1 /* $NetBSD: in6.c,v 1.151 2009/05/12 23:01:26 elad Exp $ */ 2 /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.151 2009/05/12 23:01:26 elad Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_pfil_hooks.h" 69 #include "opt_compat_netbsd.h" 70 71 #include <sys/param.h> 72 #include <sys/ioctl.h> 73 #include <sys/errno.h> 74 #include <sys/malloc.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sockio.h> 78 #include <sys/systm.h> 79 #include <sys/proc.h> 80 #include <sys/time.h> 81 #include <sys/kernel.h> 82 #include <sys/syslog.h> 83 #include <sys/kauth.h> 84 85 #include <net/if.h> 86 #include <net/if_types.h> 87 #include <net/route.h> 88 #include <net/if_dl.h> 89 90 #include <netinet/in.h> 91 #include <netinet/in_var.h> 92 #include <net/if_ether.h> 93 94 #include <netinet/ip6.h> 95 #include <netinet6/ip6_var.h> 96 #include <netinet6/nd6.h> 97 #include <netinet6/mld6_var.h> 98 #include <netinet6/ip6_mroute.h> 99 #include <netinet6/in6_ifattach.h> 100 #include <netinet6/scope6_var.h> 101 102 #include <net/net_osdep.h> 103 104 #ifdef PFIL_HOOKS 105 #include <net/pfil.h> 106 #endif 107 #ifdef COMPAT_50 108 #include <compat/netinet6/in6_var.h> 109 #endif 110 111 MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 112 113 /* enable backward compatibility code for obsoleted ioctls */ 114 #define COMPAT_IN6IFIOCTL 115 116 #ifdef IN6_DEBUG 117 #define IN6_DPRINTF(__fmt, ...) printf(__fmt, __VA_ARGS__) 118 #else 119 #define IN6_DPRINTF(__fmt, ...) do { } while (/*CONSTCOND*/0) 120 #endif /* IN6_DEBUG */ 121 122 /* 123 * Definitions of some constant IP6 addresses. 124 */ 125 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 126 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 127 const struct in6_addr in6addr_nodelocal_allnodes = 128 IN6ADDR_NODELOCAL_ALLNODES_INIT; 129 const struct in6_addr in6addr_linklocal_allnodes = 130 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 131 const struct in6_addr in6addr_linklocal_allrouters = 132 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 133 134 const struct in6_addr in6mask0 = IN6MASK0; 135 const struct in6_addr in6mask32 = IN6MASK32; 136 const struct in6_addr in6mask64 = IN6MASK64; 137 const struct in6_addr in6mask96 = IN6MASK96; 138 const struct in6_addr in6mask128 = IN6MASK128; 139 140 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 141 0, 0, IN6ADDR_ANY_INIT, 0}; 142 143 static int in6_lifaddr_ioctl(struct socket *, u_long, void *, 144 struct ifnet *, struct lwp *); 145 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, 146 const struct sockaddr_in6 *, int); 147 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 148 149 /* 150 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 151 * This routine does actual work. 152 */ 153 static void 154 in6_ifloop_request(int cmd, struct ifaddr *ifa) 155 { 156 struct sockaddr_in6 lo_sa; 157 struct sockaddr_in6 all1_sa; 158 struct rtentry *nrt = NULL; 159 int e; 160 161 sockaddr_in6_init(&all1_sa, &in6mask128, 0, 0, 0); 162 sockaddr_in6_init(&lo_sa, &in6addr_loopback, 0, 0, 0); 163 164 /* 165 * We specify the address itself as the gateway, and set the 166 * RTF_LLINFO flag, so that the corresponding host route would have 167 * the flag, and thus applications that assume traditional behavior 168 * would be happy. Note that we assume the caller of the function 169 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 170 * which changes the outgoing interface to the loopback interface. 171 */ 172 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 173 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 174 if (e != 0) { 175 log(LOG_ERR, "in6_ifloop_request: " 176 "%s operation failed for %s (errno=%d)\n", 177 cmd == RTM_ADD ? "ADD" : "DELETE", 178 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 179 e); 180 } 181 182 /* 183 * Make sure rt_ifa be equal to IFA, the second argument of the 184 * function. 185 * We need this because when we refer to rt_ifa->ia6_flags in 186 * ip6_input, we assume that the rt_ifa points to the address instead 187 * of the loopback address. 188 */ 189 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) 190 rt_replace_ifa(nrt, ifa); 191 192 /* 193 * Report the addition/removal of the address to the routing socket. 194 * XXX: since we called rtinit for a p2p interface with a destination, 195 * we end up reporting twice in such a case. Should we rather 196 * omit the second report? 197 */ 198 if (nrt) { 199 rt_newaddrmsg(cmd, ifa, e, nrt); 200 if (cmd == RTM_DELETE) { 201 if (nrt->rt_refcnt <= 0) { 202 /* XXX: we should free the entry ourselves. */ 203 nrt->rt_refcnt++; 204 rtfree(nrt); 205 } 206 } else { 207 /* the cmd must be RTM_ADD here */ 208 nrt->rt_refcnt--; 209 } 210 } 211 } 212 213 /* 214 * Add ownaddr as loopback rtentry. We previously add the route only if 215 * necessary (ex. on a p2p link). However, since we now manage addresses 216 * separately from prefixes, we should always add the route. We can't 217 * rely on the cloning mechanism from the corresponding interface route 218 * any more. 219 */ 220 void 221 in6_ifaddloop(struct ifaddr *ifa) 222 { 223 struct rtentry *rt; 224 225 /* If there is no loopback entry, allocate one. */ 226 rt = rtalloc1(ifa->ifa_addr, 0); 227 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 228 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 229 in6_ifloop_request(RTM_ADD, ifa); 230 if (rt != NULL) 231 rt->rt_refcnt--; 232 } 233 234 /* 235 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 236 * if it exists. 237 */ 238 void 239 in6_ifremloop(struct ifaddr *ifa) 240 { 241 struct in6_ifaddr *alt_ia = NULL, *ia; 242 struct rtentry *rt; 243 int ia_count = 0; 244 245 /* 246 * Some of BSD variants do not remove cloned routes 247 * from an interface direct route, when removing the direct route 248 * (see comments in net/net_osdep.h). Even for variants that do remove 249 * cloned routes, they could fail to remove the cloned routes when 250 * we handle multple addresses that share a common prefix. 251 * So, we should remove the route corresponding to the deleted address. 252 */ 253 254 /* 255 * Delete the entry only if exactly one ifaddr matches the 256 * address, ifa->ifa_addr. 257 * 258 * If more than one ifaddr matches, replace the ifaddr in 259 * the routing table, rt_ifa, with a different ifaddr than 260 * the one we are purging, ifa. It is important to do 261 * this, or else the routing table can accumulate dangling 262 * pointers rt->rt_ifa->ifa_ifp to destroyed interfaces, 263 * which will lead to crashes, later. (More than one ifaddr 264 * can match if we assign the same address to multiple---probably 265 * p2p---interfaces.) 266 * 267 * XXX An old comment at this place said, "we should avoid 268 * XXX such a configuration [i.e., interfaces with the same 269 * XXX addressed assigned --ed.] in IPv6...". I do not 270 * XXX agree, especially now that I have fixed the dangling 271 * XXX ifp-pointers bug. 272 */ 273 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 274 if (!IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) 275 continue; 276 if (ia->ia_ifp != ifa->ifa_ifp) 277 alt_ia = ia; 278 if (++ia_count > 1 && alt_ia != NULL) 279 break; 280 } 281 282 if (ia_count == 0) 283 return; 284 285 if ((rt = rtalloc1(ifa->ifa_addr, 0)) == NULL) 286 return; 287 rt->rt_refcnt--; 288 289 /* 290 * Before deleting, check if a corresponding loopbacked 291 * host route surely exists. With this check, we can avoid 292 * deleting an interface direct route whose destination is 293 * the same as the address being removed. This can happen 294 * when removing a subnet-router anycast address on an 295 * interface attached to a shared medium. 296 */ 297 if ((rt->rt_flags & RTF_HOST) == 0 || 298 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 299 return; 300 301 /* If we cannot replace the route's ifaddr with the equivalent 302 * ifaddr of another interface, I believe it is safest to 303 * delete the route. 304 */ 305 if (ia_count == 1 || alt_ia == NULL) 306 in6_ifloop_request(RTM_DELETE, ifa); 307 else 308 rt_replace_ifa(rt, &alt_ia->ia_ifa); 309 } 310 311 int 312 in6_mask2len(struct in6_addr *mask, u_char *lim0) 313 { 314 int x = 0, y; 315 u_char *lim = lim0, *p; 316 317 /* ignore the scope_id part */ 318 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 319 lim = (u_char *)mask + sizeof(*mask); 320 for (p = (u_char *)mask; p < lim; x++, p++) { 321 if (*p != 0xff) 322 break; 323 } 324 y = 0; 325 if (p < lim) { 326 for (y = 0; y < NBBY; y++) { 327 if ((*p & (0x80 >> y)) == 0) 328 break; 329 } 330 } 331 332 /* 333 * when the limit pointer is given, do a stricter check on the 334 * remaining bits. 335 */ 336 if (p < lim) { 337 if (y != 0 && (*p & (0x00ff >> y)) != 0) 338 return -1; 339 for (p = p + 1; p < lim; p++) 340 if (*p != 0) 341 return -1; 342 } 343 344 return x * NBBY + y; 345 } 346 347 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 348 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 349 350 static int 351 in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 352 struct lwp *l) 353 { 354 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 355 struct in6_ifaddr *ia = NULL; 356 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 357 struct sockaddr_in6 *sa6; 358 int error; 359 switch (cmd) { 360 /* 361 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 362 */ 363 case SIOCSIFADDR: 364 case SIOCSIFDSTADDR: 365 #ifdef SIOCSIFCONF_X25 366 case SIOCSIFCONF_X25: 367 #endif 368 return EOPNOTSUPP; 369 case SIOCGETSGCNT_IN6: 370 case SIOCGETMIFCNT_IN6: 371 return mrt6_ioctl(cmd, data); 372 } 373 374 if (ifp == NULL) 375 return EOPNOTSUPP; 376 377 switch (cmd) { 378 case SIOCSNDFLUSH_IN6: 379 case SIOCSPFXFLUSH_IN6: 380 case SIOCSRTRFLUSH_IN6: 381 case SIOCSDEFIFACE_IN6: 382 case SIOCSIFINFO_FLAGS: 383 case SIOCSIFINFO_IN6: 384 /* Privileged. */ 385 /* FALLTHROUGH */ 386 case OSIOCGIFINFO_IN6: 387 case SIOCGIFINFO_IN6: 388 case SIOCGDRLST_IN6: 389 case SIOCGPRLST_IN6: 390 case SIOCGNBRINFO_IN6: 391 case SIOCGDEFIFACE_IN6: 392 return nd6_ioctl(cmd, data, ifp); 393 } 394 395 switch (cmd) { 396 case SIOCSIFPREFIX_IN6: 397 case SIOCDIFPREFIX_IN6: 398 case SIOCAIFPREFIX_IN6: 399 case SIOCCIFPREFIX_IN6: 400 case SIOCSGIFPREFIX_IN6: 401 case SIOCGIFPREFIX_IN6: 402 log(LOG_NOTICE, 403 "prefix ioctls are now invalidated. " 404 "please use ifconfig.\n"); 405 return EOPNOTSUPP; 406 } 407 408 switch (cmd) { 409 case SIOCALIFADDR: 410 case SIOCDLIFADDR: 411 /* Privileged. */ 412 /* FALLTHROUGH */ 413 case SIOCGLIFADDR: 414 return in6_lifaddr_ioctl(so, cmd, data, ifp, l); 415 } 416 417 /* 418 * Find address for this interface, if it exists. 419 * 420 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 421 * only, and used the first interface address as the target of other 422 * operations (without checking ifra_addr). This was because netinet 423 * code/API assumed at most 1 interface address per interface. 424 * Since IPv6 allows a node to assign multiple addresses 425 * on a single interface, we almost always look and check the 426 * presence of ifra_addr, and reject invalid ones here. 427 * It also decreases duplicated code among SIOC*_IN6 operations. 428 */ 429 switch (cmd) { 430 case SIOCAIFADDR_IN6: 431 #ifdef OSIOCAIFADDR_IN6 432 case OSIOCAIFADDR_IN6: 433 #endif 434 #ifdef OSIOCSIFPHYADDR_IN6 435 case OSIOCSIFPHYADDR_IN6: 436 #endif 437 case SIOCSIFPHYADDR_IN6: 438 sa6 = &ifra->ifra_addr; 439 break; 440 case SIOCSIFADDR_IN6: 441 case SIOCGIFADDR_IN6: 442 case SIOCSIFDSTADDR_IN6: 443 case SIOCSIFNETMASK_IN6: 444 case SIOCGIFDSTADDR_IN6: 445 case SIOCGIFNETMASK_IN6: 446 case SIOCDIFADDR_IN6: 447 case SIOCGIFPSRCADDR_IN6: 448 case SIOCGIFPDSTADDR_IN6: 449 case SIOCGIFAFLAG_IN6: 450 case SIOCSNDFLUSH_IN6: 451 case SIOCSPFXFLUSH_IN6: 452 case SIOCSRTRFLUSH_IN6: 453 case SIOCGIFALIFETIME_IN6: 454 #ifdef OSIOCGIFALIFETIME_IN6 455 case OSIOCGIFALIFETIME_IN6: 456 #endif 457 case SIOCGIFSTAT_IN6: 458 case SIOCGIFSTAT_ICMP6: 459 sa6 = &ifr->ifr_addr; 460 break; 461 default: 462 sa6 = NULL; 463 break; 464 } 465 if (sa6 && sa6->sin6_family == AF_INET6) { 466 if (sa6->sin6_scope_id != 0) 467 error = sa6_embedscope(sa6, 0); 468 else 469 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 470 if (error != 0) 471 return error; 472 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 473 } else 474 ia = NULL; 475 476 switch (cmd) { 477 case SIOCSIFADDR_IN6: 478 case SIOCSIFDSTADDR_IN6: 479 case SIOCSIFNETMASK_IN6: 480 /* 481 * Since IPv6 allows a node to assign multiple addresses 482 * on a single interface, SIOCSIFxxx ioctls are deprecated. 483 */ 484 return EINVAL; 485 486 case SIOCDIFADDR_IN6: 487 /* 488 * for IPv4, we look for existing in_ifaddr here to allow 489 * "ifconfig if0 delete" to remove the first IPv4 address on 490 * the interface. For IPv6, as the spec allows multiple 491 * interface address from the day one, we consider "remove the 492 * first one" semantics to be not preferable. 493 */ 494 if (ia == NULL) 495 return EADDRNOTAVAIL; 496 /* FALLTHROUGH */ 497 #ifdef OSIOCAIFADDR_IN6 498 case OSIOCAIFADDR_IN6: 499 #endif 500 case SIOCAIFADDR_IN6: 501 /* 502 * We always require users to specify a valid IPv6 address for 503 * the corresponding operation. 504 */ 505 if (ifra->ifra_addr.sin6_family != AF_INET6 || 506 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 507 return EAFNOSUPPORT; 508 /* Privileged. */ 509 510 break; 511 512 case SIOCGIFADDR_IN6: 513 /* This interface is basically deprecated. use SIOCGIFCONF. */ 514 /* FALLTHROUGH */ 515 case SIOCGIFAFLAG_IN6: 516 case SIOCGIFNETMASK_IN6: 517 case SIOCGIFDSTADDR_IN6: 518 case SIOCGIFALIFETIME_IN6: 519 #ifdef OSIOCGIFALIFETIME_IN6 520 case OSIOCGIFALIFETIME_IN6: 521 #endif 522 /* must think again about its semantics */ 523 if (ia == NULL) 524 return EADDRNOTAVAIL; 525 break; 526 } 527 528 switch (cmd) { 529 530 case SIOCGIFADDR_IN6: 531 ifr->ifr_addr = ia->ia_addr; 532 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 533 return error; 534 break; 535 536 case SIOCGIFDSTADDR_IN6: 537 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 538 return EINVAL; 539 /* 540 * XXX: should we check if ifa_dstaddr is NULL and return 541 * an error? 542 */ 543 ifr->ifr_dstaddr = ia->ia_dstaddr; 544 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 545 return error; 546 break; 547 548 case SIOCGIFNETMASK_IN6: 549 ifr->ifr_addr = ia->ia_prefixmask; 550 break; 551 552 case SIOCGIFAFLAG_IN6: 553 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 554 break; 555 556 case SIOCGIFSTAT_IN6: 557 if (ifp == NULL) 558 return EINVAL; 559 memset(&ifr->ifr_ifru.ifru_stat, 0, 560 sizeof(ifr->ifr_ifru.ifru_stat)); 561 ifr->ifr_ifru.ifru_stat = 562 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 563 break; 564 565 case SIOCGIFSTAT_ICMP6: 566 if (ifp == NULL) 567 return EINVAL; 568 memset(&ifr->ifr_ifru.ifru_icmp6stat, 0, 569 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 570 ifr->ifr_ifru.ifru_icmp6stat = 571 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 572 break; 573 574 #ifdef OSIOCGIFALIFETIME_IN6 575 case OSIOCGIFALIFETIME_IN6: 576 #endif 577 case SIOCGIFALIFETIME_IN6: 578 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 579 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 580 time_t maxexpire; 581 struct in6_addrlifetime *retlt = 582 &ifr->ifr_ifru.ifru_lifetime; 583 584 /* 585 * XXX: adjust expiration time assuming time_t is 586 * signed. 587 */ 588 maxexpire = ((time_t)~0) & 589 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 590 if (ia->ia6_lifetime.ia6t_vltime < 591 maxexpire - ia->ia6_updatetime) { 592 retlt->ia6t_expire = ia->ia6_updatetime + 593 ia->ia6_lifetime.ia6t_vltime; 594 } else 595 retlt->ia6t_expire = maxexpire; 596 } 597 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 598 time_t maxexpire; 599 struct in6_addrlifetime *retlt = 600 &ifr->ifr_ifru.ifru_lifetime; 601 602 /* 603 * XXX: adjust expiration time assuming time_t is 604 * signed. 605 */ 606 maxexpire = ((time_t)~0) & 607 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 608 if (ia->ia6_lifetime.ia6t_pltime < 609 maxexpire - ia->ia6_updatetime) { 610 retlt->ia6t_preferred = ia->ia6_updatetime + 611 ia->ia6_lifetime.ia6t_pltime; 612 } else 613 retlt->ia6t_preferred = maxexpire; 614 } 615 #ifdef OSIOCFIFALIFETIME_IN6 616 if (cmd == OSIOCFIFALIFETIME_IN6) 617 in6_addrlifetime_to_in6_addrlifetime50( 618 &ifr->ifru.ifru_lifetime); 619 #endif 620 break; 621 622 #ifdef OSIOCAIFADDR_IN6 623 case OSIOCAIFADDR_IN6: 624 in6_aliasreq50_to_in6_aliasreq(ifra); 625 /*FALLTHROUGH*/ 626 #endif 627 case SIOCAIFADDR_IN6: 628 { 629 int i; 630 struct nd_prefixctl pr0; 631 struct nd_prefix *pr; 632 633 /* reject read-only flags */ 634 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 635 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 636 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 637 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 638 return EINVAL; 639 } 640 /* 641 * first, make or update the interface address structure, 642 * and link it to the list. 643 */ 644 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 645 return error; 646 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 647 == NULL) { 648 /* 649 * this can happen when the user specify the 0 valid 650 * lifetime. 651 */ 652 break; 653 } 654 655 /* 656 * then, make the prefix on-link on the interface. 657 * XXX: we'd rather create the prefix before the address, but 658 * we need at least one address to install the corresponding 659 * interface route, so we configure the address first. 660 */ 661 662 /* 663 * convert mask to prefix length (prefixmask has already 664 * been validated in in6_update_ifa(). 665 */ 666 memset(&pr0, 0, sizeof(pr0)); 667 pr0.ndpr_ifp = ifp; 668 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 669 NULL); 670 if (pr0.ndpr_plen == 128) { 671 break; /* we don't need to install a host route. */ 672 } 673 pr0.ndpr_prefix = ifra->ifra_addr; 674 /* apply the mask for safety. */ 675 for (i = 0; i < 4; i++) { 676 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 677 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 678 } 679 /* 680 * XXX: since we don't have an API to set prefix (not address) 681 * lifetimes, we just use the same lifetimes as addresses. 682 * The (temporarily) installed lifetimes can be overridden by 683 * later advertised RAs (when accept_rtadv is non 0), which is 684 * an intended behavior. 685 */ 686 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 687 pr0.ndpr_raf_auto = 688 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 689 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 690 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 691 692 /* add the prefix if not yet. */ 693 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 694 /* 695 * nd6_prelist_add will install the corresponding 696 * interface route. 697 */ 698 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 699 return error; 700 if (pr == NULL) { 701 log(LOG_ERR, "nd6_prelist_add succeeded but " 702 "no prefix\n"); 703 return EINVAL; /* XXX panic here? */ 704 } 705 } 706 707 /* relate the address to the prefix */ 708 if (ia->ia6_ndpr == NULL) { 709 ia->ia6_ndpr = pr; 710 pr->ndpr_refcnt++; 711 712 /* 713 * If this is the first autoconf address from the 714 * prefix, create a temporary address as well 715 * (when required). 716 */ 717 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 718 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 719 int e; 720 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 721 log(LOG_NOTICE, "in6_control: failed " 722 "to create a temporary address, " 723 "errno=%d\n", e); 724 } 725 } 726 } 727 728 /* 729 * this might affect the status of autoconfigured addresses, 730 * that is, this address might make other addresses detached. 731 */ 732 pfxlist_onlink_check(); 733 734 #ifdef PFIL_HOOKS 735 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 736 ifp, PFIL_IFADDR); 737 #endif 738 739 break; 740 } 741 742 case SIOCDIFADDR_IN6: 743 { 744 struct nd_prefix *pr; 745 746 /* 747 * If the address being deleted is the only one that owns 748 * the corresponding prefix, expire the prefix as well. 749 * XXX: theoretically, we don't have to worry about such 750 * relationship, since we separate the address management 751 * and the prefix management. We do this, however, to provide 752 * as much backward compatibility as possible in terms of 753 * the ioctl operation. 754 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 755 */ 756 pr = ia->ia6_ndpr; 757 in6_purgeaddr(&ia->ia_ifa); 758 if (pr && pr->ndpr_refcnt == 0) 759 prelist_remove(pr); 760 #ifdef PFIL_HOOKS 761 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 762 ifp, PFIL_IFADDR); 763 #endif 764 break; 765 } 766 767 default: 768 return ENOTTY; 769 } 770 771 return 0; 772 } 773 774 int 775 in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 776 struct lwp *l) 777 { 778 int error, s; 779 780 switch (cmd) { 781 case SIOCSNDFLUSH_IN6: 782 case SIOCSPFXFLUSH_IN6: 783 case SIOCSRTRFLUSH_IN6: 784 case SIOCSDEFIFACE_IN6: 785 case SIOCSIFINFO_FLAGS: 786 case SIOCSIFINFO_IN6: 787 788 case SIOCALIFADDR: 789 case SIOCDLIFADDR: 790 791 case SIOCDIFADDR_IN6: 792 #ifdef OSIOCAIFADDR_IN6 793 case OSIOCAIFADDR_IN6: 794 #endif 795 case SIOCAIFADDR_IN6: 796 if (l == NULL || kauth_authorize_generic(l->l_cred, 797 KAUTH_GENERIC_ISSUSER, NULL)) 798 return EPERM; 799 break; 800 } 801 802 s = splnet(); 803 error = in6_control1(so , cmd, data, ifp, l); 804 splx(s); 805 return error; 806 } 807 808 /* 809 * Update parameters of an IPv6 interface address. 810 * If necessary, a new entry is created and linked into address chains. 811 * This function is separated from in6_control(). 812 * XXX: should this be performed under splnet()? 813 */ 814 static int 815 in6_update_ifa1(struct ifnet *ifp, struct in6_aliasreq *ifra, 816 struct in6_ifaddr *ia, int flags) 817 { 818 int error = 0, hostIsNew = 0, plen = -1; 819 struct in6_ifaddr *oia; 820 struct sockaddr_in6 dst6; 821 struct in6_addrlifetime *lt; 822 struct in6_multi_mship *imm; 823 struct in6_multi *in6m_sol; 824 struct rtentry *rt; 825 int dad_delay; 826 827 in6m_sol = NULL; 828 829 /* Validate parameters */ 830 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 831 return EINVAL; 832 833 /* 834 * The destination address for a p2p link must have a family 835 * of AF_UNSPEC or AF_INET6. 836 */ 837 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 838 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 839 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 840 return EAFNOSUPPORT; 841 /* 842 * validate ifra_prefixmask. don't check sin6_family, netmask 843 * does not carry fields other than sin6_len. 844 */ 845 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 846 return EINVAL; 847 /* 848 * Because the IPv6 address architecture is classless, we require 849 * users to specify a (non 0) prefix length (mask) for a new address. 850 * We also require the prefix (when specified) mask is valid, and thus 851 * reject a non-consecutive mask. 852 */ 853 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 854 return EINVAL; 855 if (ifra->ifra_prefixmask.sin6_len != 0) { 856 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 857 (u_char *)&ifra->ifra_prefixmask + 858 ifra->ifra_prefixmask.sin6_len); 859 if (plen <= 0) 860 return EINVAL; 861 } else { 862 /* 863 * In this case, ia must not be NULL. We just use its prefix 864 * length. 865 */ 866 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 867 } 868 /* 869 * If the destination address on a p2p interface is specified, 870 * and the address is a scoped one, validate/set the scope 871 * zone identifier. 872 */ 873 dst6 = ifra->ifra_dstaddr; 874 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 875 (dst6.sin6_family == AF_INET6)) { 876 struct in6_addr in6_tmp; 877 u_int32_t zoneid; 878 879 in6_tmp = dst6.sin6_addr; 880 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 881 return EINVAL; /* XXX: should be impossible */ 882 883 if (dst6.sin6_scope_id != 0) { 884 if (dst6.sin6_scope_id != zoneid) 885 return EINVAL; 886 } else /* user omit to specify the ID. */ 887 dst6.sin6_scope_id = zoneid; 888 889 /* convert into the internal form */ 890 if (sa6_embedscope(&dst6, 0)) 891 return EINVAL; /* XXX: should be impossible */ 892 } 893 /* 894 * The destination address can be specified only for a p2p or a 895 * loopback interface. If specified, the corresponding prefix length 896 * must be 128. 897 */ 898 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 899 #ifdef FORCE_P2PPLEN 900 int i; 901 #endif 902 903 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 904 /* XXX: noisy message */ 905 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 906 "be specified for a p2p or a loopback IF only\n")); 907 return EINVAL; 908 } 909 if (plen != 128) { 910 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 911 "be 128 when dstaddr is specified\n")); 912 #ifdef FORCE_P2PPLEN 913 /* 914 * To be compatible with old configurations, 915 * such as ifconfig gif0 inet6 2001::1 2001::2 916 * prefixlen 126, we override the specified 917 * prefixmask as if the prefix length was 128. 918 */ 919 ifra->ifra_prefixmask.sin6_len = 920 sizeof(struct sockaddr_in6); 921 for (i = 0; i < 4; i++) 922 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 923 0xffffffff; 924 plen = 128; 925 #else 926 return EINVAL; 927 #endif 928 } 929 } 930 /* lifetime consistency check */ 931 lt = &ifra->ifra_lifetime; 932 if (lt->ia6t_pltime > lt->ia6t_vltime) 933 return EINVAL; 934 if (lt->ia6t_vltime == 0) { 935 /* 936 * the following log might be noisy, but this is a typical 937 * configuration mistake or a tool's bug. 938 */ 939 nd6log((LOG_INFO, 940 "in6_update_ifa: valid lifetime is 0 for %s\n", 941 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 942 943 if (ia == NULL) 944 return 0; /* there's nothing to do */ 945 } 946 947 /* 948 * If this is a new address, allocate a new ifaddr and link it 949 * into chains. 950 */ 951 if (ia == NULL) { 952 hostIsNew = 1; 953 /* 954 * When in6_update_ifa() is called in a process of a received 955 * RA, it is called under an interrupt context. So, we should 956 * call malloc with M_NOWAIT. 957 */ 958 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 959 M_NOWAIT); 960 if (ia == NULL) 961 return ENOBUFS; 962 memset((void *)ia, 0, sizeof(*ia)); 963 LIST_INIT(&ia->ia6_memberships); 964 /* Initialize the address and masks, and put time stamp */ 965 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 966 ia->ia_addr.sin6_family = AF_INET6; 967 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 968 ia->ia6_createtime = time_second; 969 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 970 /* 971 * XXX: some functions expect that ifa_dstaddr is not 972 * NULL for p2p interfaces. 973 */ 974 ia->ia_ifa.ifa_dstaddr = 975 (struct sockaddr *)&ia->ia_dstaddr; 976 } else { 977 ia->ia_ifa.ifa_dstaddr = NULL; 978 } 979 ia->ia_ifa.ifa_netmask = 980 (struct sockaddr *)&ia->ia_prefixmask; 981 982 ia->ia_ifp = ifp; 983 if ((oia = in6_ifaddr) != NULL) { 984 for ( ; oia->ia_next; oia = oia->ia_next) 985 continue; 986 oia->ia_next = ia; 987 } else 988 in6_ifaddr = ia; 989 /* gain a refcnt for the link from in6_ifaddr */ 990 IFAREF(&ia->ia_ifa); 991 992 ifa_insert(ifp, &ia->ia_ifa); 993 } 994 995 /* update timestamp */ 996 ia->ia6_updatetime = time_second; 997 998 /* set prefix mask */ 999 if (ifra->ifra_prefixmask.sin6_len) { 1000 /* 1001 * We prohibit changing the prefix length of an existing 1002 * address, because 1003 * + such an operation should be rare in IPv6, and 1004 * + the operation would confuse prefix management. 1005 */ 1006 if (ia->ia_prefixmask.sin6_len && 1007 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1008 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1009 " existing (%s) address should not be changed\n", 1010 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1011 error = EINVAL; 1012 goto unlink; 1013 } 1014 ia->ia_prefixmask = ifra->ifra_prefixmask; 1015 } 1016 1017 /* 1018 * If a new destination address is specified, scrub the old one and 1019 * install the new destination. Note that the interface must be 1020 * p2p or loopback (see the check above.) 1021 */ 1022 if (dst6.sin6_family == AF_INET6 && 1023 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1024 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1025 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 1026 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1027 "a route to the old destination: %s\n", 1028 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1029 /* proceed anyway... */ 1030 } else 1031 ia->ia_flags &= ~IFA_ROUTE; 1032 ia->ia_dstaddr = dst6; 1033 } 1034 1035 /* 1036 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1037 * to see if the address is deprecated or invalidated, but initialize 1038 * these members for applications. 1039 */ 1040 ia->ia6_lifetime = ifra->ifra_lifetime; 1041 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1042 ia->ia6_lifetime.ia6t_expire = 1043 time_second + ia->ia6_lifetime.ia6t_vltime; 1044 } else 1045 ia->ia6_lifetime.ia6t_expire = 0; 1046 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1047 ia->ia6_lifetime.ia6t_preferred = 1048 time_second + ia->ia6_lifetime.ia6t_pltime; 1049 } else 1050 ia->ia6_lifetime.ia6t_preferred = 0; 1051 1052 /* reset the interface and routing table appropriately. */ 1053 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1054 goto unlink; 1055 1056 /* 1057 * configure address flags. 1058 */ 1059 ia->ia6_flags = ifra->ifra_flags; 1060 /* 1061 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1062 * userland, make it deprecated. 1063 */ 1064 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1065 ia->ia6_lifetime.ia6t_pltime = 0; 1066 ia->ia6_lifetime.ia6t_preferred = time_second; 1067 } 1068 1069 /* 1070 * Make the address tentative before joining multicast addresses, 1071 * so that corresponding MLD responses would not have a tentative 1072 * source address. 1073 */ 1074 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1075 if (hostIsNew && in6if_do_dad(ifp)) 1076 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1077 1078 /* 1079 * We are done if we have simply modified an existing address. 1080 */ 1081 if (!hostIsNew) 1082 return error; 1083 1084 /* 1085 * Beyond this point, we should call in6_purgeaddr upon an error, 1086 * not just go to unlink. 1087 */ 1088 1089 /* join necessary multicast groups */ 1090 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1091 struct sockaddr_in6 mltaddr, mltmask; 1092 struct in6_addr llsol; 1093 1094 /* join solicited multicast addr for new host id */ 1095 memset(&llsol, 0, sizeof(struct in6_addr)); 1096 llsol.s6_addr16[0] = htons(0xff02); 1097 llsol.s6_addr32[1] = 0; 1098 llsol.s6_addr32[2] = htonl(1); 1099 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1100 llsol.s6_addr8[12] = 0xff; 1101 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1102 /* XXX: should not happen */ 1103 log(LOG_ERR, "in6_update_ifa: " 1104 "in6_setscope failed\n"); 1105 goto cleanup; 1106 } 1107 dad_delay = 0; 1108 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1109 /* 1110 * We need a random delay for DAD on the address 1111 * being configured. It also means delaying 1112 * transmission of the corresponding MLD report to 1113 * avoid report collision. 1114 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1115 */ 1116 dad_delay = arc4random() % 1117 (MAX_RTR_SOLICITATION_DELAY * hz); 1118 } 1119 1120 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1121 /* join solicited multicast addr for new host id */ 1122 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1123 if (!imm) { 1124 nd6log((LOG_ERR, 1125 "in6_update_ifa: addmulti " 1126 "failed for %s on %s (errno=%d)\n", 1127 ip6_sprintf(&llsol), if_name(ifp), error)); 1128 goto cleanup; 1129 } 1130 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1131 in6m_sol = imm->i6mm_maddr; 1132 1133 sockaddr_in6_init(&mltmask, &in6mask32, 0, 0, 0); 1134 1135 /* 1136 * join link-local all-nodes address 1137 */ 1138 sockaddr_in6_init(&mltaddr, &in6addr_linklocal_allnodes, 1139 0, 0, 0); 1140 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1141 goto cleanup; /* XXX: should not fail */ 1142 1143 /* 1144 * XXX: do we really need this automatic routes? 1145 * We should probably reconsider this stuff. Most applications 1146 * actually do not need the routes, since they usually specify 1147 * the outgoing interface. 1148 */ 1149 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1150 if (rt) { 1151 if (memcmp(&mltaddr.sin6_addr, 1152 &satocsin6(rt_getkey(rt))->sin6_addr, 1153 MLTMASK_LEN)) { 1154 RTFREE(rt); 1155 rt = NULL; 1156 } else if (rt->rt_ifp != ifp) { 1157 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1158 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1159 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1160 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1161 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1162 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1163 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1164 rt_replace_ifa(rt, &ia->ia_ifa); 1165 rt->rt_ifp = ifp; 1166 } 1167 } 1168 if (!rt) { 1169 struct rt_addrinfo info; 1170 1171 memset(&info, 0, sizeof(info)); 1172 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1173 info.rti_info[RTAX_GATEWAY] = 1174 (struct sockaddr *)&ia->ia_addr; 1175 info.rti_info[RTAX_NETMASK] = 1176 (struct sockaddr *)&mltmask; 1177 info.rti_info[RTAX_IFA] = 1178 (struct sockaddr *)&ia->ia_addr; 1179 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1180 info.rti_flags = RTF_UP | RTF_CLONING; 1181 error = rtrequest1(RTM_ADD, &info, NULL); 1182 if (error) 1183 goto cleanup; 1184 } else { 1185 RTFREE(rt); 1186 } 1187 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1188 if (!imm) { 1189 nd6log((LOG_WARNING, 1190 "in6_update_ifa: addmulti failed for " 1191 "%s on %s (errno=%d)\n", 1192 ip6_sprintf(&mltaddr.sin6_addr), 1193 if_name(ifp), error)); 1194 goto cleanup; 1195 } 1196 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1197 1198 /* 1199 * join node information group address 1200 */ 1201 dad_delay = 0; 1202 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1203 /* 1204 * The spec doesn't say anything about delay for this 1205 * group, but the same logic should apply. 1206 */ 1207 dad_delay = arc4random() % 1208 (MAX_RTR_SOLICITATION_DELAY * hz); 1209 } 1210 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) != 0) 1211 ; 1212 else if ((imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1213 dad_delay)) == NULL) { /* XXX jinmei */ 1214 nd6log((LOG_WARNING, "in6_update_ifa: " 1215 "addmulti failed for %s on %s (errno=%d)\n", 1216 ip6_sprintf(&mltaddr.sin6_addr), 1217 if_name(ifp), error)); 1218 /* XXX not very fatal, go on... */ 1219 } else { 1220 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1221 } 1222 1223 1224 /* 1225 * join interface-local all-nodes address. 1226 * (ff01::1%ifN, and ff01::%ifN/32) 1227 */ 1228 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1229 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1230 goto cleanup; /* XXX: should not fail */ 1231 1232 /* XXX: again, do we really need the route? */ 1233 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1234 if (rt) { 1235 /* 32bit came from "mltmask" */ 1236 if (memcmp(&mltaddr.sin6_addr, 1237 &satocsin6(rt_getkey(rt))->sin6_addr, 1238 32 / NBBY)) { 1239 RTFREE(rt); 1240 rt = NULL; 1241 } else if (rt->rt_ifp != ifp) { 1242 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1243 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1244 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1245 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1246 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1247 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1248 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1249 rt_replace_ifa(rt, &ia->ia_ifa); 1250 rt->rt_ifp = ifp; 1251 } 1252 } 1253 if (!rt) { 1254 struct rt_addrinfo info; 1255 1256 memset(&info, 0, sizeof(info)); 1257 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1258 info.rti_info[RTAX_GATEWAY] = 1259 (struct sockaddr *)&ia->ia_addr; 1260 info.rti_info[RTAX_NETMASK] = 1261 (struct sockaddr *)&mltmask; 1262 info.rti_info[RTAX_IFA] = 1263 (struct sockaddr *)&ia->ia_addr; 1264 info.rti_flags = RTF_UP | RTF_CLONING; 1265 error = rtrequest1(RTM_ADD, &info, NULL); 1266 if (error) 1267 goto cleanup; 1268 #undef MLTMASK_LEN 1269 } else { 1270 RTFREE(rt); 1271 } 1272 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1273 if (!imm) { 1274 nd6log((LOG_WARNING, "in6_update_ifa: " 1275 "addmulti failed for %s on %s (errno=%d)\n", 1276 ip6_sprintf(&mltaddr.sin6_addr), 1277 if_name(ifp), error)); 1278 goto cleanup; 1279 } else { 1280 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1281 } 1282 } 1283 1284 /* 1285 * Perform DAD, if needed. 1286 * XXX It may be of use, if we can administratively 1287 * disable DAD. 1288 */ 1289 if (hostIsNew && in6if_do_dad(ifp) && 1290 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1291 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1292 { 1293 int mindelay, maxdelay; 1294 1295 dad_delay = 0; 1296 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1297 /* 1298 * We need to impose a delay before sending an NS 1299 * for DAD. Check if we also needed a delay for the 1300 * corresponding MLD message. If we did, the delay 1301 * should be larger than the MLD delay (this could be 1302 * relaxed a bit, but this simple logic is at least 1303 * safe). 1304 */ 1305 mindelay = 0; 1306 if (in6m_sol != NULL && 1307 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1308 mindelay = in6m_sol->in6m_timer; 1309 } 1310 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1311 if (maxdelay - mindelay == 0) 1312 dad_delay = 0; 1313 else { 1314 dad_delay = 1315 (arc4random() % (maxdelay - mindelay)) + 1316 mindelay; 1317 } 1318 } 1319 nd6_dad_start(&ia->ia_ifa, dad_delay); 1320 } 1321 1322 return error; 1323 1324 unlink: 1325 /* 1326 * XXX: if a change of an existing address failed, keep the entry 1327 * anyway. 1328 */ 1329 if (hostIsNew) 1330 in6_unlink_ifa(ia, ifp); 1331 return error; 1332 1333 cleanup: 1334 in6_purgeaddr(&ia->ia_ifa); 1335 return error; 1336 } 1337 1338 int 1339 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1340 struct in6_ifaddr *ia, int flags) 1341 { 1342 int rc, s; 1343 1344 s = splnet(); 1345 rc = in6_update_ifa1(ifp, ifra, ia, flags); 1346 splx(s); 1347 return rc; 1348 } 1349 1350 void 1351 in6_purgeaddr(struct ifaddr *ifa) 1352 { 1353 struct ifnet *ifp = ifa->ifa_ifp; 1354 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1355 struct in6_multi_mship *imm; 1356 1357 /* stop DAD processing */ 1358 nd6_dad_stop(ifa); 1359 1360 /* 1361 * delete route to the destination of the address being purged. 1362 * The interface must be p2p or loopback in this case. 1363 */ 1364 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1365 int e; 1366 1367 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1368 != 0) { 1369 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1370 "a route to the p2p destination: %s on %s, " 1371 "errno=%d\n", 1372 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1373 e); 1374 /* proceed anyway... */ 1375 } else 1376 ia->ia_flags &= ~IFA_ROUTE; 1377 } 1378 1379 /* Remove ownaddr's loopback rtentry, if it exists. */ 1380 in6_ifremloop(&(ia->ia_ifa)); 1381 1382 /* 1383 * leave from multicast groups we have joined for the interface 1384 */ 1385 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1386 LIST_REMOVE(imm, i6mm_chain); 1387 in6_leavegroup(imm); 1388 } 1389 1390 in6_unlink_ifa(ia, ifp); 1391 } 1392 1393 static void 1394 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1395 { 1396 struct in6_ifaddr *oia; 1397 int s = splnet(); 1398 1399 ifa_remove(ifp, &ia->ia_ifa); 1400 1401 oia = ia; 1402 if (oia == (ia = in6_ifaddr)) 1403 in6_ifaddr = ia->ia_next; 1404 else { 1405 while (ia->ia_next && (ia->ia_next != oia)) 1406 ia = ia->ia_next; 1407 if (ia->ia_next) 1408 ia->ia_next = oia->ia_next; 1409 else { 1410 /* search failed */ 1411 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1412 } 1413 } 1414 1415 /* 1416 * XXX thorpej@NetBSD.org -- if the interface is going 1417 * XXX away, don't save the multicast entries, delete them! 1418 */ 1419 if (LIST_EMPTY(&oia->ia6_multiaddrs)) 1420 ; 1421 else if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1422 struct in6_multi *in6m, *next; 1423 1424 for (in6m = LIST_FIRST(&oia->ia6_multiaddrs); in6m != NULL; 1425 in6m = next) { 1426 next = LIST_NEXT(in6m, in6m_entry); 1427 in6_delmulti(in6m); 1428 } 1429 } else 1430 in6_savemkludge(oia); 1431 1432 /* 1433 * Release the reference to the base prefix. There should be a 1434 * positive reference. 1435 */ 1436 if (oia->ia6_ndpr == NULL) { 1437 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1438 "%p has no prefix\n", oia)); 1439 } else { 1440 oia->ia6_ndpr->ndpr_refcnt--; 1441 oia->ia6_ndpr = NULL; 1442 } 1443 1444 /* 1445 * Also, if the address being removed is autoconf'ed, call 1446 * pfxlist_onlink_check() since the release might affect the status of 1447 * other (detached) addresses. 1448 */ 1449 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1450 pfxlist_onlink_check(); 1451 1452 /* 1453 * release another refcnt for the link from in6_ifaddr. 1454 * Note that we should decrement the refcnt at least once for all *BSD. 1455 */ 1456 IFAFREE(&oia->ia_ifa); 1457 1458 splx(s); 1459 } 1460 1461 void 1462 in6_purgeif(struct ifnet *ifp) 1463 { 1464 if_purgeaddrs(ifp, AF_INET6, in6_purgeaddr); 1465 1466 in6_ifdetach(ifp); 1467 } 1468 1469 /* 1470 * SIOC[GAD]LIFADDR. 1471 * SIOCGLIFADDR: get first address. (?) 1472 * SIOCGLIFADDR with IFLR_PREFIX: 1473 * get first address that matches the specified prefix. 1474 * SIOCALIFADDR: add the specified address. 1475 * SIOCALIFADDR with IFLR_PREFIX: 1476 * add the specified prefix, filling hostid part from 1477 * the first link-local address. prefixlen must be <= 64. 1478 * SIOCDLIFADDR: delete the specified address. 1479 * SIOCDLIFADDR with IFLR_PREFIX: 1480 * delete the first address that matches the specified prefix. 1481 * return values: 1482 * EINVAL on invalid parameters 1483 * EADDRNOTAVAIL on prefix match failed/specified address not found 1484 * other values may be returned from in6_ioctl() 1485 * 1486 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1487 * this is to accommodate address naming scheme other than RFC2374, 1488 * in the future. 1489 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1490 * address encoding scheme. (see figure on page 8) 1491 */ 1492 static int 1493 in6_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 1494 struct ifnet *ifp, struct lwp *l) 1495 { 1496 struct in6_ifaddr *ia; 1497 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1498 struct ifaddr *ifa; 1499 struct sockaddr *sa; 1500 1501 /* sanity checks */ 1502 if (!data || !ifp) { 1503 panic("invalid argument to in6_lifaddr_ioctl"); 1504 /* NOTREACHED */ 1505 } 1506 1507 switch (cmd) { 1508 case SIOCGLIFADDR: 1509 /* address must be specified on GET with IFLR_PREFIX */ 1510 if ((iflr->flags & IFLR_PREFIX) == 0) 1511 break; 1512 /* FALLTHROUGH */ 1513 case SIOCALIFADDR: 1514 case SIOCDLIFADDR: 1515 /* address must be specified on ADD and DELETE */ 1516 sa = (struct sockaddr *)&iflr->addr; 1517 if (sa->sa_family != AF_INET6) 1518 return EINVAL; 1519 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1520 return EINVAL; 1521 /* XXX need improvement */ 1522 sa = (struct sockaddr *)&iflr->dstaddr; 1523 if (sa->sa_family && sa->sa_family != AF_INET6) 1524 return EINVAL; 1525 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1526 return EINVAL; 1527 break; 1528 default: /* shouldn't happen */ 1529 #if 0 1530 panic("invalid cmd to in6_lifaddr_ioctl"); 1531 /* NOTREACHED */ 1532 #else 1533 return EOPNOTSUPP; 1534 #endif 1535 } 1536 if (sizeof(struct in6_addr) * NBBY < iflr->prefixlen) 1537 return EINVAL; 1538 1539 switch (cmd) { 1540 case SIOCALIFADDR: 1541 { 1542 struct in6_aliasreq ifra; 1543 struct in6_addr *xhostid = NULL; 1544 int prefixlen; 1545 1546 if ((iflr->flags & IFLR_PREFIX) != 0) { 1547 struct sockaddr_in6 *sin6; 1548 1549 /* 1550 * xhostid is to fill in the hostid part of the 1551 * address. xhostid points to the first link-local 1552 * address attached to the interface. 1553 */ 1554 ia = in6ifa_ifpforlinklocal(ifp, 0); 1555 if (ia == NULL) 1556 return EADDRNOTAVAIL; 1557 xhostid = IFA_IN6(&ia->ia_ifa); 1558 1559 /* prefixlen must be <= 64. */ 1560 if (64 < iflr->prefixlen) 1561 return EINVAL; 1562 prefixlen = iflr->prefixlen; 1563 1564 /* hostid part must be zero. */ 1565 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1566 if (sin6->sin6_addr.s6_addr32[2] != 0 1567 || sin6->sin6_addr.s6_addr32[3] != 0) { 1568 return EINVAL; 1569 } 1570 } else 1571 prefixlen = iflr->prefixlen; 1572 1573 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1574 memset(&ifra, 0, sizeof(ifra)); 1575 memcpy(ifra.ifra_name, iflr->iflr_name, sizeof(ifra.ifra_name)); 1576 1577 memcpy(&ifra.ifra_addr, &iflr->addr, 1578 ((struct sockaddr *)&iflr->addr)->sa_len); 1579 if (xhostid) { 1580 /* fill in hostid part */ 1581 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1582 xhostid->s6_addr32[2]; 1583 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1584 xhostid->s6_addr32[3]; 1585 } 1586 1587 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1588 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1589 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1590 if (xhostid) { 1591 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1592 xhostid->s6_addr32[2]; 1593 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1594 xhostid->s6_addr32[3]; 1595 } 1596 } 1597 1598 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1599 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1600 1601 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1602 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1603 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1604 return in6_control(so, SIOCAIFADDR_IN6, (void *)&ifra, ifp, l); 1605 } 1606 case SIOCGLIFADDR: 1607 case SIOCDLIFADDR: 1608 { 1609 struct in6_addr mask, candidate, match; 1610 struct sockaddr_in6 *sin6; 1611 int cmp; 1612 1613 memset(&mask, 0, sizeof(mask)); 1614 if (iflr->flags & IFLR_PREFIX) { 1615 /* lookup a prefix rather than address. */ 1616 in6_prefixlen2mask(&mask, iflr->prefixlen); 1617 1618 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1619 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1620 match.s6_addr32[0] &= mask.s6_addr32[0]; 1621 match.s6_addr32[1] &= mask.s6_addr32[1]; 1622 match.s6_addr32[2] &= mask.s6_addr32[2]; 1623 match.s6_addr32[3] &= mask.s6_addr32[3]; 1624 1625 /* if you set extra bits, that's wrong */ 1626 if (memcmp(&match, &sin6->sin6_addr, sizeof(match))) 1627 return EINVAL; 1628 1629 cmp = 1; 1630 } else { 1631 if (cmd == SIOCGLIFADDR) { 1632 /* on getting an address, take the 1st match */ 1633 cmp = 0; /* XXX */ 1634 } else { 1635 /* on deleting an address, do exact match */ 1636 in6_prefixlen2mask(&mask, 128); 1637 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1638 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1639 1640 cmp = 1; 1641 } 1642 } 1643 1644 IFADDR_FOREACH(ifa, ifp) { 1645 if (ifa->ifa_addr->sa_family != AF_INET6) 1646 continue; 1647 if (!cmp) 1648 break; 1649 1650 /* 1651 * XXX: this is adhoc, but is necessary to allow 1652 * a user to specify fe80::/64 (not /10) for a 1653 * link-local address. 1654 */ 1655 memcpy(&candidate, IFA_IN6(ifa), sizeof(candidate)); 1656 in6_clearscope(&candidate); 1657 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1658 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1659 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1660 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1661 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1662 break; 1663 } 1664 if (!ifa) 1665 return EADDRNOTAVAIL; 1666 ia = ifa2ia6(ifa); 1667 1668 if (cmd == SIOCGLIFADDR) { 1669 int error; 1670 1671 /* fill in the if_laddrreq structure */ 1672 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin6_len); 1673 error = sa6_recoverscope( 1674 (struct sockaddr_in6 *)&iflr->addr); 1675 if (error != 0) 1676 return error; 1677 1678 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1679 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1680 ia->ia_dstaddr.sin6_len); 1681 error = sa6_recoverscope( 1682 (struct sockaddr_in6 *)&iflr->dstaddr); 1683 if (error != 0) 1684 return error; 1685 } else 1686 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1687 1688 iflr->prefixlen = 1689 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1690 1691 iflr->flags = ia->ia6_flags; /* XXX */ 1692 1693 return 0; 1694 } else { 1695 struct in6_aliasreq ifra; 1696 1697 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1698 memset(&ifra, 0, sizeof(ifra)); 1699 memcpy(ifra.ifra_name, iflr->iflr_name, 1700 sizeof(ifra.ifra_name)); 1701 1702 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1703 ia->ia_addr.sin6_len); 1704 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1705 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1706 ia->ia_dstaddr.sin6_len); 1707 } else { 1708 memset(&ifra.ifra_dstaddr, 0, 1709 sizeof(ifra.ifra_dstaddr)); 1710 } 1711 memcpy(&ifra.ifra_dstaddr, &ia->ia_prefixmask, 1712 ia->ia_prefixmask.sin6_len); 1713 1714 ifra.ifra_flags = ia->ia6_flags; 1715 return in6_control(so, SIOCDIFADDR_IN6, (void *)&ifra, 1716 ifp, l); 1717 } 1718 } 1719 } 1720 1721 return EOPNOTSUPP; /* just for safety */ 1722 } 1723 1724 /* 1725 * Initialize an interface's internet6 address 1726 * and routing table entry. 1727 */ 1728 static int 1729 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1730 const struct sockaddr_in6 *sin6, int newhost) 1731 { 1732 int error = 0, plen, ifacount = 0; 1733 int s = splnet(); 1734 struct ifaddr *ifa; 1735 1736 /* 1737 * Give the interface a chance to initialize 1738 * if this is its first address, 1739 * and to validate the address if necessary. 1740 */ 1741 IFADDR_FOREACH(ifa, ifp) { 1742 if (ifa->ifa_addr == NULL) 1743 continue; /* just for safety */ 1744 if (ifa->ifa_addr->sa_family != AF_INET6) 1745 continue; 1746 ifacount++; 1747 } 1748 1749 ia->ia_addr = *sin6; 1750 1751 if (ifacount <= 1 && 1752 (error = (*ifp->if_ioctl)(ifp, SIOCINITIFADDR, ia)) != 0) { 1753 splx(s); 1754 return error; 1755 } 1756 splx(s); 1757 1758 ia->ia_ifa.ifa_metric = ifp->if_metric; 1759 1760 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1761 1762 /* 1763 * Special case: 1764 * If the destination address is specified for a point-to-point 1765 * interface, install a route to the destination as an interface 1766 * direct route. 1767 */ 1768 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1769 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1770 if ((error = rtinit(&ia->ia_ifa, RTM_ADD, 1771 RTF_UP | RTF_HOST)) != 0) 1772 return error; 1773 ia->ia_flags |= IFA_ROUTE; 1774 } 1775 1776 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1777 if (newhost) { 1778 /* set the rtrequest function to create llinfo */ 1779 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1780 in6_ifaddloop(&ia->ia_ifa); 1781 } 1782 1783 if (ifp->if_flags & IFF_MULTICAST) 1784 in6_restoremkludge(ia, ifp); 1785 1786 return error; 1787 } 1788 1789 /* 1790 * Find an IPv6 interface link-local address specific to an interface. 1791 */ 1792 struct in6_ifaddr * 1793 in6ifa_ifpforlinklocal(const struct ifnet *ifp, const int ignoreflags) 1794 { 1795 struct ifaddr *ifa; 1796 1797 IFADDR_FOREACH(ifa, ifp) { 1798 if (ifa->ifa_addr == NULL) 1799 continue; /* just for safety */ 1800 if (ifa->ifa_addr->sa_family != AF_INET6) 1801 continue; 1802 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1803 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1804 ignoreflags) != 0) 1805 continue; 1806 break; 1807 } 1808 } 1809 1810 return (struct in6_ifaddr *)ifa; 1811 } 1812 1813 1814 /* 1815 * find the internet address corresponding to a given interface and address. 1816 */ 1817 struct in6_ifaddr * 1818 in6ifa_ifpwithaddr(const struct ifnet *ifp, const struct in6_addr *addr) 1819 { 1820 struct ifaddr *ifa; 1821 1822 IFADDR_FOREACH(ifa, ifp) { 1823 if (ifa->ifa_addr == NULL) 1824 continue; /* just for safety */ 1825 if (ifa->ifa_addr->sa_family != AF_INET6) 1826 continue; 1827 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1828 break; 1829 } 1830 1831 return (struct in6_ifaddr *)ifa; 1832 } 1833 1834 /* 1835 * find the internet address on a given interface corresponding to a neighbor's 1836 * address. 1837 */ 1838 struct in6_ifaddr * 1839 in6ifa_ifplocaladdr(const struct ifnet *ifp, const struct in6_addr *addr) 1840 { 1841 struct ifaddr *ifa; 1842 struct in6_ifaddr *ia; 1843 1844 IFADDR_FOREACH(ifa, ifp) { 1845 if (ifa->ifa_addr == NULL) 1846 continue; /* just for safety */ 1847 if (ifa->ifa_addr->sa_family != AF_INET6) 1848 continue; 1849 ia = (struct in6_ifaddr *)ifa; 1850 if (IN6_ARE_MASKED_ADDR_EQUAL(addr, 1851 &ia->ia_addr.sin6_addr, 1852 &ia->ia_prefixmask.sin6_addr)) 1853 return ia; 1854 } 1855 1856 return NULL; 1857 } 1858 1859 /* 1860 * Convert IP6 address to printable (loggable) representation. 1861 */ 1862 static int ip6round = 0; 1863 char * 1864 ip6_sprintf(const struct in6_addr *addr) 1865 { 1866 static char ip6buf[8][48]; 1867 int i; 1868 char *cp; 1869 const u_int16_t *a = (const u_int16_t *)addr; 1870 const u_int8_t *d; 1871 int dcolon = 0; 1872 1873 ip6round = (ip6round + 1) & 7; 1874 cp = ip6buf[ip6round]; 1875 1876 for (i = 0; i < 8; i++) { 1877 if (dcolon == 1) { 1878 if (*a == 0) { 1879 if (i == 7) 1880 *cp++ = ':'; 1881 a++; 1882 continue; 1883 } else 1884 dcolon = 2; 1885 } 1886 if (*a == 0) { 1887 if (dcolon == 0 && *(a + 1) == 0) { 1888 if (i == 0) 1889 *cp++ = ':'; 1890 *cp++ = ':'; 1891 dcolon = 1; 1892 } else { 1893 *cp++ = '0'; 1894 *cp++ = ':'; 1895 } 1896 a++; 1897 continue; 1898 } 1899 d = (const u_char *)a; 1900 *cp++ = hexdigits[*d >> 4]; 1901 *cp++ = hexdigits[*d++ & 0xf]; 1902 *cp++ = hexdigits[*d >> 4]; 1903 *cp++ = hexdigits[*d & 0xf]; 1904 *cp++ = ':'; 1905 a++; 1906 } 1907 *--cp = 0; 1908 return ip6buf[ip6round]; 1909 } 1910 1911 /* 1912 * Determine if an address is on a local network. 1913 */ 1914 int 1915 in6_localaddr(const struct in6_addr *in6) 1916 { 1917 struct in6_ifaddr *ia; 1918 1919 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1920 return 1; 1921 1922 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1923 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1924 &ia->ia_prefixmask.sin6_addr)) 1925 return 1; 1926 1927 return 0; 1928 } 1929 1930 int 1931 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1932 { 1933 struct in6_ifaddr *ia; 1934 1935 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1936 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1937 &sa6->sin6_addr) && 1938 #ifdef SCOPEDROUTING 1939 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1940 #endif 1941 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1942 return 1; /* true */ 1943 1944 /* XXX: do we still have to go thru the rest of the list? */ 1945 } 1946 1947 return 0; /* false */ 1948 } 1949 1950 /* 1951 * return length of part which dst and src are equal 1952 * hard coding... 1953 */ 1954 int 1955 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1956 { 1957 int match = 0; 1958 u_char *s = (u_char *)src, *d = (u_char *)dst; 1959 u_char *lim = s + 16, r; 1960 1961 while (s < lim) 1962 if ((r = (*d++ ^ *s++)) != 0) { 1963 while (r < 128) { 1964 match++; 1965 r <<= 1; 1966 } 1967 break; 1968 } else 1969 match += NBBY; 1970 return match; 1971 } 1972 1973 /* XXX: to be scope conscious */ 1974 int 1975 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1976 { 1977 int bytelen, bitlen; 1978 1979 /* sanity check */ 1980 if (len < 0 || len > 128) { 1981 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1982 len); 1983 return 0; 1984 } 1985 1986 bytelen = len / NBBY; 1987 bitlen = len % NBBY; 1988 1989 if (memcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1990 return 0; 1991 if (bitlen != 0 && 1992 p1->s6_addr[bytelen] >> (NBBY - bitlen) != 1993 p2->s6_addr[bytelen] >> (NBBY - bitlen)) 1994 return 0; 1995 1996 return 1; 1997 } 1998 1999 void 2000 in6_prefixlen2mask(struct in6_addr *maskp, int len) 2001 { 2002 static const u_char maskarray[NBBY] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2003 int bytelen, bitlen, i; 2004 2005 /* sanity check */ 2006 if (len < 0 || len > 128) { 2007 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2008 len); 2009 return; 2010 } 2011 2012 memset(maskp, 0, sizeof(*maskp)); 2013 bytelen = len / NBBY; 2014 bitlen = len % NBBY; 2015 for (i = 0; i < bytelen; i++) 2016 maskp->s6_addr[i] = 0xff; 2017 if (bitlen) 2018 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2019 } 2020 2021 /* 2022 * return the best address out of the same scope. if no address was 2023 * found, return the first valid address from designated IF. 2024 */ 2025 struct in6_ifaddr * 2026 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2027 { 2028 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2029 struct ifaddr *ifa; 2030 struct in6_ifaddr *besta = 0; 2031 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2032 2033 dep[0] = dep[1] = NULL; 2034 2035 /* 2036 * We first look for addresses in the same scope. 2037 * If there is one, return it. 2038 * If two or more, return one which matches the dst longest. 2039 * If none, return one of global addresses assigned other ifs. 2040 */ 2041 IFADDR_FOREACH(ifa, ifp) { 2042 if (ifa->ifa_addr->sa_family != AF_INET6) 2043 continue; 2044 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2045 continue; /* XXX: is there any case to allow anycast? */ 2046 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2047 continue; /* don't use this interface */ 2048 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2049 continue; 2050 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2051 if (ip6_use_deprecated) 2052 dep[0] = (struct in6_ifaddr *)ifa; 2053 continue; 2054 } 2055 2056 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2057 /* 2058 * call in6_matchlen() as few as possible 2059 */ 2060 if (besta) { 2061 if (blen == -1) 2062 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2063 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2064 if (tlen > blen) { 2065 blen = tlen; 2066 besta = (struct in6_ifaddr *)ifa; 2067 } 2068 } else 2069 besta = (struct in6_ifaddr *)ifa; 2070 } 2071 } 2072 if (besta) 2073 return besta; 2074 2075 IFADDR_FOREACH(ifa, ifp) { 2076 if (ifa->ifa_addr->sa_family != AF_INET6) 2077 continue; 2078 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2079 continue; /* XXX: is there any case to allow anycast? */ 2080 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2081 continue; /* don't use this interface */ 2082 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2083 continue; 2084 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2085 if (ip6_use_deprecated) 2086 dep[1] = (struct in6_ifaddr *)ifa; 2087 continue; 2088 } 2089 2090 return (struct in6_ifaddr *)ifa; 2091 } 2092 2093 /* use the last-resort values, that are, deprecated addresses */ 2094 if (dep[0]) 2095 return dep[0]; 2096 if (dep[1]) 2097 return dep[1]; 2098 2099 return NULL; 2100 } 2101 2102 /* 2103 * perform DAD when interface becomes IFF_UP. 2104 */ 2105 void 2106 in6_if_up(struct ifnet *ifp) 2107 { 2108 struct ifaddr *ifa; 2109 struct in6_ifaddr *ia; 2110 2111 IFADDR_FOREACH(ifa, ifp) { 2112 if (ifa->ifa_addr->sa_family != AF_INET6) 2113 continue; 2114 ia = (struct in6_ifaddr *)ifa; 2115 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2116 /* 2117 * The TENTATIVE flag was likely set by hand 2118 * beforehand, implicitly indicating the need for DAD. 2119 * We may be able to skip the random delay in this 2120 * case, but we impose delays just in case. 2121 */ 2122 nd6_dad_start(ifa, 2123 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2124 } 2125 } 2126 2127 /* 2128 * special cases, like 6to4, are handled in in6_ifattach 2129 */ 2130 in6_ifattach(ifp, NULL); 2131 } 2132 2133 int 2134 in6if_do_dad(struct ifnet *ifp) 2135 { 2136 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2137 return 0; 2138 2139 switch (ifp->if_type) { 2140 case IFT_FAITH: 2141 /* 2142 * These interfaces do not have the IFF_LOOPBACK flag, 2143 * but loop packets back. We do not have to do DAD on such 2144 * interfaces. We should even omit it, because loop-backed 2145 * NS would confuse the DAD procedure. 2146 */ 2147 return 0; 2148 default: 2149 /* 2150 * Our DAD routine requires the interface up and running. 2151 * However, some interfaces can be up before the RUNNING 2152 * status. Additionaly, users may try to assign addresses 2153 * before the interface becomes up (or running). 2154 * We simply skip DAD in such a case as a work around. 2155 * XXX: we should rather mark "tentative" on such addresses, 2156 * and do DAD after the interface becomes ready. 2157 */ 2158 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2159 (IFF_UP|IFF_RUNNING)) 2160 return 0; 2161 2162 return 1; 2163 } 2164 } 2165 2166 /* 2167 * Calculate max IPv6 MTU through all the interfaces and store it 2168 * to in6_maxmtu. 2169 */ 2170 void 2171 in6_setmaxmtu(void) 2172 { 2173 unsigned long maxmtu = 0; 2174 struct ifnet *ifp; 2175 2176 TAILQ_FOREACH(ifp, &ifnet, if_list) { 2177 /* this function can be called during ifnet initialization */ 2178 if (!ifp->if_afdata[AF_INET6]) 2179 continue; 2180 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2181 IN6_LINKMTU(ifp) > maxmtu) 2182 maxmtu = IN6_LINKMTU(ifp); 2183 } 2184 if (maxmtu) /* update only when maxmtu is positive */ 2185 in6_maxmtu = maxmtu; 2186 } 2187 2188 /* 2189 * Provide the length of interface identifiers to be used for the link attached 2190 * to the given interface. The length should be defined in "IPv6 over 2191 * xxx-link" document. Note that address architecture might also define 2192 * the length for a particular set of address prefixes, regardless of the 2193 * link type. As clarified in rfc2462bis, those two definitions should be 2194 * consistent, and those really are as of August 2004. 2195 */ 2196 int 2197 in6_if2idlen(struct ifnet *ifp) 2198 { 2199 switch (ifp->if_type) { 2200 case IFT_ETHER: /* RFC2464 */ 2201 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2202 case IFT_L2VLAN: /* ditto */ 2203 case IFT_IEEE80211: /* ditto */ 2204 case IFT_FDDI: /* RFC2467 */ 2205 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2206 case IFT_PPP: /* RFC2472 */ 2207 case IFT_ARCNET: /* RFC2497 */ 2208 case IFT_FRELAY: /* RFC2590 */ 2209 case IFT_IEEE1394: /* RFC3146 */ 2210 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2211 case IFT_LOOP: /* XXX: is this really correct? */ 2212 return 64; 2213 default: 2214 /* 2215 * Unknown link type: 2216 * It might be controversial to use the today's common constant 2217 * of 64 for these cases unconditionally. For full compliance, 2218 * we should return an error in this case. On the other hand, 2219 * if we simply miss the standard for the link type or a new 2220 * standard is defined for a new link type, the IFID length 2221 * is very likely to be the common constant. As a compromise, 2222 * we always use the constant, but make an explicit notice 2223 * indicating the "unknown" case. 2224 */ 2225 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2226 return 64; 2227 } 2228 } 2229 2230 void * 2231 in6_domifattach(struct ifnet *ifp) 2232 { 2233 struct in6_ifextra *ext; 2234 2235 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK|M_ZERO); 2236 2237 ext->in6_ifstat = malloc(sizeof(struct in6_ifstat), 2238 M_IFADDR, M_WAITOK|M_ZERO); 2239 2240 ext->icmp6_ifstat = malloc(sizeof(struct icmp6_ifstat), 2241 M_IFADDR, M_WAITOK|M_ZERO); 2242 2243 ext->nd_ifinfo = nd6_ifattach(ifp); 2244 ext->scope6_id = scope6_ifattach(ifp); 2245 return ext; 2246 } 2247 2248 void 2249 in6_domifdetach(struct ifnet *ifp, void *aux) 2250 { 2251 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2252 2253 nd6_ifdetach(ext->nd_ifinfo); 2254 free(ext->in6_ifstat, M_IFADDR); 2255 free(ext->icmp6_ifstat, M_IFADDR); 2256 scope6_ifdetach(ext->scope6_id); 2257 free(ext, M_IFADDR); 2258 } 2259 2260 /* 2261 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2262 * v4 mapped addr or v4 compat addr 2263 */ 2264 void 2265 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2266 { 2267 memset(sin, 0, sizeof(*sin)); 2268 sin->sin_len = sizeof(struct sockaddr_in); 2269 sin->sin_family = AF_INET; 2270 sin->sin_port = sin6->sin6_port; 2271 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2272 } 2273 2274 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2275 void 2276 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2277 { 2278 memset(sin6, 0, sizeof(*sin6)); 2279 sin6->sin6_len = sizeof(struct sockaddr_in6); 2280 sin6->sin6_family = AF_INET6; 2281 sin6->sin6_port = sin->sin_port; 2282 sin6->sin6_addr.s6_addr32[0] = 0; 2283 sin6->sin6_addr.s6_addr32[1] = 0; 2284 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2285 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2286 } 2287 2288 /* Convert sockaddr_in6 into sockaddr_in. */ 2289 void 2290 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2291 { 2292 struct sockaddr_in *sin_p; 2293 struct sockaddr_in6 sin6; 2294 2295 /* 2296 * Save original sockaddr_in6 addr and convert it 2297 * to sockaddr_in. 2298 */ 2299 sin6 = *(struct sockaddr_in6 *)nam; 2300 sin_p = (struct sockaddr_in *)nam; 2301 in6_sin6_2_sin(sin_p, &sin6); 2302 } 2303 2304 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2305 void 2306 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2307 { 2308 struct sockaddr_in *sin_p; 2309 struct sockaddr_in6 *sin6_p; 2310 2311 sin6_p = malloc(sizeof(*sin6_p), M_SONAME, M_WAITOK); 2312 sin_p = (struct sockaddr_in *)*nam; 2313 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2314 free(*nam, M_SONAME); 2315 *nam = (struct sockaddr *)sin6_p; 2316 } 2317