1 /* $NetBSD: in.c,v 1.214 2018/01/10 10:56:30 knakahara Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1998 The NetBSD Foundation, Inc. 34 * All rights reserved. 35 * 36 * This code is derived from software contributed to The NetBSD Foundation 37 * by Public Access Networks Corporation ("Panix"). It was developed under 38 * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 50 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 51 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 53 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 54 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 55 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 56 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 57 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 59 * POSSIBILITY OF SUCH DAMAGE. 60 */ 61 62 /* 63 * Copyright (c) 1982, 1986, 1991, 1993 64 * The Regents of the University of California. All rights reserved. 65 * 66 * Redistribution and use in source and binary forms, with or without 67 * modification, are permitted provided that the following conditions 68 * are met: 69 * 1. Redistributions of source code must retain the above copyright 70 * notice, this list of conditions and the following disclaimer. 71 * 2. Redistributions in binary form must reproduce the above copyright 72 * notice, this list of conditions and the following disclaimer in the 73 * documentation and/or other materials provided with the distribution. 74 * 3. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in.c 8.4 (Berkeley) 1/9/95 91 */ 92 93 #include <sys/cdefs.h> 94 __KERNEL_RCSID(0, "$NetBSD: in.c,v 1.214 2018/01/10 10:56:30 knakahara Exp $"); 95 96 #include "arp.h" 97 98 #ifdef _KERNEL_OPT 99 #include "opt_inet.h" 100 #include "opt_inet_conf.h" 101 #include "opt_mrouting.h" 102 #include "opt_net_mpsafe.h" 103 #endif 104 105 #include <sys/param.h> 106 #include <sys/ioctl.h> 107 #include <sys/errno.h> 108 #include <sys/kernel.h> 109 #include <sys/malloc.h> 110 #include <sys/socket.h> 111 #include <sys/socketvar.h> 112 #include <sys/sysctl.h> 113 #include <sys/systm.h> 114 #include <sys/proc.h> 115 #include <sys/syslog.h> 116 #include <sys/kauth.h> 117 #include <sys/kmem.h> 118 119 #include <sys/cprng.h> 120 121 #include <net/if.h> 122 #include <net/route.h> 123 #include <net/pfil.h> 124 125 #include <net/if_arp.h> 126 #include <net/if_ether.h> 127 #include <net/if_types.h> 128 #include <net/if_llatbl.h> 129 #include <net/if_dl.h> 130 131 #include <netinet/in_systm.h> 132 #include <netinet/in.h> 133 #include <netinet/in_var.h> 134 #include <netinet/ip.h> 135 #include <netinet/ip_var.h> 136 #include <netinet/in_ifattach.h> 137 #include <netinet/in_pcb.h> 138 #include <netinet/in_selsrc.h> 139 #include <netinet/if_inarp.h> 140 #include <netinet/ip_mroute.h> 141 #include <netinet/igmp_var.h> 142 143 #ifdef IPSELSRC 144 #include <netinet/in_selsrc.h> 145 #endif 146 147 static u_int in_mask2len(struct in_addr *); 148 static void in_len2mask(struct in_addr *, u_int); 149 static int in_lifaddr_ioctl(struct socket *, u_long, void *, 150 struct ifnet *); 151 152 static void in_addrhash_insert_locked(struct in_ifaddr *); 153 static void in_addrhash_remove_locked(struct in_ifaddr *); 154 155 static int in_addprefix(struct in_ifaddr *, int); 156 static void in_scrubaddr(struct in_ifaddr *); 157 static int in_scrubprefix(struct in_ifaddr *); 158 static void in_sysctl_init(struct sysctllog **); 159 160 #ifndef SUBNETSARELOCAL 161 #define SUBNETSARELOCAL 1 162 #endif 163 164 #ifndef HOSTZEROBROADCAST 165 #define HOSTZEROBROADCAST 0 166 #endif 167 168 /* Note: 61, 127, 251, 509, 1021, 2039 are good. */ 169 #ifndef IN_MULTI_HASH_SIZE 170 #define IN_MULTI_HASH_SIZE 509 171 #endif 172 173 static int subnetsarelocal = SUBNETSARELOCAL; 174 static int hostzeroisbroadcast = HOSTZEROBROADCAST; 175 176 /* 177 * This list is used to keep track of in_multi chains which belong to 178 * deleted interface addresses. We use in_ifaddr so that a chain head 179 * won't be deallocated until all multicast address record are deleted. 180 */ 181 182 LIST_HEAD(in_multihashhead, in_multi); /* Type of the hash head */ 183 184 static struct pool inmulti_pool; 185 static u_int in_multientries; 186 static struct in_multihashhead *in_multihashtbl; 187 static u_long in_multihash; 188 static krwlock_t in_multilock; 189 190 #define IN_MULTI_HASH(x, ifp) \ 191 (in_multihashtbl[(u_long)((x) ^ (ifp->if_index)) % IN_MULTI_HASH_SIZE]) 192 193 /* XXX DEPRECATED. Keep them to avoid breaking kvm(3) users. */ 194 struct in_ifaddrhashhead * in_ifaddrhashtbl; 195 u_long in_ifaddrhash; 196 struct in_ifaddrhead in_ifaddrhead; 197 static kmutex_t in_ifaddr_lock; 198 199 pserialize_t in_ifaddrhash_psz; 200 struct pslist_head * in_ifaddrhashtbl_pslist; 201 u_long in_ifaddrhash_pslist; 202 struct pslist_head in_ifaddrhead_pslist; 203 204 void 205 in_init(void) 206 { 207 pool_init(&inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", 208 NULL, IPL_SOFTNET); 209 TAILQ_INIT(&in_ifaddrhead); 210 PSLIST_INIT(&in_ifaddrhead_pslist); 211 212 in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, 213 &in_ifaddrhash); 214 215 in_ifaddrhash_psz = pserialize_create(); 216 in_ifaddrhashtbl_pslist = hashinit(IN_IFADDR_HASH_SIZE, HASH_PSLIST, 217 true, &in_ifaddrhash_pslist); 218 mutex_init(&in_ifaddr_lock, MUTEX_DEFAULT, IPL_NONE); 219 220 in_multihashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, 221 &in_multihash); 222 rw_init(&in_multilock); 223 224 in_sysctl_init(NULL); 225 } 226 227 /* 228 * Return 1 if an internet address is for a ``local'' host 229 * (one to which we have a connection). If subnetsarelocal 230 * is true, this includes other subnets of the local net. 231 * Otherwise, it includes only the directly-connected (sub)nets. 232 */ 233 int 234 in_localaddr(struct in_addr in) 235 { 236 struct in_ifaddr *ia; 237 int localaddr = 0; 238 int s = pserialize_read_enter(); 239 240 if (subnetsarelocal) { 241 IN_ADDRLIST_READER_FOREACH(ia) { 242 if ((in.s_addr & ia->ia_netmask) == ia->ia_net) { 243 localaddr = 1; 244 break; 245 } 246 } 247 } else { 248 IN_ADDRLIST_READER_FOREACH(ia) { 249 if ((in.s_addr & ia->ia_subnetmask) == ia->ia_subnet) { 250 localaddr = 1; 251 break; 252 } 253 } 254 } 255 pserialize_read_exit(s); 256 257 return localaddr; 258 } 259 260 /* 261 * like in_localaddr() but can specify ifp. 262 */ 263 int 264 in_direct(struct in_addr in, struct ifnet *ifp) 265 { 266 struct ifaddr *ifa; 267 int localaddr = 0; 268 int s; 269 270 KASSERT(ifp != NULL); 271 272 #define ia (ifatoia(ifa)) 273 s = pserialize_read_enter(); 274 if (subnetsarelocal) { 275 IFADDR_READER_FOREACH(ifa, ifp) { 276 if (ifa->ifa_addr->sa_family == AF_INET && 277 ((in.s_addr & ia->ia_netmask) == ia->ia_net)) { 278 localaddr = 1; 279 break; 280 } 281 } 282 } else { 283 IFADDR_READER_FOREACH(ifa, ifp) { 284 if (ifa->ifa_addr->sa_family == AF_INET && 285 (in.s_addr & ia->ia_subnetmask) == ia->ia_subnet) { 286 localaddr = 1; 287 break; 288 } 289 } 290 } 291 pserialize_read_exit(s); 292 293 return localaddr; 294 #undef ia 295 } 296 297 /* 298 * Determine whether an IP address is in a reserved set of addresses 299 * that may not be forwarded, or whether datagrams to that destination 300 * may be forwarded. 301 */ 302 int 303 in_canforward(struct in_addr in) 304 { 305 u_int32_t net; 306 307 if (IN_EXPERIMENTAL(in.s_addr) || IN_MULTICAST(in.s_addr)) 308 return (0); 309 if (IN_CLASSA(in.s_addr)) { 310 net = in.s_addr & IN_CLASSA_NET; 311 if (net == 0 || net == htonl(IN_LOOPBACKNET << IN_CLASSA_NSHIFT)) 312 return (0); 313 } 314 return (1); 315 } 316 317 /* 318 * Trim a mask in a sockaddr 319 */ 320 void 321 in_socktrim(struct sockaddr_in *ap) 322 { 323 char *cplim = (char *) &ap->sin_addr; 324 char *cp = (char *) (&ap->sin_addr + 1); 325 326 ap->sin_len = 0; 327 while (--cp >= cplim) 328 if (*cp) { 329 (ap)->sin_len = cp - (char *) (ap) + 1; 330 break; 331 } 332 } 333 334 /* 335 * Maintain the "in_maxmtu" variable, which is the largest 336 * mtu for non-local interfaces with AF_INET addresses assigned 337 * to them that are up. 338 */ 339 unsigned long in_maxmtu; 340 341 void 342 in_setmaxmtu(void) 343 { 344 struct in_ifaddr *ia; 345 struct ifnet *ifp; 346 unsigned long maxmtu = 0; 347 int s = pserialize_read_enter(); 348 349 IN_ADDRLIST_READER_FOREACH(ia) { 350 if ((ifp = ia->ia_ifp) == 0) 351 continue; 352 if ((ifp->if_flags & (IFF_UP|IFF_LOOPBACK)) != IFF_UP) 353 continue; 354 if (ifp->if_mtu > maxmtu) 355 maxmtu = ifp->if_mtu; 356 } 357 if (maxmtu) 358 in_maxmtu = maxmtu; 359 pserialize_read_exit(s); 360 } 361 362 static u_int 363 in_mask2len(struct in_addr *mask) 364 { 365 u_int x, y; 366 u_char *p; 367 368 p = (u_char *)mask; 369 for (x = 0; x < sizeof(*mask); x++) { 370 if (p[x] != 0xff) 371 break; 372 } 373 y = 0; 374 if (x < sizeof(*mask)) { 375 for (y = 0; y < NBBY; y++) { 376 if ((p[x] & (0x80 >> y)) == 0) 377 break; 378 } 379 } 380 return x * NBBY + y; 381 } 382 383 static void 384 in_len2mask(struct in_addr *mask, u_int len) 385 { 386 u_int i; 387 u_char *p; 388 389 p = (u_char *)mask; 390 memset(mask, 0, sizeof(*mask)); 391 for (i = 0; i < len / NBBY; i++) 392 p[i] = 0xff; 393 if (len % NBBY) 394 p[i] = (0xff00 >> (len % NBBY)) & 0xff; 395 } 396 397 /* 398 * Generic internet control operations (ioctl's). 399 * Ifp is 0 if not an interface-specific ioctl. 400 */ 401 /* ARGSUSED */ 402 static int 403 in_control0(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 404 { 405 struct ifreq *ifr = (struct ifreq *)data; 406 struct in_ifaddr *ia = NULL; 407 struct in_aliasreq *ifra = (struct in_aliasreq *)data; 408 struct sockaddr_in oldaddr, *new_dstaddr; 409 int error, hostIsNew, maskIsNew; 410 int newifaddr = 0; 411 bool run_hook = false; 412 bool need_reinsert = false; 413 struct psref psref; 414 int bound; 415 416 switch (cmd) { 417 case SIOCALIFADDR: 418 case SIOCDLIFADDR: 419 case SIOCGLIFADDR: 420 if (ifp == NULL) 421 return EINVAL; 422 return in_lifaddr_ioctl(so, cmd, data, ifp); 423 case SIOCGIFADDRPREF: 424 case SIOCSIFADDRPREF: 425 if (ifp == NULL) 426 return EINVAL; 427 return ifaddrpref_ioctl(so, cmd, data, ifp); 428 } 429 430 bound = curlwp_bind(); 431 /* 432 * Find address for this interface, if it exists. 433 */ 434 if (ifp != NULL) 435 ia = in_get_ia_from_ifp_psref(ifp, &psref); 436 437 hostIsNew = 1; /* moved here to appease gcc */ 438 switch (cmd) { 439 case SIOCAIFADDR: 440 case SIOCDIFADDR: 441 case SIOCGIFALIAS: 442 case SIOCGIFAFLAG_IN: 443 if (ifra->ifra_addr.sin_family == AF_INET) { 444 int s; 445 446 if (ia != NULL) 447 ia4_release(ia, &psref); 448 s = pserialize_read_enter(); 449 IN_ADDRHASH_READER_FOREACH(ia, 450 ifra->ifra_addr.sin_addr.s_addr) { 451 if (ia->ia_ifp == ifp && 452 in_hosteq(ia->ia_addr.sin_addr, 453 ifra->ifra_addr.sin_addr)) 454 break; 455 } 456 if (ia != NULL) 457 ia4_acquire(ia, &psref); 458 pserialize_read_exit(s); 459 } 460 if ((cmd == SIOCDIFADDR || 461 cmd == SIOCGIFALIAS || 462 cmd == SIOCGIFAFLAG_IN) && 463 ia == NULL) { 464 error = EADDRNOTAVAIL; 465 goto out; 466 } 467 468 if (cmd == SIOCDIFADDR && 469 ifra->ifra_addr.sin_family == AF_UNSPEC) { 470 ifra->ifra_addr.sin_family = AF_INET; 471 } 472 /* FALLTHROUGH */ 473 case SIOCSIFADDR: 474 if (ia == NULL || ia->ia_addr.sin_family != AF_INET) 475 ; 476 else if (ifra->ifra_addr.sin_len == 0) { 477 ifra->ifra_addr = ia->ia_addr; 478 hostIsNew = 0; 479 } else if (in_hosteq(ia->ia_addr.sin_addr, 480 ifra->ifra_addr.sin_addr)) 481 hostIsNew = 0; 482 /* FALLTHROUGH */ 483 case SIOCSIFDSTADDR: 484 if (ifra->ifra_addr.sin_family != AF_INET) { 485 error = EAFNOSUPPORT; 486 goto out; 487 } 488 /* FALLTHROUGH */ 489 case SIOCSIFNETMASK: 490 if (ifp == NULL) 491 panic("in_control"); 492 493 if (cmd == SIOCGIFALIAS || cmd == SIOCGIFAFLAG_IN) 494 break; 495 496 if (ia == NULL && 497 (cmd == SIOCSIFNETMASK || cmd == SIOCSIFDSTADDR)) { 498 error = EADDRNOTAVAIL; 499 goto out; 500 } 501 502 if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, 503 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 504 NULL) != 0) { 505 error = EPERM; 506 goto out; 507 } 508 509 if (ia == NULL) { 510 ia = malloc(sizeof(*ia), M_IFADDR, M_WAITOK|M_ZERO); 511 if (ia == NULL) { 512 error = ENOBUFS; 513 goto out; 514 } 515 ia->ia_ifa.ifa_addr = sintosa(&ia->ia_addr); 516 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 517 ia->ia_ifa.ifa_netmask = sintosa(&ia->ia_sockmask); 518 #ifdef IPSELSRC 519 ia->ia_ifa.ifa_getifa = in_getifa; 520 #else /* IPSELSRC */ 521 ia->ia_ifa.ifa_getifa = NULL; 522 #endif /* IPSELSRC */ 523 ia->ia_sockmask.sin_len = 8; 524 ia->ia_sockmask.sin_family = AF_INET; 525 if (ifp->if_flags & IFF_BROADCAST) { 526 ia->ia_broadaddr.sin_len = sizeof(ia->ia_addr); 527 ia->ia_broadaddr.sin_family = AF_INET; 528 } 529 ia->ia_ifp = ifp; 530 ia->ia_idsalt = cprng_fast32() % 65535; 531 LIST_INIT(&ia->ia_multiaddrs); 532 IN_ADDRHASH_ENTRY_INIT(ia); 533 IN_ADDRLIST_ENTRY_INIT(ia); 534 ifa_psref_init(&ia->ia_ifa); 535 /* 536 * We need a reference to make ia survive over in_ifinit 537 * that does ifaref and ifafree. 538 */ 539 ifaref(&ia->ia_ifa); 540 541 newifaddr = 1; 542 } 543 break; 544 545 case SIOCSIFBRDADDR: 546 if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, 547 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 548 NULL) != 0) { 549 error = EPERM; 550 goto out; 551 } 552 /* FALLTHROUGH */ 553 554 case SIOCGIFADDR: 555 case SIOCGIFNETMASK: 556 case SIOCGIFDSTADDR: 557 case SIOCGIFBRDADDR: 558 if (ia == NULL) { 559 error = EADDRNOTAVAIL; 560 goto out; 561 } 562 break; 563 } 564 error = 0; 565 switch (cmd) { 566 567 case SIOCGIFADDR: 568 ifreq_setaddr(cmd, ifr, sintocsa(&ia->ia_addr)); 569 break; 570 571 case SIOCGIFBRDADDR: 572 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 573 error = EINVAL; 574 goto out; 575 } 576 ifreq_setdstaddr(cmd, ifr, sintocsa(&ia->ia_broadaddr)); 577 break; 578 579 case SIOCGIFDSTADDR: 580 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 581 error = EINVAL; 582 goto out; 583 } 584 ifreq_setdstaddr(cmd, ifr, sintocsa(&ia->ia_dstaddr)); 585 break; 586 587 case SIOCGIFNETMASK: 588 /* 589 * We keep the number of trailing zero bytes the sin_len field 590 * of ia_sockmask, so we fix this before we pass it back to 591 * userland. 592 */ 593 oldaddr = ia->ia_sockmask; 594 oldaddr.sin_len = sizeof(struct sockaddr_in); 595 ifreq_setaddr(cmd, ifr, (const void *)&oldaddr); 596 break; 597 598 case SIOCSIFDSTADDR: 599 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 600 error = EINVAL; 601 goto out; 602 } 603 oldaddr = ia->ia_dstaddr; 604 ia->ia_dstaddr = *satocsin(ifreq_getdstaddr(cmd, ifr)); 605 if ((error = if_addr_init(ifp, &ia->ia_ifa, false)) != 0) { 606 ia->ia_dstaddr = oldaddr; 607 goto out; 608 } 609 if (ia->ia_flags & IFA_ROUTE) { 610 ia->ia_ifa.ifa_dstaddr = sintosa(&oldaddr); 611 rtinit(&ia->ia_ifa, RTM_DELETE, RTF_HOST); 612 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 613 rtinit(&ia->ia_ifa, RTM_ADD, RTF_HOST|RTF_UP); 614 } 615 break; 616 617 case SIOCSIFBRDADDR: 618 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 619 error = EINVAL; 620 goto out; 621 } 622 ia->ia_broadaddr = *satocsin(ifreq_getbroadaddr(cmd, ifr)); 623 break; 624 625 case SIOCSIFADDR: 626 if (!newifaddr) { 627 in_addrhash_remove(ia); 628 need_reinsert = true; 629 } 630 error = in_ifinit(ifp, ia, satocsin(ifreq_getaddr(cmd, ifr)), 631 NULL, 1); 632 633 run_hook = true; 634 break; 635 636 case SIOCSIFNETMASK: 637 in_scrubprefix(ia); 638 ia->ia_sockmask = *satocsin(ifreq_getaddr(cmd, ifr)); 639 ia->ia_subnetmask = ia->ia_sockmask.sin_addr.s_addr; 640 if (!newifaddr) { 641 in_addrhash_remove(ia); 642 need_reinsert = true; 643 } 644 error = in_ifinit(ifp, ia, NULL, NULL, 0); 645 break; 646 647 case SIOCAIFADDR: 648 maskIsNew = 0; 649 if (ifra->ifra_mask.sin_len) { 650 in_scrubprefix(ia); 651 ia->ia_sockmask = ifra->ifra_mask; 652 ia->ia_subnetmask = ia->ia_sockmask.sin_addr.s_addr; 653 maskIsNew = 1; 654 } 655 if ((ifp->if_flags & IFF_POINTOPOINT) && 656 (ifra->ifra_dstaddr.sin_family == AF_INET)) { 657 new_dstaddr = &ifra->ifra_dstaddr; 658 maskIsNew = 1; /* We lie; but the effect's the same */ 659 } else 660 new_dstaddr = NULL; 661 if (ifra->ifra_addr.sin_family == AF_INET && 662 (hostIsNew || maskIsNew)) { 663 if (!newifaddr) { 664 in_addrhash_remove(ia); 665 need_reinsert = true; 666 } 667 error = in_ifinit(ifp, ia, &ifra->ifra_addr, 668 new_dstaddr, 0); 669 } 670 if ((ifp->if_flags & IFF_BROADCAST) && 671 (ifra->ifra_broadaddr.sin_family == AF_INET)) 672 ia->ia_broadaddr = ifra->ifra_broadaddr; 673 run_hook = true; 674 break; 675 676 case SIOCGIFALIAS: 677 ifra->ifra_mask = ia->ia_sockmask; 678 if ((ifp->if_flags & IFF_POINTOPOINT) && 679 (ia->ia_dstaddr.sin_family == AF_INET)) 680 ifra->ifra_dstaddr = ia->ia_dstaddr; 681 else if ((ifp->if_flags & IFF_BROADCAST) && 682 (ia->ia_broadaddr.sin_family == AF_INET)) 683 ifra->ifra_broadaddr = ia->ia_broadaddr; 684 else 685 memset(&ifra->ifra_broadaddr, 0, 686 sizeof(ifra->ifra_broadaddr)); 687 break; 688 689 case SIOCGIFAFLAG_IN: 690 ifr->ifr_addrflags = ia->ia4_flags; 691 break; 692 693 case SIOCDIFADDR: 694 ia4_release(ia, &psref); 695 ifaref(&ia->ia_ifa); 696 in_purgeaddr(&ia->ia_ifa); 697 pfil_run_addrhooks(if_pfil, cmd, &ia->ia_ifa); 698 ifafree(&ia->ia_ifa); 699 ia = NULL; 700 break; 701 702 #ifdef MROUTING 703 case SIOCGETVIFCNT: 704 case SIOCGETSGCNT: 705 error = mrt_ioctl(so, cmd, data); 706 break; 707 #endif /* MROUTING */ 708 709 default: 710 error = ENOTTY; 711 goto out; 712 } 713 714 /* 715 * XXX insert regardless of error to make in_purgeaddr below work. 716 * Need to improve. 717 */ 718 if (newifaddr) { 719 ifaref(&ia->ia_ifa); 720 ifa_insert(ifp, &ia->ia_ifa); 721 722 mutex_enter(&in_ifaddr_lock); 723 TAILQ_INSERT_TAIL(&in_ifaddrhead, ia, ia_list); 724 IN_ADDRLIST_WRITER_INSERT_TAIL(ia); 725 in_addrhash_insert_locked(ia); 726 /* Release a reference that is held just after creation. */ 727 ifafree(&ia->ia_ifa); 728 mutex_exit(&in_ifaddr_lock); 729 } else if (need_reinsert) { 730 in_addrhash_insert(ia); 731 } 732 733 if (error == 0) { 734 if (run_hook) 735 pfil_run_addrhooks(if_pfil, cmd, &ia->ia_ifa); 736 } else if (newifaddr) { 737 KASSERT(ia != NULL); 738 in_purgeaddr(&ia->ia_ifa); 739 ia = NULL; 740 } 741 742 out: 743 if (!newifaddr && ia != NULL) 744 ia4_release(ia, &psref); 745 curlwp_bindx(bound); 746 return error; 747 } 748 749 int 750 in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 751 { 752 int error; 753 754 SOFTNET_LOCK_UNLESS_NET_MPSAFE(); 755 error = in_control0(so, cmd, data, ifp); 756 SOFTNET_UNLOCK_UNLESS_NET_MPSAFE(); 757 758 return error; 759 } 760 761 /* Add ownaddr as loopback rtentry. */ 762 static void 763 in_ifaddlocal(struct ifaddr *ifa) 764 { 765 struct in_ifaddr *ia; 766 767 ia = (struct in_ifaddr *)ifa; 768 if (ia->ia_addr.sin_addr.s_addr == INADDR_ANY || 769 (ia->ia_ifp->if_flags & IFF_POINTOPOINT && 770 in_hosteq(ia->ia_dstaddr.sin_addr, ia->ia_addr.sin_addr))) 771 { 772 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 773 return; 774 } 775 776 rt_ifa_addlocal(ifa); 777 } 778 779 /* Remove loopback entry of ownaddr */ 780 static void 781 in_ifremlocal(struct ifaddr *ifa) 782 { 783 struct in_ifaddr *ia, *p; 784 struct ifaddr *alt_ifa = NULL; 785 int ia_count = 0; 786 int s; 787 struct psref psref; 788 int bound = curlwp_bind(); 789 790 ia = (struct in_ifaddr *)ifa; 791 /* Delete the entry if exactly one ifaddr matches the 792 * address, ifa->ifa_addr. */ 793 s = pserialize_read_enter(); 794 IN_ADDRLIST_READER_FOREACH(p) { 795 if (!in_hosteq(p->ia_addr.sin_addr, ia->ia_addr.sin_addr)) 796 continue; 797 if (p->ia_ifp != ia->ia_ifp) 798 alt_ifa = &p->ia_ifa; 799 if (++ia_count > 1 && alt_ifa != NULL) 800 break; 801 } 802 if (alt_ifa != NULL && ia_count > 1) 803 ifa_acquire(alt_ifa, &psref); 804 pserialize_read_exit(s); 805 806 if (ia_count == 0) 807 goto out; 808 809 rt_ifa_remlocal(ifa, ia_count == 1 ? NULL : alt_ifa); 810 if (alt_ifa != NULL && ia_count > 1) 811 ifa_release(alt_ifa, &psref); 812 out: 813 curlwp_bindx(bound); 814 } 815 816 static void 817 in_scrubaddr(struct in_ifaddr *ia) 818 { 819 820 /* stop DAD processing */ 821 if (ia->ia_dad_stop != NULL) 822 ia->ia_dad_stop(&ia->ia_ifa); 823 824 in_scrubprefix(ia); 825 in_ifremlocal(&ia->ia_ifa); 826 827 mutex_enter(&in_ifaddr_lock); 828 if (ia->ia_allhosts != NULL) { 829 in_delmulti(ia->ia_allhosts); 830 ia->ia_allhosts = NULL; 831 } 832 mutex_exit(&in_ifaddr_lock); 833 } 834 835 /* 836 * Depends on it isn't called in concurrent. It should be guaranteed 837 * by ifa->ifa_ifp's ioctl lock. The possible callers are in_control 838 * and if_purgeaddrs; the former is called iva ifa->ifa_ifp's ioctl 839 * and the latter is called via ifa->ifa_ifp's if_detach. The functions 840 * never be executed in concurrent. 841 */ 842 void 843 in_purgeaddr(struct ifaddr *ifa) 844 { 845 struct in_ifaddr *ia = (void *) ifa; 846 struct ifnet *ifp = ifa->ifa_ifp; 847 848 /* KASSERT(!ifa_held(ifa)); XXX need ifa_not_held (psref_not_held) */ 849 850 ifa->ifa_flags |= IFA_DESTROYING; 851 in_scrubaddr(ia); 852 853 mutex_enter(&in_ifaddr_lock); 854 in_addrhash_remove_locked(ia); 855 TAILQ_REMOVE(&in_ifaddrhead, ia, ia_list); 856 IN_ADDRLIST_WRITER_REMOVE(ia); 857 ifa_remove(ifp, &ia->ia_ifa); 858 #ifdef NET_MPSAFE 859 pserialize_perform(in_ifaddrhash_psz); 860 #endif 861 mutex_exit(&in_ifaddr_lock); 862 IN_ADDRHASH_ENTRY_DESTROY(ia); 863 IN_ADDRLIST_ENTRY_DESTROY(ia); 864 ifafree(&ia->ia_ifa); 865 in_setmaxmtu(); 866 } 867 868 static void 869 in_addrhash_insert_locked(struct in_ifaddr *ia) 870 { 871 872 KASSERT(mutex_owned(&in_ifaddr_lock)); 873 874 LIST_INSERT_HEAD(&IN_IFADDR_HASH(ia->ia_addr.sin_addr.s_addr), ia, 875 ia_hash); 876 IN_ADDRHASH_ENTRY_INIT(ia); 877 IN_ADDRHASH_WRITER_INSERT_HEAD(ia); 878 } 879 880 void 881 in_addrhash_insert(struct in_ifaddr *ia) 882 { 883 884 mutex_enter(&in_ifaddr_lock); 885 in_addrhash_insert_locked(ia); 886 mutex_exit(&in_ifaddr_lock); 887 } 888 889 static void 890 in_addrhash_remove_locked(struct in_ifaddr *ia) 891 { 892 893 KASSERT(mutex_owned(&in_ifaddr_lock)); 894 895 LIST_REMOVE(ia, ia_hash); 896 IN_ADDRHASH_WRITER_REMOVE(ia); 897 } 898 899 void 900 in_addrhash_remove(struct in_ifaddr *ia) 901 { 902 903 mutex_enter(&in_ifaddr_lock); 904 in_addrhash_remove_locked(ia); 905 #ifdef NET_MPSAFE 906 pserialize_perform(in_ifaddrhash_psz); 907 #endif 908 mutex_exit(&in_ifaddr_lock); 909 IN_ADDRHASH_ENTRY_DESTROY(ia); 910 } 911 912 void 913 in_purgeif(struct ifnet *ifp) /* MUST be called at splsoftnet() */ 914 { 915 916 IFNET_LOCK(ifp); 917 if_purgeaddrs(ifp, AF_INET, in_purgeaddr); 918 igmp_purgeif(ifp); /* manipulates pools */ 919 #ifdef MROUTING 920 ip_mrouter_detach(ifp); 921 #endif 922 IFNET_UNLOCK(ifp); 923 } 924 925 /* 926 * SIOC[GAD]LIFADDR. 927 * SIOCGLIFADDR: get first address. (???) 928 * SIOCGLIFADDR with IFLR_PREFIX: 929 * get first address that matches the specified prefix. 930 * SIOCALIFADDR: add the specified address. 931 * SIOCALIFADDR with IFLR_PREFIX: 932 * EINVAL since we can't deduce hostid part of the address. 933 * SIOCDLIFADDR: delete the specified address. 934 * SIOCDLIFADDR with IFLR_PREFIX: 935 * delete the first address that matches the specified prefix. 936 * return values: 937 * EINVAL on invalid parameters 938 * EADDRNOTAVAIL on prefix match failed/specified address not found 939 * other values may be returned from in_ioctl() 940 */ 941 static int 942 in_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 943 struct ifnet *ifp) 944 { 945 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 946 struct ifaddr *ifa; 947 struct sockaddr *sa; 948 949 /* sanity checks */ 950 if (data == NULL || ifp == NULL) { 951 panic("invalid argument to in_lifaddr_ioctl"); 952 /*NOTRECHED*/ 953 } 954 955 switch (cmd) { 956 case SIOCGLIFADDR: 957 /* address must be specified on GET with IFLR_PREFIX */ 958 if ((iflr->flags & IFLR_PREFIX) == 0) 959 break; 960 /*FALLTHROUGH*/ 961 case SIOCALIFADDR: 962 case SIOCDLIFADDR: 963 /* address must be specified on ADD and DELETE */ 964 sa = (struct sockaddr *)&iflr->addr; 965 if (sa->sa_family != AF_INET) 966 return EINVAL; 967 if (sa->sa_len != sizeof(struct sockaddr_in)) 968 return EINVAL; 969 /* XXX need improvement */ 970 sa = (struct sockaddr *)&iflr->dstaddr; 971 if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET) 972 return EINVAL; 973 if (sa->sa_len != 0 && sa->sa_len != sizeof(struct sockaddr_in)) 974 return EINVAL; 975 break; 976 default: /*shouldn't happen*/ 977 #if 0 978 panic("invalid cmd to in_lifaddr_ioctl"); 979 /*NOTREACHED*/ 980 #else 981 return EOPNOTSUPP; 982 #endif 983 } 984 if (sizeof(struct in_addr) * NBBY < iflr->prefixlen) 985 return EINVAL; 986 987 switch (cmd) { 988 case SIOCALIFADDR: 989 { 990 struct in_aliasreq ifra; 991 992 if (iflr->flags & IFLR_PREFIX) 993 return EINVAL; 994 995 /* copy args to in_aliasreq, perform ioctl(SIOCAIFADDR). */ 996 memset(&ifra, 0, sizeof(ifra)); 997 memcpy(ifra.ifra_name, iflr->iflr_name, 998 sizeof(ifra.ifra_name)); 999 1000 memcpy(&ifra.ifra_addr, &iflr->addr, 1001 ((struct sockaddr *)&iflr->addr)->sa_len); 1002 1003 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/ 1004 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1005 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1006 } 1007 1008 ifra.ifra_mask.sin_family = AF_INET; 1009 ifra.ifra_mask.sin_len = sizeof(struct sockaddr_in); 1010 in_len2mask(&ifra.ifra_mask.sin_addr, iflr->prefixlen); 1011 1012 return in_control(so, SIOCAIFADDR, &ifra, ifp); 1013 } 1014 case SIOCGLIFADDR: 1015 case SIOCDLIFADDR: 1016 { 1017 struct in_ifaddr *ia; 1018 struct in_addr mask, candidate, match; 1019 struct sockaddr_in *sin; 1020 int cmp, s; 1021 1022 memset(&mask, 0, sizeof(mask)); 1023 memset(&match, 0, sizeof(match)); /* XXX gcc */ 1024 if (iflr->flags & IFLR_PREFIX) { 1025 /* lookup a prefix rather than address. */ 1026 in_len2mask(&mask, iflr->prefixlen); 1027 1028 sin = (struct sockaddr_in *)&iflr->addr; 1029 match.s_addr = sin->sin_addr.s_addr; 1030 match.s_addr &= mask.s_addr; 1031 1032 /* if you set extra bits, that's wrong */ 1033 if (match.s_addr != sin->sin_addr.s_addr) 1034 return EINVAL; 1035 1036 cmp = 1; 1037 } else { 1038 if (cmd == SIOCGLIFADDR) { 1039 /* on getting an address, take the 1st match */ 1040 cmp = 0; /*XXX*/ 1041 } else { 1042 /* on deleting an address, do exact match */ 1043 in_len2mask(&mask, 32); 1044 sin = (struct sockaddr_in *)&iflr->addr; 1045 match.s_addr = sin->sin_addr.s_addr; 1046 1047 cmp = 1; 1048 } 1049 } 1050 1051 s = pserialize_read_enter(); 1052 IFADDR_READER_FOREACH(ifa, ifp) { 1053 if (ifa->ifa_addr->sa_family != AF_INET) 1054 continue; 1055 if (cmp == 0) 1056 break; 1057 candidate.s_addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr; 1058 candidate.s_addr &= mask.s_addr; 1059 if (candidate.s_addr == match.s_addr) 1060 break; 1061 } 1062 if (ifa == NULL) { 1063 pserialize_read_exit(s); 1064 return EADDRNOTAVAIL; 1065 } 1066 ia = (struct in_ifaddr *)ifa; 1067 1068 if (cmd == SIOCGLIFADDR) { 1069 /* fill in the if_laddrreq structure */ 1070 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin_len); 1071 1072 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1073 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1074 ia->ia_dstaddr.sin_len); 1075 } else 1076 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1077 1078 iflr->prefixlen = 1079 in_mask2len(&ia->ia_sockmask.sin_addr); 1080 1081 iflr->flags = 0; /*XXX*/ 1082 pserialize_read_exit(s); 1083 1084 return 0; 1085 } else { 1086 struct in_aliasreq ifra; 1087 1088 /* fill in_aliasreq and do ioctl(SIOCDIFADDR) */ 1089 memset(&ifra, 0, sizeof(ifra)); 1090 memcpy(ifra.ifra_name, iflr->iflr_name, 1091 sizeof(ifra.ifra_name)); 1092 1093 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1094 ia->ia_addr.sin_len); 1095 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1096 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1097 ia->ia_dstaddr.sin_len); 1098 } 1099 memcpy(&ifra.ifra_dstaddr, &ia->ia_sockmask, 1100 ia->ia_sockmask.sin_len); 1101 pserialize_read_exit(s); 1102 1103 return in_control(so, SIOCDIFADDR, &ifra, ifp); 1104 } 1105 } 1106 } 1107 1108 return EOPNOTSUPP; /*just for safety*/ 1109 } 1110 1111 /* 1112 * Initialize an interface's internet address 1113 * and routing table entry. 1114 */ 1115 int 1116 in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, 1117 const struct sockaddr_in *sin, const struct sockaddr_in *dst, int scrub) 1118 { 1119 u_int32_t i; 1120 struct sockaddr_in oldaddr, olddst; 1121 int s, oldflags, flags = RTF_UP, error, hostIsNew; 1122 1123 if (sin == NULL) 1124 sin = &ia->ia_addr; 1125 if (dst == NULL) 1126 dst = &ia->ia_dstaddr; 1127 1128 /* 1129 * Set up new addresses. 1130 */ 1131 oldaddr = ia->ia_addr; 1132 olddst = ia->ia_dstaddr; 1133 oldflags = ia->ia4_flags; 1134 ia->ia_addr = *sin; 1135 ia->ia_dstaddr = *dst; 1136 hostIsNew = oldaddr.sin_family != AF_INET || 1137 !in_hosteq(ia->ia_addr.sin_addr, oldaddr.sin_addr); 1138 if (!scrub) 1139 scrub = oldaddr.sin_family != ia->ia_dstaddr.sin_family || 1140 !in_hosteq(ia->ia_dstaddr.sin_addr, olddst.sin_addr); 1141 1142 /* 1143 * Configure address flags. 1144 * We need to do this early because they maybe adjusted 1145 * by if_addr_init depending on the address. 1146 */ 1147 if (ia->ia4_flags & IN_IFF_DUPLICATED) { 1148 ia->ia4_flags &= ~IN_IFF_DUPLICATED; 1149 hostIsNew = 1; 1150 } 1151 if (ifp->if_link_state == LINK_STATE_DOWN) { 1152 ia->ia4_flags |= IN_IFF_DETACHED; 1153 ia->ia4_flags &= ~IN_IFF_TENTATIVE; 1154 } else if (hostIsNew && if_do_dad(ifp)) 1155 ia->ia4_flags |= IN_IFF_TRYTENTATIVE; 1156 1157 /* 1158 * Give the interface a chance to initialize 1159 * if this is its first address, 1160 * and to validate the address if necessary. 1161 */ 1162 s = splsoftnet(); 1163 error = if_addr_init(ifp, &ia->ia_ifa, true); 1164 splx(s); 1165 /* Now clear the try tentative flag, its job is done. */ 1166 ia->ia4_flags &= ~IN_IFF_TRYTENTATIVE; 1167 if (error != 0) { 1168 ia->ia_addr = oldaddr; 1169 ia->ia_dstaddr = olddst; 1170 ia->ia4_flags = oldflags; 1171 return error; 1172 } 1173 1174 if (scrub || hostIsNew) { 1175 int newflags = ia->ia4_flags; 1176 1177 ia->ia_ifa.ifa_addr = sintosa(&oldaddr); 1178 ia->ia_ifa.ifa_dstaddr = sintosa(&olddst); 1179 ia->ia4_flags = oldflags; 1180 if (hostIsNew) 1181 in_scrubaddr(ia); 1182 else if (scrub) 1183 in_scrubprefix(ia); 1184 ia->ia_ifa.ifa_addr = sintosa(&ia->ia_addr); 1185 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 1186 ia->ia4_flags = newflags; 1187 } 1188 1189 i = ia->ia_addr.sin_addr.s_addr; 1190 if (ifp->if_flags & IFF_POINTOPOINT) 1191 ia->ia_netmask = INADDR_BROADCAST; /* default to /32 */ 1192 else if (IN_CLASSA(i)) 1193 ia->ia_netmask = IN_CLASSA_NET; 1194 else if (IN_CLASSB(i)) 1195 ia->ia_netmask = IN_CLASSB_NET; 1196 else 1197 ia->ia_netmask = IN_CLASSC_NET; 1198 /* 1199 * The subnet mask usually includes at least the standard network part, 1200 * but may may be smaller in the case of supernetting. 1201 * If it is set, we believe it. 1202 */ 1203 if (ia->ia_subnetmask == 0) { 1204 ia->ia_subnetmask = ia->ia_netmask; 1205 ia->ia_sockmask.sin_addr.s_addr = ia->ia_subnetmask; 1206 } else 1207 ia->ia_netmask &= ia->ia_subnetmask; 1208 1209 ia->ia_net = i & ia->ia_netmask; 1210 ia->ia_subnet = i & ia->ia_subnetmask; 1211 in_socktrim(&ia->ia_sockmask); 1212 1213 /* re-calculate the "in_maxmtu" value */ 1214 in_setmaxmtu(); 1215 1216 ia->ia_ifa.ifa_metric = ifp->if_metric; 1217 if (ifp->if_flags & IFF_BROADCAST) { 1218 ia->ia_broadaddr.sin_addr.s_addr = 1219 ia->ia_subnet | ~ia->ia_subnetmask; 1220 ia->ia_netbroadcast.s_addr = 1221 ia->ia_net | ~ia->ia_netmask; 1222 } else if (ifp->if_flags & IFF_LOOPBACK) { 1223 ia->ia_dstaddr = ia->ia_addr; 1224 flags |= RTF_HOST; 1225 } else if (ifp->if_flags & IFF_POINTOPOINT) { 1226 if (ia->ia_dstaddr.sin_family != AF_INET) 1227 return (0); 1228 flags |= RTF_HOST; 1229 } 1230 1231 /* Add the local route to the address */ 1232 in_ifaddlocal(&ia->ia_ifa); 1233 1234 /* Add the prefix route for the address */ 1235 error = in_addprefix(ia, flags); 1236 1237 /* 1238 * If the interface supports multicast, join the "all hosts" 1239 * multicast group on that interface. 1240 */ 1241 mutex_enter(&in_ifaddr_lock); 1242 if ((ifp->if_flags & IFF_MULTICAST) != 0 && ia->ia_allhosts == NULL) { 1243 struct in_addr addr; 1244 1245 addr.s_addr = INADDR_ALLHOSTS_GROUP; 1246 ia->ia_allhosts = in_addmulti(&addr, ifp); 1247 } 1248 mutex_exit(&in_ifaddr_lock); 1249 1250 if (hostIsNew && 1251 ia->ia4_flags & IN_IFF_TENTATIVE && 1252 if_do_dad(ifp)) 1253 ia->ia_dad_start((struct ifaddr *)ia); 1254 1255 return error; 1256 } 1257 1258 #define rtinitflags(x) \ 1259 ((((x)->ia_ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) \ 1260 ? RTF_HOST : 0) 1261 1262 /* 1263 * add a route to prefix ("connected route" in cisco terminology). 1264 * does nothing if there's some interface address with the same prefix already. 1265 */ 1266 static int 1267 in_addprefix(struct in_ifaddr *target, int flags) 1268 { 1269 struct in_ifaddr *ia; 1270 struct in_addr prefix, mask, p; 1271 int error; 1272 int s; 1273 1274 if ((flags & RTF_HOST) != 0) 1275 prefix = target->ia_dstaddr.sin_addr; 1276 else { 1277 prefix = target->ia_addr.sin_addr; 1278 mask = target->ia_sockmask.sin_addr; 1279 prefix.s_addr &= mask.s_addr; 1280 } 1281 1282 s = pserialize_read_enter(); 1283 IN_ADDRLIST_READER_FOREACH(ia) { 1284 if (rtinitflags(ia)) 1285 p = ia->ia_dstaddr.sin_addr; 1286 else { 1287 p = ia->ia_addr.sin_addr; 1288 p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; 1289 } 1290 1291 if (prefix.s_addr != p.s_addr) 1292 continue; 1293 1294 /* 1295 * if we got a matching prefix route inserted by other 1296 * interface address, we don't need to bother 1297 * 1298 * XXX RADIX_MPATH implications here? -dyoung 1299 */ 1300 if (ia->ia_flags & IFA_ROUTE) { 1301 pserialize_read_exit(s); 1302 return 0; 1303 } 1304 } 1305 pserialize_read_exit(s); 1306 1307 /* 1308 * noone seem to have prefix route. insert it. 1309 */ 1310 error = rtinit(&target->ia_ifa, RTM_ADD, flags); 1311 if (error == 0) 1312 target->ia_flags |= IFA_ROUTE; 1313 else if (error == EEXIST) { 1314 /* 1315 * the fact the route already exists is not an error. 1316 */ 1317 error = 0; 1318 } 1319 return error; 1320 } 1321 1322 /* 1323 * remove a route to prefix ("connected route" in cisco terminology). 1324 * re-installs the route by using another interface address, if there's one 1325 * with the same prefix (otherwise we lose the route mistakenly). 1326 */ 1327 static int 1328 in_scrubprefix(struct in_ifaddr *target) 1329 { 1330 struct in_ifaddr *ia; 1331 struct in_addr prefix, mask, p; 1332 int error; 1333 int s; 1334 1335 /* If we don't have IFA_ROUTE we have nothing to do */ 1336 if ((target->ia_flags & IFA_ROUTE) == 0) 1337 return 0; 1338 1339 if (rtinitflags(target)) 1340 prefix = target->ia_dstaddr.sin_addr; 1341 else { 1342 prefix = target->ia_addr.sin_addr; 1343 mask = target->ia_sockmask.sin_addr; 1344 prefix.s_addr &= mask.s_addr; 1345 } 1346 1347 s = pserialize_read_enter(); 1348 IN_ADDRLIST_READER_FOREACH(ia) { 1349 if (rtinitflags(ia)) 1350 p = ia->ia_dstaddr.sin_addr; 1351 else { 1352 p = ia->ia_addr.sin_addr; 1353 p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; 1354 } 1355 1356 if (prefix.s_addr != p.s_addr) 1357 continue; 1358 1359 /* 1360 * if we got a matching prefix route, move IFA_ROUTE to him 1361 */ 1362 if ((ia->ia_flags & IFA_ROUTE) == 0) { 1363 struct psref psref; 1364 int bound = curlwp_bind(); 1365 1366 ia4_acquire(ia, &psref); 1367 pserialize_read_exit(s); 1368 1369 rtinit(&target->ia_ifa, RTM_DELETE, 1370 rtinitflags(target)); 1371 target->ia_flags &= ~IFA_ROUTE; 1372 1373 error = rtinit(&ia->ia_ifa, RTM_ADD, 1374 rtinitflags(ia) | RTF_UP); 1375 if (error == 0) 1376 ia->ia_flags |= IFA_ROUTE; 1377 1378 ia4_release(ia, &psref); 1379 curlwp_bindx(bound); 1380 1381 return error; 1382 } 1383 } 1384 pserialize_read_exit(s); 1385 1386 /* 1387 * noone seem to have prefix route. remove it. 1388 */ 1389 rtinit(&target->ia_ifa, RTM_DELETE, rtinitflags(target)); 1390 target->ia_flags &= ~IFA_ROUTE; 1391 return 0; 1392 } 1393 1394 #undef rtinitflags 1395 1396 /* 1397 * Return 1 if the address might be a local broadcast address. 1398 */ 1399 int 1400 in_broadcast(struct in_addr in, struct ifnet *ifp) 1401 { 1402 struct ifaddr *ifa; 1403 int s; 1404 1405 KASSERT(ifp != NULL); 1406 1407 if (in.s_addr == INADDR_BROADCAST || 1408 in_nullhost(in)) 1409 return 1; 1410 if ((ifp->if_flags & IFF_BROADCAST) == 0) 1411 return 0; 1412 /* 1413 * Look through the list of addresses for a match 1414 * with a broadcast address. 1415 */ 1416 #define ia (ifatoia(ifa)) 1417 s = pserialize_read_enter(); 1418 IFADDR_READER_FOREACH(ifa, ifp) { 1419 if (ifa->ifa_addr->sa_family == AF_INET && 1420 !in_hosteq(in, ia->ia_addr.sin_addr) && 1421 (in_hosteq(in, ia->ia_broadaddr.sin_addr) || 1422 in_hosteq(in, ia->ia_netbroadcast) || 1423 (hostzeroisbroadcast && 1424 /* 1425 * Check for old-style (host 0) broadcast. 1426 */ 1427 (in.s_addr == ia->ia_subnet || 1428 in.s_addr == ia->ia_net)))) { 1429 pserialize_read_exit(s); 1430 return 1; 1431 } 1432 } 1433 pserialize_read_exit(s); 1434 return (0); 1435 #undef ia 1436 } 1437 1438 /* 1439 * perform DAD when interface becomes IFF_UP. 1440 */ 1441 void 1442 in_if_link_up(struct ifnet *ifp) 1443 { 1444 struct ifaddr *ifa; 1445 struct in_ifaddr *ia; 1446 int s, bound; 1447 1448 /* Ensure it's sane to run DAD */ 1449 if (ifp->if_link_state == LINK_STATE_DOWN) 1450 return; 1451 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 1452 return; 1453 1454 bound = curlwp_bind(); 1455 s = pserialize_read_enter(); 1456 IFADDR_READER_FOREACH(ifa, ifp) { 1457 struct psref psref; 1458 1459 if (ifa->ifa_addr->sa_family != AF_INET) 1460 continue; 1461 ifa_acquire(ifa, &psref); 1462 pserialize_read_exit(s); 1463 1464 ia = (struct in_ifaddr *)ifa; 1465 1466 /* If detached then mark as tentative */ 1467 if (ia->ia4_flags & IN_IFF_DETACHED) { 1468 ia->ia4_flags &= ~IN_IFF_DETACHED; 1469 if (if_do_dad(ifp) && ia->ia_dad_start != NULL) 1470 ia->ia4_flags |= IN_IFF_TENTATIVE; 1471 else if ((ia->ia4_flags & IN_IFF_TENTATIVE) == 0) 1472 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 1473 } 1474 1475 if (ia->ia4_flags & IN_IFF_TENTATIVE) { 1476 /* Clear the duplicated flag as we're starting DAD. */ 1477 ia->ia4_flags &= ~IN_IFF_DUPLICATED; 1478 ia->ia_dad_start(ifa); 1479 } 1480 1481 s = pserialize_read_enter(); 1482 ifa_release(ifa, &psref); 1483 } 1484 pserialize_read_exit(s); 1485 curlwp_bindx(bound); 1486 } 1487 1488 void 1489 in_if_up(struct ifnet *ifp) 1490 { 1491 1492 /* interface may not support link state, so bring it up also */ 1493 in_if_link_up(ifp); 1494 } 1495 1496 /* 1497 * Mark all addresses as detached. 1498 */ 1499 void 1500 in_if_link_down(struct ifnet *ifp) 1501 { 1502 struct ifaddr *ifa; 1503 struct in_ifaddr *ia; 1504 int s, bound; 1505 1506 bound = curlwp_bind(); 1507 s = pserialize_read_enter(); 1508 IFADDR_READER_FOREACH(ifa, ifp) { 1509 struct psref psref; 1510 1511 if (ifa->ifa_addr->sa_family != AF_INET) 1512 continue; 1513 ifa_acquire(ifa, &psref); 1514 pserialize_read_exit(s); 1515 1516 ia = (struct in_ifaddr *)ifa; 1517 1518 /* Stop DAD processing */ 1519 if (ia->ia_dad_stop != NULL) 1520 ia->ia_dad_stop(ifa); 1521 1522 /* 1523 * Mark the address as detached. 1524 */ 1525 if (!(ia->ia4_flags & IN_IFF_DETACHED)) { 1526 ia->ia4_flags |= IN_IFF_DETACHED; 1527 ia->ia4_flags &= 1528 ~(IN_IFF_TENTATIVE | IN_IFF_DUPLICATED); 1529 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 1530 } 1531 1532 s = pserialize_read_enter(); 1533 ifa_release(ifa, &psref); 1534 } 1535 pserialize_read_exit(s); 1536 curlwp_bindx(bound); 1537 } 1538 1539 void 1540 in_if_down(struct ifnet *ifp) 1541 { 1542 1543 in_if_link_down(ifp); 1544 lltable_purge_entries(LLTABLE(ifp)); 1545 } 1546 1547 void 1548 in_if_link_state_change(struct ifnet *ifp, int link_state) 1549 { 1550 1551 switch (link_state) { 1552 case LINK_STATE_DOWN: 1553 in_if_link_down(ifp); 1554 break; 1555 case LINK_STATE_UP: 1556 in_if_link_up(ifp); 1557 break; 1558 } 1559 } 1560 1561 /* 1562 * in_lookup_multi: look up the in_multi record for a given IP 1563 * multicast address on a given interface. If no matching record is 1564 * found, return NULL. 1565 */ 1566 struct in_multi * 1567 in_lookup_multi(struct in_addr addr, ifnet_t *ifp) 1568 { 1569 struct in_multi *inm; 1570 1571 KASSERT(rw_lock_held(&in_multilock)); 1572 1573 LIST_FOREACH(inm, &IN_MULTI_HASH(addr.s_addr, ifp), inm_list) { 1574 if (in_hosteq(inm->inm_addr, addr) && inm->inm_ifp == ifp) 1575 break; 1576 } 1577 return inm; 1578 } 1579 1580 /* 1581 * in_multi_group: check whether the address belongs to an IP multicast 1582 * group we are joined on this interface. Returns true or false. 1583 */ 1584 bool 1585 in_multi_group(struct in_addr addr, ifnet_t *ifp, int flags) 1586 { 1587 bool ingroup; 1588 1589 if (__predict_true(flags & IP_IGMP_MCAST) == 0) { 1590 rw_enter(&in_multilock, RW_READER); 1591 ingroup = in_lookup_multi(addr, ifp) != NULL; 1592 rw_exit(&in_multilock); 1593 } else { 1594 /* XXX Recursive call from ip_output(). */ 1595 KASSERT(rw_lock_held(&in_multilock)); 1596 ingroup = in_lookup_multi(addr, ifp) != NULL; 1597 } 1598 return ingroup; 1599 } 1600 1601 /* 1602 * Add an address to the list of IP multicast addresses for a given interface. 1603 */ 1604 struct in_multi * 1605 in_addmulti(struct in_addr *ap, ifnet_t *ifp) 1606 { 1607 struct sockaddr_in sin; 1608 struct in_multi *inm; 1609 1610 /* 1611 * See if address already in list. 1612 */ 1613 rw_enter(&in_multilock, RW_WRITER); 1614 inm = in_lookup_multi(*ap, ifp); 1615 if (inm != NULL) { 1616 /* 1617 * Found it; just increment the reference count. 1618 */ 1619 inm->inm_refcount++; 1620 rw_exit(&in_multilock); 1621 return inm; 1622 } 1623 1624 /* 1625 * New address; allocate a new multicast record. 1626 */ 1627 inm = pool_get(&inmulti_pool, PR_NOWAIT); 1628 if (inm == NULL) { 1629 rw_exit(&in_multilock); 1630 return NULL; 1631 } 1632 inm->inm_addr = *ap; 1633 inm->inm_ifp = ifp; 1634 inm->inm_refcount = 1; 1635 1636 /* 1637 * Ask the network driver to update its multicast reception 1638 * filter appropriately for the new address. 1639 */ 1640 sockaddr_in_init(&sin, ap, 0); 1641 if (if_mcast_op(ifp, SIOCADDMULTI, sintosa(&sin)) != 0) { 1642 rw_exit(&in_multilock); 1643 pool_put(&inmulti_pool, inm); 1644 return NULL; 1645 } 1646 1647 /* 1648 * Let IGMP know that we have joined a new IP multicast group. 1649 */ 1650 if (igmp_joingroup(inm) != 0) { 1651 rw_exit(&in_multilock); 1652 pool_put(&inmulti_pool, inm); 1653 return NULL; 1654 } 1655 LIST_INSERT_HEAD( 1656 &IN_MULTI_HASH(inm->inm_addr.s_addr, ifp), 1657 inm, inm_list); 1658 in_multientries++; 1659 rw_exit(&in_multilock); 1660 1661 return inm; 1662 } 1663 1664 /* 1665 * Delete a multicast address record. 1666 */ 1667 void 1668 in_delmulti(struct in_multi *inm) 1669 { 1670 struct sockaddr_in sin; 1671 1672 rw_enter(&in_multilock, RW_WRITER); 1673 if (--inm->inm_refcount > 0) { 1674 rw_exit(&in_multilock); 1675 return; 1676 } 1677 1678 /* 1679 * No remaining claims to this record; let IGMP know that 1680 * we are leaving the multicast group. 1681 */ 1682 igmp_leavegroup(inm); 1683 1684 /* 1685 * Notify the network driver to update its multicast reception 1686 * filter. 1687 */ 1688 sockaddr_in_init(&sin, &inm->inm_addr, 0); 1689 if_mcast_op(inm->inm_ifp, SIOCDELMULTI, sintosa(&sin)); 1690 1691 /* 1692 * Unlink from list. 1693 */ 1694 LIST_REMOVE(inm, inm_list); 1695 in_multientries--; 1696 rw_exit(&in_multilock); 1697 1698 pool_put(&inmulti_pool, inm); 1699 } 1700 1701 /* 1702 * in_next_multi: step through all of the in_multi records, one at a time. 1703 * The current position is remembered in "step", which the caller must 1704 * provide. in_first_multi(), below, must be called to initialize "step" 1705 * and get the first record. Both macros return a NULL "inm" when there 1706 * are no remaining records. 1707 */ 1708 struct in_multi * 1709 in_next_multi(struct in_multistep *step) 1710 { 1711 struct in_multi *inm; 1712 1713 KASSERT(rw_lock_held(&in_multilock)); 1714 1715 while (step->i_inm == NULL && step->i_n < IN_MULTI_HASH_SIZE) { 1716 step->i_inm = LIST_FIRST(&in_multihashtbl[++step->i_n]); 1717 } 1718 if ((inm = step->i_inm) != NULL) { 1719 step->i_inm = LIST_NEXT(inm, inm_list); 1720 } 1721 return inm; 1722 } 1723 1724 struct in_multi * 1725 in_first_multi(struct in_multistep *step) 1726 { 1727 KASSERT(rw_lock_held(&in_multilock)); 1728 1729 step->i_n = 0; 1730 step->i_inm = LIST_FIRST(&in_multihashtbl[0]); 1731 return in_next_multi(step); 1732 } 1733 1734 void 1735 in_multi_lock(int op) 1736 { 1737 rw_enter(&in_multilock, op); 1738 } 1739 1740 void 1741 in_multi_unlock(void) 1742 { 1743 rw_exit(&in_multilock); 1744 } 1745 1746 int 1747 in_multi_lock_held(void) 1748 { 1749 return rw_lock_held(&in_multilock); 1750 } 1751 1752 struct in_ifaddr * 1753 in_selectsrc(struct sockaddr_in *sin, struct route *ro, 1754 int soopts, struct ip_moptions *mopts, int *errorp, struct psref *psref) 1755 { 1756 struct rtentry *rt = NULL; 1757 struct in_ifaddr *ia = NULL; 1758 1759 KASSERT(ISSET(curlwp->l_pflag, LP_BOUND)); 1760 /* 1761 * If route is known or can be allocated now, take the 1762 * source address from the interface. Otherwise, punt. 1763 */ 1764 if ((soopts & SO_DONTROUTE) != 0) 1765 rtcache_free(ro); 1766 else { 1767 union { 1768 struct sockaddr dst; 1769 struct sockaddr_in dst4; 1770 } u; 1771 1772 sockaddr_in_init(&u.dst4, &sin->sin_addr, 0); 1773 rt = rtcache_lookup(ro, &u.dst); 1774 } 1775 /* 1776 * If we found a route, use the address 1777 * corresponding to the outgoing interface 1778 * unless it is the loopback (in case a route 1779 * to our address on another net goes to loopback). 1780 * 1781 * XXX Is this still true? Do we care? 1782 */ 1783 if (rt != NULL && (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) { 1784 int s; 1785 struct ifaddr *ifa; 1786 /* 1787 * Just in case. May not need to do this workaround. 1788 * Revisit when working on rtentry MP-ification. 1789 */ 1790 s = pserialize_read_enter(); 1791 IFADDR_READER_FOREACH(ifa, rt->rt_ifp) { 1792 if (ifa == rt->rt_ifa) 1793 break; 1794 } 1795 if (ifa != NULL) 1796 ifa_acquire(ifa, psref); 1797 pserialize_read_exit(s); 1798 1799 ia = ifatoia(ifa); 1800 } 1801 if (ia == NULL) { 1802 u_int16_t fport = sin->sin_port; 1803 struct ifaddr *ifa; 1804 int s; 1805 1806 sin->sin_port = 0; 1807 ifa = ifa_ifwithladdr_psref(sintosa(sin), psref); 1808 sin->sin_port = fport; 1809 if (ifa == NULL) { 1810 /* Find 1st non-loopback AF_INET address */ 1811 s = pserialize_read_enter(); 1812 IN_ADDRLIST_READER_FOREACH(ia) { 1813 if (!(ia->ia_ifp->if_flags & IFF_LOOPBACK)) 1814 break; 1815 } 1816 if (ia != NULL) 1817 ia4_acquire(ia, psref); 1818 pserialize_read_exit(s); 1819 } else { 1820 /* ia is already referenced by psref */ 1821 ia = ifatoia(ifa); 1822 } 1823 if (ia == NULL) { 1824 *errorp = EADDRNOTAVAIL; 1825 goto out; 1826 } 1827 } 1828 /* 1829 * If the destination address is multicast and an outgoing 1830 * interface has been set as a multicast option, use the 1831 * address of that interface as our source address. 1832 */ 1833 if (IN_MULTICAST(sin->sin_addr.s_addr) && mopts != NULL) { 1834 struct ip_moptions *imo; 1835 1836 imo = mopts; 1837 if (imo->imo_multicast_if_index != 0) { 1838 struct ifnet *ifp; 1839 int s; 1840 1841 if (ia != NULL) 1842 ia4_release(ia, psref); 1843 s = pserialize_read_enter(); 1844 ifp = if_byindex(imo->imo_multicast_if_index); 1845 if (ifp != NULL) { 1846 /* XXX */ 1847 ia = in_get_ia_from_ifp_psref(ifp, psref); 1848 } else 1849 ia = NULL; 1850 if (ia == NULL || ia->ia4_flags & IN_IFF_NOTREADY) { 1851 pserialize_read_exit(s); 1852 if (ia != NULL) 1853 ia4_release(ia, psref); 1854 *errorp = EADDRNOTAVAIL; 1855 ia = NULL; 1856 goto out; 1857 } 1858 pserialize_read_exit(s); 1859 } 1860 } 1861 if (ia->ia_ifa.ifa_getifa != NULL) { 1862 ia = ifatoia((*ia->ia_ifa.ifa_getifa)(&ia->ia_ifa, 1863 sintosa(sin))); 1864 if (ia == NULL) { 1865 *errorp = EADDRNOTAVAIL; 1866 goto out; 1867 } 1868 /* FIXME NOMPSAFE */ 1869 ia4_acquire(ia, psref); 1870 } 1871 #ifdef GETIFA_DEBUG 1872 else 1873 printf("%s: missing ifa_getifa\n", __func__); 1874 #endif 1875 out: 1876 rtcache_unref(rt, ro); 1877 return ia; 1878 } 1879 1880 int 1881 in_tunnel_validate(const struct ip *ip, struct in_addr src, struct in_addr dst) 1882 { 1883 struct in_ifaddr *ia4; 1884 int s; 1885 1886 /* check for address match */ 1887 if (src.s_addr != ip->ip_dst.s_addr || 1888 dst.s_addr != ip->ip_src.s_addr) 1889 return 0; 1890 1891 /* martian filters on outer source - NOT done in ip_input! */ 1892 if (IN_MULTICAST(ip->ip_src.s_addr)) 1893 return 0; 1894 switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) { 1895 case 0: 1896 case 127: 1897 case 255: 1898 return 0; 1899 } 1900 /* reject packets with broadcast on source */ 1901 s = pserialize_read_enter(); 1902 IN_ADDRLIST_READER_FOREACH(ia4) { 1903 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 1904 continue; 1905 if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { 1906 pserialize_read_exit(s); 1907 return 0; 1908 } 1909 } 1910 pserialize_read_exit(s); 1911 1912 /* NOTE: packet may dropped by uRPF */ 1913 1914 /* return valid bytes length */ 1915 return sizeof(src) + sizeof(dst); 1916 } 1917 1918 #if NARP > 0 1919 1920 struct in_llentry { 1921 struct llentry base; 1922 }; 1923 1924 #define IN_LLTBL_DEFAULT_HSIZE 32 1925 #define IN_LLTBL_HASH(k, h) \ 1926 (((((((k >> 8) ^ k) >> 8) ^ k) >> 8) ^ k) & ((h) - 1)) 1927 1928 /* 1929 * Do actual deallocation of @lle. 1930 * Called by LLE_FREE_LOCKED when number of references 1931 * drops to zero. 1932 */ 1933 static void 1934 in_lltable_destroy_lle(struct llentry *lle) 1935 { 1936 1937 LLE_WUNLOCK(lle); 1938 LLE_LOCK_DESTROY(lle); 1939 kmem_intr_free(lle, sizeof(*lle)); 1940 } 1941 1942 static struct llentry * 1943 in_lltable_new(struct in_addr addr4, u_int flags) 1944 { 1945 struct in_llentry *lle; 1946 1947 lle = kmem_intr_zalloc(sizeof(*lle), KM_NOSLEEP); 1948 if (lle == NULL) /* NB: caller generates msg */ 1949 return NULL; 1950 1951 /* 1952 * For IPv4 this will trigger "arpresolve" to generate 1953 * an ARP request. 1954 */ 1955 lle->base.la_expire = time_uptime; /* mark expired */ 1956 lle->base.r_l3addr.addr4 = addr4; 1957 lle->base.lle_refcnt = 1; 1958 lle->base.lle_free = in_lltable_destroy_lle; 1959 LLE_LOCK_INIT(&lle->base); 1960 callout_init(&lle->base.la_timer, CALLOUT_MPSAFE); 1961 1962 return (&lle->base); 1963 } 1964 1965 #define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \ 1966 (((ntohl((d).s_addr) ^ (a)->sin_addr.s_addr) & (m)->sin_addr.s_addr)) == 0 ) 1967 1968 static int 1969 in_lltable_match_prefix(const struct sockaddr *prefix, 1970 const struct sockaddr *mask, u_int flags, struct llentry *lle) 1971 { 1972 const struct sockaddr_in *pfx = (const struct sockaddr_in *)prefix; 1973 const struct sockaddr_in *msk = (const struct sockaddr_in *)mask; 1974 struct in_addr lle_addr; 1975 1976 lle_addr.s_addr = ntohl(lle->r_l3addr.addr4.s_addr); 1977 1978 /* 1979 * (flags & LLE_STATIC) means deleting all entries 1980 * including static ARP entries. 1981 */ 1982 if (IN_ARE_MASKED_ADDR_EQUAL(lle_addr, pfx, msk) && 1983 ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))) 1984 return (1); 1985 1986 return (0); 1987 } 1988 1989 static void 1990 in_lltable_free_entry(struct lltable *llt, struct llentry *lle) 1991 { 1992 struct ifnet *ifp __diagused; 1993 size_t pkts_dropped; 1994 bool locked = false; 1995 1996 LLE_WLOCK_ASSERT(lle); 1997 KASSERT(llt != NULL); 1998 1999 /* Unlink entry from table if not already */ 2000 if ((lle->la_flags & LLE_LINKED) != 0) { 2001 ifp = llt->llt_ifp; 2002 IF_AFDATA_WLOCK_ASSERT(ifp); 2003 lltable_unlink_entry(llt, lle); 2004 locked = true; 2005 } 2006 2007 /* 2008 * We need to release the lock here to lle_timer proceeds; 2009 * lle_timer should stop immediately if LLE_LINKED isn't set. 2010 * Note that we cannot pass lle->lle_lock to callout_halt 2011 * because it's a rwlock. 2012 */ 2013 LLE_ADDREF(lle); 2014 LLE_WUNLOCK(lle); 2015 if (locked) 2016 IF_AFDATA_WUNLOCK(ifp); 2017 2018 /* cancel timer */ 2019 callout_halt(&lle->lle_timer, NULL); 2020 2021 LLE_WLOCK(lle); 2022 LLE_REMREF(lle); 2023 2024 /* Drop hold queue */ 2025 pkts_dropped = llentry_free(lle); 2026 arp_stat_add(ARP_STAT_DFRDROPPED, (uint64_t)pkts_dropped); 2027 2028 if (locked) 2029 IF_AFDATA_WLOCK(ifp); 2030 } 2031 2032 static int 2033 in_lltable_rtcheck(struct ifnet *ifp, u_int flags, const struct sockaddr *l3addr, 2034 const struct rtentry *rt) 2035 { 2036 int error = EINVAL; 2037 2038 if (rt == NULL) 2039 return error; 2040 2041 /* 2042 * If the gateway for an existing host route matches the target L3 2043 * address, which is a special route inserted by some implementation 2044 * such as MANET, and the interface is of the correct type, then 2045 * allow for ARP to proceed. 2046 */ 2047 if (rt->rt_flags & RTF_GATEWAY) { 2048 if (!(rt->rt_flags & RTF_HOST) || !rt->rt_ifp || 2049 rt->rt_ifp->if_type != IFT_ETHER || 2050 #ifdef __FreeBSD__ 2051 (rt->rt_ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) != 0 || 2052 #else 2053 (rt->rt_ifp->if_flags & IFF_NOARP) != 0 || 2054 #endif 2055 memcmp(rt->rt_gateway->sa_data, l3addr->sa_data, 2056 sizeof(in_addr_t)) != 0) { 2057 goto error; 2058 } 2059 } 2060 2061 /* 2062 * Make sure that at least the destination address is covered 2063 * by the route. This is for handling the case where 2 or more 2064 * interfaces have the same prefix. An incoming packet arrives 2065 * on one interface and the corresponding outgoing packet leaves 2066 * another interface. 2067 */ 2068 if (!(rt->rt_flags & RTF_HOST) && rt->rt_ifp != ifp) { 2069 const char *sa, *mask, *addr, *lim; 2070 int len; 2071 2072 mask = (const char *)rt_mask(rt); 2073 /* 2074 * Just being extra cautious to avoid some custom 2075 * code getting into trouble. 2076 */ 2077 if (mask == NULL) 2078 goto error; 2079 2080 sa = (const char *)rt_getkey(rt); 2081 addr = (const char *)l3addr; 2082 len = ((const struct sockaddr_in *)l3addr)->sin_len; 2083 lim = addr + len; 2084 2085 for ( ; addr < lim; sa++, mask++, addr++) { 2086 if ((*sa ^ *addr) & *mask) { 2087 #ifdef DIAGNOSTIC 2088 log(LOG_INFO, "IPv4 address: \"%s\" is not on the network\n", 2089 inet_ntoa(((const struct sockaddr_in *)l3addr)->sin_addr)); 2090 #endif 2091 goto error; 2092 } 2093 } 2094 } 2095 2096 error = 0; 2097 error: 2098 return error; 2099 } 2100 2101 static inline uint32_t 2102 in_lltable_hash_dst(const struct in_addr dst, uint32_t hsize) 2103 { 2104 2105 return (IN_LLTBL_HASH(dst.s_addr, hsize)); 2106 } 2107 2108 static uint32_t 2109 in_lltable_hash(const struct llentry *lle, uint32_t hsize) 2110 { 2111 2112 return (in_lltable_hash_dst(lle->r_l3addr.addr4, hsize)); 2113 } 2114 2115 static void 2116 in_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa) 2117 { 2118 struct sockaddr_in *sin; 2119 2120 sin = (struct sockaddr_in *)sa; 2121 memset(sin, 0, sizeof(*sin)); 2122 sin->sin_family = AF_INET; 2123 sin->sin_len = sizeof(*sin); 2124 sin->sin_addr = lle->r_l3addr.addr4; 2125 } 2126 2127 static inline struct llentry * 2128 in_lltable_find_dst(struct lltable *llt, struct in_addr dst) 2129 { 2130 struct llentry *lle; 2131 struct llentries *lleh; 2132 u_int hashidx; 2133 2134 hashidx = in_lltable_hash_dst(dst, llt->llt_hsize); 2135 lleh = &llt->lle_head[hashidx]; 2136 LIST_FOREACH(lle, lleh, lle_next) { 2137 if (lle->la_flags & LLE_DELETED) 2138 continue; 2139 if (lle->r_l3addr.addr4.s_addr == dst.s_addr) 2140 break; 2141 } 2142 2143 return (lle); 2144 } 2145 2146 static int 2147 in_lltable_delete(struct lltable *llt, u_int flags, 2148 const struct sockaddr *l3addr) 2149 { 2150 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2151 struct ifnet *ifp __diagused = llt->llt_ifp; 2152 struct llentry *lle; 2153 2154 IF_AFDATA_WLOCK_ASSERT(ifp); 2155 KASSERTMSG(l3addr->sa_family == AF_INET, 2156 "sin_family %d", l3addr->sa_family); 2157 2158 lle = in_lltable_find_dst(llt, sin->sin_addr); 2159 if (lle == NULL) { 2160 #ifdef DEBUG 2161 char buf[64]; 2162 sockaddr_format(l3addr, buf, sizeof(buf)); 2163 log(LOG_INFO, "%s: cache for %s is not found\n", 2164 __func__, buf); 2165 #endif 2166 return (ENOENT); 2167 } 2168 2169 LLE_WLOCK(lle); 2170 lle->la_flags |= LLE_DELETED; 2171 #ifdef DEBUG 2172 { 2173 char buf[64]; 2174 sockaddr_format(l3addr, buf, sizeof(buf)); 2175 log(LOG_INFO, "%s: cache for %s (%p) is deleted\n", 2176 __func__, buf, lle); 2177 } 2178 #endif 2179 if ((lle->la_flags & (LLE_STATIC | LLE_IFADDR)) == LLE_STATIC) 2180 llentry_free(lle); 2181 else 2182 LLE_WUNLOCK(lle); 2183 2184 return (0); 2185 } 2186 2187 static struct llentry * 2188 in_lltable_create(struct lltable *llt, u_int flags, const struct sockaddr *l3addr, 2189 const struct rtentry *rt) 2190 { 2191 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2192 struct ifnet *ifp = llt->llt_ifp; 2193 struct llentry *lle; 2194 2195 IF_AFDATA_WLOCK_ASSERT(ifp); 2196 KASSERTMSG(l3addr->sa_family == AF_INET, 2197 "sin_family %d", l3addr->sa_family); 2198 2199 lle = in_lltable_find_dst(llt, sin->sin_addr); 2200 2201 if (lle != NULL) { 2202 LLE_WLOCK(lle); 2203 return (lle); 2204 } 2205 2206 /* no existing record, we need to create new one */ 2207 2208 /* 2209 * A route that covers the given address must have 2210 * been installed 1st because we are doing a resolution, 2211 * verify this. 2212 */ 2213 if (!(flags & LLE_IFADDR) && 2214 in_lltable_rtcheck(ifp, flags, l3addr, rt) != 0) 2215 return (NULL); 2216 2217 lle = in_lltable_new(sin->sin_addr, flags); 2218 if (lle == NULL) { 2219 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2220 return (NULL); 2221 } 2222 lle->la_flags = flags; 2223 if ((flags & LLE_IFADDR) == LLE_IFADDR) { 2224 memcpy(&lle->ll_addr, CLLADDR(ifp->if_sadl), ifp->if_addrlen); 2225 lle->la_flags |= (LLE_VALID | LLE_STATIC); 2226 } 2227 2228 lltable_link_entry(llt, lle); 2229 LLE_WLOCK(lle); 2230 2231 return (lle); 2232 } 2233 2234 /* 2235 * Return NULL if not found or marked for deletion. 2236 * If found return lle read locked. 2237 */ 2238 static struct llentry * 2239 in_lltable_lookup(struct lltable *llt, u_int flags, const struct sockaddr *l3addr) 2240 { 2241 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2242 struct llentry *lle; 2243 2244 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); 2245 KASSERTMSG(l3addr->sa_family == AF_INET, 2246 "sin_family %d", l3addr->sa_family); 2247 2248 lle = in_lltable_find_dst(llt, sin->sin_addr); 2249 2250 if (lle == NULL) 2251 return NULL; 2252 2253 if (flags & LLE_EXCLUSIVE) 2254 LLE_WLOCK(lle); 2255 else 2256 LLE_RLOCK(lle); 2257 2258 return lle; 2259 } 2260 2261 static int 2262 in_lltable_dump_entry(struct lltable *llt, struct llentry *lle, 2263 struct rt_walkarg *w) 2264 { 2265 struct sockaddr_in sin; 2266 2267 LLTABLE_LOCK_ASSERT(); 2268 2269 /* skip deleted entries */ 2270 if (lle->la_flags & LLE_DELETED) 2271 return 0; 2272 2273 sockaddr_in_init(&sin, &lle->r_l3addr.addr4, 0); 2274 2275 return lltable_dump_entry(llt, lle, w, sintosa(&sin)); 2276 } 2277 2278 #endif /* NARP > 0 */ 2279 2280 static int 2281 in_multicast_sysctl(SYSCTLFN_ARGS) 2282 { 2283 struct ifnet *ifp; 2284 struct ifaddr *ifa; 2285 struct in_ifaddr *ifa4; 2286 struct in_multi *inm; 2287 uint32_t tmp; 2288 int error; 2289 size_t written; 2290 struct psref psref; 2291 int bound; 2292 2293 if (namelen != 1) 2294 return EINVAL; 2295 2296 bound = curlwp_bind(); 2297 ifp = if_get_byindex(name[0], &psref); 2298 if (ifp == NULL) { 2299 curlwp_bindx(bound); 2300 return ENODEV; 2301 } 2302 2303 if (oldp == NULL) { 2304 *oldlenp = 0; 2305 IFADDR_FOREACH(ifa, ifp) { 2306 if (ifa->ifa_addr->sa_family != AF_INET) 2307 continue; 2308 ifa4 = (void *)ifa; 2309 LIST_FOREACH(inm, &ifa4->ia_multiaddrs, inm_list) { 2310 *oldlenp += 2 * sizeof(struct in_addr) + 2311 sizeof(uint32_t); 2312 } 2313 } 2314 if_put(ifp, &psref); 2315 curlwp_bindx(bound); 2316 return 0; 2317 } 2318 2319 error = 0; 2320 written = 0; 2321 IFADDR_FOREACH(ifa, ifp) { 2322 if (ifa->ifa_addr->sa_family != AF_INET) 2323 continue; 2324 ifa4 = (void *)ifa; 2325 LIST_FOREACH(inm, &ifa4->ia_multiaddrs, inm_list) { 2326 if (written + 2 * sizeof(struct in_addr) + 2327 sizeof(uint32_t) > *oldlenp) 2328 goto done; 2329 error = sysctl_copyout(l, &ifa4->ia_addr.sin_addr, 2330 oldp, sizeof(struct in_addr)); 2331 if (error) 2332 goto done; 2333 oldp = (char *)oldp + sizeof(struct in_addr); 2334 written += sizeof(struct in_addr); 2335 error = sysctl_copyout(l, &inm->inm_addr, 2336 oldp, sizeof(struct in_addr)); 2337 if (error) 2338 goto done; 2339 oldp = (char *)oldp + sizeof(struct in_addr); 2340 written += sizeof(struct in_addr); 2341 tmp = inm->inm_refcount; 2342 error = sysctl_copyout(l, &tmp, oldp, sizeof(tmp)); 2343 if (error) 2344 goto done; 2345 oldp = (char *)oldp + sizeof(tmp); 2346 written += sizeof(tmp); 2347 } 2348 } 2349 done: 2350 if_put(ifp, &psref); 2351 curlwp_bindx(bound); 2352 *oldlenp = written; 2353 return error; 2354 } 2355 2356 static void 2357 in_sysctl_init(struct sysctllog **clog) 2358 { 2359 sysctl_createv(clog, 0, NULL, NULL, 2360 CTLFLAG_PERMANENT, 2361 CTLTYPE_NODE, "inet", 2362 SYSCTL_DESCR("PF_INET related settings"), 2363 NULL, 0, NULL, 0, 2364 CTL_NET, PF_INET, CTL_EOL); 2365 sysctl_createv(clog, 0, NULL, NULL, 2366 CTLFLAG_PERMANENT, 2367 CTLTYPE_NODE, "multicast", 2368 SYSCTL_DESCR("Multicast information"), 2369 in_multicast_sysctl, 0, NULL, 0, 2370 CTL_NET, PF_INET, CTL_CREATE, CTL_EOL); 2371 sysctl_createv(clog, 0, NULL, NULL, 2372 CTLFLAG_PERMANENT, 2373 CTLTYPE_NODE, "ip", 2374 SYSCTL_DESCR("IPv4 related settings"), 2375 NULL, 0, NULL, 0, 2376 CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); 2377 2378 sysctl_createv(clog, 0, NULL, NULL, 2379 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2380 CTLTYPE_INT, "subnetsarelocal", 2381 SYSCTL_DESCR("Whether logical subnets are considered " 2382 "local"), 2383 NULL, 0, &subnetsarelocal, 0, 2384 CTL_NET, PF_INET, IPPROTO_IP, 2385 IPCTL_SUBNETSARELOCAL, CTL_EOL); 2386 sysctl_createv(clog, 0, NULL, NULL, 2387 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2388 CTLTYPE_INT, "hostzerobroadcast", 2389 SYSCTL_DESCR("All zeroes address is broadcast address"), 2390 NULL, 0, &hostzeroisbroadcast, 0, 2391 CTL_NET, PF_INET, IPPROTO_IP, 2392 IPCTL_HOSTZEROBROADCAST, CTL_EOL); 2393 } 2394 2395 #if NARP > 0 2396 2397 static struct lltable * 2398 in_lltattach(struct ifnet *ifp) 2399 { 2400 struct lltable *llt; 2401 2402 llt = lltable_allocate_htbl(IN_LLTBL_DEFAULT_HSIZE); 2403 llt->llt_af = AF_INET; 2404 llt->llt_ifp = ifp; 2405 2406 llt->llt_lookup = in_lltable_lookup; 2407 llt->llt_create = in_lltable_create; 2408 llt->llt_delete = in_lltable_delete; 2409 llt->llt_dump_entry = in_lltable_dump_entry; 2410 llt->llt_hash = in_lltable_hash; 2411 llt->llt_fill_sa_entry = in_lltable_fill_sa_entry; 2412 llt->llt_free_entry = in_lltable_free_entry; 2413 llt->llt_match_prefix = in_lltable_match_prefix; 2414 lltable_link(llt); 2415 2416 return (llt); 2417 } 2418 2419 #endif /* NARP > 0 */ 2420 2421 void * 2422 in_domifattach(struct ifnet *ifp) 2423 { 2424 struct in_ifinfo *ii; 2425 2426 ii = kmem_zalloc(sizeof(struct in_ifinfo), KM_SLEEP); 2427 2428 #if NARP > 0 2429 ii->ii_llt = in_lltattach(ifp); 2430 #endif 2431 2432 #ifdef IPSELSRC 2433 ii->ii_selsrc = in_selsrc_domifattach(ifp); 2434 KASSERT(ii->ii_selsrc != NULL); 2435 #endif 2436 2437 return ii; 2438 } 2439 2440 void 2441 in_domifdetach(struct ifnet *ifp, void *aux) 2442 { 2443 struct in_ifinfo *ii = aux; 2444 2445 #ifdef IPSELSRC 2446 in_selsrc_domifdetach(ifp, ii->ii_selsrc); 2447 #endif 2448 #if NARP > 0 2449 lltable_free(ii->ii_llt); 2450 #endif 2451 kmem_free(ii, sizeof(struct in_ifinfo)); 2452 } 2453