in6.c source code [xnu/bsd/netinet6/in6.c]

1	/*
2	* Copyright (c) 2003-2018 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	/*
30	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31	* All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	* 1. Redistributions of source code must retain the above copyright
37	* notice, this list of conditions and the following disclaimer.
38	* 2. Redistributions in binary form must reproduce the above copyright
39	* notice, this list of conditions and the following disclaimer in the
40	* documentation and/or other materials provided with the distribution.
41	* 3. Neither the name of the project nor the names of its contributors
42	* may be used to endorse or promote products derived from this software
43	* without specific prior written permission.
44	*
45	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55	* SUCH DAMAGE.
56	*/
57
58	/*
59	* Copyright (c) 1982, 1986, 1991, 1993
60	* The Regents of the University of California. All rights reserved.
61	*
62	* Redistribution and use in source and binary forms, with or without
63	* modification, are permitted provided that the following conditions
64	* are met:
65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.
67	* 2. Redistributions in binary form must reproduce the above copyright
68	* notice, this list of conditions and the following disclaimer in the
69	* documentation and/or other materials provided with the distribution.
70	* 3. All advertising materials mentioning features or use of this software
71	* must display the following acknowledgement:
72	* This product includes software developed by the University of
73	* California, Berkeley and its contributors.
74	* 4. Neither the name of the University nor the names of its contributors
75	* may be used to endorse or promote products derived from this software
76	* without specific prior written permission.
77	*
78	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88	* SUCH DAMAGE.
89	*
90	* @(#)in.c 8.2 (Berkeley) 11/15/93
91	*/
92
93
94	#include <sys/param.h>
95	#include <sys/ioctl.h>
96	#include <sys/errno.h>
97	#include <sys/malloc.h>
98	#include <sys/socket.h>
99	#include <sys/socketvar.h>
100	#include <sys/sockio.h>
101	#include <sys/systm.h>
102	#include <sys/time.h>
103	#include <sys/kernel.h>
104	#include <sys/syslog.h>
105	#include <sys/kern_event.h>
106	#include <sys/mcache.h>
107	#include <sys/protosw.h>
108	#include <sys/sysctl.h>
109
110	#include <kern/locks.h>
111	#include <kern/zalloc.h>
112	#include <kern/clock.h>
113	#include <libkern/OSAtomic.h>
114	#include <machine/machine_routines.h>
115	#include <mach/boolean.h>
116
117	#include <net/if.h>
118	#include <net/if_types.h>
119	#include <net/if_var.h>
120	#include <net/route.h>
121	#include <net/if_dl.h>
122	#include <net/kpi_protocol.h>
123	#include <net/nwk_wq.h>
124
125	#include <netinet/in.h>
126	#include <netinet/in_var.h>
127	#include <netinet/if_ether.h>
128	#include <netinet/in_systm.h>
129	#include <netinet/ip.h>
130	#include <netinet/in_pcb.h>
131	#include <netinet/icmp6.h>
132	#include <netinet/tcp.h>
133	#include <netinet/tcp_seq.h>
134	#include <netinet/tcp_var.h>
135
136	#include <netinet6/nd6.h>
137	#include <netinet/ip6.h>
138	#include <netinet6/ip6_var.h>
139	#include <netinet6/mld6_var.h>
140	#include <netinet6/in6_ifattach.h>
141	#include <netinet6/scope6_var.h>
142	#include <netinet6/in6_var.h>
143	#include <netinet6/in6_pcb.h>
144
145	#include <net/net_osdep.h>
146
147	#include <net/dlil.h>
148	#include <net/if_llatbl.h>
149
150	#if PF
151	#include <net/pfvar.h>
152	#endif /* PF */
153
154	/*
155	* Definitions of some costant IP6 addresses.
156	*/
157	const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
158	const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
159	const struct in6_addr in6addr_nodelocal_allnodes =
160	IN6ADDR_NODELOCAL_ALLNODES_INIT;
161	const struct in6_addr in6addr_linklocal_allnodes =
162	IN6ADDR_LINKLOCAL_ALLNODES_INIT;
163	const struct in6_addr in6addr_linklocal_allrouters =
164	IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
165	const struct in6_addr in6addr_linklocal_allv2routers =
166	IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
167
168	const struct in6_addr in6mask0 = IN6MASK0;
169	const struct in6_addr in6mask7 = IN6MASK7;
170	const struct in6_addr in6mask16 = IN6MASK16;
171	const struct in6_addr in6mask32 = IN6MASK32;
172	const struct in6_addr in6mask64 = IN6MASK64;
173	const struct in6_addr in6mask96 = IN6MASK96;
174	const struct in6_addr in6mask128 = IN6MASK128;
175
176	const struct sockaddr_in6 sa6_any = {
177	sizeof (sa6_any), AF_INET6, `0`, `0`, IN6ADDR_ANY_INIT, `0`
178	};
179
180	static int in6ctl_associd(struct socket *, u_long, caddr_t);
181	static int in6ctl_connid(struct socket *, u_long, caddr_t);
182	static int in6ctl_conninfo(struct socket *, u_long, caddr_t);
183	static int in6ctl_llstart(struct ifnet *, u_long, caddr_t);
184	static int in6ctl_llstop(struct ifnet *);
185	static int in6ctl_cgastart(struct ifnet *, u_long, caddr_t);
186	static int in6ctl_gifaddr(struct ifnet , struct* in6_ifaddr *, u_long,
187	struct in6_ifreq *);
188	static int in6ctl_gifstat(struct ifnet , u_long, struct* in6_ifreq *);
189	static int in6ctl_alifetime(struct in6_ifaddr , u_long, struct* in6_ifreq *,
190	boolean_t);
191	static int in6ctl_aifaddr(struct ifnet , struct* in6_aliasreq *);
192	static void in6ctl_difaddr(struct ifnet , struct* in6_ifaddr *);
193	static int in6_autoconf(struct ifnet , int*);
194	static int in6_setrouter(struct ifnet , int*);
195	static int in6_ifinit(struct ifnet , struct* in6_ifaddr , int*);
196	static int in6_ifaupdate_aux(struct in6_ifaddr , struct* ifnet , int*);
197	static void in6_unlink_ifa(struct in6_ifaddr , struct* ifnet *);
198	static struct in6_ifaddr in6_ifaddr_alloc(int*);
199	static void in6_ifaddr_attached(struct ifaddr *);
200	static void in6_ifaddr_detached(struct ifaddr *);
201	static void in6_ifaddr_free(struct ifaddr *);
202	static void in6_ifaddr_trace(struct ifaddr , int*);
203	#if defined(__LP64__)
204	static void in6_cgareq_32_to_64(struct in6_cgareq_32 *,
205	struct in6_cgareq_64 *);
206	#else
207	static void in6_cgareq_64_to_32(struct in6_cgareq_64 *,
208	struct in6_cgareq_32 *);
209	#endif
210	static struct in6_aliasreq in6_aliasreq_to_native(void* , int*,
211	struct in6_aliasreq *);
212	static struct in6_cgareq in6_cgareq_to_native(void* , int*,
213	struct in6_cgareq *);
214	static int in6_to_kamescope(struct sockaddr_in6 , struct* ifnet *);
215	static int in6_getassocids(struct socket , uint32_t , user_addr_t);
216	static int in6_getconnids(struct socket , sae_associd_t, uint32_t ,
217	user_addr_t);
218
219	static void in6_if_up_dad_start(struct ifnet *);
220
221	extern lck_mtx_t *nd6_mutex;
222
223	#define IN6IFA_TRACE_HIST_SIZE 32 /* size of trace history */
224
225	/ For gdb /
226	__private_extern__ unsigned int in6ifa_trace_hist_size = IN6IFA_TRACE_HIST_SIZE;
227
228	struct in6_ifaddr_dbg {
229	struct in6_ifaddr in6ifa; / in6_ifaddr /
230	struct in6_ifaddr in6ifa_old; / saved in6_ifaddr /
231	u_int16_t in6ifa_refhold_cnt; / # of IFA_ADDREF /
232	u_int16_t in6ifa_refrele_cnt; / # of IFA_REMREF /
233	/*
234	* Alloc and free callers.
235	*/
236	ctrace_t in6ifa_alloc;
237	ctrace_t in6ifa_free;
238	/*
239	* Circular lists of IFA_ADDREF and IFA_REMREF callers.
240	*/
241	ctrace_t in6ifa_refhold[IN6IFA_TRACE_HIST_SIZE];
242	ctrace_t in6ifa_refrele[IN6IFA_TRACE_HIST_SIZE];
243	/*
244	* Trash list linkage
245	*/
246	TAILQ_ENTRY(in6_ifaddr_dbg) in6ifa_trash_link;
247	};
248
249	/ List of trash in6_ifaddr entries protected by in6ifa_trash_lock /
250	static TAILQ_HEAD(, in6_ifaddr_dbg) in6ifa_trash_head;
251	static decl_lck_mtx_data(, in6ifa_trash_lock);
252
253	#if DEBUG
254	static unsigned int in6ifa_debug = `1`; / debugging (enabled) /
255	#else
256	static unsigned int in6ifa_debug; / debugging (disabled) /
257	#endif /* !DEBUG */
258	static unsigned int in6ifa_size; / size of zone element /
259	static struct zone in6ifa_zone; /* zone for in6_ifaddr /
260
261	#define IN6IFA_ZONE_MAX 64 /* maximum elements in zone */
262	#define IN6IFA_ZONE_NAME "in6_ifaddr" /* zone name */
263
264	struct eventhandler_lists_ctxt in6_evhdlr_ctxt;
265	struct eventhandler_lists_ctxt in6_clat46_evhdlr_ctxt;
266	/*
267	* Subroutine for in6_ifaddloop() and in6_ifremloop().
268	* This routine does actual work.
269	*/
270	static void
271	in6_ifloop_request(int cmd, struct ifaddr *ifa)
272	{
273	struct sockaddr_in6 all1_sa;
274	struct rtentry *nrt = NULL;
275	int e;
276
277	bzero(&all1_sa, sizeof (all1_sa));
278	all1_sa.sin6_family = AF_INET6;
279	all1_sa.sin6_len = sizeof (struct sockaddr_in6);
280	all1_sa.sin6_addr = in6mask128;
281
282	/*
283	* We specify the address itself as the gateway, and set the
284	* RTF_LLINFO flag, so that the corresponding host route would have
285	* the flag, and thus applications that assume traditional behavior
286	* would be happy. Note that we assume the caller of the function
287	* (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
288	* which changes the outgoing interface to the loopback interface.
289	* ifa_addr for INET6 is set once during init; no need to hold lock.
290	*/
291	lck_mtx_lock(rnh_lock);
292	e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
293	(struct sockaddr *)&all1_sa, RTF_UP\|RTF_HOST\|RTF_LLINFO, &nrt);
294	if (e != `0`) {
295	log(LOG_ERR, "in6_ifloop_request: "
296	"%s operation failed for %s (errno=%d)\n",
297	cmd == RTM_ADD ? "ADD" : "DELETE",
298	ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr),
299	e);
300	}
301
302	if (nrt != NULL)
303	RT_LOCK(nrt);
304	/*
305	* Make sure rt_ifa be equal to IFA, the second argument of the
306	* function.
307	* We need this because when we refer to rt_ifa->ia6_flags in
308	* ip6_input, we assume that the rt_ifa points to the address instead
309	* of the loopback address.
310	*/
311	if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) {
312	rtsetifa(nrt, ifa);
313	}
314
315	/*
316	* Report the addition/removal of the address to the routing socket.
317	* XXX: since we called rtinit for a p2p interface with a destination,
318	* we end up reporting twice in such a case. Should we rather
319	* omit the second report?
320	*/
321	if (nrt != NULL) {
322	rt_newaddrmsg(cmd, ifa, e, nrt);
323	if (cmd == RTM_DELETE) {
324	RT_UNLOCK(nrt);
325	rtfree_locked(nrt);
326	} else {
327	/ the cmd must be RTM_ADD here /
328	RT_REMREF_LOCKED(nrt);
329	RT_UNLOCK(nrt);
330	}
331	}
332	lck_mtx_unlock(rnh_lock);
333	}
334
335	/*
336	* Add ownaddr as loopback rtentry. We previously add the route only if
337	* necessary (ex. on a p2p link). However, since we now manage addresses
338	* separately from prefixes, we should always add the route. We can't
339	* rely on the cloning mechanism from the corresponding interface route
340	* any more.
341	*/
342	static void
343	in6_ifaddloop(struct ifaddr *ifa)
344	{
345	struct rtentry *rt;
346
347	/*
348	* If there is no loopback entry, allocate one. ifa_addr for
349	* INET6 is set once during init; no need to hold lock.
350	*/
351	rt = rtalloc1(ifa->ifa_addr, `0`, `0`);
352	if (rt != NULL)
353	RT_LOCK(rt);
354	if (rt == NULL \|\| (rt->rt_flags & RTF_HOST) == `0` \|\|
355	(rt->rt_ifp->if_flags & IFF_LOOPBACK) == `0`) {
356	if (rt != NULL) {
357	RT_REMREF_LOCKED(rt);
358	RT_UNLOCK(rt);
359	}
360	in6_ifloop_request(RTM_ADD, ifa);
361	} else if (rt != NULL) {
362	RT_REMREF_LOCKED(rt);
363	RT_UNLOCK(rt);
364	}
365	}
366
367	/*
368	* Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
369	* if it exists.
370	*/
371	static void
372	in6_ifremloop(struct ifaddr *ifa)
373	{
374	struct in6_ifaddr *ia;
375	struct rtentry *rt;
376	int ia_count = `0`;
377
378	/*
379	* Some of BSD variants do not remove cloned routes
380	* from an interface direct route, when removing the direct route
381	* (see comments in net/net_osdep.h). Even for variants that do remove
382	* cloned routes, they could fail to remove the cloned routes when
383	* we handle multple addresses that share a common prefix.
384	* So, we should remove the route corresponding to the deleted address
385	* regardless of the result of in6_is_ifloop_auto().
386	*/
387
388	/*
389	* Delete the entry only if exact one ifa exists. More than one ifa
390	* can exist if we assign a same single address to multiple
391	* (probably p2p) interfaces.
392	* XXX: we should avoid such a configuration in IPv6...
393	*/
394	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
395	for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
396	IFA_LOCK(&ia->ia_ifa);
397	if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
398	ia_count++;
399	if (ia_count > `1`) {
400	IFA_UNLOCK(&ia->ia_ifa);
401	break;
402	}
403	}
404	IFA_UNLOCK(&ia->ia_ifa);
405	}
406	lck_rw_done(&in6_ifaddr_rwlock);
407
408	if (ia_count == `1`) {
409	/*
410	* Before deleting, check if a corresponding loopbacked host
411	* route surely exists. With this check, we can avoid to
412	* delete an interface direct route whose destination is same
413	* as the address being removed. This can happen when removing
414	* a subnet-router anycast address on an interface attahced
415	* to a shared medium. ifa_addr for INET6 is set once during
416	* init; no need to hold lock.
417	*/
418	rt = rtalloc1(ifa->ifa_addr, `0`, `0`);
419	if (rt != NULL) {
420	RT_LOCK(rt);
421	if ((rt->rt_flags & RTF_HOST) != `0` &&
422	(rt->rt_ifp->if_flags & IFF_LOOPBACK) != `0`) {
423	RT_REMREF_LOCKED(rt);
424	RT_UNLOCK(rt);
425	in6_ifloop_request(RTM_DELETE, ifa);
426	} else {
427	RT_UNLOCK(rt);
428	}
429	}
430	}
431	}
432
433
434	int
435	in6_mask2len(struct in6_addr mask, u_char lim0)
436	{
437	int x = `0`, y;
438	u_char lim = lim0, p;
439
440	/ ignore the scope_id part /
441	if (lim0 == NULL \|\| lim0 - (u_char )mask > sizeof* (*mask))
442	lim = (u_char )mask + sizeof* (*mask);
443	for (p = (u_char *)mask; p < lim; x++, p++) {
444	if (*p != `0xff`)
445	break;
446	}
447	y = `0`;
448	if (p < lim) {
449	for (y = `0`; y < `8`; y++) {
450	if ((*p & (`0x80` >> y)) == `0`)
451	break;
452	}
453	}
454
455	/*
456	* when the limit pointer is given, do a stricter check on the
457	* remaining bits.
458	*/
459	if (p < lim) {
460	if (y != `0` && (*p & (`0x00ff` >> y)) != `0`)
461	return (-`1`);
462	for (p = p + `1`; p < lim; p++)
463	if (*p != `0`)
464	return (-`1`);
465	}
466
467	return (x * `8` + y);
468	}
469
470	void
471	in6_len2mask(struct in6_addr mask, int* len)
472	{
473	int i;
474
475	bzero(mask, sizeof (*mask));
476	for (i = `0`; i < len / `8`; i++)
477	mask->s6_addr8[i] = `0xff`;
478	if (len % `8`)
479	mask->s6_addr8[i] = (`0xff00` >> (len % `8`)) & `0xff`;
480	}
481
482	void
483	in6_aliasreq_64_to_32(struct in6_aliasreq_64 src, struct* in6_aliasreq_32 *dst)
484	{
485	bzero(dst, sizeof (*dst));
486	bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name));
487	dst->ifra_addr = src->ifra_addr;
488	dst->ifra_dstaddr = src->ifra_dstaddr;
489	dst->ifra_prefixmask = src->ifra_prefixmask;
490	dst->ifra_flags = src->ifra_flags;
491	dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
492	dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
493	dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
494	dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
495	}
496
497	void
498	in6_aliasreq_32_to_64(struct in6_aliasreq_32 src, struct* in6_aliasreq_64 *dst)
499	{
500	bzero(dst, sizeof (*dst));
501	bcopy(src->ifra_name, dst->ifra_name, sizeof (dst->ifra_name));
502	dst->ifra_addr = src->ifra_addr;
503	dst->ifra_dstaddr = src->ifra_dstaddr;
504	dst->ifra_prefixmask = src->ifra_prefixmask;
505	dst->ifra_flags = src->ifra_flags;
506	dst->ifra_lifetime.ia6t_expire = src->ifra_lifetime.ia6t_expire;
507	dst->ifra_lifetime.ia6t_preferred = src->ifra_lifetime.ia6t_preferred;
508	dst->ifra_lifetime.ia6t_vltime = src->ifra_lifetime.ia6t_vltime;
509	dst->ifra_lifetime.ia6t_pltime = src->ifra_lifetime.ia6t_pltime;
510	}
511
512	#if defined(__LP64__)
513	void
514	in6_cgareq_32_to_64(struct in6_cgareq_32 *src,
515	struct in6_cgareq_64 *dst)
516	{
517	bzero(dst, sizeof (*dst));
518	bcopy(src->cgar_name, dst->cgar_name, sizeof (dst->cgar_name));
519	dst->cgar_flags = src->cgar_flags;
520	bcopy(src->cgar_cgaprep.cga_modifier.octets,
521	dst->cgar_cgaprep.cga_modifier.octets,
522	sizeof (dst->cgar_cgaprep.cga_modifier.octets));
523	dst->cgar_cgaprep.cga_security_level =
524	src->cgar_cgaprep.cga_security_level;
525	dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
526	dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
527	dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
528	dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
529	}
530	#endif
531
532	#if !defined(__LP64__)
533	void
534	in6_cgareq_64_to_32(struct in6_cgareq_64 *src,
535	struct in6_cgareq_32 *dst)
536	{
537	bzero(dst, sizeof (*dst));
538	bcopy(src->cgar_name, dst->cgar_name, sizeof (dst->cgar_name));
539	dst->cgar_flags = src->cgar_flags;
540	bcopy(src->cgar_cgaprep.cga_modifier.octets,
541	dst->cgar_cgaprep.cga_modifier.octets,
542	sizeof (dst->cgar_cgaprep.cga_modifier.octets));
543	dst->cgar_cgaprep.cga_security_level =
544	src->cgar_cgaprep.cga_security_level;
545	dst->cgar_lifetime.ia6t_expire = src->cgar_lifetime.ia6t_expire;
546	dst->cgar_lifetime.ia6t_preferred = src->cgar_lifetime.ia6t_preferred;
547	dst->cgar_lifetime.ia6t_vltime = src->cgar_lifetime.ia6t_vltime;
548	dst->cgar_lifetime.ia6t_pltime = src->cgar_lifetime.ia6t_pltime;
549	}
550	#endif
551
552	static struct in6_aliasreq *
553	in6_aliasreq_to_native(void data, int* data_is_64, struct in6_aliasreq *dst)
554	{
555	#if defined(__LP64__)
556	if (data_is_64)
557	bcopy(data, dst, sizeof (*dst));
558	else
559	in6_aliasreq_32_to_64((struct in6_aliasreq_32 *)data,
560	(struct in6_aliasreq_64 *)dst);
561	#else
562	if (data_is_64)
563	in6_aliasreq_64_to_32((struct in6_aliasreq_64 *)data,
564	(struct in6_aliasreq_32 *)dst);
565	else
566	bcopy(data, dst, sizeof (*dst));
567	#endif /* __LP64__ */
568	return (dst);
569	}
570
571	static struct in6_cgareq *
572	in6_cgareq_to_native(void data, int* is64, struct in6_cgareq *dst)
573	{
574	#if defined(__LP64__)
575	if (is64)
576	bcopy(data, dst, sizeof (*dst));
577	else
578	in6_cgareq_32_to_64((struct in6_cgareq_32 *)data,
579	(struct in6_cgareq_64 *)dst);
580	#else
581	if (is64)
582	in6_cgareq_64_to_32((struct in6_cgareq_64 *)data,
583	(struct in6_cgareq_32 *)dst);
584	else
585	bcopy(data, dst, sizeof (*dst));
586	#endif /* __LP64__ */
587	return (dst);
588	}
589
590	static __attribute__((noinline)) int
591	in6ctl_associd(struct socket *so, u_long cmd, caddr_t data)
592	{
593	int error = `0`;
594	union {
595	struct so_aidreq32 a32;
596	struct so_aidreq64 a64;
597	} u;
598
599	VERIFY(so != NULL);
600
601	switch (cmd) {
602	case SIOCGASSOCIDS32: { / struct so_aidreq32 /
603	bcopy(data, &u.a32, sizeof (u.a32));
604	error = in6_getassocids(so, &u.a32.sar_cnt, u.a32.sar_aidp);
605	if (error == `0`)
606	bcopy(&u.a32, data, sizeof (u.a32));
607	break;
608	}
609
610	case SIOCGASSOCIDS64: { / struct so_aidreq64 /
611	bcopy(data, &u.a64, sizeof (u.a64));
612	error = in6_getassocids(so, &u.a64.sar_cnt, u.a64.sar_aidp);
613	if (error == `0`)
614	bcopy(&u.a64, data, sizeof (u.a64));
615	break;
616	}
617
618	default:
619	VERIFY(`0`);
620	/ NOTREACHED /
621	}
622
623	return (error);
624	}
625
626	static __attribute__((noinline)) int
627	in6ctl_connid(struct socket *so, u_long cmd, caddr_t data)
628	{
629	int error = `0`;
630	union {
631	struct so_cidreq32 c32;
632	struct so_cidreq64 c64;
633	} u;
634
635	VERIFY(so != NULL);
636
637	switch (cmd) {
638	case SIOCGCONNIDS32: { / struct so_cidreq32 /
639	bcopy(data, &u.c32, sizeof (u.c32));
640	error = in6_getconnids(so, u.c32.scr_aid, &u.c32.scr_cnt,
641	u.c32.scr_cidp);
642	if (error == `0`)
643	bcopy(&u.c32, data, sizeof (u.c32));
644	break;
645	}
646
647	case SIOCGCONNIDS64: { / struct so_cidreq64 /
648	bcopy(data, &u.c64, sizeof (u.c64));
649	error = in6_getconnids(so, u.c64.scr_aid, &u.c64.scr_cnt,
650	u.c64.scr_cidp);
651	if (error == `0`)
652	bcopy(&u.c64, data, sizeof (u.c64));
653	break;
654	}
655
656	default:
657	VERIFY(`0`);
658	/ NOTREACHED /
659	}
660
661	return (error);
662	}
663
664	static __attribute__((noinline)) int
665	in6ctl_conninfo(struct socket *so, u_long cmd, caddr_t data)
666	{
667	int error = `0`;
668	union {
669	struct so_cinforeq32 ci32;
670	struct so_cinforeq64 ci64;
671	} u;
672
673	VERIFY(so != NULL);
674
675	switch (cmd) {
676	case SIOCGCONNINFO32: { / struct so_cinforeq32 /
677	bcopy(data, &u.ci32, sizeof (u.ci32));
678	error = in6_getconninfo(so, u.ci32.scir_cid, &u.ci32.scir_flags,
679	&u.ci32.scir_ifindex, &u.ci32.scir_error, u.ci32.scir_src,
680	&u.ci32.scir_src_len, u.ci32.scir_dst, &u.ci32.scir_dst_len,
681	&u.ci32.scir_aux_type, u.ci32.scir_aux_data,
682	&u.ci32.scir_aux_len);
683	if (error == `0`)
684	bcopy(&u.ci32, data, sizeof (u.ci32));
685	break;
686	}
687
688	case SIOCGCONNINFO64: { / struct so_cinforeq64 /
689	bcopy(data, &u.ci64, sizeof (u.ci64));
690	error = in6_getconninfo(so, u.ci64.scir_cid, &u.ci64.scir_flags,
691	&u.ci64.scir_ifindex, &u.ci64.scir_error, u.ci64.scir_src,
692	&u.ci64.scir_src_len, u.ci64.scir_dst, &u.ci64.scir_dst_len,
693	&u.ci64.scir_aux_type, u.ci64.scir_aux_data,
694	&u.ci64.scir_aux_len);
695	if (error == `0`)
696	bcopy(&u.ci64, data, sizeof (u.ci64));
697	break;
698	}
699
700	default:
701	VERIFY(`0`);
702	/ NOTREACHED /
703	}
704
705	return (error);
706	}
707
708	static __attribute__((noinline)) int
709	in6ctl_llstart(struct ifnet *ifp, u_long cmd, caddr_t data)
710	{
711	struct in6_aliasreq sifra, *ifra = NULL;
712	boolean_t is64;
713	int error = `0`;
714
715	VERIFY(ifp != NULL);
716
717	switch (cmd) {
718	case SIOCLL_START_32: / struct in6_aliasreq_32 /
719	case SIOCLL_START_64: / struct in6_aliasreq_64 /
720	is64 = (cmd == SIOCLL_START_64);
721	/*
722	* Convert user ifra to the kernel form, when appropriate.
723	* This allows the conversion between different data models
724	* to be centralized, so that it can be passed around to other
725	* routines that are expecting the kernel form.
726	*/
727	ifra = in6_aliasreq_to_native(data, is64, &sifra);
728
729	/*
730	* NOTE: All the interface specific DLIL attachements should
731	* be done here. They are currently done in in6_ifattach_aux()
732	* for the interfaces that need it.
733	*/
734	if (ifra->ifra_addr.sin6_family == AF_INET6 &&
735	/ Only check ifra_dstaddr if valid /
736	(ifra->ifra_dstaddr.sin6_len == `0` \|\|
737	ifra->ifra_dstaddr.sin6_family == AF_INET6)) {
738	/ some interfaces may provide LinkLocal addresses /
739	error = in6_ifattach_aliasreq(ifp, NULL, ifra);
740	} else {
741	error = in6_ifattach_aliasreq(ifp, NULL, NULL);
742	}
743	if (error == `0`)
744	in6_if_up_dad_start(ifp);
745	break;
746
747	default:
748	VERIFY(`0`);
749	/ NOTREACHED /
750	}
751
752	return (error);
753	}
754
755	static __attribute__((noinline)) int
756	in6ctl_llstop(struct ifnet *ifp)
757	{
758	struct in6_ifaddr *ia;
759	struct nd_prefix pr0, *pr;
760
761	VERIFY(ifp != NULL);
762
763	/ Remove link local addresses from interface /
764	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
765	ia = in6_ifaddrs;
766	while (ia != NULL) {
767	if (ia->ia_ifa.ifa_ifp != ifp) {
768	ia = ia->ia_next;
769	continue;
770	}
771	IFA_LOCK(&ia->ia_ifa);
772	if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
773	IFA_ADDREF_LOCKED(&ia->ia_ifa); / for us /
774	IFA_UNLOCK(&ia->ia_ifa);
775	lck_rw_done(&in6_ifaddr_rwlock);
776	in6_purgeaddr(&ia->ia_ifa);
777	IFA_REMREF(&ia->ia_ifa); / for us /
778	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
779	/*
780	* Purging the address caused in6_ifaddr_rwlock
781	* to be dropped and reacquired;
782	* therefore search again from the beginning
783	* of in6_ifaddrs list.
784	*/
785	ia = in6_ifaddrs;
786	continue;
787	}
788	IFA_UNLOCK(&ia->ia_ifa);
789	ia = ia->ia_next;
790	}
791	lck_rw_done(&in6_ifaddr_rwlock);
792
793	/ Delete the link local prefix /
794	bzero(&pr0, sizeof(pr0));
795	pr0.ndpr_plen = `64`;
796	pr0.ndpr_ifp = ifp;
797	pr0.ndpr_prefix.sin6_addr.s6_addr16[`0`] = IPV6_ADDR_INT16_ULL;
798	in6_setscope(&pr0.ndpr_prefix.sin6_addr, ifp, NULL);
799	pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC);
800	if (pr) {
801	lck_mtx_lock(nd6_mutex);
802	NDPR_LOCK(pr);
803	prelist_remove(pr);
804	NDPR_UNLOCK(pr);
805	NDPR_REMREF(pr); / Drop the reference from lookup /
806	lck_mtx_unlock(nd6_mutex);
807	}
808
809	return (`0`);
810	}
811
812	/*
813	* This routine configures secure link local address
814	*/
815	static __attribute__((noinline)) int
816	in6ctl_cgastart(struct ifnet *ifp, u_long cmd, caddr_t data)
817	{
818	struct in6_cgareq llcgasr;
819	int is64, error = `0`;
820
821	VERIFY(ifp != NULL);
822
823	switch (cmd) {
824	case SIOCLL_CGASTART_32: / struct in6_cgareq_32 /
825	case SIOCLL_CGASTART_64: / struct in6_cgareq_64 /
826	is64 = (cmd == SIOCLL_CGASTART_64);
827	/*
828	* Convert user cgareq to the kernel form, when appropriate.
829	* This allows the conversion between different data models
830	* to be centralized, so that it can be passed around to other
831	* routines that are expecting the kernel form.
832	*/
833	in6_cgareq_to_native(data, is64, &llcgasr);
834
835	/*
836	* NOTE: All the interface specific DLIL attachements
837	* should be done here. They are currently done in
838	* in6_ifattach_cgareq() for the interfaces that
839	* need it.
840	*/
841	error = in6_ifattach_llcgareq(ifp, &llcgasr);
842	if (error == `0`)
843	in6_if_up_dad_start(ifp);
844	break;
845
846	default:
847	VERIFY(`0`);
848	/ NOTREACHED /
849	}
850
851	return (error);
852	}
853
854	/*
855	* Caller passes in the ioctl data pointer directly via "ifr", with the
856	* expectation that this routine always uses bcopy() or other byte-aligned
857	* memory accesses.
858	*/
859	static __attribute__((noinline)) int
860	in6ctl_gifaddr(struct ifnet ifp, struct* in6_ifaddr *ia, u_long cmd,
861	struct in6_ifreq *ifr)
862	{
863	struct sockaddr_in6 addr;
864	int error = `0`;
865
866	VERIFY(ifp != NULL);
867
868	if (ia == NULL)
869	return (EADDRNOTAVAIL);
870
871	switch (cmd) {
872	case SIOCGIFADDR_IN6: / struct in6_ifreq /
873	IFA_LOCK(&ia->ia_ifa);
874	bcopy(&ia->ia_addr, &addr, sizeof (addr));
875	IFA_UNLOCK(&ia->ia_ifa);
876	if ((error = sa6_recoverscope(&addr, TRUE)) != `0`)
877	break;
878	bcopy(&addr, &ifr->ifr_addr, sizeof (addr));
879	break;
880
881	case SIOCGIFDSTADDR_IN6: / struct in6_ifreq /
882	if (!(ifp->if_flags & IFF_POINTOPOINT)) {
883	error = EINVAL;
884	break;
885	}
886	/*
887	* XXX: should we check if ifa_dstaddr is NULL and return
888	* an error?
889	*/
890	IFA_LOCK(&ia->ia_ifa);
891	bcopy(&ia->ia_dstaddr, &addr, sizeof (addr));
892	IFA_UNLOCK(&ia->ia_ifa);
893	if ((error = sa6_recoverscope(&addr, TRUE)) != `0`)
894	break;
895	bcopy(&addr, &ifr->ifr_dstaddr, sizeof (addr));
896	break;
897
898	default:
899	VERIFY(`0`);
900	/ NOTREACHED /
901	}
902
903	return (error);
904	}
905
906	/*
907	* Caller passes in the ioctl data pointer directly via "ifr", with the
908	* expectation that this routine always uses bcopy() or other byte-aligned
909	* memory accesses.
910	*/
911	static __attribute__((noinline)) int
912	in6ctl_gifstat(struct ifnet ifp, u_long cmd, struct* in6_ifreq *ifr)
913	{
914	int error = `0`, index;
915
916	VERIFY(ifp != NULL);
917	index = ifp->if_index;
918
919	switch (cmd) {
920	case SIOCGIFSTAT_IN6: / struct in6_ifreq /
921	/ N.B.: if_inet6data is never freed once set. /
922	if (IN6_IFEXTRA(ifp) == NULL) {
923	/ return (EAFNOSUPPORT)? /
924	bzero(&ifr->ifr_ifru.ifru_stat,
925	sizeof (ifr->ifr_ifru.ifru_stat));
926	} else {
927	bcopy(&IN6_IFEXTRA(ifp)->in6_ifstat,
928	&ifr->ifr_ifru.ifru_stat,
929	sizeof (ifr->ifr_ifru.ifru_stat));
930	}
931	break;
932
933	case SIOCGIFSTAT_ICMP6: / struct in6_ifreq /
934	/ N.B.: if_inet6data is never freed once set. /
935	if (IN6_IFEXTRA(ifp) == NULL) {
936	/ return (EAFNOSUPPORT)? /
937	bzero(&ifr->ifr_ifru.ifru_icmp6stat,
938	sizeof (ifr->ifr_ifru.ifru_icmp6stat));
939	} else {
940	bcopy(&IN6_IFEXTRA(ifp)->icmp6_ifstat,
941	&ifr->ifr_ifru.ifru_icmp6stat,
942	sizeof (ifr->ifr_ifru.ifru_icmp6stat));
943	}
944	break;
945
946	default:
947	VERIFY(`0`);
948	/ NOTREACHED /
949	}
950
951	return (error);
952	}
953
954	/*
955	* Caller passes in the ioctl data pointer directly via "ifr", with the
956	* expectation that this routine always uses bcopy() or other byte-aligned
957	* memory accesses.
958	*/
959	static __attribute__((noinline)) int
960	in6ctl_alifetime(struct in6_ifaddr ia, u_long cmd, struct* in6_ifreq *ifr,
961	boolean_t p64)
962	{
963	uint64_t timenow = net_uptime();
964	struct in6_addrlifetime ia6_lt;
965	struct timeval caltime;
966	int error = `0`;
967
968	if (ia == NULL)
969	return (EADDRNOTAVAIL);
970
971	switch (cmd) {
972	case SIOCGIFALIFETIME_IN6: / struct in6_ifreq /
973	IFA_LOCK(&ia->ia_ifa);
974	/ retrieve time as calendar time (last arg is 1) /
975	in6ifa_getlifetime(ia, &ia6_lt, `1`);
976	if (p64) {
977	struct in6_addrlifetime_64 lt;
978
979	bzero(&lt, sizeof (lt));
980	lt.ia6t_expire = ia6_lt.ia6t_expire;
981	lt.ia6t_preferred = ia6_lt.ia6t_preferred;
982	lt.ia6t_vltime = ia6_lt.ia6t_vltime;
983	lt.ia6t_pltime = ia6_lt.ia6t_pltime;
984	bcopy(&lt, &ifr->ifr_ifru.ifru_lifetime, sizeof (lt));
985	} else {
986	struct in6_addrlifetime_32 lt;
987
988	bzero(&lt, sizeof (lt));
989	lt.ia6t_expire = (uint32_t)ia6_lt.ia6t_expire;
990	lt.ia6t_preferred = (uint32_t)ia6_lt.ia6t_preferred;
991	lt.ia6t_vltime = (uint32_t)ia6_lt.ia6t_vltime;
992	lt.ia6t_pltime = (uint32_t)ia6_lt.ia6t_pltime;
993	bcopy(&lt, &ifr->ifr_ifru.ifru_lifetime, sizeof (lt));
994	}
995	IFA_UNLOCK(&ia->ia_ifa);
996	break;
997
998	case SIOCSIFALIFETIME_IN6: / struct in6_ifreq /
999	getmicrotime(&caltime);
1000
1001	/ sanity for overflow - beware unsigned /
1002	if (p64) {
1003	struct in6_addrlifetime_64 lt;
1004
1005	bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof (lt));
1006	if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1007	lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1008	error = EINVAL;
1009	break;
1010	}
1011	if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1012	lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1013	error = EINVAL;
1014	break;
1015	}
1016	} else {
1017	struct in6_addrlifetime_32 lt;
1018
1019	bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof (lt));
1020	if (lt.ia6t_vltime != ND6_INFINITE_LIFETIME &&
1021	lt.ia6t_vltime + caltime.tv_sec < caltime.tv_sec) {
1022	error = EINVAL;
1023	break;
1024	}
1025	if (lt.ia6t_pltime != ND6_INFINITE_LIFETIME &&
1026	lt.ia6t_pltime + caltime.tv_sec < caltime.tv_sec) {
1027	error = EINVAL;
1028	break;
1029	}
1030	}
1031
1032	IFA_LOCK(&ia->ia_ifa);
1033	if (p64) {
1034	struct in6_addrlifetime_64 lt;
1035
1036	bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof (lt));
1037	ia6_lt.ia6t_expire = lt.ia6t_expire;
1038	ia6_lt.ia6t_preferred = lt.ia6t_preferred;
1039	ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1040	ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1041	} else {
1042	struct in6_addrlifetime_32 lt;
1043
1044	bcopy(&ifr->ifr_ifru.ifru_lifetime, &lt, sizeof (lt));
1045	ia6_lt.ia6t_expire = (uint32_t)lt.ia6t_expire;
1046	ia6_lt.ia6t_preferred = (uint32_t)lt.ia6t_preferred;
1047	ia6_lt.ia6t_vltime = lt.ia6t_vltime;
1048	ia6_lt.ia6t_pltime = lt.ia6t_pltime;
1049	}
1050	/ for sanity /
1051	if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME)
1052	ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
1053	else
1054	ia6_lt.ia6t_expire = `0`;
1055
1056	if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME)
1057	ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
1058	else
1059	ia6_lt.ia6t_preferred = `0`;
1060
1061	in6ifa_setlifetime(ia, &ia6_lt);
1062	IFA_UNLOCK(&ia->ia_ifa);
1063	break;
1064
1065	default:
1066	VERIFY(`0`);
1067	/ NOTREACHED /
1068	}
1069
1070	return (error);
1071	}
1072
1073	static int
1074	in6ctl_clat46start(struct ifnet *ifp)
1075	{
1076	struct nd_prefix *pr = NULL;
1077	struct nd_prefix *next = NULL;
1078	struct in6_ifaddr *ia6 = NULL;
1079	int error = `0`;
1080
1081	if (ifp == lo_ifp)
1082	return (EINVAL);
1083	/*
1084	* Traverse the list of prefixes and find the first non-linklocal
1085	* prefix on the interface.
1086	* For that found eligible prefix, configure a CLAT46 reserved address.
1087	*/
1088	lck_mtx_lock(nd6_mutex);
1089	for (pr = nd_prefix.lh_first; pr; pr = next) {
1090	next = pr->ndpr_next;
1091
1092	NDPR_LOCK(pr);
1093	if (pr->ndpr_ifp != ifp) {
1094	NDPR_UNLOCK(pr);
1095	continue;
1096	}
1097
1098	if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
1099	NDPR_UNLOCK(pr);
1100	continue; / XXX /
1101	}
1102
1103	if (pr->ndpr_raf_auto == `0`) {
1104	NDPR_UNLOCK(pr);
1105	continue;
1106	}
1107
1108	if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
1109	NDPR_UNLOCK(pr);
1110	continue;
1111	}
1112
1113	if ((pr->ndpr_stateflags & NDPRF_CLAT46) == `0`
1114	&& pr->ndpr_vltime != `0`) {
1115	NDPR_ADDREF_LOCKED(pr); / Take reference for rest of the processing /
1116	NDPR_UNLOCK(pr);
1117	break;
1118	} else {
1119	NDPR_UNLOCK(pr);
1120	continue;
1121	}
1122	}
1123	lck_mtx_unlock(nd6_mutex);
1124
1125	if (pr != NULL) {
1126	if ((ia6 = in6_pfx_newpersistaddr(pr, FALSE, &error, TRUE)) == NULL) {
1127	nd6log0((LOG_ERR, "Could not configure CLAT46 address on interface "
1128	"%s.\n", ifp->if_xname));
1129	} else {
1130	IFA_LOCK(&ia6->ia_ifa);
1131	NDPR_LOCK(pr);
1132	ia6->ia6_ndpr = pr;
1133	NDPR_ADDREF_LOCKED(pr); / for addr reference /
1134	pr->ndpr_stateflags \|= NDPRF_CLAT46;
1135	pr->ndpr_addrcnt++;
1136	VERIFY(pr->ndpr_addrcnt != `0`);
1137	NDPR_UNLOCK(pr);
1138	IFA_UNLOCK(&ia6->ia_ifa);
1139	IFA_REMREF(&ia6->ia_ifa);
1140	ia6 = NULL;
1141	/*
1142	* A newly added address might affect the status
1143	* of other addresses, so we check and update it.
1144	* XXX: what if address duplication happens?
1145	*/
1146	lck_mtx_lock(nd6_mutex);
1147	pfxlist_onlink_check();
1148	lck_mtx_unlock(nd6_mutex);
1149	}
1150	NDPR_REMREF(pr);
1151	}
1152	return (error);
1153	}
1154
1155	#define ifa2ia6(ifa) ((struct in6_ifaddr )(void )(ifa))
1156
1157	/*
1158	* Generic INET6 control operations (ioctl's).
1159	*
1160	* ifp is NULL if not an interface-specific ioctl.
1161	*
1162	* Most of the routines called to handle the ioctls would end up being
1163	* tail-call optimized, which unfortunately causes this routine to
1164	* consume too much stack space; this is the reason for the "noinline"
1165	* attribute used on those routines.
1166	*
1167	* If called directly from within the networking stack (as opposed to via
1168	* pru_control), the socket parameter may be NULL.
1169	*/
1170	int
1171	in6_control(struct socket so, u_long cmd, caddr_t data, struct* ifnet *ifp,
1172	struct proc *p)
1173	{
1174	struct in6_ifreq ifr = (struct* in6_ifreq )(void* *)data;
1175	struct in6_aliasreq sifra, *ifra = NULL;
1176	struct in6_ifaddr *ia = NULL;
1177	struct sockaddr_in6 sin6, *sa6 = NULL;
1178	boolean_t privileged = (proc_suser(p) == `0`);
1179	boolean_t p64 = proc_is64bit(p);
1180	boolean_t so_unlocked = FALSE;
1181	int intval, error = `0`;
1182
1183	/ In case it's NULL, make sure it came from the kernel /
1184	VERIFY(so != NULL \|\| p == kernproc);
1185
1186	/*
1187	* ioctls which don't require ifp, may require socket.
1188	*/
1189	switch (cmd) {
1190	case SIOCAADDRCTL_POLICY: / struct in6_addrpolicy /
1191	case SIOCDADDRCTL_POLICY: / struct in6_addrpolicy /
1192	if (!privileged)
1193	return (EPERM);
1194	return (in6_src_ioctl(cmd, data));
1195	/ NOTREACHED /
1196
1197	case SIOCDRADD_IN6_32: / struct in6_defrouter_32 /
1198	case SIOCDRADD_IN6_64: / struct in6_defrouter_64 /
1199	case SIOCDRDEL_IN6_32: / struct in6_defrouter_32 /
1200	case SIOCDRDEL_IN6_64: / struct in6_defrouter_64 /
1201	if (!privileged)
1202	return (EPERM);
1203	return (defrtrlist_ioctl(cmd, data));
1204	/ NOTREACHED /
1205
1206	case SIOCGASSOCIDS32: / struct so_aidreq32 /
1207	case SIOCGASSOCIDS64: / struct so_aidreq64 /
1208	return (in6ctl_associd(so, cmd, data));
1209	/ NOTREACHED /
1210
1211	case SIOCGCONNIDS32: / struct so_cidreq32 /
1212	case SIOCGCONNIDS64: / struct so_cidreq64 /
1213	return (in6ctl_connid(so, cmd, data));
1214	/ NOTREACHED /
1215
1216	case SIOCGCONNINFO32: / struct so_cinforeq32 /
1217	case SIOCGCONNINFO64: / struct so_cinforeq64 /
1218	return (in6ctl_conninfo(so, cmd, data));
1219	/ NOTREACHED /
1220	}
1221
1222	/*
1223	* The rest of ioctls require ifp; reject if we don't have one;
1224	* return ENXIO to be consistent with ifioctl().
1225	*/
1226	if (ifp == NULL)
1227	return (ENXIO);
1228
1229	/*
1230	* Unlock the socket since ifnet_ioctl() may be invoked by
1231	* one of the ioctl handlers below. Socket will be re-locked
1232	* prior to returning.
1233	*/
1234	if (so != NULL) {
1235	socket_unlock(so, `0`);
1236	so_unlocked = TRUE;
1237	}
1238
1239	/*
1240	* ioctls which require ifp but not interface address.
1241	*/
1242	switch (cmd) {
1243	case SIOCAUTOCONF_START: / struct in6_ifreq /
1244	if (!privileged) {
1245	error = EPERM;
1246	goto done;
1247	}
1248	error = in6_autoconf(ifp, TRUE);
1249	goto done;
1250
1251	case SIOCAUTOCONF_STOP: / struct in6_ifreq /
1252	if (!privileged) {
1253	error = EPERM;
1254	goto done;
1255	}
1256	error = in6_autoconf(ifp, FALSE);
1257	goto done;
1258
1259	case SIOCLL_START_32: / struct in6_aliasreq_32 /
1260	case SIOCLL_START_64: / struct in6_aliasreq_64 /
1261	if (!privileged) {
1262	error = EPERM;
1263	goto done;
1264	}
1265	error = in6ctl_llstart(ifp, cmd, data);
1266	goto done;
1267
1268	case SIOCLL_STOP: / struct in6_ifreq /
1269	if (!privileged) {
1270	error = EPERM;
1271	goto done;
1272	}
1273	error = in6ctl_llstop(ifp);
1274	goto done;
1275
1276	case SIOCCLAT46_START: / struct in6_ifreq /
1277	if (!privileged) {
1278	error = EPERM;
1279	goto done;
1280	}
1281	error = in6ctl_clat46start(ifp);
1282	if (error == `0`)
1283	ifp->if_eflags \|= IFEF_CLAT46;
1284	goto done;
1285
1286	case SIOCCLAT46_STOP: / struct in6_ifreq /
1287	if (!privileged) {
1288	error = EPERM;
1289	goto done;
1290	}
1291
1292	/*
1293	* Not much to be done here and it might not be needed
1294	* It would usually be done when IPv6 configuration is being
1295	* flushed.
1296	* XXX Probably STOP equivalent is not needed here.
1297	*/
1298	ifp->if_eflags &= ~IFEF_CLAT46;
1299	goto done;
1300	case SIOCSETROUTERMODE_IN6: / struct in6_ifreq /
1301	if (!privileged) {
1302	error = EPERM;
1303	goto done;
1304	}
1305	bcopy(&((struct in6_ifreq )(void* *)data)->ifr_intval,
1306	&intval, sizeof (intval));
1307
1308	error = in6_setrouter(ifp, intval);
1309	goto done;
1310
1311	case SIOCPROTOATTACH_IN6_32: / struct in6_aliasreq_32 /
1312	case SIOCPROTOATTACH_IN6_64: / struct in6_aliasreq_64 /
1313	if (!privileged) {
1314	error = EPERM;
1315	goto done;
1316	}
1317	error = in6_domifattach(ifp);
1318	goto done;
1319
1320	case SIOCPROTODETACH_IN6: / struct in6_ifreq /
1321	if (!privileged) {
1322	error = EPERM;
1323	goto done;
1324	}
1325	/ Cleanup interface routes and addresses /
1326	in6_purgeif(ifp);
1327
1328	if ((error = proto_unplumb(PF_INET6, ifp)))
1329	log(LOG_ERR, "SIOCPROTODETACH_IN6: %s error=%d\n",
1330	if_name(ifp), error);
1331	goto done;
1332
1333	case SIOCSNDFLUSH_IN6: / struct in6_ifreq /
1334	case SIOCSPFXFLUSH_IN6: / struct in6_ifreq /
1335	case SIOCSRTRFLUSH_IN6: / struct in6_ifreq /
1336	case SIOCSDEFIFACE_IN6_32: / struct in6_ndifreq_32 /
1337	case SIOCSDEFIFACE_IN6_64: / struct in6_ndifreq_64 /
1338	case SIOCSIFINFO_FLAGS: / struct in6_ndireq /
1339	case SIOCGIFCGAPREP_IN6: / struct in6_ifreq /
1340	case SIOCSIFCGAPREP_IN6: / struct in6_ifreq /
1341	if (!privileged) {
1342	error = EPERM;
1343	goto done;
1344	}
1345	/ FALLTHRU /
1346	case OSIOCGIFINFO_IN6: / struct in6_ondireq /
1347	case SIOCGIFINFO_IN6: / struct in6_ondireq /
1348	case SIOCGDRLST_IN6_32: / struct in6_drlist_32 /
1349	case SIOCGDRLST_IN6_64: / struct in6_drlist_64 /
1350	case SIOCGPRLST_IN6_32: / struct in6_prlist_32 /
1351	case SIOCGPRLST_IN6_64: / struct in6_prlist_64 /
1352	case SIOCGNBRINFO_IN6_32: / struct in6_nbrinfo_32 /
1353	case SIOCGNBRINFO_IN6_64: / struct in6_nbrinfo_64 /
1354	case SIOCGDEFIFACE_IN6_32: / struct in6_ndifreq_32 /
1355	case SIOCGDEFIFACE_IN6_64: / struct in6_ndifreq_64 /
1356	error = nd6_ioctl(cmd, data, ifp);
1357	goto done;
1358
1359	case SIOCSIFPREFIX_IN6: / struct in6_prefixreq (deprecated) /
1360	case SIOCDIFPREFIX_IN6: / struct in6_prefixreq (deprecated) /
1361	case SIOCAIFPREFIX_IN6: / struct in6_rrenumreq (deprecated) /
1362	case SIOCCIFPREFIX_IN6: / struct in6_rrenumreq (deprecated) /
1363	case SIOCSGIFPREFIX_IN6: / struct in6_rrenumreq (deprecated) /
1364	case SIOCGIFPREFIX_IN6: / struct in6_prefixreq (deprecated) /
1365	log(LOG_NOTICE,
1366	"prefix ioctls are now invalidated. "
1367	"please use ifconfig.\n");
1368	error = EOPNOTSUPP;
1369	goto done;
1370
1371	case SIOCSSCOPE6: / struct in6_ifreq (deprecated) /
1372	case SIOCGSCOPE6: / struct in6_ifreq (deprecated) /
1373	case SIOCGSCOPE6DEF: / struct in6_ifreq (deprecated) /
1374	error = EOPNOTSUPP;
1375	goto done;
1376
1377	case SIOCLL_CGASTART_32: / struct in6_cgareq_32 /
1378	case SIOCLL_CGASTART_64: / struct in6_cgareq_64 /
1379	if (!privileged)
1380	error = EPERM;
1381	else
1382	error = in6ctl_cgastart(ifp, cmd, data);
1383	goto done;
1384
1385	case SIOCGIFSTAT_IN6: / struct in6_ifreq /
1386	case SIOCGIFSTAT_ICMP6: / struct in6_ifreq /
1387	error = in6ctl_gifstat(ifp, cmd, ifr);
1388	goto done;
1389	}
1390
1391	/*
1392	* ioctls which require interface address; obtain sockaddr_in6.
1393	*/
1394	switch (cmd) {
1395	case SIOCSIFADDR_IN6: / struct in6_ifreq (deprecated) /
1396	case SIOCSIFDSTADDR_IN6: / struct in6_ifreq (deprecated) /
1397	case SIOCSIFNETMASK_IN6: / struct in6_ifreq (deprecated) /
1398	/*
1399	* Since IPv6 allows a node to assign multiple addresses
1400	* on a single interface, SIOCSIFxxx ioctls are deprecated.
1401	*/
1402	/ we decided to obsolete this command (20000704) /
1403	error = EOPNOTSUPP;
1404	goto done;
1405
1406	case SIOCAIFADDR_IN6_32: / struct in6_aliasreq_32 /
1407	case SIOCAIFADDR_IN6_64: / struct in6_aliasreq_64 /
1408	if (!privileged) {
1409	error = EPERM;
1410	goto done;
1411	}
1412	/*
1413	* Convert user ifra to the kernel form, when appropriate.
1414	* This allows the conversion between different data models
1415	* to be centralized, so that it can be passed around to other
1416	* routines that are expecting the kernel form.
1417	*/
1418	ifra = in6_aliasreq_to_native(data,
1419	(cmd == SIOCAIFADDR_IN6_64), &sifra);
1420	bcopy(&ifra->ifra_addr, &sin6, sizeof (sin6));
1421	sa6 = &sin6;
1422	break;
1423
1424	case SIOCDIFADDR_IN6: / struct in6_ifreq /
1425	case SIOCSIFALIFETIME_IN6: / struct in6_ifreq /
1426	if (!privileged) {
1427	error = EPERM;
1428	goto done;
1429	}
1430	/ FALLTHRU /
1431	case SIOCGIFADDR_IN6: / struct in6_ifreq /
1432	case SIOCGIFDSTADDR_IN6: / struct in6_ifreq /
1433	case SIOCGIFNETMASK_IN6: / struct in6_ifreq /
1434	case SIOCGIFAFLAG_IN6: / struct in6_ifreq /
1435	case SIOCGIFALIFETIME_IN6: / struct in6_ifreq /
1436	bcopy(&ifr->ifr_addr, &sin6, sizeof (sin6));
1437	sa6 = &sin6;
1438	break;
1439	case SIOCGIFDSTADDR:
1440	case SIOCSIFDSTADDR:
1441	case SIOCGIFBRDADDR:
1442	case SIOCSIFBRDADDR:
1443	case SIOCGIFNETMASK:
1444	case SIOCSIFNETMASK:
1445	case SIOCGIFADDR:
1446	case SIOCSIFADDR:
1447	case SIOCAIFADDR:
1448	case SIOCDIFADDR:
1449	/ Do not handle these AF_INET commands in AF_INET6 path /
1450	error = EINVAL;
1451	goto done;
1452	}
1453
1454	/*
1455	* Find address for this interface, if it exists.
1456	*
1457	* In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
1458	* only, and used the first interface address as the target of other
1459	* operations (without checking ifra_addr). This was because netinet
1460	* code/API assumed at most 1 interface address per interface.
1461	* Since IPv6 allows a node to assign multiple addresses
1462	* on a single interface, we almost always look and check the
1463	* presence of ifra_addr, and reject invalid ones here.
1464	* It also decreases duplicated code among SIOC*_IN6 operations.
1465	*/
1466	VERIFY(ia == NULL);
1467	if (sa6 != NULL && sa6->sin6_family == AF_INET6) {
1468	if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
1469	if (sa6->sin6_addr.s6_addr16[`1`] == `0`) {
1470	/ link ID is not embedded by the user /
1471	sa6->sin6_addr.s6_addr16[`1`] =
1472	htons(ifp->if_index);
1473	} else if (sa6->sin6_addr.s6_addr16[`1`] !=
1474	htons(ifp->if_index)) {
1475	error = EINVAL; / link ID contradicts /
1476	goto done;
1477	}
1478	if (sa6->sin6_scope_id) {
1479	if (sa6->sin6_scope_id !=
1480	(u_int32_t)ifp->if_index) {
1481	error = EINVAL;
1482	goto done;
1483	}
1484	sa6->sin6_scope_id = `0`; / XXX: good way? /
1485	}
1486	}
1487	/*
1488	* Any failures from this point on must take into account
1489	* a non-NULL "ia" with an outstanding reference count, and
1490	* therefore requires IFA_REMREF. Jump to "done" label
1491	* instead of calling return if "ia" is valid.
1492	*/
1493	ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
1494	}
1495
1496	/*
1497	* SIOCDIFADDR_IN6/SIOCAIFADDR_IN6 specific tests.
1498	*/
1499	switch (cmd) {
1500	case SIOCDIFADDR_IN6: / struct in6_ifreq /
1501	if (ia == NULL) {
1502	error = EADDRNOTAVAIL;
1503	goto done;
1504	}
1505	/ FALLTHROUGH /
1506	case SIOCAIFADDR_IN6_32: / struct in6_aliasreq_32 /
1507	case SIOCAIFADDR_IN6_64: / struct in6_aliasreq_64 /
1508	VERIFY(sa6 != NULL);
1509	/*
1510	* We always require users to specify a valid IPv6 address for
1511	* the corresponding operation. Use "sa6" instead of "ifra"
1512	* since SIOCDIFADDR_IN6 falls thru above.
1513	*/
1514	if (sa6->sin6_family != AF_INET6 \|\|
1515	sa6->sin6_len != sizeof (struct sockaddr_in6)) {
1516	error = EAFNOSUPPORT;
1517	goto done;
1518	}
1519	break;
1520	}
1521
1522	/*
1523	* And finally process address-related ioctls.
1524	*/
1525	switch (cmd) {
1526	case SIOCGIFADDR_IN6: / struct in6_ifreq /
1527	/ This interface is basically deprecated. use SIOCGIFCONF. /
1528	/ FALLTHRU /
1529	case SIOCGIFDSTADDR_IN6: / struct in6_ifreq /
1530	error = in6ctl_gifaddr(ifp, ia, cmd, ifr);
1531	break;
1532
1533	case SIOCGIFNETMASK_IN6: / struct in6_ifreq /
1534	if (ia != NULL) {
1535	IFA_LOCK(&ia->ia_ifa);
1536	bcopy(&ia->ia_prefixmask, &ifr->ifr_addr,
1537	sizeof (struct sockaddr_in6));
1538	IFA_UNLOCK(&ia->ia_ifa);
1539	} else {
1540	error = EADDRNOTAVAIL;
1541	}
1542	break;
1543
1544	case SIOCGIFAFLAG_IN6: / struct in6_ifreq /
1545	if (ia != NULL) {
1546	IFA_LOCK(&ia->ia_ifa);
1547	bcopy(&ia->ia6_flags, &ifr->ifr_ifru.ifru_flags6,
1548	sizeof (ifr->ifr_ifru.ifru_flags6));
1549	IFA_UNLOCK(&ia->ia_ifa);
1550	} else {
1551	error = EADDRNOTAVAIL;
1552	}
1553	break;
1554
1555	case SIOCGIFALIFETIME_IN6: / struct in6_ifreq /
1556	case SIOCSIFALIFETIME_IN6: / struct in6_ifreq /
1557	error = in6ctl_alifetime(ia, cmd, ifr, p64);
1558	break;
1559
1560	case SIOCAIFADDR_IN6_32: / struct in6_aliasreq_32 /
1561	case SIOCAIFADDR_IN6_64: / struct in6_aliasreq_64 /
1562	error = in6ctl_aifaddr(ifp, ifra);
1563	break;
1564
1565	case SIOCDIFADDR_IN6:
1566	in6ctl_difaddr(ifp, ia);
1567	break;
1568
1569	default:
1570	error = ifnet_ioctl(ifp, PF_INET6, cmd, data);
1571	break;
1572	}
1573
1574	done:
1575	if (ia != NULL)
1576	IFA_REMREF(&ia->ia_ifa);
1577	if (so_unlocked)
1578	socket_lock(so, `0`);
1579
1580	return (error);
1581	}
1582
1583	static __attribute__((noinline)) int
1584	in6ctl_aifaddr(struct ifnet ifp, struct* in6_aliasreq *ifra)
1585	{
1586	int i, error, addtmp, plen;
1587	struct nd_prefix pr0, *pr;
1588	struct in6_ifaddr *ia;
1589
1590	VERIFY(ifp != NULL && ifra != NULL);
1591	ia = NULL;
1592
1593	/ Attempt to attach the protocol, in case it isn't attached /
1594	error = in6_domifattach(ifp);
1595	if (error == `0`) {
1596	/ PF_INET6 wasn't previously attached /
1597	error = in6_ifattach_aliasreq(ifp, NULL, NULL);
1598	if (error != `0`)
1599	goto done;
1600
1601	in6_if_up_dad_start(ifp);
1602	} else if (error != EEXIST) {
1603	goto done;
1604	}
1605
1606	/*
1607	* First, make or update the interface address structure, and link it
1608	* to the list.
1609	*/
1610	error = in6_update_ifa(ifp, ifra, `0`, &ia);
1611	if (error != `0`)
1612	goto done;
1613	VERIFY(ia != NULL);
1614
1615	/ Now, make the prefix on-link on the interface. /
1616	plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
1617	if (plen == `128`)
1618	goto done;
1619
1620	/*
1621	* NOTE: We'd rather create the prefix before the address, but we need
1622	* at least one address to install the corresponding interface route,
1623	* so we configure the address first.
1624	*/
1625
1626	/*
1627	* Convert mask to prefix length (prefixmask has already been validated
1628	* in in6_update_ifa().
1629	*/
1630	bzero(&pr0, sizeof (pr0));
1631	pr0.ndpr_plen = plen;
1632	pr0.ndpr_ifp = ifp;
1633	pr0.ndpr_prefix = ifra->ifra_addr;
1634	pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
1635
1636	/ apply the mask for safety. /
1637	for (i = `0`; i < `4`; i++) {
1638	pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1639	ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
1640	}
1641
1642	/*
1643	* Since we don't have an API to set prefix (not address) lifetimes, we
1644	* just use the same lifetimes as addresses. The (temporarily)
1645	* installed lifetimes can be overridden by later advertised RAs (when
1646	* accept_rtadv is non 0), which is an intended behavior.
1647	*/
1648	pr0.ndpr_raf_onlink = `1`; / should be configurable? /
1649	pr0.ndpr_raf_auto = !!(ifra->ifra_flags & IN6_IFF_AUTOCONF);
1650	pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
1651	pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
1652	pr0.ndpr_stateflags \|= NDPRF_STATIC;
1653	lck_mtx_init(&pr0.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
1654
1655	/ add the prefix if there's none. /
1656	if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_NEVER)) == NULL) {
1657	/*
1658	* nd6_prelist_add will install the corresponding interface
1659	* route.
1660	*/
1661	error = nd6_prelist_add(&pr0, NULL, &pr, FALSE);
1662	if (error != `0`)
1663	goto done;
1664
1665	if (pr == NULL) {
1666	log(LOG_ERR, "%s: nd6_prelist_add okay, but"
1667	" no prefix.\n", __func__);
1668	error = EINVAL;
1669	goto done;
1670	}
1671	}
1672
1673	IFA_LOCK(&ia->ia_ifa);
1674
1675	/ if this is a new autoconfed addr /
1676	addtmp = FALSE;
1677	if (ia->ia6_ndpr == NULL) {
1678	NDPR_LOCK(pr);
1679	++pr->ndpr_addrcnt;
1680	VERIFY(pr->ndpr_addrcnt != `0`);
1681	ia->ia6_ndpr = pr;
1682	NDPR_ADDREF_LOCKED(pr); / for addr reference /
1683
1684	/*
1685	* If this is the first autoconf address from the prefix,
1686	* create a temporary address as well (when specified).
1687	*/
1688	if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != `0` &&
1689	ip6_use_tempaddr &&
1690	pr->ndpr_addrcnt == `1`) {
1691	addtmp = true;
1692	}
1693	NDPR_UNLOCK(pr);
1694	}
1695
1696	IFA_UNLOCK(&ia->ia_ifa);
1697
1698	if (addtmp) {
1699	int e;
1700	e = in6_tmpifadd(ia, `1`);
1701	if (e != `0`)
1702	log(LOG_NOTICE, "%s: failed to create a"
1703	" temporary address, error=%d\n",
1704	__func__, e);
1705	}
1706
1707	/*
1708	* This might affect the status of autoconfigured addresses, that is,
1709	* this address might make other addresses detached.
1710	*/
1711	lck_mtx_lock(nd6_mutex);
1712	pfxlist_onlink_check();
1713	lck_mtx_unlock(nd6_mutex);
1714
1715	/ Drop use count held above during lookup/add /
1716	NDPR_REMREF(pr);
1717
1718	done:
1719	if (ia != NULL)
1720	IFA_REMREF(&ia->ia_ifa);
1721	return (error);
1722	}
1723
1724	static __attribute__((noinline)) void
1725	in6ctl_difaddr(struct ifnet ifp, struct* in6_ifaddr *ia)
1726	{
1727	int i = `0`;
1728	struct nd_prefix pr0, *pr;
1729
1730	VERIFY(ifp != NULL && ia != NULL);
1731
1732	/*
1733	* If the address being deleted is the only one that owns
1734	* the corresponding prefix, expire the prefix as well.
1735	* XXX: theoretically, we don't have to worry about such
1736	* relationship, since we separate the address management
1737	* and the prefix management. We do this, however, to provide
1738	* as much backward compatibility as possible in terms of
1739	* the ioctl operation.
1740	* Note that in6_purgeaddr() will decrement ndpr_addrcnt.
1741	*/
1742	IFA_LOCK(&ia->ia_ifa);
1743	bzero(&pr0, sizeof (pr0));
1744	pr0.ndpr_ifp = ifp;
1745	pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1746	if (pr0.ndpr_plen == `128`) {
1747	IFA_UNLOCK(&ia->ia_ifa);
1748	goto purgeaddr;
1749	}
1750	pr0.ndpr_prefix = ia->ia_addr;
1751	pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
1752	for (i = `0`; i < `4`; i++) {
1753	pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
1754	ia->ia_prefixmask.sin6_addr.s6_addr32[i];
1755	}
1756	IFA_UNLOCK(&ia->ia_ifa);
1757
1758	if ((pr = nd6_prefix_lookup(&pr0, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
1759	IFA_LOCK(&ia->ia_ifa);
1760	NDPR_LOCK(pr);
1761	if (pr->ndpr_addrcnt == `1`) {
1762	/ XXX: just for expiration /
1763	pr->ndpr_expire = `1`;
1764	}
1765	NDPR_UNLOCK(pr);
1766	IFA_UNLOCK(&ia->ia_ifa);
1767
1768	/ Drop use count held above during lookup /
1769	NDPR_REMREF(pr);
1770	}
1771
1772	purgeaddr:
1773	in6_purgeaddr(&ia->ia_ifa);
1774	}
1775
1776	static __attribute__((noinline)) int
1777	in6_autoconf(struct ifnet ifp, int* enable)
1778	{
1779	int error = `0`;
1780
1781	VERIFY(ifp != NULL);
1782
1783	if (ifp->if_flags & IFF_LOOPBACK)
1784	return (EINVAL);
1785
1786	if (enable) {
1787	/*
1788	* An interface in IPv6 router mode implies that it
1789	* is either configured with a static IP address or
1790	* autoconfigured via a locally-generated RA. Prevent
1791	* SIOCAUTOCONF_START from being set in that mode.
1792	*/
1793	ifnet_lock_exclusive(ifp);
1794	if (ifp->if_eflags & IFEF_IPV6_ROUTER) {
1795	ifp->if_eflags &= ~IFEF_ACCEPT_RTADV;
1796	error = EBUSY;
1797	} else {
1798	ifp->if_eflags \|= IFEF_ACCEPT_RTADV;
1799	}
1800	ifnet_lock_done(ifp);
1801	} else {
1802	struct in6_ifaddr *ia = NULL;
1803
1804	ifnet_lock_exclusive(ifp);
1805	ifp->if_eflags &= ~IFEF_ACCEPT_RTADV;
1806	ifnet_lock_done(ifp);
1807
1808	/ Remove autoconfigured address from interface /
1809	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1810	ia = in6_ifaddrs;
1811	while (ia != NULL) {
1812	if (ia->ia_ifa.ifa_ifp != ifp) {
1813	ia = ia->ia_next;
1814	continue;
1815	}
1816	IFA_LOCK(&ia->ia_ifa);
1817	if (ia->ia6_flags & IN6_IFF_AUTOCONF) {
1818	IFA_ADDREF_LOCKED(&ia->ia_ifa); / for us /
1819	IFA_UNLOCK(&ia->ia_ifa);
1820	lck_rw_done(&in6_ifaddr_rwlock);
1821	in6_purgeaddr(&ia->ia_ifa);
1822	IFA_REMREF(&ia->ia_ifa); / for us /
1823	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1824	/*
1825	* Purging the address caused in6_ifaddr_rwlock
1826	* to be dropped and reacquired;
1827	* therefore search again from the beginning
1828	* of in6_ifaddrs list.
1829	*/
1830	ia = in6_ifaddrs;
1831	continue;
1832	}
1833	IFA_UNLOCK(&ia->ia_ifa);
1834	ia = ia->ia_next;
1835	}
1836	lck_rw_done(&in6_ifaddr_rwlock);
1837	}
1838	return (error);
1839	}
1840
1841	/*
1842	* Handle SIOCSETROUTERMODE_IN6 to set or clear the IPv6 router mode flag on
1843	* the interface. Entering or exiting this mode will result in the removal of
1844	* autoconfigured IPv6 addresses on the interface.
1845	*/
1846	static __attribute__((noinline)) int
1847	in6_setrouter(struct ifnet ifp, int* enable)
1848	{
1849	VERIFY(ifp != NULL);
1850
1851	if (ifp->if_flags & IFF_LOOPBACK)
1852	return (ENODEV);
1853
1854	if (enable) {
1855	struct nd_ifinfo *ndi = NULL;
1856
1857	ndi = ND_IFINFO(ifp);
1858	if (ndi != NULL && ndi->initialized) {
1859	lck_mtx_lock(&ndi->lock);
1860	if (ndi->flags & ND6_IFF_PROXY_PREFIXES) {
1861	/ No proxy if we are an advertising router /
1862	ndi->flags &= ~ND6_IFF_PROXY_PREFIXES;
1863	lck_mtx_unlock(&ndi->lock);
1864	(void) nd6_if_prproxy(ifp, FALSE);
1865	} else {
1866	lck_mtx_unlock(&ndi->lock);
1867	}
1868	}
1869	}
1870
1871	ifnet_lock_exclusive(ifp);
1872	if (enable) {
1873	ifp->if_eflags \|= IFEF_IPV6_ROUTER;
1874	} else {
1875	ifp->if_eflags &= ~IFEF_IPV6_ROUTER;
1876	}
1877	ifnet_lock_done(ifp);
1878
1879	lck_mtx_lock(nd6_mutex);
1880	defrouter_select(ifp);
1881	lck_mtx_unlock(nd6_mutex);
1882
1883	if_allmulti(ifp, enable);
1884
1885	return (in6_autoconf(ifp, FALSE));
1886	}
1887
1888	static int
1889	in6_to_kamescope(struct sockaddr_in6 sin6, struct* ifnet *ifp)
1890	{
1891	struct sockaddr_in6 tmp;
1892	int error, id;
1893
1894	VERIFY(sin6 != NULL);
1895	tmp = *sin6;
1896
1897	error = in6_recoverscope(&tmp, &sin6->sin6_addr, ifp);
1898	if (error != `0`)
1899	return (error);
1900
1901	id = in6_addr2scopeid(ifp, &tmp.sin6_addr);
1902	if (tmp.sin6_scope_id == `0`)
1903	tmp.sin6_scope_id = id;
1904	else if (tmp.sin6_scope_id != id)
1905	return (EINVAL); / scope ID mismatch. /
1906
1907	error = in6_embedscope(&tmp.sin6_addr, &tmp, NULL, NULL, NULL);
1908	if (error != `0`)
1909	return (error);
1910
1911	tmp.sin6_scope_id = `0`;
1912	*sin6 = tmp;
1913	return (`0`);
1914	}
1915
1916	/*
1917	* When the address is being configured we should clear out certain flags
1918	* coming in from the caller.
1919	*/
1920	#define IN6_IFF_CLR_ADDR_FLAG_MASK (~(IN6_IFF_DEPRECATED \| IN6_IFF_DETACHED \| IN6_IFF_DUPLICATED))
1921
1922	static int
1923	in6_ifaupdate_aux(struct in6_ifaddr ia, struct* ifnet ifp, int* ifaupflags)
1924	{
1925	struct sockaddr_in6 mltaddr, mltmask;
1926	struct in6_addr llsol;
1927	struct ifaddr *ifa;
1928	struct in6_multi *in6m_sol;
1929	struct in6_multi_mship *imm;
1930	struct rtentry *rt;
1931	int delay, error = `0`;
1932
1933	VERIFY(ifp != NULL && ia != NULL);
1934	ifa = &ia->ia_ifa;
1935	in6m_sol = NULL;
1936
1937	nd6log2((LOG_DEBUG, "%s - %s ifp %s ia6_flags 0x%x ifaupflags 0x%x\n",
1938	__func__,
1939	ip6_sprintf(&ia->ia_addr.sin6_addr),
1940	if_name(ia->ia_ifp),
1941	ia->ia6_flags,
1942	ifaupflags));
1943
1944	/*
1945	* Just to be safe, always clear certain flags when address
1946	* is being configured
1947	*/
1948	ia->ia6_flags &= IN6_IFF_CLR_ADDR_FLAG_MASK;
1949
1950	/*
1951	* Mark the address as tentative before joining multicast addresses,
1952	* so that corresponding MLD responses would not have a tentative
1953	* source address.
1954	*/
1955	if (in6if_do_dad(ifp)) {
1956	in6_ifaddr_set_dadprogress(ia);
1957	/*
1958	* Do not delay sending neighbor solicitations when using optimistic
1959	* duplicate address detection, c.f. RFC 4429.
1960	*/
1961	if (ia->ia6_flags & IN6_IFF_OPTIMISTIC)
1962	ifaupflags &= ~IN6_IFAUPDATE_DADDELAY;
1963	else
1964	ifaupflags \|= IN6_IFAUPDATE_DADDELAY;
1965	} else {
1966	/*
1967	* If the interface has been marked to not perform
1968	* DAD, make sure to reset DAD in progress flags
1969	* that may come in from the caller.
1970	*/
1971	ia->ia6_flags &= ~IN6_IFF_DADPROGRESS;
1972	}
1973
1974	/ Join necessary multicast groups /
1975	if ((ifp->if_flags & IFF_MULTICAST) != `0`) {
1976
1977	/ join solicited multicast addr for new host id /
1978	bzero(&llsol, sizeof (struct in6_addr));
1979	llsol.s6_addr32[`0`] = IPV6_ADDR_INT32_MLL;
1980	llsol.s6_addr32[`1`] = `0`;
1981	llsol.s6_addr32[`2`] = htonl(`1`);
1982	llsol.s6_addr32[`3`] = ia->ia_addr.sin6_addr.s6_addr32[`3`];
1983	llsol.s6_addr8[`12`] = `0xff`;
1984	if ((error = in6_setscope(&llsol, ifp, NULL)) != `0`) {
1985	/ XXX: should not happen /
1986	log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
1987	goto unwind;
1988	}
1989	delay = `0`;
1990	if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
1991	/*
1992	* We need a random delay for DAD on the address
1993	* being configured. It also means delaying
1994	* transmission of the corresponding MLD report to
1995	* avoid report collision. [RFC 4862]
1996	*/
1997	delay = random() % MAX_RTR_SOLICITATION_DELAY;
1998	}
1999	imm = in6_joingroup(ifp, &llsol, &error, delay);
2000	if (imm == NULL) {
2001	nd6log((LOG_WARNING,
2002	"%s: addmulti failed for %s on %s (errno=%d)\n",
2003	__func__, ip6_sprintf(&llsol), if_name(ifp),
2004	error));
2005	VERIFY(error != `0`);
2006	goto unwind;
2007	}
2008	in6m_sol = imm->i6mm_maddr;
2009	/ take a refcount for this routine /
2010	IN6M_ADDREF(in6m_sol);
2011
2012	IFA_LOCK_SPIN(ifa);
2013	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2014	IFA_UNLOCK(ifa);
2015
2016	bzero(&mltmask, sizeof (mltmask));
2017	mltmask.sin6_len = sizeof (struct sockaddr_in6);
2018	mltmask.sin6_family = AF_INET6;
2019	mltmask.sin6_addr = in6mask32;
2020	#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */
2021
2022	/*
2023	* join link-local all-nodes address
2024	*/
2025	bzero(&mltaddr, sizeof (mltaddr));
2026	mltaddr.sin6_len = sizeof (struct sockaddr_in6);
2027	mltaddr.sin6_family = AF_INET6;
2028	mltaddr.sin6_addr = in6addr_linklocal_allnodes;
2029	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != `0`)
2030	goto unwind; / XXX: should not fail /
2031
2032	/*
2033	* XXX: do we really need this automatic routes?
2034	* We should probably reconsider this stuff. Most applications
2035	* actually do not need the routes, since they usually specify
2036	* the outgoing interface.
2037	*/
2038	rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, `0`, `0UL`,
2039	ia->ia_ifp->if_index);
2040	if (rt) {
2041	if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2042	(void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2043	rtfree(rt);
2044	rt = NULL;
2045	}
2046	}
2047	if (!rt) {
2048	error = rtrequest_scoped(RTM_ADD,
2049	(struct sockaddr *)&mltaddr,
2050	(struct sockaddr *)&ia->ia_addr,
2051	(struct sockaddr *)&mltmask, RTF_UP \| RTF_CLONING,
2052	NULL, ia->ia_ifp->if_index);
2053	if (error)
2054	goto unwind;
2055	} else {
2056	rtfree(rt);
2057	}
2058
2059	imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, `0`);
2060	if (!imm) {
2061	nd6log((LOG_WARNING,
2062	"%s: addmulti failed for %s on %s (errno=%d)\n",
2063	__func__, ip6_sprintf(&mltaddr.sin6_addr),
2064	if_name(ifp), error));
2065	VERIFY(error != `0`);
2066	goto unwind;
2067	}
2068	IFA_LOCK_SPIN(ifa);
2069	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2070	IFA_UNLOCK(ifa);
2071
2072	/*
2073	* join node information group address
2074	*/
2075	#define hostnamelen strlen(hostname)
2076	delay = `0`;
2077	if ((ifaupflags & IN6_IFAUPDATE_DADDELAY)) {
2078	/*
2079	* The spec doesn't say anything about delay for this
2080	* group, but the same logic should apply.
2081	*/
2082	delay = random() % MAX_RTR_SOLICITATION_DELAY;
2083	}
2084	if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
2085	== `0`) {
2086	imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error,
2087	delay); / XXX jinmei /
2088	if (!imm) {
2089	nd6log((LOG_WARNING,
2090	"%s: addmulti failed for %s on %s "
2091	"(errno=%d)\n",
2092	__func__, ip6_sprintf(&mltaddr.sin6_addr),
2093	if_name(ifp), error));
2094	/ XXX not very fatal, go on... /
2095	error = `0`;
2096	} else {
2097	IFA_LOCK_SPIN(ifa);
2098	LIST_INSERT_HEAD(&ia->ia6_memberships,
2099	imm, i6mm_chain);
2100	IFA_UNLOCK(ifa);
2101	}
2102	}
2103	#undef hostnamelen
2104
2105	/*
2106	* join interface-local all-nodes address.
2107	* (ff01::1%ifN, and ff01::%ifN/32)
2108	*/
2109	mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
2110	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != `0`)
2111	goto unwind; / XXX: should not fail /
2112	/ XXX: again, do we really need the route? /
2113	rt = rtalloc1_scoped((struct sockaddr *)&mltaddr, `0`, `0UL`,
2114	ia->ia_ifp->if_index);
2115	if (rt) {
2116	if (memcmp(&mltaddr.sin6_addr, &((struct sockaddr_in6 *)
2117	(void *)rt_key(rt))->sin6_addr, MLTMASK_LEN)) {
2118	rtfree(rt);
2119	rt = NULL;
2120	}
2121	}
2122	if (!rt) {
2123	error = rtrequest_scoped(RTM_ADD,
2124	(struct sockaddr *)&mltaddr,
2125	(struct sockaddr *)&ia->ia_addr,
2126	(struct sockaddr *)&mltmask, RTF_UP \| RTF_CLONING,
2127	NULL, ia->ia_ifp->if_index);
2128	if (error)
2129	goto unwind;
2130	} else
2131	rtfree(rt);
2132
2133	imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, `0`);
2134	if (!imm) {
2135	nd6log((LOG_WARNING,
2136	"%s: addmulti failed for %s on %s (errno=%d)\n",
2137	__func__, ip6_sprintf(&mltaddr.sin6_addr),
2138	if_name(ifp), error));
2139	VERIFY(error != `0`);
2140	goto unwind;
2141	}
2142	IFA_LOCK(ifa);
2143	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
2144	IFA_UNLOCK(ifa);
2145	}
2146	#undef MLTMASK_LEN
2147
2148	/ Ensure nd6_service() is scheduled as soon as it's convenient /
2149	++nd6_sched_timeout_want;
2150
2151	/*
2152	* Perform DAD, if needed.
2153	* XXX It may be of use, if we can administratively
2154	* disable DAD.
2155	*/
2156	IFA_LOCK_SPIN(ifa);
2157	if (in6if_do_dad(ifp) && ((ifa->ifa_flags & IN6_IFF_NODAD) == `0`) &&
2158	(ia->ia6_flags & IN6_IFF_DADPROGRESS)) {
2159	int mindelay, maxdelay;
2160	int *delayptr, delayval;
2161
2162	IFA_UNLOCK(ifa);
2163	delayptr = NULL;
2164	/*
2165	* Avoid the DAD delay if the caller wants us to skip it.
2166	* This is not compliant with RFC 2461, but it's only being
2167	* used for signalling and not for actual DAD.
2168	*/
2169	if ((ifaupflags & IN6_IFAUPDATE_DADDELAY) &&
2170	!(ia->ia6_flags & IN6_IFF_SWIFTDAD)) {
2171	/*
2172	* We need to impose a delay before sending an NS
2173	* for DAD. Check if we also needed a delay for the
2174	* corresponding MLD message. If we did, the delay
2175	* should be larger than the MLD delay (this could be
2176	* relaxed a bit, but this simple logic is at least
2177	* safe).
2178	*/
2179	mindelay = `0`;
2180	if (in6m_sol != NULL) {
2181	IN6M_LOCK(in6m_sol);
2182	if (in6m_sol->in6m_state ==
2183	MLD_REPORTING_MEMBER)
2184	mindelay = in6m_sol->in6m_timer;
2185	IN6M_UNLOCK(in6m_sol);
2186	}
2187	maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
2188	if (maxdelay - mindelay == `0`)
2189	delayval = `0`;
2190	else {
2191	delayval =
2192	(random() % (maxdelay - mindelay)) +
2193	mindelay;
2194	}
2195	delayptr = &delayval;
2196	}
2197
2198	nd6_dad_start((struct ifaddr *)ia, delayptr);
2199	} else {
2200	IFA_UNLOCK(ifa);
2201	}
2202
2203	goto done;
2204
2205	unwind:
2206	VERIFY(error != `0`);
2207	in6_purgeaddr(&ia->ia_ifa);
2208
2209	done:
2210	/ release reference held for this routine /
2211	if (in6m_sol != NULL)
2212	IN6M_REMREF(in6m_sol);
2213	return (error);
2214	}
2215
2216	/*
2217	* Request an IPv6 interface address. If the address is new, then it will be
2218	* constructed and appended to the interface address chains. The interface
2219	* address structure is optionally returned with a reference for the caller.
2220	*/
2221	int
2222	in6_update_ifa(struct ifnet ifp, struct* in6_aliasreq ifra, int* ifaupflags,
2223	struct in6_ifaddr **iar)
2224	{
2225	struct in6_addrlifetime ia6_lt;
2226	struct in6_ifaddr *ia;
2227	struct ifaddr *ifa;
2228	struct ifaddr *xifa;
2229	struct in6_addrlifetime *lt;
2230	uint64_t timenow;
2231	int plen, error;
2232
2233	/ Sanity check parameters and initialize locals /
2234	VERIFY(ifp != NULL && ifra != NULL && iar != NULL);
2235	ia = NULL;
2236	ifa = NULL;
2237	error = `0`;
2238
2239	/*
2240	* We always require users to specify a valid IPv6 address for
2241	* the corresponding operation.
2242	*/
2243	if (ifra->ifra_addr.sin6_family != AF_INET6 \|\|
2244	ifra->ifra_addr.sin6_len != sizeof (struct sockaddr_in6)) {
2245	error = EAFNOSUPPORT;
2246	goto unwind;
2247	}
2248
2249	/ Validate ifra_prefixmask.sin6_len is properly bounded. /
2250	if (ifra->ifra_prefixmask.sin6_len == `0` \|\|
2251	ifra->ifra_prefixmask.sin6_len > sizeof (struct sockaddr_in6)) {
2252	error = EINVAL;
2253	goto unwind;
2254	}
2255
2256	/ Validate prefix length extracted from ifra_prefixmask structure. /
2257	plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
2258	(u_char *)&ifra->ifra_prefixmask + ifra->ifra_prefixmask.sin6_len);
2259	if (plen <= `0`) {
2260	error = EINVAL;
2261	goto unwind;
2262	}
2263
2264	/ Validate lifetimes /
2265	lt = &ifra->ifra_lifetime;
2266	if (lt->ia6t_pltime > lt->ia6t_vltime) {
2267	log(LOG_INFO,
2268	"%s: pltime 0x%x > vltime 0x%x for %s\n", __func__,
2269	lt->ia6t_pltime, lt->ia6t_vltime,
2270	ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2271	error = EINVAL;
2272	goto unwind;
2273	}
2274	if (lt->ia6t_vltime == `0`) {
2275	/*
2276	* the following log might be noisy, but this is a typical
2277	* configuration mistake or a tool's bug.
2278	*/
2279	log(LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
2280	ip6_sprintf(&ifra->ifra_addr.sin6_addr));
2281	}
2282
2283	/*
2284	* Before we lock the ifnet structure, we first check to see if the
2285	* address already exists. If so, then we don't allocate and link a
2286	* new one here.
2287	*/
2288	ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr);
2289	if (ia != NULL)
2290	ifa = &ia->ia_ifa;
2291
2292	/*
2293	* Validate destination address on interface types that require it.
2294	*/
2295	if ((ifp->if_flags & (IFF_LOOPBACK\|IFF_POINTOPOINT)) != `0`) {
2296	switch (ifra->ifra_dstaddr.sin6_family) {
2297	case AF_INET6:
2298	if (plen != `128`) {
2299	/ noisy message for diagnostic purposes /
2300	log(LOG_INFO,
2301	"%s: prefix length < 128 with"
2302	" explicit dstaddr.\n", __func__);
2303	error = EINVAL;
2304	goto unwind;
2305	}
2306	break;
2307
2308	case AF_UNSPEC:
2309	break;
2310
2311	default:
2312	error = EAFNOSUPPORT;
2313	goto unwind;
2314	}
2315	} else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) {
2316	log(LOG_INFO,
2317	"%s: dstaddr valid only on p2p and loopback interfaces.\n",
2318	__func__);
2319	error = EINVAL;
2320	goto unwind;
2321	}
2322
2323	timenow = net_uptime();
2324
2325	if (ia == NULL) {
2326	int how;
2327
2328	/ Is this the first new IPv6 address for the interface? /
2329	ifaupflags \|= IN6_IFAUPDATE_NEWADDR;
2330
2331	/ Allocate memory for IPv6 interface address structure. /
2332	how = !(ifaupflags & IN6_IFAUPDATE_NOWAIT) ? M_WAITOK : `0`;
2333	ia = in6_ifaddr_alloc(how);
2334	if (ia == NULL) {
2335	error = ENOBUFS;
2336	goto unwind;
2337	}
2338
2339	ifa = &ia->ia_ifa;
2340
2341	/*
2342	* Initialize interface address structure.
2343	*
2344	* Note well: none of these sockaddr_in6 structures contain a
2345	* valid sin6_port, sin6_flowinfo or even a sin6_scope_id field.
2346	* We still embed link-local scope identifiers at the end of an
2347	* arbitrary fe80::/32 prefix, for historical reasons. Also, the
2348	* ifa_dstaddr field is always non-NULL on point-to-point and
2349	* loopback interfaces, and conventionally points to a socket
2350	* address of AF_UNSPEC family when there is no destination.
2351	*
2352	* Please enjoy the dancing sea turtle.
2353	*/
2354	IFA_ADDREF(ifa); / for this and optionally for caller /
2355	ifa->ifa_addr = (struct sockaddr *)&ia->ia_addr;
2356	if (ifra->ifra_dstaddr.sin6_family == AF_INET6 \|\|
2357	(ifp->if_flags & (IFF_POINTOPOINT \| IFF_LOOPBACK)) != `0`)
2358	ifa->ifa_dstaddr = (struct sockaddr *)&ia->ia_dstaddr;
2359	ifa->ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
2360	ifa->ifa_ifp = ifp;
2361	ifa->ifa_metric = ifp->if_metric;
2362	ifa->ifa_rtrequest = nd6_rtrequest;
2363
2364	LIST_INIT(&ia->ia6_memberships);
2365	ia->ia_addr.sin6_family = AF_INET6;
2366	ia->ia_addr.sin6_len = sizeof (ia->ia_addr);
2367	ia->ia_addr.sin6_addr = ifra->ifra_addr.sin6_addr;
2368	ia->ia_prefixmask.sin6_family = AF_INET6;
2369	ia->ia_prefixmask.sin6_len = sizeof (ia->ia_prefixmask);
2370	ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
2371	error = in6_to_kamescope(&ia->ia_addr, ifp);
2372	if (error != `0`)
2373	goto unwind;
2374	if (ifa->ifa_dstaddr != NULL) {
2375	ia->ia_dstaddr = ifra->ifra_dstaddr;
2376	error = in6_to_kamescope(&ia->ia_dstaddr, ifp);
2377	if (error != `0`)
2378	goto unwind;
2379	}
2380
2381	/ Append to address chains /
2382	ifnet_lock_exclusive(ifp);
2383	ifaupflags \|= IN6_IFAUPDATE_1STADDR;
2384	TAILQ_FOREACH(xifa, &ifp->if_addrlist, ifa_list) {
2385	IFA_LOCK_SPIN(xifa);
2386	if (xifa->ifa_addr->sa_family != AF_INET6) {
2387	IFA_UNLOCK(xifa);
2388	ifaupflags &= ~IN6_IFAUPDATE_1STADDR;
2389	break;
2390	}
2391	IFA_UNLOCK(xifa);
2392	}
2393
2394	IFA_LOCK_SPIN(ifa);
2395	if_attach_ifa(ifp, ifa); / holds reference for ifnet link /
2396	IFA_UNLOCK(ifa);
2397	ifnet_lock_done(ifp);
2398
2399	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2400	if (in6_ifaddrs != NULL) {
2401	struct in6_ifaddr *iac;
2402	for (iac = in6_ifaddrs; iac->ia_next != NULL;
2403	iac = iac->ia_next)
2404	continue;
2405	iac->ia_next = ia;
2406	} else {
2407	in6_ifaddrs = ia;
2408	}
2409	IFA_ADDREF(ifa); / hold for in6_ifaddrs link /
2410	lck_rw_done(&in6_ifaddr_rwlock);
2411	} else {
2412	ifa = &ia->ia_ifa;
2413	ifaupflags &= ~(IN6_IFAUPDATE_NEWADDR\|IN6_IFAUPDATE_1STADDR);
2414	}
2415
2416	VERIFY(ia != NULL && ifa == &ia->ia_ifa);
2417	IFA_LOCK(ifa);
2418
2419	/*
2420	* Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
2421	* to see if the address is deprecated or invalidated, but initialize
2422	* these members for applications.
2423	*/
2424	ia->ia6_updatetime = ia->ia6_createtime = timenow;
2425	ia6_lt = *lt;
2426	if (ia6_lt.ia6t_vltime != ND6_INFINITE_LIFETIME)
2427	ia6_lt.ia6t_expire = timenow + ia6_lt.ia6t_vltime;
2428	else
2429	ia6_lt.ia6t_expire = `0`;
2430	if (ia6_lt.ia6t_pltime != ND6_INFINITE_LIFETIME)
2431	ia6_lt.ia6t_preferred = timenow + ia6_lt.ia6t_pltime;
2432	else
2433	ia6_lt.ia6t_preferred = `0`;
2434	in6ifa_setlifetime(ia, &ia6_lt);
2435
2436	/*
2437	* Backward compatibility - if IN6_IFF_DEPRECATED is set from the
2438	* userland, make it deprecated.
2439	*/
2440	if ((ia->ia6_flags & IN6_IFF_DEPRECATED) != `0`) {
2441	ia->ia6_lifetime.ia6ti_pltime = `0`;
2442	ia->ia6_lifetime.ia6ti_preferred = timenow;
2443	}
2444
2445	/*
2446	* Update flag or prefix length
2447	*/
2448	ia->ia_plen = plen;
2449	ia->ia6_flags = ifra->ifra_flags;
2450
2451	/ Release locks (new address available to concurrent tasks) /
2452	IFA_UNLOCK(ifa);
2453
2454	/ Further initialization of the interface address /
2455	error = in6_ifinit(ifp, ia, ifaupflags);
2456	if (error != `0`)
2457	goto unwind;
2458
2459	/ Finish updating the address while other tasks are working with it /
2460	error = in6_ifaupdate_aux(ia, ifp, ifaupflags);
2461	if (error != `0`)
2462	goto unwind;
2463
2464	/ Return success (optionally w/ address for caller). /
2465	VERIFY(error == `0`);
2466	(void) ifnet_notify_address(ifp, AF_INET6);
2467	goto done;
2468
2469	unwind:
2470	VERIFY(error != `0`);
2471	if (ia != NULL) {
2472	VERIFY(ifa == &ia->ia_ifa);
2473	IFA_REMREF(ifa);
2474	ia = NULL;
2475	}
2476
2477	done:
2478	*iar = ia;
2479	return (error);
2480	}
2481
2482	void
2483	in6_purgeaddr(struct ifaddr *ifa)
2484	{
2485	struct ifnet *ifp = ifa->ifa_ifp;
2486	struct in6_ifaddr ia = (struct* in6_ifaddr *)ifa;
2487	struct in6_multi_mship *imm;
2488
2489	LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2490
2491	/ stop DAD processing /
2492	nd6_dad_stop(ifa);
2493
2494	/*
2495	* delete route to the destination of the address being purged.
2496	* The interface must be p2p or loopback in this case.
2497	*/
2498	IFA_LOCK(ifa);
2499	if ((ia->ia_flags & IFA_ROUTE) && ia->ia_plen == `128`) {
2500	int error, rtf;
2501
2502	IFA_UNLOCK(ifa);
2503	rtf = (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : `0`;
2504	error = rtinit(&(ia->ia_ifa), RTM_DELETE, rtf);
2505	if (error != `0`) {
2506	log(LOG_ERR, "in6_purgeaddr: failed to remove "
2507	"a route to the p2p destination: %s on %s, "
2508	"errno=%d\n",
2509	ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
2510	error);
2511	/ proceed anyway... /
2512	}
2513	IFA_LOCK_SPIN(ifa);
2514	ia->ia_flags &= ~IFA_ROUTE;
2515	}
2516	IFA_UNLOCK(ifa);
2517
2518	/ Remove ownaddr's loopback rtentry, if it exists. /
2519	in6_ifremloop(&(ia->ia_ifa));
2520
2521	/*
2522	* leave from multicast groups we have joined for the interface
2523	*/
2524	IFA_LOCK(ifa);
2525	while ((imm = ia->ia6_memberships.lh_first) != NULL) {
2526	LIST_REMOVE(imm, i6mm_chain);
2527	IFA_UNLOCK(ifa);
2528	in6_leavegroup(imm);
2529	IFA_LOCK(ifa);
2530	}
2531	IFA_UNLOCK(ifa);
2532
2533	/ in6_unlink_ifa() will need exclusive access /
2534	in6_unlink_ifa(ia, ifp);
2535	in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia, NULL);
2536
2537	(void) ifnet_notify_address(ifp, AF_INET6);
2538	}
2539
2540	static void
2541	in6_unlink_ifa(struct in6_ifaddr ia, struct* ifnet *ifp)
2542	{
2543	struct in6_ifaddr *oia;
2544	struct ifaddr *ifa;
2545	int unlinked;
2546
2547	LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2548
2549	ifa = &ia->ia_ifa;
2550	IFA_ADDREF(ifa);
2551
2552	ifnet_lock_exclusive(ifp);
2553	IFA_LOCK(ifa);
2554	if (ifa->ifa_debug & IFD_ATTACHED)
2555	if_detach_ifa(ifp, ifa);
2556	IFA_UNLOCK(ifa);
2557	ifnet_lock_done(ifp);
2558
2559	unlinked = `1`;
2560	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2561	oia = ia;
2562	if (oia == (ia = in6_ifaddrs)) {
2563	in6_ifaddrs = ia->ia_next;
2564	} else {
2565	while (ia->ia_next && (ia->ia_next != oia))
2566	ia = ia->ia_next;
2567	if (ia->ia_next) {
2568	ia->ia_next = oia->ia_next;
2569	} else {
2570	/ search failed /
2571	log(LOG_NOTICE, "%s: search failed.\n", __func__);
2572	unlinked = `0`;
2573	}
2574	}
2575
2576	/*
2577	* When IPv6 address is being removed, release the
2578	* reference to the base prefix.
2579	* Also, since the release might, affect the status
2580	* of other (detached) addresses, call
2581	* pfxlist_onlink_check().
2582	*/
2583	ifa = &oia->ia_ifa;
2584	IFA_LOCK(ifa);
2585	/*
2586	* Only log the below message for addresses other than
2587	* link local.
2588	* Only one LLA (auto-configured or statically) is allowed
2589	* on an interface.
2590	* LLA prefix, while added to the prefix list, is not
2591	* reference countedi (as it is the only one).
2592	* The prefix also never expires on its own as LLAs
2593	* have infinite lifetime.
2594	*
2595	* For now quiece down the log message for LLAs.
2596	*/
2597	if (!IN6_IS_ADDR_LINKLOCAL(&oia->ia_addr.sin6_addr)) {
2598	if (oia->ia6_ndpr == NULL)
2599	log(LOG_NOTICE, "in6_unlink_ifa: IPv6 address "
2600	"0x%llx has no prefix\n",
2601	(uint64_t)VM_KERNEL_ADDRPERM(oia));
2602	else {
2603	struct nd_prefix *pr = oia->ia6_ndpr;
2604	oia->ia6_flags &= ~IN6_IFF_AUTOCONF;
2605	oia->ia6_ndpr = NULL;
2606	NDPR_LOCK(pr);
2607	VERIFY(pr->ndpr_addrcnt != `0`);
2608	pr->ndpr_addrcnt--;
2609	if (oia->ia6_flags & IN6_IFF_CLAT46)
2610	pr->ndpr_stateflags &= ~NDPRF_CLAT46;
2611	NDPR_UNLOCK(pr);
2612	NDPR_REMREF(pr); / release addr reference /
2613	}
2614	}
2615	IFA_UNLOCK(ifa);
2616	lck_rw_done(&in6_ifaddr_rwlock);
2617
2618	if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != `0`) {
2619	lck_mtx_lock(nd6_mutex);
2620	pfxlist_onlink_check();
2621	lck_mtx_unlock(nd6_mutex);
2622	}
2623	/*
2624	* release another refcnt for the link from in6_ifaddrs.
2625	* Do this only if it's not already unlinked in the event that we lost
2626	* the race, since in6_ifaddr_rwlock was momentarily dropped above.
2627	*/
2628	if (unlinked)
2629	IFA_REMREF(ifa);
2630
2631	/ release reference held for this routine /
2632	IFA_REMREF(ifa);
2633
2634	/ invalidate route caches /
2635	routegenid_inet6_update();
2636	}
2637
2638	void
2639	in6_purgeif(struct ifnet *ifp)
2640	{
2641	struct in6_ifaddr *ia;
2642
2643	if (ifp == NULL)
2644	return;
2645
2646	LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
2647
2648	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2649	ia = in6_ifaddrs;
2650	while (ia != NULL) {
2651	if (ia->ia_ifa.ifa_ifp != ifp) {
2652	ia = ia->ia_next;
2653	continue;
2654	}
2655	IFA_ADDREF(&ia->ia_ifa); / for us /
2656	lck_rw_done(&in6_ifaddr_rwlock);
2657	in6_purgeaddr(&ia->ia_ifa);
2658	IFA_REMREF(&ia->ia_ifa); / for us /
2659	lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
2660	/*
2661	* Purging the address would have caused
2662	* in6_ifaddr_rwlock to be dropped and reacquired;
2663	* therefore search again from the beginning
2664	* of in6_ifaddrs list.
2665	*/
2666	ia = in6_ifaddrs;
2667	}
2668	lck_rw_done(&in6_ifaddr_rwlock);
2669
2670	in6_ifdetach(ifp);
2671	}
2672
2673	/*
2674	* Initialize an interface's internet6 address and routing table entry.
2675	*/
2676	static int
2677	in6_ifinit(struct ifnet ifp, struct* in6_ifaddr ia, int* ifaupflags)
2678	{
2679	int error;
2680	struct ifaddr *ifa;
2681
2682	error = `0`;
2683	ifa = &ia->ia_ifa;
2684
2685	/*
2686	* NOTE: SIOCSIFADDR is defined with struct ifreq as parameter,
2687	* but here we are sending it down to the interface with a pointer
2688	* to struct ifaddr, for legacy reasons.
2689	*/
2690	if ((ifaupflags & IN6_IFAUPDATE_1STADDR) != `0`) {
2691	error = ifnet_ioctl(ifp, PF_INET6, SIOCSIFADDR, ia);
2692	if (error != `0`) {
2693	if (error != EOPNOTSUPP)
2694	return (error);
2695	error = `0`;
2696	}
2697	}
2698
2699	IFA_LOCK(ifa);
2700
2701	/*
2702	* Special case:
2703	* If the destination address is specified for a point-to-point
2704	* interface, install a route to the destination as an interface
2705	* direct route.
2706	*/
2707	if (!(ia->ia_flags & IFA_ROUTE) && ia->ia_plen == `128` &&
2708	ia->ia_dstaddr.sin6_family == AF_INET6) {
2709	IFA_UNLOCK(ifa);
2710	error = rtinit(ifa, RTM_ADD, RTF_UP \| RTF_HOST);
2711	if (error != `0`)
2712	return (error);
2713	IFA_LOCK(ifa);
2714	ia->ia_flags \|= IFA_ROUTE;
2715	}
2716	IFA_LOCK_ASSERT_HELD(ifa);
2717	if (ia->ia_plen < `128`) {
2718	/*
2719	* The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
2720	*/
2721	ia->ia_flags \|= RTF_CLONING;
2722	}
2723
2724	IFA_UNLOCK(ifa);
2725
2726	/ Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). /
2727	if ((ifaupflags & IN6_IFAUPDATE_NEWADDR) != `0`)
2728	in6_ifaddloop(ifa);
2729
2730	/ invalidate route caches /
2731	routegenid_inet6_update();
2732
2733	VERIFY(error == `0`);
2734	return (`0`);
2735	}
2736
2737	void
2738	in6_purgeaddrs(struct ifnet *ifp)
2739	{
2740	in6_purgeif(ifp);
2741	}
2742
2743	/*
2744	* Find an IPv6 interface link-local address specific to an interface.
2745	*/
2746	struct in6_ifaddr *
2747	in6ifa_ifpforlinklocal(struct ifnet ifp, int* ignoreflags)
2748	{
2749	struct ifaddr *ifa;
2750
2751	ifnet_lock_shared(ifp);
2752	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
2753	{
2754	IFA_LOCK_SPIN(ifa);
2755	if (ifa->ifa_addr->sa_family != AF_INET6) {
2756	IFA_UNLOCK(ifa);
2757	continue;
2758	}
2759	if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
2760	if ((((struct in6_ifaddr *)ifa)->ia6_flags &
2761	ignoreflags) != `0`) {
2762	IFA_UNLOCK(ifa);
2763	continue;
2764	}
2765	IFA_ADDREF_LOCKED(ifa); / for caller /
2766	IFA_UNLOCK(ifa);
2767	break;
2768	}
2769	IFA_UNLOCK(ifa);
2770	}
2771	ifnet_lock_done(ifp);
2772
2773	return ((struct in6_ifaddr *)ifa);
2774	}
2775
2776	struct in6_ifaddr *
2777	in6ifa_ifpwithflag(struct ifnet * ifp, int flag)
2778	{
2779	struct ifaddr *ifa;
2780
2781	ifnet_lock_shared(ifp);
2782	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
2783	{
2784	IFA_LOCK_SPIN(ifa);
2785	if (ifa->ifa_addr->sa_family != AF_INET6 ) {
2786	IFA_UNLOCK(ifa);
2787	continue;
2788	}
2789	if ((((struct in6_ifaddr *)ifa)->ia6_flags & flag) == flag) {
2790	IFA_ADDREF_LOCKED(ifa);
2791	IFA_UNLOCK(ifa);
2792	break;
2793	}
2794	IFA_UNLOCK(ifa);
2795	}
2796	ifnet_lock_done(ifp);
2797
2798	return ((struct in6_ifaddr *)ifa);
2799	}
2800
2801	/*
2802	* find the internet address corresponding to a given interface and address.
2803	*/
2804	struct in6_ifaddr *
2805	in6ifa_ifpwithaddr(struct ifnet ifp, struct* in6_addr *addr)
2806	{
2807	struct ifaddr *ifa;
2808
2809	ifnet_lock_shared(ifp);
2810	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
2811	{
2812	IFA_LOCK_SPIN(ifa);
2813	if (ifa->ifa_addr->sa_family != AF_INET6) {
2814	IFA_UNLOCK(ifa);
2815	continue;
2816	}
2817	if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
2818	IFA_ADDREF_LOCKED(ifa); / for caller /
2819	IFA_UNLOCK(ifa);
2820	break;
2821	}
2822	IFA_UNLOCK(ifa);
2823	}
2824	ifnet_lock_done(ifp);
2825
2826	return ((struct in6_ifaddr *)ifa);
2827	}
2828
2829	struct in6_ifaddr *
2830	in6ifa_prproxyaddr(struct in6_addr *addr)
2831	{
2832	struct in6_ifaddr *ia;
2833
2834	lck_rw_lock_shared(&in6_ifaddr_rwlock);
2835	for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
2836	IFA_LOCK(&ia->ia_ifa);
2837	if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(&ia->ia_ifa))) {
2838	IFA_ADDREF_LOCKED(&ia->ia_ifa); / for caller /
2839	IFA_UNLOCK(&ia->ia_ifa);
2840	break;
2841	}
2842	IFA_UNLOCK(&ia->ia_ifa);
2843	}
2844	lck_rw_done(&in6_ifaddr_rwlock);
2845
2846	if (ia != NULL && !nd6_prproxy_ifaddr(ia)) {
2847	IFA_REMREF(&ia->ia_ifa);
2848	ia = NULL;
2849	}
2850
2851	return (ia);
2852	}
2853
2854	void
2855	in6ifa_getlifetime(struct in6_ifaddr ia6, struct* in6_addrlifetime *t_dst,
2856	int iscalendar)
2857	{
2858	struct in6_addrlifetime_i *t_src = &ia6->ia6_lifetime;
2859	struct timeval caltime;
2860
2861	t_dst->ia6t_vltime = t_src->ia6ti_vltime;
2862	t_dst->ia6t_pltime = t_src->ia6ti_pltime;
2863	t_dst->ia6t_expire = `0`;
2864	t_dst->ia6t_preferred = `0`;
2865
2866	/ account for system time change /
2867	getmicrotime(&caltime);
2868	t_src->ia6ti_base_calendartime +=
2869	NET_CALCULATE_CLOCKSKEW(caltime,
2870	t_src->ia6ti_base_calendartime, net_uptime(),
2871	t_src->ia6ti_base_uptime);
2872
2873	if (iscalendar) {
2874	if (t_src->ia6ti_expire != `0` &&
2875	t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME)
2876	t_dst->ia6t_expire = t_src->ia6ti_base_calendartime +
2877	t_src->ia6ti_expire - t_src->ia6ti_base_uptime;
2878
2879	if (t_src->ia6ti_preferred != `0` &&
2880	t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME)
2881	t_dst->ia6t_preferred = t_src->ia6ti_base_calendartime +
2882	t_src->ia6ti_preferred - t_src->ia6ti_base_uptime;
2883	} else {
2884	if (t_src->ia6ti_expire != `0` &&
2885	t_src->ia6ti_vltime != ND6_INFINITE_LIFETIME)
2886	t_dst->ia6t_expire = t_src->ia6ti_expire;
2887
2888	if (t_src->ia6ti_preferred != `0` &&
2889	t_src->ia6ti_pltime != ND6_INFINITE_LIFETIME)
2890	t_dst->ia6t_preferred = t_src->ia6ti_preferred;
2891	}
2892	}
2893
2894	void
2895	in6ifa_setlifetime(struct in6_ifaddr ia6, struct* in6_addrlifetime *t_src)
2896	{
2897	struct in6_addrlifetime_i *t_dst = &ia6->ia6_lifetime;
2898	struct timeval caltime;
2899
2900	/ account for system time change /
2901	getmicrotime(&caltime);
2902	t_dst->ia6ti_base_calendartime +=
2903	NET_CALCULATE_CLOCKSKEW(caltime,
2904	t_dst->ia6ti_base_calendartime, net_uptime(),
2905	t_dst->ia6ti_base_uptime);
2906
2907	/ trust the caller for the values /
2908	t_dst->ia6ti_expire = t_src->ia6t_expire;
2909	t_dst->ia6ti_preferred = t_src->ia6t_preferred;
2910	t_dst->ia6ti_vltime = t_src->ia6t_vltime;
2911	t_dst->ia6ti_pltime = t_src->ia6t_pltime;
2912	}
2913
2914	/*
2915	* Convert IP6 address to printable (loggable) representation.
2916	*/
2917	char *
2918	ip6_sprintf(const struct in6_addr *addr)
2919	{
2920	static const char digits[] = "0123456789abcdef";
2921	static int ip6round = `0`;
2922	static char ip6buf[`8`][`48`];
2923
2924	int i;
2925	char *cp;
2926	const u_short a = (const* u_short *)addr;
2927	const u_char *d;
2928	u_char n;
2929	int dcolon = `0`;
2930	int zpad = `0`;
2931
2932	ip6round = (ip6round + `1`) & `7`;
2933	cp = ip6buf[ip6round];
2934
2935	for (i = `0`; i < `8`; i++) {
2936	if (dcolon == `1`) {
2937	if (*a == `0`) {
2938	if (i == `7`)
2939	*cp++ = `':'`;
2940	a++;
2941	continue;
2942	} else
2943	dcolon = `2`;
2944	}
2945	if (*a == `0`) {
2946	if (dcolon == `0` && *(a + `1`) == `0`) {
2947	if (i == `0`)
2948	*cp++ = `':'`;
2949	*cp++ = `':'`;
2950	dcolon = `1`;
2951	} else {
2952	*cp++ = `'0'`;
2953	*cp++ = `':'`;
2954	}
2955	a++;
2956	continue;
2957	}
2958	d = (const u_char *)a;
2959	zpad = `0`;
2960	if ((n = *d >> `4`) != `0`) {
2961	*cp++ = digits[n];
2962	zpad = `1`;
2963	}
2964	if ((n = *d++ & `0xf`) != `0` \|\| zpad) {
2965	*cp++ = digits[n];
2966	zpad = `1`;
2967	}
2968	if ((n = *d >> `4`) != `0` \|\| zpad) {
2969	*cp++ = digits[n];
2970	zpad = `1`;
2971	}
2972	if ((n = *d & `0xf`) != `0` \|\| zpad)
2973	*cp++ = digits[n];
2974	*cp++ = `':'`;
2975	a++;
2976	}
2977	*--cp = `0`;
2978	return (ip6buf[ip6round]);
2979	}
2980
2981	int
2982	in6addr_local(struct in6_addr *in6)
2983	{
2984	struct rtentry *rt;
2985	struct sockaddr_in6 sin6;
2986	int local = `0`;
2987
2988	if (IN6_IS_ADDR_LOOPBACK(in6) \|\| IN6_IS_SCOPE_LINKLOCAL(in6))
2989	return (`1`);
2990
2991	sin6.sin6_family = AF_INET6;
2992	sin6.sin6_len = sizeof (sin6);
2993	bcopy(in6, &sin6.sin6_addr, sizeof (*in6));
2994	rt = rtalloc1((struct sockaddr *)&sin6, `0`, `0`);
2995
2996	if (rt != NULL) {
2997	RT_LOCK_SPIN(rt);
2998	if (rt->rt_gateway->sa_family == AF_LINK)
2999	local = `1`;
3000	RT_UNLOCK(rt);
3001	rtfree(rt);
3002	} else {
3003	local = in6_localaddr(in6);
3004	}
3005	return (local);
3006	}
3007
3008	int
3009	in6_localaddr(struct in6_addr *in6)
3010	{
3011	struct in6_ifaddr *ia;
3012
3013	if (IN6_IS_ADDR_LOOPBACK(in6) \|\| IN6_IS_ADDR_LINKLOCAL(in6))
3014	return (`1`);
3015
3016	lck_rw_lock_shared(&in6_ifaddr_rwlock);
3017	for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
3018	IFA_LOCK_SPIN(&ia->ia_ifa);
3019	if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
3020	&ia->ia_prefixmask.sin6_addr)) {
3021	IFA_UNLOCK(&ia->ia_ifa);
3022	lck_rw_done(&in6_ifaddr_rwlock);
3023	return (`1`);
3024	}
3025	IFA_UNLOCK(&ia->ia_ifa);
3026	}
3027	lck_rw_done(&in6_ifaddr_rwlock);
3028	return (`0`);
3029	}
3030
3031	/*
3032	* return length of part which dst and src are equal
3033	* hard coding...
3034	*/
3035	int
3036	in6_matchlen(struct in6_addr src, struct* in6_addr *dst)
3037	{
3038	int match = `0`;
3039	u_char s = (u_char )src, d = (u_char )dst;
3040	u_char *lim = s + `16`, r;
3041
3042	while (s < lim)
3043	if ((r = (d++ ^ s++)) != `0`) {
3044	while (r < `128`) {
3045	match++;
3046	r <<= `1`;
3047	}
3048	break;
3049	} else
3050	match += `8`;
3051	return (match);
3052	}
3053
3054	/ XXX: to be scope conscious /
3055	int
3056	in6_are_prefix_equal(struct in6_addr p1, struct* in6_addr p2, int* len)
3057	{
3058	int bytelen, bitlen;
3059
3060	/ sanity check /
3061	if (`0` > len \|\| len > `128`) {
3062	log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3063	return (`0`);
3064	}
3065
3066	bytelen = len / `8`;
3067	bitlen = len % `8`;
3068
3069	if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
3070	return (`0`);
3071	if (bitlen != `0` &&
3072	p1->s6_addr[bytelen] >> (`8` - bitlen) !=
3073	p2->s6_addr[bytelen] >> (`8` - bitlen))
3074	return (`0`);
3075
3076	return (`1`);
3077	}
3078
3079	void
3080	in6_prefixlen2mask(struct in6_addr maskp, int* len)
3081	{
3082	u_char maskarray[`8`] = {`0x80`, `0xc0`, `0xe0`, `0xf0`, `0xf8`, `0xfc`, `0xfe`, `0xff`};
3083	int bytelen, bitlen, i;
3084
3085	/ sanity check /
3086	if (`0` > len \|\| len > `128`) {
3087	log(LOG_ERR, "%s: invalid prefix length(%d)\n", __func__, len);
3088	return;
3089	}
3090
3091	bzero(maskp, sizeof (*maskp));
3092	bytelen = len / `8`;
3093	bitlen = len % `8`;
3094	for (i = `0`; i < bytelen; i++)
3095	maskp->s6_addr[i] = `0xff`;
3096	if (bitlen)
3097	maskp->s6_addr[bytelen] = maskarray[bitlen - `1`];
3098	}
3099
3100	/*
3101	* return the best address out of the same scope
3102	*/
3103	struct in6_ifaddr *
3104	in6_ifawithscope(struct ifnet oifp, struct* in6_addr *dst)
3105	{
3106	int dst_scope = in6_addrscope(dst), src_scope, best_scope = `0`;
3107	int blen = -`1`;
3108	struct ifaddr *ifa;
3109	struct ifnet *ifp;
3110	struct in6_ifaddr *ifa_best = NULL;
3111
3112	if (oifp == NULL) {
3113	return (NULL);
3114	}
3115
3116	/*
3117	* We search for all addresses on all interfaces from the beginning.
3118	* Comparing an interface with the outgoing interface will be done
3119	* only at the final stage of tiebreaking.
3120	*/
3121	ifnet_head_lock_shared();
3122	TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3123	/*
3124	* We can never take an address that breaks the scope zone
3125	* of the destination.
3126	*/
3127	if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst))
3128	continue;
3129
3130	ifnet_lock_shared(ifp);
3131	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3132	int tlen = -`1`, dscopecmp, bscopecmp, matchcmp;
3133
3134	IFA_LOCK(ifa);
3135	if (ifa->ifa_addr->sa_family != AF_INET6) {
3136	IFA_UNLOCK(ifa);
3137	continue;
3138	}
3139	src_scope = in6_addrscope(IFA_IN6(ifa));
3140
3141	/*
3142	* Don't use an address before completing DAD
3143	* nor a duplicated address.
3144	*/
3145	if (((struct in6_ifaddr *)ifa)->ia6_flags &
3146	(IN6_IFF_NOTREADY \| IN6_IFF_CLAT46)) {
3147	IFA_UNLOCK(ifa);
3148	continue;
3149	}
3150	/ XXX: is there any case to allow anycasts? /
3151	if (((struct in6_ifaddr *)ifa)->ia6_flags &
3152	IN6_IFF_ANYCAST) {
3153	IFA_UNLOCK(ifa);
3154	continue;
3155	}
3156	if (((struct in6_ifaddr *)ifa)->ia6_flags &
3157	IN6_IFF_DETACHED) {
3158	IFA_UNLOCK(ifa);
3159	continue;
3160	}
3161	/*
3162	* If this is the first address we find,
3163	* keep it anyway.
3164	*/
3165	if (ifa_best == NULL)
3166	goto replace;
3167
3168	/*
3169	* ifa_best is never NULL beyond this line except
3170	* within the block labeled "replace".
3171	*/
3172
3173	/*
3174	* If ifa_best has a smaller scope than dst and
3175	* the current address has a larger one than
3176	* (or equal to) dst, always replace ifa_best.
3177	* Also, if the current address has a smaller scope
3178	* than dst, ignore it unless ifa_best also has a
3179	* smaller scope.
3180	* Consequently, after the two if-clause below,
3181	* the followings must be satisfied:
3182	* (scope(src) < scope(dst) &&
3183	* scope(best) < scope(dst))
3184	* OR
3185	* (scope(best) >= scope(dst) &&
3186	* scope(src) >= scope(dst))
3187	*/
3188	if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < `0` &&
3189	IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= `0`)
3190	goto replace; / (A) /
3191	if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < `0` &&
3192	IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= `0`) {
3193	IFA_UNLOCK(ifa);
3194	continue; / (B) /
3195	}
3196	/*
3197	* A deprecated address SHOULD NOT be used in new
3198	* communications if an alternate (non-deprecated)
3199	* address is available and has sufficient scope.
3200	* RFC 4862, Section 5.5.4.
3201	*/
3202	if (((struct in6_ifaddr *)ifa)->ia6_flags &
3203	IN6_IFF_DEPRECATED) {
3204	/*
3205	* Ignore any deprecated addresses if
3206	* specified by configuration.
3207	*/
3208	if (!ip6_use_deprecated) {
3209	IFA_UNLOCK(ifa);
3210	continue;
3211	}
3212	/*
3213	* If we have already found a non-deprecated
3214	* candidate, just ignore deprecated addresses.
3215	*/
3216	if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
3217	== `0`) {
3218	IFA_UNLOCK(ifa);
3219	continue;
3220	}
3221	}
3222
3223	/*
3224	* A non-deprecated address is always preferred
3225	* to a deprecated one regardless of scopes and
3226	* address matching (Note invariants ensured by the
3227	* conditions (A) and (B) above.)
3228	*/
3229	if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
3230	(((struct in6_ifaddr *)ifa)->ia6_flags &
3231	IN6_IFF_DEPRECATED) == `0`)
3232	goto replace;
3233
3234	/*
3235	* When we use temporary addresses described in
3236	* RFC 4941, we prefer temporary addresses to
3237	* public autoconf addresses. Again, note the
3238	* invariants from (A) and (B). Also note that we
3239	* don't have any preference between static addresses
3240	* and autoconf addresses (despite of whether or not
3241	* the latter is temporary or public.)
3242	*/
3243	if (ip6_use_tempaddr) {
3244	struct in6_ifaddr *ifat;
3245
3246	ifat = (struct in6_ifaddr *)ifa;
3247	if ((ifa_best->ia6_flags &
3248	(IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY))
3249	== IN6_IFF_AUTOCONF &&
3250	(ifat->ia6_flags &
3251	(IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY))
3252	== (IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY)) {
3253	goto replace;
3254	}
3255	if ((ifa_best->ia6_flags &
3256	(IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY))
3257	== (IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY) &&
3258	(ifat->ia6_flags &
3259	(IN6_IFF_AUTOCONF\|IN6_IFF_TEMPORARY))
3260	== IN6_IFF_AUTOCONF) {
3261	IFA_UNLOCK(ifa);
3262	continue;
3263	}
3264	}
3265
3266	/*
3267	* At this point, we have two cases:
3268	* 1. we are looking at a non-deprecated address,
3269	* and ifa_best is also non-deprecated.
3270	* 2. we are looking at a deprecated address,
3271	* and ifa_best is also deprecated.
3272	* Also, we do not have to consider a case where
3273	* the scope of if_best is larger(smaller) than dst and
3274	* the scope of the current address is smaller(larger)
3275	* than dst. Such a case has already been covered.
3276	* Tiebreaking is done according to the following
3277	* items:
3278	* - the scope comparison between the address and
3279	* dst (dscopecmp)
3280	* - the scope comparison between the address and
3281	* ifa_best (bscopecmp)
3282	* - if the address match dst longer than ifa_best
3283	* (matchcmp)
3284	* - if the address is on the outgoing I/F (outI/F)
3285	*
3286	* Roughly speaking, the selection policy is
3287	* - the most important item is scope. The same scope
3288	* is best. Then search for a larger scope.
3289	* Smaller scopes are the last resort.
3290	* - A deprecated address is chosen only when we have
3291	* no address that has an enough scope, but is
3292	* prefered to any addresses of smaller scopes
3293	* (this must be already done above.)
3294	* - addresses on the outgoing I/F are preferred to
3295	* ones on other interfaces if none of above
3296	* tiebreaks. In the table below, the column "bI"
3297	* means if the best_ifa is on the outgoing
3298	* interface, and the column "sI" means if the ifa
3299	* is on the outgoing interface.
3300	* - If there is no other reasons to choose one,
3301	* longest address match against dst is considered.
3302	*
3303	* The precise decision table is as follows:
3304	* dscopecmp bscopecmp match bI oI \| replace?
3305	* N/A equal N/A Y N \| No (1)
3306	* N/A equal N/A N Y \| Yes (2)
3307	* N/A equal larger N/A \| Yes (3)
3308	* N/A equal !larger N/A \| No (4)
3309	* larger larger N/A N/A \| No (5)
3310	* larger smaller N/A N/A \| Yes (6)
3311	* smaller larger N/A N/A \| Yes (7)
3312	* smaller smaller N/A N/A \| No (8)
3313	* equal smaller N/A N/A \| Yes (9)
3314	* equal larger (already done at A above)
3315	*/
3316	dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
3317	bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
3318
3319	if (bscopecmp == `0`) {
3320	struct ifnet *bifp = ifa_best->ia_ifp;
3321
3322	if (bifp == oifp && ifp != oifp) { / (1) /
3323	IFA_UNLOCK(ifa);
3324	continue;
3325	}
3326	if (bifp != oifp && ifp == oifp) / (2) /
3327	goto replace;
3328
3329	/*
3330	* Both bifp and ifp are on the outgoing
3331	* interface, or both two are on a different
3332	* interface from the outgoing I/F.
3333	* now we need address matching against dst
3334	* for tiebreaking.
3335	*/
3336	tlen = in6_matchlen(IFA_IN6(ifa), dst);
3337	matchcmp = tlen - blen;
3338	if (matchcmp > `0`) / (3) /
3339	goto replace;
3340	IFA_UNLOCK(ifa);
3341	continue; / (4) /
3342	}
3343	if (dscopecmp > `0`) {
3344	if (bscopecmp > `0`) { / (5) /
3345	IFA_UNLOCK(ifa);
3346	continue;
3347	}
3348	goto replace; / (6) /
3349	}
3350	if (dscopecmp < `0`) {
3351	if (bscopecmp > `0`) / (7) /
3352	goto replace;
3353	IFA_UNLOCK(ifa);
3354	continue; / (8) /
3355	}
3356
3357	/ now dscopecmp must be 0 /
3358	if (bscopecmp < `0`)
3359	goto replace; / (9) /
3360
3361	replace:
3362	IFA_ADDREF_LOCKED(ifa); / for ifa_best /
3363	blen = tlen >= `0` ? tlen :
3364	in6_matchlen(IFA_IN6(ifa), dst);
3365	best_scope =
3366	in6_addrscope(&ifa2ia6(ifa)->ia_addr.sin6_addr);
3367	IFA_UNLOCK(ifa);
3368	if (ifa_best)
3369	IFA_REMREF(&ifa_best->ia_ifa);
3370	ifa_best = (struct in6_ifaddr *)ifa;
3371	}
3372	ifnet_lock_done(ifp);
3373	}
3374	ifnet_head_done();
3375
3376	/ count statistics for future improvements /
3377	if (ifa_best == NULL)
3378	ip6stat.ip6s_sources_none++;
3379	else {
3380	IFA_LOCK_SPIN(&ifa_best->ia_ifa);
3381	if (oifp == ifa_best->ia_ifp)
3382	ip6stat.ip6s_sources_sameif[best_scope]++;
3383	else
3384	ip6stat.ip6s_sources_otherif[best_scope]++;
3385
3386	if (best_scope == dst_scope)
3387	ip6stat.ip6s_sources_samescope[best_scope]++;
3388	else
3389	ip6stat.ip6s_sources_otherscope[best_scope]++;
3390
3391	if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != `0`)
3392	ip6stat.ip6s_sources_deprecated[best_scope]++;
3393	IFA_UNLOCK(&ifa_best->ia_ifa);
3394	}
3395
3396	return (ifa_best);
3397	}
3398
3399	/*
3400	* return the best address out of the same scope. if no address was
3401	* found, return the first valid address from designated IF.
3402	*/
3403	struct in6_ifaddr *
3404	in6_ifawithifp(struct ifnet ifp, struct* in6_addr *dst)
3405	{
3406	int dst_scope = in6_addrscope(dst), blen = -`1`, tlen;
3407	struct ifaddr *ifa;
3408	struct in6_ifaddr *besta = NULL;
3409	struct in6_ifaddr dep[`2`]; /* last-resort: deprecated /
3410
3411	dep[`0`] = dep[`1`] = NULL;
3412
3413	/*
3414	* We first look for addresses in the same scope.
3415	* If there is one, return it.
3416	* If two or more, return one which matches the dst longest.
3417	* If none, return one of global addresses assigned other ifs.
3418	*/
3419	ifnet_lock_shared(ifp);
3420	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3421	IFA_LOCK(ifa);
3422	if (ifa->ifa_addr->sa_family != AF_INET6) {
3423	IFA_UNLOCK(ifa);
3424	continue;
3425	}
3426	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3427	IFA_UNLOCK(ifa);
3428	continue; / XXX: is there any case to allow anycast? /
3429	}
3430	if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY \| IN6_IFF_CLAT46)) {
3431	IFA_UNLOCK(ifa);
3432	continue; / don't use this interface /
3433	}
3434	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3435	IFA_UNLOCK(ifa);
3436	continue;
3437	}
3438	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3439	if (ip6_use_deprecated) {
3440	IFA_ADDREF_LOCKED(ifa); / for dep[0] /
3441	IFA_UNLOCK(ifa);
3442	if (dep[`0`] != NULL)
3443	IFA_REMREF(&dep[`0`]->ia_ifa);
3444	dep[`0`] = (struct in6_ifaddr *)ifa;
3445	} else {
3446	IFA_UNLOCK(ifa);
3447	}
3448	continue;
3449	}
3450
3451	if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
3452	/*
3453	* call in6_matchlen() as few as possible
3454	*/
3455	if (besta) {
3456	if (blen == -`1`) {
3457	IFA_UNLOCK(ifa);
3458	IFA_LOCK(&besta->ia_ifa);
3459	blen = in6_matchlen(
3460	&besta->ia_addr.sin6_addr, dst);
3461	IFA_UNLOCK(&besta->ia_ifa);
3462	IFA_LOCK(ifa);
3463	}
3464	tlen = in6_matchlen(IFA_IN6(ifa), dst);
3465	if (tlen > blen) {
3466	blen = tlen;
3467	IFA_ADDREF_LOCKED(ifa); / for besta /
3468	IFA_UNLOCK(ifa);
3469	IFA_REMREF(&besta->ia_ifa);
3470	besta = (struct in6_ifaddr *)ifa;
3471	} else {
3472	IFA_UNLOCK(ifa);
3473	}
3474	} else {
3475	besta = (struct in6_ifaddr *)ifa;
3476	IFA_ADDREF_LOCKED(ifa); / for besta /
3477	IFA_UNLOCK(ifa);
3478	}
3479	} else {
3480	IFA_UNLOCK(ifa);
3481	}
3482	}
3483	if (besta) {
3484	ifnet_lock_done(ifp);
3485	if (dep[`0`] != NULL)
3486	IFA_REMREF(&dep[`0`]->ia_ifa);
3487	return (besta);
3488	}
3489
3490	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3491	IFA_LOCK(ifa);
3492	if (ifa->ifa_addr->sa_family != AF_INET6) {
3493	IFA_UNLOCK(ifa);
3494	continue;
3495	}
3496	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) {
3497	IFA_UNLOCK(ifa);
3498	continue; / XXX: is there any case to allow anycast? /
3499	}
3500	if (ifa2ia6(ifa)->ia6_flags & (IN6_IFF_NOTREADY \| IN6_IFF_CLAT46)) {
3501	IFA_UNLOCK(ifa);
3502	continue; / don't use this interface /
3503	}
3504	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DETACHED) {
3505	IFA_UNLOCK(ifa);
3506	continue;
3507	}
3508	if (ifa2ia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
3509	if (ip6_use_deprecated) {
3510	IFA_ADDREF_LOCKED(ifa); / for dep[1] /
3511	IFA_UNLOCK(ifa);
3512	if (dep[`1`] != NULL)
3513	IFA_REMREF(&dep[`1`]->ia_ifa);
3514	dep[`1`] = (struct in6_ifaddr *)ifa;
3515	} else {
3516	IFA_UNLOCK(ifa);
3517	}
3518	continue;
3519	}
3520	IFA_ADDREF_LOCKED(ifa); / for caller /
3521	IFA_UNLOCK(ifa);
3522	ifnet_lock_done(ifp);
3523	if (dep[`0`] != NULL)
3524	IFA_REMREF(&dep[`0`]->ia_ifa);
3525	if (dep[`1`] != NULL)
3526	IFA_REMREF(&dep[`1`]->ia_ifa);
3527	return ((struct in6_ifaddr *)ifa);
3528	}
3529	ifnet_lock_done(ifp);
3530
3531	/ use the last-resort values, that are, deprecated addresses /
3532	if (dep[`0`]) {
3533	if (dep[`1`] != NULL)
3534	IFA_REMREF(&dep[`1`]->ia_ifa);
3535	return (dep[`0`]);
3536	}
3537	if (dep[`1`])
3538	return (dep[`1`]);
3539
3540	return (NULL);
3541	}
3542
3543	/*
3544	* perform DAD when interface becomes IFF_UP.
3545	*/
3546	static void
3547	in6_if_up_dad_start(struct ifnet *ifp)
3548	{
3549	struct ifaddr *ifa;
3550	struct nd_ifinfo *ndi = NULL;
3551
3552	ndi = ND_IFINFO(ifp);
3553	VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3554	if (!(ndi->flags & ND6_IFF_DAD))
3555	return;
3556
3557	/ start DAD on all the interface addresses /
3558	ifnet_lock_exclusive(ifp);
3559	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
3560	struct in6_ifaddr *ia6;
3561
3562	IFA_LOCK_SPIN(ifa);
3563	if (ifa->ifa_addr->sa_family != AF_INET6) {
3564	IFA_UNLOCK(ifa);
3565	continue;
3566	}
3567	ia6 = (struct in6_ifaddr *)ifa;
3568	if (ia6->ia6_flags & IN6_IFF_DADPROGRESS) {
3569	int delay = `0`; / delay ticks before DAD output /
3570	IFA_UNLOCK(ifa);
3571	nd6_dad_start(ifa, &delay);
3572	} else {
3573	IFA_UNLOCK(ifa);
3574	}
3575	}
3576	ifnet_lock_done(ifp);
3577	}
3578
3579	int
3580	in6if_do_dad(
3581	struct ifnet *ifp)
3582	{
3583	struct nd_ifinfo *ndi = NULL;
3584
3585	if ((ifp->if_flags & IFF_LOOPBACK) != `0`)
3586	return (`0`);
3587
3588	ndi = ND_IFINFO(ifp);
3589	VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3590	if (!(ndi->flags & ND6_IFF_DAD))
3591	return (`0`);
3592
3593	/*
3594	* If we are using the alternative neighbor discovery
3595	* interface on this interface, then skip DAD.
3596	*
3597	* Also, skip it for interfaces marked "local private"
3598	* for now, even when not marked as using the alternative
3599	* interface. This is for historical reasons.
3600	*/
3601	if (ifp->if_eflags &
3602	(IFEF_IPV6_ND6ALT\|IFEF_LOCALNET_PRIVATE\|IFEF_DIRECTLINK))
3603	return (`0`);
3604
3605	if (ifp->if_subfamily == IFNET_SUBFAMILY_IPSEC \|\|
3606	ifp->if_subfamily == IFNET_SUBFAMILY_UTUN) {
3607	/*
3608	* Ignore DAD for tunneling virtual interfaces, which get
3609	* their IPv6 address explicitly assigned.
3610	*/
3611	return (`0`);
3612	}
3613
3614	switch (ifp->if_type) {
3615	#if IFT_DUMMY
3616	case IFT_DUMMY:
3617	#endif
3618	case IFT_FAITH:
3619	/*
3620	* These interfaces do not have the IFF_LOOPBACK flag,
3621	* but loop packets back. We do not have to do DAD on such
3622	* interfaces. We should even omit it, because loop-backed
3623	* NS would confuse the DAD procedure.
3624	*/
3625	return (`0`);
3626	default:
3627	/*
3628	* Our DAD routine requires the interface up and running.
3629	* However, some interfaces can be up before the RUNNING
3630	* status. Additionaly, users may try to assign addresses
3631	* before the interface becomes up (or running).
3632	* We simply skip DAD in such a case as a work around.
3633	* XXX: we should rather mark "tentative" on such addresses,
3634	* and do DAD after the interface becomes ready.
3635	*/
3636	if ((ifp->if_flags & (IFF_UP\|IFF_RUNNING)) !=
3637	(IFF_UP\|IFF_RUNNING))
3638	return (`0`);
3639
3640	return (`1`);
3641	}
3642	}
3643
3644	/*
3645	* Calculate max IPv6 MTU through all the interfaces and store it
3646	* to in6_maxmtu.
3647	*/
3648	void
3649	in6_setmaxmtu(void)
3650	{
3651	u_int32_t maxmtu = `0`;
3652	struct ifnet *ifp;
3653
3654	ifnet_head_lock_shared();
3655	TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
3656	struct nd_ifinfo *ndi = NULL;
3657
3658	if ((ndi = ND_IFINFO(ifp)) != NULL && !ndi->initialized)
3659	ndi = NULL;
3660	if (ndi != NULL)
3661	lck_mtx_lock(&ndi->lock);
3662	if ((ifp->if_flags & IFF_LOOPBACK) == `0` &&
3663	IN6_LINKMTU(ifp) > maxmtu)
3664	maxmtu = IN6_LINKMTU(ifp);
3665	if (ndi != NULL)
3666	lck_mtx_unlock(&ndi->lock);
3667	}
3668	ifnet_head_done();
3669	if (maxmtu) / update only when maxmtu is positive /
3670	in6_maxmtu = maxmtu;
3671	}
3672	/*
3673	* Provide the length of interface identifiers to be used for the link attached
3674	* to the given interface. The length should be defined in "IPv6 over
3675	* xxx-link" document. Note that address architecture might also define
3676	* the length for a particular set of address prefixes, regardless of the
3677	* link type. Also see RFC 4862 for additional background.
3678	*/
3679	int
3680	in6_if2idlen(struct ifnet *ifp)
3681	{
3682	switch (ifp->if_type) {
3683	case IFT_ETHER: / RFC2464 /
3684	case IFT_IEEE8023ADLAG: / IEEE802.3ad Link Aggregate /
3685	#ifdef IFT_PROPVIRTUAL
3686	case IFT_PROPVIRTUAL: / XXX: no RFC. treat it as ether /
3687	#endif
3688	#ifdef IFT_L2VLAN
3689	case IFT_L2VLAN: / ditto /
3690	#endif
3691	#ifdef IFT_IEEE80211
3692	case IFT_IEEE80211: / ditto /
3693	#endif
3694	#ifdef IFT_MIP
3695	case IFT_MIP: / ditto /
3696	#endif
3697	return (`64`);
3698	case IFT_FDDI: / RFC2467 /
3699	return (`64`);
3700	case IFT_ISO88025: / RFC2470 (IPv6 over Token Ring) /
3701	return (`64`);
3702	case IFT_PPP: / RFC2472 /
3703	return (`64`);
3704	case IFT_ARCNET: / RFC2497 /
3705	return (`64`);
3706	case IFT_FRELAY: / RFC2590 /
3707	return (`64`);
3708	case IFT_IEEE1394: / RFC3146 /
3709	return (`64`);
3710	case IFT_GIF:
3711	return (`64`); / draft-ietf-v6ops-mech-v2-07 /
3712	case IFT_LOOP:
3713	return (`64`); / XXX: is this really correct? /
3714	case IFT_OTHER:
3715	return (`64`); / for utun interfaces /
3716	case IFT_CELLULAR:
3717	return (`64`); / Packet Data over Cellular /
3718	case IFT_BRIDGE:
3719	return (`64`); / Transparent bridge interface /
3720	default:
3721	/*
3722	* Unknown link type:
3723	* It might be controversial to use the today's common constant
3724	* of 64 for these cases unconditionally. For full compliance,
3725	* we should return an error in this case. On the other hand,
3726	* if we simply miss the standard for the link type or a new
3727	* standard is defined for a new link type, the IFID length
3728	* is very likely to be the common constant. As a compromise,
3729	* we always use the constant, but make an explicit notice
3730	* indicating the "unknown" case.
3731	*/
3732	log(LOG_NOTICE, "%s: unknown link type (%d)\n", __func__,
3733	ifp->if_type);
3734	return (`64`);
3735	}
3736	}
3737	/*
3738	* Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
3739	* v4 mapped addr or v4 compat addr
3740	*/
3741	void
3742	in6_sin6_2_sin(struct sockaddr_in sin, struct* sockaddr_in6 *sin6)
3743	{
3744	bzero(sin, sizeof (*sin));
3745	sin->sin_len = sizeof (struct sockaddr_in);
3746	sin->sin_family = AF_INET;
3747	sin->sin_port = sin6->sin6_port;
3748	sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[`3`];
3749	}
3750
3751	/ Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. /
3752	void
3753	in6_sin_2_v4mapsin6(struct sockaddr_in sin, struct* sockaddr_in6 *sin6)
3754	{
3755	bzero(sin6, sizeof (*sin6));
3756	sin6->sin6_len = sizeof (struct sockaddr_in6);
3757	sin6->sin6_family = AF_INET6;
3758	sin6->sin6_port = sin->sin_port;
3759	sin6->sin6_addr.s6_addr32[`0`] = `0`;
3760	sin6->sin6_addr.s6_addr32[`1`] = `0`;
3761	if (sin->sin_addr.s_addr) {
3762	sin6->sin6_addr.s6_addr32[`2`] = IPV6_ADDR_INT32_SMP;
3763	sin6->sin6_addr.s6_addr32[`3`] = sin->sin_addr.s_addr;
3764	} else {
3765	sin6->sin6_addr.s6_addr32[`2`] = `0`;
3766	sin6->sin6_addr.s6_addr32[`3`] = `0`;
3767	}
3768	}
3769
3770	/ Convert sockaddr_in6 into sockaddr_in. /
3771	void
3772	in6_sin6_2_sin_in_sock(struct sockaddr *nam)
3773	{
3774	struct sockaddr_in *sin_p;
3775	struct sockaddr_in6 sin6;
3776
3777	/*
3778	* Save original sockaddr_in6 addr and convert it
3779	* to sockaddr_in.
3780	*/
3781	sin6 = (struct* sockaddr_in6 )(void* *)nam;
3782	sin_p = (struct sockaddr_in )(void* *)nam;
3783	in6_sin6_2_sin(sin_p, &sin6);
3784	}
3785
3786	/ Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. /
3787	int
3788	in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
3789	{
3790	struct sockaddr_in *sin_p;
3791	struct sockaddr_in6 *sin6_p;
3792
3793	MALLOC(sin6_p, struct sockaddr_in6 , sizeof* (*sin6_p), M_SONAME,
3794	M_WAITOK);
3795	if (sin6_p == NULL)
3796	return (ENOBUFS);
3797	sin_p = (struct sockaddr_in )(void* )nam;
3798	in6_sin_2_v4mapsin6(sin_p, sin6_p);
3799	FREE(*nam, M_SONAME);
3800	nam = (struct* sockaddr *)sin6_p;
3801
3802	return (`0`);
3803	}
3804
3805	/*
3806	* Posts in6_event_data message kernel events.
3807	*
3808	* To get the same size of kev_in6_data between ILP32 and LP64 data models
3809	* we are using a special version of the in6_addrlifetime structure that
3810	* uses only 32 bits fields to be compatible with Leopard, and that
3811	* are large enough to span 68 years.
3812	*/
3813	void
3814	in6_post_msg(struct ifnet ifp, u_int32_t event_code, struct* in6_ifaddr *ifa,
3815	uint8_t *mac)
3816	{
3817	struct kev_msg ev_msg;
3818	struct kev_in6_data in6_event_data;
3819	struct in6_addrlifetime ia6_lt;
3820
3821	bzero(&in6_event_data, sizeof (struct kev_in6_data));
3822	bzero(&ev_msg, sizeof (struct kev_msg));
3823	ev_msg.vendor_code = KEV_VENDOR_APPLE;
3824	ev_msg.kev_class = KEV_NETWORK_CLASS;
3825	ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
3826	ev_msg.event_code = event_code;
3827
3828	if (ifa) {
3829	IFA_LOCK(&ifa->ia_ifa);
3830	in6_event_data.ia_addr = ifa->ia_addr;
3831	in6_event_data.ia_net = ifa->ia_net;
3832	in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
3833	in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
3834	in6_event_data.ia_plen = ifa->ia_plen;
3835	in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
3836
3837	/ retrieve time as calendar time (last arg is 1) /
3838	in6ifa_getlifetime(ifa, &ia6_lt, `1`);
3839	in6_event_data.ia_lifetime.ia6t_expire = ia6_lt.ia6t_expire;
3840	in6_event_data.ia_lifetime.ia6t_preferred = ia6_lt.ia6t_preferred;
3841	in6_event_data.ia_lifetime.ia6t_vltime = ia6_lt.ia6t_vltime;
3842	in6_event_data.ia_lifetime.ia6t_pltime = ia6_lt.ia6t_pltime;
3843	IFA_UNLOCK(&ifa->ia_ifa);
3844	}
3845
3846	if (ifp != NULL) {
3847	(void) strlcpy(&in6_event_data.link_data.if_name[`0`],
3848	ifp->if_name, IFNAMSIZ);
3849	in6_event_data.link_data.if_family = ifp->if_family;
3850	in6_event_data.link_data.if_unit = (u_int32_t)ifp->if_unit;
3851	}
3852
3853	if (mac != NULL)
3854	memcpy(&in6_event_data.ia_mac, mac,
3855	sizeof(in6_event_data.ia_mac));
3856
3857	ev_msg.dv[`0`].data_ptr = &in6_event_data;
3858	ev_msg.dv[`0`].data_length = sizeof (in6_event_data);
3859	ev_msg.dv[`1`].data_length = `0`;
3860
3861	dlil_post_complete_msg(NULL, &ev_msg);
3862	}
3863
3864	/*
3865	* Called as part of ip6_init
3866	*/
3867	void
3868	in6_ifaddr_init(void)
3869	{
3870	in6_cga_init();
3871	in6_multi_init();
3872
3873	PE_parse_boot_argn("ifa_debug", &in6ifa_debug, sizeof (in6ifa_debug));
3874
3875	in6ifa_size = (in6ifa_debug == `0`) ? sizeof (struct in6_ifaddr) :
3876	sizeof (struct in6_ifaddr_dbg);
3877
3878	in6ifa_zone = zinit(in6ifa_size, IN6IFA_ZONE_MAX * in6ifa_size,
3879	`0`, IN6IFA_ZONE_NAME);
3880	if (in6ifa_zone == NULL) {
3881	panic("%s: failed allocating %s", __func__, IN6IFA_ZONE_NAME);
3882	/ NOTREACHED /
3883	}
3884	zone_change(in6ifa_zone, Z_EXPAND, TRUE);
3885	zone_change(in6ifa_zone, Z_CALLERACCT, FALSE);
3886
3887	lck_mtx_init(&in6ifa_trash_lock, ifa_mtx_grp, ifa_mtx_attr);
3888	TAILQ_INIT(&in6ifa_trash_head);
3889	}
3890
3891	static struct in6_ifaddr *
3892	in6_ifaddr_alloc(int how)
3893	{
3894	struct in6_ifaddr *in6ifa;
3895
3896	in6ifa = (how == M_WAITOK) ? zalloc(in6ifa_zone) :
3897	zalloc_noblock(in6ifa_zone);
3898	if (in6ifa != NULL) {
3899	bzero(in6ifa, in6ifa_size);
3900	in6ifa->ia_ifa.ifa_free = in6_ifaddr_free;
3901	in6ifa->ia_ifa.ifa_debug \|= IFD_ALLOC;
3902	ifa_lock_init(&in6ifa->ia_ifa);
3903	if (in6ifa_debug != `0`) {
3904	struct in6_ifaddr_dbg *in6ifa_dbg =
3905	(struct in6_ifaddr_dbg *)in6ifa;
3906	in6ifa->ia_ifa.ifa_debug \|= IFD_DEBUG;
3907	in6ifa->ia_ifa.ifa_trace = in6_ifaddr_trace;
3908	in6ifa->ia_ifa.ifa_attached = in6_ifaddr_attached;
3909	in6ifa->ia_ifa.ifa_detached = in6_ifaddr_detached;
3910	ctrace_record(&in6ifa_dbg->in6ifa_alloc);
3911	}
3912	}
3913
3914	return (in6ifa);
3915	}
3916
3917	static void
3918	in6_ifaddr_free(struct ifaddr *ifa)
3919	{
3920	IFA_LOCK_ASSERT_HELD(ifa);
3921
3922	if (ifa->ifa_refcnt != `0`) {
3923	panic("%s: ifa %p bad ref cnt", __func__, ifa);
3924	/ NOTREACHED /
3925	} else if (!(ifa->ifa_debug & IFD_ALLOC)) {
3926	panic("%s: ifa %p cannot be freed", __func__, ifa);
3927	/ NOTREACHED /
3928	}
3929	if (ifa->ifa_debug & IFD_DEBUG) {
3930	struct in6_ifaddr_dbg *in6ifa_dbg =
3931	(struct in6_ifaddr_dbg *)ifa;
3932	ctrace_record(&in6ifa_dbg->in6ifa_free);
3933	bcopy(&in6ifa_dbg->in6ifa, &in6ifa_dbg->in6ifa_old,
3934	sizeof (struct in6_ifaddr));
3935	if (ifa->ifa_debug & IFD_TRASHED) {
3936	/ Become a regular mutex, just in case /
3937	IFA_CONVERT_LOCK(ifa);
3938	lck_mtx_lock(&in6ifa_trash_lock);
3939	TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg,
3940	in6ifa_trash_link);
3941	lck_mtx_unlock(&in6ifa_trash_lock);
3942	ifa->ifa_debug &= ~IFD_TRASHED;
3943	}
3944	}
3945	IFA_UNLOCK(ifa);
3946	ifa_lock_destroy(ifa);
3947	bzero(ifa, sizeof (struct in6_ifaddr));
3948	zfree(in6ifa_zone, ifa);
3949	}
3950
3951	static void
3952	in6_ifaddr_attached(struct ifaddr *ifa)
3953	{
3954	struct in6_ifaddr_dbg in6ifa_dbg = (struct* in6_ifaddr_dbg *)ifa;
3955
3956	IFA_LOCK_ASSERT_HELD(ifa);
3957
3958	if (!(ifa->ifa_debug & IFD_DEBUG)) {
3959	panic("%s: ifa %p has no debug structure", __func__, ifa);
3960	/ NOTREACHED /
3961	}
3962	if (ifa->ifa_debug & IFD_TRASHED) {
3963	/ Become a regular mutex, just in case /
3964	IFA_CONVERT_LOCK(ifa);
3965	lck_mtx_lock(&in6ifa_trash_lock);
3966	TAILQ_REMOVE(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
3967	lck_mtx_unlock(&in6ifa_trash_lock);
3968	ifa->ifa_debug &= ~IFD_TRASHED;
3969	}
3970	}
3971
3972	static void
3973	in6_ifaddr_detached(struct ifaddr *ifa)
3974	{
3975	struct in6_ifaddr_dbg in6ifa_dbg = (struct* in6_ifaddr_dbg *)ifa;
3976
3977	IFA_LOCK_ASSERT_HELD(ifa);
3978
3979	if (!(ifa->ifa_debug & IFD_DEBUG)) {
3980	panic("%s: ifa %p has no debug structure", __func__, ifa);
3981	/ NOTREACHED /
3982	} else if (ifa->ifa_debug & IFD_TRASHED) {
3983	panic("%s: ifa %p is already in trash list", __func__, ifa);
3984	/ NOTREACHED /
3985	}
3986	ifa->ifa_debug \|= IFD_TRASHED;
3987	/ Become a regular mutex, just in case /
3988	IFA_CONVERT_LOCK(ifa);
3989	lck_mtx_lock(&in6ifa_trash_lock);
3990	TAILQ_INSERT_TAIL(&in6ifa_trash_head, in6ifa_dbg, in6ifa_trash_link);
3991	lck_mtx_unlock(&in6ifa_trash_lock);
3992	}
3993
3994	static void
3995	in6_ifaddr_trace(struct ifaddr ifa, int* refhold)
3996	{
3997	struct in6_ifaddr_dbg in6ifa_dbg = (struct* in6_ifaddr_dbg *)ifa;
3998	ctrace_t *tr;
3999	u_int32_t idx;
4000	u_int16_t *cnt;
4001
4002	if (!(ifa->ifa_debug & IFD_DEBUG)) {
4003	panic("%s: ifa %p has no debug structure", __func__, ifa);
4004	/ NOTREACHED /
4005	}
4006	if (refhold) {
4007	cnt = &in6ifa_dbg->in6ifa_refhold_cnt;
4008	tr = in6ifa_dbg->in6ifa_refhold;
4009	} else {
4010	cnt = &in6ifa_dbg->in6ifa_refrele_cnt;
4011	tr = in6ifa_dbg->in6ifa_refrele;
4012	}
4013
4014	idx = atomic_add_16_ov(cnt, `1`) % IN6IFA_TRACE_HIST_SIZE;
4015	ctrace_record(&tr[idx]);
4016	}
4017
4018	/*
4019	* Handle SIOCGASSOCIDS ioctl for PF_INET6 domain.
4020	*/
4021	static int
4022	in6_getassocids(struct socket so, uint32_t cnt, user_addr_t aidp)
4023	{
4024	struct in6pcb *in6p = sotoin6pcb(so);
4025	sae_associd_t aid;
4026
4027	if (in6p == NULL \|\| in6p->inp_state == INPCB_STATE_DEAD)
4028	return (EINVAL);
4029
4030	/ IN6PCB has no concept of association /
4031	aid = SAE_ASSOCID_ANY;
4032	*cnt = `0`;
4033
4034	/ just asking how many there are? /
4035	if (aidp == USER_ADDR_NULL)
4036	return (`0`);
4037
4038	return (copyout(&aid, aidp, sizeof (aid)));
4039	}
4040
4041	/*
4042	* Handle SIOCGCONNIDS ioctl for PF_INET6 domain.
4043	*/
4044	static int
4045	in6_getconnids(struct socket so, sae_associd_t aid, uint32_t cnt,
4046	user_addr_t cidp)
4047	{
4048	struct in6pcb *in6p = sotoin6pcb(so);
4049	sae_connid_t cid;
4050
4051	if (in6p == NULL \|\| in6p->inp_state == INPCB_STATE_DEAD)
4052	return (EINVAL);
4053
4054	if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL)
4055	return (EINVAL);
4056
4057	/ if connected, return 1 connection count /
4058	*cnt = ((so->so_state & SS_ISCONNECTED) ? `1` : `0`);
4059
4060	/ just asking how many there are? /
4061	if (cidp == USER_ADDR_NULL)
4062	return (`0`);
4063
4064	/ if IN6PCB is connected, assign it connid 1 /
4065	cid = ((*cnt != `0`) ? `1` : SAE_CONNID_ANY);
4066
4067	return (copyout(&cid, cidp, sizeof (cid)));
4068	}
4069
4070	/*
4071	* Handle SIOCGCONNINFO ioctl for PF_INET6 domain.
4072	*/
4073	int
4074	in6_getconninfo(struct socket so, sae_connid_t cid, uint32_t flags,
4075	uint32_t ifindex, int32_t soerror, user_addr_t src, socklen_t *src_len,
4076	user_addr_t dst, socklen_t dst_len, uint32_t aux_type,
4077	user_addr_t aux_data, uint32_t *aux_len)
4078	{
4079	struct in6pcb *in6p = sotoin6pcb(so);
4080	struct sockaddr_in6 sin6;
4081	struct ifnet *ifp = NULL;
4082	int error = `0`;
4083	u_int32_t copy_len = `0`;
4084
4085	/*
4086	* Don't test for INPCB_STATE_DEAD since this may be called
4087	* after SOF_PCBCLEARING is set, e.g. after tcp_close().
4088	*/
4089	if (in6p == NULL) {
4090	error = EINVAL;
4091	goto out;
4092	}
4093
4094	if (cid != SAE_CONNID_ANY && cid != SAE_CONNID_ALL && cid != `1`) {
4095	error = EINVAL;
4096	goto out;
4097	}
4098
4099	ifp = in6p->in6p_last_outifp;
4100	*ifindex = ((ifp != NULL) ? ifp->if_index : `0`);
4101	*soerror = so->so_error;
4102	*flags = `0`;
4103	if (so->so_state & SS_ISCONNECTED)
4104	*flags \|= (CIF_CONNECTED \| CIF_PREFERRED);
4105	if (in6p->in6p_flags & INP_BOUND_IF)
4106	*flags \|= CIF_BOUND_IF;
4107	if (!(in6p->in6p_flags & INP_IN6ADDR_ANY))
4108	*flags \|= CIF_BOUND_IP;
4109	if (!(in6p->in6p_flags & INP_ANONPORT))
4110	*flags \|= CIF_BOUND_PORT;
4111
4112	bzero(&sin6, sizeof (sin6));
4113	sin6.sin6_len = sizeof (sin6);
4114	sin6.sin6_family = AF_INET6;
4115
4116	/ source address and port /
4117	sin6.sin6_port = in6p->in6p_lport;
4118	in6_recoverscope(&sin6, &in6p->in6p_laddr, NULL);
4119	if (*src_len == `0`) {
4120	*src_len = sin6.sin6_len;
4121	} else {
4122	if (src != USER_ADDR_NULL) {
4123	copy_len = min(src_len, sizeof* (sin6));
4124	error = copyout(&sin6, src, copy_len);
4125	if (error != `0`)
4126	goto out;
4127	*src_len = copy_len;
4128	}
4129	}
4130
4131	/ destination address and port /
4132	sin6.sin6_port = in6p->in6p_fport;
4133	in6_recoverscope(&sin6, &in6p->in6p_faddr, NULL);
4134	if (*dst_len == `0`) {
4135	*dst_len = sin6.sin6_len;
4136	} else {
4137	if (dst != USER_ADDR_NULL) {
4138	copy_len = min(dst_len, sizeof* (sin6));
4139	error = copyout(&sin6, dst, copy_len);
4140	if (error != `0`)
4141	goto out;
4142	*dst_len = copy_len;
4143	}
4144	}
4145
4146	if (SOCK_PROTO(so) == IPPROTO_TCP) {
4147	struct conninfo_tcp tcp_ci;
4148
4149	*aux_type = CIAUX_TCP;
4150	if (*aux_len == `0`) {
4151	aux_len = sizeof* (tcp_ci);
4152	} else {
4153	if (aux_data != USER_ADDR_NULL) {
4154	copy_len = min(aux_len, sizeof* (tcp_ci));
4155	bzero(&tcp_ci, sizeof (tcp_ci));
4156	tcp_getconninfo(so, &tcp_ci);
4157	error = copyout(&tcp_ci, aux_data, copy_len);
4158	if (error != `0`)
4159	goto out;
4160	*aux_len = copy_len;
4161	}
4162	}
4163	} else {
4164	*aux_type = `0`;
4165	*aux_len = `0`;
4166	}
4167
4168	out:
4169	return (error);
4170	}
4171
4172	/*
4173	* 'u' group ioctls.
4174	*
4175	* The switch statement below does nothing at runtime, as it serves as a
4176	* compile time check to ensure that all of the socket 'u' ioctls (those
4177	* in the 'u' group going thru soo_ioctl) that are made available by the
4178	* networking stack is unique. This works as long as this routine gets
4179	* updated each time a new interface ioctl gets added.
4180	*
4181	* Any failures at compile time indicates duplicated ioctl values.
4182	*/
4183	static __attribute__((unused)) void
4184	in6ioctl_cassert(void)
4185	{
4186	/*
4187	* This is equivalent to _CASSERT() and the compiler wouldn't
4188	* generate any instructions, thus for compile time only.
4189	*/
4190	switch ((u_long)`0`) {
4191	case `0`:
4192
4193	/ bsd/netinet6/in6_var.h /
4194	case SIOCAADDRCTL_POLICY:
4195	case SIOCDADDRCTL_POLICY:
4196	case SIOCDRADD_IN6_32:
4197	case SIOCDRADD_IN6_64:
4198	case SIOCDRDEL_IN6_32:
4199	case SIOCDRDEL_IN6_64:
4200	;
4201	}
4202	}
4203
4204	struct in6_llentry {
4205	struct llentry base;
4206	};
4207
4208	#define IN6_LLTBL_DEFAULT_HSIZE 32
4209	#define IN6_LLTBL_HASH(k, h) \
4210	((((((((k) >> 8) ^ (k)) >> 8) ^ (k)) >> 8) ^ (k)) & ((h) - 1))
4211
4212	/*
4213	* Do actual deallocation of @lle.
4214	*/
4215	static void
4216	in6_lltable_destroy_lle_unlocked(struct llentry *lle)
4217	{
4218	LLE_LOCK_DESTROY(lle);
4219	LLE_REQ_DESTROY(lle);
4220	FREE(lle, M_LLTABLE);
4221	}
4222
4223	/*
4224	* Called by LLE_FREE_LOCKED when number of references
4225	* drops to zero.
4226	*/
4227	static void
4228	in6_lltable_destroy_lle(struct llentry *lle)
4229	{
4230	LLE_WUNLOCK(lle);
4231	/ XXX TBD /
4232	//thread_call_free(lle->lle_timer);
4233	in6_lltable_destroy_lle_unlocked(lle);
4234	}
4235
4236
4237	static struct llentry *
4238	in6_lltable_new(const struct in6_addr *addr6, u_int flags)
4239	{
4240	#pragma unused(flags)
4241	struct in6_llentry *lle;
4242
4243	MALLOC(lle, struct in6_llentry , sizeof(struct* in6_llentry), M_LLTABLE, M_NOWAIT \| M_ZERO);
4244	if (lle == NULL) / NB: caller generates msg /
4245	return NULL;
4246
4247	lle->base.r_l3addr.addr6 = *addr6;
4248	lle->base.lle_refcnt = `1`;
4249	lle->base.lle_free = in6_lltable_destroy_lle;
4250	LLE_LOCK_INIT(&lle->base);
4251	LLE_REQ_INIT(&lle->base);
4252	#if 0
4253	/ XXX TBD /
4254	lle->base.lle_timer = thread_call_allocate(nd6_llinfo_timer, lle);
4255
4256	if (lle->base.lle_timer == NULL) {
4257	printf("lle_timer thread call could not be allocated.\n");
4258	LLE_LOCK_DESTROY(&lle->base);
4259	LLE_REQ_DESTROY(&lle->base);
4260	FREE(lle, M_LLTABLE);
4261	return NULL;
4262	}
4263	#endif
4264	return (&lle->base);
4265	}
4266
4267	static int
4268	in6_lltable_match_prefix(const struct sockaddr *saddr,
4269	const struct sockaddr smask, u_int flags, struct* llentry *lle)
4270	{
4271	const struct in6_addr addr, mask, *lle_addr;
4272
4273	addr = &((const struct sockaddr_in6 )(const* void *)saddr)->sin6_addr;
4274	mask = &((const struct sockaddr_in6 )(const* void *)smask)->sin6_addr;
4275	lle_addr = &lle->r_l3addr.addr6;
4276
4277	if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == `0`)
4278	return (`0`);
4279
4280	if (lle->la_flags & LLE_IFADDR) {
4281	/*
4282	* Delete LLE_IFADDR records IFF address & flag matches.
4283	* Note that addr is the interface address within prefix
4284	* being matched.
4285	*/
4286	if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) &&
4287	(flags & LLE_STATIC) != `0`)
4288	return (`1`);
4289	return (`0`);
4290	}
4291
4292	/ flags & LLE_STATIC means deleting both dynamic and static entries /
4293	if ((flags & LLE_STATIC) \|\| !(lle->la_flags & LLE_STATIC))
4294	return (`1`);
4295
4296	return (`0`);
4297	}
4298
4299	static void
4300	in6_lltable_free_entry(struct lltable llt, struct* llentry *lle)
4301	{
4302	struct ifnet *ifp;
4303
4304	LLE_WLOCK_ASSERT(lle);
4305	KASSERT(llt != NULL, ("lltable is NULL"));
4306
4307	/ Unlink entry from table /
4308	if ((lle->la_flags & LLE_LINKED) != `0`) {
4309	ifp = llt->llt_ifp;
4310	if_afdata_wlock_assert(ifp, llt->llt_af);
4311	lltable_unlink_entry(llt, lle);
4312	}
4313
4314	#if 0
4315	/ XXX TBD /
4316	if (thread_call_cancel(lle->lle_timer) == TRUE)
4317	LLE_REMREF(lle);
4318	#endif
4319	llentry_free(lle);
4320	}
4321
4322	static int
4323	in6_lltable_rtcheck(struct ifnet *ifp,
4324	u_int flags, const struct sockaddr *l3addr)
4325	{
4326	#pragma unused(flags)
4327	struct rtentry *rt;
4328
4329	KASSERT(l3addr->sa_family == AF_INET6,
4330	("sin_family %d", l3addr->sa_family));
4331	/ XXX rtalloc1 should take a const param /
4332	rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), `0`, `0`);
4333	if (rt == NULL \|\| (rt->rt_flags & RTF_GATEWAY) \|\| rt->rt_ifp != ifp) {
4334	struct ifaddr *ifa;
4335	/*
4336	* Create an ND6 cache for an IPv6 neighbor
4337	* that is not covered by our own prefix.
4338	*/
4339	/ XXX ifaof_ifpforaddr should take a const param /
4340	ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
4341	if (ifa != NULL) {
4342	IFA_REMREF(ifa);
4343	if (rt != NULL)
4344	rtfree(rt);
4345	return `0`;
4346	}
4347	log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
4348	ip6_sprintf(&((const struct sockaddr_in6 )(const* void *)l3addr)->sin6_addr));
4349	if (rt != NULL)
4350	rtfree(rt);
4351	return EINVAL;
4352	}
4353	rtfree(rt);
4354	return `0`;
4355	}
4356
4357	static inline uint32_t
4358	in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
4359	{
4360	return (IN6_LLTBL_HASH(dst->s6_addr32[`3`], hsize));
4361	}
4362
4363	static uint32_t
4364	in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
4365	{
4366	return (in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize));
4367	}
4368
4369	static void
4370	in6_lltable_fill_sa_entry(const struct llentry lle, struct* sockaddr *sa)
4371	{
4372	struct sockaddr_in6 *sin6;
4373
4374	sin6 = (struct sockaddr_in6 )(void* *)sa;
4375	bzero(sin6, sizeof(*sin6));
4376	sin6->sin6_family = AF_INET6;
4377	sin6->sin6_len = sizeof(*sin6);
4378	sin6->sin6_addr = lle->r_l3addr.addr6;
4379	}
4380
4381	static inline struct llentry *
4382	in6_lltable_find_dst(struct lltable llt, const* struct in6_addr *dst)
4383	{
4384	struct llentry *lle;
4385	struct llentries *lleh;
4386	u_int hashidx;
4387
4388	hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
4389	lleh = &llt->lle_head[hashidx];
4390	LIST_FOREACH(lle, lleh, lle_next) {
4391	if (lle->la_flags & LLE_DELETED)
4392	continue;
4393	if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst))
4394	break;
4395	}
4396
4397	return (lle);
4398	}
4399
4400	static void
4401	in6_lltable_delete_entry(struct lltable llt, struct* llentry *lle)
4402	{
4403	#pragma unused(llt)
4404	lle->la_flags \|= LLE_DELETED;
4405	EVENTHANDLER_INVOKE(NULL, lle_event, lle, LLENTRY_DELETED);
4406	#ifdef DIAGNOSTIC
4407	log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
4408	#endif
4409	llentry_free(lle);
4410	}
4411
4412	static struct llentry *
4413	in6_lltable_alloc(struct lltable *llt, u_int flags,
4414	const struct sockaddr *l3addr)
4415	{
4416	const struct sockaddr_in6 sin6 = (const* struct sockaddr_in6 )(const* void *)l3addr;
4417	struct ifnet *ifp = llt->llt_ifp;
4418	struct llentry *lle;
4419
4420	KASSERT(l3addr->sa_family == AF_INET6,
4421	("sin_family %d", l3addr->sa_family));
4422
4423	/*
4424	* A route that covers the given address must have
4425	* been installed 1st because we are doing a resolution,
4426	* verify this.
4427	*/
4428	if (!(flags & LLE_IFADDR) &&
4429	in6_lltable_rtcheck(ifp, flags, l3addr) != `0`)
4430	return (NULL);
4431
4432	lle = in6_lltable_new(&sin6->sin6_addr, flags);
4433	if (lle == NULL) {
4434	log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
4435	return (NULL);
4436	}
4437	lle->la_flags = flags;
4438	if ((flags & LLE_IFADDR) == LLE_IFADDR) {
4439	lltable_set_entry_addr(ifp, lle, LLADDR(SDL(ifp->if_lladdr->ifa_addr)));
4440	lle->la_flags \|= LLE_STATIC;
4441	}
4442
4443	if ((lle->la_flags & LLE_STATIC) != `0`)
4444	lle->ln_state = ND6_LLINFO_REACHABLE;
4445
4446	return (lle);
4447	}
4448
4449	static struct llentry *
4450	in6_lltable_lookup(struct lltable *llt, u_int flags,
4451	const struct sockaddr *l3addr)
4452	{
4453	const struct sockaddr_in6 sin6 = (const* struct sockaddr_in6 )(const* void *)l3addr;
4454	struct llentry *lle;
4455
4456	IF_AFDATA_LOCK_ASSERT(llt->llt_ifp, llt->llt_af);
4457	KASSERT(l3addr->sa_family == AF_INET6,
4458	("sin_family %d", l3addr->sa_family));
4459
4460	lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
4461
4462	if (lle == NULL)
4463	return (NULL);
4464
4465	KASSERT((flags & (LLE_UNLOCKED\|LLE_EXCLUSIVE)) !=
4466	(LLE_UNLOCKED\|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
4467	flags));
4468
4469	if (flags & LLE_UNLOCKED)
4470	return (lle);
4471
4472	if (flags & LLE_EXCLUSIVE)
4473	LLE_WLOCK(lle);
4474	else
4475	LLE_RLOCK(lle);
4476	return (lle);
4477	}
4478
4479	static int
4480	in6_lltable_dump_entry(struct lltable llt, struct* llentry *lle,
4481	struct sysctl_req *wr)
4482	{
4483	struct ifnet *ifp = llt->llt_ifp;
4484	/ XXX stack use /
4485	struct {
4486	struct rt_msghdr rtm;
4487	struct sockaddr_in6 sin6;
4488	/*
4489	* ndp.c assumes that sdl is word aligned
4490	*/
4491	#ifdef __LP64__
4492	uint32_t pad;
4493	#endif
4494	struct sockaddr_dl sdl;
4495	} ndpc;
4496	struct sockaddr_dl *sdl;
4497	int error;
4498
4499	bzero(&ndpc, sizeof(ndpc));
4500	/ skip deleted entries /
4501	if ((lle->la_flags & LLE_DELETED) == LLE_DELETED)
4502	return (`0`);
4503	/ Skip if jailed and not a valid IP of the prison. /
4504	lltable_fill_sa_entry(lle,
4505	(struct sockaddr *)&ndpc.sin6);
4506	/*
4507	* produce a msg made of:
4508	* struct rt_msghdr;
4509	* struct sockaddr_in6 (IPv6)
4510	* struct sockaddr_dl;
4511	*/
4512	ndpc.rtm.rtm_msglen = sizeof(ndpc);
4513	ndpc.rtm.rtm_version = RTM_VERSION;
4514	ndpc.rtm.rtm_type = RTM_GET;
4515	ndpc.rtm.rtm_flags = RTF_UP;
4516	ndpc.rtm.rtm_addrs = RTA_DST \| RTA_GATEWAY;
4517
4518	/ publish /
4519	if (lle->la_flags & LLE_PUB)
4520	ndpc.rtm.rtm_flags \|= RTF_ANNOUNCE;
4521	sdl = &ndpc.sdl;
4522	sdl->sdl_family = AF_LINK;
4523	sdl->sdl_len = sizeof(*sdl);
4524	sdl->sdl_index = ifp->if_index;
4525	sdl->sdl_type = ifp->if_type;
4526	if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
4527	sdl->sdl_alen = ifp->if_addrlen;
4528	bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
4529	} else {
4530	sdl->sdl_alen = `0`;
4531	bzero(LLADDR(sdl), ifp->if_addrlen);
4532	}
4533	if (lle->la_expire != `0`) {
4534	clock_sec_t secs;
4535	clock_usec_t usecs;
4536
4537	clock_get_calendar_microtime(&secs, &usecs);
4538	ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire +
4539	lle->lle_remtime / hz +
4540	secs - net_uptime();
4541	}
4542	ndpc.rtm.rtm_flags \|= (RTF_HOST \| RTF_LLDATA);
4543	if (lle->la_flags & LLE_STATIC)
4544	ndpc.rtm.rtm_flags \|= RTF_STATIC;
4545	if (lle->la_flags & LLE_IFADDR)
4546	ndpc.rtm.rtm_flags \|= RTF_PINNED;
4547	if (lle->ln_router != `0`)
4548	ndpc.rtm.rtm_flags \|= RTF_GATEWAY;
4549	ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
4550	/ Store state in rmx_weight value /
4551	ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
4552	ndpc.rtm.rtm_index = ifp->if_index;
4553	error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
4554
4555	return (error);
4556	}
4557
4558	struct lltable *
4559	in6_lltattach(struct ifnet *ifp)
4560	{
4561	struct lltable *llt;
4562
4563	llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
4564	llt->llt_af = AF_INET6;
4565	llt->llt_ifp = ifp;
4566
4567	llt->llt_lookup = in6_lltable_lookup;
4568	llt->llt_alloc_entry = in6_lltable_alloc;
4569	llt->llt_delete_entry = in6_lltable_delete_entry;
4570	llt->llt_dump_entry = in6_lltable_dump_entry;
4571	llt->llt_hash = in6_lltable_hash;
4572	llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
4573	llt->llt_free_entry = in6_lltable_free_entry;
4574	llt->llt_match_prefix = in6_lltable_match_prefix;
4575	lltable_link(llt);
4576
4577	return (llt);
4578	}
4579
4580	void
4581	in6_ip6_to_sockaddr(const struct in6_addr *ip6, u_int16_t port,
4582	struct sockaddr_in6 *sin6, u_int32_t maxlen)
4583	{
4584	if (maxlen < sizeof(struct sockaddr_in6)) {
4585	return;
4586	}
4587
4588	sin6 = (struct* sockaddr_in6) {
4589	.sin6_family = AF_INET6,
4590	.sin6_len = sizeof(*sin6),
4591	.sin6_port = port,
4592	.sin6_addr = *ip6,
4593	};
4594
4595	if (IN6_IS_SCOPE_EMBED(&sin6->sin6_addr))
4596	{
4597	sin6->sin6_scope_id = ntohs(sin6->sin6_addr.s6_addr16[`1`]);
4598	sin6->sin6_addr.s6_addr16[`1`] = `0`;
4599	}
4600	}
4601
4602	/ IPv6 events /
4603	struct in6_event {
4604	in6_evhdlr_code_t in6_event_code;
4605	struct ifnet *in6_ifp;
4606	struct in6_addr in6_address;
4607	uint32_t val;
4608	};
4609
4610	struct in6_event2kev in6_event2kev_array[IN6_EVENT_MAX] = {
4611	{
4612	.in6_event_code = IN6_ADDR_MARKED_DUPLICATED,
4613	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4614	.in6_event_kev_code = KEV_ND6_DAD_FAILURE,
4615	.in6_event_str = "IN6_ADDR_MARKED_DUPLICATED",
4616	},
4617	{
4618	.in6_event_code = IN6_ADDR_MARKED_DETACHED,
4619	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4620	.in6_event_kev_code = KEV_ND6_ADDR_DETACHED,
4621	.in6_event_str = "IN6_ADDR_MARKED_DETACHED",
4622	},
4623	{
4624	.in6_event_code = IN6_ADDR_MARKED_DEPRECATED,
4625	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4626	.in6_event_kev_code = KEV_ND6_ADDR_DEPRECATED,
4627	.in6_event_str = "IN6_ADDR_MARKED_DEPRECATED",
4628	},
4629	{
4630	.in6_event_code = IN6_NDP_RTR_EXPIRY,
4631	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4632	.in6_event_kev_code = KEV_ND6_RTR_EXPIRED,
4633	.in6_event_str = "IN6_NDP_RTR_EXPIRY",
4634	},
4635	{
4636	.in6_event_code = IN6_NDP_PFX_EXPIRY,
4637	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4638	.in6_event_kev_code = KEV_ND6_PFX_EXPIRED,
4639	.in6_event_str = "IN6_NDP_PFX_EXPIRY",
4640	},
4641	{
4642	.in6_event_code = IN6_NDP_ADDR_EXPIRY,
4643	.in6_event_kev_subclass = KEV_ND6_SUBCLASS,
4644	.in6_event_kev_code = KEV_ND6_ADDR_EXPIRED,
4645	.in6_event_str = "IN6_NDP_ADDR_EXPIRY",
4646	},
4647	};
4648
4649	void
4650	in6_eventhdlr_callback(struct eventhandler_entry_arg arg0 __unused,
4651	in6_evhdlr_code_t in6_ev_code, struct ifnet *ifp,
4652	struct in6_addr *p_addr6, uint32_t val)
4653	{
4654	struct kev_msg ev_msg;
4655	struct kev_nd6_event nd6_event;
4656
4657	bzero(&ev_msg, sizeof(ev_msg));
4658	bzero(&nd6_event, sizeof(nd6_event));
4659
4660	nd6log0((LOG_INFO, "%s Event %s received for %s\n",
4661	__func__, in6_event2kev_array[in6_ev_code].in6_event_str,
4662	ip6_sprintf(p_addr6)));
4663
4664	ev_msg.vendor_code = KEV_VENDOR_APPLE;
4665	ev_msg.kev_class = KEV_NETWORK_CLASS;
4666	ev_msg.kev_subclass =
4667	in6_event2kev_array[in6_ev_code].in6_event_kev_subclass;
4668	ev_msg.event_code =
4669	in6_event2kev_array[in6_ev_code].in6_event_kev_code;
4670
4671	nd6_event.link_data.if_family = ifp->if_family;
4672	nd6_event.link_data.if_unit = ifp->if_unit;
4673	strlcpy(nd6_event.link_data.if_name, ifp->if_name,
4674	sizeof(nd6_event.link_data.if_name));
4675
4676	VERIFY(p_addr6 != NULL);
4677	bcopy(p_addr6, &nd6_event.in6_address,
4678	sizeof(nd6_event.in6_address));
4679	nd6_event.val = val;
4680
4681	ev_msg.dv[`0`].data_ptr = &nd6_event;
4682	ev_msg.dv[`0`].data_length = sizeof(nd6_event);
4683
4684	kev_post_msg(&ev_msg);
4685	}
4686
4687	static void
4688	in6_event_callback(void *arg)
4689	{
4690	struct in6_event p_in6_ev = (struct* in6_event *)arg;
4691
4692	EVENTHANDLER_INVOKE(&in6_evhdlr_ctxt, in6_event,
4693	p_in6_ev->in6_event_code, p_in6_ev->in6_ifp,
4694	&p_in6_ev->in6_address, p_in6_ev->val);
4695	}
4696
4697	struct in6_event_nwk_wq_entry
4698	{
4699	struct nwk_wq_entry nwk_wqe;
4700	struct in6_event in6_ev_arg;
4701	};
4702
4703	void
4704	in6_event_enqueue_nwk_wq_entry(in6_evhdlr_code_t in6_event_code,
4705	struct ifnet ifp, struct* in6_addr *p_addr6,
4706	uint32_t val)
4707	{
4708	struct in6_event_nwk_wq_entry *p_in6_ev = NULL;
4709
4710	MALLOC(p_in6_ev, struct in6_event_nwk_wq_entry *,
4711	sizeof(struct in6_event_nwk_wq_entry),
4712	M_NWKWQ, M_WAITOK \| M_ZERO);
4713
4714	p_in6_ev->nwk_wqe.func = in6_event_callback;
4715	p_in6_ev->nwk_wqe.is_arg_managed = TRUE;
4716	p_in6_ev->nwk_wqe.arg = &p_in6_ev->in6_ev_arg;
4717
4718	p_in6_ev->in6_ev_arg.in6_event_code = in6_event_code;
4719	p_in6_ev->in6_ev_arg.in6_ifp = ifp;
4720	if (p_addr6 != NULL) {
4721	bcopy(p_addr6, &p_in6_ev->in6_ev_arg.in6_address,
4722	sizeof(p_in6_ev->in6_ev_arg.in6_address));
4723	}
4724	p_in6_ev->in6_ev_arg.val = val;
4725
4726	nwk_wq_enqueue((struct nwk_wq_entry*)p_in6_ev);
4727	}
4728

Browse the source code of xnu/bsd/netinet6/in6.c