1 /* $OpenBSD: in6.c,v 1.267 2024/06/07 09:48:19 florian Exp $ */
2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1991, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)in.c 8.2 (Berkeley) 11/15/93
62 */
63
64 #include "carp.h"
65
66 #include <sys/param.h>
67 #include <sys/ioctl.h>
68 #include <sys/errno.h>
69 #include <sys/malloc.h>
70 #include <sys/socket.h>
71 #include <sys/socketvar.h>
72 #include <sys/sockio.h>
73 #include <sys/mbuf.h>
74 #include <sys/systm.h>
75 #include <sys/time.h>
76 #include <sys/kernel.h>
77 #include <sys/syslog.h>
78
79 #include <net/if.h>
80 #include <net/if_dl.h>
81 #include <net/if_types.h>
82 #include <net/route.h>
83
84 #include <netinet/in.h>
85 #include <netinet/if_ether.h>
86
87 #include <netinet6/in6_var.h>
88 #include <netinet/ip6.h>
89 #include <netinet6/ip6_var.h>
90 #include <netinet6/nd6.h>
91 #include <netinet6/mld6_var.h>
92 #ifdef MROUTING
93 #include <netinet6/ip6_mroute.h>
94 #endif
95 #include <netinet6/in6_ifattach.h>
96 #if NCARP > 0
97 #include <netinet/ip_carp.h>
98 #endif
99
100 /*
101 * Definitions of some constant IP6 addresses.
102 */
103 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
104 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
105 const struct in6_addr in6addr_intfacelocal_allnodes =
106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT;
107 const struct in6_addr in6addr_linklocal_allnodes =
108 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
109 const struct in6_addr in6addr_linklocal_allrouters =
110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
111
112 const struct in6_addr in6mask0 = IN6MASK0;
113 const struct in6_addr in6mask32 = IN6MASK32;
114 const struct in6_addr in6mask64 = IN6MASK64;
115 const struct in6_addr in6mask96 = IN6MASK96;
116 const struct in6_addr in6mask128 = IN6MASK128;
117
118 int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
119 int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *);
120 int in6_ioctl_get(u_long, caddr_t, struct ifnet *);
121 int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int);
122 int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int);
123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
125
126 const struct sockaddr_in6 sa6_any = {
127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0
128 };
129
130 int
in6_mask2len(struct in6_addr * mask,u_char * lim0)131 in6_mask2len(struct in6_addr *mask, u_char *lim0)
132 {
133 int x = 0, y;
134 u_char *lim = lim0, *p;
135
136 /* ignore the scope_id part */
137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
138 lim = (u_char *)mask + sizeof(*mask);
139 for (p = (u_char *)mask; p < lim; x++, p++) {
140 if (*p != 0xff)
141 break;
142 }
143 y = 0;
144 if (p < lim) {
145 for (y = 0; y < 8; y++) {
146 if ((*p & (0x80 >> y)) == 0)
147 break;
148 }
149 }
150
151 /*
152 * when the limit pointer is given, do a stricter check on the
153 * remaining bits.
154 */
155 if (p < lim) {
156 if (y != 0 && (*p & (0x00ff >> y)) != 0)
157 return (-1);
158 for (p = p + 1; p < lim; p++)
159 if (*p != 0)
160 return (-1);
161 }
162
163 return x * 8 + y;
164 }
165
166 int
in6_nam2sin6(const struct mbuf * nam,struct sockaddr_in6 ** sin6)167 in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6)
168 {
169 struct sockaddr *sa = mtod(nam, struct sockaddr *);
170
171 if (nam->m_len < offsetof(struct sockaddr, sa_data))
172 return EINVAL;
173 if (sa->sa_family != AF_INET6)
174 return EAFNOSUPPORT;
175 if (sa->sa_len != nam->m_len)
176 return EINVAL;
177 if (sa->sa_len != sizeof(struct sockaddr_in6))
178 return EINVAL;
179 *sin6 = satosin6(sa);
180
181 return 0;
182 }
183
184 int
in6_sa2sin6(struct sockaddr * sa,struct sockaddr_in6 ** sin6)185 in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6)
186 {
187 if (sa->sa_family != AF_INET6)
188 return EAFNOSUPPORT;
189 if (sa->sa_len != sizeof(struct sockaddr_in6))
190 return EINVAL;
191 *sin6 = satosin6(sa);
192
193 return 0;
194 }
195
196 int
in6_control(struct socket * so,u_long cmd,caddr_t data,struct ifnet * ifp)197 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
198 {
199 int privileged;
200
201 privileged = 0;
202 if ((so->so_state & SS_PRIV) != 0)
203 privileged++;
204
205 switch (cmd) {
206 #ifdef MROUTING
207 case SIOCGETSGCNT_IN6:
208 case SIOCGETMIFCNT_IN6:
209 return mrt6_ioctl(so, cmd, data);
210 #endif /* MROUTING */
211 default:
212 return in6_ioctl(cmd, data, ifp, privileged);
213 }
214 }
215
216 int
in6_ioctl(u_long cmd,caddr_t data,struct ifnet * ifp,int privileged)217 in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
218 {
219 if (ifp == NULL)
220 return (ENXIO);
221
222 switch (cmd) {
223 case SIOCGIFINFO_IN6:
224 case SIOCGNBRINFO_IN6:
225 return (nd6_ioctl(cmd, data, ifp));
226 case SIOCGIFDSTADDR_IN6:
227 case SIOCGIFNETMASK_IN6:
228 case SIOCGIFAFLAG_IN6:
229 case SIOCGIFALIFETIME_IN6:
230 return (in6_ioctl_get(cmd, data, ifp));
231 case SIOCAIFADDR_IN6:
232 case SIOCDIFADDR_IN6:
233 if (!privileged)
234 return (EPERM);
235 return (in6_ioctl_change_ifaddr(cmd, data, ifp));
236 case SIOCSIFADDR:
237 case SIOCSIFDSTADDR:
238 case SIOCSIFBRDADDR:
239 case SIOCSIFNETMASK:
240 /*
241 * Do not pass those ioctl to driver handler since they are not
242 * properly set up. Instead just error out.
243 */
244 return (EINVAL);
245 default:
246 return (EOPNOTSUPP);
247 }
248 }
249
250 int
in6_ioctl_change_ifaddr(u_long cmd,caddr_t data,struct ifnet * ifp)251 in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp)
252 {
253 struct in6_ifaddr *ia6 = NULL;
254 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
255 struct sockaddr *sa;
256 struct sockaddr_in6 *sa6 = NULL;
257 int error = 0, newifaddr = 0, plen;
258
259 /*
260 * Find address for this interface, if it exists.
261 *
262 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
263 * only, and used the first interface address as the target of other
264 * operations (without checking ifra_addr). This was because netinet
265 * code/API assumed at most 1 interface address per interface.
266 * Since IPv6 allows a node to assign multiple addresses
267 * on a single interface, we almost always look and check the
268 * presence of ifra_addr, and reject invalid ones here.
269 * It also decreases duplicated code among SIOC*_IN6 operations.
270 *
271 * We always require users to specify a valid IPv6 address for
272 * the corresponding operation.
273 */
274 switch (cmd) {
275 case SIOCAIFADDR_IN6:
276 sa = sin6tosa(&ifra->ifra_addr);
277 break;
278 case SIOCDIFADDR_IN6:
279 sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr);
280 break;
281 default:
282 panic("%s: invalid ioctl %lu", __func__, cmd);
283 }
284 if (sa->sa_family == AF_INET6) {
285 error = in6_sa2sin6(sa, &sa6);
286 if (error)
287 return (error);
288 }
289
290 KERNEL_LOCK();
291 NET_LOCK();
292
293 if (sa6 != NULL) {
294 error = in6_check_embed_scope(sa6, ifp->if_index);
295 if (error)
296 goto err;
297 error = in6_clear_scope_id(sa6, ifp->if_index);
298 if (error)
299 goto err;
300 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
301 }
302
303 switch (cmd) {
304 case SIOCDIFADDR_IN6:
305 /*
306 * for IPv4, we look for existing in_ifaddr here to allow
307 * "ifconfig if0 delete" to remove the first IPv4 address on
308 * the interface. For IPv6, as the spec allows multiple
309 * interface address from the day one, we consider "remove the
310 * first one" semantics to be not preferable.
311 */
312 if (ia6 == NULL) {
313 error = EADDRNOTAVAIL;
314 break;
315 }
316 in6_purgeaddr(&ia6->ia_ifa);
317 if_addrhooks_run(ifp);
318 break;
319
320 case SIOCAIFADDR_IN6:
321 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
322 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
323 error = EAFNOSUPPORT;
324 break;
325 }
326
327 /* reject read-only flags */
328 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 ||
329 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 ||
330 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
331 error = EINVAL;
332 break;
333 }
334
335 if (ia6 == NULL)
336 newifaddr = 1;
337
338 /*
339 * Make the address tentative before joining multicast
340 * addresses, so that corresponding MLD responses would
341 * not have a tentative source address.
342 */
343 if (newifaddr && in6if_do_dad(ifp))
344 ifra->ifra_flags |= IN6_IFF_TENTATIVE;
345
346 /*
347 * first, make or update the interface address structure,
348 * and link it to the list. try to enable inet6 if there
349 * is no link-local yet.
350 */
351 error = in6_ifattach(ifp);
352 if (error)
353 break;
354 error = in6_update_ifa(ifp, ifra, ia6);
355 if (error)
356 break;
357
358 ia6 = NULL;
359 if (sa6 != NULL)
360 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
361 if (ia6 == NULL) {
362 /*
363 * this can happen when the user specify the 0 valid
364 * lifetime.
365 */
366 break;
367 }
368
369 /* Perform DAD, if needed. */
370 if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
371 nd6_dad_start(&ia6->ia_ifa);
372
373 if (!newifaddr) {
374 if_addrhooks_run(ifp);
375 break;
376 }
377
378 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
379 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) {
380 if_addrhooks_run(ifp);
381 break; /* No need to install a connected route. */
382 }
383
384 error = rt_ifa_add(&ia6->ia_ifa,
385 RTF_CLONING | RTF_CONNECTED | RTF_MPATH,
386 ia6->ia_ifa.ifa_addr, ifp->if_rdomain);
387 if (error) {
388 in6_purgeaddr(&ia6->ia_ifa);
389 break;
390 }
391 if_addrhooks_run(ifp);
392 break;
393 }
394
395 err:
396 NET_UNLOCK();
397 KERNEL_UNLOCK();
398 return (error);
399 }
400
401 int
in6_ioctl_get(u_long cmd,caddr_t data,struct ifnet * ifp)402 in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp)
403 {
404 struct in6_ifreq *ifr = (struct in6_ifreq *)data;
405 struct in6_ifaddr *ia6 = NULL;
406 struct sockaddr *sa;
407 struct sockaddr_in6 *sa6 = NULL;
408 int error = 0;
409
410 sa = sin6tosa(&ifr->ifr_addr);
411 if (sa->sa_family == AF_INET6) {
412 sa->sa_len = sizeof(struct sockaddr_in6);
413 error = in6_sa2sin6(sa, &sa6);
414 if (error)
415 return (error);
416 }
417
418 NET_LOCK_SHARED();
419
420 if (sa6 != NULL) {
421 error = in6_check_embed_scope(sa6, ifp->if_index);
422 if (error)
423 goto err;
424 error = in6_clear_scope_id(sa6, ifp->if_index);
425 if (error)
426 goto err;
427 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
428 }
429
430 /* must think again about its semantics */
431 if (ia6 == NULL) {
432 error = EADDRNOTAVAIL;
433 goto err;
434 }
435
436 switch (cmd) {
437 case SIOCGIFDSTADDR_IN6:
438 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
439 error = EINVAL;
440 break;
441 }
442 /*
443 * XXX: should we check if ifa_dstaddr is NULL and return
444 * an error?
445 */
446 ifr->ifr_dstaddr = ia6->ia_dstaddr;
447 break;
448
449 case SIOCGIFNETMASK_IN6:
450 ifr->ifr_addr = ia6->ia_prefixmask;
451 break;
452
453 case SIOCGIFAFLAG_IN6:
454 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
455 break;
456
457 case SIOCGIFALIFETIME_IN6:
458 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
459 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
460 time_t expire, maxexpire;
461 struct in6_addrlifetime *retlt =
462 &ifr->ifr_ifru.ifru_lifetime;
463
464 /*
465 * XXX: adjust expiration time assuming time_t is
466 * signed.
467 */
468 maxexpire =
469 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
470 if (ia6->ia6_lifetime.ia6t_vltime <
471 maxexpire - ia6->ia6_updatetime) {
472 expire = ia6->ia6_updatetime +
473 ia6->ia6_lifetime.ia6t_vltime;
474 if (expire != 0) {
475 expire -= getuptime();
476 expire += gettime();
477 }
478 retlt->ia6t_expire = expire;
479 } else
480 retlt->ia6t_expire = maxexpire;
481 }
482 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
483 time_t expire, maxexpire;
484 struct in6_addrlifetime *retlt =
485 &ifr->ifr_ifru.ifru_lifetime;
486
487 /*
488 * XXX: adjust expiration time assuming time_t is
489 * signed.
490 */
491 maxexpire =
492 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
493 if (ia6->ia6_lifetime.ia6t_pltime <
494 maxexpire - ia6->ia6_updatetime) {
495 expire = ia6->ia6_updatetime +
496 ia6->ia6_lifetime.ia6t_pltime;
497 if (expire != 0) {
498 expire -= getuptime();
499 expire += gettime();
500 }
501 retlt->ia6t_preferred = expire;
502 } else
503 retlt->ia6t_preferred = maxexpire;
504 }
505 break;
506
507 default:
508 panic("%s: invalid ioctl %lu", __func__, cmd);
509 }
510
511 err:
512 NET_UNLOCK_SHARED();
513 return (error);
514 }
515
516 int
in6_check_embed_scope(struct sockaddr_in6 * sa6,unsigned int ifidx)517 in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx)
518 {
519 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
520 if (sa6->sin6_addr.s6_addr16[1] == 0) {
521 /* link ID is not embedded by the user */
522 sa6->sin6_addr.s6_addr16[1] = htons(ifidx);
523 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx))
524 return EINVAL; /* link ID contradicts */
525 }
526 return 0;
527 }
528
529 int
in6_clear_scope_id(struct sockaddr_in6 * sa6,unsigned int ifidx)530 in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx)
531 {
532 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
533 if (sa6->sin6_scope_id) {
534 if (sa6->sin6_scope_id != (u_int32_t)ifidx)
535 return EINVAL;
536 sa6->sin6_scope_id = 0; /* XXX: good way? */
537 }
538 }
539 return 0;
540 }
541
542 /*
543 * Update parameters of an IPv6 interface address.
544 * If necessary, a new entry is created and linked into address chains.
545 * This function is separated from in6_control().
546 */
547 int
in6_update_ifa(struct ifnet * ifp,struct in6_aliasreq * ifra,struct in6_ifaddr * ia6)548 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
549 struct in6_ifaddr *ia6)
550 {
551 int error = 0, hostIsNew = 0, plen = -1;
552 struct sockaddr_in6 dst6, gw6;
553 struct in6_addrlifetime *lt;
554 struct in6_multi_mship *imm;
555 struct rtentry *rt;
556 char addr[INET6_ADDRSTRLEN];
557
558 NET_ASSERT_LOCKED();
559
560 /* Validate parameters */
561 if (ifp == NULL || ifra == NULL) /* this maybe redundant */
562 return (EINVAL);
563
564 /*
565 * The destination address for a p2p link or the address of the
566 * announcing router for an autoconf address must have a family of
567 * AF_UNSPEC or AF_INET6.
568 */
569 if ((ifp->if_flags & IFF_POINTOPOINT) ||
570 (ifp->if_flags & IFF_LOOPBACK) ||
571 (ifra->ifra_flags & IN6_IFF_AUTOCONF)) {
572 if (ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
573 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
574 return (EAFNOSUPPORT);
575
576 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
577 return (EINVAL);
578
579 /*
580 * validate ifra_prefixmask. don't check sin6_family, netmask
581 * does not carry fields other than sin6_len.
582 */
583 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
584 return (EINVAL);
585 /*
586 * Because the IPv6 address architecture is classless, we require
587 * users to specify a (non 0) prefix length (mask) for a new address.
588 * We also require the prefix (when specified) mask is valid, and thus
589 * reject a non-consecutive mask.
590 */
591 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0)
592 return (EINVAL);
593 if (ifra->ifra_prefixmask.sin6_len != 0) {
594 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
595 (u_char *)&ifra->ifra_prefixmask +
596 ifra->ifra_prefixmask.sin6_len);
597 if (plen <= 0)
598 return (EINVAL);
599 } else {
600 /*
601 * In this case, ia6 must not be NULL. We just use its prefix
602 * length.
603 */
604 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
605 }
606
607 if (ifra->ifra_flags & IN6_IFF_AUTOCONF) {
608 gw6 = ifra->ifra_dstaddr;
609 memset(&dst6, 0, sizeof(dst6));
610 } else {
611 dst6 = ifra->ifra_dstaddr;
612 memset(&gw6, 0, sizeof(gw6));
613 }
614 if (dst6.sin6_family == AF_INET6) {
615 error = in6_check_embed_scope(&dst6, ifp->if_index);
616 if (error)
617 return error;
618
619 if (((ifp->if_flags & IFF_POINTOPOINT) ||
620 (ifp->if_flags & IFF_LOOPBACK)) && plen != 128)
621 return (EINVAL);
622 }
623 if (gw6.sin6_family == AF_INET6) {
624 error = in6_check_embed_scope(&gw6, ifp->if_index);
625 if (error)
626 return error;
627 }
628 /* lifetime consistency check */
629 lt = &ifra->ifra_lifetime;
630 if (lt->ia6t_pltime > lt->ia6t_vltime)
631 return (EINVAL);
632 if (lt->ia6t_vltime == 0) {
633 /*
634 * the following log might be noisy, but this is a typical
635 * configuration mistake or a tool's bug.
636 */
637 nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
638 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr,
639 addr, sizeof(addr))));
640
641 if (ia6 == NULL)
642 return (0); /* there's nothing to do */
643 }
644
645 /*
646 * If this is a new address, allocate a new ifaddr and link it
647 * into chains.
648 */
649 if (ia6 == NULL) {
650 hostIsNew = 1;
651 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO);
652 refcnt_init_trace(&ia6->ia_ifa.ifa_refcnt,
653 DT_REFCNT_IDX_IFADDR);
654 LIST_INIT(&ia6->ia6_memberships);
655 /* Initialize the address and masks, and put time stamp */
656 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr);
657 ia6->ia_addr.sin6_family = AF_INET6;
658 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr);
659 ia6->ia6_updatetime = getuptime();
660 if ((ifp->if_flags & IFF_POINTOPOINT) ||
661 (ifp->if_flags & IFF_LOOPBACK)) {
662 /*
663 * XXX: some functions expect that ifa_dstaddr is not
664 * NULL for p2p interfaces.
665 */
666 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr);
667 } else {
668 ia6->ia_ifa.ifa_dstaddr = NULL;
669 }
670 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask);
671
672 ia6->ia_ifp = ifp;
673 ia6->ia_addr = ifra->ifra_addr;
674 ifa_add(ifp, &ia6->ia_ifa);
675 }
676
677 /* set prefix mask */
678 if (ifra->ifra_prefixmask.sin6_len) {
679 /*
680 * We prohibit changing the prefix length of an existing
681 * address, because
682 * + such an operation should be rare in IPv6, and
683 * + the operation would confuse prefix management.
684 */
685 if (ia6->ia_prefixmask.sin6_len &&
686 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) {
687 error = EINVAL;
688 goto unlink;
689 }
690 ia6->ia_prefixmask = ifra->ifra_prefixmask;
691 }
692
693 /*
694 * If a new destination address is specified, scrub the old one and
695 * install the new destination.
696 */
697 if (((ifp->if_flags & IFF_POINTOPOINT) ||
698 (ifp->if_flags & IFF_LOOPBACK)) && dst6.sin6_family == AF_INET6 &&
699 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) {
700 struct ifaddr *ifa = &ia6->ia_ifa;
701
702 if ((ia6->ia_flags & IFA_ROUTE) != 0 &&
703 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
704 ifp->if_rdomain) != 0) {
705 nd6log((LOG_ERR, "%s: failed to remove a route "
706 "to the old destination: %s\n", __func__,
707 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
708 addr, sizeof(addr))));
709 /* proceed anyway... */
710 } else
711 ia6->ia_flags &= ~IFA_ROUTE;
712 ia6->ia_dstaddr = dst6;
713 }
714
715 if ((ifra->ifra_flags & IN6_IFF_AUTOCONF) &&
716 gw6.sin6_family == AF_INET6 &&
717 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_gwaddr.sin6_addr)) {
718 /* Set or update announcing router */
719 ia6->ia_gwaddr = gw6;
720 }
721
722 /*
723 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
724 * to see if the address is deprecated or invalidated, but initialize
725 * these members for applications.
726 */
727 ia6->ia6_updatetime = getuptime();
728 ia6->ia6_lifetime = ifra->ifra_lifetime;
729 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
730 ia6->ia6_lifetime.ia6t_expire =
731 getuptime() + ia6->ia6_lifetime.ia6t_vltime;
732 } else
733 ia6->ia6_lifetime.ia6t_expire = 0;
734 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
735 ia6->ia6_lifetime.ia6t_preferred =
736 getuptime() + ia6->ia6_lifetime.ia6t_pltime;
737 } else
738 ia6->ia6_lifetime.ia6t_preferred = 0;
739
740 /* reset the interface and routing table appropriately. */
741 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0)
742 goto unlink;
743
744 /* re-run DAD */
745 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
746 ifra->ifra_flags |= IN6_IFF_TENTATIVE;
747 /*
748 * configure address flags.
749 */
750 ia6->ia6_flags = ifra->ifra_flags;
751
752 nd6_expire_timer_update(ia6);
753
754 /*
755 * We are done if we have simply modified an existing address.
756 */
757 if (!hostIsNew) {
758 /* DAD sends RTM_CHGADDRATTR when done. */
759 if (!(ia6->ia6_flags & IN6_IFF_TENTATIVE))
760 rtm_addr(RTM_CHGADDRATTR, &ia6->ia_ifa);
761 return (error);
762 }
763
764 /*
765 * Beyond this point, we should call in6_purgeaddr upon an error,
766 * not just go to unlink.
767 */
768
769 /* join necessary multiast groups */
770 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
771 struct sockaddr_in6 mltaddr, mltmask;
772
773 /* join solicited multicast addr for new host id */
774 struct sockaddr_in6 llsol;
775
776 bzero(&llsol, sizeof(llsol));
777 llsol.sin6_family = AF_INET6;
778 llsol.sin6_len = sizeof(llsol);
779 llsol.sin6_addr.s6_addr16[0] = htons(0xff02);
780 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
781 llsol.sin6_addr.s6_addr32[1] = 0;
782 llsol.sin6_addr.s6_addr32[2] = htonl(1);
783 llsol.sin6_addr.s6_addr32[3] =
784 ifra->ifra_addr.sin6_addr.s6_addr32[3];
785 llsol.sin6_addr.s6_addr8[12] = 0xff;
786 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error);
787 if (!imm)
788 goto cleanup;
789 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
790
791 bzero(&mltmask, sizeof(mltmask));
792 mltmask.sin6_len = sizeof(struct sockaddr_in6);
793 mltmask.sin6_family = AF_INET6;
794 mltmask.sin6_addr = in6mask32;
795
796 /*
797 * join link-local all-nodes address
798 */
799 bzero(&mltaddr, sizeof(mltaddr));
800 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
801 mltaddr.sin6_family = AF_INET6;
802 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
803 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
804 mltaddr.sin6_scope_id = 0;
805
806 /*
807 * XXX: do we really need this automatic routes?
808 * We should probably reconsider this stuff. Most applications
809 * actually do not need the routes, since they usually specify
810 * the outgoing interface.
811 */
812 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
813 if (rt) {
814 /* 32bit came from "mltmask" */
815 if (memcmp(&mltaddr.sin6_addr,
816 &satosin6(rt_key(rt))->sin6_addr,
817 32 / 8)) {
818 rtfree(rt);
819 rt = NULL;
820 }
821 }
822 if (!rt) {
823 struct rt_addrinfo info;
824
825 bzero(&info, sizeof(info));
826 info.rti_ifa = &ia6->ia_ifa;
827 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
828 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
829 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
830 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
831 info.rti_flags = RTF_MULTICAST;
832 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
833 ifp->if_rdomain);
834 if (error)
835 goto cleanup;
836 } else {
837 rtfree(rt);
838 }
839 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
840 if (!imm)
841 goto cleanup;
842 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
843
844 /*
845 * join interface-local all-nodes address.
846 * (ff01::1%ifN, and ff01::%ifN/32)
847 */
848 bzero(&mltaddr, sizeof(mltaddr));
849 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
850 mltaddr.sin6_family = AF_INET6;
851 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes;
852 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
853 mltaddr.sin6_scope_id = 0;
854
855 /* XXX: again, do we really need the route? */
856 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
857 if (rt) {
858 /* 32bit came from "mltmask" */
859 if (memcmp(&mltaddr.sin6_addr,
860 &satosin6(rt_key(rt))->sin6_addr,
861 32 / 8)) {
862 rtfree(rt);
863 rt = NULL;
864 }
865 }
866 if (!rt) {
867 struct rt_addrinfo info;
868
869 bzero(&info, sizeof(info));
870 info.rti_ifa = &ia6->ia_ifa;
871 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
872 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
873 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
874 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
875 info.rti_flags = RTF_MULTICAST;
876 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
877 ifp->if_rdomain);
878 if (error)
879 goto cleanup;
880 } else {
881 rtfree(rt);
882 }
883 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
884 if (!imm)
885 goto cleanup;
886 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
887 }
888
889 return (error);
890
891 unlink:
892 /*
893 * XXX: if a change of an existing address failed, keep the entry
894 * anyway.
895 */
896 if (hostIsNew)
897 in6_unlink_ifa(ia6, ifp);
898 return (error);
899
900 cleanup:
901 in6_purgeaddr(&ia6->ia_ifa);
902 return error;
903 }
904
905 void
in6_purgeaddr(struct ifaddr * ifa)906 in6_purgeaddr(struct ifaddr *ifa)
907 {
908 struct ifnet *ifp = ifa->ifa_ifp;
909 struct in6_ifaddr *ia6 = ifatoia6(ifa);
910 struct in6_multi_mship *imm;
911
912 /* stop DAD processing */
913 nd6_dad_stop(ifa);
914
915 /*
916 * delete route to the destination of the address being purged.
917 * The interface must be p2p or loopback in this case.
918 */
919 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) &&
920 ia6->ia_dstaddr.sin6_len != 0) {
921 int e;
922
923 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
924 ifp->if_rdomain);
925 if (e != 0) {
926 char addr[INET6_ADDRSTRLEN];
927 log(LOG_ERR, "in6_purgeaddr: failed to remove "
928 "a route to the p2p destination: %s on %s, "
929 "errno=%d\n",
930 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
931 addr, sizeof(addr)),
932 ifp->if_xname, e);
933 /* proceed anyway... */
934 } else
935 ia6->ia_flags &= ~IFA_ROUTE;
936 }
937
938 /* Remove ownaddr's loopback rtentry, if it exists. */
939 rt_ifa_dellocal(&(ia6->ia_ifa));
940
941 /*
942 * leave from multicast groups we have joined for the interface
943 */
944 while (!LIST_EMPTY(&ia6->ia6_memberships)) {
945 imm = LIST_FIRST(&ia6->ia6_memberships);
946 LIST_REMOVE(imm, i6mm_chain);
947 in6_leavegroup(imm);
948 }
949
950 in6_unlink_ifa(ia6, ifp);
951 }
952
953 void
in6_unlink_ifa(struct in6_ifaddr * ia6,struct ifnet * ifp)954 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
955 {
956 struct ifaddr *ifa = &ia6->ia_ifa;
957 int plen;
958
959 NET_ASSERT_LOCKED();
960
961 /* Release the reference to the base prefix. */
962 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
963 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) {
964 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED,
965 ifa->ifa_addr, ifp->if_rdomain);
966 }
967
968 rt_ifa_purge(ifa);
969 ifa_del(ifp, ifa);
970
971 ia6->ia_ifp = NULL;
972 ifafree(ifa);
973 }
974
975 /*
976 * Initialize an interface's inet6 address
977 * and routing table entry.
978 */
979 int
in6_ifinit(struct ifnet * ifp,struct in6_ifaddr * ia6,int newhost)980 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost)
981 {
982 int error = 0, plen, ifacount = 0;
983 struct ifaddr *ifa;
984
985 NET_ASSERT_LOCKED();
986
987 /*
988 * Give the interface a chance to initialize
989 * if this is its first address (or it is a CARP interface)
990 * and to validate the address if necessary.
991 */
992 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
993 if (ifa->ifa_addr->sa_family != AF_INET6)
994 continue;
995 ifacount++;
996 }
997
998 if ((ifacount <= 1 || ifp->if_type == IFT_CARP ||
999 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) &&
1000 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) {
1001 return (error);
1002 }
1003
1004 ia6->ia_ifa.ifa_metric = ifp->if_metric;
1005
1006 /* we could do in(6)_socktrim here, but just omit it at this moment. */
1007
1008 /*
1009 * Special case:
1010 * If the destination address is specified for a point-to-point
1011 * interface, install a route to the destination as an interface
1012 * direct route.
1013 */
1014 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */
1015 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 &&
1016 ia6->ia_dstaddr.sin6_family == AF_INET6) {
1017 ifa = &ia6->ia_ifa;
1018 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH,
1019 ifa->ifa_dstaddr, ifp->if_rdomain);
1020 if (error != 0)
1021 return (error);
1022 ia6->ia_flags |= IFA_ROUTE;
1023 }
1024
1025 if (newhost)
1026 error = rt_ifa_addlocal(&(ia6->ia_ifa));
1027
1028 return (error);
1029 }
1030
1031 /*
1032 * Add an address to the list of IP6 multicast addresses for a
1033 * given interface.
1034 */
1035 struct in6_multi *
in6_addmulti(struct in6_addr * maddr6,struct ifnet * ifp,int * errorp)1036 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp)
1037 {
1038 struct in6_ifreq ifr;
1039 struct in6_multi *in6m;
1040
1041 NET_ASSERT_LOCKED();
1042
1043 *errorp = 0;
1044 /*
1045 * See if address already in list.
1046 */
1047 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1048 if (in6m != NULL) {
1049 /*
1050 * Found it; just increment the reference count.
1051 */
1052 refcnt_take(&in6m->in6m_refcnt);
1053 } else {
1054 /*
1055 * New address; allocate a new multicast record
1056 * and link it into the interface's multicast list.
1057 */
1058 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO);
1059 if (in6m == NULL) {
1060 *errorp = ENOBUFS;
1061 return (NULL);
1062 }
1063
1064 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6);
1065 in6m->in6m_sin.sin6_family = AF_INET6;
1066 in6m->in6m_sin.sin6_addr = *maddr6;
1067 refcnt_init_trace(&in6m->in6m_refcnt, DT_REFCNT_IDX_IFMADDR);
1068 in6m->in6m_ifidx = ifp->if_index;
1069 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin);
1070
1071 /*
1072 * Ask the network driver to update its multicast reception
1073 * filter appropriately for the new address.
1074 */
1075 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin));
1076 KERNEL_LOCK();
1077 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
1078 KERNEL_UNLOCK();
1079 if (*errorp) {
1080 free(in6m, M_IPMADDR, sizeof(*in6m));
1081 return (NULL);
1082 }
1083
1084 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma,
1085 ifma_list);
1086
1087 /*
1088 * Let MLD6 know that we have joined a new IP6 multicast
1089 * group.
1090 */
1091 mld6_start_listening(in6m);
1092 }
1093
1094 return (in6m);
1095 }
1096
1097 /*
1098 * Delete a multicast address record.
1099 */
1100 void
in6_delmulti(struct in6_multi * in6m)1101 in6_delmulti(struct in6_multi *in6m)
1102 {
1103 struct in6_ifreq ifr;
1104 struct ifnet *ifp;
1105
1106 NET_ASSERT_LOCKED();
1107
1108 if (refcnt_rele(&in6m->in6m_refcnt) != 0) {
1109 /*
1110 * No remaining claims to this record; let MLD6 know
1111 * that we are leaving the multicast group.
1112 */
1113 mld6_stop_listening(in6m);
1114 ifp = if_get(in6m->in6m_ifidx);
1115
1116 /*
1117 * Notify the network driver to update its multicast
1118 * reception filter.
1119 */
1120 if (ifp != NULL) {
1121 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6));
1122 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6);
1123 ifr.ifr_addr.sin6_family = AF_INET6;
1124 ifr.ifr_addr.sin6_addr = in6m->in6m_addr;
1125 KERNEL_LOCK();
1126 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr);
1127 KERNEL_UNLOCK();
1128
1129 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma,
1130 ifma_list);
1131 }
1132 if_put(ifp);
1133
1134 free(in6m, M_IPMADDR, sizeof(*in6m));
1135 }
1136 }
1137
1138 /*
1139 * Return 1 if the multicast group represented by ``maddr6'' has been
1140 * joined by interface ``ifp'', 0 otherwise.
1141 */
1142 int
in6_hasmulti(struct in6_addr * maddr6,struct ifnet * ifp)1143 in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp)
1144 {
1145 struct in6_multi *in6m;
1146 int joined;
1147
1148 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1149 joined = (in6m != NULL);
1150
1151 return (joined);
1152 }
1153
1154 struct in6_multi_mship *
in6_joingroup(struct ifnet * ifp,struct in6_addr * addr,int * errorp)1155 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp)
1156 {
1157 struct in6_multi_mship *imm;
1158
1159 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT);
1160 if (!imm) {
1161 *errorp = ENOBUFS;
1162 return NULL;
1163 }
1164 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp);
1165 if (!imm->i6mm_maddr) {
1166 /* *errorp is already set */
1167 free(imm, M_IPMADDR, sizeof(*imm));
1168 return NULL;
1169 }
1170 return imm;
1171 }
1172
1173 void
in6_leavegroup(struct in6_multi_mship * imm)1174 in6_leavegroup(struct in6_multi_mship *imm)
1175 {
1176
1177 if (imm->i6mm_maddr)
1178 in6_delmulti(imm->i6mm_maddr);
1179 free(imm, M_IPMADDR, sizeof(*imm));
1180 }
1181
1182 /*
1183 * Find an IPv6 interface link-local address specific to an interface.
1184 */
1185 struct in6_ifaddr *
in6ifa_ifpforlinklocal(struct ifnet * ifp,int ignoreflags)1186 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1187 {
1188 struct ifaddr *ifa;
1189
1190 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1191 if (ifa->ifa_addr->sa_family != AF_INET6)
1192 continue;
1193 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1194 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0)
1195 continue;
1196 break;
1197 }
1198 }
1199
1200 return (ifatoia6(ifa));
1201 }
1202
1203
1204 /*
1205 * find the internet address corresponding to a given interface and address.
1206 */
1207 struct in6_ifaddr *
in6ifa_ifpwithaddr(struct ifnet * ifp,struct in6_addr * addr)1208 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
1209 {
1210 struct ifaddr *ifa;
1211
1212 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1213 if (ifa->ifa_addr->sa_family != AF_INET6)
1214 continue;
1215 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
1216 break;
1217 }
1218
1219 return (ifatoia6(ifa));
1220 }
1221
1222 /*
1223 * Get a scope of the address. Node-local, link-local, site-local or global.
1224 */
1225 int
in6_addrscope(struct in6_addr * addr)1226 in6_addrscope(struct in6_addr *addr)
1227 {
1228 int scope;
1229
1230 if (addr->s6_addr8[0] == 0xfe) {
1231 scope = addr->s6_addr8[1] & 0xc0;
1232
1233 switch (scope) {
1234 case 0x80:
1235 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1236 break;
1237 case 0xc0:
1238 return __IPV6_ADDR_SCOPE_SITELOCAL;
1239 break;
1240 default:
1241 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */
1242 break;
1243 }
1244 }
1245
1246
1247 if (addr->s6_addr8[0] == 0xff) {
1248 scope = addr->s6_addr8[1] & 0x0f;
1249
1250 /*
1251 * due to other scope such as reserved,
1252 * return scope doesn't work.
1253 */
1254 switch (scope) {
1255 case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1256 return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1257 break;
1258 case __IPV6_ADDR_SCOPE_LINKLOCAL:
1259 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1260 break;
1261 case __IPV6_ADDR_SCOPE_SITELOCAL:
1262 return __IPV6_ADDR_SCOPE_SITELOCAL;
1263 break;
1264 default:
1265 return __IPV6_ADDR_SCOPE_GLOBAL;
1266 break;
1267 }
1268 }
1269
1270 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) {
1271 if (addr->s6_addr8[15] == 1) /* loopback */
1272 return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1273 if (addr->s6_addr8[15] == 0) /* unspecified */
1274 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1275 }
1276
1277 return __IPV6_ADDR_SCOPE_GLOBAL;
1278 }
1279
1280 int
in6_addr2scopeid(unsigned int ifidx,struct in6_addr * addr)1281 in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr)
1282 {
1283 int scope = in6_addrscope(addr);
1284
1285 switch(scope) {
1286 case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1287 case __IPV6_ADDR_SCOPE_LINKLOCAL:
1288 /* XXX: we do not distinguish between a link and an I/F. */
1289 return (ifidx);
1290
1291 case __IPV6_ADDR_SCOPE_SITELOCAL:
1292 return (0); /* XXX: invalid. */
1293
1294 default:
1295 return (0); /* XXX: treat as global. */
1296 }
1297 }
1298
1299 /*
1300 * return length of part which dst and src are equal
1301 * hard coding...
1302 */
1303 int
in6_matchlen(struct in6_addr * src,struct in6_addr * dst)1304 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
1305 {
1306 int match = 0;
1307 u_char *s = (u_char *)src, *d = (u_char *)dst;
1308 u_char *lim = s + 16, r;
1309
1310 while (s < lim)
1311 if ((r = (*d++ ^ *s++)) != 0) {
1312 while (r < 128) {
1313 match++;
1314 r <<= 1;
1315 }
1316 break;
1317 } else
1318 match += 8;
1319 return match;
1320 }
1321
1322 void
in6_prefixlen2mask(struct in6_addr * maskp,int len)1323 in6_prefixlen2mask(struct in6_addr *maskp, int len)
1324 {
1325 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
1326 int bytelen, bitlen, i;
1327
1328 /* sanity check */
1329 if (0 > len || len > 128) {
1330 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
1331 len);
1332 return;
1333 }
1334
1335 bzero(maskp, sizeof(*maskp));
1336 bytelen = len / 8;
1337 bitlen = len % 8;
1338 for (i = 0; i < bytelen; i++)
1339 maskp->s6_addr[i] = 0xff;
1340 /* len == 128 is ok because bitlen == 0 then */
1341 if (bitlen)
1342 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
1343 }
1344
1345 /*
1346 * return the best address out of the same scope
1347 */
1348 struct in6_ifaddr *
in6_ifawithscope(struct ifnet * oifp,struct in6_addr * dst,u_int rdomain,struct rtentry * rt)1349 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain,
1350 struct rtentry *rt)
1351 {
1352 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
1353 int blen = -1;
1354 struct ifaddr *ifa;
1355 struct ifnet *ifp;
1356 struct in6_ifaddr *ia6_best = NULL;
1357 struct in6_addr *gw6 = NULL;
1358
1359 if (rt) {
1360 if (rt->rt_gateway != NULL &&
1361 rt->rt_gateway->sa_family == AF_INET6)
1362 gw6 = &(satosin6(rt->rt_gateway)->sin6_addr);
1363 }
1364
1365 if (oifp == NULL) {
1366 printf("%s: output interface is not specified\n", __func__);
1367 return (NULL);
1368 }
1369
1370 /* We search for all addresses on all interfaces from the beginning. */
1371 TAILQ_FOREACH(ifp, &ifnetlist, if_list) {
1372 if (ifp->if_rdomain != rdomain)
1373 continue;
1374 #if NCARP > 0
1375 /*
1376 * Never use a carp address of an interface which is not
1377 * the master.
1378 */
1379 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp))
1380 continue;
1381 #endif
1382
1383 /*
1384 * We can never take an address that breaks the scope zone
1385 * of the destination.
1386 */
1387 if (in6_addr2scopeid(ifp->if_index, dst) !=
1388 in6_addr2scopeid(oifp->if_index, dst))
1389 continue;
1390
1391 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1392 int tlen = -1;
1393
1394 if (ifa->ifa_addr->sa_family != AF_INET6)
1395 continue;
1396
1397 src_scope = in6_addrscope(IFA_IN6(ifa));
1398
1399 /*
1400 * Don't use an address before completing DAD
1401 * nor a duplicated address.
1402 */
1403 if (ifatoia6(ifa)->ia6_flags &
1404 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
1405 continue;
1406
1407 /*
1408 * RFC 6724 allows anycast addresses as source address
1409 * because the restriction was removed in RFC 4291.
1410 * However RFC 4443 states that ICMPv6 responses
1411 * MUST use a unicast source address.
1412 *
1413 * XXX Skip anycast addresses for now since
1414 * icmp6_reflect() uses this function for source
1415 * address selection.
1416 */
1417 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST)
1418 continue;
1419
1420 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED)
1421 continue;
1422
1423 /*
1424 * If this is the first address we find,
1425 * keep it anyway.
1426 */
1427 if (ia6_best == NULL)
1428 goto replace;
1429
1430 /*
1431 * ia6_best is never NULL beyond this line except
1432 * within the block labeled "replace".
1433 */
1434
1435 /*
1436 * Rule 2: Prefer appropriate scope.
1437 * Find the address with the smallest scope that is
1438 * bigger (or equal) to the scope of the destination
1439 * address.
1440 * Accept an address with smaller scope than the
1441 * destination if non exists with bigger scope.
1442 */
1443 if (best_scope < src_scope) {
1444 if (best_scope < dst_scope)
1445 goto replace;
1446 else
1447 continue;
1448 } else if (src_scope < best_scope) {
1449 if (src_scope < dst_scope)
1450 continue;
1451 else
1452 goto replace;
1453 }
1454
1455 /* Rule 3: Avoid deprecated addresses. */
1456 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1457 /*
1458 * Ignore any deprecated addresses if
1459 * specified by configuration.
1460 */
1461 if (!ip6_use_deprecated)
1462 continue;
1463
1464 /*
1465 * If we have already found a non-deprecated
1466 * candidate, just ignore deprecated addresses.
1467 */
1468 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)
1469 == 0)
1470 continue;
1471 } else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED))
1472 goto replace;
1473
1474 /*
1475 * Rule 4: Prefer home addresses.
1476 * We do not support home addresses.
1477 */
1478
1479 /* Rule 5: Prefer outgoing interface */
1480 if (ia6_best->ia_ifp == oifp && ifp != oifp)
1481 continue;
1482 if (ia6_best->ia_ifp != oifp && ifp == oifp)
1483 goto replace;
1484
1485 /*
1486 * Rule 5.5: Prefer addresses in a prefix advertised
1487 * by the next-hop.
1488 */
1489 if (gw6) {
1490 struct in6_addr *in6_bestgw, *in6_newgw;
1491
1492 in6_bestgw = &ia6_best->ia_gwaddr.sin6_addr;
1493 in6_newgw = &ifatoia6(ifa)->ia_gwaddr.sin6_addr;
1494 if (!IN6_ARE_ADDR_EQUAL(in6_bestgw, gw6) &&
1495 IN6_ARE_ADDR_EQUAL(in6_newgw, gw6))
1496 goto replace;
1497 }
1498
1499 /*
1500 * Rule 6: Prefer matching label.
1501 * We do not implement policy tables.
1502 */
1503
1504 /* Rule 7: Prefer temporary addresses. */
1505 if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1506 !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1507 continue;
1508 if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1509 (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1510 goto replace;
1511
1512 /* Rule 8: Use longest matching prefix. */
1513 tlen = in6_matchlen(IFA_IN6(ifa), dst);
1514 if (tlen > blen) {
1515 #if NCARP > 0
1516 /*
1517 * Don't let carp interfaces win a tie against
1518 * the output interface based on matchlen.
1519 * We should only use a carp address if no
1520 * other interface has a usable address.
1521 * Otherwise, when communicating from a carp
1522 * master to a carp backup, the backup system
1523 * won't respond since the carp address is also
1524 * configured as a local address on the backup.
1525 * Note that carp interfaces in backup state
1526 * were already skipped above.
1527 */
1528 if (ifp->if_type == IFT_CARP &&
1529 oifp->if_type != IFT_CARP)
1530 continue;
1531 #endif
1532 goto replace;
1533 } else if (tlen < blen)
1534 continue;
1535
1536 /*
1537 * If the eight rules fail to choose a single address,
1538 * the tiebreaker is implementation-specific.
1539 */
1540
1541 /* Prefer address with highest pltime. */
1542 if (ia6_best->ia6_updatetime +
1543 ia6_best->ia6_lifetime.ia6t_pltime <
1544 ifatoia6(ifa)->ia6_updatetime +
1545 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1546 goto replace;
1547 else if (ia6_best->ia6_updatetime +
1548 ia6_best->ia6_lifetime.ia6t_pltime >
1549 ifatoia6(ifa)->ia6_updatetime +
1550 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1551 continue;
1552
1553 /* Prefer address with highest vltime. */
1554 if (ia6_best->ia6_updatetime +
1555 ia6_best->ia6_lifetime.ia6t_vltime <
1556 ifatoia6(ifa)->ia6_updatetime +
1557 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1558 goto replace;
1559 else if (ia6_best->ia6_updatetime +
1560 ia6_best->ia6_lifetime.ia6t_vltime >
1561 ifatoia6(ifa)->ia6_updatetime +
1562 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1563 continue;
1564
1565 continue;
1566 replace:
1567 ia6_best = ifatoia6(ifa);
1568 blen = tlen >= 0 ? tlen :
1569 in6_matchlen(IFA_IN6(ifa), dst);
1570 best_scope =
1571 in6_addrscope(&ia6_best->ia_addr.sin6_addr);
1572 }
1573 }
1574
1575 /* count statistics for future improvements */
1576 if (ia6_best == NULL)
1577 ip6stat_inc(ip6s_sources_none);
1578 else {
1579 if (oifp == ia6_best->ia_ifp)
1580 ip6stat_inc(ip6s_sources_sameif + best_scope);
1581 else
1582 ip6stat_inc(ip6s_sources_otherif + best_scope);
1583
1584 if (best_scope == dst_scope)
1585 ip6stat_inc(ip6s_sources_samescope + best_scope);
1586 else
1587 ip6stat_inc(ip6s_sources_otherscope + best_scope);
1588
1589 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0)
1590 ip6stat_inc(ip6s_sources_deprecated + best_scope);
1591 }
1592
1593 return (ia6_best);
1594 }
1595
1596 int
in6if_do_dad(struct ifnet * ifp)1597 in6if_do_dad(struct ifnet *ifp)
1598 {
1599 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
1600 return (0);
1601
1602 switch (ifp->if_type) {
1603 #if NCARP > 0
1604 case IFT_CARP:
1605 /*
1606 * XXX: DAD does not work currently on carp(4)
1607 * so disable it for now.
1608 */
1609 return (0);
1610 #endif
1611 default:
1612 /*
1613 * Our DAD routine requires the interface up and running.
1614 * However, some interfaces can be up before the RUNNING
1615 * status. Additionally, users may try to assign addresses
1616 * before the interface becomes up (or running).
1617 * We simply skip DAD in such a case as a work around.
1618 * XXX: we should rather mark "tentative" on such addresses,
1619 * and do DAD after the interface becomes ready.
1620 */
1621 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) !=
1622 (IFF_UP|IFF_RUNNING))
1623 return (0);
1624
1625 return (1);
1626 }
1627 }
1628