1 /* $OpenBSD: in6.c,v 1.262 2023/06/28 11:49:49 kn Exp $ */ 2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include "carp.h" 65 66 #include <sys/param.h> 67 #include <sys/ioctl.h> 68 #include <sys/errno.h> 69 #include <sys/malloc.h> 70 #include <sys/socket.h> 71 #include <sys/socketvar.h> 72 #include <sys/sockio.h> 73 #include <sys/mbuf.h> 74 #include <sys/systm.h> 75 #include <sys/time.h> 76 #include <sys/kernel.h> 77 #include <sys/syslog.h> 78 79 #include <net/if.h> 80 #include <net/if_dl.h> 81 #include <net/if_types.h> 82 #include <net/route.h> 83 84 #include <netinet/in.h> 85 #include <netinet/if_ether.h> 86 87 #include <netinet6/in6_var.h> 88 #include <netinet/ip6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet6/nd6.h> 91 #include <netinet6/mld6_var.h> 92 #ifdef MROUTING 93 #include <netinet6/ip6_mroute.h> 94 #endif 95 #include <netinet6/in6_ifattach.h> 96 #if NCARP > 0 97 #include <netinet/ip_carp.h> 98 #endif 99 100 /* 101 * Definitions of some constant IP6 addresses. 102 */ 103 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 104 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 105 const struct in6_addr in6addr_intfacelocal_allnodes = 106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT; 107 const struct in6_addr in6addr_linklocal_allnodes = 108 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 109 const struct in6_addr in6addr_linklocal_allrouters = 110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 111 112 const struct in6_addr in6mask0 = IN6MASK0; 113 const struct in6_addr in6mask32 = IN6MASK32; 114 const struct in6_addr in6mask64 = IN6MASK64; 115 const struct in6_addr in6mask96 = IN6MASK96; 116 const struct in6_addr in6mask128 = IN6MASK128; 117 118 int in6_ioctl(u_long, caddr_t, struct ifnet *, int); 119 int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *); 120 int in6_ioctl_get(u_long, caddr_t, struct ifnet *); 121 int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int); 122 int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int); 123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 125 126 const struct sockaddr_in6 sa6_any = { 127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 128 }; 129 130 int 131 in6_mask2len(struct in6_addr *mask, u_char *lim0) 132 { 133 int x = 0, y; 134 u_char *lim = lim0, *p; 135 136 /* ignore the scope_id part */ 137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 138 lim = (u_char *)mask + sizeof(*mask); 139 for (p = (u_char *)mask; p < lim; x++, p++) { 140 if (*p != 0xff) 141 break; 142 } 143 y = 0; 144 if (p < lim) { 145 for (y = 0; y < 8; y++) { 146 if ((*p & (0x80 >> y)) == 0) 147 break; 148 } 149 } 150 151 /* 152 * when the limit pointer is given, do a stricter check on the 153 * remaining bits. 154 */ 155 if (p < lim) { 156 if (y != 0 && (*p & (0x00ff >> y)) != 0) 157 return (-1); 158 for (p = p + 1; p < lim; p++) 159 if (*p != 0) 160 return (-1); 161 } 162 163 return x * 8 + y; 164 } 165 166 int 167 in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) 168 { 169 struct sockaddr *sa = mtod(nam, struct sockaddr *); 170 171 if (nam->m_len < offsetof(struct sockaddr, sa_data)) 172 return EINVAL; 173 if (sa->sa_family != AF_INET6) 174 return EAFNOSUPPORT; 175 if (sa->sa_len != nam->m_len) 176 return EINVAL; 177 if (sa->sa_len != sizeof(struct sockaddr_in6)) 178 return EINVAL; 179 *sin6 = satosin6(sa); 180 181 return 0; 182 } 183 184 int 185 in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6) 186 { 187 if (sa->sa_family != AF_INET6) 188 return EAFNOSUPPORT; 189 if (sa->sa_len != sizeof(struct sockaddr_in6)) 190 return EINVAL; 191 *sin6 = satosin6(sa); 192 193 return 0; 194 } 195 196 int 197 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) 198 { 199 int privileged; 200 201 privileged = 0; 202 if ((so->so_state & SS_PRIV) != 0) 203 privileged++; 204 205 switch (cmd) { 206 #ifdef MROUTING 207 case SIOCGETSGCNT_IN6: 208 case SIOCGETMIFCNT_IN6: 209 return mrt6_ioctl(so, cmd, data); 210 #endif /* MROUTING */ 211 default: 212 return in6_ioctl(cmd, data, ifp, privileged); 213 } 214 } 215 216 int 217 in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) 218 { 219 if (ifp == NULL) 220 return (ENXIO); 221 222 switch (cmd) { 223 case SIOCGIFINFO_IN6: 224 case SIOCGNBRINFO_IN6: 225 return (nd6_ioctl(cmd, data, ifp)); 226 case SIOCGIFDSTADDR_IN6: 227 case SIOCGIFNETMASK_IN6: 228 case SIOCGIFAFLAG_IN6: 229 case SIOCGIFALIFETIME_IN6: 230 return (in6_ioctl_get(cmd, data, ifp)); 231 case SIOCAIFADDR_IN6: 232 case SIOCDIFADDR_IN6: 233 if (!privileged) 234 return (EPERM); 235 return (in6_ioctl_change_ifaddr(cmd, data, ifp)); 236 case SIOCSIFADDR: 237 case SIOCSIFDSTADDR: 238 case SIOCSIFBRDADDR: 239 case SIOCSIFNETMASK: 240 /* 241 * Do not pass those ioctl to driver handler since they are not 242 * properly set up. Instead just error out. 243 */ 244 return (EINVAL); 245 default: 246 return (EOPNOTSUPP); 247 } 248 } 249 250 int 251 in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp) 252 { 253 struct in6_ifaddr *ia6 = NULL; 254 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 255 struct sockaddr *sa; 256 struct sockaddr_in6 *sa6 = NULL; 257 int error = 0, newifaddr = 0, plen; 258 259 /* 260 * Find address for this interface, if it exists. 261 * 262 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 263 * only, and used the first interface address as the target of other 264 * operations (without checking ifra_addr). This was because netinet 265 * code/API assumed at most 1 interface address per interface. 266 * Since IPv6 allows a node to assign multiple addresses 267 * on a single interface, we almost always look and check the 268 * presence of ifra_addr, and reject invalid ones here. 269 * It also decreases duplicated code among SIOC*_IN6 operations. 270 * 271 * We always require users to specify a valid IPv6 address for 272 * the corresponding operation. 273 */ 274 switch (cmd) { 275 case SIOCAIFADDR_IN6: 276 sa = sin6tosa(&ifra->ifra_addr); 277 break; 278 case SIOCDIFADDR_IN6: 279 sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr); 280 break; 281 default: 282 panic("%s: invalid ioctl %lu", __func__, cmd); 283 } 284 if (sa->sa_family == AF_INET6) { 285 error = in6_sa2sin6(sa, &sa6); 286 if (error) 287 return (error); 288 } 289 290 KERNEL_LOCK(); 291 NET_LOCK(); 292 293 if (sa6 != NULL) { 294 error = in6_check_embed_scope(sa6, ifp->if_index); 295 if (error) 296 goto err; 297 error = in6_clear_scope_id(sa6, ifp->if_index); 298 if (error) 299 goto err; 300 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 301 } 302 303 switch (cmd) { 304 case SIOCDIFADDR_IN6: 305 /* 306 * for IPv4, we look for existing in_ifaddr here to allow 307 * "ifconfig if0 delete" to remove the first IPv4 address on 308 * the interface. For IPv6, as the spec allows multiple 309 * interface address from the day one, we consider "remove the 310 * first one" semantics to be not preferable. 311 */ 312 if (ia6 == NULL) { 313 error = EADDRNOTAVAIL; 314 break; 315 } 316 in6_purgeaddr(&ia6->ia_ifa); 317 if_addrhooks_run(ifp); 318 break; 319 320 case SIOCAIFADDR_IN6: 321 if (ifra->ifra_addr.sin6_family != AF_INET6 || 322 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 323 error = EAFNOSUPPORT; 324 break; 325 } 326 327 /* reject read-only flags */ 328 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 329 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 330 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 331 error = EINVAL; 332 break; 333 } 334 335 if (ia6 == NULL) 336 newifaddr = 1; 337 338 /* 339 * Make the address tentative before joining multicast 340 * addresses, so that corresponding MLD responses would 341 * not have a tentative source address. 342 */ 343 if (newifaddr && in6if_do_dad(ifp)) 344 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 345 346 /* 347 * first, make or update the interface address structure, 348 * and link it to the list. try to enable inet6 if there 349 * is no link-local yet. 350 */ 351 error = in6_ifattach(ifp); 352 if (error) 353 break; 354 error = in6_update_ifa(ifp, ifra, ia6); 355 if (error) 356 break; 357 358 ia6 = NULL; 359 if (sa6 != NULL) 360 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 361 if (ia6 == NULL) { 362 /* 363 * this can happen when the user specify the 0 valid 364 * lifetime. 365 */ 366 break; 367 } 368 369 /* Perform DAD, if needed. */ 370 if (ia6->ia6_flags & IN6_IFF_TENTATIVE) 371 nd6_dad_start(&ia6->ia_ifa); 372 373 if (!newifaddr) { 374 if_addrhooks_run(ifp); 375 break; 376 } 377 378 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 379 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) { 380 if_addrhooks_run(ifp); 381 break; /* No need to install a connected route. */ 382 } 383 384 error = rt_ifa_add(&ia6->ia_ifa, 385 RTF_CLONING | RTF_CONNECTED | RTF_MPATH, 386 ia6->ia_ifa.ifa_addr, ifp->if_rdomain); 387 if (error) { 388 in6_purgeaddr(&ia6->ia_ifa); 389 break; 390 } 391 if_addrhooks_run(ifp); 392 break; 393 } 394 395 err: 396 NET_UNLOCK(); 397 KERNEL_UNLOCK(); 398 return (error); 399 } 400 401 int 402 in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp) 403 { 404 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 405 struct in6_ifaddr *ia6 = NULL; 406 struct sockaddr *sa; 407 struct sockaddr_in6 *sa6 = NULL; 408 int error = 0; 409 410 sa = sin6tosa(&ifr->ifr_addr); 411 if (sa->sa_family == AF_INET6) { 412 sa->sa_len = sizeof(struct sockaddr_in6); 413 error = in6_sa2sin6(sa, &sa6); 414 if (error) 415 return (error); 416 } 417 418 NET_LOCK_SHARED(); 419 420 if (sa6 != NULL) { 421 error = in6_check_embed_scope(sa6, ifp->if_index); 422 if (error) 423 goto err; 424 error = in6_clear_scope_id(sa6, ifp->if_index); 425 if (error) 426 goto err; 427 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 428 } 429 430 /* must think again about its semantics */ 431 if (ia6 == NULL) { 432 error = EADDRNOTAVAIL; 433 goto err; 434 } 435 436 switch (cmd) { 437 case SIOCGIFDSTADDR_IN6: 438 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 439 error = EINVAL; 440 break; 441 } 442 /* 443 * XXX: should we check if ifa_dstaddr is NULL and return 444 * an error? 445 */ 446 ifr->ifr_dstaddr = ia6->ia_dstaddr; 447 break; 448 449 case SIOCGIFNETMASK_IN6: 450 ifr->ifr_addr = ia6->ia_prefixmask; 451 break; 452 453 case SIOCGIFAFLAG_IN6: 454 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags; 455 break; 456 457 case SIOCGIFALIFETIME_IN6: 458 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime; 459 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 460 time_t expire, maxexpire; 461 struct in6_addrlifetime *retlt = 462 &ifr->ifr_ifru.ifru_lifetime; 463 464 /* 465 * XXX: adjust expiration time assuming time_t is 466 * signed. 467 */ 468 maxexpire = 469 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 470 if (ia6->ia6_lifetime.ia6t_vltime < 471 maxexpire - ia6->ia6_updatetime) { 472 expire = ia6->ia6_updatetime + 473 ia6->ia6_lifetime.ia6t_vltime; 474 if (expire != 0) { 475 expire -= getuptime(); 476 expire += gettime(); 477 } 478 retlt->ia6t_expire = expire; 479 } else 480 retlt->ia6t_expire = maxexpire; 481 } 482 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 483 time_t expire, maxexpire; 484 struct in6_addrlifetime *retlt = 485 &ifr->ifr_ifru.ifru_lifetime; 486 487 /* 488 * XXX: adjust expiration time assuming time_t is 489 * signed. 490 */ 491 maxexpire = 492 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 493 if (ia6->ia6_lifetime.ia6t_pltime < 494 maxexpire - ia6->ia6_updatetime) { 495 expire = ia6->ia6_updatetime + 496 ia6->ia6_lifetime.ia6t_pltime; 497 if (expire != 0) { 498 expire -= getuptime(); 499 expire += gettime(); 500 } 501 retlt->ia6t_preferred = expire; 502 } else 503 retlt->ia6t_preferred = maxexpire; 504 } 505 break; 506 507 default: 508 panic("%s: invalid ioctl %lu", __func__, cmd); 509 } 510 511 err: 512 NET_UNLOCK_SHARED(); 513 return (error); 514 } 515 516 int 517 in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx) 518 { 519 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 520 if (sa6->sin6_addr.s6_addr16[1] == 0) { 521 /* link ID is not embedded by the user */ 522 sa6->sin6_addr.s6_addr16[1] = htons(ifidx); 523 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx)) 524 return EINVAL; /* link ID contradicts */ 525 } 526 return 0; 527 } 528 529 int 530 in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx) 531 { 532 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 533 if (sa6->sin6_scope_id) { 534 if (sa6->sin6_scope_id != (u_int32_t)ifidx) 535 return EINVAL; 536 sa6->sin6_scope_id = 0; /* XXX: good way? */ 537 } 538 } 539 return 0; 540 } 541 542 /* 543 * Update parameters of an IPv6 interface address. 544 * If necessary, a new entry is created and linked into address chains. 545 * This function is separated from in6_control(). 546 */ 547 int 548 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 549 struct in6_ifaddr *ia6) 550 { 551 int error = 0, hostIsNew = 0, plen = -1; 552 struct sockaddr_in6 dst6; 553 struct in6_addrlifetime *lt; 554 struct in6_multi_mship *imm; 555 struct rtentry *rt; 556 char addr[INET6_ADDRSTRLEN]; 557 558 NET_ASSERT_LOCKED(); 559 560 /* Validate parameters */ 561 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 562 return (EINVAL); 563 564 /* 565 * The destination address for a p2p link must have a family 566 * of AF_UNSPEC or AF_INET6. 567 */ 568 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 569 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 570 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 571 return (EAFNOSUPPORT); 572 573 /* 574 * validate ifra_prefixmask. don't check sin6_family, netmask 575 * does not carry fields other than sin6_len. 576 */ 577 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 578 return (EINVAL); 579 /* 580 * Because the IPv6 address architecture is classless, we require 581 * users to specify a (non 0) prefix length (mask) for a new address. 582 * We also require the prefix (when specified) mask is valid, and thus 583 * reject a non-consecutive mask. 584 */ 585 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0) 586 return (EINVAL); 587 if (ifra->ifra_prefixmask.sin6_len != 0) { 588 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 589 (u_char *)&ifra->ifra_prefixmask + 590 ifra->ifra_prefixmask.sin6_len); 591 if (plen <= 0) 592 return (EINVAL); 593 } else { 594 /* 595 * In this case, ia6 must not be NULL. We just use its prefix 596 * length. 597 */ 598 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 599 } 600 /* 601 * If the destination address on a p2p interface is specified, 602 * and the address is a scoped one, validate/set the scope 603 * zone identifier. 604 */ 605 dst6 = ifra->ifra_dstaddr; 606 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 607 (dst6.sin6_family == AF_INET6)) { 608 error = in6_check_embed_scope(&dst6, ifp->if_index); 609 if (error) 610 return error; 611 } 612 /* 613 * The destination address can be specified only for a p2p or a 614 * loopback interface. If specified, the corresponding prefix length 615 * must be 128. 616 */ 617 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 618 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) 619 return (EINVAL); 620 if (plen != 128) 621 return (EINVAL); 622 } 623 /* lifetime consistency check */ 624 lt = &ifra->ifra_lifetime; 625 if (lt->ia6t_pltime > lt->ia6t_vltime) 626 return (EINVAL); 627 if (lt->ia6t_vltime == 0) { 628 /* 629 * the following log might be noisy, but this is a typical 630 * configuration mistake or a tool's bug. 631 */ 632 nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__, 633 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr, 634 addr, sizeof(addr)))); 635 636 if (ia6 == NULL) 637 return (0); /* there's nothing to do */ 638 } 639 640 /* 641 * If this is a new address, allocate a new ifaddr and link it 642 * into chains. 643 */ 644 if (ia6 == NULL) { 645 hostIsNew = 1; 646 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO); 647 refcnt_init_trace(&ia6->ia_ifa.ifa_refcnt, 648 DT_REFCNT_IDX_IFADDR); 649 LIST_INIT(&ia6->ia6_memberships); 650 /* Initialize the address and masks, and put time stamp */ 651 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr); 652 ia6->ia_addr.sin6_family = AF_INET6; 653 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); 654 ia6->ia6_updatetime = getuptime(); 655 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 656 /* 657 * XXX: some functions expect that ifa_dstaddr is not 658 * NULL for p2p interfaces. 659 */ 660 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr); 661 } else { 662 ia6->ia_ifa.ifa_dstaddr = NULL; 663 } 664 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask); 665 666 ia6->ia_ifp = ifp; 667 ia6->ia_addr = ifra->ifra_addr; 668 ifa_add(ifp, &ia6->ia_ifa); 669 } 670 671 /* set prefix mask */ 672 if (ifra->ifra_prefixmask.sin6_len) { 673 /* 674 * We prohibit changing the prefix length of an existing 675 * address, because 676 * + such an operation should be rare in IPv6, and 677 * + the operation would confuse prefix management. 678 */ 679 if (ia6->ia_prefixmask.sin6_len && 680 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) { 681 error = EINVAL; 682 goto unlink; 683 } 684 ia6->ia_prefixmask = ifra->ifra_prefixmask; 685 } 686 687 /* 688 * If a new destination address is specified, scrub the old one and 689 * install the new destination. Note that the interface must be 690 * p2p or loopback (see the check above.) 691 */ 692 if ((ifp->if_flags & IFF_POINTOPOINT) && dst6.sin6_family == AF_INET6 && 693 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { 694 struct ifaddr *ifa = &ia6->ia_ifa; 695 696 if ((ia6->ia_flags & IFA_ROUTE) != 0 && 697 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 698 ifp->if_rdomain) != 0) { 699 nd6log((LOG_ERR, "%s: failed to remove a route " 700 "to the old destination: %s\n", __func__, 701 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 702 addr, sizeof(addr)))); 703 /* proceed anyway... */ 704 } else 705 ia6->ia_flags &= ~IFA_ROUTE; 706 ia6->ia_dstaddr = dst6; 707 } 708 709 /* 710 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 711 * to see if the address is deprecated or invalidated, but initialize 712 * these members for applications. 713 */ 714 ia6->ia6_updatetime = getuptime(); 715 ia6->ia6_lifetime = ifra->ifra_lifetime; 716 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 717 ia6->ia6_lifetime.ia6t_expire = 718 getuptime() + ia6->ia6_lifetime.ia6t_vltime; 719 } else 720 ia6->ia6_lifetime.ia6t_expire = 0; 721 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 722 ia6->ia6_lifetime.ia6t_preferred = 723 getuptime() + ia6->ia6_lifetime.ia6t_pltime; 724 } else 725 ia6->ia6_lifetime.ia6t_preferred = 0; 726 727 /* reset the interface and routing table appropriately. */ 728 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0) 729 goto unlink; 730 731 /* re-run DAD */ 732 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 733 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 734 /* 735 * configure address flags. 736 */ 737 ia6->ia6_flags = ifra->ifra_flags; 738 739 nd6_expire_timer_update(ia6); 740 741 /* 742 * We are done if we have simply modified an existing address. 743 */ 744 if (!hostIsNew) 745 return (error); 746 747 /* 748 * Beyond this point, we should call in6_purgeaddr upon an error, 749 * not just go to unlink. 750 */ 751 752 /* join necessary multiast groups */ 753 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 754 struct sockaddr_in6 mltaddr, mltmask; 755 756 /* join solicited multicast addr for new host id */ 757 struct sockaddr_in6 llsol; 758 759 bzero(&llsol, sizeof(llsol)); 760 llsol.sin6_family = AF_INET6; 761 llsol.sin6_len = sizeof(llsol); 762 llsol.sin6_addr.s6_addr16[0] = htons(0xff02); 763 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 764 llsol.sin6_addr.s6_addr32[1] = 0; 765 llsol.sin6_addr.s6_addr32[2] = htonl(1); 766 llsol.sin6_addr.s6_addr32[3] = 767 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 768 llsol.sin6_addr.s6_addr8[12] = 0xff; 769 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error); 770 if (!imm) 771 goto cleanup; 772 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 773 774 bzero(&mltmask, sizeof(mltmask)); 775 mltmask.sin6_len = sizeof(struct sockaddr_in6); 776 mltmask.sin6_family = AF_INET6; 777 mltmask.sin6_addr = in6mask32; 778 779 /* 780 * join link-local all-nodes address 781 */ 782 bzero(&mltaddr, sizeof(mltaddr)); 783 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 784 mltaddr.sin6_family = AF_INET6; 785 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 786 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 787 mltaddr.sin6_scope_id = 0; 788 789 /* 790 * XXX: do we really need this automatic routes? 791 * We should probably reconsider this stuff. Most applications 792 * actually do not need the routes, since they usually specify 793 * the outgoing interface. 794 */ 795 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 796 if (rt) { 797 /* 32bit came from "mltmask" */ 798 if (memcmp(&mltaddr.sin6_addr, 799 &satosin6(rt_key(rt))->sin6_addr, 800 32 / 8)) { 801 rtfree(rt); 802 rt = NULL; 803 } 804 } 805 if (!rt) { 806 struct rt_addrinfo info; 807 808 bzero(&info, sizeof(info)); 809 info.rti_ifa = &ia6->ia_ifa; 810 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 811 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 812 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 813 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 814 info.rti_flags = RTF_MULTICAST; 815 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 816 ifp->if_rdomain); 817 if (error) 818 goto cleanup; 819 } else { 820 rtfree(rt); 821 } 822 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 823 if (!imm) 824 goto cleanup; 825 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 826 827 /* 828 * join interface-local all-nodes address. 829 * (ff01::1%ifN, and ff01::%ifN/32) 830 */ 831 bzero(&mltaddr, sizeof(mltaddr)); 832 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 833 mltaddr.sin6_family = AF_INET6; 834 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes; 835 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 836 mltaddr.sin6_scope_id = 0; 837 838 /* XXX: again, do we really need the route? */ 839 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 840 if (rt) { 841 /* 32bit came from "mltmask" */ 842 if (memcmp(&mltaddr.sin6_addr, 843 &satosin6(rt_key(rt))->sin6_addr, 844 32 / 8)) { 845 rtfree(rt); 846 rt = NULL; 847 } 848 } 849 if (!rt) { 850 struct rt_addrinfo info; 851 852 bzero(&info, sizeof(info)); 853 info.rti_ifa = &ia6->ia_ifa; 854 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 855 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 856 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 857 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 858 info.rti_flags = RTF_MULTICAST; 859 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 860 ifp->if_rdomain); 861 if (error) 862 goto cleanup; 863 } else { 864 rtfree(rt); 865 } 866 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 867 if (!imm) 868 goto cleanup; 869 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 870 } 871 872 return (error); 873 874 unlink: 875 /* 876 * XXX: if a change of an existing address failed, keep the entry 877 * anyway. 878 */ 879 if (hostIsNew) 880 in6_unlink_ifa(ia6, ifp); 881 return (error); 882 883 cleanup: 884 in6_purgeaddr(&ia6->ia_ifa); 885 return error; 886 } 887 888 void 889 in6_purgeaddr(struct ifaddr *ifa) 890 { 891 struct ifnet *ifp = ifa->ifa_ifp; 892 struct in6_ifaddr *ia6 = ifatoia6(ifa); 893 struct in6_multi_mship *imm; 894 895 /* stop DAD processing */ 896 nd6_dad_stop(ifa); 897 898 /* 899 * delete route to the destination of the address being purged. 900 * The interface must be p2p or loopback in this case. 901 */ 902 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) && 903 ia6->ia_dstaddr.sin6_len != 0) { 904 int e; 905 906 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 907 ifp->if_rdomain); 908 if (e != 0) { 909 char addr[INET6_ADDRSTRLEN]; 910 log(LOG_ERR, "in6_purgeaddr: failed to remove " 911 "a route to the p2p destination: %s on %s, " 912 "errno=%d\n", 913 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 914 addr, sizeof(addr)), 915 ifp->if_xname, e); 916 /* proceed anyway... */ 917 } else 918 ia6->ia_flags &= ~IFA_ROUTE; 919 } 920 921 /* Remove ownaddr's loopback rtentry, if it exists. */ 922 rt_ifa_dellocal(&(ia6->ia_ifa)); 923 924 /* 925 * leave from multicast groups we have joined for the interface 926 */ 927 while (!LIST_EMPTY(&ia6->ia6_memberships)) { 928 imm = LIST_FIRST(&ia6->ia6_memberships); 929 LIST_REMOVE(imm, i6mm_chain); 930 in6_leavegroup(imm); 931 } 932 933 in6_unlink_ifa(ia6, ifp); 934 } 935 936 void 937 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) 938 { 939 struct ifaddr *ifa = &ia6->ia_ifa; 940 int plen; 941 942 NET_ASSERT_LOCKED(); 943 944 /* Release the reference to the base prefix. */ 945 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 946 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) { 947 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED, 948 ifa->ifa_addr, ifp->if_rdomain); 949 } 950 951 rt_ifa_purge(ifa); 952 ifa_del(ifp, ifa); 953 954 ia6->ia_ifp = NULL; 955 ifafree(ifa); 956 } 957 958 /* 959 * Initialize an interface's inet6 address 960 * and routing table entry. 961 */ 962 int 963 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost) 964 { 965 int error = 0, plen, ifacount = 0; 966 struct ifaddr *ifa; 967 968 NET_ASSERT_LOCKED(); 969 970 /* 971 * Give the interface a chance to initialize 972 * if this is its first address (or it is a CARP interface) 973 * and to validate the address if necessary. 974 */ 975 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 976 if (ifa->ifa_addr->sa_family != AF_INET6) 977 continue; 978 ifacount++; 979 } 980 981 if ((ifacount <= 1 || ifp->if_type == IFT_CARP || 982 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) && 983 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) { 984 return (error); 985 } 986 987 ia6->ia_ifa.ifa_metric = ifp->if_metric; 988 989 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 990 991 /* 992 * Special case: 993 * If the destination address is specified for a point-to-point 994 * interface, install a route to the destination as an interface 995 * direct route. 996 */ 997 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */ 998 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 && 999 ia6->ia_dstaddr.sin6_family == AF_INET6) { 1000 ifa = &ia6->ia_ifa; 1001 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH, 1002 ifa->ifa_dstaddr, ifp->if_rdomain); 1003 if (error != 0) 1004 return (error); 1005 ia6->ia_flags |= IFA_ROUTE; 1006 } 1007 1008 if (newhost) 1009 error = rt_ifa_addlocal(&(ia6->ia_ifa)); 1010 1011 return (error); 1012 } 1013 1014 /* 1015 * Add an address to the list of IP6 multicast addresses for a 1016 * given interface. 1017 */ 1018 struct in6_multi * 1019 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1020 { 1021 struct in6_ifreq ifr; 1022 struct in6_multi *in6m; 1023 1024 NET_ASSERT_LOCKED(); 1025 1026 *errorp = 0; 1027 /* 1028 * See if address already in list. 1029 */ 1030 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1031 if (in6m != NULL) { 1032 /* 1033 * Found it; just increment the reference count. 1034 */ 1035 refcnt_take(&in6m->in6m_refcnt); 1036 } else { 1037 /* 1038 * New address; allocate a new multicast record 1039 * and link it into the interface's multicast list. 1040 */ 1041 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO); 1042 if (in6m == NULL) { 1043 *errorp = ENOBUFS; 1044 return (NULL); 1045 } 1046 1047 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6); 1048 in6m->in6m_sin.sin6_family = AF_INET6; 1049 in6m->in6m_sin.sin6_addr = *maddr6; 1050 refcnt_init_trace(&in6m->in6m_refcnt, DT_REFCNT_IDX_IFMADDR); 1051 in6m->in6m_ifidx = ifp->if_index; 1052 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin); 1053 1054 /* 1055 * Ask the network driver to update its multicast reception 1056 * filter appropriately for the new address. 1057 */ 1058 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin)); 1059 KERNEL_LOCK(); 1060 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr); 1061 KERNEL_UNLOCK(); 1062 if (*errorp) { 1063 free(in6m, M_IPMADDR, sizeof(*in6m)); 1064 return (NULL); 1065 } 1066 1067 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma, 1068 ifma_list); 1069 1070 /* 1071 * Let MLD6 know that we have joined a new IP6 multicast 1072 * group. 1073 */ 1074 mld6_start_listening(in6m); 1075 } 1076 1077 return (in6m); 1078 } 1079 1080 /* 1081 * Delete a multicast address record. 1082 */ 1083 void 1084 in6_delmulti(struct in6_multi *in6m) 1085 { 1086 struct in6_ifreq ifr; 1087 struct ifnet *ifp; 1088 1089 NET_ASSERT_LOCKED(); 1090 1091 if (refcnt_rele(&in6m->in6m_refcnt) != 0) { 1092 /* 1093 * No remaining claims to this record; let MLD6 know 1094 * that we are leaving the multicast group. 1095 */ 1096 mld6_stop_listening(in6m); 1097 ifp = if_get(in6m->in6m_ifidx); 1098 1099 /* 1100 * Notify the network driver to update its multicast 1101 * reception filter. 1102 */ 1103 if (ifp != NULL) { 1104 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6)); 1105 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6); 1106 ifr.ifr_addr.sin6_family = AF_INET6; 1107 ifr.ifr_addr.sin6_addr = in6m->in6m_addr; 1108 KERNEL_LOCK(); 1109 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); 1110 KERNEL_UNLOCK(); 1111 1112 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma, 1113 ifma_list); 1114 } 1115 if_put(ifp); 1116 1117 free(in6m, M_IPMADDR, sizeof(*in6m)); 1118 } 1119 } 1120 1121 /* 1122 * Return 1 if the multicast group represented by ``maddr6'' has been 1123 * joined by interface ``ifp'', 0 otherwise. 1124 */ 1125 int 1126 in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp) 1127 { 1128 struct in6_multi *in6m; 1129 int joined; 1130 1131 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1132 joined = (in6m != NULL); 1133 1134 return (joined); 1135 } 1136 1137 struct in6_multi_mship * 1138 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp) 1139 { 1140 struct in6_multi_mship *imm; 1141 1142 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT); 1143 if (!imm) { 1144 *errorp = ENOBUFS; 1145 return NULL; 1146 } 1147 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp); 1148 if (!imm->i6mm_maddr) { 1149 /* *errorp is already set */ 1150 free(imm, M_IPMADDR, sizeof(*imm)); 1151 return NULL; 1152 } 1153 return imm; 1154 } 1155 1156 void 1157 in6_leavegroup(struct in6_multi_mship *imm) 1158 { 1159 1160 if (imm->i6mm_maddr) 1161 in6_delmulti(imm->i6mm_maddr); 1162 free(imm, M_IPMADDR, sizeof(*imm)); 1163 } 1164 1165 /* 1166 * Find an IPv6 interface link-local address specific to an interface. 1167 */ 1168 struct in6_ifaddr * 1169 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1170 { 1171 struct ifaddr *ifa; 1172 1173 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1174 if (ifa->ifa_addr->sa_family != AF_INET6) 1175 continue; 1176 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1177 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0) 1178 continue; 1179 break; 1180 } 1181 } 1182 1183 return (ifatoia6(ifa)); 1184 } 1185 1186 1187 /* 1188 * find the internet address corresponding to a given interface and address. 1189 */ 1190 struct in6_ifaddr * 1191 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1192 { 1193 struct ifaddr *ifa; 1194 1195 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1196 if (ifa->ifa_addr->sa_family != AF_INET6) 1197 continue; 1198 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1199 break; 1200 } 1201 1202 return (ifatoia6(ifa)); 1203 } 1204 1205 /* 1206 * Get a scope of the address. Node-local, link-local, site-local or global. 1207 */ 1208 int 1209 in6_addrscope(struct in6_addr *addr) 1210 { 1211 int scope; 1212 1213 if (addr->s6_addr8[0] == 0xfe) { 1214 scope = addr->s6_addr8[1] & 0xc0; 1215 1216 switch (scope) { 1217 case 0x80: 1218 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1219 break; 1220 case 0xc0: 1221 return __IPV6_ADDR_SCOPE_SITELOCAL; 1222 break; 1223 default: 1224 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */ 1225 break; 1226 } 1227 } 1228 1229 1230 if (addr->s6_addr8[0] == 0xff) { 1231 scope = addr->s6_addr8[1] & 0x0f; 1232 1233 /* 1234 * due to other scope such as reserved, 1235 * return scope doesn't work. 1236 */ 1237 switch (scope) { 1238 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1239 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1240 break; 1241 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1242 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1243 break; 1244 case __IPV6_ADDR_SCOPE_SITELOCAL: 1245 return __IPV6_ADDR_SCOPE_SITELOCAL; 1246 break; 1247 default: 1248 return __IPV6_ADDR_SCOPE_GLOBAL; 1249 break; 1250 } 1251 } 1252 1253 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) { 1254 if (addr->s6_addr8[15] == 1) /* loopback */ 1255 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1256 if (addr->s6_addr8[15] == 0) /* unspecified */ 1257 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1258 } 1259 1260 return __IPV6_ADDR_SCOPE_GLOBAL; 1261 } 1262 1263 int 1264 in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr) 1265 { 1266 int scope = in6_addrscope(addr); 1267 1268 switch(scope) { 1269 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1270 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1271 /* XXX: we do not distinguish between a link and an I/F. */ 1272 return (ifidx); 1273 1274 case __IPV6_ADDR_SCOPE_SITELOCAL: 1275 return (0); /* XXX: invalid. */ 1276 1277 default: 1278 return (0); /* XXX: treat as global. */ 1279 } 1280 } 1281 1282 /* 1283 * return length of part which dst and src are equal 1284 * hard coding... 1285 */ 1286 int 1287 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1288 { 1289 int match = 0; 1290 u_char *s = (u_char *)src, *d = (u_char *)dst; 1291 u_char *lim = s + 16, r; 1292 1293 while (s < lim) 1294 if ((r = (*d++ ^ *s++)) != 0) { 1295 while (r < 128) { 1296 match++; 1297 r <<= 1; 1298 } 1299 break; 1300 } else 1301 match += 8; 1302 return match; 1303 } 1304 1305 void 1306 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1307 { 1308 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1309 int bytelen, bitlen, i; 1310 1311 /* sanity check */ 1312 if (0 > len || len > 128) { 1313 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1314 len); 1315 return; 1316 } 1317 1318 bzero(maskp, sizeof(*maskp)); 1319 bytelen = len / 8; 1320 bitlen = len % 8; 1321 for (i = 0; i < bytelen; i++) 1322 maskp->s6_addr[i] = 0xff; 1323 /* len == 128 is ok because bitlen == 0 then */ 1324 if (bitlen) 1325 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1326 } 1327 1328 /* 1329 * return the best address out of the same scope 1330 */ 1331 struct in6_ifaddr * 1332 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) 1333 { 1334 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1335 int blen = -1; 1336 struct ifaddr *ifa; 1337 struct ifnet *ifp; 1338 struct in6_ifaddr *ia6_best = NULL; 1339 1340 if (oifp == NULL) { 1341 printf("%s: output interface is not specified\n", __func__); 1342 return (NULL); 1343 } 1344 1345 /* We search for all addresses on all interfaces from the beginning. */ 1346 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 1347 if (ifp->if_rdomain != rdomain) 1348 continue; 1349 #if NCARP > 0 1350 /* 1351 * Never use a carp address of an interface which is not 1352 * the master. 1353 */ 1354 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp)) 1355 continue; 1356 #endif 1357 1358 /* 1359 * We can never take an address that breaks the scope zone 1360 * of the destination. 1361 */ 1362 if (in6_addr2scopeid(ifp->if_index, dst) != 1363 in6_addr2scopeid(oifp->if_index, dst)) 1364 continue; 1365 1366 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1367 int tlen = -1; 1368 1369 if (ifa->ifa_addr->sa_family != AF_INET6) 1370 continue; 1371 1372 src_scope = in6_addrscope(IFA_IN6(ifa)); 1373 1374 /* 1375 * Don't use an address before completing DAD 1376 * nor a duplicated address. 1377 */ 1378 if (ifatoia6(ifa)->ia6_flags & 1379 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 1380 continue; 1381 1382 /* 1383 * RFC 6724 allows anycast addresses as source address 1384 * because the restriction was removed in RFC 4291. 1385 * However RFC 4443 states that ICMPv6 responses 1386 * MUST use a unicast source address. 1387 * 1388 * XXX Skip anycast addresses for now since 1389 * icmp6_reflect() uses this function for source 1390 * address selection. 1391 */ 1392 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) 1393 continue; 1394 1395 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED) 1396 continue; 1397 1398 /* 1399 * If this is the first address we find, 1400 * keep it anyway. 1401 */ 1402 if (ia6_best == NULL) 1403 goto replace; 1404 1405 /* 1406 * ia6_best is never NULL beyond this line except 1407 * within the block labeled "replace". 1408 */ 1409 1410 /* 1411 * Rule 2: Prefer appropriate scope. 1412 * Find the address with the smallest scope that is 1413 * bigger (or equal) to the scope of the destination 1414 * address. 1415 * Accept an address with smaller scope than the 1416 * destination if non exists with bigger scope. 1417 */ 1418 if (best_scope < src_scope) { 1419 if (best_scope < dst_scope) 1420 goto replace; 1421 else 1422 continue; 1423 } else if (src_scope < best_scope) { 1424 if (src_scope < dst_scope) 1425 continue; 1426 else 1427 goto replace; 1428 } 1429 1430 /* Rule 3: Avoid deprecated addresses. */ 1431 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1432 /* 1433 * Ignore any deprecated addresses if 1434 * specified by configuration. 1435 */ 1436 if (!ip6_use_deprecated) 1437 continue; 1438 1439 /* 1440 * If we have already found a non-deprecated 1441 * candidate, just ignore deprecated addresses. 1442 */ 1443 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) 1444 == 0) 1445 continue; 1446 } else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)) 1447 goto replace; 1448 1449 /* 1450 * Rule 4: Prefer home addresses. 1451 * We do not support home addresses. 1452 */ 1453 1454 /* Rule 5: Prefer outgoing interface */ 1455 if (ia6_best->ia_ifp == oifp && ifp != oifp) 1456 continue; 1457 if (ia6_best->ia_ifp != oifp && ifp == oifp) 1458 goto replace; 1459 1460 /* 1461 * Rule 5.5: Prefer addresses in a prefix advertised 1462 * by the next-hop. 1463 * We do not track this information. 1464 */ 1465 1466 /* 1467 * Rule 6: Prefer matching label. 1468 * We do not implement policy tables. 1469 */ 1470 1471 /* Rule 7: Prefer temporary addresses. */ 1472 if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1473 !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1474 continue; 1475 if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1476 (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1477 goto replace; 1478 1479 /* Rule 8: Use longest matching prefix. */ 1480 tlen = in6_matchlen(IFA_IN6(ifa), dst); 1481 if (tlen > blen) { 1482 #if NCARP > 0 1483 /* 1484 * Don't let carp interfaces win a tie against 1485 * the output interface based on matchlen. 1486 * We should only use a carp address if no 1487 * other interface has a usable address. 1488 * Otherwise, when communicating from a carp 1489 * master to a carp backup, the backup system 1490 * won't respond since the carp address is also 1491 * configured as a local address on the backup. 1492 * Note that carp interfaces in backup state 1493 * were already skipped above. 1494 */ 1495 if (ifp->if_type == IFT_CARP && 1496 oifp->if_type != IFT_CARP) 1497 continue; 1498 #endif 1499 goto replace; 1500 } else if (tlen < blen) 1501 continue; 1502 1503 /* 1504 * If the eight rules fail to choose a single address, 1505 * the tiebreaker is implementation-specific. 1506 */ 1507 1508 /* Prefer address with highest pltime. */ 1509 if (ia6_best->ia6_updatetime + 1510 ia6_best->ia6_lifetime.ia6t_pltime < 1511 ifatoia6(ifa)->ia6_updatetime + 1512 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1513 goto replace; 1514 else if (ia6_best->ia6_updatetime + 1515 ia6_best->ia6_lifetime.ia6t_pltime > 1516 ifatoia6(ifa)->ia6_updatetime + 1517 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1518 continue; 1519 1520 /* Prefer address with highest vltime. */ 1521 if (ia6_best->ia6_updatetime + 1522 ia6_best->ia6_lifetime.ia6t_vltime < 1523 ifatoia6(ifa)->ia6_updatetime + 1524 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1525 goto replace; 1526 else if (ia6_best->ia6_updatetime + 1527 ia6_best->ia6_lifetime.ia6t_vltime > 1528 ifatoia6(ifa)->ia6_updatetime + 1529 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1530 continue; 1531 1532 continue; 1533 replace: 1534 ia6_best = ifatoia6(ifa); 1535 blen = tlen >= 0 ? tlen : 1536 in6_matchlen(IFA_IN6(ifa), dst); 1537 best_scope = 1538 in6_addrscope(&ia6_best->ia_addr.sin6_addr); 1539 } 1540 } 1541 1542 /* count statistics for future improvements */ 1543 if (ia6_best == NULL) 1544 ip6stat_inc(ip6s_sources_none); 1545 else { 1546 if (oifp == ia6_best->ia_ifp) 1547 ip6stat_inc(ip6s_sources_sameif + best_scope); 1548 else 1549 ip6stat_inc(ip6s_sources_otherif + best_scope); 1550 1551 if (best_scope == dst_scope) 1552 ip6stat_inc(ip6s_sources_samescope + best_scope); 1553 else 1554 ip6stat_inc(ip6s_sources_otherscope + best_scope); 1555 1556 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1557 ip6stat_inc(ip6s_sources_deprecated + best_scope); 1558 } 1559 1560 return (ia6_best); 1561 } 1562 1563 int 1564 in6if_do_dad(struct ifnet *ifp) 1565 { 1566 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 1567 return (0); 1568 1569 switch (ifp->if_type) { 1570 #if NCARP > 0 1571 case IFT_CARP: 1572 /* 1573 * XXX: DAD does not work currently on carp(4) 1574 * so disable it for now. 1575 */ 1576 return (0); 1577 #endif 1578 default: 1579 /* 1580 * Our DAD routine requires the interface up and running. 1581 * However, some interfaces can be up before the RUNNING 1582 * status. Additionally, users may try to assign addresses 1583 * before the interface becomes up (or running). 1584 * We simply skip DAD in such a case as a work around. 1585 * XXX: we should rather mark "tentative" on such addresses, 1586 * and do DAD after the interface becomes ready. 1587 */ 1588 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 1589 (IFF_UP|IFF_RUNNING)) 1590 return (0); 1591 1592 return (1); 1593 } 1594 } 1595