1 /* $NetBSD: in6.c,v 1.113 2006/10/15 07:00:44 dyoung Exp $ */ 2 /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.113 2006/10/15 07:00:44 dyoung Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_pfil_hooks.h" 69 70 #include <sys/param.h> 71 #include <sys/ioctl.h> 72 #include <sys/errno.h> 73 #include <sys/malloc.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/sockio.h> 77 #include <sys/systm.h> 78 #include <sys/proc.h> 79 #include <sys/time.h> 80 #include <sys/kernel.h> 81 #include <sys/syslog.h> 82 #include <sys/kauth.h> 83 84 #include <net/if.h> 85 #include <net/if_types.h> 86 #include <net/route.h> 87 #include <net/if_dl.h> 88 89 #include <netinet/in.h> 90 #include <netinet/in_var.h> 91 #include <net/if_ether.h> 92 93 #include <netinet/ip6.h> 94 #include <netinet6/ip6_var.h> 95 #include <netinet6/nd6.h> 96 #include <netinet6/mld6_var.h> 97 #include <netinet6/ip6_mroute.h> 98 #include <netinet6/in6_ifattach.h> 99 #include <netinet6/scope6_var.h> 100 101 #include <net/net_osdep.h> 102 103 #ifdef PFIL_HOOKS 104 #include <net/pfil.h> 105 #endif 106 107 MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 108 109 /* enable backward compatibility code for obsoleted ioctls */ 110 #define COMPAT_IN6IFIOCTL 111 112 /* 113 * Definitions of some constant IP6 addresses. 114 */ 115 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 116 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 117 const struct in6_addr in6addr_nodelocal_allnodes = 118 IN6ADDR_NODELOCAL_ALLNODES_INIT; 119 const struct in6_addr in6addr_linklocal_allnodes = 120 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 121 const struct in6_addr in6addr_linklocal_allrouters = 122 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 123 124 const struct in6_addr in6mask0 = IN6MASK0; 125 const struct in6_addr in6mask32 = IN6MASK32; 126 const struct in6_addr in6mask64 = IN6MASK64; 127 const struct in6_addr in6mask96 = IN6MASK96; 128 const struct in6_addr in6mask128 = IN6MASK128; 129 130 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 131 0, 0, IN6ADDR_ANY_INIT, 0}; 132 133 static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t, 134 struct ifnet *, struct lwp *)); 135 static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *, 136 struct sockaddr_in6 *, int)); 137 static void in6_unlink_ifa __P((struct in6_ifaddr *, struct ifnet *)); 138 139 /* 140 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 141 * This routine does actual work. 142 */ 143 static void 144 in6_ifloop_request(int cmd, struct ifaddr *ifa) 145 { 146 struct sockaddr_in6 lo_sa; 147 struct sockaddr_in6 all1_sa; 148 struct rtentry *nrt = NULL; 149 int e; 150 151 bzero(&lo_sa, sizeof(lo_sa)); 152 bzero(&all1_sa, sizeof(all1_sa)); 153 lo_sa.sin6_family = all1_sa.sin6_family = AF_INET6; 154 lo_sa.sin6_len = all1_sa.sin6_len = sizeof(struct sockaddr_in6); 155 lo_sa.sin6_addr = in6addr_loopback; 156 all1_sa.sin6_addr = in6mask128; 157 158 /* 159 * We specify the address itself as the gateway, and set the 160 * RTF_LLINFO flag, so that the corresponding host route would have 161 * the flag, and thus applications that assume traditional behavior 162 * would be happy. Note that we assume the caller of the function 163 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 164 * which changes the outgoing interface to the loopback interface. 165 */ 166 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 167 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 168 if (e != 0) { 169 log(LOG_ERR, "in6_ifloop_request: " 170 "%s operation failed for %s (errno=%d)\n", 171 cmd == RTM_ADD ? "ADD" : "DELETE", 172 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 173 e); 174 } 175 176 /* 177 * Make sure rt_ifa be equal to IFA, the second argument of the 178 * function. 179 * We need this because when we refer to rt_ifa->ia6_flags in 180 * ip6_input, we assume that the rt_ifa points to the address instead 181 * of the loopback address. 182 */ 183 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) { 184 IFAFREE(nrt->rt_ifa); 185 IFAREF(ifa); 186 nrt->rt_ifa = ifa; 187 } 188 189 /* 190 * Report the addition/removal of the address to the routing socket. 191 * XXX: since we called rtinit for a p2p interface with a destination, 192 * we end up reporting twice in such a case. Should we rather 193 * omit the second report? 194 */ 195 if (nrt) { 196 rt_newaddrmsg(cmd, ifa, e, nrt); 197 if (cmd == RTM_DELETE) { 198 if (nrt->rt_refcnt <= 0) { 199 /* XXX: we should free the entry ourselves. */ 200 nrt->rt_refcnt++; 201 rtfree(nrt); 202 } 203 } else { 204 /* the cmd must be RTM_ADD here */ 205 nrt->rt_refcnt--; 206 } 207 } 208 } 209 210 /* 211 * Add ownaddr as loopback rtentry. We previously add the route only if 212 * necessary (ex. on a p2p link). However, since we now manage addresses 213 * separately from prefixes, we should always add the route. We can't 214 * rely on the cloning mechanism from the corresponding interface route 215 * any more. 216 */ 217 void 218 in6_ifaddloop(struct ifaddr *ifa) 219 { 220 struct rtentry *rt; 221 222 /* If there is no loopback entry, allocate one. */ 223 rt = rtalloc1(ifa->ifa_addr, 0); 224 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 225 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 226 in6_ifloop_request(RTM_ADD, ifa); 227 if (rt) 228 rt->rt_refcnt--; 229 } 230 231 /* 232 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 233 * if it exists. 234 */ 235 void 236 in6_ifremloop(struct ifaddr *ifa) 237 { 238 struct in6_ifaddr *ia; 239 struct rtentry *rt; 240 int ia_count = 0; 241 242 /* 243 * Some of BSD variants do not remove cloned routes 244 * from an interface direct route, when removing the direct route 245 * (see comments in net/net_osdep.h). Even for variants that do remove 246 * cloned routes, they could fail to remove the cloned routes when 247 * we handle multple addresses that share a common prefix. 248 * So, we should remove the route corresponding to the deleted address. 249 */ 250 251 /* 252 * Delete the entry only if exact one ifa exists. More than one ifa 253 * can exist if we assign a same single address to multiple 254 * (probably p2p) interfaces. 255 * XXX: we should avoid such a configuration in IPv6... 256 */ 257 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 258 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) { 259 ia_count++; 260 if (ia_count > 1) 261 break; 262 } 263 } 264 265 if (ia_count == 1) { 266 /* 267 * Before deleting, check if a corresponding loopbacked host 268 * route surely exists. With this check, we can avoid to 269 * delete an interface direct route whose destination is same 270 * as the address being removed. This can happen when removing 271 * a subnet-router anycast address on an interface attahced 272 * to a shared medium. 273 */ 274 rt = rtalloc1(ifa->ifa_addr, 0); 275 if (rt != NULL && (rt->rt_flags & RTF_HOST) != 0 && 276 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 277 rt->rt_refcnt--; 278 in6_ifloop_request(RTM_DELETE, ifa); 279 } 280 } 281 } 282 283 int 284 in6_mask2len(mask, lim0) 285 struct in6_addr *mask; 286 u_char *lim0; 287 { 288 int x = 0, y; 289 u_char *lim = lim0, *p; 290 291 /* ignore the scope_id part */ 292 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 293 lim = (u_char *)mask + sizeof(*mask); 294 for (p = (u_char *)mask; p < lim; x++, p++) { 295 if (*p != 0xff) 296 break; 297 } 298 y = 0; 299 if (p < lim) { 300 for (y = 0; y < 8; y++) { 301 if ((*p & (0x80 >> y)) == 0) 302 break; 303 } 304 } 305 306 /* 307 * when the limit pointer is given, do a stricter check on the 308 * remaining bits. 309 */ 310 if (p < lim) { 311 if (y != 0 && (*p & (0x00ff >> y)) != 0) 312 return (-1); 313 for (p = p + 1; p < lim; p++) 314 if (*p != 0) 315 return (-1); 316 } 317 318 return x * 8 + y; 319 } 320 321 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 322 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 323 324 int 325 in6_control(so, cmd, data, ifp, l) 326 struct socket *so; 327 u_long cmd; 328 caddr_t data; 329 struct ifnet *ifp; 330 struct lwp *l; 331 { 332 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 333 struct in6_ifaddr *ia = NULL; 334 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 335 struct sockaddr_in6 *sa6; 336 int error, privileged; 337 338 privileged = 0; 339 if (l && !kauth_authorize_generic(l->l_cred, 340 KAUTH_GENERIC_ISSUSER, &l->l_acflag)) 341 privileged++; 342 343 switch (cmd) { 344 /* 345 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 346 */ 347 case SIOCSIFADDR: 348 case SIOCSIFDSTADDR: 349 #ifdef SIOCSIFCONF_X26 350 case SIOCSIFCONF_X25: 351 #endif 352 return EOPNOTSUPP; 353 case SIOCGETSGCNT_IN6: 354 case SIOCGETMIFCNT_IN6: 355 return (mrt6_ioctl(cmd, data)); 356 } 357 358 if (ifp == NULL) 359 return (EOPNOTSUPP); 360 361 switch (cmd) { 362 case SIOCSNDFLUSH_IN6: 363 case SIOCSPFXFLUSH_IN6: 364 case SIOCSRTRFLUSH_IN6: 365 case SIOCSDEFIFACE_IN6: 366 case SIOCSIFINFO_FLAGS: 367 case SIOCSIFINFO_IN6: 368 if (!privileged) 369 return (EPERM); 370 /* FALLTHROUGH */ 371 case OSIOCGIFINFO_IN6: 372 case SIOCGIFINFO_IN6: 373 case SIOCGDRLST_IN6: 374 case SIOCGPRLST_IN6: 375 case SIOCGNBRINFO_IN6: 376 case SIOCGDEFIFACE_IN6: 377 return (nd6_ioctl(cmd, data, ifp)); 378 } 379 380 switch (cmd) { 381 case SIOCSIFPREFIX_IN6: 382 case SIOCDIFPREFIX_IN6: 383 case SIOCAIFPREFIX_IN6: 384 case SIOCCIFPREFIX_IN6: 385 case SIOCSGIFPREFIX_IN6: 386 case SIOCGIFPREFIX_IN6: 387 log(LOG_NOTICE, 388 "prefix ioctls are now invalidated. " 389 "please use ifconfig.\n"); 390 return (EOPNOTSUPP); 391 } 392 393 switch (cmd) { 394 case SIOCALIFADDR: 395 case SIOCDLIFADDR: 396 if (!privileged) 397 return (EPERM); 398 /* FALLTHROUGH */ 399 case SIOCGLIFADDR: 400 return in6_lifaddr_ioctl(so, cmd, data, ifp, l); 401 } 402 403 /* 404 * Find address for this interface, if it exists. 405 * 406 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 407 * only, and used the first interface address as the target of other 408 * operations (without checking ifra_addr). This was because netinet 409 * code/API assumed at most 1 interface address per interface. 410 * Since IPv6 allows a node to assign multiple addresses 411 * on a single interface, we almost always look and check the 412 * presence of ifra_addr, and reject invalid ones here. 413 * It also decreases duplicated code among SIOC*_IN6 operations. 414 */ 415 switch (cmd) { 416 case SIOCAIFADDR_IN6: 417 case SIOCSIFPHYADDR_IN6: 418 sa6 = &ifra->ifra_addr; 419 break; 420 case SIOCSIFADDR_IN6: 421 case SIOCGIFADDR_IN6: 422 case SIOCSIFDSTADDR_IN6: 423 case SIOCSIFNETMASK_IN6: 424 case SIOCGIFDSTADDR_IN6: 425 case SIOCGIFNETMASK_IN6: 426 case SIOCDIFADDR_IN6: 427 case SIOCGIFPSRCADDR_IN6: 428 case SIOCGIFPDSTADDR_IN6: 429 case SIOCGIFAFLAG_IN6: 430 case SIOCSNDFLUSH_IN6: 431 case SIOCSPFXFLUSH_IN6: 432 case SIOCSRTRFLUSH_IN6: 433 case SIOCGIFALIFETIME_IN6: 434 case SIOCSIFALIFETIME_IN6: 435 case SIOCGIFSTAT_IN6: 436 case SIOCGIFSTAT_ICMP6: 437 sa6 = &ifr->ifr_addr; 438 break; 439 default: 440 sa6 = NULL; 441 break; 442 } 443 if (sa6 && sa6->sin6_family == AF_INET6) { 444 if (sa6->sin6_scope_id != 0) 445 error = sa6_embedscope(sa6, 0); 446 else 447 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 448 if (error != 0) 449 return (error); 450 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 451 } else 452 ia = NULL; 453 454 switch (cmd) { 455 case SIOCSIFADDR_IN6: 456 case SIOCSIFDSTADDR_IN6: 457 case SIOCSIFNETMASK_IN6: 458 /* 459 * Since IPv6 allows a node to assign multiple addresses 460 * on a single interface, SIOCSIFxxx ioctls are deprecated. 461 */ 462 return (EINVAL); 463 464 case SIOCDIFADDR_IN6: 465 /* 466 * for IPv4, we look for existing in_ifaddr here to allow 467 * "ifconfig if0 delete" to remove the first IPv4 address on 468 * the interface. For IPv6, as the spec allows multiple 469 * interface address from the day one, we consider "remove the 470 * first one" semantics to be not preferable. 471 */ 472 if (ia == NULL) 473 return (EADDRNOTAVAIL); 474 /* FALLTHROUGH */ 475 case SIOCAIFADDR_IN6: 476 /* 477 * We always require users to specify a valid IPv6 address for 478 * the corresponding operation. 479 */ 480 if (ifra->ifra_addr.sin6_family != AF_INET6 || 481 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 482 return (EAFNOSUPPORT); 483 if (!privileged) 484 return (EPERM); 485 486 break; 487 488 case SIOCGIFADDR_IN6: 489 /* This interface is basically deprecated. use SIOCGIFCONF. */ 490 /* FALLTHROUGH */ 491 case SIOCGIFAFLAG_IN6: 492 case SIOCGIFNETMASK_IN6: 493 case SIOCGIFDSTADDR_IN6: 494 case SIOCGIFALIFETIME_IN6: 495 /* must think again about its semantics */ 496 if (ia == NULL) 497 return (EADDRNOTAVAIL); 498 break; 499 case SIOCSIFALIFETIME_IN6: 500 { 501 struct in6_addrlifetime *lt; 502 503 if (!privileged) 504 return (EPERM); 505 if (ia == NULL) 506 return (EADDRNOTAVAIL); 507 /* sanity for overflow - beware unsigned */ 508 lt = &ifr->ifr_ifru.ifru_lifetime; 509 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME 510 && lt->ia6t_vltime + time_second < time_second) { 511 return EINVAL; 512 } 513 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME 514 && lt->ia6t_pltime + time_second < time_second) { 515 return EINVAL; 516 } 517 break; 518 } 519 } 520 521 switch (cmd) { 522 523 case SIOCGIFADDR_IN6: 524 ifr->ifr_addr = ia->ia_addr; 525 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 526 return (error); 527 break; 528 529 case SIOCGIFDSTADDR_IN6: 530 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 531 return (EINVAL); 532 /* 533 * XXX: should we check if ifa_dstaddr is NULL and return 534 * an error? 535 */ 536 ifr->ifr_dstaddr = ia->ia_dstaddr; 537 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 538 return (error); 539 break; 540 541 case SIOCGIFNETMASK_IN6: 542 ifr->ifr_addr = ia->ia_prefixmask; 543 break; 544 545 case SIOCGIFAFLAG_IN6: 546 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 547 break; 548 549 case SIOCGIFSTAT_IN6: 550 if (ifp == NULL) 551 return EINVAL; 552 bzero(&ifr->ifr_ifru.ifru_stat, 553 sizeof(ifr->ifr_ifru.ifru_stat)); 554 ifr->ifr_ifru.ifru_stat = 555 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 556 break; 557 558 case SIOCGIFSTAT_ICMP6: 559 if (ifp == NULL) 560 return EINVAL; 561 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 562 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 563 ifr->ifr_ifru.ifru_icmp6stat = 564 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 565 break; 566 567 case SIOCGIFALIFETIME_IN6: 568 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 569 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 570 time_t maxexpire; 571 struct in6_addrlifetime *retlt = 572 &ifr->ifr_ifru.ifru_lifetime; 573 574 /* 575 * XXX: adjust expiration time assuming time_t is 576 * signed. 577 */ 578 maxexpire = ((time_t)~0) & 579 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 580 if (ia->ia6_lifetime.ia6t_vltime < 581 maxexpire - ia->ia6_updatetime) { 582 retlt->ia6t_expire = ia->ia6_updatetime + 583 ia->ia6_lifetime.ia6t_vltime; 584 } else 585 retlt->ia6t_expire = maxexpire; 586 } 587 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 588 time_t maxexpire; 589 struct in6_addrlifetime *retlt = 590 &ifr->ifr_ifru.ifru_lifetime; 591 592 /* 593 * XXX: adjust expiration time assuming time_t is 594 * signed. 595 */ 596 maxexpire = ((time_t)~0) & 597 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 598 if (ia->ia6_lifetime.ia6t_pltime < 599 maxexpire - ia->ia6_updatetime) { 600 retlt->ia6t_preferred = ia->ia6_updatetime + 601 ia->ia6_lifetime.ia6t_pltime; 602 } else 603 retlt->ia6t_preferred = maxexpire; 604 } 605 break; 606 607 case SIOCSIFALIFETIME_IN6: 608 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 609 /* for sanity */ 610 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 611 ia->ia6_lifetime.ia6t_expire = 612 time_second + ia->ia6_lifetime.ia6t_vltime; 613 } else 614 ia->ia6_lifetime.ia6t_expire = 0; 615 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 616 ia->ia6_lifetime.ia6t_preferred = 617 time_second + ia->ia6_lifetime.ia6t_pltime; 618 } else 619 ia->ia6_lifetime.ia6t_preferred = 0; 620 break; 621 622 case SIOCAIFADDR_IN6: 623 { 624 int i; 625 struct nd_prefixctl pr0; 626 struct nd_prefix *pr; 627 628 /* reject read-only flags */ 629 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 630 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 631 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 632 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 633 return (EINVAL); 634 } 635 /* 636 * first, make or update the interface address structure, 637 * and link it to the list. 638 */ 639 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 640 return (error); 641 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 642 == NULL) { 643 /* 644 * this can happen when the user specify the 0 valid 645 * lifetime. 646 */ 647 break; 648 } 649 650 /* 651 * then, make the prefix on-link on the interface. 652 * XXX: we'd rather create the prefix before the address, but 653 * we need at least one address to install the corresponding 654 * interface route, so we configure the address first. 655 */ 656 657 /* 658 * convert mask to prefix length (prefixmask has already 659 * been validated in in6_update_ifa(). 660 */ 661 bzero(&pr0, sizeof(pr0)); 662 pr0.ndpr_ifp = ifp; 663 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 664 NULL); 665 if (pr0.ndpr_plen == 128) { 666 break; /* we don't need to install a host route. */ 667 } 668 pr0.ndpr_prefix = ifra->ifra_addr; 669 /* apply the mask for safety. */ 670 for (i = 0; i < 4; i++) { 671 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 672 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 673 } 674 /* 675 * XXX: since we don't have an API to set prefix (not address) 676 * lifetimes, we just use the same lifetimes as addresses. 677 * The (temporarily) installed lifetimes can be overridden by 678 * later advertised RAs (when accept_rtadv is non 0), which is 679 * an intended behavior. 680 */ 681 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 682 pr0.ndpr_raf_auto = 683 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 684 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 685 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 686 687 /* add the prefix if not yet. */ 688 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 689 /* 690 * nd6_prelist_add will install the corresponding 691 * interface route. 692 */ 693 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 694 return (error); 695 if (pr == NULL) { 696 log(LOG_ERR, "nd6_prelist_add succeeded but " 697 "no prefix\n"); 698 return (EINVAL); /* XXX panic here? */ 699 } 700 } 701 702 /* relate the address to the prefix */ 703 if (ia->ia6_ndpr == NULL) { 704 ia->ia6_ndpr = pr; 705 pr->ndpr_refcnt++; 706 707 /* 708 * If this is the first autoconf address from the 709 * prefix, create a temporary address as well 710 * (when required). 711 */ 712 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 713 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 714 int e; 715 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 716 log(LOG_NOTICE, "in6_control: failed " 717 "to create a temporary address, " 718 "errno=%d\n", e); 719 } 720 } 721 } 722 723 /* 724 * this might affect the status of autoconfigured addresses, 725 * that is, this address might make other addresses detached. 726 */ 727 pfxlist_onlink_check(); 728 729 #ifdef PFIL_HOOKS 730 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 731 ifp, PFIL_IFADDR); 732 #endif 733 734 break; 735 } 736 737 case SIOCDIFADDR_IN6: 738 { 739 struct nd_prefix *pr; 740 741 /* 742 * If the address being deleted is the only one that owns 743 * the corresponding prefix, expire the prefix as well. 744 * XXX: theoretically, we don't have to worry about such 745 * relationship, since we separate the address management 746 * and the prefix management. We do this, however, to provide 747 * as much backward compatibility as possible in terms of 748 * the ioctl operation. 749 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 750 */ 751 pr = ia->ia6_ndpr; 752 in6_purgeaddr(&ia->ia_ifa); 753 if (pr && pr->ndpr_refcnt == 0) 754 prelist_remove(pr); 755 #ifdef PFIL_HOOKS 756 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 757 ifp, PFIL_IFADDR); 758 #endif 759 break; 760 } 761 762 default: 763 if (ifp == NULL || ifp->if_ioctl == 0) 764 return (EOPNOTSUPP); 765 error = ((*ifp->if_ioctl)(ifp, cmd, data)); 766 return error; 767 } 768 769 return (0); 770 } 771 772 /* 773 * Update parameters of an IPv6 interface address. 774 * If necessary, a new entry is created and linked into address chains. 775 * This function is separated from in6_control(). 776 * XXX: should this be performed under splnet()? 777 */ 778 int 779 in6_update_ifa(ifp, ifra, ia, flags) 780 struct ifnet *ifp; 781 struct in6_aliasreq *ifra; 782 struct in6_ifaddr *ia; 783 int flags; 784 { 785 int error = 0, hostIsNew = 0, plen = -1; 786 struct in6_ifaddr *oia; 787 struct sockaddr_in6 dst6; 788 struct in6_addrlifetime *lt; 789 struct in6_multi_mship *imm; 790 struct in6_multi *in6m_sol; 791 struct rtentry *rt; 792 int dad_delay; 793 794 in6m_sol = NULL; 795 796 /* Validate parameters */ 797 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 798 return (EINVAL); 799 800 /* 801 * The destination address for a p2p link must have a family 802 * of AF_UNSPEC or AF_INET6. 803 */ 804 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 805 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 806 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 807 return (EAFNOSUPPORT); 808 /* 809 * validate ifra_prefixmask. don't check sin6_family, netmask 810 * does not carry fields other than sin6_len. 811 */ 812 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 813 return (EINVAL); 814 /* 815 * Because the IPv6 address architecture is classless, we require 816 * users to specify a (non 0) prefix length (mask) for a new address. 817 * We also require the prefix (when specified) mask is valid, and thus 818 * reject a non-consecutive mask. 819 */ 820 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 821 return (EINVAL); 822 if (ifra->ifra_prefixmask.sin6_len != 0) { 823 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 824 (u_char *)&ifra->ifra_prefixmask + 825 ifra->ifra_prefixmask.sin6_len); 826 if (plen <= 0) 827 return (EINVAL); 828 } else { 829 /* 830 * In this case, ia must not be NULL. We just use its prefix 831 * length. 832 */ 833 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 834 } 835 /* 836 * If the destination address on a p2p interface is specified, 837 * and the address is a scoped one, validate/set the scope 838 * zone identifier. 839 */ 840 dst6 = ifra->ifra_dstaddr; 841 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 842 (dst6.sin6_family == AF_INET6)) { 843 struct in6_addr in6_tmp; 844 u_int32_t zoneid; 845 846 in6_tmp = dst6.sin6_addr; 847 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 848 return (EINVAL); /* XXX: should be impossible */ 849 850 if (dst6.sin6_scope_id != 0) { 851 if (dst6.sin6_scope_id != zoneid) 852 return (EINVAL); 853 } else /* user omit to specify the ID. */ 854 dst6.sin6_scope_id = zoneid; 855 856 /* convert into the internal form */ 857 if (sa6_embedscope(&dst6, 0)) 858 return (EINVAL); /* XXX: should be impossible */ 859 } 860 /* 861 * The destination address can be specified only for a p2p or a 862 * loopback interface. If specified, the corresponding prefix length 863 * must be 128. 864 */ 865 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 866 #ifdef FORCE_P2PPLEN 867 int i; 868 #endif 869 870 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 871 /* XXX: noisy message */ 872 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 873 "be specified for a p2p or a loopback IF only\n")); 874 return (EINVAL); 875 } 876 if (plen != 128) { 877 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 878 "be 128 when dstaddr is specified\n")); 879 #ifdef FORCE_P2PPLEN 880 /* 881 * To be compatible with old configurations, 882 * such as ifconfig gif0 inet6 2001::1 2001::2 883 * prefixlen 126, we override the specified 884 * prefixmask as if the prefix length was 128. 885 */ 886 ifra->ifra_prefixmask.sin6_len = 887 sizeof(struct sockaddr_in6); 888 for (i = 0; i < 4; i++) 889 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 890 0xffffffff; 891 plen = 128; 892 #else 893 return (EINVAL); 894 #endif 895 } 896 } 897 /* lifetime consistency check */ 898 lt = &ifra->ifra_lifetime; 899 if (lt->ia6t_pltime > lt->ia6t_vltime) 900 return (EINVAL); 901 if (lt->ia6t_vltime == 0) { 902 /* 903 * the following log might be noisy, but this is a typical 904 * configuration mistake or a tool's bug. 905 */ 906 nd6log((LOG_INFO, 907 "in6_update_ifa: valid lifetime is 0 for %s\n", 908 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 909 910 if (ia == NULL) 911 return (0); /* there's nothing to do */ 912 } 913 914 /* 915 * If this is a new address, allocate a new ifaddr and link it 916 * into chains. 917 */ 918 if (ia == NULL) { 919 hostIsNew = 1; 920 /* 921 * When in6_update_ifa() is called in a process of a received 922 * RA, it is called under an interrupt context. So, we should 923 * call malloc with M_NOWAIT. 924 */ 925 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 926 M_NOWAIT); 927 if (ia == NULL) 928 return (ENOBUFS); 929 bzero((caddr_t)ia, sizeof(*ia)); 930 LIST_INIT(&ia->ia6_memberships); 931 /* Initialize the address and masks, and put time stamp */ 932 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 933 ia->ia_addr.sin6_family = AF_INET6; 934 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 935 ia->ia6_createtime = time_second; 936 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 937 /* 938 * XXX: some functions expect that ifa_dstaddr is not 939 * NULL for p2p interfaces. 940 */ 941 ia->ia_ifa.ifa_dstaddr = 942 (struct sockaddr *)&ia->ia_dstaddr; 943 } else { 944 ia->ia_ifa.ifa_dstaddr = NULL; 945 } 946 ia->ia_ifa.ifa_netmask = 947 (struct sockaddr *)&ia->ia_prefixmask; 948 949 ia->ia_ifp = ifp; 950 if ((oia = in6_ifaddr) != NULL) { 951 for ( ; oia->ia_next; oia = oia->ia_next) 952 continue; 953 oia->ia_next = ia; 954 } else 955 in6_ifaddr = ia; 956 /* gain a refcnt for the link from in6_ifaddr */ 957 IFAREF(&ia->ia_ifa); 958 959 TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa, 960 ifa_list); 961 /* gain another refcnt for the link from if_addrlist */ 962 IFAREF(&ia->ia_ifa); 963 } 964 965 /* update timestamp */ 966 ia->ia6_updatetime = time_second; 967 968 /* set prefix mask */ 969 if (ifra->ifra_prefixmask.sin6_len) { 970 /* 971 * We prohibit changing the prefix length of an existing 972 * address, because 973 * + such an operation should be rare in IPv6, and 974 * + the operation would confuse prefix management. 975 */ 976 if (ia->ia_prefixmask.sin6_len && 977 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 978 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 979 " existing (%s) address should not be changed\n", 980 ip6_sprintf(&ia->ia_addr.sin6_addr))); 981 error = EINVAL; 982 goto unlink; 983 } 984 ia->ia_prefixmask = ifra->ifra_prefixmask; 985 } 986 987 /* 988 * If a new destination address is specified, scrub the old one and 989 * install the new destination. Note that the interface must be 990 * p2p or loopback (see the check above.) 991 */ 992 if (dst6.sin6_family == AF_INET6 && 993 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 994 if ((ia->ia_flags & IFA_ROUTE) != 0 && 995 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 996 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 997 "a route to the old destination: %s\n", 998 ip6_sprintf(&ia->ia_addr.sin6_addr))); 999 /* proceed anyway... */ 1000 } else 1001 ia->ia_flags &= ~IFA_ROUTE; 1002 ia->ia_dstaddr = dst6; 1003 } 1004 1005 /* 1006 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1007 * to see if the address is deprecated or invalidated, but initialize 1008 * these members for applications. 1009 */ 1010 ia->ia6_lifetime = ifra->ifra_lifetime; 1011 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1012 ia->ia6_lifetime.ia6t_expire = 1013 time_second + ia->ia6_lifetime.ia6t_vltime; 1014 } else 1015 ia->ia6_lifetime.ia6t_expire = 0; 1016 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1017 ia->ia6_lifetime.ia6t_preferred = 1018 time_second + ia->ia6_lifetime.ia6t_pltime; 1019 } else 1020 ia->ia6_lifetime.ia6t_preferred = 0; 1021 1022 /* reset the interface and routing table appropriately. */ 1023 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1024 goto unlink; 1025 1026 /* 1027 * configure address flags. 1028 */ 1029 ia->ia6_flags = ifra->ifra_flags; 1030 /* 1031 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1032 * userland, make it deprecated. 1033 */ 1034 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1035 ia->ia6_lifetime.ia6t_pltime = 0; 1036 ia->ia6_lifetime.ia6t_preferred = time_second; 1037 } 1038 1039 /* 1040 * Make the address tentative before joining multicast addresses, 1041 * so that corresponding MLD responses would not have a tentative 1042 * source address. 1043 */ 1044 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1045 if (hostIsNew && in6if_do_dad(ifp)) 1046 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1047 1048 /* 1049 * We are done if we have simply modified an existing address. 1050 */ 1051 if (!hostIsNew) 1052 return (error); 1053 1054 /* 1055 * Beyond this point, we should call in6_purgeaddr upon an error, 1056 * not just go to unlink. 1057 */ 1058 1059 /* join necessary multicast groups */ 1060 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1061 struct sockaddr_in6 mltaddr, mltmask; 1062 struct in6_addr llsol; 1063 1064 /* join solicited multicast addr for new host id */ 1065 bzero(&llsol, sizeof(struct in6_addr)); 1066 llsol.s6_addr16[0] = htons(0xff02); 1067 llsol.s6_addr32[1] = 0; 1068 llsol.s6_addr32[2] = htonl(1); 1069 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1070 llsol.s6_addr8[12] = 0xff; 1071 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1072 /* XXX: should not happen */ 1073 log(LOG_ERR, "in6_update_ifa: " 1074 "in6_setscope failed\n"); 1075 goto cleanup; 1076 } 1077 dad_delay = 0; 1078 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1079 /* 1080 * We need a random delay for DAD on the address 1081 * being configured. It also means delaying 1082 * transmission of the corresponding MLD report to 1083 * avoid report collision. 1084 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1085 */ 1086 dad_delay = arc4random() % 1087 (MAX_RTR_SOLICITATION_DELAY * hz); 1088 } 1089 1090 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1091 /* join solicited multicast addr for new host id */ 1092 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1093 if (!imm) { 1094 nd6log((LOG_ERR, 1095 "in6_update_ifa: addmulti " 1096 "failed for %s on %s (errno=%d)\n", 1097 ip6_sprintf(&llsol), if_name(ifp), error)); 1098 goto cleanup; 1099 } 1100 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1101 in6m_sol = imm->i6mm_maddr; 1102 1103 bzero(&mltmask, sizeof(mltmask)); 1104 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1105 mltmask.sin6_family = AF_INET6; 1106 mltmask.sin6_addr = in6mask32; 1107 1108 /* 1109 * join link-local all-nodes address 1110 */ 1111 bzero(&mltaddr, sizeof(mltaddr)); 1112 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1113 mltaddr.sin6_family = AF_INET6; 1114 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1115 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1116 0) 1117 goto cleanup; /* XXX: should not fail */ 1118 1119 /* 1120 * XXX: do we really need this automatic routes? 1121 * We should probably reconsider this stuff. Most applications 1122 * actually do not need the routes, since they usually specify 1123 * the outgoing interface. 1124 */ 1125 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1126 if (rt) { 1127 if (memcmp(&mltaddr.sin6_addr, 1128 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1129 MLTMASK_LEN)) { 1130 RTFREE(rt); 1131 rt = NULL; 1132 } 1133 } 1134 if (!rt) { 1135 struct rt_addrinfo info; 1136 1137 bzero(&info, sizeof(info)); 1138 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1139 info.rti_info[RTAX_GATEWAY] = 1140 (struct sockaddr *)&ia->ia_addr; 1141 info.rti_info[RTAX_NETMASK] = 1142 (struct sockaddr *)&mltmask; 1143 info.rti_info[RTAX_IFA] = 1144 (struct sockaddr *)&ia->ia_addr; 1145 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1146 info.rti_flags = RTF_UP | RTF_CLONING; 1147 error = rtrequest1(RTM_ADD, &info, NULL); 1148 if (error) 1149 goto cleanup; 1150 } else { 1151 RTFREE(rt); 1152 } 1153 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1154 if (!imm) { 1155 nd6log((LOG_WARNING, 1156 "in6_update_ifa: addmulti failed for " 1157 "%s on %s (errno=%d)\n", 1158 ip6_sprintf(&mltaddr.sin6_addr), 1159 if_name(ifp), error)); 1160 goto cleanup; 1161 } 1162 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1163 1164 /* 1165 * join node information group address 1166 */ 1167 dad_delay = 0; 1168 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1169 /* 1170 * The spec doesn't say anything about delay for this 1171 * group, but the same logic should apply. 1172 */ 1173 dad_delay = arc4random() % 1174 (MAX_RTR_SOLICITATION_DELAY * hz); 1175 } 1176 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) { 1177 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1178 dad_delay); /* XXX jinmei */ 1179 if (!imm) { 1180 nd6log((LOG_WARNING, "in6_update_ifa: " 1181 "addmulti failed for %s on %s (errno=%d)\n", 1182 ip6_sprintf(&mltaddr.sin6_addr), 1183 if_name(ifp), error)); 1184 /* XXX not very fatal, go on... */ 1185 } else { 1186 LIST_INSERT_HEAD(&ia->ia6_memberships, 1187 imm, i6mm_chain); 1188 } 1189 } 1190 1191 1192 /* 1193 * join interface-local all-nodes address. 1194 * (ff01::1%ifN, and ff01::%ifN/32) 1195 */ 1196 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1197 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) 1198 != 0) 1199 goto cleanup; /* XXX: should not fail */ 1200 1201 /* XXX: again, do we really need the route? */ 1202 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1203 if (rt) { 1204 /* 32bit came from "mltmask" */ 1205 if (memcmp(&mltaddr.sin6_addr, 1206 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1207 32 / 8)) { 1208 RTFREE(rt); 1209 rt = NULL; 1210 } 1211 } 1212 if (!rt) { 1213 struct rt_addrinfo info; 1214 1215 bzero(&info, sizeof(info)); 1216 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1217 info.rti_info[RTAX_GATEWAY] = 1218 (struct sockaddr *)&ia->ia_addr; 1219 info.rti_info[RTAX_NETMASK] = 1220 (struct sockaddr *)&mltmask; 1221 info.rti_info[RTAX_IFA] = 1222 (struct sockaddr *)&ia->ia_addr; 1223 info.rti_flags = RTF_UP | RTF_CLONING; 1224 error = rtrequest1(RTM_ADD, &info, NULL); 1225 if (error) 1226 goto cleanup; 1227 #undef MLTMASK_LEN 1228 } else { 1229 RTFREE(rt); 1230 } 1231 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1232 if (!imm) { 1233 nd6log((LOG_WARNING, "in6_update_ifa: " 1234 "addmulti failed for %s on %s (errno=%d)\n", 1235 ip6_sprintf(&mltaddr.sin6_addr), 1236 if_name(ifp), error)); 1237 goto cleanup; 1238 } else { 1239 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1240 } 1241 } 1242 1243 /* 1244 * Perform DAD, if needed. 1245 * XXX It may be of use, if we can administratively 1246 * disable DAD. 1247 */ 1248 if (hostIsNew && in6if_do_dad(ifp) && 1249 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1250 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1251 { 1252 int mindelay, maxdelay; 1253 1254 dad_delay = 0; 1255 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1256 /* 1257 * We need to impose a delay before sending an NS 1258 * for DAD. Check if we also needed a delay for the 1259 * corresponding MLD message. If we did, the delay 1260 * should be larger than the MLD delay (this could be 1261 * relaxed a bit, but this simple logic is at least 1262 * safe). 1263 */ 1264 mindelay = 0; 1265 if (in6m_sol != NULL && 1266 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1267 mindelay = in6m_sol->in6m_timer; 1268 } 1269 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1270 if (maxdelay - mindelay == 0) 1271 dad_delay = 0; 1272 else { 1273 dad_delay = 1274 (arc4random() % (maxdelay - mindelay)) + 1275 mindelay; 1276 } 1277 } 1278 nd6_dad_start((struct ifaddr *)ia, dad_delay); 1279 } 1280 1281 return (error); 1282 1283 unlink: 1284 /* 1285 * XXX: if a change of an existing address failed, keep the entry 1286 * anyway. 1287 */ 1288 if (hostIsNew) 1289 in6_unlink_ifa(ia, ifp); 1290 return (error); 1291 1292 cleanup: 1293 in6_purgeaddr(&ia->ia_ifa); 1294 return error; 1295 } 1296 1297 void 1298 in6_purgeaddr(ifa) 1299 struct ifaddr *ifa; 1300 { 1301 struct ifnet *ifp = ifa->ifa_ifp; 1302 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1303 struct in6_multi_mship *imm; 1304 1305 /* stop DAD processing */ 1306 nd6_dad_stop(ifa); 1307 1308 /* 1309 * delete route to the destination of the address being purged. 1310 * The interface must be p2p or loopback in this case. 1311 */ 1312 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1313 int e; 1314 1315 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1316 != 0) { 1317 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1318 "a route to the p2p destination: %s on %s, " 1319 "errno=%d\n", 1320 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1321 e); 1322 /* proceed anyway... */ 1323 } else 1324 ia->ia_flags &= ~IFA_ROUTE; 1325 } 1326 1327 /* Remove ownaddr's loopback rtentry, if it exists. */ 1328 in6_ifremloop(&(ia->ia_ifa)); 1329 1330 /* 1331 * leave from multicast groups we have joined for the interface 1332 */ 1333 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 1334 LIST_REMOVE(imm, i6mm_chain); 1335 in6_leavegroup(imm); 1336 } 1337 1338 in6_unlink_ifa(ia, ifp); 1339 } 1340 1341 static void 1342 in6_unlink_ifa(ia, ifp) 1343 struct in6_ifaddr *ia; 1344 struct ifnet *ifp; 1345 { 1346 struct in6_ifaddr *oia; 1347 int s = splnet(); 1348 1349 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); 1350 /* release a refcnt for the link from if_addrlist */ 1351 IFAFREE(&ia->ia_ifa); 1352 1353 oia = ia; 1354 if (oia == (ia = in6_ifaddr)) 1355 in6_ifaddr = ia->ia_next; 1356 else { 1357 while (ia->ia_next && (ia->ia_next != oia)) 1358 ia = ia->ia_next; 1359 if (ia->ia_next) 1360 ia->ia_next = oia->ia_next; 1361 else { 1362 /* search failed */ 1363 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1364 } 1365 } 1366 1367 if (oia->ia6_multiaddrs.lh_first != NULL) { 1368 /* 1369 * XXX thorpej@NetBSD.org -- if the interface is going 1370 * XXX away, don't save the multicast entries, delete them! 1371 */ 1372 if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1373 struct in6_multi *in6m; 1374 1375 while ((in6m = 1376 LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) 1377 in6_delmulti(in6m); 1378 } else 1379 in6_savemkludge(oia); 1380 } 1381 1382 /* 1383 * Release the reference to the base prefix. There should be a 1384 * positive reference. 1385 */ 1386 if (oia->ia6_ndpr == NULL) { 1387 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1388 "%p has no prefix\n", oia)); 1389 } else { 1390 oia->ia6_ndpr->ndpr_refcnt--; 1391 oia->ia6_ndpr = NULL; 1392 } 1393 1394 /* 1395 * Also, if the address being removed is autoconf'ed, call 1396 * pfxlist_onlink_check() since the release might affect the status of 1397 * other (detached) addresses. 1398 */ 1399 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1400 pfxlist_onlink_check(); 1401 1402 /* 1403 * release another refcnt for the link from in6_ifaddr. 1404 * Note that we should decrement the refcnt at least once for all *BSD. 1405 */ 1406 IFAFREE(&oia->ia_ifa); 1407 1408 splx(s); 1409 } 1410 1411 void 1412 in6_purgeif(ifp) 1413 struct ifnet *ifp; 1414 { 1415 struct ifaddr *ifa, *nifa; 1416 1417 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa) 1418 { 1419 nifa = TAILQ_NEXT(ifa, ifa_list); 1420 if (ifa->ifa_addr->sa_family != AF_INET6) 1421 continue; 1422 in6_purgeaddr(ifa); 1423 } 1424 1425 in6_ifdetach(ifp); 1426 } 1427 1428 /* 1429 * SIOC[GAD]LIFADDR. 1430 * SIOCGLIFADDR: get first address. (?) 1431 * SIOCGLIFADDR with IFLR_PREFIX: 1432 * get first address that matches the specified prefix. 1433 * SIOCALIFADDR: add the specified address. 1434 * SIOCALIFADDR with IFLR_PREFIX: 1435 * add the specified prefix, filling hostid part from 1436 * the first link-local address. prefixlen must be <= 64. 1437 * SIOCDLIFADDR: delete the specified address. 1438 * SIOCDLIFADDR with IFLR_PREFIX: 1439 * delete the first address that matches the specified prefix. 1440 * return values: 1441 * EINVAL on invalid parameters 1442 * EADDRNOTAVAIL on prefix match failed/specified address not found 1443 * other values may be returned from in6_ioctl() 1444 * 1445 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1446 * this is to accomodate address naming scheme other than RFC2374, 1447 * in the future. 1448 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1449 * address encoding scheme. (see figure on page 8) 1450 */ 1451 static int 1452 in6_lifaddr_ioctl(so, cmd, data, ifp, l) 1453 struct socket *so; 1454 u_long cmd; 1455 caddr_t data; 1456 struct ifnet *ifp; 1457 struct lwp *l; 1458 { 1459 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1460 struct ifaddr *ifa; 1461 struct sockaddr *sa; 1462 1463 /* sanity checks */ 1464 if (!data || !ifp) { 1465 panic("invalid argument to in6_lifaddr_ioctl"); 1466 /* NOTREACHED */ 1467 } 1468 1469 switch (cmd) { 1470 case SIOCGLIFADDR: 1471 /* address must be specified on GET with IFLR_PREFIX */ 1472 if ((iflr->flags & IFLR_PREFIX) == 0) 1473 break; 1474 /* FALLTHROUGH */ 1475 case SIOCALIFADDR: 1476 case SIOCDLIFADDR: 1477 /* address must be specified on ADD and DELETE */ 1478 sa = (struct sockaddr *)&iflr->addr; 1479 if (sa->sa_family != AF_INET6) 1480 return EINVAL; 1481 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1482 return EINVAL; 1483 /* XXX need improvement */ 1484 sa = (struct sockaddr *)&iflr->dstaddr; 1485 if (sa->sa_family && sa->sa_family != AF_INET6) 1486 return EINVAL; 1487 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1488 return EINVAL; 1489 break; 1490 default: /* shouldn't happen */ 1491 #if 0 1492 panic("invalid cmd to in6_lifaddr_ioctl"); 1493 /* NOTREACHED */ 1494 #else 1495 return EOPNOTSUPP; 1496 #endif 1497 } 1498 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1499 return EINVAL; 1500 1501 switch (cmd) { 1502 case SIOCALIFADDR: 1503 { 1504 struct in6_aliasreq ifra; 1505 struct in6_addr *xhostid = NULL; 1506 int prefixlen; 1507 1508 if ((iflr->flags & IFLR_PREFIX) != 0) { 1509 struct sockaddr_in6 *sin6; 1510 1511 /* 1512 * xhostid is to fill in the hostid part of the 1513 * address. xhostid points to the first link-local 1514 * address attached to the interface. 1515 */ 1516 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1517 if (!ifa) 1518 return EADDRNOTAVAIL; 1519 xhostid = IFA_IN6(ifa); 1520 1521 /* prefixlen must be <= 64. */ 1522 if (64 < iflr->prefixlen) 1523 return EINVAL; 1524 prefixlen = iflr->prefixlen; 1525 1526 /* hostid part must be zero. */ 1527 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1528 if (sin6->sin6_addr.s6_addr32[2] != 0 1529 || sin6->sin6_addr.s6_addr32[3] != 0) { 1530 return EINVAL; 1531 } 1532 } else 1533 prefixlen = iflr->prefixlen; 1534 1535 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1536 bzero(&ifra, sizeof(ifra)); 1537 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1538 1539 bcopy(&iflr->addr, &ifra.ifra_addr, 1540 ((struct sockaddr *)&iflr->addr)->sa_len); 1541 if (xhostid) { 1542 /* fill in hostid part */ 1543 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1544 xhostid->s6_addr32[2]; 1545 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1546 xhostid->s6_addr32[3]; 1547 } 1548 1549 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1550 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1551 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1552 if (xhostid) { 1553 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1554 xhostid->s6_addr32[2]; 1555 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1556 xhostid->s6_addr32[3]; 1557 } 1558 } 1559 1560 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1561 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1562 1563 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1564 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1565 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1566 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, l); 1567 } 1568 case SIOCGLIFADDR: 1569 case SIOCDLIFADDR: 1570 { 1571 struct in6_ifaddr *ia; 1572 struct in6_addr mask, candidate, match; 1573 struct sockaddr_in6 *sin6; 1574 int cmp; 1575 1576 bzero(&mask, sizeof(mask)); 1577 if (iflr->flags & IFLR_PREFIX) { 1578 /* lookup a prefix rather than address. */ 1579 in6_prefixlen2mask(&mask, iflr->prefixlen); 1580 1581 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1582 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1583 match.s6_addr32[0] &= mask.s6_addr32[0]; 1584 match.s6_addr32[1] &= mask.s6_addr32[1]; 1585 match.s6_addr32[2] &= mask.s6_addr32[2]; 1586 match.s6_addr32[3] &= mask.s6_addr32[3]; 1587 1588 /* if you set extra bits, that's wrong */ 1589 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1590 return EINVAL; 1591 1592 cmp = 1; 1593 } else { 1594 if (cmd == SIOCGLIFADDR) { 1595 /* on getting an address, take the 1st match */ 1596 cmp = 0; /* XXX */ 1597 } else { 1598 /* on deleting an address, do exact match */ 1599 in6_prefixlen2mask(&mask, 128); 1600 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1601 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1602 1603 cmp = 1; 1604 } 1605 } 1606 1607 for (ifa = ifp->if_addrlist.tqh_first; 1608 ifa; 1609 ifa = ifa->ifa_list.tqe_next) 1610 { 1611 if (ifa->ifa_addr->sa_family != AF_INET6) 1612 continue; 1613 if (!cmp) 1614 break; 1615 1616 /* 1617 * XXX: this is adhoc, but is necessary to allow 1618 * a user to specify fe80::/64 (not /10) for a 1619 * link-local address. 1620 */ 1621 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1622 in6_clearscope(&candidate); 1623 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1624 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1625 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1626 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1627 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1628 break; 1629 } 1630 if (!ifa) 1631 return EADDRNOTAVAIL; 1632 ia = ifa2ia6(ifa); 1633 1634 if (cmd == SIOCGLIFADDR) { 1635 int error; 1636 1637 /* fill in the if_laddrreq structure */ 1638 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1639 error = sa6_recoverscope( 1640 (struct sockaddr_in6 *)&iflr->addr); 1641 if (error != 0) 1642 return (error); 1643 1644 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1645 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1646 ia->ia_dstaddr.sin6_len); 1647 error = sa6_recoverscope( 1648 (struct sockaddr_in6 *)&iflr->dstaddr); 1649 if (error != 0) 1650 return (error); 1651 } else 1652 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1653 1654 iflr->prefixlen = 1655 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1656 1657 iflr->flags = ia->ia6_flags; /* XXX */ 1658 1659 return 0; 1660 } else { 1661 struct in6_aliasreq ifra; 1662 1663 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1664 bzero(&ifra, sizeof(ifra)); 1665 bcopy(iflr->iflr_name, ifra.ifra_name, 1666 sizeof(ifra.ifra_name)); 1667 1668 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1669 ia->ia_addr.sin6_len); 1670 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1671 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1672 ia->ia_dstaddr.sin6_len); 1673 } else { 1674 bzero(&ifra.ifra_dstaddr, 1675 sizeof(ifra.ifra_dstaddr)); 1676 } 1677 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1678 ia->ia_prefixmask.sin6_len); 1679 1680 ifra.ifra_flags = ia->ia6_flags; 1681 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1682 ifp, l); 1683 } 1684 } 1685 } 1686 1687 return EOPNOTSUPP; /* just for safety */ 1688 } 1689 1690 /* 1691 * Initialize an interface's internet6 address 1692 * and routing table entry. 1693 */ 1694 static int 1695 in6_ifinit(ifp, ia, sin6, newhost) 1696 struct ifnet *ifp; 1697 struct in6_ifaddr *ia; 1698 struct sockaddr_in6 *sin6; 1699 int newhost; 1700 { 1701 int error = 0, plen, ifacount = 0; 1702 int s = splnet(); 1703 struct ifaddr *ifa; 1704 1705 /* 1706 * Give the interface a chance to initialize 1707 * if this is its first address, 1708 * and to validate the address if necessary. 1709 */ 1710 for (ifa = ifp->if_addrlist.tqh_first; ifa; 1711 ifa = ifa->ifa_list.tqe_next) 1712 { 1713 if (ifa->ifa_addr == NULL) 1714 continue; /* just for safety */ 1715 if (ifa->ifa_addr->sa_family != AF_INET6) 1716 continue; 1717 ifacount++; 1718 } 1719 1720 ia->ia_addr = *sin6; 1721 1722 if (ifacount <= 1 && ifp->if_ioctl && 1723 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia))) { 1724 splx(s); 1725 return (error); 1726 } 1727 splx(s); 1728 1729 ia->ia_ifa.ifa_metric = ifp->if_metric; 1730 1731 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1732 1733 /* 1734 * Special case: 1735 * If the destination address is specified for a point-to-point 1736 * interface, install a route to the destination as an interface 1737 * direct route. 1738 */ 1739 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1740 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1741 if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD, 1742 RTF_UP | RTF_HOST)) != 0) 1743 return (error); 1744 ia->ia_flags |= IFA_ROUTE; 1745 } 1746 1747 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1748 if (newhost) { 1749 /* set the rtrequest function to create llinfo */ 1750 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1751 in6_ifaddloop(&(ia->ia_ifa)); 1752 } 1753 1754 if (ifp->if_flags & IFF_MULTICAST) 1755 in6_restoremkludge(ia, ifp); 1756 1757 return (error); 1758 } 1759 1760 /* 1761 * Find an IPv6 interface link-local address specific to an interface. 1762 */ 1763 struct in6_ifaddr * 1764 in6ifa_ifpforlinklocal(ifp, ignoreflags) 1765 struct ifnet *ifp; 1766 int ignoreflags; 1767 { 1768 struct ifaddr *ifa; 1769 1770 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 1771 { 1772 if (ifa->ifa_addr == NULL) 1773 continue; /* just for safety */ 1774 if (ifa->ifa_addr->sa_family != AF_INET6) 1775 continue; 1776 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1777 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1778 ignoreflags) != 0) 1779 continue; 1780 break; 1781 } 1782 } 1783 1784 return ((struct in6_ifaddr *)ifa); 1785 } 1786 1787 1788 /* 1789 * find the internet address corresponding to a given interface and address. 1790 */ 1791 struct in6_ifaddr * 1792 in6ifa_ifpwithaddr(ifp, addr) 1793 struct ifnet *ifp; 1794 struct in6_addr *addr; 1795 { 1796 struct ifaddr *ifa; 1797 1798 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 1799 { 1800 if (ifa->ifa_addr == NULL) 1801 continue; /* just for safety */ 1802 if (ifa->ifa_addr->sa_family != AF_INET6) 1803 continue; 1804 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1805 break; 1806 } 1807 1808 return ((struct in6_ifaddr *)ifa); 1809 } 1810 1811 /* 1812 * Convert IP6 address to printable (loggable) representation. 1813 */ 1814 static int ip6round = 0; 1815 char * 1816 ip6_sprintf(addr) 1817 const struct in6_addr *addr; 1818 { 1819 static char ip6buf[8][48]; 1820 int i; 1821 char *cp; 1822 const u_int16_t *a = (const u_int16_t *)addr; 1823 const u_int8_t *d; 1824 int dcolon = 0; 1825 1826 ip6round = (ip6round + 1) & 7; 1827 cp = ip6buf[ip6round]; 1828 1829 for (i = 0; i < 8; i++) { 1830 if (dcolon == 1) { 1831 if (*a == 0) { 1832 if (i == 7) 1833 *cp++ = ':'; 1834 a++; 1835 continue; 1836 } else 1837 dcolon = 2; 1838 } 1839 if (*a == 0) { 1840 if (dcolon == 0 && *(a + 1) == 0) { 1841 if (i == 0) 1842 *cp++ = ':'; 1843 *cp++ = ':'; 1844 dcolon = 1; 1845 } else { 1846 *cp++ = '0'; 1847 *cp++ = ':'; 1848 } 1849 a++; 1850 continue; 1851 } 1852 d = (const u_char *)a; 1853 *cp++ = hexdigits[*d >> 4]; 1854 *cp++ = hexdigits[*d++ & 0xf]; 1855 *cp++ = hexdigits[*d >> 4]; 1856 *cp++ = hexdigits[*d & 0xf]; 1857 *cp++ = ':'; 1858 a++; 1859 } 1860 *--cp = 0; 1861 return (ip6buf[ip6round]); 1862 } 1863 1864 /* 1865 * Determine if an address is on a local network. 1866 */ 1867 int 1868 in6_localaddr(in6) 1869 struct in6_addr *in6; 1870 { 1871 struct in6_ifaddr *ia; 1872 1873 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1874 return (1); 1875 1876 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1877 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1878 &ia->ia_prefixmask.sin6_addr)) 1879 return (1); 1880 1881 return (0); 1882 } 1883 1884 int 1885 in6_is_addr_deprecated(sa6) 1886 struct sockaddr_in6 *sa6; 1887 { 1888 struct in6_ifaddr *ia; 1889 1890 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1891 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1892 &sa6->sin6_addr) && 1893 #ifdef SCOPEDROUTING 1894 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1895 #endif 1896 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1897 return (1); /* true */ 1898 1899 /* XXX: do we still have to go thru the rest of the list? */ 1900 } 1901 1902 return (0); /* false */ 1903 } 1904 1905 /* 1906 * return length of part which dst and src are equal 1907 * hard coding... 1908 */ 1909 int 1910 in6_matchlen(src, dst) 1911 struct in6_addr *src, *dst; 1912 { 1913 int match = 0; 1914 u_char *s = (u_char *)src, *d = (u_char *)dst; 1915 u_char *lim = s + 16, r; 1916 1917 while (s < lim) 1918 if ((r = (*d++ ^ *s++)) != 0) { 1919 while (r < 128) { 1920 match++; 1921 r <<= 1; 1922 } 1923 break; 1924 } else 1925 match += 8; 1926 return match; 1927 } 1928 1929 /* XXX: to be scope conscious */ 1930 int 1931 in6_are_prefix_equal(p1, p2, len) 1932 struct in6_addr *p1, *p2; 1933 int len; 1934 { 1935 int bytelen, bitlen; 1936 1937 /* sanity check */ 1938 if (len < 0 || len > 128) { 1939 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1940 len); 1941 return (0); 1942 } 1943 1944 bytelen = len / 8; 1945 bitlen = len % 8; 1946 1947 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1948 return (0); 1949 if (bitlen != 0 && 1950 p1->s6_addr[bytelen] >> (8 - bitlen) != 1951 p2->s6_addr[bytelen] >> (8 - bitlen)) 1952 return (0); 1953 1954 return (1); 1955 } 1956 1957 void 1958 in6_prefixlen2mask(maskp, len) 1959 struct in6_addr *maskp; 1960 int len; 1961 { 1962 static const u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1963 int bytelen, bitlen, i; 1964 1965 /* sanity check */ 1966 if (len < 0 || len > 128) { 1967 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1968 len); 1969 return; 1970 } 1971 1972 bzero(maskp, sizeof(*maskp)); 1973 bytelen = len / 8; 1974 bitlen = len % 8; 1975 for (i = 0; i < bytelen; i++) 1976 maskp->s6_addr[i] = 0xff; 1977 if (bitlen) 1978 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1979 } 1980 1981 /* 1982 * return the best address out of the same scope. if no address was 1983 * found, return the first valid address from designated IF. 1984 */ 1985 struct in6_ifaddr * 1986 in6_ifawithifp(ifp, dst) 1987 struct ifnet *ifp; 1988 struct in6_addr *dst; 1989 { 1990 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 1991 struct ifaddr *ifa; 1992 struct in6_ifaddr *besta = 0; 1993 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 1994 1995 dep[0] = dep[1] = NULL; 1996 1997 /* 1998 * We first look for addresses in the same scope. 1999 * If there is one, return it. 2000 * If two or more, return one which matches the dst longest. 2001 * If none, return one of global addresses assigned other ifs. 2002 */ 2003 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2004 { 2005 if (ifa->ifa_addr->sa_family != AF_INET6) 2006 continue; 2007 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2008 continue; /* XXX: is there any case to allow anycast? */ 2009 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2010 continue; /* don't use this interface */ 2011 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2012 continue; 2013 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2014 if (ip6_use_deprecated) 2015 dep[0] = (struct in6_ifaddr *)ifa; 2016 continue; 2017 } 2018 2019 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2020 /* 2021 * call in6_matchlen() as few as possible 2022 */ 2023 if (besta) { 2024 if (blen == -1) 2025 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2026 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2027 if (tlen > blen) { 2028 blen = tlen; 2029 besta = (struct in6_ifaddr *)ifa; 2030 } 2031 } else 2032 besta = (struct in6_ifaddr *)ifa; 2033 } 2034 } 2035 if (besta) 2036 return (besta); 2037 2038 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2039 { 2040 if (ifa->ifa_addr->sa_family != AF_INET6) 2041 continue; 2042 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2043 continue; /* XXX: is there any case to allow anycast? */ 2044 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2045 continue; /* don't use this interface */ 2046 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2047 continue; 2048 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2049 if (ip6_use_deprecated) 2050 dep[1] = (struct in6_ifaddr *)ifa; 2051 continue; 2052 } 2053 2054 return (struct in6_ifaddr *)ifa; 2055 } 2056 2057 /* use the last-resort values, that are, deprecated addresses */ 2058 if (dep[0]) 2059 return dep[0]; 2060 if (dep[1]) 2061 return dep[1]; 2062 2063 return NULL; 2064 } 2065 2066 /* 2067 * perform DAD when interface becomes IFF_UP. 2068 */ 2069 void 2070 in6_if_up(ifp) 2071 struct ifnet *ifp; 2072 { 2073 struct ifaddr *ifa; 2074 struct in6_ifaddr *ia; 2075 2076 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2077 { 2078 if (ifa->ifa_addr->sa_family != AF_INET6) 2079 continue; 2080 ia = (struct in6_ifaddr *)ifa; 2081 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2082 /* 2083 * The TENTATIVE flag was likely set by hand 2084 * beforehand, implicitly indicating the need for DAD. 2085 * We may be able to skip the random delay in this 2086 * case, but we impose delays just in case. 2087 */ 2088 nd6_dad_start(ifa, 2089 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2090 } 2091 } 2092 2093 /* 2094 * special cases, like 6to4, are handled in in6_ifattach 2095 */ 2096 in6_ifattach(ifp, NULL); 2097 } 2098 2099 int 2100 in6if_do_dad(ifp) 2101 struct ifnet *ifp; 2102 { 2103 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2104 return (0); 2105 2106 switch (ifp->if_type) { 2107 case IFT_FAITH: 2108 /* 2109 * These interfaces do not have the IFF_LOOPBACK flag, 2110 * but loop packets back. We do not have to do DAD on such 2111 * interfaces. We should even omit it, because loop-backed 2112 * NS would confuse the DAD procedure. 2113 */ 2114 return (0); 2115 default: 2116 /* 2117 * Our DAD routine requires the interface up and running. 2118 * However, some interfaces can be up before the RUNNING 2119 * status. Additionaly, users may try to assign addresses 2120 * before the interface becomes up (or running). 2121 * We simply skip DAD in such a case as a work around. 2122 * XXX: we should rather mark "tentative" on such addresses, 2123 * and do DAD after the interface becomes ready. 2124 */ 2125 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2126 (IFF_UP|IFF_RUNNING)) 2127 return (0); 2128 2129 return (1); 2130 } 2131 } 2132 2133 /* 2134 * Calculate max IPv6 MTU through all the interfaces and store it 2135 * to in6_maxmtu. 2136 */ 2137 void 2138 in6_setmaxmtu() 2139 { 2140 unsigned long maxmtu = 0; 2141 struct ifnet *ifp; 2142 2143 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 2144 { 2145 /* this function can be called during ifnet initialization */ 2146 if (!ifp->if_afdata[AF_INET6]) 2147 continue; 2148 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2149 IN6_LINKMTU(ifp) > maxmtu) 2150 maxmtu = IN6_LINKMTU(ifp); 2151 } 2152 if (maxmtu) /* update only when maxmtu is positive */ 2153 in6_maxmtu = maxmtu; 2154 } 2155 2156 /* 2157 * Provide the length of interface identifiers to be used for the link attached 2158 * to the given interface. The length should be defined in "IPv6 over 2159 * xxx-link" document. Note that address architecture might also define 2160 * the length for a particular set of address prefixes, regardless of the 2161 * link type. As clarified in rfc2462bis, those two definitions should be 2162 * consistent, and those really are as of August 2004. 2163 */ 2164 int 2165 in6_if2idlen(ifp) 2166 struct ifnet *ifp; 2167 { 2168 switch (ifp->if_type) { 2169 case IFT_ETHER: /* RFC2464 */ 2170 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2171 case IFT_L2VLAN: /* ditto */ 2172 case IFT_IEEE80211: /* ditto */ 2173 case IFT_FDDI: /* RFC2467 */ 2174 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2175 case IFT_PPP: /* RFC2472 */ 2176 case IFT_ARCNET: /* RFC2497 */ 2177 case IFT_FRELAY: /* RFC2590 */ 2178 case IFT_IEEE1394: /* RFC3146 */ 2179 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2180 case IFT_LOOP: /* XXX: is this really correct? */ 2181 return 64; 2182 default: 2183 /* 2184 * Unknown link type: 2185 * It might be controversial to use the today's common constant 2186 * of 64 for these cases unconditionally. For full compliance, 2187 * we should return an error in this case. On the other hand, 2188 * if we simply miss the standard for the link type or a new 2189 * standard is defined for a new link type, the IFID length 2190 * is very likely to be the common constant. As a compromise, 2191 * we always use the constant, but make an explicit notice 2192 * indicating the "unknown" case. 2193 */ 2194 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2195 return 64; 2196 } 2197 } 2198 2199 void * 2200 in6_domifattach(ifp) 2201 struct ifnet *ifp; 2202 { 2203 struct in6_ifextra *ext; 2204 2205 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2206 bzero(ext, sizeof(*ext)); 2207 2208 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2209 M_IFADDR, M_WAITOK); 2210 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2211 2212 ext->icmp6_ifstat = 2213 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2214 M_IFADDR, M_WAITOK); 2215 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2216 2217 ext->nd_ifinfo = nd6_ifattach(ifp); 2218 ext->scope6_id = scope6_ifattach(ifp); 2219 return ext; 2220 } 2221 2222 void 2223 in6_domifdetach(struct ifnet *ifp __unused, void *aux) 2224 { 2225 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2226 2227 nd6_ifdetach(ext->nd_ifinfo); 2228 free(ext->in6_ifstat, M_IFADDR); 2229 free(ext->icmp6_ifstat, M_IFADDR); 2230 scope6_ifdetach(ext->scope6_id); 2231 free(ext, M_IFADDR); 2232 } 2233