1 | /* |
2 | * Copyright (c) 2000-2024 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | |
29 | /* |
30 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
31 | * All rights reserved. |
32 | * |
33 | * Redistribution and use in source and binary forms, with or without |
34 | * modification, are permitted provided that the following conditions |
35 | * are met: |
36 | * 1. Redistributions of source code must retain the above copyright |
37 | * notice, this list of conditions and the following disclaimer. |
38 | * 2. Redistributions in binary form must reproduce the above copyright |
39 | * notice, this list of conditions and the following disclaimer in the |
40 | * documentation and/or other materials provided with the distribution. |
41 | * 3. Neither the name of the project nor the names of its contributors |
42 | * may be used to endorse or promote products derived from this software |
43 | * without specific prior written permission. |
44 | * |
45 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
46 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
47 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
48 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
49 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
50 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
51 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
52 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
53 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
54 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
55 | * SUCH DAMAGE. |
56 | */ |
57 | |
58 | /* |
59 | * Copyright (c) 1982, 1986, 1988, 1990, 1993 |
60 | * The Regents of the University of California. All rights reserved. |
61 | * |
62 | * Redistribution and use in source and binary forms, with or without |
63 | * modification, are permitted provided that the following conditions |
64 | * are met: |
65 | * 1. Redistributions of source code must retain the above copyright |
66 | * notice, this list of conditions and the following disclaimer. |
67 | * 2. Redistributions in binary form must reproduce the above copyright |
68 | * notice, this list of conditions and the following disclaimer in the |
69 | * documentation and/or other materials provided with the distribution. |
70 | * 3. All advertising materials mentioning features or use of this software |
71 | * must display the following acknowledgement: |
72 | * This product includes software developed by the University of |
73 | * California, Berkeley and its contributors. |
74 | * 4. Neither the name of the University nor the names of its contributors |
75 | * may be used to endorse or promote products derived from this software |
76 | * without specific prior written permission. |
77 | * |
78 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
79 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
80 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
81 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
82 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
83 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
84 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
85 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
86 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
87 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
88 | * SUCH DAMAGE. |
89 | * |
90 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 |
91 | */ |
92 | /* |
93 | * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce |
94 | * support for mandatory and extensible security protections. This notice |
95 | * is included in support of clause 2.2 (b) of the Apple Public License, |
96 | * Version 2.0. |
97 | */ |
98 | |
99 | #include <sys/param.h> |
100 | #include <sys/malloc.h> |
101 | #include <sys/mbuf.h> |
102 | #include <sys/errno.h> |
103 | #include <sys/protosw.h> |
104 | #include <sys/socket.h> |
105 | #include <sys/socketvar.h> |
106 | #include <sys/systm.h> |
107 | #include <sys/kernel.h> |
108 | #include <sys/proc.h> |
109 | #include <sys/kauth.h> |
110 | #include <sys/mcache.h> |
111 | #include <sys/sysctl.h> |
112 | #include <kern/zalloc.h> |
113 | #include <libkern/OSByteOrder.h> |
114 | |
115 | #include <pexpert/pexpert.h> |
116 | #include <mach/sdt.h> |
117 | |
118 | #include <net/if.h> |
119 | #include <net/route.h> |
120 | #include <net/dlil.h> |
121 | #include <net/net_api_stats.h> |
122 | #include <net/net_osdep.h> |
123 | #include <net/net_perf.h> |
124 | |
125 | #include <netinet/ip.h> |
126 | #include <netinet/in.h> |
127 | #include <netinet/in_var.h> |
128 | #include <netinet/ip_var.h> |
129 | #include <netinet6/in6_var.h> |
130 | #include <netinet/ip6.h> |
131 | #include <netinet/kpi_ipfilter_var.h> |
132 | #include <netinet/in_tclass.h> |
133 | |
134 | #include <netinet6/ip6protosw.h> |
135 | #include <netinet/icmp6.h> |
136 | #include <netinet6/ip6_var.h> |
137 | #include <netinet/in_pcb.h> |
138 | #include <netinet6/nd6.h> |
139 | #include <netinet6/scope6_var.h> |
140 | #if IPSEC |
141 | #include <netinet6/ipsec.h> |
142 | #include <netinet6/ipsec6.h> |
143 | #include <netkey/key.h> |
144 | extern int ipsec_bypass; |
145 | #endif /* IPSEC */ |
146 | |
147 | #if NECP |
148 | #include <net/necp.h> |
149 | #endif /* NECP */ |
150 | |
151 | #if DUMMYNET |
152 | #include <netinet/ip_dummynet.h> |
153 | #endif /* DUMMYNET */ |
154 | |
155 | #if PF |
156 | #include <net/pfvar.h> |
157 | #endif /* PF */ |
158 | |
159 | #include <net/sockaddr_utils.h> |
160 | |
161 | static int sysctl_reset_ip6_output_stats SYSCTL_HANDLER_ARGS; |
162 | static int sysctl_ip6_output_measure_bins SYSCTL_HANDLER_ARGS; |
163 | static int sysctl_ip6_output_getperf SYSCTL_HANDLER_ARGS; |
164 | static int ip6_copyexthdr(struct mbuf **, caddr_t, int); |
165 | static void ip6_out_cksum_stats(int, u_int32_t); |
166 | static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t); |
167 | static int ip6_insertfraghdr(struct mbuf *, struct mbuf *, int, |
168 | struct ip6_frag **); |
169 | static int ip6_getpmtu(struct route_in6 *, struct route_in6 *, |
170 | struct ifnet *, struct in6_addr *, uint32_t, u_int32_t *); |
171 | static int ip6_pcbopts(struct ip6_pktopts **, struct mbuf *, struct socket *, |
172 | struct sockopt *sopt); |
173 | static int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **, int); |
174 | static int ip6_getpcbopt(struct ip6_pktopts *, int, struct sockopt *); |
175 | static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, zalloc_flags_t); |
176 | static void im6o_trace(struct ip6_moptions *, int); |
177 | static int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, int, |
178 | int, int); |
179 | static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *); |
180 | static void ip6_output_checksum(struct ifnet *, uint32_t, struct mbuf *, |
181 | int, uint32_t, uint32_t); |
182 | extern int udp_ctloutput(struct socket *, struct sockopt *); |
183 | static int ip6_fragment_packet(struct mbuf **m, |
184 | struct ip6_pktopts *opt, struct ip6_out_args * ip6oa, |
185 | struct ip6_exthdrs *exthdrsp, struct ifnet *ifp, |
186 | uint32_t mtu, uint32_t unfragpartlen, |
187 | int nxt0, uint32_t optlen); |
188 | |
189 | SYSCTL_DECL(_net_inet6_ip6); |
190 | |
191 | static int ip6_output_measure = 0; |
192 | SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, output_perf, |
193 | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, |
194 | &ip6_output_measure, 0, sysctl_reset_ip6_output_stats, "I" , "Do time measurement" ); |
195 | |
196 | static uint64_t ip6_output_measure_bins = 0; |
197 | SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, output_perf_bins, |
198 | CTLTYPE_QUAD | CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_output_measure_bins, 0, |
199 | sysctl_ip6_output_measure_bins, "I" , |
200 | "bins for chaining performance data histogram" ); |
201 | |
202 | static net_perf_t net_perf; |
203 | SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, output_perf_data, |
204 | CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, |
205 | 0, 0, sysctl_ip6_output_getperf, "S,net_perf" , |
206 | "IP6 output performance data (struct net_perf, net/net_perf.h)" ); |
207 | |
208 | #define IM6O_TRACE_HIST_SIZE 32 /* size of trace history */ |
209 | |
210 | /* For gdb */ |
211 | __private_extern__ unsigned int im6o_trace_hist_size = IM6O_TRACE_HIST_SIZE; |
212 | |
213 | struct ip6_moptions_dbg { |
214 | struct ip6_moptions im6o; /* ip6_moptions */ |
215 | u_int16_t im6o_refhold_cnt; /* # of IM6O_ADDREF */ |
216 | u_int16_t im6o_refrele_cnt; /* # of IM6O_REMREF */ |
217 | /* |
218 | * Alloc and free callers. |
219 | */ |
220 | ctrace_t im6o_alloc; |
221 | ctrace_t im6o_free; |
222 | /* |
223 | * Circular lists of IM6O_ADDREF and IM6O_REMREF callers. |
224 | */ |
225 | ctrace_t im6o_refhold[IM6O_TRACE_HIST_SIZE]; |
226 | ctrace_t im6o_refrele[IM6O_TRACE_HIST_SIZE]; |
227 | }; |
228 | |
229 | #if DEBUG |
230 | static unsigned int im6o_debug = 1; /* debugging (enabled) */ |
231 | #else |
232 | static unsigned int im6o_debug; /* debugging (disabled) */ |
233 | #endif /* !DEBUG */ |
234 | |
235 | static struct zone *im6o_zone; /* zone for ip6_moptions */ |
236 | #define IM6O_ZONE_NAME "ip6_moptions" /* zone name */ |
237 | |
238 | /* |
239 | * ip6_output() calls ip6_output_list() to do the work |
240 | */ |
241 | int |
242 | ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, |
243 | struct route_in6 *ro, int flags, struct ip6_moptions *im6o, |
244 | struct ifnet **ifpp, struct ip6_out_args *ip6oa) |
245 | { |
246 | return ip6_output_list(m0, 0, opt, ro, flags, im6o, ifpp, ip6oa); |
247 | } |
248 | |
249 | /* |
250 | * IP6 output. Each packet in mbuf chain m contains a skeletal IP6 |
251 | * header (with pri, len, nxt, hlim, src, dst). |
252 | * This function may modify ver and hlim only. |
253 | * The mbuf chain containing the packet will be freed. |
254 | * The mbuf opt, if present, will not be freed. |
255 | * |
256 | * If ro is non-NULL and has valid ro->ro_rt, route lookup would be |
257 | * skipped and ro->ro_rt would be used. Otherwise the result of route |
258 | * lookup is stored in ro->ro_rt. |
259 | * |
260 | * type of "mtu": rt_rmx.rmx_mtu is u_int32_t, ifnet.ifr_mtu is int, and |
261 | * nd_ifinfo.linkmtu is u_int32_t. so we use u_int32_t to hold largest one, |
262 | * which is rt_rmx.rmx_mtu. |
263 | */ |
264 | int |
265 | ip6_output_list(struct mbuf *m0, int packetchain, struct ip6_pktopts *opt, |
266 | struct route_in6 *ro, int flags, struct ip6_moptions *im6o, |
267 | struct ifnet **ifpp, struct ip6_out_args *ip6oa) |
268 | { |
269 | struct ip6_hdr *ip6; |
270 | u_char *nexthdrp; |
271 | struct ifnet *ifp = NULL, *origifp = NULL; /* refcnt'd */ |
272 | struct ifnet **ifpp_save = ifpp; |
273 | struct mbuf *m, *mprev; |
274 | struct mbuf *sendchain = NULL, *sendchain_last = NULL; |
275 | struct mbuf *inputchain = NULL; |
276 | int nxt0 = 0; |
277 | struct route_in6 *ro_pmtu = NULL; |
278 | struct rtentry *rt = NULL; |
279 | struct sockaddr_in6 *dst = NULL, src_sa, dst_sa; |
280 | int error = 0; |
281 | struct in6_ifaddr *ia = NULL, *src_ia = NULL; |
282 | u_int32_t mtu = 0; |
283 | u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; |
284 | struct ip6_rthdr *rh; |
285 | struct in6_addr finaldst; |
286 | ipfilter_t inject_filter_ref; |
287 | struct ipf_pktopts *ippo = NULL; |
288 | struct flowadv *adv = NULL; |
289 | uint32_t pktcnt = 0; |
290 | uint32_t packets_processed = 0; |
291 | struct timeval start_tv; |
292 | #if PF |
293 | boolean_t skip_pf = (ip6oa != NULL) && |
294 | (ip6oa->ip6oa_flags & IP6OAF_SKIP_PF); |
295 | #endif |
296 | |
297 | #if DUMMYNET |
298 | struct m_tag *tag; |
299 | struct ip6_out_args saved_ip6oa; |
300 | struct sockaddr_in6 dst_buf; |
301 | #endif /* DUMMYNET */ |
302 | #if IPSEC |
303 | struct socket *so = NULL; |
304 | struct secpolicy *sp = NULL; |
305 | struct route_in6 *ipsec_saved_route = NULL; |
306 | boolean_t needipsectun = FALSE; |
307 | #endif /* IPSEC */ |
308 | #if NECP |
309 | necp_kernel_policy_result necp_result = 0; |
310 | necp_kernel_policy_result_parameter necp_result_parameter; |
311 | necp_kernel_policy_id necp_matched_policy_id = 0; |
312 | #endif /* NECP */ |
313 | struct { |
314 | struct ipf_pktopts ipf_pktopts; |
315 | struct ip6_exthdrs exthdrs; |
316 | struct route_in6 ip6route; |
317 | #if IPSEC |
318 | struct ipsec_output_state ipsec_state; |
319 | #endif /* IPSEC */ |
320 | #if NECP |
321 | struct route_in6 necp_route; |
322 | #endif /* NECP */ |
323 | #if DUMMYNET |
324 | struct route_in6 saved_route; |
325 | struct route_in6 saved_ro_pmtu; |
326 | struct ip_fw_args args; |
327 | #endif /* DUMMYNET */ |
328 | } ip6obz; |
329 | #define ipf_pktopts ip6obz.ipf_pktopts |
330 | #define exthdrs ip6obz.exthdrs |
331 | #define ip6route ip6obz.ip6route |
332 | #define ipsec_state ip6obz.ipsec_state |
333 | #define necp_route ip6obz.necp_route |
334 | #define saved_route ip6obz.saved_route |
335 | #define saved_ro_pmtu ip6obz.saved_ro_pmtu |
336 | #define args ip6obz.args |
337 | union { |
338 | struct { |
339 | boolean_t select_srcif : 1; |
340 | boolean_t hdrsplit : 1; |
341 | boolean_t route_selected : 1; |
342 | boolean_t dontfrag : 1; |
343 | #if IPSEC |
344 | boolean_t needipsec : 1; |
345 | boolean_t noipsec : 1; |
346 | #endif /* IPSEC */ |
347 | }; |
348 | uint32_t raw; |
349 | } ip6obf = { .raw = 0 }; |
350 | |
351 | if (ip6_output_measure) { |
352 | net_perf_start_time(npp: &net_perf, tv: &start_tv); |
353 | } |
354 | |
355 | VERIFY(m0->m_flags & M_PKTHDR); |
356 | |
357 | /* zero out {saved_route, saved_ro_pmtu, ip6route, exthdrs, args} */ |
358 | bzero(s: &ip6obz, n: sizeof(ip6obz)); |
359 | |
360 | #if DUMMYNET |
361 | if (SLIST_EMPTY(&m0->m_pkthdr.tags)) { |
362 | goto tags_done; |
363 | } |
364 | |
365 | /* Grab info from mtags prepended to the chain */ |
366 | if ((tag = m_tag_locate(m0, KERNEL_MODULE_TAG_ID, |
367 | KERNEL_TAG_TYPE_DUMMYNET)) != NULL) { |
368 | struct dn_pkt_tag *dn_tag; |
369 | |
370 | /* |
371 | * ip6_output_list() cannot handle chains of packets reinjected |
372 | * by dummynet. The same restriction applies to |
373 | * ip_output_list(). |
374 | */ |
375 | VERIFY(0 == packetchain); |
376 | |
377 | dn_tag = (struct dn_pkt_tag *)(tag->m_tag_data); |
378 | args.fwa_pf_rule = dn_tag->dn_pf_rule; |
379 | |
380 | SOCKADDR_COPY(&dn_tag->dn_dst6, &dst_buf, sizeof(dst_buf)); |
381 | dst = &dst_buf; |
382 | ifp = dn_tag->dn_ifp; |
383 | if (ifp != NULL) { |
384 | ifnet_reference(interface: ifp); |
385 | } |
386 | flags = dn_tag->dn_flags; |
387 | if (dn_tag->dn_flags & IPV6_OUTARGS) { |
388 | saved_ip6oa = dn_tag->dn_ip6oa; |
389 | ip6oa = &saved_ip6oa; |
390 | } |
391 | |
392 | saved_route = dn_tag->dn_ro6; |
393 | ro = &saved_route; |
394 | saved_ro_pmtu = dn_tag->dn_ro6_pmtu; |
395 | ro_pmtu = &saved_ro_pmtu; |
396 | origifp = dn_tag->dn_origifp; |
397 | if (origifp != NULL) { |
398 | ifnet_reference(interface: origifp); |
399 | } |
400 | mtu = dn_tag->dn_mtu; |
401 | unfragpartlen = dn_tag->dn_unfragpartlen; |
402 | |
403 | bcopy(src: &dn_tag->dn_exthdrs, dst: &exthdrs, n: sizeof(exthdrs)); |
404 | |
405 | m_tag_delete(m0, tag); |
406 | } |
407 | |
408 | tags_done: |
409 | #endif /* DUMMYNET */ |
410 | |
411 | m = m0; |
412 | |
413 | #if IPSEC |
414 | if (ipsec_bypass == 0) { |
415 | so = ipsec_getsocket(m); |
416 | if (so != NULL) { |
417 | (void) ipsec_setsocket(m, NULL); |
418 | } |
419 | /* If packet is bound to an interface, check bound policies */ |
420 | if ((flags & IPV6_OUTARGS) && |
421 | (ip6oa->ip6oa_flags & IP6OAF_BOUND_IF) && |
422 | ip6oa->ip6oa_boundif != IFSCOPE_NONE) { |
423 | /* ip6obf.noipsec is a bitfield, use temp integer */ |
424 | int noipsec = 0; |
425 | |
426 | if (ipsec6_getpolicybyinterface(m, IPSEC_DIR_OUTBOUND, |
427 | flags, ip6oa, &noipsec, &sp) != 0) { |
428 | goto bad; |
429 | } |
430 | |
431 | ip6obf.noipsec = (noipsec != 0); |
432 | } |
433 | } |
434 | #endif /* IPSEC */ |
435 | |
436 | ippo = &ipf_pktopts; |
437 | |
438 | if (flags & IPV6_OUTARGS) { |
439 | /* |
440 | * In the forwarding case, only the ifscope value is used, |
441 | * as source interface selection doesn't take place. |
442 | */ |
443 | if ((ip6obf.select_srcif = (!(flags & (IPV6_FORWARDING | |
444 | IPV6_UNSPECSRC | IPV6_FLAG_NOSRCIFSEL)) && |
445 | (ip6oa->ip6oa_flags & IP6OAF_SELECT_SRCIF)))) { |
446 | ipf_pktopts.ippo_flags |= IPPOF_SELECT_SRCIF; |
447 | } |
448 | |
449 | if ((ip6oa->ip6oa_flags & IP6OAF_BOUND_IF) && |
450 | ip6oa->ip6oa_boundif != IFSCOPE_NONE) { |
451 | ipf_pktopts.ippo_flags |= (IPPOF_BOUND_IF | |
452 | (ip6oa->ip6oa_boundif << IPPOF_SHIFT_IFSCOPE)); |
453 | } |
454 | |
455 | if (ip6oa->ip6oa_flags & IP6OAF_BOUND_SRCADDR) { |
456 | ipf_pktopts.ippo_flags |= IPPOF_BOUND_SRCADDR; |
457 | } |
458 | } else { |
459 | ip6obf.select_srcif = FALSE; |
460 | if (flags & IPV6_OUTARGS) { |
461 | ip6oa->ip6oa_boundif = IFSCOPE_NONE; |
462 | ip6oa->ip6oa_flags &= ~(IP6OAF_SELECT_SRCIF | |
463 | IP6OAF_BOUND_IF | IP6OAF_BOUND_SRCADDR); |
464 | } |
465 | } |
466 | |
467 | if (flags & IPV6_OUTARGS) { |
468 | if (ip6oa->ip6oa_flags & IP6OAF_NO_CELLULAR) { |
469 | ipf_pktopts.ippo_flags |= IPPOF_NO_IFT_CELLULAR; |
470 | } |
471 | if (ip6oa->ip6oa_flags & IP6OAF_NO_EXPENSIVE) { |
472 | ipf_pktopts.ippo_flags |= IPPOF_NO_IFF_EXPENSIVE; |
473 | } |
474 | if (ip6oa->ip6oa_flags & IP6OAF_NO_CONSTRAINED) { |
475 | ipf_pktopts.ippo_flags |= IPPOF_NO_IFF_CONSTRAINED; |
476 | } |
477 | adv = &ip6oa->ip6oa_flowadv; |
478 | adv->code = FADV_SUCCESS; |
479 | ip6oa->ip6oa_flags &= ~IP6OAF_RET_MASK; |
480 | } |
481 | |
482 | /* |
483 | * Clear out ifpp to be filled in after determining route. ifpp_save is |
484 | * used to keep old value to release reference properly and dtrace |
485 | * ipsec tunnel traffic properly. |
486 | */ |
487 | if (ifpp != NULL && *ifpp != NULL) { |
488 | *ifpp = NULL; |
489 | } |
490 | |
491 | #if DUMMYNET |
492 | if (args.fwa_pf_rule) { |
493 | ip6 = mtod(m, struct ip6_hdr *); |
494 | VERIFY(ro != NULL); /* ro == saved_route */ |
495 | goto check_with_pf; |
496 | } |
497 | #endif /* DUMMYNET */ |
498 | |
499 | #if NECP |
500 | /* |
501 | * Since all packets are assumed to come from same socket, necp lookup |
502 | * only needs to happen once per function entry. |
503 | */ |
504 | necp_matched_policy_id = necp_ip6_output_find_policy_match(packet: m, flags, |
505 | ip6oa: (flags & IPV6_OUTARGS) ? ip6oa : NULL, rt: ro ? ro->ro_rt : NULL, result: &necp_result, |
506 | result_parameter: &necp_result_parameter); |
507 | #endif /* NECP */ |
508 | |
509 | /* |
510 | * If a chain was passed in, prepare for ther first iteration. For all |
511 | * other iterations, this work will be done at evaluateloop: label. |
512 | */ |
513 | if (packetchain) { |
514 | /* |
515 | * Remove m from the chain during processing to avoid |
516 | * accidental frees on entire list. |
517 | */ |
518 | inputchain = m->m_nextpkt; |
519 | m->m_nextpkt = NULL; |
520 | } |
521 | |
522 | loopit: |
523 | packets_processed++; |
524 | m->m_pkthdr.pkt_flags &= ~(PKTF_LOOP | PKTF_IFAINFO); |
525 | ip6 = mtod(m, struct ip6_hdr *); |
526 | nxt0 = ip6->ip6_nxt; |
527 | finaldst = ip6->ip6_dst; |
528 | ip6obf.hdrsplit = FALSE; |
529 | ro_pmtu = NULL; |
530 | |
531 | if (!SLIST_EMPTY(&m->m_pkthdr.tags)) { |
532 | inject_filter_ref = ipf_get_inject_filter(m); |
533 | } else { |
534 | inject_filter_ref = NULL; |
535 | } |
536 | |
537 | #define MAKE_EXTHDR(hp, mp) do { \ |
538 | if (hp != NULL) { \ |
539 | struct ip6_ext *eh = (struct ip6_ext *)(hp); \ |
540 | error = ip6_copyexthdr((mp), (caddr_t)(hp), \ |
541 | ((eh)->ip6e_len + 1) << 3); \ |
542 | if (error) \ |
543 | goto freehdrs; \ |
544 | } \ |
545 | } while (0) |
546 | |
547 | if (opt != NULL) { |
548 | /* Hop-by-Hop options header */ |
549 | MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); |
550 | /* Destination options header(1st part) */ |
551 | if (opt->ip6po_rthdr) { |
552 | /* |
553 | * Destination options header(1st part) |
554 | * This only makes sense with a routing header. |
555 | * See Section 9.2 of RFC 3542. |
556 | * Disabling this part just for MIP6 convenience is |
557 | * a bad idea. We need to think carefully about a |
558 | * way to make the advanced API coexist with MIP6 |
559 | * options, which might automatically be inserted in |
560 | * the kernel. |
561 | */ |
562 | MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); |
563 | } |
564 | /* Routing header */ |
565 | MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); |
566 | /* Destination options header(2nd part) */ |
567 | MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); |
568 | } |
569 | |
570 | #undef MAKE_EXTHDR |
571 | |
572 | #if NECP |
573 | if (necp_matched_policy_id) { |
574 | necp_mark_packet_from_ip(packet: m, policy_id: necp_matched_policy_id); |
575 | |
576 | switch (necp_result) { |
577 | case NECP_KERNEL_POLICY_RESULT_PASS: |
578 | if (necp_result_parameter.pass_flags & NECP_KERNEL_POLICY_PASS_NO_SKIP_IPSEC) { |
579 | break; |
580 | } |
581 | goto skip_ipsec; |
582 | case NECP_KERNEL_POLICY_RESULT_DROP: |
583 | error = EHOSTUNREACH; |
584 | ip6stat.ip6s_necp_policy_drop++; |
585 | goto freehdrs; |
586 | case NECP_KERNEL_POLICY_RESULT_SOCKET_DIVERT: |
587 | /* |
588 | * Flow divert packets should be blocked at the IP |
589 | * layer. |
590 | */ |
591 | error = EHOSTUNREACH; |
592 | ip6stat.ip6s_necp_policy_drop++; |
593 | goto freehdrs; |
594 | case NECP_KERNEL_POLICY_RESULT_IP_TUNNEL: { |
595 | /* |
596 | * Verify that the packet is being routed to the tunnel |
597 | */ |
598 | struct ifnet *policy_ifp = |
599 | necp_get_ifnet_from_result_parameter( |
600 | result_parameter: &necp_result_parameter); |
601 | |
602 | /* |
603 | * Update the QOS marking policy if |
604 | * 1. upper layer asks it to do so |
605 | * 2. net_qos_policy_restricted is not set |
606 | * 3. qos_marking_gencount doesn't match necp_kernel_socket_policies_gencount (checked in necp_lookup_current_qos_marking) |
607 | */ |
608 | if (ip6oa != NULL && (ip6oa->ip6oa_flags & IP6OAF_REDO_QOSMARKING_POLICY) && |
609 | net_qos_policy_restricted != 0) { |
610 | bool qos_marking = (ip6oa->ip6oa_flags & IP6OAF_QOSMARKING_ALLOWED) != 0; |
611 | qos_marking = necp_lookup_current_qos_marking(qos_marking_gencount: &ip6oa->qos_marking_gencount, NULL, interface: policy_ifp, route_rule_id: necp_result_parameter.route_rule_id, old_qos_marking: qos_marking); |
612 | if (qos_marking) { |
613 | ip6oa->ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED; |
614 | } else { |
615 | ip6oa->ip6oa_flags &= ~IP6OAF_QOSMARKING_ALLOWED; |
616 | } |
617 | } |
618 | |
619 | if (policy_ifp == ifp) { |
620 | goto skip_ipsec; |
621 | } else { |
622 | if (necp_packet_can_rebind_to_ifnet(packet: m, |
623 | interface: policy_ifp, new_route: (struct route *)&necp_route, |
624 | AF_INET6)) { |
625 | /* |
626 | * Set scoped index to the tunnel |
627 | * interface, since it is compatible |
628 | * with the packet. This will only work |
629 | * for callers who pass IPV6_OUTARGS, |
630 | * but that covers all of the clients |
631 | * we care about today. |
632 | */ |
633 | if (flags & IPV6_OUTARGS) { |
634 | ip6oa->ip6oa_boundif = |
635 | policy_ifp->if_index; |
636 | ip6oa->ip6oa_flags |= |
637 | IP6OAF_BOUND_IF; |
638 | } |
639 | if (opt != NULL |
640 | && opt->ip6po_pktinfo != NULL) { |
641 | opt->ip6po_pktinfo-> |
642 | ipi6_ifindex = |
643 | policy_ifp->if_index; |
644 | } |
645 | ro = &necp_route; |
646 | goto skip_ipsec; |
647 | } else { |
648 | error = ENETUNREACH; |
649 | ip6stat.ip6s_necp_policy_drop++; |
650 | goto freehdrs; |
651 | } |
652 | } |
653 | } |
654 | default: |
655 | break; |
656 | } |
657 | } |
658 | #endif /* NECP */ |
659 | |
660 | #if IPSEC |
661 | if (ipsec_bypass != 0 || ip6obf.noipsec) { |
662 | goto skip_ipsec; |
663 | } |
664 | |
665 | if (sp == NULL) { |
666 | /* get a security policy for this packet */ |
667 | if (so != NULL) { |
668 | sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, |
669 | so, &error); |
670 | } else { |
671 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, |
672 | 0, &error); |
673 | } |
674 | if (sp == NULL) { |
675 | IPSEC_STAT_INCREMENT(ipsec6stat.out_inval); |
676 | goto freehdrs; |
677 | } |
678 | } |
679 | |
680 | error = 0; |
681 | |
682 | /* check policy */ |
683 | switch (sp->policy) { |
684 | case IPSEC_POLICY_DISCARD: |
685 | case IPSEC_POLICY_GENERATE: |
686 | /* |
687 | * This packet is just discarded. |
688 | */ |
689 | IPSEC_STAT_INCREMENT(ipsec6stat.out_polvio); |
690 | goto freehdrs; |
691 | |
692 | case IPSEC_POLICY_BYPASS: |
693 | case IPSEC_POLICY_NONE: |
694 | /* no need to do IPsec. */ |
695 | ip6obf.needipsec = FALSE; |
696 | break; |
697 | |
698 | case IPSEC_POLICY_IPSEC: |
699 | if (sp->req == NULL) { |
700 | /* acquire a policy */ |
701 | error = key_spdacquire(sp); |
702 | goto freehdrs; |
703 | } |
704 | if (sp->ipsec_if) { |
705 | goto skip_ipsec; |
706 | } else { |
707 | ip6obf.needipsec = true; |
708 | } |
709 | break; |
710 | |
711 | case IPSEC_POLICY_ENTRUST: |
712 | default: |
713 | printf("%s: Invalid policy found: %d\n" , __func__, sp->policy); |
714 | break; |
715 | } |
716 | skip_ipsec: |
717 | #endif /* IPSEC */ |
718 | |
719 | /* |
720 | * Calculate the total length of the extension header chain. |
721 | * Keep the length of the unfragmentable part for fragmentation. |
722 | */ |
723 | optlen = 0; |
724 | if (exthdrs.ip6e_hbh != NULL) { |
725 | optlen += exthdrs.ip6e_hbh->m_len; |
726 | } |
727 | if (exthdrs.ip6e_dest1 != NULL) { |
728 | optlen += exthdrs.ip6e_dest1->m_len; |
729 | } |
730 | if (exthdrs.ip6e_rthdr != NULL) { |
731 | optlen += exthdrs.ip6e_rthdr->m_len; |
732 | } |
733 | unfragpartlen = optlen + sizeof(struct ip6_hdr); |
734 | |
735 | /* NOTE: we don't add AH/ESP length here. do that later. */ |
736 | if (exthdrs.ip6e_dest2 != NULL) { |
737 | optlen += exthdrs.ip6e_dest2->m_len; |
738 | } |
739 | |
740 | /* |
741 | * If we need IPsec, or there is at least one extension header, |
742 | * separate IP6 header from the payload. |
743 | */ |
744 | if (( |
745 | #if IPSEC |
746 | ip6obf.needipsec || |
747 | #endif /* IPSEC */ |
748 | optlen) && !ip6obf.hdrsplit) { |
749 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { |
750 | m = NULL; |
751 | goto freehdrs; |
752 | } |
753 | m = exthdrs.ip6e_ip6; |
754 | ip6obf.hdrsplit = true; |
755 | } |
756 | |
757 | /* adjust pointer */ |
758 | ip6 = mtod(m, struct ip6_hdr *); |
759 | |
760 | /* adjust mbuf packet header length */ |
761 | m->m_pkthdr.len += optlen; |
762 | plen = m->m_pkthdr.len - sizeof(*ip6); |
763 | |
764 | /* If this is a jumbo payload, insert a jumbo payload option. */ |
765 | if (plen > IPV6_MAXPACKET) { |
766 | if (!ip6obf.hdrsplit) { |
767 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { |
768 | m = NULL; |
769 | goto freehdrs; |
770 | } |
771 | m = exthdrs.ip6e_ip6; |
772 | ip6obf.hdrsplit = true; |
773 | } |
774 | /* adjust pointer */ |
775 | ip6 = mtod(m, struct ip6_hdr *); |
776 | if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0) { |
777 | goto freehdrs; |
778 | } |
779 | ip6->ip6_plen = 0; |
780 | } else { |
781 | ip6->ip6_plen = htons((uint16_t)plen); |
782 | } |
783 | /* |
784 | * Concatenate headers and fill in next header fields. |
785 | * Here we have, on "m" |
786 | * IPv6 payload |
787 | * and we insert headers accordingly. Finally, we should be getting: |
788 | * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload] |
789 | * |
790 | * during the header composing process, "m" points to IPv6 header. |
791 | * "mprev" points to an extension header prior to esp. |
792 | */ |
793 | nexthdrp = &ip6->ip6_nxt; |
794 | mprev = m; |
795 | |
796 | /* |
797 | * we treat dest2 specially. this makes IPsec processing |
798 | * much easier. the goal here is to make mprev point the |
799 | * mbuf prior to dest2. |
800 | * |
801 | * result: IPv6 dest2 payload |
802 | * m and mprev will point to IPv6 header. |
803 | */ |
804 | if (exthdrs.ip6e_dest2 != NULL) { |
805 | if (!ip6obf.hdrsplit) { |
806 | panic("assumption failed: hdr not split" ); |
807 | /* NOTREACHED */ |
808 | } |
809 | exthdrs.ip6e_dest2->m_next = m->m_next; |
810 | m->m_next = exthdrs.ip6e_dest2; |
811 | *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt; |
812 | ip6->ip6_nxt = IPPROTO_DSTOPTS; |
813 | } |
814 | |
815 | #define MAKE_CHAIN(m, mp, p, i) do { \ |
816 | if (m != NULL) { \ |
817 | if (!ip6obf.hdrsplit) { \ |
818 | panic("assumption failed: hdr not split"); \ |
819 | /* NOTREACHED */ \ |
820 | } \ |
821 | *mtod((m), u_char *) = *(p); \ |
822 | *(p) = (i); \ |
823 | p = mtod((m), u_char *); \ |
824 | (m)->m_next = (mp)->m_next; \ |
825 | (mp)->m_next = (m); \ |
826 | (mp) = (m); \ |
827 | } \ |
828 | } while (0) |
829 | /* |
830 | * result: IPv6 hbh dest1 rthdr dest2 payload |
831 | * m will point to IPv6 header. mprev will point to the |
832 | * extension header prior to dest2 (rthdr in the above case). |
833 | */ |
834 | MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); |
835 | MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, IPPROTO_DSTOPTS); |
836 | MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, IPPROTO_ROUTING); |
837 | |
838 | /* It is no longer safe to free the pointers in exthdrs. */ |
839 | exthdrs.merged = TRUE; |
840 | |
841 | #undef MAKE_CHAIN |
842 | |
843 | #if IPSEC |
844 | if (ip6obf.needipsec && (m->m_pkthdr.csum_flags & CSUM_DELAY_IPV6_DATA)) { |
845 | in6_delayed_cksum_offset(m, 0, optlen, nxt0); |
846 | } |
847 | #endif /* IPSEC */ |
848 | |
849 | if (!TAILQ_EMPTY(&ipv6_filters) && |
850 | !((flags & IPV6_OUTARGS) && |
851 | (ip6oa->ip6oa_flags & IP6OAF_INTCOPROC_ALLOWED) && |
852 | (ip6oa->ip6oa_flags & IP6OAF_MANAGEMENT_ALLOWED) |
853 | #if NECP |
854 | && !necp_packet_should_skip_filters(packet: m) |
855 | #endif // NECP |
856 | )) { |
857 | struct ipfilter *filter; |
858 | int seen = (inject_filter_ref == NULL); |
859 | int fixscope = 0; |
860 | |
861 | if (im6o != NULL && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
862 | ippo->ippo_flags |= IPPOF_MCAST_OPTS; |
863 | IM6O_LOCK(im6o); |
864 | ippo->ippo_mcast_ifnet = im6o->im6o_multicast_ifp; |
865 | ippo->ippo_mcast_ttl = im6o->im6o_multicast_hlim; |
866 | ippo->ippo_mcast_loop = im6o->im6o_multicast_loop; |
867 | IM6O_UNLOCK(im6o); |
868 | } |
869 | |
870 | /* Hack: embed the scope_id in the destination */ |
871 | if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) && |
872 | (ip6->ip6_dst.s6_addr16[1] == 0) && (ro != NULL)) { |
873 | fixscope = 1; |
874 | ip6->ip6_dst.s6_addr16[1] = |
875 | htons((uint16_t)ro->ro_dst.sin6_scope_id); |
876 | } |
877 | |
878 | ipf_ref(); |
879 | TAILQ_FOREACH(filter, &ipv6_filters, ipf_link) { |
880 | /* |
881 | * Don't process packet twice if we've already seen it. |
882 | */ |
883 | if (seen == 0) { |
884 | if ((struct ipfilter *)inject_filter_ref == |
885 | filter) { |
886 | seen = 1; |
887 | } |
888 | } else if (filter->ipf_filter.ipf_output != NULL) { |
889 | errno_t result; |
890 | |
891 | result = filter->ipf_filter.ipf_output( |
892 | filter->ipf_filter.cookie, |
893 | (mbuf_t *)&m, ippo); |
894 | if (result == EJUSTRETURN) { |
895 | ipf_unref(); |
896 | m = NULL; |
897 | goto evaluateloop; |
898 | } |
899 | if (result != 0) { |
900 | ipf_unref(); |
901 | goto bad; |
902 | } |
903 | } |
904 | } |
905 | ipf_unref(); |
906 | |
907 | ip6 = mtod(m, struct ip6_hdr *); |
908 | /* Hack: cleanup embedded scope_id if we put it there */ |
909 | if (fixscope) { |
910 | ip6->ip6_dst.s6_addr16[1] = 0; |
911 | } |
912 | } |
913 | |
914 | #if IPSEC |
915 | if (ip6obf.needipsec) { |
916 | uint8_t segleft_org; |
917 | |
918 | /* |
919 | * pointers after IPsec headers are not valid any more. |
920 | * other pointers need a great care too. |
921 | * (IPsec routines should not mangle mbufs prior to AH/ESP) |
922 | */ |
923 | exthdrs.ip6e_dest2 = NULL; |
924 | |
925 | if (exthdrs.ip6e_rthdr != NULL) { |
926 | rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); |
927 | segleft_org = rh->ip6r_segleft; |
928 | rh->ip6r_segleft = 0; |
929 | } else { |
930 | rh = NULL; |
931 | segleft_org = 0; |
932 | } |
933 | |
934 | ipsec_state.m = m; |
935 | error = ipsec6_output_trans(&ipsec_state, nexthdrp, mprev, |
936 | sp, flags, &needipsectun); |
937 | m = ipsec_state.m; |
938 | if (error) { |
939 | /* mbuf is already reclaimed in ipsec6_output_trans. */ |
940 | m = NULL; |
941 | switch (error) { |
942 | case EHOSTUNREACH: |
943 | case ENETUNREACH: |
944 | case EMSGSIZE: |
945 | case ENOBUFS: |
946 | case ENOMEM: |
947 | break; |
948 | default: |
949 | printf("ip6_output (ipsec): error code %d\n" , |
950 | error); |
951 | OS_FALLTHROUGH; |
952 | case ENOENT: |
953 | /* don't show these error codes to the user */ |
954 | error = 0; |
955 | break; |
956 | } |
957 | goto bad; |
958 | } |
959 | if (exthdrs.ip6e_rthdr != NULL) { |
960 | /* ah6_output doesn't modify mbuf chain */ |
961 | rh->ip6r_segleft = segleft_org; |
962 | } |
963 | } |
964 | #endif /* IPSEC */ |
965 | |
966 | /* If there is a routing header, discard the packet. */ |
967 | if (exthdrs.ip6e_rthdr != NULL) { |
968 | error = EINVAL; |
969 | goto bad; |
970 | } |
971 | |
972 | /* Source address validation */ |
973 | if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && |
974 | !(flags & IPV6_UNSPECSRC)) { |
975 | error = EOPNOTSUPP; |
976 | ip6stat.ip6s_badscope++; |
977 | goto bad; |
978 | } |
979 | if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) { |
980 | error = EOPNOTSUPP; |
981 | ip6stat.ip6s_badscope++; |
982 | goto bad; |
983 | } |
984 | |
985 | ip6stat.ip6s_localout++; |
986 | |
987 | /* |
988 | * Route packet. |
989 | */ |
990 | if (ro == NULL) { |
991 | ro = &ip6route; |
992 | bzero(s: (caddr_t)ro, n: sizeof(*ro)); |
993 | } |
994 | ro_pmtu = ro; |
995 | if (opt != NULL && opt->ip6po_rthdr) { |
996 | ro = &opt->ip6po_route; |
997 | } |
998 | dst = SIN6(&ro->ro_dst); |
999 | |
1000 | if (ro->ro_rt != NULL) { |
1001 | RT_LOCK_ASSERT_NOTHELD(ro->ro_rt); |
1002 | } |
1003 | /* |
1004 | * if specified, try to fill in the traffic class field. |
1005 | * do not override if a non-zero value is already set. |
1006 | * we check the diffserv field and the ecn field separately. |
1007 | */ |
1008 | if (opt != NULL && opt->ip6po_tclass >= 0) { |
1009 | int mask = 0; |
1010 | |
1011 | if ((ip6->ip6_flow & htonl(0xfc << 20)) == 0) { |
1012 | mask |= 0xfc; |
1013 | } |
1014 | if ((ip6->ip6_flow & htonl(0x03 << 20)) == 0) { |
1015 | mask |= 0x03; |
1016 | } |
1017 | if (mask != 0) { |
1018 | ip6->ip6_flow |= |
1019 | htonl((opt->ip6po_tclass & mask) << 20); |
1020 | } |
1021 | } |
1022 | |
1023 | if (((ntohl(ip6->ip6_flow & IPV6_FLOW_ECN_MASK) >> 20) & IPTOS_ECN_ECT1) == IPTOS_ECN_ECT1) { |
1024 | m->m_pkthdr.pkt_ext_flags |= PKTF_EXT_L4S; |
1025 | } |
1026 | |
1027 | /* fill in or override the hop limit field, if necessary. */ |
1028 | if (opt && opt->ip6po_hlim != -1) { |
1029 | ip6->ip6_hlim = opt->ip6po_hlim & 0xff; |
1030 | } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
1031 | if (im6o != NULL) { |
1032 | IM6O_LOCK(im6o); |
1033 | ip6->ip6_hlim = im6o->im6o_multicast_hlim; |
1034 | IM6O_UNLOCK(im6o); |
1035 | } else { |
1036 | ip6->ip6_hlim = (uint8_t)ip6_defmcasthlim; |
1037 | } |
1038 | } |
1039 | |
1040 | /* |
1041 | * If there is a cached route, check that it is to the same |
1042 | * destination and is still up. If not, free it and try again. |
1043 | * Test rt_flags without holding rt_lock for performance reasons; |
1044 | * if the route is down it will hopefully be caught by the layer |
1045 | * below (since it uses this route as a hint) or during the |
1046 | * next transmit. |
1047 | */ |
1048 | if (ROUTE_UNUSABLE(ro) || dst->sin6_family != AF_INET6 || |
1049 | !in6_are_addr_equal_scoped(&dst->sin6_addr, &ip6->ip6_dst, dst->sin6_scope_id, ip6_output_getdstifscope(m))) { |
1050 | ROUTE_RELEASE(ro); |
1051 | } |
1052 | |
1053 | if (ro->ro_rt == NULL) { |
1054 | SOCKADDR_ZERO(dst, sizeof(*dst)); |
1055 | dst->sin6_family = AF_INET6; |
1056 | dst->sin6_len = sizeof(struct sockaddr_in6); |
1057 | dst->sin6_addr = ip6->ip6_dst; |
1058 | } |
1059 | #if IPSEC |
1060 | if (ip6obf.needipsec && needipsectun) { |
1061 | #if CONFIG_DTRACE |
1062 | struct ifnet *trace_ifp = (ifpp_save != NULL) ? (*ifpp_save) : NULL; |
1063 | #endif /* CONFIG_DTRACE */ |
1064 | /* |
1065 | * All the extension headers will become inaccessible |
1066 | * (since they can be encrypted). |
1067 | * Don't panic, we need no more updates to extension headers |
1068 | * on inner IPv6 packet (since they are now encapsulated). |
1069 | * |
1070 | * IPv6 [ESP|AH] IPv6 [extension headers] payload |
1071 | */ |
1072 | bzero(s: &exthdrs, n: sizeof(exthdrs)); |
1073 | exthdrs.ip6e_ip6 = m; |
1074 | |
1075 | ipsec_state.m = m; |
1076 | route_copyout((struct route *)&ipsec_state.ro, (struct route *)ro, |
1077 | sizeof(struct route_in6)); |
1078 | ipsec_state.dst = SA(dst); |
1079 | |
1080 | /* So that we can see packets inside the tunnel */ |
1081 | DTRACE_IP6(send, struct mbuf *, m, struct inpcb *, NULL, |
1082 | struct ip6_hdr *, ip6, struct ifnet *, trace_ifp, |
1083 | struct ip *, NULL, struct ip6_hdr *, ip6); |
1084 | |
1085 | error = ipsec6_output_tunnel(&ipsec_state, sp, flags); |
1086 | /* tunneled in IPv4? packet is gone */ |
1087 | if (ipsec_state.tunneled == 4) { |
1088 | m = NULL; |
1089 | goto evaluateloop; |
1090 | } |
1091 | m = ipsec_state.m; |
1092 | ipsec_saved_route = ro; |
1093 | ro = (struct route_in6 *)&ipsec_state.ro; |
1094 | dst = SIN6(ipsec_state.dst); |
1095 | if (error) { |
1096 | /* mbuf is already reclaimed in ipsec6_output_tunnel. */ |
1097 | m = NULL; |
1098 | switch (error) { |
1099 | case EHOSTUNREACH: |
1100 | case ENETUNREACH: |
1101 | case EMSGSIZE: |
1102 | case ENOBUFS: |
1103 | case ENOMEM: |
1104 | break; |
1105 | default: |
1106 | printf("ip6_output (ipsec): error code %d\n" , |
1107 | error); |
1108 | OS_FALLTHROUGH; |
1109 | case ENOENT: |
1110 | /* don't show these error codes to the user */ |
1111 | error = 0; |
1112 | break; |
1113 | } |
1114 | goto bad; |
1115 | } |
1116 | /* |
1117 | * The packet has been encapsulated so the ifscope |
1118 | * is no longer valid since it does not apply to the |
1119 | * outer address: ignore the ifscope. |
1120 | */ |
1121 | if (flags & IPV6_OUTARGS) { |
1122 | ip6oa->ip6oa_boundif = IFSCOPE_NONE; |
1123 | ip6oa->ip6oa_flags &= ~IP6OAF_BOUND_IF; |
1124 | } |
1125 | if (opt != NULL && opt->ip6po_pktinfo != NULL) { |
1126 | if (opt->ip6po_pktinfo->ipi6_ifindex != IFSCOPE_NONE) { |
1127 | opt->ip6po_pktinfo->ipi6_ifindex = IFSCOPE_NONE; |
1128 | } |
1129 | } |
1130 | exthdrs.ip6e_ip6 = m; |
1131 | } |
1132 | #endif /* IPSEC */ |
1133 | |
1134 | /* |
1135 | * ifp should only be filled in for dummy net packets which will jump |
1136 | * to check_with_pf label. |
1137 | */ |
1138 | if (ifp != NULL) { |
1139 | VERIFY(ip6obf.route_selected); |
1140 | } |
1141 | |
1142 | /* adjust pointer */ |
1143 | ip6 = mtod(m, struct ip6_hdr *); |
1144 | |
1145 | if (ip6obf.select_srcif) { |
1146 | SOCKADDR_ZERO(&src_sa, sizeof(src_sa)); |
1147 | src_sa.sin6_family = AF_INET6; |
1148 | src_sa.sin6_len = sizeof(src_sa); |
1149 | src_sa.sin6_addr = ip6->ip6_src; |
1150 | src_sa.sin6_scope_id = (!in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) ? ip6_output_getsrcifscope(m) : IFSCOPE_NONE; |
1151 | } |
1152 | SOCKADDR_ZERO(&dst_sa, sizeof(dst_sa)); |
1153 | dst_sa.sin6_family = AF_INET6; |
1154 | dst_sa.sin6_len = sizeof(dst_sa); |
1155 | dst_sa.sin6_addr = ip6->ip6_dst; |
1156 | dst_sa.sin6_scope_id = (!in6_embedded_scope && IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) ? ip6_output_getdstifscope(m) : IFSCOPE_NONE; |
1157 | |
1158 | /* |
1159 | * Only call in6_selectroute() on first iteration to avoid taking |
1160 | * multiple references on ifp and rt. |
1161 | * |
1162 | * in6_selectroute() might return an ifp with its reference held |
1163 | * even in the error case, so make sure to release its reference. |
1164 | * ip6oa may be NULL if IPV6_OUTARGS isn't set. |
1165 | */ |
1166 | if (!ip6obf.route_selected) { |
1167 | error = in6_selectroute( ip6obf.select_srcif ? &src_sa : NULL, |
1168 | &dst_sa, opt, im6o, &src_ia, ro, &ifp, &rt, 0, ip6oa); |
1169 | |
1170 | if (error != 0) { |
1171 | switch (error) { |
1172 | case EHOSTUNREACH: |
1173 | ip6stat.ip6s_noroute++; |
1174 | break; |
1175 | case EADDRNOTAVAIL: |
1176 | default: |
1177 | break; /* XXX statistics? */ |
1178 | } |
1179 | if (ifp != NULL) { |
1180 | in6_ifstat_inc(ifp, ifs6_out_discard); |
1181 | } |
1182 | /* ifp (if non-NULL) will be released at the end */ |
1183 | goto bad; |
1184 | } |
1185 | ip6obf.route_selected = true; |
1186 | } |
1187 | if (rt == NULL) { |
1188 | /* |
1189 | * If in6_selectroute() does not return a route entry, |
1190 | * dst may not have been updated. |
1191 | */ |
1192 | *dst = dst_sa; /* XXX */ |
1193 | } |
1194 | |
1195 | #if NECP |
1196 | /* Catch-all to check if the interface is allowed */ |
1197 | if (!necp_packet_is_allowed_over_interface(packet: m, interface: ifp)) { |
1198 | error = EHOSTUNREACH; |
1199 | ip6stat.ip6s_necp_policy_drop++; |
1200 | goto bad; |
1201 | } |
1202 | #endif /* NECP */ |
1203 | |
1204 | /* |
1205 | * then rt (for unicast) and ifp must be non-NULL valid values. |
1206 | */ |
1207 | if (!(flags & IPV6_FORWARDING)) { |
1208 | in6_ifstat_inc_na(ifp, ifs6_out_request); |
1209 | } |
1210 | if (rt != NULL) { |
1211 | RT_LOCK(rt); |
1212 | if (ia == NULL) { |
1213 | ia = (struct in6_ifaddr *)(rt->rt_ifa); |
1214 | if (ia != NULL) { |
1215 | ifa_addref(ifa: &ia->ia_ifa); |
1216 | } |
1217 | } |
1218 | rt->rt_use++; |
1219 | RT_UNLOCK(rt); |
1220 | } |
1221 | |
1222 | /* |
1223 | * The outgoing interface must be in the zone of source and |
1224 | * destination addresses (except local/loopback). We should |
1225 | * use ia_ifp to support the case of sending packets to an |
1226 | * address of our own. |
1227 | */ |
1228 | if (ia != NULL && ia->ia_ifp) { |
1229 | ifnet_reference(interface: ia->ia_ifp); /* for origifp */ |
1230 | if (origifp != NULL) { |
1231 | ifnet_release(interface: origifp); |
1232 | } |
1233 | origifp = ia->ia_ifp; |
1234 | } else { |
1235 | if (ifp != NULL) { |
1236 | ifnet_reference(interface: ifp); /* for origifp */ |
1237 | } |
1238 | if (origifp != NULL) { |
1239 | ifnet_release(interface: origifp); |
1240 | } |
1241 | origifp = ifp; |
1242 | } |
1243 | |
1244 | /* skip scope enforcements for local/loopback route */ |
1245 | if (rt == NULL || !(rt->rt_ifp->if_flags & IFF_LOOPBACK)) { |
1246 | struct in6_addr src0, dst0; |
1247 | u_int32_t zone; |
1248 | |
1249 | src0 = ip6->ip6_src; |
1250 | if (in6_setscope(&src0, origifp, &zone)) { |
1251 | goto badscope; |
1252 | } |
1253 | SOCKADDR_ZERO(&src_sa, sizeof(src_sa)); |
1254 | src_sa.sin6_family = AF_INET6; |
1255 | src_sa.sin6_len = sizeof(src_sa); |
1256 | src_sa.sin6_addr = ip6->ip6_src; |
1257 | src_sa.sin6_scope_id = (!in6_embedded_scope && IN6_IS_SCOPE_EMBED(&src_sa.sin6_addr)) ? ip6_output_getsrcifscope(m) : IFSCOPE_NONE; |
1258 | if ((sa6_recoverscope(&src_sa, TRUE) || |
1259 | zone != src_sa.sin6_scope_id)) { |
1260 | goto badscope; |
1261 | } |
1262 | |
1263 | dst0 = ip6->ip6_dst; |
1264 | if ((in6_setscope(&dst0, origifp, &zone))) { |
1265 | goto badscope; |
1266 | } |
1267 | /* re-initialize to be sure */ |
1268 | SOCKADDR_ZERO(&dst_sa, sizeof(dst_sa)); |
1269 | dst_sa.sin6_family = AF_INET6; |
1270 | dst_sa.sin6_len = sizeof(dst_sa); |
1271 | dst_sa.sin6_addr = ip6->ip6_dst; |
1272 | dst_sa.sin6_scope_id = (!in6_embedded_scope && IN6_IS_SCOPE_EMBED(&dst_sa.sin6_addr)) ? ip6_output_getdstifscope(m) : IFSCOPE_NONE; |
1273 | if ((sa6_recoverscope(&dst_sa, TRUE) || |
1274 | zone != dst_sa.sin6_scope_id)) { |
1275 | goto badscope; |
1276 | } |
1277 | |
1278 | /* scope check is done. */ |
1279 | goto routefound; |
1280 | |
1281 | badscope: |
1282 | ip6stat.ip6s_badscope++; |
1283 | in6_ifstat_inc(origifp, ifs6_out_discard); |
1284 | if (error == 0) { |
1285 | error = EHOSTUNREACH; /* XXX */ |
1286 | } |
1287 | goto bad; |
1288 | } |
1289 | |
1290 | routefound: |
1291 | if (rt != NULL && !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
1292 | if (opt != NULL && opt->ip6po_nextroute.ro_rt) { |
1293 | /* |
1294 | * The nexthop is explicitly specified by the |
1295 | * application. We assume the next hop is an IPv6 |
1296 | * address. |
1297 | */ |
1298 | dst = SIN6(opt->ip6po_nexthop); |
1299 | } else if ((rt->rt_flags & RTF_GATEWAY)) { |
1300 | dst = SIN6(rt->rt_gateway); |
1301 | } |
1302 | /* |
1303 | * For packets destined to local/loopback, record the |
1304 | * source the source interface (which owns the source |
1305 | * address), as well as the output interface. This is |
1306 | * needed to reconstruct the embedded zone for the |
1307 | * link-local address case in ip6_input(). |
1308 | */ |
1309 | if (ia != NULL && (ifp->if_flags & IFF_LOOPBACK)) { |
1310 | uint32_t srcidx; |
1311 | |
1312 | if (src_ia != NULL) { |
1313 | srcidx = src_ia->ia_ifp->if_index; |
1314 | } else if (ro->ro_srcia != NULL) { |
1315 | srcidx = ro->ro_srcia->ifa_ifp->if_index; |
1316 | } else { |
1317 | srcidx = 0; |
1318 | } |
1319 | |
1320 | ip6_setsrcifaddr_info(m, srcidx, NULL); |
1321 | ip6_setdstifaddr_info(m, 0, ia); |
1322 | } |
1323 | } |
1324 | |
1325 | if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
1326 | m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ |
1327 | } else { |
1328 | struct in6_multi *in6m; |
1329 | |
1330 | m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST; |
1331 | in6_ifstat_inc_na(ifp, ifs6_out_mcast); |
1332 | |
1333 | /* |
1334 | * Confirm that the outgoing interface supports multicast. |
1335 | */ |
1336 | if (!(ifp->if_flags & IFF_MULTICAST)) { |
1337 | ip6stat.ip6s_noroute++; |
1338 | in6_ifstat_inc(ifp, ifs6_out_discard); |
1339 | error = ENETUNREACH; |
1340 | goto bad; |
1341 | } |
1342 | in6_multihead_lock_shared(); |
1343 | IN6_LOOKUP_MULTI(&ip6->ip6_dst, ifp, in6m); |
1344 | in6_multihead_lock_done(); |
1345 | if (im6o != NULL) { |
1346 | IM6O_LOCK(im6o); |
1347 | } |
1348 | if (in6m != NULL && |
1349 | (im6o == NULL || im6o->im6o_multicast_loop)) { |
1350 | if (im6o != NULL) { |
1351 | IM6O_UNLOCK(im6o); |
1352 | } |
1353 | /* |
1354 | * If we belong to the destination multicast group |
1355 | * on the outgoing interface, and the caller did not |
1356 | * forbid loopback, loop back a copy. |
1357 | */ |
1358 | ip6_mloopback(NULL, ifp, m, dst, optlen, nxt0); |
1359 | } else if (im6o != NULL) { |
1360 | IM6O_UNLOCK(im6o); |
1361 | } |
1362 | if (in6m != NULL) { |
1363 | IN6M_REMREF(in6m); |
1364 | } |
1365 | /* |
1366 | * Multicasts with a hoplimit of zero may be looped back, |
1367 | * above, but must not be transmitted on a network. |
1368 | * Also, multicasts addressed to the loopback interface |
1369 | * are not sent -- the above call to ip6_mloopback() will |
1370 | * loop back a copy if this host actually belongs to the |
1371 | * destination group on the loopback interface. |
1372 | */ |
1373 | if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK) || |
1374 | IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst)) { |
1375 | /* remove m from the packetchain and continue looping */ |
1376 | if (m != NULL) { |
1377 | m_freem(m); |
1378 | } |
1379 | m = NULL; |
1380 | goto evaluateloop; |
1381 | } |
1382 | } |
1383 | |
1384 | /* |
1385 | * Fill the outgoing inteface to tell the upper layer |
1386 | * to increment per-interface statistics. |
1387 | */ |
1388 | if (ifpp != NULL && *ifpp == NULL) { |
1389 | ifnet_reference(interface: ifp); /* for caller */ |
1390 | *ifpp = ifp; |
1391 | } |
1392 | |
1393 | /* Determine path MTU. */ |
1394 | if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, ifp->if_index, &mtu)) != 0) { |
1395 | goto bad; |
1396 | } |
1397 | |
1398 | /* |
1399 | * The caller of this function may specify to use the minimum MTU |
1400 | * in some cases. |
1401 | * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU |
1402 | * setting. The logic is a bit complicated; by default, unicast |
1403 | * packets will follow path MTU while multicast packets will be sent at |
1404 | * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets |
1405 | * including unicast ones will be sent at the minimum MTU. Multicast |
1406 | * packets will always be sent at the minimum MTU unless |
1407 | * IP6PO_MINMTU_DISABLE is explicitly specified. |
1408 | * See RFC 3542 for more details. |
1409 | */ |
1410 | if (mtu > IPV6_MMTU) { |
1411 | if ((flags & IPV6_MINMTU)) { |
1412 | mtu = IPV6_MMTU; |
1413 | } else if (opt && opt->ip6po_minmtu == IP6PO_MINMTU_ALL) { |
1414 | mtu = IPV6_MMTU; |
1415 | } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && |
1416 | (opt == NULL || |
1417 | opt->ip6po_minmtu != IP6PO_MINMTU_DISABLE)) { |
1418 | mtu = IPV6_MMTU; |
1419 | } |
1420 | } |
1421 | |
1422 | /* |
1423 | * clear embedded scope identifiers if necessary. |
1424 | * in6_clearscope will touch the addresses only when necessary. |
1425 | */ |
1426 | in6_clearscope(&ip6->ip6_src); |
1427 | in6_clearscope(&ip6->ip6_dst); |
1428 | /* |
1429 | * If the outgoing packet contains a hop-by-hop options header, |
1430 | * it must be examined and processed even by the source node. |
1431 | * (RFC 2460, section 4.) |
1432 | */ |
1433 | if (exthdrs.ip6e_hbh != NULL) { |
1434 | struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *); |
1435 | u_int32_t dummy; /* XXX unused */ |
1436 | uint32_t oplen = 0; /* for ip6_process_hopopts() */ |
1437 | #if DIAGNOSTIC |
1438 | if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len) { |
1439 | panic("ip6e_hbh is not continuous" ); |
1440 | } |
1441 | #endif |
1442 | /* |
1443 | * XXX: If we have to send an ICMPv6 error to the sender, |
1444 | * we need the M_LOOP flag since icmp6_error() expects |
1445 | * the IPv6 and the hop-by-hop options header are |
1446 | * continuous unless the flag is set. |
1447 | */ |
1448 | m->m_flags |= M_LOOP; |
1449 | m->m_pkthdr.rcvif = ifp; |
1450 | if (ip6_process_hopopts(m, (u_int8_t *)(hbh + 1), |
1451 | ((hbh->ip6h_len + 1) << 3) - sizeof(struct ip6_hbh), |
1452 | &dummy, &oplen) < 0) { |
1453 | /* |
1454 | * m was already freed at this point. Set to NULL so it |
1455 | * is not re-freed at end of ip6_output_list. |
1456 | */ |
1457 | m = NULL; |
1458 | error = EINVAL; /* better error? */ |
1459 | goto bad; |
1460 | } |
1461 | m->m_flags &= ~M_LOOP; /* XXX */ |
1462 | m->m_pkthdr.rcvif = NULL; |
1463 | } |
1464 | |
1465 | #if DUMMYNET |
1466 | check_with_pf: |
1467 | #endif /* DUMMYNET */ |
1468 | #if PF |
1469 | if (PF_IS_ENABLED && !skip_pf) { |
1470 | #if DUMMYNET |
1471 | |
1472 | /* |
1473 | * TODO: Need to save opt->ip6po_flags for reinjection |
1474 | * rdar://10434993 |
1475 | */ |
1476 | args.fwa_oif = ifp; |
1477 | args.fwa_oflags = flags; |
1478 | if (flags & IPV6_OUTARGS) { |
1479 | args.fwa_ip6oa = ip6oa; |
1480 | } |
1481 | args.fwa_ro6 = ro; |
1482 | args.fwa_dst6 = dst; |
1483 | args.fwa_ro6_pmtu = ro_pmtu; |
1484 | args.fwa_origifp = origifp; |
1485 | args.fwa_mtu = mtu; |
1486 | args.fwa_unfragpartlen = unfragpartlen; |
1487 | args.fwa_exthdrs = &exthdrs; |
1488 | /* Invoke outbound packet filter */ |
1489 | error = pf_af_hook(ifp, NULL, &m, AF_INET6, FALSE, &args); |
1490 | #else /* !DUMMYNET */ |
1491 | error = pf_af_hook(ifp, NULL, &m, AF_INET6, FALSE, NULL); |
1492 | #endif /* !DUMMYNET */ |
1493 | |
1494 | if (error != 0 || m == NULL) { |
1495 | if (m != NULL) { |
1496 | panic("%s: unexpected packet %p" , |
1497 | __func__, m); |
1498 | /* NOTREACHED */ |
1499 | } |
1500 | /* m was already freed by callee and is now NULL. */ |
1501 | goto evaluateloop; |
1502 | } |
1503 | ip6 = mtod(m, struct ip6_hdr *); |
1504 | } |
1505 | #endif /* PF */ |
1506 | |
1507 | #ifdef IPSEC |
1508 | /* clean ipsec history before fragmentation */ |
1509 | ipsec_delaux(m); |
1510 | #endif /* IPSEC */ |
1511 | |
1512 | if (ip6oa != NULL) { |
1513 | u_int8_t dscp; |
1514 | |
1515 | dscp = (ntohl(ip6->ip6_flow) & IP6FLOW_DSCP_MASK) >> IP6FLOW_DSCP_SHIFT; |
1516 | |
1517 | error = set_packet_qos(m, ifp, |
1518 | ip6oa->ip6oa_flags & IP6OAF_QOSMARKING_ALLOWED ? TRUE : FALSE, |
1519 | ip6oa->ip6oa_sotc, ip6oa->ip6oa_netsvctype, &dscp); |
1520 | if (error == 0) { |
1521 | ip6->ip6_flow &= ~htonl(IP6FLOW_DSCP_MASK); |
1522 | ip6->ip6_flow |= htonl((u_int32_t)dscp << IP6FLOW_DSCP_SHIFT); |
1523 | } else { |
1524 | printf("%s if_dscp_for_mbuf() error %d\n" , __func__, error); |
1525 | error = 0; |
1526 | } |
1527 | } |
1528 | /* |
1529 | * Determine whether fragmentation is necessary. If so, m is passed |
1530 | * back as a chain of packets and original mbuf is freed. Otherwise, m |
1531 | * is unchanged. |
1532 | */ |
1533 | error = ip6_fragment_packet(m: &m, opt, ip6oa, |
1534 | exthdrsp: &exthdrs, ifp, mtu, unfragpartlen, nxt0, |
1535 | optlen); |
1536 | |
1537 | if (error) { |
1538 | goto bad; |
1539 | } |
1540 | |
1541 | /* |
1542 | * The evaluateloop label is where we decide whether to continue looping over |
1543 | * packets or call into nd code to send. |
1544 | */ |
1545 | evaluateloop: |
1546 | |
1547 | /* |
1548 | * m may be NULL when we jump to the evaluateloop label from PF or |
1549 | * other code that can drop packets. |
1550 | */ |
1551 | if (m != NULL) { |
1552 | /* |
1553 | * If we already have a chain to send, tack m onto the end. |
1554 | * Otherwise make m the start and end of the to-be-sent chain. |
1555 | */ |
1556 | if (sendchain != NULL) { |
1557 | sendchain_last->m_nextpkt = m; |
1558 | } else { |
1559 | sendchain = m; |
1560 | } |
1561 | |
1562 | /* Fragmentation may mean m is a chain. Find the last packet. */ |
1563 | while (m->m_nextpkt) { |
1564 | m = m->m_nextpkt; |
1565 | } |
1566 | sendchain_last = m; |
1567 | pktcnt++; |
1568 | } |
1569 | |
1570 | /* Fill in next m from inputchain as appropriate. */ |
1571 | m = inputchain; |
1572 | if (m != NULL) { |
1573 | /* Isolate m from rest of input chain. */ |
1574 | inputchain = m->m_nextpkt; |
1575 | m->m_nextpkt = NULL; |
1576 | |
1577 | /* |
1578 | * Clear exthdrs and ipsec_state so stale contents are not |
1579 | * reused. Note this also clears the exthdrs.merged flag. |
1580 | */ |
1581 | bzero(s: &exthdrs, n: sizeof(exthdrs)); |
1582 | bzero(s: &ipsec_state, n: sizeof(ipsec_state)); |
1583 | |
1584 | /* Continue looping. */ |
1585 | goto loopit; |
1586 | } |
1587 | |
1588 | /* |
1589 | * If we get here, there's no more mbufs in inputchain, so send the |
1590 | * sendchain if there is one. |
1591 | */ |
1592 | if (pktcnt > 0) { |
1593 | error = nd6_output_list(ifp, origifp, sendchain, dst, |
1594 | ro->ro_rt, adv); |
1595 | /* |
1596 | * Fall through to done label even in error case because |
1597 | * nd6_output_list frees packetchain in both success and |
1598 | * failure cases. |
1599 | */ |
1600 | } |
1601 | |
1602 | done: |
1603 | if (ifpp_save != NULL && *ifpp_save != NULL) { |
1604 | ifnet_release(interface: *ifpp_save); |
1605 | *ifpp_save = NULL; |
1606 | } |
1607 | ROUTE_RELEASE(&ip6route); |
1608 | #if IPSEC |
1609 | ROUTE_RELEASE(&ipsec_state.ro); |
1610 | if (sp != NULL) { |
1611 | key_freesp(sp, KEY_SADB_UNLOCKED); |
1612 | } |
1613 | #endif /* IPSEC */ |
1614 | #if NECP |
1615 | ROUTE_RELEASE(&necp_route); |
1616 | #endif /* NECP */ |
1617 | #if DUMMYNET |
1618 | ROUTE_RELEASE(&saved_route); |
1619 | ROUTE_RELEASE(&saved_ro_pmtu); |
1620 | #endif /* DUMMYNET */ |
1621 | |
1622 | if (ia != NULL) { |
1623 | ifa_remref(ifa: &ia->ia_ifa); |
1624 | } |
1625 | if (src_ia != NULL) { |
1626 | ifa_remref(ifa: &src_ia->ia_ifa); |
1627 | } |
1628 | if (ifp != NULL) { |
1629 | ifnet_release(interface: ifp); |
1630 | } |
1631 | if (origifp != NULL) { |
1632 | ifnet_release(interface: origifp); |
1633 | } |
1634 | if (ip6_output_measure) { |
1635 | net_perf_measure_time(npp: &net_perf, start: &start_tv, num_pkts: packets_processed); |
1636 | net_perf_histogram(npp: &net_perf, num_pkts: packets_processed); |
1637 | } |
1638 | return error; |
1639 | |
1640 | freehdrs: |
1641 | if (exthdrs.ip6e_hbh != NULL) { |
1642 | if (exthdrs.merged) { |
1643 | panic("Double free of ip6e_hbh" ); |
1644 | } |
1645 | m_freem(exthdrs.ip6e_hbh); |
1646 | } |
1647 | if (exthdrs.ip6e_dest1 != NULL) { |
1648 | if (exthdrs.merged) { |
1649 | panic("Double free of ip6e_dest1" ); |
1650 | } |
1651 | m_freem(exthdrs.ip6e_dest1); |
1652 | } |
1653 | if (exthdrs.ip6e_rthdr != NULL) { |
1654 | if (exthdrs.merged) { |
1655 | panic("Double free of ip6e_rthdr" ); |
1656 | } |
1657 | m_freem(exthdrs.ip6e_rthdr); |
1658 | } |
1659 | if (exthdrs.ip6e_dest2 != NULL) { |
1660 | if (exthdrs.merged) { |
1661 | panic("Double free of ip6e_dest2" ); |
1662 | } |
1663 | m_freem(exthdrs.ip6e_dest2); |
1664 | } |
1665 | /* FALLTHRU */ |
1666 | bad: |
1667 | if (inputchain != NULL) { |
1668 | m_freem_list(inputchain); |
1669 | } |
1670 | if (sendchain != NULL) { |
1671 | m_freem_list(sendchain); |
1672 | } |
1673 | if (m != NULL) { |
1674 | m_freem(m); |
1675 | } |
1676 | |
1677 | goto done; |
1678 | |
1679 | #undef ipf_pktopts |
1680 | #undef exthdrs |
1681 | #undef ip6route |
1682 | #undef ipsec_state |
1683 | #undef saved_route |
1684 | #undef saved_ro_pmtu |
1685 | #undef args |
1686 | } |
1687 | |
1688 | /* ip6_fragment_packet |
1689 | * |
1690 | * The fragmentation logic is rather complex: |
1691 | * 1: normal case (dontfrag == 0) |
1692 | * 1-a: send as is if tlen <= path mtu |
1693 | * 1-b: fragment if tlen > path mtu |
1694 | * |
1695 | * 2: if user asks us not to fragment (dontfrag == 1) |
1696 | * 2-a: send as is if tlen <= interface mtu |
1697 | * 2-b: error if tlen > interface mtu |
1698 | */ |
1699 | |
1700 | static int |
1701 | ip6_fragment_packet(struct mbuf **mptr, struct ip6_pktopts *opt, |
1702 | struct ip6_out_args *ip6oa, struct ip6_exthdrs *exthdrsp, |
1703 | struct ifnet *ifp, uint32_t mtu, uint32_t unfragpartlen, |
1704 | int nxt0, uint32_t optlen) |
1705 | { |
1706 | VERIFY(NULL != mptr); |
1707 | struct mbuf *m = *mptr; |
1708 | int error = 0; |
1709 | uint32_t tlen = m->m_pkthdr.len; |
1710 | boolean_t dontfrag = (opt != NULL && (opt->ip6po_flags & IP6PO_DONTFRAG)) || |
1711 | (ip6oa != NULL && (ip6oa->ip6oa_flags & IP6OAF_DONT_FRAG)); |
1712 | |
1713 | if (m->m_pkthdr.pkt_flags & PKTF_FORWARDED) { |
1714 | dontfrag = TRUE; |
1715 | /* |
1716 | * Discard partial sum information if this packet originated |
1717 | * from another interface; the packet would already have the |
1718 | * final checksum and we shouldn't recompute it. |
1719 | */ |
1720 | if ((m->m_pkthdr.csum_flags & (CSUM_DATA_VALID | CSUM_PARTIAL)) == |
1721 | (CSUM_DATA_VALID | CSUM_PARTIAL)) { |
1722 | m->m_pkthdr.csum_flags &= ~CSUM_TX_FLAGS; |
1723 | m->m_pkthdr.csum_data = 0; |
1724 | } |
1725 | } |
1726 | |
1727 | /* Access without acquiring nd_ifinfo lock for performance */ |
1728 | if (dontfrag && tlen > IN6_LINKMTU(ifp)) { /* case 2-b */ |
1729 | /* |
1730 | * We do not notify the connection in the same outbound path |
1731 | * to avoid lock ordering issues. |
1732 | * The returned error should imply that the packet is too big |
1733 | * and the application should query the PMTU for a given destination. |
1734 | */ |
1735 | return EMSGSIZE; |
1736 | } |
1737 | |
1738 | /* |
1739 | * transmit packet without fragmentation |
1740 | */ |
1741 | if (dontfrag || |
1742 | (tlen <= mtu || TSO_IPV6_OK(ifp, m) || |
1743 | (ifp->if_hwassist & CSUM_FRAGMENT_IPV6))) { |
1744 | /* |
1745 | * mppn not updated in this case because no new chain is formed |
1746 | * and inserted |
1747 | */ |
1748 | ip6_output_checksum(ifp, mtu, m, nxt0, tlen, optlen); |
1749 | } else { |
1750 | /* |
1751 | * time to fragment - cases 1-b is handled inside |
1752 | * ip6_do_fragmentation(). |
1753 | * mppn is passed down to be updated to point at fragment chain. |
1754 | */ |
1755 | u_int8_t *lexthdrsp; |
1756 | |
1757 | if (exthdrsp->ip6e_rthdr != NULL) { |
1758 | lexthdrsp = mtod(exthdrsp->ip6e_rthdr, uint8_t *); |
1759 | } else if (exthdrsp->ip6e_dest1 != NULL) { |
1760 | lexthdrsp = mtod(exthdrsp->ip6e_dest1, uint8_t *); |
1761 | } else if (exthdrsp->ip6e_hbh != NULL) { |
1762 | lexthdrsp = mtod(exthdrsp->ip6e_hbh, uint8_t *); |
1763 | } else { |
1764 | lexthdrsp = NULL; |
1765 | } |
1766 | error = ip6_do_fragmentation(mptr, optlen, ifp, |
1767 | unfragpartlen, mtod(m, struct ip6_hdr *), lexthdrsp, mtu, |
1768 | nxt0, htonl(ip6_randomid((uint64_t)m))); |
1769 | } |
1770 | |
1771 | return error; |
1772 | } |
1773 | |
1774 | /* |
1775 | * ip6_do_fragmentation() is called by ip6_fragment_packet() after determining |
1776 | * the packet needs to be fragmented. on success, morig is freed and a chain |
1777 | * of fragments is linked into the packet chain where morig existed. Otherwise, |
1778 | * an errno is returned. |
1779 | * optlen: total length of all extension headers (excludes the IPv6 header). |
1780 | * unfragpartlen: length of the per-fragment headers which consist of the IPv6 |
1781 | * header plus any extension headers that must be processed by nodes |
1782 | * en route to the destination. |
1783 | * lexthdrsp: pointer to the last extension header in the unfragmentable part |
1784 | * or NULL. |
1785 | * nxt0: upper-layer protocol number. |
1786 | * id: Identification value to be used in the fragment header. |
1787 | */ |
1788 | int |
1789 | ip6_do_fragmentation(struct mbuf **mptr, uint32_t optlen, struct ifnet *ifp, |
1790 | uint32_t unfragpartlen, struct ip6_hdr *ip6, uint8_t *lexthdrsp, |
1791 | uint32_t mtu, int nxt0, uint32_t id) |
1792 | { |
1793 | VERIFY(NULL != mptr); |
1794 | int error = 0; |
1795 | |
1796 | struct mbuf *morig = *mptr; |
1797 | struct mbuf *first_mbufp = NULL; |
1798 | struct mbuf *last_mbufp = NULL; |
1799 | |
1800 | uint32_t tlen = morig->m_pkthdr.len; |
1801 | |
1802 | /* try to fragment the packet. case 1-b */ |
1803 | if ((morig->m_pkthdr.csum_flags & CSUM_TSO_IPV6)) { |
1804 | /* TSO and fragment aren't compatible */ |
1805 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1806 | return EMSGSIZE; |
1807 | } else if (mtu < IPV6_MMTU) { |
1808 | /* path MTU cannot be less than IPV6_MMTU */ |
1809 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1810 | return EMSGSIZE; |
1811 | } else if (ip6->ip6_plen == 0) { |
1812 | /* jumbo payload cannot be fragmented */ |
1813 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1814 | return EMSGSIZE; |
1815 | } else { |
1816 | uint32_t hlen, off, len; |
1817 | struct mbuf **mnext = NULL; |
1818 | struct ip6_frag *ip6f; |
1819 | u_char nextproto; |
1820 | |
1821 | /* |
1822 | * Too large for the destination or interface; |
1823 | * fragment if possible. |
1824 | * Must be able to put at least 8 bytes per fragment. |
1825 | */ |
1826 | hlen = unfragpartlen; |
1827 | if (mtu > IPV6_MAXPACKET) { |
1828 | mtu = IPV6_MAXPACKET; |
1829 | } |
1830 | |
1831 | len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7; |
1832 | if (len < 8) { |
1833 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1834 | return EMSGSIZE; |
1835 | } |
1836 | |
1837 | /* |
1838 | * Change the next header field of the last header in the |
1839 | * unfragmentable part. |
1840 | */ |
1841 | if (lexthdrsp != NULL) { |
1842 | nextproto = *lexthdrsp; |
1843 | *lexthdrsp = IPPROTO_FRAGMENT; |
1844 | } else { |
1845 | nextproto = ip6->ip6_nxt; |
1846 | ip6->ip6_nxt = IPPROTO_FRAGMENT; |
1847 | } |
1848 | |
1849 | if (morig->m_pkthdr.csum_flags & CSUM_DELAY_IPV6_DATA) { |
1850 | in6_delayed_cksum_offset(morig, 0, optlen, nxt0); |
1851 | } |
1852 | |
1853 | /* |
1854 | * Loop through length of segment after first fragment, |
1855 | * make new header and copy data of each part and link onto |
1856 | * chain. |
1857 | */ |
1858 | for (off = hlen; off < tlen; off += len) { |
1859 | struct ip6_hdr *new_mhip6; |
1860 | struct mbuf *new_m; |
1861 | struct mbuf *m_frgpart; |
1862 | |
1863 | MGETHDR(new_m, M_DONTWAIT, MT_HEADER); /* MAC-OK */ |
1864 | if (new_m == NULL) { |
1865 | error = ENOBUFS; |
1866 | ip6stat.ip6s_odropped++; |
1867 | break; |
1868 | } |
1869 | new_m->m_pkthdr.rcvif = NULL; |
1870 | new_m->m_flags = morig->m_flags & M_COPYFLAGS; |
1871 | |
1872 | if (first_mbufp != NULL) { |
1873 | /* Every pass through loop but first */ |
1874 | *mnext = new_m; |
1875 | last_mbufp = new_m; |
1876 | } else { |
1877 | /* This is the first element of the fragment chain */ |
1878 | first_mbufp = new_m; |
1879 | last_mbufp = new_m; |
1880 | } |
1881 | mnext = &new_m->m_nextpkt; |
1882 | |
1883 | new_m->m_data += max_linkhdr; |
1884 | new_mhip6 = mtod(new_m, struct ip6_hdr *); |
1885 | *new_mhip6 = *ip6; |
1886 | new_m->m_len = sizeof(*new_mhip6); |
1887 | |
1888 | error = ip6_insertfraghdr(morig, new_m, hlen, &ip6f); |
1889 | if (error) { |
1890 | ip6stat.ip6s_odropped++; |
1891 | break; |
1892 | } |
1893 | |
1894 | ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7)); |
1895 | if (off + len >= tlen) { |
1896 | len = tlen - off; |
1897 | } else { |
1898 | ip6f->ip6f_offlg |= IP6F_MORE_FRAG; |
1899 | } |
1900 | new_mhip6->ip6_plen = htons((u_short)(len + hlen + |
1901 | sizeof(*ip6f) - sizeof(struct ip6_hdr))); |
1902 | |
1903 | if ((m_frgpart = m_copy(morig, off, len)) == NULL) { |
1904 | error = ENOBUFS; |
1905 | ip6stat.ip6s_odropped++; |
1906 | break; |
1907 | } |
1908 | m_cat(new_m, m_frgpart); |
1909 | new_m->m_pkthdr.len = len + hlen + sizeof(*ip6f); |
1910 | new_m->m_pkthdr.rcvif = NULL; |
1911 | |
1912 | M_COPY_CLASSIFIER(new_m, morig); |
1913 | M_COPY_PFTAG(new_m, morig); |
1914 | M_COPY_NECPTAG(new_m, morig); |
1915 | |
1916 | ip6f->ip6f_reserved = 0; |
1917 | ip6f->ip6f_ident = id; |
1918 | ip6f->ip6f_nxt = nextproto; |
1919 | ip6stat.ip6s_ofragments++; |
1920 | in6_ifstat_inc(ifp, ifs6_out_fragcreat); |
1921 | } |
1922 | |
1923 | if (error) { |
1924 | /* free all the fragments created */ |
1925 | if (first_mbufp != NULL) { |
1926 | m_freem_list(first_mbufp); |
1927 | first_mbufp = NULL; |
1928 | } |
1929 | last_mbufp = NULL; |
1930 | } else { |
1931 | /* successful fragmenting */ |
1932 | m_freem(morig); |
1933 | *mptr = first_mbufp; |
1934 | last_mbufp->m_nextpkt = NULL; |
1935 | ip6stat.ip6s_fragmented++; |
1936 | in6_ifstat_inc(ifp, ifs6_out_fragok); |
1937 | } |
1938 | } |
1939 | return error; |
1940 | } |
1941 | |
1942 | static int |
1943 | ip6_copyexthdr(struct mbuf **mp, caddr_t hdr, int hlen) |
1944 | { |
1945 | struct mbuf *m; |
1946 | |
1947 | if (hlen > MCLBYTES) { |
1948 | return ENOBUFS; /* XXX */ |
1949 | } |
1950 | MGET(m, M_DONTWAIT, MT_DATA); |
1951 | if (m == NULL) { |
1952 | return ENOBUFS; |
1953 | } |
1954 | |
1955 | if (hlen > MLEN) { |
1956 | MCLGET(m, M_DONTWAIT); |
1957 | if (!(m->m_flags & M_EXT)) { |
1958 | m_free(m); |
1959 | return ENOBUFS; |
1960 | } |
1961 | } |
1962 | m->m_len = hlen; |
1963 | if (hdr != NULL) { |
1964 | bcopy(src: hdr, mtod(m, caddr_t), n: hlen); |
1965 | } |
1966 | |
1967 | *mp = m; |
1968 | return 0; |
1969 | } |
1970 | |
1971 | static void |
1972 | ip6_out_cksum_stats(int proto, u_int32_t len) |
1973 | { |
1974 | switch (proto) { |
1975 | case IPPROTO_TCP: |
1976 | tcp_out6_cksum_stats(len); |
1977 | break; |
1978 | case IPPROTO_UDP: |
1979 | udp_out6_cksum_stats(len); |
1980 | break; |
1981 | default: |
1982 | /* keep only TCP or UDP stats for now */ |
1983 | break; |
1984 | } |
1985 | } |
1986 | |
1987 | /* |
1988 | * Process a delayed payload checksum calculation (outbound path.) |
1989 | * |
1990 | * hoff is the number of bytes beyond the mbuf data pointer which |
1991 | * points to the IPv6 header. optlen is the number of bytes, if any, |
1992 | * between the end of IPv6 header and the beginning of the ULP payload |
1993 | * header, which represents the extension headers. If optlen is less |
1994 | * than zero, this routine will bail when it detects extension headers. |
1995 | * |
1996 | * Returns a bitmask representing all the work done in software. |
1997 | */ |
1998 | uint32_t |
1999 | in6_finalize_cksum(struct mbuf *m, uint32_t hoff, int32_t optlen, |
2000 | int32_t nxt0, uint32_t csum_flags) |
2001 | { |
2002 | unsigned char buf[sizeof(struct ip6_hdr)] __attribute__((aligned(8))); |
2003 | struct ip6_hdr *ip6; |
2004 | uint32_t offset, mlen, hlen, olen, sw_csum; |
2005 | uint16_t csum, ulpoff, plen; |
2006 | uint8_t nxt; |
2007 | |
2008 | _CASSERT(sizeof(csum) == sizeof(uint16_t)); |
2009 | VERIFY(m->m_flags & M_PKTHDR); |
2010 | |
2011 | sw_csum = (csum_flags & m->m_pkthdr.csum_flags); |
2012 | |
2013 | if ((sw_csum &= CSUM_DELAY_IPV6_DATA) == 0) { |
2014 | goto done; |
2015 | } |
2016 | |
2017 | mlen = m->m_pkthdr.len; /* total mbuf len */ |
2018 | hlen = sizeof(*ip6); /* IPv6 header len */ |
2019 | |
2020 | /* sanity check (need at least IPv6 header) */ |
2021 | if (mlen < (hoff + hlen)) { |
2022 | panic("%s: mbuf %p pkt len (%u) < hoff+ip6_hdr " |
2023 | "(%u+%u)\n" , __func__, m, mlen, hoff, hlen); |
2024 | /* NOTREACHED */ |
2025 | } |
2026 | |
2027 | /* |
2028 | * In case the IPv6 header is not contiguous, or not 32-bit |
2029 | * aligned, copy it to a local buffer. |
2030 | */ |
2031 | if ((hoff + hlen) > m->m_len || |
2032 | !IP6_HDR_ALIGNED_P(mtod(m, caddr_t) + hoff)) { |
2033 | m_copydata(m, hoff, hlen, (caddr_t)buf); |
2034 | ip6 = (struct ip6_hdr *)(void *)buf; |
2035 | } else { |
2036 | ip6 = (struct ip6_hdr *)(void *)(m->m_data + hoff); |
2037 | } |
2038 | |
2039 | nxt = ip6->ip6_nxt; |
2040 | plen = ntohs(ip6->ip6_plen); |
2041 | if (plen != (mlen - (hoff + hlen))) { |
2042 | plen = OSSwapInt16(plen); |
2043 | if (plen != (mlen - (hoff + hlen))) { |
2044 | /* Don't complain for jumbograms */ |
2045 | if (plen != 0 || nxt != IPPROTO_HOPOPTS) { |
2046 | printf("%s: mbuf 0x%llx proto %d IPv6 " |
2047 | "plen %d (%x) [swapped %d (%x)] doesn't " |
2048 | "match actual packet length; %d is used " |
2049 | "instead\n" , __func__, |
2050 | (uint64_t)VM_KERNEL_ADDRPERM(m), nxt, |
2051 | ip6->ip6_plen, ip6->ip6_plen, plen, plen, |
2052 | (mlen - (hoff + hlen))); |
2053 | } |
2054 | plen = (uint16_t)(mlen - (hoff + hlen)); |
2055 | } |
2056 | } |
2057 | |
2058 | if (optlen < 0) { |
2059 | /* next header isn't TCP/UDP and we don't know optlen, bail */ |
2060 | if (nxt != IPPROTO_TCP && nxt != IPPROTO_UDP) { |
2061 | sw_csum = 0; |
2062 | goto done; |
2063 | } |
2064 | olen = 0; |
2065 | } else { |
2066 | /* caller supplied the original transport number; use it */ |
2067 | if (nxt0 >= 0) { |
2068 | nxt = (uint8_t)nxt0; |
2069 | } |
2070 | olen = optlen; |
2071 | } |
2072 | |
2073 | offset = hoff + hlen + olen; /* ULP header */ |
2074 | |
2075 | /* sanity check */ |
2076 | if (mlen < offset) { |
2077 | panic("%s: mbuf %p pkt len (%u) < hoff+ip6_hdr+ext_hdr " |
2078 | "(%u+%u+%u)\n" , __func__, m, mlen, hoff, hlen, olen); |
2079 | /* NOTREACHED */ |
2080 | } |
2081 | |
2082 | /* |
2083 | * offset is added to the lower 16-bit value of csum_data, |
2084 | * which is expected to contain the ULP offset; therefore |
2085 | * CSUM_PARTIAL offset adjustment must be undone. |
2086 | */ |
2087 | if ((m->m_pkthdr.csum_flags & (CSUM_PARTIAL | CSUM_DATA_VALID)) == |
2088 | (CSUM_PARTIAL | CSUM_DATA_VALID)) { |
2089 | /* |
2090 | * Get back the original ULP offset (this will |
2091 | * undo the CSUM_PARTIAL logic in ip6_output.) |
2092 | */ |
2093 | m->m_pkthdr.csum_data = (m->m_pkthdr.csum_tx_stuff - |
2094 | m->m_pkthdr.csum_tx_start); |
2095 | } |
2096 | |
2097 | ulpoff = (m->m_pkthdr.csum_data & 0xffff); /* ULP csum offset */ |
2098 | |
2099 | if (mlen < (ulpoff + sizeof(csum))) { |
2100 | panic("%s: mbuf %p pkt len (%u) proto %d invalid ULP " |
2101 | "cksum offset (%u) cksum flags 0x%x\n" , __func__, |
2102 | m, mlen, nxt, ulpoff, m->m_pkthdr.csum_flags); |
2103 | /* NOTREACHED */ |
2104 | } |
2105 | |
2106 | csum = inet6_cksum(m, 0, offset, plen - olen); |
2107 | |
2108 | /* Update stats */ |
2109 | ip6_out_cksum_stats(proto: nxt, len: plen - olen); |
2110 | |
2111 | /* RFC1122 4.1.3.4 */ |
2112 | if (csum == 0 && |
2113 | (m->m_pkthdr.csum_flags & (CSUM_UDPIPV6 | CSUM_ZERO_INVERT))) { |
2114 | csum = 0xffff; |
2115 | } |
2116 | |
2117 | /* Insert the checksum in the ULP csum field */ |
2118 | offset += ulpoff; |
2119 | if ((offset + sizeof(csum)) > m->m_len) { |
2120 | m_copyback(m, offset, sizeof(csum), &csum); |
2121 | } else if (IP6_HDR_ALIGNED_P(mtod(m, char *) + hoff)) { |
2122 | *(uint16_t *)(void *)(mtod(m, char *) + offset) = csum; |
2123 | } else { |
2124 | bcopy(src: &csum, dst: (mtod(m, char *) + offset), n: sizeof(csum)); |
2125 | } |
2126 | m->m_pkthdr.csum_flags &= ~(CSUM_DELAY_IPV6_DATA | CSUM_DATA_VALID | |
2127 | CSUM_PARTIAL | CSUM_ZERO_INVERT); |
2128 | |
2129 | done: |
2130 | return sw_csum; |
2131 | } |
2132 | |
2133 | /* |
2134 | * Insert jumbo payload option. |
2135 | */ |
2136 | static int |
2137 | ip6_insert_jumboopt(struct ip6_exthdrs *exthdrs, u_int32_t plen) |
2138 | { |
2139 | struct mbuf *mopt; |
2140 | u_char *optbuf; |
2141 | u_int32_t v; |
2142 | |
2143 | #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */ |
2144 | |
2145 | /* |
2146 | * If there is no hop-by-hop options header, allocate new one. |
2147 | * If there is one but it doesn't have enough space to store the |
2148 | * jumbo payload option, allocate a cluster to store the whole options. |
2149 | * Otherwise, use it to store the options. |
2150 | */ |
2151 | if (exthdrs->ip6e_hbh == NULL) { |
2152 | MGET(mopt, M_DONTWAIT, MT_DATA); |
2153 | if (mopt == NULL) { |
2154 | return ENOBUFS; |
2155 | } |
2156 | mopt->m_len = JUMBOOPTLEN; |
2157 | optbuf = mtod(mopt, u_char *); |
2158 | optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */ |
2159 | exthdrs->ip6e_hbh = mopt; |
2160 | } else { |
2161 | struct ip6_hbh *hbh; |
2162 | |
2163 | mopt = exthdrs->ip6e_hbh; |
2164 | if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) { |
2165 | /* |
2166 | * XXX assumption: |
2167 | * - exthdrs->ip6e_hbh is not referenced from places |
2168 | * other than exthdrs. |
2169 | * - exthdrs->ip6e_hbh is not an mbuf chain. |
2170 | */ |
2171 | u_int32_t oldoptlen = mopt->m_len; |
2172 | struct mbuf *n; |
2173 | |
2174 | /* |
2175 | * XXX: give up if the whole (new) hbh header does |
2176 | * not fit even in an mbuf cluster. |
2177 | */ |
2178 | if (oldoptlen + JUMBOOPTLEN > MCLBYTES) { |
2179 | return ENOBUFS; |
2180 | } |
2181 | |
2182 | /* |
2183 | * As a consequence, we must always prepare a cluster |
2184 | * at this point. |
2185 | */ |
2186 | MGET(n, M_DONTWAIT, MT_DATA); |
2187 | if (n != NULL) { |
2188 | MCLGET(n, M_DONTWAIT); |
2189 | if (!(n->m_flags & M_EXT)) { |
2190 | m_freem(n); |
2191 | n = NULL; |
2192 | } |
2193 | } |
2194 | if (n == NULL) { |
2195 | return ENOBUFS; |
2196 | } |
2197 | n->m_len = oldoptlen + JUMBOOPTLEN; |
2198 | bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t), |
2199 | n: oldoptlen); |
2200 | optbuf = mtod(n, u_char *) + oldoptlen; |
2201 | m_freem(mopt); |
2202 | mopt = exthdrs->ip6e_hbh = n; |
2203 | } else { |
2204 | optbuf = mtod(mopt, u_char *) + mopt->m_len; |
2205 | mopt->m_len += JUMBOOPTLEN; |
2206 | } |
2207 | optbuf[0] = IP6OPT_PADN; |
2208 | optbuf[1] = 1; |
2209 | |
2210 | /* |
2211 | * Adjust the header length according to the pad and |
2212 | * the jumbo payload option. |
2213 | */ |
2214 | hbh = mtod(mopt, struct ip6_hbh *); |
2215 | hbh->ip6h_len += (JUMBOOPTLEN >> 3); |
2216 | } |
2217 | |
2218 | /* fill in the option. */ |
2219 | optbuf[2] = IP6OPT_JUMBO; |
2220 | optbuf[3] = 4; |
2221 | v = (u_int32_t)htonl(plen + JUMBOOPTLEN); |
2222 | bcopy(src: &v, dst: &optbuf[4], n: sizeof(u_int32_t)); |
2223 | |
2224 | /* finally, adjust the packet header length */ |
2225 | exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN; |
2226 | |
2227 | return 0; |
2228 | #undef JUMBOOPTLEN |
2229 | } |
2230 | |
2231 | /* |
2232 | * Insert fragment header and copy unfragmentable header portions. |
2233 | */ |
2234 | static int |
2235 | ip6_insertfraghdr(struct mbuf *m0, struct mbuf *m, int hlen, |
2236 | struct ip6_frag **frghdrp) |
2237 | { |
2238 | struct mbuf *n, *mlast; |
2239 | |
2240 | if (hlen > sizeof(struct ip6_hdr)) { |
2241 | n = m_copym(m0, sizeof(struct ip6_hdr), |
2242 | hlen - sizeof(struct ip6_hdr), M_DONTWAIT); |
2243 | if (n == NULL) { |
2244 | return ENOBUFS; |
2245 | } |
2246 | m->m_next = n; |
2247 | } else { |
2248 | n = m; |
2249 | } |
2250 | |
2251 | /* Search for the last mbuf of unfragmentable part. */ |
2252 | for (mlast = n; mlast->m_next; mlast = mlast->m_next) { |
2253 | ; |
2254 | } |
2255 | |
2256 | if (!(mlast->m_flags & M_EXT) && |
2257 | M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) { |
2258 | /* use the trailing space of the last mbuf for the frag hdr */ |
2259 | *frghdrp = (struct ip6_frag *)(mtod(mlast, caddr_t) + |
2260 | mlast->m_len); |
2261 | mlast->m_len += sizeof(struct ip6_frag); |
2262 | m->m_pkthdr.len += sizeof(struct ip6_frag); |
2263 | } else { |
2264 | /* allocate a new mbuf for the fragment header */ |
2265 | struct mbuf *mfrg; |
2266 | |
2267 | MGET(mfrg, M_DONTWAIT, MT_DATA); |
2268 | if (mfrg == NULL) { |
2269 | return ENOBUFS; |
2270 | } |
2271 | mfrg->m_len = sizeof(struct ip6_frag); |
2272 | *frghdrp = mtod(mfrg, struct ip6_frag *); |
2273 | mlast->m_next = mfrg; |
2274 | } |
2275 | |
2276 | return 0; |
2277 | } |
2278 | |
2279 | static int |
2280 | ip6_getpmtu(struct route_in6 *ro_pmtu, struct route_in6 *ro, |
2281 | struct ifnet *ifp, struct in6_addr *dst, uint32_t dst_ifscope, u_int32_t *mtup) |
2282 | { |
2283 | u_int32_t mtu = 0; |
2284 | int error = 0; |
2285 | |
2286 | if (ro_pmtu != ro) { |
2287 | /* The first hop and the final destination may differ. */ |
2288 | struct sockaddr_in6 *sa6_dst = SIN6(&ro_pmtu->ro_dst); |
2289 | if (ROUTE_UNUSABLE(ro_pmtu) || |
2290 | !in6_are_addr_equal_scoped(&sa6_dst->sin6_addr, dst, sa6_dst->sin6_scope_id, dst_ifscope)) { |
2291 | ROUTE_RELEASE(ro_pmtu); |
2292 | } |
2293 | |
2294 | if (ro_pmtu->ro_rt == NULL) { |
2295 | SOCKADDR_ZERO(sa6_dst, sizeof(*sa6_dst)); |
2296 | sa6_dst->sin6_family = AF_INET6; |
2297 | sa6_dst->sin6_len = sizeof(struct sockaddr_in6); |
2298 | sa6_dst->sin6_addr = *dst; |
2299 | |
2300 | rtalloc_scoped((struct route *)ro_pmtu, |
2301 | ifp != NULL ? ifp->if_index : IFSCOPE_NONE); |
2302 | } |
2303 | } |
2304 | |
2305 | if (ro_pmtu->ro_rt != NULL) { |
2306 | u_int32_t ifmtu; |
2307 | |
2308 | if (ifp == NULL) { |
2309 | ifp = ro_pmtu->ro_rt->rt_ifp; |
2310 | } |
2311 | /* Access without acquiring nd_ifinfo lock for performance */ |
2312 | ifmtu = IN6_LINKMTU(ifp); |
2313 | |
2314 | /* |
2315 | * Access rmx_mtu without holding the route entry lock, |
2316 | * for performance; this isn't something that changes |
2317 | * often, so optimize. |
2318 | */ |
2319 | mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu; |
2320 | if (mtu > ifmtu || mtu == 0) { |
2321 | /* |
2322 | * The MTU on the route is larger than the MTU on |
2323 | * the interface! This shouldn't happen, unless the |
2324 | * MTU of the interface has been changed after the |
2325 | * interface was brought up. Change the MTU in the |
2326 | * route to match the interface MTU (as long as the |
2327 | * field isn't locked). |
2328 | * |
2329 | * if MTU on the route is 0, we need to fix the MTU. |
2330 | * this case happens with path MTU discovery timeouts. |
2331 | */ |
2332 | mtu = ifmtu; |
2333 | if (!(ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU)) { |
2334 | ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */ |
2335 | } |
2336 | } |
2337 | } else { |
2338 | if (ifp) { |
2339 | /* Don't hold nd_ifinfo lock for performance */ |
2340 | mtu = IN6_LINKMTU(ifp); |
2341 | } else { |
2342 | error = EHOSTUNREACH; /* XXX */ |
2343 | } |
2344 | } |
2345 | |
2346 | *mtup = mtu; |
2347 | return error; |
2348 | } |
2349 | |
2350 | /* |
2351 | * IP6 socket option processing. |
2352 | */ |
2353 | int |
2354 | ip6_ctloutput(struct socket *so, struct sockopt *sopt) |
2355 | { |
2356 | int optdatalen, uproto; |
2357 | void *optdata; |
2358 | int privileged; |
2359 | struct inpcb *in6p = sotoinpcb(so); |
2360 | int error = 0, optval = 0; |
2361 | int level, op = -1, optname = 0; |
2362 | size_t optlen = 0; |
2363 | struct proc *p; |
2364 | lck_mtx_t *mutex_held = NULL; |
2365 | |
2366 | VERIFY(sopt != NULL); |
2367 | |
2368 | level = sopt->sopt_level; |
2369 | op = sopt->sopt_dir; |
2370 | optname = sopt->sopt_name; |
2371 | optlen = sopt->sopt_valsize; |
2372 | p = sopt->sopt_p; |
2373 | uproto = (int)SOCK_PROTO(so); |
2374 | |
2375 | privileged = (proc_suser(p) == 0); |
2376 | |
2377 | if (level == IPPROTO_IPV6) { |
2378 | boolean_t capture_exthdrstat_in = FALSE; |
2379 | switch (op) { |
2380 | case SOPT_SET: |
2381 | mutex_held = socket_getlock(so, PR_F_WILLUNLOCK); |
2382 | /* |
2383 | * Wait if we are in the middle of ip6_output |
2384 | * as we unlocked the socket there and don't |
2385 | * want to overwrite the IP options |
2386 | */ |
2387 | if (in6p->inp_sndinprog_cnt > 0) { |
2388 | in6p->inp_sndingprog_waiters++; |
2389 | |
2390 | while (in6p->inp_sndinprog_cnt > 0) { |
2391 | msleep(chan: &in6p->inp_sndinprog_cnt, mtx: mutex_held, |
2392 | PSOCK | PCATCH, wmesg: "inp_sndinprog_cnt" , |
2393 | NULL); |
2394 | } |
2395 | in6p->inp_sndingprog_waiters--; |
2396 | } |
2397 | switch (optname) { |
2398 | case IPV6_2292PKTOPTIONS: { |
2399 | struct mbuf *m; |
2400 | |
2401 | error = soopt_getm(sopt, mp: &m); |
2402 | if (error != 0) { |
2403 | break; |
2404 | } |
2405 | error = soopt_mcopyin(sopt, m); |
2406 | if (error != 0) { |
2407 | break; |
2408 | } |
2409 | error = ip6_pcbopts(&in6p->in6p_outputopts, |
2410 | m, so, sopt); |
2411 | m_freem(m); |
2412 | break; |
2413 | } |
2414 | |
2415 | /* |
2416 | * Use of some Hop-by-Hop options or some |
2417 | * Destination options, might require special |
2418 | * privilege. That is, normal applications |
2419 | * (without special privilege) might be forbidden |
2420 | * from setting certain options in outgoing packets, |
2421 | * and might never see certain options in received |
2422 | * packets. [RFC 2292 Section 6] |
2423 | * KAME specific note: |
2424 | * KAME prevents non-privileged users from sending or |
2425 | * receiving ANY hbh/dst options in order to avoid |
2426 | * overhead of parsing options in the kernel. |
2427 | */ |
2428 | case IPV6_RECVHOPOPTS: |
2429 | case IPV6_RECVDSTOPTS: |
2430 | case IPV6_RECVRTHDRDSTOPTS: |
2431 | if (!privileged) { |
2432 | break; |
2433 | } |
2434 | OS_FALLTHROUGH; |
2435 | case IPV6_UNICAST_HOPS: |
2436 | case IPV6_HOPLIMIT: |
2437 | case IPV6_RECVPKTINFO: |
2438 | case IPV6_RECVHOPLIMIT: |
2439 | case IPV6_RECVRTHDR: |
2440 | case IPV6_RECVPATHMTU: |
2441 | case IPV6_RECVTCLASS: |
2442 | case IPV6_V6ONLY: |
2443 | case IPV6_AUTOFLOWLABEL: |
2444 | if (optlen != sizeof(int)) { |
2445 | error = EINVAL; |
2446 | break; |
2447 | } |
2448 | error = sooptcopyin(sopt, &optval, |
2449 | len: sizeof(optval), minlen: sizeof(optval)); |
2450 | if (error) { |
2451 | break; |
2452 | } |
2453 | |
2454 | switch (optname) { |
2455 | case IPV6_UNICAST_HOPS: |
2456 | if (optval < -1 || optval >= 256) { |
2457 | error = EINVAL; |
2458 | } else { |
2459 | /* -1 = kernel default */ |
2460 | in6p->in6p_hops = (short)optval; |
2461 | if (in6p->inp_vflag & |
2462 | INP_IPV4) { |
2463 | in6p->inp_ip_ttl = |
2464 | (uint8_t)optval; |
2465 | } |
2466 | } |
2467 | break; |
2468 | #define OPTSET(bit) do { \ |
2469 | if (optval) \ |
2470 | in6p->inp_flags |= (bit); \ |
2471 | else \ |
2472 | in6p->inp_flags &= ~(bit); \ |
2473 | } while (0) |
2474 | |
2475 | #define OPTSET2292(bit) do { \ |
2476 | in6p->inp_flags |= IN6P_RFC2292; \ |
2477 | if (optval) \ |
2478 | in6p->inp_flags |= (bit); \ |
2479 | else \ |
2480 | in6p->inp_flags &= ~(bit); \ |
2481 | } while (0) |
2482 | |
2483 | #define OPTBIT(bit) (in6p->inp_flags & (bit) ? 1 : 0) |
2484 | |
2485 | case IPV6_RECVPKTINFO: |
2486 | /* cannot mix with RFC2292 */ |
2487 | if (OPTBIT(IN6P_RFC2292)) { |
2488 | error = EINVAL; |
2489 | break; |
2490 | } |
2491 | OPTSET(IN6P_PKTINFO); |
2492 | break; |
2493 | |
2494 | case IPV6_HOPLIMIT: { |
2495 | struct ip6_pktopts **optp; |
2496 | |
2497 | /* cannot mix with RFC2292 */ |
2498 | if (OPTBIT(IN6P_RFC2292)) { |
2499 | error = EINVAL; |
2500 | break; |
2501 | } |
2502 | optp = &in6p->in6p_outputopts; |
2503 | error = ip6_pcbopt(IPV6_HOPLIMIT, |
2504 | (u_char *)&optval, sizeof(optval), |
2505 | optp, uproto); |
2506 | break; |
2507 | } |
2508 | |
2509 | case IPV6_RECVHOPLIMIT: |
2510 | /* cannot mix with RFC2292 */ |
2511 | if (OPTBIT(IN6P_RFC2292)) { |
2512 | error = EINVAL; |
2513 | break; |
2514 | } |
2515 | OPTSET(IN6P_HOPLIMIT); |
2516 | break; |
2517 | |
2518 | case IPV6_RECVHOPOPTS: |
2519 | /* cannot mix with RFC2292 */ |
2520 | if (OPTBIT(IN6P_RFC2292)) { |
2521 | error = EINVAL; |
2522 | break; |
2523 | } |
2524 | OPTSET(IN6P_HOPOPTS); |
2525 | capture_exthdrstat_in = TRUE; |
2526 | break; |
2527 | |
2528 | case IPV6_RECVDSTOPTS: |
2529 | /* cannot mix with RFC2292 */ |
2530 | if (OPTBIT(IN6P_RFC2292)) { |
2531 | error = EINVAL; |
2532 | break; |
2533 | } |
2534 | OPTSET(IN6P_DSTOPTS); |
2535 | capture_exthdrstat_in = TRUE; |
2536 | break; |
2537 | |
2538 | case IPV6_RECVRTHDRDSTOPTS: |
2539 | /* cannot mix with RFC2292 */ |
2540 | if (OPTBIT(IN6P_RFC2292)) { |
2541 | error = EINVAL; |
2542 | break; |
2543 | } |
2544 | OPTSET(IN6P_RTHDRDSTOPTS); |
2545 | capture_exthdrstat_in = TRUE; |
2546 | break; |
2547 | |
2548 | case IPV6_RECVRTHDR: |
2549 | /* cannot mix with RFC2292 */ |
2550 | if (OPTBIT(IN6P_RFC2292)) { |
2551 | error = EINVAL; |
2552 | break; |
2553 | } |
2554 | OPTSET(IN6P_RTHDR); |
2555 | capture_exthdrstat_in = TRUE; |
2556 | break; |
2557 | |
2558 | case IPV6_RECVPATHMTU: |
2559 | /* |
2560 | * We ignore this option for TCP |
2561 | * sockets. |
2562 | * (RFC3542 leaves this case |
2563 | * unspecified.) |
2564 | */ |
2565 | if (uproto != IPPROTO_TCP) { |
2566 | OPTSET(IN6P_MTU); |
2567 | } |
2568 | break; |
2569 | |
2570 | case IPV6_V6ONLY: |
2571 | /* |
2572 | * make setsockopt(IPV6_V6ONLY) |
2573 | * available only prior to bind(2). |
2574 | * see ipng mailing list, Jun 22 2001. |
2575 | */ |
2576 | if (in6p->inp_lport || |
2577 | !IN6_IS_ADDR_UNSPECIFIED( |
2578 | &in6p->in6p_laddr)) { |
2579 | error = EINVAL; |
2580 | break; |
2581 | } |
2582 | OPTSET(IN6P_IPV6_V6ONLY); |
2583 | if (optval) { |
2584 | in6p->inp_vflag &= ~INP_IPV4; |
2585 | } else { |
2586 | in6p->inp_vflag |= INP_IPV4; |
2587 | } |
2588 | break; |
2589 | |
2590 | case IPV6_RECVTCLASS: |
2591 | /* we can mix with RFC2292 */ |
2592 | OPTSET(IN6P_TCLASS); |
2593 | break; |
2594 | |
2595 | case IPV6_AUTOFLOWLABEL: |
2596 | OPTSET(IN6P_AUTOFLOWLABEL); |
2597 | break; |
2598 | } |
2599 | break; |
2600 | |
2601 | case IPV6_TCLASS: |
2602 | case IPV6_DONTFRAG: |
2603 | case IPV6_USE_MIN_MTU: |
2604 | case IPV6_PREFER_TEMPADDR: { |
2605 | struct ip6_pktopts **optp; |
2606 | |
2607 | if (optlen != sizeof(optval)) { |
2608 | error = EINVAL; |
2609 | break; |
2610 | } |
2611 | error = sooptcopyin(sopt, &optval, |
2612 | len: sizeof(optval), minlen: sizeof(optval)); |
2613 | if (error) { |
2614 | break; |
2615 | } |
2616 | |
2617 | optp = &in6p->in6p_outputopts; |
2618 | error = ip6_pcbopt(optname, (u_char *)&optval, |
2619 | sizeof(optval), optp, uproto); |
2620 | |
2621 | if (optname == IPV6_TCLASS) { |
2622 | // Add in the ECN flags |
2623 | u_int8_t tos = (in6p->inp_ip_tos & ~IPTOS_ECN_MASK); |
2624 | u_int8_t ecn = optval & IPTOS_ECN_MASK; |
2625 | in6p->inp_ip_tos = tos | ecn; |
2626 | } |
2627 | break; |
2628 | } |
2629 | |
2630 | case IPV6_2292PKTINFO: |
2631 | case IPV6_2292HOPLIMIT: |
2632 | case IPV6_2292HOPOPTS: |
2633 | case IPV6_2292DSTOPTS: |
2634 | case IPV6_2292RTHDR: |
2635 | /* RFC 2292 */ |
2636 | if (optlen != sizeof(int)) { |
2637 | error = EINVAL; |
2638 | break; |
2639 | } |
2640 | error = sooptcopyin(sopt, &optval, |
2641 | len: sizeof(optval), minlen: sizeof(optval)); |
2642 | if (error) { |
2643 | break; |
2644 | } |
2645 | switch (optname) { |
2646 | case IPV6_2292PKTINFO: |
2647 | OPTSET2292(IN6P_PKTINFO); |
2648 | break; |
2649 | case IPV6_2292HOPLIMIT: |
2650 | OPTSET2292(IN6P_HOPLIMIT); |
2651 | break; |
2652 | case IPV6_2292HOPOPTS: |
2653 | /* |
2654 | * Check super-user privilege. |
2655 | * See comments for IPV6_RECVHOPOPTS. |
2656 | */ |
2657 | if (!privileged) { |
2658 | return EPERM; |
2659 | } |
2660 | OPTSET2292(IN6P_HOPOPTS); |
2661 | capture_exthdrstat_in = TRUE; |
2662 | break; |
2663 | case IPV6_2292DSTOPTS: |
2664 | if (!privileged) { |
2665 | return EPERM; |
2666 | } |
2667 | OPTSET2292(IN6P_DSTOPTS | |
2668 | IN6P_RTHDRDSTOPTS); /* XXX */ |
2669 | capture_exthdrstat_in = TRUE; |
2670 | break; |
2671 | case IPV6_2292RTHDR: |
2672 | OPTSET2292(IN6P_RTHDR); |
2673 | capture_exthdrstat_in = TRUE; |
2674 | break; |
2675 | } |
2676 | break; |
2677 | |
2678 | case IPV6_3542PKTINFO: |
2679 | case IPV6_3542HOPOPTS: |
2680 | case IPV6_3542RTHDR: |
2681 | case IPV6_3542DSTOPTS: |
2682 | case IPV6_RTHDRDSTOPTS: |
2683 | case IPV6_3542NEXTHOP: { |
2684 | struct ip6_pktopts **optp; |
2685 | /* new advanced API (RFC3542) */ |
2686 | struct mbuf *m; |
2687 | |
2688 | /* cannot mix with RFC2292 */ |
2689 | if (OPTBIT(IN6P_RFC2292)) { |
2690 | error = EINVAL; |
2691 | break; |
2692 | } |
2693 | error = soopt_getm(sopt, mp: &m); |
2694 | if (error != 0) { |
2695 | break; |
2696 | } |
2697 | error = soopt_mcopyin(sopt, m); |
2698 | if (error != 0) { |
2699 | break; |
2700 | } |
2701 | |
2702 | optp = &in6p->in6p_outputopts; |
2703 | error = ip6_pcbopt(optname, mtod(m, u_char *), |
2704 | m->m_len, optp, uproto); |
2705 | m_freem(m); |
2706 | break; |
2707 | } |
2708 | #undef OPTSET |
2709 | case IPV6_MULTICAST_IF: |
2710 | case IPV6_MULTICAST_HOPS: |
2711 | case IPV6_MULTICAST_LOOP: |
2712 | case IPV6_JOIN_GROUP: |
2713 | case IPV6_LEAVE_GROUP: |
2714 | case IPV6_MSFILTER: |
2715 | case MCAST_BLOCK_SOURCE: |
2716 | case MCAST_UNBLOCK_SOURCE: |
2717 | case MCAST_JOIN_GROUP: |
2718 | case MCAST_LEAVE_GROUP: |
2719 | case MCAST_JOIN_SOURCE_GROUP: |
2720 | case MCAST_LEAVE_SOURCE_GROUP: |
2721 | error = ip6_setmoptions(in6p, sopt); |
2722 | break; |
2723 | |
2724 | case IPV6_PORTRANGE: |
2725 | error = sooptcopyin(sopt, &optval, |
2726 | len: sizeof(optval), minlen: sizeof(optval)); |
2727 | if (error) { |
2728 | break; |
2729 | } |
2730 | |
2731 | switch (optval) { |
2732 | case IPV6_PORTRANGE_DEFAULT: |
2733 | in6p->inp_flags &= ~(INP_LOWPORT); |
2734 | in6p->inp_flags &= ~(INP_HIGHPORT); |
2735 | break; |
2736 | |
2737 | case IPV6_PORTRANGE_HIGH: |
2738 | in6p->inp_flags &= ~(INP_LOWPORT); |
2739 | in6p->inp_flags |= INP_HIGHPORT; |
2740 | break; |
2741 | |
2742 | case IPV6_PORTRANGE_LOW: |
2743 | in6p->inp_flags &= ~(INP_HIGHPORT); |
2744 | in6p->inp_flags |= INP_LOWPORT; |
2745 | break; |
2746 | |
2747 | default: |
2748 | error = EINVAL; |
2749 | break; |
2750 | } |
2751 | break; |
2752 | #if IPSEC |
2753 | case IPV6_IPSEC_POLICY: { |
2754 | caddr_t req = NULL; |
2755 | size_t len = 0; |
2756 | struct mbuf *m; |
2757 | |
2758 | if ((error = soopt_getm(sopt, mp: &m)) != 0) { |
2759 | break; |
2760 | } |
2761 | if ((error = soopt_mcopyin(sopt, m)) != 0) { |
2762 | break; |
2763 | } |
2764 | |
2765 | req = mtod(m, caddr_t); |
2766 | len = m->m_len; |
2767 | error = ipsec6_set_policy(inp: in6p, optname, request: req, |
2768 | len, priv: privileged); |
2769 | m_freem(m); |
2770 | break; |
2771 | } |
2772 | #endif /* IPSEC */ |
2773 | /* |
2774 | * IPv6 variant of IP_BOUND_IF; for details see |
2775 | * comments on IP_BOUND_IF in ip_ctloutput(). |
2776 | */ |
2777 | case IPV6_BOUND_IF: |
2778 | /* This option is settable only on IPv6 */ |
2779 | if (!(in6p->inp_vflag & INP_IPV6)) { |
2780 | error = EINVAL; |
2781 | break; |
2782 | } |
2783 | |
2784 | error = sooptcopyin(sopt, &optval, |
2785 | len: sizeof(optval), minlen: sizeof(optval)); |
2786 | |
2787 | if (error) { |
2788 | break; |
2789 | } |
2790 | |
2791 | error = inp_bindif(in6p, optval, NULL); |
2792 | break; |
2793 | |
2794 | case IPV6_NO_IFT_CELLULAR: |
2795 | /* This option is settable only for IPv6 */ |
2796 | if (!(in6p->inp_vflag & INP_IPV6)) { |
2797 | error = EINVAL; |
2798 | break; |
2799 | } |
2800 | |
2801 | error = sooptcopyin(sopt, &optval, |
2802 | len: sizeof(optval), minlen: sizeof(optval)); |
2803 | |
2804 | if (error) { |
2805 | break; |
2806 | } |
2807 | |
2808 | /* once set, it cannot be unset */ |
2809 | if (!optval && INP_NO_CELLULAR(in6p)) { |
2810 | error = EINVAL; |
2811 | break; |
2812 | } |
2813 | |
2814 | error = so_set_restrictions(so, |
2815 | SO_RESTRICT_DENY_CELLULAR); |
2816 | break; |
2817 | |
2818 | case IPV6_OUT_IF: |
2819 | /* This option is not settable */ |
2820 | error = EINVAL; |
2821 | break; |
2822 | |
2823 | default: |
2824 | error = ENOPROTOOPT; |
2825 | break; |
2826 | } |
2827 | if (capture_exthdrstat_in) { |
2828 | if (uproto == IPPROTO_TCP) { |
2829 | INC_ATOMIC_INT64_LIM(net_api_stats.nas_sock_inet6_stream_exthdr_in); |
2830 | } else if (uproto == IPPROTO_UDP) { |
2831 | INC_ATOMIC_INT64_LIM(net_api_stats.nas_sock_inet6_dgram_exthdr_in); |
2832 | } |
2833 | } |
2834 | break; |
2835 | |
2836 | case SOPT_GET: |
2837 | switch (optname) { |
2838 | case IPV6_2292PKTOPTIONS: |
2839 | /* |
2840 | * RFC3542 (effectively) deprecated the |
2841 | * semantics of the 2292-style pktoptions. |
2842 | * Since it was not reliable in nature (i.e., |
2843 | * applications had to expect the lack of some |
2844 | * information after all), it would make sense |
2845 | * to simplify this part by always returning |
2846 | * empty data. |
2847 | */ |
2848 | sopt->sopt_valsize = 0; |
2849 | break; |
2850 | |
2851 | case IPV6_RECVHOPOPTS: |
2852 | case IPV6_RECVDSTOPTS: |
2853 | case IPV6_RECVRTHDRDSTOPTS: |
2854 | case IPV6_UNICAST_HOPS: |
2855 | case IPV6_RECVPKTINFO: |
2856 | case IPV6_RECVHOPLIMIT: |
2857 | case IPV6_RECVRTHDR: |
2858 | case IPV6_RECVPATHMTU: |
2859 | case IPV6_V6ONLY: |
2860 | case IPV6_PORTRANGE: |
2861 | case IPV6_RECVTCLASS: |
2862 | case IPV6_AUTOFLOWLABEL: |
2863 | switch (optname) { |
2864 | case IPV6_RECVHOPOPTS: |
2865 | optval = OPTBIT(IN6P_HOPOPTS); |
2866 | break; |
2867 | |
2868 | case IPV6_RECVDSTOPTS: |
2869 | optval = OPTBIT(IN6P_DSTOPTS); |
2870 | break; |
2871 | |
2872 | case IPV6_RECVRTHDRDSTOPTS: |
2873 | optval = OPTBIT(IN6P_RTHDRDSTOPTS); |
2874 | break; |
2875 | |
2876 | case IPV6_UNICAST_HOPS: |
2877 | optval = in6p->in6p_hops; |
2878 | break; |
2879 | |
2880 | case IPV6_RECVPKTINFO: |
2881 | optval = OPTBIT(IN6P_PKTINFO); |
2882 | break; |
2883 | |
2884 | case IPV6_RECVHOPLIMIT: |
2885 | optval = OPTBIT(IN6P_HOPLIMIT); |
2886 | break; |
2887 | |
2888 | case IPV6_RECVRTHDR: |
2889 | optval = OPTBIT(IN6P_RTHDR); |
2890 | break; |
2891 | |
2892 | case IPV6_RECVPATHMTU: |
2893 | optval = OPTBIT(IN6P_MTU); |
2894 | break; |
2895 | |
2896 | case IPV6_V6ONLY: |
2897 | optval = OPTBIT(IN6P_IPV6_V6ONLY); |
2898 | break; |
2899 | |
2900 | case IPV6_PORTRANGE: { |
2901 | int flags; |
2902 | flags = in6p->inp_flags; |
2903 | if (flags & INP_HIGHPORT) { |
2904 | optval = IPV6_PORTRANGE_HIGH; |
2905 | } else if (flags & INP_LOWPORT) { |
2906 | optval = IPV6_PORTRANGE_LOW; |
2907 | } else { |
2908 | optval = 0; |
2909 | } |
2910 | break; |
2911 | } |
2912 | case IPV6_RECVTCLASS: |
2913 | optval = OPTBIT(IN6P_TCLASS); |
2914 | break; |
2915 | |
2916 | case IPV6_AUTOFLOWLABEL: |
2917 | optval = OPTBIT(IN6P_AUTOFLOWLABEL); |
2918 | break; |
2919 | } |
2920 | if (error) { |
2921 | break; |
2922 | } |
2923 | error = sooptcopyout(sopt, data: &optval, |
2924 | len: sizeof(optval)); |
2925 | break; |
2926 | |
2927 | case IPV6_PATHMTU: { |
2928 | u_int32_t pmtu = 0; |
2929 | struct ip6_mtuinfo mtuinfo; |
2930 | struct route_in6 sro; |
2931 | |
2932 | bzero(s: &sro, n: sizeof(sro)); |
2933 | |
2934 | if (!(so->so_state & SS_ISCONNECTED)) { |
2935 | return ENOTCONN; |
2936 | } |
2937 | /* |
2938 | * XXX: we dot not consider the case of source |
2939 | * routing, or optional information to specify |
2940 | * the outgoing interface. |
2941 | */ |
2942 | error = ip6_getpmtu(ro_pmtu: &sro, NULL, NULL, |
2943 | dst: &in6p->in6p_faddr, dst_ifscope: in6p->inp_fifscope, mtup: &pmtu); |
2944 | ROUTE_RELEASE(&sro); |
2945 | if (error) { |
2946 | break; |
2947 | } |
2948 | if (pmtu > IPV6_MAXPACKET) { |
2949 | pmtu = IPV6_MAXPACKET; |
2950 | } |
2951 | |
2952 | bzero(s: &mtuinfo, n: sizeof(mtuinfo)); |
2953 | mtuinfo.ip6m_mtu = (u_int32_t)pmtu; |
2954 | optdata = (void *)&mtuinfo; |
2955 | optdatalen = sizeof(mtuinfo); |
2956 | error = sooptcopyout(sopt, data: optdata, |
2957 | len: optdatalen); |
2958 | break; |
2959 | } |
2960 | |
2961 | case IPV6_2292PKTINFO: |
2962 | case IPV6_2292HOPLIMIT: |
2963 | case IPV6_2292HOPOPTS: |
2964 | case IPV6_2292RTHDR: |
2965 | case IPV6_2292DSTOPTS: |
2966 | switch (optname) { |
2967 | case IPV6_2292PKTINFO: |
2968 | optval = OPTBIT(IN6P_PKTINFO); |
2969 | break; |
2970 | case IPV6_2292HOPLIMIT: |
2971 | optval = OPTBIT(IN6P_HOPLIMIT); |
2972 | break; |
2973 | case IPV6_2292HOPOPTS: |
2974 | optval = OPTBIT(IN6P_HOPOPTS); |
2975 | break; |
2976 | case IPV6_2292RTHDR: |
2977 | optval = OPTBIT(IN6P_RTHDR); |
2978 | break; |
2979 | case IPV6_2292DSTOPTS: |
2980 | optval = OPTBIT(IN6P_DSTOPTS | |
2981 | IN6P_RTHDRDSTOPTS); |
2982 | break; |
2983 | } |
2984 | error = sooptcopyout(sopt, data: &optval, |
2985 | len: sizeof(optval)); |
2986 | break; |
2987 | |
2988 | case IPV6_PKTINFO: |
2989 | case IPV6_HOPOPTS: |
2990 | case IPV6_RTHDR: |
2991 | case IPV6_DSTOPTS: |
2992 | case IPV6_RTHDRDSTOPTS: |
2993 | case IPV6_NEXTHOP: |
2994 | case IPV6_TCLASS: |
2995 | case IPV6_DONTFRAG: |
2996 | case IPV6_USE_MIN_MTU: |
2997 | case IPV6_PREFER_TEMPADDR: |
2998 | error = ip6_getpcbopt(in6p->in6p_outputopts, |
2999 | optname, sopt); |
3000 | break; |
3001 | |
3002 | case IPV6_MULTICAST_IF: |
3003 | case IPV6_MULTICAST_HOPS: |
3004 | case IPV6_MULTICAST_LOOP: |
3005 | case IPV6_MSFILTER: |
3006 | error = ip6_getmoptions(in6p, sopt); |
3007 | break; |
3008 | #if IPSEC |
3009 | case IPV6_IPSEC_POLICY: { |
3010 | error = 0; /* This option is no longer supported */ |
3011 | break; |
3012 | } |
3013 | #endif /* IPSEC */ |
3014 | case IPV6_BOUND_IF: |
3015 | if (in6p->inp_flags & INP_BOUND_IF) { |
3016 | optval = in6p->inp_boundifp->if_index; |
3017 | } |
3018 | error = sooptcopyout(sopt, data: &optval, |
3019 | len: sizeof(optval)); |
3020 | break; |
3021 | |
3022 | case IPV6_NO_IFT_CELLULAR: |
3023 | optval = INP_NO_CELLULAR(in6p) ? 1 : 0; |
3024 | error = sooptcopyout(sopt, data: &optval, |
3025 | len: sizeof(optval)); |
3026 | break; |
3027 | |
3028 | case IPV6_OUT_IF: |
3029 | optval = (in6p->in6p_last_outifp != NULL) ? |
3030 | in6p->in6p_last_outifp->if_index : 0; |
3031 | error = sooptcopyout(sopt, data: &optval, |
3032 | len: sizeof(optval)); |
3033 | break; |
3034 | |
3035 | default: |
3036 | error = ENOPROTOOPT; |
3037 | break; |
3038 | } |
3039 | break; |
3040 | } |
3041 | } else { |
3042 | error = EINVAL; |
3043 | } |
3044 | return error; |
3045 | } |
3046 | |
3047 | int |
3048 | ip6_raw_ctloutput(struct socket *so, struct sockopt *sopt) |
3049 | { |
3050 | int error = 0, optval; |
3051 | size_t optlen; |
3052 | const int icmp6off = offsetof(struct icmp6_hdr, icmp6_cksum); |
3053 | struct inpcb *in6p = sotoinpcb(so); |
3054 | int level, op, optname; |
3055 | |
3056 | level = sopt->sopt_level; |
3057 | op = sopt->sopt_dir; |
3058 | optname = sopt->sopt_name; |
3059 | optlen = sopt->sopt_valsize; |
3060 | |
3061 | if (level != IPPROTO_IPV6) { |
3062 | return EINVAL; |
3063 | } |
3064 | |
3065 | switch (optname) { |
3066 | case IPV6_CHECKSUM: |
3067 | /* |
3068 | * For ICMPv6 sockets, no modification allowed for checksum |
3069 | * offset, permit "no change" values to help existing apps. |
3070 | * |
3071 | * RFC3542 says: "An attempt to set IPV6_CHECKSUM |
3072 | * for an ICMPv6 socket will fail." |
3073 | * The current behavior does not meet RFC3542. |
3074 | */ |
3075 | switch (op) { |
3076 | case SOPT_SET: |
3077 | if (optlen != sizeof(int)) { |
3078 | error = EINVAL; |
3079 | break; |
3080 | } |
3081 | error = sooptcopyin(sopt, &optval, len: sizeof(optval), |
3082 | minlen: sizeof(optval)); |
3083 | if (error) { |
3084 | break; |
3085 | } |
3086 | if ((optval % 2) != 0) { |
3087 | /* the API assumes even offset values */ |
3088 | error = EINVAL; |
3089 | } else if (SOCK_PROTO(so) == IPPROTO_ICMPV6) { |
3090 | if (optval != icmp6off) { |
3091 | error = EINVAL; |
3092 | } |
3093 | } else { |
3094 | in6p->in6p_cksum = optval; |
3095 | } |
3096 | break; |
3097 | |
3098 | case SOPT_GET: |
3099 | if (SOCK_PROTO(so) == IPPROTO_ICMPV6) { |
3100 | optval = icmp6off; |
3101 | } else { |
3102 | optval = in6p->in6p_cksum; |
3103 | } |
3104 | |
3105 | error = sooptcopyout(sopt, data: &optval, len: sizeof(optval)); |
3106 | break; |
3107 | |
3108 | default: |
3109 | error = EINVAL; |
3110 | break; |
3111 | } |
3112 | break; |
3113 | |
3114 | default: |
3115 | error = ENOPROTOOPT; |
3116 | break; |
3117 | } |
3118 | |
3119 | return error; |
3120 | } |
3121 | |
3122 | /* |
3123 | * Set up IP6 options in pcb for insertion in output packets or |
3124 | * specifying behavior of outgoing packets. |
3125 | */ |
3126 | static int |
3127 | ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, struct socket *so, |
3128 | struct sockopt *sopt) |
3129 | { |
3130 | #pragma unused(sopt) |
3131 | struct ip6_pktopts *opt = *pktopt; |
3132 | int error = 0; |
3133 | |
3134 | /* turn off any old options. */ |
3135 | if (opt != NULL) { |
3136 | #if DIAGNOSTIC |
3137 | if (opt->ip6po_pktinfo || opt->ip6po_nexthop || |
3138 | opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 || |
3139 | opt->ip6po_rhinfo.ip6po_rhi_rthdr) { |
3140 | printf("%s: all specified options are cleared.\n" , |
3141 | __func__); |
3142 | } |
3143 | #endif |
3144 | ip6_clearpktopts(opt, -1); |
3145 | } else { |
3146 | opt = kalloc_type(struct ip6_pktopts, Z_WAITOK | Z_NOFAIL); |
3147 | } |
3148 | *pktopt = NULL; |
3149 | |
3150 | if (m == NULL || m->m_len == 0) { |
3151 | /* |
3152 | * Only turning off any previous options, regardless of |
3153 | * whether the opt is just created or given. |
3154 | */ |
3155 | if (opt != NULL) { |
3156 | kfree_type(struct ip6_pktopts, opt); |
3157 | } |
3158 | return 0; |
3159 | } |
3160 | |
3161 | /* set options specified by user. */ |
3162 | if ((error = ip6_setpktopts(control: m, opt, NULL, SOCK_PROTO(so))) != 0) { |
3163 | ip6_clearpktopts(opt, -1); /* XXX: discard all options */ |
3164 | kfree_type(struct ip6_pktopts, opt); |
3165 | return error; |
3166 | } |
3167 | *pktopt = opt; |
3168 | return 0; |
3169 | } |
3170 | |
3171 | /* |
3172 | * initialize ip6_pktopts. beware that there are non-zero default values in |
3173 | * the struct. |
3174 | */ |
3175 | void |
3176 | ip6_initpktopts(struct ip6_pktopts *opt) |
3177 | { |
3178 | bzero(s: opt, n: sizeof(*opt)); |
3179 | opt->ip6po_hlim = -1; /* -1 means default hop limit */ |
3180 | opt->ip6po_tclass = -1; /* -1 means default traffic class */ |
3181 | opt->ip6po_minmtu = IP6PO_MINMTU_MCASTONLY; |
3182 | opt->ip6po_prefer_tempaddr = IP6PO_TEMPADDR_SYSTEM; |
3183 | } |
3184 | |
3185 | static int |
3186 | ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, |
3187 | int uproto) |
3188 | { |
3189 | struct ip6_pktopts *opt; |
3190 | |
3191 | opt = *pktopt; |
3192 | if (opt == NULL) { |
3193 | opt = kalloc_type(struct ip6_pktopts, Z_WAITOK | Z_NOFAIL); |
3194 | ip6_initpktopts(opt); |
3195 | *pktopt = opt; |
3196 | } |
3197 | |
3198 | return ip6_setpktopt(optname, buf, len, opt, 1, 0, uproto); |
3199 | } |
3200 | |
3201 | static int |
3202 | ip6_getpcbopt(struct ip6_pktopts *pktopt, int optname, struct sockopt *sopt) |
3203 | { |
3204 | void *optdata = NULL; |
3205 | int optdatalen = 0; |
3206 | struct ip6_ext *ip6e; |
3207 | struct in6_pktinfo null_pktinfo; |
3208 | int deftclass = 0, on; |
3209 | int defminmtu = IP6PO_MINMTU_MCASTONLY; |
3210 | int defpreftemp = IP6PO_TEMPADDR_SYSTEM; |
3211 | |
3212 | |
3213 | switch (optname) { |
3214 | case IPV6_PKTINFO: |
3215 | if (pktopt && pktopt->ip6po_pktinfo) { |
3216 | optdata = (void *)pktopt->ip6po_pktinfo; |
3217 | } else { |
3218 | /* XXX: we don't have to do this every time... */ |
3219 | bzero(s: &null_pktinfo, n: sizeof(null_pktinfo)); |
3220 | optdata = (void *)&null_pktinfo; |
3221 | } |
3222 | optdatalen = sizeof(struct in6_pktinfo); |
3223 | break; |
3224 | |
3225 | case IPV6_TCLASS: |
3226 | if (pktopt && pktopt->ip6po_tclass >= 0) { |
3227 | optdata = (void *)&pktopt->ip6po_tclass; |
3228 | } else { |
3229 | optdata = (void *)&deftclass; |
3230 | } |
3231 | optdatalen = sizeof(int); |
3232 | break; |
3233 | |
3234 | case IPV6_HOPOPTS: |
3235 | if (pktopt && pktopt->ip6po_hbh) { |
3236 | optdata = (void *)pktopt->ip6po_hbh; |
3237 | ip6e = (struct ip6_ext *)pktopt->ip6po_hbh; |
3238 | optdatalen = (ip6e->ip6e_len + 1) << 3; |
3239 | } |
3240 | break; |
3241 | |
3242 | case IPV6_RTHDR: |
3243 | if (pktopt && pktopt->ip6po_rthdr) { |
3244 | optdata = (void *)pktopt->ip6po_rthdr; |
3245 | ip6e = (struct ip6_ext *)pktopt->ip6po_rthdr; |
3246 | optdatalen = (ip6e->ip6e_len + 1) << 3; |
3247 | } |
3248 | break; |
3249 | |
3250 | case IPV6_RTHDRDSTOPTS: |
3251 | if (pktopt && pktopt->ip6po_dest1) { |
3252 | optdata = (void *)pktopt->ip6po_dest1; |
3253 | ip6e = (struct ip6_ext *)pktopt->ip6po_dest1; |
3254 | optdatalen = (ip6e->ip6e_len + 1) << 3; |
3255 | } |
3256 | break; |
3257 | |
3258 | case IPV6_DSTOPTS: |
3259 | if (pktopt && pktopt->ip6po_dest2) { |
3260 | optdata = (void *)pktopt->ip6po_dest2; |
3261 | ip6e = (struct ip6_ext *)pktopt->ip6po_dest2; |
3262 | optdatalen = (ip6e->ip6e_len + 1) << 3; |
3263 | } |
3264 | break; |
3265 | |
3266 | case IPV6_NEXTHOP: |
3267 | if (pktopt && pktopt->ip6po_nexthop) { |
3268 | optdata = (void *)pktopt->ip6po_nexthop; |
3269 | optdatalen = pktopt->ip6po_nexthop->sa_len; |
3270 | } |
3271 | break; |
3272 | |
3273 | case IPV6_USE_MIN_MTU: |
3274 | if (pktopt) { |
3275 | optdata = (void *)&pktopt->ip6po_minmtu; |
3276 | } else { |
3277 | optdata = (void *)&defminmtu; |
3278 | } |
3279 | optdatalen = sizeof(int); |
3280 | break; |
3281 | |
3282 | case IPV6_DONTFRAG: |
3283 | if (pktopt && ((pktopt->ip6po_flags) & IP6PO_DONTFRAG)) { |
3284 | on = 1; |
3285 | } else { |
3286 | on = 0; |
3287 | } |
3288 | optdata = (void *)&on; |
3289 | optdatalen = sizeof(on); |
3290 | break; |
3291 | |
3292 | case IPV6_PREFER_TEMPADDR: |
3293 | if (pktopt) { |
3294 | optdata = (void *)&pktopt->ip6po_prefer_tempaddr; |
3295 | } else { |
3296 | optdata = (void *)&defpreftemp; |
3297 | } |
3298 | optdatalen = sizeof(int); |
3299 | break; |
3300 | |
3301 | default: /* should not happen */ |
3302 | #ifdef DIAGNOSTIC |
3303 | panic("ip6_getpcbopt: unexpected option" ); |
3304 | #endif |
3305 | return ENOPROTOOPT; |
3306 | } |
3307 | |
3308 | return sooptcopyout(sopt, data: optdata, len: optdatalen); |
3309 | } |
3310 | |
3311 | void |
3312 | ip6_clearpktopts(struct ip6_pktopts *pktopt, int optname) |
3313 | { |
3314 | if (pktopt == NULL) { |
3315 | return; |
3316 | } |
3317 | |
3318 | if (optname == -1 || optname == IPV6_PKTINFO) { |
3319 | if (pktopt->ip6po_pktinfo) { |
3320 | kfree_type(struct in6_pktinfo, pktopt->ip6po_pktinfo); |
3321 | } |
3322 | pktopt->ip6po_pktinfo = NULL; |
3323 | } |
3324 | if (optname == -1 || optname == IPV6_HOPLIMIT) { |
3325 | pktopt->ip6po_hlim = -1; |
3326 | } |
3327 | if (optname == -1 || optname == IPV6_TCLASS) { |
3328 | pktopt->ip6po_tclass = -1; |
3329 | } |
3330 | if (optname == -1 || optname == IPV6_NEXTHOP) { |
3331 | ROUTE_RELEASE(&pktopt->ip6po_nextroute); |
3332 | if (pktopt->ip6po_nexthop) { |
3333 | kfree_data_addr(pktopt->ip6po_nexthop); |
3334 | } |
3335 | pktopt->ip6po_nexthop = NULL; |
3336 | } |
3337 | if (optname == -1 || optname == IPV6_HOPOPTS) { |
3338 | if (pktopt->ip6po_hbh) { |
3339 | kfree_data_addr(pktopt->ip6po_hbh); |
3340 | } |
3341 | pktopt->ip6po_hbh = NULL; |
3342 | } |
3343 | if (optname == -1 || optname == IPV6_RTHDRDSTOPTS) { |
3344 | if (pktopt->ip6po_dest1) { |
3345 | kfree_data_addr(pktopt->ip6po_dest1); |
3346 | } |
3347 | pktopt->ip6po_dest1 = NULL; |
3348 | } |
3349 | if (optname == -1 || optname == IPV6_RTHDR) { |
3350 | if (pktopt->ip6po_rhinfo.ip6po_rhi_rthdr) { |
3351 | kfree_data_addr(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr); |
3352 | } |
3353 | pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL; |
3354 | ROUTE_RELEASE(&pktopt->ip6po_route); |
3355 | } |
3356 | if (optname == -1 || optname == IPV6_DSTOPTS) { |
3357 | if (pktopt->ip6po_dest2) { |
3358 | kfree_data_addr(pktopt->ip6po_dest2); |
3359 | } |
3360 | pktopt->ip6po_dest2 = NULL; |
3361 | } |
3362 | } |
3363 | |
3364 | #define PKTOPT_EXTHDRCPY(type) do { \ |
3365 | if (src->type) { \ |
3366 | int hlen = \ |
3367 | (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3; \ |
3368 | dst->type = kalloc_data(hlen, canwait); \ |
3369 | if (dst->type == NULL && canwait == Z_NOWAIT) \ |
3370 | goto bad; \ |
3371 | bcopy(src->type, dst->type, hlen); \ |
3372 | } \ |
3373 | } while (0) |
3374 | |
3375 | static int |
3376 | copypktopts(struct ip6_pktopts *dst, struct ip6_pktopts *src, zalloc_flags_t canwait) |
3377 | { |
3378 | if (dst == NULL || src == NULL) { |
3379 | printf("copypktopts: invalid argument\n" ); |
3380 | return EINVAL; |
3381 | } |
3382 | |
3383 | dst->ip6po_hlim = src->ip6po_hlim; |
3384 | dst->ip6po_tclass = src->ip6po_tclass; |
3385 | dst->ip6po_flags = src->ip6po_flags; |
3386 | if (src->ip6po_pktinfo) { |
3387 | dst->ip6po_pktinfo = kalloc_type(struct in6_pktinfo, canwait); |
3388 | if (dst->ip6po_pktinfo == NULL && canwait == Z_NOWAIT) { |
3389 | goto bad; |
3390 | } |
3391 | *dst->ip6po_pktinfo = *src->ip6po_pktinfo; |
3392 | } |
3393 | if (src->ip6po_nexthop) { |
3394 | dst->ip6po_nexthop = kalloc_data(src->ip6po_nexthop->sa_len, canwait); |
3395 | if (dst->ip6po_nexthop == NULL && canwait == Z_NOWAIT) { |
3396 | goto bad; |
3397 | } |
3398 | SOCKADDR_COPY(src->ip6po_nexthop, dst->ip6po_nexthop, |
3399 | src->ip6po_nexthop->sa_len); |
3400 | } |
3401 | PKTOPT_EXTHDRCPY(ip6po_hbh); |
3402 | PKTOPT_EXTHDRCPY(ip6po_dest1); |
3403 | PKTOPT_EXTHDRCPY(ip6po_dest2); |
3404 | PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */ |
3405 | return 0; |
3406 | |
3407 | bad: |
3408 | ip6_clearpktopts(pktopt: dst, optname: -1); |
3409 | return ENOBUFS; |
3410 | } |
3411 | #undef PKTOPT_EXTHDRCPY |
3412 | |
3413 | struct ip6_pktopts * |
3414 | ip6_copypktopts(struct ip6_pktopts *src, zalloc_flags_t canwait) |
3415 | { |
3416 | int error; |
3417 | struct ip6_pktopts *dst; |
3418 | |
3419 | dst = kalloc_type(struct ip6_pktopts, canwait); |
3420 | if (dst == NULL) { |
3421 | return NULL; |
3422 | } |
3423 | ip6_initpktopts(opt: dst); |
3424 | |
3425 | if ((error = copypktopts(dst, src, canwait)) != 0) { |
3426 | kfree_type(struct ip6_pktopts, dst); |
3427 | return NULL; |
3428 | } |
3429 | |
3430 | return dst; |
3431 | } |
3432 | |
3433 | void |
3434 | ip6_freepcbopts(struct ip6_pktopts *pktopt) |
3435 | { |
3436 | if (pktopt == NULL) { |
3437 | return; |
3438 | } |
3439 | |
3440 | ip6_clearpktopts(pktopt, optname: -1); |
3441 | |
3442 | kfree_type(struct ip6_pktopts, pktopt); |
3443 | } |
3444 | |
3445 | void |
3446 | ip6_moptions_init(void) |
3447 | { |
3448 | PE_parse_boot_argn(arg_string: "ifa_debug" , arg_ptr: &im6o_debug, max_arg: sizeof(im6o_debug)); |
3449 | |
3450 | vm_size_t im6o_size = (im6o_debug == 0) ? sizeof(struct ip6_moptions) : |
3451 | sizeof(struct ip6_moptions_dbg); |
3452 | |
3453 | im6o_zone = zone_create(IM6O_ZONE_NAME, size: im6o_size, flags: ZC_ZFREE_CLEARMEM); |
3454 | } |
3455 | |
3456 | void |
3457 | im6o_addref(struct ip6_moptions *im6o, int locked) |
3458 | { |
3459 | if (!locked) { |
3460 | IM6O_LOCK(im6o); |
3461 | } else { |
3462 | IM6O_LOCK_ASSERT_HELD(im6o); |
3463 | } |
3464 | |
3465 | if (++im6o->im6o_refcnt == 0) { |
3466 | panic("%s: im6o %p wraparound refcnt" , __func__, im6o); |
3467 | /* NOTREACHED */ |
3468 | } else if (im6o->im6o_trace != NULL) { |
3469 | (*im6o->im6o_trace)(im6o, TRUE); |
3470 | } |
3471 | |
3472 | if (!locked) { |
3473 | IM6O_UNLOCK(im6o); |
3474 | } |
3475 | } |
3476 | |
3477 | void |
3478 | im6o_remref(struct ip6_moptions *im6o) |
3479 | { |
3480 | int i; |
3481 | |
3482 | IM6O_LOCK(im6o); |
3483 | if (im6o->im6o_refcnt == 0) { |
3484 | panic("%s: im6o %p negative refcnt" , __func__, im6o); |
3485 | /* NOTREACHED */ |
3486 | } else if (im6o->im6o_trace != NULL) { |
3487 | (*im6o->im6o_trace)(im6o, FALSE); |
3488 | } |
3489 | |
3490 | --im6o->im6o_refcnt; |
3491 | if (im6o->im6o_refcnt > 0) { |
3492 | IM6O_UNLOCK(im6o); |
3493 | return; |
3494 | } |
3495 | |
3496 | for (i = 0; i < im6o->im6o_num_memberships; ++i) { |
3497 | struct in6_mfilter *imf; |
3498 | |
3499 | imf = im6o->im6o_mfilters ? &im6o->im6o_mfilters[i] : NULL; |
3500 | if (imf != NULL) { |
3501 | im6f_leave(imf); |
3502 | } |
3503 | |
3504 | (void) in6_mc_leave(im6o->im6o_membership[i], imf); |
3505 | |
3506 | if (imf != NULL) { |
3507 | im6f_purge(imf); |
3508 | } |
3509 | |
3510 | IN6M_REMREF(im6o->im6o_membership[i]); |
3511 | im6o->im6o_membership[i] = NULL; |
3512 | } |
3513 | im6o->im6o_num_memberships = 0; |
3514 | IM6O_UNLOCK(im6o); |
3515 | |
3516 | kfree_type(struct in6_multi *, im6o->im6o_max_memberships, im6o->im6o_membership); |
3517 | kfree_type(struct in6_mfilter, im6o->im6o_max_memberships, im6o->im6o_mfilters); |
3518 | lck_mtx_destroy(lck: &im6o->im6o_lock, grp: &ifa_mtx_grp); |
3519 | |
3520 | if (!(im6o->im6o_debug & IFD_ALLOC)) { |
3521 | panic("%s: im6o %p cannot be freed" , __func__, im6o); |
3522 | /* NOTREACHED */ |
3523 | } |
3524 | zfree(im6o_zone, im6o); |
3525 | } |
3526 | |
3527 | static void |
3528 | im6o_trace(struct ip6_moptions *im6o, int refhold) |
3529 | { |
3530 | struct ip6_moptions_dbg *im6o_dbg = (struct ip6_moptions_dbg *)im6o; |
3531 | ctrace_t *tr; |
3532 | u_int32_t idx; |
3533 | u_int16_t *cnt; |
3534 | |
3535 | if (!(im6o->im6o_debug & IFD_DEBUG)) { |
3536 | panic("%s: im6o %p has no debug structure" , __func__, im6o); |
3537 | /* NOTREACHED */ |
3538 | } |
3539 | if (refhold) { |
3540 | cnt = &im6o_dbg->im6o_refhold_cnt; |
3541 | tr = im6o_dbg->im6o_refhold; |
3542 | } else { |
3543 | cnt = &im6o_dbg->im6o_refrele_cnt; |
3544 | tr = im6o_dbg->im6o_refrele; |
3545 | } |
3546 | |
3547 | idx = os_atomic_inc_orig(cnt, relaxed) % IM6O_TRACE_HIST_SIZE; |
3548 | ctrace_record(&tr[idx]); |
3549 | } |
3550 | |
3551 | struct ip6_moptions * |
3552 | ip6_allocmoptions(zalloc_flags_t how) |
3553 | { |
3554 | struct ip6_moptions *im6o; |
3555 | |
3556 | im6o = zalloc_flags(im6o_zone, how | Z_ZERO); |
3557 | if (im6o != NULL) { |
3558 | lck_mtx_init(lck: &im6o->im6o_lock, grp: &ifa_mtx_grp, attr: &ifa_mtx_attr); |
3559 | im6o->im6o_debug |= IFD_ALLOC; |
3560 | if (im6o_debug != 0) { |
3561 | im6o->im6o_debug |= IFD_DEBUG; |
3562 | im6o->im6o_trace = im6o_trace; |
3563 | } |
3564 | IM6O_ADDREF(im6o); |
3565 | } |
3566 | |
3567 | return im6o; |
3568 | } |
3569 | |
3570 | /* |
3571 | * Set IPv6 outgoing packet options based on advanced API. |
3572 | */ |
3573 | int |
3574 | ip6_setpktopts(struct mbuf *control, struct ip6_pktopts *opt, |
3575 | struct ip6_pktopts *stickyopt, int uproto) |
3576 | { |
3577 | struct cmsghdr *cm = NULL; |
3578 | |
3579 | if (control == NULL || opt == NULL) { |
3580 | return EINVAL; |
3581 | } |
3582 | |
3583 | ip6_initpktopts(opt); |
3584 | if (stickyopt) { |
3585 | int error; |
3586 | |
3587 | /* |
3588 | * If stickyopt is provided, make a local copy of the options |
3589 | * for this particular packet, then override them by ancillary |
3590 | * objects. |
3591 | * XXX: copypktopts() does not copy the cached route to a next |
3592 | * hop (if any). This is not very good in terms of efficiency, |
3593 | * but we can allow this since this option should be rarely |
3594 | * used. |
3595 | */ |
3596 | if ((error = copypktopts(dst: opt, src: stickyopt, canwait: Z_NOWAIT)) != 0) { |
3597 | return error; |
3598 | } |
3599 | } |
3600 | |
3601 | /* |
3602 | * XXX: Currently, we assume all the optional information is stored |
3603 | * in a single mbuf. |
3604 | */ |
3605 | if (control->m_next) { |
3606 | return EINVAL; |
3607 | } |
3608 | |
3609 | if (control->m_len < CMSG_LEN(0)) { |
3610 | return EINVAL; |
3611 | } |
3612 | |
3613 | for (cm = M_FIRST_CMSGHDR(control); |
3614 | is_cmsg_valid(control, cmsg: cm); |
3615 | cm = M_NXT_CMSGHDR(control, cm)) { |
3616 | int error; |
3617 | |
3618 | if (cm->cmsg_level != IPPROTO_IPV6) { |
3619 | continue; |
3620 | } |
3621 | |
3622 | error = ip6_setpktopt(cm->cmsg_type, CMSG_DATA(cm), |
3623 | cm->cmsg_len - CMSG_LEN(0), opt, 0, 1, uproto); |
3624 | if (error) { |
3625 | return error; |
3626 | } |
3627 | } |
3628 | |
3629 | return 0; |
3630 | } |
3631 | /* |
3632 | * Set a particular packet option, as a sticky option or an ancillary data |
3633 | * item. "len" can be 0 only when it's a sticky option. |
3634 | * We have 4 cases of combination of "sticky" and "cmsg": |
3635 | * "sticky=0, cmsg=0": impossible |
3636 | * "sticky=0, cmsg=1": RFC2292 or RFC3542 ancillary data |
3637 | * "sticky=1, cmsg=0": RFC3542 socket option |
3638 | * "sticky=1, cmsg=1": RFC2292 socket option |
3639 | */ |
3640 | static int |
3641 | ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, |
3642 | int sticky, int cmsg, int uproto) |
3643 | { |
3644 | int minmtupolicy, preftemp; |
3645 | int error; |
3646 | boolean_t capture_exthdrstat_out = FALSE; |
3647 | |
3648 | if (!sticky && !cmsg) { |
3649 | #ifdef DIAGNOSTIC |
3650 | printf("ip6_setpktopt: impossible case\n" ); |
3651 | #endif |
3652 | return EINVAL; |
3653 | } |
3654 | |
3655 | /* |
3656 | * Caller must have ensured that the buffer is at least |
3657 | * aligned on 32-bit boundary. |
3658 | */ |
3659 | VERIFY(IS_P2ALIGNED(buf, sizeof(u_int32_t))); |
3660 | |
3661 | /* |
3662 | * IPV6_2292xxx is for backward compatibility to RFC2292, and should |
3663 | * not be specified in the context of RFC3542. Conversely, |
3664 | * RFC3542 types should not be specified in the context of RFC2292. |
3665 | */ |
3666 | if (!cmsg) { |
3667 | switch (optname) { |
3668 | case IPV6_2292PKTINFO: |
3669 | case IPV6_2292HOPLIMIT: |
3670 | case IPV6_2292NEXTHOP: |
3671 | case IPV6_2292HOPOPTS: |
3672 | case IPV6_2292DSTOPTS: |
3673 | case IPV6_2292RTHDR: |
3674 | case IPV6_2292PKTOPTIONS: |
3675 | return ENOPROTOOPT; |
3676 | } |
3677 | } |
3678 | if (sticky && cmsg) { |
3679 | switch (optname) { |
3680 | case IPV6_PKTINFO: |
3681 | case IPV6_HOPLIMIT: |
3682 | case IPV6_NEXTHOP: |
3683 | case IPV6_HOPOPTS: |
3684 | case IPV6_DSTOPTS: |
3685 | case IPV6_RTHDRDSTOPTS: |
3686 | case IPV6_RTHDR: |
3687 | case IPV6_USE_MIN_MTU: |
3688 | case IPV6_DONTFRAG: |
3689 | case IPV6_TCLASS: |
3690 | case IPV6_PREFER_TEMPADDR: /* XXX: not an RFC3542 option */ |
3691 | return ENOPROTOOPT; |
3692 | } |
3693 | } |
3694 | |
3695 | switch (optname) { |
3696 | case IPV6_2292PKTINFO: |
3697 | case IPV6_PKTINFO: { |
3698 | struct ifnet *ifp = NULL; |
3699 | struct in6_pktinfo *pktinfo; |
3700 | |
3701 | if (len != sizeof(struct in6_pktinfo)) { |
3702 | return EINVAL; |
3703 | } |
3704 | |
3705 | pktinfo = (struct in6_pktinfo *)(void *)buf; |
3706 | |
3707 | /* |
3708 | * An application can clear any sticky IPV6_PKTINFO option by |
3709 | * doing a "regular" setsockopt with ipi6_addr being |
3710 | * in6addr_any and ipi6_ifindex being zero. |
3711 | * [RFC 3542, Section 6] |
3712 | */ |
3713 | if (optname == IPV6_PKTINFO && opt->ip6po_pktinfo && |
3714 | pktinfo->ipi6_ifindex == 0 && |
3715 | IN6_IS_ADDR_UNSPECIFIED(&pktinfo->ipi6_addr)) { |
3716 | ip6_clearpktopts(pktopt: opt, optname); |
3717 | break; |
3718 | } |
3719 | |
3720 | if (uproto == IPPROTO_TCP && optname == IPV6_PKTINFO && |
3721 | sticky && !IN6_IS_ADDR_UNSPECIFIED(&pktinfo->ipi6_addr)) { |
3722 | return EINVAL; |
3723 | } |
3724 | |
3725 | /* validate the interface index if specified. */ |
3726 | ifnet_head_lock_shared(); |
3727 | |
3728 | if (pktinfo->ipi6_ifindex > if_index) { |
3729 | ifnet_head_done(); |
3730 | return ENXIO; |
3731 | } |
3732 | |
3733 | if (pktinfo->ipi6_ifindex) { |
3734 | ifp = ifindex2ifnet[pktinfo->ipi6_ifindex]; |
3735 | if (ifp == NULL) { |
3736 | ifnet_head_done(); |
3737 | return ENXIO; |
3738 | } |
3739 | } |
3740 | |
3741 | ifnet_head_done(); |
3742 | |
3743 | /* |
3744 | * We store the address anyway, and let in6_selectsrc() |
3745 | * validate the specified address. This is because ipi6_addr |
3746 | * may not have enough information about its scope zone, and |
3747 | * we may need additional information (such as outgoing |
3748 | * interface or the scope zone of a destination address) to |
3749 | * disambiguate the scope. |
3750 | * XXX: the delay of the validation may confuse the |
3751 | * application when it is used as a sticky option. |
3752 | */ |
3753 | if (opt->ip6po_pktinfo == NULL) { |
3754 | opt->ip6po_pktinfo = kalloc_type(struct in6_pktinfo, Z_NOWAIT); |
3755 | if (opt->ip6po_pktinfo == NULL) { |
3756 | return ENOBUFS; |
3757 | } |
3758 | } |
3759 | bcopy(src: pktinfo, dst: opt->ip6po_pktinfo, n: sizeof(*pktinfo)); |
3760 | break; |
3761 | } |
3762 | |
3763 | case IPV6_2292HOPLIMIT: |
3764 | case IPV6_HOPLIMIT: { |
3765 | int *hlimp; |
3766 | |
3767 | /* |
3768 | * RFC 3542 deprecated the usage of sticky IPV6_HOPLIMIT |
3769 | * to simplify the ordering among hoplimit options. |
3770 | */ |
3771 | if (optname == IPV6_HOPLIMIT && sticky) { |
3772 | return ENOPROTOOPT; |
3773 | } |
3774 | |
3775 | if (len != sizeof(int)) { |
3776 | return EINVAL; |
3777 | } |
3778 | hlimp = (int *)(void *)buf; |
3779 | if (*hlimp < -1 || *hlimp > IPV6_MAXHLIM) { |
3780 | return EINVAL; |
3781 | } |
3782 | |
3783 | opt->ip6po_hlim = *hlimp; |
3784 | break; |
3785 | } |
3786 | |
3787 | case IPV6_TCLASS: { |
3788 | int tclass; |
3789 | |
3790 | if (len != sizeof(int)) { |
3791 | return EINVAL; |
3792 | } |
3793 | tclass = *(int *)(void *)buf; |
3794 | if (tclass < -1 || tclass > 255) { |
3795 | return EINVAL; |
3796 | } |
3797 | |
3798 | opt->ip6po_tclass = tclass; |
3799 | break; |
3800 | } |
3801 | |
3802 | case IPV6_2292NEXTHOP: |
3803 | case IPV6_NEXTHOP: |
3804 | error = suser(cred: kauth_cred_get(), acflag: 0); |
3805 | if (error) { |
3806 | return EACCES; |
3807 | } |
3808 | |
3809 | if (len == 0) { /* just remove the option */ |
3810 | ip6_clearpktopts(pktopt: opt, IPV6_NEXTHOP); |
3811 | break; |
3812 | } |
3813 | |
3814 | /* check if cmsg_len is large enough for sa_len */ |
3815 | if (len < sizeof(struct sockaddr) || len < *buf) { |
3816 | return EINVAL; |
3817 | } |
3818 | |
3819 | switch (SA(buf)->sa_family) { |
3820 | case AF_INET6: { |
3821 | struct sockaddr_in6 *sa6 = SIN6(buf); |
3822 | |
3823 | if (sa6->sin6_len != sizeof(struct sockaddr_in6)) { |
3824 | return EINVAL; |
3825 | } |
3826 | |
3827 | if (IN6_IS_ADDR_UNSPECIFIED(&sa6->sin6_addr) || |
3828 | IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr)) { |
3829 | return EINVAL; |
3830 | } |
3831 | if ((error = sa6_embedscope(sa6, ip6_use_defzone, IN6_NULL_IF_EMBEDDED_SCOPE(&sa6->sin6_scope_id))) |
3832 | != 0) { |
3833 | return error; |
3834 | } |
3835 | break; |
3836 | } |
3837 | case AF_LINK: /* should eventually be supported */ |
3838 | default: |
3839 | return EAFNOSUPPORT; |
3840 | } |
3841 | |
3842 | /* turn off the previous option, then set the new option. */ |
3843 | ip6_clearpktopts(pktopt: opt, IPV6_NEXTHOP); |
3844 | opt->ip6po_nexthop = kalloc_data(*buf, Z_NOWAIT); |
3845 | if (opt->ip6po_nexthop == NULL) { |
3846 | return ENOBUFS; |
3847 | } |
3848 | SOCKADDR_COPY(buf, opt->ip6po_nexthop, *buf); |
3849 | break; |
3850 | |
3851 | case IPV6_2292HOPOPTS: |
3852 | case IPV6_HOPOPTS: { |
3853 | struct ip6_hbh *hbh; |
3854 | int hbhlen; |
3855 | |
3856 | /* |
3857 | * XXX: We don't allow a non-privileged user to set ANY HbH |
3858 | * options, since per-option restriction has too much |
3859 | * overhead. |
3860 | */ |
3861 | error = suser(cred: kauth_cred_get(), acflag: 0); |
3862 | if (error) { |
3863 | return EACCES; |
3864 | } |
3865 | |
3866 | if (len == 0) { |
3867 | ip6_clearpktopts(pktopt: opt, IPV6_HOPOPTS); |
3868 | break; /* just remove the option */ |
3869 | } |
3870 | |
3871 | /* message length validation */ |
3872 | if (len < sizeof(struct ip6_hbh)) { |
3873 | return EINVAL; |
3874 | } |
3875 | hbh = (struct ip6_hbh *)(void *)buf; |
3876 | hbhlen = (hbh->ip6h_len + 1) << 3; |
3877 | if (len != hbhlen) { |
3878 | return EINVAL; |
3879 | } |
3880 | |
3881 | /* turn off the previous option, then set the new option. */ |
3882 | ip6_clearpktopts(pktopt: opt, IPV6_HOPOPTS); |
3883 | opt->ip6po_hbh = kalloc_data(hbhlen, Z_NOWAIT); |
3884 | if (opt->ip6po_hbh == NULL) { |
3885 | return ENOBUFS; |
3886 | } |
3887 | bcopy(src: hbh, dst: opt->ip6po_hbh, n: hbhlen); |
3888 | capture_exthdrstat_out = TRUE; |
3889 | break; |
3890 | } |
3891 | |
3892 | case IPV6_2292DSTOPTS: |
3893 | case IPV6_DSTOPTS: |
3894 | case IPV6_RTHDRDSTOPTS: { |
3895 | struct ip6_dest *dest, **newdest = NULL; |
3896 | int destlen; |
3897 | |
3898 | error = suser(cred: kauth_cred_get(), acflag: 0); |
3899 | if (error) { |
3900 | return EACCES; |
3901 | } |
3902 | |
3903 | if (len == 0) { |
3904 | ip6_clearpktopts(pktopt: opt, optname); |
3905 | break; /* just remove the option */ |
3906 | } |
3907 | |
3908 | /* message length validation */ |
3909 | if (len < sizeof(struct ip6_dest)) { |
3910 | return EINVAL; |
3911 | } |
3912 | dest = (struct ip6_dest *)(void *)buf; |
3913 | destlen = (dest->ip6d_len + 1) << 3; |
3914 | if (len != destlen) { |
3915 | return EINVAL; |
3916 | } |
3917 | |
3918 | /* |
3919 | * Determine the position that the destination options header |
3920 | * should be inserted; before or after the routing header. |
3921 | */ |
3922 | switch (optname) { |
3923 | case IPV6_2292DSTOPTS: |
3924 | /* |
3925 | * The old advacned API is ambiguous on this point. |
3926 | * Our approach is to determine the position based |
3927 | * according to the existence of a routing header. |
3928 | * Note, however, that this depends on the order of the |
3929 | * extension headers in the ancillary data; the 1st |
3930 | * part of the destination options header must appear |
3931 | * before the routing header in the ancillary data, |
3932 | * too. |
3933 | * RFC3542 solved the ambiguity by introducing |
3934 | * separate ancillary data or option types. |
3935 | */ |
3936 | if (opt->ip6po_rthdr == NULL) { |
3937 | newdest = &opt->ip6po_dest1; |
3938 | } else { |
3939 | newdest = &opt->ip6po_dest2; |
3940 | } |
3941 | break; |
3942 | case IPV6_RTHDRDSTOPTS: |
3943 | newdest = &opt->ip6po_dest1; |
3944 | break; |
3945 | case IPV6_DSTOPTS: |
3946 | newdest = &opt->ip6po_dest2; |
3947 | break; |
3948 | } |
3949 | |
3950 | /* turn off the previous option, then set the new option. */ |
3951 | ip6_clearpktopts(pktopt: opt, optname); |
3952 | *newdest = kalloc_data(destlen, Z_NOWAIT); |
3953 | if (*newdest == NULL) { |
3954 | return ENOBUFS; |
3955 | } |
3956 | bcopy(src: dest, dst: *newdest, n: destlen); |
3957 | capture_exthdrstat_out = TRUE; |
3958 | break; |
3959 | } |
3960 | |
3961 | case IPV6_2292RTHDR: |
3962 | case IPV6_RTHDR: { |
3963 | struct ip6_rthdr *rth; |
3964 | int rthlen; |
3965 | |
3966 | if (len == 0) { |
3967 | ip6_clearpktopts(pktopt: opt, IPV6_RTHDR); |
3968 | break; /* just remove the option */ |
3969 | } |
3970 | |
3971 | /* message length validation */ |
3972 | if (len < sizeof(struct ip6_rthdr)) { |
3973 | return EINVAL; |
3974 | } |
3975 | rth = (struct ip6_rthdr *)(void *)buf; |
3976 | rthlen = (rth->ip6r_len + 1) << 3; |
3977 | if (len != rthlen) { |
3978 | return EINVAL; |
3979 | } |
3980 | |
3981 | switch (rth->ip6r_type) { |
3982 | case IPV6_RTHDR_TYPE_0: |
3983 | if (rth->ip6r_len == 0) { /* must contain one addr */ |
3984 | return EINVAL; |
3985 | } |
3986 | if (rth->ip6r_len % 2) { /* length must be even */ |
3987 | return EINVAL; |
3988 | } |
3989 | if (rth->ip6r_len / 2 != rth->ip6r_segleft) { |
3990 | return EINVAL; |
3991 | } |
3992 | break; |
3993 | default: |
3994 | return EINVAL; /* not supported */ |
3995 | } |
3996 | |
3997 | /* turn off the previous option */ |
3998 | ip6_clearpktopts(pktopt: opt, IPV6_RTHDR); |
3999 | opt->ip6po_rthdr = kalloc_data(rthlen, Z_NOWAIT); |
4000 | if (opt->ip6po_rthdr == NULL) { |
4001 | return ENOBUFS; |
4002 | } |
4003 | bcopy(src: rth, dst: opt->ip6po_rthdr, n: rthlen); |
4004 | capture_exthdrstat_out = TRUE; |
4005 | break; |
4006 | } |
4007 | |
4008 | case IPV6_USE_MIN_MTU: |
4009 | if (len != sizeof(int)) { |
4010 | return EINVAL; |
4011 | } |
4012 | minmtupolicy = *(int *)(void *)buf; |
4013 | if (minmtupolicy != IP6PO_MINMTU_MCASTONLY && |
4014 | minmtupolicy != IP6PO_MINMTU_DISABLE && |
4015 | minmtupolicy != IP6PO_MINMTU_ALL) { |
4016 | return EINVAL; |
4017 | } |
4018 | opt->ip6po_minmtu = minmtupolicy; |
4019 | break; |
4020 | |
4021 | case IPV6_DONTFRAG: |
4022 | if (len != sizeof(int)) { |
4023 | return EINVAL; |
4024 | } |
4025 | |
4026 | if (uproto == IPPROTO_TCP || *(int *)(void *)buf == 0) { |
4027 | /* |
4028 | * we ignore this option for TCP sockets. |
4029 | * (RFC3542 leaves this case unspecified.) |
4030 | */ |
4031 | opt->ip6po_flags &= ~IP6PO_DONTFRAG; |
4032 | } else { |
4033 | opt->ip6po_flags |= IP6PO_DONTFRAG; |
4034 | } |
4035 | break; |
4036 | |
4037 | case IPV6_PREFER_TEMPADDR: |
4038 | if (len != sizeof(int)) { |
4039 | return EINVAL; |
4040 | } |
4041 | preftemp = *(int *)(void *)buf; |
4042 | if (preftemp != IP6PO_TEMPADDR_SYSTEM && |
4043 | preftemp != IP6PO_TEMPADDR_NOTPREFER && |
4044 | preftemp != IP6PO_TEMPADDR_PREFER) { |
4045 | return EINVAL; |
4046 | } |
4047 | opt->ip6po_prefer_tempaddr = preftemp; |
4048 | break; |
4049 | |
4050 | default: |
4051 | return ENOPROTOOPT; |
4052 | } /* end of switch */ |
4053 | |
4054 | if (capture_exthdrstat_out) { |
4055 | if (uproto == IPPROTO_TCP) { |
4056 | INC_ATOMIC_INT64_LIM(net_api_stats.nas_sock_inet6_stream_exthdr_out); |
4057 | } else if (uproto == IPPROTO_UDP) { |
4058 | INC_ATOMIC_INT64_LIM(net_api_stats.nas_sock_inet6_dgram_exthdr_out); |
4059 | } |
4060 | } |
4061 | |
4062 | return 0; |
4063 | } |
4064 | |
4065 | /* |
4066 | * Routine called from ip6_output() to loop back a copy of an IP6 multicast |
4067 | * packet to the input queue of a specified interface. Note that this |
4068 | * calls the output routine of the loopback "driver", but with an interface |
4069 | * pointer that might NOT be &loif -- easier than replicating that code here. |
4070 | */ |
4071 | void |
4072 | ip6_mloopback(struct ifnet *srcifp, struct ifnet *origifp, struct mbuf *m, |
4073 | struct sockaddr_in6 *dst, uint32_t optlen, int32_t nxt0) |
4074 | { |
4075 | struct mbuf *copym; |
4076 | struct ip6_hdr *ip6; |
4077 | struct in6_addr src; |
4078 | |
4079 | if (lo_ifp == NULL) { |
4080 | return; |
4081 | } |
4082 | |
4083 | /* |
4084 | * Copy the packet header as it's needed for the checksum. |
4085 | * Make sure to deep-copy IPv6 header portion in case the data |
4086 | * is in an mbuf cluster, so that we can safely override the IPv6 |
4087 | * header portion later. |
4088 | */ |
4089 | copym = m_copym_mode(m, 0, M_COPYALL, M_DONTWAIT, NULL, NULL, M_COPYM_COPY_HDR); |
4090 | if (copym != NULL && ((copym->m_flags & M_EXT) || |
4091 | copym->m_len < sizeof(struct ip6_hdr))) { |
4092 | copym = m_pullup(copym, sizeof(struct ip6_hdr)); |
4093 | } |
4094 | |
4095 | if (copym == NULL) { |
4096 | return; |
4097 | } |
4098 | |
4099 | ip6 = mtod(copym, struct ip6_hdr *); |
4100 | src = ip6->ip6_src; |
4101 | /* |
4102 | * clear embedded scope identifiers if necessary. |
4103 | * in6_clearscope will touch the addresses only when necessary. |
4104 | */ |
4105 | in6_clearscope(&ip6->ip6_src); |
4106 | in6_clearscope(&ip6->ip6_dst); |
4107 | |
4108 | if (copym->m_pkthdr.csum_flags & CSUM_DELAY_IPV6_DATA) { |
4109 | in6_delayed_cksum_offset(copym, 0, optlen, nxt0); |
4110 | } |
4111 | |
4112 | /* |
4113 | * Stuff the 'real' ifp into the pkthdr, to be used in matching |
4114 | * in ip6_input(); we need the loopback ifp/dl_tag passed as args |
4115 | * to make the loopback driver compliant with the data link |
4116 | * requirements. |
4117 | */ |
4118 | copym->m_pkthdr.rcvif = origifp; |
4119 | |
4120 | /* |
4121 | * Also record the source interface (which owns the source address). |
4122 | * This is basically a stripped down version of ifa_foraddr6(). |
4123 | */ |
4124 | if (srcifp == NULL) { |
4125 | struct in6_ifaddr *ia; |
4126 | |
4127 | lck_rw_lock_shared(lck: &in6_ifaddr_rwlock); |
4128 | TAILQ_FOREACH(ia, IN6ADDR_HASH(&src), ia6_hash) { |
4129 | IFA_LOCK_SPIN(&ia->ia_ifa); |
4130 | /* compare against src addr with embedded scope */ |
4131 | if (in6_are_addr_equal_scoped(&ia->ia_addr.sin6_addr, &src, ia->ia_addr.sin6_scope_id, ip6_output_getsrcifscope(m))) { |
4132 | srcifp = ia->ia_ifp; |
4133 | IFA_UNLOCK(&ia->ia_ifa); |
4134 | break; |
4135 | } |
4136 | IFA_UNLOCK(&ia->ia_ifa); |
4137 | } |
4138 | lck_rw_done(lck: &in6_ifaddr_rwlock); |
4139 | } |
4140 | if (srcifp != NULL) { |
4141 | ip6_setsrcifaddr_info(copym, srcifp->if_index, NULL); |
4142 | } |
4143 | ip6_setdstifaddr_info(copym, origifp->if_index, NULL); |
4144 | |
4145 | dlil_output(lo_ifp, PF_INET6, copym, NULL, SA(dst), 0, NULL); |
4146 | } |
4147 | |
4148 | /* |
4149 | * Chop IPv6 header off from the payload. |
4150 | */ |
4151 | static int |
4152 | ip6_splithdr(struct mbuf *m, struct ip6_exthdrs *exthdrs) |
4153 | { |
4154 | struct mbuf *mh; |
4155 | struct ip6_hdr *ip6; |
4156 | |
4157 | ip6 = mtod(m, struct ip6_hdr *); |
4158 | if (m->m_len > sizeof(*ip6)) { |
4159 | MGETHDR(mh, M_DONTWAIT, MT_HEADER); /* MAC-OK */ |
4160 | if (mh == NULL) { |
4161 | m_freem(m); |
4162 | return ENOBUFS; |
4163 | } |
4164 | M_COPY_PKTHDR(mh, m); |
4165 | MH_ALIGN(mh, sizeof(*ip6)); |
4166 | m->m_flags &= ~M_PKTHDR; |
4167 | m->m_len -= sizeof(*ip6); |
4168 | m->m_data += sizeof(*ip6); |
4169 | mh->m_next = m; |
4170 | m = mh; |
4171 | m->m_len = sizeof(*ip6); |
4172 | bcopy(src: (caddr_t)ip6, mtod(m, caddr_t), n: sizeof(*ip6)); |
4173 | } |
4174 | exthdrs->ip6e_ip6 = m; |
4175 | return 0; |
4176 | } |
4177 | |
4178 | static void |
4179 | ip6_output_checksum(struct ifnet *ifp, uint32_t mtu, struct mbuf *m, |
4180 | int nxt0, uint32_t tlen, uint32_t optlen) |
4181 | { |
4182 | uint32_t sw_csum, hwcap = ifp->if_hwassist; |
4183 | |
4184 | if (!hwcksum_tx) { |
4185 | /* do all in software; checksum offload is disabled */ |
4186 | sw_csum = CSUM_DELAY_IPV6_DATA & m->m_pkthdr.csum_flags; |
4187 | } else { |
4188 | /* do in software what the hardware cannot */ |
4189 | sw_csum = m->m_pkthdr.csum_flags & ~IF_HWASSIST_CSUM_FLAGS(hwcap); |
4190 | } |
4191 | |
4192 | if (optlen != 0) { |
4193 | sw_csum |= (CSUM_DELAY_IPV6_DATA & |
4194 | m->m_pkthdr.csum_flags); |
4195 | } else if ((sw_csum & CSUM_DELAY_IPV6_DATA) && (hwcap & CSUM_PARTIAL)) { |
4196 | /* |
4197 | * Partial checksum offload, ere), if no extension headers, |
4198 | * and TCP only (no UDP support, as the hardware may not be |
4199 | * able to convert +0 to -0 (0xffff) per RFC1122 4.1.3.4. |
4200 | * unless the interface supports "invert zero" capability.) |
4201 | */ |
4202 | if (hwcksum_tx && |
4203 | ((m->m_pkthdr.csum_flags & CSUM_TCPIPV6) || |
4204 | ((hwcap & CSUM_ZERO_INVERT) && |
4205 | (m->m_pkthdr.csum_flags & CSUM_ZERO_INVERT))) && |
4206 | tlen <= mtu) { |
4207 | uint16_t start = sizeof(struct ip6_hdr); |
4208 | uint16_t ulpoff = |
4209 | m->m_pkthdr.csum_data & 0xffff; |
4210 | m->m_pkthdr.csum_flags |= |
4211 | (CSUM_DATA_VALID | CSUM_PARTIAL); |
4212 | m->m_pkthdr.csum_tx_stuff = (ulpoff + start); |
4213 | m->m_pkthdr.csum_tx_start = start; |
4214 | sw_csum = 0; |
4215 | } else { |
4216 | sw_csum |= (CSUM_DELAY_IPV6_DATA & |
4217 | m->m_pkthdr.csum_flags); |
4218 | } |
4219 | } |
4220 | |
4221 | if (sw_csum & CSUM_DELAY_IPV6_DATA) { |
4222 | in6_delayed_cksum_offset(m, 0, optlen, nxt0); |
4223 | sw_csum &= ~CSUM_DELAY_IPV6_DATA; |
4224 | } |
4225 | |
4226 | if (hwcksum_tx) { |
4227 | uint32_t delay_data = m->m_pkthdr.csum_flags & CSUM_DELAY_IPV6_DATA; |
4228 | uint32_t hw_csum = IF_HWASSIST_CSUM_FLAGS(hwcap); |
4229 | |
4230 | /* |
4231 | * Drop off bits that aren't supported by hardware; |
4232 | * also make sure to preserve non-checksum related bits. |
4233 | */ |
4234 | m->m_pkthdr.csum_flags = |
4235 | ((m->m_pkthdr.csum_flags & (hw_csum | CSUM_DATA_VALID)) | |
4236 | (m->m_pkthdr.csum_flags & ~IF_HWASSIST_CSUM_MASK)); |
4237 | |
4238 | /* |
4239 | * If hardware supports partial checksum but not delay_data, |
4240 | * add back delay_data. |
4241 | */ |
4242 | if ((hw_csum & CSUM_PARTIAL) != 0 && |
4243 | (hw_csum & delay_data) == 0) { |
4244 | m->m_pkthdr.csum_flags |= delay_data; |
4245 | } |
4246 | } else { |
4247 | /* drop all bits; checksum offload is disabled */ |
4248 | m->m_pkthdr.csum_flags = 0; |
4249 | } |
4250 | } |
4251 | |
4252 | /* |
4253 | * Compute IPv6 extension header length. |
4254 | */ |
4255 | int |
4256 | ip6_optlen(struct in6pcb *in6p) |
4257 | { |
4258 | int len; |
4259 | |
4260 | if (!in6p->in6p_outputopts) { |
4261 | return 0; |
4262 | } |
4263 | |
4264 | len = 0; |
4265 | #define elen(x) \ |
4266 | (((struct ip6_ext *)(x)) ? \ |
4267 | (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0) |
4268 | |
4269 | len += elen(in6p->in6p_outputopts->ip6po_hbh); |
4270 | if (in6p->in6p_outputopts->ip6po_rthdr) { |
4271 | /* dest1 is valid with rthdr only */ |
4272 | len += elen(in6p->in6p_outputopts->ip6po_dest1); |
4273 | } |
4274 | len += elen(in6p->in6p_outputopts->ip6po_rthdr); |
4275 | len += elen(in6p->in6p_outputopts->ip6po_dest2); |
4276 | return len; |
4277 | #undef elen |
4278 | } |
4279 | |
4280 | static int |
4281 | sysctl_reset_ip6_output_stats SYSCTL_HANDLER_ARGS |
4282 | { |
4283 | #pragma unused(arg1, arg2) |
4284 | int error, i; |
4285 | |
4286 | i = ip6_output_measure; |
4287 | error = sysctl_handle_int(oidp, arg1: &i, arg2: 0, req); |
4288 | if (error || req->newptr == USER_ADDR_NULL) { |
4289 | goto done; |
4290 | } |
4291 | /* impose bounds */ |
4292 | if (i < 0 || i > 1) { |
4293 | error = EINVAL; |
4294 | goto done; |
4295 | } |
4296 | if (ip6_output_measure != i && i == 1) { |
4297 | net_perf_initialize(npp: &net_perf, bins: ip6_output_measure_bins); |
4298 | } |
4299 | ip6_output_measure = i; |
4300 | done: |
4301 | return error; |
4302 | } |
4303 | |
4304 | static int |
4305 | sysctl_ip6_output_measure_bins SYSCTL_HANDLER_ARGS |
4306 | { |
4307 | #pragma unused(arg1, arg2) |
4308 | int error; |
4309 | uint64_t i; |
4310 | |
4311 | i = ip6_output_measure_bins; |
4312 | error = sysctl_handle_quad(oidp, arg1: &i, arg2: 0, req); |
4313 | if (error || req->newptr == USER_ADDR_NULL) { |
4314 | goto done; |
4315 | } |
4316 | /* validate data */ |
4317 | if (!net_perf_validate_bins(bins: i)) { |
4318 | error = EINVAL; |
4319 | goto done; |
4320 | } |
4321 | ip6_output_measure_bins = i; |
4322 | done: |
4323 | return error; |
4324 | } |
4325 | |
4326 | static int |
4327 | sysctl_ip6_output_getperf SYSCTL_HANDLER_ARGS |
4328 | { |
4329 | #pragma unused(oidp, arg1, arg2) |
4330 | if (req->oldptr == USER_ADDR_NULL) { |
4331 | req->oldlen = (size_t)sizeof(struct ipstat); |
4332 | } |
4333 | |
4334 | return SYSCTL_OUT(req, &net_perf, MIN(sizeof(net_perf), req->oldlen)); |
4335 | } |
4336 | |
4337 | void |
4338 | ip6_output_setsrcifscope(struct mbuf *m, uint32_t src_idx, struct in6_ifaddr *ia6) |
4339 | { |
4340 | VERIFY(m->m_flags & M_PKTHDR); |
4341 | |
4342 | m->m_pkthdr.pkt_ext_flags |= PKTF_EXT_OUTPUT_SCOPE; |
4343 | if (ia6 != NULL) { |
4344 | m->m_pkthdr.src_ifindex = ia6->ia_ifp->if_index; |
4345 | } else { |
4346 | m->m_pkthdr.src_ifindex = (uint16_t)src_idx; |
4347 | } |
4348 | } |
4349 | |
4350 | void |
4351 | ip6_output_setdstifscope(struct mbuf *m, uint32_t dst_idx, struct in6_ifaddr *ia6) |
4352 | { |
4353 | VERIFY(m->m_flags & M_PKTHDR); |
4354 | |
4355 | m->m_pkthdr.pkt_ext_flags |= PKTF_EXT_OUTPUT_SCOPE; |
4356 | if (ia6 != NULL) { |
4357 | m->m_pkthdr.dst_ifindex = ia6->ia_ifp->if_index; |
4358 | } else { |
4359 | m->m_pkthdr.dst_ifindex = (uint16_t)dst_idx; |
4360 | } |
4361 | } |
4362 | |
4363 | uint32_t |
4364 | ip6_output_getsrcifscope(struct mbuf *m) |
4365 | { |
4366 | VERIFY(m->m_flags & M_PKTHDR); |
4367 | if (in6_embedded_scope_debug) { |
4368 | VERIFY(m->m_pkthdr.pkt_ext_flags & PKTF_EXT_OUTPUT_SCOPE); |
4369 | VERIFY((m->m_pkthdr.pkt_flags & PKTF_IFAINFO) == 0); |
4370 | } |
4371 | |
4372 | return m->m_pkthdr.src_ifindex; |
4373 | } |
4374 | |
4375 | uint32_t |
4376 | ip6_output_getdstifscope(struct mbuf *m) |
4377 | { |
4378 | VERIFY(m->m_flags & M_PKTHDR); |
4379 | if (in6_embedded_scope_debug) { |
4380 | VERIFY(m->m_pkthdr.pkt_ext_flags & PKTF_EXT_OUTPUT_SCOPE); |
4381 | VERIFY((m->m_pkthdr.pkt_flags & PKTF_IFAINFO) == 0); |
4382 | } |
4383 | |
4384 | return m->m_pkthdr.dst_ifindex; |
4385 | } |
4386 | |