in_mcast.c source code [xnu/bsd/netinet/in_mcast.c]

1	/*
2	* Copyright (c) 2010-2022 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28	/-*
29	* Copyright (c) 2007-2009 Bruce Simpson.
30	* Copyright (c) 2005 Robert N. M. Watson.
31	* All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	* 1. Redistributions of source code must retain the above copyright
37	* notice, this list of conditions and the following disclaimer.
38	* 2. Redistributions in binary form must reproduce the above copyright
39	* notice, this list of conditions and the following disclaimer in the
40	* documentation and/or other materials provided with the distribution.
41	* 3. The name of the author may not be used to endorse or promote
42	* products derived from this software without specific prior written
43	* permission.
44	*
45	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
46	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
49	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55	* SUCH DAMAGE.
56	*/
57
58	/*
59	* IPv4 multicast socket, group, and socket option processing module.
60	*/
61
62	#include <sys/cdefs.h>
63
64	#include <sys/param.h>
65	#include <sys/systm.h>
66	#include <sys/kernel.h>
67	#include <sys/malloc.h>
68	#include <sys/mbuf.h>
69	#include <sys/protosw.h>
70	#include <sys/socket.h>
71	#include <sys/socketvar.h>
72	#include <sys/protosw.h>
73	#include <sys/sysctl.h>
74	#include <sys/tree.h>
75	#include <sys/mcache.h>
76
77	#include <kern/zalloc.h>
78
79	#include <pexpert/pexpert.h>
80
81	#include <net/if.h>
82	#include <net/if_dl.h>
83	#include <net/net_api_stats.h>
84	#include <net/route.h>
85
86	#include <netinet/in.h>
87	#include <netinet/in_systm.h>
88	#include <netinet/in_pcb.h>
89	#include <netinet/in_var.h>
90	#include <netinet/ip_var.h>
91	#include <netinet/igmp_var.h>
92
93	#include <net/sockaddr_utils.h>
94
95	/*
96	* Functions with non-static linkage defined in this file should be
97	* declared in in_var.h:
98	* imo_multi_filter()
99	* in_addmulti()
100	* in_delmulti()
101	* in_joingroup()
102	* in_leavegroup()
103	* and ip_var.h:
104	* inp_freemoptions()
105	* inp_getmoptions()
106	* inp_setmoptions()
107	*
108	* XXX: Both carp and pf need to use the legacy (*,G) KPIs in_addmulti()
109	* and in_delmulti().
110	*/
111	static void imf_commit(struct in_mfilter *);
112	static int imf_get_source(struct in_mfilter *imf,
113	const struct sockaddr_in *psin,
114	struct in_msource **);
115	static struct in_msource *
116	imf_graft(struct in_mfilter , const* uint8_t,
117	const struct sockaddr_in *);
118	static int imf_prune(struct in_mfilter , const* struct sockaddr_in *);
119	static void imf_rollback(struct in_mfilter *);
120	static void imf_reap(struct in_mfilter *);
121	static int imo_grow(struct ip_moptions *, uint16_t);
122	static size_t imo_match_group(const struct ip_moptions *,
123	const struct ifnet , const* struct sockaddr_in *);
124	static struct in_msource *
125	imo_match_source(const struct ip_moptions , const* size_t,
126	const struct sockaddr_in *);
127	static void ims_merge(struct ip_msource *ims,
128	const struct in_msource lims, const* int rollback);
129	static int in_getmulti(struct ifnet , const* struct in_addr *,
130	struct in_multi **);
131	static int in_joingroup(struct ifnet , const* struct in_addr *,
132	struct in_mfilter , struct* in_multi **);
133	static int inm_get_source(struct in_multi inm, const* in_addr_t haddr,
134	const int noalloc, struct ip_msource **pims);
135	static int inm_is_ifp_detached(const struct in_multi *);
136	static int inm_merge(struct in_multi , /const/* struct in_mfilter *);
137	static void inm_reap(struct in_multi *);
138	static struct ip_moptions *
139	inp_findmoptions(struct inpcb *);
140	static int inp_get_source_filters(struct inpcb , struct* sockopt *);
141	static struct ifnet *
142	inp_lookup_mcast_ifp(const struct inpcb *,
143	const struct sockaddr_in , const* struct in_addr);
144	static int inp_block_unblock_source(struct inpcb , struct* sockopt *);
145	static int inp_set_multicast_if(struct inpcb , struct* sockopt *);
146	static int inp_set_source_filters(struct inpcb , struct* sockopt *);
147	static int sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS;
148	static struct ifnet * ip_multicast_if(struct in_addr , unsigned* int *);
149	static __inline__ int ip_msource_cmp(const struct ip_msource *,
150	const struct ip_msource *);
151
152	SYSCTL_NODE(_net_inet_ip, OID_AUTO, mcast, CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "IPv4 multicast");
153
154	static u_long in_mcast_maxgrpsrc = IP_MAX_GROUP_SRC_FILTER;
155	SYSCTL_LONG(_net_inet_ip_mcast, OID_AUTO, maxgrpsrc,
156	CTLFLAG_RW \| CTLFLAG_LOCKED, &in_mcast_maxgrpsrc, "Max source filters per group");
157
158	static u_int in_mcast_maxsocksrc = IP_MAX_SOCK_SRC_FILTER;
159	SYSCTL_UINT(_net_inet_ip_mcast, OID_AUTO, maxsocksrc,
160	CTLFLAG_RW \| CTLFLAG_LOCKED, &in_mcast_maxsocksrc, IP_MAX_SOCK_SRC_FILTER,
161	"Max source filters per socket");
162
163	int in_mcast_loop = IP_DEFAULT_MULTICAST_LOOP;
164	SYSCTL_INT(_net_inet_ip_mcast, OID_AUTO, loop, CTLFLAG_RW \| CTLFLAG_LOCKED,
165	&in_mcast_loop, `0`, "Loopback multicast datagrams by default");
166
167	SYSCTL_NODE(_net_inet_ip_mcast, OID_AUTO, filters,
168	CTLFLAG_RD \| CTLFLAG_LOCKED, sysctl_ip_mcast_filters,
169	"Per-interface stack-wide source filters");
170
171	RB_GENERATE_PREV(ip_msource_tree, ip_msource, ims_link, ip_msource_cmp);
172
173	#define INM_TRACE_HIST_SIZE 32 /* size of trace history */
174
175	/ For gdb /
176	__private_extern__ unsigned int inm_trace_hist_size = INM_TRACE_HIST_SIZE;
177
178	struct in_multi_dbg {
179	struct in_multi inm; / in_multi /
180	u_int16_t inm_refhold_cnt; / # of ref /
181	u_int16_t inm_refrele_cnt; / # of rele /
182	/*
183	* Circular lists of inm_addref and inm_remref callers.
184	*/
185	ctrace_t inm_refhold[INM_TRACE_HIST_SIZE];
186	ctrace_t inm_refrele[INM_TRACE_HIST_SIZE];
187	/*
188	* Trash list linkage
189	*/
190	TAILQ_ENTRY(in_multi_dbg) inm_trash_link;
191	};
192
193	static LCK_ATTR_DECLARE(in_multihead_lock_attr, `0`, `0`);
194	static LCK_GRP_DECLARE(in_multihead_lock_grp, "in_multihead");
195
196	/ List of trash in_multi entries protected by inm_trash_lock /
197	static TAILQ_HEAD(, in_multi_dbg) inm_trash_head = TAILQ_HEAD_INITIALIZER(inm_trash_head);
198	static LCK_MTX_DECLARE_ATTR(inm_trash_lock, &in_multihead_lock_grp,
199	&in_multihead_lock_attr);
200
201	#if DEBUG
202	static TUNABLE(bool, inm_debug, "ifa_debug", true); / debugging (enabled) /
203	#else
204	static TUNABLE(bool, inm_debug, "ifa_debug", false); / debugging (disabled) /
205	#endif /* !DEBUG */
206
207	static KALLOC_TYPE_DEFINE(ipms_zone, struct ip_msource, NET_KT_DEFAULT);
208	static KALLOC_TYPE_DEFINE(inms_zone, struct in_msource, NET_KT_DEFAULT);
209
210	static LCK_RW_DECLARE_ATTR(in_multihead_lock, &in_multihead_lock_grp,
211	&in_multihead_lock_attr);
212
213	struct in_multihead in_multihead;
214
215	static struct in_multi *in_multi_alloc(zalloc_flags_t);
216	static void in_multi_free(struct in_multi *);
217	static void in_multi_attach(struct in_multi *);
218	static void inm_trace(struct in_multi , int*);
219
220	static struct ip_msource *ipms_alloc(zalloc_flags_t);
221	static void ipms_free(struct ip_msource *);
222	static struct in_msource *inms_alloc(zalloc_flags_t);
223	static void inms_free(struct in_msource *);
224
225	static __inline int
226	ip_msource_cmp(const struct ip_msource a, const* struct ip_msource *b)
227	{
228	if (a->ims_haddr < b->ims_haddr) {
229	return -`1`;
230	}
231	if (a->ims_haddr == b->ims_haddr) {
232	return `0`;
233	}
234	return `1`;
235	}
236
237	/*
238	* Inline function which wraps assertions for a valid ifp.
239	*/
240	static __inline__ int
241	inm_is_ifp_detached(const struct in_multi *inm)
242	{
243	VERIFY(inm->inm_ifma != NULL);
244	VERIFY(inm->inm_ifp == inm->inm_ifma->ifma_ifp);
245
246	return !ifnet_is_attached(inm->inm_ifp, refio: `0`);
247	}
248
249	/*
250	* Initialize an in_mfilter structure to a known state at t0, t1
251	* with an empty source filter list.
252	*/
253	static __inline__ void
254	imf_init(struct in_mfilter imf, const* uint8_t st0, const uint8_t st1)
255	{
256	memset(s: imf, c: `0`, n: sizeof(struct in_mfilter));
257	RB_INIT(&imf->imf_sources);
258	imf->imf_st[`0`] = st0;
259	imf->imf_st[`1`] = st1;
260	}
261
262	/*
263	* Resize the ip_moptions vector to the next power-of-two minus 1.
264	*/
265	static int
266	imo_grow(struct ip_moptions *imo, uint16_t newmax)
267	{
268	struct in_multi **nmships;
269	struct in_multi **omships;
270	struct in_mfilter *nmfilters;
271	struct in_mfilter *omfilters;
272	int err;
273	uint16_t idx;
274	uint16_t oldmax;
275
276	IMO_LOCK_ASSERT_HELD(imo);
277
278	nmships = NULL;
279	nmfilters = NULL;
280	err = `0`;
281	omships = imo->imo_membership;
282	omfilters = imo->imo_mfilters;
283	oldmax = imo->imo_max_memberships;
284
285	if (newmax == `0`) {
286	newmax = ((oldmax + `1`) * `2`) - `1`;
287	} else if (newmax <= oldmax) {
288	/ Nothing to do, exit early. /
289	return `0`;
290	}
291
292	if (newmax > IP_MAX_MEMBERSHIPS) {
293	err = ETOOMANYREFS;
294	goto cleanup;
295	}
296
297	if ((nmships = kalloc_type(struct in_multi *, newmax,
298	Z_WAITOK \| Z_ZERO)) == NULL) {
299	err = ENOMEM;
300	goto cleanup;
301	}
302
303	if ((nmfilters = kalloc_type(struct in_mfilter, newmax,
304	Z_WAITOK \| Z_ZERO)) == NULL) {
305	err = ENOMEM;
306	goto cleanup;
307	}
308
309	/ Copy the existing memberships and release the memory. /
310	if (omships != NULL) {
311	VERIFY(oldmax <= newmax);
312	memcpy(dst: nmships, src: omships, n: oldmax * sizeof(struct in_multi *));
313	kfree_type(struct in_multi *, oldmax, omships);
314	}
315
316	/ Copy the existing filters and release the memory. /
317	if (omfilters != NULL) {
318	VERIFY(oldmax <= newmax);
319	memcpy(dst: nmfilters, src: omfilters, n: oldmax * sizeof(struct in_mfilter));
320	kfree_type(struct in_mfilter, oldmax, omfilters);
321	}
322
323	/ Initialize the newly allocated source filter heads. /
324	for (idx = oldmax; idx < newmax; idx++) {
325	imf_init(imf: &nmfilters[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
326	}
327
328	imo->imo_membership = nmships;
329	nmships = NULL;
330	imo->imo_mfilters = nmfilters;
331	nmfilters = NULL;
332	imo->imo_max_memberships = newmax;
333
334	return `0`;
335
336	cleanup:
337	if (nmfilters != NULL) {
338	kfree_type(struct in_mfilter, newmax, nmfilters);
339	}
340
341	if (nmships != NULL) {
342	kfree_type(struct in_multi *, newmax, nmships);
343	}
344
345	return err;
346	}
347
348	/*
349	* Find an IPv4 multicast group entry for this ip_moptions instance
350	* which matches the specified group, and optionally an interface.
351	* Return its index into the array, or -1 if not found.
352	*/
353	static size_t
354	imo_match_group(const struct ip_moptions imo, const* struct ifnet *ifp,
355	const struct sockaddr_in *group)
356	{
357	struct in_multi *pinm;
358	int idx;
359	int nmships;
360
361	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
362
363
364	/ The imo_membership array may be lazy allocated. /
365	if (imo->imo_membership == NULL \|\| imo->imo_num_memberships == `0`) {
366	return -`1`;
367	}
368
369	nmships = imo->imo_num_memberships;
370	for (idx = `0`; idx < nmships; idx++) {
371	pinm = imo->imo_membership[idx];
372	if (pinm == NULL) {
373	continue;
374	}
375	INM_LOCK(pinm);
376	if ((ifp == NULL \|\| (pinm->inm_ifp == ifp)) &&
377	in_hosteq(pinm->inm_addr, group->sin_addr)) {
378	INM_UNLOCK(pinm);
379	break;
380	}
381	INM_UNLOCK(pinm);
382	}
383	if (idx >= nmships) {
384	idx = -`1`;
385	}
386
387	return idx;
388	}
389
390	/*
391	* Find an IPv4 multicast source entry for this imo which matches
392	* the given group index for this socket, and source address.
393	*
394	* NOTE: This does not check if the entry is in-mode, merely if
395	* it exists, which may not be the desired behaviour.
396	*/
397	static struct in_msource *
398	imo_match_source(const struct ip_moptions imo, const* size_t gidx,
399	const struct sockaddr_in *src)
400	{
401	struct ip_msource find;
402	struct in_mfilter *imf;
403	struct ip_msource *ims;
404
405	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
406
407	VERIFY(src->sin_family == AF_INET);
408	VERIFY(gidx != (size_t)-`1` && gidx < imo->imo_num_memberships);
409
410	/ The imo_mfilters array may be lazy allocated. /
411	if (imo->imo_mfilters == NULL) {
412	return NULL;
413	}
414	imf = &imo->imo_mfilters[gidx];
415
416	/ Source trees are keyed in host byte order. /
417	find.ims_haddr = ntohl(src->sin_addr.s_addr);
418	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
419
420	return (struct in_msource *)ims;
421	}
422
423	/*
424	* Perform filtering for multicast datagrams on a socket by group and source.
425	*
426	* Returns 0 if a datagram should be allowed through, or various error codes
427	* if the socket was not a member of the group, or the source was muted, etc.
428	*/
429	int
430	imo_multi_filter(const struct ip_moptions imo, const* struct ifnet *ifp,
431	const struct sockaddr_in group, const* struct sockaddr_in *src)
432	{
433	size_t gidx;
434	struct in_msource *ims;
435	int mode;
436
437	IMO_LOCK_ASSERT_HELD(__DECONST(struct ip_moptions *, imo));
438	VERIFY(ifp != NULL);
439
440	gidx = imo_match_group(imo, ifp, group);
441	if (gidx == (size_t)-`1`) {
442	return MCAST_NOTGMEMBER;
443	}
444
445	/*
446	* Check if the source was included in an (S,G) join.
447	* Allow reception on exclusive memberships by default,
448	* reject reception on inclusive memberships by default.
449	* Exclude source only if an in-mode exclude filter exists.
450	* Include source only if an in-mode include filter exists.
451	* NOTE: We are comparing group state here at IGMP t1 (now)
452	* with socket-layer t0 (since last downcall).
453	*/
454	mode = imo->imo_mfilters[gidx].imf_st[`1`];
455	ims = imo_match_source(imo, gidx, src);
456
457	if ((ims == NULL && mode == MCAST_INCLUDE) \|\|
458	(ims != NULL && ims->imsl_st[`0`] != mode)) {
459	return MCAST_NOTSMEMBER;
460	}
461
462	return MCAST_PASS;
463	}
464
465	int
466	imo_clone(struct inpcb from_inp, struct* inpcb *to_inp)
467	{
468	int err = `0`;
469	struct ip_moptions *from;
470	struct ip_moptions *to;
471
472	from = inp_findmoptions(from_inp);
473	if (from == NULL) {
474	return ENOMEM;
475	}
476
477	to = inp_findmoptions(to_inp);
478	if (to == NULL) {
479	IMO_REMREF(from);
480	return ENOMEM;
481	}
482
483	IMO_LOCK(from);
484	IMO_LOCK(to);
485
486	to->imo_multicast_ifp = from->imo_multicast_ifp;
487	to->imo_multicast_vif = from->imo_multicast_vif;
488	to->imo_multicast_ttl = from->imo_multicast_ttl;
489	to->imo_multicast_loop = from->imo_multicast_loop;
490
491	/*
492	* We're cloning, so drop any existing memberships and source
493	* filters on the destination ip_moptions.
494	*/
495	IMO_PURGE_LOCKED(to);
496
497	VERIFY(to->imo_max_memberships != `0` && from->imo_max_memberships != `0`);
498	if (to->imo_max_memberships < from->imo_max_memberships) {
499	/*
500	* Ensure source and destination ip_moptions memberships
501	* and source filters arrays are at least equal in size.
502	*/
503	err = imo_grow(imo: to, newmax: from->imo_max_memberships);
504	if (err != `0`) {
505	goto done;
506	}
507	}
508	VERIFY(to->imo_max_memberships >= from->imo_max_memberships);
509
510	/*
511	* Source filtering doesn't apply to OpenTransport socket,
512	* so simply hold additional reference count per membership.
513	*/
514	for (int i = `0`; i < from->imo_num_memberships; i++) {
515	to->imo_membership[i] =
516	in_addmulti(&from->imo_membership[i]->inm_addr,
517	from->imo_membership[i]->inm_ifp);
518	if (to->imo_membership[i] == NULL) {
519	break;
520	}
521	to->imo_num_memberships++;
522	}
523	VERIFY(to->imo_num_memberships == from->imo_num_memberships);
524
525	done:
526	IMO_UNLOCK(to);
527	IMO_REMREF(to);
528	IMO_UNLOCK(from);
529	IMO_REMREF(from);
530
531	return err;
532	}
533
534	/*
535	* Find and return a reference to an in_multi record for (ifp, group),
536	* and bump its reference count.
537	* If one does not exist, try to allocate it, and update link-layer multicast
538	* filters on ifp to listen for group.
539	* Return 0 if successful, otherwise return an appropriate error code.
540	*/
541	static int
542	in_getmulti(struct ifnet ifp, const* struct in_addr *group,
543	struct in_multi **pinm)
544	{
545	struct sockaddr_in gsin;
546	struct ifmultiaddr *__single ifma;
547	struct in_multi *__single inm;
548	int error;
549
550	in_multihead_lock_shared();
551	IN_LOOKUP_MULTI(group, ifp, inm);
552	if (inm != NULL) {
553	INM_LOCK(inm);
554	VERIFY(inm->inm_reqcnt >= `1`);
555	inm->inm_reqcnt++;
556	VERIFY(inm->inm_reqcnt != `0`);
557	*pinm = inm;
558	INM_UNLOCK(inm);
559	in_multihead_lock_done();
560	/*
561	* We already joined this group; return the inm
562	* with a refcount held (via lookup) for caller.
563	*/
564	return `0`;
565	}
566	in_multihead_lock_done();
567
568	SOCKADDR_ZERO(&gsin, sizeof(gsin));
569	gsin.sin_family = AF_INET;
570	gsin.sin_len = sizeof(struct sockaddr_in);
571	gsin.sin_addr = *group;
572
573	/*
574	* Check if a link-layer group is already associated
575	* with this network-layer group on the given ifnet.
576	*/
577	error = if_addmulti(ifp, SA(&gsin), &ifma);
578	if (error != `0`) {
579	return error;
580	}
581
582	/*
583	* See comments in inm_remref() for access to ifma_protospec.
584	*/
585	in_multihead_lock_exclusive();
586	IFMA_LOCK(ifma);
587	if ((inm = ifma->ifma_protospec) != NULL) {
588	VERIFY(ifma->ifma_addr != NULL);
589	VERIFY(ifma->ifma_addr->sa_family == AF_INET);
590	INM_ADDREF(inm); / for caller /
591	IFMA_UNLOCK(ifma);
592	INM_LOCK(inm);
593	VERIFY(inm->inm_ifma == ifma);
594	VERIFY(inm->inm_ifp == ifp);
595	VERIFY(in_hosteq(inm->inm_addr, *group));
596	if (inm->inm_debug & IFD_ATTACHED) {
597	VERIFY(inm->inm_reqcnt >= `1`);
598	inm->inm_reqcnt++;
599	VERIFY(inm->inm_reqcnt != `0`);
600	*pinm = inm;
601	INM_UNLOCK(inm);
602	in_multihead_lock_done();
603	IFMA_REMREF(ifma);
604	/*
605	* We lost the race with another thread doing
606	* in_getmulti(); since this group has already
607	* been joined; return the inm with a refcount
608	* held for caller.
609	*/
610	return `0`;
611	}
612	/*
613	* We lost the race with another thread doing in_delmulti();
614	* the inm referring to the ifma has been detached, thus we
615	* reattach it back to the in_multihead list and return the
616	* inm with a refcount held for the caller.
617	*/
618	in_multi_attach(inm);
619	VERIFY((inm->inm_debug &
620	(IFD_ATTACHED \| IFD_TRASHED)) == IFD_ATTACHED);
621	*pinm = inm;
622	INM_UNLOCK(inm);
623	in_multihead_lock_done();
624	IFMA_REMREF(ifma);
625	return `0`;
626	}
627	IFMA_UNLOCK(ifma);
628
629	/*
630	* A new in_multi record is needed; allocate and initialize it.
631	* We DO NOT perform an IGMP join as the in_ layer may need to
632	* push an initial source list down to IGMP to support SSM.
633	*
634	* The initial source filter state is INCLUDE, {} as per the RFC.
635	*/
636	inm = in_multi_alloc(Z_WAITOK);
637
638	INM_LOCK(inm);
639	inm->inm_addr = *group;
640	inm->inm_ifp = ifp;
641	inm->inm_igi = IGMP_IFINFO(ifp);
642	VERIFY(inm->inm_igi != NULL);
643	IGI_ADDREF(inm->inm_igi);
644	inm->inm_ifma = ifma; / keep refcount from if_addmulti() /
645	inm->inm_state = IGMP_NOT_MEMBER;
646	/*
647	* Pending state-changes per group are subject to a bounds check.
648	*/
649	inm->inm_scq.ifq_maxlen = IGMP_MAX_STATE_CHANGES;
650	inm->inm_st[`0`].iss_fmode = MCAST_UNDEFINED;
651	inm->inm_st[`1`].iss_fmode = MCAST_UNDEFINED;
652	RB_INIT(&inm->inm_srcs);
653	*pinm = inm;
654	in_multi_attach(inm);
655	VERIFY((inm->inm_debug & (IFD_ATTACHED \| IFD_TRASHED)) == IFD_ATTACHED);
656	INM_ADDREF_LOCKED(inm); / for caller /
657	INM_UNLOCK(inm);
658
659	IFMA_LOCK(ifma);
660	VERIFY(ifma->ifma_protospec == NULL);
661	ifma->ifma_protospec = inm;
662	IFMA_UNLOCK(ifma);
663	in_multihead_lock_done();
664
665	return `0`;
666	}
667
668	/*
669	* Clear recorded source entries for a group.
670	* Used by the IGMP code.
671	* FIXME: Should reap.
672	*/
673	void
674	inm_clear_recorded(struct in_multi *inm)
675	{
676	struct ip_msource *ims;
677
678	INM_LOCK_ASSERT_HELD(inm);
679
680	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
681	if (ims->ims_stp) {
682	ims->ims_stp = `0`;
683	--inm->inm_st[`1`].iss_rec;
684	}
685	}
686	VERIFY(inm->inm_st[`1`].iss_rec == `0`);
687	}
688
689	/*
690	* Record a source as pending for a Source-Group IGMPv3 query.
691	* This lives here as it modifies the shared tree.
692	*
693	* inm is the group descriptor.
694	* naddr is the address of the source to record in network-byte order.
695	*
696	* If the net.inet.igmp.sgalloc sysctl is non-zero, we will
697	* lazy-allocate a source node in response to an SG query.
698	* Otherwise, no allocation is performed. This saves some memory
699	* with the trade-off that the source will not be reported to the
700	* router if joined in the window between the query response and
701	* the group actually being joined on the local host.
702	*
703	* Return 0 if the source didn't exist or was already marked as recorded.
704	* Return 1 if the source was marked as recorded by this function.
705	* Return <0 if any error occured (negated errno code).
706	*/
707	int
708	inm_record_source(struct in_multi inm, const* in_addr_t naddr)
709	{
710	struct ip_msource find;
711	struct ip_msource ims, nims;
712
713	INM_LOCK_ASSERT_HELD(inm);
714
715	find.ims_haddr = ntohl(naddr);
716	ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
717	if (ims && ims->ims_stp) {
718	return `0`;
719	}
720	if (ims == NULL) {
721	if (inm->inm_nsrc == in_mcast_maxgrpsrc) {
722	return -ENOSPC;
723	}
724	nims = ipms_alloc(Z_WAITOK);
725	nims->ims_haddr = find.ims_haddr;
726	RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
727	++inm->inm_nsrc;
728	ims = nims;
729	}
730
731	/*
732	* Mark the source as recorded and update the recorded
733	* source count.
734	*/
735	++ims->ims_stp;
736	++inm->inm_st[`1`].iss_rec;
737
738	return `1`;
739	}
740
741	/*
742	* Return a pointer to an in_msource owned by an in_mfilter,
743	* given its source address.
744	* Lazy-allocate if needed. If this is a new entry its filter state is
745	* undefined at t0.
746	*
747	* imf is the filter set being modified.
748	* haddr is the source address in host byte-order.
749	*
750	* Caller is expected to be holding imo_lock.
751	*/
752	static int
753	imf_get_source(struct in_mfilter imf, const* struct sockaddr_in *psin,
754	struct in_msource **plims)
755	{
756	struct ip_msource find;
757	struct ip_msource *ims;
758	struct in_msource *lims;
759	int error;
760
761	error = `0`;
762	ims = NULL;
763	lims = NULL;
764
765	/ key is host byte order /
766	find.ims_haddr = ntohl(psin->sin_addr.s_addr);
767	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
768	lims = (struct in_msource *)ims;
769	if (lims == NULL) {
770	if (imf->imf_nsrc == in_mcast_maxsocksrc) {
771	return ENOSPC;
772	}
773	lims = inms_alloc(Z_WAITOK);
774	lims->ims_haddr = find.ims_haddr;
775	lims->imsl_st[`0`] = MCAST_UNDEFINED;
776	RB_INSERT(ip_msource_tree, &imf->imf_sources,
777	(struct ip_msource *)lims);
778	++imf->imf_nsrc;
779	}
780
781	*plims = lims;
782
783	return error;
784	}
785
786	/*
787	* Graft a source entry into an existing socket-layer filter set,
788	* maintaining any required invariants and checking allocations.
789	*
790	* The source is marked as being in the new filter mode at t1.
791	*
792	* Return the pointer to the new node, otherwise return NULL.
793	*
794	* Caller is expected to be holding imo_lock.
795	*/
796	static struct in_msource *
797	imf_graft(struct in_mfilter imf, const* uint8_t st1,
798	const struct sockaddr_in *psin)
799	{
800	struct in_msource *lims;
801
802	lims = inms_alloc(Z_WAITOK);
803	lims->ims_haddr = ntohl(psin->sin_addr.s_addr);
804	lims->imsl_st[`0`] = MCAST_UNDEFINED;
805	lims->imsl_st[`1`] = st1;
806	RB_INSERT(ip_msource_tree, &imf->imf_sources,
807	(struct ip_msource *)lims);
808	++imf->imf_nsrc;
809
810	return lims;
811	}
812
813	/*
814	* Prune a source entry from an existing socket-layer filter set,
815	* maintaining any required invariants and checking allocations.
816	*
817	* The source is marked as being left at t1, it is not freed.
818	*
819	* Return 0 if no error occurred, otherwise return an errno value.
820	*
821	* Caller is expected to be holding imo_lock.
822	*/
823	static int
824	imf_prune(struct in_mfilter imf, const* struct sockaddr_in *psin)
825	{
826	struct ip_msource find;
827	struct ip_msource *ims;
828	struct in_msource *lims;
829
830	/ key is host byte order /
831	find.ims_haddr = ntohl(psin->sin_addr.s_addr);
832	ims = RB_FIND(ip_msource_tree, &imf->imf_sources, &find);
833	if (ims == NULL) {
834	return ENOENT;
835	}
836	lims = (struct in_msource *)ims;
837	lims->imsl_st[`1`] = MCAST_UNDEFINED;
838	return `0`;
839	}
840
841	/*
842	* Revert socket-layer filter set deltas at t1 to t0 state.
843	*
844	* Caller is expected to be holding imo_lock.
845	*/
846	static void
847	imf_rollback(struct in_mfilter *imf)
848	{
849	struct ip_msource ims, tims;
850	struct in_msource *lims;
851
852	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
853	lims = (struct in_msource *)ims;
854	if (lims->imsl_st[`0`] == lims->imsl_st[`1`]) {
855	/ no change at t1 /
856	continue;
857	} else if (lims->imsl_st[`0`] != MCAST_UNDEFINED) {
858	/ revert change to existing source at t1 /
859	lims->imsl_st[`1`] = lims->imsl_st[`0`];
860	} else {
861	/ revert source added t1 /
862	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
863	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
864	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
865	inms_free(lims);
866	imf->imf_nsrc--;
867	}
868	}
869	imf->imf_st[`1`] = imf->imf_st[`0`];
870	}
871
872	/*
873	* Mark socket-layer filter set as INCLUDE {} at t1.
874	*
875	* Caller is expected to be holding imo_lock.
876	*/
877	void
878	imf_leave(struct in_mfilter *imf)
879	{
880	struct ip_msource *ims;
881	struct in_msource *lims;
882
883	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
884	lims = (struct in_msource *)ims;
885	lims->imsl_st[`1`] = MCAST_UNDEFINED;
886	}
887	imf->imf_st[`1`] = MCAST_INCLUDE;
888	}
889
890	/*
891	* Mark socket-layer filter set deltas as committed.
892	*
893	* Caller is expected to be holding imo_lock.
894	*/
895	static void
896	imf_commit(struct in_mfilter *imf)
897	{
898	struct ip_msource *ims;
899	struct in_msource *lims;
900
901	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
902	lims = (struct in_msource *)ims;
903	lims->imsl_st[`0`] = lims->imsl_st[`1`];
904	}
905	imf->imf_st[`0`] = imf->imf_st[`1`];
906	}
907
908	/*
909	* Reap unreferenced sources from socket-layer filter set.
910	*
911	* Caller is expected to be holding imo_lock.
912	*/
913	static void
914	imf_reap(struct in_mfilter *imf)
915	{
916	struct ip_msource ims, tims;
917	struct in_msource *lims;
918
919	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
920	lims = (struct in_msource *)ims;
921	if ((lims->imsl_st[`0`] == MCAST_UNDEFINED) &&
922	(lims->imsl_st[`1`] == MCAST_UNDEFINED)) {
923	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
924	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
925	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
926	inms_free(lims);
927	imf->imf_nsrc--;
928	}
929	}
930	}
931
932	/*
933	* Purge socket-layer filter set.
934	*
935	* Caller is expected to be holding imo_lock.
936	*/
937	void
938	imf_purge(struct in_mfilter *imf)
939	{
940	struct ip_msource ims, tims;
941	struct in_msource *lims;
942
943	RB_FOREACH_SAFE(ims, ip_msource_tree, &imf->imf_sources, tims) {
944	lims = (struct in_msource *)ims;
945	IGMP_PRINTF(("%s: free inms 0x%llx\n", __func__,
946	(uint64_t)VM_KERNEL_ADDRPERM(lims)));
947	RB_REMOVE(ip_msource_tree, &imf->imf_sources, ims);
948	inms_free(lims);
949	imf->imf_nsrc--;
950	}
951	imf->imf_st[`0`] = imf->imf_st[`1`] = MCAST_UNDEFINED;
952	VERIFY(RB_EMPTY(&imf->imf_sources));
953	}
954
955	/*
956	* Look up a source filter entry for a multicast group.
957	*
958	* inm is the group descriptor to work with.
959	* haddr is the host-byte-order IPv4 address to look up.
960	* noalloc may be non-zero to suppress allocation of sources.
961	* *pims will be set to the address of the retrieved or allocated source.
962	*
963	* Return 0 if successful, otherwise return a non-zero error code.
964	*/
965	static int
966	inm_get_source(struct in_multi inm, const* in_addr_t haddr,
967	const int noalloc, struct ip_msource **pims)
968	{
969	struct ip_msource find;
970	struct ip_msource ims, nims;
971	#ifdef IGMP_DEBUG
972	struct in_addr ia;
973	char buf[MAX_IPv4_STR_LEN];
974	#endif
975	INM_LOCK_ASSERT_HELD(inm);
976
977	find.ims_haddr = haddr;
978	ims = RB_FIND(ip_msource_tree, &inm->inm_srcs, &find);
979	if (ims == NULL && !noalloc) {
980	if (inm->inm_nsrc == in_mcast_maxgrpsrc) {
981	return ENOSPC;
982	}
983	nims = ipms_alloc(Z_WAITOK);
984	nims->ims_haddr = haddr;
985	RB_INSERT(ip_msource_tree, &inm->inm_srcs, nims);
986	++inm->inm_nsrc;
987	ims = nims;
988	#ifdef IGMP_DEBUG
989	ia.s_addr = htonl(haddr);
990	inet_ntop(AF_INET, &ia, buf, sizeof(buf));
991	IGMP_PRINTF(("%s: allocated %s as 0x%llx\n", __func__,
992	buf, (uint64_t)VM_KERNEL_ADDRPERM(ims)));
993	#endif
994	}
995
996	*pims = ims;
997	return `0`;
998	}
999
1000	/*
1001	* Helper function to derive the filter mode on a source entry
1002	* from its internal counters. Predicates are:
1003	* A source is only excluded if all listeners exclude it.
1004	* A source is only included if no listeners exclude it,
1005	* and at least one listener includes it.
1006	* May be used by ifmcstat(8).
1007	*/
1008	uint8_t
1009	ims_get_mode(const struct in_multi inm, const* struct ip_msource *ims,
1010	uint8_t t)
1011	{
1012	INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
1013
1014	t = !!t;
1015	if (inm->inm_st[t].iss_ex > `0` &&
1016	inm->inm_st[t].iss_ex == ims->ims_st[t].ex) {
1017	return MCAST_EXCLUDE;
1018	} else if (ims->ims_st[t].in > `0` && ims->ims_st[t].ex == `0`) {
1019	return MCAST_INCLUDE;
1020	}
1021	return MCAST_UNDEFINED;
1022	}
1023
1024	/*
1025	* Merge socket-layer source into IGMP-layer source.
1026	* If rollback is non-zero, perform the inverse of the merge.
1027	*/
1028	static void
1029	ims_merge(struct ip_msource ims, const* struct in_msource *lims,
1030	const int rollback)
1031	{
1032	int n = rollback ? -`1` : `1`;
1033	#ifdef IGMP_DEBUG
1034	struct in_addr ia;
1035
1036	ia.s_addr = htonl(ims->ims_haddr);
1037	#endif
1038
1039	if (lims->imsl_st[`0`] == MCAST_EXCLUDE) {
1040	IGMP_INET_PRINTF(ia,
1041	("%s: t1 ex -= %d on %s\n",
1042	__func__, n, _igmp_inet_buf));
1043	ims->ims_st[`1`].ex -= n;
1044	} else if (lims->imsl_st[`0`] == MCAST_INCLUDE) {
1045	IGMP_INET_PRINTF(ia,
1046	("%s: t1 in -= %d on %s\n",
1047	__func__, n, _igmp_inet_buf));
1048	ims->ims_st[`1`].in -= n;
1049	}
1050
1051	if (lims->imsl_st[`1`] == MCAST_EXCLUDE) {
1052	IGMP_INET_PRINTF(ia,
1053	("%s: t1 ex += %d on %s\n",
1054	__func__, n, _igmp_inet_buf));
1055	ims->ims_st[`1`].ex += n;
1056	} else if (lims->imsl_st[`1`] == MCAST_INCLUDE) {
1057	IGMP_INET_PRINTF(ia,
1058	("%s: t1 in += %d on %s\n",
1059	__func__, n, _igmp_inet_buf));
1060	ims->ims_st[`1`].in += n;
1061	}
1062	}
1063
1064	/*
1065	* Atomically update the global in_multi state, when a membership's
1066	* filter list is being updated in any way.
1067	*
1068	* imf is the per-inpcb-membership group filter pointer.
1069	* A fake imf may be passed for in-kernel consumers.
1070	*
1071	* XXX This is a candidate for a set-symmetric-difference style loop
1072	* which would eliminate the repeated lookup from root of ims nodes,
1073	* as they share the same key space.
1074	*
1075	* If any error occurred this function will back out of refcounts
1076	* and return a non-zero value.
1077	*/
1078	static int
1079	inm_merge(struct in_multi inm, /const/* struct in_mfilter *imf)
1080	{
1081	struct ip_msource ims, __single nims = NULL;
1082	struct in_msource *lims;
1083	int schanged, error;
1084	int nsrc0, nsrc1;
1085
1086	INM_LOCK_ASSERT_HELD(inm);
1087
1088	schanged = `0`;
1089	error = `0`;
1090	nsrc1 = nsrc0 = `0`;
1091
1092	/*
1093	* Update the source filters first, as this may fail.
1094	* Maintain count of in-mode filters at t0, t1. These are
1095	* used to work out if we transition into ASM mode or not.
1096	* Maintain a count of source filters whose state was
1097	* actually modified by this operation.
1098	*/
1099	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1100	lims = (struct in_msource *)ims;
1101	if (lims->imsl_st[`0`] == imf->imf_st[`0`]) {
1102	nsrc0++;
1103	}
1104	if (lims->imsl_st[`1`] == imf->imf_st[`1`]) {
1105	nsrc1++;
1106	}
1107	if (lims->imsl_st[`0`] == lims->imsl_st[`1`]) {
1108	continue;
1109	}
1110	error = inm_get_source(inm, haddr: lims->ims_haddr, noalloc: `0`, pims: &nims);
1111	++schanged;
1112	if (error) {
1113	break;
1114	}
1115	ims_merge(ims: nims, lims, rollback: `0`);
1116	}
1117	if (error) {
1118	struct ip_msource *__single bims;
1119
1120	RB_FOREACH_REVERSE_FROM(ims, ip_msource_tree, nims) {
1121	lims = (struct in_msource *)ims;
1122	if (lims->imsl_st[`0`] == lims->imsl_st[`1`]) {
1123	continue;
1124	}
1125	(void) inm_get_source(inm, haddr: lims->ims_haddr, noalloc: `1`, pims: &bims);
1126	if (bims == NULL) {
1127	continue;
1128	}
1129	ims_merge(ims: bims, lims, rollback: `1`);
1130	}
1131	goto out_reap;
1132	}
1133
1134	IGMP_PRINTF(("%s: imf filters in-mode: %d at t0, %d at t1\n",
1135	__func__, nsrc0, nsrc1));
1136
1137	/ Handle transition between INCLUDE {n} and INCLUDE {} on socket. /
1138	if (imf->imf_st[`0`] == imf->imf_st[`1`] &&
1139	imf->imf_st[`1`] == MCAST_INCLUDE) {
1140	if (nsrc1 == `0`) {
1141	IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1142	--inm->inm_st[`1`].iss_in;
1143	}
1144	}
1145
1146	/ Handle filter mode transition on socket. /
1147	if (imf->imf_st[`0`] != imf->imf_st[`1`]) {
1148	IGMP_PRINTF(("%s: imf transition %d to %d\n",
1149	__func__, imf->imf_st[`0`], imf->imf_st[`1`]));
1150
1151	if (imf->imf_st[`0`] == MCAST_EXCLUDE) {
1152	IGMP_PRINTF(("%s: --ex on inm at t1\n", __func__));
1153	--inm->inm_st[`1`].iss_ex;
1154	} else if (imf->imf_st[`0`] == MCAST_INCLUDE) {
1155	IGMP_PRINTF(("%s: --in on inm at t1\n", __func__));
1156	--inm->inm_st[`1`].iss_in;
1157	}
1158
1159	if (imf->imf_st[`1`] == MCAST_EXCLUDE) {
1160	IGMP_PRINTF(("%s: ex++ on inm at t1\n", __func__));
1161	inm->inm_st[`1`].iss_ex++;
1162	} else if (imf->imf_st[`1`] == MCAST_INCLUDE && nsrc1 > `0`) {
1163	IGMP_PRINTF(("%s: in++ on inm at t1\n", __func__));
1164	inm->inm_st[`1`].iss_in++;
1165	}
1166	}
1167
1168	/*
1169	* Track inm filter state in terms of listener counts.
1170	* If there are any exclusive listeners, stack-wide
1171	* membership is exclusive.
1172	* Otherwise, if only inclusive listeners, stack-wide is inclusive.
1173	* If no listeners remain, state is undefined at t1,
1174	* and the IGMP lifecycle for this group should finish.
1175	*/
1176	if (inm->inm_st[`1`].iss_ex > `0`) {
1177	IGMP_PRINTF(("%s: transition to EX\n", __func__));
1178	inm->inm_st[`1`].iss_fmode = MCAST_EXCLUDE;
1179	} else if (inm->inm_st[`1`].iss_in > `0`) {
1180	IGMP_PRINTF(("%s: transition to IN\n", __func__));
1181	inm->inm_st[`1`].iss_fmode = MCAST_INCLUDE;
1182	} else {
1183	IGMP_PRINTF(("%s: transition to UNDEF\n", __func__));
1184	inm->inm_st[`1`].iss_fmode = MCAST_UNDEFINED;
1185	}
1186
1187	/ Decrement ASM listener count on transition out of ASM mode. /
1188	if (imf->imf_st[`0`] == MCAST_EXCLUDE && nsrc0 == `0`) {
1189	if ((imf->imf_st[`1`] != MCAST_EXCLUDE) \|\|
1190	(imf->imf_st[`1`] == MCAST_EXCLUDE && nsrc1 > `0`)) {
1191	IGMP_PRINTF(("%s: --asm on inm at t1\n", __func__));
1192	--inm->inm_st[`1`].iss_asm;
1193	}
1194	}
1195
1196	/ Increment ASM listener count on transition to ASM mode. /
1197	if (imf->imf_st[`1`] == MCAST_EXCLUDE && nsrc1 == `0`) {
1198	IGMP_PRINTF(("%s: asm++ on inm at t1\n", __func__));
1199	inm->inm_st[`1`].iss_asm++;
1200	}
1201
1202	IGMP_PRINTF(("%s: merged imf 0x%llx to inm 0x%llx\n", __func__,
1203	(uint64_t)VM_KERNEL_ADDRPERM(imf),
1204	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1205	inm_print(inm);
1206
1207	out_reap:
1208	if (schanged > `0`) {
1209	IGMP_PRINTF(("%s: sources changed; reaping\n", __func__));
1210	inm_reap(inm);
1211	}
1212	return error;
1213	}
1214
1215	/*
1216	* Mark an in_multi's filter set deltas as committed.
1217	* Called by IGMP after a state change has been enqueued.
1218	*/
1219	void
1220	inm_commit(struct in_multi *inm)
1221	{
1222	struct ip_msource *ims;
1223
1224	INM_LOCK_ASSERT_HELD(inm);
1225
1226	IGMP_PRINTF(("%s: commit inm 0x%llx\n", __func__,
1227	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1228	IGMP_PRINTF(("%s: pre commit:\n", __func__));
1229	inm_print(inm);
1230
1231	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
1232	ims->ims_st[`0`] = ims->ims_st[`1`];
1233	}
1234	inm->inm_st[`0`] = inm->inm_st[`1`];
1235	}
1236
1237	/*
1238	* Reap unreferenced nodes from an in_multi's filter set.
1239	*/
1240	static void
1241	inm_reap(struct in_multi *inm)
1242	{
1243	struct ip_msource ims, tims;
1244
1245	INM_LOCK_ASSERT_HELD(inm);
1246
1247	RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1248	if (ims->ims_st[`0`].ex > `0` \|\| ims->ims_st[`0`].in > `0` \|\|
1249	ims->ims_st[`1`].ex > `0` \|\| ims->ims_st[`1`].in > `0` \|\|
1250	ims->ims_stp != `0`) {
1251	continue;
1252	}
1253	IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1254	(uint64_t)VM_KERNEL_ADDRPERM(ims)));
1255	RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1256	ipms_free(ims);
1257	inm->inm_nsrc--;
1258	}
1259	}
1260
1261	/*
1262	* Purge all source nodes from an in_multi's filter set.
1263	*/
1264	void
1265	inm_purge(struct in_multi *inm)
1266	{
1267	struct ip_msource ims, tims;
1268
1269	INM_LOCK_ASSERT_HELD(inm);
1270
1271	RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, tims) {
1272	IGMP_PRINTF(("%s: free ims 0x%llx\n", __func__,
1273	(uint64_t)VM_KERNEL_ADDRPERM(ims)));
1274	RB_REMOVE(ip_msource_tree, &inm->inm_srcs, ims);
1275	ipms_free(ims);
1276	inm->inm_nsrc--;
1277	}
1278	}
1279
1280	/*
1281	* Join a multicast group; real entry point.
1282	*
1283	* Only preserves atomicity at inm level.
1284	* NOTE: imf argument cannot be const due to sys/tree.h limitations.
1285	*
1286	* If the IGMP downcall fails, the group is not joined, and an error
1287	* code is returned.
1288	*/
1289	static int
1290	in_joingroup(struct ifnet ifp, const* struct in_addr *gina,
1291	/const/ struct in_mfilter imf, struct* in_multi **pinm)
1292	{
1293	struct in_mfilter timf;
1294	struct in_multi *__single inm = NULL;
1295	int error = `0`;
1296	struct igmp_tparams itp;
1297
1298	IGMP_INET_PRINTF(gina, ("%s: join %s on 0x%llx(%s))\n", __func__*,
1299	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp), if_name(ifp)));
1300
1301	bzero(s: &itp, n: sizeof(itp));
1302	*pinm = NULL;
1303
1304	/*
1305	* If no imf was specified (i.e. kernel consumer),
1306	* fake one up and assume it is an ASM join.
1307	*/
1308	if (imf == NULL) {
1309	imf_init(imf: &timf, MCAST_UNDEFINED, MCAST_EXCLUDE);
1310	imf = &timf;
1311	}
1312
1313	error = in_getmulti(ifp, group: gina, pinm: &inm);
1314	if (error) {
1315	IGMP_PRINTF(("%s: in_getmulti() failure\n", __func__));
1316	return error;
1317	}
1318
1319	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1320
1321	INM_LOCK(inm);
1322	error = inm_merge(inm, imf);
1323	if (error) {
1324	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1325	goto out_inm_release;
1326	}
1327
1328	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1329	error = igmp_change_state(inm, &itp);
1330	if (error) {
1331	IGMP_PRINTF(("%s: failed to update source\n", __func__));
1332	imf_rollback(imf);
1333	goto out_inm_release;
1334	}
1335
1336	out_inm_release:
1337	if (error) {
1338	IGMP_PRINTF(("%s: dropping ref on 0x%llx\n", __func__,
1339	(uint64_t)VM_KERNEL_ADDRPERM(inm)));
1340	INM_UNLOCK(inm);
1341	INM_REMREF(inm);
1342	} else {
1343	INM_UNLOCK(inm);
1344	pinm = inm; /* keep refcount from in_getmulti() /
1345	}
1346
1347	/ schedule timer now that we've dropped the lock(s) /
1348	igmp_set_fast_timeout(&itp);
1349
1350	return error;
1351	}
1352
1353	/*
1354	* Leave a multicast group; real entry point.
1355	* All source filters will be expunged.
1356	*
1357	* Only preserves atomicity at inm level.
1358	*
1359	* Note: This is not the same as inm_release(*) as this function also
1360	* makes a state change downcall into IGMP.
1361	*/
1362	int
1363	in_leavegroup(struct in_multi inm, /const/* struct in_mfilter *imf)
1364	{
1365	struct in_mfilter timf;
1366	int error, lastref;
1367	struct igmp_tparams itp;
1368
1369	bzero(s: &itp, n: sizeof(itp));
1370	error = `0`;
1371
1372	INM_LOCK_ASSERT_NOTHELD(inm);
1373
1374	in_multihead_lock_exclusive();
1375	INM_LOCK(inm);
1376
1377	IGMP_INET_PRINTF(inm->inm_addr,
1378	("%s: leave inm 0x%llx, %s/%s%d, imf 0x%llx\n", __func__,
1379	(uint64_t)VM_KERNEL_ADDRPERM(inm), _igmp_inet_buf,
1380	(inm_is_ifp_detached(inm) ? "null" : inm->inm_ifp->if_name),
1381	inm->inm_ifp->if_unit, (uint64_t)VM_KERNEL_ADDRPERM(imf)));
1382
1383	/*
1384	* If no imf was specified (i.e. kernel consumer),
1385	* fake one up and assume it is an ASM join.
1386	*/
1387	if (imf == NULL) {
1388	imf_init(imf: &timf, MCAST_EXCLUDE, MCAST_UNDEFINED);
1389	imf = &timf;
1390	}
1391
1392	/*
1393	* Begin state merge transaction at IGMP layer.
1394	*
1395	* As this particular invocation should not cause any memory
1396	* to be allocated, and there is no opportunity to roll back
1397	* the transaction, it MUST NOT fail.
1398	*/
1399	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1400
1401	error = inm_merge(inm, imf);
1402	KASSERT(error == `0`, ("%s: failed to merge inm state\n", __func__));
1403
1404	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1405	error = igmp_change_state(inm, &itp);
1406	#if IGMP_DEBUG
1407	if (error) {
1408	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1409	}
1410	#endif
1411	lastref = in_multi_detach(inm);
1412	VERIFY(!lastref \|\| (!(inm->inm_debug & IFD_ATTACHED) &&
1413	inm->inm_reqcnt == `0`));
1414	INM_UNLOCK(inm);
1415	in_multihead_lock_done();
1416
1417	if (lastref) {
1418	INM_REMREF(inm); / for in_multihead list /
1419	}
1420	/ schedule timer now that we've dropped the lock(s) /
1421	igmp_set_fast_timeout(&itp);
1422
1423	return error;
1424	}
1425
1426	/*
1427	* Join an IPv4 multicast group in (*,G) exclusive mode.
1428	* The group must be a 224.0.0.0/24 link-scope group.
1429	* This KPI is for legacy kernel consumers only.
1430	*/
1431	struct in_multi *
1432	in_addmulti(struct in_addr ap, struct* ifnet *ifp)
1433	{
1434	struct in_multi *__single pinm = NULL;
1435	int error;
1436
1437	KASSERT(IN_LOCAL_GROUP(ntohl(ap->s_addr)),
1438	("%s: %s not in 224.0.0.0/24\n", __func__, inet_ntoa(*ap)));
1439
1440	error = in_joingroup(ifp, gina: ap, NULL, pinm: &pinm);
1441	VERIFY(pinm != NULL \|\| error != `0`);
1442
1443	return pinm;
1444	}
1445
1446	/*
1447	* Leave an IPv4 multicast group, assumed to be in exclusive (*,G) mode.
1448	* This KPI is for legacy kernel consumers only.
1449	*/
1450	void
1451	in_delmulti(struct in_multi *inm)
1452	{
1453	(void) in_leavegroup(inm, NULL);
1454	}
1455
1456	/*
1457	* Block or unblock an ASM multicast source on an inpcb.
1458	* This implements the delta-based API described in RFC 3678.
1459	*
1460	* The delta-based API applies only to exclusive-mode memberships.
1461	* An IGMP downcall will be performed.
1462	*
1463	* Return 0 if successful, otherwise return an appropriate error code.
1464	*/
1465	static int
1466	inp_block_unblock_source(struct inpcb inp, struct* sockopt *sopt)
1467	{
1468	struct group_source_req gsr;
1469	struct sockaddr_in gsa, ssa;
1470	struct ifnet *ifp;
1471	struct in_mfilter *imf;
1472	struct ip_moptions *imo;
1473	struct in_msource *ims;
1474	struct in_multi *inm;
1475	size_t idx;
1476	uint8_t fmode;
1477	int error, doblock;
1478	unsigned int ifindex = `0`;
1479	struct igmp_tparams itp;
1480
1481	bzero(s: &itp, n: sizeof(itp));
1482	ifp = NULL;
1483	error = `0`;
1484	doblock = `0`;
1485
1486	memset(s: &gsr, c: `0`, n: sizeof(struct group_source_req));
1487	gsa = SIN(&gsr.gsr_group);
1488	ssa = SIN(&gsr.gsr_source);
1489
1490	switch (sopt->sopt_name) {
1491	case IP_BLOCK_SOURCE:
1492	case IP_UNBLOCK_SOURCE: {
1493	struct ip_mreq_source mreqs;
1494
1495	error = sooptcopyin(sopt, &mreqs,
1496	len: sizeof(struct ip_mreq_source),
1497	minlen: sizeof(struct ip_mreq_source));
1498	if (error) {
1499	return error;
1500	}
1501
1502	gsa->sin_family = AF_INET;
1503	gsa->sin_len = sizeof(struct sockaddr_in);
1504	gsa->sin_addr = mreqs.imr_multiaddr;
1505
1506	ssa->sin_family = AF_INET;
1507	ssa->sin_len = sizeof(struct sockaddr_in);
1508	ssa->sin_addr = mreqs.imr_sourceaddr;
1509
1510	if (!in_nullhost(mreqs.imr_interface)) {
1511	ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
1512	}
1513
1514	if (sopt->sopt_name == IP_BLOCK_SOURCE) {
1515	doblock = `1`;
1516	}
1517
1518	IGMP_INET_PRINTF(mreqs.imr_interface,
1519	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
1520	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
1521	break;
1522	}
1523
1524	case MCAST_BLOCK_SOURCE:
1525	case MCAST_UNBLOCK_SOURCE:
1526	error = sooptcopyin(sopt, &gsr,
1527	len: sizeof(struct group_source_req),
1528	minlen: sizeof(struct group_source_req));
1529	if (error) {
1530	return error;
1531	}
1532
1533	if (gsa->sin_family != AF_INET \|\|
1534	gsa->sin_len != sizeof(struct sockaddr_in)) {
1535	return EINVAL;
1536	}
1537
1538	if (ssa->sin_family != AF_INET \|\|
1539	ssa->sin_len != sizeof(struct sockaddr_in)) {
1540	return EINVAL;
1541	}
1542
1543	ifnet_head_lock_shared();
1544	if (gsr.gsr_interface == `0` \|\| !IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
1545	ifnet_head_done();
1546	return EADDRNOTAVAIL;
1547	}
1548
1549	ifp = ifindex2ifnet[gsr.gsr_interface];
1550	ifnet_head_done();
1551
1552	if (ifp == NULL) {
1553	return EADDRNOTAVAIL;
1554	}
1555
1556	if (sopt->sopt_name == MCAST_BLOCK_SOURCE) {
1557	doblock = `1`;
1558	}
1559	break;
1560
1561	default:
1562	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
1563	__func__, sopt->sopt_name));
1564	return EOPNOTSUPP;
1565	}
1566
1567	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
1568	return EINVAL;
1569	}
1570
1571	/*
1572	* Check if we are actually a member of this group.
1573	*/
1574	imo = inp_findmoptions(inp);
1575	if (imo == NULL) {
1576	return ENOMEM;
1577	}
1578
1579	IMO_LOCK(imo);
1580	idx = imo_match_group(imo, ifp, group: gsa);
1581	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
1582	error = EADDRNOTAVAIL;
1583	goto out_imo_locked;
1584	}
1585
1586	VERIFY(imo->imo_mfilters != NULL);
1587	imf = &imo->imo_mfilters[idx];
1588	inm = imo->imo_membership[idx];
1589
1590	/*
1591	* Attempting to use the delta-based API on an
1592	* non exclusive-mode membership is an error.
1593	*/
1594	fmode = imf->imf_st[`0`];
1595	if (fmode != MCAST_EXCLUDE) {
1596	error = EINVAL;
1597	goto out_imo_locked;
1598	}
1599
1600	/*
1601	* Deal with error cases up-front:
1602	* Asked to block, but already blocked; or
1603	* Asked to unblock, but nothing to unblock.
1604	* If adding a new block entry, allocate it.
1605	*/
1606	ims = imo_match_source(imo, gidx: idx, src: ssa);
1607	if ((ims != NULL && doblock) \|\| (ims == NULL && !doblock)) {
1608	IGMP_INET_PRINTF(ssa->sin_addr,
1609	("%s: source %s %spresent\n", __func__,
1610	_igmp_inet_buf, doblock ? "" : "not "));
1611	error = EADDRNOTAVAIL;
1612	goto out_imo_locked;
1613	}
1614
1615	/*
1616	* Begin state merge transaction at socket layer.
1617	*/
1618	if (doblock) {
1619	IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
1620	ims = imf_graft(imf, st1: fmode, psin: ssa);
1621	if (ims == NULL) {
1622	error = ENOMEM;
1623	}
1624	} else {
1625	IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
1626	error = imf_prune(imf, psin: ssa);
1627	}
1628
1629	if (error) {
1630	IGMP_PRINTF(("%s: merge imf state failed\n", __func__));
1631	goto out_imf_rollback;
1632	}
1633
1634	/*
1635	* Begin state merge transaction at IGMP layer.
1636	*/
1637	INM_LOCK(inm);
1638	IGMP_PRINTF(("%s: merge inm state\n", __func__));
1639	error = inm_merge(inm, imf);
1640	if (error) {
1641	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
1642	INM_UNLOCK(inm);
1643	goto out_imf_rollback;
1644	}
1645
1646	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
1647	error = igmp_change_state(inm, &itp);
1648	INM_UNLOCK(inm);
1649	#if IGMP_DEBUG
1650	if (error) {
1651	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
1652	}
1653	#endif
1654
1655	out_imf_rollback:
1656	if (error) {
1657	imf_rollback(imf);
1658	} else {
1659	imf_commit(imf);
1660	}
1661
1662	imf_reap(imf);
1663
1664	out_imo_locked:
1665	IMO_UNLOCK(imo);
1666	IMO_REMREF(imo); / from inp_findmoptions() /
1667
1668	/ schedule timer now that we've dropped the lock(s) /
1669	igmp_set_fast_timeout(&itp);
1670
1671	return error;
1672	}
1673
1674	/*
1675	* Given an inpcb, return its multicast options structure pointer.
1676	*
1677	* Caller is responsible for locking the inpcb, and releasing the
1678	* extra reference held on the imo, upon a successful return.
1679	*/
1680	static struct ip_moptions *
1681	inp_findmoptions(struct inpcb *inp)
1682	{
1683	struct ip_moptions *imo;
1684	struct in_multi **immp;
1685	struct in_mfilter *imfp;
1686	size_t idx;
1687
1688	if ((imo = inp->inp_moptions) != NULL) {
1689	IMO_ADDREF(imo); / for caller /
1690	return imo;
1691	}
1692
1693	imo = ip_allocmoptions(Z_WAITOK);
1694	if (imo == NULL) {
1695	return NULL;
1696	}
1697
1698	immp = kalloc_type(struct in_multi *, IP_MIN_MEMBERSHIPS,
1699	Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
1700	imfp = kalloc_type(struct in_mfilter, IP_MIN_MEMBERSHIPS,
1701	Z_WAITOK \| Z_ZERO \| Z_NOFAIL);
1702
1703	imo->imo_multicast_ifp = NULL;
1704	imo->imo_multicast_addr.s_addr = INADDR_ANY;
1705	imo->imo_multicast_vif = -`1`;
1706	imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1707	imo->imo_multicast_loop = !!in_mcast_loop;
1708	imo->imo_num_memberships = `0`;
1709	imo->imo_max_memberships = IP_MIN_MEMBERSHIPS;
1710	imo->imo_membership = immp;
1711	imo->imo_mfilters = imfp;
1712
1713	/ Initialize per-group source filters. /
1714	for (idx = `0`; idx < IP_MIN_MEMBERSHIPS; idx++) {
1715	imf_init(imf: &imfp[idx], MCAST_UNDEFINED, MCAST_EXCLUDE);
1716	}
1717
1718	inp->inp_moptions = imo; / keep reference from ip_allocmoptions() /
1719	IMO_ADDREF(imo); / for caller /
1720
1721	return imo;
1722	}
1723	/*
1724	* Atomically get source filters on a socket for an IPv4 multicast group.
1725	*/
1726	static int
1727	inp_get_source_filters(struct inpcb inp, struct* sockopt *sopt)
1728	{
1729	struct __msfilterreq64 msfr = {}, msfr64;
1730	struct __msfilterreq32 msfr32;
1731	struct sockaddr_in *gsa;
1732	struct ifnet *ifp;
1733	struct ip_moptions *imo;
1734	struct in_mfilter *imf;
1735	struct ip_msource *ims;
1736	struct in_msource *lims;
1737	struct sockaddr_in *psin;
1738	struct sockaddr_storage *ptss;
1739	struct sockaddr_storage *tss;
1740	int error;
1741	size_t idx;
1742	uint32_t nsrcs, ncsrcs;
1743	user_addr_t tmp_ptr;
1744
1745	imo = inp->inp_moptions;
1746	VERIFY(imo != NULL);
1747
1748	int is_64bit_proc = IS_64BIT_PROCESS(current_proc());
1749
1750	if (is_64bit_proc) {
1751	error = sooptcopyin(sopt, &msfr64,
1752	len: sizeof(struct __msfilterreq64),
1753	minlen: sizeof(struct __msfilterreq64));
1754	if (error) {
1755	return error;
1756	}
1757	/ we never use msfr.msfr_srcs; /
1758	memcpy(dst: &msfr, src: &msfr64, n: sizeof(msfr64));
1759	} else {
1760	error = sooptcopyin(sopt, &msfr32,
1761	len: sizeof(struct __msfilterreq32),
1762	minlen: sizeof(struct __msfilterreq32));
1763	if (error) {
1764	return error;
1765	}
1766	/ we never use msfr.msfr_srcs; /
1767	memcpy(dst: &msfr, src: &msfr32, n: sizeof(msfr32));
1768	}
1769
1770	ifnet_head_lock_shared();
1771	if (msfr.msfr_ifindex == `0` \|\| !IF_INDEX_IN_RANGE(msfr.msfr_ifindex)) {
1772	ifnet_head_done();
1773	return EADDRNOTAVAIL;
1774	}
1775
1776	ifp = ifindex2ifnet[msfr.msfr_ifindex];
1777	ifnet_head_done();
1778
1779	if (ifp == NULL) {
1780	return EADDRNOTAVAIL;
1781	}
1782
1783	if ((size_t) msfr.msfr_nsrcs >
1784	UINT32_MAX / sizeof(struct sockaddr_storage)) {
1785	msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
1786	}
1787
1788	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) {
1789	msfr.msfr_nsrcs = in_mcast_maxsocksrc;
1790	}
1791
1792	IMO_LOCK(imo);
1793	/*
1794	* Lookup group on the socket.
1795	*/
1796	gsa = SIN(&msfr.msfr_group);
1797
1798	idx = imo_match_group(imo, ifp, group: gsa);
1799	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
1800	IMO_UNLOCK(imo);
1801	return EADDRNOTAVAIL;
1802	}
1803	imf = &imo->imo_mfilters[idx];
1804
1805	/*
1806	* Ignore memberships which are in limbo.
1807	*/
1808	if (imf->imf_st[`1`] == MCAST_UNDEFINED) {
1809	IMO_UNLOCK(imo);
1810	return EAGAIN;
1811	}
1812	msfr.msfr_fmode = imf->imf_st[`1`];
1813
1814	/*
1815	* If the user specified a buffer, copy out the source filter
1816	* entries to userland gracefully.
1817	* We only copy out the number of entries which userland
1818	* has asked for, but we always tell userland how big the
1819	* buffer really needs to be.
1820	*/
1821
1822	if (is_64bit_proc) {
1823	tmp_ptr = CAST_USER_ADDR_T(msfr64.msfr_srcs);
1824	} else {
1825	tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
1826	}
1827
1828	tss = NULL;
1829	if (tmp_ptr != USER_ADDR_NULL && msfr.msfr_nsrcs > `0`) {
1830	tss = kalloc_data((size_t)msfr.msfr_nsrcs * sizeof(*tss),
1831	Z_WAITOK \| Z_ZERO);
1832	if (tss == NULL) {
1833	IMO_UNLOCK(imo);
1834	return ENOBUFS;
1835	}
1836	}
1837
1838	/*
1839	* Count number of sources in-mode at t0.
1840	* If buffer space exists and remains, copy out source entries.
1841	*/
1842	nsrcs = msfr.msfr_nsrcs;
1843	ncsrcs = `0`;
1844	ptss = tss;
1845	RB_FOREACH(ims, ip_msource_tree, &imf->imf_sources) {
1846	lims = (struct in_msource *)ims;
1847	if (lims->imsl_st[`0`] == MCAST_UNDEFINED \|\|
1848	lims->imsl_st[`0`] != imf->imf_st[`0`]) {
1849	continue;
1850	}
1851	if (tss != NULL && nsrcs > `0`) {
1852	psin = SIN(ptss);
1853	psin->sin_family = AF_INET;
1854	psin->sin_len = sizeof(struct sockaddr_in);
1855	psin->sin_addr.s_addr = htonl(lims->ims_haddr);
1856	psin->sin_port = `0`;
1857	++ptss;
1858	--nsrcs;
1859	++ncsrcs;
1860	}
1861	}
1862
1863	IMO_UNLOCK(imo);
1864
1865	if (tss != NULL) {
1866	error = copyout(tss, CAST_USER_ADDR_T(tmp_ptr), ncsrcs * sizeof(*tss));
1867	kfree_data(tss, (size_t)msfr.msfr_nsrcs * sizeof(*tss));
1868	if (error) {
1869	return error;
1870	}
1871	}
1872
1873	msfr.msfr_nsrcs = ncsrcs;
1874	if (is_64bit_proc) {
1875	msfr64.msfr_ifindex = msfr.msfr_ifindex;
1876	msfr64.msfr_fmode = msfr.msfr_fmode;
1877	msfr64.msfr_nsrcs = msfr.msfr_nsrcs;
1878	memcpy(dst: &msfr64.msfr_group, src: &msfr.msfr_group,
1879	n: sizeof(struct sockaddr_storage));
1880	error = sooptcopyout(sopt, data: &msfr64,
1881	len: sizeof(struct __msfilterreq64));
1882	} else {
1883	msfr32.msfr_ifindex = msfr.msfr_ifindex;
1884	msfr32.msfr_fmode = msfr.msfr_fmode;
1885	msfr32.msfr_nsrcs = msfr.msfr_nsrcs;
1886	memcpy(dst: &msfr32.msfr_group, src: &msfr.msfr_group,
1887	n: sizeof(struct sockaddr_storage));
1888	error = sooptcopyout(sopt, data: &msfr32,
1889	len: sizeof(struct __msfilterreq32));
1890	}
1891
1892	return error;
1893	}
1894
1895	/*
1896	* Return the IP multicast options in response to user getsockopt().
1897	*/
1898	int
1899	inp_getmoptions(struct inpcb inp, struct* sockopt *sopt)
1900	{
1901	struct ip_mreqn mreqn;
1902	struct ip_moptions *imo;
1903	struct ifnet *ifp;
1904	struct in_ifaddr *ia;
1905	int error, optval;
1906	unsigned int ifindex;
1907	u_char coptval;
1908
1909	imo = inp->inp_moptions;
1910	/*
1911	* If socket is neither of type SOCK_RAW or SOCK_DGRAM,
1912	* or is a divert socket, reject it.
1913	*/
1914	if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT \|\|
1915	(SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
1916	SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM)) {
1917	return EOPNOTSUPP;
1918	}
1919
1920	error = `0`;
1921	switch (sopt->sopt_name) {
1922	case IP_MULTICAST_IF:
1923	memset(s: &mreqn, c: `0`, n: sizeof(struct ip_mreqn));
1924	if (imo != NULL) {
1925	IMO_LOCK(imo);
1926	ifp = imo->imo_multicast_ifp;
1927	if (!in_nullhost(imo->imo_multicast_addr)) {
1928	mreqn.imr_address = imo->imo_multicast_addr;
1929	} else if (ifp != NULL) {
1930	mreqn.imr_ifindex = ifp->if_index;
1931	IFP_TO_IA(ifp, ia);
1932	if (ia != NULL) {
1933	IFA_LOCK_SPIN(&ia->ia_ifa);
1934	mreqn.imr_address =
1935	IA_SIN(ia)->sin_addr;
1936	IFA_UNLOCK(&ia->ia_ifa);
1937	ifa_remref(ifa: &ia->ia_ifa);
1938	}
1939	}
1940	IMO_UNLOCK(imo);
1941	}
1942	if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
1943	error = sooptcopyout(sopt, data: &mreqn,
1944	len: sizeof(struct ip_mreqn));
1945	} else {
1946	error = sooptcopyout(sopt, data: &mreqn.imr_address,
1947	len: sizeof(struct in_addr));
1948	}
1949	break;
1950
1951	case IP_MULTICAST_IFINDEX:
1952	if (imo != NULL) {
1953	IMO_LOCK(imo);
1954	}
1955	if (imo == NULL \|\| imo->imo_multicast_ifp == NULL) {
1956	ifindex = `0`;
1957	} else {
1958	ifindex = imo->imo_multicast_ifp->if_index;
1959	}
1960	if (imo != NULL) {
1961	IMO_UNLOCK(imo);
1962	}
1963	error = sooptcopyout(sopt, data: &ifindex, len: sizeof(ifindex));
1964	break;
1965
1966	case IP_MULTICAST_TTL:
1967	if (imo == NULL) {
1968	optval = coptval = IP_DEFAULT_MULTICAST_TTL;
1969	} else {
1970	IMO_LOCK(imo);
1971	optval = coptval = imo->imo_multicast_ttl;
1972	IMO_UNLOCK(imo);
1973	}
1974	if (sopt->sopt_valsize == sizeof(u_char)) {
1975	error = sooptcopyout(sopt, data: &coptval, len: sizeof(u_char));
1976	} else {
1977	error = sooptcopyout(sopt, data: &optval, len: sizeof(int));
1978	}
1979	break;
1980
1981	case IP_MULTICAST_LOOP:
1982	if (imo == `0`) {
1983	optval = coptval = IP_DEFAULT_MULTICAST_LOOP;
1984	} else {
1985	IMO_LOCK(imo);
1986	optval = coptval = imo->imo_multicast_loop;
1987	IMO_UNLOCK(imo);
1988	}
1989	if (sopt->sopt_valsize == sizeof(u_char)) {
1990	error = sooptcopyout(sopt, data: &coptval, len: sizeof(u_char));
1991	} else {
1992	error = sooptcopyout(sopt, data: &optval, len: sizeof(int));
1993	}
1994	break;
1995
1996	case IP_MSFILTER:
1997	if (imo == NULL) {
1998	error = EADDRNOTAVAIL;
1999	} else {
2000	error = inp_get_source_filters(inp, sopt);
2001	}
2002	break;
2003
2004	default:
2005	error = ENOPROTOOPT;
2006	break;
2007	}
2008
2009	return error;
2010	}
2011
2012	/*
2013	* Look up the ifnet to use for a multicast group membership,
2014	* given the IPv4 address of an interface, and the IPv4 group address.
2015	*
2016	* This routine exists to support legacy multicast applications
2017	* which do not understand that multicast memberships are scoped to
2018	* specific physical links in the networking stack, or which need
2019	* to join link-scope groups before IPv4 addresses are configured.
2020	*
2021	* If inp is non-NULL and is bound to an interface, use this socket's
2022	* inp_boundif for any required routing table lookup.
2023	*
2024	* If the route lookup fails, attempt to use the first non-loopback
2025	* interface with multicast capability in the system as a
2026	* last resort. The legacy IPv4 ASM API requires that we do
2027	* this in order to allow groups to be joined when the routing
2028	* table has not yet been populated during boot.
2029	*
2030	* Returns NULL if no ifp could be found.
2031	*
2032	*/
2033	static struct ifnet *
2034	inp_lookup_mcast_ifp(const struct inpcb *inp,
2035	const struct sockaddr_in gsin, const* struct in_addr ina)
2036	{
2037	struct ifnet *ifp;
2038	unsigned int ifindex = `0`;
2039
2040	VERIFY(gsin->sin_family == AF_INET);
2041	VERIFY(IN_MULTICAST(ntohl(gsin->sin_addr.s_addr)));
2042
2043	ifp = NULL;
2044	if (!in_nullhost(ina)) {
2045	struct in_addr new_ina;
2046	memcpy(dst: &new_ina, src: &ina, n: sizeof(struct in_addr));
2047	ifp = ip_multicast_if(&new_ina, &ifindex);
2048	} else {
2049	struct route ro;
2050	unsigned int ifscope = IFSCOPE_NONE;
2051
2052	if (inp != NULL && (inp->inp_flags & INP_BOUND_IF)) {
2053	ifscope = inp->inp_boundifp->if_index;
2054	}
2055
2056	bzero(s: &ro, n: sizeof(ro));
2057	memcpy(dst: &ro.ro_dst, src: gsin, n: sizeof(struct sockaddr_in));
2058	rtalloc_scoped_ign(&ro, `0`, ifscope);
2059	if (ro.ro_rt != NULL) {
2060	ifp = ro.ro_rt->rt_ifp;
2061	VERIFY(ifp != NULL);
2062	} else {
2063	struct in_ifaddr *ia;
2064	struct ifnet *mifp;
2065
2066	mifp = NULL;
2067	lck_rw_lock_shared(lck: &in_ifaddr_rwlock);
2068	TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
2069	IFA_LOCK_SPIN(&ia->ia_ifa);
2070	mifp = ia->ia_ifp;
2071	IFA_UNLOCK(&ia->ia_ifa);
2072	if (!(mifp->if_flags & IFF_LOOPBACK) &&
2073	(mifp->if_flags & IFF_MULTICAST)) {
2074	ifp = mifp;
2075	break;
2076	}
2077	}
2078	lck_rw_done(lck: &in_ifaddr_rwlock);
2079	}
2080	ROUTE_RELEASE(&ro);
2081	}
2082
2083	return ifp;
2084	}
2085
2086	/*
2087	* Join an IPv4 multicast group, possibly with a source.
2088	*
2089	* NB: sopt->sopt_val might point to the kernel address space. This means that
2090	* we were called by the IPv6 stack due to the presence of an IPv6 v4 mapped
2091	* address. In this scenario, sopt_p points to kernproc and sooptcopyin() will
2092	* just issue an in-kernel memcpy.
2093	*/
2094	int
2095	inp_join_group(struct inpcb inp, struct* sockopt *sopt)
2096	{
2097	struct group_source_req gsr;
2098	struct sockaddr_in gsa, ssa;
2099	struct ifnet *ifp;
2100	struct in_mfilter *imf;
2101	struct ip_moptions *imo;
2102	struct in_multi *__single inm = NULL;
2103	struct in_msource *lims;
2104	size_t idx;
2105	int error, is_new;
2106	struct igmp_tparams itp;
2107
2108	bzero(s: &itp, n: sizeof(itp));
2109	ifp = NULL;
2110	imf = NULL;
2111	error = `0`;
2112	is_new = `0`;
2113
2114	memset(s: &gsr, c: `0`, n: sizeof(struct group_source_req));
2115	gsa = SIN(&gsr.gsr_group);
2116	gsa->sin_family = AF_UNSPEC;
2117	ssa = SIN(&gsr.gsr_source);
2118	ssa->sin_family = AF_UNSPEC;
2119
2120	switch (sopt->sopt_name) {
2121	case IP_ADD_MEMBERSHIP:
2122	case IP_ADD_SOURCE_MEMBERSHIP: {
2123	struct ip_mreq_source mreqs;
2124
2125	if (sopt->sopt_name == IP_ADD_MEMBERSHIP) {
2126	error = sooptcopyin(sopt, &mreqs,
2127	len: sizeof(struct ip_mreq),
2128	minlen: sizeof(struct ip_mreq));
2129	/*
2130	* Do argument switcharoo from ip_mreq into
2131	* ip_mreq_source to avoid using two instances.
2132	*/
2133	mreqs.imr_interface = mreqs.imr_sourceaddr;
2134	mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2135	} else if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2136	error = sooptcopyin(sopt, &mreqs,
2137	len: sizeof(struct ip_mreq_source),
2138	minlen: sizeof(struct ip_mreq_source));
2139	}
2140	if (error) {
2141	IGMP_PRINTF(("%s: error copyin IP_ADD_MEMBERSHIP/"
2142	"IP_ADD_SOURCE_MEMBERSHIP %d err=%d\n",
2143	__func__, sopt->sopt_name, error));
2144	return error;
2145	}
2146
2147	gsa->sin_family = AF_INET;
2148	gsa->sin_len = sizeof(struct sockaddr_in);
2149	gsa->sin_addr = mreqs.imr_multiaddr;
2150
2151	if (sopt->sopt_name == IP_ADD_SOURCE_MEMBERSHIP) {
2152	ssa->sin_family = AF_INET;
2153	ssa->sin_len = sizeof(struct sockaddr_in);
2154	ssa->sin_addr = mreqs.imr_sourceaddr;
2155	}
2156
2157	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2158	return EINVAL;
2159	}
2160
2161	ifp = inp_lookup_mcast_ifp(inp, gsin: gsa, ina: mreqs.imr_interface);
2162	IGMP_INET_PRINTF(mreqs.imr_interface,
2163	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2164	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2165	break;
2166	}
2167
2168	case MCAST_JOIN_GROUP:
2169	case MCAST_JOIN_SOURCE_GROUP:
2170	if (sopt->sopt_name == MCAST_JOIN_GROUP) {
2171	error = sooptcopyin(sopt, &gsr,
2172	len: sizeof(struct group_req),
2173	minlen: sizeof(struct group_req));
2174	} else if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2175	error = sooptcopyin(sopt, &gsr,
2176	len: sizeof(struct group_source_req),
2177	minlen: sizeof(struct group_source_req));
2178	}
2179	if (error) {
2180	return error;
2181	}
2182
2183	if (gsa->sin_family != AF_INET \|\|
2184	gsa->sin_len != sizeof(struct sockaddr_in)) {
2185	return EINVAL;
2186	}
2187
2188	/*
2189	* Overwrite the port field if present, as the sockaddr
2190	* being copied in may be matched with a binary comparison.
2191	*/
2192	gsa->sin_port = `0`;
2193	if (sopt->sopt_name == MCAST_JOIN_SOURCE_GROUP) {
2194	if (ssa->sin_family != AF_INET \|\|
2195	ssa->sin_len != sizeof(struct sockaddr_in)) {
2196	return EINVAL;
2197	}
2198	ssa->sin_port = `0`;
2199	}
2200
2201	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2202	return EINVAL;
2203	}
2204
2205	ifnet_head_lock_shared();
2206	if (gsr.gsr_interface == `0` \|\| !IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
2207	ifnet_head_done();
2208	return EADDRNOTAVAIL;
2209	}
2210	ifp = ifindex2ifnet[gsr.gsr_interface];
2211	ifnet_head_done();
2212	if (ifp == NULL) {
2213	return EADDRNOTAVAIL;
2214	}
2215	break;
2216
2217	default:
2218	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2219	__func__, sopt->sopt_name));
2220	return EOPNOTSUPP;
2221	}
2222
2223	if (ifp == NULL \|\| (ifp->if_flags & IFF_MULTICAST) == `0`) {
2224	return EADDRNOTAVAIL;
2225	}
2226
2227	INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_total);
2228	/*
2229	* TBD: revisit the criteria for non-OS initiated joins
2230	*/
2231	if (inp->inp_lport == htons(`5353`)) {
2232	INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_mcast_join_os_total);
2233	}
2234
2235	imo = inp_findmoptions(inp);
2236	if (imo == NULL) {
2237	return ENOMEM;
2238	}
2239
2240	IMO_LOCK(imo);
2241	idx = imo_match_group(imo, ifp, group: gsa);
2242	if (idx == (size_t)-`1`) {
2243	is_new = `1`;
2244	} else {
2245	inm = imo->imo_membership[idx];
2246	imf = &imo->imo_mfilters[idx];
2247	if (ssa->sin_family != AF_UNSPEC) {
2248	/*
2249	* MCAST_JOIN_SOURCE_GROUP on an exclusive membership
2250	* is an error. On an existing inclusive membership,
2251	* it just adds the source to the filter list.
2252	*/
2253	if (imf->imf_st[`1`] != MCAST_INCLUDE) {
2254	error = EINVAL;
2255	goto out_imo_locked;
2256	}
2257	/*
2258	* Throw out duplicates.
2259	*
2260	* XXX FIXME: This makes a naive assumption that
2261	* even if entries exist for *ssa in this imf,
2262	* they will be rejected as dupes, even if they
2263	* are not valid in the current mode (in-mode).
2264	*
2265	* in_msource is transactioned just as for anything
2266	* else in SSM -- but note naive use of inm_graft()
2267	* below for allocating new filter entries.
2268	*
2269	* This is only an issue if someone mixes the
2270	* full-state SSM API with the delta-based API,
2271	* which is discouraged in the relevant RFCs.
2272	*/
2273	lims = imo_match_source(imo, gidx: idx, src: ssa);
2274	if (lims != NULL /&&*
2275	* lims->imsl_st[1] == MCAST_INCLUDE*/) {
2276	error = EADDRNOTAVAIL;
2277	goto out_imo_locked;
2278	}
2279	} else {
2280	/*
2281	* MCAST_JOIN_GROUP on an existing exclusive
2282	* membership is an error; return EADDRINUSE
2283	* to preserve 4.4BSD API idempotence, and
2284	* avoid tedious detour to code below.
2285	* NOTE: This is bending RFC 3678 a bit.
2286	*
2287	* On an existing inclusive membership, this is also
2288	* an error; if you want to change filter mode,
2289	* you must use the userland API setsourcefilter().
2290	* XXX We don't reject this for imf in UNDEFINED
2291	* state at t1, because allocation of a filter
2292	* is atomic with allocation of a membership.
2293	*/
2294	error = EINVAL;
2295	/ See comments above for EADDRINUSE /
2296	if (imf->imf_st[`1`] == MCAST_EXCLUDE) {
2297	error = EADDRINUSE;
2298	}
2299	goto out_imo_locked;
2300	}
2301	}
2302
2303	/*
2304	* Begin state merge transaction at socket layer.
2305	*/
2306
2307	if (is_new) {
2308	if (imo->imo_num_memberships == imo->imo_max_memberships) {
2309	error = imo_grow(imo, newmax: `0`);
2310	if (error) {
2311	goto out_imo_locked;
2312	}
2313	}
2314	/*
2315	* Allocate the new slot upfront so we can deal with
2316	* grafting the new source filter in same code path
2317	* as for join-source on existing membership.
2318	*/
2319	idx = imo->imo_num_memberships;
2320	imo->imo_membership[idx] = NULL;
2321	imo->imo_num_memberships++;
2322	VERIFY(imo->imo_mfilters != NULL);
2323	imf = &imo->imo_mfilters[idx];
2324	VERIFY(RB_EMPTY(&imf->imf_sources));
2325	}
2326
2327	/*
2328	* Graft new source into filter list for this inpcb's
2329	* membership of the group. The in_multi may not have
2330	* been allocated yet if this is a new membership, however,
2331	* the in_mfilter slot will be allocated and must be initialized.
2332	*/
2333	if (ssa->sin_family != AF_UNSPEC) {
2334	/ Membership starts in IN mode /
2335	if (is_new) {
2336	IGMP_PRINTF(("%s: new join w/source\n", __func__));
2337	imf_init(imf, MCAST_UNDEFINED, MCAST_INCLUDE);
2338	} else {
2339	IGMP_PRINTF(("%s: %s source\n", __func__, "allow"));
2340	}
2341	lims = imf_graft(imf, MCAST_INCLUDE, psin: ssa);
2342	if (lims == NULL) {
2343	IGMP_PRINTF(("%s: merge imf state failed\n",
2344	__func__));
2345	error = ENOMEM;
2346	goto out_imo_free;
2347	}
2348	} else {
2349	/ No address specified; Membership starts in EX mode /
2350	if (is_new) {
2351	IGMP_PRINTF(("%s: new join w/o source\n", __func__));
2352	imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE);
2353	}
2354	}
2355
2356	/*
2357	* Begin state merge transaction at IGMP layer.
2358	*/
2359	if (is_new) {
2360	VERIFY(inm == NULL);
2361	error = in_joingroup(ifp, gina: &gsa->sin_addr, imf, pinm: &inm);
2362
2363	VERIFY(inm != NULL \|\| error != `0`);
2364	if (error) {
2365	goto out_imo_free;
2366	}
2367	imo->imo_membership[idx] = inm; / from in_joingroup() /
2368	} else {
2369	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2370	INM_LOCK(inm);
2371	error = inm_merge(inm, imf);
2372	if (error) {
2373	IGMP_PRINTF(("%s: failed to merge inm state\n",
2374	__func__));
2375	INM_UNLOCK(inm);
2376	goto out_imf_rollback;
2377	}
2378	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2379	error = igmp_change_state(inm, &itp);
2380	INM_UNLOCK(inm);
2381	if (error) {
2382	IGMP_PRINTF(("%s: failed igmp downcall\n",
2383	__func__));
2384	goto out_imf_rollback;
2385	}
2386	}
2387
2388	out_imf_rollback:
2389	if (error) {
2390	imf_rollback(imf);
2391	if (is_new) {
2392	imf_purge(imf);
2393	} else {
2394	imf_reap(imf);
2395	}
2396	} else {
2397	imf_commit(imf);
2398	}
2399
2400	out_imo_free:
2401	if (error && is_new) {
2402	VERIFY(inm == NULL);
2403	imo->imo_membership[idx] = NULL;
2404	--imo->imo_num_memberships;
2405	}
2406
2407	out_imo_locked:
2408	IMO_UNLOCK(imo);
2409	IMO_REMREF(imo); / from inp_findmoptions() /
2410
2411	/ schedule timer now that we've dropped the lock(s) /
2412	igmp_set_fast_timeout(&itp);
2413
2414	return error;
2415	}
2416
2417	/*
2418	* Leave an IPv4 multicast group on an inpcb, possibly with a source.
2419	*
2420	* NB: sopt->sopt_val might point to the kernel address space. Refer to the
2421	* block comment on top of inp_join_group() for more information.
2422	*/
2423	int
2424	inp_leave_group(struct inpcb inp, struct* sockopt *sopt)
2425	{
2426	struct group_source_req gsr;
2427	struct ip_mreq_source mreqs;
2428	struct sockaddr_in gsa, ssa;
2429	struct ifnet *ifp;
2430	struct in_mfilter *imf;
2431	struct ip_moptions *imo;
2432	struct in_msource *ims;
2433	struct in_multi *inm = NULL;
2434	size_t idx;
2435	int error, is_final;
2436	unsigned int ifindex = `0`;
2437	struct igmp_tparams itp;
2438
2439	bzero(s: &itp, n: sizeof(itp));
2440	ifp = NULL;
2441	error = `0`;
2442	is_final = `1`;
2443
2444	memset(s: &gsr, c: `0`, n: sizeof(struct group_source_req));
2445	gsa = SIN(&gsr.gsr_group);
2446	ssa = SIN(&gsr.gsr_source);
2447
2448	switch (sopt->sopt_name) {
2449	case IP_DROP_MEMBERSHIP:
2450	case IP_DROP_SOURCE_MEMBERSHIP:
2451	if (sopt->sopt_name == IP_DROP_MEMBERSHIP) {
2452	error = sooptcopyin(sopt, &mreqs,
2453	len: sizeof(struct ip_mreq),
2454	minlen: sizeof(struct ip_mreq));
2455	/*
2456	* Swap interface and sourceaddr arguments,
2457	* as ip_mreq and ip_mreq_source are laid
2458	* out differently.
2459	*/
2460	mreqs.imr_interface = mreqs.imr_sourceaddr;
2461	mreqs.imr_sourceaddr.s_addr = INADDR_ANY;
2462	} else if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2463	error = sooptcopyin(sopt, &mreqs,
2464	len: sizeof(struct ip_mreq_source),
2465	minlen: sizeof(struct ip_mreq_source));
2466	}
2467	if (error) {
2468	return error;
2469	}
2470
2471	gsa->sin_family = AF_INET;
2472	gsa->sin_len = sizeof(struct sockaddr_in);
2473	gsa->sin_addr = mreqs.imr_multiaddr;
2474
2475	if (sopt->sopt_name == IP_DROP_SOURCE_MEMBERSHIP) {
2476	ssa->sin_family = AF_INET;
2477	ssa->sin_len = sizeof(struct sockaddr_in);
2478	ssa->sin_addr = mreqs.imr_sourceaddr;
2479	}
2480	/*
2481	* Attempt to look up hinted ifp from interface address.
2482	* Fallthrough with null ifp iff lookup fails, to
2483	* preserve 4.4BSD mcast API idempotence.
2484	* XXX NOTE WELL: The RFC 3678 API is preferred because
2485	* using an IPv4 address as a key is racy.
2486	*/
2487	if (!in_nullhost(mreqs.imr_interface)) {
2488	ifp = ip_multicast_if(&mreqs.imr_interface, &ifindex);
2489	}
2490
2491	IGMP_INET_PRINTF(mreqs.imr_interface,
2492	("%s: imr_interface = %s, ifp = 0x%llx\n", __func__,
2493	_igmp_inet_buf, (uint64_t)VM_KERNEL_ADDRPERM(ifp)));
2494
2495	break;
2496
2497	case MCAST_LEAVE_GROUP:
2498	case MCAST_LEAVE_SOURCE_GROUP:
2499	if (sopt->sopt_name == MCAST_LEAVE_GROUP) {
2500	error = sooptcopyin(sopt, &gsr,
2501	len: sizeof(struct group_req),
2502	minlen: sizeof(struct group_req));
2503	} else if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2504	error = sooptcopyin(sopt, &gsr,
2505	len: sizeof(struct group_source_req),
2506	minlen: sizeof(struct group_source_req));
2507	}
2508	if (error) {
2509	return error;
2510	}
2511
2512	if (gsa->sin_family != AF_INET \|\|
2513	gsa->sin_len != sizeof(struct sockaddr_in)) {
2514	return EINVAL;
2515	}
2516
2517	if (sopt->sopt_name == MCAST_LEAVE_SOURCE_GROUP) {
2518	if (ssa->sin_family != AF_INET \|\|
2519	ssa->sin_len != sizeof(struct sockaddr_in)) {
2520	return EINVAL;
2521	}
2522	}
2523
2524	ifnet_head_lock_shared();
2525	if (gsr.gsr_interface == `0` \|\|
2526	!IF_INDEX_IN_RANGE(gsr.gsr_interface)) {
2527	ifnet_head_done();
2528	return EADDRNOTAVAIL;
2529	}
2530
2531	ifp = ifindex2ifnet[gsr.gsr_interface];
2532	ifnet_head_done();
2533	if (ifp == NULL) {
2534	return EADDRNOTAVAIL;
2535	}
2536	break;
2537
2538	default:
2539	IGMP_PRINTF(("%s: unknown sopt_name %d\n",
2540	__func__, sopt->sopt_name));
2541	return EOPNOTSUPP;
2542	}
2543
2544	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2545	return EINVAL;
2546	}
2547
2548	/*
2549	* Find the membership in the membership array.
2550	*/
2551	imo = inp_findmoptions(inp);
2552	if (imo == NULL) {
2553	return ENOMEM;
2554	}
2555
2556	IMO_LOCK(imo);
2557	idx = imo_match_group(imo, ifp, group: gsa);
2558	if (idx == (size_t)-`1`) {
2559	error = EADDRNOTAVAIL;
2560	goto out_locked;
2561	}
2562	inm = imo->imo_membership[idx];
2563	if (inm == NULL) {
2564	error = EINVAL;
2565	goto out_locked;
2566	}
2567	imf = &imo->imo_mfilters[idx];
2568
2569	if (ssa->sin_family != AF_UNSPEC) {
2570	IGMP_PRINTF(("%s: opt=%d is_final=0\n", __func__,
2571	sopt->sopt_name));
2572	is_final = `0`;
2573	}
2574
2575	/*
2576	* Begin state merge transaction at socket layer.
2577	*/
2578
2579	/*
2580	* If we were instructed only to leave a given source, do so.
2581	* MCAST_LEAVE_SOURCE_GROUP is only valid for inclusive memberships.
2582	*/
2583	if (is_final) {
2584	imf_leave(imf);
2585	} else {
2586	if (imf->imf_st[`0`] == MCAST_EXCLUDE) {
2587	error = EADDRNOTAVAIL;
2588	goto out_locked;
2589	}
2590	ims = imo_match_source(imo, gidx: idx, src: ssa);
2591	if (ims == NULL) {
2592	IGMP_INET_PRINTF(ssa->sin_addr,
2593	("%s: source %s %spresent\n", __func__,
2594	_igmp_inet_buf, "not "));
2595	error = EADDRNOTAVAIL;
2596	goto out_locked;
2597	}
2598	IGMP_PRINTF(("%s: %s source\n", __func__, "block"));
2599	error = imf_prune(imf, psin: ssa);
2600	if (error) {
2601	IGMP_PRINTF(("%s: merge imf state failed\n",
2602	__func__));
2603	goto out_locked;
2604	}
2605	}
2606
2607	/*
2608	* Begin state merge transaction at IGMP layer.
2609	*/
2610	if (is_final) {
2611	/*
2612	* Give up the multicast address record to which
2613	* the membership points. Reference held in imo
2614	* will be released below.
2615	*/
2616	(void) in_leavegroup(inm, imf);
2617	} else {
2618	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2619	INM_LOCK(inm);
2620	error = inm_merge(inm, imf);
2621	if (error) {
2622	IGMP_PRINTF(("%s: failed to merge inm state\n",
2623	__func__));
2624	INM_UNLOCK(inm);
2625	goto out_imf_rollback;
2626	}
2627
2628	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2629	error = igmp_change_state(inm, &itp);
2630	if (error) {
2631	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2632	}
2633	INM_UNLOCK(inm);
2634	}
2635
2636	out_imf_rollback:
2637	if (error) {
2638	imf_rollback(imf);
2639	} else {
2640	imf_commit(imf);
2641	}
2642
2643	imf_reap(imf);
2644
2645	if (is_final) {
2646	/ Remove the gap in the membership array and filter array. /
2647	VERIFY(inm == imo->imo_membership[idx]);
2648
2649	INM_REMREF(inm);
2650
2651	for (++idx; idx < imo->imo_num_memberships; ++idx) {
2652	imo->imo_membership[idx - `1`] = imo->imo_membership[idx];
2653	imo->imo_mfilters[idx - `1`] = imo->imo_mfilters[idx];
2654	}
2655	imo->imo_num_memberships--;
2656
2657	/ Re-initialize the now unused tail of the list /
2658	imo->imo_membership[imo->imo_num_memberships] = NULL;
2659	imf_init(imf: &imo->imo_mfilters[imo->imo_num_memberships], MCAST_UNDEFINED, MCAST_EXCLUDE);
2660	}
2661
2662	out_locked:
2663	IMO_UNLOCK(imo);
2664	IMO_REMREF(imo); / from inp_findmoptions() /
2665
2666	/ schedule timer now that we've dropped the lock(s) /
2667	igmp_set_fast_timeout(&itp);
2668
2669	return error;
2670	}
2671
2672	/*
2673	* Select the interface for transmitting IPv4 multicast datagrams.
2674	*
2675	* Either an instance of struct in_addr or an instance of struct ip_mreqn
2676	* may be passed to this socket option. An address of INADDR_ANY or an
2677	* interface index of 0 is used to remove a previous selection.
2678	* When no interface is selected, one is chosen for every send.
2679	*/
2680	static int
2681	inp_set_multicast_if(struct inpcb inp, struct* sockopt *sopt)
2682	{
2683	struct in_addr addr;
2684	struct ip_mreqn mreqn;
2685	struct ifnet *ifp;
2686	struct ip_moptions *imo;
2687	int error = `0`;
2688	unsigned int ifindex = `0`;
2689
2690	bzero(s: &addr, n: sizeof(addr));
2691	if (sopt->sopt_valsize == sizeof(struct ip_mreqn)) {
2692	/*
2693	* An interface index was specified using the
2694	* Linux-derived ip_mreqn structure.
2695	*/
2696	error = sooptcopyin(sopt, &mreqn, len: sizeof(struct ip_mreqn),
2697	minlen: sizeof(struct ip_mreqn));
2698	if (error) {
2699	return error;
2700	}
2701
2702	ifnet_head_lock_shared();
2703	if (mreqn.imr_ifindex < `0` \|\| !IF_INDEX_IN_RANGE(mreqn.imr_ifindex)) {
2704	ifnet_head_done();
2705	return EINVAL;
2706	}
2707
2708	if (mreqn.imr_ifindex == `0`) {
2709	ifp = NULL;
2710	} else {
2711	ifp = ifindex2ifnet[mreqn.imr_ifindex];
2712	if (ifp == NULL) {
2713	ifnet_head_done();
2714	return EADDRNOTAVAIL;
2715	}
2716	}
2717	ifnet_head_done();
2718	} else {
2719	/*
2720	* An interface was specified by IPv4 address.
2721	* This is the traditional BSD usage.
2722	*/
2723	error = sooptcopyin(sopt, &addr, len: sizeof(struct in_addr),
2724	minlen: sizeof(struct in_addr));
2725	if (error) {
2726	return error;
2727	}
2728	if (in_nullhost(addr)) {
2729	ifp = NULL;
2730	} else {
2731	ifp = ip_multicast_if(&addr, &ifindex);
2732	if (ifp == NULL) {
2733	IGMP_INET_PRINTF(addr,
2734	("%s: can't find ifp for addr=%s\n",
2735	__func__, _igmp_inet_buf));
2736	return EADDRNOTAVAIL;
2737	}
2738	}
2739	}
2740
2741	/ Reject interfaces which do not support multicast. /
2742	if (ifp != NULL && (ifp->if_flags & IFF_MULTICAST) == `0`) {
2743	return EOPNOTSUPP;
2744	}
2745
2746	imo = inp_findmoptions(inp);
2747	if (imo == NULL) {
2748	return ENOMEM;
2749	}
2750
2751	IMO_LOCK(imo);
2752	imo->imo_multicast_ifp = ifp;
2753	if (ifindex) {
2754	imo->imo_multicast_addr = addr;
2755	} else {
2756	imo->imo_multicast_addr.s_addr = INADDR_ANY;
2757	}
2758	IMO_UNLOCK(imo);
2759	IMO_REMREF(imo); / from inp_findmoptions() /
2760
2761	return `0`;
2762	}
2763
2764	/*
2765	* Atomically set source filters on a socket for an IPv4 multicast group.
2766	*/
2767	static int
2768	inp_set_source_filters(struct inpcb inp, struct* sockopt *sopt)
2769	{
2770	struct __msfilterreq64 msfr = {}, msfr64;
2771	struct __msfilterreq32 msfr32;
2772	struct sockaddr_in *gsa;
2773	struct ifnet *ifp;
2774	struct in_mfilter *imf;
2775	struct ip_moptions *imo;
2776	struct in_multi *inm;
2777	size_t idx;
2778	int error;
2779	uint64_t tmp_ptr;
2780	struct igmp_tparams itp;
2781
2782	bzero(s: &itp, n: sizeof(itp));
2783
2784	int is_64bit_proc = IS_64BIT_PROCESS(current_proc());
2785
2786	if (is_64bit_proc) {
2787	error = sooptcopyin(sopt, &msfr64,
2788	len: sizeof(struct __msfilterreq64),
2789	minlen: sizeof(struct __msfilterreq64));
2790	if (error) {
2791	return error;
2792	}
2793	/ we never use msfr.msfr_srcs; /
2794	memcpy(dst: &msfr, src: &msfr64, n: sizeof(msfr64));
2795	} else {
2796	error = sooptcopyin(sopt, &msfr32,
2797	len: sizeof(struct __msfilterreq32),
2798	minlen: sizeof(struct __msfilterreq32));
2799	if (error) {
2800	return error;
2801	}
2802	/ we never use msfr.msfr_srcs; /
2803	memcpy(dst: &msfr, src: &msfr32, n: sizeof(msfr32));
2804	}
2805
2806	if ((size_t) msfr.msfr_nsrcs >
2807	UINT32_MAX / sizeof(struct sockaddr_storage)) {
2808	msfr.msfr_nsrcs = UINT32_MAX / sizeof(struct sockaddr_storage);
2809	}
2810
2811	if (msfr.msfr_nsrcs > in_mcast_maxsocksrc) {
2812	return ENOBUFS;
2813	}
2814
2815	if ((msfr.msfr_fmode != MCAST_EXCLUDE &&
2816	msfr.msfr_fmode != MCAST_INCLUDE)) {
2817	return EINVAL;
2818	}
2819
2820	if (msfr.msfr_group.ss_family != AF_INET \|\|
2821	msfr.msfr_group.ss_len != sizeof(struct sockaddr_in)) {
2822	return EINVAL;
2823	}
2824
2825	gsa = SIN(&msfr.msfr_group);
2826	if (!IN_MULTICAST(ntohl(gsa->sin_addr.s_addr))) {
2827	return EINVAL;
2828	}
2829
2830	gsa->sin_port = `0`; / ignore port /
2831
2832	ifnet_head_lock_shared();
2833	if (msfr.msfr_ifindex == `0` \|\| !IF_INDEX_IN_RANGE(msfr.msfr_ifindex)) {
2834	ifnet_head_done();
2835	return EADDRNOTAVAIL;
2836	}
2837
2838	ifp = ifindex2ifnet[msfr.msfr_ifindex];
2839	ifnet_head_done();
2840	if (ifp == NULL) {
2841	return EADDRNOTAVAIL;
2842	}
2843
2844	/*
2845	* Check if this socket is a member of this group.
2846	*/
2847	imo = inp_findmoptions(inp);
2848	if (imo == NULL) {
2849	return ENOMEM;
2850	}
2851
2852	IMO_LOCK(imo);
2853	idx = imo_match_group(imo, ifp, group: gsa);
2854	if (idx == (size_t)-`1` \|\| imo->imo_mfilters == NULL) {
2855	error = EADDRNOTAVAIL;
2856	goto out_imo_locked;
2857	}
2858	inm = imo->imo_membership[idx];
2859	imf = &imo->imo_mfilters[idx];
2860
2861	/*
2862	* Begin state merge transaction at socket layer.
2863	*/
2864
2865	imf->imf_st[`1`] = (uint8_t)msfr.msfr_fmode;
2866
2867	/*
2868	* Apply any new source filters, if present.
2869	* Make a copy of the user-space source vector so
2870	* that we may copy them with a single copyin. This
2871	* allows us to deal with page faults up-front.
2872	*/
2873	if (msfr.msfr_nsrcs > `0`) {
2874	struct in_msource *__single lims;
2875	struct sockaddr_in *psin;
2876	struct sockaddr_storage kss, pkss;
2877	int i;
2878
2879	if (is_64bit_proc) {
2880	tmp_ptr = msfr64.msfr_srcs;
2881	} else {
2882	tmp_ptr = CAST_USER_ADDR_T(msfr32.msfr_srcs);
2883	}
2884
2885	IGMP_PRINTF(("%s: loading %lu source list entries\n",
2886	__func__, (unsigned long)msfr.msfr_nsrcs));
2887	kss = kalloc_data((size_t)msfr.msfr_nsrcs * sizeof(*kss), Z_WAITOK);
2888	if (kss == NULL) {
2889	error = ENOMEM;
2890	goto out_imo_locked;
2891	}
2892	error = copyin(CAST_USER_ADDR_T(tmp_ptr), kss,
2893	(size_t) msfr.msfr_nsrcs * sizeof(*kss));
2894	if (error) {
2895	kfree_data(kss, (size_t)msfr.msfr_nsrcs * sizeof(*kss));
2896	goto out_imo_locked;
2897	}
2898
2899	/*
2900	* Mark all source filters as UNDEFINED at t1.
2901	* Restore new group filter mode, as imf_leave()
2902	* will set it to INCLUDE.
2903	*/
2904	imf_leave(imf);
2905	imf->imf_st[`1`] = (uint8_t)msfr.msfr_fmode;
2906
2907	/*
2908	* Update socket layer filters at t1, lazy-allocating
2909	* new entries. This saves a bunch of memory at the
2910	* cost of one RB_FIND() per source entry; duplicate
2911	* entries in the msfr_nsrcs vector are ignored.
2912	* If we encounter an error, rollback transaction.
2913	*
2914	* XXX This too could be replaced with a set-symmetric
2915	* difference like loop to avoid walking from root
2916	* every time, as the key space is common.
2917	*/
2918	for (i = `0`, pkss = kss; (u_int)i < msfr.msfr_nsrcs;
2919	i++, pkss++) {
2920	psin = SIN(pkss);
2921	if (psin->sin_family != AF_INET) {
2922	error = EAFNOSUPPORT;
2923	break;
2924	}
2925	if (psin->sin_len != sizeof(struct sockaddr_in)) {
2926	error = EINVAL;
2927	break;
2928	}
2929	error = imf_get_source(imf, psin, plims: &lims);
2930	if (error) {
2931	break;
2932	}
2933	lims->imsl_st[`1`] = imf->imf_st[`1`];
2934	}
2935	kfree_data(kss, (size_t)msfr.msfr_nsrcs * sizeof(*kss));
2936	}
2937
2938	if (error) {
2939	goto out_imf_rollback;
2940	}
2941
2942	/*
2943	* Begin state merge transaction at IGMP layer.
2944	*/
2945	INM_LOCK(inm);
2946	IGMP_PRINTF(("%s: merge inm state\n", __func__));
2947	error = inm_merge(inm, imf);
2948	if (error) {
2949	IGMP_PRINTF(("%s: failed to merge inm state\n", __func__));
2950	INM_UNLOCK(inm);
2951	goto out_imf_rollback;
2952	}
2953
2954	IGMP_PRINTF(("%s: doing igmp downcall\n", __func__));
2955	error = igmp_change_state(inm, &itp);
2956	INM_UNLOCK(inm);
2957	#ifdef IGMP_DEBUG
2958	if (error) {
2959	IGMP_PRINTF(("%s: failed igmp downcall\n", __func__));
2960	}
2961	#endif
2962
2963	out_imf_rollback:
2964	if (error) {
2965	imf_rollback(imf);
2966	} else {
2967	imf_commit(imf);
2968	}
2969
2970	imf_reap(imf);
2971
2972	out_imo_locked:
2973	IMO_UNLOCK(imo);
2974	IMO_REMREF(imo); / from inp_findmoptions() /
2975
2976	/ schedule timer now that we've dropped the lock(s) /
2977	igmp_set_fast_timeout(&itp);
2978
2979	return error;
2980	}
2981
2982	/*
2983	* Set the IP multicast options in response to user setsockopt().
2984	*
2985	* Many of the socket options handled in this function duplicate the
2986	* functionality of socket options in the regular unicast API. However,
2987	* it is not possible to merge the duplicate code, because the idempotence
2988	* of the IPv4 multicast part of the BSD Sockets API must be preserved;
2989	* the effects of these options must be treated as separate and distinct.
2990	*/
2991	int
2992	inp_setmoptions(struct inpcb inp, struct* sockopt *sopt)
2993	{
2994	struct ip_moptions *imo;
2995	int error;
2996	unsigned int ifindex;
2997	struct ifnet *ifp;
2998
2999	error = `0`;
3000
3001	/*
3002	* If socket is neither of type SOCK_RAW or SOCK_DGRAM,
3003	* or is a divert socket, reject it.
3004	*/
3005	if (SOCK_PROTO(inp->inp_socket) == IPPROTO_DIVERT \|\|
3006	(SOCK_TYPE(inp->inp_socket) != SOCK_RAW &&
3007	SOCK_TYPE(inp->inp_socket) != SOCK_DGRAM)) {
3008	return EOPNOTSUPP;
3009	}
3010
3011	switch (sopt->sopt_name) {
3012	case IP_MULTICAST_IF:
3013	error = inp_set_multicast_if(inp, sopt);
3014	break;
3015
3016	case IP_MULTICAST_IFINDEX:
3017	/*
3018	* Select the interface for outgoing multicast packets.
3019	*/
3020	error = sooptcopyin(sopt, &ifindex, len: sizeof(ifindex),
3021	minlen: sizeof(ifindex));
3022	if (error) {
3023	break;
3024	}
3025
3026	imo = inp_findmoptions(inp);
3027	if (imo == NULL) {
3028	error = ENOMEM;
3029	break;
3030	}
3031	/*
3032	* Index 0 is used to remove a previous selection.
3033	* When no interface is selected, a default one is
3034	* chosen every time a multicast packet is sent.
3035	*/
3036	if (ifindex == `0`) {
3037	IMO_LOCK(imo);
3038	imo->imo_multicast_ifp = NULL;
3039	IMO_UNLOCK(imo);
3040	IMO_REMREF(imo); / from inp_findmoptions() /
3041	break;
3042	}
3043
3044	ifnet_head_lock_shared();
3045	/ Don't need to check is ifindex is < 0 since it's unsigned /
3046	if (!IF_INDEX_IN_RANGE(ifindex)) {
3047	ifnet_head_done();
3048	IMO_REMREF(imo); / from inp_findmoptions() /
3049	error = ENXIO; / per IPV6_MULTICAST_IF /
3050	break;
3051	}
3052	ifp = ifindex2ifnet[ifindex];
3053	ifnet_head_done();
3054
3055	/ If it's detached or isn't a multicast interface, bail out /
3056	if (ifp == NULL \|\| !(ifp->if_flags & IFF_MULTICAST)) {
3057	IMO_REMREF(imo); / from inp_findmoptions() /
3058	error = EADDRNOTAVAIL;
3059	break;
3060	}
3061	IMO_LOCK(imo);
3062	imo->imo_multicast_ifp = ifp;
3063	/*
3064	* Clear out any remnants of past IP_MULTICAST_IF. The addr
3065	* isn't really used anywhere in the kernel; we could have
3066	* iterated thru the addresses of the interface and pick one
3067	* here, but that is redundant since ip_getmoptions() already
3068	* takes care of that for INADDR_ANY.
3069	*/
3070	imo->imo_multicast_addr.s_addr = INADDR_ANY;
3071	IMO_UNLOCK(imo);
3072	IMO_REMREF(imo); / from inp_findmoptions() /
3073	break;
3074
3075	case IP_MULTICAST_TTL: {
3076	u_char ttl;
3077
3078	/*
3079	* Set the IP time-to-live for outgoing multicast packets.
3080	* The original multicast API required a char argument,
3081	* which is inconsistent with the rest of the socket API.
3082	* We allow either a char or an int.
3083	*/
3084	if (sopt->sopt_valsize == sizeof(u_char)) {
3085	error = sooptcopyin(sopt, &ttl, len: sizeof(u_char),
3086	minlen: sizeof(u_char));
3087	if (error) {
3088	break;
3089	}
3090	} else {
3091	u_int ittl;
3092
3093	error = sooptcopyin(sopt, &ittl, len: sizeof(u_int),
3094	minlen: sizeof(u_int));
3095	if (error) {
3096	break;
3097	}
3098	if (ittl > `255`) {
3099	error = EINVAL;
3100	break;
3101	}
3102	ttl = (u_char)ittl;
3103	}
3104	imo = inp_findmoptions(inp);
3105	if (imo == NULL) {
3106	error = ENOMEM;
3107	break;
3108	}
3109	IMO_LOCK(imo);
3110	imo->imo_multicast_ttl = ttl;
3111	IMO_UNLOCK(imo);
3112	IMO_REMREF(imo); / from inp_findmoptions() /
3113	break;
3114	}
3115
3116	case IP_MULTICAST_LOOP: {
3117	u_char loop;
3118
3119	/*
3120	* Set the loopback flag for outgoing multicast packets.
3121	* Must be zero or one. The original multicast API required a
3122	* char argument, which is inconsistent with the rest
3123	* of the socket API. We allow either a char or an int.
3124	*/
3125	if (sopt->sopt_valsize == sizeof(u_char)) {
3126	error = sooptcopyin(sopt, &loop, len: sizeof(u_char),
3127	minlen: sizeof(u_char));
3128	if (error) {
3129	break;
3130	}
3131	} else {
3132	u_int iloop;
3133
3134	error = sooptcopyin(sopt, &iloop, len: sizeof(u_int),
3135	minlen: sizeof(u_int));
3136	if (error) {
3137	break;
3138	}
3139	loop = (u_char)iloop;
3140	}
3141	imo = inp_findmoptions(inp);
3142	if (imo == NULL) {
3143	error = ENOMEM;
3144	break;
3145	}
3146	IMO_LOCK(imo);
3147	imo->imo_multicast_loop = !!loop;
3148	IMO_UNLOCK(imo);
3149	IMO_REMREF(imo); / from inp_findmoptions() /
3150	break;
3151	}
3152
3153	case IP_ADD_MEMBERSHIP:
3154	case IP_ADD_SOURCE_MEMBERSHIP:
3155	case MCAST_JOIN_GROUP:
3156	case MCAST_JOIN_SOURCE_GROUP:
3157	error = inp_join_group(inp, sopt);
3158	break;
3159
3160	case IP_DROP_MEMBERSHIP:
3161	case IP_DROP_SOURCE_MEMBERSHIP:
3162	case MCAST_LEAVE_GROUP:
3163	case MCAST_LEAVE_SOURCE_GROUP:
3164	error = inp_leave_group(inp, sopt);
3165	break;
3166
3167	case IP_BLOCK_SOURCE:
3168	case IP_UNBLOCK_SOURCE:
3169	case MCAST_BLOCK_SOURCE:
3170	case MCAST_UNBLOCK_SOURCE:
3171	error = inp_block_unblock_source(inp, sopt);
3172	break;
3173
3174	case IP_MSFILTER:
3175	error = inp_set_source_filters(inp, sopt);
3176	break;
3177
3178	default:
3179	error = EOPNOTSUPP;
3180	break;
3181	}
3182
3183	return error;
3184	}
3185
3186	/*
3187	* Expose IGMP's multicast filter mode and source list(s) to userland,
3188	* keyed by (ifindex, group).
3189	* The filter mode is written out as a uint32_t, followed by
3190	* 0..n of struct in_addr.
3191	* For use by ifmcstat(8).
3192	*/
3193	static int
3194	sysctl_ip_mcast_filters SYSCTL_HANDLER_ARGS
3195	{
3196	#pragma unused(oidp)
3197
3198	struct in_addr src = {}, group;
3199	struct ifnet *ifp;
3200	struct in_multi *inm;
3201	struct in_multistep step;
3202	struct ip_msource *ims;
3203	int *name;
3204	int retval = `0`;
3205	u_int namelen;
3206	uint32_t fmode, ifindex;
3207
3208	namelen = (u_int)arg2;
3209
3210	if (req->newptr != USER_ADDR_NULL) {
3211	return EPERM;
3212	}
3213
3214	if (namelen != `2`) {
3215	return EINVAL;
3216	}
3217
3218	name = __unsafe_forge_bidi_indexable(int , arg1, namelen sizeof(int));
3219	ifindex = name[`0`];
3220	ifnet_head_lock_shared();
3221	if (!IF_INDEX_IN_RANGE(ifindex)) {
3222	IGMP_PRINTF(("%s: ifindex %u out of range\n",
3223	__func__, ifindex));
3224	ifnet_head_done();
3225	return ENOENT;
3226	}
3227
3228	group.s_addr = name[`1`];
3229	if (!IN_MULTICAST(ntohl(group.s_addr))) {
3230	IGMP_INET_PRINTF(group,
3231	("%s: group %s is not multicast\n",
3232	__func__, _igmp_inet_buf));
3233	ifnet_head_done();
3234	return EINVAL;
3235	}
3236
3237	ifp = ifindex2ifnet[ifindex];
3238	ifnet_head_done();
3239	if (ifp == NULL) {
3240	IGMP_PRINTF(("%s: no ifp for ifindex %u\n", __func__, ifindex));
3241	return ENOENT;
3242	}
3243
3244	in_multihead_lock_shared();
3245	IN_FIRST_MULTI(step, inm);
3246	while (inm != NULL) {
3247	INM_LOCK(inm);
3248	if (inm->inm_ifp != ifp) {
3249	goto next;
3250	}
3251
3252	if (!in_hosteq(inm->inm_addr, group)) {
3253	goto next;
3254	}
3255
3256	fmode = inm->inm_st[`1`].iss_fmode;
3257	retval = SYSCTL_OUT(req, &fmode, sizeof(uint32_t));
3258	if (retval != `0`) {
3259	INM_UNLOCK(inm);
3260	break; / abort /
3261	}
3262	RB_FOREACH(ims, ip_msource_tree, &inm->inm_srcs) {
3263	#ifdef IGMP_DEBUG
3264	struct in_addr ina;
3265	ina.s_addr = htonl(ims->ims_haddr);
3266	IGMP_INET_PRINTF(ina,
3267	("%s: visit node %s\n", __func__, _igmp_inet_buf));
3268	#endif
3269	/*
3270	* Only copy-out sources which are in-mode.
3271	*/
3272	if (fmode != ims_get_mode(inm, ims, t: `1`)) {
3273	IGMP_PRINTF(("%s: skip non-in-mode\n",
3274	__func__));
3275	continue; / process next source /
3276	}
3277	src.s_addr = htonl(ims->ims_haddr);
3278	retval = SYSCTL_OUT(req, &src, sizeof(struct in_addr));
3279	if (retval != `0`) {
3280	break; / process next inm /
3281	}
3282	}
3283	next:
3284	INM_UNLOCK(inm);
3285	IN_NEXT_MULTI(step, inm);
3286	}
3287	in_multihead_lock_done();
3288
3289	return retval;
3290	}
3291
3292	/*
3293	* XXX
3294	* The whole multicast option thing needs to be re-thought.
3295	* Several of these options are equally applicable to non-multicast
3296	* transmission, and one (IP_MULTICAST_TTL) totally duplicates a
3297	* standard option (IP_TTL).
3298	*/
3299	/*
3300	* following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
3301	*/
3302	static struct ifnet *
3303	ip_multicast_if(struct in_addr a, unsigned* int *ifindexp)
3304	{
3305	unsigned int ifindex;
3306	struct ifnet *ifp;
3307
3308	if (ifindexp != NULL) {
3309	*ifindexp = `0`;
3310	}
3311	if (ntohl(a->s_addr) >> `24` == `0`) {
3312	ifindex = ntohl(a->s_addr) & `0xffffff`;
3313	ifnet_head_lock_shared();
3314	/ Don't need to check is ifindex is < 0 since it's unsigned /
3315	if (!IF_INDEX_IN_RANGE(ifindex)) {
3316	ifnet_head_done();
3317	return NULL;
3318	}
3319	ifp = ifindex2ifnet[ifindex];
3320	ifnet_head_done();
3321	if (ifp != NULL && ifindexp != NULL) {
3322	*ifindexp = ifindex;
3323	}
3324	} else {
3325	INADDR_TO_IFP(*a, ifp);
3326	}
3327	return ifp;
3328	}
3329
3330	static struct in_multi *
3331	in_multi_alloc(zalloc_flags_t how)
3332	{
3333	struct in_multi *inm;
3334
3335	if (inm_debug == `0`) {
3336	inm = kalloc_type(struct in_multi, how \| Z_ZERO);
3337	} else {
3338	struct in_multi_dbg *__single inm_dbg;
3339	inm_dbg = kalloc_type(struct in_multi_dbg, how \| Z_ZERO);
3340	inm = (struct in_multi *__single)inm_dbg;
3341	}
3342	if (inm != NULL) {
3343	lck_mtx_init(lck: &inm->inm_lock, grp: &in_multihead_lock_grp,
3344	attr: &in_multihead_lock_attr);
3345	inm->inm_debug \|= IFD_ALLOC;
3346	if (inm_debug != `0`) {
3347	inm->inm_debug \|= IFD_DEBUG;
3348	inm->inm_trace = inm_trace;
3349	}
3350	}
3351	return inm;
3352	}
3353
3354	static void
3355	in_multi_free(struct in_multi *inm)
3356	{
3357	INM_LOCK(inm);
3358	if (inm->inm_debug & IFD_ATTACHED) {
3359	panic("%s: attached inm=%p is being freed", __func__, inm);
3360	/ NOTREACHED /
3361	} else if (inm->inm_ifma != NULL) {
3362	panic("%s: ifma not NULL for inm=%p", __func__, inm);
3363	/ NOTREACHED /
3364	} else if (!(inm->inm_debug & IFD_ALLOC)) {
3365	panic("%s: inm %p cannot be freed", __func__, inm);
3366	/ NOTREACHED /
3367	} else if (inm->inm_refcount != `0`) {
3368	panic("%s: non-zero refcount inm=%p", __func__, inm);
3369	/ NOTREACHED /
3370	} else if (inm->inm_reqcnt != `0`) {
3371	panic("%s: non-zero reqcnt inm=%p", __func__, inm);
3372	/ NOTREACHED /
3373	}
3374
3375	/ Free any pending IGMPv3 state-change records /
3376	IF_DRAIN(&inm->inm_scq);
3377
3378	inm->inm_debug &= ~IFD_ALLOC;
3379	if ((inm->inm_debug & (IFD_DEBUG \| IFD_TRASHED)) ==
3380	(IFD_DEBUG \| IFD_TRASHED)) {
3381	lck_mtx_lock(lck: &inm_trash_lock);
3382	TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3383	inm_trash_link);
3384	lck_mtx_unlock(lck: &inm_trash_lock);
3385	inm->inm_debug &= ~IFD_TRASHED;
3386	}
3387	INM_UNLOCK(inm);
3388
3389	lck_mtx_destroy(lck: &inm->inm_lock, grp: &in_multihead_lock_grp);
3390	if (inm_debug == `0`) {
3391	kfree_type(struct in_multi, inm);
3392	} else {
3393	struct in_multi_dbg *__single inm_dbg =
3394	(struct in_multi_dbg *__single)inm;
3395	kfree_type(struct in_multi_dbg, inm_dbg);
3396	inm = NULL;
3397	}
3398	}
3399
3400	static void
3401	in_multi_attach(struct in_multi *inm)
3402	{
3403	in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3404	INM_LOCK_ASSERT_HELD(inm);
3405
3406	if (inm->inm_debug & IFD_ATTACHED) {
3407	panic("%s: Attempt to attach an already attached inm=%p",
3408	__func__, inm);
3409	/ NOTREACHED /
3410	} else if (inm->inm_debug & IFD_TRASHED) {
3411	panic("%s: Attempt to reattach a detached inm=%p",
3412	__func__, inm);
3413	/ NOTREACHED /
3414	}
3415
3416	inm->inm_reqcnt++;
3417	VERIFY(inm->inm_reqcnt == `1`);
3418	INM_ADDREF_LOCKED(inm);
3419	inm->inm_debug \|= IFD_ATTACHED;
3420	/*
3421	* Reattach case: If debugging is enabled, take it
3422	* out of the trash list and clear IFD_TRASHED.
3423	*/
3424	if ((inm->inm_debug & (IFD_DEBUG \| IFD_TRASHED)) ==
3425	(IFD_DEBUG \| IFD_TRASHED)) {
3426	/ Become a regular mutex, just in case /
3427	INM_CONVERT_LOCK(inm);
3428	lck_mtx_lock(lck: &inm_trash_lock);
3429	TAILQ_REMOVE(&inm_trash_head, (struct in_multi_dbg *)inm,
3430	inm_trash_link);
3431	lck_mtx_unlock(lck: &inm_trash_lock);
3432	inm->inm_debug &= ~IFD_TRASHED;
3433	}
3434
3435	LIST_INSERT_HEAD(&in_multihead, inm, inm_link);
3436	}
3437
3438	int
3439	in_multi_detach(struct in_multi *inm)
3440	{
3441	in_multihead_lock_assert(LCK_RW_ASSERT_EXCLUSIVE);
3442	INM_LOCK_ASSERT_HELD(inm);
3443
3444	if (inm->inm_reqcnt == `0`) {
3445	panic("%s: inm=%p negative reqcnt", __func__, inm);
3446	/ NOTREACHED /
3447	}
3448
3449	--inm->inm_reqcnt;
3450	if (inm->inm_reqcnt > `0`) {
3451	return `0`;
3452	}
3453
3454	if (!(inm->inm_debug & IFD_ATTACHED)) {
3455	panic("%s: Attempt to detach an unattached record inm=%p",
3456	__func__, inm);
3457	/ NOTREACHED /
3458	} else if (inm->inm_debug & IFD_TRASHED) {
3459	panic("%s: inm %p is already in trash list", __func__, inm);
3460	/ NOTREACHED /
3461	}
3462
3463	/*
3464	* NOTE: Caller calls IFMA_REMREF
3465	*/
3466	inm->inm_debug &= ~IFD_ATTACHED;
3467	LIST_REMOVE(inm, inm_link);
3468
3469	if (inm->inm_debug & IFD_DEBUG) {
3470	/ Become a regular mutex, just in case /
3471	INM_CONVERT_LOCK(inm);
3472	lck_mtx_lock(lck: &inm_trash_lock);
3473	TAILQ_INSERT_TAIL(&inm_trash_head,
3474	(struct in_multi_dbg *)inm, inm_trash_link);
3475	lck_mtx_unlock(lck: &inm_trash_lock);
3476	inm->inm_debug \|= IFD_TRASHED;
3477	}
3478
3479	return `1`;
3480	}
3481
3482	void
3483	inm_addref(struct in_multi inm, int* locked)
3484	{
3485	if (!locked) {
3486	INM_LOCK_SPIN(inm);
3487	} else {
3488	INM_LOCK_ASSERT_HELD(inm);
3489	}
3490
3491	if (++inm->inm_refcount == `0`) {
3492	panic("%s: inm=%p wraparound refcnt", __func__, inm);
3493	/ NOTREACHED /
3494	} else if (inm->inm_trace != NULL) {
3495	(*inm->inm_trace)(inm, TRUE);
3496	}
3497	if (!locked) {
3498	INM_UNLOCK(inm);
3499	}
3500	}
3501
3502	void
3503	inm_remref(struct in_multi inm, int* locked)
3504	{
3505	struct ifmultiaddr *ifma;
3506	struct igmp_ifinfo *igi;
3507
3508	if (!locked) {
3509	INM_LOCK_SPIN(inm);
3510	} else {
3511	INM_LOCK_ASSERT_HELD(inm);
3512	}
3513
3514	if (inm->inm_refcount == `0` \|\| (inm->inm_refcount == `1` && locked)) {
3515	panic("%s: inm=%p negative/missing refcnt", __func__, inm);
3516	/ NOTREACHED /
3517	} else if (inm->inm_trace != NULL) {
3518	(*inm->inm_trace)(inm, FALSE);
3519	}
3520
3521	--inm->inm_refcount;
3522	if (inm->inm_refcount > `0`) {
3523	if (!locked) {
3524	INM_UNLOCK(inm);
3525	}
3526	return;
3527	}
3528
3529	/*
3530	* Synchronization with in_getmulti(). In the event the inm has been
3531	* detached, the underlying ifma would still be in the if_multiaddrs
3532	* list, and thus can be looked up via if_addmulti(). At that point,
3533	* the only way to find this inm is via ifma_protospec. To avoid
3534	* race conditions between the last inm_remref() of that inm and its
3535	* use via ifma_protospec, in_multihead lock is used for serialization.
3536	* In order to avoid violating the lock order, we must drop inm_lock
3537	* before acquiring in_multihead lock. To prevent the inm from being
3538	* freed prematurely, we hold an extra reference.
3539	*/
3540	++inm->inm_refcount;
3541	INM_UNLOCK(inm);
3542	in_multihead_lock_shared();
3543	INM_LOCK_SPIN(inm);
3544	--inm->inm_refcount;
3545	if (inm->inm_refcount > `0`) {
3546	/ We've lost the race, so abort since inm is still in use /
3547	INM_UNLOCK(inm);
3548	in_multihead_lock_done();
3549	/ If it was locked, return it as such /
3550	if (locked) {
3551	INM_LOCK(inm);
3552	}
3553	return;
3554	}
3555	inm_purge(inm);
3556	ifma = inm->inm_ifma;
3557	inm->inm_ifma = NULL;
3558	inm->inm_ifp = NULL;
3559	igi = inm->inm_igi;
3560	inm->inm_igi = NULL;
3561	INM_UNLOCK(inm);
3562	IFMA_LOCK_SPIN(ifma);
3563	ifma->ifma_protospec = NULL;
3564	IFMA_UNLOCK(ifma);
3565	in_multihead_lock_done();
3566
3567	in_multi_free(inm);
3568	if_delmulti_ifma(ifma);
3569	/ Release reference held to the underlying ifmultiaddr /
3570	IFMA_REMREF(ifma);
3571
3572	if (igi != NULL) {
3573	IGI_REMREF(igi);
3574	}
3575	}
3576
3577	static void
3578	inm_trace(struct in_multi inm, int* refhold)
3579	{
3580	struct in_multi_dbg *__single inm_dbg =
3581	(struct in_multi_dbg *__single)inm;
3582	ctrace_t *tr;
3583	u_int32_t idx;
3584	u_int16_t *cnt;
3585
3586	if (!(inm->inm_debug & IFD_DEBUG)) {
3587	panic("%s: inm %p has no debug structure", __func__, inm);
3588	/ NOTREACHED /
3589	}
3590	if (refhold) {
3591	cnt = &inm_dbg->inm_refhold_cnt;
3592	tr = inm_dbg->inm_refhold;
3593	} else {
3594	cnt = &inm_dbg->inm_refrele_cnt;
3595	tr = inm_dbg->inm_refrele;
3596	}
3597
3598	idx = os_atomic_inc_orig(cnt, relaxed) % INM_TRACE_HIST_SIZE;
3599	ctrace_record(&tr[idx]);
3600	}
3601
3602	void
3603	in_multihead_lock_exclusive(void)
3604	{
3605	lck_rw_lock_exclusive(lck: &in_multihead_lock);
3606	}
3607
3608	void
3609	in_multihead_lock_shared(void)
3610	{
3611	lck_rw_lock_shared(lck: &in_multihead_lock);
3612	}
3613
3614	void
3615	in_multihead_lock_assert(int what)
3616	{
3617	#if !MACH_ASSERT
3618	#pragma unused(what)
3619	#endif
3620	LCK_RW_ASSERT(&in_multihead_lock, what);
3621	}
3622
3623	void
3624	in_multihead_lock_done(void)
3625	{
3626	lck_rw_done(lck: &in_multihead_lock);
3627	}
3628
3629	static struct ip_msource *
3630	ipms_alloc(zalloc_flags_t how)
3631	{
3632	return zalloc_flags(ipms_zone, how \| Z_ZERO);
3633	}
3634
3635	static void
3636	ipms_free(struct ip_msource *ims)
3637	{
3638	zfree(ipms_zone, ims);
3639	}
3640
3641	static struct in_msource *
3642	inms_alloc(zalloc_flags_t how)
3643	{
3644	return zalloc_flags(inms_zone, how \| Z_ZERO);
3645	}
3646
3647	static void
3648	inms_free(struct in_msource *inms)
3649	{
3650	zfree(inms_zone, inms);
3651	}
3652
3653	#ifdef IGMP_DEBUG
3654
3655	static const char *inm_modestrs[] = { "un", "in", "ex" };
3656
3657	static const char *
3658	inm_mode_str(const int mode)
3659	{
3660	if (mode >= MCAST_UNDEFINED && mode <= MCAST_EXCLUDE) {
3661	return inm_modestrs[mode];
3662	}
3663	return "??";
3664	}
3665
3666	static const char *inm_statestrs[] = {
3667	"not-member",
3668	"silent",
3669	"reporting",
3670	"idle",
3671	"lazy",
3672	"sleeping",
3673	"awakening",
3674	"query-pending",
3675	"sg-query-pending",
3676	"leaving"
3677	};
3678
3679	static const char *
3680	inm_state_str(const int state)
3681	{
3682	if (state >= IGMP_NOT_MEMBER && state <= IGMP_LEAVING_MEMBER) {
3683	return inm_statestrs[state];
3684	}
3685	return "??";
3686	}
3687
3688	/*
3689	* Dump an in_multi structure to the console.
3690	*/
3691	void
3692	inm_print(const struct in_multi *inm)
3693	{
3694	int t;
3695	char buf[MAX_IPv4_STR_LEN];
3696
3697	INM_LOCK_ASSERT_HELD(__DECONST(struct in_multi *, inm));
3698
3699	if (igmp_debug == `0`) {
3700	return;
3701	}
3702
3703	inet_ntop(AF_INET, &inm->inm_addr, buf, sizeof(buf));
3704	printf("%s: --- begin inm 0x%llx ---\n", __func__,
3705	(uint64_t)VM_KERNEL_ADDRPERM(inm));
3706	printf("addr %s ifp 0x%llx(%s) ifma 0x%llx\n",
3707	buf,
3708	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifp),
3709	if_name(inm->inm_ifp),
3710	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_ifma));
3711	printf("timer %u state %s refcount %u scq.len %u\n",
3712	inm->inm_timer,
3713	inm_state_str(state: inm->inm_state),
3714	inm->inm_refcount,
3715	inm->inm_scq.ifq_len);
3716	printf("igi 0x%llx nsrc %lu sctimer %u scrv %u\n",
3717	(uint64_t)VM_KERNEL_ADDRPERM(inm->inm_igi),
3718	inm->inm_nsrc,
3719	inm->inm_sctimer,
3720	inm->inm_scrv);
3721	for (t = `0`; t < `2`; t++) {
3722	printf("t%d: fmode %s asm %u ex %u in %u rec %u\n", t,
3723	inm_mode_str(mode: inm->inm_st[t].iss_fmode),
3724	inm->inm_st[t].iss_asm,
3725	inm->inm_st[t].iss_ex,
3726	inm->inm_st[t].iss_in,
3727	inm->inm_st[t].iss_rec);
3728	}
3729	printf("%s: --- end inm 0x%llx ---\n", __func__,
3730	(uint64_t)VM_KERNEL_ADDRPERM(inm));
3731	}
3732
3733	#else
3734
3735	void
3736	inm_print(__unused const struct in_multi *inm)
3737	{
3738	}
3739
3740	#endif
3741

Browse the source code of xnu/bsd/netinet/in_mcast.c