1 /* $OpenBSD: in6.c,v 1.230 2019/02/13 23:47:43 dlg Exp $ */ 2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include "carp.h" 65 66 #include <sys/param.h> 67 #include <sys/ioctl.h> 68 #include <sys/errno.h> 69 #include <sys/malloc.h> 70 #include <sys/socket.h> 71 #include <sys/socketvar.h> 72 #include <sys/sockio.h> 73 #include <sys/mbuf.h> 74 #include <sys/systm.h> 75 #include <sys/time.h> 76 #include <sys/kernel.h> 77 #include <sys/syslog.h> 78 79 #include <net/if.h> 80 #include <net/if_dl.h> 81 #include <net/if_types.h> 82 #include <net/route.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_ether.h> 86 87 #include <netinet6/in6_var.h> 88 #include <netinet/ip6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet6/nd6.h> 91 #include <netinet6/mld6_var.h> 92 #ifdef MROUTING 93 #include <netinet6/ip6_mroute.h> 94 #endif 95 #include <netinet6/in6_ifattach.h> 96 #if NCARP > 0 97 #include <netinet/ip_carp.h> 98 #endif 99 100 /* 101 * Definitions of some constant IP6 addresses. 102 */ 103 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 104 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 105 const struct in6_addr in6addr_intfacelocal_allnodes = 106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT; 107 const struct in6_addr in6addr_linklocal_allnodes = 108 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 109 const struct in6_addr in6addr_linklocal_allrouters = 110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 111 112 const struct in6_addr in6mask0 = IN6MASK0; 113 const struct in6_addr in6mask32 = IN6MASK32; 114 const struct in6_addr in6mask64 = IN6MASK64; 115 const struct in6_addr in6mask96 = IN6MASK96; 116 const struct in6_addr in6mask128 = IN6MASK128; 117 118 int in6_ioctl(u_long, caddr_t, struct ifnet *, int); 119 int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *); 120 int in6_ioctl_get(u_long, caddr_t, struct ifnet *); 121 int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int); 122 int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int); 123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 125 126 const struct sockaddr_in6 sa6_any = { 127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 128 }; 129 130 int 131 in6_mask2len(struct in6_addr *mask, u_char *lim0) 132 { 133 int x = 0, y; 134 u_char *lim = lim0, *p; 135 136 /* ignore the scope_id part */ 137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 138 lim = (u_char *)mask + sizeof(*mask); 139 for (p = (u_char *)mask; p < lim; x++, p++) { 140 if (*p != 0xff) 141 break; 142 } 143 y = 0; 144 if (p < lim) { 145 for (y = 0; y < 8; y++) { 146 if ((*p & (0x80 >> y)) == 0) 147 break; 148 } 149 } 150 151 /* 152 * when the limit pointer is given, do a stricter check on the 153 * remaining bits. 154 */ 155 if (p < lim) { 156 if (y != 0 && (*p & (0x00ff >> y)) != 0) 157 return (-1); 158 for (p = p + 1; p < lim; p++) 159 if (*p != 0) 160 return (-1); 161 } 162 163 return x * 8 + y; 164 } 165 166 int 167 in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) 168 { 169 struct sockaddr *sa = mtod(nam, struct sockaddr *); 170 171 if (nam->m_len < offsetof(struct sockaddr, sa_data)) 172 return EINVAL; 173 if (sa->sa_family != AF_INET6) 174 return EAFNOSUPPORT; 175 if (sa->sa_len != nam->m_len) 176 return EINVAL; 177 if (sa->sa_len != sizeof(struct sockaddr_in6)) 178 return EINVAL; 179 *sin6 = satosin6(sa); 180 181 return 0; 182 } 183 184 int 185 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) 186 { 187 int privileged; 188 int error; 189 190 privileged = 0; 191 if ((so->so_state & SS_PRIV) != 0) 192 privileged++; 193 194 switch (cmd) { 195 #ifdef MROUTING 196 case SIOCGETSGCNT_IN6: 197 case SIOCGETMIFCNT_IN6: 198 error = mrt6_ioctl(so, cmd, data); 199 break; 200 #endif /* MROUTING */ 201 default: 202 error = in6_ioctl(cmd, data, ifp, privileged); 203 break; 204 } 205 206 return error; 207 } 208 209 int 210 in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) 211 { 212 if (ifp == NULL) 213 return (ENXIO); 214 215 switch (cmd) { 216 case SIOCGIFINFO_IN6: 217 case SIOCGNBRINFO_IN6: 218 return (nd6_ioctl(cmd, data, ifp)); 219 case SIOCGIFDSTADDR_IN6: 220 case SIOCGIFNETMASK_IN6: 221 case SIOCGIFAFLAG_IN6: 222 case SIOCGIFALIFETIME_IN6: 223 return (in6_ioctl_get(cmd, data, ifp)); 224 case SIOCAIFADDR_IN6: 225 case SIOCDIFADDR_IN6: 226 if (!privileged) 227 return (EPERM); 228 return (in6_ioctl_change_ifaddr(cmd, data, ifp)); 229 case SIOCSIFADDR: 230 case SIOCSIFDSTADDR: 231 case SIOCSIFBRDADDR: 232 case SIOCSIFNETMASK: 233 /* 234 * Do not pass those ioctl to driver handler since they are not 235 * properly set up. Instead just error out. 236 */ 237 return (EINVAL); 238 default: 239 return (EOPNOTSUPP); 240 } 241 } 242 243 int 244 in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp) 245 { 246 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 247 struct in6_ifaddr *ia6 = NULL; 248 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 249 struct sockaddr_in6 *sa6; 250 int error = 0, newifaddr = 0, plen; 251 252 /* 253 * Find address for this interface, if it exists. 254 * 255 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 256 * only, and used the first interface address as the target of other 257 * operations (without checking ifra_addr). This was because netinet 258 * code/API assumed at most 1 interface address per interface. 259 * Since IPv6 allows a node to assign multiple addresses 260 * on a single interface, we almost always look and check the 261 * presence of ifra_addr, and reject invalid ones here. 262 * It also decreases duplicated code among SIOC*_IN6 operations. 263 */ 264 switch (cmd) { 265 case SIOCAIFADDR_IN6: 266 sa6 = &ifra->ifra_addr; 267 break; 268 case SIOCDIFADDR_IN6: 269 sa6 = &ifr->ifr_addr; 270 break; 271 default: 272 panic("unknown ioctl %lu", cmd); 273 } 274 275 NET_LOCK(); 276 277 if (sa6 && sa6->sin6_family == AF_INET6) { 278 error = in6_check_embed_scope(sa6, ifp->if_index); 279 if (error) 280 goto err; 281 error = in6_clear_scope_id(sa6, ifp->if_index); 282 if (error) 283 goto err; 284 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 285 } 286 287 switch (cmd) { 288 case SIOCDIFADDR_IN6: 289 /* 290 * for IPv4, we look for existing in_ifaddr here to allow 291 * "ifconfig if0 delete" to remove the first IPv4 address on 292 * the interface. For IPv6, as the spec allows multiple 293 * interface address from the day one, we consider "remove the 294 * first one" semantics to be not preferable. 295 */ 296 if (ia6 == NULL) { 297 error = EADDRNOTAVAIL; 298 break; 299 } 300 /* 301 * We always require users to specify a valid IPv6 address for 302 * the corresponding operation. 303 */ 304 if (ifra->ifra_addr.sin6_family != AF_INET6 || 305 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 306 error = EAFNOSUPPORT; 307 break; 308 } 309 in6_purgeaddr(&ia6->ia_ifa); 310 dohooks(ifp->if_addrhooks, 0); 311 break; 312 313 case SIOCAIFADDR_IN6: 314 /* 315 * We always require users to specify a valid IPv6 address for 316 * the corresponding operation. 317 */ 318 if (ifra->ifra_addr.sin6_family != AF_INET6 || 319 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 320 error = EAFNOSUPPORT; 321 break; 322 } 323 324 /* reject read-only flags */ 325 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 326 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 327 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 328 error = EINVAL; 329 break; 330 } 331 332 if (ia6 == NULL) 333 newifaddr = 1; 334 335 /* 336 * Make the address tentative before joining multicast 337 * addresses, so that corresponding MLD responses would 338 * not have a tentative source address. 339 */ 340 if (newifaddr && in6if_do_dad(ifp)) 341 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 342 343 /* 344 * first, make or update the interface address structure, 345 * and link it to the list. try to enable inet6 if there 346 * is no link-local yet. 347 */ 348 error = in6_ifattach(ifp); 349 if (error != 0) 350 break; 351 error = in6_update_ifa(ifp, ifra, ia6); 352 if (error != 0) 353 break; 354 355 ia6 = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr); 356 if (ia6 == NULL) { 357 /* 358 * this can happen when the user specify the 0 valid 359 * lifetime. 360 */ 361 break; 362 } 363 364 /* Perform DAD, if needed. */ 365 if (ia6->ia6_flags & IN6_IFF_TENTATIVE) 366 nd6_dad_start(&ia6->ia_ifa); 367 368 if (!newifaddr) { 369 dohooks(ifp->if_addrhooks, 0); 370 break; 371 } 372 373 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 374 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) { 375 dohooks(ifp->if_addrhooks, 0); 376 break; /* No need to install a connected route. */ 377 } 378 379 error = rt_ifa_add(&ia6->ia_ifa, 380 RTF_CLONING | RTF_CONNECTED | RTF_MPATH, 381 ia6->ia_ifa.ifa_addr, ifp->if_rdomain); 382 if (error) { 383 in6_purgeaddr(&ia6->ia_ifa); 384 break; 385 } 386 dohooks(ifp->if_addrhooks, 0); 387 break; 388 } 389 390 err: 391 NET_UNLOCK(); 392 return (error); 393 } 394 395 int 396 in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp) 397 { 398 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 399 struct in6_ifaddr *ia6 = NULL; 400 struct sockaddr_in6 *sa6; 401 int error = 0; 402 403 sa6 = &ifr->ifr_addr; 404 405 NET_RLOCK(); 406 407 if (sa6 && sa6->sin6_family == AF_INET6) { 408 error = in6_check_embed_scope(sa6, ifp->if_index); 409 if (error) 410 goto err; 411 error = in6_clear_scope_id(sa6, ifp->if_index); 412 if (error) 413 goto err; 414 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 415 } 416 417 /* must think again about its semantics */ 418 if (ia6 == NULL) { 419 error = EADDRNOTAVAIL; 420 goto err; 421 } 422 423 switch (cmd) { 424 case SIOCGIFDSTADDR_IN6: 425 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 426 error = EINVAL; 427 break; 428 } 429 /* 430 * XXX: should we check if ifa_dstaddr is NULL and return 431 * an error? 432 */ 433 ifr->ifr_dstaddr = ia6->ia_dstaddr; 434 break; 435 436 case SIOCGIFNETMASK_IN6: 437 ifr->ifr_addr = ia6->ia_prefixmask; 438 break; 439 440 case SIOCGIFAFLAG_IN6: 441 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags; 442 break; 443 444 case SIOCGIFALIFETIME_IN6: 445 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime; 446 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 447 time_t expire, maxexpire; 448 struct in6_addrlifetime *retlt = 449 &ifr->ifr_ifru.ifru_lifetime; 450 451 /* 452 * XXX: adjust expiration time assuming time_t is 453 * signed. 454 */ 455 maxexpire = 456 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 457 if (ia6->ia6_lifetime.ia6t_vltime < 458 maxexpire - ia6->ia6_updatetime) { 459 expire = ia6->ia6_updatetime + 460 ia6->ia6_lifetime.ia6t_vltime; 461 if (expire != 0) { 462 expire -= time_uptime; 463 expire += time_second; 464 } 465 retlt->ia6t_expire = expire; 466 } else 467 retlt->ia6t_expire = maxexpire; 468 } 469 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 470 time_t expire, maxexpire; 471 struct in6_addrlifetime *retlt = 472 &ifr->ifr_ifru.ifru_lifetime; 473 474 /* 475 * XXX: adjust expiration time assuming time_t is 476 * signed. 477 */ 478 maxexpire = 479 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 480 if (ia6->ia6_lifetime.ia6t_pltime < 481 maxexpire - ia6->ia6_updatetime) { 482 expire = ia6->ia6_updatetime + 483 ia6->ia6_lifetime.ia6t_pltime; 484 if (expire != 0) { 485 expire -= time_uptime; 486 expire += time_second; 487 } 488 retlt->ia6t_preferred = expire; 489 } else 490 retlt->ia6t_preferred = maxexpire; 491 } 492 break; 493 494 default: 495 panic("invalid ioctl %lu", cmd); 496 } 497 498 err: 499 NET_RUNLOCK(); 500 return (error); 501 } 502 503 int 504 in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx) 505 { 506 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 507 if (sa6->sin6_addr.s6_addr16[1] == 0) { 508 /* link ID is not embedded by the user */ 509 sa6->sin6_addr.s6_addr16[1] = htons(ifidx); 510 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx)) 511 return EINVAL; /* link ID contradicts */ 512 } 513 return 0; 514 } 515 516 int 517 in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx) 518 { 519 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 520 if (sa6->sin6_scope_id) { 521 if (sa6->sin6_scope_id != (u_int32_t)ifidx) 522 return EINVAL; 523 sa6->sin6_scope_id = 0; /* XXX: good way? */ 524 } 525 } 526 return 0; 527 } 528 529 /* 530 * Update parameters of an IPv6 interface address. 531 * If necessary, a new entry is created and linked into address chains. 532 * This function is separated from in6_control(). 533 */ 534 int 535 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 536 struct in6_ifaddr *ia6) 537 { 538 int error = 0, hostIsNew = 0, plen = -1; 539 struct sockaddr_in6 dst6; 540 struct in6_addrlifetime *lt; 541 struct in6_multi_mship *imm; 542 struct rtentry *rt; 543 char addr[INET6_ADDRSTRLEN]; 544 545 NET_ASSERT_LOCKED(); 546 547 /* Validate parameters */ 548 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 549 return (EINVAL); 550 551 /* 552 * The destination address for a p2p link must have a family 553 * of AF_UNSPEC or AF_INET6. 554 */ 555 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 556 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 557 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 558 return (EAFNOSUPPORT); 559 560 /* 561 * validate ifra_prefixmask. don't check sin6_family, netmask 562 * does not carry fields other than sin6_len. 563 */ 564 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 565 return (EINVAL); 566 /* 567 * Because the IPv6 address architecture is classless, we require 568 * users to specify a (non 0) prefix length (mask) for a new address. 569 * We also require the prefix (when specified) mask is valid, and thus 570 * reject a non-consecutive mask. 571 */ 572 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0) 573 return (EINVAL); 574 if (ifra->ifra_prefixmask.sin6_len != 0) { 575 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 576 (u_char *)&ifra->ifra_prefixmask + 577 ifra->ifra_prefixmask.sin6_len); 578 if (plen <= 0) 579 return (EINVAL); 580 } else { 581 /* 582 * In this case, ia6 must not be NULL. We just use its prefix 583 * length. 584 */ 585 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 586 } 587 /* 588 * If the destination address on a p2p interface is specified, 589 * and the address is a scoped one, validate/set the scope 590 * zone identifier. 591 */ 592 dst6 = ifra->ifra_dstaddr; 593 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 594 (dst6.sin6_family == AF_INET6)) { 595 error = in6_check_embed_scope(&dst6, ifp->if_index); 596 if (error) 597 return error; 598 } 599 /* 600 * The destination address can be specified only for a p2p or a 601 * loopback interface. If specified, the corresponding prefix length 602 * must be 128. 603 */ 604 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 605 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) 606 return (EINVAL); 607 if (plen != 128) 608 return (EINVAL); 609 } 610 /* lifetime consistency check */ 611 lt = &ifra->ifra_lifetime; 612 if (lt->ia6t_pltime > lt->ia6t_vltime) 613 return (EINVAL); 614 if (lt->ia6t_vltime == 0) { 615 /* 616 * the following log might be noisy, but this is a typical 617 * configuration mistake or a tool's bug. 618 */ 619 nd6log((LOG_INFO, 620 "in6_update_ifa: valid lifetime is 0 for %s\n", 621 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr, 622 addr, sizeof(addr)))); 623 624 if (ia6 == NULL) 625 return (0); /* there's nothing to do */ 626 } 627 628 /* 629 * If this is a new address, allocate a new ifaddr and link it 630 * into chains. 631 */ 632 if (ia6 == NULL) { 633 hostIsNew = 1; 634 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO); 635 LIST_INIT(&ia6->ia6_memberships); 636 /* Initialize the address and masks, and put time stamp */ 637 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr); 638 ia6->ia_addr.sin6_family = AF_INET6; 639 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); 640 ia6->ia6_updatetime = time_uptime; 641 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 642 /* 643 * XXX: some functions expect that ifa_dstaddr is not 644 * NULL for p2p interfaces. 645 */ 646 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr); 647 } else { 648 ia6->ia_ifa.ifa_dstaddr = NULL; 649 } 650 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask); 651 652 ia6->ia_ifp = ifp; 653 ia6->ia_addr = ifra->ifra_addr; 654 ifa_add(ifp, &ia6->ia_ifa); 655 } 656 657 /* set prefix mask */ 658 if (ifra->ifra_prefixmask.sin6_len) { 659 /* 660 * We prohibit changing the prefix length of an existing 661 * address, because 662 * + such an operation should be rare in IPv6, and 663 * + the operation would confuse prefix management. 664 */ 665 if (ia6->ia_prefixmask.sin6_len && 666 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) { 667 error = EINVAL; 668 goto unlink; 669 } 670 ia6->ia_prefixmask = ifra->ifra_prefixmask; 671 } 672 673 /* 674 * If a new destination address is specified, scrub the old one and 675 * install the new destination. Note that the interface must be 676 * p2p or loopback (see the check above.) 677 */ 678 if ((ifp->if_flags & IFF_POINTOPOINT) && dst6.sin6_family == AF_INET6 && 679 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { 680 struct ifaddr *ifa = &ia6->ia_ifa; 681 682 if ((ia6->ia_flags & IFA_ROUTE) != 0 && 683 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 684 ifp->if_rdomain) != 0) { 685 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 686 "a route to the old destination: %s\n", 687 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 688 addr, sizeof(addr)))); 689 /* proceed anyway... */ 690 } else 691 ia6->ia_flags &= ~IFA_ROUTE; 692 ia6->ia_dstaddr = dst6; 693 } 694 695 /* 696 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 697 * to see if the address is deprecated or invalidated, but initialize 698 * these members for applications. 699 */ 700 ia6->ia6_updatetime = time_uptime; 701 ia6->ia6_lifetime = ifra->ifra_lifetime; 702 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 703 ia6->ia6_lifetime.ia6t_expire = 704 time_uptime + ia6->ia6_lifetime.ia6t_vltime; 705 } else 706 ia6->ia6_lifetime.ia6t_expire = 0; 707 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 708 ia6->ia6_lifetime.ia6t_preferred = 709 time_uptime + ia6->ia6_lifetime.ia6t_pltime; 710 } else 711 ia6->ia6_lifetime.ia6t_preferred = 0; 712 713 /* reset the interface and routing table appropriately. */ 714 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0) 715 goto unlink; 716 717 /* re-run DAD */ 718 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 719 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 720 /* 721 * configure address flags. 722 */ 723 ia6->ia6_flags = ifra->ifra_flags; 724 725 nd6_expire_timer_update(ia6); 726 727 /* 728 * We are done if we have simply modified an existing address. 729 */ 730 if (!hostIsNew) 731 return (error); 732 733 /* 734 * Beyond this point, we should call in6_purgeaddr upon an error, 735 * not just go to unlink. 736 */ 737 738 /* join necessary multiast groups */ 739 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 740 struct sockaddr_in6 mltaddr, mltmask; 741 742 /* join solicited multicast addr for new host id */ 743 struct sockaddr_in6 llsol; 744 745 bzero(&llsol, sizeof(llsol)); 746 llsol.sin6_family = AF_INET6; 747 llsol.sin6_len = sizeof(llsol); 748 llsol.sin6_addr.s6_addr16[0] = htons(0xff02); 749 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 750 llsol.sin6_addr.s6_addr32[1] = 0; 751 llsol.sin6_addr.s6_addr32[2] = htonl(1); 752 llsol.sin6_addr.s6_addr32[3] = 753 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 754 llsol.sin6_addr.s6_addr8[12] = 0xff; 755 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error); 756 if (!imm) 757 goto cleanup; 758 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 759 760 bzero(&mltmask, sizeof(mltmask)); 761 mltmask.sin6_len = sizeof(struct sockaddr_in6); 762 mltmask.sin6_family = AF_INET6; 763 mltmask.sin6_addr = in6mask32; 764 765 /* 766 * join link-local all-nodes address 767 */ 768 bzero(&mltaddr, sizeof(mltaddr)); 769 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 770 mltaddr.sin6_family = AF_INET6; 771 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 772 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 773 mltaddr.sin6_scope_id = 0; 774 775 /* 776 * XXX: do we really need this automatic routes? 777 * We should probably reconsider this stuff. Most applications 778 * actually do not need the routes, since they usually specify 779 * the outgoing interface. 780 */ 781 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 782 if (rt) { 783 /* 32bit came from "mltmask" */ 784 if (memcmp(&mltaddr.sin6_addr, 785 &satosin6(rt_key(rt))->sin6_addr, 786 32 / 8)) { 787 rtfree(rt); 788 rt = NULL; 789 } 790 } 791 if (!rt) { 792 struct rt_addrinfo info; 793 794 bzero(&info, sizeof(info)); 795 info.rti_ifa = &ia6->ia_ifa; 796 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 797 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 798 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 799 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 800 info.rti_flags = RTF_MULTICAST; 801 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 802 ifp->if_rdomain); 803 if (error) 804 goto cleanup; 805 } else { 806 rtfree(rt); 807 } 808 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 809 if (!imm) 810 goto cleanup; 811 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 812 813 /* 814 * join interface-local all-nodes address. 815 * (ff01::1%ifN, and ff01::%ifN/32) 816 */ 817 bzero(&mltaddr, sizeof(mltaddr)); 818 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 819 mltaddr.sin6_family = AF_INET6; 820 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes; 821 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 822 mltaddr.sin6_scope_id = 0; 823 824 /* XXX: again, do we really need the route? */ 825 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 826 if (rt) { 827 /* 32bit came from "mltmask" */ 828 if (memcmp(&mltaddr.sin6_addr, 829 &satosin6(rt_key(rt))->sin6_addr, 830 32 / 8)) { 831 rtfree(rt); 832 rt = NULL; 833 } 834 } 835 if (!rt) { 836 struct rt_addrinfo info; 837 838 bzero(&info, sizeof(info)); 839 info.rti_ifa = &ia6->ia_ifa; 840 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 841 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 842 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 843 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 844 info.rti_flags = RTF_MULTICAST; 845 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 846 ifp->if_rdomain); 847 if (error) 848 goto cleanup; 849 } else { 850 rtfree(rt); 851 } 852 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 853 if (!imm) 854 goto cleanup; 855 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 856 } 857 858 return (error); 859 860 unlink: 861 /* 862 * XXX: if a change of an existing address failed, keep the entry 863 * anyway. 864 */ 865 if (hostIsNew) 866 in6_unlink_ifa(ia6, ifp); 867 return (error); 868 869 cleanup: 870 in6_purgeaddr(&ia6->ia_ifa); 871 return error; 872 } 873 874 void 875 in6_purgeaddr(struct ifaddr *ifa) 876 { 877 struct ifnet *ifp = ifa->ifa_ifp; 878 struct in6_ifaddr *ia6 = ifatoia6(ifa); 879 struct in6_multi_mship *imm; 880 881 /* stop DAD processing */ 882 nd6_dad_stop(ifa); 883 884 /* 885 * delete route to the destination of the address being purged. 886 * The interface must be p2p or loopback in this case. 887 */ 888 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) && 889 ia6->ia_dstaddr.sin6_len != 0) { 890 int e; 891 892 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 893 ifp->if_rdomain); 894 if (e != 0) { 895 char addr[INET6_ADDRSTRLEN]; 896 log(LOG_ERR, "in6_purgeaddr: failed to remove " 897 "a route to the p2p destination: %s on %s, " 898 "errno=%d\n", 899 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 900 addr, sizeof(addr)), 901 ifp->if_xname, e); 902 /* proceed anyway... */ 903 } else 904 ia6->ia_flags &= ~IFA_ROUTE; 905 } 906 907 /* Remove ownaddr's loopback rtentry, if it exists. */ 908 rt_ifa_dellocal(&(ia6->ia_ifa)); 909 910 /* 911 * leave from multicast groups we have joined for the interface 912 */ 913 while (!LIST_EMPTY(&ia6->ia6_memberships)) { 914 imm = LIST_FIRST(&ia6->ia6_memberships); 915 LIST_REMOVE(imm, i6mm_chain); 916 in6_leavegroup(imm); 917 } 918 919 in6_unlink_ifa(ia6, ifp); 920 } 921 922 void 923 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) 924 { 925 struct ifaddr *ifa = &ia6->ia_ifa; 926 extern int ifatrash; 927 int plen; 928 929 NET_ASSERT_LOCKED(); 930 931 /* Release the reference to the base prefix. */ 932 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 933 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) { 934 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED, 935 ifa->ifa_addr, ifp->if_rdomain); 936 } 937 938 rt_ifa_purge(ifa); 939 ifa_del(ifp, ifa); 940 941 ifatrash++; 942 ia6->ia_ifp = NULL; 943 ifafree(&ia6->ia_ifa); 944 } 945 946 /* 947 * Initialize an interface's intetnet6 address 948 * and routing table entry. 949 */ 950 int 951 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost) 952 { 953 int error = 0, plen, ifacount = 0; 954 struct ifaddr *ifa; 955 956 NET_ASSERT_LOCKED(); 957 958 /* 959 * Give the interface a chance to initialize 960 * if this is its first address (or it is a CARP interface) 961 * and to validate the address if necessary. 962 */ 963 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 964 if (ifa->ifa_addr->sa_family != AF_INET6) 965 continue; 966 ifacount++; 967 } 968 969 if ((ifacount <= 1 || ifp->if_type == IFT_CARP || 970 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) && 971 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) { 972 return (error); 973 } 974 975 ia6->ia_ifa.ifa_metric = ifp->if_metric; 976 977 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 978 979 /* 980 * Special case: 981 * If the destination address is specified for a point-to-point 982 * interface, install a route to the destination as an interface 983 * direct route. 984 */ 985 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */ 986 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 && 987 ia6->ia_dstaddr.sin6_family == AF_INET6) { 988 ifa = &ia6->ia_ifa; 989 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH, 990 ifa->ifa_dstaddr, ifp->if_rdomain); 991 if (error != 0) 992 return (error); 993 ia6->ia_flags |= IFA_ROUTE; 994 } 995 996 if (newhost) 997 error = rt_ifa_addlocal(&(ia6->ia_ifa)); 998 999 return (error); 1000 } 1001 1002 /* 1003 * Add an address to the list of IP6 multicast addresses for a 1004 * given interface. 1005 */ 1006 struct in6_multi * 1007 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1008 { 1009 struct in6_ifreq ifr; 1010 struct in6_multi *in6m; 1011 1012 NET_ASSERT_LOCKED(); 1013 1014 *errorp = 0; 1015 /* 1016 * See if address already in list. 1017 */ 1018 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1019 if (in6m != NULL) { 1020 /* 1021 * Found it; just increment the refrence count. 1022 */ 1023 in6m->in6m_refcnt++; 1024 } else { 1025 /* 1026 * New address; allocate a new multicast record 1027 * and link it into the interface's multicast list. 1028 */ 1029 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO); 1030 if (in6m == NULL) { 1031 *errorp = ENOBUFS; 1032 return (NULL); 1033 } 1034 1035 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6); 1036 in6m->in6m_sin.sin6_family = AF_INET6; 1037 in6m->in6m_sin.sin6_addr = *maddr6; 1038 in6m->in6m_refcnt = 1; 1039 in6m->in6m_ifidx = ifp->if_index; 1040 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin); 1041 1042 /* 1043 * Ask the network driver to update its multicast reception 1044 * filter appropriately for the new address. 1045 */ 1046 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin)); 1047 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr); 1048 if (*errorp) { 1049 free(in6m, M_IPMADDR, sizeof(*in6m)); 1050 return (NULL); 1051 } 1052 1053 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma, 1054 ifma_list); 1055 1056 /* 1057 * Let MLD6 know that we have joined a new IP6 multicast 1058 * group. 1059 */ 1060 mld6_start_listening(in6m); 1061 } 1062 1063 return (in6m); 1064 } 1065 1066 /* 1067 * Delete a multicast address record. 1068 */ 1069 void 1070 in6_delmulti(struct in6_multi *in6m) 1071 { 1072 struct in6_ifreq ifr; 1073 struct ifnet *ifp; 1074 1075 NET_ASSERT_LOCKED(); 1076 1077 if (--in6m->in6m_refcnt == 0) { 1078 /* 1079 * No remaining claims to this record; let MLD6 know 1080 * that we are leaving the multicast group. 1081 */ 1082 mld6_stop_listening(in6m); 1083 ifp = if_get(in6m->in6m_ifidx); 1084 1085 /* 1086 * Notify the network driver to update its multicast 1087 * reception filter. 1088 */ 1089 if (ifp != NULL) { 1090 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6)); 1091 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6); 1092 ifr.ifr_addr.sin6_family = AF_INET6; 1093 ifr.ifr_addr.sin6_addr = in6m->in6m_addr; 1094 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); 1095 1096 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma, 1097 ifma_list); 1098 } 1099 if_put(ifp); 1100 1101 free(in6m, M_IPMADDR, sizeof(*in6m)); 1102 } 1103 } 1104 1105 /* 1106 * Return 1 if the multicast group represented by ``maddr6'' has been 1107 * joined by interface ``ifp'', 0 otherwise. 1108 */ 1109 int 1110 in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp) 1111 { 1112 struct in6_multi *in6m; 1113 int joined; 1114 1115 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1116 joined = (in6m != NULL); 1117 1118 return (joined); 1119 } 1120 1121 struct in6_multi_mship * 1122 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp) 1123 { 1124 struct in6_multi_mship *imm; 1125 1126 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT); 1127 if (!imm) { 1128 *errorp = ENOBUFS; 1129 return NULL; 1130 } 1131 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp); 1132 if (!imm->i6mm_maddr) { 1133 /* *errorp is alrady set */ 1134 free(imm, M_IPMADDR, sizeof(*imm)); 1135 return NULL; 1136 } 1137 return imm; 1138 } 1139 1140 void 1141 in6_leavegroup(struct in6_multi_mship *imm) 1142 { 1143 1144 if (imm->i6mm_maddr) 1145 in6_delmulti(imm->i6mm_maddr); 1146 free(imm, M_IPMADDR, sizeof(*imm)); 1147 } 1148 1149 /* 1150 * Find an IPv6 interface link-local address specific to an interface. 1151 */ 1152 struct in6_ifaddr * 1153 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1154 { 1155 struct ifaddr *ifa; 1156 1157 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1158 if (ifa->ifa_addr->sa_family != AF_INET6) 1159 continue; 1160 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1161 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0) 1162 continue; 1163 break; 1164 } 1165 } 1166 1167 return (ifatoia6(ifa)); 1168 } 1169 1170 1171 /* 1172 * find the internet address corresponding to a given interface and address. 1173 */ 1174 struct in6_ifaddr * 1175 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1176 { 1177 struct ifaddr *ifa; 1178 1179 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1180 if (ifa->ifa_addr->sa_family != AF_INET6) 1181 continue; 1182 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1183 break; 1184 } 1185 1186 return (ifatoia6(ifa)); 1187 } 1188 1189 /* 1190 * Get a scope of the address. Node-local, link-local, site-local or global. 1191 */ 1192 int 1193 in6_addrscope(struct in6_addr *addr) 1194 { 1195 int scope; 1196 1197 if (addr->s6_addr8[0] == 0xfe) { 1198 scope = addr->s6_addr8[1] & 0xc0; 1199 1200 switch (scope) { 1201 case 0x80: 1202 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1203 break; 1204 case 0xc0: 1205 return __IPV6_ADDR_SCOPE_SITELOCAL; 1206 break; 1207 default: 1208 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */ 1209 break; 1210 } 1211 } 1212 1213 1214 if (addr->s6_addr8[0] == 0xff) { 1215 scope = addr->s6_addr8[1] & 0x0f; 1216 1217 /* 1218 * due to other scope such as reserved, 1219 * return scope doesn't work. 1220 */ 1221 switch (scope) { 1222 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1223 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1224 break; 1225 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1226 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1227 break; 1228 case __IPV6_ADDR_SCOPE_SITELOCAL: 1229 return __IPV6_ADDR_SCOPE_SITELOCAL; 1230 break; 1231 default: 1232 return __IPV6_ADDR_SCOPE_GLOBAL; 1233 break; 1234 } 1235 } 1236 1237 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) { 1238 if (addr->s6_addr8[15] == 1) /* loopback */ 1239 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1240 if (addr->s6_addr8[15] == 0) /* unspecified */ 1241 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1242 } 1243 1244 return __IPV6_ADDR_SCOPE_GLOBAL; 1245 } 1246 1247 int 1248 in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr) 1249 { 1250 int scope = in6_addrscope(addr); 1251 1252 switch(scope) { 1253 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1254 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1255 /* XXX: we do not distinguish between a link and an I/F. */ 1256 return (ifidx); 1257 1258 case __IPV6_ADDR_SCOPE_SITELOCAL: 1259 return (0); /* XXX: invalid. */ 1260 1261 default: 1262 return (0); /* XXX: treat as global. */ 1263 } 1264 } 1265 1266 /* 1267 * return length of part which dst and src are equal 1268 * hard coding... 1269 */ 1270 int 1271 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1272 { 1273 int match = 0; 1274 u_char *s = (u_char *)src, *d = (u_char *)dst; 1275 u_char *lim = s + 16, r; 1276 1277 while (s < lim) 1278 if ((r = (*d++ ^ *s++)) != 0) { 1279 while (r < 128) { 1280 match++; 1281 r <<= 1; 1282 } 1283 break; 1284 } else 1285 match += 8; 1286 return match; 1287 } 1288 1289 void 1290 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1291 { 1292 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1293 int bytelen, bitlen, i; 1294 1295 /* sanity check */ 1296 if (0 > len || len > 128) { 1297 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1298 len); 1299 return; 1300 } 1301 1302 bzero(maskp, sizeof(*maskp)); 1303 bytelen = len / 8; 1304 bitlen = len % 8; 1305 for (i = 0; i < bytelen; i++) 1306 maskp->s6_addr[i] = 0xff; 1307 /* len == 128 is ok because bitlen == 0 then */ 1308 if (bitlen) 1309 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1310 } 1311 1312 /* 1313 * return the best address out of the same scope 1314 */ 1315 struct in6_ifaddr * 1316 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) 1317 { 1318 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1319 int blen = -1; 1320 struct ifaddr *ifa; 1321 struct ifnet *ifp; 1322 struct in6_ifaddr *ia6_best = NULL; 1323 1324 if (oifp == NULL) { 1325 printf("in6_ifawithscope: output interface is not specified\n"); 1326 return (NULL); 1327 } 1328 1329 /* 1330 * We search for all addresses on all interfaces from the beginning. 1331 * Comparing an interface with the outgoing interface will be done 1332 * only at the final stage of tiebreaking. 1333 */ 1334 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1335 if (ifp->if_rdomain != rdomain) 1336 continue; 1337 #if NCARP > 0 1338 /* 1339 * Never use a carp address of an interface which is not 1340 * the master. 1341 */ 1342 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp)) 1343 continue; 1344 #endif 1345 1346 /* 1347 * We can never take an address that breaks the scope zone 1348 * of the destination. 1349 */ 1350 if (in6_addr2scopeid(ifp->if_index, dst) != 1351 in6_addr2scopeid(oifp->if_index, dst)) 1352 continue; 1353 1354 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1355 int tlen = -1, dscopecmp, bscopecmp, matchcmp; 1356 1357 if (ifa->ifa_addr->sa_family != AF_INET6) 1358 continue; 1359 1360 src_scope = in6_addrscope(IFA_IN6(ifa)); 1361 1362 #ifdef ADDRSELECT_DEBUG /* should be removed after stabilization */ 1363 { 1364 char adst[INET6_ADDRSTRLEN], asrc[INET6_ADDRSTRLEN]; 1365 char bestaddr[INET6_ADDRSTRLEN]; 1366 1367 1368 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 1369 printf("in6_ifawithscope: dst=%s bestaddr=%s, " 1370 "newaddr=%s, scope=%x, dcmp=%d, bcmp=%d, " 1371 "matchlen=%d, flgs=%x\n", 1372 inet_ntop(AF_INET6, dst, adst, sizeof(adst)), 1373 (ia6_best == NULL) ? "none" : 1374 inet_ntop(AF_INET6, &ia6_best->ia_addr.sin6_addr, 1375 bestaddr, sizeof(bestaddr)), 1376 inet_ntop(AF_INET6, IFA_IN6(ifa), 1377 asrc, sizeof(asrc)), 1378 src_scope, dscopecmp, 1379 ia6_best ? IN6_ARE_SCOPE_CMP(src_scope, best_scope) : -1, 1380 in6_matchlen(IFA_IN6(ifa), dst), 1381 ifatoia6(ifa)->ia6_flags); 1382 } 1383 #endif 1384 1385 /* 1386 * Don't use an address before completing DAD 1387 * nor a duplicated address. 1388 */ 1389 if (ifatoia6(ifa)->ia6_flags & 1390 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 1391 continue; 1392 1393 /* XXX: is there any case to allow anycasts? */ 1394 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) 1395 continue; 1396 1397 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED) 1398 continue; 1399 1400 /* 1401 * If this is the first address we find, 1402 * keep it anyway. 1403 */ 1404 if (ia6_best == NULL) 1405 goto replace; 1406 1407 /* 1408 * ia6_best is never NULL beyond this line except 1409 * within the block labeled "replace". 1410 */ 1411 1412 /* 1413 * If ia6_best has a smaller scope than dst and 1414 * the current address has a larger one than 1415 * (or equal to) dst, always replace ia6_best. 1416 * Also, if the current address has a smaller scope 1417 * than dst, ignore it unless ia6_best also has a 1418 * smaller scope. 1419 */ 1420 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 && 1421 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) 1422 goto replace; 1423 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 && 1424 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) 1425 continue; 1426 1427 /* 1428 * A deprecated address SHOULD NOT be used in new 1429 * communications if an alternate (non-deprecated) 1430 * address is available and has sufficient scope. 1431 * RFC 2462, Section 5.5.4. 1432 */ 1433 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1434 /* 1435 * Ignore any deprecated addresses if 1436 * specified by configuration. 1437 */ 1438 if (!ip6_use_deprecated) 1439 continue; 1440 1441 /* 1442 * If we have already found a non-deprecated 1443 * candidate, just ignore deprecated addresses. 1444 */ 1445 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) 1446 == 0) 1447 continue; 1448 } 1449 1450 /* 1451 * A non-deprecated address is always preferred 1452 * to a deprecated one regardless of scopes and 1453 * address matching. 1454 */ 1455 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) && 1456 (ifatoia6(ifa)->ia6_flags & 1457 IN6_IFF_DEPRECATED) == 0) 1458 goto replace; 1459 1460 /* RFC 3484 5. Rule 5: Prefer outgoing interface */ 1461 if (ia6_best->ia_ifp == oifp && ifp != oifp) 1462 continue; 1463 if (ia6_best->ia_ifp != oifp && ifp == oifp) 1464 goto replace; 1465 1466 /* 1467 * At this point, we have two cases: 1468 * 1. we are looking at a non-deprecated address, 1469 * and ia6_best is also non-deprecated. 1470 * 2. we are looking at a deprecated address, 1471 * and ia6_best is also deprecated. 1472 * Also, we do not have to consider a case where 1473 * the scope of if_best is larger(smaller) than dst and 1474 * the scope of the current address is smaller(larger) 1475 * than dst. Such a case has already been covered. 1476 * Tiebreaking is done according to the following 1477 * items: 1478 * - the scope comparison between the address and 1479 * dst (dscopecmp) 1480 * - the scope comparison between the address and 1481 * ia6_best (bscopecmp) 1482 * - if the address match dst longer than ia6_best 1483 * (matchcmp) 1484 * - if the address is on the outgoing I/F (outI/F) 1485 * 1486 * Roughly speaking, the selection policy is 1487 * - the most important item is scope. The same scope 1488 * is best. Then search for a larger scope. 1489 * Smaller scopes are the last resort. 1490 * - A deprecated address is chosen only when we have 1491 * no address that has an enough scope, but is 1492 * prefered to any addresses of smaller scopes. 1493 * - Longest address match against dst is considered 1494 * only for addresses that has the same scope of dst. 1495 * - If there is no other reasons to choose one, 1496 * addresses on the outgoing I/F are preferred. 1497 * 1498 * The precise decision table is as follows: 1499 * dscopecmp bscopecmp matchcmp outI/F | replace? 1500 * !equal equal N/A Yes | Yes (1) 1501 * !equal equal N/A No | No (2) 1502 * larger larger N/A N/A | No (3) 1503 * larger smaller N/A N/A | Yes (4) 1504 * smaller larger N/A N/A | Yes (5) 1505 * smaller smaller N/A N/A | No (6) 1506 * equal smaller N/A N/A | Yes (7) 1507 * equal larger (already done) 1508 * equal equal larger N/A | Yes (8) 1509 * equal equal smaller N/A | No (9) 1510 * equal equal equal Yes | Yes (a) 1511 * equal equal equal No | No (b) 1512 */ 1513 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 1514 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope); 1515 1516 if (dscopecmp && bscopecmp == 0) { 1517 if (oifp == ifp) /* (1) */ 1518 goto replace; 1519 continue; /* (2) */ 1520 } 1521 if (dscopecmp > 0) { 1522 if (bscopecmp > 0) /* (3) */ 1523 continue; 1524 goto replace; /* (4) */ 1525 } 1526 if (dscopecmp < 0) { 1527 if (bscopecmp > 0) /* (5) */ 1528 goto replace; 1529 continue; /* (6) */ 1530 } 1531 1532 /* now dscopecmp must be 0 */ 1533 if (bscopecmp < 0) 1534 goto replace; /* (7) */ 1535 1536 /* 1537 * At last both dscopecmp and bscopecmp must be 0. 1538 * We need address matching against dst for 1539 * tiebreaking. 1540 * Privacy addresses are preferred over public 1541 * addresses (RFC3484 requires a config knob for 1542 * this which we don't provide). 1543 */ 1544 if (oifp == ifp) { 1545 /* Do not replace temporary autoconf addresses 1546 * with non-temporary addresses. */ 1547 if ((ia6_best->ia6_flags & IN6_IFF_PRIVACY) && 1548 !(ifatoia6(ifa)->ia6_flags & 1549 IN6_IFF_PRIVACY)) 1550 continue; 1551 1552 /* Replace non-temporary autoconf addresses 1553 * with temporary addresses. */ 1554 if (!(ia6_best->ia6_flags & IN6_IFF_PRIVACY) && 1555 (ifatoia6(ifa)->ia6_flags & 1556 IN6_IFF_PRIVACY)) 1557 goto replace; 1558 } 1559 tlen = in6_matchlen(IFA_IN6(ifa), dst); 1560 matchcmp = tlen - blen; 1561 if (matchcmp > 0) { /* (8) */ 1562 #if NCARP > 0 1563 /* 1564 * Don't let carp interfaces win a tie against 1565 * the output interface based on matchlen. 1566 * We should only use a carp address if no 1567 * other interface has a usable address. 1568 * Otherwise, when communicating from a carp 1569 * master to a carp slave, the slave won't 1570 * respond since the carp address is also 1571 * configured as a local address on the slave. 1572 * Note that carp interfaces in backup state 1573 * were already skipped above. 1574 */ 1575 if (ifp->if_type == IFT_CARP && 1576 oifp->if_type != IFT_CARP) 1577 continue; 1578 #endif 1579 goto replace; 1580 } 1581 if (matchcmp < 0) /* (9) */ 1582 continue; 1583 if (oifp == ifp) /* (a) */ 1584 goto replace; 1585 continue; /* (b) */ 1586 1587 replace: 1588 ia6_best = ifatoia6(ifa); 1589 blen = tlen >= 0 ? tlen : 1590 in6_matchlen(IFA_IN6(ifa), dst); 1591 best_scope = in6_addrscope(&ia6_best->ia_addr.sin6_addr); 1592 } 1593 } 1594 1595 /* count statistics for future improvements */ 1596 if (ia6_best == NULL) 1597 ip6stat_inc(ip6s_sources_none); 1598 else { 1599 if (oifp == ia6_best->ia_ifp) 1600 ip6stat_inc(ip6s_sources_sameif + best_scope); 1601 else 1602 ip6stat_inc(ip6s_sources_otherif + best_scope); 1603 1604 if (best_scope == dst_scope) 1605 ip6stat_inc(ip6s_sources_samescope + best_scope); 1606 else 1607 ip6stat_inc(ip6s_sources_otherscope + best_scope); 1608 1609 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1610 ip6stat_inc(ip6s_sources_deprecated + best_scope); 1611 } 1612 1613 return (ia6_best); 1614 } 1615 1616 int 1617 in6if_do_dad(struct ifnet *ifp) 1618 { 1619 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 1620 return (0); 1621 1622 switch (ifp->if_type) { 1623 #if NCARP > 0 1624 case IFT_CARP: 1625 /* 1626 * XXX: DAD does not work currently on carp(4) 1627 * so disable it for now. 1628 */ 1629 return (0); 1630 #endif 1631 default: 1632 /* 1633 * Our DAD routine requires the interface up and running. 1634 * However, some interfaces can be up before the RUNNING 1635 * status. Additionaly, users may try to assign addresses 1636 * before the interface becomes up (or running). 1637 * We simply skip DAD in such a case as a work around. 1638 * XXX: we should rather mark "tentative" on such addresses, 1639 * and do DAD after the interface becomes ready. 1640 */ 1641 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 1642 (IFF_UP|IFF_RUNNING)) 1643 return (0); 1644 1645 return (1); 1646 } 1647 } 1648 1649 void * 1650 in6_domifattach(struct ifnet *ifp) 1651 { 1652 struct in6_ifextra *ext; 1653 1654 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK | M_ZERO); 1655 1656 ext->nd_ifinfo = nd6_ifattach(ifp); 1657 ext->nprefixes = 0; 1658 ext->ndefrouters = 0; 1659 return ext; 1660 } 1661 1662 void 1663 in6_domifdetach(struct ifnet *ifp, void *aux) 1664 { 1665 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 1666 1667 nd6_ifdetach(ext->nd_ifinfo); 1668 free(ext, M_IFADDR, sizeof(*ext)); 1669 } 1670