1 /* $NetBSD: in6.c,v 1.108 2006/06/07 22:34:03 kardel Exp $ */ 2 /* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.108 2006/06/07 22:34:03 kardel Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_pfil_hooks.h" 69 70 #include <sys/param.h> 71 #include <sys/ioctl.h> 72 #include <sys/errno.h> 73 #include <sys/malloc.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/sockio.h> 77 #include <sys/systm.h> 78 #include <sys/proc.h> 79 #include <sys/time.h> 80 #include <sys/kernel.h> 81 #include <sys/syslog.h> 82 #include <sys/kauth.h> 83 84 #include <net/if.h> 85 #include <net/if_types.h> 86 #include <net/route.h> 87 #include <net/if_dl.h> 88 89 #include <netinet/in.h> 90 #include <netinet/in_var.h> 91 #include <net/if_ether.h> 92 93 #include <netinet/ip6.h> 94 #include <netinet6/ip6_var.h> 95 #include <netinet6/nd6.h> 96 #include <netinet6/mld6_var.h> 97 #include <netinet6/ip6_mroute.h> 98 #include <netinet6/in6_ifattach.h> 99 #include <netinet6/scope6_var.h> 100 101 #include <net/net_osdep.h> 102 103 #include <netccitt/x25.h> 104 105 #ifdef PFIL_HOOKS 106 #include <net/pfil.h> 107 #endif 108 109 MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 110 111 /* enable backward compatibility code for obsoleted ioctls */ 112 #define COMPAT_IN6IFIOCTL 113 114 /* 115 * Definitions of some constant IP6 addresses. 116 */ 117 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 118 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 119 const struct in6_addr in6addr_nodelocal_allnodes = 120 IN6ADDR_NODELOCAL_ALLNODES_INIT; 121 const struct in6_addr in6addr_linklocal_allnodes = 122 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 123 const struct in6_addr in6addr_linklocal_allrouters = 124 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 125 126 const struct in6_addr in6mask0 = IN6MASK0; 127 const struct in6_addr in6mask32 = IN6MASK32; 128 const struct in6_addr in6mask64 = IN6MASK64; 129 const struct in6_addr in6mask96 = IN6MASK96; 130 const struct in6_addr in6mask128 = IN6MASK128; 131 132 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 133 0, 0, IN6ADDR_ANY_INIT, 0}; 134 135 static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t, 136 struct ifnet *, struct proc *)); 137 static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *, 138 struct sockaddr_in6 *, int)); 139 static void in6_unlink_ifa __P((struct in6_ifaddr *, struct ifnet *)); 140 141 /* 142 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 143 * This routine does actual work. 144 */ 145 static void 146 in6_ifloop_request(int cmd, struct ifaddr *ifa) 147 { 148 struct sockaddr_in6 lo_sa; 149 struct sockaddr_in6 all1_sa; 150 struct rtentry *nrt = NULL; 151 int e; 152 153 bzero(&lo_sa, sizeof(lo_sa)); 154 bzero(&all1_sa, sizeof(all1_sa)); 155 lo_sa.sin6_family = all1_sa.sin6_family = AF_INET6; 156 lo_sa.sin6_len = all1_sa.sin6_len = sizeof(struct sockaddr_in6); 157 lo_sa.sin6_addr = in6addr_loopback; 158 all1_sa.sin6_addr = in6mask128; 159 160 /* 161 * We specify the address itself as the gateway, and set the 162 * RTF_LLINFO flag, so that the corresponding host route would have 163 * the flag, and thus applications that assume traditional behavior 164 * would be happy. Note that we assume the caller of the function 165 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 166 * which changes the outgoing interface to the loopback interface. 167 */ 168 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 169 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 170 if (e != 0) { 171 log(LOG_ERR, "in6_ifloop_request: " 172 "%s operation failed for %s (errno=%d)\n", 173 cmd == RTM_ADD ? "ADD" : "DELETE", 174 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 175 e); 176 } 177 178 /* 179 * Make sure rt_ifa be equal to IFA, the second argument of the 180 * function. 181 * We need this because when we refer to rt_ifa->ia6_flags in 182 * ip6_input, we assume that the rt_ifa points to the address instead 183 * of the loopback address. 184 */ 185 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) { 186 IFAFREE(nrt->rt_ifa); 187 IFAREF(ifa); 188 nrt->rt_ifa = ifa; 189 } 190 191 /* 192 * Report the addition/removal of the address to the routing socket. 193 * XXX: since we called rtinit for a p2p interface with a destination, 194 * we end up reporting twice in such a case. Should we rather 195 * omit the second report? 196 */ 197 if (nrt) { 198 rt_newaddrmsg(cmd, ifa, e, nrt); 199 if (cmd == RTM_DELETE) { 200 if (nrt->rt_refcnt <= 0) { 201 /* XXX: we should free the entry ourselves. */ 202 nrt->rt_refcnt++; 203 rtfree(nrt); 204 } 205 } else { 206 /* the cmd must be RTM_ADD here */ 207 nrt->rt_refcnt--; 208 } 209 } 210 } 211 212 /* 213 * Add ownaddr as loopback rtentry. We previously add the route only if 214 * necessary (ex. on a p2p link). However, since we now manage addresses 215 * separately from prefixes, we should always add the route. We can't 216 * rely on the cloning mechanism from the corresponding interface route 217 * any more. 218 */ 219 void 220 in6_ifaddloop(struct ifaddr *ifa) 221 { 222 struct rtentry *rt; 223 224 /* If there is no loopback entry, allocate one. */ 225 rt = rtalloc1(ifa->ifa_addr, 0); 226 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 227 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 228 in6_ifloop_request(RTM_ADD, ifa); 229 if (rt) 230 rt->rt_refcnt--; 231 } 232 233 /* 234 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 235 * if it exists. 236 */ 237 void 238 in6_ifremloop(struct ifaddr *ifa) 239 { 240 struct in6_ifaddr *ia; 241 struct rtentry *rt; 242 int ia_count = 0; 243 244 /* 245 * Some of BSD variants do not remove cloned routes 246 * from an interface direct route, when removing the direct route 247 * (see comments in net/net_osdep.h). Even for variants that do remove 248 * cloned routes, they could fail to remove the cloned routes when 249 * we handle multple addresses that share a common prefix. 250 * So, we should remove the route corresponding to the deleted address. 251 */ 252 253 /* 254 * Delete the entry only if exact one ifa exists. More than one ifa 255 * can exist if we assign a same single address to multiple 256 * (probably p2p) interfaces. 257 * XXX: we should avoid such a configuration in IPv6... 258 */ 259 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 260 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) { 261 ia_count++; 262 if (ia_count > 1) 263 break; 264 } 265 } 266 267 if (ia_count == 1) { 268 /* 269 * Before deleting, check if a corresponding loopbacked host 270 * route surely exists. With this check, we can avoid to 271 * delete an interface direct route whose destination is same 272 * as the address being removed. This can happen when removing 273 * a subnet-router anycast address on an interface attahced 274 * to a shared medium. 275 */ 276 rt = rtalloc1(ifa->ifa_addr, 0); 277 if (rt != NULL && (rt->rt_flags & RTF_HOST) != 0 && 278 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 279 rt->rt_refcnt--; 280 in6_ifloop_request(RTM_DELETE, ifa); 281 } 282 } 283 } 284 285 int 286 in6_mask2len(mask, lim0) 287 struct in6_addr *mask; 288 u_char *lim0; 289 { 290 int x = 0, y; 291 u_char *lim = lim0, *p; 292 293 /* ignore the scope_id part */ 294 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 295 lim = (u_char *)mask + sizeof(*mask); 296 for (p = (u_char *)mask; p < lim; x++, p++) { 297 if (*p != 0xff) 298 break; 299 } 300 y = 0; 301 if (p < lim) { 302 for (y = 0; y < 8; y++) { 303 if ((*p & (0x80 >> y)) == 0) 304 break; 305 } 306 } 307 308 /* 309 * when the limit pointer is given, do a stricter check on the 310 * remaining bits. 311 */ 312 if (p < lim) { 313 if (y != 0 && (*p & (0x00ff >> y)) != 0) 314 return (-1); 315 for (p = p + 1; p < lim; p++) 316 if (*p != 0) 317 return (-1); 318 } 319 320 return x * 8 + y; 321 } 322 323 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 324 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 325 326 int 327 in6_control(so, cmd, data, ifp, p) 328 struct socket *so; 329 u_long cmd; 330 caddr_t data; 331 struct ifnet *ifp; 332 struct proc *p; 333 { 334 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 335 struct in6_ifaddr *ia = NULL; 336 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 337 struct sockaddr_in6 *sa6; 338 int error, privileged; 339 340 privileged = 0; 341 if (p && !kauth_authorize_generic(p->p_cred, KAUTH_GENERIC_ISSUSER, &p->p_acflag)) 342 privileged++; 343 344 switch (cmd) { 345 /* 346 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 347 */ 348 case SIOCSIFADDR: 349 case SIOCSIFDSTADDR: 350 case SIOCSIFCONF_X25: 351 return EOPNOTSUPP; 352 case SIOCGETSGCNT_IN6: 353 case SIOCGETMIFCNT_IN6: 354 return (mrt6_ioctl(cmd, data)); 355 } 356 357 if (ifp == NULL) 358 return (EOPNOTSUPP); 359 360 switch (cmd) { 361 case SIOCSNDFLUSH_IN6: 362 case SIOCSPFXFLUSH_IN6: 363 case SIOCSRTRFLUSH_IN6: 364 case SIOCSDEFIFACE_IN6: 365 case SIOCSIFINFO_FLAGS: 366 case SIOCSIFINFO_IN6: 367 if (!privileged) 368 return (EPERM); 369 /* FALLTHROUGH */ 370 case OSIOCGIFINFO_IN6: 371 case SIOCGIFINFO_IN6: 372 case SIOCGDRLST_IN6: 373 case SIOCGPRLST_IN6: 374 case SIOCGNBRINFO_IN6: 375 case SIOCGDEFIFACE_IN6: 376 return (nd6_ioctl(cmd, data, ifp)); 377 } 378 379 switch (cmd) { 380 case SIOCSIFPREFIX_IN6: 381 case SIOCDIFPREFIX_IN6: 382 case SIOCAIFPREFIX_IN6: 383 case SIOCCIFPREFIX_IN6: 384 case SIOCSGIFPREFIX_IN6: 385 case SIOCGIFPREFIX_IN6: 386 log(LOG_NOTICE, 387 "prefix ioctls are now invalidated. " 388 "please use ifconfig.\n"); 389 return (EOPNOTSUPP); 390 } 391 392 switch (cmd) { 393 case SIOCALIFADDR: 394 case SIOCDLIFADDR: 395 if (!privileged) 396 return (EPERM); 397 /* FALLTHROUGH */ 398 case SIOCGLIFADDR: 399 return in6_lifaddr_ioctl(so, cmd, data, ifp, p); 400 } 401 402 /* 403 * Find address for this interface, if it exists. 404 * 405 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 406 * only, and used the first interface address as the target of other 407 * operations (without checking ifra_addr). This was because netinet 408 * code/API assumed at most 1 interface address per interface. 409 * Since IPv6 allows a node to assign multiple addresses 410 * on a single interface, we almost always look and check the 411 * presence of ifra_addr, and reject invalid ones here. 412 * It also decreases duplicated code among SIOC*_IN6 operations. 413 */ 414 switch (cmd) { 415 case SIOCAIFADDR_IN6: 416 case SIOCSIFPHYADDR_IN6: 417 sa6 = &ifra->ifra_addr; 418 break; 419 case SIOCSIFADDR_IN6: 420 case SIOCGIFADDR_IN6: 421 case SIOCSIFDSTADDR_IN6: 422 case SIOCSIFNETMASK_IN6: 423 case SIOCGIFDSTADDR_IN6: 424 case SIOCGIFNETMASK_IN6: 425 case SIOCDIFADDR_IN6: 426 case SIOCGIFPSRCADDR_IN6: 427 case SIOCGIFPDSTADDR_IN6: 428 case SIOCGIFAFLAG_IN6: 429 case SIOCSNDFLUSH_IN6: 430 case SIOCSPFXFLUSH_IN6: 431 case SIOCSRTRFLUSH_IN6: 432 case SIOCGIFALIFETIME_IN6: 433 case SIOCSIFALIFETIME_IN6: 434 case SIOCGIFSTAT_IN6: 435 case SIOCGIFSTAT_ICMP6: 436 sa6 = &ifr->ifr_addr; 437 break; 438 default: 439 sa6 = NULL; 440 break; 441 } 442 if (sa6 && sa6->sin6_family == AF_INET6) { 443 if (sa6->sin6_scope_id != 0) 444 error = sa6_embedscope(sa6, 0); 445 else 446 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 447 if (error != 0) 448 return (error); 449 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 450 } else 451 ia = NULL; 452 453 switch (cmd) { 454 case SIOCSIFADDR_IN6: 455 case SIOCSIFDSTADDR_IN6: 456 case SIOCSIFNETMASK_IN6: 457 /* 458 * Since IPv6 allows a node to assign multiple addresses 459 * on a single interface, SIOCSIFxxx ioctls are deprecated. 460 */ 461 return (EINVAL); 462 463 case SIOCDIFADDR_IN6: 464 /* 465 * for IPv4, we look for existing in_ifaddr here to allow 466 * "ifconfig if0 delete" to remove the first IPv4 address on 467 * the interface. For IPv6, as the spec allows multiple 468 * interface address from the day one, we consider "remove the 469 * first one" semantics to be not preferable. 470 */ 471 if (ia == NULL) 472 return (EADDRNOTAVAIL); 473 /* FALLTHROUGH */ 474 case SIOCAIFADDR_IN6: 475 /* 476 * We always require users to specify a valid IPv6 address for 477 * the corresponding operation. 478 */ 479 if (ifra->ifra_addr.sin6_family != AF_INET6 || 480 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 481 return (EAFNOSUPPORT); 482 if (!privileged) 483 return (EPERM); 484 485 break; 486 487 case SIOCGIFADDR_IN6: 488 /* This interface is basically deprecated. use SIOCGIFCONF. */ 489 /* FALLTHROUGH */ 490 case SIOCGIFAFLAG_IN6: 491 case SIOCGIFNETMASK_IN6: 492 case SIOCGIFDSTADDR_IN6: 493 case SIOCGIFALIFETIME_IN6: 494 /* must think again about its semantics */ 495 if (ia == NULL) 496 return (EADDRNOTAVAIL); 497 break; 498 case SIOCSIFALIFETIME_IN6: 499 { 500 struct in6_addrlifetime *lt; 501 502 if (!privileged) 503 return (EPERM); 504 if (ia == NULL) 505 return (EADDRNOTAVAIL); 506 /* sanity for overflow - beware unsigned */ 507 lt = &ifr->ifr_ifru.ifru_lifetime; 508 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME 509 && lt->ia6t_vltime + time_second < time_second) { 510 return EINVAL; 511 } 512 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME 513 && lt->ia6t_pltime + time_second < time_second) { 514 return EINVAL; 515 } 516 break; 517 } 518 } 519 520 switch (cmd) { 521 522 case SIOCGIFADDR_IN6: 523 ifr->ifr_addr = ia->ia_addr; 524 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 525 return (error); 526 break; 527 528 case SIOCGIFDSTADDR_IN6: 529 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 530 return (EINVAL); 531 /* 532 * XXX: should we check if ifa_dstaddr is NULL and return 533 * an error? 534 */ 535 ifr->ifr_dstaddr = ia->ia_dstaddr; 536 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 537 return (error); 538 break; 539 540 case SIOCGIFNETMASK_IN6: 541 ifr->ifr_addr = ia->ia_prefixmask; 542 break; 543 544 case SIOCGIFAFLAG_IN6: 545 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 546 break; 547 548 case SIOCGIFSTAT_IN6: 549 if (ifp == NULL) 550 return EINVAL; 551 bzero(&ifr->ifr_ifru.ifru_stat, 552 sizeof(ifr->ifr_ifru.ifru_stat)); 553 ifr->ifr_ifru.ifru_stat = 554 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 555 break; 556 557 case SIOCGIFSTAT_ICMP6: 558 if (ifp == NULL) 559 return EINVAL; 560 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 561 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 562 ifr->ifr_ifru.ifru_icmp6stat = 563 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 564 break; 565 566 case SIOCGIFALIFETIME_IN6: 567 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 568 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 569 time_t maxexpire; 570 struct in6_addrlifetime *retlt = 571 &ifr->ifr_ifru.ifru_lifetime; 572 573 /* 574 * XXX: adjust expiration time assuming time_t is 575 * signed. 576 */ 577 maxexpire = ((time_t)~0) & 578 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 579 if (ia->ia6_lifetime.ia6t_vltime < 580 maxexpire - ia->ia6_updatetime) { 581 retlt->ia6t_expire = ia->ia6_updatetime + 582 ia->ia6_lifetime.ia6t_vltime; 583 } else 584 retlt->ia6t_expire = maxexpire; 585 } 586 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 587 time_t maxexpire; 588 struct in6_addrlifetime *retlt = 589 &ifr->ifr_ifru.ifru_lifetime; 590 591 /* 592 * XXX: adjust expiration time assuming time_t is 593 * signed. 594 */ 595 maxexpire = ((time_t)~0) & 596 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 597 if (ia->ia6_lifetime.ia6t_pltime < 598 maxexpire - ia->ia6_updatetime) { 599 retlt->ia6t_preferred = ia->ia6_updatetime + 600 ia->ia6_lifetime.ia6t_pltime; 601 } else 602 retlt->ia6t_preferred = maxexpire; 603 } 604 break; 605 606 case SIOCSIFALIFETIME_IN6: 607 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 608 /* for sanity */ 609 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 610 ia->ia6_lifetime.ia6t_expire = 611 time_second + ia->ia6_lifetime.ia6t_vltime; 612 } else 613 ia->ia6_lifetime.ia6t_expire = 0; 614 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 615 ia->ia6_lifetime.ia6t_preferred = 616 time_second + ia->ia6_lifetime.ia6t_pltime; 617 } else 618 ia->ia6_lifetime.ia6t_preferred = 0; 619 break; 620 621 case SIOCAIFADDR_IN6: 622 { 623 int i; 624 struct nd_prefixctl pr0; 625 struct nd_prefix *pr; 626 627 /* reject read-only flags */ 628 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 629 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 630 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 631 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 632 return (EINVAL); 633 } 634 /* 635 * first, make or update the interface address structure, 636 * and link it to the list. 637 */ 638 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 639 return (error); 640 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 641 == NULL) { 642 /* 643 * this can happen when the user specify the 0 valid 644 * lifetime. 645 */ 646 break; 647 } 648 649 /* 650 * then, make the prefix on-link on the interface. 651 * XXX: we'd rather create the prefix before the address, but 652 * we need at least one address to install the corresponding 653 * interface route, so we configure the address first. 654 */ 655 656 /* 657 * convert mask to prefix length (prefixmask has already 658 * been validated in in6_update_ifa(). 659 */ 660 bzero(&pr0, sizeof(pr0)); 661 pr0.ndpr_ifp = ifp; 662 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 663 NULL); 664 if (pr0.ndpr_plen == 128) { 665 break; /* we don't need to install a host route. */ 666 } 667 pr0.ndpr_prefix = ifra->ifra_addr; 668 /* apply the mask for safety. */ 669 for (i = 0; i < 4; i++) { 670 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 671 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 672 } 673 /* 674 * XXX: since we don't have an API to set prefix (not address) 675 * lifetimes, we just use the same lifetimes as addresses. 676 * The (temporarily) installed lifetimes can be overridden by 677 * later advertised RAs (when accept_rtadv is non 0), which is 678 * an intended behavior. 679 */ 680 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 681 pr0.ndpr_raf_auto = 682 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 683 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 684 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 685 686 /* add the prefix if not yet. */ 687 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 688 /* 689 * nd6_prelist_add will install the corresponding 690 * interface route. 691 */ 692 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 693 return (error); 694 if (pr == NULL) { 695 log(LOG_ERR, "nd6_prelist_add succeeded but " 696 "no prefix\n"); 697 return (EINVAL); /* XXX panic here? */ 698 } 699 } 700 701 /* relate the address to the prefix */ 702 if (ia->ia6_ndpr == NULL) { 703 ia->ia6_ndpr = pr; 704 pr->ndpr_refcnt++; 705 706 /* 707 * If this is the first autoconf address from the 708 * prefix, create a temporary address as well 709 * (when required). 710 */ 711 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 712 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 713 int e; 714 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 715 log(LOG_NOTICE, "in6_control: failed " 716 "to create a temporary address, " 717 "errno=%d\n", e); 718 } 719 } 720 } 721 722 /* 723 * this might affect the status of autoconfigured addresses, 724 * that is, this address might make other addresses detached. 725 */ 726 pfxlist_onlink_check(); 727 728 #ifdef PFIL_HOOKS 729 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 730 ifp, PFIL_IFADDR); 731 #endif 732 733 break; 734 } 735 736 case SIOCDIFADDR_IN6: 737 { 738 struct nd_prefix *pr; 739 740 /* 741 * If the address being deleted is the only one that owns 742 * the corresponding prefix, expire the prefix as well. 743 * XXX: theoretically, we don't have to worry about such 744 * relationship, since we separate the address management 745 * and the prefix management. We do this, however, to provide 746 * as much backward compatibility as possible in terms of 747 * the ioctl operation. 748 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 749 */ 750 pr = ia->ia6_ndpr; 751 in6_purgeaddr(&ia->ia_ifa); 752 if (pr && pr->ndpr_refcnt == 0) 753 prelist_remove(pr); 754 #ifdef PFIL_HOOKS 755 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 756 ifp, PFIL_IFADDR); 757 #endif 758 break; 759 } 760 761 default: 762 if (ifp == NULL || ifp->if_ioctl == 0) 763 return (EOPNOTSUPP); 764 error = ((*ifp->if_ioctl)(ifp, cmd, data)); 765 return error; 766 } 767 768 return (0); 769 } 770 771 /* 772 * Update parameters of an IPv6 interface address. 773 * If necessary, a new entry is created and linked into address chains. 774 * This function is separated from in6_control(). 775 * XXX: should this be performed under splnet()? 776 */ 777 int 778 in6_update_ifa(ifp, ifra, ia, flags) 779 struct ifnet *ifp; 780 struct in6_aliasreq *ifra; 781 struct in6_ifaddr *ia; 782 int flags; 783 { 784 int error = 0, hostIsNew = 0, plen = -1; 785 struct in6_ifaddr *oia; 786 struct sockaddr_in6 dst6; 787 struct in6_addrlifetime *lt; 788 struct in6_multi_mship *imm; 789 struct in6_multi *in6m_sol; 790 struct rtentry *rt; 791 int dad_delay; 792 793 in6m_sol = NULL; 794 795 /* Validate parameters */ 796 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 797 return (EINVAL); 798 799 /* 800 * The destination address for a p2p link must have a family 801 * of AF_UNSPEC or AF_INET6. 802 */ 803 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 804 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 805 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 806 return (EAFNOSUPPORT); 807 /* 808 * validate ifra_prefixmask. don't check sin6_family, netmask 809 * does not carry fields other than sin6_len. 810 */ 811 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 812 return (EINVAL); 813 /* 814 * Because the IPv6 address architecture is classless, we require 815 * users to specify a (non 0) prefix length (mask) for a new address. 816 * We also require the prefix (when specified) mask is valid, and thus 817 * reject a non-consecutive mask. 818 */ 819 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 820 return (EINVAL); 821 if (ifra->ifra_prefixmask.sin6_len != 0) { 822 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 823 (u_char *)&ifra->ifra_prefixmask + 824 ifra->ifra_prefixmask.sin6_len); 825 if (plen <= 0) 826 return (EINVAL); 827 } else { 828 /* 829 * In this case, ia must not be NULL. We just use its prefix 830 * length. 831 */ 832 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 833 } 834 /* 835 * If the destination address on a p2p interface is specified, 836 * and the address is a scoped one, validate/set the scope 837 * zone identifier. 838 */ 839 dst6 = ifra->ifra_dstaddr; 840 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 841 (dst6.sin6_family == AF_INET6)) { 842 struct in6_addr in6_tmp; 843 u_int32_t zoneid; 844 845 in6_tmp = dst6.sin6_addr; 846 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 847 return (EINVAL); /* XXX: should be impossible */ 848 849 if (dst6.sin6_scope_id != 0) { 850 if (dst6.sin6_scope_id != zoneid) 851 return (EINVAL); 852 } else /* user omit to specify the ID. */ 853 dst6.sin6_scope_id = zoneid; 854 855 /* convert into the internal form */ 856 if (sa6_embedscope(&dst6, 0)) 857 return (EINVAL); /* XXX: should be impossible */ 858 } 859 /* 860 * The destination address can be specified only for a p2p or a 861 * loopback interface. If specified, the corresponding prefix length 862 * must be 128. 863 */ 864 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 865 #ifdef FORCE_P2PPLEN 866 int i; 867 #endif 868 869 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 870 /* XXX: noisy message */ 871 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 872 "be specified for a p2p or a loopback IF only\n")); 873 return (EINVAL); 874 } 875 if (plen != 128) { 876 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 877 "be 128 when dstaddr is specified\n")); 878 #ifdef FORCE_P2PPLEN 879 /* 880 * To be compatible with old configurations, 881 * such as ifconfig gif0 inet6 2001::1 2001::2 882 * prefixlen 126, we override the specified 883 * prefixmask as if the prefix length was 128. 884 */ 885 ifra->ifra_prefixmask.sin6_len = 886 sizeof(struct sockaddr_in6); 887 for (i = 0; i < 4; i++) 888 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 889 0xffffffff; 890 plen = 128; 891 #else 892 return (EINVAL); 893 #endif 894 } 895 } 896 /* lifetime consistency check */ 897 lt = &ifra->ifra_lifetime; 898 if (lt->ia6t_pltime > lt->ia6t_vltime) 899 return (EINVAL); 900 if (lt->ia6t_vltime == 0) { 901 /* 902 * the following log might be noisy, but this is a typical 903 * configuration mistake or a tool's bug. 904 */ 905 nd6log((LOG_INFO, 906 "in6_update_ifa: valid lifetime is 0 for %s\n", 907 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 908 909 if (ia == NULL) 910 return (0); /* there's nothing to do */ 911 } 912 913 /* 914 * If this is a new address, allocate a new ifaddr and link it 915 * into chains. 916 */ 917 if (ia == NULL) { 918 hostIsNew = 1; 919 /* 920 * When in6_update_ifa() is called in a process of a received 921 * RA, it is called under an interrupt context. So, we should 922 * call malloc with M_NOWAIT. 923 */ 924 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 925 M_NOWAIT); 926 if (ia == NULL) 927 return (ENOBUFS); 928 bzero((caddr_t)ia, sizeof(*ia)); 929 LIST_INIT(&ia->ia6_memberships); 930 /* Initialize the address and masks, and put time stamp */ 931 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 932 ia->ia_addr.sin6_family = AF_INET6; 933 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 934 ia->ia6_createtime = time_second; 935 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 936 /* 937 * XXX: some functions expect that ifa_dstaddr is not 938 * NULL for p2p interfaces. 939 */ 940 ia->ia_ifa.ifa_dstaddr = 941 (struct sockaddr *)&ia->ia_dstaddr; 942 } else { 943 ia->ia_ifa.ifa_dstaddr = NULL; 944 } 945 ia->ia_ifa.ifa_netmask = 946 (struct sockaddr *)&ia->ia_prefixmask; 947 948 ia->ia_ifp = ifp; 949 if ((oia = in6_ifaddr) != NULL) { 950 for ( ; oia->ia_next; oia = oia->ia_next) 951 continue; 952 oia->ia_next = ia; 953 } else 954 in6_ifaddr = ia; 955 /* gain a refcnt for the link from in6_ifaddr */ 956 IFAREF(&ia->ia_ifa); 957 958 TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa, 959 ifa_list); 960 /* gain another refcnt for the link from if_addrlist */ 961 IFAREF(&ia->ia_ifa); 962 } 963 964 /* update timestamp */ 965 ia->ia6_updatetime = time_second; 966 967 /* set prefix mask */ 968 if (ifra->ifra_prefixmask.sin6_len) { 969 /* 970 * We prohibit changing the prefix length of an existing 971 * address, because 972 * + such an operation should be rare in IPv6, and 973 * + the operation would confuse prefix management. 974 */ 975 if (ia->ia_prefixmask.sin6_len && 976 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 977 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 978 " existing (%s) address should not be changed\n", 979 ip6_sprintf(&ia->ia_addr.sin6_addr))); 980 error = EINVAL; 981 goto unlink; 982 } 983 ia->ia_prefixmask = ifra->ifra_prefixmask; 984 } 985 986 /* 987 * If a new destination address is specified, scrub the old one and 988 * install the new destination. Note that the interface must be 989 * p2p or loopback (see the check above.) 990 */ 991 if (dst6.sin6_family == AF_INET6 && 992 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 993 if ((ia->ia_flags & IFA_ROUTE) != 0 && 994 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 995 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 996 "a route to the old destination: %s\n", 997 ip6_sprintf(&ia->ia_addr.sin6_addr))); 998 /* proceed anyway... */ 999 } else 1000 ia->ia_flags &= ~IFA_ROUTE; 1001 ia->ia_dstaddr = dst6; 1002 } 1003 1004 /* 1005 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1006 * to see if the address is deprecated or invalidated, but initialize 1007 * these members for applications. 1008 */ 1009 ia->ia6_lifetime = ifra->ifra_lifetime; 1010 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1011 ia->ia6_lifetime.ia6t_expire = 1012 time_second + ia->ia6_lifetime.ia6t_vltime; 1013 } else 1014 ia->ia6_lifetime.ia6t_expire = 0; 1015 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1016 ia->ia6_lifetime.ia6t_preferred = 1017 time_second + ia->ia6_lifetime.ia6t_pltime; 1018 } else 1019 ia->ia6_lifetime.ia6t_preferred = 0; 1020 1021 /* reset the interface and routing table appropriately. */ 1022 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1023 goto unlink; 1024 1025 /* 1026 * configure address flags. 1027 */ 1028 ia->ia6_flags = ifra->ifra_flags; 1029 /* 1030 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1031 * userland, make it deprecated. 1032 */ 1033 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1034 ia->ia6_lifetime.ia6t_pltime = 0; 1035 ia->ia6_lifetime.ia6t_preferred = time_second; 1036 } 1037 1038 /* 1039 * Make the address tentative before joining multicast addresses, 1040 * so that corresponding MLD responses would not have a tentative 1041 * source address. 1042 */ 1043 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1044 if (hostIsNew && in6if_do_dad(ifp)) 1045 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1046 1047 /* 1048 * We are done if we have simply modified an existing address. 1049 */ 1050 if (!hostIsNew) 1051 return (error); 1052 1053 /* 1054 * Beyond this point, we should call in6_purgeaddr upon an error, 1055 * not just go to unlink. 1056 */ 1057 1058 /* join necessary multicast groups */ 1059 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1060 struct sockaddr_in6 mltaddr, mltmask; 1061 struct in6_addr llsol; 1062 1063 /* join solicited multicast addr for new host id */ 1064 bzero(&llsol, sizeof(struct in6_addr)); 1065 llsol.s6_addr16[0] = htons(0xff02); 1066 llsol.s6_addr32[1] = 0; 1067 llsol.s6_addr32[2] = htonl(1); 1068 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1069 llsol.s6_addr8[12] = 0xff; 1070 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1071 /* XXX: should not happen */ 1072 log(LOG_ERR, "in6_update_ifa: " 1073 "in6_setscope failed\n"); 1074 goto cleanup; 1075 } 1076 dad_delay = 0; 1077 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1078 /* 1079 * We need a random delay for DAD on the address 1080 * being configured. It also means delaying 1081 * transmission of the corresponding MLD report to 1082 * avoid report collision. 1083 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1084 */ 1085 dad_delay = arc4random() % 1086 (MAX_RTR_SOLICITATION_DELAY * hz); 1087 } 1088 1089 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1090 /* join solicited multicast addr for new host id */ 1091 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1092 if (!imm) { 1093 nd6log((LOG_ERR, 1094 "in6_update_ifa: addmulti " 1095 "failed for %s on %s (errno=%d)\n", 1096 ip6_sprintf(&llsol), if_name(ifp), error)); 1097 goto cleanup; 1098 } 1099 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1100 in6m_sol = imm->i6mm_maddr; 1101 1102 bzero(&mltmask, sizeof(mltmask)); 1103 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1104 mltmask.sin6_family = AF_INET6; 1105 mltmask.sin6_addr = in6mask32; 1106 1107 /* 1108 * join link-local all-nodes address 1109 */ 1110 bzero(&mltaddr, sizeof(mltaddr)); 1111 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1112 mltaddr.sin6_family = AF_INET6; 1113 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1114 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1115 0) 1116 goto cleanup; /* XXX: should not fail */ 1117 1118 /* 1119 * XXX: do we really need this automatic routes? 1120 * We should probably reconsider this stuff. Most applications 1121 * actually do not need the routes, since they usually specify 1122 * the outgoing interface. 1123 */ 1124 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1125 if (rt) { 1126 if (memcmp(&mltaddr.sin6_addr, 1127 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1128 MLTMASK_LEN)) { 1129 RTFREE(rt); 1130 rt = NULL; 1131 } 1132 } 1133 if (!rt) { 1134 struct rt_addrinfo info; 1135 1136 bzero(&info, sizeof(info)); 1137 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1138 info.rti_info[RTAX_GATEWAY] = 1139 (struct sockaddr *)&ia->ia_addr; 1140 info.rti_info[RTAX_NETMASK] = 1141 (struct sockaddr *)&mltmask; 1142 info.rti_info[RTAX_IFA] = 1143 (struct sockaddr *)&ia->ia_addr; 1144 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1145 info.rti_flags = RTF_UP | RTF_CLONING; 1146 error = rtrequest1(RTM_ADD, &info, NULL); 1147 if (error) 1148 goto cleanup; 1149 } else { 1150 RTFREE(rt); 1151 } 1152 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1153 if (!imm) { 1154 nd6log((LOG_WARNING, 1155 "in6_update_ifa: addmulti failed for " 1156 "%s on %s (errno=%d)\n", 1157 ip6_sprintf(&mltaddr.sin6_addr), 1158 if_name(ifp), error)); 1159 goto cleanup; 1160 } 1161 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1162 1163 /* 1164 * join node information group address 1165 */ 1166 dad_delay = 0; 1167 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1168 /* 1169 * The spec doesn't say anything about delay for this 1170 * group, but the same logic should apply. 1171 */ 1172 dad_delay = arc4random() % 1173 (MAX_RTR_SOLICITATION_DELAY * hz); 1174 } 1175 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) { 1176 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1177 dad_delay); /* XXX jinmei */ 1178 if (!imm) { 1179 nd6log((LOG_WARNING, "in6_update_ifa: " 1180 "addmulti failed for %s on %s (errno=%d)\n", 1181 ip6_sprintf(&mltaddr.sin6_addr), 1182 if_name(ifp), error)); 1183 /* XXX not very fatal, go on... */ 1184 } else { 1185 LIST_INSERT_HEAD(&ia->ia6_memberships, 1186 imm, i6mm_chain); 1187 } 1188 } 1189 1190 1191 /* 1192 * join interface-local all-nodes address. 1193 * (ff01::1%ifN, and ff01::%ifN/32) 1194 */ 1195 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1196 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) 1197 != 0) 1198 goto cleanup; /* XXX: should not fail */ 1199 1200 /* XXX: again, do we really need the route? */ 1201 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1202 if (rt) { 1203 /* 32bit came from "mltmask" */ 1204 if (memcmp(&mltaddr.sin6_addr, 1205 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1206 32 / 8)) { 1207 RTFREE(rt); 1208 rt = NULL; 1209 } 1210 } 1211 if (!rt) { 1212 struct rt_addrinfo info; 1213 1214 bzero(&info, sizeof(info)); 1215 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1216 info.rti_info[RTAX_GATEWAY] = 1217 (struct sockaddr *)&ia->ia_addr; 1218 info.rti_info[RTAX_NETMASK] = 1219 (struct sockaddr *)&mltmask; 1220 info.rti_info[RTAX_IFA] = 1221 (struct sockaddr *)&ia->ia_addr; 1222 info.rti_flags = RTF_UP | RTF_CLONING; 1223 error = rtrequest1(RTM_ADD, &info, NULL); 1224 if (error) 1225 goto cleanup; 1226 #undef MLTMASK_LEN 1227 } else { 1228 RTFREE(rt); 1229 } 1230 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1231 if (!imm) { 1232 nd6log((LOG_WARNING, "in6_update_ifa: " 1233 "addmulti failed for %s on %s (errno=%d)\n", 1234 ip6_sprintf(&mltaddr.sin6_addr), 1235 if_name(ifp), error)); 1236 goto cleanup; 1237 } else { 1238 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1239 } 1240 } 1241 1242 /* 1243 * Perform DAD, if needed. 1244 * XXX It may be of use, if we can administratively 1245 * disable DAD. 1246 */ 1247 if (hostIsNew && in6if_do_dad(ifp) && 1248 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1249 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1250 { 1251 int mindelay, maxdelay; 1252 1253 dad_delay = 0; 1254 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1255 /* 1256 * We need to impose a delay before sending an NS 1257 * for DAD. Check if we also needed a delay for the 1258 * corresponding MLD message. If we did, the delay 1259 * should be larger than the MLD delay (this could be 1260 * relaxed a bit, but this simple logic is at least 1261 * safe). 1262 */ 1263 mindelay = 0; 1264 if (in6m_sol != NULL && 1265 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1266 mindelay = in6m_sol->in6m_timer; 1267 } 1268 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1269 if (maxdelay - mindelay == 0) 1270 dad_delay = 0; 1271 else { 1272 dad_delay = 1273 (arc4random() % (maxdelay - mindelay)) + 1274 mindelay; 1275 } 1276 } 1277 nd6_dad_start((struct ifaddr *)ia, dad_delay); 1278 } 1279 1280 return (error); 1281 1282 unlink: 1283 /* 1284 * XXX: if a change of an existing address failed, keep the entry 1285 * anyway. 1286 */ 1287 if (hostIsNew) 1288 in6_unlink_ifa(ia, ifp); 1289 return (error); 1290 1291 cleanup: 1292 in6_purgeaddr(&ia->ia_ifa); 1293 return error; 1294 } 1295 1296 void 1297 in6_purgeaddr(ifa) 1298 struct ifaddr *ifa; 1299 { 1300 struct ifnet *ifp = ifa->ifa_ifp; 1301 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1302 struct in6_multi_mship *imm; 1303 1304 /* stop DAD processing */ 1305 nd6_dad_stop(ifa); 1306 1307 /* 1308 * delete route to the destination of the address being purged. 1309 * The interface must be p2p or loopback in this case. 1310 */ 1311 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1312 int e; 1313 1314 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1315 != 0) { 1316 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1317 "a route to the p2p destination: %s on %s, " 1318 "errno=%d\n", 1319 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1320 e); 1321 /* proceed anyway... */ 1322 } else 1323 ia->ia_flags &= ~IFA_ROUTE; 1324 } 1325 1326 /* Remove ownaddr's loopback rtentry, if it exists. */ 1327 in6_ifremloop(&(ia->ia_ifa)); 1328 1329 /* 1330 * leave from multicast groups we have joined for the interface 1331 */ 1332 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 1333 LIST_REMOVE(imm, i6mm_chain); 1334 in6_leavegroup(imm); 1335 } 1336 1337 in6_unlink_ifa(ia, ifp); 1338 } 1339 1340 static void 1341 in6_unlink_ifa(ia, ifp) 1342 struct in6_ifaddr *ia; 1343 struct ifnet *ifp; 1344 { 1345 struct in6_ifaddr *oia; 1346 int s = splnet(); 1347 1348 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); 1349 /* release a refcnt for the link from if_addrlist */ 1350 IFAFREE(&ia->ia_ifa); 1351 1352 oia = ia; 1353 if (oia == (ia = in6_ifaddr)) 1354 in6_ifaddr = ia->ia_next; 1355 else { 1356 while (ia->ia_next && (ia->ia_next != oia)) 1357 ia = ia->ia_next; 1358 if (ia->ia_next) 1359 ia->ia_next = oia->ia_next; 1360 else { 1361 /* search failed */ 1362 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1363 } 1364 } 1365 1366 if (oia->ia6_multiaddrs.lh_first != NULL) { 1367 /* 1368 * XXX thorpej@NetBSD.org -- if the interface is going 1369 * XXX away, don't save the multicast entries, delete them! 1370 */ 1371 if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1372 struct in6_multi *in6m; 1373 1374 while ((in6m = 1375 LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) 1376 in6_delmulti(in6m); 1377 } else 1378 in6_savemkludge(oia); 1379 } 1380 1381 /* 1382 * Release the reference to the base prefix. There should be a 1383 * positive reference. 1384 */ 1385 if (oia->ia6_ndpr == NULL) { 1386 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1387 "%p has no prefix\n", oia)); 1388 } else { 1389 oia->ia6_ndpr->ndpr_refcnt--; 1390 oia->ia6_ndpr = NULL; 1391 } 1392 1393 /* 1394 * Also, if the address being removed is autoconf'ed, call 1395 * pfxlist_onlink_check() since the release might affect the status of 1396 * other (detached) addresses. 1397 */ 1398 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1399 pfxlist_onlink_check(); 1400 1401 /* 1402 * release another refcnt for the link from in6_ifaddr. 1403 * Note that we should decrement the refcnt at least once for all *BSD. 1404 */ 1405 IFAFREE(&oia->ia_ifa); 1406 1407 splx(s); 1408 } 1409 1410 void 1411 in6_purgeif(ifp) 1412 struct ifnet *ifp; 1413 { 1414 struct ifaddr *ifa, *nifa; 1415 1416 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa) 1417 { 1418 nifa = TAILQ_NEXT(ifa, ifa_list); 1419 if (ifa->ifa_addr->sa_family != AF_INET6) 1420 continue; 1421 in6_purgeaddr(ifa); 1422 } 1423 1424 in6_ifdetach(ifp); 1425 } 1426 1427 /* 1428 * SIOC[GAD]LIFADDR. 1429 * SIOCGLIFADDR: get first address. (?) 1430 * SIOCGLIFADDR with IFLR_PREFIX: 1431 * get first address that matches the specified prefix. 1432 * SIOCALIFADDR: add the specified address. 1433 * SIOCALIFADDR with IFLR_PREFIX: 1434 * add the specified prefix, filling hostid part from 1435 * the first link-local address. prefixlen must be <= 64. 1436 * SIOCDLIFADDR: delete the specified address. 1437 * SIOCDLIFADDR with IFLR_PREFIX: 1438 * delete the first address that matches the specified prefix. 1439 * return values: 1440 * EINVAL on invalid parameters 1441 * EADDRNOTAVAIL on prefix match failed/specified address not found 1442 * other values may be returned from in6_ioctl() 1443 * 1444 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1445 * this is to accomodate address naming scheme other than RFC2374, 1446 * in the future. 1447 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1448 * address encoding scheme. (see figure on page 8) 1449 */ 1450 static int 1451 in6_lifaddr_ioctl(so, cmd, data, ifp, p) 1452 struct socket *so; 1453 u_long cmd; 1454 caddr_t data; 1455 struct ifnet *ifp; 1456 struct proc *p; 1457 { 1458 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1459 struct ifaddr *ifa; 1460 struct sockaddr *sa; 1461 1462 /* sanity checks */ 1463 if (!data || !ifp) { 1464 panic("invalid argument to in6_lifaddr_ioctl"); 1465 /* NOTREACHED */ 1466 } 1467 1468 switch (cmd) { 1469 case SIOCGLIFADDR: 1470 /* address must be specified on GET with IFLR_PREFIX */ 1471 if ((iflr->flags & IFLR_PREFIX) == 0) 1472 break; 1473 /* FALLTHROUGH */ 1474 case SIOCALIFADDR: 1475 case SIOCDLIFADDR: 1476 /* address must be specified on ADD and DELETE */ 1477 sa = (struct sockaddr *)&iflr->addr; 1478 if (sa->sa_family != AF_INET6) 1479 return EINVAL; 1480 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1481 return EINVAL; 1482 /* XXX need improvement */ 1483 sa = (struct sockaddr *)&iflr->dstaddr; 1484 if (sa->sa_family && sa->sa_family != AF_INET6) 1485 return EINVAL; 1486 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1487 return EINVAL; 1488 break; 1489 default: /* shouldn't happen */ 1490 #if 0 1491 panic("invalid cmd to in6_lifaddr_ioctl"); 1492 /* NOTREACHED */ 1493 #else 1494 return EOPNOTSUPP; 1495 #endif 1496 } 1497 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1498 return EINVAL; 1499 1500 switch (cmd) { 1501 case SIOCALIFADDR: 1502 { 1503 struct in6_aliasreq ifra; 1504 struct in6_addr *xhostid = NULL; 1505 int prefixlen; 1506 1507 if ((iflr->flags & IFLR_PREFIX) != 0) { 1508 struct sockaddr_in6 *sin6; 1509 1510 /* 1511 * xhostid is to fill in the hostid part of the 1512 * address. xhostid points to the first link-local 1513 * address attached to the interface. 1514 */ 1515 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1516 if (!ifa) 1517 return EADDRNOTAVAIL; 1518 xhostid = IFA_IN6(ifa); 1519 1520 /* prefixlen must be <= 64. */ 1521 if (64 < iflr->prefixlen) 1522 return EINVAL; 1523 prefixlen = iflr->prefixlen; 1524 1525 /* hostid part must be zero. */ 1526 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1527 if (sin6->sin6_addr.s6_addr32[2] != 0 1528 || sin6->sin6_addr.s6_addr32[3] != 0) { 1529 return EINVAL; 1530 } 1531 } else 1532 prefixlen = iflr->prefixlen; 1533 1534 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1535 bzero(&ifra, sizeof(ifra)); 1536 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1537 1538 bcopy(&iflr->addr, &ifra.ifra_addr, 1539 ((struct sockaddr *)&iflr->addr)->sa_len); 1540 if (xhostid) { 1541 /* fill in hostid part */ 1542 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1543 xhostid->s6_addr32[2]; 1544 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1545 xhostid->s6_addr32[3]; 1546 } 1547 1548 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1549 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1550 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1551 if (xhostid) { 1552 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1553 xhostid->s6_addr32[2]; 1554 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1555 xhostid->s6_addr32[3]; 1556 } 1557 } 1558 1559 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1560 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1561 1562 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1563 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, p); 1564 } 1565 case SIOCGLIFADDR: 1566 case SIOCDLIFADDR: 1567 { 1568 struct in6_ifaddr *ia; 1569 struct in6_addr mask, candidate, match; 1570 struct sockaddr_in6 *sin6; 1571 int cmp; 1572 1573 bzero(&mask, sizeof(mask)); 1574 if (iflr->flags & IFLR_PREFIX) { 1575 /* lookup a prefix rather than address. */ 1576 in6_prefixlen2mask(&mask, iflr->prefixlen); 1577 1578 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1579 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1580 match.s6_addr32[0] &= mask.s6_addr32[0]; 1581 match.s6_addr32[1] &= mask.s6_addr32[1]; 1582 match.s6_addr32[2] &= mask.s6_addr32[2]; 1583 match.s6_addr32[3] &= mask.s6_addr32[3]; 1584 1585 /* if you set extra bits, that's wrong */ 1586 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1587 return EINVAL; 1588 1589 cmp = 1; 1590 } else { 1591 if (cmd == SIOCGLIFADDR) { 1592 /* on getting an address, take the 1st match */ 1593 cmp = 0; /* XXX */ 1594 } else { 1595 /* on deleting an address, do exact match */ 1596 in6_prefixlen2mask(&mask, 128); 1597 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1598 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1599 1600 cmp = 1; 1601 } 1602 } 1603 1604 for (ifa = ifp->if_addrlist.tqh_first; 1605 ifa; 1606 ifa = ifa->ifa_list.tqe_next) 1607 { 1608 if (ifa->ifa_addr->sa_family != AF_INET6) 1609 continue; 1610 if (!cmp) 1611 break; 1612 1613 /* 1614 * XXX: this is adhoc, but is necessary to allow 1615 * a user to specify fe80::/64 (not /10) for a 1616 * link-local address. 1617 */ 1618 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1619 in6_clearscope(&candidate); 1620 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1621 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1622 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1623 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1624 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1625 break; 1626 } 1627 if (!ifa) 1628 return EADDRNOTAVAIL; 1629 ia = ifa2ia6(ifa); 1630 1631 if (cmd == SIOCGLIFADDR) { 1632 int error; 1633 1634 /* fill in the if_laddrreq structure */ 1635 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1636 error = sa6_recoverscope( 1637 (struct sockaddr_in6 *)&iflr->addr); 1638 if (error != 0) 1639 return (error); 1640 1641 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1642 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1643 ia->ia_dstaddr.sin6_len); 1644 error = sa6_recoverscope( 1645 (struct sockaddr_in6 *)&iflr->dstaddr); 1646 if (error != 0) 1647 return (error); 1648 } else 1649 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1650 1651 iflr->prefixlen = 1652 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1653 1654 iflr->flags = ia->ia6_flags; /* XXX */ 1655 1656 return 0; 1657 } else { 1658 struct in6_aliasreq ifra; 1659 1660 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1661 bzero(&ifra, sizeof(ifra)); 1662 bcopy(iflr->iflr_name, ifra.ifra_name, 1663 sizeof(ifra.ifra_name)); 1664 1665 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1666 ia->ia_addr.sin6_len); 1667 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1668 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1669 ia->ia_dstaddr.sin6_len); 1670 } else { 1671 bzero(&ifra.ifra_dstaddr, 1672 sizeof(ifra.ifra_dstaddr)); 1673 } 1674 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1675 ia->ia_prefixmask.sin6_len); 1676 1677 ifra.ifra_flags = ia->ia6_flags; 1678 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1679 ifp, p); 1680 } 1681 } 1682 } 1683 1684 return EOPNOTSUPP; /* just for safety */ 1685 } 1686 1687 /* 1688 * Initialize an interface's intetnet6 address 1689 * and routing table entry. 1690 */ 1691 static int 1692 in6_ifinit(ifp, ia, sin6, newhost) 1693 struct ifnet *ifp; 1694 struct in6_ifaddr *ia; 1695 struct sockaddr_in6 *sin6; 1696 int newhost; 1697 { 1698 int error = 0, plen, ifacount = 0; 1699 int s = splnet(); 1700 struct ifaddr *ifa; 1701 1702 /* 1703 * Give the interface a chance to initialize 1704 * if this is its first address, 1705 * and to validate the address if necessary. 1706 */ 1707 for (ifa = ifp->if_addrlist.tqh_first; ifa; 1708 ifa = ifa->ifa_list.tqe_next) 1709 { 1710 if (ifa->ifa_addr == NULL) 1711 continue; /* just for safety */ 1712 if (ifa->ifa_addr->sa_family != AF_INET6) 1713 continue; 1714 ifacount++; 1715 } 1716 1717 ia->ia_addr = *sin6; 1718 1719 if (ifacount <= 1 && ifp->if_ioctl && 1720 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia))) { 1721 splx(s); 1722 return (error); 1723 } 1724 splx(s); 1725 1726 ia->ia_ifa.ifa_metric = ifp->if_metric; 1727 1728 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1729 1730 /* 1731 * Special case: 1732 * If the destination address is specified for a point-to-point 1733 * interface, install a route to the destination as an interface 1734 * direct route. 1735 */ 1736 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1737 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1738 if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD, 1739 RTF_UP | RTF_HOST)) != 0) 1740 return (error); 1741 ia->ia_flags |= IFA_ROUTE; 1742 } 1743 1744 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1745 if (newhost) { 1746 /* set the rtrequest function to create llinfo */ 1747 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1748 in6_ifaddloop(&(ia->ia_ifa)); 1749 } 1750 1751 if (ifp->if_flags & IFF_MULTICAST) 1752 in6_restoremkludge(ia, ifp); 1753 1754 return (error); 1755 } 1756 1757 /* 1758 * Find an IPv6 interface link-local address specific to an interface. 1759 */ 1760 struct in6_ifaddr * 1761 in6ifa_ifpforlinklocal(ifp, ignoreflags) 1762 struct ifnet *ifp; 1763 int ignoreflags; 1764 { 1765 struct ifaddr *ifa; 1766 1767 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 1768 { 1769 if (ifa->ifa_addr == NULL) 1770 continue; /* just for safety */ 1771 if (ifa->ifa_addr->sa_family != AF_INET6) 1772 continue; 1773 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1774 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1775 ignoreflags) != 0) 1776 continue; 1777 break; 1778 } 1779 } 1780 1781 return ((struct in6_ifaddr *)ifa); 1782 } 1783 1784 1785 /* 1786 * find the internet address corresponding to a given interface and address. 1787 */ 1788 struct in6_ifaddr * 1789 in6ifa_ifpwithaddr(ifp, addr) 1790 struct ifnet *ifp; 1791 struct in6_addr *addr; 1792 { 1793 struct ifaddr *ifa; 1794 1795 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 1796 { 1797 if (ifa->ifa_addr == NULL) 1798 continue; /* just for safety */ 1799 if (ifa->ifa_addr->sa_family != AF_INET6) 1800 continue; 1801 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1802 break; 1803 } 1804 1805 return ((struct in6_ifaddr *)ifa); 1806 } 1807 1808 /* 1809 * Convert IP6 address to printable (loggable) representation. 1810 */ 1811 static int ip6round = 0; 1812 char * 1813 ip6_sprintf(addr) 1814 const struct in6_addr *addr; 1815 { 1816 static char ip6buf[8][48]; 1817 int i; 1818 char *cp; 1819 const u_int16_t *a = (const u_int16_t *)addr; 1820 const u_int8_t *d; 1821 int dcolon = 0; 1822 1823 ip6round = (ip6round + 1) & 7; 1824 cp = ip6buf[ip6round]; 1825 1826 for (i = 0; i < 8; i++) { 1827 if (dcolon == 1) { 1828 if (*a == 0) { 1829 if (i == 7) 1830 *cp++ = ':'; 1831 a++; 1832 continue; 1833 } else 1834 dcolon = 2; 1835 } 1836 if (*a == 0) { 1837 if (dcolon == 0 && *(a + 1) == 0) { 1838 if (i == 0) 1839 *cp++ = ':'; 1840 *cp++ = ':'; 1841 dcolon = 1; 1842 } else { 1843 *cp++ = '0'; 1844 *cp++ = ':'; 1845 } 1846 a++; 1847 continue; 1848 } 1849 d = (const u_char *)a; 1850 *cp++ = hexdigits[*d >> 4]; 1851 *cp++ = hexdigits[*d++ & 0xf]; 1852 *cp++ = hexdigits[*d >> 4]; 1853 *cp++ = hexdigits[*d & 0xf]; 1854 *cp++ = ':'; 1855 a++; 1856 } 1857 *--cp = 0; 1858 return (ip6buf[ip6round]); 1859 } 1860 1861 /* 1862 * Determine if an address is on a local network. 1863 */ 1864 int 1865 in6_localaddr(in6) 1866 struct in6_addr *in6; 1867 { 1868 struct in6_ifaddr *ia; 1869 1870 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1871 return (1); 1872 1873 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1874 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1875 &ia->ia_prefixmask.sin6_addr)) 1876 return (1); 1877 1878 return (0); 1879 } 1880 1881 int 1882 in6_is_addr_deprecated(sa6) 1883 struct sockaddr_in6 *sa6; 1884 { 1885 struct in6_ifaddr *ia; 1886 1887 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1888 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1889 &sa6->sin6_addr) && 1890 #ifdef SCOPEDROUTING 1891 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1892 #endif 1893 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1894 return (1); /* true */ 1895 1896 /* XXX: do we still have to go thru the rest of the list? */ 1897 } 1898 1899 return (0); /* false */ 1900 } 1901 1902 /* 1903 * return length of part which dst and src are equal 1904 * hard coding... 1905 */ 1906 int 1907 in6_matchlen(src, dst) 1908 struct in6_addr *src, *dst; 1909 { 1910 int match = 0; 1911 u_char *s = (u_char *)src, *d = (u_char *)dst; 1912 u_char *lim = s + 16, r; 1913 1914 while (s < lim) 1915 if ((r = (*d++ ^ *s++)) != 0) { 1916 while (r < 128) { 1917 match++; 1918 r <<= 1; 1919 } 1920 break; 1921 } else 1922 match += 8; 1923 return match; 1924 } 1925 1926 /* XXX: to be scope conscious */ 1927 int 1928 in6_are_prefix_equal(p1, p2, len) 1929 struct in6_addr *p1, *p2; 1930 int len; 1931 { 1932 int bytelen, bitlen; 1933 1934 /* sanity check */ 1935 if (len < 0 || len > 128) { 1936 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1937 len); 1938 return (0); 1939 } 1940 1941 bytelen = len / 8; 1942 bitlen = len % 8; 1943 1944 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1945 return (0); 1946 if (bitlen != 0 && 1947 p1->s6_addr[bytelen] >> (8 - bitlen) != 1948 p2->s6_addr[bytelen] >> (8 - bitlen)) 1949 return (0); 1950 1951 return (1); 1952 } 1953 1954 void 1955 in6_prefixlen2mask(maskp, len) 1956 struct in6_addr *maskp; 1957 int len; 1958 { 1959 static const u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1960 int bytelen, bitlen, i; 1961 1962 /* sanity check */ 1963 if (len < 0 || len > 128) { 1964 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1965 len); 1966 return; 1967 } 1968 1969 bzero(maskp, sizeof(*maskp)); 1970 bytelen = len / 8; 1971 bitlen = len % 8; 1972 for (i = 0; i < bytelen; i++) 1973 maskp->s6_addr[i] = 0xff; 1974 if (bitlen) 1975 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1976 } 1977 1978 /* 1979 * return the best address out of the same scope. if no address was 1980 * found, return the first valid address from designated IF. 1981 */ 1982 struct in6_ifaddr * 1983 in6_ifawithifp(ifp, dst) 1984 struct ifnet *ifp; 1985 struct in6_addr *dst; 1986 { 1987 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 1988 struct ifaddr *ifa; 1989 struct in6_ifaddr *besta = 0; 1990 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 1991 1992 dep[0] = dep[1] = NULL; 1993 1994 /* 1995 * We first look for addresses in the same scope. 1996 * If there is one, return it. 1997 * If two or more, return one which matches the dst longest. 1998 * If none, return one of global addresses assigned other ifs. 1999 */ 2000 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2001 { 2002 if (ifa->ifa_addr->sa_family != AF_INET6) 2003 continue; 2004 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2005 continue; /* XXX: is there any case to allow anycast? */ 2006 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2007 continue; /* don't use this interface */ 2008 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2009 continue; 2010 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2011 if (ip6_use_deprecated) 2012 dep[0] = (struct in6_ifaddr *)ifa; 2013 continue; 2014 } 2015 2016 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2017 /* 2018 * call in6_matchlen() as few as possible 2019 */ 2020 if (besta) { 2021 if (blen == -1) 2022 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2023 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2024 if (tlen > blen) { 2025 blen = tlen; 2026 besta = (struct in6_ifaddr *)ifa; 2027 } 2028 } else 2029 besta = (struct in6_ifaddr *)ifa; 2030 } 2031 } 2032 if (besta) 2033 return (besta); 2034 2035 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2036 { 2037 if (ifa->ifa_addr->sa_family != AF_INET6) 2038 continue; 2039 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2040 continue; /* XXX: is there any case to allow anycast? */ 2041 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2042 continue; /* don't use this interface */ 2043 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2044 continue; 2045 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2046 if (ip6_use_deprecated) 2047 dep[1] = (struct in6_ifaddr *)ifa; 2048 continue; 2049 } 2050 2051 return (struct in6_ifaddr *)ifa; 2052 } 2053 2054 /* use the last-resort values, that are, deprecated addresses */ 2055 if (dep[0]) 2056 return dep[0]; 2057 if (dep[1]) 2058 return dep[1]; 2059 2060 return NULL; 2061 } 2062 2063 /* 2064 * perform DAD when interface becomes IFF_UP. 2065 */ 2066 void 2067 in6_if_up(ifp) 2068 struct ifnet *ifp; 2069 { 2070 struct ifaddr *ifa; 2071 struct in6_ifaddr *ia; 2072 2073 for (ifa = ifp->if_addrlist.tqh_first; ifa; ifa = ifa->ifa_list.tqe_next) 2074 { 2075 if (ifa->ifa_addr->sa_family != AF_INET6) 2076 continue; 2077 ia = (struct in6_ifaddr *)ifa; 2078 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2079 /* 2080 * The TENTATIVE flag was likely set by hand 2081 * beforehand, implicitly indicating the need for DAD. 2082 * We may be able to skip the random delay in this 2083 * case, but we impose delays just in case. 2084 */ 2085 nd6_dad_start(ifa, 2086 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2087 } 2088 } 2089 2090 /* 2091 * special cases, like 6to4, are handled in in6_ifattach 2092 */ 2093 in6_ifattach(ifp, NULL); 2094 } 2095 2096 int 2097 in6if_do_dad(ifp) 2098 struct ifnet *ifp; 2099 { 2100 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2101 return (0); 2102 2103 switch (ifp->if_type) { 2104 case IFT_FAITH: 2105 /* 2106 * These interfaces do not have the IFF_LOOPBACK flag, 2107 * but loop packets back. We do not have to do DAD on such 2108 * interfaces. We should even omit it, because loop-backed 2109 * NS would confuse the DAD procedure. 2110 */ 2111 return (0); 2112 default: 2113 /* 2114 * Our DAD routine requires the interface up and running. 2115 * However, some interfaces can be up before the RUNNING 2116 * status. Additionaly, users may try to assign addresses 2117 * before the interface becomes up (or running). 2118 * We simply skip DAD in such a case as a work around. 2119 * XXX: we should rather mark "tentative" on such addresses, 2120 * and do DAD after the interface becomes ready. 2121 */ 2122 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2123 (IFF_UP|IFF_RUNNING)) 2124 return (0); 2125 2126 return (1); 2127 } 2128 } 2129 2130 /* 2131 * Calculate max IPv6 MTU through all the interfaces and store it 2132 * to in6_maxmtu. 2133 */ 2134 void 2135 in6_setmaxmtu() 2136 { 2137 unsigned long maxmtu = 0; 2138 struct ifnet *ifp; 2139 2140 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 2141 { 2142 /* this function can be called during ifnet initialization */ 2143 if (!ifp->if_afdata[AF_INET6]) 2144 continue; 2145 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2146 IN6_LINKMTU(ifp) > maxmtu) 2147 maxmtu = IN6_LINKMTU(ifp); 2148 } 2149 if (maxmtu) /* update only when maxmtu is positive */ 2150 in6_maxmtu = maxmtu; 2151 } 2152 2153 /* 2154 * Provide the length of interface identifiers to be used for the link attached 2155 * to the given interface. The length should be defined in "IPv6 over 2156 * xxx-link" document. Note that address architecture might also define 2157 * the length for a particular set of address prefixes, regardless of the 2158 * link type. As clarified in rfc2462bis, those two definitions should be 2159 * consistent, and those really are as of August 2004. 2160 */ 2161 int 2162 in6_if2idlen(ifp) 2163 struct ifnet *ifp; 2164 { 2165 switch (ifp->if_type) { 2166 case IFT_ETHER: /* RFC2464 */ 2167 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2168 case IFT_L2VLAN: /* ditto */ 2169 case IFT_IEEE80211: /* ditto */ 2170 case IFT_FDDI: /* RFC2467 */ 2171 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2172 case IFT_PPP: /* RFC2472 */ 2173 case IFT_ARCNET: /* RFC2497 */ 2174 case IFT_FRELAY: /* RFC2590 */ 2175 case IFT_IEEE1394: /* RFC3146 */ 2176 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2177 case IFT_LOOP: /* XXX: is this really correct? */ 2178 return 64; 2179 default: 2180 /* 2181 * Unknown link type: 2182 * It might be controversial to use the today's common constant 2183 * of 64 for these cases unconditionally. For full compliance, 2184 * we should return an error in this case. On the other hand, 2185 * if we simply miss the standard for the link type or a new 2186 * standard is defined for a new link type, the IFID length 2187 * is very likely to be the common constant. As a compromise, 2188 * we always use the constant, but make an explicit notice 2189 * indicating the "unknown" case. 2190 */ 2191 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2192 return 64; 2193 } 2194 } 2195 2196 void * 2197 in6_domifattach(ifp) 2198 struct ifnet *ifp; 2199 { 2200 struct in6_ifextra *ext; 2201 2202 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2203 bzero(ext, sizeof(*ext)); 2204 2205 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2206 M_IFADDR, M_WAITOK); 2207 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2208 2209 ext->icmp6_ifstat = 2210 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2211 M_IFADDR, M_WAITOK); 2212 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2213 2214 ext->nd_ifinfo = nd6_ifattach(ifp); 2215 ext->scope6_id = scope6_ifattach(ifp); 2216 return ext; 2217 } 2218 2219 void 2220 in6_domifdetach(ifp, aux) 2221 struct ifnet *ifp; 2222 void *aux; 2223 { 2224 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2225 2226 nd6_ifdetach(ext->nd_ifinfo); 2227 free(ext->in6_ifstat, M_IFADDR); 2228 free(ext->icmp6_ifstat, M_IFADDR); 2229 scope6_ifdetach(ext->scope6_id); 2230 free(ext, M_IFADDR); 2231 } 2232