptions(from_inp);
441	if (from == NULL)
442	return (ENOMEM);
443
444	to = inp_findmoptions(to_inp);
445	if (to == NULL) {
446	IMO_REMREF(from);
447	return (ENOMEM);
448	}
449
450	IMO_LOCK(from);
451	IMO_LOCK(to);
452
453	to->imo_multicast_ifp = from->imo_multicast_ifp;
454	to->imo_multicast_vif = from->imo_multicast_vif;
455	to->imo_multicast_ttl = from->imo_multicast_ttl;
456	to->imo_multicast_loop = from->imo_multicast_loop;
457
458	/*
459	* We're cloning, so drop any existing memberships and source
460	* filters on the destination ip_moptions.
461	*/
462	for (i = `0`; i < to->imo_num_memberships; ++i) {
463	struct in_mfilter *imf;
464
465	imf = to->imo_mfilters ? &to->imo_mfilters[i] : NULL;
466	if (imf != NULL)
467	imf_leave(imf);
468
469	(void) in_leavegroup(to->imo_membership[i], imf);
470
471	if (imf != NULL)
472	imf_purge(imf);
473
474	INM_REMREF(to->imo_membership[i]);
475	to->imo_membership[i] = NULL;
476	}
477	to->imo_num_memberships = `0`;
478
479	VERIFY(to->imo_max_memberships != `0` && from->imo_max_memberships != `0`);
480	if (to->imo_max_memberships < from->imo_max_memberships) {
481	/*
482	* Ensure source and destination ip_moptions memberships
483	* and source filters arrays are at least equal in size.
484	*/
485	err = imo_grow(to, from->imo_max_memberships);
486	if (err != `0`)
487	goto done;
488	}
489	VERIFY(to->imo_max_memberships >= from->imo_max_memberships);
490
491	/*
492	* Source filtering doesn't apply to OpenTransport socket,
493	* so simply hold additional reference count per membership.
494	*/
495	for (i = `0`; i < from->imo_num_memberships; i++) {
496	to->imo_membership[i] =
497	in_addmulti(&from->imo_membership[i]->inm_addr,
498	from->imo_membership[i]->inm_ifp);
499	if (to->imo_membership[i] == NULL)
500	break;
501	to->imo_num_memberships++;
502	}
503	VERIFY(to->imo_num_memberships == from->imo_num_memberships);
504
505	done:
506	IMO_UNLOCK(to);
507	IMO_REMREF(to);
508	IMO_UNLOCK(from);
509	IMO_REMREF(from);
510
511	return (err);
512	}
513
514	/*
515	* Find and return a reference to an in_multi record for (ifp, group),
516	* and bump its reference count.
517	* If one does not exist, try to allocate it, and update link-layer multicast
518	* filters on ifp to listen for group.
519	* Return 0 if successful, otherwise return an appropriate error code.
520	*/
521	static int
522	in_getmulti(struct ifnet ifp, const* struct in_addr *group,
523	struct in_multi **pinm)
524	{
525	struct sockaddr_in gsin;
526	struct ifmultiaddr *ifma;
527	struct in_multi *inm;
528	int error;
529
530	in_multihead_lock_shared();
531	IN_LOOKUP_MULTI(group, ifp, inm);
532	if (inm != NULL) {
533	INM_LOCK(inm);
534	VERIFY(inm->inm_reqcnt >= `1`);
535	inm->inm_reqcnt++;
536	VERIFY(inm->inm_reqcnt != `0`);
537	*pinm = inm;
538	INM_UNLOCK(inm);
539	in_multihead_lock_done();
540	/*
541	* We already joined this group; return the inm
542	* with a refcount held (via lookup) for caller.
543	*/
544	return (`0`);
545	}
546	in_multihead_lock_done();
547
548	bzero(&gsin, sizeof(gsin));
549	gsin.sin_family = AF_INET;
550	gsin.sin_len = sizeof(struct sockaddr_in);
551	gsin.sin_addr = *group;
552
553	/*
554	* Check if a link-layer group is already associated
555	* with this network-layer group on the given ifnet.
556	*/
557	error = if_addmulti(ifp, (struct sockaddr *)&gsin, &ifma);
558	if (error != `0`)
559	return (error);
560
561	/*
562	* See comments in inm_remref() for access to ifma_protospec.
563	*/
564	in_multihead_lock_exclusive();
565	IFMA_LOCK(ifma);
566	if ((inm = ifma->ifma_protospec) != NULL) {
567	VERIFY(ifma->ifma_addr != NULL);
568	VERIFY(ifma->ifma_addr->sa_family == AF_INET);
569	INM_ADDREF(inm); / for caller /
570	IFMA_UNLOCK(ifma);
571	INM_LOCK(inm);
572	VERIFY(inm->inm_ifma == ifma);
573	VERIFY(inm->inm_ifp == ifp);
574	VERIFY(in_hosteq(inm->inm_addr, *group));
575	if (inm->inm_debug & IFD_ATTACHED) {
576	VERIFY(inm->inm_reqcnt >= `1`);
577	inm->inm_reqcnt++;
578	VERIFY(inm->inm_reqcnt != `0`);
579	*pinm = inm;
580	INM_UNLOCK(inm);
581	in_multihead_lock_done();
582	IFMA_REMREF(ifma);
583	/*
584	* We lost the race with another thread doing
585	* in_getmulti(); since this group has already
586	* been joined; return the inm with a refcount
587	* held for caller.
588	*/
589	return (`0`);
590	}
591	/*
592	* We lost the race with another thread doing in_delmulti();
593	* the inm referring to the ifma has been detached, thus we
594	* reattach it back to the in_multihead list and return the
595	* inm with a refcount held for the caller.
596	*/
597	in_multi_attach(inm);
598	VERIFY((inm->inm_debug &
599	(IFD_ATTACHED \| IFD_TRASHED)) == IFD_ATTACHED);
600	*pinm = inm;
601	INM_UNLOCK(inm);
602	in_multihead_lock_done();
603	IFMA_REMREF(ifma);
604	return (`0`);
605	}
606	IFMA_UNLOCK(ifma);
607
608	/*
609	* A new in_multi record is needed; allocate and initialize it.
610	* We DO NOT perform an IGMP join as the in_ layer may need to
611	* push an initial source list down to IGMP to support SSM.
612	*
613	* The initial source filter state is INCLUDE, {} as per the RFC.
614	*/
615	inm = in_multi_alloc(M_WAITOK);
616	if (inm == NULL) {
617	in_multihead_lock_done();
618	IFMA_REMREF(ifma);
619	return (ENOMEM);
620	}
621	INM_LOCK(inm);
622	inm->inm_addr = *group;
623	inm->inm_ifp = ifp;
624	inm->inm_igi = IGMP_IFINFO(ifp);
625	VERIFY(inm->inm_igi != NULL);
626	IGI_ADDREF(inm->inm_igi);
627	inm->inm_ifma = ifma; / keep refcount from if_addmulti() /
628	inm->inm_state = IGMP_NOT_MEMBER;
629	/*
630	* Pending state-changes per group are subject to a bounds check.
631	*/
632	inm->inm_scq.ifq_maxlen = IGMP_MAX_STATE_CHANGES;
633	inm->inm_st[`0`].iss_fmode = MCAST_UNDEFINED;
634	inm->inm_st[`1`].iss_fmode = MCAST_UNDEFINED;
635	RB_INIT(&inm->inm_srcs);
636	*pinm = inm;
637	in_multi_attach(inm);
638	VERIFY((inm->inm_debug & (IFD_ATTACHED \| IFD_TRASHED)) == IFD_ATTACHED);
639	INM_ADDREF_LOCKED(inm); / for caller /
640	INM_UNLOCK(inm);
641
642	IFMA_LOCK(ifma);
643	VERIFY(ifma->ifma_protospec == NULL);
644	ifma->ifma_protospec = inm;
645	IFMA_UNLOCK(ifma);
646	in_multihead_lock_done();
647
648	return (`0`);
649	}
650
651	/*
652	* Clear recorded source entries for a group.
653	* Used by the IGMP code.
654	* FIXME: Should reap.
655	*/
656	void
657	inm_clear_recorded(struct in_multi *inm)
658	{
659	struct ip_msource *ims;
660
661	INM_LOCK_ASSERT_HELD(inm);
662
663	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
664	if (ims->ims_stp) {
665	ims->ims_stp = `0`;
666	--inm->inm_st[`1`].iss_rec;
667	}
668	}
669	VERIFY(inm->inm_st[`1`].iss_rec == `0`);
670	}
671
672	/*
673	* Record a source as pending for a Source-Group IGMPv3 query.
674	* This lives here as it modifies the shared tree.
675	*
676	* inm is the group descriptor.
677	* naddr is the address of the source to record in network-byte order.
678	*
679	* If the net.inet.igmp.sgalloc sysctl is non-zero, we will
680	* lazy-allocate a source node in response to an SG query.
681	* Otherwise, no allocation is performed. This saves some memory
682	* with the trade-off that the source will not be reported to the
683	* router if joined in the window between the query response and
684	* the group actually being joined on the local host.
685	*
686	* Return 0 if the source didn't exist or was already marked as recorded.
687	* Return 1 if the source was marked as recorded by this function.
688	* Return <0 if any error occured (negated errno code).
689	*/
690	int
691	inm_record_source(struct in_multi inm, const* in_addr_t naddr)
692	{
693	struct ip_msource find;
694	struct ip_msource ims, nims;
695
696	INM_LOCK_ASSERT_HELD(inm);
697
698	find.ims_haddr = ntohl(naddr);
699	ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
700	if (ims && ims->ims_stp)
701	return (`0`);
702	if (ims == NULL) {
703	if (inm->inm_nsrc == in_mcast_maxgrpsrc)
704	return (-ENOSPC);
705	nims = ipms_alloc(M_WAITOK);
706	if (nims == NULL)
707	return (-ENOMEM);
708	nims->ims_haddr = find.ims_haddr;
709	RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
710	++inm->inm_nsrc;
711	ims = nims;
712	}
713
714	/*
715	* Mark the source as recorded and update the recorded
716	* source count.
717	*/
718	++ims->ims_stp;
719	++inm->inm_st[`1`].iss_rec;
720
721	return (`1`);
722	}
723
724	/*
725	* Return a pointer to an in_msource owned by an in_mfilter,
726	* given its source address.
727	* Lazy-allocate if needed. If this is a new entry its filter state is
728	* undefined at t0.
729	*
730	* imf is the filter set being modified.
731	* haddr is the source address in host byte-order.
732	*
733	* Caller is expected to be holding imo_lock.
734	*/
735	static int
736	imf_get_source(struct in_mfilter imf, const* struct sockaddr_in *psin,
737	struct in_msource **plims)
738	{
739	struct ip_msource find;
740	struct ip_msource *ims;
741	struct in_msource *lims;
742	int error;
743
744	error = `0`;
745	ims = NULL;
746	lims = NULL;
747
748	/ key is host byte order /
749	find.ims_haddr = ntohl(psin->sin_addr.s_addr);
750	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
751	lims = (struct in_msource *)ims;
752	if (lims == NULL) {
753	if (imf->imf_nsrc == in_mcast_maxsocksrc)
754	return (ENOSPC);
755	lims = inms_alloc(M_WAITOK);
756	if (lims == NULL)
757	return (ENOMEM);
758	lims->ims_haddr = find.ims_haddr;
759	lims->imsl_st[`0`] = MCAST_UNDEFINED;
760	RB_INSERT(ip_msource_tree, &imf->imf_sources,
761	(struct ip_msource *)lims);
762	++imf->imf_nsrc;
763	}
764
765	*plims = lims;
766
767	return (error);
768	}
769
770	/*
771	* Graft a source entry into an existing socket-layer filter set,
772	* maintaining any required invariants and checking allocations.
773	*
774	* The source is marked as being in the new filter mode at t1.
775	*
776	* Return the pointer to the new node, otherwise return NULL.
777	*
778	* Caller is expected to be holding imo_lock.
779	*/
780	static struct in_msource *
781	imf_graft(struct in_mfilter imf, const* uint8_t st1,
782	const struct sockaddr_in *psin)
783	{
784	struct in_msource *lims;
785
786	lims = inms_alloc(M_WAITOK);
787	if (lims == NULL)
788	return (NULL);
789	lims->ims_haddr = ntohl(psin->sin_addr.s_addr);
790	lims->imsl_st[`0`] = MCAST_UNDEFINED;
791	lims->imsl_st[`1`] = st1;
792	RB_INSERT(ip_msource_tree, &imf->imf_sources,
793	(struct ip_msource *)lims);
794	++imf->imf_nsrc;
795
796	return (lims);
797	}
798
799	/*
800	* Prune a source entry from an existing socket-layer filter set,
801	* maintaining any required invariants and checking allocations.
802	*
803	* The source is marked as being left at t1, it is not freed.
804	*
805	* Return 0 if no error occurred, otherwise return an errno value.
806	*
807	* Caller is expected to be holding imo_lock.
808	*/
809	static int
810	imf_prune(struct in_mfilter imf, const* struct sockaddr_in *psin)
811	{
812	struct ip_msource find;
813	struct ip_msource *ims;
814	struct in_msource *lims;
815
816	/ key is host byte order /
817	find.ims_haddr = ntohl(psin->sin_addr.s_addr);
818	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
819	if (ims == NULL)
820	return (ENOENT);
821	lims = (struct in_msource *)ims;
822	lims->imsl_st[`1`] = MCAST_UNDEFINED;
823	return (`0`);
824	}
825
826	/*
827	* Revert socket-layer filter set deltas at t1 to t0 state.
828	*
829	* Caller is expected to be holding imo_lock.
830	*/
831	static void
832	imf_rollback(struct in_mfilter *imf)
833	{
834	struct ip_msource ims, tims;
835	struct in_msource *lims;
836
837	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
838	lims = (struct in_msource *)ims;
839	if (lims->imsl_st[`0`] == lims->imsl_st[`1`]) {
840	/ no change at t1 /
841	continue;
842	} else if (lims->imsl_st[`0`] != MCAST_UNDEFINED) {
843	/ revert change to existing source at t1 /
844	lims->imsl_st[`1`] = lims->imsl_st[`0`];
845	} else {
846	/ revert source added t1 /
847	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
848	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
849	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
850	inms_free(lims);
851	imf->imf_nsrc--;
852	}
853	}
854	imf->imf_st[`1`] = imf->imf_st[`0`];
855	}
856
857	/*
858	* Mark socket-layer filter set as INCLUDE {} at t1.
859	*
860	* Caller is expected to be holding imo_lock.
861	*/
862	void
863	imf_leave(struct in_mfilter *imf)
864	{
865	struct ip_msource *ims;
866	struct in_msource *lims;
867
868	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
869	lims = (struct in_msource *)ims;
870	lims->imsl_st[`1`] = MCAST_UNDEFINED;
871	}
872	imf->imf_st[`1`] = MCAST_INCLUDE;
873	}
874
875	/*
876	* Mark socket-layer filter set deltas as committed.
877	*
878	* Caller is expected to be holding imo_lock.
879	*/
880	static void
881	imf_commit(struct in_mfilter *imf)
882	{
883	struct ip_msource *ims;
884	struct in_msource *lims;
885
886	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
887	lims = (struct in_msource *)ims;
888	lims->imsl_st[`0`] = lims->imsl_st[`1`];
889	}
890	imf->imf_st[`0`] = imf->imf_st[`1`];
891	}
892
893	/*
894	* Reap unreferenced sources from socket-layer filter set.
895	*
896	* Caller is expected to be holding imo_lock.
897	*/
898	static void
899	imf_reap(struct in_mfilter *imf)
900	{
901	struct ip_msource ims, tims;
902	struct in_msource *lims;
903
904	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
905	lims = (struct in_msource *)ims;
906	if ((lims->imsl_st[`0`] == MCAST_UNDEFINED) &&
907	(lims->imsl_st[`1`] == MCAST_UNDEFINED)) {
908	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
909	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
910	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
911	inms_free(lims);
912	imf->imf_nsrc--;
913	}
914	}
915	}
916
917	/*
918	* Purge socket-layer filter set.
919	*
920	* Caller is expected to be holding imo_lock.
921	*/
922	void
923	imf_purge(struct in_mfilter *imf)
924	{
925	struct ip_msource ims, tims;
926	struct in_msource *lims;
927
928	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
929	lims = (struct in_msource *)ims;
930	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
931	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
932	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
933	inms_free(lims);
934	imf->imf_nsrc--;
935	}
936	imf->imf_st[`0`] = imf->imf_st[`1`] = MCAST_UNDEFINED;
937	VERIFY(RB_EMPTY(&imf->imf_sources));
938	}
939
940	/*
941	* Look up a source filter entry for a multicast group.
942	*
943	* inm is the group descriptor to work with.
944	* haddr is the host-byte-order IPv4 address to look up.
945	* noalloc may be non-zero to suppress allocation of sources.
946	* *pims will be set to the address of the retrieved or allocated source.
947	*
948	* Return 0 if successful, otherwise return a non-zero error code.
949	*/
950	static int
951	inm_get_source(struct in_multi inm, const* in_addr_t haddr,
952	const int noalloc, struct ip_msource **pims)
953	{
954	struct ip_msource find;
955	struct ip_msource ims, nims;
956	#ifdef IGMP_DEBUG
957	struct in_addr ia;
958	char buf[MAX_IPv4_STR_LEN];
959	#endif
960	INM_LOCK_ASSERT_HELD(inm);
961
962	find.ims_haddr = haddr;
963	ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
964	if (ims == NULL && !noalloc) {
965	if (inm->inm_nsrc == in_mcast_maxgrpsrc)
966	return (ENOSPC);
967	nims = ipms_alloc(M_WAITOK);
968	if (nims == NULL)
969	return (ENOMEM);
970	nims->ims_haddr = haddr;
971	RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
972	++inm->inm_nsrc;
973	ims = nims;
974	#ifdef IGMP_DEBUG
975	ia.s_addr = htonl(haddr);
976	inet_ntop(AF_INET, &ia, buf, sizeof(buf));
977	IGMP_PRINTF(("%s: allocated %s as 0x%llx\n", __func__,
978	buf, (uint64_t)VM_KERNEL_ADDRPERM(ims)));
979	#endif
980	}
981
982	*pims = ims;
983	return (`0`);
984	}
985
986	/*
987	* Helper function to derive the filter mode on a source entry
988	* from its internal counters. Predicates are:
989	* A source is only excluded if all listeners exclude it.
990	* A source is only included if no listeners exclude it,
991	* and at least one listener includes it.
992	* May be used by ifmcstat(8).
993	*/
994	uint8_t
995	ims_get_mode(const struct in_multi inm, const* struct ip_msource *ims,
996	uint8_t t)
997	{
998	INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
999
1000	t = !!t;
1001	if (inm->inm_st[t].iss_ex > `0` &&
1002	inm->inm_st[t].iss_ex == ims->ims_st[t].ex)
1003	return (MCAST_EXCLUDE);
1004	else if (ims->ims_st[t].in > `0` && ims->ims_st[t].ex == `0`)
1005	return (MCAST_INCLUDE);
1006	return (MCAST_UNDEFINED);
1007	}
1008
1009	/*
1010	* Merge socket-layer source into IGMP-layer source.
1011	* If rollback is non-zero, perform the inverse of the merge.
1012	*/
1013	static void
1014	ims_merge(struct ip_msource ims, const* struct in_msource *lims,
1015	const int rollback)
1016	{
1017	int n = rollback ? -`1` : `1`;
1018	#ifdef IGMP_DEBUG
1019	struct in_addr ia;
1020
1021	ia.s_addr = htonl(ims->ims_haddr);
1022	#endif
1023
1024	if (lims->imsl_st[`0`] == MCAST_EXCLUDE) {
1025	IGMP_INET_PRINTF(ia,
1026	("%s: t1 ex -= %d on %s\n",
1027	__func__, n, _igmp_inet_buf));
1028	ims->ims_st[`1`].ex -= n;
1029	} else if (lims->imsl_st[`0`] == MCAST_INCLUDE) {
1030	IGMP_INET_PRINTF(ia,
1031	("%s: t1 in -= %d on %s\n",
1032	__func__, n, _igmp_inet_buf));
1033	ims->ims_st[`1`].in -= n;
1034	}
1035
1036	if (lims->imsl_st[`1`] == MCAST_EXCLUDE) {
1037	IGMP_INET_PRINTF(ia,
1038	("%s: t1 ex += %d on %s\n",
1039	__func__, n, _igmp_inet_buf));
1040	ims->ims_st[`1`].ex += n;
1041	} else if (lims->imsl_st[`1`] == MCAST_INCLUDE) {
1042	IGMP_INET_PRINTF(ia,
1043	("%s: t1 in += %d on %s\n",
1044	__func__, n, _igmp_inet_buf));
1045	ims->ims_st[`1`].in += n;
1046	}
1047	}
1048
1049	/*
1050	* Atomically update the global in_multi state, when a membership's
1051	* filter list is being updated in any way.
1052	*
1053	* imf is the per-inpcb-membership group filter pointer.
1054	* A fake imf may be passed for in-kernel consumers.
1055	*
1056	* XXX This is a candidate for a set-symmetric-difference style loop
1057	* which would eliminate the repeated lookup from root of ims nodes,
1058	* as they share the same key space.
1059	*
1060	* If any error occurred this function will back out of refcounts
1061	* and return a non-zero value.
1062	*/
1063	static int
1064	inm_merge(struct in_multi inm, /const/* struct in_mfilter *imf)
1065	{
1066	struct ip_msource ims, nims = NULL;
1067	struct in_msource *lims;
1068	int schanged, error;
1069	int nsrc0, nsrc1;
1070
1071	INM_LOCK_ASSERT_HELD(inm);
1072
1073	schanged = `0`;
1074	error = `0`;
1075	nsrc1 = nsrc0 = `0`;
1076
1077	/*
1078	* Update the source filters first, as this may fail.
1079	* Maintain count of in-mode filters at t0, t1. These are
1080	* used to work out if we transition into ASM mode or not.
1081	* Maintain a count of source filters whose state was
1082	* actually modified by this operation.
1083	*/
1084	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1085	lims = (struct in_msource *)ims;
1086	if (lims->imsl_st[`0`] == imf->imf_st[`0`]) nsrc0++;
1087	if (lims->imsl_st[`1`] == imf->imf_st[`1`]) nsrc1++;
1088	if (lims->imsl_st[`0`] == lims->imsl_st[`1`]) continue;
1089	error = inm_get_source(inm, lims->ims_haddr, `0`, &nims);
1090	++schanged;
1091	if (error)
1092	break;
1093	ims_merge(nims, lims, `0`);
1094	}
1095	if (error) {
1096	struct ip_msource *bims;
1097
1098	RB_FOREACH_REVERSE_FROM(ims, ip_msource_tree, nims) {
1099	lims = (struct in_msource *)ims;
1100	if (lims->imsl_st[`0`] == lims->imsl_st[`1`])
1101	continue;
1102	(void) inm_get_source(inm, lims->ims_haddr, `1`, &bims);
1103	if (bims == NULL)
1104	continue;
1105	ims_merge(bims, lims, `1`);
1106	}
1107	goto out_reap;
1108	}
1109
1110	IGMP_PRINTF(("%s: imf filters in-mode: %d at t0, %d at t1\n",
1111	__func__, nsrc0, nsrc1));
1112
1113	/ Handle transition between INCLUDE {n} and INCLUDE {} on socket. /
1114	if (imf->imf_st[`0`] == imf->imf_st[`1`] &&
1115	imf->imf_st[`1`] == MCAST_INCLUDE) {
1116	if (nsrc1 == `0`) {
1117	IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1118	--inm->inm_st[`1`].iss_in;
1119	}
1120	}
1121
1122	/ Handle filter mode transition on socket. /
1123	if (imf->imf_st[`0`] != imf->imf_st[`1`]) {
1124	IGMP_PRINTF(("%s: imf transition %d to %d\n",
1125	__func__, imf->imf_st[`0`], imf->imf_st[`1`]));
1126
1127	if (imf->imf_st[`0`] == MCAST_EXCLUDE) {
1128	IGMP_PRINTF(("%s: --ex on inm at t1\n", __func__));
1129	--inm->inm_st[`1`].iss_ex;
1130	} else if (imf->imf_st[`0`] == MCAST_INCLUDE) {
1131	IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1132	--inm->inm_st[`1`].iss_in;
1133	}
1134
1135	if (imf->imf_st[`1`] == MCAST_EXCLUDE) {
1136	IGMP_PRINTF(("%s: ex++ on inm at t1\n", __func__));
1137	inm->inm_st[`1`].iss_ex++;
1138	} else if (imf->imf_st[`1`] == MCAST_INCLUDE && nsrc1 > `0`) {
1139	IGMP_PRINTF(("%s: in++ on inm at t1\n", __func__));
1140	inm->inm_st[`1`].iss_in++;
1141	}
1142	}
1143
1144	/*
1145	* Track inm filter state in terms of listener counts.
1146	* If there are any exclusive listeners, stack-wide
1147	* membership is exclusive.
1148	* Otherwise, if only inclusive listeners, stack-wide is inclusive.
1149	* If no listeners remain, state is undefined at t1,
1150	* and the IGMP lifecycle for this group should finish.
1151	*/
1152	if (inm->inm_st[`1`].iss_ex > `0`) {
1153	IGMP_PRINTF(("%s: transition to EX\n", __func__));
1154	inm->inm_st[`1`].iss_fmode = MCAST_EXCLUDE;
1155	} else if (inm->inm_st[`1`].iss_in > `0`) {
1156	IGMP_PRINTF(("%s: transition to IN\n", __func__));
1157	inm->inm_st[`1`].iss_fmode = MCAST_INCLUDE;
1158	} else {
1159	IGMP_PRINTF(("%s: transition to UNDEF\n", __func__));
1160	inm->inm_st[`1`].iss_fmode = MCAST_UNDEFINED;
1161	}
1162
1163	/ Decrement ASM listener count on transition out of ASM mode. /
1164	if (imf->imf_st[`0`] == MCAST_EXCLUDE && nsrc0 == `0`) {
1165	if ((imf->imf_st[`1`] != MCAST_EXCLUDE) \|\|
1166	(imf->imf_st[`1`] == MCAST_EXCLUDE && nsrc1 > `0`)) {
1167	IGMP_PRINTF(("%s: --asm on inm at t1\n", __func__));
1168	--inm->inm_st[`1`].iss_asm;
1169	}
1170	}
1171
1172	/ Increment ASM listener count on transition to ASM mode. /
1173	if (imf->imf_st[`1`] == MCAST_EXCLUDE && nsrc1 == `0`) {
1174	IGMP_PRINTF(("%s: asm++ on inm at t1\n", __func__));
1175	inm->inm_st[`1`].iss_asm++;
1176	}
1177
1178	IGMP_PRINTF(("%s: merged imf 0x%llx to inm 0x%llx\n", __func__,
1179	(uint64_t)VM_KERNEL_ADDRPERM(imf),
1180	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1181	inm_print(inm);
1182
1183	out_reap:
1184	if (schanged > `0`) {
1185	IGMP_PRINTF(("%s: sources changed; reaping\n", __func__));
1186	inm_reap(inm);
1187	}
1188	return (error);
1189	}
1190
1191	/*
1192	* Mark an in_multi's filter set deltas as committed.
1193	* Called by IGMP after a state change has been enqueued.
1194	*/
1195	void
1196	inm_commit(struct in_multi *inm)
1197	{
1198	struct ip_msource *ims;
1199
1200	INM_LOCK_ASSERT_HELD(inm);
1201
1202	IGMP_PRINTF(("%s: commit inm 0x%llx\n", __func__,
1203	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1204	IGMP_PRINTF(("%s: pre commit:\n", __func__));
1205	inm_print(inm);
1206
1207	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
1208	ims->ims_st[`0`] = ims->ims_st[`1`];
1209	}
1210	inm->inm_st[`0`] = inm->inm_st[`1`];
1211	}
1212
1213	/*
1214	* Reap unreferenced nodes from an in_multi's filter set.
1215	*/
1216	static void
1217	inm_reap(struct in_multi *inm)
1218	{
1219	struct ip_msource ims, tims;
1220
1221	INM_LOCK_ASSERT_HELD(inm);
1222
1223	RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1224	if (ims->ims_st[`0`].ex > `0` \|\| ims->ims_st[`0`].in > `0` \|\|
1225	ims->ims_st[`1`].ex > `0` \|\| ims->ims_st[`1`].in > `0` \|\|
1226	ims->ims_stp != `0`)
1227	continue;
1228	IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1229	(uint64_t)VM_KERNEL_ADDRPERM(ims)));
1230	RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1231	ipms_free(ims);
1232	inm->inm_nsrc--;
1233	}
1234	}
1235
1236	/*
1237	* Purge all source nodes from an in_multi's filter set.
1238	*/
1239	void
1240	inm_purge(struct in_multi *inm)
1241	{
1242	struct ip_msource ims, tims;
1243
1244	INM_LOCK_ASSERT_HELD(inm);
1245
1246	RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1247	IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1248	(uint64_t)VM_KERNEL_ADDRPERM(ims)));
1249	RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1250	ipms_free(ims);
1251	inm->inm_nsrc--;
1252	}
1253	}
1254
1255	/*
1256	* Join a multicast group; real entry point.
1257	*
1258	* Only preserves atomicity at inm level.
1259	* NOTE: imf argument cannot be const due to sys/tree.h limitations.
1260	*
1261	* If the IGMP downcall fails, the group is not joined, and an error
1262	* code is returned.
1263	*/
1264	static int
1265	in_joingroup(struct ifnet ifp, const* struct in_addr *gina,
1266	/const/ struct in_mfilter imf, struct* in_multi **pinm)
1267	{
1268	struct in_mfilter timf;
1269	struct in_multi *inm = NULL;
1270	int error = `0`;
1271	struct igmp_tparams itp;
1272
1273	IGMP_INET_PRINTF(gina, ("%s: join %s on 0x%llx(%s))\n", __func__*,
1274	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1275
1276	bzero(&itp, sizeof (itp));
1277	*pinm = NULL;
1278
1279	/*
1280	* If no imf was specified (i.e. kernel consumer),
1281	* fake one up and assume it is an ASM join.
1282	*/
1283	if (imf == NULL) {
1284	imf_init(&timf, MCAST_UNDEFINED, MCAST_EXCLUDE);
1285	imf = &timf;
1286	}
1287
1288	error = in_getmulti(ifp, gina, &inm);
1289	if (error) {
1290	IGMP_PRINTF(("%s: in_getmulti() failure\n", __func__));
1291	return (error);
1292	}
1293
1294	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1295
1296	INM_LOCK(inm);
1297	error = inm_merge(inm, imf);
1298	if (error) {
1299	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1300	goto out_inm_release;
1301	}
1302
1303	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1304	error = igmp_change_state(inm, &itp);
1305	if (error) {
1306	IGMP_PRINTF(("%s: failed to update source\n", __func__));
1307	imf_rollback(imf);
1308	goto out_inm_release;
1309	}
1310
1311	out_inm_release:
1312	if (error) {
1313	IGMP_PRINTF(("%s: dropping ref on 0x%llx\n", __func__,
1314	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1315	INM_UNLOCK(inm);
1316	INM_REMREF(inm);
1317	} else {
1318	INM_UNLOCK(inm);
1319	pinm = inm; /* keep refcount from in_getmulti() /
1320	}
1321
1322	/ schedule timer now that we've dropped the lock(s) /
1323	igmp_set_timeout(&itp);
1324
1325	return (error);
1326	}
1327
1328	/*
1329	* Leave a multicast group; real entry point.
1330	* All source filters will be expunged.
1331	*
1332	* Only preserves atomicity at inm level.
1333	*
1334	* Note: This is not the same as inm_release(*) as this function also
1335	* makes a state change downcall into IGMP.
1336	*/
1337	int
1338	in_leavegroup(struct in_multi inm, /const/* struct in_mfilter *imf)
1339	{
1340	struct in_mfilter timf;
1341	int error, lastref;
1342	struct igmp_tparams itp;
1343
1344	bzero(&itp, sizeof (itp));
1345	error = `0`;
1346
1347	INM_LOCK_ASSERT_NOTHELD(inm);
1348
1349	in_multihead_lock_exclusive();
1350	INM_LOCK(inm);
1351
1352	IGMP_INET_PRINTF(inm->inm_addr,
1353	("%s: leave inm 0x%llx, %s/%s%d, imf 0x%llx\n", __func__,
1354	(uint64_t)VM_KERNEL_ADDRPERM(inm), _igmp_inet_buf,
1355	(inm_is_ifp_detached(inm) ? "null" : inm->inm_ifp->if_name),
1356	inm->inm_ifp->if_unit, (uint64_t)VM_KERNEL_ADDRPERM(imf)));
1357
1358	/*
1359	* If no imf was specified (i.e. kernel consumer),
1360	* fake one up and assume it is an ASM join.
1361	*/
1362	if (imf == NULL) {
1363	imf_init(&timf, MCAST_EXCLUDE, MCAST_UNDEFINED);
1364	imf = &timf;
1365	}
1366
1367	/*
1368	* Begin state merge transaction at IGMP layer.
1369	*
1370	* As this particular invocation should not cause any memory
1371	* to be allocated, and there is no opportunity to roll back
1372	* the transaction, it MUST NOT fail.
1373	*/
1374	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1375
1376	error = inm_merge(inm, imf);
1377	KASSERT(error == `0`, ("%s: failed to merge inm state\n", __func__));
1378
1379	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1380	error = igmp_change_state(inm, &itp);
1381	#if IGMP_DEBUG
1382	if (error)
1383	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1384	#endif
1385	lastref = in_multi_detach(inm);
1386	VERIFY(!lastref \|\| (!(inm->inm_debug & IFD_ATTACHED) &&
1387	inm->inm_reqcnt == `0`));
1388	INM_UNLOCK(inm);
1389	in_multihead_lock_done();
1390
1391	if (lastref)
1392	INM_REMREF(inm); / for in_multihead list /
1393
1394	/ schedule timer now that we've dropped the lock(s) /
1395	igmp_set_timeout(&itp);
1396
1397	return (error);
1398	}
1399
1400	/*
1401	* Join an IPv4 multicast group in (*,G) exclusive mode.
1402	* The group must be a 224.0.0.0/24 link-scope group.
1403	* This KPI is for legacy kernel consumers only.
1404	*/
1405	struct in_multi *
1406	in_addmulti(struct in_addr ap, struct* ifnet *ifp)
1407	{
1408	struct in_multi *pinm = NULL;
1409	int error;
1410
1411	KASSERT(IN_LOCAL_GROUP(ntohl(ap->s_addr)),
1412	("%s: %s not in 224.0.0.0/24\n", __func__, inet_ntoa(*ap)));
1413
1414	error = in_joingroup(ifp, ap, NULL, &pinm);
1415	VERIFY(pinm != NULL \|\| error != `0`);
1416
1417	return (pinm);
1418	}
1419
1420	/*
1421	* Leave an IPv4 multicast group, assumed to be in exclusive (*,G) mode.
1422	* This KPI is for legacy kernel consumers only.
1423	*/
1424	void
1425	in_delmulti(struct in_multi *inm)
1426	{
1427
1428	(void) in_leavegroup(inm, NULL);
1429	}
1430
1431	/*
1432	* Block or unblock an ASM multicast source on an inpcb.
1433	* This implements the delta-based API described in RFC 3678.
1434	*
1435	* The delta-based API applies only to exclusive-mode memberships.
1436	* An IGMP downcall will be performed.
1437	*
1438	* Return 0 if successful, otherwise return an appropriate error code.
1439	*/
1440	static int
1441	inp_block_unblock_source(struct inpcb inp, struct* sockopt *sopt)
1442	{
1443	struct group_source_req gsr;
1444	struct sockaddr_in gsa, ssa;
1445	struct ifnet *ifp;
1446	struct in_mfilter *imf;
1447	struct ip_moptions *imo;
1448	struct in_msource *ims;
1449	struct in_multi *inm;
1450	size_t idx;
1451	uint16_t fmode;
1452	int error, doblock;
1453	unsigned int ifindex = `0`;
1454	struct igmp_tparams itp;
1455
1456	bzero(&itp, sizeof (itp));
1457	ifp = NULL;
1458	error = `0`;
1459	doblock = `0`;
1460
1461	memset(&gsr, `0`, sizeof(struct group_source_req));
1462	gsa = (struct sockaddr_in *)&gsr.gsr_group;
1463	ssa = (struct sockaddr_in *)&gsr.gsr_source;
1464
1465	switch (sopt->sopt_name) {
1466	case IP_BLOCK_SOURCE:
1467	case IP_UNBLOCK_SOURCE: {
1468	struct ip_mreq_source mreqs;
1469
1470	error = sooptcopyin(sopt, &mreqs,
1471	sizeof(struct ip_mreq_source),
1472	sizeof(struct ip_mreq_source));
1473	if (error)
1474	return (error);
1475
1476	gsa->sin_family = AF_INET;
1477	gsa->sin_len = sizeof(struct sockaddr_in);
1478	gsa->sin_addr = mreqs.imr_multiaddr;
1479
1480	ssa->sin_family = AF_INET;
1481	ssa->sin_len = sizeof(struct sockaddr_in);
1482	ssa->sin_addr = mreqs.imr_sourceaddr;
1483
1484	if (!in_nullhost(mreqs.imr_interface))
1485	ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
1486
1487	if (sopt->sopt_name == IP_BLOCK_SOURCE)
1488	doblock = `1`;
1489
1490	IGMP_INET_PRINTF(mreqs.imr_interface,
1491	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
1492	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
1493	break;
1494	}
1495
1496	case MCAST_BLOCK_SOURCE:
1497	case MCAST_UNBLOCK_SOURCE:
1498	error = sooptcopyin(sopt, &gsr,
1499	sizeof(struct group_source_req),
1500	sizeof(struct group_source_req));
1501	if (error)
1502	return (error);
1503
1504	if (gsa->sin_family != AF_INET \|\|
1505	gsa->sin_len != sizeof(struct sockaddr_in))
1506	return (EINVAL);
1507
1508	if (ssa->sin_family != AF_INET \|\|
1509	ssa->sin_len != sizeof(struct sockaddr_in))
1510	return (EINVAL);
1511
1512	ifnet_head_lock_shared();
1513	if (gsr.gsr_interface == `0` \|\|
1514	(u_int)if_index < gsr.gsr_interface) {
1515	ifnet_head_done();
1516	return (EADDRNOTAVAIL);
1517	}
1518
1519	ifp = ifindex2ifnet[gsr.gsr_interface];
1520	ifnet_head_done();
1521
1522	if (ifp == NULL)
1523	return (EADDRNOTAVAIL);
1524
1525	if (sopt->sopt_name == MCAST_BLOCK_SOURCE)
1526	doblock = `1`;
1527	break;
1528
1529	default:
1530	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
1531	__func__, sopt->sopt_name));
1532	return (EOPNOTSUPP);
1533	}
1534
1535	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr)))
1536	return (EINVAL);
1537
1538	/*
1539	* Check if we are actually a member of this group.
1540	*/
1541	imo = inp_findmoptions(inp);
1542	if (imo == NULL)
1543	return (ENOMEM);
1544
1545	IMO_LOCK(imo);
1546	idx = imo_match_group(imo, ifp, gsa);
1547	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
1548	error = EADDRNOTAVAIL;
1549	goto out_imo_locked;
1550	}
1551
1552	VERIFY(imo->imo_mfilters != NULL);
1553	imf = &imo->imo_mfilters[idx];
1554	inm = imo->imo_membership[idx];
1555
1556	/*
1557	* Attempting to use the delta-based API on an
1558	* non exclusive-mode membership is an error.
1559	*/
1560	fmode = imf->imf_st[`0`];
1561	if (fmode != MCAST_EXCLUDE) {
1562	error = EINVAL;
1563	goto out_imo_locked;
1564	}
1565
1566	/*
1567	* Deal with error cases up-front:
1568	* Asked to block, but already blocked; or
1569	* Asked to unblock, but nothing to unblock.
1570	* If adding a new block entry, allocate it.
1571	*/
1572	ims = imo_match_source(imo, idx, ssa);
1573	if ((ims != NULL && doblock) \|\| (ims == NULL && !doblock)) {
1574	IGMP_INET_PRINTF(ssa->sin_addr,
1575	("%s: source %s %spresent\n", __func__,
1576	_igmp_inet_buf, doblock ? "" : "not "));
1577	error = EADDRNOTAVAIL;
1578	goto out_imo_locked;
1579	}
1580
1581	/*
1582	* Begin state merge transaction at socket layer.
1583	*/
1584	if (doblock) {
1585	IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
1586	ims = imf_graft(imf, fmode, ssa);
1587	if (ims == NULL)
1588	error = ENOMEM;
1589	} else {
1590	IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
1591	error = imf_prune(imf, ssa);
1592	}
1593
1594	if (error) {
1595	IGMP_PRINTF(("%s: merge imf state failed\n", __func__));
1596	goto out_imf_rollback;
1597	}
1598
1599	/*
1600	* Begin state merge transaction at IGMP layer.
1601	*/
1602	INM_LOCK(inm);
1603	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1604	error = inm_merge(inm, imf);
1605	if (error) {
1606	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1607	INM_UNLOCK(inm);
1608	goto out_imf_rollback;
1609	}
1610
1611	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1612	error = igmp_change_state(inm, &itp);
1613	INM_UNLOCK(inm);
1614	#if IGMP_DEBUG
1615	if (error)
1616	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1617	#endif
1618
1619	out_imf_rollback:
1620	if (error)
1621	imf_rollback(imf);
1622	else
1623	imf_commit(imf);
1624
1625	imf_reap(imf);
1626
1627	out_imo_locked:
1628	IMO_UNLOCK(imo);
1629	IMO_REMREF(imo); / from inp_findmoptions() /
1630
1631	/ schedule timer now that we've dropped the lock(s) /
1632	igmp_set_timeout(&itp);
1633
1634	return (error);
1635	}
1636
1637	/*
1638	* Given an inpcb, return its multicast options structure pointer.
1639	*
1640	* Caller is responsible for locking the inpcb, and releasing the
1641	* extra reference held on the imo, upon a successful return.
1642	*/
1643	static struct ip_moptions *
1644	inp_findmoptions(struct inpcb *inp)
1645	{
1646	struct ip_moptions *imo;
1647	struct in_multi **immp;
1648	struct in_mfilter *imfp;
1649	size_t idx;
1650
1651	if ((imo = inp->inp_moptions) != NULL) {
1652	IMO_ADDREF(imo); / for caller /
1653	return (imo);
1654	}
1655
1656	imo = ip_allocmoptions(M_WAITOK);
1657	if (imo == NULL)
1658	return (NULL);
1659
1660	immp = _MALLOC(sizeof (immp) IP_MIN_MEMBERSHIPS, M_IPMOPTS,
1661	M_WAITOK \| M_ZERO);
1662	if (immp == NULL) {
1663	IMO_REMREF(imo);
1664	return (NULL);
1665	}
1666
1667	imfp = _MALLOC(sizeof (struct in_mfilter) * IP_MIN_MEMBERSHIPS,
1668	M_INMFILTER, M_WAITOK \| M_ZERO);
1669	if (imfp == NULL) {
1670	_FREE(immp, M_IPMOPTS);
1671	IMO_REMREF(imo);
1672	return (NULL);
1673	}
1674
1675	imo->imo_multicast_ifp = NULL;
1676	imo->imo_multicast_addr.s_addr = INADDR_ANY;
1677	imo->imo_multicast_vif = -`1`;
1678	imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1679	imo->imo_multicast_loop = in_mcast_loop;
1680	imo->imo_num_memberships = `0`;
1681	imo->imo_max_memberships = IP_MIN_MEMBERSHIPS;
1682	imo->imo_membership = immp;
1683
1684	/ Initialize per-group source filters. /
1685	for (idx = `0`; idx < IP_MIN_MEMBERSHIPS; idx++)
1686	imf_init(&imfp[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
1687
1688	imo->imo_mfilters = imfp;
1689	inp->inp_moptions = imo; / keep reference from ip_allocmoptions() /
1690	IMO_ADDREF(imo); / for caller /
1691
1692	return (imo);
1693	}
1694	/*
1695	* Atomically get source filters on a socket for an IPv4 multicast group.
1696	*/
1697	static int
1698	inp_get_source_filters(struct inpcb inp, struct* sockopt *sopt)
1699	{
1700	struct __msfilterreq64 msfr = {}, msfr64;
1701	struct __msfilterreq32 msfr32;
1702	struct sockaddr_in *gsa;
1703	struct ifnet *ifp;
1704	struct ip_moptions *imo;
1705	struct in_mfilter *imf;
1706	struct ip_msource *ims;
1707	struct in_msource *lims;
1708	struct sockaddr_in *psin;
1709	struct sockaddr_storage *ptss;
1710	struct sockaddr_storage *tss;
1711	int error;
1712	size_t idx, nsrcs, ncsrcs;
1713	user_addr_t tmp_ptr;
1714
1715	imo = inp->inp_moptions;
1716	VERIFY(imo != NULL);
1717
1718	if (IS_64BIT_PROCESS(current_proc())) {
1719	error = sooptcopyin(sopt, &msfr64,
1720	sizeof(struct __msfilterreq64),
1721	sizeof(struct __msfilterreq64));
1722	if (error)
1723	return (error);
1724	/ we never use msfr.msfr_srcs; /
1725	memcpy(&msfr, &msfr64, sizeof(msfr64));
1726	} else {
1727	error = sooptcopyin(sopt, &msfr32,
1728	sizeof(struct __msfilterreq32),
1729	sizeof(struct __msfilterreq32));
1730	if (error)
1731	return (error);
1732	/ we never use msfr.msfr_srcs; /
1733	memcpy(&msfr, &msfr32, sizeof(msfr32));
1734	}
1735
1736	ifnet_head_lock_shared();
1737	if (msfr.msfr_ifindex == `0` \|\| (u_int)if_index < msfr.msfr_ifindex) {
1738	ifnet_head_done();
1739	return (EADDRNOTAVAIL);
1740	}
1741
1742	ifp = ifindex2ifnet[msfr.msfr_ifindex];
1743	ifnet_head_done();
1744
1745	if (ifp == NULL)
1746	return (EADDRNOTAVAIL);
1747
1748	if ((size_t) msfr.msfr_nsrcs >
1749	UINT32_MAX / sizeof(struct sockaddr_storage))
1750	msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
1751
1752	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
1753	msfr.msfr_nsrcs = in_mcast_maxsocksrc;
1754
1755	IMO_LOCK(imo);
1756	/*
1757	* Lookup group on the socket.
1758	*/
1759	gsa = (struct sockaddr_in *)&msfr.msfr_group;
1760
1761	idx = imo_match_group(imo, ifp, gsa);
1762	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
1763	IMO_UNLOCK(imo);
1764	return (EADDRNOTAVAIL);
1765	}
1766	imf = &imo->imo_mfilters[idx];
1767
1768	/*
1769	* Ignore memberships which are in limbo.
1770	*/
1771	if (imf->imf_st[`1`] == MCAST_UNDEFINED) {
1772	IMO_UNLOCK(imo);
1773	return (EAGAIN);
1774	}
1775	msfr.msfr_fmode = imf->imf_st[`1`];
1776
1777	/*
1778	* If the user specified a buffer, copy out the source filter
1779	* entries to userland gracefully.
1780	* We only copy out the number of entries which userland
1781	* has asked for, but we always tell userland how big the
1782	* buffer really needs to be.
1783	*/
1784
1785	if (IS_64BIT_PROCESS(current_proc()))
1786	tmp_ptr = msfr64.msfr_srcs;
1787	else
1788	tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
1789
1790	tss = NULL;
1791	if (tmp_ptr != USER_ADDR_NULL && msfr.msfr_nsrcs > `0`) {
1792	tss = _MALLOC((size_t) msfr.msfr_nsrcs * sizeof(*tss),
1793	M_TEMP, M_WAITOK \| M_ZERO);
1794	if (tss == NULL) {
1795	IMO_UNLOCK(imo);
1796	return (ENOBUFS);
1797	}
1798	}
1799
1800	/*
1801	* Count number of sources in-mode at t0.
1802	* If buffer space exists and remains, copy out source entries.
1803	*/
1804	nsrcs = msfr.msfr_nsrcs;
1805	ncsrcs = `0`;
1806	ptss = tss;
1807	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1808	lims = (struct in_msource *)ims;
1809	if (lims->imsl_st[`0`] == MCAST_UNDEFINED \|\|
1810	lims->imsl_st[`0`] != imf->imf_st[`0`])
1811	continue;
1812	if (tss != NULL && nsrcs > `0`) {
1813	psin = (struct sockaddr_in *)ptss;
1814	psin->sin_family = AF_INET;
1815	psin->sin_len = sizeof(struct sockaddr_in);
1816	psin->sin_addr.s_addr = htonl(lims->ims_haddr);
1817	psin->sin_port = `0`;
1818	++ptss;
1819	--nsrcs;
1820	++ncsrcs;
1821	}
1822	}
1823
1824	IMO_UNLOCK(imo);
1825
1826	if (tss != NULL) {
1827	error = copyout(tss, tmp_ptr, ncsrcs * sizeof(*tss));
1828	FREE(tss, M_TEMP);
1829	if (error)
1830	return (error);
1831	}
1832
1833	msfr.msfr_nsrcs = ncsrcs;
1834	if (IS_64BIT_PROCESS(current_proc())) {
1835	msfr64.msfr_ifindex = msfr.msfr_ifindex;
1836	msfr64.msfr_fmode = msfr.msfr_fmode;
1837	msfr64.msfr_nsrcs = msfr.msfr_nsrcs;
1838	memcpy(&msfr64.msfr_group, &msfr.msfr_group,
1839	sizeof(struct sockaddr_storage));
1840	error = sooptcopyout(sopt, &msfr64,
1841	sizeof(struct __msfilterreq64));
1842	} else {
1843	msfr32.msfr_ifindex = msfr.msfr_ifindex;
1844	msfr32.msfr_fmode = msfr.msfr_fmode;
1845	msfr32.msfr_nsrcs = msfr.msfr_nsrcs;
1846	memcpy(&msfr32.msfr_group, &msfr.msfr_group,
1847	sizeof(struct sockaddr_storage));
1848	error = sooptcopyout(sopt, &msfr32,
1849	sizeof(struct __msfilterreq32));
1850	}
1851
1852	return (error);
1853	}
1854
1855	/*
1856	* Return the IP multicast options in response to user getsockopt().
1857	*/
1858	int
1859	inp_getmoptions(struct inpcb inp, struct* sockopt *sopt)
1860	{
1861	struct ip_mreqn mreqn;
1862	struct ip_moptions *imo;
1863	struct ifnet *ifp;
1864	struct in_ifaddr *ia;
1865	int error, optval;
1866	unsigned int ifindex;
1867	u_char coptval;
1868
1869	imo = inp->inp_moptions;
1870	/*
1871	* If socket is neither of type SOCK_RAW or SOCK_DGRAM,
1872	* or is a divert socket, reject it.
1873	*/
1874	if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT \|\|
1875	(SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
1876	SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM)) {
1877	return (EOPNOTSUPP);
1878	}
1879
1880	error = `0`;
1881	switch (sopt->sopt_name) {
1882	case IP_MULTICAST_IF:
1883	memset(&mreqn, `0`, sizeof(struct ip_mreqn));
1884	if (imo != NULL) {
1885	IMO_LOCK(imo);
1886	ifp = imo->imo_multicast_ifp;
1887	if (!in_nullhost(imo->imo_multicast_addr)) {
1888	mreqn.imr_address = imo->imo_multicast_addr;
1889	} else if (ifp != NULL) {
1890	mreqn.imr_ifindex = ifp->if_index;
1891	IFP_TO_IA(ifp, ia);
1892	if (ia != NULL) {
1893	IFA_LOCK_SPIN(&ia->ia_ifa);
1894	mreqn.imr_address =
1895	IA_SIN(ia)->sin_addr;
1896	IFA_UNLOCK(&ia->ia_ifa);
1897	IFA_REMREF(&ia->ia_ifa);
1898	}
1899	}
1900	IMO_UNLOCK(imo);
1901	}
1902	if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
1903	error = sooptcopyout(sopt, &mreqn,
1904	sizeof(struct ip_mreqn));
1905	} else {
1906	error = sooptcopyout(sopt, &mreqn.imr_address,
1907	sizeof(struct in_addr));
1908	}
1909	break;
1910
1911	case IP_MULTICAST_IFINDEX:
1912	if (imo != NULL)
1913	IMO_LOCK(imo);
1914	if (imo == NULL \|\| imo->imo_multicast_ifp == NULL) {
1915	ifindex = `0`;
1916	} else {
1917	ifindex = imo->imo_multicast_ifp->if_index;
1918	}
1919	if (imo != NULL)
1920	IMO_UNLOCK(imo);
1921	error = sooptcopyout(sopt, &ifindex, sizeof (ifindex));
1922	break;
1923
1924	case IP_MULTICAST_TTL:
1925	if (imo == NULL)
1926	optval = coptval = IP_DEFAULT_MULTICAST_TTL;
1927	else {
1928	IMO_LOCK(imo);
1929	optval = coptval = imo->imo_multicast_ttl;
1930	IMO_UNLOCK(imo);
1931	}
1932	if (sopt->sopt_valsize == sizeof(u_char))
1933	error = sooptcopyout(sopt, &coptval, sizeof(u_char));
1934	else
1935	error = sooptcopyout(sopt, &optval, sizeof(int));
1936	break;
1937
1938	case IP_MULTICAST_LOOP:
1939	if (imo == `0`)
1940	optval = coptval = IP_DEFAULT_MULTICAST_LOOP;
1941	else {
1942	IMO_LOCK(imo);
1943	optval = coptval = imo->imo_multicast_loop;
1944	IMO_UNLOCK(imo);
1945	}
1946	if (sopt->sopt_valsize == sizeof(u_char))
1947	error = sooptcopyout(sopt, &coptval, sizeof(u_char));
1948	else
1949	error = sooptcopyout(sopt, &optval, sizeof(int));
1950	break;
1951
1952	case IP_MSFILTER:
1953	if (imo == NULL) {
1954	error = EADDRNOTAVAIL;
1955	} else {
1956	error = inp_get_source_filters(inp, sopt);
1957	}
1958	break;
1959
1960	default:
1961	error = ENOPROTOOPT;
1962	break;
1963	}
1964
1965	return (error);
1966	}
1967
1968	/*
1969	* Look up the ifnet to use for a multicast group membership,
1970	* given the IPv4 address of an interface, and the IPv4 group address.
1971	*
1972	* This routine exists to support legacy multicast applications
1973	* which do not understand that multicast memberships are scoped to
1974	* specific physical links in the networking stack, or which need
1975	* to join link-scope groups before IPv4 addresses are configured.
1976	*
1977	* If inp is non-NULL and is bound to an interface, use this socket's
1978	* inp_boundif for any required routing table lookup.
1979	*
1980	* If the route lookup fails, attempt to use the first non-loopback
1981	* interface with multicast capability in the system as a
1982	* last resort. The legacy IPv4 ASM API requires that we do
1983	* this in order to allow groups to be joined when the routing
1984	* table has not yet been populated during boot.
1985	*
1986	* Returns NULL if no ifp could be found.
1987	*
1988	*/
1989	static struct ifnet *
1990	inp_lookup_mcast_ifp(const struct inpcb *inp,
1991	const struct sockaddr_in gsin, const* struct in_addr ina)
1992	{
1993	struct ifnet *ifp;
1994	unsigned int ifindex = `0`;
1995
1996	VERIFY(gsin->sin_family == AF_INET);
1997	VERIFY(IN_MULTICAST(ntohl(gsin->sin_addr.s_addr)));
1998
1999	ifp = NULL;
2000	if (!in_nullhost(ina)) {
2001	struct in_addr new_ina;
2002	memcpy(&new_ina, &ina, sizeof(struct in_addr));
2003	ifp = ip_multicast_if(&new_ina, &ifindex);
2004	} else {
2005	struct route ro;
2006	unsigned int ifscope = IFSCOPE_NONE;
2007
2008	if (inp != NULL && (inp->inp_flags & INP_BOUND_IF))
2009	ifscope = inp->inp_boundifp->if_index;
2010
2011	bzero(&ro, sizeof (ro));
2012	memcpy(&ro.ro_dst, gsin, sizeof(struct sockaddr_in));
2013	rtalloc_scoped_ign(&ro, `0`, ifscope);
2014	if (ro.ro_rt != NULL) {
2015	ifp = ro.ro_rt->rt_ifp;
2016	VERIFY(ifp != NULL);
2017	} else {
2018	struct in_ifaddr *ia;
2019	struct ifnet *mifp;
2020
2021	mifp = NULL;
2022	lck_rw_lock_shared(in_ifaddr_rwlock);
2023	TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
2024	IFA_LOCK_SPIN(&ia->ia_ifa);
2025	mifp = ia->ia_ifp;
2026	IFA_UNLOCK(&ia->ia_ifa);
2027	if (!(mifp->if_flags & IFF_LOOPBACK) &&
2028	(mifp->if_flags & IFF_MULTICAST)) {
2029	ifp = mifp;
2030	break;
2031	}
2032	}
2033	lck_rw_done(in_ifaddr_rwlock);
2034	}
2035	ROUTE_RELEASE(&ro);
2036	}
2037
2038	return (ifp);
2039	}
2040
2041	/*
2042	* Join an IPv4 multicast group, possibly with a source.
2043	*
2044	* NB: sopt->sopt_val might point to the kernel address space. This means that
2045	* we were called by the IPv6 stack due to the presence of an IPv6 v4 mapped
2046	* address. In this scenario, sopt_p points to kernproc and sooptcopyin() will
2047	* just issue an in-kernel memcpy.
2048	*/
2049	int
2050	inp_join_group(struct inpcb inp, struct* sockopt *sopt)
2051	{
2052	struct group_source_req gsr;
2053	struct sockaddr_in gsa, ssa;
2054	struct ifnet *ifp;
2055	struct in_mfilter *imf;
2056	struct ip_moptions *imo;
2057	struct in_multi *inm = NULL;
2058	struct in_msource *lims;
2059	size_t idx;
2060	int error, is_new;
2061	struct igmp_tparams itp;
2062
2063	bzero(&itp, sizeof (itp));
2064	ifp = NULL;
2065	imf = NULL;
2066	error = `0`;
2067	is_new = `0`;
2068
2069	memset(&gsr, `0`, sizeof(struct group_source_req));
2070	gsa = (struct sockaddr_in *)&gsr.gsr_group;
2071	gsa->sin_family = AF_UNSPEC;
2072	ssa = (struct sockaddr_in *)&gsr.gsr_source;
2073	ssa->sin_family = AF_UNSPEC;
2074
2075	switch (sopt->sopt_name) {
2076	case IP_ADD_MEMBERSHIP:
2077	case IP_ADD_SOURCE_MEMBERSHIP: {
2078	struct ip_mreq_source mreqs;
2079
2080	if (sopt->sopt_name == IP_ADD_MEMBERSHIP) {
2081	error = sooptcopyin(sopt, &mreqs,
2082	sizeof(struct ip_mreq),
2083	sizeof(struct ip_mreq));
2084	/*
2085	* Do argument switcharoo from ip_mreq into
2086	* ip_mreq_source to avoid using two instances.
2087	*/
2088	mreqs.imr_interface = mreqs.imr_sourceaddr;
2089	mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2090	} else if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2091	error = sooptcopyin(sopt, &mreqs,
2092	sizeof(struct ip_mreq_source),
2093	sizeof(struct ip_mreq_source));
2094	}
2095	if (error) {
2096	IGMP_PRINTF(("%s: error copyin IP_ADD_MEMBERSHIP/"
2097	"IP_ADD_SOURCE_MEMBERSHIP %d err=%d\n",
2098	__func__, sopt->sopt_name, error));
2099	return (error);
2100	}
2101
2102	gsa->sin_family = AF_INET;
2103	gsa->sin_len = sizeof(struct sockaddr_in);
2104	gsa->sin_addr = mreqs.imr_multiaddr;
2105
2106	if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2107	ssa->sin_family = AF_INET;
2108	ssa->sin_len = sizeof(struct sockaddr_in);
2109	ssa->sin_addr = mreqs.imr_sourceaddr;
2110	}
2111
2112	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr)))
2113	return (EINVAL);
2114
2115	ifp = inp_lookup_mcast_ifp(inp, gsa, mreqs.imr_interface);
2116	IGMP_INET_PRINTF(mreqs.imr_interface,
2117	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2118	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2119	break;
2120	}
2121
2122	case MCAST_JOIN_GROUP:
2123	case MCAST_JOIN_SOURCE_GROUP:
2124	if (sopt->sopt_name == MCAST_JOIN_GROUP) {
2125	error = sooptcopyin(sopt, &gsr,
2126	sizeof(struct group_req),
2127	sizeof(struct group_req));
2128	} else if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2129	error = sooptcopyin(sopt, &gsr,
2130	sizeof(struct group_source_req),
2131	sizeof(struct group_source_req));
2132	}
2133	if (error)
2134	return (error);
2135
2136	if (gsa->sin_family != AF_INET \|\|
2137	gsa->sin_len != sizeof(struct sockaddr_in))
2138	return (EINVAL);
2139
2140	/*
2141	* Overwrite the port field if present, as the sockaddr
2142	* being copied in may be matched with a binary comparison.
2143	*/
2144	gsa->sin_port = `0`;
2145	if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2146	if (ssa->sin_family != AF_INET \|\|
2147	ssa->sin_len != sizeof(struct sockaddr_in))
2148	return (EINVAL);
2149	ssa->sin_port = `0`;
2150	}
2151
2152	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr)))
2153	return (EINVAL);
2154
2155	ifnet_head_lock_shared();
2156	if (gsr.gsr_interface == `0` \|\|
2157	(u_int)if_index < gsr.gsr_interface) {
2158	ifnet_head_done();
2159	return (EADDRNOTAVAIL);
2160	}
2161	ifp = ifindex2ifnet[gsr.gsr_interface];
2162	ifnet_head_done();
2163
2164	break;
2165
2166	default:
2167	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2168	__func__, sopt->sopt_name));
2169	return (EOPNOTSUPP);
2170	}
2171
2172	if (ifp == NULL \|\| (ifp->if_flags & IFF_MULTICAST) == `0`)
2173	return (EADDRNOTAVAIL);
2174
2175	INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_total);
2176	/*
2177	* TBD: revisit the criteria for non-OS initiated joins
2178	*/
2179	if (inp->inp_lport == htons(`5353`)) {
2180	INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_os_total);
2181	}
2182
2183	imo = inp_findmoptions(inp);
2184	if (imo == NULL)
2185	return (ENOMEM);
2186
2187	IMO_LOCK(imo);
2188	idx = imo_match_group(imo, ifp, gsa);
2189	if (idx == (size_t)-`1`) {
2190	is_new = `1`;
2191	} else {
2192	inm = imo->imo_membership[idx];
2193	imf = &imo->imo_mfilters[idx];
2194	if (ssa->sin_family != AF_UNSPEC) {
2195	/*
2196	* MCAST_JOIN_SOURCE_GROUP on an exclusive membership
2197	* is an error. On an existing inclusive membership,
2198	* it just adds the source to the filter list.
2199	*/
2200	if (imf->imf_st[`1`] != MCAST_INCLUDE) {
2201	error = EINVAL;
2202	goto out_imo_locked;
2203	}
2204	/*
2205	* Throw out duplicates.
2206	*
2207	* XXX FIXME: This makes a naive assumption that
2208	* even if entries exist for *ssa in this imf,
2209	* they will be rejected as dupes, even if they
2210	* are not valid in the current mode (in-mode).
2211	*
2212	* in_msource is transactioned just as for anything
2213	* else in SSM -- but note naive use of inm_graft()
2214	* below for allocating new filter entries.
2215	*
2216	* This is only an issue if someone mixes the
2217	* full-state SSM API with the delta-based API,
2218	* which is discouraged in the relevant RFCs.
2219	*/
2220	lims = imo_match_source(imo, idx, ssa);
2221	if (lims != NULL /&&*
2222	lims->imsl_st[1] == MCAST_INCLUDE/*) {
2223	error = EADDRNOTAVAIL;
2224	goto out_imo_locked;
2225	}
2226	} else {
2227	/*
2228	* MCAST_JOIN_GROUP on an existing exclusive
2229	* membership is an error; return EADDRINUSE
2230	* to preserve 4.4BSD API idempotence, and
2231	* avoid tedious detour to code below.
2232	* NOTE: This is bending RFC 3678 a bit.
2233	*
2234	* On an existing inclusive membership, this is also
2235	* an error; if you want to change filter mode,
2236	* you must use the userland API setsourcefilter().
2237	* XXX We don't reject this for imf in UNDEFINED
2238	* state at t1, because allocation of a filter
2239	* is atomic with allocation of a membership.
2240	*/
2241	error = EINVAL;
2242	/ See comments above for EADDRINUSE /
2243	if (imf->imf_st[`1`] == MCAST_EXCLUDE)
2244	error = EADDRINUSE;
2245	goto out_imo_locked;
2246	}
2247	}
2248
2249	/*
2250	* Begin state merge transaction at socket layer.
2251	*/
2252
2253	if (is_new) {
2254	if (imo->imo_num_memberships == imo->imo_max_memberships) {
2255	error = imo_grow(imo, `0`);
2256	if (error)
2257	goto out_imo_locked;
2258	}
2259	/*
2260	* Allocate the new slot upfront so we can deal with
2261	* grafting the new source filter in same code path
2262	* as for join-source on existing membership.
2263	*/
2264	idx = imo->imo_num_memberships;
2265	imo->imo_membership[idx] = NULL;
2266	imo->imo_num_memberships++;
2267	VERIFY(imo->imo_mfilters != NULL);
2268	imf = &imo->imo_mfilters[idx];
2269	VERIFY(RB_EMPTY(&imf->imf_sources));
2270	}
2271
2272	/*
2273	* Graft new source into filter list for this inpcb's
2274	* membership of the group. The in_multi may not have
2275	* been allocated yet if this is a new membership, however,
2276	* the in_mfilter slot will be allocated and must be initialized.
2277	*/
2278	if (ssa->sin_family != AF_UNSPEC) {
2279	/ Membership starts in IN mode /
2280	if (is_new) {
2281	IGMP_PRINTF(("%s: new join w/source\n", __func__));
2282	imf_init(imf, MCAST_UNDEFINED, MCAST_INCLUDE);
2283	} else {
2284	IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
2285	}
2286	lims = imf_graft(imf, MCAST_INCLUDE, ssa);
2287	if (lims == NULL) {
2288	IGMP_PRINTF(("%s: merge imf state failed\n",
2289	__func__));
2290	error = ENOMEM;
2291	goto out_imo_free;
2292	}
2293	} else {
2294	/ No address specified; Membership starts in EX mode /
2295	if (is_new) {
2296	IGMP_PRINTF(("%s: new join w/o source\n", __func__));
2297	imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE);
2298	}
2299	}
2300
2301	/*
2302	* Begin state merge transaction at IGMP layer.
2303	*/
2304	if (is_new) {
2305	/*
2306	* Unlock socket as we may end up calling ifnet_ioctl() to join (or leave)
2307	* the multicast group and we run the risk of a lock ordering issue
2308	* if the ifnet thread calls into the socket layer to acquire the pcb list
2309	* lock while the input thread delivers multicast packets
2310	*/
2311	IMO_ADDREF_LOCKED(imo);
2312	IMO_UNLOCK(imo);
2313	socket_unlock(inp->inp_socket, `0`);
2314
2315	VERIFY(inm == NULL);
2316	error = in_joingroup(ifp, &gsa->sin_addr, imf, &inm);
2317
2318	socket_lock(inp->inp_socket, `0`);
2319	IMO_REMREF(imo);
2320	IMO_LOCK(imo);
2321
2322	VERIFY(inm != NULL \|\| error != `0`);
2323	if (error)
2324	goto out_imo_free;
2325	imo->imo_membership[idx] = inm; / from in_joingroup() /
2326	} else {
2327	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2328	INM_LOCK(inm);
2329	error = inm_merge(inm, imf);
2330	if (error) {
2331	IGMP_PRINTF(("%s: failed to merge inm state\n",
2332	__func__));
2333	INM_UNLOCK(inm);
2334	goto out_imf_rollback;
2335	}
2336	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2337	error = igmp_change_state(inm, &itp);
2338	INM_UNLOCK(inm);
2339	if (error) {
2340	IGMP_PRINTF(("%s: failed igmp downcall\n",
2341	__func__));
2342	goto out_imf_rollback;
2343	}
2344	}
2345
2346	out_imf_rollback:
2347	if (error) {
2348	imf_rollback(imf);
2349	if (is_new)
2350	imf_purge(imf);
2351	else
2352	imf_reap(imf);
2353	} else {
2354	imf_commit(imf);
2355	}
2356
2357	out_imo_free:
2358	if (error && is_new) {
2359	VERIFY(inm == NULL);
2360	imo->imo_membership[idx] = NULL;
2361	--imo->imo_num_memberships;
2362	}
2363
2364	out_imo_locked:
2365	IMO_UNLOCK(imo);
2366	IMO_REMREF(imo); / from inp_findmoptions() /
2367
2368	/ schedule timer now that we've dropped the lock(s) /
2369	igmp_set_timeout(&itp);
2370
2371	return (error);
2372	}
2373
2374	/*
2375	* Leave an IPv4 multicast group on an inpcb, possibly with a source.
2376	*
2377	* NB: sopt->sopt_val might point to the kernel address space. Refer to the
2378	* block comment on top of inp_join_group() for more information.
2379	*/
2380	int
2381	inp_leave_group(struct inpcb inp, struct* sockopt *sopt)
2382	{
2383	struct group_source_req gsr;
2384	struct ip_mreq_source mreqs;
2385	struct sockaddr_in gsa, ssa;
2386	struct ifnet *ifp;
2387	struct in_mfilter *imf;
2388	struct ip_moptions *imo;
2389	struct in_msource *ims;
2390	struct in_multi *inm = NULL;
2391	size_t idx;
2392	int error, is_final;
2393	unsigned int ifindex = `0`;
2394	struct igmp_tparams itp;
2395
2396	bzero(&itp, sizeof (itp));
2397	ifp = NULL;
2398	error = `0`;
2399	is_final = `1`;
2400
2401	memset(&gsr, `0`, sizeof(struct group_source_req));
2402	gsa = (struct sockaddr_in *)&gsr.gsr_group;
2403	ssa = (struct sockaddr_in *)&gsr.gsr_source;
2404
2405	switch (sopt->sopt_name) {
2406	case IP_DROP_MEMBERSHIP:
2407	case IP_DROP_SOURCE_MEMBERSHIP:
2408	if (sopt->sopt_name == IP_DROP_MEMBERSHIP) {
2409	error = sooptcopyin(sopt, &mreqs,
2410	sizeof(struct ip_mreq),
2411	sizeof(struct ip_mreq));
2412	/*
2413	* Swap interface and sourceaddr arguments,
2414	* as ip_mreq and ip_mreq_source are laid
2415	* out differently.
2416	*/
2417	mreqs.imr_interface = mreqs.imr_sourceaddr;
2418	mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2419	} else if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2420	error = sooptcopyin(sopt, &mreqs,
2421	sizeof(struct ip_mreq_source),
2422	sizeof(struct ip_mreq_source));
2423	}
2424	if (error)
2425	return (error);
2426
2427	gsa->sin_family = AF_INET;
2428	gsa->sin_len = sizeof(struct sockaddr_in);
2429	gsa->sin_addr = mreqs.imr_multiaddr;
2430
2431	if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2432	ssa->sin_family = AF_INET;
2433	ssa->sin_len = sizeof(struct sockaddr_in);
2434	ssa->sin_addr = mreqs.imr_sourceaddr;
2435	}
2436	/*
2437	* Attempt to look up hinted ifp from interface address.
2438	* Fallthrough with null ifp iff lookup fails, to
2439	* preserve 4.4BSD mcast API idempotence.
2440	* XXX NOTE WELL: The RFC 3678 API is preferred because
2441	* using an IPv4 address as a key is racy.
2442	*/
2443	if (!in_nullhost(mreqs.imr_interface))
2444	ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
2445
2446	IGMP_INET_PRINTF(mreqs.imr_interface,
2447	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2448	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2449
2450	break;
2451
2452	case MCAST_LEAVE_GROUP:
2453	case MCAST_LEAVE_SOURCE_GROUP:
2454	if (sopt->sopt_name == MCAST_LEAVE_GROUP) {
2455	error = sooptcopyin(sopt, &gsr,
2456	sizeof(struct group_req),
2457	sizeof(struct group_req));
2458	} else if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2459	error = sooptcopyin(sopt, &gsr,
2460	sizeof(struct group_source_req),
2461	sizeof(struct group_source_req));
2462	}
2463	if (error)
2464	return (error);
2465
2466	if (gsa->sin_family != AF_INET \|\|
2467	gsa->sin_len != sizeof(struct sockaddr_in))
2468	return (EINVAL);
2469
2470	if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2471	if (ssa->sin_family != AF_INET \|\|
2472	ssa->sin_len != sizeof(struct sockaddr_in))
2473	return (EINVAL);
2474	}
2475
2476	ifnet_head_lock_shared();
2477	if (gsr.gsr_interface == `0` \|\|
2478	(u_int)if_index < gsr.gsr_interface) {
2479	ifnet_head_done();
2480	return (EADDRNOTAVAIL);
2481	}
2482
2483	ifp = ifindex2ifnet[gsr.gsr_interface];
2484	ifnet_head_done();
2485	break;
2486
2487	default:
2488	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2489	__func__, sopt->sopt_name));
2490	return (EOPNOTSUPP);
2491	}
2492
2493	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr)))
2494	return (EINVAL);
2495
2496	/*
2497	* Find the membership in the membership array.
2498	*/
2499	imo = inp_findmoptions(inp);
2500	if (imo == NULL)
2501	return (ENOMEM);
2502
2503	IMO_LOCK(imo);
2504	idx = imo_match_group(imo, ifp, gsa);
2505	if (idx == (size_t)-`1`) {
2506	error = EADDRNOTAVAIL;
2507	goto out_locked;
2508	}
2509	inm = imo->imo_membership[idx];
2510	imf = &imo->imo_mfilters[idx];
2511
2512	if (ssa->sin_family != AF_UNSPEC) {
2513	IGMP_PRINTF(("%s: opt=%d is_final=0\n", __func__,
2514	sopt->sopt_name));
2515	is_final = `0`;
2516	}
2517
2518	/*
2519	* Begin state merge transaction at socket layer.
2520	*/
2521
2522	/*
2523	* If we were instructed only to leave a given source, do so.
2524	* MCAST_LEAVE_SOURCE_GROUP is only valid for inclusive memberships.
2525	*/
2526	if (is_final) {
2527	imf_leave(imf);
2528	} else {
2529	if (imf->imf_st[`0`] == MCAST_EXCLUDE) {
2530	error = EADDRNOTAVAIL;
2531	goto out_locked;
2532	}
2533	ims = imo_match_source(imo, idx, ssa);
2534	if (ims == NULL) {
2535	IGMP_INET_PRINTF(ssa->sin_addr,
2536	("%s: source %s %spresent\n", __func__,
2537	_igmp_inet_buf, "not "));
2538	error = EADDRNOTAVAIL;
2539	goto out_locked;
2540	}
2541	IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
2542	error = imf_prune(imf, ssa);
2543	if (error) {
2544	IGMP_PRINTF(("%s: merge imf state failed\n",
2545	__func__));
2546	goto out_locked;
2547	}
2548	}
2549
2550	/*
2551	* Begin state merge transaction at IGMP layer.
2552	*/
2553
2554
2555	if (is_final) {
2556	/*
2557	* Give up the multicast address record to which
2558	* the membership points. Reference held in imo
2559	* will be released below.
2560	*/
2561	(void) in_leavegroup(inm, imf);
2562	} else {
2563	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2564	INM_LOCK(inm);
2565	error = inm_merge(inm, imf);
2566	if (error) {
2567	IGMP_PRINTF(("%s: failed to merge inm state\n",
2568	__func__));
2569	INM_UNLOCK(inm);
2570	goto out_imf_rollback;
2571	}
2572
2573	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2574	error = igmp_change_state(inm, &itp);
2575	if (error) {
2576	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2577	}
2578	INM_UNLOCK(inm);
2579	}
2580
2581	out_imf_rollback:
2582	if (error)
2583	imf_rollback(imf);
2584	else
2585	imf_commit(imf);
2586
2587	imf_reap(imf);
2588
2589	if (is_final) {
2590	/ Remove the gap in the membership array. /
2591	VERIFY(inm == imo->imo_membership[idx]);
2592	imo->imo_membership[idx] = NULL;
2593
2594	/*
2595	* See inp_join_group() for why we need to unlock
2596	*/
2597	IMO_ADDREF_LOCKED(imo);
2598	IMO_UNLOCK(imo);
2599	socket_unlock(inp->inp_socket, `0`);
2600
2601	INM_REMREF(inm);
2602
2603	socket_lock(inp->inp_socket, `0`);
2604	IMO_REMREF(imo);
2605	IMO_LOCK(imo);
2606
2607	for (++idx; idx < imo->imo_num_memberships; ++idx) {
2608	imo->imo_membership[idx-`1`] = imo->imo_membership[idx];
2609	imo->imo_mfilters[idx-`1`] = imo->imo_mfilters[idx];
2610	}
2611	imo->imo_num_memberships--;
2612	}
2613
2614	out_locked:
2615	IMO_UNLOCK(imo);
2616	IMO_REMREF(imo); / from inp_findmoptions() /
2617
2618	/ schedule timer now that we've dropped the lock(s) /
2619	igmp_set_timeout(&itp);
2620
2621	return (error);
2622	}
2623
2624	/*
2625	* Select the interface for transmitting IPv4 multicast datagrams.
2626	*
2627	* Either an instance of struct in_addr or an instance of struct ip_mreqn
2628	* may be passed to this socket option. An address of INADDR_ANY or an
2629	* interface index of 0 is used to remove a previous selection.
2630	* When no interface is selected, one is chosen for every send.
2631	*/
2632	static int
2633	inp_set_multicast_if(struct inpcb inp, struct* sockopt *sopt)
2634	{
2635	struct in_addr addr;
2636	struct ip_mreqn mreqn;
2637	struct ifnet *ifp;
2638	struct ip_moptions *imo;
2639	int error = `0` ;
2640	unsigned int ifindex = `0`;
2641
2642	bzero(&addr, sizeof(addr));
2643	if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
2644	/*
2645	* An interface index was specified using the
2646	* Linux-derived ip_mreqn structure.
2647	*/
2648	error = sooptcopyin(sopt, &mreqn, sizeof(struct ip_mreqn),
2649	sizeof(struct ip_mreqn));
2650	if (error)
2651	return (error);
2652
2653	ifnet_head_lock_shared();
2654	if (mreqn.imr_ifindex < `0` \|\| if_index < mreqn.imr_ifindex) {
2655	ifnet_head_done();
2656	return (EINVAL);
2657	}
2658
2659	if (mreqn.imr_ifindex == `0`) {
2660	ifp = NULL;
2661	} else {
2662	ifp = ifindex2ifnet[mreqn.imr_ifindex];
2663	if (ifp == NULL) {
2664	ifnet_head_done();
2665	return (EADDRNOTAVAIL);
2666	}
2667	}
2668	ifnet_head_done();
2669	} else {
2670	/*
2671	* An interface was specified by IPv4 address.
2672	* This is the traditional BSD usage.
2673	*/
2674	error = sooptcopyin(sopt, &addr, sizeof(struct in_addr),
2675	sizeof(struct in_addr));
2676	if (error)
2677	return (error);
2678	if (in_nullhost(addr)) {
2679	ifp = NULL;
2680	} else {
2681	ifp = ip_multicast_if(&addr, &ifindex);
2682	if (ifp == NULL) {
2683	IGMP_INET_PRINTF(addr,
2684	("%s: can't find ifp for addr=%s\n",
2685	__func__, _igmp_inet_buf));
2686	return (EADDRNOTAVAIL);
2687	}
2688	}
2689	/ XXX remove? /
2690	#ifdef IGMP_DEBUG0
2691	IGMP_PRINTF(("%s: ifp = 0x%llx, addr = %s\n", __func__,
2692	(uint64_t)VM_KERNEL_ADDRPERM(ifp), inet_ntoa(addr)));
2693	#endif
2694	}
2695
2696	/ Reject interfaces which do not support multicast. /
2697	if (ifp != NULL && (ifp->if_flags & IFF_MULTICAST) == `0`)
2698	return (EOPNOTSUPP);
2699
2700	imo = inp_findmoptions(inp);
2701	if (imo == NULL)
2702	return (ENOMEM);
2703
2704	IMO_LOCK(imo);
2705	imo->imo_multicast_ifp = ifp;
2706	if (ifindex)
2707	imo->imo_multicast_addr = addr;
2708	else
2709	imo->imo_multicast_addr.s_addr = INADDR_ANY;
2710	IMO_UNLOCK(imo);
2711	IMO_REMREF(imo); / from inp_findmoptions() /
2712
2713	return (`0`);
2714	}
2715
2716	/*
2717	* Atomically set source filters on a socket for an IPv4 multicast group.
2718	*/
2719	static int
2720	inp_set_source_filters(struct inpcb inp, struct* sockopt *sopt)
2721	{
2722	struct __msfilterreq64 msfr = {}, msfr64;
2723	struct __msfilterreq32 msfr32;
2724	struct sockaddr_in *gsa;
2725	struct ifnet *ifp;
2726	struct in_mfilter *imf;
2727	struct ip_moptions *imo;
2728	struct in_multi *inm;
2729	size_t idx;
2730	int error;
2731	user_addr_t tmp_ptr;
2732	struct igmp_tparams itp;
2733
2734	bzero(&itp, sizeof (itp));
2735
2736	if (IS_64BIT_PROCESS(current_proc())) {
2737	error = sooptcopyin(sopt, &msfr64,
2738	sizeof(struct __msfilterreq64),
2739	sizeof(struct __msfilterreq64));
2740	if (error)
2741	return (error);
2742	/ we never use msfr.msfr_srcs; /
2743	memcpy(&msfr, &msfr64, sizeof(msfr64));
2744	} else {
2745	error = sooptcopyin(sopt, &msfr32,
2746	sizeof(struct __msfilterreq32),
2747	sizeof(struct __msfilterreq32));
2748	if (error)
2749	return (error);
2750	/ we never use msfr.msfr_srcs; /
2751	memcpy(&msfr, &msfr32, sizeof(msfr32));
2752	}
2753
2754	if ((size_t) msfr.msfr_nsrcs >
2755	UINT32_MAX / sizeof(struct sockaddr_storage))
2756	msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
2757
2758	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
2759	return (ENOBUFS);
2760
2761	if ((msfr.msfr_fmode != MCAST_EXCLUDE &&
2762	msfr.msfr_fmode != MCAST_INCLUDE))
2763	return (EINVAL);
2764
2765	if (msfr.msfr_group.ss_family != AF_INET \|\|
2766	msfr.msfr_group.ss_len != sizeof(struct sockaddr_in))
2767	return (EINVAL);
2768
2769	gsa = (struct sockaddr_in *)&msfr.msfr_group;
2770	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr)))
2771	return (EINVAL);
2772
2773	gsa->sin_port = `0`; / ignore port /
2774
2775	ifnet_head_lock_shared();
2776	if (msfr.msfr_ifindex == `0` \|\| (u_int)if_index < msfr.msfr_ifindex) {
2777	ifnet_head_done();
2778	return (EADDRNOTAVAIL);
2779	}
2780
2781	ifp = ifindex2ifnet[msfr.msfr_ifindex];
2782	ifnet_head_done();
2783	if (ifp == NULL)
2784	return (EADDRNOTAVAIL);
2785
2786	/*
2787	* Check if this socket is a member of this group.
2788	*/
2789	imo = inp_findmoptions(inp);
2790	if (imo == NULL)
2791	return (ENOMEM);
2792
2793	IMO_LOCK(imo);
2794	idx = imo_match_group(imo, ifp, gsa);
2795	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
2796	error = EADDRNOTAVAIL;
2797	goto out_imo_locked;
2798	}
2799	inm = imo->imo_membership[idx];
2800	imf = &imo->imo_mfilters[idx];
2801
2802	/*
2803	* Begin state merge transaction at socket layer.
2804	*/
2805
2806	imf->imf_st[`1`] = msfr.msfr_fmode;
2807
2808	/*
2809	* Apply any new source filters, if present.
2810	* Make a copy of the user-space source vector so
2811	* that we may copy them with a single copyin. This
2812	* allows us to deal with page faults up-front.
2813	*/
2814	if (msfr.msfr_nsrcs > `0`) {
2815	struct in_msource *lims;
2816	struct sockaddr_in *psin;
2817	struct sockaddr_storage kss, pkss;
2818	int i;
2819
2820	if (IS_64BIT_PROCESS(current_proc()))
2821	tmp_ptr = msfr64.msfr_srcs;
2822	else
2823	tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
2824
2825	IGMP_PRINTF(("%s: loading %lu source list entries\n",
2826	__func__, (unsigned long)msfr.msfr_nsrcs));
2827	kss = _MALLOC((size_t) msfr.msfr_nsrcs * sizeof(*kss),
2828	M_TEMP, M_WAITOK);
2829	if (kss == NULL) {
2830	error = ENOMEM;
2831	goto out_imo_locked;
2832	}
2833	error = copyin(tmp_ptr, kss,
2834	(size_t) msfr.msfr_nsrcs * sizeof(*kss));
2835	if (error) {
2836	FREE(kss, M_TEMP);
2837	goto out_imo_locked;
2838	}
2839
2840	/*
2841	* Mark all source filters as UNDEFINED at t1.
2842	* Restore new group filter mode, as imf_leave()
2843	* will set it to INCLUDE.
2844	*/
2845	imf_leave(imf);
2846	imf->imf_st[`1`] = msfr.msfr_fmode;
2847
2848	/*
2849	* Update socket layer filters at t1, lazy-allocating
2850	* new entries. This saves a bunch of memory at the
2851	* cost of one RB_FIND() per source entry; duplicate
2852	* entries in the msfr_nsrcs vector are ignored.
2853	* If we encounter an error, rollback transaction.
2854	*
2855	* XXX This too could be replaced with a set-symmetric
2856	* difference like loop to avoid walking from root
2857	* every time, as the key space is common.
2858	*/
2859	for (i = `0`, pkss = kss; (u_int)i < msfr.msfr_nsrcs;
2860	i++, pkss++) {
2861	psin = (struct sockaddr_in *)pkss;
2862	if (psin->sin_family != AF_INET) {
2863	error = EAFNOSUPPORT;
2864	break;
2865	}
2866	if (psin->sin_len != sizeof(struct sockaddr_in)) {
2867	error = EINVAL;
2868	break;
2869	}
2870	error = imf_get_source(imf, psin, &lims);
2871	if (error)
2872	break;
2873	lims->imsl_st[`1`] = imf->imf_st[`1`];
2874	}
2875	FREE(kss, M_TEMP);
2876	}
2877
2878	if (error)
2879	goto out_imf_rollback;
2880
2881	/*
2882	* Begin state merge transaction at IGMP layer.
2883	*/
2884	INM_LOCK(inm);
2885	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2886	error = inm_merge(inm, imf);
2887	if (error) {
2888	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
2889	INM_UNLOCK(inm);
2890	goto out_imf_rollback;
2891	}
2892
2893	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2894	error = igmp_change_state(inm, &itp);
2895	INM_UNLOCK(inm);
2896	#ifdef IGMP_DEBUG
2897	if (error)
2898	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2899	#endif
2900
2901	out_imf_rollback:
2902	if (error)
2903	imf_rollback(imf);
2904	else
2905	imf_commit(imf);
2906
2907	imf_reap(imf);
2908
2909	out_imo_locked:
2910	IMO_UNLOCK(imo);
2911	IMO_REMREF(imo); / from inp_findmoptions() /
2912
2913	/ schedule timer now that we've dropped the lock(s) /
2914	igmp_set_timeout(&itp);
2915
2916	return (error);
2917	}
2918
2919	/*
2920	* Set the IP multicast options in response to user setsockopt().
2921	*
2922	* Many of the socket options handled in this function duplicate the
2923	* functionality of socket options in the regular unicast API. However,
2924	* it is not possible to merge the duplicate code, because the idempotence
2925	* of the IPv4 multicast part of the BSD Sockets API must be preserved;
2926	* the effects of these options must be treated as separate and distinct.
2927	*/
2928	int
2929	inp_setmoptions(struct inpcb inp, struct* sockopt *sopt)
2930	{
2931	struct ip_moptions *imo;
2932	int error;
2933	unsigned int ifindex;
2934	struct ifnet *ifp;
2935
2936	error = `0`;
2937
2938	/*
2939	* If socket is neither of type SOCK_RAW or SOCK_DGRAM,
2940	* or is a divert socket, reject it.
2941	*/
2942	if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT \|\|
2943	(SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
2944	SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM))
2945	return (EOPNOTSUPP);
2946
2947	switch (sopt->sopt_name) {
2948	case IP_MULTICAST_IF:
2949	error = inp_set_multicast_if(inp, sopt);
2950	break;
2951
2952	case IP_MULTICAST_IFINDEX:
2953	/*
2954	* Select the interface for outgoing multicast packets.
2955	*/
2956	error = sooptcopyin(sopt, &ifindex, sizeof (ifindex),
2957	sizeof (ifindex));
2958	if (error)
2959	break;
2960
2961	imo = inp_findmoptions(inp);
2962	if (imo == NULL) {
2963	error = ENOMEM;
2964	break;
2965	}
2966	/*
2967	* Index 0 is used to remove a previous selection.
2968	* When no interface is selected, a default one is
2969	* chosen every time a multicast packet is sent.
2970	*/
2971	if (ifindex == `0`) {
2972	IMO_LOCK(imo);
2973	imo->imo_multicast_ifp = NULL;
2974	IMO_UNLOCK(imo);
2975	IMO_REMREF(imo); / from inp_findmoptions() /
2976	break;
2977	}
2978
2979	ifnet_head_lock_shared();
2980	/ Don't need to check is ifindex is < 0 since it's unsigned /
2981	if ((unsigned int)if_index < ifindex) {
2982	ifnet_head_done();
2983	IMO_REMREF(imo); / from inp_findmoptions() /
2984	error = ENXIO; / per IPV6_MULTICAST_IF /
2985	break;
2986	}
2987	ifp = ifindex2ifnet[ifindex];
2988	ifnet_head_done();
2989
2990	/ If it's detached or isn't a multicast interface, bail out /
2991	if (ifp == NULL \|\| !(ifp->if_flags & IFF_MULTICAST)) {
2992	IMO_REMREF(imo); / from inp_findmoptions() /
2993	error = EADDRNOTAVAIL;
2994	break;
2995	}
2996	IMO_LOCK(imo);
2997	imo->imo_multicast_ifp = ifp;
2998	/*
2999	* Clear out any remnants of past IP_MULTICAST_IF. The addr
3000	* isn't really used anywhere in the kernel; we could have
3001	* iterated thru the addresses of the interface and pick one
3002	* here, but that is redundant since ip_getmoptions() already
3003	* takes care of that for INADDR_ANY.
3004	*/
3005	imo->imo_multicast_addr.s_addr = INADDR_ANY;
3006	IMO_UNLOCK(imo);
3007	IMO_REMREF(imo); / from inp_findmoptions() /
3008	break;
3009
3010	case IP_MULTICAST_TTL: {
3011	u_char ttl;
3012
3013	/*
3014	* Set the IP time-to-live for outgoing multicast packets.
3015	* The original multicast API required a char argument,
3016	* which is inconsistent with the rest of the socket API.
3017	* We allow either a char or an int.
3018	*/
3019	if (sopt->sopt_valsize == sizeof(u_char)) {
3020	error = sooptcopyin(sopt, &ttl, sizeof(u_char),
3021	sizeof(u_char));
3022	if (error)
3023	break;
3024	} else {
3025	u_int ittl;
3026
3027	error = sooptcopyin(sopt, &ittl, sizeof(u_int),
3028	sizeof(u_int));
3029	if (error)
3030	break;
3031	if (ittl > `255`) {
3032	error = EINVAL;
3033	break;
3034	}
3035	ttl = (u_char)ittl;
3036	}
3037	imo = inp_findmoptions(inp);
3038	if (imo == NULL) {
3039	error = ENOMEM;
3040	break;
3041	}
3042	IMO_LOCK(imo);
3043	imo->imo_multicast_ttl = ttl;
3044	IMO_UNLOCK(imo);
3045	IMO_REMREF(imo); / from inp_findmoptions() /
3046	break;
3047	}
3048
3049	case IP_MULTICAST_LOOP: {
3050	u_char loop;
3051
3052	/*
3053	* Set the loopback flag for outgoing multicast packets.
3054	* Must be zero or one. The original multicast API required a
3055	* char argument, which is inconsistent with the rest
3056	* of the socket API. We allow either a char or an int.
3057	*/
3058	if (sopt->sopt_valsize == sizeof(u_char)) {
3059	error = sooptcopyin(sopt, &loop, sizeof(u_char),
3060	sizeof(u_char));
3061	if (error)
3062	break;
3063	} else {
3064	u_int iloop;
3065
3066	error = sooptcopyin(sopt, &iloop, sizeof(u_int),
3067	sizeof(u_int));
3068	if (error)
3069	break;
3070	loop = (u_char)iloop;
3071	}
3072	imo = inp_findmoptions(inp);
3073	if (imo == NULL) {
3074	error = ENOMEM;
3075	break;
3076	}
3077	IMO_LOCK(imo);
3078	imo->imo_multicast_loop = !!loop;
3079	IMO_UNLOCK(imo);
3080	IMO_REMREF(imo); / from inp_findmoptions() /
3081	break;
3082	}
3083
3084	case IP_ADD_MEMBERSHIP:
3085	case IP_ADD_SOURCE_MEMBERSHIP:
3086	case MCAST_JOIN_GROUP:
3087	case MCAST_JOIN_SOURCE_GROUP:
3088	error = inp_join_group(inp, sopt);
3089	break;
3090
3091	case IP_DROP_MEMBERSHIP:
3092	case IP_DROP_SOURCE_MEMBERSHIP:
3093	case MCAST_LEAVE_GROUP:
3094	case MCAST_LEAVE_SOURCE_GROUP:
3095	error = inp_leave_group(inp, sopt);
3096	break;
3097
3098	case IP_BLOCK_SOURCE:
3099	case IP_UNBLOCK_SOURCE:
3100	case MCAST_BLOCK_SOURCE:
3101	case MCAST_UNBLOCK_SOURCE:
3102	error = inp_block_unblock_source(inp, sopt);
3103	break;
3104
3105	case IP_MSFILTER:
3106	error = inp_set_source_filters(inp, sopt);
3107	break;
3108
3109	default:
3110	error = EOPNOTSUPP;
3111	break;
3112	}
3113
3114	return (error);
3115	}
3116
3117	/*
3118	* Expose IGMP's multicast filter mode and source list(s) to userland,
3119	* keyed by (ifindex, group).
3120	* The filter mode is written out as a uint32_t, followed by
3121	* 0..n of struct in_addr.
3122	* For use by ifmcstat(8).
3123	*/
3124	static int
3125	sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS
3126	{
3127	#pragma unused(oidp)
3128
3129	struct in_addr src = {}, group;
3130	struct ifnet *ifp;
3131	struct in_multi *inm;
3132	struct in_multistep step;
3133	struct ip_msource *ims;
3134	int *name;
3135	int retval = `0`;
3136	u_int namelen;
3137	uint32_t fmode, ifindex;
3138
3139	name = (int *)arg1;
3140	namelen = (u_int)arg2;
3141
3142	if (req->newptr != USER_ADDR_NULL)
3143	return (EPERM);
3144
3145	if (namelen != `2`)
3146	return (EINVAL);
3147
3148	ifindex = name[`0`];
3149	ifnet_head_lock_shared();
3150	if (ifindex <= `0` \|\| ifindex > (u_int)if_index) {
3151	IGMP_PRINTF(("%s: ifindex %u out of range\n",
3152	__func__, ifindex));
3153	ifnet_head_done();
3154	return (ENOENT);
3155	}
3156
3157	group.s_addr = name[`1`];
3158	if (!IN_MULTICAST(ntohl(group.s_addr))) {
3159	IGMP_INET_PRINTF(group,
3160	("%s: group %s is not multicast\n",
3161	__func__, _igmp_inet_buf));
3162	ifnet_head_done();
3163	return (EINVAL);
3164	}
3165
3166	ifp = ifindex2ifnet[ifindex];
3167	ifnet_head_done();
3168	if (ifp == NULL) {
3169	IGMP_PRINTF(("%s: no ifp for ifindex %u\n", __func__, ifindex));
3170	return (ENOENT);
3171	}
3172
3173	in_multihead_lock_shared();
3174	IN_FIRST_MULTI(step, inm);
3175	while (inm != NULL) {
3176	INM_LOCK(inm);
3177	if (inm->inm_ifp != ifp)
3178	goto next;
3179
3180	if (!in_hosteq(inm->inm_addr, group))
3181	goto next;
3182
3183	fmode = inm->inm_st[`1`].iss_fmode;
3184	retval = SYSCTL_OUT(req, &fmode, sizeof(uint32_t));
3185	if (retval != `0`) {
3186	INM_UNLOCK(inm);
3187	break; / abort /
3188	}
3189	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
3190	#ifdef IGMP_DEBUG
3191	struct in_addr ina;
3192	ina.s_addr = htonl(ims->ims_haddr);
3193	IGMP_INET_PRINTF(ina,
3194	("%s: visit node %s\n", __func__, _igmp_inet_buf));
3195	#endif
3196	/*
3197	* Only copy-out sources which are in-mode.
3198	*/
3199	if (fmode != ims_get_mode(inm, ims, `1`)) {
3200	IGMP_PRINTF(("%s: skip non-in-mode\n",
3201	__func__));
3202	continue; / process next source /
3203	}
3204	src.s_addr = htonl(ims->ims_haddr);
3205	retval = SYSCTL_OUT(req, &src, sizeof(struct in_addr));
3206	if (retval != `0`)
3207	break; / process next inm /
3208	}
3209	next:
3210	INM_UNLOCK(inm);
3211	IN_NEXT_MULTI(step, inm);
3212	}
3213	in_multihead_lock_done();
3214
3215	return (retval);
3216	}
3217
3218	/*
3219	* XXX
3220	* The whole multicast option thing needs to be re-thought.
3221	* Several of these options are equally applicable to non-multicast
3222	* transmission, and one (IP_MULTICAST_TTL) totally duplicates a
3223	* standard option (IP_TTL).
3224	*/
3225	/*
3226	* following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
3227	*/
3228	static struct ifnet *
3229	ip_multicast_if(struct in_addr a, unsigned* int *ifindexp)
3230	{
3231	unsigned int ifindex;
3232	struct ifnet *ifp;
3233
3234	if (ifindexp != NULL)
3235	*ifindexp = `0`;
3236	if (ntohl(a->s_addr) >> `24` == `0`) {
3237	ifindex = ntohl(a->s_addr) & `0xffffff`;
3238	ifnet_head_lock_shared();
3239	/ Don't need to check is ifindex is < 0 since it's unsigned /
3240	if ((unsigned int)if_index < ifindex) {
3241	ifnet_head_done();
3242	return (NULL);
3243	}
3244	ifp = ifindex2ifnet[ifindex];
3245	ifnet_head_done();
3246	if (ifp != NULL && ifindexp != NULL)
3247	*ifindexp = ifindex;
3248	} else {
3249	INADDR_TO_IFP(*a, ifp);
3250	}
3251	return (ifp);
3252	}
3253
3254	void
3255	in_multi_init(void)
3256	{
3257	PE_parse_boot_argn("ifa_debug", &inm_debug, sizeof (inm_debug));
3258
3259	/ Setup lock group and attribute for in_multihead /
3260	in_multihead_lock_grp_attr = lck_grp_attr_alloc_init();
3261	in_multihead_lock_grp = lck_grp_alloc_init("in_multihead",
3262	in_multihead_lock_grp_attr);
3263	in_multihead_lock_attr = lck_attr_alloc_init();
3264	lck_rw_init(&in_multihead_lock, in_multihead_lock_grp,
3265	in_multihead_lock_attr);
3266
3267	lck_mtx_init(&inm_trash_lock, in_multihead_lock_grp,
3268	in_multihead_lock_attr);
3269	TAILQ_INIT(&inm_trash_head);
3270
3271	inm_size = (inm_debug == `0`) ? sizeof (struct in_multi) :
3272	sizeof (struct in_multi_dbg);
3273	inm_zone = zinit(inm_size, INM_ZONE_MAX * inm_size,
3274	`0`, INM_ZONE_NAME);
3275	if (inm_zone == NULL) {
3276	panic("%s: failed allocating %s", __func__, INM_ZONE_NAME);
3277	/ NOTREACHED /
3278	}
3279	zone_change(inm_zone, Z_EXPAND, TRUE);
3280
3281	ipms_size = sizeof (struct ip_msource);
3282	ipms_zone = zinit(ipms_size, IPMS_ZONE_MAX * ipms_size,
3283	`0`, IPMS_ZONE_NAME);
3284	if (ipms_zone == NULL) {
3285	panic("%s: failed allocating %s", __func__, IPMS_ZONE_NAME);
3286	/ NOTREACHED /
3287	}
3288	zone_change(ipms_zone, Z_EXPAND, TRUE);
3289
3290	inms_size = sizeof (struct in_msource);
3291	inms_zone = zinit(inms_size, INMS_ZONE_MAX * inms_size,
3292	`0`, INMS_ZONE_NAME);
3293	if (inms_zone == NULL) {
3294	panic("%s: failed allocating %s", __func__, INMS_ZONE_NAME);
3295	/ NOTREACHED /
3296	}
3297	zone_change(inms_zone, Z_EXPAND, TRUE);
3298	}
3299
3300	static struct in_multi *
3301	in_multi_alloc(int how)
3302	{
3303	struct in_multi *inm;
3304
3305	inm = (how == M_WAITOK) ? zalloc(inm_zone) : zalloc_noblock(inm_zone);
3306	if (inm != NULL) {
3307	bzero(inm, inm_size);
3308	lck_mtx_init(&inm->inm_lock, in_multihead_lock_grp,
3309	in_multihead_lock_attr);
3310	inm->inm_debug \|= IFD_ALLOC;
3311	if (inm_debug != `0`) {
3312	inm->inm_debug \|= IFD_DEBUG;
3313	inm->inm_trace = inm_trace;
3314	}
3315	}
3316	return (inm);
3317	}
3318
3319	static void
3320	in_multi_free(struct in_multi *inm)
3321	{
3322	INM_LOCK(inm);
3323	if (inm->inm_debug & IFD_ATTACHED) {
3324	panic("%s: attached inm=%p is being freed", __func__, inm);
3325	/ NOTREACHED /
3326	} else if (inm->inm_ifma != NULL) {
3327	panic("%s: ifma not NULL for inm=%p", __func__, inm);
3328	/ NOTREACHED /
3329	} else if (!(inm->inm_debug & IFD_ALLOC)) {
3330	panic("%s: inm %p cannot be freed", __func__, inm);
3331	/ NOTREACHED /
3332	} else if (inm->inm_refcount != `0`) {
3333	panic("%s: non-zero refcount inm=%p", __func__, inm);
3334	/ NOTREACHED /
3335	} else if (inm->inm_reqcnt != `0`) {
3336	panic("%s: non-zero reqcnt inm=%p", __func__, inm);
3337	/ NOTREACHED /
3338	}
3339
3340	/ Free any pending IGMPv3 state-change records /
3341	IF_DRAIN(&inm->inm_scq);
3342
3343	inm->inm_debug &= ~IFD_ALLOC;
3344	if ((inm->inm_debug & (IFD_DEBUG \| IFD_TRASHED)) ==
3345	(IFD_DEBUG \| IFD_TRASHED)) {
3346	lck_mtx_lock(&inm_trash_lock);
3347	TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3348	inm_trash_link);
3349	lck_mtx_unlock(&inm_trash_lock);
3350	inm->inm_debug &= ~IFD_TRASHED;
3351	}
3352	INM_UNLOCK(inm);
3353
3354	lck_mtx_destroy(&inm->inm_lock, in_multihead_lock_grp);
3355	zfree(inm_zone, inm);
3356	}
3357
3358	static void
3359	in_multi_attach(struct in_multi *inm)
3360	{
3361	in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3362	INM_LOCK_ASSERT_HELD(inm);
3363
3364	if (inm->inm_debug & IFD_ATTACHED) {
3365	panic("%s: Attempt to attach an already attached inm=%p",
3366	__func__, inm);
3367	/ NOTREACHED /
3368	} else if (inm->inm_debug & IFD_TRASHED) {
3369	panic("%s: Attempt to reattach a detached inm=%p",
3370	__func__, inm);
3371	/ NOTREACHED /
3372	}
3373
3374	inm->inm_reqcnt++;
3375	VERIFY(inm->inm_reqcnt == `1`);
3376	INM_ADDREF_LOCKED(inm);
3377	inm->inm_debug \|= IFD_ATTACHED;
3378	/*
3379	* Reattach case: If debugging is enabled, take it
3380	* out of the trash list and clear IFD_TRASHED.
3381	*/
3382	if ((inm->inm_debug & (IFD_DEBUG \| IFD_TRASHED)) ==
3383	(IFD_DEBUG \| IFD_TRASHED)) {
3384	/ Become a regular mutex, just in case /
3385	INM_CONVERT_LOCK(inm);
3386	lck_mtx_lock(&inm_trash_lock);
3387	TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3388	inm_trash_link);
3389	lck_mtx_unlock(&inm_trash_lock);
3390	inm->inm_debug &= ~IFD_TRASHED;
3391	}
3392
3393	LIST_INSERT_HEAD(&in_multihead, inm, inm_link);
3394	}
3395
3396	int
3397	in_multi_detach(struct in_multi *inm)
3398	{
3399	in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3400	INM_LOCK_ASSERT_HELD(inm);
3401
3402	if (inm->inm_reqcnt == `0`) {
3403	panic("%s: inm=%p negative reqcnt", __func__, inm);
3404	/ NOTREACHED /
3405	}
3406
3407	--inm->inm_reqcnt;
3408	if (inm->inm_reqcnt > `0`)
3409	return (`0`);
3410
3411	if (!(inm->inm_debug & IFD_ATTACHED)) {
3412	panic("%s: Attempt to detach an unattached record inm=%p",
3413	__func__, inm);
3414	/ NOTREACHED /
3415	} else if (inm->inm_debug & IFD_TRASHED) {
3416	panic("%s: inm %p is already in trash list", __func__, inm);
3417	/ NOTREACHED /
3418	}
3419
3420	/*
3421	* NOTE: Caller calls IFMA_REMREF
3422	*/
3423	inm->inm_debug &= ~IFD_ATTACHED;
3424	LIST_REMOVE(inm, inm_link);
3425
3426	if (inm->inm_debug & IFD_DEBUG) {
3427	/ Become a regular mutex, just in case /
3428	INM_CONVERT_LOCK(inm);
3429	lck_mtx_lock(&inm_trash_lock);
3430	TAILQ_INSERT_TAIL(&inm_trash_head,
3431	(struct in_multi_dbg *)inm, inm_trash_link);
3432	lck_mtx_unlock(&inm_trash_lock);
3433	inm->inm_debug \|= IFD_TRASHED;
3434	}
3435
3436	return (`1`);
3437	}
3438
3439	void
3440	inm_addref(struct in_multi inm, int* locked)
3441	{
3442	if (!locked)
3443	INM_LOCK_SPIN(inm);
3444	else
3445	INM_LOCK_ASSERT_HELD(inm);
3446
3447	if (++inm->inm_refcount == `0`) {
3448	panic("%s: inm=%p wraparound refcnt", __func__, inm);
3449	/ NOTREACHED /
3450	} else if (inm->inm_trace != NULL) {
3451	(*inm->inm_trace)(inm, TRUE);
3452	}
3453	if (!locked)
3454	INM_UNLOCK(inm);
3455	}
3456
3457	void
3458	inm_remref(struct in_multi inm, int* locked)
3459	{
3460	struct ifmultiaddr *ifma;
3461	struct igmp_ifinfo *igi;
3462
3463	if (!locked)
3464	INM_LOCK_SPIN(inm);
3465	else
3466	INM_LOCK_ASSERT_HELD(inm);
3467
3468	if (inm->inm_refcount == `0` \|\| (inm->inm_refcount == `1` && locked)) {
3469	panic("%s: inm=%p negative/missing refcnt", __func__, inm);
3470	/ NOTREACHED /
3471	} else if (inm->inm_trace != NULL) {
3472	(*inm->inm_trace)(inm, FALSE);
3473	}
3474
3475	--inm->inm_refcount;
3476	if (inm->inm_refcount > `0`) {
3477	if (!locked)
3478	INM_UNLOCK(inm);
3479	return;
3480	}
3481
3482	/*
3483	* Synchronization with in_getmulti(). In the event the inm has been
3484	* detached, the underlying ifma would still be in the if_multiaddrs
3485	* list, and thus can be looked up via if_addmulti(). At that point,
3486	* the only way to find this inm is via ifma_protospec. To avoid
3487	* race conditions between the last inm_remref() of that inm and its
3488	* use via ifma_protospec, in_multihead lock is used for serialization.
3489	* In order to avoid violating the lock order, we must drop inm_lock
3490	* before acquiring in_multihead lock. To prevent the inm from being
3491	* freed prematurely, we hold an extra reference.
3492	*/
3493	++inm->inm_refcount;
3494	INM_UNLOCK(inm);
3495	in_multihead_lock_shared();
3496	INM_LOCK_SPIN(inm);
3497	--inm->inm_refcount;
3498	if (inm->inm_refcount > `0`) {
3499	/ We've lost the race, so abort since inm is still in use /
3500	INM_UNLOCK(inm);
3501	in_multihead_lock_done();
3502	/ If it was locked, return it as such /
3503	if (locked)
3504	INM_LOCK(inm);
3505	return;
3506	}
3507	inm_purge(inm);
3508	ifma = inm->inm_ifma;
3509	inm->inm_ifma = NULL;
3510	inm->inm_ifp = NULL;
3511	igi = inm->inm_igi;
3512	inm->inm_igi = NULL;
3513	INM_UNLOCK(inm);
3514	IFMA_LOCK_SPIN(ifma);
3515	ifma->ifma_protospec = NULL;
3516	IFMA_UNLOCK(ifma);
3517	in_multihead_lock_done();
3518
3519	in_multi_free(inm);
3520	if_delmulti_ifma(ifma);
3521	/ Release reference held to the underlying ifmultiaddr /
3522	IFMA_REMREF(ifma);
3523
3524	if (igi != NULL)
3525	IGI_REMREF(igi);
3526	}
3527
3528	static void
3529	inm_trace(struct in_multi inm, int* refhold)
3530	{
3531	struct in_multi_dbg inm_dbg = (struct* in_multi_dbg *)inm;
3532	ctrace_t *tr;
3533	u_int32_t idx;
3534	u_int16_t *cnt;
3535
3536	if (!(inm->inm_debug & IFD_DEBUG)) {
3537	panic("%s: inm %p has no debug structure", __func__, inm);
3538	/ NOTREACHED /
3539	}
3540	if (refhold) {
3541	cnt = &inm_dbg->inm_refhold_cnt;
3542	tr = inm_dbg->inm_refhold;
3543	} else {
3544	cnt = &inm_dbg->inm_refrele_cnt;
3545	tr = inm_dbg->inm_refrele;
3546	}
3547
3548	idx = atomic_add_16_ov(cnt, `1`) % INM_TRACE_HIST_SIZE;
3549	ctrace_record(&tr[idx]);
3550	}
3551
3552	void
3553	in_multihead_lock_exclusive(void)
3554	{
3555	lck_rw_lock_exclusive(&in_multihead_lock);
3556	}
3557
3558	void
3559	in_multihead_lock_shared(void)
3560	{
3561	lck_rw_lock_shared(&in_multihead_lock);
3562	}
3563
3564	void
3565	in_multihead_lock_assert(int what)
3566	{
3567	#if !MACH_ASSERT
3568	#pragma unused(what)
3569	#endif
3570	LCK_RW_ASSERT(&in_multihead_lock, what);
3571	}
3572
3573	void
3574	in_multihead_lock_done(void)
3575	{
3576	lck_rw_done(&in_multihead_lock);
3577	}
3578
3579	static struct ip_msource *
3580	ipms_alloc(int how)
3581	{
3582	struct ip_msource *ims;
3583
3584	ims = (how == M_WAITOK) ? zalloc(ipms_zone) : zalloc_noblock(ipms_zone);
3585	if (ims != NULL)
3586	bzero(ims, ipms_size);
3587
3588	return (ims);
3589	}
3590
3591	static void
3592	ipms_free(struct ip_msource *ims)
3593	{
3594	zfree(ipms_zone, ims);
3595	}
3596
3597	static struct in_msource *
3598	inms_alloc(int how)
3599	{
3600	struct in_msource *inms;
3601
3602	inms = (how == M_WAITOK) ? zalloc(inms_zone) :
3603	zalloc_noblock(inms_zone);
3604	if (inms != NULL)
3605	bzero(inms, inms_size);
3606
3607	return (inms);
3608	}
3609
3610	static void
3611	inms_free(struct in_msource *inms)
3612	{
3613	zfree(inms_zone, inms);
3614	}
3615
3616	#ifdef IGMP_DEBUG
3617
3618	static const char *inm_modestrs[] = { "un\n", "in", "ex" };
3619
3620	static const char *
3621	inm_mode_str(const int mode)
3622	{
3623	if (mode >= MCAST_UNDEFINED && mode <= MCAST_EXCLUDE)
3624	return (inm_modestrs[mode]);
3625	return ("??");
3626	}
3627
3628	static const char *inm_statestrs[] = {
3629	"not-member\n",
3630	"silent\n",
3631	"reporting\n",
3632	"idle\n",
3633	"lazy\n",
3634	"sleeping\n",
3635	"awakening\n",
3636	"query-pending\n",
3637	"sg-query-pending\n",
3638	"leaving"
3639	};
3640
3641	static const char *
3642	inm_state_str(const int state)
3643	{
3644	if (state >= IGMP_NOT_MEMBER && state <= IGMP_LEAVING_MEMBER)
3645	return (inm_statestrs[state]);
3646	return ("??");
3647	}
3648
3649	/*
3650	* Dump an in_multi structure to the console.
3651	*/
3652	void
3653	inm_print(const struct in_multi *inm)
3654	{
3655	int t;
3656	char buf[MAX_IPv4_STR_LEN];
3657
3658	INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
3659
3660	if (igmp_debug == `0`)
3661	return;
3662
3663	inet_ntop(AF_INET, &inm->inm_addr, buf, sizeof(buf));
3664	printf("%s: --- begin inm 0x%llx ---\n", __func__,
3665	(uint64_t)VM_KERNEL_ADDRPERM(inm));
3666	printf("addr %s ifp 0x%llx(%s) ifma 0x%llx\n",
3667	buf,
3668	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
3669	if_name(inm->inm_ifp),
3670	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifma));
3671	printf("timer %u state %s refcount %u scq.len %u\n",
3672	inm->inm_timer,
3673	inm_state_str(inm->inm_state),
3674	inm->inm_refcount,
3675	inm->inm_scq.ifq_len);
3676	printf("igi 0x%llx nsrc %lu sctimer %u scrv %u\n",
3677	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_igi),
3678	inm->inm_nsrc,
3679	inm->inm_sctimer,
3680	inm->inm_scrv);
3681	for (t = `0`; t < `2`; t++) {
3682	printf("t%d: fmode %s asm %u ex %u in %u rec %u\n", t,
3683	inm_mode_str(inm->inm_st[t].iss_fmode),
3684	inm->inm_st[t].iss_asm,
3685	inm->inm_st[t].iss_ex,
3686	inm->inm_st[t].iss_in,
3687	inm->inm_st[t].iss_rec);
3688	}
3689	printf("%s: --- end inm 0x%llx ---\n", __func__,
3690	(uint64_t)VM_KERNEL_ADDRPERM(inm));
3691	}
3692
3693	#else
3694
3695	void
3696	inm_print(__unused const struct in_multi *inm)
3697	{
3698
3699	}
3700
3701	#endif
3702

Browse the source code of xnu/bsd/netinet/in_mcast.c