1 /* $NetBSD: in.c,v 1.231 2018/05/13 22:42:51 khorben Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /*- 33 * Copyright (c) 1998 The NetBSD Foundation, Inc. 34 * All rights reserved. 35 * 36 * This code is derived from software contributed to The NetBSD Foundation 37 * by Public Access Networks Corporation ("Panix"). It was developed under 38 * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 50 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 51 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 53 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 54 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 55 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 56 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 57 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 59 * POSSIBILITY OF SUCH DAMAGE. 60 */ 61 62 /* 63 * Copyright (c) 1982, 1986, 1991, 1993 64 * The Regents of the University of California. All rights reserved. 65 * 66 * Redistribution and use in source and binary forms, with or without 67 * modification, are permitted provided that the following conditions 68 * are met: 69 * 1. Redistributions of source code must retain the above copyright 70 * notice, this list of conditions and the following disclaimer. 71 * 2. Redistributions in binary form must reproduce the above copyright 72 * notice, this list of conditions and the following disclaimer in the 73 * documentation and/or other materials provided with the distribution. 74 * 3. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in.c 8.4 (Berkeley) 1/9/95 91 */ 92 93 #include <sys/cdefs.h> 94 __KERNEL_RCSID(0, "$NetBSD: in.c,v 1.231 2018/05/13 22:42:51 khorben Exp $"); 95 96 #include "arp.h" 97 98 #ifdef _KERNEL_OPT 99 #include "opt_inet.h" 100 #include "opt_inet_conf.h" 101 #include "opt_mrouting.h" 102 #include "opt_net_mpsafe.h" 103 #endif 104 105 #include <sys/param.h> 106 #include <sys/ioctl.h> 107 #include <sys/errno.h> 108 #include <sys/kernel.h> 109 #include <sys/malloc.h> 110 #include <sys/socket.h> 111 #include <sys/socketvar.h> 112 #include <sys/sysctl.h> 113 #include <sys/systm.h> 114 #include <sys/proc.h> 115 #include <sys/syslog.h> 116 #include <sys/kauth.h> 117 #include <sys/kmem.h> 118 119 #include <sys/cprng.h> 120 121 #include <net/if.h> 122 #include <net/route.h> 123 #include <net/pfil.h> 124 125 #include <net/if_arp.h> 126 #include <net/if_ether.h> 127 #include <net/if_types.h> 128 #include <net/if_llatbl.h> 129 #include <net/if_dl.h> 130 131 #include <netinet/in_systm.h> 132 #include <netinet/in.h> 133 #include <netinet/in_var.h> 134 #include <netinet/ip.h> 135 #include <netinet/ip_var.h> 136 #include <netinet/in_ifattach.h> 137 #include <netinet/in_pcb.h> 138 #include <netinet/in_selsrc.h> 139 #include <netinet/if_inarp.h> 140 #include <netinet/ip_mroute.h> 141 #include <netinet/igmp_var.h> 142 143 #ifdef IPSELSRC 144 #include <netinet/in_selsrc.h> 145 #endif 146 147 static u_int in_mask2len(struct in_addr *); 148 static void in_len2mask(struct in_addr *, u_int); 149 static int in_lifaddr_ioctl(struct socket *, u_long, void *, 150 struct ifnet *); 151 152 static void in_addrhash_insert_locked(struct in_ifaddr *); 153 static void in_addrhash_remove_locked(struct in_ifaddr *); 154 155 static int in_addprefix(struct in_ifaddr *, int); 156 static void in_scrubaddr(struct in_ifaddr *); 157 static int in_scrubprefix(struct in_ifaddr *); 158 static void in_sysctl_init(struct sysctllog **); 159 160 #ifndef SUBNETSARELOCAL 161 #define SUBNETSARELOCAL 1 162 #endif 163 164 #ifndef HOSTZEROBROADCAST 165 #define HOSTZEROBROADCAST 0 166 #endif 167 168 /* Note: 61, 127, 251, 509, 1021, 2039 are good. */ 169 #ifndef IN_MULTI_HASH_SIZE 170 #define IN_MULTI_HASH_SIZE 509 171 #endif 172 173 static int subnetsarelocal = SUBNETSARELOCAL; 174 static int hostzeroisbroadcast = HOSTZEROBROADCAST; 175 176 /* 177 * This list is used to keep track of in_multi chains which belong to 178 * deleted interface addresses. We use in_ifaddr so that a chain head 179 * won't be deallocated until all multicast address record are deleted. 180 */ 181 182 LIST_HEAD(in_multihashhead, in_multi); /* Type of the hash head */ 183 184 static struct pool inmulti_pool; 185 static u_int in_multientries; 186 static struct in_multihashhead *in_multihashtbl; 187 static u_long in_multihash; 188 static krwlock_t in_multilock; 189 190 #define IN_MULTI_HASH(x, ifp) \ 191 (in_multihashtbl[(u_long)((x) ^ (ifp->if_index)) % IN_MULTI_HASH_SIZE]) 192 193 /* XXX DEPRECATED. Keep them to avoid breaking kvm(3) users. */ 194 struct in_ifaddrhashhead * in_ifaddrhashtbl; 195 u_long in_ifaddrhash; 196 struct in_ifaddrhead in_ifaddrhead; 197 static kmutex_t in_ifaddr_lock; 198 199 pserialize_t in_ifaddrhash_psz; 200 struct pslist_head * in_ifaddrhashtbl_pslist; 201 u_long in_ifaddrhash_pslist; 202 struct pslist_head in_ifaddrhead_pslist; 203 204 void 205 in_init(void) 206 { 207 pool_init(&inmulti_pool, sizeof(struct in_multi), 0, 0, 0, "inmltpl", 208 NULL, IPL_SOFTNET); 209 TAILQ_INIT(&in_ifaddrhead); 210 PSLIST_INIT(&in_ifaddrhead_pslist); 211 212 in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, 213 &in_ifaddrhash); 214 215 in_ifaddrhash_psz = pserialize_create(); 216 in_ifaddrhashtbl_pslist = hashinit(IN_IFADDR_HASH_SIZE, HASH_PSLIST, 217 true, &in_ifaddrhash_pslist); 218 mutex_init(&in_ifaddr_lock, MUTEX_DEFAULT, IPL_NONE); 219 220 in_multihashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, true, 221 &in_multihash); 222 rw_init(&in_multilock); 223 224 in_sysctl_init(NULL); 225 } 226 227 /* 228 * Return 1 if an internet address is for a ``local'' host 229 * (one to which we have a connection). If subnetsarelocal 230 * is true, this includes other subnets of the local net. 231 * Otherwise, it includes only the directly-connected (sub)nets. 232 */ 233 int 234 in_localaddr(struct in_addr in) 235 { 236 struct in_ifaddr *ia; 237 int localaddr = 0; 238 int s = pserialize_read_enter(); 239 240 if (subnetsarelocal) { 241 IN_ADDRLIST_READER_FOREACH(ia) { 242 if ((in.s_addr & ia->ia_netmask) == ia->ia_net) { 243 localaddr = 1; 244 break; 245 } 246 } 247 } else { 248 IN_ADDRLIST_READER_FOREACH(ia) { 249 if ((in.s_addr & ia->ia_subnetmask) == ia->ia_subnet) { 250 localaddr = 1; 251 break; 252 } 253 } 254 } 255 pserialize_read_exit(s); 256 257 return localaddr; 258 } 259 260 /* 261 * like in_localaddr() but can specify ifp. 262 */ 263 int 264 in_direct(struct in_addr in, struct ifnet *ifp) 265 { 266 struct ifaddr *ifa; 267 int localaddr = 0; 268 int s; 269 270 KASSERT(ifp != NULL); 271 272 #define ia (ifatoia(ifa)) 273 s = pserialize_read_enter(); 274 if (subnetsarelocal) { 275 IFADDR_READER_FOREACH(ifa, ifp) { 276 if (ifa->ifa_addr->sa_family == AF_INET && 277 ((in.s_addr & ia->ia_netmask) == ia->ia_net)) { 278 localaddr = 1; 279 break; 280 } 281 } 282 } else { 283 IFADDR_READER_FOREACH(ifa, ifp) { 284 if (ifa->ifa_addr->sa_family == AF_INET && 285 (in.s_addr & ia->ia_subnetmask) == ia->ia_subnet) { 286 localaddr = 1; 287 break; 288 } 289 } 290 } 291 pserialize_read_exit(s); 292 293 return localaddr; 294 #undef ia 295 } 296 297 /* 298 * Determine whether an IP address is in a reserved set of addresses 299 * that may not be forwarded, or whether datagrams to that destination 300 * may be forwarded. 301 */ 302 int 303 in_canforward(struct in_addr in) 304 { 305 u_int32_t net; 306 307 if (IN_EXPERIMENTAL(in.s_addr) || IN_MULTICAST(in.s_addr)) 308 return (0); 309 if (IN_CLASSA(in.s_addr)) { 310 net = in.s_addr & IN_CLASSA_NET; 311 if (net == 0 || net == htonl(IN_LOOPBACKNET << IN_CLASSA_NSHIFT)) 312 return (0); 313 } 314 return (1); 315 } 316 317 /* 318 * Trim a mask in a sockaddr 319 */ 320 void 321 in_socktrim(struct sockaddr_in *ap) 322 { 323 char *cplim = (char *) &ap->sin_addr; 324 char *cp = (char *) (&ap->sin_addr + 1); 325 326 ap->sin_len = 0; 327 while (--cp >= cplim) 328 if (*cp) { 329 (ap)->sin_len = cp - (char *) (ap) + 1; 330 break; 331 } 332 } 333 334 /* 335 * Maintain the "in_maxmtu" variable, which is the largest 336 * mtu for non-local interfaces with AF_INET addresses assigned 337 * to them that are up. 338 */ 339 unsigned long in_maxmtu; 340 341 void 342 in_setmaxmtu(void) 343 { 344 struct in_ifaddr *ia; 345 struct ifnet *ifp; 346 unsigned long maxmtu = 0; 347 int s = pserialize_read_enter(); 348 349 IN_ADDRLIST_READER_FOREACH(ia) { 350 if ((ifp = ia->ia_ifp) == 0) 351 continue; 352 if ((ifp->if_flags & (IFF_UP|IFF_LOOPBACK)) != IFF_UP) 353 continue; 354 if (ifp->if_mtu > maxmtu) 355 maxmtu = ifp->if_mtu; 356 } 357 if (maxmtu) 358 in_maxmtu = maxmtu; 359 pserialize_read_exit(s); 360 } 361 362 static u_int 363 in_mask2len(struct in_addr *mask) 364 { 365 u_int x, y; 366 u_char *p; 367 368 p = (u_char *)mask; 369 for (x = 0; x < sizeof(*mask); x++) { 370 if (p[x] != 0xff) 371 break; 372 } 373 y = 0; 374 if (x < sizeof(*mask)) { 375 for (y = 0; y < NBBY; y++) { 376 if ((p[x] & (0x80 >> y)) == 0) 377 break; 378 } 379 } 380 return x * NBBY + y; 381 } 382 383 static void 384 in_len2mask(struct in_addr *mask, u_int len) 385 { 386 u_int i; 387 u_char *p; 388 389 p = (u_char *)mask; 390 memset(mask, 0, sizeof(*mask)); 391 for (i = 0; i < len / NBBY; i++) 392 p[i] = 0xff; 393 if (len % NBBY) 394 p[i] = (0xff00 >> (len % NBBY)) & 0xff; 395 } 396 397 /* 398 * Generic internet control operations (ioctl's). 399 * Ifp is 0 if not an interface-specific ioctl. 400 */ 401 /* ARGSUSED */ 402 static int 403 in_control0(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 404 { 405 struct ifreq *ifr = (struct ifreq *)data; 406 struct in_ifaddr *ia = NULL; 407 struct in_aliasreq *ifra = (struct in_aliasreq *)data; 408 struct sockaddr_in oldaddr, *new_dstaddr; 409 int error, hostIsNew, maskIsNew; 410 int newifaddr = 0; 411 bool run_hook = false; 412 bool need_reinsert = false; 413 struct psref psref; 414 int bound; 415 416 switch (cmd) { 417 case SIOCALIFADDR: 418 case SIOCDLIFADDR: 419 case SIOCGLIFADDR: 420 if (ifp == NULL) 421 return EINVAL; 422 return in_lifaddr_ioctl(so, cmd, data, ifp); 423 case SIOCGIFADDRPREF: 424 case SIOCSIFADDRPREF: 425 if (ifp == NULL) 426 return EINVAL; 427 return ifaddrpref_ioctl(so, cmd, data, ifp); 428 } 429 430 bound = curlwp_bind(); 431 /* 432 * Find address for this interface, if it exists. 433 */ 434 if (ifp != NULL) 435 ia = in_get_ia_from_ifp_psref(ifp, &psref); 436 437 hostIsNew = 1; /* moved here to appease gcc */ 438 switch (cmd) { 439 case SIOCAIFADDR: 440 case SIOCDIFADDR: 441 case SIOCGIFALIAS: 442 case SIOCGIFAFLAG_IN: 443 if (ifra->ifra_addr.sin_family == AF_INET) { 444 int s; 445 446 if (ia != NULL) 447 ia4_release(ia, &psref); 448 s = pserialize_read_enter(); 449 IN_ADDRHASH_READER_FOREACH(ia, 450 ifra->ifra_addr.sin_addr.s_addr) { 451 if (ia->ia_ifp == ifp && 452 in_hosteq(ia->ia_addr.sin_addr, 453 ifra->ifra_addr.sin_addr)) 454 break; 455 } 456 if (ia != NULL) 457 ia4_acquire(ia, &psref); 458 pserialize_read_exit(s); 459 } 460 if ((cmd == SIOCDIFADDR || 461 cmd == SIOCGIFALIAS || 462 cmd == SIOCGIFAFLAG_IN) && 463 ia == NULL) { 464 error = EADDRNOTAVAIL; 465 goto out; 466 } 467 468 if (cmd == SIOCDIFADDR && 469 ifra->ifra_addr.sin_family == AF_UNSPEC) { 470 ifra->ifra_addr.sin_family = AF_INET; 471 } 472 /* FALLTHROUGH */ 473 case SIOCSIFADDR: 474 if (ia == NULL || ia->ia_addr.sin_family != AF_INET) 475 ; 476 else if (ifra->ifra_addr.sin_len == 0) { 477 ifra->ifra_addr = ia->ia_addr; 478 hostIsNew = 0; 479 } else if (in_hosteq(ia->ia_addr.sin_addr, 480 ifra->ifra_addr.sin_addr)) 481 hostIsNew = 0; 482 if (ifra->ifra_addr.sin_family != AF_INET) { 483 error = EAFNOSUPPORT; 484 goto out; 485 } 486 /* FALLTHROUGH */ 487 case SIOCSIFDSTADDR: 488 if (cmd == SIOCSIFDSTADDR && 489 ifreq_getaddr(cmd, ifr)->sa_family != AF_INET) { 490 error = EAFNOSUPPORT; 491 goto out; 492 } 493 /* FALLTHROUGH */ 494 case SIOCSIFNETMASK: 495 if (ifp == NULL) 496 panic("in_control"); 497 498 if (cmd == SIOCGIFALIAS || cmd == SIOCGIFAFLAG_IN) 499 break; 500 501 if (ia == NULL && 502 (cmd == SIOCSIFNETMASK || cmd == SIOCSIFDSTADDR)) { 503 error = EADDRNOTAVAIL; 504 goto out; 505 } 506 507 if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, 508 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 509 NULL) != 0) { 510 error = EPERM; 511 goto out; 512 } 513 514 if (ia == NULL) { 515 ia = malloc(sizeof(*ia), M_IFADDR, M_WAITOK|M_ZERO); 516 if (ia == NULL) { 517 error = ENOBUFS; 518 goto out; 519 } 520 ia->ia_ifa.ifa_addr = sintosa(&ia->ia_addr); 521 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 522 ia->ia_ifa.ifa_netmask = sintosa(&ia->ia_sockmask); 523 #ifdef IPSELSRC 524 ia->ia_ifa.ifa_getifa = in_getifa; 525 #else /* IPSELSRC */ 526 ia->ia_ifa.ifa_getifa = NULL; 527 #endif /* IPSELSRC */ 528 ia->ia_sockmask.sin_len = 8; 529 ia->ia_sockmask.sin_family = AF_INET; 530 if (ifp->if_flags & IFF_BROADCAST) { 531 ia->ia_broadaddr.sin_len = sizeof(ia->ia_addr); 532 ia->ia_broadaddr.sin_family = AF_INET; 533 } 534 ia->ia_ifp = ifp; 535 ia->ia_idsalt = cprng_fast32() % 65535; 536 LIST_INIT(&ia->ia_multiaddrs); 537 IN_ADDRHASH_ENTRY_INIT(ia); 538 IN_ADDRLIST_ENTRY_INIT(ia); 539 ifa_psref_init(&ia->ia_ifa); 540 /* 541 * We need a reference to make ia survive over in_ifinit 542 * that does ifaref and ifafree. 543 */ 544 ifaref(&ia->ia_ifa); 545 546 newifaddr = 1; 547 } 548 break; 549 550 case SIOCSIFBRDADDR: 551 if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE, 552 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 553 NULL) != 0) { 554 error = EPERM; 555 goto out; 556 } 557 /* FALLTHROUGH */ 558 559 case SIOCGIFADDR: 560 case SIOCGIFNETMASK: 561 case SIOCGIFDSTADDR: 562 case SIOCGIFBRDADDR: 563 if (ia == NULL) { 564 error = EADDRNOTAVAIL; 565 goto out; 566 } 567 break; 568 } 569 error = 0; 570 switch (cmd) { 571 572 case SIOCGIFADDR: 573 ifreq_setaddr(cmd, ifr, sintocsa(&ia->ia_addr)); 574 break; 575 576 case SIOCGIFBRDADDR: 577 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 578 error = EINVAL; 579 goto out; 580 } 581 ifreq_setdstaddr(cmd, ifr, sintocsa(&ia->ia_broadaddr)); 582 break; 583 584 case SIOCGIFDSTADDR: 585 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 586 error = EINVAL; 587 goto out; 588 } 589 ifreq_setdstaddr(cmd, ifr, sintocsa(&ia->ia_dstaddr)); 590 break; 591 592 case SIOCGIFNETMASK: 593 /* 594 * We keep the number of trailing zero bytes the sin_len field 595 * of ia_sockmask, so we fix this before we pass it back to 596 * userland. 597 */ 598 oldaddr = ia->ia_sockmask; 599 oldaddr.sin_len = sizeof(struct sockaddr_in); 600 ifreq_setaddr(cmd, ifr, (const void *)&oldaddr); 601 break; 602 603 case SIOCSIFDSTADDR: 604 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 605 error = EINVAL; 606 goto out; 607 } 608 oldaddr = ia->ia_dstaddr; 609 ia->ia_dstaddr = *satocsin(ifreq_getdstaddr(cmd, ifr)); 610 if ((error = if_addr_init(ifp, &ia->ia_ifa, false)) != 0) { 611 ia->ia_dstaddr = oldaddr; 612 goto out; 613 } 614 if (ia->ia_flags & IFA_ROUTE) { 615 ia->ia_ifa.ifa_dstaddr = sintosa(&oldaddr); 616 rtinit(&ia->ia_ifa, RTM_DELETE, RTF_HOST); 617 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 618 rtinit(&ia->ia_ifa, RTM_ADD, RTF_HOST|RTF_UP); 619 } 620 break; 621 622 case SIOCSIFBRDADDR: 623 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 624 error = EINVAL; 625 goto out; 626 } 627 ia->ia_broadaddr = *satocsin(ifreq_getbroadaddr(cmd, ifr)); 628 break; 629 630 case SIOCSIFADDR: 631 if (!newifaddr) { 632 in_addrhash_remove(ia); 633 need_reinsert = true; 634 } 635 error = in_ifinit(ifp, ia, satocsin(ifreq_getaddr(cmd, ifr)), 636 NULL, 1); 637 638 run_hook = true; 639 break; 640 641 case SIOCSIFNETMASK: 642 in_scrubprefix(ia); 643 ia->ia_sockmask = *satocsin(ifreq_getaddr(cmd, ifr)); 644 ia->ia_subnetmask = ia->ia_sockmask.sin_addr.s_addr; 645 if (!newifaddr) { 646 in_addrhash_remove(ia); 647 need_reinsert = true; 648 } 649 error = in_ifinit(ifp, ia, NULL, NULL, 0); 650 break; 651 652 case SIOCAIFADDR: 653 maskIsNew = 0; 654 if (ifra->ifra_mask.sin_len) { 655 in_scrubprefix(ia); 656 ia->ia_sockmask = ifra->ifra_mask; 657 ia->ia_subnetmask = ia->ia_sockmask.sin_addr.s_addr; 658 maskIsNew = 1; 659 } 660 if ((ifp->if_flags & IFF_POINTOPOINT) && 661 (ifra->ifra_dstaddr.sin_family == AF_INET)) { 662 new_dstaddr = &ifra->ifra_dstaddr; 663 maskIsNew = 1; /* We lie; but the effect's the same */ 664 } else 665 new_dstaddr = NULL; 666 if (ifra->ifra_addr.sin_family == AF_INET && 667 (hostIsNew || maskIsNew)) { 668 if (!newifaddr) { 669 in_addrhash_remove(ia); 670 need_reinsert = true; 671 } 672 error = in_ifinit(ifp, ia, &ifra->ifra_addr, 673 new_dstaddr, 0); 674 } 675 if ((ifp->if_flags & IFF_BROADCAST) && 676 (ifra->ifra_broadaddr.sin_family == AF_INET)) 677 ia->ia_broadaddr = ifra->ifra_broadaddr; 678 run_hook = true; 679 break; 680 681 case SIOCGIFALIAS: 682 ifra->ifra_mask = ia->ia_sockmask; 683 if ((ifp->if_flags & IFF_POINTOPOINT) && 684 (ia->ia_dstaddr.sin_family == AF_INET)) 685 ifra->ifra_dstaddr = ia->ia_dstaddr; 686 else if ((ifp->if_flags & IFF_BROADCAST) && 687 (ia->ia_broadaddr.sin_family == AF_INET)) 688 ifra->ifra_broadaddr = ia->ia_broadaddr; 689 else 690 memset(&ifra->ifra_broadaddr, 0, 691 sizeof(ifra->ifra_broadaddr)); 692 break; 693 694 case SIOCGIFAFLAG_IN: 695 ifr->ifr_addrflags = ia->ia4_flags; 696 break; 697 698 case SIOCDIFADDR: 699 ia4_release(ia, &psref); 700 ifaref(&ia->ia_ifa); 701 in_purgeaddr(&ia->ia_ifa); 702 pfil_run_addrhooks(if_pfil, cmd, &ia->ia_ifa); 703 ifafree(&ia->ia_ifa); 704 ia = NULL; 705 break; 706 707 #ifdef MROUTING 708 case SIOCGETVIFCNT: 709 case SIOCGETSGCNT: 710 error = mrt_ioctl(so, cmd, data); 711 break; 712 #endif /* MROUTING */ 713 714 default: 715 error = ENOTTY; 716 goto out; 717 } 718 719 /* 720 * XXX insert regardless of error to make in_purgeaddr below work. 721 * Need to improve. 722 */ 723 if (newifaddr) { 724 ifaref(&ia->ia_ifa); 725 ifa_insert(ifp, &ia->ia_ifa); 726 727 mutex_enter(&in_ifaddr_lock); 728 TAILQ_INSERT_TAIL(&in_ifaddrhead, ia, ia_list); 729 IN_ADDRLIST_WRITER_INSERT_TAIL(ia); 730 in_addrhash_insert_locked(ia); 731 /* Release a reference that is held just after creation. */ 732 ifafree(&ia->ia_ifa); 733 mutex_exit(&in_ifaddr_lock); 734 } else if (need_reinsert) { 735 in_addrhash_insert(ia); 736 } 737 738 if (error == 0) { 739 if (run_hook) 740 pfil_run_addrhooks(if_pfil, cmd, &ia->ia_ifa); 741 } else if (newifaddr) { 742 KASSERT(ia != NULL); 743 in_purgeaddr(&ia->ia_ifa); 744 ia = NULL; 745 } 746 747 out: 748 if (!newifaddr && ia != NULL) 749 ia4_release(ia, &psref); 750 curlwp_bindx(bound); 751 return error; 752 } 753 754 int 755 in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 756 { 757 int error; 758 759 #ifndef NET_MPSAFE 760 KASSERT(KERNEL_LOCKED_P()); 761 #endif 762 error = in_control0(so, cmd, data, ifp); 763 764 return error; 765 } 766 767 /* Add ownaddr as loopback rtentry. */ 768 static void 769 in_ifaddlocal(struct ifaddr *ifa) 770 { 771 struct in_ifaddr *ia; 772 773 ia = (struct in_ifaddr *)ifa; 774 if (ia->ia_addr.sin_addr.s_addr == INADDR_ANY || 775 (ia->ia_ifp->if_flags & IFF_POINTOPOINT && 776 in_hosteq(ia->ia_dstaddr.sin_addr, ia->ia_addr.sin_addr))) 777 { 778 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 779 return; 780 } 781 782 rt_ifa_addlocal(ifa); 783 } 784 785 /* Remove loopback entry of ownaddr */ 786 static void 787 in_ifremlocal(struct ifaddr *ifa) 788 { 789 struct in_ifaddr *ia, *p; 790 struct ifaddr *alt_ifa = NULL; 791 int ia_count = 0; 792 int s; 793 struct psref psref; 794 int bound = curlwp_bind(); 795 796 ia = (struct in_ifaddr *)ifa; 797 /* Delete the entry if exactly one ifaddr matches the 798 * address, ifa->ifa_addr. */ 799 s = pserialize_read_enter(); 800 IN_ADDRLIST_READER_FOREACH(p) { 801 if (!in_hosteq(p->ia_addr.sin_addr, ia->ia_addr.sin_addr)) 802 continue; 803 if (p->ia_ifp != ia->ia_ifp) 804 alt_ifa = &p->ia_ifa; 805 if (++ia_count > 1 && alt_ifa != NULL) 806 break; 807 } 808 if (alt_ifa != NULL && ia_count > 1) 809 ifa_acquire(alt_ifa, &psref); 810 pserialize_read_exit(s); 811 812 if (ia_count == 0) 813 goto out; 814 815 rt_ifa_remlocal(ifa, ia_count == 1 ? NULL : alt_ifa); 816 if (alt_ifa != NULL && ia_count > 1) 817 ifa_release(alt_ifa, &psref); 818 out: 819 curlwp_bindx(bound); 820 } 821 822 static void 823 in_scrubaddr(struct in_ifaddr *ia) 824 { 825 826 /* stop DAD processing */ 827 if (ia->ia_dad_stop != NULL) 828 ia->ia_dad_stop(&ia->ia_ifa); 829 830 in_scrubprefix(ia); 831 in_ifremlocal(&ia->ia_ifa); 832 833 mutex_enter(&in_ifaddr_lock); 834 if (ia->ia_allhosts != NULL) { 835 in_delmulti(ia->ia_allhosts); 836 ia->ia_allhosts = NULL; 837 } 838 mutex_exit(&in_ifaddr_lock); 839 } 840 841 /* 842 * Depends on it isn't called in concurrent. It should be guaranteed 843 * by ifa->ifa_ifp's ioctl lock. The possible callers are in_control 844 * and if_purgeaddrs; the former is called iva ifa->ifa_ifp's ioctl 845 * and the latter is called via ifa->ifa_ifp's if_detach. The functions 846 * never be executed in concurrent. 847 */ 848 void 849 in_purgeaddr(struct ifaddr *ifa) 850 { 851 struct in_ifaddr *ia = (void *) ifa; 852 struct ifnet *ifp = ifa->ifa_ifp; 853 854 /* KASSERT(!ifa_held(ifa)); XXX need ifa_not_held (psref_not_held) */ 855 856 ifa->ifa_flags |= IFA_DESTROYING; 857 in_scrubaddr(ia); 858 859 mutex_enter(&in_ifaddr_lock); 860 in_addrhash_remove_locked(ia); 861 TAILQ_REMOVE(&in_ifaddrhead, ia, ia_list); 862 IN_ADDRLIST_WRITER_REMOVE(ia); 863 ifa_remove(ifp, &ia->ia_ifa); 864 /* Assume ifa_remove called pserialize_perform and psref_destroy */ 865 mutex_exit(&in_ifaddr_lock); 866 IN_ADDRHASH_ENTRY_DESTROY(ia); 867 IN_ADDRLIST_ENTRY_DESTROY(ia); 868 ifafree(&ia->ia_ifa); 869 in_setmaxmtu(); 870 } 871 872 static void 873 in_addrhash_insert_locked(struct in_ifaddr *ia) 874 { 875 876 KASSERT(mutex_owned(&in_ifaddr_lock)); 877 878 LIST_INSERT_HEAD(&IN_IFADDR_HASH(ia->ia_addr.sin_addr.s_addr), ia, 879 ia_hash); 880 IN_ADDRHASH_ENTRY_INIT(ia); 881 IN_ADDRHASH_WRITER_INSERT_HEAD(ia); 882 } 883 884 void 885 in_addrhash_insert(struct in_ifaddr *ia) 886 { 887 888 mutex_enter(&in_ifaddr_lock); 889 in_addrhash_insert_locked(ia); 890 mutex_exit(&in_ifaddr_lock); 891 } 892 893 static void 894 in_addrhash_remove_locked(struct in_ifaddr *ia) 895 { 896 897 KASSERT(mutex_owned(&in_ifaddr_lock)); 898 899 LIST_REMOVE(ia, ia_hash); 900 IN_ADDRHASH_WRITER_REMOVE(ia); 901 } 902 903 void 904 in_addrhash_remove(struct in_ifaddr *ia) 905 { 906 907 mutex_enter(&in_ifaddr_lock); 908 in_addrhash_remove_locked(ia); 909 #ifdef NET_MPSAFE 910 pserialize_perform(in_ifaddrhash_psz); 911 #endif 912 mutex_exit(&in_ifaddr_lock); 913 IN_ADDRHASH_ENTRY_DESTROY(ia); 914 } 915 916 void 917 in_purgeif(struct ifnet *ifp) /* MUST be called at splsoftnet() */ 918 { 919 920 IFNET_LOCK(ifp); 921 if_purgeaddrs(ifp, AF_INET, in_purgeaddr); 922 igmp_purgeif(ifp); /* manipulates pools */ 923 #ifdef MROUTING 924 ip_mrouter_detach(ifp); 925 #endif 926 IFNET_UNLOCK(ifp); 927 } 928 929 /* 930 * SIOC[GAD]LIFADDR. 931 * SIOCGLIFADDR: get first address. (???) 932 * SIOCGLIFADDR with IFLR_PREFIX: 933 * get first address that matches the specified prefix. 934 * SIOCALIFADDR: add the specified address. 935 * SIOCALIFADDR with IFLR_PREFIX: 936 * EINVAL since we can't deduce hostid part of the address. 937 * SIOCDLIFADDR: delete the specified address. 938 * SIOCDLIFADDR with IFLR_PREFIX: 939 * delete the first address that matches the specified prefix. 940 * return values: 941 * EINVAL on invalid parameters 942 * EADDRNOTAVAIL on prefix match failed/specified address not found 943 * other values may be returned from in_ioctl() 944 */ 945 static int 946 in_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 947 struct ifnet *ifp) 948 { 949 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 950 struct ifaddr *ifa; 951 struct sockaddr *sa; 952 953 /* sanity checks */ 954 if (data == NULL || ifp == NULL) { 955 panic("invalid argument to in_lifaddr_ioctl"); 956 /*NOTRECHED*/ 957 } 958 959 switch (cmd) { 960 case SIOCGLIFADDR: 961 /* address must be specified on GET with IFLR_PREFIX */ 962 if ((iflr->flags & IFLR_PREFIX) == 0) 963 break; 964 /*FALLTHROUGH*/ 965 case SIOCALIFADDR: 966 case SIOCDLIFADDR: 967 /* address must be specified on ADD and DELETE */ 968 sa = (struct sockaddr *)&iflr->addr; 969 if (sa->sa_family != AF_INET) 970 return EINVAL; 971 if (sa->sa_len != sizeof(struct sockaddr_in)) 972 return EINVAL; 973 /* XXX need improvement */ 974 sa = (struct sockaddr *)&iflr->dstaddr; 975 if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET) 976 return EINVAL; 977 if (sa->sa_len != 0 && sa->sa_len != sizeof(struct sockaddr_in)) 978 return EINVAL; 979 break; 980 default: /*shouldn't happen*/ 981 #if 0 982 panic("invalid cmd to in_lifaddr_ioctl"); 983 /*NOTREACHED*/ 984 #else 985 return EOPNOTSUPP; 986 #endif 987 } 988 if (sizeof(struct in_addr) * NBBY < iflr->prefixlen) 989 return EINVAL; 990 991 switch (cmd) { 992 case SIOCALIFADDR: 993 { 994 struct in_aliasreq ifra; 995 996 if (iflr->flags & IFLR_PREFIX) 997 return EINVAL; 998 999 /* copy args to in_aliasreq, perform ioctl(SIOCAIFADDR). */ 1000 memset(&ifra, 0, sizeof(ifra)); 1001 memcpy(ifra.ifra_name, iflr->iflr_name, 1002 sizeof(ifra.ifra_name)); 1003 1004 memcpy(&ifra.ifra_addr, &iflr->addr, 1005 ((struct sockaddr *)&iflr->addr)->sa_len); 1006 1007 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/ 1008 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1009 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1010 } 1011 1012 ifra.ifra_mask.sin_family = AF_INET; 1013 ifra.ifra_mask.sin_len = sizeof(struct sockaddr_in); 1014 in_len2mask(&ifra.ifra_mask.sin_addr, iflr->prefixlen); 1015 1016 return in_control(so, SIOCAIFADDR, &ifra, ifp); 1017 } 1018 case SIOCGLIFADDR: 1019 case SIOCDLIFADDR: 1020 { 1021 struct in_ifaddr *ia; 1022 struct in_addr mask, candidate, match; 1023 struct sockaddr_in *sin; 1024 int cmp, s; 1025 1026 memset(&mask, 0, sizeof(mask)); 1027 memset(&match, 0, sizeof(match)); /* XXX gcc */ 1028 if (iflr->flags & IFLR_PREFIX) { 1029 /* lookup a prefix rather than address. */ 1030 in_len2mask(&mask, iflr->prefixlen); 1031 1032 sin = (struct sockaddr_in *)&iflr->addr; 1033 match.s_addr = sin->sin_addr.s_addr; 1034 match.s_addr &= mask.s_addr; 1035 1036 /* if you set extra bits, that's wrong */ 1037 if (match.s_addr != sin->sin_addr.s_addr) 1038 return EINVAL; 1039 1040 cmp = 1; 1041 } else { 1042 if (cmd == SIOCGLIFADDR) { 1043 /* on getting an address, take the 1st match */ 1044 cmp = 0; /*XXX*/ 1045 } else { 1046 /* on deleting an address, do exact match */ 1047 in_len2mask(&mask, 32); 1048 sin = (struct sockaddr_in *)&iflr->addr; 1049 match.s_addr = sin->sin_addr.s_addr; 1050 1051 cmp = 1; 1052 } 1053 } 1054 1055 s = pserialize_read_enter(); 1056 IFADDR_READER_FOREACH(ifa, ifp) { 1057 if (ifa->ifa_addr->sa_family != AF_INET) 1058 continue; 1059 if (cmp == 0) 1060 break; 1061 candidate.s_addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr; 1062 candidate.s_addr &= mask.s_addr; 1063 if (candidate.s_addr == match.s_addr) 1064 break; 1065 } 1066 if (ifa == NULL) { 1067 pserialize_read_exit(s); 1068 return EADDRNOTAVAIL; 1069 } 1070 ia = (struct in_ifaddr *)ifa; 1071 1072 if (cmd == SIOCGLIFADDR) { 1073 /* fill in the if_laddrreq structure */ 1074 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin_len); 1075 1076 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1077 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1078 ia->ia_dstaddr.sin_len); 1079 } else 1080 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1081 1082 iflr->prefixlen = 1083 in_mask2len(&ia->ia_sockmask.sin_addr); 1084 1085 iflr->flags = 0; /*XXX*/ 1086 pserialize_read_exit(s); 1087 1088 return 0; 1089 } else { 1090 struct in_aliasreq ifra; 1091 1092 /* fill in_aliasreq and do ioctl(SIOCDIFADDR) */ 1093 memset(&ifra, 0, sizeof(ifra)); 1094 memcpy(ifra.ifra_name, iflr->iflr_name, 1095 sizeof(ifra.ifra_name)); 1096 1097 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1098 ia->ia_addr.sin_len); 1099 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1100 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1101 ia->ia_dstaddr.sin_len); 1102 } 1103 memcpy(&ifra.ifra_dstaddr, &ia->ia_sockmask, 1104 ia->ia_sockmask.sin_len); 1105 pserialize_read_exit(s); 1106 1107 return in_control(so, SIOCDIFADDR, &ifra, ifp); 1108 } 1109 } 1110 } 1111 1112 return EOPNOTSUPP; /*just for safety*/ 1113 } 1114 1115 /* 1116 * Initialize an interface's internet address 1117 * and routing table entry. 1118 */ 1119 int 1120 in_ifinit(struct ifnet *ifp, struct in_ifaddr *ia, 1121 const struct sockaddr_in *sin, const struct sockaddr_in *dst, int scrub) 1122 { 1123 u_int32_t i; 1124 struct sockaddr_in oldaddr, olddst; 1125 int s, oldflags, flags = RTF_UP, error, hostIsNew; 1126 1127 if (sin == NULL) 1128 sin = &ia->ia_addr; 1129 if (dst == NULL) 1130 dst = &ia->ia_dstaddr; 1131 1132 /* 1133 * Set up new addresses. 1134 */ 1135 oldaddr = ia->ia_addr; 1136 olddst = ia->ia_dstaddr; 1137 oldflags = ia->ia4_flags; 1138 ia->ia_addr = *sin; 1139 ia->ia_dstaddr = *dst; 1140 hostIsNew = oldaddr.sin_family != AF_INET || 1141 !in_hosteq(ia->ia_addr.sin_addr, oldaddr.sin_addr); 1142 if (!scrub) 1143 scrub = oldaddr.sin_family != ia->ia_dstaddr.sin_family || 1144 !in_hosteq(ia->ia_dstaddr.sin_addr, olddst.sin_addr); 1145 1146 /* 1147 * Configure address flags. 1148 * We need to do this early because they may be adjusted 1149 * by if_addr_init depending on the address. 1150 */ 1151 if (ia->ia4_flags & IN_IFF_DUPLICATED) { 1152 ia->ia4_flags &= ~IN_IFF_DUPLICATED; 1153 hostIsNew = 1; 1154 } 1155 if (ifp->if_link_state == LINK_STATE_DOWN) { 1156 ia->ia4_flags |= IN_IFF_DETACHED; 1157 ia->ia4_flags &= ~IN_IFF_TENTATIVE; 1158 } else if (hostIsNew && if_do_dad(ifp) 1159 #if NARP > 0 1160 && ip_dad_count > 0 1161 #endif 1162 ) 1163 ia->ia4_flags |= IN_IFF_TRYTENTATIVE; 1164 1165 /* 1166 * Give the interface a chance to initialize 1167 * if this is its first address, 1168 * and to validate the address if necessary. 1169 */ 1170 s = splsoftnet(); 1171 error = if_addr_init(ifp, &ia->ia_ifa, true); 1172 splx(s); 1173 /* Now clear the try tentative flag, its job is done. */ 1174 ia->ia4_flags &= ~IN_IFF_TRYTENTATIVE; 1175 if (error != 0) { 1176 ia->ia_addr = oldaddr; 1177 ia->ia_dstaddr = olddst; 1178 ia->ia4_flags = oldflags; 1179 return error; 1180 } 1181 1182 if (scrub || hostIsNew) { 1183 int newflags = ia->ia4_flags; 1184 1185 ia->ia_ifa.ifa_addr = sintosa(&oldaddr); 1186 ia->ia_ifa.ifa_dstaddr = sintosa(&olddst); 1187 ia->ia4_flags = oldflags; 1188 if (hostIsNew) 1189 in_scrubaddr(ia); 1190 else if (scrub) 1191 in_scrubprefix(ia); 1192 ia->ia_ifa.ifa_addr = sintosa(&ia->ia_addr); 1193 ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr); 1194 ia->ia4_flags = newflags; 1195 } 1196 1197 i = ia->ia_addr.sin_addr.s_addr; 1198 if (ifp->if_flags & IFF_POINTOPOINT) 1199 ia->ia_netmask = INADDR_BROADCAST; /* default to /32 */ 1200 else if (IN_CLASSA(i)) 1201 ia->ia_netmask = IN_CLASSA_NET; 1202 else if (IN_CLASSB(i)) 1203 ia->ia_netmask = IN_CLASSB_NET; 1204 else 1205 ia->ia_netmask = IN_CLASSC_NET; 1206 /* 1207 * The subnet mask usually includes at least the standard network part, 1208 * but may may be smaller in the case of supernetting. 1209 * If it is set, we believe it. 1210 */ 1211 if (ia->ia_subnetmask == 0) { 1212 ia->ia_subnetmask = ia->ia_netmask; 1213 ia->ia_sockmask.sin_addr.s_addr = ia->ia_subnetmask; 1214 } else 1215 ia->ia_netmask &= ia->ia_subnetmask; 1216 1217 ia->ia_net = i & ia->ia_netmask; 1218 ia->ia_subnet = i & ia->ia_subnetmask; 1219 in_socktrim(&ia->ia_sockmask); 1220 1221 /* re-calculate the "in_maxmtu" value */ 1222 in_setmaxmtu(); 1223 1224 ia->ia_ifa.ifa_metric = ifp->if_metric; 1225 if (ifp->if_flags & IFF_BROADCAST) { 1226 ia->ia_broadaddr.sin_addr.s_addr = 1227 ia->ia_subnet | ~ia->ia_subnetmask; 1228 ia->ia_netbroadcast.s_addr = 1229 ia->ia_net | ~ia->ia_netmask; 1230 } else if (ifp->if_flags & IFF_LOOPBACK) { 1231 ia->ia_dstaddr = ia->ia_addr; 1232 flags |= RTF_HOST; 1233 } else if (ifp->if_flags & IFF_POINTOPOINT) { 1234 if (ia->ia_dstaddr.sin_family != AF_INET) 1235 return (0); 1236 flags |= RTF_HOST; 1237 } 1238 1239 /* Add the local route to the address */ 1240 in_ifaddlocal(&ia->ia_ifa); 1241 1242 /* Add the prefix route for the address */ 1243 error = in_addprefix(ia, flags); 1244 1245 /* 1246 * If the interface supports multicast, join the "all hosts" 1247 * multicast group on that interface. 1248 */ 1249 mutex_enter(&in_ifaddr_lock); 1250 if ((ifp->if_flags & IFF_MULTICAST) != 0 && ia->ia_allhosts == NULL) { 1251 struct in_addr addr; 1252 1253 addr.s_addr = INADDR_ALLHOSTS_GROUP; 1254 ia->ia_allhosts = in_addmulti(&addr, ifp); 1255 } 1256 mutex_exit(&in_ifaddr_lock); 1257 1258 if (hostIsNew && 1259 ia->ia4_flags & IN_IFF_TENTATIVE && 1260 if_do_dad(ifp)) 1261 ia->ia_dad_start((struct ifaddr *)ia); 1262 1263 return error; 1264 } 1265 1266 #define rtinitflags(x) \ 1267 ((((x)->ia_ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) != 0) \ 1268 ? RTF_HOST : 0) 1269 1270 /* 1271 * add a route to prefix ("connected route" in cisco terminology). 1272 * does nothing if there's some interface address with the same prefix already. 1273 */ 1274 static int 1275 in_addprefix(struct in_ifaddr *target, int flags) 1276 { 1277 struct in_ifaddr *ia; 1278 struct in_addr prefix, mask, p; 1279 int error; 1280 int s; 1281 1282 if ((flags & RTF_HOST) != 0) 1283 prefix = target->ia_dstaddr.sin_addr; 1284 else { 1285 prefix = target->ia_addr.sin_addr; 1286 mask = target->ia_sockmask.sin_addr; 1287 prefix.s_addr &= mask.s_addr; 1288 } 1289 1290 s = pserialize_read_enter(); 1291 IN_ADDRLIST_READER_FOREACH(ia) { 1292 if (rtinitflags(ia)) 1293 p = ia->ia_dstaddr.sin_addr; 1294 else { 1295 p = ia->ia_addr.sin_addr; 1296 p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; 1297 } 1298 1299 if (prefix.s_addr != p.s_addr) 1300 continue; 1301 1302 /* 1303 * if we got a matching prefix route inserted by other 1304 * interface address, we don't need to bother 1305 * 1306 * XXX RADIX_MPATH implications here? -dyoung 1307 */ 1308 if (ia->ia_flags & IFA_ROUTE) { 1309 pserialize_read_exit(s); 1310 return 0; 1311 } 1312 } 1313 pserialize_read_exit(s); 1314 1315 /* 1316 * noone seem to have prefix route. insert it. 1317 */ 1318 error = rtinit(&target->ia_ifa, RTM_ADD, flags); 1319 if (error == 0) 1320 target->ia_flags |= IFA_ROUTE; 1321 else if (error == EEXIST) { 1322 /* 1323 * the fact the route already exists is not an error. 1324 */ 1325 error = 0; 1326 } 1327 return error; 1328 } 1329 1330 /* 1331 * remove a route to prefix ("connected route" in cisco terminology). 1332 * re-installs the route by using another interface address, if there's one 1333 * with the same prefix (otherwise we lose the route mistakenly). 1334 */ 1335 static int 1336 in_scrubprefix(struct in_ifaddr *target) 1337 { 1338 struct in_ifaddr *ia; 1339 struct in_addr prefix, mask, p; 1340 int error; 1341 int s; 1342 1343 /* If we don't have IFA_ROUTE we have nothing to do */ 1344 if ((target->ia_flags & IFA_ROUTE) == 0) 1345 return 0; 1346 1347 if (rtinitflags(target)) 1348 prefix = target->ia_dstaddr.sin_addr; 1349 else { 1350 prefix = target->ia_addr.sin_addr; 1351 mask = target->ia_sockmask.sin_addr; 1352 prefix.s_addr &= mask.s_addr; 1353 } 1354 1355 s = pserialize_read_enter(); 1356 IN_ADDRLIST_READER_FOREACH(ia) { 1357 if (rtinitflags(ia)) 1358 p = ia->ia_dstaddr.sin_addr; 1359 else { 1360 p = ia->ia_addr.sin_addr; 1361 p.s_addr &= ia->ia_sockmask.sin_addr.s_addr; 1362 } 1363 1364 if (prefix.s_addr != p.s_addr) 1365 continue; 1366 1367 /* 1368 * if we got a matching prefix route, move IFA_ROUTE to him 1369 */ 1370 if ((ia->ia_flags & IFA_ROUTE) == 0) { 1371 struct psref psref; 1372 int bound = curlwp_bind(); 1373 1374 ia4_acquire(ia, &psref); 1375 pserialize_read_exit(s); 1376 1377 rtinit(&target->ia_ifa, RTM_DELETE, 1378 rtinitflags(target)); 1379 target->ia_flags &= ~IFA_ROUTE; 1380 1381 error = rtinit(&ia->ia_ifa, RTM_ADD, 1382 rtinitflags(ia) | RTF_UP); 1383 if (error == 0) 1384 ia->ia_flags |= IFA_ROUTE; 1385 1386 ia4_release(ia, &psref); 1387 curlwp_bindx(bound); 1388 1389 return error; 1390 } 1391 } 1392 pserialize_read_exit(s); 1393 1394 /* 1395 * noone seem to have prefix route. remove it. 1396 */ 1397 rtinit(&target->ia_ifa, RTM_DELETE, rtinitflags(target)); 1398 target->ia_flags &= ~IFA_ROUTE; 1399 return 0; 1400 } 1401 1402 #undef rtinitflags 1403 1404 /* 1405 * Return 1 if the address might be a local broadcast address. 1406 */ 1407 int 1408 in_broadcast(struct in_addr in, struct ifnet *ifp) 1409 { 1410 struct ifaddr *ifa; 1411 int s; 1412 1413 KASSERT(ifp != NULL); 1414 1415 if (in.s_addr == INADDR_BROADCAST || 1416 in_nullhost(in)) 1417 return 1; 1418 if ((ifp->if_flags & IFF_BROADCAST) == 0) 1419 return 0; 1420 /* 1421 * Look through the list of addresses for a match 1422 * with a broadcast address. 1423 */ 1424 #define ia (ifatoia(ifa)) 1425 s = pserialize_read_enter(); 1426 IFADDR_READER_FOREACH(ifa, ifp) { 1427 if (ifa->ifa_addr->sa_family == AF_INET && 1428 !in_hosteq(in, ia->ia_addr.sin_addr) && 1429 (in_hosteq(in, ia->ia_broadaddr.sin_addr) || 1430 in_hosteq(in, ia->ia_netbroadcast) || 1431 (hostzeroisbroadcast && 1432 /* 1433 * Check for old-style (host 0) broadcast. 1434 */ 1435 (in.s_addr == ia->ia_subnet || 1436 in.s_addr == ia->ia_net)))) { 1437 pserialize_read_exit(s); 1438 return 1; 1439 } 1440 } 1441 pserialize_read_exit(s); 1442 return (0); 1443 #undef ia 1444 } 1445 1446 /* 1447 * perform DAD when interface becomes IFF_UP. 1448 */ 1449 void 1450 in_if_link_up(struct ifnet *ifp) 1451 { 1452 struct ifaddr *ifa; 1453 struct in_ifaddr *ia; 1454 int s, bound; 1455 1456 /* Ensure it's sane to run DAD */ 1457 if (ifp->if_link_state == LINK_STATE_DOWN) 1458 return; 1459 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 1460 return; 1461 1462 bound = curlwp_bind(); 1463 s = pserialize_read_enter(); 1464 IFADDR_READER_FOREACH(ifa, ifp) { 1465 struct psref psref; 1466 1467 if (ifa->ifa_addr->sa_family != AF_INET) 1468 continue; 1469 ifa_acquire(ifa, &psref); 1470 pserialize_read_exit(s); 1471 1472 ia = (struct in_ifaddr *)ifa; 1473 1474 /* If detached then mark as tentative */ 1475 if (ia->ia4_flags & IN_IFF_DETACHED) { 1476 ia->ia4_flags &= ~IN_IFF_DETACHED; 1477 if (if_do_dad(ifp) && ia->ia_dad_start != NULL) 1478 ia->ia4_flags |= IN_IFF_TENTATIVE; 1479 else if ((ia->ia4_flags & IN_IFF_TENTATIVE) == 0) 1480 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 1481 } 1482 1483 if (ia->ia4_flags & IN_IFF_TENTATIVE) { 1484 /* Clear the duplicated flag as we're starting DAD. */ 1485 ia->ia4_flags &= ~IN_IFF_DUPLICATED; 1486 ia->ia_dad_start(ifa); 1487 } 1488 1489 s = pserialize_read_enter(); 1490 ifa_release(ifa, &psref); 1491 } 1492 pserialize_read_exit(s); 1493 curlwp_bindx(bound); 1494 } 1495 1496 void 1497 in_if_up(struct ifnet *ifp) 1498 { 1499 1500 /* interface may not support link state, so bring it up also */ 1501 in_if_link_up(ifp); 1502 } 1503 1504 /* 1505 * Mark all addresses as detached. 1506 */ 1507 void 1508 in_if_link_down(struct ifnet *ifp) 1509 { 1510 struct ifaddr *ifa; 1511 struct in_ifaddr *ia; 1512 int s, bound; 1513 1514 bound = curlwp_bind(); 1515 s = pserialize_read_enter(); 1516 IFADDR_READER_FOREACH(ifa, ifp) { 1517 struct psref psref; 1518 1519 if (ifa->ifa_addr->sa_family != AF_INET) 1520 continue; 1521 ifa_acquire(ifa, &psref); 1522 pserialize_read_exit(s); 1523 1524 ia = (struct in_ifaddr *)ifa; 1525 1526 /* Stop DAD processing */ 1527 if (ia->ia_dad_stop != NULL) 1528 ia->ia_dad_stop(ifa); 1529 1530 /* 1531 * Mark the address as detached. 1532 */ 1533 if (!(ia->ia4_flags & IN_IFF_DETACHED)) { 1534 ia->ia4_flags |= IN_IFF_DETACHED; 1535 ia->ia4_flags &= 1536 ~(IN_IFF_TENTATIVE | IN_IFF_DUPLICATED); 1537 rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); 1538 } 1539 1540 s = pserialize_read_enter(); 1541 ifa_release(ifa, &psref); 1542 } 1543 pserialize_read_exit(s); 1544 curlwp_bindx(bound); 1545 } 1546 1547 void 1548 in_if_down(struct ifnet *ifp) 1549 { 1550 1551 in_if_link_down(ifp); 1552 #if NARP > 0 1553 lltable_purge_entries(LLTABLE(ifp)); 1554 #endif 1555 } 1556 1557 void 1558 in_if_link_state_change(struct ifnet *ifp, int link_state) 1559 { 1560 1561 switch (link_state) { 1562 case LINK_STATE_DOWN: 1563 in_if_link_down(ifp); 1564 break; 1565 case LINK_STATE_UP: 1566 in_if_link_up(ifp); 1567 break; 1568 } 1569 } 1570 1571 /* 1572 * in_lookup_multi: look up the in_multi record for a given IP 1573 * multicast address on a given interface. If no matching record is 1574 * found, return NULL. 1575 */ 1576 struct in_multi * 1577 in_lookup_multi(struct in_addr addr, ifnet_t *ifp) 1578 { 1579 struct in_multi *inm; 1580 1581 KASSERT(rw_lock_held(&in_multilock)); 1582 1583 LIST_FOREACH(inm, &IN_MULTI_HASH(addr.s_addr, ifp), inm_list) { 1584 if (in_hosteq(inm->inm_addr, addr) && inm->inm_ifp == ifp) 1585 break; 1586 } 1587 return inm; 1588 } 1589 1590 /* 1591 * in_multi_group: check whether the address belongs to an IP multicast 1592 * group we are joined on this interface. Returns true or false. 1593 */ 1594 bool 1595 in_multi_group(struct in_addr addr, ifnet_t *ifp, int flags) 1596 { 1597 bool ingroup; 1598 1599 if (__predict_true(flags & IP_IGMP_MCAST) == 0) { 1600 rw_enter(&in_multilock, RW_READER); 1601 ingroup = in_lookup_multi(addr, ifp) != NULL; 1602 rw_exit(&in_multilock); 1603 } else { 1604 /* XXX Recursive call from ip_output(). */ 1605 KASSERT(rw_lock_held(&in_multilock)); 1606 ingroup = in_lookup_multi(addr, ifp) != NULL; 1607 } 1608 return ingroup; 1609 } 1610 1611 /* 1612 * Add an address to the list of IP multicast addresses for a given interface. 1613 */ 1614 struct in_multi * 1615 in_addmulti(struct in_addr *ap, ifnet_t *ifp) 1616 { 1617 struct sockaddr_in sin; 1618 struct in_multi *inm; 1619 1620 /* 1621 * See if address already in list. 1622 */ 1623 rw_enter(&in_multilock, RW_WRITER); 1624 inm = in_lookup_multi(*ap, ifp); 1625 if (inm != NULL) { 1626 /* 1627 * Found it; just increment the reference count. 1628 */ 1629 inm->inm_refcount++; 1630 rw_exit(&in_multilock); 1631 return inm; 1632 } 1633 1634 /* 1635 * New address; allocate a new multicast record. 1636 */ 1637 inm = pool_get(&inmulti_pool, PR_NOWAIT); 1638 if (inm == NULL) { 1639 rw_exit(&in_multilock); 1640 return NULL; 1641 } 1642 inm->inm_addr = *ap; 1643 inm->inm_ifp = ifp; 1644 inm->inm_refcount = 1; 1645 1646 /* 1647 * Ask the network driver to update its multicast reception 1648 * filter appropriately for the new address. 1649 */ 1650 sockaddr_in_init(&sin, ap, 0); 1651 if (if_mcast_op(ifp, SIOCADDMULTI, sintosa(&sin)) != 0) { 1652 rw_exit(&in_multilock); 1653 pool_put(&inmulti_pool, inm); 1654 return NULL; 1655 } 1656 1657 /* 1658 * Let IGMP know that we have joined a new IP multicast group. 1659 */ 1660 if (igmp_joingroup(inm) != 0) { 1661 rw_exit(&in_multilock); 1662 pool_put(&inmulti_pool, inm); 1663 return NULL; 1664 } 1665 LIST_INSERT_HEAD( 1666 &IN_MULTI_HASH(inm->inm_addr.s_addr, ifp), 1667 inm, inm_list); 1668 in_multientries++; 1669 rw_exit(&in_multilock); 1670 1671 return inm; 1672 } 1673 1674 /* 1675 * Delete a multicast address record. 1676 */ 1677 void 1678 in_delmulti(struct in_multi *inm) 1679 { 1680 struct sockaddr_in sin; 1681 1682 rw_enter(&in_multilock, RW_WRITER); 1683 if (--inm->inm_refcount > 0) { 1684 rw_exit(&in_multilock); 1685 return; 1686 } 1687 1688 /* 1689 * No remaining claims to this record; let IGMP know that 1690 * we are leaving the multicast group. 1691 */ 1692 igmp_leavegroup(inm); 1693 1694 /* 1695 * Notify the network driver to update its multicast reception 1696 * filter. 1697 */ 1698 sockaddr_in_init(&sin, &inm->inm_addr, 0); 1699 if_mcast_op(inm->inm_ifp, SIOCDELMULTI, sintosa(&sin)); 1700 1701 /* 1702 * Unlink from list. 1703 */ 1704 LIST_REMOVE(inm, inm_list); 1705 in_multientries--; 1706 rw_exit(&in_multilock); 1707 1708 pool_put(&inmulti_pool, inm); 1709 } 1710 1711 /* 1712 * in_next_multi: step through all of the in_multi records, one at a time. 1713 * The current position is remembered in "step", which the caller must 1714 * provide. in_first_multi(), below, must be called to initialize "step" 1715 * and get the first record. Both macros return a NULL "inm" when there 1716 * are no remaining records. 1717 */ 1718 struct in_multi * 1719 in_next_multi(struct in_multistep *step) 1720 { 1721 struct in_multi *inm; 1722 1723 KASSERT(rw_lock_held(&in_multilock)); 1724 1725 while (step->i_inm == NULL && step->i_n < IN_MULTI_HASH_SIZE) { 1726 step->i_inm = LIST_FIRST(&in_multihashtbl[++step->i_n]); 1727 } 1728 if ((inm = step->i_inm) != NULL) { 1729 step->i_inm = LIST_NEXT(inm, inm_list); 1730 } 1731 return inm; 1732 } 1733 1734 struct in_multi * 1735 in_first_multi(struct in_multistep *step) 1736 { 1737 KASSERT(rw_lock_held(&in_multilock)); 1738 1739 step->i_n = 0; 1740 step->i_inm = LIST_FIRST(&in_multihashtbl[0]); 1741 return in_next_multi(step); 1742 } 1743 1744 void 1745 in_multi_lock(int op) 1746 { 1747 rw_enter(&in_multilock, op); 1748 } 1749 1750 void 1751 in_multi_unlock(void) 1752 { 1753 rw_exit(&in_multilock); 1754 } 1755 1756 int 1757 in_multi_lock_held(void) 1758 { 1759 return rw_lock_held(&in_multilock); 1760 } 1761 1762 struct in_ifaddr * 1763 in_selectsrc(struct sockaddr_in *sin, struct route *ro, 1764 int soopts, struct ip_moptions *mopts, int *errorp, struct psref *psref) 1765 { 1766 struct rtentry *rt = NULL; 1767 struct in_ifaddr *ia = NULL; 1768 1769 KASSERT(ISSET(curlwp->l_pflag, LP_BOUND)); 1770 /* 1771 * If route is known or can be allocated now, take the 1772 * source address from the interface. Otherwise, punt. 1773 */ 1774 if ((soopts & SO_DONTROUTE) != 0) 1775 rtcache_free(ro); 1776 else { 1777 union { 1778 struct sockaddr dst; 1779 struct sockaddr_in dst4; 1780 } u; 1781 1782 sockaddr_in_init(&u.dst4, &sin->sin_addr, 0); 1783 rt = rtcache_lookup(ro, &u.dst); 1784 } 1785 /* 1786 * If we found a route, use the address 1787 * corresponding to the outgoing interface 1788 * unless it is the loopback (in case a route 1789 * to our address on another net goes to loopback). 1790 * 1791 * XXX Is this still true? Do we care? 1792 */ 1793 if (rt != NULL && (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) { 1794 int s; 1795 struct ifaddr *ifa; 1796 /* 1797 * Just in case. May not need to do this workaround. 1798 * Revisit when working on rtentry MP-ification. 1799 */ 1800 s = pserialize_read_enter(); 1801 IFADDR_READER_FOREACH(ifa, rt->rt_ifp) { 1802 if (ifa == rt->rt_ifa) 1803 break; 1804 } 1805 if (ifa != NULL) 1806 ifa_acquire(ifa, psref); 1807 pserialize_read_exit(s); 1808 1809 ia = ifatoia(ifa); 1810 } 1811 if (ia == NULL) { 1812 u_int16_t fport = sin->sin_port; 1813 struct ifaddr *ifa; 1814 int s; 1815 1816 sin->sin_port = 0; 1817 ifa = ifa_ifwithladdr_psref(sintosa(sin), psref); 1818 sin->sin_port = fport; 1819 if (ifa == NULL) { 1820 /* Find 1st non-loopback AF_INET address */ 1821 s = pserialize_read_enter(); 1822 IN_ADDRLIST_READER_FOREACH(ia) { 1823 if (!(ia->ia_ifp->if_flags & IFF_LOOPBACK)) 1824 break; 1825 } 1826 if (ia != NULL) 1827 ia4_acquire(ia, psref); 1828 pserialize_read_exit(s); 1829 } else { 1830 /* ia is already referenced by psref */ 1831 ia = ifatoia(ifa); 1832 } 1833 if (ia == NULL) { 1834 *errorp = EADDRNOTAVAIL; 1835 goto out; 1836 } 1837 } 1838 /* 1839 * If the destination address is multicast and an outgoing 1840 * interface has been set as a multicast option, use the 1841 * address of that interface as our source address. 1842 */ 1843 if (IN_MULTICAST(sin->sin_addr.s_addr) && mopts != NULL) { 1844 struct ip_moptions *imo; 1845 1846 imo = mopts; 1847 if (imo->imo_multicast_if_index != 0) { 1848 struct ifnet *ifp; 1849 int s; 1850 1851 if (ia != NULL) 1852 ia4_release(ia, psref); 1853 s = pserialize_read_enter(); 1854 ifp = if_byindex(imo->imo_multicast_if_index); 1855 if (ifp != NULL) { 1856 /* XXX */ 1857 ia = in_get_ia_from_ifp_psref(ifp, psref); 1858 } else 1859 ia = NULL; 1860 if (ia == NULL || ia->ia4_flags & IN_IFF_NOTREADY) { 1861 pserialize_read_exit(s); 1862 if (ia != NULL) 1863 ia4_release(ia, psref); 1864 *errorp = EADDRNOTAVAIL; 1865 ia = NULL; 1866 goto out; 1867 } 1868 pserialize_read_exit(s); 1869 } 1870 } 1871 if (ia->ia_ifa.ifa_getifa != NULL) { 1872 ia = ifatoia((*ia->ia_ifa.ifa_getifa)(&ia->ia_ifa, 1873 sintosa(sin))); 1874 if (ia == NULL) { 1875 *errorp = EADDRNOTAVAIL; 1876 goto out; 1877 } 1878 /* FIXME NOMPSAFE */ 1879 ia4_acquire(ia, psref); 1880 } 1881 #ifdef GETIFA_DEBUG 1882 else 1883 printf("%s: missing ifa_getifa\n", __func__); 1884 #endif 1885 out: 1886 rtcache_unref(rt, ro); 1887 return ia; 1888 } 1889 1890 int 1891 in_tunnel_validate(const struct ip *ip, struct in_addr src, struct in_addr dst) 1892 { 1893 struct in_ifaddr *ia4; 1894 int s; 1895 1896 /* check for address match */ 1897 if (src.s_addr != ip->ip_dst.s_addr || 1898 dst.s_addr != ip->ip_src.s_addr) 1899 return 0; 1900 1901 /* martian filters on outer source - NOT done in ip_input! */ 1902 if (IN_MULTICAST(ip->ip_src.s_addr)) 1903 return 0; 1904 switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) { 1905 case 0: 1906 case 127: 1907 case 255: 1908 return 0; 1909 } 1910 /* reject packets with broadcast on source */ 1911 s = pserialize_read_enter(); 1912 IN_ADDRLIST_READER_FOREACH(ia4) { 1913 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 1914 continue; 1915 if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { 1916 pserialize_read_exit(s); 1917 return 0; 1918 } 1919 } 1920 pserialize_read_exit(s); 1921 1922 /* NOTE: packet may dropped by uRPF */ 1923 1924 /* return valid bytes length */ 1925 return sizeof(src) + sizeof(dst); 1926 } 1927 1928 #if NARP > 0 1929 1930 #define IN_LLTBL_DEFAULT_HSIZE 32 1931 #define IN_LLTBL_HASH(k, h) \ 1932 (((((((k >> 8) ^ k) >> 8) ^ k) >> 8) ^ k) & ((h) - 1)) 1933 1934 /* 1935 * Do actual deallocation of @lle. 1936 * Called by LLE_FREE_LOCKED when number of references 1937 * drops to zero. 1938 */ 1939 static void 1940 in_lltable_destroy_lle(struct llentry *lle) 1941 { 1942 1943 KASSERT(lle->la_numheld == 0); 1944 1945 LLE_WUNLOCK(lle); 1946 LLE_LOCK_DESTROY(lle); 1947 llentry_pool_put(lle); 1948 } 1949 1950 static struct llentry * 1951 in_lltable_new(struct in_addr addr4, u_int flags) 1952 { 1953 struct llentry *lle; 1954 1955 lle = llentry_pool_get(PR_NOWAIT); 1956 if (lle == NULL) /* NB: caller generates msg */ 1957 return NULL; 1958 1959 /* 1960 * For IPv4 this will trigger "arpresolve" to generate 1961 * an ARP request. 1962 */ 1963 lle->la_expire = time_uptime; /* mark expired */ 1964 lle->r_l3addr.addr4 = addr4; 1965 lle->lle_refcnt = 1; 1966 lle->lle_free = in_lltable_destroy_lle; 1967 LLE_LOCK_INIT(lle); 1968 callout_init(&lle->la_timer, CALLOUT_MPSAFE); 1969 1970 return lle; 1971 } 1972 1973 #define IN_ARE_MASKED_ADDR_EQUAL(d, a, m) ( \ 1974 (((ntohl((d).s_addr) ^ (a)->sin_addr.s_addr) & (m)->sin_addr.s_addr)) == 0 ) 1975 1976 static int 1977 in_lltable_match_prefix(const struct sockaddr *prefix, 1978 const struct sockaddr *mask, u_int flags, struct llentry *lle) 1979 { 1980 const struct sockaddr_in *pfx = (const struct sockaddr_in *)prefix; 1981 const struct sockaddr_in *msk = (const struct sockaddr_in *)mask; 1982 struct in_addr lle_addr; 1983 1984 lle_addr.s_addr = ntohl(lle->r_l3addr.addr4.s_addr); 1985 1986 /* 1987 * (flags & LLE_STATIC) means deleting all entries 1988 * including static ARP entries. 1989 */ 1990 if (IN_ARE_MASKED_ADDR_EQUAL(lle_addr, pfx, msk) && 1991 ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))) 1992 return (1); 1993 1994 return (0); 1995 } 1996 1997 static void 1998 in_lltable_free_entry(struct lltable *llt, struct llentry *lle) 1999 { 2000 size_t pkts_dropped; 2001 2002 LLE_WLOCK_ASSERT(lle); 2003 KASSERT(llt != NULL); 2004 2005 pkts_dropped = llentry_free(lle); 2006 arp_stat_add(ARP_STAT_DFRDROPPED, (uint64_t)pkts_dropped); 2007 } 2008 2009 static int 2010 in_lltable_rtcheck(struct ifnet *ifp, u_int flags, const struct sockaddr *l3addr, 2011 const struct rtentry *rt) 2012 { 2013 int error = EINVAL; 2014 2015 if (rt == NULL) 2016 return error; 2017 2018 /* 2019 * If the gateway for an existing host route matches the target L3 2020 * address, which is a special route inserted by some implementation 2021 * such as MANET, and the interface is of the correct type, then 2022 * allow for ARP to proceed. 2023 */ 2024 if (rt->rt_flags & RTF_GATEWAY) { 2025 if (!(rt->rt_flags & RTF_HOST) || !rt->rt_ifp || 2026 rt->rt_ifp->if_type != IFT_ETHER || 2027 (rt->rt_ifp->if_flags & IFF_NOARP) != 0 || 2028 memcmp(rt->rt_gateway->sa_data, l3addr->sa_data, 2029 sizeof(in_addr_t)) != 0) { 2030 goto error; 2031 } 2032 } 2033 2034 /* 2035 * Make sure that at least the destination address is covered 2036 * by the route. This is for handling the case where 2 or more 2037 * interfaces have the same prefix. An incoming packet arrives 2038 * on one interface and the corresponding outgoing packet leaves 2039 * another interface. 2040 */ 2041 if (!(rt->rt_flags & RTF_HOST) && rt->rt_ifp != ifp) { 2042 const char *sa, *mask, *addr, *lim; 2043 int len; 2044 2045 mask = (const char *)rt_mask(rt); 2046 /* 2047 * Just being extra cautious to avoid some custom 2048 * code getting into trouble. 2049 */ 2050 if (mask == NULL) 2051 goto error; 2052 2053 sa = (const char *)rt_getkey(rt); 2054 addr = (const char *)l3addr; 2055 len = ((const struct sockaddr_in *)l3addr)->sin_len; 2056 lim = addr + len; 2057 2058 for ( ; addr < lim; sa++, mask++, addr++) { 2059 if ((*sa ^ *addr) & *mask) { 2060 #ifdef DIAGNOSTIC 2061 log(LOG_INFO, "IPv4 address: \"%s\" is not on the network\n", 2062 inet_ntoa(((const struct sockaddr_in *)l3addr)->sin_addr)); 2063 #endif 2064 goto error; 2065 } 2066 } 2067 } 2068 2069 error = 0; 2070 error: 2071 return error; 2072 } 2073 2074 static inline uint32_t 2075 in_lltable_hash_dst(const struct in_addr dst, uint32_t hsize) 2076 { 2077 2078 return (IN_LLTBL_HASH(dst.s_addr, hsize)); 2079 } 2080 2081 static uint32_t 2082 in_lltable_hash(const struct llentry *lle, uint32_t hsize) 2083 { 2084 2085 return (in_lltable_hash_dst(lle->r_l3addr.addr4, hsize)); 2086 } 2087 2088 static void 2089 in_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa) 2090 { 2091 struct sockaddr_in *sin; 2092 2093 sin = (struct sockaddr_in *)sa; 2094 memset(sin, 0, sizeof(*sin)); 2095 sin->sin_family = AF_INET; 2096 sin->sin_len = sizeof(*sin); 2097 sin->sin_addr = lle->r_l3addr.addr4; 2098 } 2099 2100 static inline struct llentry * 2101 in_lltable_find_dst(struct lltable *llt, struct in_addr dst) 2102 { 2103 struct llentry *lle; 2104 struct llentries *lleh; 2105 u_int hashidx; 2106 2107 hashidx = in_lltable_hash_dst(dst, llt->llt_hsize); 2108 lleh = &llt->lle_head[hashidx]; 2109 LIST_FOREACH(lle, lleh, lle_next) { 2110 if (lle->la_flags & LLE_DELETED) 2111 continue; 2112 if (lle->r_l3addr.addr4.s_addr == dst.s_addr) 2113 break; 2114 } 2115 2116 return (lle); 2117 } 2118 2119 static int 2120 in_lltable_delete(struct lltable *llt, u_int flags, 2121 const struct sockaddr *l3addr) 2122 { 2123 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2124 struct ifnet *ifp __diagused = llt->llt_ifp; 2125 struct llentry *lle; 2126 2127 IF_AFDATA_WLOCK_ASSERT(ifp); 2128 KASSERTMSG(l3addr->sa_family == AF_INET, 2129 "sin_family %d", l3addr->sa_family); 2130 2131 lle = in_lltable_find_dst(llt, sin->sin_addr); 2132 if (lle == NULL) { 2133 #ifdef LLTABLE_DEBUG 2134 char buf[64]; 2135 sockaddr_format(l3addr, buf, sizeof(buf)); 2136 log(LOG_INFO, "%s: cache for %s is not found\n", 2137 __func__, buf); 2138 #endif 2139 return (ENOENT); 2140 } 2141 2142 LLE_WLOCK(lle); 2143 #ifdef LLTABLE_DEBUG 2144 { 2145 char buf[64]; 2146 sockaddr_format(l3addr, buf, sizeof(buf)); 2147 log(LOG_INFO, "%s: cache for %s (%p) is deleted\n", 2148 __func__, buf, lle); 2149 } 2150 #endif 2151 llentry_free(lle); 2152 2153 return (0); 2154 } 2155 2156 static struct llentry * 2157 in_lltable_create(struct lltable *llt, u_int flags, const struct sockaddr *l3addr, 2158 const struct rtentry *rt) 2159 { 2160 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2161 struct ifnet *ifp = llt->llt_ifp; 2162 struct llentry *lle; 2163 2164 IF_AFDATA_WLOCK_ASSERT(ifp); 2165 KASSERTMSG(l3addr->sa_family == AF_INET, 2166 "sin_family %d", l3addr->sa_family); 2167 2168 lle = in_lltable_find_dst(llt, sin->sin_addr); 2169 2170 if (lle != NULL) { 2171 LLE_WLOCK(lle); 2172 return (lle); 2173 } 2174 2175 /* no existing record, we need to create new one */ 2176 2177 /* 2178 * A route that covers the given address must have 2179 * been installed 1st because we are doing a resolution, 2180 * verify this. 2181 */ 2182 if (!(flags & LLE_IFADDR) && 2183 in_lltable_rtcheck(ifp, flags, l3addr, rt) != 0) 2184 return (NULL); 2185 2186 lle = in_lltable_new(sin->sin_addr, flags); 2187 if (lle == NULL) { 2188 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2189 return (NULL); 2190 } 2191 lle->la_flags = flags; 2192 if ((flags & LLE_IFADDR) == LLE_IFADDR) { 2193 memcpy(&lle->ll_addr, CLLADDR(ifp->if_sadl), ifp->if_addrlen); 2194 lle->la_flags |= (LLE_VALID | LLE_STATIC); 2195 } 2196 2197 lltable_link_entry(llt, lle); 2198 LLE_WLOCK(lle); 2199 2200 return (lle); 2201 } 2202 2203 /* 2204 * Return NULL if not found or marked for deletion. 2205 * If found return lle read locked. 2206 */ 2207 static struct llentry * 2208 in_lltable_lookup(struct lltable *llt, u_int flags, const struct sockaddr *l3addr) 2209 { 2210 const struct sockaddr_in *sin = (const struct sockaddr_in *)l3addr; 2211 struct llentry *lle; 2212 2213 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); 2214 KASSERTMSG(l3addr->sa_family == AF_INET, 2215 "sin_family %d", l3addr->sa_family); 2216 2217 lle = in_lltable_find_dst(llt, sin->sin_addr); 2218 2219 if (lle == NULL) 2220 return NULL; 2221 2222 if (flags & LLE_EXCLUSIVE) 2223 LLE_WLOCK(lle); 2224 else 2225 LLE_RLOCK(lle); 2226 2227 return lle; 2228 } 2229 2230 static int 2231 in_lltable_dump_entry(struct lltable *llt, struct llentry *lle, 2232 struct rt_walkarg *w) 2233 { 2234 struct sockaddr_in sin; 2235 2236 LLTABLE_LOCK_ASSERT(); 2237 2238 /* skip deleted entries */ 2239 if (lle->la_flags & LLE_DELETED) 2240 return 0; 2241 2242 sockaddr_in_init(&sin, &lle->r_l3addr.addr4, 0); 2243 2244 return lltable_dump_entry(llt, lle, w, sintosa(&sin)); 2245 } 2246 2247 #endif /* NARP > 0 */ 2248 2249 static int 2250 in_multicast_sysctl(SYSCTLFN_ARGS) 2251 { 2252 struct ifnet *ifp; 2253 struct ifaddr *ifa; 2254 struct in_ifaddr *ifa4; 2255 struct in_multi *inm; 2256 uint32_t tmp; 2257 int error; 2258 size_t written; 2259 struct psref psref; 2260 int bound; 2261 2262 if (namelen != 1) 2263 return EINVAL; 2264 2265 bound = curlwp_bind(); 2266 ifp = if_get_byindex(name[0], &psref); 2267 if (ifp == NULL) { 2268 curlwp_bindx(bound); 2269 return ENODEV; 2270 } 2271 2272 if (oldp == NULL) { 2273 *oldlenp = 0; 2274 IFADDR_FOREACH(ifa, ifp) { 2275 if (ifa->ifa_addr->sa_family != AF_INET) 2276 continue; 2277 ifa4 = (void *)ifa; 2278 LIST_FOREACH(inm, &ifa4->ia_multiaddrs, inm_list) { 2279 *oldlenp += 2 * sizeof(struct in_addr) + 2280 sizeof(uint32_t); 2281 } 2282 } 2283 if_put(ifp, &psref); 2284 curlwp_bindx(bound); 2285 return 0; 2286 } 2287 2288 error = 0; 2289 written = 0; 2290 IFADDR_FOREACH(ifa, ifp) { 2291 if (ifa->ifa_addr->sa_family != AF_INET) 2292 continue; 2293 ifa4 = (void *)ifa; 2294 LIST_FOREACH(inm, &ifa4->ia_multiaddrs, inm_list) { 2295 if (written + 2 * sizeof(struct in_addr) + 2296 sizeof(uint32_t) > *oldlenp) 2297 goto done; 2298 error = sysctl_copyout(l, &ifa4->ia_addr.sin_addr, 2299 oldp, sizeof(struct in_addr)); 2300 if (error) 2301 goto done; 2302 oldp = (char *)oldp + sizeof(struct in_addr); 2303 written += sizeof(struct in_addr); 2304 error = sysctl_copyout(l, &inm->inm_addr, 2305 oldp, sizeof(struct in_addr)); 2306 if (error) 2307 goto done; 2308 oldp = (char *)oldp + sizeof(struct in_addr); 2309 written += sizeof(struct in_addr); 2310 tmp = inm->inm_refcount; 2311 error = sysctl_copyout(l, &tmp, oldp, sizeof(tmp)); 2312 if (error) 2313 goto done; 2314 oldp = (char *)oldp + sizeof(tmp); 2315 written += sizeof(tmp); 2316 } 2317 } 2318 done: 2319 if_put(ifp, &psref); 2320 curlwp_bindx(bound); 2321 *oldlenp = written; 2322 return error; 2323 } 2324 2325 static void 2326 in_sysctl_init(struct sysctllog **clog) 2327 { 2328 sysctl_createv(clog, 0, NULL, NULL, 2329 CTLFLAG_PERMANENT, 2330 CTLTYPE_NODE, "inet", 2331 SYSCTL_DESCR("PF_INET related settings"), 2332 NULL, 0, NULL, 0, 2333 CTL_NET, PF_INET, CTL_EOL); 2334 sysctl_createv(clog, 0, NULL, NULL, 2335 CTLFLAG_PERMANENT, 2336 CTLTYPE_NODE, "multicast", 2337 SYSCTL_DESCR("Multicast information"), 2338 in_multicast_sysctl, 0, NULL, 0, 2339 CTL_NET, PF_INET, CTL_CREATE, CTL_EOL); 2340 sysctl_createv(clog, 0, NULL, NULL, 2341 CTLFLAG_PERMANENT, 2342 CTLTYPE_NODE, "ip", 2343 SYSCTL_DESCR("IPv4 related settings"), 2344 NULL, 0, NULL, 0, 2345 CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL); 2346 2347 sysctl_createv(clog, 0, NULL, NULL, 2348 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2349 CTLTYPE_INT, "subnetsarelocal", 2350 SYSCTL_DESCR("Whether logical subnets are considered " 2351 "local"), 2352 NULL, 0, &subnetsarelocal, 0, 2353 CTL_NET, PF_INET, IPPROTO_IP, 2354 IPCTL_SUBNETSARELOCAL, CTL_EOL); 2355 sysctl_createv(clog, 0, NULL, NULL, 2356 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2357 CTLTYPE_INT, "hostzerobroadcast", 2358 SYSCTL_DESCR("All zeroes address is broadcast address"), 2359 NULL, 0, &hostzeroisbroadcast, 0, 2360 CTL_NET, PF_INET, IPPROTO_IP, 2361 IPCTL_HOSTZEROBROADCAST, CTL_EOL); 2362 } 2363 2364 #if NARP > 0 2365 2366 static struct lltable * 2367 in_lltattach(struct ifnet *ifp) 2368 { 2369 struct lltable *llt; 2370 2371 llt = lltable_allocate_htbl(IN_LLTBL_DEFAULT_HSIZE); 2372 llt->llt_af = AF_INET; 2373 llt->llt_ifp = ifp; 2374 2375 llt->llt_lookup = in_lltable_lookup; 2376 llt->llt_create = in_lltable_create; 2377 llt->llt_delete = in_lltable_delete; 2378 llt->llt_dump_entry = in_lltable_dump_entry; 2379 llt->llt_hash = in_lltable_hash; 2380 llt->llt_fill_sa_entry = in_lltable_fill_sa_entry; 2381 llt->llt_free_entry = in_lltable_free_entry; 2382 llt->llt_match_prefix = in_lltable_match_prefix; 2383 lltable_link(llt); 2384 2385 return (llt); 2386 } 2387 2388 #endif /* NARP > 0 */ 2389 2390 void * 2391 in_domifattach(struct ifnet *ifp) 2392 { 2393 struct in_ifinfo *ii; 2394 2395 ii = kmem_zalloc(sizeof(struct in_ifinfo), KM_SLEEP); 2396 2397 #if NARP > 0 2398 ii->ii_llt = in_lltattach(ifp); 2399 #endif 2400 2401 #ifdef IPSELSRC 2402 ii->ii_selsrc = in_selsrc_domifattach(ifp); 2403 KASSERT(ii->ii_selsrc != NULL); 2404 #endif 2405 2406 return ii; 2407 } 2408 2409 void 2410 in_domifdetach(struct ifnet *ifp, void *aux) 2411 { 2412 struct in_ifinfo *ii = aux; 2413 2414 #ifdef IPSELSRC 2415 in_selsrc_domifdetach(ifp, ii->ii_selsrc); 2416 #endif 2417 #if NARP > 0 2418 lltable_free(ii->ii_llt); 2419 #endif 2420 kmem_free(ii, sizeof(struct in_ifinfo)); 2421 } 2422