1 /* $NetBSD: in6.c,v 1.170 2014/05/17 20:44:24 rmind Exp $ */ 2 /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.170 2014/05/17 20:44:24 rmind Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_compat_netbsd.h" 69 70 #include <sys/param.h> 71 #include <sys/ioctl.h> 72 #include <sys/errno.h> 73 #include <sys/malloc.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/sockio.h> 77 #include <sys/systm.h> 78 #include <sys/proc.h> 79 #include <sys/time.h> 80 #include <sys/kernel.h> 81 #include <sys/syslog.h> 82 #include <sys/kauth.h> 83 #include <sys/cprng.h> 84 85 #include <net/if.h> 86 #include <net/if_types.h> 87 #include <net/route.h> 88 #include <net/if_dl.h> 89 #include <net/pfil.h> 90 91 #include <netinet/in.h> 92 #include <netinet/in_var.h> 93 #include <net/if_ether.h> 94 95 #include <netinet/ip6.h> 96 #include <netinet6/ip6_var.h> 97 #include <netinet6/nd6.h> 98 #include <netinet6/mld6_var.h> 99 #include <netinet6/ip6_mroute.h> 100 #include <netinet6/in6_ifattach.h> 101 #include <netinet6/scope6_var.h> 102 103 #include <net/net_osdep.h> 104 105 #ifdef COMPAT_50 106 #include <compat/netinet6/in6_var.h> 107 #endif 108 109 MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 110 111 /* enable backward compatibility code for obsoleted ioctls */ 112 #define COMPAT_IN6IFIOCTL 113 114 #ifdef IN6_DEBUG 115 #define IN6_DPRINTF(__fmt, ...) printf(__fmt, __VA_ARGS__) 116 #else 117 #define IN6_DPRINTF(__fmt, ...) do { } while (/*CONSTCOND*/0) 118 #endif /* IN6_DEBUG */ 119 120 /* 121 * Definitions of some constant IP6 addresses. 122 */ 123 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 124 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 125 const struct in6_addr in6addr_nodelocal_allnodes = 126 IN6ADDR_NODELOCAL_ALLNODES_INIT; 127 const struct in6_addr in6addr_linklocal_allnodes = 128 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 129 const struct in6_addr in6addr_linklocal_allrouters = 130 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 131 132 const struct in6_addr in6mask0 = IN6MASK0; 133 const struct in6_addr in6mask32 = IN6MASK32; 134 const struct in6_addr in6mask64 = IN6MASK64; 135 const struct in6_addr in6mask96 = IN6MASK96; 136 const struct in6_addr in6mask128 = IN6MASK128; 137 138 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 139 0, 0, IN6ADDR_ANY_INIT, 0}; 140 141 static int in6_lifaddr_ioctl(struct socket *, u_long, void *, 142 struct ifnet *, struct lwp *); 143 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, 144 const struct sockaddr_in6 *, int); 145 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 146 147 /* 148 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 149 * This routine does actual work. 150 */ 151 static void 152 in6_ifloop_request(int cmd, struct ifaddr *ifa) 153 { 154 struct sockaddr_in6 all1_sa; 155 struct rtentry *nrt = NULL; 156 int e; 157 158 sockaddr_in6_init(&all1_sa, &in6mask128, 0, 0, 0); 159 160 /* 161 * We specify the address itself as the gateway, and set the 162 * RTF_LLINFO flag, so that the corresponding host route would have 163 * the flag, and thus applications that assume traditional behavior 164 * would be happy. Note that we assume the caller of the function 165 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 166 * which changes the outgoing interface to the loopback interface. 167 */ 168 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 169 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 170 if (e != 0) { 171 log(LOG_ERR, "in6_ifloop_request: " 172 "%s operation failed for %s (errno=%d)\n", 173 cmd == RTM_ADD ? "ADD" : "DELETE", 174 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 175 e); 176 } 177 178 /* 179 * Make sure rt_ifa be equal to IFA, the second argument of the 180 * function. 181 * We need this because when we refer to rt_ifa->ia6_flags in 182 * ip6_input, we assume that the rt_ifa points to the address instead 183 * of the loopback address. 184 */ 185 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) 186 rt_replace_ifa(nrt, ifa); 187 188 /* 189 * Report the addition/removal of the address to the routing socket 190 * unless the address is marked tentative, where it will be reported 191 * once DAD completes. 192 * XXX: since we called rtinit for a p2p interface with a destination, 193 * we end up reporting twice in such a case. Should we rather 194 * omit the second report? 195 */ 196 if (nrt) { 197 if (cmd != RTM_ADD || 198 !(((struct in6_ifaddr *)ifa)->ia6_flags &IN6_IFF_TENTATIVE)) 199 { 200 #if 0 201 struct in6_ifaddr *ia; 202 203 ia = (struct in6_ifaddr *)ifa; 204 log(LOG_DEBUG, 205 "in6_ifloop_request: announced %s (%s %d)\n", 206 ip6_sprintf(&ia->ia_addr.sin6_addr), 207 cmd == RTM_ADD ? "RTM_ADD" : "RTM_DELETE", 208 ia->ia6_flags); 209 #endif 210 rt_newaddrmsg(cmd, ifa, e, nrt); 211 } 212 if (cmd == RTM_DELETE) { 213 if (nrt->rt_refcnt <= 0) { 214 /* XXX: we should free the entry ourselves. */ 215 nrt->rt_refcnt++; 216 rtfree(nrt); 217 } 218 } else { 219 /* the cmd must be RTM_ADD here */ 220 nrt->rt_refcnt--; 221 } 222 } 223 } 224 225 /* 226 * Add ownaddr as loopback rtentry. We previously add the route only if 227 * necessary (ex. on a p2p link). However, since we now manage addresses 228 * separately from prefixes, we should always add the route. We can't 229 * rely on the cloning mechanism from the corresponding interface route 230 * any more. 231 */ 232 void 233 in6_ifaddloop(struct ifaddr *ifa) 234 { 235 struct rtentry *rt; 236 237 /* If there is no loopback entry, allocate one. */ 238 rt = rtalloc1(ifa->ifa_addr, 0); 239 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 240 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 241 in6_ifloop_request(RTM_ADD, ifa); 242 if (rt != NULL) 243 rt->rt_refcnt--; 244 } 245 246 /* 247 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 248 * if it exists. 249 */ 250 void 251 in6_ifremloop(struct ifaddr *ifa) 252 { 253 struct in6_ifaddr *alt_ia = NULL, *ia; 254 struct rtentry *rt; 255 int ia_count = 0; 256 257 /* 258 * Some of BSD variants do not remove cloned routes 259 * from an interface direct route, when removing the direct route 260 * (see comments in net/net_osdep.h). Even for variants that do remove 261 * cloned routes, they could fail to remove the cloned routes when 262 * we handle multple addresses that share a common prefix. 263 * So, we should remove the route corresponding to the deleted address. 264 */ 265 266 /* 267 * Delete the entry only if exactly one ifaddr matches the 268 * address, ifa->ifa_addr. 269 * 270 * If more than one ifaddr matches, replace the ifaddr in 271 * the routing table, rt_ifa, with a different ifaddr than 272 * the one we are purging, ifa. It is important to do 273 * this, or else the routing table can accumulate dangling 274 * pointers rt->rt_ifa->ifa_ifp to destroyed interfaces, 275 * which will lead to crashes, later. (More than one ifaddr 276 * can match if we assign the same address to multiple---probably 277 * p2p---interfaces.) 278 * 279 * XXX An old comment at this place said, "we should avoid 280 * XXX such a configuration [i.e., interfaces with the same 281 * XXX addressed assigned --ed.] in IPv6...". I do not 282 * XXX agree, especially now that I have fixed the dangling 283 * XXX ifp-pointers bug. 284 */ 285 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 286 if (!IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) 287 continue; 288 if (ia->ia_ifp != ifa->ifa_ifp) 289 alt_ia = ia; 290 if (++ia_count > 1 && alt_ia != NULL) 291 break; 292 } 293 294 if (ia_count == 0) 295 return; 296 297 if ((rt = rtalloc1(ifa->ifa_addr, 0)) == NULL) 298 return; 299 rt->rt_refcnt--; 300 301 /* 302 * Before deleting, check if a corresponding loopbacked 303 * host route surely exists. With this check, we can avoid 304 * deleting an interface direct route whose destination is 305 * the same as the address being removed. This can happen 306 * when removing a subnet-router anycast address on an 307 * interface attached to a shared medium. 308 */ 309 if ((rt->rt_flags & RTF_HOST) == 0 || 310 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 311 return; 312 313 /* If we cannot replace the route's ifaddr with the equivalent 314 * ifaddr of another interface, I believe it is safest to 315 * delete the route. 316 */ 317 if (ia_count == 1 || alt_ia == NULL) 318 in6_ifloop_request(RTM_DELETE, ifa); 319 else 320 rt_replace_ifa(rt, &alt_ia->ia_ifa); 321 } 322 323 int 324 in6_mask2len(struct in6_addr *mask, u_char *lim0) 325 { 326 int x = 0, y; 327 u_char *lim = lim0, *p; 328 329 /* ignore the scope_id part */ 330 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 331 lim = (u_char *)mask + sizeof(*mask); 332 for (p = (u_char *)mask; p < lim; x++, p++) { 333 if (*p != 0xff) 334 break; 335 } 336 y = 0; 337 if (p < lim) { 338 for (y = 0; y < NBBY; y++) { 339 if ((*p & (0x80 >> y)) == 0) 340 break; 341 } 342 } 343 344 /* 345 * when the limit pointer is given, do a stricter check on the 346 * remaining bits. 347 */ 348 if (p < lim) { 349 if (y != 0 && (*p & (0x00ff >> y)) != 0) 350 return -1; 351 for (p = p + 1; p < lim; p++) 352 if (*p != 0) 353 return -1; 354 } 355 356 return x * NBBY + y; 357 } 358 359 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 360 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 361 362 static int 363 in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 364 lwp_t *l) 365 { 366 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 367 struct in6_ifaddr *ia = NULL; 368 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 369 struct sockaddr_in6 *sa6; 370 int error; 371 372 switch (cmd) { 373 /* 374 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 375 */ 376 case SIOCSIFADDR: 377 case SIOCSIFDSTADDR: 378 case SIOCSIFBRDADDR: 379 case SIOCSIFNETMASK: 380 return EOPNOTSUPP; 381 case SIOCGETSGCNT_IN6: 382 case SIOCGETMIFCNT_IN6: 383 return mrt6_ioctl(cmd, data); 384 case SIOCGIFADDRPREF: 385 case SIOCSIFADDRPREF: 386 if (ifp == NULL) 387 return EINVAL; 388 return ifaddrpref_ioctl(so, cmd, data, ifp, l); 389 } 390 391 if (ifp == NULL) 392 return EOPNOTSUPP; 393 394 switch (cmd) { 395 case SIOCSNDFLUSH_IN6: 396 case SIOCSPFXFLUSH_IN6: 397 case SIOCSRTRFLUSH_IN6: 398 case SIOCSDEFIFACE_IN6: 399 case SIOCSIFINFO_FLAGS: 400 case SIOCSIFINFO_IN6: 401 /* Privileged. */ 402 /* FALLTHROUGH */ 403 case OSIOCGIFINFO_IN6: 404 case SIOCGIFINFO_IN6: 405 case SIOCGDRLST_IN6: 406 case SIOCGPRLST_IN6: 407 case SIOCGNBRINFO_IN6: 408 case SIOCGDEFIFACE_IN6: 409 return nd6_ioctl(cmd, data, ifp); 410 } 411 412 switch (cmd) { 413 case SIOCSIFPREFIX_IN6: 414 case SIOCDIFPREFIX_IN6: 415 case SIOCAIFPREFIX_IN6: 416 case SIOCCIFPREFIX_IN6: 417 case SIOCSGIFPREFIX_IN6: 418 case SIOCGIFPREFIX_IN6: 419 log(LOG_NOTICE, 420 "prefix ioctls are now invalidated. " 421 "please use ifconfig.\n"); 422 return EOPNOTSUPP; 423 } 424 425 switch (cmd) { 426 case SIOCALIFADDR: 427 case SIOCDLIFADDR: 428 /* Privileged. */ 429 /* FALLTHROUGH */ 430 case SIOCGLIFADDR: 431 return in6_lifaddr_ioctl(so, cmd, data, ifp, l); 432 } 433 434 /* 435 * Find address for this interface, if it exists. 436 * 437 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 438 * only, and used the first interface address as the target of other 439 * operations (without checking ifra_addr). This was because netinet 440 * code/API assumed at most 1 interface address per interface. 441 * Since IPv6 allows a node to assign multiple addresses 442 * on a single interface, we almost always look and check the 443 * presence of ifra_addr, and reject invalid ones here. 444 * It also decreases duplicated code among SIOC*_IN6 operations. 445 */ 446 switch (cmd) { 447 case SIOCAIFADDR_IN6: 448 #ifdef OSIOCAIFADDR_IN6 449 case OSIOCAIFADDR_IN6: 450 #endif 451 #ifdef OSIOCSIFPHYADDR_IN6 452 case OSIOCSIFPHYADDR_IN6: 453 #endif 454 case SIOCSIFPHYADDR_IN6: 455 sa6 = &ifra->ifra_addr; 456 break; 457 case SIOCSIFADDR_IN6: 458 case SIOCGIFADDR_IN6: 459 case SIOCSIFDSTADDR_IN6: 460 case SIOCSIFNETMASK_IN6: 461 case SIOCGIFDSTADDR_IN6: 462 case SIOCGIFNETMASK_IN6: 463 case SIOCDIFADDR_IN6: 464 case SIOCGIFPSRCADDR_IN6: 465 case SIOCGIFPDSTADDR_IN6: 466 case SIOCGIFAFLAG_IN6: 467 case SIOCSNDFLUSH_IN6: 468 case SIOCSPFXFLUSH_IN6: 469 case SIOCSRTRFLUSH_IN6: 470 case SIOCGIFALIFETIME_IN6: 471 #ifdef OSIOCGIFALIFETIME_IN6 472 case OSIOCGIFALIFETIME_IN6: 473 #endif 474 case SIOCGIFSTAT_IN6: 475 case SIOCGIFSTAT_ICMP6: 476 sa6 = &ifr->ifr_addr; 477 break; 478 default: 479 sa6 = NULL; 480 break; 481 } 482 if (sa6 && sa6->sin6_family == AF_INET6) { 483 if (sa6->sin6_scope_id != 0) 484 error = sa6_embedscope(sa6, 0); 485 else 486 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 487 if (error != 0) 488 return error; 489 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 490 } else 491 ia = NULL; 492 493 switch (cmd) { 494 case SIOCSIFADDR_IN6: 495 case SIOCSIFDSTADDR_IN6: 496 case SIOCSIFNETMASK_IN6: 497 /* 498 * Since IPv6 allows a node to assign multiple addresses 499 * on a single interface, SIOCSIFxxx ioctls are deprecated. 500 */ 501 return EINVAL; 502 503 case SIOCDIFADDR_IN6: 504 /* 505 * for IPv4, we look for existing in_ifaddr here to allow 506 * "ifconfig if0 delete" to remove the first IPv4 address on 507 * the interface. For IPv6, as the spec allows multiple 508 * interface address from the day one, we consider "remove the 509 * first one" semantics to be not preferable. 510 */ 511 if (ia == NULL) 512 return EADDRNOTAVAIL; 513 /* FALLTHROUGH */ 514 #ifdef OSIOCAIFADDR_IN6 515 case OSIOCAIFADDR_IN6: 516 #endif 517 case SIOCAIFADDR_IN6: 518 /* 519 * We always require users to specify a valid IPv6 address for 520 * the corresponding operation. 521 */ 522 if (ifra->ifra_addr.sin6_family != AF_INET6 || 523 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 524 return EAFNOSUPPORT; 525 /* Privileged. */ 526 527 break; 528 529 case SIOCGIFADDR_IN6: 530 /* This interface is basically deprecated. use SIOCGIFCONF. */ 531 /* FALLTHROUGH */ 532 case SIOCGIFAFLAG_IN6: 533 case SIOCGIFNETMASK_IN6: 534 case SIOCGIFDSTADDR_IN6: 535 case SIOCGIFALIFETIME_IN6: 536 #ifdef OSIOCGIFALIFETIME_IN6 537 case OSIOCGIFALIFETIME_IN6: 538 #endif 539 /* must think again about its semantics */ 540 if (ia == NULL) 541 return EADDRNOTAVAIL; 542 break; 543 } 544 545 switch (cmd) { 546 547 case SIOCGIFADDR_IN6: 548 ifr->ifr_addr = ia->ia_addr; 549 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 550 return error; 551 break; 552 553 case SIOCGIFDSTADDR_IN6: 554 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 555 return EINVAL; 556 /* 557 * XXX: should we check if ifa_dstaddr is NULL and return 558 * an error? 559 */ 560 ifr->ifr_dstaddr = ia->ia_dstaddr; 561 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 562 return error; 563 break; 564 565 case SIOCGIFNETMASK_IN6: 566 ifr->ifr_addr = ia->ia_prefixmask; 567 break; 568 569 case SIOCGIFAFLAG_IN6: 570 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 571 break; 572 573 case SIOCGIFSTAT_IN6: 574 if (ifp == NULL) 575 return EINVAL; 576 memset(&ifr->ifr_ifru.ifru_stat, 0, 577 sizeof(ifr->ifr_ifru.ifru_stat)); 578 ifr->ifr_ifru.ifru_stat = 579 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 580 break; 581 582 case SIOCGIFSTAT_ICMP6: 583 if (ifp == NULL) 584 return EINVAL; 585 memset(&ifr->ifr_ifru.ifru_icmp6stat, 0, 586 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 587 ifr->ifr_ifru.ifru_icmp6stat = 588 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 589 break; 590 591 #ifdef OSIOCGIFALIFETIME_IN6 592 case OSIOCGIFALIFETIME_IN6: 593 #endif 594 case SIOCGIFALIFETIME_IN6: 595 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 596 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 597 time_t maxexpire; 598 struct in6_addrlifetime *retlt = 599 &ifr->ifr_ifru.ifru_lifetime; 600 601 /* 602 * XXX: adjust expiration time assuming time_t is 603 * signed. 604 */ 605 maxexpire = ((time_t)~0) & 606 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 607 if (ia->ia6_lifetime.ia6t_vltime < 608 maxexpire - ia->ia6_updatetime) { 609 retlt->ia6t_expire = ia->ia6_updatetime + 610 ia->ia6_lifetime.ia6t_vltime; 611 } else 612 retlt->ia6t_expire = maxexpire; 613 } 614 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 615 time_t maxexpire; 616 struct in6_addrlifetime *retlt = 617 &ifr->ifr_ifru.ifru_lifetime; 618 619 /* 620 * XXX: adjust expiration time assuming time_t is 621 * signed. 622 */ 623 maxexpire = ((time_t)~0) & 624 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 625 if (ia->ia6_lifetime.ia6t_pltime < 626 maxexpire - ia->ia6_updatetime) { 627 retlt->ia6t_preferred = ia->ia6_updatetime + 628 ia->ia6_lifetime.ia6t_pltime; 629 } else 630 retlt->ia6t_preferred = maxexpire; 631 } 632 #ifdef OSIOCFIFALIFETIME_IN6 633 if (cmd == OSIOCFIFALIFETIME_IN6) 634 in6_addrlifetime_to_in6_addrlifetime50( 635 &ifr->ifru.ifru_lifetime); 636 #endif 637 break; 638 639 #ifdef OSIOCAIFADDR_IN6 640 case OSIOCAIFADDR_IN6: 641 in6_aliasreq50_to_in6_aliasreq(ifra); 642 /*FALLTHROUGH*/ 643 #endif 644 case SIOCAIFADDR_IN6: 645 { 646 int i; 647 struct nd_prefixctl pr0; 648 struct nd_prefix *pr; 649 650 /* reject read-only flags */ 651 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 652 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 653 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 654 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 655 return EINVAL; 656 } 657 /* 658 * first, make or update the interface address structure, 659 * and link it to the list. 660 */ 661 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 662 return error; 663 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 664 == NULL) { 665 /* 666 * this can happen when the user specify the 0 valid 667 * lifetime. 668 */ 669 break; 670 } 671 672 /* 673 * then, make the prefix on-link on the interface. 674 * XXX: we'd rather create the prefix before the address, but 675 * we need at least one address to install the corresponding 676 * interface route, so we configure the address first. 677 */ 678 679 /* 680 * convert mask to prefix length (prefixmask has already 681 * been validated in in6_update_ifa(). 682 */ 683 memset(&pr0, 0, sizeof(pr0)); 684 pr0.ndpr_ifp = ifp; 685 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 686 NULL); 687 if (pr0.ndpr_plen == 128) { 688 break; /* we don't need to install a host route. */ 689 } 690 pr0.ndpr_prefix = ifra->ifra_addr; 691 /* apply the mask for safety. */ 692 for (i = 0; i < 4; i++) { 693 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 694 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 695 } 696 /* 697 * XXX: since we don't have an API to set prefix (not address) 698 * lifetimes, we just use the same lifetimes as addresses. 699 * The (temporarily) installed lifetimes can be overridden by 700 * later advertised RAs (when accept_rtadv is non 0), which is 701 * an intended behavior. 702 */ 703 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 704 pr0.ndpr_raf_auto = 705 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 706 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 707 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 708 709 /* add the prefix if not yet. */ 710 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 711 /* 712 * nd6_prelist_add will install the corresponding 713 * interface route. 714 */ 715 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 716 return error; 717 if (pr == NULL) { 718 log(LOG_ERR, "nd6_prelist_add succeeded but " 719 "no prefix\n"); 720 return EINVAL; /* XXX panic here? */ 721 } 722 } 723 724 /* relate the address to the prefix */ 725 if (ia->ia6_ndpr == NULL) { 726 ia->ia6_ndpr = pr; 727 pr->ndpr_refcnt++; 728 729 /* 730 * If this is the first autoconf address from the 731 * prefix, create a temporary address as well 732 * (when required). 733 */ 734 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 735 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 736 int e; 737 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 738 log(LOG_NOTICE, "in6_control: failed " 739 "to create a temporary address, " 740 "errno=%d\n", e); 741 } 742 } 743 } 744 745 /* 746 * this might affect the status of autoconfigured addresses, 747 * that is, this address might make other addresses detached. 748 */ 749 pfxlist_onlink_check(); 750 751 (void)pfil_run_hooks(if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 752 ifp, PFIL_IFADDR); 753 break; 754 } 755 756 case SIOCDIFADDR_IN6: 757 { 758 struct nd_prefix *pr; 759 760 /* 761 * If the address being deleted is the only one that owns 762 * the corresponding prefix, expire the prefix as well. 763 * XXX: theoretically, we don't have to worry about such 764 * relationship, since we separate the address management 765 * and the prefix management. We do this, however, to provide 766 * as much backward compatibility as possible in terms of 767 * the ioctl operation. 768 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 769 */ 770 pr = ia->ia6_ndpr; 771 in6_purgeaddr(&ia->ia_ifa); 772 if (pr && pr->ndpr_refcnt == 0) 773 prelist_remove(pr); 774 (void)pfil_run_hooks(if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 775 ifp, PFIL_IFADDR); 776 break; 777 } 778 779 default: 780 return ENOTTY; 781 } 782 783 return 0; 784 } 785 786 int 787 in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 788 struct lwp *l) 789 { 790 int error, s; 791 792 switch (cmd) { 793 case SIOCSNDFLUSH_IN6: 794 case SIOCSPFXFLUSH_IN6: 795 case SIOCSRTRFLUSH_IN6: 796 case SIOCSDEFIFACE_IN6: 797 case SIOCSIFINFO_FLAGS: 798 case SIOCSIFINFO_IN6: 799 800 case SIOCALIFADDR: 801 case SIOCDLIFADDR: 802 803 case SIOCDIFADDR_IN6: 804 #ifdef OSIOCAIFADDR_IN6 805 case OSIOCAIFADDR_IN6: 806 #endif 807 case SIOCAIFADDR_IN6: 808 if (kauth_authorize_network(l->l_cred, 809 KAUTH_NETWORK_SOCKET, 810 KAUTH_REQ_NETWORK_SOCKET_SETPRIV, 811 so, NULL, NULL)) 812 return EPERM; 813 break; 814 } 815 816 s = splnet(); 817 error = in6_control1(so , cmd, data, ifp, l); 818 splx(s); 819 return error; 820 } 821 822 /* 823 * Update parameters of an IPv6 interface address. 824 * If necessary, a new entry is created and linked into address chains. 825 * This function is separated from in6_control(). 826 * XXX: should this be performed under splnet()? 827 */ 828 static int 829 in6_update_ifa1(struct ifnet *ifp, struct in6_aliasreq *ifra, 830 struct in6_ifaddr *ia, int flags) 831 { 832 int error = 0, hostIsNew = 0, plen = -1; 833 struct in6_ifaddr *oia; 834 struct sockaddr_in6 dst6; 835 struct in6_addrlifetime *lt; 836 struct in6_multi_mship *imm; 837 struct in6_multi *in6m_sol; 838 struct rtentry *rt; 839 int dad_delay; 840 841 in6m_sol = NULL; 842 843 /* Validate parameters */ 844 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 845 return EINVAL; 846 847 /* 848 * The destination address for a p2p link must have a family 849 * of AF_UNSPEC or AF_INET6. 850 */ 851 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 852 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 853 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 854 return EAFNOSUPPORT; 855 /* 856 * validate ifra_prefixmask. don't check sin6_family, netmask 857 * does not carry fields other than sin6_len. 858 */ 859 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 860 return EINVAL; 861 /* 862 * Because the IPv6 address architecture is classless, we require 863 * users to specify a (non 0) prefix length (mask) for a new address. 864 * We also require the prefix (when specified) mask is valid, and thus 865 * reject a non-consecutive mask. 866 */ 867 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 868 return EINVAL; 869 if (ifra->ifra_prefixmask.sin6_len != 0) { 870 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 871 (u_char *)&ifra->ifra_prefixmask + 872 ifra->ifra_prefixmask.sin6_len); 873 if (plen <= 0) 874 return EINVAL; 875 } else { 876 /* 877 * In this case, ia must not be NULL. We just use its prefix 878 * length. 879 */ 880 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 881 } 882 /* 883 * If the destination address on a p2p interface is specified, 884 * and the address is a scoped one, validate/set the scope 885 * zone identifier. 886 */ 887 dst6 = ifra->ifra_dstaddr; 888 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 889 (dst6.sin6_family == AF_INET6)) { 890 struct in6_addr in6_tmp; 891 u_int32_t zoneid; 892 893 in6_tmp = dst6.sin6_addr; 894 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 895 return EINVAL; /* XXX: should be impossible */ 896 897 if (dst6.sin6_scope_id != 0) { 898 if (dst6.sin6_scope_id != zoneid) 899 return EINVAL; 900 } else /* user omit to specify the ID. */ 901 dst6.sin6_scope_id = zoneid; 902 903 /* convert into the internal form */ 904 if (sa6_embedscope(&dst6, 0)) 905 return EINVAL; /* XXX: should be impossible */ 906 } 907 /* 908 * The destination address can be specified only for a p2p or a 909 * loopback interface. If specified, the corresponding prefix length 910 * must be 128. 911 */ 912 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 913 #ifdef FORCE_P2PPLEN 914 int i; 915 #endif 916 917 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 918 /* XXX: noisy message */ 919 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 920 "be specified for a p2p or a loopback IF only\n")); 921 return EINVAL; 922 } 923 if (plen != 128) { 924 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 925 "be 128 when dstaddr is specified\n")); 926 #ifdef FORCE_P2PPLEN 927 /* 928 * To be compatible with old configurations, 929 * such as ifconfig gif0 inet6 2001::1 2001::2 930 * prefixlen 126, we override the specified 931 * prefixmask as if the prefix length was 128. 932 */ 933 ifra->ifra_prefixmask.sin6_len = 934 sizeof(struct sockaddr_in6); 935 for (i = 0; i < 4; i++) 936 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 937 0xffffffff; 938 plen = 128; 939 #else 940 return EINVAL; 941 #endif 942 } 943 } 944 /* lifetime consistency check */ 945 lt = &ifra->ifra_lifetime; 946 if (lt->ia6t_pltime > lt->ia6t_vltime) 947 return EINVAL; 948 if (lt->ia6t_vltime == 0) { 949 /* 950 * the following log might be noisy, but this is a typical 951 * configuration mistake or a tool's bug. 952 */ 953 nd6log((LOG_INFO, 954 "in6_update_ifa: valid lifetime is 0 for %s\n", 955 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 956 957 if (ia == NULL) 958 return 0; /* there's nothing to do */ 959 } 960 961 /* 962 * If this is a new address, allocate a new ifaddr and link it 963 * into chains. 964 */ 965 if (ia == NULL) { 966 hostIsNew = 1; 967 /* 968 * When in6_update_ifa() is called in a process of a received 969 * RA, it is called under an interrupt context. So, we should 970 * call malloc with M_NOWAIT. 971 */ 972 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 973 M_NOWAIT); 974 if (ia == NULL) 975 return ENOBUFS; 976 memset(ia, 0, sizeof(*ia)); 977 LIST_INIT(&ia->ia6_memberships); 978 /* Initialize the address and masks, and put time stamp */ 979 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 980 ia->ia_addr.sin6_family = AF_INET6; 981 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 982 ia->ia6_createtime = time_second; 983 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 984 /* 985 * XXX: some functions expect that ifa_dstaddr is not 986 * NULL for p2p interfaces. 987 */ 988 ia->ia_ifa.ifa_dstaddr = 989 (struct sockaddr *)&ia->ia_dstaddr; 990 } else { 991 ia->ia_ifa.ifa_dstaddr = NULL; 992 } 993 ia->ia_ifa.ifa_netmask = 994 (struct sockaddr *)&ia->ia_prefixmask; 995 996 ia->ia_ifp = ifp; 997 if ((oia = in6_ifaddr) != NULL) { 998 for ( ; oia->ia_next; oia = oia->ia_next) 999 continue; 1000 oia->ia_next = ia; 1001 } else 1002 in6_ifaddr = ia; 1003 /* gain a refcnt for the link from in6_ifaddr */ 1004 IFAREF(&ia->ia_ifa); 1005 1006 ifa_insert(ifp, &ia->ia_ifa); 1007 } 1008 1009 /* update timestamp */ 1010 ia->ia6_updatetime = time_second; 1011 1012 /* set prefix mask */ 1013 if (ifra->ifra_prefixmask.sin6_len) { 1014 /* 1015 * We prohibit changing the prefix length of an existing 1016 * address, because 1017 * + such an operation should be rare in IPv6, and 1018 * + the operation would confuse prefix management. 1019 */ 1020 if (ia->ia_prefixmask.sin6_len && 1021 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1022 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1023 " existing (%s) address should not be changed\n", 1024 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1025 error = EINVAL; 1026 goto unlink; 1027 } 1028 ia->ia_prefixmask = ifra->ifra_prefixmask; 1029 } 1030 1031 /* 1032 * If a new destination address is specified, scrub the old one and 1033 * install the new destination. Note that the interface must be 1034 * p2p or loopback (see the check above.) 1035 */ 1036 if (dst6.sin6_family == AF_INET6 && 1037 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1038 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1039 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 1040 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1041 "a route to the old destination: %s\n", 1042 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1043 /* proceed anyway... */ 1044 } else 1045 ia->ia_flags &= ~IFA_ROUTE; 1046 ia->ia_dstaddr = dst6; 1047 } 1048 1049 /* 1050 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1051 * to see if the address is deprecated or invalidated, but initialize 1052 * these members for applications. 1053 */ 1054 ia->ia6_lifetime = ifra->ifra_lifetime; 1055 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1056 ia->ia6_lifetime.ia6t_expire = 1057 time_second + ia->ia6_lifetime.ia6t_vltime; 1058 } else 1059 ia->ia6_lifetime.ia6t_expire = 0; 1060 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1061 ia->ia6_lifetime.ia6t_preferred = 1062 time_second + ia->ia6_lifetime.ia6t_pltime; 1063 } else 1064 ia->ia6_lifetime.ia6t_preferred = 0; 1065 1066 /* 1067 * configure address flags. 1068 */ 1069 ia->ia6_flags = ifra->ifra_flags; 1070 1071 /* 1072 * Make the address tentative before joining multicast addresses, 1073 * so that corresponding MLD responses would not have a tentative 1074 * source address. 1075 */ 1076 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1077 if (ifp->if_link_state == LINK_STATE_DOWN) { 1078 ia->ia6_flags |= IN6_IFF_DETACHED; 1079 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1080 } else if (hostIsNew && in6if_do_dad(ifp)) 1081 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1082 1083 /* 1084 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1085 * userland, make it deprecated. 1086 */ 1087 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1088 ia->ia6_lifetime.ia6t_pltime = 0; 1089 ia->ia6_lifetime.ia6t_preferred = time_second; 1090 } 1091 1092 /* reset the interface and routing table appropriately. */ 1093 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1094 goto unlink; 1095 /* 1096 * We are done if we have simply modified an existing address. 1097 */ 1098 if (!hostIsNew) 1099 return error; 1100 1101 /* 1102 * Beyond this point, we should call in6_purgeaddr upon an error, 1103 * not just go to unlink. 1104 */ 1105 1106 /* join necessary multicast groups */ 1107 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1108 struct sockaddr_in6 mltaddr, mltmask; 1109 struct in6_addr llsol; 1110 1111 /* join solicited multicast addr for new host id */ 1112 memset(&llsol, 0, sizeof(struct in6_addr)); 1113 llsol.s6_addr16[0] = htons(0xff02); 1114 llsol.s6_addr32[1] = 0; 1115 llsol.s6_addr32[2] = htonl(1); 1116 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1117 llsol.s6_addr8[12] = 0xff; 1118 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1119 /* XXX: should not happen */ 1120 log(LOG_ERR, "in6_update_ifa: " 1121 "in6_setscope failed\n"); 1122 goto cleanup; 1123 } 1124 dad_delay = 0; 1125 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1126 /* 1127 * We need a random delay for DAD on the address 1128 * being configured. It also means delaying 1129 * transmission of the corresponding MLD report to 1130 * avoid report collision. 1131 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1132 */ 1133 dad_delay = cprng_fast32() % 1134 (MAX_RTR_SOLICITATION_DELAY * hz); 1135 } 1136 1137 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1138 /* join solicited multicast addr for new host id */ 1139 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1140 if (!imm) { 1141 nd6log((LOG_ERR, 1142 "in6_update_ifa: addmulti " 1143 "failed for %s on %s (errno=%d)\n", 1144 ip6_sprintf(&llsol), if_name(ifp), error)); 1145 goto cleanup; 1146 } 1147 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1148 in6m_sol = imm->i6mm_maddr; 1149 1150 sockaddr_in6_init(&mltmask, &in6mask32, 0, 0, 0); 1151 1152 /* 1153 * join link-local all-nodes address 1154 */ 1155 sockaddr_in6_init(&mltaddr, &in6addr_linklocal_allnodes, 1156 0, 0, 0); 1157 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1158 goto cleanup; /* XXX: should not fail */ 1159 1160 /* 1161 * XXX: do we really need this automatic routes? 1162 * We should probably reconsider this stuff. Most applications 1163 * actually do not need the routes, since they usually specify 1164 * the outgoing interface. 1165 */ 1166 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1167 if (rt) { 1168 if (memcmp(&mltaddr.sin6_addr, 1169 &satocsin6(rt_getkey(rt))->sin6_addr, 1170 MLTMASK_LEN)) { 1171 RTFREE(rt); 1172 rt = NULL; 1173 } else if (rt->rt_ifp != ifp) { 1174 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1175 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1176 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1177 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1178 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1179 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1180 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1181 rt_replace_ifa(rt, &ia->ia_ifa); 1182 rt->rt_ifp = ifp; 1183 } 1184 } 1185 if (!rt) { 1186 struct rt_addrinfo info; 1187 1188 memset(&info, 0, sizeof(info)); 1189 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1190 info.rti_info[RTAX_GATEWAY] = 1191 (struct sockaddr *)&ia->ia_addr; 1192 info.rti_info[RTAX_NETMASK] = 1193 (struct sockaddr *)&mltmask; 1194 info.rti_info[RTAX_IFA] = 1195 (struct sockaddr *)&ia->ia_addr; 1196 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1197 info.rti_flags = RTF_UP | RTF_CLONING; 1198 error = rtrequest1(RTM_ADD, &info, NULL); 1199 if (error) 1200 goto cleanup; 1201 } else { 1202 RTFREE(rt); 1203 } 1204 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1205 if (!imm) { 1206 nd6log((LOG_WARNING, 1207 "in6_update_ifa: addmulti failed for " 1208 "%s on %s (errno=%d)\n", 1209 ip6_sprintf(&mltaddr.sin6_addr), 1210 if_name(ifp), error)); 1211 goto cleanup; 1212 } 1213 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1214 1215 /* 1216 * join node information group address 1217 */ 1218 dad_delay = 0; 1219 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1220 /* 1221 * The spec doesn't say anything about delay for this 1222 * group, but the same logic should apply. 1223 */ 1224 dad_delay = cprng_fast32() % 1225 (MAX_RTR_SOLICITATION_DELAY * hz); 1226 } 1227 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) != 0) 1228 ; 1229 else if ((imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1230 dad_delay)) == NULL) { /* XXX jinmei */ 1231 nd6log((LOG_WARNING, "in6_update_ifa: " 1232 "addmulti failed for %s on %s (errno=%d)\n", 1233 ip6_sprintf(&mltaddr.sin6_addr), 1234 if_name(ifp), error)); 1235 /* XXX not very fatal, go on... */ 1236 } else { 1237 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1238 } 1239 1240 1241 /* 1242 * join interface-local all-nodes address. 1243 * (ff01::1%ifN, and ff01::%ifN/32) 1244 */ 1245 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1246 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1247 goto cleanup; /* XXX: should not fail */ 1248 1249 /* XXX: again, do we really need the route? */ 1250 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1251 if (rt) { 1252 /* 32bit came from "mltmask" */ 1253 if (memcmp(&mltaddr.sin6_addr, 1254 &satocsin6(rt_getkey(rt))->sin6_addr, 1255 32 / NBBY)) { 1256 RTFREE(rt); 1257 rt = NULL; 1258 } else if (rt->rt_ifp != ifp) { 1259 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1260 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1261 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1262 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1263 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1264 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1265 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1266 rt_replace_ifa(rt, &ia->ia_ifa); 1267 rt->rt_ifp = ifp; 1268 } 1269 } 1270 if (!rt) { 1271 struct rt_addrinfo info; 1272 1273 memset(&info, 0, sizeof(info)); 1274 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1275 info.rti_info[RTAX_GATEWAY] = 1276 (struct sockaddr *)&ia->ia_addr; 1277 info.rti_info[RTAX_NETMASK] = 1278 (struct sockaddr *)&mltmask; 1279 info.rti_info[RTAX_IFA] = 1280 (struct sockaddr *)&ia->ia_addr; 1281 info.rti_flags = RTF_UP | RTF_CLONING; 1282 error = rtrequest1(RTM_ADD, &info, NULL); 1283 if (error) 1284 goto cleanup; 1285 #undef MLTMASK_LEN 1286 } else { 1287 RTFREE(rt); 1288 } 1289 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1290 if (!imm) { 1291 nd6log((LOG_WARNING, "in6_update_ifa: " 1292 "addmulti failed for %s on %s (errno=%d)\n", 1293 ip6_sprintf(&mltaddr.sin6_addr), 1294 if_name(ifp), error)); 1295 goto cleanup; 1296 } else { 1297 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1298 } 1299 } 1300 1301 /* 1302 * Perform DAD, if needed. 1303 * XXX It may be of use, if we can administratively 1304 * disable DAD. 1305 */ 1306 if (hostIsNew && in6if_do_dad(ifp) && 1307 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1308 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1309 { 1310 int mindelay, maxdelay; 1311 1312 dad_delay = 0; 1313 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1314 /* 1315 * We need to impose a delay before sending an NS 1316 * for DAD. Check if we also needed a delay for the 1317 * corresponding MLD message. If we did, the delay 1318 * should be larger than the MLD delay (this could be 1319 * relaxed a bit, but this simple logic is at least 1320 * safe). 1321 */ 1322 mindelay = 0; 1323 if (in6m_sol != NULL && 1324 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1325 mindelay = in6m_sol->in6m_timer; 1326 } 1327 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1328 if (maxdelay - mindelay == 0) 1329 dad_delay = 0; 1330 else { 1331 dad_delay = 1332 (cprng_fast32() % (maxdelay - mindelay)) + 1333 mindelay; 1334 } 1335 } 1336 nd6_dad_start(&ia->ia_ifa, dad_delay); 1337 } 1338 1339 return error; 1340 1341 unlink: 1342 /* 1343 * XXX: if a change of an existing address failed, keep the entry 1344 * anyway. 1345 */ 1346 if (hostIsNew) 1347 in6_unlink_ifa(ia, ifp); 1348 return error; 1349 1350 cleanup: 1351 in6_purgeaddr(&ia->ia_ifa); 1352 return error; 1353 } 1354 1355 int 1356 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1357 struct in6_ifaddr *ia, int flags) 1358 { 1359 int rc, s; 1360 1361 s = splnet(); 1362 rc = in6_update_ifa1(ifp, ifra, ia, flags); 1363 splx(s); 1364 return rc; 1365 } 1366 1367 void 1368 in6_purgeaddr(struct ifaddr *ifa) 1369 { 1370 struct ifnet *ifp = ifa->ifa_ifp; 1371 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1372 struct in6_multi_mship *imm; 1373 1374 /* stop DAD processing */ 1375 nd6_dad_stop(ifa); 1376 1377 /* 1378 * delete route to the destination of the address being purged. 1379 * The interface must be p2p or loopback in this case. 1380 */ 1381 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1382 int e; 1383 1384 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1385 != 0) { 1386 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1387 "a route to the p2p destination: %s on %s, " 1388 "errno=%d\n", 1389 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1390 e); 1391 /* proceed anyway... */ 1392 } else 1393 ia->ia_flags &= ~IFA_ROUTE; 1394 } 1395 1396 /* Remove ownaddr's loopback rtentry, if it exists. */ 1397 in6_ifremloop(&(ia->ia_ifa)); 1398 1399 /* 1400 * leave from multicast groups we have joined for the interface 1401 */ 1402 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1403 LIST_REMOVE(imm, i6mm_chain); 1404 in6_leavegroup(imm); 1405 } 1406 1407 in6_unlink_ifa(ia, ifp); 1408 } 1409 1410 static void 1411 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1412 { 1413 struct in6_ifaddr *oia; 1414 int s = splnet(); 1415 1416 ifa_remove(ifp, &ia->ia_ifa); 1417 1418 oia = ia; 1419 if (oia == (ia = in6_ifaddr)) 1420 in6_ifaddr = ia->ia_next; 1421 else { 1422 while (ia->ia_next && (ia->ia_next != oia)) 1423 ia = ia->ia_next; 1424 if (ia->ia_next) 1425 ia->ia_next = oia->ia_next; 1426 else { 1427 /* search failed */ 1428 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1429 } 1430 } 1431 1432 /* 1433 * XXX thorpej@NetBSD.org -- if the interface is going 1434 * XXX away, don't save the multicast entries, delete them! 1435 */ 1436 if (LIST_EMPTY(&oia->ia6_multiaddrs)) 1437 ; 1438 else if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1439 struct in6_multi *in6m, *next; 1440 1441 for (in6m = LIST_FIRST(&oia->ia6_multiaddrs); in6m != NULL; 1442 in6m = next) { 1443 next = LIST_NEXT(in6m, in6m_entry); 1444 in6_delmulti(in6m); 1445 } 1446 } else 1447 in6_savemkludge(oia); 1448 1449 /* 1450 * Release the reference to the base prefix. There should be a 1451 * positive reference. 1452 */ 1453 if (oia->ia6_ndpr == NULL) { 1454 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1455 "%p has no prefix\n", oia)); 1456 } else { 1457 oia->ia6_ndpr->ndpr_refcnt--; 1458 oia->ia6_ndpr = NULL; 1459 } 1460 1461 /* 1462 * Also, if the address being removed is autoconf'ed, call 1463 * pfxlist_onlink_check() since the release might affect the status of 1464 * other (detached) addresses. 1465 */ 1466 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1467 pfxlist_onlink_check(); 1468 1469 /* 1470 * release another refcnt for the link from in6_ifaddr. 1471 * Note that we should decrement the refcnt at least once for all *BSD. 1472 */ 1473 IFAFREE(&oia->ia_ifa); 1474 1475 splx(s); 1476 } 1477 1478 void 1479 in6_purgeif(struct ifnet *ifp) 1480 { 1481 if_purgeaddrs(ifp, AF_INET6, in6_purgeaddr); 1482 1483 in6_ifdetach(ifp); 1484 } 1485 1486 /* 1487 * SIOC[GAD]LIFADDR. 1488 * SIOCGLIFADDR: get first address. (?) 1489 * SIOCGLIFADDR with IFLR_PREFIX: 1490 * get first address that matches the specified prefix. 1491 * SIOCALIFADDR: add the specified address. 1492 * SIOCALIFADDR with IFLR_PREFIX: 1493 * add the specified prefix, filling hostid part from 1494 * the first link-local address. prefixlen must be <= 64. 1495 * SIOCDLIFADDR: delete the specified address. 1496 * SIOCDLIFADDR with IFLR_PREFIX: 1497 * delete the first address that matches the specified prefix. 1498 * return values: 1499 * EINVAL on invalid parameters 1500 * EADDRNOTAVAIL on prefix match failed/specified address not found 1501 * other values may be returned from in6_ioctl() 1502 * 1503 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1504 * this is to accommodate address naming scheme other than RFC2374, 1505 * in the future. 1506 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1507 * address encoding scheme. (see figure on page 8) 1508 */ 1509 static int 1510 in6_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 1511 struct ifnet *ifp, struct lwp *l) 1512 { 1513 struct in6_ifaddr *ia; 1514 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1515 struct ifaddr *ifa; 1516 struct sockaddr *sa; 1517 1518 /* sanity checks */ 1519 if (!data || !ifp) { 1520 panic("invalid argument to in6_lifaddr_ioctl"); 1521 /* NOTREACHED */ 1522 } 1523 1524 switch (cmd) { 1525 case SIOCGLIFADDR: 1526 /* address must be specified on GET with IFLR_PREFIX */ 1527 if ((iflr->flags & IFLR_PREFIX) == 0) 1528 break; 1529 /* FALLTHROUGH */ 1530 case SIOCALIFADDR: 1531 case SIOCDLIFADDR: 1532 /* address must be specified on ADD and DELETE */ 1533 sa = (struct sockaddr *)&iflr->addr; 1534 if (sa->sa_family != AF_INET6) 1535 return EINVAL; 1536 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1537 return EINVAL; 1538 /* XXX need improvement */ 1539 sa = (struct sockaddr *)&iflr->dstaddr; 1540 if (sa->sa_family && sa->sa_family != AF_INET6) 1541 return EINVAL; 1542 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1543 return EINVAL; 1544 break; 1545 default: /* shouldn't happen */ 1546 #if 0 1547 panic("invalid cmd to in6_lifaddr_ioctl"); 1548 /* NOTREACHED */ 1549 #else 1550 return EOPNOTSUPP; 1551 #endif 1552 } 1553 if (sizeof(struct in6_addr) * NBBY < iflr->prefixlen) 1554 return EINVAL; 1555 1556 switch (cmd) { 1557 case SIOCALIFADDR: 1558 { 1559 struct in6_aliasreq ifra; 1560 struct in6_addr *xhostid = NULL; 1561 int prefixlen; 1562 1563 if ((iflr->flags & IFLR_PREFIX) != 0) { 1564 struct sockaddr_in6 *sin6; 1565 1566 /* 1567 * xhostid is to fill in the hostid part of the 1568 * address. xhostid points to the first link-local 1569 * address attached to the interface. 1570 */ 1571 ia = in6ifa_ifpforlinklocal(ifp, 0); 1572 if (ia == NULL) 1573 return EADDRNOTAVAIL; 1574 xhostid = IFA_IN6(&ia->ia_ifa); 1575 1576 /* prefixlen must be <= 64. */ 1577 if (64 < iflr->prefixlen) 1578 return EINVAL; 1579 prefixlen = iflr->prefixlen; 1580 1581 /* hostid part must be zero. */ 1582 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1583 if (sin6->sin6_addr.s6_addr32[2] != 0 1584 || sin6->sin6_addr.s6_addr32[3] != 0) { 1585 return EINVAL; 1586 } 1587 } else 1588 prefixlen = iflr->prefixlen; 1589 1590 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1591 memset(&ifra, 0, sizeof(ifra)); 1592 memcpy(ifra.ifra_name, iflr->iflr_name, sizeof(ifra.ifra_name)); 1593 1594 memcpy(&ifra.ifra_addr, &iflr->addr, 1595 ((struct sockaddr *)&iflr->addr)->sa_len); 1596 if (xhostid) { 1597 /* fill in hostid part */ 1598 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1599 xhostid->s6_addr32[2]; 1600 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1601 xhostid->s6_addr32[3]; 1602 } 1603 1604 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1605 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1606 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1607 if (xhostid) { 1608 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1609 xhostid->s6_addr32[2]; 1610 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1611 xhostid->s6_addr32[3]; 1612 } 1613 } 1614 1615 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1616 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1617 1618 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1619 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1620 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1621 return in6_control(so, SIOCAIFADDR_IN6, &ifra, ifp, l); 1622 } 1623 case SIOCGLIFADDR: 1624 case SIOCDLIFADDR: 1625 { 1626 struct in6_addr mask, candidate, match; 1627 struct sockaddr_in6 *sin6; 1628 int cmp; 1629 1630 memset(&mask, 0, sizeof(mask)); 1631 if (iflr->flags & IFLR_PREFIX) { 1632 /* lookup a prefix rather than address. */ 1633 in6_prefixlen2mask(&mask, iflr->prefixlen); 1634 1635 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1636 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1637 match.s6_addr32[0] &= mask.s6_addr32[0]; 1638 match.s6_addr32[1] &= mask.s6_addr32[1]; 1639 match.s6_addr32[2] &= mask.s6_addr32[2]; 1640 match.s6_addr32[3] &= mask.s6_addr32[3]; 1641 1642 /* if you set extra bits, that's wrong */ 1643 if (memcmp(&match, &sin6->sin6_addr, sizeof(match))) 1644 return EINVAL; 1645 1646 cmp = 1; 1647 } else { 1648 if (cmd == SIOCGLIFADDR) { 1649 /* on getting an address, take the 1st match */ 1650 cmp = 0; /* XXX */ 1651 } else { 1652 /* on deleting an address, do exact match */ 1653 in6_prefixlen2mask(&mask, 128); 1654 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1655 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1656 1657 cmp = 1; 1658 } 1659 } 1660 1661 IFADDR_FOREACH(ifa, ifp) { 1662 if (ifa->ifa_addr->sa_family != AF_INET6) 1663 continue; 1664 if (!cmp) 1665 break; 1666 1667 /* 1668 * XXX: this is adhoc, but is necessary to allow 1669 * a user to specify fe80::/64 (not /10) for a 1670 * link-local address. 1671 */ 1672 memcpy(&candidate, IFA_IN6(ifa), sizeof(candidate)); 1673 in6_clearscope(&candidate); 1674 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1675 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1676 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1677 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1678 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1679 break; 1680 } 1681 if (!ifa) 1682 return EADDRNOTAVAIL; 1683 ia = ifa2ia6(ifa); 1684 1685 if (cmd == SIOCGLIFADDR) { 1686 int error; 1687 1688 /* fill in the if_laddrreq structure */ 1689 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin6_len); 1690 error = sa6_recoverscope( 1691 (struct sockaddr_in6 *)&iflr->addr); 1692 if (error != 0) 1693 return error; 1694 1695 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1696 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1697 ia->ia_dstaddr.sin6_len); 1698 error = sa6_recoverscope( 1699 (struct sockaddr_in6 *)&iflr->dstaddr); 1700 if (error != 0) 1701 return error; 1702 } else 1703 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1704 1705 iflr->prefixlen = 1706 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1707 1708 iflr->flags = ia->ia6_flags; /* XXX */ 1709 1710 return 0; 1711 } else { 1712 struct in6_aliasreq ifra; 1713 1714 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1715 memset(&ifra, 0, sizeof(ifra)); 1716 memcpy(ifra.ifra_name, iflr->iflr_name, 1717 sizeof(ifra.ifra_name)); 1718 1719 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1720 ia->ia_addr.sin6_len); 1721 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1722 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1723 ia->ia_dstaddr.sin6_len); 1724 } else { 1725 memset(&ifra.ifra_dstaddr, 0, 1726 sizeof(ifra.ifra_dstaddr)); 1727 } 1728 memcpy(&ifra.ifra_dstaddr, &ia->ia_prefixmask, 1729 ia->ia_prefixmask.sin6_len); 1730 1731 ifra.ifra_flags = ia->ia6_flags; 1732 return in6_control(so, SIOCDIFADDR_IN6, &ifra, ifp, l); 1733 } 1734 } 1735 } 1736 1737 return EOPNOTSUPP; /* just for safety */ 1738 } 1739 1740 /* 1741 * Initialize an interface's internet6 address 1742 * and routing table entry. 1743 */ 1744 static int 1745 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1746 const struct sockaddr_in6 *sin6, int newhost) 1747 { 1748 int error = 0, plen, ifacount = 0; 1749 int s = splnet(); 1750 struct ifaddr *ifa; 1751 1752 /* 1753 * Give the interface a chance to initialize 1754 * if this is its first address, 1755 * and to validate the address if necessary. 1756 */ 1757 IFADDR_FOREACH(ifa, ifp) { 1758 if (ifa->ifa_addr == NULL) 1759 continue; /* just for safety */ 1760 if (ifa->ifa_addr->sa_family != AF_INET6) 1761 continue; 1762 ifacount++; 1763 } 1764 1765 ia->ia_addr = *sin6; 1766 1767 if (ifacount <= 1 && 1768 (error = if_addr_init(ifp, &ia->ia_ifa, true)) != 0) { 1769 splx(s); 1770 return error; 1771 } 1772 splx(s); 1773 1774 ia->ia_ifa.ifa_metric = ifp->if_metric; 1775 1776 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1777 1778 /* 1779 * Special case: 1780 * If the destination address is specified for a point-to-point 1781 * interface, install a route to the destination as an interface 1782 * direct route. 1783 */ 1784 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1785 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1786 if ((error = rtinit(&ia->ia_ifa, RTM_ADD, 1787 RTF_UP | RTF_HOST)) != 0) 1788 return error; 1789 ia->ia_flags |= IFA_ROUTE; 1790 } 1791 1792 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1793 if (newhost) { 1794 /* set the rtrequest function to create llinfo */ 1795 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1796 in6_ifaddloop(&ia->ia_ifa); 1797 } else { 1798 /* Inform the routing socket of new flags/timings */ 1799 nd6_newaddrmsg(&ia->ia_ifa); 1800 } 1801 1802 if (ifp->if_flags & IFF_MULTICAST) 1803 in6_restoremkludge(ia, ifp); 1804 1805 return error; 1806 } 1807 1808 static struct ifaddr * 1809 bestifa(struct ifaddr *best_ifa, struct ifaddr *ifa) 1810 { 1811 if (best_ifa == NULL || best_ifa->ifa_preference < ifa->ifa_preference) 1812 return ifa; 1813 return best_ifa; 1814 } 1815 1816 /* 1817 * Find an IPv6 interface link-local address specific to an interface. 1818 */ 1819 struct in6_ifaddr * 1820 in6ifa_ifpforlinklocal(const struct ifnet *ifp, const int ignoreflags) 1821 { 1822 struct ifaddr *best_ifa = NULL, *ifa; 1823 1824 IFADDR_FOREACH(ifa, ifp) { 1825 if (ifa->ifa_addr == NULL) 1826 continue; /* just for safety */ 1827 if (ifa->ifa_addr->sa_family != AF_INET6) 1828 continue; 1829 if (!IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) 1830 continue; 1831 if ((((struct in6_ifaddr *)ifa)->ia6_flags & ignoreflags) != 0) 1832 continue; 1833 best_ifa = bestifa(best_ifa, ifa); 1834 } 1835 1836 return (struct in6_ifaddr *)best_ifa; 1837 } 1838 1839 1840 /* 1841 * find the internet address corresponding to a given interface and address. 1842 */ 1843 struct in6_ifaddr * 1844 in6ifa_ifpwithaddr(const struct ifnet *ifp, const struct in6_addr *addr) 1845 { 1846 struct ifaddr *best_ifa = NULL, *ifa; 1847 1848 IFADDR_FOREACH(ifa, ifp) { 1849 if (ifa->ifa_addr == NULL) 1850 continue; /* just for safety */ 1851 if (ifa->ifa_addr->sa_family != AF_INET6) 1852 continue; 1853 if (!IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1854 continue; 1855 best_ifa = bestifa(best_ifa, ifa); 1856 } 1857 1858 return (struct in6_ifaddr *)best_ifa; 1859 } 1860 1861 static struct in6_ifaddr * 1862 bestia(struct in6_ifaddr *best_ia, struct in6_ifaddr *ia) 1863 { 1864 if (best_ia == NULL || 1865 best_ia->ia_ifa.ifa_preference < ia->ia_ifa.ifa_preference) 1866 return ia; 1867 return best_ia; 1868 } 1869 1870 /* 1871 * Convert IP6 address to printable (loggable) representation. 1872 */ 1873 static int ip6round = 0; 1874 char * 1875 ip6_sprintf(const struct in6_addr *addr) 1876 { 1877 static char ip6buf[8][48]; 1878 int i; 1879 char *bp; 1880 char *cp; 1881 const u_int16_t *a = (const u_int16_t *)addr; 1882 const u_int8_t *d; 1883 int dcolon = 0; 1884 1885 ip6round = (ip6round + 1) & 7; 1886 cp = ip6buf[ip6round]; 1887 1888 for (i = 0; i < 8; i++) { 1889 if (dcolon == 1) { 1890 if (*a == 0) { 1891 if (i == 7) 1892 *cp++ = ':'; 1893 a++; 1894 continue; 1895 } else 1896 dcolon = 2; 1897 } 1898 if (*a == 0) { 1899 if (dcolon == 0 && *(a + 1) == 0) { 1900 if (i == 0) 1901 *cp++ = ':'; 1902 *cp++ = ':'; 1903 dcolon = 1; 1904 } else { 1905 *cp++ = '0'; 1906 *cp++ = ':'; 1907 } 1908 a++; 1909 continue; 1910 } 1911 d = (const u_char *)a; 1912 bp = cp; 1913 *cp = hexdigits[*d >> 4]; 1914 if (*cp != '0') 1915 cp++; 1916 *cp = hexdigits[*d++ & 0xf]; 1917 if (cp != bp || *cp != '0') 1918 cp++; 1919 *cp = hexdigits[*d >> 4]; 1920 if (cp != bp || *cp != '0') 1921 cp++; 1922 *cp++ = hexdigits[*d & 0xf]; 1923 *cp++ = ':'; 1924 a++; 1925 } 1926 *--cp = 0; 1927 return ip6buf[ip6round]; 1928 } 1929 1930 /* 1931 * Determine if an address is on a local network. 1932 */ 1933 int 1934 in6_localaddr(const struct in6_addr *in6) 1935 { 1936 struct in6_ifaddr *ia; 1937 1938 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1939 return 1; 1940 1941 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1942 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1943 &ia->ia_prefixmask.sin6_addr)) 1944 return 1; 1945 1946 return 0; 1947 } 1948 1949 int 1950 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1951 { 1952 struct in6_ifaddr *ia; 1953 1954 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1955 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1956 &sa6->sin6_addr) && 1957 #ifdef SCOPEDROUTING 1958 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1959 #endif 1960 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1961 return 1; /* true */ 1962 1963 /* XXX: do we still have to go thru the rest of the list? */ 1964 } 1965 1966 return 0; /* false */ 1967 } 1968 1969 /* 1970 * return length of part which dst and src are equal 1971 * hard coding... 1972 */ 1973 int 1974 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1975 { 1976 int match = 0; 1977 u_char *s = (u_char *)src, *d = (u_char *)dst; 1978 u_char *lim = s + 16, r; 1979 1980 while (s < lim) 1981 if ((r = (*d++ ^ *s++)) != 0) { 1982 while (r < 128) { 1983 match++; 1984 r <<= 1; 1985 } 1986 break; 1987 } else 1988 match += NBBY; 1989 return match; 1990 } 1991 1992 /* XXX: to be scope conscious */ 1993 int 1994 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1995 { 1996 int bytelen, bitlen; 1997 1998 /* sanity check */ 1999 if (len < 0 || len > 128) { 2000 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2001 len); 2002 return 0; 2003 } 2004 2005 bytelen = len / NBBY; 2006 bitlen = len % NBBY; 2007 2008 if (memcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2009 return 0; 2010 if (bitlen != 0 && 2011 p1->s6_addr[bytelen] >> (NBBY - bitlen) != 2012 p2->s6_addr[bytelen] >> (NBBY - bitlen)) 2013 return 0; 2014 2015 return 1; 2016 } 2017 2018 void 2019 in6_prefixlen2mask(struct in6_addr *maskp, int len) 2020 { 2021 static const u_char maskarray[NBBY] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2022 int bytelen, bitlen, i; 2023 2024 /* sanity check */ 2025 if (len < 0 || len > 128) { 2026 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2027 len); 2028 return; 2029 } 2030 2031 memset(maskp, 0, sizeof(*maskp)); 2032 bytelen = len / NBBY; 2033 bitlen = len % NBBY; 2034 for (i = 0; i < bytelen; i++) 2035 maskp->s6_addr[i] = 0xff; 2036 if (bitlen) 2037 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2038 } 2039 2040 /* 2041 * return the best address out of the same scope. if no address was 2042 * found, return the first valid address from designated IF. 2043 */ 2044 struct in6_ifaddr * 2045 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2046 { 2047 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2048 struct ifaddr *ifa; 2049 struct in6_ifaddr *best_ia = NULL, *ia; 2050 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2051 2052 dep[0] = dep[1] = NULL; 2053 2054 /* 2055 * We first look for addresses in the same scope. 2056 * If there is one, return it. 2057 * If two or more, return one which matches the dst longest. 2058 * If none, return one of global addresses assigned other ifs. 2059 */ 2060 IFADDR_FOREACH(ifa, ifp) { 2061 if (ifa->ifa_addr->sa_family != AF_INET6) 2062 continue; 2063 ia = (struct in6_ifaddr *)ifa; 2064 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2065 continue; /* XXX: is there any case to allow anycast? */ 2066 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2067 continue; /* don't use this interface */ 2068 if (ia->ia6_flags & IN6_IFF_DETACHED) 2069 continue; 2070 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2071 if (ip6_use_deprecated) 2072 dep[0] = ia; 2073 continue; 2074 } 2075 2076 if (dst_scope != in6_addrscope(IFA_IN6(ifa))) 2077 continue; 2078 /* 2079 * call in6_matchlen() as few as possible 2080 */ 2081 if (best_ia == NULL) { 2082 best_ia = ia; 2083 continue; 2084 } 2085 if (blen == -1) 2086 blen = in6_matchlen(&best_ia->ia_addr.sin6_addr, dst); 2087 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2088 if (tlen > blen) { 2089 blen = tlen; 2090 best_ia = ia; 2091 } else if (tlen == blen) 2092 best_ia = bestia(best_ia, ia); 2093 } 2094 if (best_ia != NULL) 2095 return best_ia; 2096 2097 IFADDR_FOREACH(ifa, ifp) { 2098 if (ifa->ifa_addr->sa_family != AF_INET6) 2099 continue; 2100 ia = (struct in6_ifaddr *)ifa; 2101 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2102 continue; /* XXX: is there any case to allow anycast? */ 2103 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2104 continue; /* don't use this interface */ 2105 if (ia->ia6_flags & IN6_IFF_DETACHED) 2106 continue; 2107 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2108 if (ip6_use_deprecated) 2109 dep[1] = (struct in6_ifaddr *)ifa; 2110 continue; 2111 } 2112 2113 best_ia = bestia(best_ia, ia); 2114 } 2115 if (best_ia != NULL) 2116 return best_ia; 2117 2118 /* use the last-resort values, that are, deprecated addresses */ 2119 if (dep[0]) 2120 return dep[0]; 2121 if (dep[1]) 2122 return dep[1]; 2123 2124 return NULL; 2125 } 2126 2127 /* 2128 * perform DAD when interface becomes IFF_UP. 2129 */ 2130 void 2131 in6_if_link_up(struct ifnet *ifp) 2132 { 2133 struct ifaddr *ifa; 2134 struct in6_ifaddr *ia; 2135 2136 /* Ensure it's sane to run DAD */ 2137 if (ifp->if_link_state == LINK_STATE_DOWN) 2138 return; 2139 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 2140 return; 2141 2142 IFADDR_FOREACH(ifa, ifp) { 2143 if (ifa->ifa_addr->sa_family != AF_INET6) 2144 continue; 2145 ia = (struct in6_ifaddr *)ifa; 2146 2147 /* If detached then mark as tentative */ 2148 if (ia->ia6_flags & IN6_IFF_DETACHED) { 2149 ia->ia6_flags &= ~IN6_IFF_DETACHED; 2150 if (in6if_do_dad(ifp)) { 2151 ia->ia6_flags |= IN6_IFF_TENTATIVE; 2152 nd6log((LOG_ERR, "in6_if_up: " 2153 "%s marked tentative\n", 2154 ip6_sprintf(&ia->ia_addr.sin6_addr))); 2155 } else if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) 2156 nd6_newaddrmsg(ifa); 2157 } 2158 2159 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2160 /* 2161 * The TENTATIVE flag was likely set by hand 2162 * beforehand, implicitly indicating the need for DAD. 2163 * We may be able to skip the random delay in this 2164 * case, but we impose delays just in case. 2165 */ 2166 nd6_dad_start(ifa, 2167 cprng_fast32() % 2168 (MAX_RTR_SOLICITATION_DELAY * hz)); 2169 } 2170 } 2171 2172 /* Restore any detached prefixes */ 2173 pfxlist_onlink_check(); 2174 } 2175 2176 void 2177 in6_if_up(struct ifnet *ifp) 2178 { 2179 2180 /* 2181 * special cases, like 6to4, are handled in in6_ifattach 2182 */ 2183 in6_ifattach(ifp, NULL); 2184 2185 /* interface may not support link state, so bring it up also */ 2186 in6_if_link_up(ifp); 2187 } 2188 /* 2189 * Mark all addresses as detached. 2190 */ 2191 void 2192 in6_if_link_down(struct ifnet *ifp) 2193 { 2194 struct ifaddr *ifa; 2195 struct in6_ifaddr *ia; 2196 2197 /* Any prefixes on this interface should be detached as well */ 2198 pfxlist_onlink_check(); 2199 2200 IFADDR_FOREACH(ifa, ifp) { 2201 if (ifa->ifa_addr->sa_family != AF_INET6) 2202 continue; 2203 ia = (struct in6_ifaddr *)ifa; 2204 2205 /* Stop DAD processing */ 2206 nd6_dad_stop(ifa); 2207 2208 /* 2209 * Mark the address as detached. 2210 * This satisfies RFC4862 Section 5.3, but we should apply 2211 * this logic to all addresses to be a good citizen and 2212 * avoid potential duplicated addresses. 2213 * When the interface comes up again, detached addresses 2214 * are marked tentative and DAD commences. 2215 */ 2216 if (!(ia->ia6_flags & IN6_IFF_DETACHED)) { 2217 nd6log((LOG_DEBUG, "in6_if_down: " 2218 "%s marked detached\n", 2219 ip6_sprintf(&ia->ia_addr.sin6_addr))); 2220 ia->ia6_flags |= IN6_IFF_DETACHED; 2221 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 2222 nd6_newaddrmsg(ifa); 2223 } 2224 } 2225 } 2226 2227 void 2228 in6_if_down(struct ifnet *ifp) 2229 { 2230 2231 in6_if_link_down(ifp); 2232 } 2233 2234 int 2235 in6if_do_dad(struct ifnet *ifp) 2236 { 2237 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2238 return 0; 2239 2240 switch (ifp->if_type) { 2241 case IFT_FAITH: 2242 /* 2243 * These interfaces do not have the IFF_LOOPBACK flag, 2244 * but loop packets back. We do not have to do DAD on such 2245 * interfaces. We should even omit it, because loop-backed 2246 * NS would confuse the DAD procedure. 2247 */ 2248 return 0; 2249 default: 2250 /* 2251 * Our DAD routine requires the interface up and running. 2252 * However, some interfaces can be up before the RUNNING 2253 * status. Additionaly, users may try to assign addresses 2254 * before the interface becomes up (or running). 2255 * We simply skip DAD in such a case as a work around. 2256 * XXX: we should rather mark "tentative" on such addresses, 2257 * and do DAD after the interface becomes ready. 2258 */ 2259 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2260 (IFF_UP|IFF_RUNNING)) 2261 return 0; 2262 2263 return 1; 2264 } 2265 } 2266 2267 /* 2268 * Calculate max IPv6 MTU through all the interfaces and store it 2269 * to in6_maxmtu. 2270 */ 2271 void 2272 in6_setmaxmtu(void) 2273 { 2274 unsigned long maxmtu = 0; 2275 struct ifnet *ifp; 2276 2277 IFNET_FOREACH(ifp) { 2278 /* this function can be called during ifnet initialization */ 2279 if (!ifp->if_afdata[AF_INET6]) 2280 continue; 2281 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2282 IN6_LINKMTU(ifp) > maxmtu) 2283 maxmtu = IN6_LINKMTU(ifp); 2284 } 2285 if (maxmtu) /* update only when maxmtu is positive */ 2286 in6_maxmtu = maxmtu; 2287 } 2288 2289 /* 2290 * Provide the length of interface identifiers to be used for the link attached 2291 * to the given interface. The length should be defined in "IPv6 over 2292 * xxx-link" document. Note that address architecture might also define 2293 * the length for a particular set of address prefixes, regardless of the 2294 * link type. As clarified in rfc2462bis, those two definitions should be 2295 * consistent, and those really are as of August 2004. 2296 */ 2297 int 2298 in6_if2idlen(struct ifnet *ifp) 2299 { 2300 switch (ifp->if_type) { 2301 case IFT_ETHER: /* RFC2464 */ 2302 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2303 case IFT_L2VLAN: /* ditto */ 2304 case IFT_IEEE80211: /* ditto */ 2305 case IFT_FDDI: /* RFC2467 */ 2306 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2307 case IFT_PPP: /* RFC2472 */ 2308 case IFT_ARCNET: /* RFC2497 */ 2309 case IFT_FRELAY: /* RFC2590 */ 2310 case IFT_IEEE1394: /* RFC3146 */ 2311 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2312 case IFT_LOOP: /* XXX: is this really correct? */ 2313 return 64; 2314 default: 2315 /* 2316 * Unknown link type: 2317 * It might be controversial to use the today's common constant 2318 * of 64 for these cases unconditionally. For full compliance, 2319 * we should return an error in this case. On the other hand, 2320 * if we simply miss the standard for the link type or a new 2321 * standard is defined for a new link type, the IFID length 2322 * is very likely to be the common constant. As a compromise, 2323 * we always use the constant, but make an explicit notice 2324 * indicating the "unknown" case. 2325 */ 2326 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2327 return 64; 2328 } 2329 } 2330 2331 void * 2332 in6_domifattach(struct ifnet *ifp) 2333 { 2334 struct in6_ifextra *ext; 2335 2336 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK|M_ZERO); 2337 2338 ext->in6_ifstat = malloc(sizeof(struct in6_ifstat), 2339 M_IFADDR, M_WAITOK|M_ZERO); 2340 2341 ext->icmp6_ifstat = malloc(sizeof(struct icmp6_ifstat), 2342 M_IFADDR, M_WAITOK|M_ZERO); 2343 2344 ext->nd_ifinfo = nd6_ifattach(ifp); 2345 ext->scope6_id = scope6_ifattach(ifp); 2346 ext->nprefixes = 0; 2347 ext->ndefrouters = 0; 2348 return ext; 2349 } 2350 2351 void 2352 in6_domifdetach(struct ifnet *ifp, void *aux) 2353 { 2354 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2355 2356 nd6_ifdetach(ext->nd_ifinfo); 2357 free(ext->in6_ifstat, M_IFADDR); 2358 free(ext->icmp6_ifstat, M_IFADDR); 2359 scope6_ifdetach(ext->scope6_id); 2360 free(ext, M_IFADDR); 2361 } 2362 2363 /* 2364 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2365 * v4 mapped addr or v4 compat addr 2366 */ 2367 void 2368 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2369 { 2370 memset(sin, 0, sizeof(*sin)); 2371 sin->sin_len = sizeof(struct sockaddr_in); 2372 sin->sin_family = AF_INET; 2373 sin->sin_port = sin6->sin6_port; 2374 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2375 } 2376 2377 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2378 void 2379 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2380 { 2381 memset(sin6, 0, sizeof(*sin6)); 2382 sin6->sin6_len = sizeof(struct sockaddr_in6); 2383 sin6->sin6_family = AF_INET6; 2384 sin6->sin6_port = sin->sin_port; 2385 sin6->sin6_addr.s6_addr32[0] = 0; 2386 sin6->sin6_addr.s6_addr32[1] = 0; 2387 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2388 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2389 } 2390 2391 /* Convert sockaddr_in6 into sockaddr_in. */ 2392 void 2393 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2394 { 2395 struct sockaddr_in *sin_p; 2396 struct sockaddr_in6 sin6; 2397 2398 /* 2399 * Save original sockaddr_in6 addr and convert it 2400 * to sockaddr_in. 2401 */ 2402 sin6 = *(struct sockaddr_in6 *)nam; 2403 sin_p = (struct sockaddr_in *)nam; 2404 in6_sin6_2_sin(sin_p, &sin6); 2405 } 2406 2407 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2408 void 2409 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2410 { 2411 struct sockaddr_in *sin_p; 2412 struct sockaddr_in6 *sin6_p; 2413 2414 sin6_p = malloc(sizeof(*sin6_p), M_SONAME, M_WAITOK); 2415 sin_p = (struct sockaddr_in *)*nam; 2416 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2417 free(*nam, M_SONAME); 2418 *nam = (struct sockaddr *)sin6_p; 2419 } 2420