if_ports_used.c source code [xnu/bsd/net/if_ports_used.c]

1	/*
2	* Copyright (c) 2017-2023 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	#include <sys/types.h>
30	#include <sys/sysctl.h>
31	#include <sys/time.h>
32	#include <sys/mcache.h>
33	#include <sys/malloc.h>
34	#include <sys/kauth.h>
35	#include <sys/kern_event.h>
36	#include <sys/bitstring.h>
37	#include <sys/priv.h>
38	#include <sys/proc.h>
39	#include <sys/protosw.h>
40	#include <sys/socket.h>
41
42	#include <kern/locks.h>
43	#include <kern/zalloc.h>
44
45	#include <libkern/libkern.h>
46
47	#include <net/kpi_interface.h>
48	#include <net/if_var.h>
49	#include <net/if_ports_used.h>
50
51	#include <netinet/in_pcb.h>
52	#include <netinet/ip.h>
53	#include <netinet/ip6.h>
54	#include <netinet/tcp_var.h>
55	#include <netinet/tcp_fsm.h>
56	#include <netinet/udp.h>
57
58	#if SKYWALK
59	#include <skywalk/os_skywalk_private.h>
60	#include <skywalk/nexus/flowswitch/flow/flow_var.h>
61	#include <skywalk/namespace/netns.h>
62	#endif /* SKYWALK */
63
64	#include <stdbool.h>
65
66	#include <os/log.h>
67
68	#define ESP_HDR_SIZE 4
69	#define PORT_ISAKMP 500
70	#define PORT_ISAKMP_NATT 4500 /* rfc3948 */
71
72	#define IF_XNAME(ifp) ((ifp) != NULL ? (ifp)->if_xname : "")
73
74	extern bool IOPMCopySleepWakeUUIDKey(char *buffer, size_t buf_len);
75
76	SYSCTL_DECL(_net_link_generic_system);
77
78	SYSCTL_NODE(_net_link_generic_system, OID_AUTO, port_used,
79	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "if port used");
80
81	struct if_ports_used_stats if_ports_used_stats = {};
82	static int sysctl_if_ports_used_stats SYSCTL_HANDLER_ARGS;
83	SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO, stats,
84	CTLTYPE_STRUCT \| CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, `0`,
85	sysctl_if_ports_used_stats, "S,struct if_ports_used_stats", "");
86
87	static uuid_t current_wakeuuid;
88	SYSCTL_OPAQUE(_net_link_generic_system_port_used, OID_AUTO, current_wakeuuid,
89	CTLFLAG_RD \| CTLFLAG_LOCKED,
90	current_wakeuuid, sizeof(uuid_t), "S,uuid_t", "");
91
92	static int sysctl_net_port_info_list SYSCTL_HANDLER_ARGS;
93	SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO, list,
94	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED, `0`, `0`,
95	sysctl_net_port_info_list, "S,xnpigen", "");
96
97	static int use_test_wakeuuid = `0`;
98	static uuid_t test_wakeuuid;
99
100	#if (DEVELOPMENT \|\| DEBUG)
101	SYSCTL_INT(_net_link_generic_system_port_used, OID_AUTO, use_test_wakeuuid,
102	CTLFLAG_RW \| CTLFLAG_LOCKED,
103	&use_test_wakeuuid, `0`, "");
104
105	int sysctl_new_test_wakeuuid SYSCTL_HANDLER_ARGS;
106	SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO, new_test_wakeuuid,
107	CTLTYPE_STRUCT \| CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, `0`,
108	sysctl_new_test_wakeuuid, "S,uuid_t", "");
109
110	int sysctl_clear_test_wakeuuid SYSCTL_HANDLER_ARGS;
111	SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO, clear_test_wakeuuid,
112	CTLTYPE_STRUCT \| CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, `0`,
113	sysctl_clear_test_wakeuuid, "S,uuid_t", "");
114
115	SYSCTL_OPAQUE(_net_link_generic_system_port_used, OID_AUTO, test_wakeuuid,
116	CTLFLAG_RD \| CTLFLAG_LOCKED,
117	test_wakeuuid, sizeof(uuid_t), "S,uuid_t", "");
118	#endif /* (DEVELOPMENT \|\| DEBUG) */
119
120	static int sysctl_get_ports_used SYSCTL_HANDLER_ARGS;
121	SYSCTL_NODE(_net_link_generic_system, OID_AUTO, get_ports_used,
122	CTLFLAG_RD \| CTLFLAG_LOCKED,
123	sysctl_get_ports_used, "");
124
125	int if_ports_used_verbose = `0`;
126	SYSCTL_INT(_net_link_generic_system_port_used, OID_AUTO, verbose,
127	CTLFLAG_RW \| CTLFLAG_LOCKED,
128	&if_ports_used_verbose, `0`, "");
129
130	struct timeval wakeuuid_not_set_last_time;
131	int sysctl_wakeuuid_not_set_last_time SYSCTL_HANDLER_ARGS;
132	static SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO,
133	wakeuuid_not_set_last_time, CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED,
134	`0`, `0`, sysctl_wakeuuid_not_set_last_time, "S,timeval", "");
135
136	char wakeuuid_not_set_last_if[IFXNAMSIZ];
137	int sysctl_wakeuuid_not_set_last_if SYSCTL_HANDLER_ARGS;
138	static SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO,
139	wakeuuid_not_set_last_if, CTLTYPE_STRING \| CTLFLAG_RD \| CTLFLAG_LOCKED,
140	`0`, `0`, sysctl_wakeuuid_not_set_last_if, "A", "");
141
142	struct timeval wakeuuid_last_update_time;
143	int sysctl_wakeuuid_last_update_time SYSCTL_HANDLER_ARGS;
144	static SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO,
145	wakeuuid_last_update_time, CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED,
146	`0`, `0`, sysctl_wakeuuid_last_update_time, "S,timeval", "");
147
148	struct net_port_info_wake_event last_attributed_wake_event;
149	int sysctl_last_attributed_wake_event SYSCTL_HANDLER_ARGS;
150	static SYSCTL_PROC(_net_link_generic_system_port_used, OID_AUTO,
151	last_attributed_wake_event, CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED,
152	`0`, `0`, sysctl_last_attributed_wake_event, "S,net_port_info_wake_event", "");
153
154	static bool last_wake_phy_if_set = false;
155	static char last_wake_phy_if_name[IFNAMSIZ]; / name + unit /
156	static uint32_t last_wake_phy_if_family;
157	static uint32_t last_wake_phy_if_subfamily;
158	static uint32_t last_wake_phy_if_functional_type;
159
160
161	static bool has_notified_wake_pkt = false;
162	static bool has_notified_unattributed_wake = false;
163
164	static LCK_GRP_DECLARE(net_port_entry_head_lock_group, "net port entry lock");
165	static LCK_MTX_DECLARE(net_port_entry_head_lock, &net_port_entry_head_lock_group);
166
167
168	struct net_port_entry {
169	SLIST_ENTRY(net_port_entry) npe_list_next;
170	TAILQ_ENTRY(net_port_entry) npe_hash_next;
171	struct net_port_info npe_npi;
172	};
173
174	static KALLOC_TYPE_DEFINE(net_port_entry_zone, struct net_port_entry, NET_KT_DEFAULT);
175
176	static SLIST_HEAD(net_port_entry_list, net_port_entry) net_port_entry_list =
177	SLIST_HEAD_INITIALIZER(&net_port_entry_list);
178
179	struct timeval wakeuiid_last_check;
180
181
182	#if (DEBUG \| DEVELOPMENT)
183	static int64_t npi_search_list_total = `0`;
184	SYSCTL_QUAD(_net_link_generic_system_port_used, OID_AUTO, npi_search_list_total,
185	CTLFLAG_RD \| CTLFLAG_LOCKED,
186	&npi_search_list_total, "");
187
188	static int64_t npi_search_list_max = `0`;
189	SYSCTL_QUAD(_net_link_generic_system_port_used, OID_AUTO, npi_search_list_max,
190	CTLFLAG_RD \| CTLFLAG_LOCKED,
191	&npi_search_list_max, "");
192	#endif /* (DEBUG \| DEVELOPMENT) */
193
194	/*
195	* Hashing of the net_port_entry list is based on the local port
196	*
197	* The hash masks uses the least significant bits so we have to use host byte order
198	* when applying the mask because the LSB have more entropy that the MSB (most local ports
199	* are in the high dynamic port range)
200	*/
201	#define NPE_HASH_BUCKET_COUNT 32
202	#define NPE_HASH_MASK (NPE_HASH_BUCKET_COUNT - 1)
203	#define NPE_HASH_VAL(_lport) (ntohs(_lport) & NPE_HASH_MASK)
204	#define NPE_HASH_HEAD(_lport) (&net_port_entry_hash_table[NPE_HASH_VAL(_lport)])
205
206	static TAILQ_HEAD(net_port_entry_hash_table, net_port_entry) * net_port_entry_hash_table = NULL;
207
208	/*
209	* Initialize IPv4 source address hash table.
210	*/
211	void
212	if_ports_used_init(void)
213	{
214	if (net_port_entry_hash_table != NULL) {
215	return;
216	}
217
218	net_port_entry_hash_table = zalloc_permanent(
219	NPE_HASH_BUCKET_COUNT * sizeof(*net_port_entry_hash_table),
220	ZALIGN_PTR);
221	}
222
223	static void
224	net_port_entry_list_clear(void)
225	{
226	struct net_port_entry *npe;
227
228	LCK_MTX_ASSERT(&net_port_entry_head_lock, LCK_MTX_ASSERT_OWNED);
229
230	while ((npe = SLIST_FIRST(&net_port_entry_list)) != NULL) {
231	SLIST_REMOVE_HEAD(&net_port_entry_list, npe_list_next);
232	TAILQ_REMOVE(NPE_HASH_HEAD(npe->npe_npi.npi_local_port), npe, npe_hash_next);
233
234	zfree(net_port_entry_zone, npe);
235	}
236
237	for (int i = `0`; i < NPE_HASH_BUCKET_COUNT; i++) {
238	VERIFY(TAILQ_EMPTY(&net_port_entry_hash_table[i]));
239	}
240
241	if_ports_used_stats.ifpu_npe_count = `0`;
242	if_ports_used_stats.ifpu_wakeuid_gen++;
243	}
244
245	static bool
246	get_test_wake_uuid(uuid_string_t wakeuuid_str, size_t len)
247	{
248	if (__improbable(use_test_wakeuuid)) {
249	if (!uuid_is_null(uu: test_wakeuuid)) {
250	if (wakeuuid_str != NULL && len != `0`) {
251	uuid_unparse(uu: test_wakeuuid, out: wakeuuid_str);
252	}
253	return true;
254	} else {
255	return false;
256	}
257	} else {
258	return false;
259	}
260	}
261
262	static bool
263	is_wakeuuid_set(void)
264	{
265	/*
266	* IOPMCopySleepWakeUUIDKey() tells if SleepWakeUUID is currently set
267	* That means we are currently in a sleep/wake cycle
268	*/
269	return get_test_wake_uuid(NULL, len: `0`) \|\| IOPMCopySleepWakeUUIDKey(NULL, buf_len: `0`);
270	}
271
272	void
273	if_ports_used_update_wakeuuid(struct ifnet *ifp)
274	{
275	uuid_t wakeuuid;
276	bool wakeuuid_is_set = false;
277	bool updated = false;
278	uuid_string_t wakeuuid_str;
279
280	uuid_clear(uu: wakeuuid);
281
282	if (__improbable(use_test_wakeuuid)) {
283	wakeuuid_is_set = get_test_wake_uuid(wakeuuid_str,
284	len: sizeof(wakeuuid_str));
285	} else {
286	wakeuuid_is_set = IOPMCopySleepWakeUUIDKey(buffer: wakeuuid_str,
287	buf_len: sizeof(wakeuuid_str));
288	}
289
290	if (wakeuuid_is_set) {
291	if (uuid_parse(in: wakeuuid_str, uu: wakeuuid) != `0`) {
292	os_log(OS_LOG_DEFAULT,
293	"%s: IOPMCopySleepWakeUUIDKey got bad value %s\n",
294	__func__, wakeuuid_str);
295	wakeuuid_is_set = false;
296	}
297	}
298
299	if (!wakeuuid_is_set) {
300	if (ifp != NULL) {
301	if (if_ports_used_verbose > `0`) {
302	os_log_info(OS_LOG_DEFAULT,
303	"%s: SleepWakeUUID not set, "
304	"don't update the port list for %s\n",
305	__func__, ifp != NULL ? if_name(ifp) : "");
306	}
307	if_ports_used_stats.ifpu_wakeuuid_not_set_count += `1`;
308	microtime(tv: &wakeuuid_not_set_last_time);
309	strlcpy(dst: wakeuuid_not_set_last_if, if_name(ifp),
310	n: sizeof(wakeuuid_not_set_last_if));
311	}
312	return;
313	}
314
315	lck_mtx_lock(lck: &net_port_entry_head_lock);
316	if (uuid_compare(uu1: wakeuuid, uu2: current_wakeuuid) != `0`) {
317	net_port_entry_list_clear();
318	uuid_copy(dst: current_wakeuuid, src: wakeuuid);
319	microtime(tv: &wakeuuid_last_update_time);
320	updated = true;
321
322	has_notified_wake_pkt = false;
323	has_notified_unattributed_wake = false;
324
325	memset(s: &last_attributed_wake_event, c: `0`, n: sizeof(last_attributed_wake_event));
326
327	last_wake_phy_if_set = false;
328	memset(s: &last_wake_phy_if_name, c: `0`, n: sizeof(last_wake_phy_if_name));
329	last_wake_phy_if_family = IFRTYPE_FAMILY_ANY;
330	last_wake_phy_if_subfamily = IFRTYPE_SUBFAMILY_ANY;
331	last_wake_phy_if_functional_type = IFRTYPE_FUNCTIONAL_UNKNOWN;
332	}
333	/*
334	* Record the time last checked
335	*/
336	microuptime(tv: &wakeuiid_last_check);
337	lck_mtx_unlock(lck: &net_port_entry_head_lock);
338
339	if (updated && if_ports_used_verbose > `0`) {
340	uuid_string_t uuid_str;
341
342	uuid_unparse(uu: current_wakeuuid, out: uuid_str);
343	os_log(OS_LOG_DEFAULT, "%s: current wakeuuid %s",
344	__func__, uuid_str);
345	}
346	}
347
348	static bool
349	net_port_info_equal(const struct net_port_info *x,
350	const struct net_port_info *y)
351	{
352	ASSERT(x != NULL && y != NULL);
353
354	if (x->npi_if_index == y->npi_if_index &&
355	x->npi_local_port == y->npi_local_port &&
356	x->npi_foreign_port == y->npi_foreign_port &&
357	x->npi_owner_pid == y->npi_owner_pid &&
358	x->npi_effective_pid == y->npi_effective_pid &&
359	x->npi_flags == y->npi_flags &&
360	memcmp(s1: &x->npi_local_addr_, s2: &y->npi_local_addr_,
361	n: sizeof(union in_addr_4_6)) == `0` &&
362	memcmp(s1: &x->npi_foreign_addr_, s2: &y->npi_foreign_addr_,
363	n: sizeof(union in_addr_4_6)) == `0`) {
364	return true;
365	}
366	return false;
367	}
368
369	static bool
370	net_port_info_has_entry(const struct net_port_info *npi)
371	{
372	struct net_port_entry *npe;
373	bool found = false;
374	int32_t count = `0`;
375
376	LCK_MTX_ASSERT(&net_port_entry_head_lock, LCK_MTX_ASSERT_OWNED);
377
378	TAILQ_FOREACH(npe, NPE_HASH_HEAD(npi->npi_local_port), npe_hash_next) {
379	count += `1`;
380	if (net_port_info_equal(x: &npe->npe_npi, y: npi)) {
381	found = true;
382	break;
383	}
384	}
385	if_ports_used_stats.ifpu_npi_hash_search_total += count;
386	if (count > if_ports_used_stats.ifpu_npi_hash_search_max) {
387	if_ports_used_stats.ifpu_npi_hash_search_max = count;
388	}
389
390	return found;
391	}
392
393	static bool
394	net_port_info_add_entry(const struct net_port_info *npi)
395	{
396	struct net_port_entry *npe = NULL;
397	uint32_t num = `0`;
398	bool entry_added = false;
399
400	ASSERT(npi != NULL);
401
402	if (__improbable(is_wakeuuid_set() == false)) {
403	if_ports_used_stats.ifpu_npi_not_added_no_wakeuuid++;
404	if (if_ports_used_verbose > `0`) {
405	os_log(OS_LOG_DEFAULT, "%s: wakeuuid not set not adding "
406	"port: %u flags: 0x%xif: %u pid: %u epid %u",
407	__func__,
408	ntohs(npi->npi_local_port),
409	npi->npi_flags,
410	npi->npi_if_index,
411	npi->npi_owner_pid,
412	npi->npi_effective_pid);
413	}
414	return false;
415	}
416
417	npe = zalloc_flags(net_port_entry_zone, Z_WAITOK \| Z_ZERO);
418	if (__improbable(npe == NULL)) {
419	os_log(OS_LOG_DEFAULT, "%s: zalloc() failed for "
420	"port: %u flags: 0x%x if: %u pid: %u epid %u",
421	__func__,
422	ntohs(npi->npi_local_port),
423	npi->npi_flags,
424	npi->npi_if_index,
425	npi->npi_owner_pid,
426	npi->npi_effective_pid);
427	return false;
428	}
429
430	memcpy(dst: &npe->npe_npi, src: npi, n: sizeof(npe->npe_npi));
431
432	lck_mtx_lock(lck: &net_port_entry_head_lock);
433
434	if (net_port_info_has_entry(npi) == false) {
435	SLIST_INSERT_HEAD(&net_port_entry_list, npe, npe_list_next);
436	TAILQ_INSERT_HEAD(NPE_HASH_HEAD(npi->npi_local_port), npe, npe_hash_next);
437	num = (uint32_t)if_ports_used_stats.ifpu_npe_count++; / rollover OK /
438	entry_added = true;
439
440	if (if_ports_used_stats.ifpu_npe_count > if_ports_used_stats.ifpu_npe_max) {
441	if_ports_used_stats.ifpu_npe_max = if_ports_used_stats.ifpu_npe_count;
442	}
443	if_ports_used_stats.ifpu_npe_total++;
444
445	if (if_ports_used_verbose > `1`) {
446	os_log(OS_LOG_DEFAULT, "%s: num %u for "
447	"port: %u flags: 0x%x if: %u pid: %u epid %u",
448	__func__,
449	num,
450	ntohs(npi->npi_local_port),
451	npi->npi_flags,
452	npi->npi_if_index,
453	npi->npi_owner_pid,
454	npi->npi_effective_pid);
455	}
456	} else {
457	if_ports_used_stats.ifpu_npe_dup++;
458	if (if_ports_used_verbose > `2`) {
459	os_log(OS_LOG_DEFAULT, "%s: already added "
460	"port: %u flags: 0x%x if: %u pid: %u epid %u",
461	__func__,
462	ntohs(npi->npi_local_port),
463	npi->npi_flags,
464	npi->npi_if_index,
465	npi->npi_owner_pid,
466	npi->npi_effective_pid);
467	}
468	}
469
470	lck_mtx_unlock(lck: &net_port_entry_head_lock);
471
472	if (entry_added == false) {
473	zfree(net_port_entry_zone, npe);
474	}
475	return entry_added;
476	}
477
478	#if (DEVELOPMENT \|\| DEBUG)
479	int
480	sysctl_new_test_wakeuuid SYSCTL_HANDLER_ARGS
481	{
482	#pragma unused(oidp, arg1, arg2)
483	int error = `0`;
484
485	if (kauth_cred_issuser(kauth_cred_get()) == `0`) {
486	return EPERM;
487	}
488	if (req->oldptr == USER_ADDR_NULL) {
489	req->oldidx = sizeof(uuid_t);
490	return `0`;
491	}
492	if (req->newptr != USER_ADDR_NULL) {
493	uuid_generate(test_wakeuuid);
494	if_ports_used_update_wakeuuid(NULL);
495	}
496	error = SYSCTL_OUT(req, test_wakeuuid,
497	MIN(sizeof(uuid_t), req->oldlen));
498
499	return error;
500	}
501
502	int
503	sysctl_clear_test_wakeuuid SYSCTL_HANDLER_ARGS
504	{
505	#pragma unused(oidp, arg1, arg2)
506	int error = `0`;
507
508	if (kauth_cred_issuser(kauth_cred_get()) == `0`) {
509	return EPERM;
510	}
511	if (req->oldptr == USER_ADDR_NULL) {
512	req->oldidx = sizeof(uuid_t);
513	return `0`;
514	}
515	if (req->newptr != USER_ADDR_NULL) {
516	uuid_clear(test_wakeuuid);
517	if_ports_used_update_wakeuuid(NULL);
518	}
519	error = SYSCTL_OUT(req, test_wakeuuid,
520	MIN(sizeof(uuid_t), req->oldlen));
521
522	return error;
523	}
524
525	#endif /* (DEVELOPMENT \|\| DEBUG) */
526
527	static int
528	sysctl_timeval(struct sysctl_req req, const* struct timeval *tv)
529	{
530	if (proc_is64bit(req->p)) {
531	struct user64_timeval tv64 = {};
532
533	tv64.tv_sec = tv->tv_sec;
534	tv64.tv_usec = tv->tv_usec;
535	return SYSCTL_OUT(req, &tv64, sizeof(tv64));
536	} else {
537	struct user32_timeval tv32 = {};
538
539	tv32.tv_sec = (user32_time_t)tv->tv_sec;
540	tv32.tv_usec = tv->tv_usec;
541	return SYSCTL_OUT(req, &tv32, sizeof(tv32));
542	}
543	}
544
545	int
546	sysctl_wakeuuid_last_update_time SYSCTL_HANDLER_ARGS
547	{
548	#pragma unused(oidp, arg1, arg2)
549
550	return sysctl_timeval(req, tv: &wakeuuid_last_update_time);
551	}
552
553	int
554	sysctl_wakeuuid_not_set_last_time SYSCTL_HANDLER_ARGS
555	{
556	#pragma unused(oidp, arg1, arg2)
557
558	return sysctl_timeval(req, tv: &wakeuuid_not_set_last_time);
559	}
560
561	int
562	sysctl_wakeuuid_not_set_last_if SYSCTL_HANDLER_ARGS
563	{
564	#pragma unused(oidp, arg1, arg2)
565
566	return SYSCTL_OUT(req, &wakeuuid_not_set_last_if, strlen(wakeuuid_not_set_last_if) + `1`);
567	}
568
569	int
570	sysctl_if_ports_used_stats SYSCTL_HANDLER_ARGS
571	{
572	#pragma unused(oidp, arg1, arg2)
573	size_t len = sizeof(struct if_ports_used_stats);
574
575	if (req->oldptr != `0`) {
576	len = MIN(req->oldlen, sizeof(struct if_ports_used_stats));
577	}
578	return SYSCTL_OUT(req, &if_ports_used_stats, len);
579	}
580
581	static int
582	sysctl_net_port_info_list SYSCTL_HANDLER_ARGS
583	{
584	#pragma unused(oidp, arg1, arg2)
585	int error = `0`;
586	struct xnpigen xnpigen;
587	struct net_port_entry *npe;
588
589	if ((error = priv_check_cred(cred: kauth_cred_get(),
590	PRIV_NET_PRIVILEGED_NETWORK_STATISTICS, flags: `0`)) != `0`) {
591	return EPERM;
592	}
593	lck_mtx_lock(lck: &net_port_entry_head_lock);
594
595	if (req->oldptr == USER_ADDR_NULL) {
596	/ Add a 25% cushion /
597	size_t cnt = (size_t)if_ports_used_stats.ifpu_npe_count;
598	cnt += cnt >> `4`;
599	req->oldidx = sizeof(struct xnpigen) +
600	cnt * sizeof(struct net_port_info);
601	goto done;
602	}
603
604	memset(s: &xnpigen, c: `0`, n: sizeof(struct xnpigen));
605	xnpigen.xng_len = sizeof(struct xnpigen);
606	xnpigen.xng_gen = (uint32_t)if_ports_used_stats.ifpu_wakeuid_gen;
607	uuid_copy(dst: xnpigen.xng_wakeuuid, src: current_wakeuuid);
608	xnpigen.xng_npi_count = (uint32_t)if_ports_used_stats.ifpu_npe_count;
609	xnpigen.xng_npi_size = sizeof(struct net_port_info);
610	error = SYSCTL_OUT(req, &xnpigen, sizeof(xnpigen));
611	if (error != `0`) {
612	printf("%s: SYSCTL_OUT(xnpigen) error %d\n",
613	__func__, error);
614	goto done;
615	}
616
617	SLIST_FOREACH(npe, &net_port_entry_list, npe_list_next) {
618	error = SYSCTL_OUT(req, &npe->npe_npi,
619	sizeof(struct net_port_info));
620	if (error != `0`) {
621	printf("%s: SYSCTL_OUT(npi) error %d\n",
622	__func__, error);
623	goto done;
624	}
625	}
626	done:
627	lck_mtx_unlock(lck: &net_port_entry_head_lock);
628
629	return error;
630	}
631
632	/*
633	* Mirror the arguments of ifnet_get_local_ports_extended()
634	* ifindex
635	* protocol
636	* flags
637	*/
638	static int
639	sysctl_get_ports_used SYSCTL_HANDLER_ARGS
640	{
641	#pragma unused(oidp)
642	int name = (int* *)arg1;
643	int namelen = arg2;
644	int error = `0`;
645	int idx;
646	protocol_family_t protocol;
647	u_int32_t flags;
648	ifnet_t ifp = NULL;
649	u_int8_t *bitfield = NULL;
650
651	if (req->newptr != USER_ADDR_NULL) {
652	error = EPERM;
653	goto done;
654	}
655	/*
656	* 3 is the required number of parameters: ifindex, protocol and flags
657	*/
658	if (namelen != `3`) {
659	error = ENOENT;
660	goto done;
661	}
662
663	if (req->oldptr == USER_ADDR_NULL) {
664	req->oldidx = bitstr_size(IP_PORTRANGE_SIZE);
665	goto done;
666	}
667	if (req->oldlen < bitstr_size(IP_PORTRANGE_SIZE)) {
668	error = ENOMEM;
669	goto done;
670	}
671	bitfield = (u_int8_t *) kalloc_data(bitstr_size(IP_PORTRANGE_SIZE),
672	Z_WAITOK \| Z_ZERO);
673	if (bitfield == NULL) {
674	error = ENOMEM;
675	goto done;
676	}
677
678	idx = name[`0`];
679	protocol = name[`1`];
680	flags = name[`2`];
681
682	ifnet_head_lock_shared();
683	if (IF_INDEX_IN_RANGE(idx)) {
684	ifp = ifindex2ifnet[idx];
685	}
686	ifnet_head_done();
687
688	error = ifnet_get_local_ports_extended(ifp, protocol, flags, bitfield);
689	if (error != `0`) {
690	printf("%s: ifnet_get_local_ports_extended() error %d\n",
691	__func__, error);
692	goto done;
693	}
694	error = SYSCTL_OUT(req, bitfield, bitstr_size(IP_PORTRANGE_SIZE));
695	done:
696	if (bitfield != NULL) {
697	kfree_data(bitfield, bitstr_size(IP_PORTRANGE_SIZE));
698	}
699	return error;
700	}
701
702	__private_extern__ bool
703	if_ports_used_add_inpcb(const uint32_t ifindex, const struct inpcb *inp)
704	{
705	struct net_port_info npi = {};
706	struct socket *so = inp->inp_socket;
707
708	/ This is unlikely to happen but better be safe than sorry /
709	if (ifindex > UINT16_MAX) {
710	os_log(OS_LOG_DEFAULT, "%s: ifindex %u too big", __func__, ifindex);
711	return false;
712	}
713
714	if (ifindex != `0`) {
715	npi.npi_if_index = (uint16_t)ifindex;
716	} else if (inp->inp_last_outifp != NULL) {
717	npi.npi_if_index = (uint16_t)inp->inp_last_outifp->if_index;
718	}
719	if (IF_INDEX_IN_RANGE(npi.npi_if_index)) {
720	struct ifnet *ifp = ifindex2ifnet[npi.npi_if_index];
721	if (ifp != NULL && IFNET_IS_COMPANION_LINK(ifp)) {
722	npi.npi_flags \|= NPIF_COMPLINK;
723	}
724	}
725
726	npi.npi_flags \|= NPIF_SOCKET;
727
728	npi.npi_timestamp.tv_sec = (int32_t)wakeuiid_last_check.tv_sec;
729	npi.npi_timestamp.tv_usec = wakeuiid_last_check.tv_usec;
730
731	if (so->so_options & SO_NOWAKEFROMSLEEP) {
732	npi.npi_flags \|= NPIF_NOWAKE;
733	}
734
735	if (SOCK_PROTO(so) == IPPROTO_TCP) {
736	struct tcpcb *tp = intotcpcb(inp);
737
738	npi.npi_flags \|= NPIF_TCP;
739	if (tp != NULL && tp->t_state == TCPS_LISTEN) {
740	npi.npi_flags \|= NPIF_LISTEN;
741	}
742	} else if (SOCK_PROTO(so) == IPPROTO_UDP) {
743	npi.npi_flags \|= NPIF_UDP;
744	} else {
745	os_log(OS_LOG_DEFAULT, "%s: unexpected protocol %u for inp %p", __func__,
746	SOCK_PROTO(inp->inp_socket), inp);
747	return false;
748	}
749
750	uuid_copy(dst: npi.npi_flow_uuid, src: inp->necp_client_uuid);
751
752	npi.npi_local_port = inp->inp_lport;
753	npi.npi_foreign_port = inp->inp_fport;
754
755	/*
756	* Take in account IPv4 addresses mapped on IPv6
757	*/
758	if ((inp->inp_vflag & INP_IPV6) != `0` && (inp->inp_flags & IN6P_IPV6_V6ONLY) == `0` &&
759	(inp->inp_vflag & (INP_IPV6 \| INP_IPV4)) == (INP_IPV6 \| INP_IPV4)) {
760	npi.npi_flags \|= NPIF_IPV6 \| NPIF_IPV4;
761	memcpy(dst: &npi.npi_local_addr_in6,
762	src: &inp->in6p_laddr, n: sizeof(struct in6_addr));
763	} else if (inp->inp_vflag & INP_IPV4) {
764	npi.npi_flags \|= NPIF_IPV4;
765	npi.npi_local_addr_in = inp->inp_laddr;
766	npi.npi_foreign_addr_in = inp->inp_faddr;
767	} else {
768	npi.npi_flags \|= NPIF_IPV6;
769	memcpy(dst: &npi.npi_local_addr_in6,
770	src: &inp->in6p_laddr, n: sizeof(struct in6_addr));
771	memcpy(dst: &npi.npi_foreign_addr_in6,
772	src: &inp->in6p_faddr, n: sizeof(struct in6_addr));
773
774	/ Clear the embedded scope ID /
775	if (IN6_IS_ADDR_LINKLOCAL(&npi.npi_local_addr_in6)) {
776	npi.npi_local_addr_in6.s6_addr16[`1`] = `0`;
777	}
778	if (IN6_IS_ADDR_LINKLOCAL(&npi.npi_foreign_addr_in6)) {
779	npi.npi_foreign_addr_in6.s6_addr16[`1`] = `0`;
780	}
781	}
782
783	npi.npi_owner_pid = so->last_pid;
784
785	if (so->last_pid != `0`) {
786	proc_name(pid: so->last_pid, buf: npi.npi_owner_pname,
787	size: sizeof(npi.npi_owner_pname));
788	uuid_copy(dst: npi.npi_owner_uuid, src: so->last_uuid);
789	}
790
791	if (so->so_flags & SOF_DELEGATED) {
792	npi.npi_flags \|= NPIF_DELEGATED;
793	npi.npi_effective_pid = so->e_pid;
794	if (so->e_pid != `0`) {
795	proc_name(pid: so->e_pid, buf: npi.npi_effective_pname,
796	size: sizeof(npi.npi_effective_pname));
797	}
798	uuid_copy(dst: npi.npi_effective_uuid, src: so->e_uuid);
799	} else {
800	npi.npi_effective_pid = so->last_pid;
801	if (so->last_pid != `0`) {
802	strlcpy(dst: npi.npi_effective_pname, src: npi.npi_owner_pname,
803	n: sizeof(npi.npi_effective_pname));
804	}
805	uuid_copy(dst: npi.npi_effective_uuid, src: so->last_uuid);
806	}
807
808	return net_port_info_add_entry(npi: &npi);
809	}
810
811	#if SKYWALK
812	__private_extern__ bool
813	if_ports_used_add_flow_entry(const struct flow_entry fe, const* uint32_t ifindex,
814	const struct ns_flow_info *nfi, uint32_t ns_flags)
815	{
816	struct net_port_info npi = {};
817
818	/ This is unlikely to happen but better be safe than sorry /
819	if (ifindex > UINT16_MAX) {
820	os_log(OS_LOG_DEFAULT, "%s: ifindex %u too big", __func__, ifindex);
821	return false;
822	}
823	npi.npi_if_index = (uint16_t)ifindex;
824	if (IF_INDEX_IN_RANGE(ifindex)) {
825	struct ifnet *ifp = ifindex2ifnet[ifindex];
826	if (ifp != NULL && IFNET_IS_COMPANION_LINK(ifp)) {
827	npi.npi_flags \|= NPIF_COMPLINK;
828	}
829	}
830
831	npi.npi_flags \|= NPIF_CHANNEL;
832
833	npi.npi_timestamp.tv_sec = (int32_t)wakeuiid_last_check.tv_sec;
834	npi.npi_timestamp.tv_usec = wakeuiid_last_check.tv_usec;
835
836	if (ns_flags & NETNS_NOWAKEFROMSLEEP) {
837	npi.npi_flags \|= NPIF_NOWAKE;
838	}
839	if ((ns_flags & NETNS_OWNER_MASK) == NETNS_LISTENER) {
840	npi.npi_flags \|= NPIF_LISTEN;
841	}
842
843	uuid_copy(dst: npi.npi_flow_uuid, src: nfi->nfi_flow_uuid);
844
845	if (nfi->nfi_protocol == IPPROTO_TCP) {
846	npi.npi_flags \|= NPIF_TCP;
847	} else if (nfi->nfi_protocol == IPPROTO_UDP) {
848	npi.npi_flags \|= NPIF_UDP;
849	} else {
850	os_log(OS_LOG_DEFAULT, "%s: unexpected protocol %u for nfi %p",
851	__func__, nfi->nfi_protocol, nfi);
852	return false;
853	}
854
855	if (nfi->nfi_laddr.sa.sa_family == AF_INET) {
856	npi.npi_flags \|= NPIF_IPV4;
857
858	npi.npi_local_port = nfi->nfi_laddr.sin.sin_port;
859	npi.npi_foreign_port = nfi->nfi_faddr.sin.sin_port;
860
861	npi.npi_local_addr_in = nfi->nfi_laddr.sin.sin_addr;
862	npi.npi_foreign_addr_in = nfi->nfi_faddr.sin.sin_addr;
863	} else {
864	npi.npi_flags \|= NPIF_IPV6;
865
866	npi.npi_local_port = nfi->nfi_laddr.sin6.sin6_port;
867	npi.npi_foreign_port = nfi->nfi_faddr.sin6.sin6_port;
868
869	memcpy(dst: &npi.npi_local_addr_in6,
870	src: &nfi->nfi_laddr.sin6.sin6_addr, n: sizeof(struct in6_addr));
871	memcpy(dst: &npi.npi_foreign_addr_in6,
872	src: &nfi->nfi_faddr.sin6.sin6_addr, n: sizeof(struct in6_addr));
873
874	/ Clear the embedded scope ID /
875	if (IN6_IS_ADDR_LINKLOCAL(&npi.npi_local_addr_in6)) {
876	npi.npi_local_addr_in6.s6_addr16[`1`] = `0`;
877	}
878	if (IN6_IS_ADDR_LINKLOCAL(&npi.npi_foreign_addr_in6)) {
879	npi.npi_foreign_addr_in6.s6_addr16[`1`] = `0`;
880	}
881	}
882
883	npi.npi_owner_pid = nfi->nfi_owner_pid;
884	strlcpy(dst: npi.npi_owner_pname, src: nfi->nfi_owner_name,
885	n: sizeof(npi.npi_owner_pname));
886
887	/*
888	* Get the proc UUID from the pid as the the proc UUID is not present
889	* in the flow_entry
890	*/
891	proc_t proc = proc_find(pid: npi.npi_owner_pid);
892	if (proc != PROC_NULL) {
893	proc_getexecutableuuid(proc, npi.npi_owner_uuid, sizeof(npi.npi_owner_uuid));
894	proc_rele(p: proc);
895	}
896	if (nfi->nfi_effective_pid != -`1`) {
897	npi.npi_effective_pid = nfi->nfi_effective_pid;
898	strlcpy(dst: npi.npi_effective_pname, src: nfi->nfi_effective_name,
899	n: sizeof(npi.npi_effective_pname));
900	uuid_copy(dst: npi.npi_effective_uuid, src: fe->fe_eproc_uuid);
901	} else {
902	npi.npi_effective_pid = npi.npi_owner_pid;
903	strlcpy(dst: npi.npi_effective_pname, src: npi.npi_owner_pname,
904	n: sizeof(npi.npi_effective_pname));
905	uuid_copy(dst: npi.npi_effective_uuid, src: npi.npi_owner_uuid);
906	}
907
908	return net_port_info_add_entry(npi: &npi);
909	}
910
911	#endif /* SKYWALK */
912
913	static void
914	net_port_info_log_npi(const char s, const* struct net_port_info *npi)
915	{
916	char lbuf[MAX_IPv6_STR_LEN] = {};
917	char fbuf[MAX_IPv6_STR_LEN] = {};
918
919	if (npi->npi_flags & NPIF_IPV4) {
920	inet_ntop(PF_INET, &npi->npi_local_addr_in.s_addr,
921	lbuf, sizeof(lbuf));
922	inet_ntop(PF_INET, &npi->npi_foreign_addr_in.s_addr,
923	fbuf, sizeof(fbuf));
924	} else if (npi->npi_flags & NPIF_IPV6) {
925	inet_ntop(PF_INET6, &npi->npi_local_addr_in6,
926	lbuf, sizeof(lbuf));
927	inet_ntop(PF_INET6, &npi->npi_foreign_addr_in6,
928	fbuf, sizeof(fbuf));
929	}
930	os_log(OS_LOG_DEFAULT, "%s net_port_info if_index %u arch %s family %s proto %s local %s:%u foreign %s:%u pid: %u epid %u",
931	s != NULL ? s : "",
932	npi->npi_if_index,
933	(npi->npi_flags & NPIF_SOCKET) ? "so" : (npi->npi_flags & NPIF_CHANNEL) ? "ch" : "unknown",
934	(npi->npi_flags & NPIF_IPV4) ? "ipv4" : (npi->npi_flags & NPIF_IPV6) ? "ipv6" : "unknown",
935	npi->npi_flags & NPIF_TCP ? "tcp" : npi->npi_flags & NPIF_UDP ? "udp" :
936	npi->npi_flags & NPIF_ESP ? "esp" : "unknown",
937	lbuf, ntohs(npi->npi_local_port),
938	fbuf, ntohs(npi->npi_foreign_port),
939	npi->npi_owner_pid,
940	npi->npi_effective_pid);
941	}
942
943	/*
944	* net_port_info_match_npi() returns true for an exact match that does not have "no wake" set
945	*/
946	#define NPI_MATCH_IPV4 (NPIF_IPV4 \| NPIF_TCP \| NPIF_UDP)
947	#define NPI_MATCH_IPV6 (NPIF_IPV6 \| NPIF_TCP \| NPIF_UDP)
948
949	static bool
950	net_port_info_match_npi(struct net_port_entry npe, const* struct net_port_info *in_npi,
951	struct net_port_entry **best_match)
952	{
953	if (__improbable(net_wake_pkt_debug > `1`)) {
954	net_port_info_log_npi(s: " ", npi: &npe->npe_npi);
955	}
956
957	/*
958	* The interfaces must match or be both companion link
959	*/
960	if (npe->npe_npi.npi_if_index != in_npi->npi_if_index &&
961	!((npe->npe_npi.npi_flags & NPIF_COMPLINK) && (in_npi->npi_flags & NPIF_COMPLINK))) {
962	return false;
963	}
964
965	/*
966	* The local ports and protocols must match
967	*/
968	if (npe->npe_npi.npi_local_port != in_npi->npi_local_port \|\|
969	((npe->npe_npi.npi_flags & NPI_MATCH_IPV4) != (in_npi->npi_flags & NPI_MATCH_IPV4) &&
970	(npe->npe_npi.npi_flags & NPI_MATCH_IPV6) != (in_npi->npi_flags & NPI_MATCH_IPV6))) {
971	return false;
972	}
973
974	/*
975	* Search stops on an exact match
976	*/
977	if (npe->npe_npi.npi_foreign_port == in_npi->npi_foreign_port) {
978	if ((npe->npe_npi.npi_flags & NPIF_IPV4) && (npe->npe_npi.npi_flags & NPIF_IPV4)) {
979	if (in_npi->npi_local_addr_in.s_addr == npe->npe_npi.npi_local_addr_in.s_addr &&
980	in_npi->npi_foreign_addr_in.s_addr == npe->npe_npi.npi_foreign_addr_in.s_addr) {
981	if (npe->npe_npi.npi_flags & NPIF_NOWAKE) {
982	/*
983	* Do not overwrite an existing match when "no wake" is set
984	*/
985	if (*best_match == NULL) {
986	*best_match = npe;
987	}
988	return false;
989	}
990	*best_match = npe;
991	return true;
992	}
993	}
994	if ((npe->npe_npi.npi_flags & NPIF_IPV6) && (npe->npe_npi.npi_flags & NPIF_IPV6)) {
995	if (memcmp(s1: &npe->npe_npi.npi_local_addr_, s2: &in_npi->npi_local_addr_,
996	n: sizeof(union in_addr_4_6)) == `0` &&
997	memcmp(s1: &npe->npe_npi.npi_foreign_addr_, s2: &in_npi->npi_foreign_addr_,
998	n: sizeof(union in_addr_4_6)) == `0`) {
999	if (npe->npe_npi.npi_flags & NPIF_NOWAKE) {
1000	/*
1001	* Do not overwrite an existing match when "no wake" is set
1002	*/
1003	if (*best_match == NULL) {
1004	*best_match = npe;
1005	}
1006	return false;
1007	}
1008	*best_match = npe;
1009	return true;
1010	}
1011	}
1012	}
1013	/*
1014	* Skip connected entries as we are looking for a wildcard match
1015	* on the local address and port
1016	*/
1017	if (npe->npe_npi.npi_foreign_port != `0`) {
1018	return false;
1019	}
1020	/*
1021	* Do not overwrite an existing match when "no wake" is set
1022	*/
1023	if (*best_match != NULL && (npe->npe_npi.npi_flags & NPIF_NOWAKE) != `0`) {
1024	return false;
1025	}
1026	/*
1027	* The local address matches: this is our 2nd best match
1028	*/
1029	if (memcmp(s1: &npe->npe_npi.npi_local_addr_, s2: &in_npi->npi_local_addr_,
1030	n: sizeof(union in_addr_4_6)) == `0`) {
1031	*best_match = npe;
1032	return false;
1033	}
1034
1035	/*
1036	* Only the local port matches, do not override a match
1037	* on the local address
1038	*/
1039	if (*best_match == NULL) {
1040	*best_match = npe;
1041	}
1042	return false;
1043	}
1044	#undef NPI_MATCH_IPV4
1045	#undef NPI_MATCH_IPV6
1046
1047	/*
1048	*
1049	*/
1050	static bool
1051	net_port_info_find_match(struct net_port_info *in_npi)
1052	{
1053	struct net_port_entry *npe;
1054	struct net_port_entry *best_match = NULL;
1055
1056	lck_mtx_lock(lck: &net_port_entry_head_lock);
1057
1058	uint32_t count = `0`;
1059	TAILQ_FOREACH(npe, NPE_HASH_HEAD(in_npi->npi_local_port), npe_hash_next) {
1060	count += `1`;
1061	/*
1062	* Search stop on an exact match
1063	*/
1064	if (net_port_info_match_npi(npe, in_npi, best_match: &best_match)) {
1065	break;
1066	}
1067	}
1068
1069	if (best_match != NULL) {
1070	best_match->npe_npi.npi_flags \|= NPIF_WAKEPKT;
1071	if (best_match->npe_npi.npi_flags & NPIF_NOWAKE) {
1072	in_npi->npi_flags \|= NPIF_NOWAKE;
1073	}
1074	in_npi->npi_owner_pid = best_match->npe_npi.npi_owner_pid;
1075	in_npi->npi_effective_pid = best_match->npe_npi.npi_effective_pid;
1076	strlcpy(dst: in_npi->npi_owner_pname, src: best_match->npe_npi.npi_owner_pname,
1077	n: sizeof(in_npi->npi_owner_pname));
1078	strlcpy(dst: in_npi->npi_effective_pname, src: best_match->npe_npi.npi_effective_pname,
1079	n: sizeof(in_npi->npi_effective_pname));
1080	uuid_copy(dst: in_npi->npi_owner_uuid, src: best_match->npe_npi.npi_owner_uuid);
1081	uuid_copy(dst: in_npi->npi_effective_uuid, src: best_match->npe_npi.npi_effective_uuid);
1082	}
1083	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1084
1085	if (__improbable(net_wake_pkt_debug > `0`)) {
1086	if (best_match != NULL) {
1087	net_port_info_log_npi(s: "wake packet match", npi: in_npi);
1088	} else {
1089	net_port_info_log_npi(s: "wake packet no match", npi: in_npi);
1090	}
1091	}
1092
1093	return best_match != NULL ? true : false;
1094	}
1095
1096	#if (DEBUG \|\| DEVELOPMENT)
1097	static void
1098	net_port_info_log_una_wake_event(const char s, struct* net_port_info_una_wake_event *ev)
1099	{
1100	char lbuf[MAX_IPv6_STR_LEN] = {};
1101	char fbuf[MAX_IPv6_STR_LEN] = {};
1102
1103	if (ev->una_wake_pkt_flags & NPIF_IPV4) {
1104	inet_ntop(PF_INET, &ev->una_wake_pkt_local_addr_._in_a_4.s_addr,
1105	lbuf, sizeof(lbuf));
1106	inet_ntop(PF_INET, &ev->una_wake_pkt_foreign_addr_._in_a_4.s_addr,
1107	fbuf, sizeof(fbuf));
1108	} else if (ev->una_wake_pkt_flags & NPIF_IPV6) {
1109	inet_ntop(PF_INET6, &ev->una_wake_pkt_local_addr_._in_a_6.s6_addr,
1110	lbuf, sizeof(lbuf));
1111	inet_ntop(PF_INET6, &ev->una_wake_pkt_foreign_addr_._in_a_6.s6_addr,
1112	fbuf, sizeof(fbuf));
1113	}
1114	os_log(OS_LOG_DEFAULT, "%s if %s (%u) phy_if %s proto %s local %s:%u foreign %s:%u len: %u datalen: %u cflags: 0x%x proto: %u",
1115	s != NULL ? s : "",
1116	ev->una_wake_pkt_ifname, ev->una_wake_pkt_if_index, ev->una_wake_pkt_phy_ifname,
1117	ev->una_wake_pkt_flags & NPIF_TCP ? "tcp" : ev->una_wake_pkt_flags ? "udp" :
1118	ev->una_wake_pkt_flags & NPIF_ESP ? "esp" : "unknown",
1119	lbuf, ntohs(ev->una_wake_pkt_local_port),
1120	fbuf, ntohs(ev->una_wake_pkt_foreign_port),
1121	ev->una_wake_pkt_total_len, ev->una_wake_pkt_data_len,
1122	ev->una_wake_pkt_control_flags, ev->una_wake_pkt_proto);
1123	}
1124
1125	static void
1126	net_port_info_log_wake_event(const char s, struct* net_port_info_wake_event *ev)
1127	{
1128	char lbuf[MAX_IPv6_STR_LEN] = {};
1129	char fbuf[MAX_IPv6_STR_LEN] = {};
1130
1131	if (ev->wake_pkt_flags & NPIF_IPV4) {
1132	inet_ntop(PF_INET, &ev->wake_pkt_local_addr_._in_a_4.s_addr,
1133	lbuf, sizeof(lbuf));
1134	inet_ntop(PF_INET, &ev->wake_pkt_foreign_addr_._in_a_4.s_addr,
1135	fbuf, sizeof(fbuf));
1136	} else if (ev->wake_pkt_flags & NPIF_IPV6) {
1137	inet_ntop(PF_INET6, &ev->wake_pkt_local_addr_._in_a_6.s6_addr,
1138	lbuf, sizeof(lbuf));
1139	inet_ntop(PF_INET6, &ev->wake_pkt_foreign_addr_._in_a_6.s6_addr,
1140	fbuf, sizeof(fbuf));
1141	}
1142	os_log(OS_LOG_DEFAULT, "%s if %s (%u) phy_if %s proto %s local %s:%u foreign %s:%u len: %u datalen: %u cflags: 0x%x proc %s eproc %s",
1143	s != NULL ? s : "",
1144	ev->wake_pkt_ifname, ev->wake_pkt_if_index, ev->wake_pkt_phy_ifname,
1145	ev->wake_pkt_flags & NPIF_TCP ? "tcp" : ev->wake_pkt_flags ? "udp" :
1146	ev->wake_pkt_flags & NPIF_ESP ? "esp" : "unknown",
1147	lbuf, ntohs(ev->wake_pkt_port),
1148	fbuf, ntohs(ev->wake_pkt_foreign_port),
1149	ev->wake_pkt_total_len, ev->wake_pkt_data_len, ev->wake_pkt_control_flags,
1150	ev->wake_pkt_owner_pname, ev->wake_pkt_effective_pname);
1151	}
1152
1153	#endif /* (DEBUG \|\| DEVELOPMENT) */
1154
1155	/*
1156	* The process attribution of a wake packet can take several steps:
1157	*
1158	* 1) After device wakes, the first interface that sees a wake packet is the
1159	* physical interface and we remember it via if_set_wake_physical_interface()
1160	*
1161	* 2) We try to attribute a packet to a flow or not based on the physical interface.
1162	* If we find a flow, then the physical interface is the same as the interface used
1163	* by the TCP/UDP flow.
1164	*
1165	* 3) If the packet is tunneled or redirected we are going to do the attribution again
1166	* and the physical will be different from the interface used the TCP/UDP flow.
1167	*/
1168	static void
1169	if_set_wake_physical_interface(struct ifnet *ifp)
1170	{
1171	if (last_wake_phy_if_set == true \|\| ifp == NULL) {
1172	return;
1173	}
1174	last_wake_phy_if_set = true;
1175	strlcpy(dst: last_wake_phy_if_name, IF_XNAME(ifp), n: sizeof(last_wake_phy_if_name));
1176	last_wake_phy_if_family = ifp->if_family;
1177	last_wake_phy_if_subfamily = ifp->if_subfamily;
1178	last_wake_phy_if_functional_type = if_functional_type(ifp, true);
1179	}
1180
1181	static void
1182	if_notify_unattributed_wake_mbuf(struct ifnet ifp, struct* mbuf *m,
1183	struct net_port_info *npi, uint32_t pkt_total_len, uint32_t pkt_data_len,
1184	uint16_t pkt_control_flags, uint16_t proto)
1185	{
1186	struct kev_msg ev_msg = {};
1187
1188	LCK_MTX_ASSERT(&net_port_entry_head_lock, LCK_MTX_ASSERT_NOTOWNED);
1189
1190	lck_mtx_lock(lck: &net_port_entry_head_lock);
1191	if (has_notified_unattributed_wake) {
1192	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1193	if_ports_used_stats.ifpu_dup_unattributed_wake_event += `1`;
1194
1195	if (__improbable(net_wake_pkt_debug > `0`)) {
1196	net_port_info_log_npi(s: "already notified unattributed wake packet", npi);
1197	}
1198	return;
1199	}
1200	has_notified_unattributed_wake = true;
1201	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1202
1203	if_ports_used_stats.ifpu_unattributed_wake_event += `1`;
1204
1205	ev_msg.vendor_code = KEV_VENDOR_APPLE;
1206	ev_msg.kev_class = KEV_NETWORK_CLASS;
1207	ev_msg.kev_subclass = KEV_POWER_SUBCLASS;
1208	ev_msg.event_code = KEV_POWER_UNATTRIBUTED_WAKE;
1209
1210	struct net_port_info_una_wake_event event_data = {};
1211	uuid_copy(dst: event_data.una_wake_uuid, src: current_wakeuuid);
1212	event_data.una_wake_pkt_if_index = ifp != NULL ? ifp->if_index : `0`;
1213	event_data.una_wake_pkt_flags = npi->npi_flags;
1214
1215	event_data.una_wake_pkt_local_port = npi->npi_local_port;
1216	event_data.una_wake_pkt_foreign_port = npi->npi_foreign_port;
1217	event_data.una_wake_pkt_local_addr_ = npi->npi_local_addr_;
1218	event_data.una_wake_pkt_foreign_addr_ = npi->npi_foreign_addr_;
1219
1220	event_data.una_wake_pkt_total_len = pkt_total_len;
1221	event_data.una_wake_pkt_data_len = pkt_data_len;
1222	event_data.una_wake_pkt_control_flags = pkt_control_flags;
1223	event_data.una_wake_pkt_proto = proto;
1224
1225	if (ifp != NULL) {
1226	strlcpy(dst: event_data.una_wake_pkt_ifname, IF_XNAME(ifp),
1227	n: sizeof(event_data.una_wake_pkt_ifname));
1228	event_data.una_wake_pkt_if_info.npi_if_family = ifp->if_family;
1229	event_data.una_wake_pkt_if_info.npi_if_subfamily = ifp->if_subfamily;
1230	event_data.una_wake_pkt_if_info.npi_if_functional_type = if_functional_type(ifp, true);
1231
1232	strlcpy(dst: event_data.una_wake_pkt_phy_ifname, src: last_wake_phy_if_name,
1233	n: sizeof(event_data.una_wake_pkt_phy_ifname));
1234	event_data.una_wake_pkt_phy_if_info.npi_if_family = last_wake_phy_if_family;
1235	event_data.una_wake_pkt_phy_if_info.npi_if_subfamily = last_wake_phy_if_subfamily;
1236	event_data.una_wake_pkt_phy_if_info.npi_if_functional_type = last_wake_phy_if_functional_type;
1237	} else {
1238	if_ports_used_stats.ifpu_unattributed_null_recvif += `1`;
1239	}
1240
1241	event_data.una_wake_ptk_len = m->m_pkthdr.len > NPI_MAX_UNA_WAKE_PKT_LEN ?
1242	NPI_MAX_UNA_WAKE_PKT_LEN : (u_int16_t)m->m_pkthdr.len;
1243
1244	errno_t error = mbuf_copydata(mbuf: m, offset: `0`, length: event_data.una_wake_ptk_len,
1245	out_data: (void *)event_data.una_wake_pkt);
1246	if (error != `0`) {
1247	uuid_string_t wake_uuid_str;
1248
1249	uuid_unparse(uu: event_data.una_wake_uuid, out: wake_uuid_str);
1250	os_log_error(OS_LOG_DEFAULT,
1251	"%s: mbuf_copydata() failed with error %d for wake uuid %s",
1252	__func__, error, wake_uuid_str);
1253
1254	if_ports_used_stats.ifpu_unattributed_wake_event_error += `1`;
1255	return;
1256	}
1257
1258	ev_msg.dv[`0`].data_ptr = &event_data;
1259	ev_msg.dv[`0`].data_length = sizeof(event_data);
1260
1261	int result = kev_post_msg(event: &ev_msg);
1262	if (result != `0`) {
1263	uuid_string_t wake_uuid_str;
1264
1265	uuid_unparse(uu: event_data.una_wake_uuid, out: wake_uuid_str);
1266	os_log_error(OS_LOG_DEFAULT,
1267	"%s: kev_post_msg() failed with error %d for wake uuid %s",
1268	__func__, result, wake_uuid_str);
1269
1270	if_ports_used_stats.ifpu_unattributed_wake_event_error += `1`;
1271	}
1272
1273	#if (DEBUG \|\| DEVELOPMENT)
1274	net_port_info_log_una_wake_event("unattributed wake packet event", &event_data);
1275	#endif /* (DEBUG \|\| DEVELOPMENT) */
1276	}
1277
1278	static void
1279	if_notify_wake_packet(struct ifnet ifp, struct* net_port_info *npi,
1280	uint32_t pkt_total_len, uint32_t pkt_data_len, uint16_t pkt_control_flags)
1281	{
1282	struct kev_msg ev_msg = {};
1283
1284	ev_msg.vendor_code = KEV_VENDOR_APPLE;
1285	ev_msg.kev_class = KEV_NETWORK_CLASS;
1286	ev_msg.kev_subclass = KEV_POWER_SUBCLASS;
1287	ev_msg.event_code = KEV_POWER_WAKE_PACKET;
1288
1289	struct net_port_info_wake_event event_data = {};
1290
1291	uuid_copy(dst: event_data.wake_uuid, src: current_wakeuuid);
1292	event_data.wake_pkt_if_index = ifp->if_index;
1293	event_data.wake_pkt_port = npi->npi_local_port;
1294	event_data.wake_pkt_flags = npi->npi_flags;
1295	event_data.wake_pkt_owner_pid = npi->npi_owner_pid;
1296	event_data.wake_pkt_effective_pid = npi->npi_effective_pid;
1297	strlcpy(dst: event_data.wake_pkt_owner_pname, src: npi->npi_owner_pname,
1298	n: sizeof(event_data.wake_pkt_owner_pname));
1299	strlcpy(dst: event_data.wake_pkt_effective_pname, src: npi->npi_effective_pname,
1300	n: sizeof(event_data.wake_pkt_effective_pname));
1301	uuid_copy(dst: event_data.wake_pkt_owner_uuid, src: npi->npi_owner_uuid);
1302	uuid_copy(dst: event_data.wake_pkt_effective_uuid, src: npi->npi_effective_uuid);
1303
1304	event_data.wake_pkt_foreign_port = npi->npi_foreign_port;
1305	event_data.wake_pkt_local_addr_ = npi->npi_local_addr_;
1306	event_data.wake_pkt_foreign_addr_ = npi->npi_foreign_addr_;
1307	strlcpy(dst: event_data.wake_pkt_ifname, IF_XNAME(ifp), n: sizeof(event_data.wake_pkt_ifname));
1308
1309	event_data.wake_pkt_if_info.npi_if_family = ifp->if_family;
1310	event_data.wake_pkt_if_info.npi_if_subfamily = ifp->if_subfamily;
1311	event_data.wake_pkt_if_info.npi_if_functional_type = if_functional_type(ifp, true);
1312
1313	strlcpy(dst: event_data.wake_pkt_phy_ifname, src: last_wake_phy_if_name,
1314	n: sizeof(event_data.wake_pkt_phy_ifname));
1315	event_data.wake_pkt_phy_if_info.npi_if_family = last_wake_phy_if_family;
1316	event_data.wake_pkt_phy_if_info.npi_if_subfamily = last_wake_phy_if_subfamily;
1317	event_data.wake_pkt_phy_if_info.npi_if_functional_type = last_wake_phy_if_functional_type;
1318
1319	event_data.wake_pkt_total_len = pkt_total_len;
1320	event_data.wake_pkt_data_len = pkt_data_len;
1321	event_data.wake_pkt_control_flags = pkt_control_flags;
1322	if (npi->npi_flags & NPIF_NOWAKE) {
1323	event_data.wake_pkt_control_flags \|= NPICF_NOWAKE;
1324	}
1325
1326	ev_msg.dv[`0`].data_ptr = &event_data;
1327	ev_msg.dv[`0`].data_length = sizeof(event_data);
1328
1329	LCK_MTX_ASSERT(&net_port_entry_head_lock, LCK_MTX_ASSERT_NOTOWNED);
1330
1331	lck_mtx_lock(lck: &net_port_entry_head_lock);
1332
1333	if (has_notified_wake_pkt) {
1334	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1335	if_ports_used_stats.ifpu_dup_wake_pkt_event += `1`;
1336
1337	if (__improbable(net_wake_pkt_debug > `0`)) {
1338	net_port_info_log_npi(s: "already notified wake packet", npi);
1339	}
1340	return;
1341	}
1342	has_notified_wake_pkt = true;
1343
1344	memcpy(dst: &last_attributed_wake_event, src: &event_data, n: sizeof(last_attributed_wake_event));
1345
1346	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1347
1348	if (npi->npi_flags & NPIF_NOWAKE) {
1349	if_ports_used_stats.ifpu_spurious_wake_event += `1`;
1350	} else {
1351	if_ports_used_stats.ifpu_wake_pkt_event += `1`;
1352	}
1353
1354	int result = kev_post_msg(event: &ev_msg);
1355	if (result != `0`) {
1356	uuid_string_t wake_uuid_str;
1357
1358	uuid_unparse(uu: event_data.wake_uuid, out: wake_uuid_str);
1359	os_log_error(OS_LOG_DEFAULT,
1360	"%s: kev_post_msg() failed with error %d for wake uuid %s",
1361	__func__, result, wake_uuid_str);
1362
1363	if_ports_used_stats.ifpu_wake_pkt_event_error += `1`;
1364	}
1365	#if (DEBUG \|\| DEVELOPMENT)
1366	net_port_info_log_wake_event("attributed wake packet event", &event_data);
1367	#endif /* (DEBUG \|\| DEVELOPMENT) */
1368	}
1369
1370	static bool
1371	is_encapsulated_esp(struct mbuf *m, size_t data_offset)
1372	{
1373	/*
1374	* They are three cases:
1375	* - Keep alive: 1 byte payload
1376	* - IKE: payload start with 4 bytes header set to zero before ISAKMP header
1377	* - otherwise it's ESP
1378	*/
1379	ASSERT(m->m_pkthdr.len >= data_offset);
1380
1381	size_t data_len = m->m_pkthdr.len - data_offset;
1382	if (data_len == `1`) {
1383	return false;
1384	} else if (data_len > ESP_HDR_SIZE) {
1385	uint8_t payload[ESP_HDR_SIZE];
1386
1387	errno_t error = mbuf_copydata(mbuf: m, offset: data_offset, ESP_HDR_SIZE, out_data: &payload);
1388	if (error != `0`) {
1389	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(ESP_HDR_SIZE) error %d",
1390	__func__, error);
1391	} else if (payload[`0`] == `0` && payload[`1`] == `0` &&
1392	payload[`2`] == `0` && payload[`3`] == `0`) {
1393	return false;
1394	}
1395	}
1396	return true;
1397	}
1398
1399	void
1400	if_ports_used_match_mbuf(struct ifnet ifp, protocol_family_t proto_family, struct* mbuf *m)
1401	{
1402	errno_t error;
1403	struct net_port_info npi = {};
1404	bool found = false;
1405	uint32_t pkt_total_len = `0`;
1406	uint32_t pkt_data_len = `0`;
1407	uint16_t pkt_control_flags = `0`;
1408	uint16_t pkt_proto = `0`;
1409
1410	if ((m->m_pkthdr.pkt_flags & PKTF_WAKE_PKT) == `0`) {
1411	if_ports_used_stats.ifpu_match_wake_pkt_no_flag += `1`;
1412	os_log_error(OS_LOG_DEFAULT, "%s: called PKTF_WAKE_PKT not set from %s",
1413	__func__, ifp != NULL ? IF_XNAME(ifp) : "");
1414	return;
1415	}
1416
1417	if_ports_used_stats.ifpu_so_match_wake_pkt += `1`;
1418	npi.npi_flags \|= NPIF_SOCKET; / For logging /
1419	pkt_total_len = m->m_pkthdr.len;
1420	pkt_data_len = pkt_total_len;
1421
1422	if (ifp != NULL) {
1423	npi.npi_if_index = ifp->if_index;
1424	if (IFNET_IS_COMPANION_LINK(ifp)) {
1425	npi.npi_flags \|= NPIF_COMPLINK;
1426	}
1427	if_set_wake_physical_interface(ifp);
1428	}
1429
1430	if (proto_family == PF_INET) {
1431	struct ip iphdr = {};
1432
1433	if_ports_used_stats.ifpu_ipv4_wake_pkt += `1`;
1434
1435	error = mbuf_copydata(mbuf: m, offset: `0`, length: sizeof(struct ip), out_data: &iphdr);
1436	if (error != `0`) {
1437	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(ip) error %d",
1438	__func__, error);
1439	goto failed;
1440	}
1441	npi.npi_flags \|= NPIF_IPV4;
1442	npi.npi_local_addr_in = iphdr.ip_dst;
1443	npi.npi_foreign_addr_in = iphdr.ip_src;
1444
1445	/*
1446	* Check if this is a fragment that is not the first fragment
1447	*/
1448	if ((ntohs(iphdr.ip_off) & ~(IP_DF \| IP_RF)) &&
1449	(ntohs(iphdr.ip_off) & IP_OFFMASK) != `0`) {
1450	npi.npi_flags \|= NPIF_FRAG;
1451	if_ports_used_stats.ifpu_frag_wake_pkt += `1`;
1452	}
1453
1454	if ((iphdr.ip_hl << `2`) < pkt_data_len) {
1455	pkt_data_len -= iphdr.ip_hl << `2`;
1456	} else {
1457	pkt_data_len = `0`;
1458	}
1459
1460	pkt_proto = iphdr.ip_p;
1461
1462	switch (iphdr.ip_p) {
1463	case IPPROTO_TCP: {
1464	if_ports_used_stats.ifpu_tcp_wake_pkt += `1`;
1465	npi.npi_flags \|= NPIF_TCP;
1466
1467	if (npi.npi_flags & NPIF_FRAG) {
1468	goto failed;
1469	}
1470
1471	struct tcphdr th = {};
1472	error = mbuf_copydata(mbuf: m, offset: iphdr.ip_hl << `2`, length: sizeof(struct tcphdr), out_data: &th);
1473	if (error != `0`) {
1474	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(tcphdr) error %d",
1475	__func__, error);
1476	goto failed;
1477	}
1478	npi.npi_local_port = th.th_dport;
1479	npi.npi_foreign_port = th.th_sport;
1480
1481	if (pkt_data_len < sizeof(struct tcphdr) \|\|
1482	pkt_data_len < (th.th_off << `2`)) {
1483	pkt_data_len = `0`;
1484	} else {
1485	pkt_data_len -= th.th_off << `2`;
1486	}
1487	pkt_control_flags = th.th_flags;
1488	break;
1489	}
1490	case IPPROTO_UDP: {
1491	if_ports_used_stats.ifpu_udp_wake_pkt += `1`;
1492	npi.npi_flags \|= NPIF_UDP;
1493
1494	if (npi.npi_flags & NPIF_FRAG) {
1495	goto failed;
1496	}
1497	struct udphdr uh = {};
1498	size_t udp_offset = iphdr.ip_hl << `2`;
1499
1500	error = mbuf_copydata(mbuf: m, offset: udp_offset, length: sizeof(struct udphdr), out_data: &uh);
1501	if (error != `0`) {
1502	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(udphdr) error %d",
1503	__func__, error);
1504	goto failed;
1505	}
1506	npi.npi_local_port = uh.uh_dport;
1507	npi.npi_foreign_port = uh.uh_sport;
1508	/*
1509	* Let the ESP layer handle wake packets
1510	*/
1511	if (ntohs(uh.uh_dport) == PORT_ISAKMP_NATT \|\|
1512	ntohs(uh.uh_sport) == PORT_ISAKMP_NATT) {
1513	if_ports_used_stats.ifpu_isakmp_natt_wake_pkt += `1`;
1514	if (is_encapsulated_esp(m, data_offset: udp_offset + sizeof(struct udphdr))) {
1515	if (net_wake_pkt_debug > `0`) {
1516	net_port_info_log_npi(s: "defer ISAKMP_NATT matching", npi: &npi);
1517	}
1518	return;
1519	}
1520	}
1521
1522	if (pkt_data_len < sizeof(struct udphdr)) {
1523	pkt_data_len = `0`;
1524	} else {
1525	pkt_data_len -= sizeof(struct udphdr);
1526	}
1527	break;
1528	}
1529	case IPPROTO_ESP: {
1530	/*
1531	* Let the ESP layer handle wake packets
1532	*/
1533	if_ports_used_stats.ifpu_esp_wake_pkt += `1`;
1534	npi.npi_flags \|= NPIF_ESP;
1535	if (net_wake_pkt_debug > `0`) {
1536	net_port_info_log_npi(s: "defer ESP matching", npi: &npi);
1537	}
1538	return;
1539	}
1540	default:
1541	if_ports_used_stats.ifpu_bad_proto_wake_pkt += `1`;
1542	os_log(OS_LOG_DEFAULT, "%s: unexpected IPv4 protocol %u from %s",
1543	__func__, iphdr.ip_p, IF_XNAME(ifp));
1544	goto failed;
1545	}
1546	} else if (proto_family == PF_INET6) {
1547	struct ip6_hdr ip6_hdr = {};
1548
1549	if_ports_used_stats.ifpu_ipv6_wake_pkt += `1`;
1550
1551	error = mbuf_copydata(mbuf: m, offset: `0`, length: sizeof(struct ip6_hdr), out_data: &ip6_hdr);
1552	if (error != `0`) {
1553	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(ip6_hdr) error %d",
1554	__func__, error);
1555	goto failed;
1556	}
1557	npi.npi_flags \|= NPIF_IPV6;
1558	memcpy(dst: &npi.npi_local_addr_in6, src: &ip6_hdr.ip6_dst, n: sizeof(struct in6_addr));
1559	memcpy(dst: &npi.npi_foreign_addr_in6, src: &ip6_hdr.ip6_src, n: sizeof(struct in6_addr));
1560
1561	size_t l3_len = sizeof(struct ip6_hdr);
1562	uint8_t l4_proto = ip6_hdr.ip6_nxt;
1563
1564	pkt_proto = l4_proto;
1565
1566	if (pkt_data_len < l3_len) {
1567	pkt_data_len = `0`;
1568	} else {
1569	pkt_data_len -= l3_len;
1570	}
1571
1572	/*
1573	* Check if this is a fragment that is not the first fragment
1574	*/
1575	if (l4_proto == IPPROTO_FRAGMENT) {
1576	struct ip6_frag ip6_frag;
1577
1578	error = mbuf_copydata(mbuf: m, offset: sizeof(struct ip6_hdr), length: sizeof(struct ip6_frag), out_data: &ip6_frag);
1579	if (error != `0`) {
1580	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(ip6_frag) error %d",
1581	__func__, error);
1582	goto failed;
1583	}
1584
1585	l3_len += sizeof(struct ip6_frag);
1586	l4_proto = ip6_frag.ip6f_nxt;
1587
1588	if ((ip6_frag.ip6f_offlg & IP6F_OFF_MASK) != `0`) {
1589	npi.npi_flags \|= NPIF_FRAG;
1590	if_ports_used_stats.ifpu_frag_wake_pkt += `1`;
1591	}
1592	}
1593
1594
1595	switch (l4_proto) {
1596	case IPPROTO_TCP: {
1597	if_ports_used_stats.ifpu_tcp_wake_pkt += `1`;
1598	npi.npi_flags \|= NPIF_TCP;
1599
1600	/*
1601	* Cannot attribute a fragment that is not the first fragment as it
1602	* not have the TCP header
1603	*/
1604	if (npi.npi_flags & NPIF_FRAG) {
1605	goto failed;
1606	}
1607
1608	struct tcphdr th = {};
1609
1610	error = mbuf_copydata(mbuf: m, offset: l3_len, length: sizeof(struct tcphdr), out_data: &th);
1611	if (error != `0`) {
1612	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(tcphdr) error %d",
1613	__func__, error);
1614	if_ports_used_stats.ifpu_incomplete_tcp_hdr_pkt += `1`;
1615	goto failed;
1616	}
1617	npi.npi_local_port = th.th_dport;
1618	npi.npi_foreign_port = th.th_sport;
1619
1620	if (pkt_data_len < sizeof(struct tcphdr) \|\|
1621	pkt_data_len < (th.th_off << `2`)) {
1622	pkt_data_len = `0`;
1623	} else {
1624	pkt_data_len -= th.th_off << `2`;
1625	}
1626	pkt_control_flags = th.th_flags;
1627	break;
1628	}
1629	case IPPROTO_UDP: {
1630	if_ports_used_stats.ifpu_udp_wake_pkt += `1`;
1631	npi.npi_flags \|= NPIF_UDP;
1632
1633	/*
1634	* Cannot attribute a fragment that is not the first fragment as it
1635	* not have the UDP header
1636	*/
1637	if (npi.npi_flags & NPIF_FRAG) {
1638	goto failed;
1639	}
1640
1641	struct udphdr uh = {};
1642
1643	error = mbuf_copydata(mbuf: m, offset: l3_len, length: sizeof(struct udphdr), out_data: &uh);
1644	if (error != `0`) {
1645	os_log(OS_LOG_DEFAULT, "%s: mbuf_copydata(udphdr) error %d",
1646	__func__, error);
1647	if_ports_used_stats.ifpu_incomplete_udp_hdr_pkt += `1`;
1648	goto failed;
1649	}
1650	npi.npi_local_port = uh.uh_dport;
1651	npi.npi_foreign_port = uh.uh_sport;
1652	/*
1653	* Let the ESP layer handle wake packets
1654	*/
1655	if (ntohs(npi.npi_local_port) == PORT_ISAKMP_NATT \|\|
1656	ntohs(npi.npi_foreign_port) == PORT_ISAKMP_NATT) {
1657	if_ports_used_stats.ifpu_isakmp_natt_wake_pkt += `1`;
1658	if (is_encapsulated_esp(m, data_offset: l3_len + sizeof(struct udphdr))) {
1659	if (net_wake_pkt_debug > `0`) {
1660	net_port_info_log_npi(s: "defer encapsulated ESP matching", npi: &npi);
1661	}
1662	return;
1663	}
1664	}
1665
1666	if (pkt_data_len < sizeof(struct udphdr)) {
1667	pkt_data_len = `0`;
1668	} else {
1669	pkt_data_len -= sizeof(struct udphdr);
1670	}
1671	break;
1672	}
1673	case IPPROTO_ESP: {
1674	/*
1675	* Let the ESP layer handle the wake packet
1676	*/
1677	if_ports_used_stats.ifpu_esp_wake_pkt += `1`;
1678	npi.npi_flags \|= NPIF_ESP;
1679	if (net_wake_pkt_debug > `0`) {
1680	net_port_info_log_npi(s: "defer ESP matching", npi: &npi);
1681	}
1682	return;
1683	}
1684	default:
1685	if_ports_used_stats.ifpu_bad_proto_wake_pkt += `1`;
1686
1687	os_log(OS_LOG_DEFAULT, "%s: unexpected IPv6 protocol %u from %s",
1688	__func__, ip6_hdr.ip6_nxt, IF_XNAME(ifp));
1689	goto failed;
1690	}
1691	} else {
1692	if_ports_used_stats.ifpu_bad_family_wake_pkt += `1`;
1693	os_log(OS_LOG_DEFAULT, "%s: unexpected protocol family %d from %s",
1694	__func__, proto_family, IF_XNAME(ifp));
1695	goto failed;
1696	}
1697	if (ifp == NULL) {
1698	goto failed;
1699	}
1700
1701	found = net_port_info_find_match(in_npi: &npi);
1702	if (found) {
1703	if_notify_wake_packet(ifp, npi: &npi,
1704	pkt_total_len, pkt_data_len, pkt_control_flags);
1705	} else {
1706	if_notify_unattributed_wake_mbuf(ifp, m, npi: &npi,
1707	pkt_total_len, pkt_data_len, pkt_control_flags, proto: pkt_proto);
1708	}
1709	return;
1710	failed:
1711	if_notify_unattributed_wake_mbuf(ifp, m, npi: &npi,
1712	pkt_total_len, pkt_data_len, pkt_control_flags, proto: pkt_proto);
1713	}
1714
1715	#if SKYWALK
1716
1717	static void
1718	if_notify_unattributed_wake_pkt(struct ifnet ifp, struct* __kern_packet *pkt,
1719	struct net_port_info *npi, uint32_t pkt_total_len, uint32_t pkt_data_len,
1720	uint16_t pkt_control_flags, uint16_t proto)
1721	{
1722	struct kev_msg ev_msg = {};
1723
1724	LCK_MTX_ASSERT(&net_port_entry_head_lock, LCK_MTX_ASSERT_NOTOWNED);
1725
1726	lck_mtx_lock(lck: &net_port_entry_head_lock);
1727	if (has_notified_unattributed_wake) {
1728	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1729	if_ports_used_stats.ifpu_dup_unattributed_wake_event += `1`;
1730
1731	if (__improbable(net_wake_pkt_debug > `0`)) {
1732	net_port_info_log_npi(s: "already notified unattributed wake packet", npi);
1733	}
1734	return;
1735	}
1736	has_notified_unattributed_wake = true;
1737	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1738
1739	if_ports_used_stats.ifpu_unattributed_wake_event += `1`;
1740
1741	if (ifp == NULL) {
1742	os_log(OS_LOG_DEFAULT, "%s: receive interface is NULL",
1743	__func__);
1744	if_ports_used_stats.ifpu_unattributed_null_recvif += `1`;
1745	}
1746
1747	ev_msg.vendor_code = KEV_VENDOR_APPLE;
1748	ev_msg.kev_class = KEV_NETWORK_CLASS;
1749	ev_msg.kev_subclass = KEV_POWER_SUBCLASS;
1750	ev_msg.event_code = KEV_POWER_UNATTRIBUTED_WAKE;
1751
1752	struct net_port_info_una_wake_event event_data = {};
1753	uuid_copy(dst: event_data.una_wake_uuid, src: current_wakeuuid);
1754	event_data.una_wake_pkt_if_index = ifp != NULL ? ifp->if_index : `0`;
1755	event_data.una_wake_pkt_flags = npi->npi_flags;
1756
1757	uint16_t offset = kern_packet_get_network_header_offset(SK_PKT2PH(pkt));
1758	event_data.una_wake_ptk_len =
1759	pkt->pkt_length - offset > NPI_MAX_UNA_WAKE_PKT_LEN ?
1760	NPI_MAX_UNA_WAKE_PKT_LEN : (u_int16_t) pkt->pkt_length - offset;
1761
1762	kern_packet_copy_bytes(SK_PKT2PH(pkt), offset, event_data.una_wake_ptk_len,
1763	event_data.una_wake_pkt);
1764
1765	event_data.una_wake_pkt_local_port = npi->npi_local_port;
1766	event_data.una_wake_pkt_foreign_port = npi->npi_foreign_port;
1767	event_data.una_wake_pkt_local_addr_ = npi->npi_local_addr_;
1768	event_data.una_wake_pkt_foreign_addr_ = npi->npi_foreign_addr_;
1769	if (ifp != NULL) {
1770	strlcpy(dst: event_data.una_wake_pkt_ifname, IF_XNAME(ifp),
1771	n: sizeof(event_data.una_wake_pkt_ifname));
1772	}
1773
1774	event_data.una_wake_pkt_total_len = pkt_total_len;
1775	event_data.una_wake_pkt_data_len = pkt_data_len;
1776	event_data.una_wake_pkt_control_flags = pkt_control_flags;
1777	event_data.una_wake_pkt_proto = proto;
1778
1779	ev_msg.dv[`0`].data_ptr = &event_data;
1780	ev_msg.dv[`0`].data_length = sizeof(event_data);
1781
1782	int result = kev_post_msg(event: &ev_msg);
1783	if (result != `0`) {
1784	uuid_string_t wake_uuid_str;
1785
1786	uuid_unparse(uu: event_data.una_wake_uuid, out: wake_uuid_str);
1787	os_log_error(OS_LOG_DEFAULT,
1788	"%s: kev_post_msg() failed with error %d for wake uuid %s",
1789	__func__, result, wake_uuid_str);
1790
1791	if_ports_used_stats.ifpu_unattributed_wake_event_error += `1`;
1792	}
1793	#if (DEBUG \|\| DEVELOPMENT)
1794	net_port_info_log_una_wake_event("unattributed wake packet event", &event_data);
1795	#endif /* (DEBUG \|\| DEVELOPMENT) */
1796	}
1797
1798	void
1799	if_ports_used_match_pkt(struct ifnet ifp, struct* __kern_packet *pkt)
1800	{
1801	struct net_port_info npi = {};
1802	bool found = false;
1803	uint32_t pkt_total_len = `0`;
1804	uint32_t pkt_data_len = `0`;
1805	uint16_t pkt_control_flags = `0`;
1806	uint16_t pkt_proto = `0`;
1807
1808	if ((pkt->pkt_pflags & PKT_F_WAKE_PKT) == `0`) {
1809	if_ports_used_stats.ifpu_match_wake_pkt_no_flag += `1`;
1810	os_log_error(OS_LOG_DEFAULT, "%s: called PKT_F_WAKE_PKT not set from %s",
1811	__func__, IF_XNAME(ifp));
1812	return;
1813	}
1814
1815	if_ports_used_stats.ifpu_ch_match_wake_pkt += `1`;
1816	npi.npi_flags \|= NPIF_CHANNEL; / For logging /
1817	pkt_total_len = pkt->pkt_flow_ip_hlen +
1818	pkt->pkt_flow_tcp_hlen + pkt->pkt_flow_ulen;
1819	pkt_data_len = pkt->pkt_flow_ulen;
1820
1821	if (ifp != NULL) {
1822	npi.npi_if_index = ifp->if_index;
1823	if (IFNET_IS_COMPANION_LINK(ifp)) {
1824	npi.npi_flags \|= NPIF_COMPLINK;
1825	}
1826	if_set_wake_physical_interface(ifp);
1827	}
1828
1829	switch (pkt->pkt_flow_ip_ver) {
1830	case IPVERSION:
1831	if_ports_used_stats.ifpu_ipv4_wake_pkt += `1`;
1832
1833	npi.npi_flags \|= NPIF_IPV4;
1834	npi.npi_local_addr_in = pkt->pkt_flow_ipv4_dst;
1835	npi.npi_foreign_addr_in = pkt->pkt_flow_ipv4_src;
1836	break;
1837	case IPV6_VERSION:
1838	if_ports_used_stats.ifpu_ipv6_wake_pkt += `1`;
1839
1840	npi.npi_flags \|= NPIF_IPV6;
1841	memcpy(dst: &npi.npi_local_addr_in6, src: &pkt->pkt_flow_ipv6_dst,
1842	n: sizeof(struct in6_addr));
1843	memcpy(dst: &npi.npi_foreign_addr_in6, src: &pkt->pkt_flow_ipv6_src,
1844	n: sizeof(struct in6_addr));
1845	break;
1846	default:
1847	if_ports_used_stats.ifpu_bad_family_wake_pkt += `1`;
1848
1849	os_log(OS_LOG_DEFAULT, "%s: unexpected protocol family %u from %s",
1850	__func__, pkt->pkt_flow_ip_ver, IF_XNAME(ifp));
1851	goto failed;
1852	}
1853	pkt_proto = pkt->pkt_flow_ip_ver;
1854
1855	/*
1856	* Check if this is a fragment that is not the first fragment
1857	*/
1858	if (pkt->pkt_flow_ip_is_frag && !pkt->pkt_flow_ip_is_first_frag) {
1859	os_log(OS_LOG_DEFAULT, "%s: unexpected wake fragment from %s",
1860	__func__, IF_XNAME(ifp));
1861	npi.npi_flags \|= NPIF_FRAG;
1862	if_ports_used_stats.ifpu_frag_wake_pkt += `1`;
1863	}
1864
1865	switch (pkt->pkt_flow_ip_proto) {
1866	case IPPROTO_TCP: {
1867	if_ports_used_stats.ifpu_tcp_wake_pkt += `1`;
1868	npi.npi_flags \|= NPIF_TCP;
1869
1870	/*
1871	* Cannot attribute a fragment that is not the first fragment as it
1872	* not have the TCP header
1873	*/
1874	if (npi.npi_flags & NPIF_FRAG) {
1875	goto failed;
1876	}
1877	struct tcphdr tcp = (struct* tcphdr *)pkt->pkt_flow_tcp_hdr;
1878	if (tcp == NULL) {
1879	os_log(OS_LOG_DEFAULT, "%s: pkt with unassigned TCP header from %s",
1880	__func__, IF_XNAME(ifp));
1881	if_ports_used_stats.ifpu_incomplete_tcp_hdr_pkt += `1`;
1882	goto failed;
1883	}
1884	npi.npi_local_port = tcp->th_dport;
1885	npi.npi_foreign_port = tcp->th_sport;
1886	pkt_control_flags = tcp->th_flags;
1887	break;
1888	}
1889	case IPPROTO_UDP: {
1890	if_ports_used_stats.ifpu_udp_wake_pkt += `1`;
1891	npi.npi_flags \|= NPIF_UDP;
1892
1893	/*
1894	* Cannot attribute a fragment that is not the first fragment as it
1895	* not have the UDP header
1896	*/
1897	if (npi.npi_flags & NPIF_FRAG) {
1898	goto failed;
1899	}
1900	struct udphdr uh = (struct* udphdr *)pkt->pkt_flow_udp_hdr;
1901	if (uh == NULL) {
1902	os_log(OS_LOG_DEFAULT, "%s: pkt with unassigned UDP header from %s",
1903	__func__, IF_XNAME(ifp));
1904	if_ports_used_stats.ifpu_incomplete_udp_hdr_pkt += `1`;
1905	goto failed;
1906	}
1907	npi.npi_local_port = uh->uh_dport;
1908	npi.npi_foreign_port = uh->uh_sport;
1909
1910	/*
1911	* Defer matching of UDP NAT traversal to ip_input
1912	* (assumes IKE uses sockets)
1913	*/
1914	if (ntohs(npi.npi_local_port) == PORT_ISAKMP_NATT \|\|
1915	ntohs(npi.npi_foreign_port) == PORT_ISAKMP_NATT) {
1916	if_ports_used_stats.ifpu_deferred_isakmp_natt_wake_pkt += `1`;
1917	if (net_wake_pkt_debug > `0`) {
1918	net_port_info_log_npi(s: "defer ISAKMP_NATT matching", npi: &npi);
1919	}
1920	return;
1921	}
1922	break;
1923	}
1924	case IPPROTO_ESP: {
1925	/*
1926	* Let the ESP layer handle the wake packet
1927	*/
1928	if_ports_used_stats.ifpu_esp_wake_pkt += `1`;
1929	npi.npi_flags \|= NPIF_ESP;
1930	if (net_wake_pkt_debug > `0`) {
1931	net_port_info_log_npi(s: "defer ESP matching", npi: &npi);
1932	}
1933	return;
1934	}
1935	default:
1936	if_ports_used_stats.ifpu_bad_proto_wake_pkt += `1`;
1937
1938	os_log(OS_LOG_DEFAULT, "%s: unexpected IP protocol %u from %s",
1939	__func__, pkt->pkt_flow_ip_proto, IF_XNAME(ifp));
1940	goto failed;
1941	}
1942
1943	if (ifp == NULL) {
1944	goto failed;
1945	}
1946
1947	found = net_port_info_find_match(in_npi: &npi);
1948	if (found) {
1949	if_notify_wake_packet(ifp, npi: &npi,
1950	pkt_total_len, pkt_data_len, pkt_control_flags);
1951	} else {
1952	if_notify_unattributed_wake_pkt(ifp, pkt, npi: &npi,
1953	pkt_total_len, pkt_data_len, pkt_control_flags, proto: pkt_proto);
1954	}
1955	return;
1956	failed:
1957	if_notify_unattributed_wake_pkt(ifp, pkt, npi: &npi,
1958	pkt_total_len, pkt_data_len, pkt_control_flags, proto: pkt_proto);
1959	}
1960	#endif /* SKYWALK */
1961
1962	int
1963	sysctl_last_attributed_wake_event SYSCTL_HANDLER_ARGS
1964	{
1965	#pragma unused(oidp, arg1, arg2)
1966	size_t len = sizeof(struct net_port_info_wake_event);
1967
1968	if (req->oldptr != `0`) {
1969	len = MIN(req->oldlen, len);
1970	}
1971	lck_mtx_lock(lck: &net_port_entry_head_lock);
1972	int error = SYSCTL_OUT(req, &last_attributed_wake_event, len);
1973	lck_mtx_unlock(lck: &net_port_entry_head_lock);
1974
1975	return error;
1976	}
1977

Browse the source code of xnu/bsd/net/if_ports_used.c