1 /* $OpenBSD: in6.c,v 1.138 2014/07/12 18:44:23 tedu Exp $ */ 2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include "bridge.h" 65 #include "carp.h" 66 67 #include <sys/param.h> 68 #include <sys/ioctl.h> 69 #include <sys/errno.h> 70 #include <sys/malloc.h> 71 #include <sys/socket.h> 72 #include <sys/socketvar.h> 73 #include <sys/sockio.h> 74 #include <sys/systm.h> 75 #include <sys/time.h> 76 #include <sys/kernel.h> 77 #include <sys/syslog.h> 78 79 #include <net/if.h> 80 #include <net/if_types.h> 81 #include <net/route.h> 82 #include <net/if_dl.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_ether.h> 86 #if NBRIDGE > 0 87 #include <net/if_bridge.h> 88 #endif 89 90 #include <netinet6/in6_var.h> 91 #include <netinet/ip6.h> 92 #include <netinet6/ip6_var.h> 93 #include <netinet6/nd6.h> 94 #include <netinet6/mld6_var.h> 95 #ifdef MROUTING 96 #include <netinet6/ip6_mroute.h> 97 #endif 98 #include <netinet6/in6_ifattach.h> 99 #if NCARP > 0 100 #include <netinet/ip_carp.h> 101 #endif 102 103 /* backward compatibility for a while... */ 104 #define COMPAT_IN6IFIOCTL 105 106 /* 107 * Definitions of some constant IP6 addresses. 108 */ 109 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 110 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 111 const struct in6_addr in6addr_intfacelocal_allnodes = 112 IN6ADDR_INTFACELOCAL_ALLNODES_INIT; 113 const struct in6_addr in6addr_linklocal_allnodes = 114 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 115 116 const struct in6_addr in6mask0 = IN6MASK0; 117 const struct in6_addr in6mask32 = IN6MASK32; 118 const struct in6_addr in6mask64 = IN6MASK64; 119 const struct in6_addr in6mask96 = IN6MASK96; 120 const struct in6_addr in6mask128 = IN6MASK128; 121 122 int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t, struct ifnet *); 123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 125 126 const struct sockaddr_in6 sa6_any = { 127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 128 }; 129 130 int 131 in6_mask2len(struct in6_addr *mask, u_char *lim0) 132 { 133 int x = 0, y; 134 u_char *lim = lim0, *p; 135 136 /* ignore the scope_id part */ 137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 138 lim = (u_char *)mask + sizeof(*mask); 139 for (p = (u_char *)mask; p < lim; x++, p++) { 140 if (*p != 0xff) 141 break; 142 } 143 y = 0; 144 if (p < lim) { 145 for (y = 0; y < 8; y++) { 146 if ((*p & (0x80 >> y)) == 0) 147 break; 148 } 149 } 150 151 /* 152 * when the limit pointer is given, do a stricter check on the 153 * remaining bits. 154 */ 155 if (p < lim) { 156 if (y != 0 && (*p & (0x00ff >> y)) != 0) 157 return (-1); 158 for (p = p + 1; p < lim; p++) 159 if (*p != 0) 160 return (-1); 161 } 162 163 return x * 8 + y; 164 } 165 166 int 167 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) 168 { 169 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 170 struct in6_ifaddr *ia6 = NULL; 171 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 172 struct sockaddr_in6 *sa6; 173 int privileged; 174 175 privileged = 0; 176 if ((so->so_state & SS_PRIV) != 0) 177 privileged++; 178 179 #ifdef MROUTING 180 switch (cmd) { 181 case SIOCGETSGCNT_IN6: 182 case SIOCGETMIFCNT_IN6: 183 return (mrt6_ioctl(cmd, data)); 184 } 185 #endif 186 187 if (ifp == NULL) 188 return (EOPNOTSUPP); 189 190 switch (cmd) { 191 case SIOCSNDFLUSH_IN6: 192 case SIOCSPFXFLUSH_IN6: 193 case SIOCSRTRFLUSH_IN6: 194 case SIOCSIFINFO_FLAGS: 195 if (!privileged) 196 return (EPERM); 197 /* FALLTHROUGH */ 198 case SIOCGIFINFO_IN6: 199 case SIOCGNBRINFO_IN6: 200 return (nd6_ioctl(cmd, data, ifp)); 201 } 202 203 switch (cmd) { 204 case SIOCSIFPREFIX_IN6: 205 case SIOCDIFPREFIX_IN6: 206 case SIOCAIFPREFIX_IN6: 207 case SIOCCIFPREFIX_IN6: 208 case SIOCSGIFPREFIX_IN6: 209 case SIOCGIFPREFIX_IN6: 210 log(LOG_NOTICE, 211 "prefix ioctls are now invalidated. " 212 "please use ifconfig.\n"); 213 return (EOPNOTSUPP); 214 } 215 216 switch (cmd) { 217 case SIOCALIFADDR: 218 case SIOCDLIFADDR: 219 if (!privileged) 220 return (EPERM); 221 /* FALLTHROUGH */ 222 case SIOCGLIFADDR: 223 return in6_lifaddr_ioctl(so, cmd, data, ifp); 224 } 225 226 /* 227 * Find address for this interface, if it exists. 228 * 229 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 230 * only, and used the first interface address as the target of other 231 * operations (without checking ifra_addr). This was because netinet 232 * code/API assumed at most 1 interface address per interface. 233 * Since IPv6 allows a node to assign multiple addresses 234 * on a single interface, we almost always look and check the 235 * presence of ifra_addr, and reject invalid ones here. 236 * It also decreases duplicated code among SIOC*_IN6 operations. 237 */ 238 switch (cmd) { 239 case SIOCAIFADDR_IN6: 240 case SIOCSIFPHYADDR_IN6: 241 sa6 = &ifra->ifra_addr; 242 break; 243 case SIOCSIFADDR_IN6: 244 case SIOCGIFADDR_IN6: 245 case SIOCSIFDSTADDR_IN6: 246 case SIOCSIFNETMASK_IN6: 247 case SIOCGIFDSTADDR_IN6: 248 case SIOCGIFNETMASK_IN6: 249 case SIOCDIFADDR_IN6: 250 case SIOCGIFPSRCADDR_IN6: 251 case SIOCGIFPDSTADDR_IN6: 252 case SIOCGIFAFLAG_IN6: 253 case SIOCSNDFLUSH_IN6: 254 case SIOCSPFXFLUSH_IN6: 255 case SIOCSRTRFLUSH_IN6: 256 case SIOCGIFALIFETIME_IN6: 257 case SIOCSIFALIFETIME_IN6: 258 case SIOCGIFSTAT_IN6: 259 case SIOCGIFSTAT_ICMP6: 260 sa6 = &ifr->ifr_addr; 261 break; 262 case SIOCSIFADDR: 263 case SIOCSIFDSTADDR: 264 case SIOCSIFBRDADDR: 265 case SIOCSIFNETMASK: 266 /* 267 * Do not pass those ioctl to driver handler since they are not 268 * properly setup. Instead just error out. 269 */ 270 return (EOPNOTSUPP); 271 default: 272 sa6 = NULL; 273 break; 274 } 275 if (sa6 && sa6->sin6_family == AF_INET6) { 276 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 277 if (sa6->sin6_addr.s6_addr16[1] == 0) { 278 /* link ID is not embedded by the user */ 279 sa6->sin6_addr.s6_addr16[1] = 280 htons(ifp->if_index); 281 } else if (sa6->sin6_addr.s6_addr16[1] != 282 htons(ifp->if_index)) { 283 return (EINVAL); /* link ID contradicts */ 284 } 285 if (sa6->sin6_scope_id) { 286 if (sa6->sin6_scope_id != 287 (u_int32_t)ifp->if_index) 288 return (EINVAL); 289 sa6->sin6_scope_id = 0; /* XXX: good way? */ 290 } 291 } 292 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 293 } else 294 ia6 = NULL; 295 296 switch (cmd) { 297 case SIOCSIFADDR_IN6: 298 case SIOCSIFDSTADDR_IN6: 299 case SIOCSIFNETMASK_IN6: 300 /* 301 * Since IPv6 allows a node to assign multiple addresses 302 * on a single interface, SIOCSIFxxx ioctls are deprecated. 303 */ 304 return (EINVAL); 305 306 case SIOCDIFADDR_IN6: 307 /* 308 * for IPv4, we look for existing in_ifaddr here to allow 309 * "ifconfig if0 delete" to remove the first IPv4 address on 310 * the interface. For IPv6, as the spec allows multiple 311 * interface address from the day one, we consider "remove the 312 * first one" semantics to be not preferable. 313 */ 314 if (ia6 == NULL) 315 return (EADDRNOTAVAIL); 316 /* FALLTHROUGH */ 317 case SIOCAIFADDR_IN6: 318 /* 319 * We always require users to specify a valid IPv6 address for 320 * the corresponding operation. 321 */ 322 if (ifra->ifra_addr.sin6_family != AF_INET6 || 323 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 324 return (EAFNOSUPPORT); 325 if (!privileged) 326 return (EPERM); 327 328 break; 329 330 case SIOCGIFADDR_IN6: 331 /* This interface is basically deprecated. use SIOCGIFCONF. */ 332 /* FALLTHROUGH */ 333 case SIOCGIFAFLAG_IN6: 334 case SIOCGIFNETMASK_IN6: 335 case SIOCGIFDSTADDR_IN6: 336 case SIOCGIFALIFETIME_IN6: 337 /* must think again about its semantics */ 338 if (ia6 == NULL) 339 return (EADDRNOTAVAIL); 340 break; 341 case SIOCSIFALIFETIME_IN6: 342 { 343 struct in6_addrlifetime *lt; 344 345 if (!privileged) 346 return (EPERM); 347 if (ia6 == NULL) 348 return (EADDRNOTAVAIL); 349 /* sanity for overflow - beware unsigned */ 350 lt = &ifr->ifr_ifru.ifru_lifetime; 351 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME 352 && lt->ia6t_vltime + time_second < time_second) { 353 return EINVAL; 354 } 355 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME 356 && lt->ia6t_pltime + time_second < time_second) { 357 return EINVAL; 358 } 359 break; 360 } 361 } 362 363 switch (cmd) { 364 365 case SIOCGIFADDR_IN6: 366 ifr->ifr_addr = ia6->ia_addr; 367 break; 368 369 case SIOCGIFDSTADDR_IN6: 370 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 371 return (EINVAL); 372 /* 373 * XXX: should we check if ifa_dstaddr is NULL and return 374 * an error? 375 */ 376 ifr->ifr_dstaddr = ia6->ia_dstaddr; 377 break; 378 379 case SIOCGIFNETMASK_IN6: 380 ifr->ifr_addr = ia6->ia_prefixmask; 381 break; 382 383 case SIOCGIFAFLAG_IN6: 384 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags; 385 break; 386 387 case SIOCGIFSTAT_IN6: 388 if (ifp == NULL) 389 return EINVAL; 390 bzero(&ifr->ifr_ifru.ifru_stat, 391 sizeof(ifr->ifr_ifru.ifru_stat)); 392 ifr->ifr_ifru.ifru_stat = 393 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 394 break; 395 396 case SIOCGIFSTAT_ICMP6: 397 if (ifp == NULL) 398 return EINVAL; 399 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 400 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 401 ifr->ifr_ifru.ifru_icmp6stat = 402 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 403 break; 404 405 case SIOCGIFALIFETIME_IN6: 406 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime; 407 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 408 time_t maxexpire; 409 struct in6_addrlifetime *retlt = 410 &ifr->ifr_ifru.ifru_lifetime; 411 412 /* 413 * XXX: adjust expiration time assuming time_t is 414 * signed. 415 */ 416 maxexpire = 417 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 418 if (ia6->ia6_lifetime.ia6t_vltime < 419 maxexpire - ia6->ia6_updatetime) { 420 retlt->ia6t_expire = ia6->ia6_updatetime + 421 ia6->ia6_lifetime.ia6t_vltime; 422 } else 423 retlt->ia6t_expire = maxexpire; 424 } 425 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 426 time_t maxexpire; 427 struct in6_addrlifetime *retlt = 428 &ifr->ifr_ifru.ifru_lifetime; 429 430 /* 431 * XXX: adjust expiration time assuming time_t is 432 * signed. 433 */ 434 maxexpire = 435 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 436 if (ia6->ia6_lifetime.ia6t_pltime < 437 maxexpire - ia6->ia6_updatetime) { 438 retlt->ia6t_preferred = ia6->ia6_updatetime + 439 ia6->ia6_lifetime.ia6t_pltime; 440 } else 441 retlt->ia6t_preferred = maxexpire; 442 } 443 break; 444 445 case SIOCSIFALIFETIME_IN6: 446 ia6->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 447 /* for sanity */ 448 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 449 ia6->ia6_lifetime.ia6t_expire = 450 time_second + ia6->ia6_lifetime.ia6t_vltime; 451 } else 452 ia6->ia6_lifetime.ia6t_expire = 0; 453 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 454 ia6->ia6_lifetime.ia6t_preferred = 455 time_second + ia6->ia6_lifetime.ia6t_pltime; 456 } else 457 ia6->ia6_lifetime.ia6t_preferred = 0; 458 break; 459 460 case SIOCAIFADDR_IN6: 461 { 462 int i, error = 0; 463 struct nd_prefix pr0, *pr; 464 int s; 465 466 /* reject read-only flags */ 467 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 468 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 469 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 470 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 471 return (EINVAL); 472 } 473 /* 474 * first, make or update the interface address structure, 475 * and link it to the list. 476 */ 477 s = splsoftnet(); 478 error = in6_update_ifa(ifp, ifra, ia6); 479 splx(s); 480 if (error != 0) 481 return (error); 482 if ((ia6 = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 483 == NULL) { 484 /* 485 * this can happen when the user specify the 0 valid 486 * lifetime. 487 */ 488 break; 489 } 490 491 /* 492 * then, make the prefix on-link on the interface. 493 * XXX: we'd rather create the prefix before the address, but 494 * we need at least one address to install the corresponding 495 * interface route, so we configure the address first. 496 */ 497 498 /* 499 * convert mask to prefix length (prefixmask has already 500 * been validated in in6_update_ifa(). 501 */ 502 bzero(&pr0, sizeof(pr0)); 503 pr0.ndpr_ifp = ifp; 504 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 505 NULL); 506 if (pr0.ndpr_plen == 128) { 507 dohooks(ifp->if_addrhooks, 0); 508 break; /* we don't need to install a host route. */ 509 } 510 pr0.ndpr_prefix = ifra->ifra_addr; 511 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr; 512 /* apply the mask for safety. */ 513 for (i = 0; i < 4; i++) { 514 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 515 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 516 } 517 /* 518 * XXX: since we don't have an API to set prefix (not address) 519 * lifetimes, we just use the same lifetimes as addresses. 520 * The (temporarily) installed lifetimes can be overridden by 521 * later advertised RAs (when accept_rtadv is non 0), which is 522 * an intended behavior. 523 */ 524 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 525 pr0.ndpr_raf_auto = 526 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 527 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 528 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 529 530 /* add the prefix if not yet. */ 531 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 532 /* 533 * nd6_prelist_add will install the corresponding 534 * interface route. 535 */ 536 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 537 return (error); 538 if (pr == NULL) { 539 log(LOG_ERR, "nd6_prelist_add succeeded but " 540 "no prefix\n"); 541 return (EINVAL); /* XXX panic here? */ 542 } 543 } 544 545 /* relate the address to the prefix */ 546 if (ia6->ia6_ndpr == NULL) { 547 ia6->ia6_ndpr = pr; 548 pr->ndpr_refcnt++; 549 } 550 551 /* 552 * this might affect the status of autoconfigured addresses, 553 * that is, this address might make other addresses detached. 554 */ 555 pfxlist_onlink_check(); 556 557 dohooks(ifp->if_addrhooks, 0); 558 break; 559 } 560 561 case SIOCDIFADDR_IN6: 562 in6_purgeaddr(&ia6->ia_ifa); 563 dohooks(ifp->if_addrhooks, 0); 564 break; 565 566 default: 567 if (ifp == NULL || ifp->if_ioctl == 0) 568 return (EOPNOTSUPP); 569 return ((*ifp->if_ioctl)(ifp, cmd, data)); 570 } 571 572 return (0); 573 } 574 575 /* 576 * Update parameters of an IPv6 interface address. 577 * If necessary, a new entry is created and linked into address chains. 578 * This function is separated from in6_control(). 579 */ 580 int 581 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 582 struct in6_ifaddr *ia6) 583 { 584 int error = 0, hostIsNew = 0, plen = -1; 585 struct sockaddr_in6 dst6; 586 struct in6_addrlifetime *lt; 587 struct in6_multi_mship *imm; 588 struct rtentry *rt; 589 char addr[INET6_ADDRSTRLEN]; 590 591 splsoftassert(IPL_SOFTNET); 592 593 /* Validate parameters */ 594 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 595 return (EINVAL); 596 597 /* 598 * The destination address for a p2p link must have a family 599 * of AF_UNSPEC or AF_INET6. 600 */ 601 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 602 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 603 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 604 return (EAFNOSUPPORT); 605 606 /* must have link-local */ 607 if (ifp->if_xflags & IFXF_NOINET6) 608 return (EAFNOSUPPORT); 609 610 /* 611 * validate ifra_prefixmask. don't check sin6_family, netmask 612 * does not carry fields other than sin6_len. 613 */ 614 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 615 return (EINVAL); 616 /* 617 * Because the IPv6 address architecture is classless, we require 618 * users to specify a (non 0) prefix length (mask) for a new address. 619 * We also require the prefix (when specified) mask is valid, and thus 620 * reject a non-consecutive mask. 621 */ 622 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0) 623 return (EINVAL); 624 if (ifra->ifra_prefixmask.sin6_len != 0) { 625 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 626 (u_char *)&ifra->ifra_prefixmask + 627 ifra->ifra_prefixmask.sin6_len); 628 if (plen <= 0) 629 return (EINVAL); 630 } else { 631 /* 632 * In this case, ia6 must not be NULL. We just use its prefix 633 * length. 634 */ 635 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 636 } 637 /* 638 * If the destination address on a p2p interface is specified, 639 * and the address is a scoped one, validate/set the scope 640 * zone identifier. 641 */ 642 dst6 = ifra->ifra_dstaddr; 643 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 644 (dst6.sin6_family == AF_INET6)) { 645 /* link-local index check: should be a separate function? */ 646 if (IN6_IS_ADDR_LINKLOCAL(&dst6.sin6_addr)) { 647 if (dst6.sin6_addr.s6_addr16[1] == 0) { 648 /* 649 * interface ID is not embedded by 650 * the user 651 */ 652 dst6.sin6_addr.s6_addr16[1] = 653 htons(ifp->if_index); 654 } else if (dst6.sin6_addr.s6_addr16[1] != 655 htons(ifp->if_index)) { 656 return (EINVAL); /* ifid contradicts */ 657 } 658 } 659 } 660 /* 661 * The destination address can be specified only for a p2p or a 662 * loopback interface. If specified, the corresponding prefix length 663 * must be 128. 664 */ 665 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 666 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 667 /* XXX: noisy message */ 668 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 669 "be specified for a p2p or a loopback IF only\n")); 670 return (EINVAL); 671 } 672 if (plen != 128) { 673 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 674 "be 128 when dstaddr is specified\n")); 675 return (EINVAL); 676 } 677 } 678 /* lifetime consistency check */ 679 lt = &ifra->ifra_lifetime; 680 if (lt->ia6t_pltime > lt->ia6t_vltime) 681 return (EINVAL); 682 if (lt->ia6t_vltime == 0) { 683 /* 684 * the following log might be noisy, but this is a typical 685 * configuration mistake or a tool's bug. 686 */ 687 nd6log((LOG_INFO, 688 "in6_update_ifa: valid lifetime is 0 for %s\n", 689 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr, 690 addr, sizeof(addr)))); 691 692 if (ia6 == NULL) 693 return (0); /* there's nothing to do */ 694 } 695 696 /* 697 * If this is a new address, allocate a new ifaddr and link it 698 * into chains. 699 */ 700 if (ia6 == NULL) { 701 hostIsNew = 1; 702 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO); 703 LIST_INIT(&ia6->ia6_memberships); 704 /* Initialize the address and masks, and put time stamp */ 705 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr); 706 ia6->ia_addr.sin6_family = AF_INET6; 707 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); 708 ia6->ia6_createtime = ia6->ia6_updatetime = time_second; 709 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 710 /* 711 * XXX: some functions expect that ifa_dstaddr is not 712 * NULL for p2p interfaces. 713 */ 714 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr); 715 } else { 716 ia6->ia_ifa.ifa_dstaddr = NULL; 717 } 718 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask); 719 720 ia6->ia_ifp = ifp; 721 TAILQ_INSERT_TAIL(&in6_ifaddr, ia6, ia_list); 722 ia6->ia_addr = ifra->ifra_addr; 723 ifa_add(ifp, &ia6->ia_ifa); 724 } 725 726 /* set prefix mask */ 727 if (ifra->ifra_prefixmask.sin6_len) { 728 /* 729 * We prohibit changing the prefix length of an existing 730 * address, because 731 * + such an operation should be rare in IPv6, and 732 * + the operation would confuse prefix management. 733 */ 734 if (ia6->ia_prefixmask.sin6_len && 735 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) { 736 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 737 " existing (%s) address should not be changed\n", 738 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 739 addr, sizeof(addr)))); 740 error = EINVAL; 741 goto unlink; 742 } 743 ia6->ia_prefixmask = ifra->ifra_prefixmask; 744 } 745 746 /* 747 * If a new destination address is specified, scrub the old one and 748 * install the new destination. Note that the interface must be 749 * p2p or loopback (see the check above.) 750 */ 751 if (dst6.sin6_family == AF_INET6 && 752 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { 753 struct ifaddr *ifa = &ia6->ia_ifa; 754 755 if ((ia6->ia_flags & IFA_ROUTE) != 0 && 756 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr) != 0) { 757 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 758 "a route to the old destination: %s\n", 759 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 760 addr, sizeof(addr)))); 761 /* proceed anyway... */ 762 } else 763 ia6->ia_flags &= ~IFA_ROUTE; 764 ia6->ia_dstaddr = dst6; 765 } 766 767 /* 768 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 769 * to see if the address is deprecated or invalidated, but initialize 770 * these members for applications. 771 */ 772 ia6->ia6_lifetime = ifra->ifra_lifetime; 773 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 774 ia6->ia6_lifetime.ia6t_expire = 775 time_second + ia6->ia6_lifetime.ia6t_vltime; 776 } else 777 ia6->ia6_lifetime.ia6t_expire = 0; 778 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 779 ia6->ia6_lifetime.ia6t_preferred = 780 time_second + ia6->ia6_lifetime.ia6t_pltime; 781 } else 782 ia6->ia6_lifetime.ia6t_preferred = 0; 783 784 /* reset the interface and routing table appropriately. */ 785 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0) 786 goto unlink; 787 788 /* 789 * configure address flags. 790 */ 791 ia6->ia6_flags = ifra->ifra_flags; 792 /* 793 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 794 * userland, make it deprecated. 795 */ 796 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 797 ia6->ia6_lifetime.ia6t_pltime = 0; 798 ia6->ia6_lifetime.ia6t_preferred = time_second; 799 } 800 /* 801 * Make the address tentative before joining multicast addresses, 802 * so that corresponding MLD responses would not have a tentative 803 * source address. 804 */ 805 ia6->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 806 if (hostIsNew && in6if_do_dad(ifp) && 807 (ifra->ifra_flags & IN6_IFF_NODAD) == 0) 808 ia6->ia6_flags |= IN6_IFF_TENTATIVE; 809 810 /* 811 * We are done if we have simply modified an existing address. 812 */ 813 if (!hostIsNew) 814 return (error); 815 816 /* 817 * Beyond this point, we should call in6_purgeaddr upon an error, 818 * not just go to unlink. 819 */ 820 821 /* join necessary multiast groups */ 822 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 823 struct sockaddr_in6 mltaddr, mltmask; 824 825 /* join solicited multicast addr for new host id */ 826 struct sockaddr_in6 llsol; 827 828 bzero(&llsol, sizeof(llsol)); 829 llsol.sin6_family = AF_INET6; 830 llsol.sin6_len = sizeof(llsol); 831 llsol.sin6_addr.s6_addr16[0] = htons(0xff02); 832 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 833 llsol.sin6_addr.s6_addr32[1] = 0; 834 llsol.sin6_addr.s6_addr32[2] = htonl(1); 835 llsol.sin6_addr.s6_addr32[3] = 836 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 837 llsol.sin6_addr.s6_addr8[12] = 0xff; 838 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error); 839 if (!imm) { 840 nd6log((LOG_ERR, "in6_update_ifa: " 841 "addmulti failed for %s on %s (errno=%d)\n", 842 inet_ntop(AF_INET6, &llsol.sin6_addr, 843 addr, sizeof(addr)), 844 ifp->if_xname, error)); 845 goto cleanup; 846 } 847 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 848 849 bzero(&mltmask, sizeof(mltmask)); 850 mltmask.sin6_len = sizeof(struct sockaddr_in6); 851 mltmask.sin6_family = AF_INET6; 852 mltmask.sin6_addr = in6mask32; 853 854 /* 855 * join link-local all-nodes address 856 */ 857 bzero(&mltaddr, sizeof(mltaddr)); 858 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 859 mltaddr.sin6_family = AF_INET6; 860 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 861 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 862 mltaddr.sin6_scope_id = 0; 863 864 /* 865 * XXX: do we really need this automatic routes? 866 * We should probably reconsider this stuff. Most applications 867 * actually do not need the routes, since they usually specify 868 * the outgoing interface. 869 */ 870 rt = rtalloc1(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 871 if (rt) { 872 /* 873 * 32bit came from "mltmask" 874 */ 875 if (memcmp(&mltaddr.sin6_addr, 876 &satosin6(rt_key(rt))->sin6_addr, 877 32 / 8)) { 878 RTFREE(rt); 879 rt = NULL; 880 } 881 } 882 if (!rt) { 883 struct rt_addrinfo info; 884 885 bzero(&info, sizeof(info)); 886 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 887 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 888 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 889 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 890 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 891 info.rti_flags = RTF_UP | RTF_CLONING; 892 error = rtrequest1(RTM_ADD, &info, RTP_CONNECTED, NULL, 893 ifp->if_rdomain); 894 if (error) 895 goto cleanup; 896 } else { 897 RTFREE(rt); 898 } 899 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 900 if (!imm) { 901 nd6log((LOG_WARNING, 902 "in6_update_ifa: addmulti failed for " 903 "%s on %s (errno=%d)\n", 904 inet_ntop(AF_INET6, &mltaddr.sin6_addr, 905 addr, sizeof(addr)), 906 ifp->if_xname, error)); 907 goto cleanup; 908 } 909 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 910 911 /* 912 * join node information group address 913 */ 914 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) { 915 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 916 if (!imm) { 917 nd6log((LOG_WARNING, "in6_update_ifa: " 918 "addmulti failed for %s on %s (errno=%d)\n", 919 inet_ntop(AF_INET6, &mltaddr.sin6_addr, 920 addr, sizeof(addr)), 921 ifp->if_xname, error)); 922 /* XXX not very fatal, go on... */ 923 } else { 924 LIST_INSERT_HEAD(&ia6->ia6_memberships, 925 imm, i6mm_chain); 926 } 927 } 928 929 /* 930 * join interface-local all-nodes address. 931 * (ff01::1%ifN, and ff01::%ifN/32) 932 */ 933 bzero(&mltaddr.sin6_addr, sizeof(mltaddr.sin6_addr)); 934 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 935 mltaddr.sin6_family = AF_INET6; 936 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes; 937 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 938 mltaddr.sin6_scope_id = 0; 939 940 /* XXX: again, do we really need the route? */ 941 rt = rtalloc1(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 942 if (rt) { 943 /* 32bit came from "mltmask" */ 944 if (memcmp(&mltaddr.sin6_addr, 945 &satosin6(rt_key(rt))->sin6_addr, 946 32 / 8)) { 947 RTFREE(rt); 948 rt = NULL; 949 } 950 } 951 if (!rt) { 952 struct rt_addrinfo info; 953 954 bzero(&info, sizeof(info)); 955 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 956 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 957 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 958 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 959 info.rti_flags = RTF_UP | RTF_CLONING; 960 error = rtrequest1(RTM_ADD, &info, RTP_CONNECTED, 961 NULL, ifp->if_rdomain); 962 if (error) 963 goto cleanup; 964 } else { 965 RTFREE(rt); 966 } 967 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 968 if (!imm) { 969 nd6log((LOG_WARNING, "in6_update_ifa: " 970 "addmulti failed for %s on %s (errno=%d)\n", 971 inet_ntop(AF_INET6, &mltaddr.sin6_addr, 972 addr, sizeof(addr)), 973 ifp->if_xname, error)); 974 goto cleanup; 975 } 976 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 977 } 978 979 /* 980 * Perform DAD, if needed. 981 * XXX It may be of use, if we can administratively 982 * disable DAD. 983 */ 984 if (hostIsNew && in6if_do_dad(ifp) && 985 (ifra->ifra_flags & IN6_IFF_NODAD) == 0) 986 { 987 nd6_dad_start(&ia6->ia_ifa, NULL); 988 } 989 990 return (error); 991 992 unlink: 993 /* 994 * XXX: if a change of an existing address failed, keep the entry 995 * anyway. 996 */ 997 if (hostIsNew) 998 in6_unlink_ifa(ia6, ifp); 999 return (error); 1000 1001 cleanup: 1002 in6_purgeaddr(&ia6->ia_ifa); 1003 return error; 1004 } 1005 1006 void 1007 in6_purgeaddr(struct ifaddr *ifa) 1008 { 1009 struct ifnet *ifp = ifa->ifa_ifp; 1010 struct in6_ifaddr *tmp, *ia6 = ifatoia6(ifa); 1011 struct in6_multi_mship *imm; 1012 int ia6_count = 0; 1013 1014 /* stop DAD processing */ 1015 nd6_dad_stop(ifa); 1016 1017 /* 1018 * delete route to the destination of the address being purged. 1019 * The interface must be p2p or loopback in this case. 1020 */ 1021 if ((ia6->ia_flags & IFA_ROUTE) != 0 && ia6->ia_dstaddr.sin6_len != 0) { 1022 int e; 1023 1024 if ((e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr)) != 0) { 1025 char addr[INET6_ADDRSTRLEN]; 1026 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1027 "a route to the p2p destination: %s on %s, " 1028 "errno=%d\n", 1029 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 1030 addr, sizeof(addr)), 1031 ifp->if_xname, e); 1032 /* proceed anyway... */ 1033 } else 1034 ia6->ia_flags &= ~IFA_ROUTE; 1035 } 1036 1037 /* Remove ownaddr's loopback rtentry, if it exists. 1038 * 1039 * Some of BSD variants do not remove cloned routes from an 1040 * interface direct route, when removing the direct route (see 1041 * comments in net/net_osdep.h). Even for variants that do 1042 * remove cloned routes, they could fail to remove the cloned 1043 * routes when we handle multiple addresses that share a common 1044 * prefix. So, we should remove the route corresponding to the 1045 * deleted address. 1046 * 1047 * Delete the entry only if exact one ifa exists. More than one 1048 * ifa can exist if we assign a same single address to multiple 1049 * (probably p2p) interfaces. 1050 * XXX: we should avoid such a configuration in IPv6... 1051 */ 1052 TAILQ_FOREACH(tmp, &in6_ifaddr, ia_list) { 1053 if (IN6_ARE_ADDR_EQUAL(&tmp->ia_addr.sin6_addr, 1054 &ia6->ia_addr.sin6_addr)) { 1055 ia6_count++; 1056 if (ia6_count > 1) 1057 break; 1058 } 1059 } 1060 1061 if (ia6_count == 1) 1062 rt_ifa_delloop(&(ia6->ia_ifa)); 1063 1064 /* 1065 * leave from multicast groups we have joined for the interface 1066 */ 1067 while (!LIST_EMPTY(&ia6->ia6_memberships)) { 1068 imm = LIST_FIRST(&ia6->ia6_memberships); 1069 LIST_REMOVE(imm, i6mm_chain); 1070 in6_leavegroup(imm); 1071 } 1072 1073 in6_unlink_ifa(ia6, ifp); 1074 } 1075 1076 void 1077 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) 1078 { 1079 int s = splnet(); 1080 1081 ifa_del(ifp, &ia6->ia_ifa); 1082 1083 TAILQ_REMOVE(&in6_ifaddr, ia6, ia_list); 1084 1085 /* Release the reference to the base prefix. */ 1086 if (ia6->ia6_ndpr == NULL) { 1087 char addr[INET6_ADDRSTRLEN]; 1088 1089 if (!IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia6)) && 1090 !IN6_IS_ADDR_LOOPBACK(IA6_IN6(ia6)) && 1091 !IN6_ARE_ADDR_EQUAL(IA6_MASKIN6(ia6), &in6mask128)) 1092 log(LOG_NOTICE, "in6_unlink_ifa: interface address " 1093 "%s has no prefix\n", 1094 inet_ntop(AF_INET6, IA6_IN6(ia6), addr, 1095 sizeof(addr))); 1096 } else { 1097 ia6->ia6_flags &= ~IN6_IFF_AUTOCONF; 1098 if (--ia6->ia6_ndpr->ndpr_refcnt == 0) 1099 prelist_remove(ia6->ia6_ndpr); 1100 ia6->ia6_ndpr = NULL; 1101 } 1102 1103 /* 1104 * release another refcnt for the link from in6_ifaddr. 1105 * Note that we should decrement the refcnt at least once for all *BSD. 1106 */ 1107 ifafree(&ia6->ia_ifa); 1108 1109 splx(s); 1110 } 1111 1112 /* 1113 * SIOC[GAD]LIFADDR. 1114 * SIOCGLIFADDR: get first address. (?) 1115 * SIOCGLIFADDR with IFLR_PREFIX: 1116 * get first address that matches the specified prefix. 1117 * SIOCALIFADDR: add the specified address. 1118 * SIOCALIFADDR with IFLR_PREFIX: 1119 * add the specified prefix, filling hostid part from 1120 * the first link-local address. prefixlen must be <= 64. 1121 * SIOCDLIFADDR: delete the specified address. 1122 * SIOCDLIFADDR with IFLR_PREFIX: 1123 * delete the first address that matches the specified prefix. 1124 * return values: 1125 * EINVAL on invalid parameters 1126 * EADDRNOTAVAIL on prefix match failed/specified address not found 1127 * other values may be returned from in6_ioctl() 1128 * 1129 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1130 * this is to accommodate address naming scheme other than RFC2374, 1131 * in the future. 1132 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1133 * address encoding scheme. (see figure on page 8) 1134 */ 1135 int 1136 in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1137 struct ifnet *ifp) 1138 { 1139 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1140 struct ifaddr *ifa; 1141 struct sockaddr *sa; 1142 1143 /* sanity checks */ 1144 if (!data || !ifp) { 1145 panic("invalid argument to in6_lifaddr_ioctl"); 1146 /* NOTREACHED */ 1147 } 1148 1149 switch (cmd) { 1150 case SIOCGLIFADDR: 1151 /* address must be specified on GET with IFLR_PREFIX */ 1152 if ((iflr->flags & IFLR_PREFIX) == 0) 1153 break; 1154 /* FALLTHROUGH */ 1155 case SIOCALIFADDR: 1156 case SIOCDLIFADDR: 1157 /* address must be specified on ADD and DELETE */ 1158 sa = (struct sockaddr *)&iflr->addr; 1159 if (sa->sa_family != AF_INET6) 1160 return EINVAL; 1161 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1162 return EINVAL; 1163 /* XXX need improvement */ 1164 sa = (struct sockaddr *)&iflr->dstaddr; 1165 if (sa->sa_family && sa->sa_family != AF_INET6) 1166 return EINVAL; 1167 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1168 return EINVAL; 1169 break; 1170 default: /* shouldn't happen */ 1171 #if 0 1172 panic("invalid cmd to in6_lifaddr_ioctl"); 1173 /* NOTREACHED */ 1174 #else 1175 return EOPNOTSUPP; 1176 #endif 1177 } 1178 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1179 return EINVAL; 1180 1181 switch (cmd) { 1182 case SIOCALIFADDR: 1183 { 1184 struct in6_aliasreq ifra; 1185 struct in6_addr *hostid = NULL; 1186 int prefixlen; 1187 1188 if ((iflr->flags & IFLR_PREFIX) != 0) { 1189 struct sockaddr_in6 *sin6; 1190 1191 /* 1192 * hostid is to fill in the hostid part of the 1193 * address. hostid points to the first link-local 1194 * address attached to the interface. 1195 */ 1196 ifa = &in6ifa_ifpforlinklocal(ifp, 0)->ia_ifa; 1197 if (!ifa) 1198 return EADDRNOTAVAIL; 1199 hostid = IFA_IN6(ifa); 1200 1201 /* prefixlen must be <= 64. */ 1202 if (64 < iflr->prefixlen) 1203 return EINVAL; 1204 prefixlen = iflr->prefixlen; 1205 1206 /* hostid part must be zero. */ 1207 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1208 if (sin6->sin6_addr.s6_addr32[2] != 0 1209 || sin6->sin6_addr.s6_addr32[3] != 0) { 1210 return EINVAL; 1211 } 1212 } else 1213 prefixlen = iflr->prefixlen; 1214 1215 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1216 bzero(&ifra, sizeof(ifra)); 1217 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1218 1219 bcopy(&iflr->addr, &ifra.ifra_addr, 1220 ((struct sockaddr *)&iflr->addr)->sa_len); 1221 if (hostid) { 1222 /* fill in hostid part */ 1223 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1224 hostid->s6_addr32[2]; 1225 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1226 hostid->s6_addr32[3]; 1227 } 1228 1229 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/ 1230 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1231 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1232 if (hostid) { 1233 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1234 hostid->s6_addr32[2]; 1235 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1236 hostid->s6_addr32[3]; 1237 } 1238 } 1239 1240 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1241 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1242 1243 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1244 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp); 1245 } 1246 case SIOCGLIFADDR: 1247 case SIOCDLIFADDR: 1248 { 1249 struct in6_ifaddr *ia6; 1250 struct in6_addr mask, candidate, match; 1251 struct sockaddr_in6 *sin6; 1252 int cmp; 1253 1254 bzero(&mask, sizeof(mask)); 1255 if (iflr->flags & IFLR_PREFIX) { 1256 /* lookup a prefix rather than address. */ 1257 in6_prefixlen2mask(&mask, iflr->prefixlen); 1258 1259 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1260 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1261 match.s6_addr32[0] &= mask.s6_addr32[0]; 1262 match.s6_addr32[1] &= mask.s6_addr32[1]; 1263 match.s6_addr32[2] &= mask.s6_addr32[2]; 1264 match.s6_addr32[3] &= mask.s6_addr32[3]; 1265 1266 /* if you set extra bits, that's wrong */ 1267 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1268 return EINVAL; 1269 1270 cmp = 1; 1271 } else { 1272 if (cmd == SIOCGLIFADDR) { 1273 /* on getting an address, take the 1st match */ 1274 cmp = 0; /* XXX */ 1275 } else { 1276 /* on deleting an address, do exact match */ 1277 in6_prefixlen2mask(&mask, 128); 1278 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1279 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1280 1281 cmp = 1; 1282 } 1283 } 1284 1285 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1286 if (ifa->ifa_addr->sa_family != AF_INET6) 1287 continue; 1288 if (!cmp) 1289 break; 1290 1291 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1292 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1293 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1294 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1295 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1296 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1297 break; 1298 } 1299 if (!ifa) 1300 return EADDRNOTAVAIL; 1301 ia6 = ifatoia6(ifa); 1302 1303 if (cmd == SIOCGLIFADDR) { 1304 /* fill in the if_laddrreq structure */ 1305 bcopy(&ia6->ia_addr, &iflr->addr, ia6->ia_addr.sin6_len); 1306 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1307 bcopy(&ia6->ia_dstaddr, &iflr->dstaddr, 1308 ia6->ia_dstaddr.sin6_len); 1309 } else 1310 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1311 1312 iflr->prefixlen = 1313 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 1314 1315 iflr->flags = ia6->ia6_flags; /*XXX*/ 1316 1317 return 0; 1318 } else { 1319 struct in6_aliasreq ifra; 1320 1321 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1322 bzero(&ifra, sizeof(ifra)); 1323 bcopy(iflr->iflr_name, ifra.ifra_name, 1324 sizeof(ifra.ifra_name)); 1325 1326 bcopy(&ia6->ia_addr, &ifra.ifra_addr, 1327 ia6->ia_addr.sin6_len); 1328 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1329 bcopy(&ia6->ia_dstaddr, &ifra.ifra_dstaddr, 1330 ia6->ia_dstaddr.sin6_len); 1331 } else { 1332 bzero(&ifra.ifra_dstaddr, 1333 sizeof(ifra.ifra_dstaddr)); 1334 } 1335 bcopy(&ia6->ia_prefixmask, &ifra.ifra_dstaddr, 1336 ia6->ia_prefixmask.sin6_len); 1337 1338 ifra.ifra_flags = ia6->ia6_flags; 1339 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1340 ifp); 1341 } 1342 } 1343 } 1344 1345 return EOPNOTSUPP; /* just for safety */ 1346 } 1347 1348 /* 1349 * Initialize an interface's intetnet6 address 1350 * and routing table entry. 1351 */ 1352 int 1353 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost) 1354 { 1355 int error = 0, plen, ifacount = 0; 1356 int s = splnet(); 1357 struct ifaddr *ifa; 1358 1359 /* 1360 * Give the interface a chance to initialize 1361 * if this is its first address (or it is a CARP interface) 1362 * and to validate the address if necessary. 1363 */ 1364 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1365 if (ifa->ifa_addr == NULL) 1366 continue; /* just for safety */ 1367 if (ifa->ifa_addr->sa_family != AF_INET6) 1368 continue; 1369 ifacount++; 1370 } 1371 1372 if ((ifacount <= 1 || ifp->if_type == IFT_CARP || 1373 (ifp->if_flags & IFF_POINTOPOINT)) && ifp->if_ioctl && 1374 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) { 1375 splx(s); 1376 return (error); 1377 } 1378 splx(s); 1379 1380 ia6->ia_ifa.ifa_metric = ifp->if_metric; 1381 1382 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1383 1384 /* 1385 * Special case: 1386 * If the destination address is specified for a point-to-point 1387 * interface, install a route to the destination as an interface 1388 * direct route. 1389 */ 1390 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1391 if (plen == 128 && ia6->ia_dstaddr.sin6_family == AF_INET6) { 1392 ifa = &ia6->ia_ifa; 1393 error = rt_ifa_add(ifa, RTF_UP | RTF_HOST, ifa->ifa_dstaddr); 1394 if (error != 0) 1395 return (error); 1396 ia6->ia_flags |= IFA_ROUTE; 1397 } 1398 1399 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1400 if (newhost) { 1401 /* set the rtrequest function to create llinfo */ 1402 if ((ifp->if_flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) == 0) 1403 ia6->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1404 1405 rt_ifa_addloop(&(ia6->ia_ifa)); 1406 } 1407 1408 return (error); 1409 } 1410 1411 /* 1412 * Add an address to the list of IP6 multicast addresses for a 1413 * given interface. 1414 */ 1415 struct in6_multi * 1416 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1417 { 1418 struct in6_ifreq ifr; 1419 struct in6_multi *in6m; 1420 int s; 1421 1422 *errorp = 0; 1423 /* 1424 * See if address already in list. 1425 */ 1426 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1427 if (in6m != NULL) { 1428 /* 1429 * Found it; just increment the refrence count. 1430 */ 1431 in6m->in6m_refcnt++; 1432 } else { 1433 if (ifp->if_ioctl == NULL) { 1434 *errorp = ENXIO; /* XXX: appropriate? */ 1435 return (NULL); 1436 } 1437 1438 /* 1439 * New address; allocate a new multicast record 1440 * and link it into the interface's multicast list. 1441 */ 1442 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT); 1443 if (in6m == NULL) { 1444 *errorp = ENOBUFS; 1445 return (NULL); 1446 } 1447 1448 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6); 1449 in6m->in6m_sin.sin6_family = AF_INET6; 1450 in6m->in6m_sin.sin6_addr = *maddr6; 1451 in6m->in6m_refcnt = 1; 1452 in6m->in6m_ifidx = ifp->if_index; 1453 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin); 1454 1455 /* 1456 * Ask the network driver to update its multicast reception 1457 * filter appropriately for the new address. 1458 */ 1459 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin)); 1460 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr); 1461 if (*errorp) { 1462 free(in6m, M_IPMADDR, 0); 1463 return (NULL); 1464 } 1465 1466 s = splsoftnet(); 1467 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma, 1468 ifma_list); 1469 splx(s); 1470 1471 /* 1472 * Let MLD6 know that we have joined a new IP6 multicast 1473 * group. 1474 */ 1475 mld6_start_listening(in6m); 1476 } 1477 1478 return (in6m); 1479 } 1480 1481 /* 1482 * Delete a multicast address record. 1483 */ 1484 void 1485 in6_delmulti(struct in6_multi *in6m) 1486 { 1487 struct in6_ifreq ifr; 1488 struct ifnet *ifp; 1489 int s; 1490 1491 if (--in6m->in6m_refcnt == 0) { 1492 /* 1493 * No remaining claims to this record; let MLD6 know 1494 * that we are leaving the multicast group. 1495 */ 1496 mld6_stop_listening(in6m); 1497 ifp = if_get(in6m->in6m_ifidx); 1498 1499 /* 1500 * Notify the network driver to update its multicast 1501 * reception filter. 1502 */ 1503 if (ifp != NULL) { 1504 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6)); 1505 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6); 1506 ifr.ifr_addr.sin6_family = AF_INET6; 1507 ifr.ifr_addr.sin6_addr = in6m->in6m_addr; 1508 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); 1509 1510 s = splsoftnet(); 1511 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma, 1512 ifma_list); 1513 splx(s); 1514 } 1515 1516 free(in6m, M_IPMADDR, 0); 1517 } 1518 } 1519 1520 struct in6_multi_mship * 1521 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp) 1522 { 1523 struct in6_multi_mship *imm; 1524 1525 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT); 1526 if (!imm) { 1527 *errorp = ENOBUFS; 1528 return NULL; 1529 } 1530 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp); 1531 if (!imm->i6mm_maddr) { 1532 /* *errorp is alrady set */ 1533 free(imm, M_IPMADDR, 0); 1534 return NULL; 1535 } 1536 return imm; 1537 } 1538 1539 int 1540 in6_leavegroup(struct in6_multi_mship *imm) 1541 { 1542 1543 if (imm->i6mm_maddr) 1544 in6_delmulti(imm->i6mm_maddr); 1545 free(imm, M_IPMADDR, 0); 1546 return 0; 1547 } 1548 1549 /* 1550 * Find an IPv6 interface link-local address specific to an interface. 1551 */ 1552 struct in6_ifaddr * 1553 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1554 { 1555 struct ifaddr *ifa; 1556 1557 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1558 if (ifa->ifa_addr == NULL) 1559 continue; /* just for safety */ 1560 if (ifa->ifa_addr->sa_family != AF_INET6) 1561 continue; 1562 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1563 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0) 1564 continue; 1565 break; 1566 } 1567 } 1568 1569 return (ifatoia6(ifa)); 1570 } 1571 1572 1573 /* 1574 * find the internet address corresponding to a given interface and address. 1575 */ 1576 struct in6_ifaddr * 1577 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1578 { 1579 struct ifaddr *ifa; 1580 1581 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1582 if (ifa->ifa_addr == NULL) 1583 continue; /* just for safety */ 1584 if (ifa->ifa_addr->sa_family != AF_INET6) 1585 continue; 1586 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1587 break; 1588 } 1589 1590 return (ifatoia6(ifa)); 1591 } 1592 1593 /* 1594 * Check whether an interface has a prefix by looking up the cloning route. 1595 */ 1596 int 1597 in6_ifpprefix(const struct ifnet *ifp, const struct in6_addr *addr) 1598 { 1599 struct sockaddr_in6 dst; 1600 struct rtentry *rt; 1601 u_int tableid = ifp->if_rdomain; 1602 1603 bzero(&dst, sizeof(dst)); 1604 dst.sin6_len = sizeof(struct sockaddr_in6); 1605 dst.sin6_family = AF_INET6; 1606 dst.sin6_addr = *addr; 1607 rt = rtalloc1(sin6tosa(&dst), RT_NOCLONING, tableid); 1608 1609 if (rt == NULL) 1610 return (0); 1611 if ((rt->rt_flags & (RTF_CLONING | RTF_CLONED)) == 0 || 1612 (rt->rt_ifp != ifp && 1613 #if NBRIDGE > 0 1614 !SAME_BRIDGE(rt->rt_ifp->if_bridgeport, ifp->if_bridgeport) && 1615 #endif 1616 #if NCARP > 0 1617 (ifp->if_type != IFT_CARP || rt->rt_ifp != ifp->if_carpdev) && 1618 (rt->rt_ifp->if_type != IFT_CARP || rt->rt_ifp->if_carpdev != ifp)&& 1619 (ifp->if_type != IFT_CARP || rt->rt_ifp->if_type != IFT_CARP || 1620 rt->rt_ifp->if_carpdev != ifp->if_carpdev) && 1621 #endif 1622 1)) { 1623 RTFREE(rt); 1624 return (0); 1625 } 1626 1627 RTFREE(rt); 1628 return (1); 1629 } 1630 1631 /* 1632 * Get a scope of the address. Node-local, link-local, site-local or global. 1633 */ 1634 int 1635 in6_addrscope(struct in6_addr *addr) 1636 { 1637 int scope; 1638 1639 if (addr->s6_addr8[0] == 0xfe) { 1640 scope = addr->s6_addr8[1] & 0xc0; 1641 1642 switch (scope) { 1643 case 0x80: 1644 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1645 break; 1646 case 0xc0: 1647 return __IPV6_ADDR_SCOPE_SITELOCAL; 1648 break; 1649 default: 1650 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */ 1651 break; 1652 } 1653 } 1654 1655 1656 if (addr->s6_addr8[0] == 0xff) { 1657 scope = addr->s6_addr8[1] & 0x0f; 1658 1659 /* 1660 * due to other scope such as reserved, 1661 * return scope doesn't work. 1662 */ 1663 switch (scope) { 1664 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1665 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1666 break; 1667 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1668 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1669 break; 1670 case __IPV6_ADDR_SCOPE_SITELOCAL: 1671 return __IPV6_ADDR_SCOPE_SITELOCAL; 1672 break; 1673 default: 1674 return __IPV6_ADDR_SCOPE_GLOBAL; 1675 break; 1676 } 1677 } 1678 1679 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) { 1680 if (addr->s6_addr8[15] == 1) /* loopback */ 1681 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1682 if (addr->s6_addr8[15] == 0) /* unspecified */ 1683 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1684 } 1685 1686 return __IPV6_ADDR_SCOPE_GLOBAL; 1687 } 1688 1689 /* 1690 * ifp - must not be NULL 1691 * addr - must not be NULL 1692 */ 1693 1694 int 1695 in6_addr2scopeid(struct ifnet *ifp, struct in6_addr *addr) 1696 { 1697 int scope = in6_addrscope(addr); 1698 1699 switch(scope) { 1700 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1701 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1702 /* XXX: we do not distinguish between a link and an I/F. */ 1703 return (ifp->if_index); 1704 1705 case __IPV6_ADDR_SCOPE_SITELOCAL: 1706 return (0); /* XXX: invalid. */ 1707 1708 default: 1709 return (0); /* XXX: treat as global. */ 1710 } 1711 } 1712 1713 /* 1714 * return length of part which dst and src are equal 1715 * hard coding... 1716 */ 1717 int 1718 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1719 { 1720 int match = 0; 1721 u_char *s = (u_char *)src, *d = (u_char *)dst; 1722 u_char *lim = s + 16, r; 1723 1724 while (s < lim) 1725 if ((r = (*d++ ^ *s++)) != 0) { 1726 while (r < 128) { 1727 match++; 1728 r <<= 1; 1729 } 1730 break; 1731 } else 1732 match += 8; 1733 return match; 1734 } 1735 1736 int 1737 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1738 { 1739 int bytelen, bitlen; 1740 1741 /* sanity check */ 1742 if (0 > len || len > 128) { 1743 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1744 len); 1745 return (0); 1746 } 1747 1748 bytelen = len / 8; 1749 bitlen = len % 8; 1750 1751 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1752 return (0); 1753 /* len == 128 is ok because bitlen == 0 then */ 1754 if (bitlen != 0 && 1755 p1->s6_addr[bytelen] >> (8 - bitlen) != 1756 p2->s6_addr[bytelen] >> (8 - bitlen)) 1757 return (0); 1758 1759 return (1); 1760 } 1761 1762 void 1763 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1764 { 1765 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1766 int bytelen, bitlen, i; 1767 1768 /* sanity check */ 1769 if (0 > len || len > 128) { 1770 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1771 len); 1772 return; 1773 } 1774 1775 bzero(maskp, sizeof(*maskp)); 1776 bytelen = len / 8; 1777 bitlen = len % 8; 1778 for (i = 0; i < bytelen; i++) 1779 maskp->s6_addr[i] = 0xff; 1780 /* len == 128 is ok because bitlen == 0 then */ 1781 if (bitlen) 1782 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1783 } 1784 1785 /* 1786 * return the best address out of the same scope 1787 */ 1788 struct in6_ifaddr * 1789 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) 1790 { 1791 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1792 int blen = -1; 1793 struct ifaddr *ifa; 1794 struct ifnet *ifp; 1795 struct in6_ifaddr *ia6_best = NULL; 1796 #if NCARP > 0 1797 struct sockaddr_dl *proxydl = NULL; 1798 #endif 1799 1800 if (oifp == NULL) { 1801 printf("in6_ifawithscope: output interface is not specified\n"); 1802 return (NULL); 1803 } 1804 1805 /* 1806 * We search for all addresses on all interfaces from the beginning. 1807 * Comparing an interface with the outgoing interface will be done 1808 * only at the final stage of tiebreaking. 1809 */ 1810 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1811 if (ifp->if_rdomain != rdomain) 1812 continue; 1813 #if NCARP > 0 1814 /* 1815 * Never use a carp address of an interface which is not 1816 * the master. 1817 */ 1818 if (ifp->if_type == IFT_CARP && 1819 !carp_iamatch6(ifp, NULL, &proxydl)) 1820 continue; 1821 #endif 1822 1823 /* 1824 * We can never take an address that breaks the scope zone 1825 * of the destination. 1826 */ 1827 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) 1828 continue; 1829 1830 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1831 int tlen = -1, dscopecmp, bscopecmp, matchcmp; 1832 1833 if (ifa->ifa_addr->sa_family != AF_INET6) 1834 continue; 1835 1836 src_scope = in6_addrscope(IFA_IN6(ifa)); 1837 1838 #ifdef ADDRSELECT_DEBUG /* should be removed after stabilization */ 1839 { 1840 char adst[INET6_ADDRSTRLEN], asrc[INET6_ADDRSTRLEN]; 1841 char bestaddr[INET6_ADDRSTRLEN]; 1842 1843 1844 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 1845 printf("in6_ifawithscope: dst=%s bestaddr=%s, " 1846 "newaddr=%s, scope=%x, dcmp=%d, bcmp=%d, " 1847 "matchlen=%d, flgs=%x\n", 1848 inet_ntop(AF_INET6, dst, adst, sizeof(adst)), 1849 (ia6_best == NULL) ? "none" : 1850 inet_ntop(AF_INET6, &ia6_best->ia_addr.sin6_addr, 1851 bestaddr, sizeof(bestaddr)), 1852 inet_ntop(AF_INET6, IFA_IN6(ifa), 1853 asrc, sizeof(asrc)), 1854 src_scope, dscopecmp, 1855 ia6_best ? IN6_ARE_SCOPE_CMP(src_scope, best_scope) : -1, 1856 in6_matchlen(IFA_IN6(ifa), dst), 1857 ifatoia6(ifa)->ia6_flags); 1858 } 1859 #endif 1860 1861 /* 1862 * Don't use an address before completing DAD 1863 * nor a duplicated address. 1864 */ 1865 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_NOTREADY) 1866 continue; 1867 1868 /* XXX: is there any case to allow anycasts? */ 1869 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) 1870 continue; 1871 1872 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED) 1873 continue; 1874 1875 /* 1876 * If this is the first address we find, 1877 * keep it anyway. 1878 */ 1879 if (ia6_best == NULL) 1880 goto replace; 1881 1882 /* 1883 * ia6_best is never NULL beyond this line except 1884 * within the block labeled "replace". 1885 */ 1886 1887 /* 1888 * If ia6_best has a smaller scope than dst and 1889 * the current address has a larger one than 1890 * (or equal to) dst, always replace ia6_best. 1891 * Also, if the current address has a smaller scope 1892 * than dst, ignore it unless ia6_best also has a 1893 * smaller scope. 1894 */ 1895 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 && 1896 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) 1897 goto replace; 1898 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 && 1899 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) 1900 continue; 1901 1902 /* 1903 * A deprecated address SHOULD NOT be used in new 1904 * communications if an alternate (non-deprecated) 1905 * address is available and has sufficient scope. 1906 * RFC 2462, Section 5.5.4. 1907 */ 1908 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1909 /* 1910 * Ignore any deprecated addresses if 1911 * specified by configuration. 1912 */ 1913 if (!ip6_use_deprecated) 1914 continue; 1915 1916 /* 1917 * If we have already found a non-deprecated 1918 * candidate, just ignore deprecated addresses. 1919 */ 1920 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) 1921 == 0) 1922 continue; 1923 } 1924 1925 /* 1926 * A non-deprecated address is always preferred 1927 * to a deprecated one regardless of scopes and 1928 * address matching. 1929 */ 1930 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) && 1931 (ifatoia6(ifa)->ia6_flags & 1932 IN6_IFF_DEPRECATED) == 0) 1933 goto replace; 1934 1935 /* 1936 * At this point, we have two cases: 1937 * 1. we are looking at a non-deprecated address, 1938 * and ia6_best is also non-deprecated. 1939 * 2. we are looking at a deprecated address, 1940 * and ia6_best is also deprecated. 1941 * Also, we do not have to consider a case where 1942 * the scope of if_best is larger(smaller) than dst and 1943 * the scope of the current address is smaller(larger) 1944 * than dst. Such a case has already been covered. 1945 * Tiebreaking is done according to the following 1946 * items: 1947 * - the scope comparison between the address and 1948 * dst (dscopecmp) 1949 * - the scope comparison between the address and 1950 * ia6_best (bscopecmp) 1951 * - if the address match dst longer than ia6_best 1952 * (matchcmp) 1953 * - if the address is on the outgoing I/F (outI/F) 1954 * 1955 * Roughly speaking, the selection policy is 1956 * - the most important item is scope. The same scope 1957 * is best. Then search for a larger scope. 1958 * Smaller scopes are the last resort. 1959 * - A deprecated address is chosen only when we have 1960 * no address that has an enough scope, but is 1961 * prefered to any addresses of smaller scopes. 1962 * - Longest address match against dst is considered 1963 * only for addresses that has the same scope of dst. 1964 * - If there is no other reasons to choose one, 1965 * addresses on the outgoing I/F are preferred. 1966 * 1967 * The precise decision table is as follows: 1968 * dscopecmp bscopecmp matchcmp outI/F | replace? 1969 * !equal equal N/A Yes | Yes (1) 1970 * !equal equal N/A No | No (2) 1971 * larger larger N/A N/A | No (3) 1972 * larger smaller N/A N/A | Yes (4) 1973 * smaller larger N/A N/A | Yes (5) 1974 * smaller smaller N/A N/A | No (6) 1975 * equal smaller N/A N/A | Yes (7) 1976 * equal larger (already done) 1977 * equal equal larger N/A | Yes (8) 1978 * equal equal smaller N/A | No (9) 1979 * equal equal equal Yes | Yes (a) 1980 * equal equal equal No | No (b) 1981 */ 1982 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 1983 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope); 1984 1985 if (dscopecmp && bscopecmp == 0) { 1986 if (oifp == ifp) /* (1) */ 1987 goto replace; 1988 continue; /* (2) */ 1989 } 1990 if (dscopecmp > 0) { 1991 if (bscopecmp > 0) /* (3) */ 1992 continue; 1993 goto replace; /* (4) */ 1994 } 1995 if (dscopecmp < 0) { 1996 if (bscopecmp > 0) /* (5) */ 1997 goto replace; 1998 continue; /* (6) */ 1999 } 2000 2001 /* now dscopecmp must be 0 */ 2002 if (bscopecmp < 0) 2003 goto replace; /* (7) */ 2004 2005 /* 2006 * At last both dscopecmp and bscopecmp must be 0. 2007 * We need address matching against dst for 2008 * tiebreaking. 2009 * Privacy addresses are preferred over public 2010 * addresses (RFC3484 requires a config knob for 2011 * this which we don't provide). 2012 */ 2013 if (oifp == ifp) { 2014 /* Do not replace temporary autoconf addresses 2015 * with non-temporary addresses. */ 2016 if ((ia6_best->ia6_flags & IN6_IFF_PRIVACY) && 2017 !(ifatoia6(ifa)->ia6_flags & 2018 IN6_IFF_PRIVACY)) 2019 continue; 2020 2021 /* Replace non-temporary autoconf addresses 2022 * with temporary addresses. */ 2023 if (!(ia6_best->ia6_flags & IN6_IFF_PRIVACY) && 2024 (ifatoia6(ifa)->ia6_flags & 2025 IN6_IFF_PRIVACY)) 2026 goto replace; 2027 } 2028 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2029 matchcmp = tlen - blen; 2030 if (matchcmp > 0) /* (8) */ 2031 goto replace; 2032 if (matchcmp < 0) /* (9) */ 2033 continue; 2034 if (oifp == ifp) /* (a) */ 2035 goto replace; 2036 continue; /* (b) */ 2037 2038 replace: 2039 ia6_best = ifatoia6(ifa); 2040 blen = tlen >= 0 ? tlen : 2041 in6_matchlen(IFA_IN6(ifa), dst); 2042 best_scope = in6_addrscope(&ia6_best->ia_addr.sin6_addr); 2043 } 2044 } 2045 2046 /* count statistics for future improvements */ 2047 if (ia6_best == NULL) 2048 ip6stat.ip6s_sources_none++; 2049 else { 2050 if (oifp == ia6_best->ia_ifp) 2051 ip6stat.ip6s_sources_sameif[best_scope]++; 2052 else 2053 ip6stat.ip6s_sources_otherif[best_scope]++; 2054 2055 if (best_scope == dst_scope) 2056 ip6stat.ip6s_sources_samescope[best_scope]++; 2057 else 2058 ip6stat.ip6s_sources_otherscope[best_scope]++; 2059 2060 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 2061 ip6stat.ip6s_sources_deprecated[best_scope]++; 2062 } 2063 2064 return (ia6_best); 2065 } 2066 2067 /* 2068 * perform DAD when interface becomes IFF_UP. 2069 */ 2070 void 2071 in6_if_up(struct ifnet *ifp) 2072 { 2073 struct ifaddr *ifa; 2074 struct in6_ifaddr *ia6; 2075 int dad_delay; /* delay ticks before DAD output */ 2076 2077 /* 2078 * special cases, like 6to4, are handled in in6_ifattach 2079 */ 2080 in6_ifattach(ifp); 2081 2082 dad_delay = 0; 2083 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 2084 if (ifa->ifa_addr->sa_family != AF_INET6) 2085 continue; 2086 ia6 = ifatoia6(ifa); 2087 if (ia6->ia6_flags & IN6_IFF_TENTATIVE) 2088 nd6_dad_start(ifa, &dad_delay); 2089 } 2090 } 2091 2092 int 2093 in6if_do_dad(struct ifnet *ifp) 2094 { 2095 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2096 return (0); 2097 2098 switch (ifp->if_type) { 2099 #if NCARP > 0 2100 case IFT_CARP: 2101 /* 2102 * XXX: DAD does not work currently on carp(4) 2103 * so disable it for now. 2104 */ 2105 return (0); 2106 #endif 2107 default: 2108 /* 2109 * Our DAD routine requires the interface up and running. 2110 * However, some interfaces can be up before the RUNNING 2111 * status. Additionaly, users may try to assign addresses 2112 * before the interface becomes up (or running). 2113 * We simply skip DAD in such a case as a work around. 2114 * XXX: we should rather mark "tentative" on such addresses, 2115 * and do DAD after the interface becomes ready. 2116 */ 2117 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2118 (IFF_UP|IFF_RUNNING)) 2119 return (0); 2120 2121 return (1); 2122 } 2123 } 2124 2125 /* 2126 * Calculate max IPv6 MTU through all the interfaces and store it 2127 * to in6_maxmtu. 2128 */ 2129 void 2130 in6_setmaxmtu(void) 2131 { 2132 unsigned long maxmtu = 0; 2133 struct ifnet *ifp; 2134 2135 TAILQ_FOREACH(ifp, &ifnet, if_list) { 2136 /* this function can be called during ifnet initialization */ 2137 if (!ifp->if_afdata[AF_INET6]) 2138 continue; 2139 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2140 IN6_LINKMTU(ifp) > maxmtu) 2141 maxmtu = IN6_LINKMTU(ifp); 2142 } 2143 if (maxmtu) /* update only when maxmtu is positive */ 2144 in6_maxmtu = maxmtu; 2145 } 2146 2147 void * 2148 in6_domifattach(struct ifnet *ifp) 2149 { 2150 struct in6_ifextra *ext; 2151 2152 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK | M_ZERO); 2153 2154 ext->in6_ifstat = malloc(sizeof(*ext->in6_ifstat), M_IFADDR, 2155 M_WAITOK | M_ZERO); 2156 2157 ext->icmp6_ifstat = malloc(sizeof(*ext->icmp6_ifstat), M_IFADDR, 2158 M_WAITOK | M_ZERO); 2159 2160 ext->nd_ifinfo = nd6_ifattach(ifp); 2161 ext->nprefixes = 0; 2162 ext->ndefrouters = 0; 2163 return ext; 2164 } 2165 2166 void 2167 in6_domifdetach(struct ifnet *ifp, void *aux) 2168 { 2169 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2170 2171 nd6_ifdetach(ext->nd_ifinfo); 2172 free(ext->in6_ifstat, M_IFADDR, 0); 2173 free(ext->icmp6_ifstat, M_IFADDR, 0); 2174 free(ext, M_IFADDR, 0); 2175 } 2176