1 /* $OpenBSD: in6.c,v 1.242 2020/08/07 18:09:16 florian Exp $ */ 2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include "carp.h" 65 66 #include <sys/param.h> 67 #include <sys/ioctl.h> 68 #include <sys/errno.h> 69 #include <sys/malloc.h> 70 #include <sys/socket.h> 71 #include <sys/socketvar.h> 72 #include <sys/sockio.h> 73 #include <sys/mbuf.h> 74 #include <sys/systm.h> 75 #include <sys/time.h> 76 #include <sys/kernel.h> 77 #include <sys/syslog.h> 78 79 #include <net/if.h> 80 #include <net/if_dl.h> 81 #include <net/if_types.h> 82 #include <net/route.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_ether.h> 86 87 #include <netinet6/in6_var.h> 88 #include <netinet/ip6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet6/nd6.h> 91 #include <netinet6/mld6_var.h> 92 #ifdef MROUTING 93 #include <netinet6/ip6_mroute.h> 94 #endif 95 #include <netinet6/in6_ifattach.h> 96 #if NCARP > 0 97 #include <netinet/ip_carp.h> 98 #endif 99 100 /* 101 * Definitions of some constant IP6 addresses. 102 */ 103 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 104 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 105 const struct in6_addr in6addr_intfacelocal_allnodes = 106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT; 107 const struct in6_addr in6addr_linklocal_allnodes = 108 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 109 const struct in6_addr in6addr_linklocal_allrouters = 110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 111 112 const struct in6_addr in6mask0 = IN6MASK0; 113 const struct in6_addr in6mask32 = IN6MASK32; 114 const struct in6_addr in6mask64 = IN6MASK64; 115 const struct in6_addr in6mask96 = IN6MASK96; 116 const struct in6_addr in6mask128 = IN6MASK128; 117 118 int in6_ioctl(u_long, caddr_t, struct ifnet *, int); 119 int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *); 120 int in6_ioctl_get(u_long, caddr_t, struct ifnet *); 121 int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int); 122 int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int); 123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 125 126 const struct sockaddr_in6 sa6_any = { 127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 128 }; 129 130 int 131 in6_mask2len(struct in6_addr *mask, u_char *lim0) 132 { 133 int x = 0, y; 134 u_char *lim = lim0, *p; 135 136 /* ignore the scope_id part */ 137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 138 lim = (u_char *)mask + sizeof(*mask); 139 for (p = (u_char *)mask; p < lim; x++, p++) { 140 if (*p != 0xff) 141 break; 142 } 143 y = 0; 144 if (p < lim) { 145 for (y = 0; y < 8; y++) { 146 if ((*p & (0x80 >> y)) == 0) 147 break; 148 } 149 } 150 151 /* 152 * when the limit pointer is given, do a stricter check on the 153 * remaining bits. 154 */ 155 if (p < lim) { 156 if (y != 0 && (*p & (0x00ff >> y)) != 0) 157 return (-1); 158 for (p = p + 1; p < lim; p++) 159 if (*p != 0) 160 return (-1); 161 } 162 163 return x * 8 + y; 164 } 165 166 int 167 in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) 168 { 169 struct sockaddr *sa = mtod(nam, struct sockaddr *); 170 171 if (nam->m_len < offsetof(struct sockaddr, sa_data)) 172 return EINVAL; 173 if (sa->sa_family != AF_INET6) 174 return EAFNOSUPPORT; 175 if (sa->sa_len != nam->m_len) 176 return EINVAL; 177 if (sa->sa_len != sizeof(struct sockaddr_in6)) 178 return EINVAL; 179 *sin6 = satosin6(sa); 180 181 return 0; 182 } 183 184 int 185 in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6) 186 { 187 if (sa->sa_family != AF_INET6) 188 return EAFNOSUPPORT; 189 if (sa->sa_len != sizeof(struct sockaddr_in6)) 190 return EINVAL; 191 *sin6 = satosin6(sa); 192 193 return 0; 194 } 195 196 int 197 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) 198 { 199 int privileged; 200 int error; 201 202 privileged = 0; 203 if ((so->so_state & SS_PRIV) != 0) 204 privileged++; 205 206 switch (cmd) { 207 #ifdef MROUTING 208 case SIOCGETSGCNT_IN6: 209 case SIOCGETMIFCNT_IN6: 210 error = mrt6_ioctl(so, cmd, data); 211 break; 212 #endif /* MROUTING */ 213 default: 214 error = in6_ioctl(cmd, data, ifp, privileged); 215 break; 216 } 217 218 return error; 219 } 220 221 int 222 in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) 223 { 224 if (ifp == NULL) 225 return (ENXIO); 226 227 switch (cmd) { 228 case SIOCGIFINFO_IN6: 229 case SIOCGNBRINFO_IN6: 230 return (nd6_ioctl(cmd, data, ifp)); 231 case SIOCGIFDSTADDR_IN6: 232 case SIOCGIFNETMASK_IN6: 233 case SIOCGIFAFLAG_IN6: 234 case SIOCGIFALIFETIME_IN6: 235 return (in6_ioctl_get(cmd, data, ifp)); 236 case SIOCAIFADDR_IN6: 237 case SIOCDIFADDR_IN6: 238 if (!privileged) 239 return (EPERM); 240 return (in6_ioctl_change_ifaddr(cmd, data, ifp)); 241 case SIOCSIFADDR: 242 case SIOCSIFDSTADDR: 243 case SIOCSIFBRDADDR: 244 case SIOCSIFNETMASK: 245 /* 246 * Do not pass those ioctl to driver handler since they are not 247 * properly set up. Instead just error out. 248 */ 249 return (EINVAL); 250 default: 251 return (EOPNOTSUPP); 252 } 253 } 254 255 int 256 in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp) 257 { 258 struct in6_ifaddr *ia6 = NULL; 259 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 260 struct sockaddr *sa; 261 struct sockaddr_in6 *sa6 = NULL; 262 int error = 0, newifaddr = 0, plen; 263 264 /* 265 * Find address for this interface, if it exists. 266 * 267 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 268 * only, and used the first interface address as the target of other 269 * operations (without checking ifra_addr). This was because netinet 270 * code/API assumed at most 1 interface address per interface. 271 * Since IPv6 allows a node to assign multiple addresses 272 * on a single interface, we almost always look and check the 273 * presence of ifra_addr, and reject invalid ones here. 274 * It also decreases duplicated code among SIOC*_IN6 operations. 275 * 276 * We always require users to specify a valid IPv6 address for 277 * the corresponding operation. 278 */ 279 switch (cmd) { 280 case SIOCAIFADDR_IN6: 281 sa = sin6tosa(&ifra->ifra_addr); 282 break; 283 case SIOCDIFADDR_IN6: 284 sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr); 285 break; 286 default: 287 panic("%s: invalid ioctl %lu", __func__, cmd); 288 } 289 if (sa->sa_family == AF_INET6) { 290 error = in6_sa2sin6(sa, &sa6); 291 if (error) 292 return (error); 293 } 294 295 NET_LOCK(); 296 297 if (sa6 != NULL) { 298 error = in6_check_embed_scope(sa6, ifp->if_index); 299 if (error) 300 goto err; 301 error = in6_clear_scope_id(sa6, ifp->if_index); 302 if (error) 303 goto err; 304 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 305 } 306 307 switch (cmd) { 308 case SIOCDIFADDR_IN6: 309 /* 310 * for IPv4, we look for existing in_ifaddr here to allow 311 * "ifconfig if0 delete" to remove the first IPv4 address on 312 * the interface. For IPv6, as the spec allows multiple 313 * interface address from the day one, we consider "remove the 314 * first one" semantics to be not preferable. 315 */ 316 if (ia6 == NULL) { 317 error = EADDRNOTAVAIL; 318 break; 319 } 320 in6_purgeaddr(&ia6->ia_ifa); 321 if_addrhooks_run(ifp); 322 break; 323 324 case SIOCAIFADDR_IN6: 325 if (ifra->ifra_addr.sin6_family != AF_INET6 || 326 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 327 error = EAFNOSUPPORT; 328 break; 329 } 330 331 /* reject read-only flags */ 332 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 333 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 334 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 335 error = EINVAL; 336 break; 337 } 338 339 if (ia6 == NULL) 340 newifaddr = 1; 341 342 /* 343 * Make the address tentative before joining multicast 344 * addresses, so that corresponding MLD responses would 345 * not have a tentative source address. 346 */ 347 if (newifaddr && in6if_do_dad(ifp)) 348 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 349 350 /* 351 * first, make or update the interface address structure, 352 * and link it to the list. try to enable inet6 if there 353 * is no link-local yet. 354 */ 355 error = in6_ifattach(ifp); 356 if (error) 357 break; 358 error = in6_update_ifa(ifp, ifra, ia6); 359 if (error) 360 break; 361 362 ia6 = NULL; 363 if (sa6 != NULL) 364 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 365 if (ia6 == NULL) { 366 /* 367 * this can happen when the user specify the 0 valid 368 * lifetime. 369 */ 370 break; 371 } 372 373 /* Perform DAD, if needed. */ 374 if (ia6->ia6_flags & IN6_IFF_TENTATIVE) 375 nd6_dad_start(&ia6->ia_ifa); 376 377 if (!newifaddr) { 378 if_addrhooks_run(ifp); 379 break; 380 } 381 382 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 383 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) { 384 if_addrhooks_run(ifp); 385 break; /* No need to install a connected route. */ 386 } 387 388 error = rt_ifa_add(&ia6->ia_ifa, 389 RTF_CLONING | RTF_CONNECTED | RTF_MPATH, 390 ia6->ia_ifa.ifa_addr, ifp->if_rdomain); 391 if (error) { 392 in6_purgeaddr(&ia6->ia_ifa); 393 break; 394 } 395 if_addrhooks_run(ifp); 396 break; 397 } 398 399 err: 400 NET_UNLOCK(); 401 return (error); 402 } 403 404 int 405 in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp) 406 { 407 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 408 struct in6_ifaddr *ia6 = NULL; 409 struct sockaddr *sa; 410 struct sockaddr_in6 *sa6 = NULL; 411 int error = 0; 412 413 sa = sin6tosa(&ifr->ifr_addr); 414 if (sa->sa_family == AF_INET6) { 415 sa->sa_len = sizeof(struct sockaddr_in6); 416 error = in6_sa2sin6(sa, &sa6); 417 if (error) 418 return (error); 419 } 420 421 NET_RLOCK_IN_IOCTL(); 422 423 if (sa6 != NULL) { 424 error = in6_check_embed_scope(sa6, ifp->if_index); 425 if (error) 426 goto err; 427 error = in6_clear_scope_id(sa6, ifp->if_index); 428 if (error) 429 goto err; 430 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 431 } 432 433 /* must think again about its semantics */ 434 if (ia6 == NULL) { 435 error = EADDRNOTAVAIL; 436 goto err; 437 } 438 439 switch (cmd) { 440 case SIOCGIFDSTADDR_IN6: 441 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 442 error = EINVAL; 443 break; 444 } 445 /* 446 * XXX: should we check if ifa_dstaddr is NULL and return 447 * an error? 448 */ 449 ifr->ifr_dstaddr = ia6->ia_dstaddr; 450 break; 451 452 case SIOCGIFNETMASK_IN6: 453 ifr->ifr_addr = ia6->ia_prefixmask; 454 break; 455 456 case SIOCGIFAFLAG_IN6: 457 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags; 458 break; 459 460 case SIOCGIFALIFETIME_IN6: 461 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime; 462 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 463 time_t expire, maxexpire; 464 struct in6_addrlifetime *retlt = 465 &ifr->ifr_ifru.ifru_lifetime; 466 467 /* 468 * XXX: adjust expiration time assuming time_t is 469 * signed. 470 */ 471 maxexpire = 472 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 473 if (ia6->ia6_lifetime.ia6t_vltime < 474 maxexpire - ia6->ia6_updatetime) { 475 expire = ia6->ia6_updatetime + 476 ia6->ia6_lifetime.ia6t_vltime; 477 if (expire != 0) { 478 expire -= getuptime(); 479 expire += gettime(); 480 } 481 retlt->ia6t_expire = expire; 482 } else 483 retlt->ia6t_expire = maxexpire; 484 } 485 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 486 time_t expire, maxexpire; 487 struct in6_addrlifetime *retlt = 488 &ifr->ifr_ifru.ifru_lifetime; 489 490 /* 491 * XXX: adjust expiration time assuming time_t is 492 * signed. 493 */ 494 maxexpire = 495 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 496 if (ia6->ia6_lifetime.ia6t_pltime < 497 maxexpire - ia6->ia6_updatetime) { 498 expire = ia6->ia6_updatetime + 499 ia6->ia6_lifetime.ia6t_pltime; 500 if (expire != 0) { 501 expire -= getuptime(); 502 expire += gettime(); 503 } 504 retlt->ia6t_preferred = expire; 505 } else 506 retlt->ia6t_preferred = maxexpire; 507 } 508 break; 509 510 default: 511 panic("%s: invalid ioctl %lu", __func__, cmd); 512 } 513 514 err: 515 NET_RUNLOCK_IN_IOCTL(); 516 return (error); 517 } 518 519 int 520 in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx) 521 { 522 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 523 if (sa6->sin6_addr.s6_addr16[1] == 0) { 524 /* link ID is not embedded by the user */ 525 sa6->sin6_addr.s6_addr16[1] = htons(ifidx); 526 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx)) 527 return EINVAL; /* link ID contradicts */ 528 } 529 return 0; 530 } 531 532 int 533 in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx) 534 { 535 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 536 if (sa6->sin6_scope_id) { 537 if (sa6->sin6_scope_id != (u_int32_t)ifidx) 538 return EINVAL; 539 sa6->sin6_scope_id = 0; /* XXX: good way? */ 540 } 541 } 542 return 0; 543 } 544 545 /* 546 * Update parameters of an IPv6 interface address. 547 * If necessary, a new entry is created and linked into address chains. 548 * This function is separated from in6_control(). 549 */ 550 int 551 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 552 struct in6_ifaddr *ia6) 553 { 554 int error = 0, hostIsNew = 0, plen = -1; 555 struct sockaddr_in6 dst6; 556 struct in6_addrlifetime *lt; 557 struct in6_multi_mship *imm; 558 struct rtentry *rt; 559 char addr[INET6_ADDRSTRLEN]; 560 561 NET_ASSERT_LOCKED(); 562 563 /* Validate parameters */ 564 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 565 return (EINVAL); 566 567 /* 568 * The destination address for a p2p link must have a family 569 * of AF_UNSPEC or AF_INET6. 570 */ 571 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 572 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 573 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 574 return (EAFNOSUPPORT); 575 576 /* 577 * validate ifra_prefixmask. don't check sin6_family, netmask 578 * does not carry fields other than sin6_len. 579 */ 580 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 581 return (EINVAL); 582 /* 583 * Because the IPv6 address architecture is classless, we require 584 * users to specify a (non 0) prefix length (mask) for a new address. 585 * We also require the prefix (when specified) mask is valid, and thus 586 * reject a non-consecutive mask. 587 */ 588 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0) 589 return (EINVAL); 590 if (ifra->ifra_prefixmask.sin6_len != 0) { 591 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 592 (u_char *)&ifra->ifra_prefixmask + 593 ifra->ifra_prefixmask.sin6_len); 594 if (plen <= 0) 595 return (EINVAL); 596 } else { 597 /* 598 * In this case, ia6 must not be NULL. We just use its prefix 599 * length. 600 */ 601 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 602 } 603 /* 604 * If the destination address on a p2p interface is specified, 605 * and the address is a scoped one, validate/set the scope 606 * zone identifier. 607 */ 608 dst6 = ifra->ifra_dstaddr; 609 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 610 (dst6.sin6_family == AF_INET6)) { 611 error = in6_check_embed_scope(&dst6, ifp->if_index); 612 if (error) 613 return error; 614 } 615 /* 616 * The destination address can be specified only for a p2p or a 617 * loopback interface. If specified, the corresponding prefix length 618 * must be 128. 619 */ 620 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 621 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) 622 return (EINVAL); 623 if (plen != 128) 624 return (EINVAL); 625 } 626 /* lifetime consistency check */ 627 lt = &ifra->ifra_lifetime; 628 if (lt->ia6t_pltime > lt->ia6t_vltime) 629 return (EINVAL); 630 if (lt->ia6t_vltime == 0) { 631 /* 632 * the following log might be noisy, but this is a typical 633 * configuration mistake or a tool's bug. 634 */ 635 nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__, 636 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr, 637 addr, sizeof(addr)))); 638 639 if (ia6 == NULL) 640 return (0); /* there's nothing to do */ 641 } 642 643 /* 644 * If this is a new address, allocate a new ifaddr and link it 645 * into chains. 646 */ 647 if (ia6 == NULL) { 648 hostIsNew = 1; 649 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO); 650 LIST_INIT(&ia6->ia6_memberships); 651 /* Initialize the address and masks, and put time stamp */ 652 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr); 653 ia6->ia_addr.sin6_family = AF_INET6; 654 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); 655 ia6->ia6_updatetime = getuptime(); 656 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 657 /* 658 * XXX: some functions expect that ifa_dstaddr is not 659 * NULL for p2p interfaces. 660 */ 661 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr); 662 } else { 663 ia6->ia_ifa.ifa_dstaddr = NULL; 664 } 665 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask); 666 667 ia6->ia_ifp = ifp; 668 ia6->ia_addr = ifra->ifra_addr; 669 ifa_add(ifp, &ia6->ia_ifa); 670 } 671 672 /* set prefix mask */ 673 if (ifra->ifra_prefixmask.sin6_len) { 674 /* 675 * We prohibit changing the prefix length of an existing 676 * address, because 677 * + such an operation should be rare in IPv6, and 678 * + the operation would confuse prefix management. 679 */ 680 if (ia6->ia_prefixmask.sin6_len && 681 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) { 682 error = EINVAL; 683 goto unlink; 684 } 685 ia6->ia_prefixmask = ifra->ifra_prefixmask; 686 } 687 688 /* 689 * If a new destination address is specified, scrub the old one and 690 * install the new destination. Note that the interface must be 691 * p2p or loopback (see the check above.) 692 */ 693 if ((ifp->if_flags & IFF_POINTOPOINT) && dst6.sin6_family == AF_INET6 && 694 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { 695 struct ifaddr *ifa = &ia6->ia_ifa; 696 697 if ((ia6->ia_flags & IFA_ROUTE) != 0 && 698 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 699 ifp->if_rdomain) != 0) { 700 nd6log((LOG_ERR, "%s: failed to remove a route " 701 "to the old destination: %s\n", __func__, 702 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 703 addr, sizeof(addr)))); 704 /* proceed anyway... */ 705 } else 706 ia6->ia_flags &= ~IFA_ROUTE; 707 ia6->ia_dstaddr = dst6; 708 } 709 710 /* 711 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 712 * to see if the address is deprecated or invalidated, but initialize 713 * these members for applications. 714 */ 715 ia6->ia6_updatetime = getuptime(); 716 ia6->ia6_lifetime = ifra->ifra_lifetime; 717 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 718 ia6->ia6_lifetime.ia6t_expire = 719 getuptime() + ia6->ia6_lifetime.ia6t_vltime; 720 } else 721 ia6->ia6_lifetime.ia6t_expire = 0; 722 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 723 ia6->ia6_lifetime.ia6t_preferred = 724 getuptime() + ia6->ia6_lifetime.ia6t_pltime; 725 } else 726 ia6->ia6_lifetime.ia6t_preferred = 0; 727 728 /* reset the interface and routing table appropriately. */ 729 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0) 730 goto unlink; 731 732 /* re-run DAD */ 733 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 734 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 735 /* 736 * configure address flags. 737 */ 738 ia6->ia6_flags = ifra->ifra_flags; 739 740 nd6_expire_timer_update(ia6); 741 742 /* 743 * We are done if we have simply modified an existing address. 744 */ 745 if (!hostIsNew) 746 return (error); 747 748 /* 749 * Beyond this point, we should call in6_purgeaddr upon an error, 750 * not just go to unlink. 751 */ 752 753 /* join necessary multiast groups */ 754 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 755 struct sockaddr_in6 mltaddr, mltmask; 756 757 /* join solicited multicast addr for new host id */ 758 struct sockaddr_in6 llsol; 759 760 bzero(&llsol, sizeof(llsol)); 761 llsol.sin6_family = AF_INET6; 762 llsol.sin6_len = sizeof(llsol); 763 llsol.sin6_addr.s6_addr16[0] = htons(0xff02); 764 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 765 llsol.sin6_addr.s6_addr32[1] = 0; 766 llsol.sin6_addr.s6_addr32[2] = htonl(1); 767 llsol.sin6_addr.s6_addr32[3] = 768 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 769 llsol.sin6_addr.s6_addr8[12] = 0xff; 770 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error); 771 if (!imm) 772 goto cleanup; 773 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 774 775 bzero(&mltmask, sizeof(mltmask)); 776 mltmask.sin6_len = sizeof(struct sockaddr_in6); 777 mltmask.sin6_family = AF_INET6; 778 mltmask.sin6_addr = in6mask32; 779 780 /* 781 * join link-local all-nodes address 782 */ 783 bzero(&mltaddr, sizeof(mltaddr)); 784 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 785 mltaddr.sin6_family = AF_INET6; 786 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 787 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 788 mltaddr.sin6_scope_id = 0; 789 790 /* 791 * XXX: do we really need this automatic routes? 792 * We should probably reconsider this stuff. Most applications 793 * actually do not need the routes, since they usually specify 794 * the outgoing interface. 795 */ 796 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 797 if (rt) { 798 /* 32bit came from "mltmask" */ 799 if (memcmp(&mltaddr.sin6_addr, 800 &satosin6(rt_key(rt))->sin6_addr, 801 32 / 8)) { 802 rtfree(rt); 803 rt = NULL; 804 } 805 } 806 if (!rt) { 807 struct rt_addrinfo info; 808 809 bzero(&info, sizeof(info)); 810 info.rti_ifa = &ia6->ia_ifa; 811 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 812 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 813 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 814 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 815 info.rti_flags = RTF_MULTICAST; 816 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 817 ifp->if_rdomain); 818 if (error) 819 goto cleanup; 820 } else { 821 rtfree(rt); 822 } 823 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 824 if (!imm) 825 goto cleanup; 826 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 827 828 /* 829 * join interface-local all-nodes address. 830 * (ff01::1%ifN, and ff01::%ifN/32) 831 */ 832 bzero(&mltaddr, sizeof(mltaddr)); 833 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 834 mltaddr.sin6_family = AF_INET6; 835 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes; 836 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 837 mltaddr.sin6_scope_id = 0; 838 839 /* XXX: again, do we really need the route? */ 840 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 841 if (rt) { 842 /* 32bit came from "mltmask" */ 843 if (memcmp(&mltaddr.sin6_addr, 844 &satosin6(rt_key(rt))->sin6_addr, 845 32 / 8)) { 846 rtfree(rt); 847 rt = NULL; 848 } 849 } 850 if (!rt) { 851 struct rt_addrinfo info; 852 853 bzero(&info, sizeof(info)); 854 info.rti_ifa = &ia6->ia_ifa; 855 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 856 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 857 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 858 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 859 info.rti_flags = RTF_MULTICAST; 860 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 861 ifp->if_rdomain); 862 if (error) 863 goto cleanup; 864 } else { 865 rtfree(rt); 866 } 867 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 868 if (!imm) 869 goto cleanup; 870 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 871 } 872 873 return (error); 874 875 unlink: 876 /* 877 * XXX: if a change of an existing address failed, keep the entry 878 * anyway. 879 */ 880 if (hostIsNew) 881 in6_unlink_ifa(ia6, ifp); 882 return (error); 883 884 cleanup: 885 in6_purgeaddr(&ia6->ia_ifa); 886 return error; 887 } 888 889 void 890 in6_purgeaddr(struct ifaddr *ifa) 891 { 892 struct ifnet *ifp = ifa->ifa_ifp; 893 struct in6_ifaddr *ia6 = ifatoia6(ifa); 894 struct in6_multi_mship *imm; 895 896 /* stop DAD processing */ 897 nd6_dad_stop(ifa); 898 899 /* 900 * delete route to the destination of the address being purged. 901 * The interface must be p2p or loopback in this case. 902 */ 903 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) && 904 ia6->ia_dstaddr.sin6_len != 0) { 905 int e; 906 907 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 908 ifp->if_rdomain); 909 if (e != 0) { 910 char addr[INET6_ADDRSTRLEN]; 911 log(LOG_ERR, "in6_purgeaddr: failed to remove " 912 "a route to the p2p destination: %s on %s, " 913 "errno=%d\n", 914 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 915 addr, sizeof(addr)), 916 ifp->if_xname, e); 917 /* proceed anyway... */ 918 } else 919 ia6->ia_flags &= ~IFA_ROUTE; 920 } 921 922 /* Remove ownaddr's loopback rtentry, if it exists. */ 923 rt_ifa_dellocal(&(ia6->ia_ifa)); 924 925 /* 926 * leave from multicast groups we have joined for the interface 927 */ 928 while (!LIST_EMPTY(&ia6->ia6_memberships)) { 929 imm = LIST_FIRST(&ia6->ia6_memberships); 930 LIST_REMOVE(imm, i6mm_chain); 931 in6_leavegroup(imm); 932 } 933 934 in6_unlink_ifa(ia6, ifp); 935 } 936 937 void 938 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) 939 { 940 struct ifaddr *ifa = &ia6->ia_ifa; 941 extern int ifatrash; 942 int plen; 943 944 NET_ASSERT_LOCKED(); 945 946 /* Release the reference to the base prefix. */ 947 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 948 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) { 949 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED, 950 ifa->ifa_addr, ifp->if_rdomain); 951 } 952 953 rt_ifa_purge(ifa); 954 ifa_del(ifp, ifa); 955 956 ifatrash++; 957 ia6->ia_ifp = NULL; 958 ifafree(&ia6->ia_ifa); 959 } 960 961 /* 962 * Initialize an interface's intetnet6 address 963 * and routing table entry. 964 */ 965 int 966 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost) 967 { 968 int error = 0, plen, ifacount = 0; 969 struct ifaddr *ifa; 970 971 NET_ASSERT_LOCKED(); 972 973 /* 974 * Give the interface a chance to initialize 975 * if this is its first address (or it is a CARP interface) 976 * and to validate the address if necessary. 977 */ 978 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 979 if (ifa->ifa_addr->sa_family != AF_INET6) 980 continue; 981 ifacount++; 982 } 983 984 if ((ifacount <= 1 || ifp->if_type == IFT_CARP || 985 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) && 986 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) { 987 return (error); 988 } 989 990 ia6->ia_ifa.ifa_metric = ifp->if_metric; 991 992 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 993 994 /* 995 * Special case: 996 * If the destination address is specified for a point-to-point 997 * interface, install a route to the destination as an interface 998 * direct route. 999 */ 1000 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1001 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 && 1002 ia6->ia_dstaddr.sin6_family == AF_INET6) { 1003 ifa = &ia6->ia_ifa; 1004 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH, 1005 ifa->ifa_dstaddr, ifp->if_rdomain); 1006 if (error != 0) 1007 return (error); 1008 ia6->ia_flags |= IFA_ROUTE; 1009 } 1010 1011 if (newhost) 1012 error = rt_ifa_addlocal(&(ia6->ia_ifa)); 1013 1014 return (error); 1015 } 1016 1017 /* 1018 * Add an address to the list of IP6 multicast addresses for a 1019 * given interface. 1020 */ 1021 struct in6_multi * 1022 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1023 { 1024 struct in6_ifreq ifr; 1025 struct in6_multi *in6m; 1026 1027 NET_ASSERT_LOCKED(); 1028 1029 *errorp = 0; 1030 /* 1031 * See if address already in list. 1032 */ 1033 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1034 if (in6m != NULL) { 1035 /* 1036 * Found it; just increment the refrence count. 1037 */ 1038 in6m->in6m_refcnt++; 1039 } else { 1040 /* 1041 * New address; allocate a new multicast record 1042 * and link it into the interface's multicast list. 1043 */ 1044 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO); 1045 if (in6m == NULL) { 1046 *errorp = ENOBUFS; 1047 return (NULL); 1048 } 1049 1050 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6); 1051 in6m->in6m_sin.sin6_family = AF_INET6; 1052 in6m->in6m_sin.sin6_addr = *maddr6; 1053 in6m->in6m_refcnt = 1; 1054 in6m->in6m_ifidx = ifp->if_index; 1055 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin); 1056 1057 /* 1058 * Ask the network driver to update its multicast reception 1059 * filter appropriately for the new address. 1060 */ 1061 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin)); 1062 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr); 1063 if (*errorp) { 1064 free(in6m, M_IPMADDR, sizeof(*in6m)); 1065 return (NULL); 1066 } 1067 1068 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma, 1069 ifma_list); 1070 1071 /* 1072 * Let MLD6 know that we have joined a new IP6 multicast 1073 * group. 1074 */ 1075 mld6_start_listening(in6m); 1076 } 1077 1078 return (in6m); 1079 } 1080 1081 /* 1082 * Delete a multicast address record. 1083 */ 1084 void 1085 in6_delmulti(struct in6_multi *in6m) 1086 { 1087 struct in6_ifreq ifr; 1088 struct ifnet *ifp; 1089 1090 NET_ASSERT_LOCKED(); 1091 1092 if (--in6m->in6m_refcnt == 0) { 1093 /* 1094 * No remaining claims to this record; let MLD6 know 1095 * that we are leaving the multicast group. 1096 */ 1097 mld6_stop_listening(in6m); 1098 ifp = if_get(in6m->in6m_ifidx); 1099 1100 /* 1101 * Notify the network driver to update its multicast 1102 * reception filter. 1103 */ 1104 if (ifp != NULL) { 1105 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6)); 1106 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6); 1107 ifr.ifr_addr.sin6_family = AF_INET6; 1108 ifr.ifr_addr.sin6_addr = in6m->in6m_addr; 1109 KERNEL_LOCK(); 1110 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); 1111 KERNEL_UNLOCK(); 1112 1113 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma, 1114 ifma_list); 1115 } 1116 if_put(ifp); 1117 1118 free(in6m, M_IPMADDR, sizeof(*in6m)); 1119 } 1120 } 1121 1122 /* 1123 * Return 1 if the multicast group represented by ``maddr6'' has been 1124 * joined by interface ``ifp'', 0 otherwise. 1125 */ 1126 int 1127 in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp) 1128 { 1129 struct in6_multi *in6m; 1130 int joined; 1131 1132 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1133 joined = (in6m != NULL); 1134 1135 return (joined); 1136 } 1137 1138 struct in6_multi_mship * 1139 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp) 1140 { 1141 struct in6_multi_mship *imm; 1142 1143 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT); 1144 if (!imm) { 1145 *errorp = ENOBUFS; 1146 return NULL; 1147 } 1148 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp); 1149 if (!imm->i6mm_maddr) { 1150 /* *errorp is alrady set */ 1151 free(imm, M_IPMADDR, sizeof(*imm)); 1152 return NULL; 1153 } 1154 return imm; 1155 } 1156 1157 void 1158 in6_leavegroup(struct in6_multi_mship *imm) 1159 { 1160 1161 if (imm->i6mm_maddr) 1162 in6_delmulti(imm->i6mm_maddr); 1163 free(imm, M_IPMADDR, sizeof(*imm)); 1164 } 1165 1166 /* 1167 * Find an IPv6 interface link-local address specific to an interface. 1168 */ 1169 struct in6_ifaddr * 1170 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1171 { 1172 struct ifaddr *ifa; 1173 1174 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1175 if (ifa->ifa_addr->sa_family != AF_INET6) 1176 continue; 1177 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1178 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0) 1179 continue; 1180 break; 1181 } 1182 } 1183 1184 return (ifatoia6(ifa)); 1185 } 1186 1187 1188 /* 1189 * find the internet address corresponding to a given interface and address. 1190 */ 1191 struct in6_ifaddr * 1192 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1193 { 1194 struct ifaddr *ifa; 1195 1196 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1197 if (ifa->ifa_addr->sa_family != AF_INET6) 1198 continue; 1199 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1200 break; 1201 } 1202 1203 return (ifatoia6(ifa)); 1204 } 1205 1206 /* 1207 * Get a scope of the address. Node-local, link-local, site-local or global. 1208 */ 1209 int 1210 in6_addrscope(struct in6_addr *addr) 1211 { 1212 int scope; 1213 1214 if (addr->s6_addr8[0] == 0xfe) { 1215 scope = addr->s6_addr8[1] & 0xc0; 1216 1217 switch (scope) { 1218 case 0x80: 1219 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1220 break; 1221 case 0xc0: 1222 return __IPV6_ADDR_SCOPE_SITELOCAL; 1223 break; 1224 default: 1225 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */ 1226 break; 1227 } 1228 } 1229 1230 1231 if (addr->s6_addr8[0] == 0xff) { 1232 scope = addr->s6_addr8[1] & 0x0f; 1233 1234 /* 1235 * due to other scope such as reserved, 1236 * return scope doesn't work. 1237 */ 1238 switch (scope) { 1239 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1240 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1241 break; 1242 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1243 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1244 break; 1245 case __IPV6_ADDR_SCOPE_SITELOCAL: 1246 return __IPV6_ADDR_SCOPE_SITELOCAL; 1247 break; 1248 default: 1249 return __IPV6_ADDR_SCOPE_GLOBAL; 1250 break; 1251 } 1252 } 1253 1254 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) { 1255 if (addr->s6_addr8[15] == 1) /* loopback */ 1256 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1257 if (addr->s6_addr8[15] == 0) /* unspecified */ 1258 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1259 } 1260 1261 return __IPV6_ADDR_SCOPE_GLOBAL; 1262 } 1263 1264 int 1265 in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr) 1266 { 1267 int scope = in6_addrscope(addr); 1268 1269 switch(scope) { 1270 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1271 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1272 /* XXX: we do not distinguish between a link and an I/F. */ 1273 return (ifidx); 1274 1275 case __IPV6_ADDR_SCOPE_SITELOCAL: 1276 return (0); /* XXX: invalid. */ 1277 1278 default: 1279 return (0); /* XXX: treat as global. */ 1280 } 1281 } 1282 1283 /* 1284 * return length of part which dst and src are equal 1285 * hard coding... 1286 */ 1287 int 1288 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1289 { 1290 int match = 0; 1291 u_char *s = (u_char *)src, *d = (u_char *)dst; 1292 u_char *lim = s + 16, r; 1293 1294 while (s < lim) 1295 if ((r = (*d++ ^ *s++)) != 0) { 1296 while (r < 128) { 1297 match++; 1298 r <<= 1; 1299 } 1300 break; 1301 } else 1302 match += 8; 1303 return match; 1304 } 1305 1306 void 1307 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1308 { 1309 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1310 int bytelen, bitlen, i; 1311 1312 /* sanity check */ 1313 if (0 > len || len > 128) { 1314 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1315 len); 1316 return; 1317 } 1318 1319 bzero(maskp, sizeof(*maskp)); 1320 bytelen = len / 8; 1321 bitlen = len % 8; 1322 for (i = 0; i < bytelen; i++) 1323 maskp->s6_addr[i] = 0xff; 1324 /* len == 128 is ok because bitlen == 0 then */ 1325 if (bitlen) 1326 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1327 } 1328 1329 /* 1330 * return the best address out of the same scope 1331 */ 1332 struct in6_ifaddr * 1333 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) 1334 { 1335 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1336 int blen = -1; 1337 struct ifaddr *ifa; 1338 struct ifnet *ifp; 1339 struct in6_ifaddr *ia6_best = NULL; 1340 1341 if (oifp == NULL) { 1342 printf("%s: output interface is not specified\n", __func__); 1343 return (NULL); 1344 } 1345 1346 /* We search for all addresses on all interfaces from the beginning. */ 1347 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1348 if (ifp->if_rdomain != rdomain) 1349 continue; 1350 #if NCARP > 0 1351 /* 1352 * Never use a carp address of an interface which is not 1353 * the master. 1354 */ 1355 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp)) 1356 continue; 1357 #endif 1358 1359 /* 1360 * We can never take an address that breaks the scope zone 1361 * of the destination. 1362 */ 1363 if (in6_addr2scopeid(ifp->if_index, dst) != 1364 in6_addr2scopeid(oifp->if_index, dst)) 1365 continue; 1366 1367 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1368 int tlen = -1; 1369 1370 if (ifa->ifa_addr->sa_family != AF_INET6) 1371 continue; 1372 1373 src_scope = in6_addrscope(IFA_IN6(ifa)); 1374 1375 /* 1376 * Don't use an address before completing DAD 1377 * nor a duplicated address. 1378 */ 1379 if (ifatoia6(ifa)->ia6_flags & 1380 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 1381 continue; 1382 1383 /* 1384 * RFC 6724 allows anycast addresses as source address 1385 * because the restriction was removed in RFC 4291. 1386 * However RFC 4443 states that ICMPv6 responses 1387 * MUST use a unicast source address. 1388 * 1389 * XXX Skip anycast addresses for now since 1390 * icmp6_reflect() uses this function for source 1391 * address selection. 1392 */ 1393 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) 1394 continue; 1395 1396 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED) 1397 continue; 1398 1399 /* 1400 * If this is the first address we find, 1401 * keep it anyway. 1402 */ 1403 if (ia6_best == NULL) 1404 goto replace; 1405 1406 /* 1407 * ia6_best is never NULL beyond this line except 1408 * within the block labeled "replace". 1409 */ 1410 1411 /* 1412 * Rule 2: Prefer appropriate scope. 1413 * Find the address with the smallest scope that is 1414 * bigger (or equal) to the scope of the destination 1415 * address. 1416 * Accept an address with smaller scope than the 1417 * destination if non exists with bigger scope. 1418 */ 1419 if (best_scope < src_scope) { 1420 if (best_scope < dst_scope) 1421 goto replace; 1422 else 1423 continue; 1424 } else if (src_scope < best_scope) { 1425 if (src_scope < dst_scope) 1426 continue; 1427 else 1428 goto replace; 1429 } 1430 1431 /* Rule 3: Avoid deprecated addresses. */ 1432 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1433 /* 1434 * Ignore any deprecated addresses if 1435 * specified by configuration. 1436 */ 1437 if (!ip6_use_deprecated) 1438 continue; 1439 1440 /* 1441 * If we have already found a non-deprecated 1442 * candidate, just ignore deprecated addresses. 1443 */ 1444 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) 1445 == 0) 1446 continue; 1447 } else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)) 1448 goto replace; 1449 1450 /* 1451 * Rule 4: Prefer home addresses. 1452 * We do not support home addresses. 1453 */ 1454 1455 /* Rule 5: Prefer outgoing interface */ 1456 if (ia6_best->ia_ifp == oifp && ifp != oifp) 1457 continue; 1458 if (ia6_best->ia_ifp != oifp && ifp == oifp) 1459 goto replace; 1460 1461 /* 1462 * Rule 5.5: Prefer addresses in a prefix advertised 1463 * by the next-hop. 1464 * We do not track this information. 1465 */ 1466 1467 /* 1468 * Rule 6: Prefer matching label. 1469 * We do not implement policy tables. 1470 */ 1471 1472 /* Rule 7: Prefer temporary addresses. */ 1473 if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1474 !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1475 continue; 1476 if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1477 (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1478 goto replace; 1479 1480 /* Rule 8: Use longest matching prefix. */ 1481 tlen = in6_matchlen(IFA_IN6(ifa), dst); 1482 if (tlen > blen) { 1483 #if NCARP > 0 1484 /* 1485 * Don't let carp interfaces win a tie against 1486 * the output interface based on matchlen. 1487 * We should only use a carp address if no 1488 * other interface has a usable address. 1489 * Otherwise, when communicating from a carp 1490 * master to a carp backup, the backup system 1491 * won't respond since the carp address is also 1492 * configured as a local address on the backup. 1493 * Note that carp interfaces in backup state 1494 * were already skipped above. 1495 */ 1496 if (ifp->if_type == IFT_CARP && 1497 oifp->if_type != IFT_CARP) 1498 continue; 1499 #endif 1500 goto replace; 1501 } else if (tlen < blen) 1502 continue; 1503 1504 /* 1505 * If the eight rules fail to choose a single address, 1506 * the tiebreaker is implementation-specific. 1507 */ 1508 1509 /* Prefer address with highest pltime. */ 1510 if (ia6_best->ia6_updatetime + 1511 ia6_best->ia6_lifetime.ia6t_pltime < 1512 ifatoia6(ifa)->ia6_updatetime + 1513 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1514 goto replace; 1515 else if (ia6_best->ia6_updatetime + 1516 ia6_best->ia6_lifetime.ia6t_pltime > 1517 ifatoia6(ifa)->ia6_updatetime + 1518 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1519 continue; 1520 1521 /* Prefer address with highest vltime. */ 1522 if (ia6_best->ia6_updatetime + 1523 ia6_best->ia6_lifetime.ia6t_vltime < 1524 ifatoia6(ifa)->ia6_updatetime + 1525 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1526 goto replace; 1527 else if (ia6_best->ia6_updatetime + 1528 ia6_best->ia6_lifetime.ia6t_vltime > 1529 ifatoia6(ifa)->ia6_updatetime + 1530 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1531 continue; 1532 1533 continue; 1534 replace: 1535 ia6_best = ifatoia6(ifa); 1536 blen = tlen >= 0 ? tlen : 1537 in6_matchlen(IFA_IN6(ifa), dst); 1538 best_scope = 1539 in6_addrscope(&ia6_best->ia_addr.sin6_addr); 1540 } 1541 } 1542 1543 /* count statistics for future improvements */ 1544 if (ia6_best == NULL) 1545 ip6stat_inc(ip6s_sources_none); 1546 else { 1547 if (oifp == ia6_best->ia_ifp) 1548 ip6stat_inc(ip6s_sources_sameif + best_scope); 1549 else 1550 ip6stat_inc(ip6s_sources_otherif + best_scope); 1551 1552 if (best_scope == dst_scope) 1553 ip6stat_inc(ip6s_sources_samescope + best_scope); 1554 else 1555 ip6stat_inc(ip6s_sources_otherscope + best_scope); 1556 1557 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1558 ip6stat_inc(ip6s_sources_deprecated + best_scope); 1559 } 1560 1561 return (ia6_best); 1562 } 1563 1564 int 1565 in6if_do_dad(struct ifnet *ifp) 1566 { 1567 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 1568 return (0); 1569 1570 switch (ifp->if_type) { 1571 #if NCARP > 0 1572 case IFT_CARP: 1573 /* 1574 * XXX: DAD does not work currently on carp(4) 1575 * so disable it for now. 1576 */ 1577 return (0); 1578 #endif 1579 default: 1580 /* 1581 * Our DAD routine requires the interface up and running. 1582 * However, some interfaces can be up before the RUNNING 1583 * status. Additionaly, users may try to assign addresses 1584 * before the interface becomes up (or running). 1585 * We simply skip DAD in such a case as a work around. 1586 * XXX: we should rather mark "tentative" on such addresses, 1587 * and do DAD after the interface becomes ready. 1588 */ 1589 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 1590 (IFF_UP|IFF_RUNNING)) 1591 return (0); 1592 1593 return (1); 1594 } 1595 } 1596 1597 void * 1598 in6_domifattach(struct ifnet *ifp) 1599 { 1600 struct in6_ifextra *ext; 1601 1602 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK | M_ZERO); 1603 1604 ext->nd_ifinfo = nd6_ifattach(ifp); 1605 ext->nprefixes = 0; 1606 ext->ndefrouters = 0; 1607 return ext; 1608 } 1609 1610 void 1611 in6_domifdetach(struct ifnet *ifp, void *aux) 1612 { 1613 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 1614 1615 nd6_ifdetach(ext->nd_ifinfo); 1616 free(ext, M_IFADDR, sizeof(*ext)); 1617 } 1618