1 /* $NetBSD: in6.c,v 1.174 2014/07/01 23:01:54 justin Exp $ */ 2 /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.174 2014/07/01 23:01:54 justin Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_compat_netbsd.h" 69 70 #include <sys/param.h> 71 #include <sys/ioctl.h> 72 #include <sys/errno.h> 73 #include <sys/malloc.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/sockio.h> 77 #include <sys/systm.h> 78 #include <sys/proc.h> 79 #include <sys/time.h> 80 #include <sys/kernel.h> 81 #include <sys/syslog.h> 82 #include <sys/kauth.h> 83 #include <sys/cprng.h> 84 85 #include <net/if.h> 86 #include <net/if_types.h> 87 #include <net/route.h> 88 #include <net/if_dl.h> 89 #include <net/pfil.h> 90 91 #include <netinet/in.h> 92 #include <netinet/in_var.h> 93 #include <net/if_ether.h> 94 95 #include <netinet/ip6.h> 96 #include <netinet6/ip6_var.h> 97 #include <netinet6/nd6.h> 98 #include <netinet6/mld6_var.h> 99 #include <netinet6/ip6_mroute.h> 100 #include <netinet6/in6_ifattach.h> 101 #include <netinet6/scope6_var.h> 102 103 #include <net/net_osdep.h> 104 105 #ifdef COMPAT_50 106 #include <compat/netinet6/in6_var.h> 107 #endif 108 109 MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 110 111 /* enable backward compatibility code for obsoleted ioctls */ 112 #define COMPAT_IN6IFIOCTL 113 114 #ifdef IN6_DEBUG 115 #define IN6_DPRINTF(__fmt, ...) printf(__fmt, __VA_ARGS__) 116 #else 117 #define IN6_DPRINTF(__fmt, ...) do { } while (/*CONSTCOND*/0) 118 #endif /* IN6_DEBUG */ 119 120 /* 121 * Definitions of some constant IP6 addresses. 122 */ 123 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 124 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 125 const struct in6_addr in6addr_nodelocal_allnodes = 126 IN6ADDR_NODELOCAL_ALLNODES_INIT; 127 const struct in6_addr in6addr_linklocal_allnodes = 128 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 129 const struct in6_addr in6addr_linklocal_allrouters = 130 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 131 132 const struct in6_addr in6mask0 = IN6MASK0; 133 const struct in6_addr in6mask32 = IN6MASK32; 134 const struct in6_addr in6mask64 = IN6MASK64; 135 const struct in6_addr in6mask96 = IN6MASK96; 136 const struct in6_addr in6mask128 = IN6MASK128; 137 138 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 139 0, 0, IN6ADDR_ANY_INIT, 0}; 140 141 static int in6_lifaddr_ioctl(struct socket *, u_long, void *, 142 struct ifnet *); 143 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, 144 const struct sockaddr_in6 *, int); 145 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 146 147 /* 148 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 149 * This routine does actual work. 150 */ 151 static void 152 in6_ifloop_request(int cmd, struct ifaddr *ifa) 153 { 154 struct sockaddr_in6 all1_sa; 155 struct rtentry *nrt = NULL; 156 int e; 157 158 sockaddr_in6_init(&all1_sa, &in6mask128, 0, 0, 0); 159 160 /* 161 * We specify the address itself as the gateway, and set the 162 * RTF_LLINFO flag, so that the corresponding host route would have 163 * the flag, and thus applications that assume traditional behavior 164 * would be happy. Note that we assume the caller of the function 165 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 166 * which changes the outgoing interface to the loopback interface. 167 */ 168 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 169 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 170 if (e != 0) { 171 log(LOG_ERR, "in6_ifloop_request: " 172 "%s operation failed for %s (errno=%d)\n", 173 cmd == RTM_ADD ? "ADD" : "DELETE", 174 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 175 e); 176 } 177 178 /* 179 * Make sure rt_ifa be equal to IFA, the second argument of the 180 * function. 181 * We need this because when we refer to rt_ifa->ia6_flags in 182 * ip6_input, we assume that the rt_ifa points to the address instead 183 * of the loopback address. 184 */ 185 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) 186 rt_replace_ifa(nrt, ifa); 187 188 /* 189 * Report the addition/removal of the address to the routing socket 190 * unless the address is marked tentative, where it will be reported 191 * once DAD completes. 192 * XXX: since we called rtinit for a p2p interface with a destination, 193 * we end up reporting twice in such a case. Should we rather 194 * omit the second report? 195 */ 196 if (nrt) { 197 if (cmd != RTM_ADD || 198 !(((struct in6_ifaddr *)ifa)->ia6_flags &IN6_IFF_TENTATIVE)) 199 { 200 #if 0 201 struct in6_ifaddr *ia; 202 203 ia = (struct in6_ifaddr *)ifa; 204 log(LOG_DEBUG, 205 "in6_ifloop_request: announced %s (%s %d)\n", 206 ip6_sprintf(&ia->ia_addr.sin6_addr), 207 cmd == RTM_ADD ? "RTM_ADD" : "RTM_DELETE", 208 ia->ia6_flags); 209 #endif 210 rt_newaddrmsg(cmd, ifa, e, nrt); 211 } 212 if (cmd == RTM_DELETE) { 213 if (nrt->rt_refcnt <= 0) { 214 /* XXX: we should free the entry ourselves. */ 215 nrt->rt_refcnt++; 216 rtfree(nrt); 217 } 218 } else { 219 /* the cmd must be RTM_ADD here */ 220 nrt->rt_refcnt--; 221 } 222 } 223 } 224 225 /* 226 * Add ownaddr as loopback rtentry. We previously add the route only if 227 * necessary (ex. on a p2p link). However, since we now manage addresses 228 * separately from prefixes, we should always add the route. We can't 229 * rely on the cloning mechanism from the corresponding interface route 230 * any more. 231 */ 232 void 233 in6_ifaddloop(struct ifaddr *ifa) 234 { 235 struct rtentry *rt; 236 237 /* If there is no loopback entry, allocate one. */ 238 rt = rtalloc1(ifa->ifa_addr, 0); 239 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 240 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 241 in6_ifloop_request(RTM_ADD, ifa); 242 if (rt != NULL) 243 rt->rt_refcnt--; 244 } 245 246 /* 247 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 248 * if it exists. 249 */ 250 void 251 in6_ifremloop(struct ifaddr *ifa) 252 { 253 struct in6_ifaddr *alt_ia = NULL, *ia; 254 struct rtentry *rt; 255 int ia_count = 0; 256 257 /* 258 * Some of BSD variants do not remove cloned routes 259 * from an interface direct route, when removing the direct route 260 * (see comments in net/net_osdep.h). Even for variants that do remove 261 * cloned routes, they could fail to remove the cloned routes when 262 * we handle multple addresses that share a common prefix. 263 * So, we should remove the route corresponding to the deleted address. 264 */ 265 266 /* 267 * Delete the entry only if exactly one ifaddr matches the 268 * address, ifa->ifa_addr. 269 * 270 * If more than one ifaddr matches, replace the ifaddr in 271 * the routing table, rt_ifa, with a different ifaddr than 272 * the one we are purging, ifa. It is important to do 273 * this, or else the routing table can accumulate dangling 274 * pointers rt->rt_ifa->ifa_ifp to destroyed interfaces, 275 * which will lead to crashes, later. (More than one ifaddr 276 * can match if we assign the same address to multiple---probably 277 * p2p---interfaces.) 278 * 279 * XXX An old comment at this place said, "we should avoid 280 * XXX such a configuration [i.e., interfaces with the same 281 * XXX addressed assigned --ed.] in IPv6...". I do not 282 * XXX agree, especially now that I have fixed the dangling 283 * XXX ifp-pointers bug. 284 */ 285 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 286 if (!IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) 287 continue; 288 if (ia->ia_ifp != ifa->ifa_ifp) 289 alt_ia = ia; 290 if (++ia_count > 1 && alt_ia != NULL) 291 break; 292 } 293 294 if (ia_count == 0) 295 return; 296 297 if ((rt = rtalloc1(ifa->ifa_addr, 0)) == NULL) 298 return; 299 rt->rt_refcnt--; 300 301 /* 302 * Before deleting, check if a corresponding loopbacked 303 * host route surely exists. With this check, we can avoid 304 * deleting an interface direct route whose destination is 305 * the same as the address being removed. This can happen 306 * when removing a subnet-router anycast address on an 307 * interface attached to a shared medium. 308 */ 309 if ((rt->rt_flags & RTF_HOST) == 0 || 310 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 311 return; 312 313 /* If we cannot replace the route's ifaddr with the equivalent 314 * ifaddr of another interface, I believe it is safest to 315 * delete the route. 316 */ 317 if (ia_count == 1 || alt_ia == NULL) 318 in6_ifloop_request(RTM_DELETE, ifa); 319 else 320 rt_replace_ifa(rt, &alt_ia->ia_ifa); 321 } 322 323 int 324 in6_mask2len(struct in6_addr *mask, u_char *lim0) 325 { 326 int x = 0, y; 327 u_char *lim = lim0, *p; 328 329 /* ignore the scope_id part */ 330 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 331 lim = (u_char *)mask + sizeof(*mask); 332 for (p = (u_char *)mask; p < lim; x++, p++) { 333 if (*p != 0xff) 334 break; 335 } 336 y = 0; 337 if (p < lim) { 338 for (y = 0; y < NBBY; y++) { 339 if ((*p & (0x80 >> y)) == 0) 340 break; 341 } 342 } 343 344 /* 345 * when the limit pointer is given, do a stricter check on the 346 * remaining bits. 347 */ 348 if (p < lim) { 349 if (y != 0 && (*p & (0x00ff >> y)) != 0) 350 return -1; 351 for (p = p + 1; p < lim; p++) 352 if (*p != 0) 353 return -1; 354 } 355 356 return x * NBBY + y; 357 } 358 359 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 360 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 361 362 static int 363 in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 364 { 365 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 366 struct in6_ifaddr *ia = NULL; 367 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 368 struct sockaddr_in6 *sa6; 369 int error; 370 371 switch (cmd) { 372 /* 373 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 374 */ 375 case SIOCSIFADDR: 376 case SIOCSIFDSTADDR: 377 case SIOCSIFBRDADDR: 378 case SIOCSIFNETMASK: 379 return EOPNOTSUPP; 380 case SIOCGETSGCNT_IN6: 381 case SIOCGETMIFCNT_IN6: 382 return mrt6_ioctl(cmd, data); 383 case SIOCGIFADDRPREF: 384 case SIOCSIFADDRPREF: 385 if (ifp == NULL) 386 return EINVAL; 387 return ifaddrpref_ioctl(so, cmd, data, ifp); 388 } 389 390 if (ifp == NULL) 391 return EOPNOTSUPP; 392 393 switch (cmd) { 394 case SIOCSNDFLUSH_IN6: 395 case SIOCSPFXFLUSH_IN6: 396 case SIOCSRTRFLUSH_IN6: 397 case SIOCSDEFIFACE_IN6: 398 case SIOCSIFINFO_FLAGS: 399 case SIOCSIFINFO_IN6: 400 /* Privileged. */ 401 /* FALLTHROUGH */ 402 case OSIOCGIFINFO_IN6: 403 case SIOCGIFINFO_IN6: 404 case SIOCGDRLST_IN6: 405 case SIOCGPRLST_IN6: 406 case SIOCGNBRINFO_IN6: 407 case SIOCGDEFIFACE_IN6: 408 return nd6_ioctl(cmd, data, ifp); 409 } 410 411 switch (cmd) { 412 case SIOCSIFPREFIX_IN6: 413 case SIOCDIFPREFIX_IN6: 414 case SIOCAIFPREFIX_IN6: 415 case SIOCCIFPREFIX_IN6: 416 case SIOCSGIFPREFIX_IN6: 417 case SIOCGIFPREFIX_IN6: 418 log(LOG_NOTICE, 419 "prefix ioctls are now invalidated. " 420 "please use ifconfig.\n"); 421 return EOPNOTSUPP; 422 } 423 424 switch (cmd) { 425 case SIOCALIFADDR: 426 case SIOCDLIFADDR: 427 /* Privileged. */ 428 /* FALLTHROUGH */ 429 case SIOCGLIFADDR: 430 return in6_lifaddr_ioctl(so, cmd, data, ifp); 431 } 432 433 /* 434 * Find address for this interface, if it exists. 435 * 436 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 437 * only, and used the first interface address as the target of other 438 * operations (without checking ifra_addr). This was because netinet 439 * code/API assumed at most 1 interface address per interface. 440 * Since IPv6 allows a node to assign multiple addresses 441 * on a single interface, we almost always look and check the 442 * presence of ifra_addr, and reject invalid ones here. 443 * It also decreases duplicated code among SIOC*_IN6 operations. 444 */ 445 switch (cmd) { 446 case SIOCAIFADDR_IN6: 447 #ifdef OSIOCAIFADDR_IN6 448 case OSIOCAIFADDR_IN6: 449 #endif 450 #ifdef OSIOCSIFPHYADDR_IN6 451 case OSIOCSIFPHYADDR_IN6: 452 #endif 453 case SIOCSIFPHYADDR_IN6: 454 sa6 = &ifra->ifra_addr; 455 break; 456 case SIOCSIFADDR_IN6: 457 case SIOCGIFADDR_IN6: 458 case SIOCSIFDSTADDR_IN6: 459 case SIOCSIFNETMASK_IN6: 460 case SIOCGIFDSTADDR_IN6: 461 case SIOCGIFNETMASK_IN6: 462 case SIOCDIFADDR_IN6: 463 case SIOCGIFPSRCADDR_IN6: 464 case SIOCGIFPDSTADDR_IN6: 465 case SIOCGIFAFLAG_IN6: 466 case SIOCSNDFLUSH_IN6: 467 case SIOCSPFXFLUSH_IN6: 468 case SIOCSRTRFLUSH_IN6: 469 case SIOCGIFALIFETIME_IN6: 470 #ifdef OSIOCGIFALIFETIME_IN6 471 case OSIOCGIFALIFETIME_IN6: 472 #endif 473 case SIOCGIFSTAT_IN6: 474 case SIOCGIFSTAT_ICMP6: 475 sa6 = &ifr->ifr_addr; 476 break; 477 default: 478 sa6 = NULL; 479 break; 480 } 481 if (sa6 && sa6->sin6_family == AF_INET6) { 482 if (sa6->sin6_scope_id != 0) 483 error = sa6_embedscope(sa6, 0); 484 else 485 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 486 if (error != 0) 487 return error; 488 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 489 } else 490 ia = NULL; 491 492 switch (cmd) { 493 case SIOCSIFADDR_IN6: 494 case SIOCSIFDSTADDR_IN6: 495 case SIOCSIFNETMASK_IN6: 496 /* 497 * Since IPv6 allows a node to assign multiple addresses 498 * on a single interface, SIOCSIFxxx ioctls are deprecated. 499 */ 500 return EINVAL; 501 502 case SIOCDIFADDR_IN6: 503 /* 504 * for IPv4, we look for existing in_ifaddr here to allow 505 * "ifconfig if0 delete" to remove the first IPv4 address on 506 * the interface. For IPv6, as the spec allows multiple 507 * interface address from the day one, we consider "remove the 508 * first one" semantics to be not preferable. 509 */ 510 if (ia == NULL) 511 return EADDRNOTAVAIL; 512 /* FALLTHROUGH */ 513 #ifdef OSIOCAIFADDR_IN6 514 case OSIOCAIFADDR_IN6: 515 #endif 516 case SIOCAIFADDR_IN6: 517 /* 518 * We always require users to specify a valid IPv6 address for 519 * the corresponding operation. 520 */ 521 if (ifra->ifra_addr.sin6_family != AF_INET6 || 522 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 523 return EAFNOSUPPORT; 524 /* Privileged. */ 525 526 break; 527 528 case SIOCGIFADDR_IN6: 529 /* This interface is basically deprecated. use SIOCGIFCONF. */ 530 /* FALLTHROUGH */ 531 case SIOCGIFAFLAG_IN6: 532 case SIOCGIFNETMASK_IN6: 533 case SIOCGIFDSTADDR_IN6: 534 case SIOCGIFALIFETIME_IN6: 535 #ifdef OSIOCGIFALIFETIME_IN6 536 case OSIOCGIFALIFETIME_IN6: 537 #endif 538 /* must think again about its semantics */ 539 if (ia == NULL) 540 return EADDRNOTAVAIL; 541 break; 542 } 543 544 switch (cmd) { 545 546 case SIOCGIFADDR_IN6: 547 ifr->ifr_addr = ia->ia_addr; 548 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 549 return error; 550 break; 551 552 case SIOCGIFDSTADDR_IN6: 553 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 554 return EINVAL; 555 /* 556 * XXX: should we check if ifa_dstaddr is NULL and return 557 * an error? 558 */ 559 ifr->ifr_dstaddr = ia->ia_dstaddr; 560 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 561 return error; 562 break; 563 564 case SIOCGIFNETMASK_IN6: 565 ifr->ifr_addr = ia->ia_prefixmask; 566 break; 567 568 case SIOCGIFAFLAG_IN6: 569 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 570 break; 571 572 case SIOCGIFSTAT_IN6: 573 if (ifp == NULL) 574 return EINVAL; 575 memset(&ifr->ifr_ifru.ifru_stat, 0, 576 sizeof(ifr->ifr_ifru.ifru_stat)); 577 ifr->ifr_ifru.ifru_stat = 578 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 579 break; 580 581 case SIOCGIFSTAT_ICMP6: 582 if (ifp == NULL) 583 return EINVAL; 584 memset(&ifr->ifr_ifru.ifru_icmp6stat, 0, 585 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 586 ifr->ifr_ifru.ifru_icmp6stat = 587 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 588 break; 589 590 #ifdef OSIOCGIFALIFETIME_IN6 591 case OSIOCGIFALIFETIME_IN6: 592 #endif 593 case SIOCGIFALIFETIME_IN6: 594 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 595 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 596 time_t maxexpire; 597 struct in6_addrlifetime *retlt = 598 &ifr->ifr_ifru.ifru_lifetime; 599 600 /* 601 * XXX: adjust expiration time assuming time_t is 602 * signed. 603 */ 604 maxexpire = ((time_t)~0) & 605 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 606 if (ia->ia6_lifetime.ia6t_vltime < 607 maxexpire - ia->ia6_updatetime) { 608 retlt->ia6t_expire = ia->ia6_updatetime + 609 ia->ia6_lifetime.ia6t_vltime; 610 } else 611 retlt->ia6t_expire = maxexpire; 612 } 613 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 614 time_t maxexpire; 615 struct in6_addrlifetime *retlt = 616 &ifr->ifr_ifru.ifru_lifetime; 617 618 /* 619 * XXX: adjust expiration time assuming time_t is 620 * signed. 621 */ 622 maxexpire = ((time_t)~0) & 623 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 624 if (ia->ia6_lifetime.ia6t_pltime < 625 maxexpire - ia->ia6_updatetime) { 626 retlt->ia6t_preferred = ia->ia6_updatetime + 627 ia->ia6_lifetime.ia6t_pltime; 628 } else 629 retlt->ia6t_preferred = maxexpire; 630 } 631 #ifdef OSIOCFIFALIFETIME_IN6 632 if (cmd == OSIOCFIFALIFETIME_IN6) 633 in6_addrlifetime_to_in6_addrlifetime50( 634 &ifr->ifru.ifru_lifetime); 635 #endif 636 break; 637 638 #ifdef OSIOCAIFADDR_IN6 639 case OSIOCAIFADDR_IN6: 640 in6_aliasreq50_to_in6_aliasreq(ifra); 641 /*FALLTHROUGH*/ 642 #endif 643 case SIOCAIFADDR_IN6: 644 { 645 int i; 646 struct nd_prefixctl pr0; 647 struct nd_prefix *pr; 648 649 /* reject read-only flags */ 650 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 651 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 652 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 653 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 654 return EINVAL; 655 } 656 /* 657 * first, make or update the interface address structure, 658 * and link it to the list. 659 */ 660 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 661 return error; 662 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 663 == NULL) { 664 /* 665 * this can happen when the user specify the 0 valid 666 * lifetime. 667 */ 668 break; 669 } 670 671 /* 672 * then, make the prefix on-link on the interface. 673 * XXX: we'd rather create the prefix before the address, but 674 * we need at least one address to install the corresponding 675 * interface route, so we configure the address first. 676 */ 677 678 /* 679 * convert mask to prefix length (prefixmask has already 680 * been validated in in6_update_ifa(). 681 */ 682 memset(&pr0, 0, sizeof(pr0)); 683 pr0.ndpr_ifp = ifp; 684 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 685 NULL); 686 if (pr0.ndpr_plen == 128) { 687 break; /* we don't need to install a host route. */ 688 } 689 pr0.ndpr_prefix = ifra->ifra_addr; 690 /* apply the mask for safety. */ 691 for (i = 0; i < 4; i++) { 692 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 693 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 694 } 695 /* 696 * XXX: since we don't have an API to set prefix (not address) 697 * lifetimes, we just use the same lifetimes as addresses. 698 * The (temporarily) installed lifetimes can be overridden by 699 * later advertised RAs (when accept_rtadv is non 0), which is 700 * an intended behavior. 701 */ 702 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 703 pr0.ndpr_raf_auto = 704 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 705 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 706 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 707 708 /* add the prefix if not yet. */ 709 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 710 /* 711 * nd6_prelist_add will install the corresponding 712 * interface route. 713 */ 714 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 715 return error; 716 if (pr == NULL) { 717 log(LOG_ERR, "nd6_prelist_add succeeded but " 718 "no prefix\n"); 719 return EINVAL; /* XXX panic here? */ 720 } 721 } 722 723 /* relate the address to the prefix */ 724 if (ia->ia6_ndpr == NULL) { 725 ia->ia6_ndpr = pr; 726 pr->ndpr_refcnt++; 727 728 /* 729 * If this is the first autoconf address from the 730 * prefix, create a temporary address as well 731 * (when required). 732 */ 733 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 734 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 735 int e; 736 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 737 log(LOG_NOTICE, "in6_control: failed " 738 "to create a temporary address, " 739 "errno=%d\n", e); 740 } 741 } 742 } 743 744 /* 745 * this might affect the status of autoconfigured addresses, 746 * that is, this address might make other addresses detached. 747 */ 748 pfxlist_onlink_check(); 749 750 (void)pfil_run_hooks(if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 751 ifp, PFIL_IFADDR); 752 break; 753 } 754 755 case SIOCDIFADDR_IN6: 756 { 757 struct nd_prefix *pr; 758 759 /* 760 * If the address being deleted is the only one that owns 761 * the corresponding prefix, expire the prefix as well. 762 * XXX: theoretically, we don't have to worry about such 763 * relationship, since we separate the address management 764 * and the prefix management. We do this, however, to provide 765 * as much backward compatibility as possible in terms of 766 * the ioctl operation. 767 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 768 */ 769 pr = ia->ia6_ndpr; 770 in6_purgeaddr(&ia->ia_ifa); 771 if (pr && pr->ndpr_refcnt == 0) 772 prelist_remove(pr); 773 (void)pfil_run_hooks(if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 774 ifp, PFIL_IFADDR); 775 break; 776 } 777 778 default: 779 return ENOTTY; 780 } 781 782 return 0; 783 } 784 785 int 786 in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp) 787 { 788 int error, s; 789 790 switch (cmd) { 791 case SIOCSNDFLUSH_IN6: 792 case SIOCSPFXFLUSH_IN6: 793 case SIOCSRTRFLUSH_IN6: 794 case SIOCSDEFIFACE_IN6: 795 case SIOCSIFINFO_FLAGS: 796 case SIOCSIFINFO_IN6: 797 798 case SIOCALIFADDR: 799 case SIOCDLIFADDR: 800 801 case SIOCDIFADDR_IN6: 802 #ifdef OSIOCAIFADDR_IN6 803 case OSIOCAIFADDR_IN6: 804 #endif 805 case SIOCAIFADDR_IN6: 806 if (kauth_authorize_network(curlwp->l_cred, 807 KAUTH_NETWORK_SOCKET, 808 KAUTH_REQ_NETWORK_SOCKET_SETPRIV, 809 so, NULL, NULL)) 810 return EPERM; 811 break; 812 } 813 814 s = splnet(); 815 error = in6_control1(so , cmd, data, ifp); 816 splx(s); 817 return error; 818 } 819 820 /* 821 * Update parameters of an IPv6 interface address. 822 * If necessary, a new entry is created and linked into address chains. 823 * This function is separated from in6_control(). 824 * XXX: should this be performed under splnet()? 825 */ 826 static int 827 in6_update_ifa1(struct ifnet *ifp, struct in6_aliasreq *ifra, 828 struct in6_ifaddr *ia, int flags) 829 { 830 int error = 0, hostIsNew = 0, plen = -1; 831 struct in6_ifaddr *oia; 832 struct sockaddr_in6 dst6; 833 struct in6_addrlifetime *lt; 834 struct in6_multi_mship *imm; 835 struct in6_multi *in6m_sol; 836 struct rtentry *rt; 837 int dad_delay; 838 839 in6m_sol = NULL; 840 841 /* Validate parameters */ 842 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 843 return EINVAL; 844 845 /* 846 * The destination address for a p2p link must have a family 847 * of AF_UNSPEC or AF_INET6. 848 */ 849 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 850 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 851 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 852 return EAFNOSUPPORT; 853 /* 854 * validate ifra_prefixmask. don't check sin6_family, netmask 855 * does not carry fields other than sin6_len. 856 */ 857 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 858 return EINVAL; 859 /* 860 * Because the IPv6 address architecture is classless, we require 861 * users to specify a (non 0) prefix length (mask) for a new address. 862 * We also require the prefix (when specified) mask is valid, and thus 863 * reject a non-consecutive mask. 864 */ 865 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 866 return EINVAL; 867 if (ifra->ifra_prefixmask.sin6_len != 0) { 868 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 869 (u_char *)&ifra->ifra_prefixmask + 870 ifra->ifra_prefixmask.sin6_len); 871 if (plen <= 0) 872 return EINVAL; 873 } else { 874 /* 875 * In this case, ia must not be NULL. We just use its prefix 876 * length. 877 */ 878 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 879 } 880 /* 881 * If the destination address on a p2p interface is specified, 882 * and the address is a scoped one, validate/set the scope 883 * zone identifier. 884 */ 885 dst6 = ifra->ifra_dstaddr; 886 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 887 (dst6.sin6_family == AF_INET6)) { 888 struct in6_addr in6_tmp; 889 u_int32_t zoneid; 890 891 in6_tmp = dst6.sin6_addr; 892 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 893 return EINVAL; /* XXX: should be impossible */ 894 895 if (dst6.sin6_scope_id != 0) { 896 if (dst6.sin6_scope_id != zoneid) 897 return EINVAL; 898 } else /* user omit to specify the ID. */ 899 dst6.sin6_scope_id = zoneid; 900 901 /* convert into the internal form */ 902 if (sa6_embedscope(&dst6, 0)) 903 return EINVAL; /* XXX: should be impossible */ 904 } 905 /* 906 * The destination address can be specified only for a p2p or a 907 * loopback interface. If specified, the corresponding prefix length 908 * must be 128. 909 */ 910 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 911 #ifdef FORCE_P2PPLEN 912 int i; 913 #endif 914 915 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 916 /* XXX: noisy message */ 917 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 918 "be specified for a p2p or a loopback IF only\n")); 919 return EINVAL; 920 } 921 if (plen != 128) { 922 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 923 "be 128 when dstaddr is specified\n")); 924 #ifdef FORCE_P2PPLEN 925 /* 926 * To be compatible with old configurations, 927 * such as ifconfig gif0 inet6 2001::1 2001::2 928 * prefixlen 126, we override the specified 929 * prefixmask as if the prefix length was 128. 930 */ 931 ifra->ifra_prefixmask.sin6_len = 932 sizeof(struct sockaddr_in6); 933 for (i = 0; i < 4; i++) 934 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 935 0xffffffff; 936 plen = 128; 937 #else 938 return EINVAL; 939 #endif 940 } 941 } 942 /* lifetime consistency check */ 943 lt = &ifra->ifra_lifetime; 944 if (lt->ia6t_pltime > lt->ia6t_vltime) 945 return EINVAL; 946 if (lt->ia6t_vltime == 0) { 947 /* 948 * the following log might be noisy, but this is a typical 949 * configuration mistake or a tool's bug. 950 */ 951 nd6log((LOG_INFO, 952 "in6_update_ifa: valid lifetime is 0 for %s\n", 953 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 954 955 if (ia == NULL) 956 return 0; /* there's nothing to do */ 957 } 958 959 /* 960 * If this is a new address, allocate a new ifaddr and link it 961 * into chains. 962 */ 963 if (ia == NULL) { 964 hostIsNew = 1; 965 /* 966 * When in6_update_ifa() is called in a process of a received 967 * RA, it is called under an interrupt context. So, we should 968 * call malloc with M_NOWAIT. 969 */ 970 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 971 M_NOWAIT); 972 if (ia == NULL) 973 return ENOBUFS; 974 memset(ia, 0, sizeof(*ia)); 975 LIST_INIT(&ia->ia6_memberships); 976 /* Initialize the address and masks, and put time stamp */ 977 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 978 ia->ia_addr.sin6_family = AF_INET6; 979 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 980 ia->ia6_createtime = time_second; 981 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 982 /* 983 * XXX: some functions expect that ifa_dstaddr is not 984 * NULL for p2p interfaces. 985 */ 986 ia->ia_ifa.ifa_dstaddr = 987 (struct sockaddr *)&ia->ia_dstaddr; 988 } else { 989 ia->ia_ifa.ifa_dstaddr = NULL; 990 } 991 ia->ia_ifa.ifa_netmask = 992 (struct sockaddr *)&ia->ia_prefixmask; 993 994 ia->ia_ifp = ifp; 995 if ((oia = in6_ifaddr) != NULL) { 996 for ( ; oia->ia_next; oia = oia->ia_next) 997 continue; 998 oia->ia_next = ia; 999 } else 1000 in6_ifaddr = ia; 1001 /* gain a refcnt for the link from in6_ifaddr */ 1002 IFAREF(&ia->ia_ifa); 1003 1004 ifa_insert(ifp, &ia->ia_ifa); 1005 } 1006 1007 /* update timestamp */ 1008 ia->ia6_updatetime = time_second; 1009 1010 /* set prefix mask */ 1011 if (ifra->ifra_prefixmask.sin6_len) { 1012 /* 1013 * We prohibit changing the prefix length of an existing 1014 * address, because 1015 * + such an operation should be rare in IPv6, and 1016 * + the operation would confuse prefix management. 1017 */ 1018 if (ia->ia_prefixmask.sin6_len && 1019 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1020 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1021 " existing (%s) address should not be changed\n", 1022 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1023 error = EINVAL; 1024 goto unlink; 1025 } 1026 ia->ia_prefixmask = ifra->ifra_prefixmask; 1027 } 1028 1029 /* 1030 * If a new destination address is specified, scrub the old one and 1031 * install the new destination. Note that the interface must be 1032 * p2p or loopback (see the check above.) 1033 */ 1034 if (dst6.sin6_family == AF_INET6 && 1035 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1036 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1037 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 1038 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1039 "a route to the old destination: %s\n", 1040 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1041 /* proceed anyway... */ 1042 } else 1043 ia->ia_flags &= ~IFA_ROUTE; 1044 ia->ia_dstaddr = dst6; 1045 } 1046 1047 /* 1048 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1049 * to see if the address is deprecated or invalidated, but initialize 1050 * these members for applications. 1051 */ 1052 ia->ia6_lifetime = ifra->ifra_lifetime; 1053 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1054 ia->ia6_lifetime.ia6t_expire = 1055 time_second + ia->ia6_lifetime.ia6t_vltime; 1056 } else 1057 ia->ia6_lifetime.ia6t_expire = 0; 1058 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1059 ia->ia6_lifetime.ia6t_preferred = 1060 time_second + ia->ia6_lifetime.ia6t_pltime; 1061 } else 1062 ia->ia6_lifetime.ia6t_preferred = 0; 1063 1064 /* 1065 * configure address flags. 1066 */ 1067 ia->ia6_flags = ifra->ifra_flags; 1068 1069 /* 1070 * Make the address tentative before joining multicast addresses, 1071 * so that corresponding MLD responses would not have a tentative 1072 * source address. 1073 */ 1074 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1075 if (ifp->if_link_state == LINK_STATE_DOWN) { 1076 ia->ia6_flags |= IN6_IFF_DETACHED; 1077 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1078 } else if (hostIsNew && in6if_do_dad(ifp)) 1079 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1080 1081 /* 1082 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1083 * userland, make it deprecated. 1084 */ 1085 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1086 ia->ia6_lifetime.ia6t_pltime = 0; 1087 ia->ia6_lifetime.ia6t_preferred = time_second; 1088 } 1089 1090 /* reset the interface and routing table appropriately. */ 1091 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1092 goto unlink; 1093 /* 1094 * We are done if we have simply modified an existing address. 1095 */ 1096 if (!hostIsNew) 1097 return error; 1098 1099 /* 1100 * Beyond this point, we should call in6_purgeaddr upon an error, 1101 * not just go to unlink. 1102 */ 1103 1104 /* join necessary multicast groups */ 1105 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1106 struct sockaddr_in6 mltaddr, mltmask; 1107 struct in6_addr llsol; 1108 1109 /* join solicited multicast addr for new host id */ 1110 memset(&llsol, 0, sizeof(struct in6_addr)); 1111 llsol.s6_addr16[0] = htons(0xff02); 1112 llsol.s6_addr32[1] = 0; 1113 llsol.s6_addr32[2] = htonl(1); 1114 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1115 llsol.s6_addr8[12] = 0xff; 1116 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1117 /* XXX: should not happen */ 1118 log(LOG_ERR, "in6_update_ifa: " 1119 "in6_setscope failed\n"); 1120 goto cleanup; 1121 } 1122 dad_delay = 0; 1123 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1124 /* 1125 * We need a random delay for DAD on the address 1126 * being configured. It also means delaying 1127 * transmission of the corresponding MLD report to 1128 * avoid report collision. 1129 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1130 */ 1131 dad_delay = cprng_fast32() % 1132 (MAX_RTR_SOLICITATION_DELAY * hz); 1133 } 1134 1135 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1136 /* join solicited multicast addr for new host id */ 1137 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1138 if (!imm) { 1139 nd6log((LOG_ERR, 1140 "in6_update_ifa: addmulti " 1141 "failed for %s on %s (errno=%d)\n", 1142 ip6_sprintf(&llsol), if_name(ifp), error)); 1143 goto cleanup; 1144 } 1145 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1146 in6m_sol = imm->i6mm_maddr; 1147 1148 sockaddr_in6_init(&mltmask, &in6mask32, 0, 0, 0); 1149 1150 /* 1151 * join link-local all-nodes address 1152 */ 1153 sockaddr_in6_init(&mltaddr, &in6addr_linklocal_allnodes, 1154 0, 0, 0); 1155 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1156 goto cleanup; /* XXX: should not fail */ 1157 1158 /* 1159 * XXX: do we really need this automatic routes? 1160 * We should probably reconsider this stuff. Most applications 1161 * actually do not need the routes, since they usually specify 1162 * the outgoing interface. 1163 */ 1164 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1165 if (rt) { 1166 if (memcmp(&mltaddr.sin6_addr, 1167 &satocsin6(rt_getkey(rt))->sin6_addr, 1168 MLTMASK_LEN)) { 1169 rtfree(rt); 1170 rt = NULL; 1171 } else if (rt->rt_ifp != ifp) { 1172 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1173 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1174 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1175 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1176 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1177 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1178 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1179 rt_replace_ifa(rt, &ia->ia_ifa); 1180 rt->rt_ifp = ifp; 1181 } 1182 } 1183 if (!rt) { 1184 struct rt_addrinfo info; 1185 1186 memset(&info, 0, sizeof(info)); 1187 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1188 info.rti_info[RTAX_GATEWAY] = 1189 (struct sockaddr *)&ia->ia_addr; 1190 info.rti_info[RTAX_NETMASK] = 1191 (struct sockaddr *)&mltmask; 1192 info.rti_info[RTAX_IFA] = 1193 (struct sockaddr *)&ia->ia_addr; 1194 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1195 info.rti_flags = RTF_UP | RTF_CLONING; 1196 error = rtrequest1(RTM_ADD, &info, NULL); 1197 if (error) 1198 goto cleanup; 1199 } else { 1200 rtfree(rt); 1201 } 1202 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1203 if (!imm) { 1204 nd6log((LOG_WARNING, 1205 "in6_update_ifa: addmulti failed for " 1206 "%s on %s (errno=%d)\n", 1207 ip6_sprintf(&mltaddr.sin6_addr), 1208 if_name(ifp), error)); 1209 goto cleanup; 1210 } 1211 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1212 1213 /* 1214 * join node information group address 1215 */ 1216 dad_delay = 0; 1217 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1218 /* 1219 * The spec doesn't say anything about delay for this 1220 * group, but the same logic should apply. 1221 */ 1222 dad_delay = cprng_fast32() % 1223 (MAX_RTR_SOLICITATION_DELAY * hz); 1224 } 1225 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) != 0) 1226 ; 1227 else if ((imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1228 dad_delay)) == NULL) { /* XXX jinmei */ 1229 nd6log((LOG_WARNING, "in6_update_ifa: " 1230 "addmulti failed for %s on %s (errno=%d)\n", 1231 ip6_sprintf(&mltaddr.sin6_addr), 1232 if_name(ifp), error)); 1233 /* XXX not very fatal, go on... */ 1234 } else { 1235 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1236 } 1237 1238 1239 /* 1240 * join interface-local all-nodes address. 1241 * (ff01::1%ifN, and ff01::%ifN/32) 1242 */ 1243 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1244 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1245 goto cleanup; /* XXX: should not fail */ 1246 1247 /* XXX: again, do we really need the route? */ 1248 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1249 if (rt) { 1250 /* 32bit came from "mltmask" */ 1251 if (memcmp(&mltaddr.sin6_addr, 1252 &satocsin6(rt_getkey(rt))->sin6_addr, 1253 32 / NBBY)) { 1254 rtfree(rt); 1255 rt = NULL; 1256 } else if (rt->rt_ifp != ifp) { 1257 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1258 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1259 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1260 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1261 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1262 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1263 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1264 rt_replace_ifa(rt, &ia->ia_ifa); 1265 rt->rt_ifp = ifp; 1266 } 1267 } 1268 if (!rt) { 1269 struct rt_addrinfo info; 1270 1271 memset(&info, 0, sizeof(info)); 1272 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1273 info.rti_info[RTAX_GATEWAY] = 1274 (struct sockaddr *)&ia->ia_addr; 1275 info.rti_info[RTAX_NETMASK] = 1276 (struct sockaddr *)&mltmask; 1277 info.rti_info[RTAX_IFA] = 1278 (struct sockaddr *)&ia->ia_addr; 1279 info.rti_flags = RTF_UP | RTF_CLONING; 1280 error = rtrequest1(RTM_ADD, &info, NULL); 1281 if (error) 1282 goto cleanup; 1283 #undef MLTMASK_LEN 1284 } else { 1285 rtfree(rt); 1286 } 1287 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1288 if (!imm) { 1289 nd6log((LOG_WARNING, "in6_update_ifa: " 1290 "addmulti failed for %s on %s (errno=%d)\n", 1291 ip6_sprintf(&mltaddr.sin6_addr), 1292 if_name(ifp), error)); 1293 goto cleanup; 1294 } else { 1295 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1296 } 1297 } 1298 1299 /* 1300 * Perform DAD, if needed. 1301 * XXX It may be of use, if we can administratively 1302 * disable DAD. 1303 */ 1304 if (hostIsNew && in6if_do_dad(ifp) && 1305 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1306 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1307 { 1308 int mindelay, maxdelay; 1309 1310 dad_delay = 0; 1311 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1312 /* 1313 * We need to impose a delay before sending an NS 1314 * for DAD. Check if we also needed a delay for the 1315 * corresponding MLD message. If we did, the delay 1316 * should be larger than the MLD delay (this could be 1317 * relaxed a bit, but this simple logic is at least 1318 * safe). 1319 */ 1320 mindelay = 0; 1321 if (in6m_sol != NULL && 1322 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1323 mindelay = in6m_sol->in6m_timer; 1324 } 1325 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1326 if (maxdelay - mindelay == 0) 1327 dad_delay = 0; 1328 else { 1329 dad_delay = 1330 (cprng_fast32() % (maxdelay - mindelay)) + 1331 mindelay; 1332 } 1333 } 1334 /* +1 ensures callout is always used */ 1335 nd6_dad_start(&ia->ia_ifa, dad_delay + 1); 1336 } 1337 1338 return error; 1339 1340 unlink: 1341 /* 1342 * XXX: if a change of an existing address failed, keep the entry 1343 * anyway. 1344 */ 1345 if (hostIsNew) 1346 in6_unlink_ifa(ia, ifp); 1347 return error; 1348 1349 cleanup: 1350 in6_purgeaddr(&ia->ia_ifa); 1351 return error; 1352 } 1353 1354 int 1355 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1356 struct in6_ifaddr *ia, int flags) 1357 { 1358 int rc, s; 1359 1360 s = splnet(); 1361 rc = in6_update_ifa1(ifp, ifra, ia, flags); 1362 splx(s); 1363 return rc; 1364 } 1365 1366 void 1367 in6_purgeaddr(struct ifaddr *ifa) 1368 { 1369 struct ifnet *ifp = ifa->ifa_ifp; 1370 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1371 struct in6_multi_mship *imm; 1372 1373 /* stop DAD processing */ 1374 nd6_dad_stop(ifa); 1375 1376 /* 1377 * delete route to the destination of the address being purged. 1378 * The interface must be p2p or loopback in this case. 1379 */ 1380 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1381 int e; 1382 1383 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1384 != 0) { 1385 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1386 "a route to the p2p destination: %s on %s, " 1387 "errno=%d\n", 1388 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1389 e); 1390 /* proceed anyway... */ 1391 } else 1392 ia->ia_flags &= ~IFA_ROUTE; 1393 } 1394 1395 /* Remove ownaddr's loopback rtentry, if it exists. */ 1396 in6_ifremloop(&(ia->ia_ifa)); 1397 1398 /* 1399 * leave from multicast groups we have joined for the interface 1400 */ 1401 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1402 LIST_REMOVE(imm, i6mm_chain); 1403 in6_leavegroup(imm); 1404 } 1405 1406 in6_unlink_ifa(ia, ifp); 1407 } 1408 1409 static void 1410 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1411 { 1412 struct in6_ifaddr *oia; 1413 int s = splnet(); 1414 1415 ifa_remove(ifp, &ia->ia_ifa); 1416 1417 oia = ia; 1418 if (oia == (ia = in6_ifaddr)) 1419 in6_ifaddr = ia->ia_next; 1420 else { 1421 while (ia->ia_next && (ia->ia_next != oia)) 1422 ia = ia->ia_next; 1423 if (ia->ia_next) 1424 ia->ia_next = oia->ia_next; 1425 else { 1426 /* search failed */ 1427 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1428 } 1429 } 1430 1431 /* 1432 * XXX thorpej@NetBSD.org -- if the interface is going 1433 * XXX away, don't save the multicast entries, delete them! 1434 */ 1435 if (LIST_EMPTY(&oia->ia6_multiaddrs)) 1436 ; 1437 else if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1438 struct in6_multi *in6m, *next; 1439 1440 for (in6m = LIST_FIRST(&oia->ia6_multiaddrs); in6m != NULL; 1441 in6m = next) { 1442 next = LIST_NEXT(in6m, in6m_entry); 1443 in6_delmulti(in6m); 1444 } 1445 } else 1446 in6_savemkludge(oia); 1447 1448 /* 1449 * Release the reference to the base prefix. There should be a 1450 * positive reference. 1451 */ 1452 if (oia->ia6_ndpr == NULL) { 1453 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1454 "%p has no prefix\n", oia)); 1455 } else { 1456 oia->ia6_ndpr->ndpr_refcnt--; 1457 oia->ia6_ndpr = NULL; 1458 } 1459 1460 /* 1461 * Also, if the address being removed is autoconf'ed, call 1462 * pfxlist_onlink_check() since the release might affect the status of 1463 * other (detached) addresses. 1464 */ 1465 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1466 pfxlist_onlink_check(); 1467 1468 /* 1469 * release another refcnt for the link from in6_ifaddr. 1470 * Note that we should decrement the refcnt at least once for all *BSD. 1471 */ 1472 IFAFREE(&oia->ia_ifa); 1473 1474 splx(s); 1475 } 1476 1477 void 1478 in6_purgeif(struct ifnet *ifp) 1479 { 1480 if_purgeaddrs(ifp, AF_INET6, in6_purgeaddr); 1481 1482 in6_ifdetach(ifp); 1483 } 1484 1485 /* 1486 * SIOC[GAD]LIFADDR. 1487 * SIOCGLIFADDR: get first address. (?) 1488 * SIOCGLIFADDR with IFLR_PREFIX: 1489 * get first address that matches the specified prefix. 1490 * SIOCALIFADDR: add the specified address. 1491 * SIOCALIFADDR with IFLR_PREFIX: 1492 * add the specified prefix, filling hostid part from 1493 * the first link-local address. prefixlen must be <= 64. 1494 * SIOCDLIFADDR: delete the specified address. 1495 * SIOCDLIFADDR with IFLR_PREFIX: 1496 * delete the first address that matches the specified prefix. 1497 * return values: 1498 * EINVAL on invalid parameters 1499 * EADDRNOTAVAIL on prefix match failed/specified address not found 1500 * other values may be returned from in6_ioctl() 1501 * 1502 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1503 * this is to accommodate address naming scheme other than RFC2374, 1504 * in the future. 1505 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1506 * address encoding scheme. (see figure on page 8) 1507 */ 1508 static int 1509 in6_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 1510 struct ifnet *ifp) 1511 { 1512 struct in6_ifaddr *ia; 1513 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1514 struct ifaddr *ifa; 1515 struct sockaddr *sa; 1516 1517 /* sanity checks */ 1518 if (!data || !ifp) { 1519 panic("invalid argument to in6_lifaddr_ioctl"); 1520 /* NOTREACHED */ 1521 } 1522 1523 switch (cmd) { 1524 case SIOCGLIFADDR: 1525 /* address must be specified on GET with IFLR_PREFIX */ 1526 if ((iflr->flags & IFLR_PREFIX) == 0) 1527 break; 1528 /* FALLTHROUGH */ 1529 case SIOCALIFADDR: 1530 case SIOCDLIFADDR: 1531 /* address must be specified on ADD and DELETE */ 1532 sa = (struct sockaddr *)&iflr->addr; 1533 if (sa->sa_family != AF_INET6) 1534 return EINVAL; 1535 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1536 return EINVAL; 1537 /* XXX need improvement */ 1538 sa = (struct sockaddr *)&iflr->dstaddr; 1539 if (sa->sa_family && sa->sa_family != AF_INET6) 1540 return EINVAL; 1541 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1542 return EINVAL; 1543 break; 1544 default: /* shouldn't happen */ 1545 #if 0 1546 panic("invalid cmd to in6_lifaddr_ioctl"); 1547 /* NOTREACHED */ 1548 #else 1549 return EOPNOTSUPP; 1550 #endif 1551 } 1552 if (sizeof(struct in6_addr) * NBBY < iflr->prefixlen) 1553 return EINVAL; 1554 1555 switch (cmd) { 1556 case SIOCALIFADDR: 1557 { 1558 struct in6_aliasreq ifra; 1559 struct in6_addr *xhostid = NULL; 1560 int prefixlen; 1561 1562 if ((iflr->flags & IFLR_PREFIX) != 0) { 1563 struct sockaddr_in6 *sin6; 1564 1565 /* 1566 * xhostid is to fill in the hostid part of the 1567 * address. xhostid points to the first link-local 1568 * address attached to the interface. 1569 */ 1570 ia = in6ifa_ifpforlinklocal(ifp, 0); 1571 if (ia == NULL) 1572 return EADDRNOTAVAIL; 1573 xhostid = IFA_IN6(&ia->ia_ifa); 1574 1575 /* prefixlen must be <= 64. */ 1576 if (64 < iflr->prefixlen) 1577 return EINVAL; 1578 prefixlen = iflr->prefixlen; 1579 1580 /* hostid part must be zero. */ 1581 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1582 if (sin6->sin6_addr.s6_addr32[2] != 0 1583 || sin6->sin6_addr.s6_addr32[3] != 0) { 1584 return EINVAL; 1585 } 1586 } else 1587 prefixlen = iflr->prefixlen; 1588 1589 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1590 memset(&ifra, 0, sizeof(ifra)); 1591 memcpy(ifra.ifra_name, iflr->iflr_name, sizeof(ifra.ifra_name)); 1592 1593 memcpy(&ifra.ifra_addr, &iflr->addr, 1594 ((struct sockaddr *)&iflr->addr)->sa_len); 1595 if (xhostid) { 1596 /* fill in hostid part */ 1597 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1598 xhostid->s6_addr32[2]; 1599 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1600 xhostid->s6_addr32[3]; 1601 } 1602 1603 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1604 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1605 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1606 if (xhostid) { 1607 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1608 xhostid->s6_addr32[2]; 1609 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1610 xhostid->s6_addr32[3]; 1611 } 1612 } 1613 1614 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1615 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1616 1617 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1618 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1619 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1620 return in6_control(so, SIOCAIFADDR_IN6, &ifra, ifp); 1621 } 1622 case SIOCGLIFADDR: 1623 case SIOCDLIFADDR: 1624 { 1625 struct in6_addr mask, candidate, match; 1626 struct sockaddr_in6 *sin6; 1627 int cmp; 1628 1629 memset(&mask, 0, sizeof(mask)); 1630 if (iflr->flags & IFLR_PREFIX) { 1631 /* lookup a prefix rather than address. */ 1632 in6_prefixlen2mask(&mask, iflr->prefixlen); 1633 1634 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1635 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1636 match.s6_addr32[0] &= mask.s6_addr32[0]; 1637 match.s6_addr32[1] &= mask.s6_addr32[1]; 1638 match.s6_addr32[2] &= mask.s6_addr32[2]; 1639 match.s6_addr32[3] &= mask.s6_addr32[3]; 1640 1641 /* if you set extra bits, that's wrong */ 1642 if (memcmp(&match, &sin6->sin6_addr, sizeof(match))) 1643 return EINVAL; 1644 1645 cmp = 1; 1646 } else { 1647 if (cmd == SIOCGLIFADDR) { 1648 /* on getting an address, take the 1st match */ 1649 cmp = 0; /* XXX */ 1650 } else { 1651 /* on deleting an address, do exact match */ 1652 in6_prefixlen2mask(&mask, 128); 1653 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1654 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1655 1656 cmp = 1; 1657 } 1658 } 1659 1660 IFADDR_FOREACH(ifa, ifp) { 1661 if (ifa->ifa_addr->sa_family != AF_INET6) 1662 continue; 1663 if (!cmp) 1664 break; 1665 1666 /* 1667 * XXX: this is adhoc, but is necessary to allow 1668 * a user to specify fe80::/64 (not /10) for a 1669 * link-local address. 1670 */ 1671 memcpy(&candidate, IFA_IN6(ifa), sizeof(candidate)); 1672 in6_clearscope(&candidate); 1673 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1674 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1675 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1676 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1677 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1678 break; 1679 } 1680 if (!ifa) 1681 return EADDRNOTAVAIL; 1682 ia = ifa2ia6(ifa); 1683 1684 if (cmd == SIOCGLIFADDR) { 1685 int error; 1686 1687 /* fill in the if_laddrreq structure */ 1688 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin6_len); 1689 error = sa6_recoverscope( 1690 (struct sockaddr_in6 *)&iflr->addr); 1691 if (error != 0) 1692 return error; 1693 1694 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1695 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1696 ia->ia_dstaddr.sin6_len); 1697 error = sa6_recoverscope( 1698 (struct sockaddr_in6 *)&iflr->dstaddr); 1699 if (error != 0) 1700 return error; 1701 } else 1702 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1703 1704 iflr->prefixlen = 1705 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1706 1707 iflr->flags = ia->ia6_flags; /* XXX */ 1708 1709 return 0; 1710 } else { 1711 struct in6_aliasreq ifra; 1712 1713 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1714 memset(&ifra, 0, sizeof(ifra)); 1715 memcpy(ifra.ifra_name, iflr->iflr_name, 1716 sizeof(ifra.ifra_name)); 1717 1718 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1719 ia->ia_addr.sin6_len); 1720 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1721 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1722 ia->ia_dstaddr.sin6_len); 1723 } else { 1724 memset(&ifra.ifra_dstaddr, 0, 1725 sizeof(ifra.ifra_dstaddr)); 1726 } 1727 memcpy(&ifra.ifra_dstaddr, &ia->ia_prefixmask, 1728 ia->ia_prefixmask.sin6_len); 1729 1730 ifra.ifra_flags = ia->ia6_flags; 1731 return in6_control(so, SIOCDIFADDR_IN6, &ifra, ifp); 1732 } 1733 } 1734 } 1735 1736 return EOPNOTSUPP; /* just for safety */ 1737 } 1738 1739 /* 1740 * Initialize an interface's internet6 address 1741 * and routing table entry. 1742 */ 1743 static int 1744 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1745 const struct sockaddr_in6 *sin6, int newhost) 1746 { 1747 int error = 0, plen, ifacount = 0; 1748 int s = splnet(); 1749 struct ifaddr *ifa; 1750 1751 /* 1752 * Give the interface a chance to initialize 1753 * if this is its first address, 1754 * and to validate the address if necessary. 1755 */ 1756 IFADDR_FOREACH(ifa, ifp) { 1757 if (ifa->ifa_addr == NULL) 1758 continue; /* just for safety */ 1759 if (ifa->ifa_addr->sa_family != AF_INET6) 1760 continue; 1761 ifacount++; 1762 } 1763 1764 ia->ia_addr = *sin6; 1765 1766 if (ifacount <= 1 && 1767 (error = if_addr_init(ifp, &ia->ia_ifa, true)) != 0) { 1768 splx(s); 1769 return error; 1770 } 1771 splx(s); 1772 1773 ia->ia_ifa.ifa_metric = ifp->if_metric; 1774 1775 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1776 1777 /* 1778 * Special case: 1779 * If the destination address is specified for a point-to-point 1780 * interface, install a route to the destination as an interface 1781 * direct route. 1782 */ 1783 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1784 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1785 if ((error = rtinit(&ia->ia_ifa, RTM_ADD, 1786 RTF_UP | RTF_HOST)) != 0) 1787 return error; 1788 ia->ia_flags |= IFA_ROUTE; 1789 } 1790 1791 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1792 if (newhost) { 1793 /* set the rtrequest function to create llinfo */ 1794 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1795 in6_ifaddloop(&ia->ia_ifa); 1796 } else { 1797 /* Inform the routing socket of new flags/timings */ 1798 nd6_newaddrmsg(&ia->ia_ifa); 1799 } 1800 1801 if (ifp->if_flags & IFF_MULTICAST) 1802 in6_restoremkludge(ia, ifp); 1803 1804 return error; 1805 } 1806 1807 static struct ifaddr * 1808 bestifa(struct ifaddr *best_ifa, struct ifaddr *ifa) 1809 { 1810 if (best_ifa == NULL || best_ifa->ifa_preference < ifa->ifa_preference) 1811 return ifa; 1812 return best_ifa; 1813 } 1814 1815 /* 1816 * Find an IPv6 interface link-local address specific to an interface. 1817 */ 1818 struct in6_ifaddr * 1819 in6ifa_ifpforlinklocal(const struct ifnet *ifp, const int ignoreflags) 1820 { 1821 struct ifaddr *best_ifa = NULL, *ifa; 1822 1823 IFADDR_FOREACH(ifa, ifp) { 1824 if (ifa->ifa_addr == NULL) 1825 continue; /* just for safety */ 1826 if (ifa->ifa_addr->sa_family != AF_INET6) 1827 continue; 1828 if (!IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) 1829 continue; 1830 if ((((struct in6_ifaddr *)ifa)->ia6_flags & ignoreflags) != 0) 1831 continue; 1832 best_ifa = bestifa(best_ifa, ifa); 1833 } 1834 1835 return (struct in6_ifaddr *)best_ifa; 1836 } 1837 1838 1839 /* 1840 * find the internet address corresponding to a given interface and address. 1841 */ 1842 struct in6_ifaddr * 1843 in6ifa_ifpwithaddr(const struct ifnet *ifp, const struct in6_addr *addr) 1844 { 1845 struct ifaddr *best_ifa = NULL, *ifa; 1846 1847 IFADDR_FOREACH(ifa, ifp) { 1848 if (ifa->ifa_addr == NULL) 1849 continue; /* just for safety */ 1850 if (ifa->ifa_addr->sa_family != AF_INET6) 1851 continue; 1852 if (!IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1853 continue; 1854 best_ifa = bestifa(best_ifa, ifa); 1855 } 1856 1857 return (struct in6_ifaddr *)best_ifa; 1858 } 1859 1860 static struct in6_ifaddr * 1861 bestia(struct in6_ifaddr *best_ia, struct in6_ifaddr *ia) 1862 { 1863 if (best_ia == NULL || 1864 best_ia->ia_ifa.ifa_preference < ia->ia_ifa.ifa_preference) 1865 return ia; 1866 return best_ia; 1867 } 1868 1869 /* 1870 * Convert IP6 address to printable (loggable) representation. 1871 */ 1872 static int ip6round = 0; 1873 char * 1874 ip6_sprintf(const struct in6_addr *addr) 1875 { 1876 static char ip6buf[8][48]; 1877 int i; 1878 char *bp; 1879 char *cp; 1880 const u_int16_t *a = (const u_int16_t *)addr; 1881 const u_int8_t *d; 1882 int dcolon = 0; 1883 1884 ip6round = (ip6round + 1) & 7; 1885 cp = ip6buf[ip6round]; 1886 1887 for (i = 0; i < 8; i++) { 1888 if (dcolon == 1) { 1889 if (*a == 0) { 1890 if (i == 7) 1891 *cp++ = ':'; 1892 a++; 1893 continue; 1894 } else 1895 dcolon = 2; 1896 } 1897 if (*a == 0) { 1898 if (dcolon == 0 && *(a + 1) == 0) { 1899 if (i == 0) 1900 *cp++ = ':'; 1901 *cp++ = ':'; 1902 dcolon = 1; 1903 } else { 1904 *cp++ = '0'; 1905 *cp++ = ':'; 1906 } 1907 a++; 1908 continue; 1909 } 1910 d = (const u_char *)a; 1911 bp = cp; 1912 *cp = hexdigits[*d >> 4]; 1913 if (*cp != '0') 1914 cp++; 1915 *cp = hexdigits[*d++ & 0xf]; 1916 if (cp != bp || *cp != '0') 1917 cp++; 1918 *cp = hexdigits[*d >> 4]; 1919 if (cp != bp || *cp != '0') 1920 cp++; 1921 *cp++ = hexdigits[*d & 0xf]; 1922 *cp++ = ':'; 1923 a++; 1924 } 1925 *--cp = 0; 1926 return ip6buf[ip6round]; 1927 } 1928 1929 /* 1930 * Determine if an address is on a local network. 1931 */ 1932 int 1933 in6_localaddr(const struct in6_addr *in6) 1934 { 1935 struct in6_ifaddr *ia; 1936 1937 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1938 return 1; 1939 1940 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1941 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1942 &ia->ia_prefixmask.sin6_addr)) 1943 return 1; 1944 1945 return 0; 1946 } 1947 1948 int 1949 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1950 { 1951 struct in6_ifaddr *ia; 1952 1953 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1954 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1955 &sa6->sin6_addr) && 1956 #ifdef SCOPEDROUTING 1957 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1958 #endif 1959 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1960 return 1; /* true */ 1961 1962 /* XXX: do we still have to go thru the rest of the list? */ 1963 } 1964 1965 return 0; /* false */ 1966 } 1967 1968 /* 1969 * return length of part which dst and src are equal 1970 * hard coding... 1971 */ 1972 int 1973 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1974 { 1975 int match = 0; 1976 u_char *s = (u_char *)src, *d = (u_char *)dst; 1977 u_char *lim = s + 16, r; 1978 1979 while (s < lim) 1980 if ((r = (*d++ ^ *s++)) != 0) { 1981 while (r < 128) { 1982 match++; 1983 r <<= 1; 1984 } 1985 break; 1986 } else 1987 match += NBBY; 1988 return match; 1989 } 1990 1991 /* XXX: to be scope conscious */ 1992 int 1993 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1994 { 1995 int bytelen, bitlen; 1996 1997 /* sanity check */ 1998 if (len < 0 || len > 128) { 1999 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2000 len); 2001 return 0; 2002 } 2003 2004 bytelen = len / NBBY; 2005 bitlen = len % NBBY; 2006 2007 if (memcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2008 return 0; 2009 if (bitlen != 0 && 2010 p1->s6_addr[bytelen] >> (NBBY - bitlen) != 2011 p2->s6_addr[bytelen] >> (NBBY - bitlen)) 2012 return 0; 2013 2014 return 1; 2015 } 2016 2017 void 2018 in6_prefixlen2mask(struct in6_addr *maskp, int len) 2019 { 2020 static const u_char maskarray[NBBY] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2021 int bytelen, bitlen, i; 2022 2023 /* sanity check */ 2024 if (len < 0 || len > 128) { 2025 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2026 len); 2027 return; 2028 } 2029 2030 memset(maskp, 0, sizeof(*maskp)); 2031 bytelen = len / NBBY; 2032 bitlen = len % NBBY; 2033 for (i = 0; i < bytelen; i++) 2034 maskp->s6_addr[i] = 0xff; 2035 if (bitlen) 2036 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2037 } 2038 2039 /* 2040 * return the best address out of the same scope. if no address was 2041 * found, return the first valid address from designated IF. 2042 */ 2043 struct in6_ifaddr * 2044 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2045 { 2046 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2047 struct ifaddr *ifa; 2048 struct in6_ifaddr *best_ia = NULL, *ia; 2049 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2050 2051 dep[0] = dep[1] = NULL; 2052 2053 /* 2054 * We first look for addresses in the same scope. 2055 * If there is one, return it. 2056 * If two or more, return one which matches the dst longest. 2057 * If none, return one of global addresses assigned other ifs. 2058 */ 2059 IFADDR_FOREACH(ifa, ifp) { 2060 if (ifa->ifa_addr->sa_family != AF_INET6) 2061 continue; 2062 ia = (struct in6_ifaddr *)ifa; 2063 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2064 continue; /* XXX: is there any case to allow anycast? */ 2065 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2066 continue; /* don't use this interface */ 2067 if (ia->ia6_flags & IN6_IFF_DETACHED) 2068 continue; 2069 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2070 if (ip6_use_deprecated) 2071 dep[0] = ia; 2072 continue; 2073 } 2074 2075 if (dst_scope != in6_addrscope(IFA_IN6(ifa))) 2076 continue; 2077 /* 2078 * call in6_matchlen() as few as possible 2079 */ 2080 if (best_ia == NULL) { 2081 best_ia = ia; 2082 continue; 2083 } 2084 if (blen == -1) 2085 blen = in6_matchlen(&best_ia->ia_addr.sin6_addr, dst); 2086 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2087 if (tlen > blen) { 2088 blen = tlen; 2089 best_ia = ia; 2090 } else if (tlen == blen) 2091 best_ia = bestia(best_ia, ia); 2092 } 2093 if (best_ia != NULL) 2094 return best_ia; 2095 2096 IFADDR_FOREACH(ifa, ifp) { 2097 if (ifa->ifa_addr->sa_family != AF_INET6) 2098 continue; 2099 ia = (struct in6_ifaddr *)ifa; 2100 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2101 continue; /* XXX: is there any case to allow anycast? */ 2102 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2103 continue; /* don't use this interface */ 2104 if (ia->ia6_flags & IN6_IFF_DETACHED) 2105 continue; 2106 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2107 if (ip6_use_deprecated) 2108 dep[1] = (struct in6_ifaddr *)ifa; 2109 continue; 2110 } 2111 2112 best_ia = bestia(best_ia, ia); 2113 } 2114 if (best_ia != NULL) 2115 return best_ia; 2116 2117 /* use the last-resort values, that are, deprecated addresses */ 2118 if (dep[0]) 2119 return dep[0]; 2120 if (dep[1]) 2121 return dep[1]; 2122 2123 return NULL; 2124 } 2125 2126 /* 2127 * perform DAD when interface becomes IFF_UP. 2128 */ 2129 void 2130 in6_if_link_up(struct ifnet *ifp) 2131 { 2132 struct ifaddr *ifa; 2133 struct in6_ifaddr *ia; 2134 2135 /* Ensure it's sane to run DAD */ 2136 if (ifp->if_link_state == LINK_STATE_DOWN) 2137 return; 2138 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 2139 return; 2140 2141 IFADDR_FOREACH(ifa, ifp) { 2142 if (ifa->ifa_addr->sa_family != AF_INET6) 2143 continue; 2144 ia = (struct in6_ifaddr *)ifa; 2145 2146 /* If detached then mark as tentative */ 2147 if (ia->ia6_flags & IN6_IFF_DETACHED) { 2148 ia->ia6_flags &= ~IN6_IFF_DETACHED; 2149 if (in6if_do_dad(ifp)) { 2150 ia->ia6_flags |= IN6_IFF_TENTATIVE; 2151 nd6log((LOG_ERR, "in6_if_up: " 2152 "%s marked tentative\n", 2153 ip6_sprintf(&ia->ia_addr.sin6_addr))); 2154 } else if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) 2155 nd6_newaddrmsg(ifa); 2156 } 2157 2158 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2159 int rand_delay; 2160 /* 2161 * The TENTATIVE flag was likely set by hand 2162 * beforehand, implicitly indicating the need for DAD. 2163 * We may be able to skip the random delay in this 2164 * case, but we impose delays just in case. 2165 */ 2166 rand_delay = cprng_fast32() % 2167 (MAX_RTR_SOLICITATION_DELAY * hz); 2168 /* +1 ensures callout is always used */ 2169 nd6_dad_start(ifa, rand_delay + 1); 2170 } 2171 } 2172 2173 /* Restore any detached prefixes */ 2174 pfxlist_onlink_check(); 2175 } 2176 2177 void 2178 in6_if_up(struct ifnet *ifp) 2179 { 2180 2181 /* 2182 * special cases, like 6to4, are handled in in6_ifattach 2183 */ 2184 in6_ifattach(ifp, NULL); 2185 2186 /* interface may not support link state, so bring it up also */ 2187 in6_if_link_up(ifp); 2188 } 2189 /* 2190 * Mark all addresses as detached. 2191 */ 2192 void 2193 in6_if_link_down(struct ifnet *ifp) 2194 { 2195 struct ifaddr *ifa; 2196 struct in6_ifaddr *ia; 2197 2198 /* Any prefixes on this interface should be detached as well */ 2199 pfxlist_onlink_check(); 2200 2201 IFADDR_FOREACH(ifa, ifp) { 2202 if (ifa->ifa_addr->sa_family != AF_INET6) 2203 continue; 2204 ia = (struct in6_ifaddr *)ifa; 2205 2206 /* Stop DAD processing */ 2207 nd6_dad_stop(ifa); 2208 2209 /* 2210 * Mark the address as detached. 2211 * This satisfies RFC4862 Section 5.3, but we should apply 2212 * this logic to all addresses to be a good citizen and 2213 * avoid potential duplicated addresses. 2214 * When the interface comes up again, detached addresses 2215 * are marked tentative and DAD commences. 2216 */ 2217 if (!(ia->ia6_flags & IN6_IFF_DETACHED)) { 2218 nd6log((LOG_DEBUG, "in6_if_down: " 2219 "%s marked detached\n", 2220 ip6_sprintf(&ia->ia_addr.sin6_addr))); 2221 ia->ia6_flags |= IN6_IFF_DETACHED; 2222 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 2223 nd6_newaddrmsg(ifa); 2224 } 2225 } 2226 } 2227 2228 void 2229 in6_if_down(struct ifnet *ifp) 2230 { 2231 2232 in6_if_link_down(ifp); 2233 } 2234 2235 int 2236 in6if_do_dad(struct ifnet *ifp) 2237 { 2238 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2239 return 0; 2240 2241 switch (ifp->if_type) { 2242 case IFT_FAITH: 2243 /* 2244 * These interfaces do not have the IFF_LOOPBACK flag, 2245 * but loop packets back. We do not have to do DAD on such 2246 * interfaces. We should even omit it, because loop-backed 2247 * NS would confuse the DAD procedure. 2248 */ 2249 return 0; 2250 default: 2251 /* 2252 * Our DAD routine requires the interface up and running. 2253 * However, some interfaces can be up before the RUNNING 2254 * status. Additionaly, users may try to assign addresses 2255 * before the interface becomes up (or running). 2256 * We simply skip DAD in such a case as a work around. 2257 * XXX: we should rather mark "tentative" on such addresses, 2258 * and do DAD after the interface becomes ready. 2259 */ 2260 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2261 (IFF_UP|IFF_RUNNING)) 2262 return 0; 2263 2264 return 1; 2265 } 2266 } 2267 2268 /* 2269 * Calculate max IPv6 MTU through all the interfaces and store it 2270 * to in6_maxmtu. 2271 */ 2272 void 2273 in6_setmaxmtu(void) 2274 { 2275 unsigned long maxmtu = 0; 2276 struct ifnet *ifp; 2277 2278 IFNET_FOREACH(ifp) { 2279 /* this function can be called during ifnet initialization */ 2280 if (!ifp->if_afdata[AF_INET6]) 2281 continue; 2282 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2283 IN6_LINKMTU(ifp) > maxmtu) 2284 maxmtu = IN6_LINKMTU(ifp); 2285 } 2286 if (maxmtu) /* update only when maxmtu is positive */ 2287 in6_maxmtu = maxmtu; 2288 } 2289 2290 /* 2291 * Provide the length of interface identifiers to be used for the link attached 2292 * to the given interface. The length should be defined in "IPv6 over 2293 * xxx-link" document. Note that address architecture might also define 2294 * the length for a particular set of address prefixes, regardless of the 2295 * link type. As clarified in rfc2462bis, those two definitions should be 2296 * consistent, and those really are as of August 2004. 2297 */ 2298 int 2299 in6_if2idlen(struct ifnet *ifp) 2300 { 2301 switch (ifp->if_type) { 2302 case IFT_ETHER: /* RFC2464 */ 2303 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2304 case IFT_L2VLAN: /* ditto */ 2305 case IFT_IEEE80211: /* ditto */ 2306 case IFT_FDDI: /* RFC2467 */ 2307 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2308 case IFT_PPP: /* RFC2472 */ 2309 case IFT_ARCNET: /* RFC2497 */ 2310 case IFT_FRELAY: /* RFC2590 */ 2311 case IFT_IEEE1394: /* RFC3146 */ 2312 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2313 case IFT_LOOP: /* XXX: is this really correct? */ 2314 return 64; 2315 default: 2316 /* 2317 * Unknown link type: 2318 * It might be controversial to use the today's common constant 2319 * of 64 for these cases unconditionally. For full compliance, 2320 * we should return an error in this case. On the other hand, 2321 * if we simply miss the standard for the link type or a new 2322 * standard is defined for a new link type, the IFID length 2323 * is very likely to be the common constant. As a compromise, 2324 * we always use the constant, but make an explicit notice 2325 * indicating the "unknown" case. 2326 */ 2327 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2328 return 64; 2329 } 2330 } 2331 2332 void * 2333 in6_domifattach(struct ifnet *ifp) 2334 { 2335 struct in6_ifextra *ext; 2336 2337 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK|M_ZERO); 2338 2339 ext->in6_ifstat = malloc(sizeof(struct in6_ifstat), 2340 M_IFADDR, M_WAITOK|M_ZERO); 2341 2342 ext->icmp6_ifstat = malloc(sizeof(struct icmp6_ifstat), 2343 M_IFADDR, M_WAITOK|M_ZERO); 2344 2345 ext->nd_ifinfo = nd6_ifattach(ifp); 2346 ext->scope6_id = scope6_ifattach(ifp); 2347 ext->nprefixes = 0; 2348 ext->ndefrouters = 0; 2349 return ext; 2350 } 2351 2352 void 2353 in6_domifdetach(struct ifnet *ifp, void *aux) 2354 { 2355 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2356 2357 nd6_ifdetach(ext->nd_ifinfo); 2358 free(ext->in6_ifstat, M_IFADDR); 2359 free(ext->icmp6_ifstat, M_IFADDR); 2360 scope6_ifdetach(ext->scope6_id); 2361 free(ext, M_IFADDR); 2362 } 2363 2364 /* 2365 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2366 * v4 mapped addr or v4 compat addr 2367 */ 2368 void 2369 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2370 { 2371 memset(sin, 0, sizeof(*sin)); 2372 sin->sin_len = sizeof(struct sockaddr_in); 2373 sin->sin_family = AF_INET; 2374 sin->sin_port = sin6->sin6_port; 2375 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2376 } 2377 2378 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2379 void 2380 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2381 { 2382 memset(sin6, 0, sizeof(*sin6)); 2383 sin6->sin6_len = sizeof(struct sockaddr_in6); 2384 sin6->sin6_family = AF_INET6; 2385 sin6->sin6_port = sin->sin_port; 2386 sin6->sin6_addr.s6_addr32[0] = 0; 2387 sin6->sin6_addr.s6_addr32[1] = 0; 2388 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2389 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2390 } 2391 2392 /* Convert sockaddr_in6 into sockaddr_in. */ 2393 void 2394 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2395 { 2396 struct sockaddr_in *sin_p; 2397 struct sockaddr_in6 sin6; 2398 2399 /* 2400 * Save original sockaddr_in6 addr and convert it 2401 * to sockaddr_in. 2402 */ 2403 sin6 = *(struct sockaddr_in6 *)nam; 2404 sin_p = (struct sockaddr_in *)nam; 2405 in6_sin6_2_sin(sin_p, &sin6); 2406 } 2407 2408 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2409 void 2410 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2411 { 2412 struct sockaddr_in *sin_p; 2413 struct sockaddr_in6 *sin6_p; 2414 2415 sin6_p = malloc(sizeof(*sin6_p), M_SONAME, M_WAITOK); 2416 sin_p = (struct sockaddr_in *)*nam; 2417 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2418 free(*nam, M_SONAME); 2419 *nam = (struct sockaddr *)sin6_p; 2420 } 2421