1 /* $FreeBSD: src/sys/netinet6/in6.c,v 1.7.2.9 2002/04/28 05:40:26 suz Exp $ */ 2 /* $DragonFly: src/sys/netinet6/in6.c,v 1.13 2005/02/01 16:09:37 hrs Exp $ */ 3 /* $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 1982, 1986, 1991, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. All advertising materials mentioning features or use of this software 47 * must display the following acknowledgement: 48 * This product includes software developed by the University of 49 * California, Berkeley and its contributors. 50 * 4. Neither the name of the University nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 64 * SUCH DAMAGE. 65 * 66 * @(#)in.c 8.2 (Berkeley) 11/15/93 67 */ 68 69 #include "opt_inet.h" 70 #include "opt_inet6.h" 71 72 #include <sys/param.h> 73 #include <sys/errno.h> 74 #include <sys/malloc.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sockio.h> 78 #include <sys/systm.h> 79 #include <sys/proc.h> 80 #include <sys/time.h> 81 #include <sys/kernel.h> 82 #include <sys/syslog.h> 83 84 #include <net/if.h> 85 #include <net/if_types.h> 86 #include <net/route.h> 87 #include <net/if_dl.h> 88 89 #include <netinet/in.h> 90 #include <netinet/in_var.h> 91 #include <netinet/if_ether.h> 92 #include <netinet/in_systm.h> 93 #include <netinet/ip.h> 94 #include <netinet/in_pcb.h> 95 96 #include <netinet/ip6.h> 97 #include <netinet6/ip6_var.h> 98 #include <netinet6/nd6.h> 99 #include <netinet6/mld6_var.h> 100 #include <netinet6/ip6_mroute.h> 101 #include <netinet6/in6_ifattach.h> 102 #include <netinet6/scope6_var.h> 103 #include <netinet6/in6_pcb.h> 104 105 #include <net/net_osdep.h> 106 107 MALLOC_DEFINE(M_IPMADDR, "in6_multi", "internet multicast address"); 108 109 /* 110 * Definitions of some costant IP6 addresses. 111 */ 112 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 113 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 114 const struct in6_addr in6addr_nodelocal_allnodes = 115 IN6ADDR_NODELOCAL_ALLNODES_INIT; 116 const struct in6_addr in6addr_linklocal_allnodes = 117 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 118 const struct in6_addr in6addr_linklocal_allrouters = 119 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 120 121 const struct in6_addr in6mask0 = IN6MASK0; 122 const struct in6_addr in6mask32 = IN6MASK32; 123 const struct in6_addr in6mask64 = IN6MASK64; 124 const struct in6_addr in6mask96 = IN6MASK96; 125 const struct in6_addr in6mask128 = IN6MASK128; 126 127 const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 128 0, 0, IN6ADDR_ANY_INIT, 0}; 129 130 static int in6_lifaddr_ioctl (struct socket *, u_long, caddr_t, 131 struct ifnet *, struct thread *); 132 static int in6_ifinit (struct ifnet *, struct in6_ifaddr *, 133 struct sockaddr_in6 *, int); 134 static void in6_unlink_ifa (struct in6_ifaddr *, struct ifnet *); 135 136 struct in6_multihead in6_multihead; /* XXX BSS initialization */ 137 138 int (*faithprefix_p)(struct in6_addr *); 139 140 /* 141 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 142 * This routine does actual work. 143 */ 144 static void 145 in6_ifloop_request(int cmd, struct ifaddr *ifa) 146 { 147 struct sockaddr_in6 all1_sa; 148 struct rtentry *nrt = NULL; 149 int e; 150 151 bzero(&all1_sa, sizeof(all1_sa)); 152 all1_sa.sin6_family = AF_INET6; 153 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 154 all1_sa.sin6_addr = in6mask128; 155 156 /* 157 * We specify the address itself as the gateway, and set the 158 * RTF_LLINFO flag, so that the corresponding host route would have 159 * the flag, and thus applications that assume traditional behavior 160 * would be happy. Note that we assume the caller of the function 161 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 162 * which changes the outgoing interface to the loopback interface. 163 */ 164 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 165 (struct sockaddr *)&all1_sa, 166 RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 167 if (e != 0) { 168 log(LOG_ERR, "in6_ifloop_request: " 169 "%s operation failed for %s (errno=%d)\n", 170 cmd == RTM_ADD ? "ADD" : "DELETE", 171 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 172 e); 173 } 174 175 /* 176 * Make sure rt_ifa be equal to IFA, the second argument of the 177 * function. 178 * We need this because when we refer to rt_ifa->ia6_flags in 179 * ip6_input, we assume that the rt_ifa points to the address instead 180 * of the loopback address. 181 */ 182 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) { 183 IFAFREE(nrt->rt_ifa); 184 IFAREF(ifa); 185 nrt->rt_ifa = ifa; 186 } 187 188 /* 189 * Report the addition/removal of the address to the routing socket. 190 * XXX: since we called rtinit for a p2p interface with a destination, 191 * we end up reporting twice in such a case. Should we rather 192 * omit the second report? 193 */ 194 if (nrt) { 195 rt_newaddrmsg(cmd, ifa, e, nrt); 196 if (cmd == RTM_DELETE) { 197 if (nrt->rt_refcnt <= 0) { 198 /* XXX: we should free the entry ourselves. */ 199 nrt->rt_refcnt++; 200 rtfree(nrt); 201 } 202 } else { 203 /* the cmd must be RTM_ADD here */ 204 nrt->rt_refcnt--; 205 } 206 } 207 } 208 209 /* 210 * Add ownaddr as loopback rtentry. We previously add the route only if 211 * necessary (ex. on a p2p link). However, since we now manage addresses 212 * separately from prefixes, we should always add the route. We can't 213 * rely on the cloning mechanism from the corresponding interface route 214 * any more. 215 */ 216 static void 217 in6_ifaddloop(struct ifaddr *ifa) 218 { 219 struct rtentry *rt; 220 221 /* If there is no loopback entry, allocate one. */ 222 rt = rtpurelookup(ifa->ifa_addr); 223 if (rt == NULL || !(rt->rt_flags & RTF_HOST) || 224 !(rt->rt_ifp->if_flags & IFF_LOOPBACK)) 225 in6_ifloop_request(RTM_ADD, ifa); 226 if (rt != NULL) 227 rt->rt_refcnt--; 228 } 229 230 /* 231 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 232 * if it exists. 233 */ 234 static void 235 in6_ifremloop(struct ifaddr *ifa) 236 { 237 struct in6_ifaddr *ia; 238 struct rtentry *rt; 239 int ia_count = 0; 240 241 /* 242 * Some of BSD variants do not remove cloned routes 243 * from an interface direct route, when removing the direct route 244 * (see comments in net/net_osdep.h). Even for variants that do remove 245 * cloned routes, they could fail to remove the cloned routes when 246 * we handle multple addresses that share a common prefix. 247 * So, we should remove the route corresponding to the deleted address 248 * regardless of the result of in6_is_ifloop_auto(). 249 */ 250 251 /* 252 * Delete the entry only if exact one ifa exists. More than one ifa 253 * can exist if we assign a same single address to multiple 254 * (probably p2p) interfaces. 255 * XXX: we should avoid such a configuration in IPv6... 256 */ 257 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 258 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) { 259 ia_count++; 260 if (ia_count > 1) 261 break; 262 } 263 } 264 265 if (ia_count == 1) { 266 /* 267 * Before deleting, check if a corresponding loopbacked host 268 * route surely exists. With this check, we can avoid to 269 * delete an interface direct route whose destination is same 270 * as the address being removed. This can happen when remofing 271 * a subnet-router anycast address on an interface attahced 272 * to a shared medium. 273 */ 274 rt = rtpurelookup(ifa->ifa_addr); 275 if (rt != NULL && (rt->rt_flags & RTF_HOST) && 276 (rt->rt_ifp->if_flags & IFF_LOOPBACK)) { 277 rt->rt_refcnt--; 278 in6_ifloop_request(RTM_DELETE, ifa); 279 } 280 } 281 } 282 283 int 284 in6_ifindex2scopeid(int idx) 285 { 286 struct ifnet *ifp; 287 struct ifaddr *ifa; 288 struct sockaddr_in6 *sin6; 289 290 if (idx < 0 || if_index < idx) 291 return -1; 292 ifp = ifindex2ifnet[idx]; 293 294 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 295 { 296 if (ifa->ifa_addr->sa_family != AF_INET6) 297 continue; 298 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 299 if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) 300 return sin6->sin6_scope_id & 0xffff; 301 } 302 303 return -1; 304 } 305 306 int 307 in6_mask2len(struct in6_addr *mask, u_char *lim0) 308 { 309 int x = 0, y; 310 u_char *lim = lim0, *p; 311 312 if (lim0 == NULL || 313 lim0 - (u_char *)mask > sizeof(*mask)) /* ignore the scope_id part */ 314 lim = (u_char *)mask + sizeof(*mask); 315 for (p = (u_char *)mask; p < lim; x++, p++) { 316 if (*p != 0xff) 317 break; 318 } 319 y = 0; 320 if (p < lim) { 321 for (y = 0; y < 8; y++) { 322 if ((*p & (0x80 >> y)) == 0) 323 break; 324 } 325 } 326 327 /* 328 * when the limit pointer is given, do a stricter check on the 329 * remaining bits. 330 */ 331 if (p < lim) { 332 if (y != 0 && (*p & (0x00ff >> y)) != 0) 333 return(-1); 334 for (p = p + 1; p < lim; p++) 335 if (*p != 0) 336 return(-1); 337 } 338 339 return x * 8 + y; 340 } 341 342 void 343 in6_len2mask(struct in6_addr *mask, int len) 344 { 345 int i; 346 347 bzero(mask, sizeof(*mask)); 348 for (i = 0; i < len / 8; i++) 349 mask->s6_addr8[i] = 0xff; 350 if (len % 8) 351 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff; 352 } 353 354 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 355 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 356 357 int 358 in6_control(struct socket *so, u_long cmd, caddr_t data, 359 struct ifnet *ifp, struct thread *td) 360 { 361 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 362 struct in6_ifaddr *ia = NULL; 363 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 364 int privileged; 365 366 privileged = 0; 367 if (suser(td) == 0) 368 privileged++; 369 370 switch (cmd) { 371 case SIOCGETSGCNT_IN6: 372 case SIOCGETMIFCNT_IN6: 373 return (mrt6_ioctl(cmd, data)); 374 } 375 376 if (ifp == NULL) 377 return(EOPNOTSUPP); 378 379 switch (cmd) { 380 case SIOCSNDFLUSH_IN6: 381 case SIOCSPFXFLUSH_IN6: 382 case SIOCSRTRFLUSH_IN6: 383 case SIOCSDEFIFACE_IN6: 384 case SIOCSIFINFO_FLAGS: 385 if (!privileged) 386 return(EPERM); 387 /* fall through */ 388 case OSIOCGIFINFO_IN6: 389 case SIOCGIFINFO_IN6: 390 case SIOCGDRLST_IN6: 391 case SIOCGPRLST_IN6: 392 case SIOCGNBRINFO_IN6: 393 case SIOCGDEFIFACE_IN6: 394 return(nd6_ioctl(cmd, data, ifp)); 395 } 396 397 switch (cmd) { 398 case SIOCSIFPREFIX_IN6: 399 case SIOCDIFPREFIX_IN6: 400 case SIOCAIFPREFIX_IN6: 401 case SIOCCIFPREFIX_IN6: 402 case SIOCSGIFPREFIX_IN6: 403 case SIOCGIFPREFIX_IN6: 404 log(LOG_NOTICE, 405 "prefix ioctls are now invalidated. " 406 "please use ifconfig.\n"); 407 return(EOPNOTSUPP); 408 } 409 410 switch (cmd) { 411 case SIOCSSCOPE6: 412 if (!privileged) 413 return(EPERM); 414 return(scope6_set(ifp, 415 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 416 break; 417 case SIOCGSCOPE6: 418 return(scope6_get(ifp, 419 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 420 break; 421 case SIOCGSCOPE6DEF: 422 return(scope6_get_default((struct scope6_id *) 423 ifr->ifr_ifru.ifru_scope_id)); 424 break; 425 } 426 427 switch (cmd) { 428 case SIOCALIFADDR: 429 case SIOCDLIFADDR: 430 if (!privileged) 431 return(EPERM); 432 /* fall through */ 433 case SIOCGLIFADDR: 434 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 435 } 436 437 /* 438 * Find address for this interface, if it exists. 439 */ 440 if (ifra->ifra_addr.sin6_family == AF_INET6) { /* XXX */ 441 struct sockaddr_in6 *sa6 = 442 (struct sockaddr_in6 *)&ifra->ifra_addr; 443 444 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 445 if (sa6->sin6_addr.s6_addr16[1] == 0) { 446 /* link ID is not embedded by the user */ 447 sa6->sin6_addr.s6_addr16[1] = 448 htons(ifp->if_index); 449 } else if (sa6->sin6_addr.s6_addr16[1] != 450 htons(ifp->if_index)) { 451 return(EINVAL); /* link ID contradicts */ 452 } 453 if (sa6->sin6_scope_id) { 454 if (sa6->sin6_scope_id != 455 (u_int32_t)ifp->if_index) 456 return(EINVAL); 457 sa6->sin6_scope_id = 0; /* XXX: good way? */ 458 } 459 } 460 ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr); 461 } 462 463 switch (cmd) { 464 case SIOCSIFADDR_IN6: 465 case SIOCSIFDSTADDR_IN6: 466 case SIOCSIFNETMASK_IN6: 467 /* 468 * Since IPv6 allows a node to assign multiple addresses 469 * on a single interface, SIOCSIFxxx ioctls are not suitable 470 * and should be unused. 471 */ 472 /* we decided to obsolete this command (20000704) */ 473 return(EINVAL); 474 475 case SIOCDIFADDR_IN6: 476 /* 477 * for IPv4, we look for existing in_ifaddr here to allow 478 * "ifconfig if0 delete" to remove first IPv4 address on the 479 * interface. For IPv6, as the spec allow multiple interface 480 * address from the day one, we consider "remove the first one" 481 * semantics to be not preferable. 482 */ 483 if (ia == NULL) 484 return(EADDRNOTAVAIL); 485 /* FALLTHROUGH */ 486 case SIOCAIFADDR_IN6: 487 /* 488 * We always require users to specify a valid IPv6 address for 489 * the corresponding operation. 490 */ 491 if (ifra->ifra_addr.sin6_family != AF_INET6 || 492 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 493 return(EAFNOSUPPORT); 494 if (!privileged) 495 return(EPERM); 496 497 break; 498 499 case SIOCGIFADDR_IN6: 500 /* This interface is basically deprecated. use SIOCGIFCONF. */ 501 /* fall through */ 502 case SIOCGIFAFLAG_IN6: 503 case SIOCGIFNETMASK_IN6: 504 case SIOCGIFDSTADDR_IN6: 505 case SIOCGIFALIFETIME_IN6: 506 /* must think again about its semantics */ 507 if (ia == NULL) 508 return(EADDRNOTAVAIL); 509 break; 510 case SIOCSIFALIFETIME_IN6: 511 { 512 struct in6_addrlifetime *lt; 513 514 if (!privileged) 515 return(EPERM); 516 if (ia == NULL) 517 return(EADDRNOTAVAIL); 518 /* sanity for overflow - beware unsigned */ 519 lt = &ifr->ifr_ifru.ifru_lifetime; 520 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME 521 && lt->ia6t_vltime + time_second < time_second) { 522 return EINVAL; 523 } 524 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME 525 && lt->ia6t_pltime + time_second < time_second) { 526 return EINVAL; 527 } 528 break; 529 } 530 } 531 532 switch (cmd) { 533 534 case SIOCGIFADDR_IN6: 535 ifr->ifr_addr = ia->ia_addr; 536 break; 537 538 case SIOCGIFDSTADDR_IN6: 539 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 540 return(EINVAL); 541 /* 542 * XXX: should we check if ifa_dstaddr is NULL and return 543 * an error? 544 */ 545 ifr->ifr_dstaddr = ia->ia_dstaddr; 546 break; 547 548 case SIOCGIFNETMASK_IN6: 549 ifr->ifr_addr = ia->ia_prefixmask; 550 break; 551 552 case SIOCGIFAFLAG_IN6: 553 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 554 break; 555 556 case SIOCGIFSTAT_IN6: 557 if (ifp == NULL) 558 return EINVAL; 559 bzero(&ifr->ifr_ifru.ifru_stat, 560 sizeof(ifr->ifr_ifru.ifru_stat)); 561 ifr->ifr_ifru.ifru_stat = 562 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 563 break; 564 565 case SIOCGIFSTAT_ICMP6: 566 bzero(&ifr->ifr_ifru.ifru_stat, 567 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 568 ifr->ifr_ifru.ifru_icmp6stat = 569 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 570 break; 571 572 case SIOCGIFALIFETIME_IN6: 573 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 574 break; 575 576 case SIOCSIFALIFETIME_IN6: 577 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 578 /* for sanity */ 579 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 580 ia->ia6_lifetime.ia6t_expire = 581 time_second + ia->ia6_lifetime.ia6t_vltime; 582 } else 583 ia->ia6_lifetime.ia6t_expire = 0; 584 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 585 ia->ia6_lifetime.ia6t_preferred = 586 time_second + ia->ia6_lifetime.ia6t_pltime; 587 } else 588 ia->ia6_lifetime.ia6t_preferred = 0; 589 break; 590 591 case SIOCAIFADDR_IN6: 592 { 593 int i, error = 0; 594 struct nd_prefix pr0, *pr; 595 596 /* 597 * first, make or update the interface address structure, 598 * and link it to the list. 599 */ 600 if ((error = in6_update_ifa(ifp, ifra, ia)) != 0) 601 return(error); 602 603 /* 604 * then, make the prefix on-link on the interface. 605 * XXX: we'd rather create the prefix before the address, but 606 * we need at least one address to install the corresponding 607 * interface route, so we configure the address first. 608 */ 609 610 /* 611 * convert mask to prefix length (prefixmask has already 612 * been validated in in6_update_ifa(). 613 */ 614 bzero(&pr0, sizeof(pr0)); 615 pr0.ndpr_ifp = ifp; 616 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 617 NULL); 618 if (pr0.ndpr_plen == 128) 619 break; /* we don't need to install a host route. */ 620 pr0.ndpr_prefix = ifra->ifra_addr; 621 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr; 622 /* apply the mask for safety. */ 623 for (i = 0; i < 4; i++) { 624 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 625 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 626 } 627 /* 628 * XXX: since we don't have an API to set prefix (not address) 629 * lifetimes, we just use the same lifetimes as addresses. 630 * The (temporarily) installed lifetimes can be overridden by 631 * later advertised RAs (when accept_rtadv is non 0), which is 632 * an intended behavior. 633 */ 634 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 635 pr0.ndpr_raf_auto = 636 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 637 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 638 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 639 640 /* add the prefix if there's one. */ 641 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 642 /* 643 * nd6_prelist_add will install the corresponding 644 * interface route. 645 */ 646 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 647 return(error); 648 if (pr == NULL) { 649 log(LOG_ERR, "nd6_prelist_add succedded but " 650 "no prefix\n"); 651 return(EINVAL); /* XXX panic here? */ 652 } 653 } 654 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 655 == NULL) { 656 /* XXX: this should not happen! */ 657 log(LOG_ERR, "in6_control: addition succeeded, but" 658 " no ifaddr\n"); 659 } else { 660 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && 661 ia->ia6_ndpr == NULL) { /* new autoconfed addr */ 662 ia->ia6_ndpr = pr; 663 pr->ndpr_refcnt++; 664 665 /* 666 * If this is the first autoconf address from 667 * the prefix, create a temporary address 668 * as well (when specified). 669 */ 670 if (ip6_use_tempaddr && 671 pr->ndpr_refcnt == 1) { 672 int e; 673 if ((e = in6_tmpifadd(ia, 1)) != 0) { 674 log(LOG_NOTICE, "in6_control: " 675 "failed to create a " 676 "temporary address, " 677 "errno=%d\n", 678 e); 679 } 680 } 681 } 682 683 /* 684 * this might affect the status of autoconfigured 685 * addresses, that is, this address might make 686 * other addresses detached. 687 */ 688 pfxlist_onlink_check(); 689 } 690 if (error == 0 && ia) 691 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 692 break; 693 } 694 695 case SIOCDIFADDR_IN6: 696 { 697 int i = 0; 698 struct nd_prefix pr0, *pr; 699 700 /* 701 * If the address being deleted is the only one that owns 702 * the corresponding prefix, expire the prefix as well. 703 * XXX: theoretically, we don't have to warry about such 704 * relationship, since we separate the address management 705 * and the prefix management. We do this, however, to provide 706 * as much backward compatibility as possible in terms of 707 * the ioctl operation. 708 */ 709 bzero(&pr0, sizeof(pr0)); 710 pr0.ndpr_ifp = ifp; 711 pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, 712 NULL); 713 if (pr0.ndpr_plen == 128) 714 goto purgeaddr; 715 pr0.ndpr_prefix = ia->ia_addr; 716 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr; 717 for (i = 0; i < 4; i++) { 718 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 719 ia->ia_prefixmask.sin6_addr.s6_addr32[i]; 720 } 721 /* 722 * The logic of the following condition is a bit complicated. 723 * We expire the prefix when 724 * 1. the address obeys autoconfiguration and it is the 725 * only owner of the associated prefix, or 726 * 2. the address does not obey autoconf and there is no 727 * other owner of the prefix. 728 */ 729 if ((pr = nd6_prefix_lookup(&pr0)) != NULL && 730 (((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 && 731 pr->ndpr_refcnt == 1) || 732 ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0 && 733 pr->ndpr_refcnt == 0))) { 734 pr->ndpr_expire = 1; /* XXX: just for expiration */ 735 } 736 737 purgeaddr: 738 in6_purgeaddr(&ia->ia_ifa); 739 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 740 break; 741 } 742 743 default: 744 if (ifp == NULL || ifp->if_ioctl == 0) 745 return(EOPNOTSUPP); 746 return((*ifp->if_ioctl)(ifp, cmd, data, td->td_proc->p_ucred)); 747 } 748 749 return(0); 750 } 751 752 /* 753 * Update parameters of an IPv6 interface address. 754 * If necessary, a new entry is created and linked into address chains. 755 * This function is separated from in6_control(). 756 * XXX: should this be performed under splnet()? 757 */ 758 int 759 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 760 struct in6_ifaddr *ia) 761 { 762 int error = 0, hostIsNew = 0, plen = -1; 763 struct in6_ifaddr *oia; 764 struct sockaddr_in6 dst6; 765 struct in6_addrlifetime *lt; 766 767 /* Validate parameters */ 768 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 769 return(EINVAL); 770 771 /* 772 * The destination address for a p2p link must have a family 773 * of AF_UNSPEC or AF_INET6. 774 */ 775 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 776 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 777 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 778 return(EAFNOSUPPORT); 779 /* 780 * validate ifra_prefixmask. don't check sin6_family, netmask 781 * does not carry fields other than sin6_len. 782 */ 783 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 784 return(EINVAL); 785 /* 786 * Because the IPv6 address architecture is classless, we require 787 * users to specify a (non 0) prefix length (mask) for a new address. 788 * We also require the prefix (when specified) mask is valid, and thus 789 * reject a non-consecutive mask. 790 */ 791 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 792 return(EINVAL); 793 if (ifra->ifra_prefixmask.sin6_len != 0) { 794 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 795 (u_char *)&ifra->ifra_prefixmask + 796 ifra->ifra_prefixmask.sin6_len); 797 if (plen <= 0) 798 return(EINVAL); 799 } 800 else { 801 /* 802 * In this case, ia must not be NULL. We just use its prefix 803 * length. 804 */ 805 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 806 } 807 /* 808 * If the destination address on a p2p interface is specified, 809 * and the address is a scoped one, validate/set the scope 810 * zone identifier. 811 */ 812 dst6 = ifra->ifra_dstaddr; 813 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) && 814 (dst6.sin6_family == AF_INET6)) { 815 int scopeid; 816 817 if ((error = in6_recoverscope(&dst6, 818 &ifra->ifra_dstaddr.sin6_addr, 819 ifp)) != 0) 820 return(error); 821 scopeid = in6_addr2scopeid(ifp, &dst6.sin6_addr); 822 if (dst6.sin6_scope_id == 0) /* user omit to specify the ID. */ 823 dst6.sin6_scope_id = scopeid; 824 else if (dst6.sin6_scope_id != scopeid) 825 return(EINVAL); /* scope ID mismatch. */ 826 if ((error = in6_embedscope(&dst6.sin6_addr, &dst6, NULL, NULL)) 827 != 0) 828 return(error); 829 dst6.sin6_scope_id = 0; /* XXX */ 830 } 831 /* 832 * The destination address can be specified only for a p2p or a 833 * loopback interface. If specified, the corresponding prefix length 834 * must be 128. 835 */ 836 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 837 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 838 /* XXX: noisy message */ 839 log(LOG_INFO, "in6_update_ifa: a destination can be " 840 "specified for a p2p or a loopback IF only\n"); 841 return(EINVAL); 842 } 843 if (plen != 128) { 844 /* 845 * The following message seems noisy, but we dare to 846 * add it for diagnosis. 847 */ 848 log(LOG_INFO, "in6_update_ifa: prefixlen must be 128 " 849 "when dstaddr is specified\n"); 850 return(EINVAL); 851 } 852 } 853 /* lifetime consistency check */ 854 lt = &ifra->ifra_lifetime; 855 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME 856 && lt->ia6t_vltime + time_second < time_second) { 857 return EINVAL; 858 } 859 if (lt->ia6t_vltime == 0) { 860 /* 861 * the following log might be noisy, but this is a typical 862 * configuration mistake or a tool's bug. 863 */ 864 log(LOG_INFO, 865 "in6_update_ifa: valid lifetime is 0 for %s\n", 866 ip6_sprintf(&ifra->ifra_addr.sin6_addr)); 867 } 868 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME 869 && lt->ia6t_pltime + time_second < time_second) { 870 return EINVAL; 871 } 872 873 /* 874 * If this is a new address, allocate a new ifaddr and link it 875 * into chains. 876 */ 877 if (ia == NULL) { 878 hostIsNew = 1; 879 /* 880 * When in6_update_ifa() is called in a process of a received 881 * RA, it is called under splnet(). So, we should call malloc 882 * with M_NOWAIT. 883 */ 884 ia = (struct in6_ifaddr *) 885 malloc(sizeof(*ia), M_IFADDR, M_NOWAIT); 886 if (ia == NULL) 887 return (ENOBUFS); 888 bzero((caddr_t)ia, sizeof(*ia)); 889 /* Initialize the address and masks */ 890 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 891 ia->ia_addr.sin6_family = AF_INET6; 892 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 893 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 894 /* 895 * XXX: some functions expect that ifa_dstaddr is not 896 * NULL for p2p interfaces. 897 */ 898 ia->ia_ifa.ifa_dstaddr 899 = (struct sockaddr *)&ia->ia_dstaddr; 900 } else { 901 ia->ia_ifa.ifa_dstaddr = NULL; 902 } 903 ia->ia_ifa.ifa_netmask 904 = (struct sockaddr *)&ia->ia_prefixmask; 905 906 ia->ia_ifp = ifp; 907 if ((oia = in6_ifaddr) != NULL) { 908 for ( ; oia->ia_next; oia = oia->ia_next) 909 continue; 910 oia->ia_next = ia; 911 } else 912 in6_ifaddr = ia; 913 914 TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa, 915 ifa_list); 916 } 917 918 /* set prefix mask */ 919 if (ifra->ifra_prefixmask.sin6_len) { 920 /* 921 * We prohibit changing the prefix length of an existing 922 * address, because 923 * + such an operation should be rare in IPv6, and 924 * + the operation would confuse prefix management. 925 */ 926 if (ia->ia_prefixmask.sin6_len && 927 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 928 log(LOG_INFO, "in6_update_ifa: the prefix length of an" 929 " existing (%s) address should not be changed\n", 930 ip6_sprintf(&ia->ia_addr.sin6_addr)); 931 error = EINVAL; 932 goto unlink; 933 } 934 ia->ia_prefixmask = ifra->ifra_prefixmask; 935 } 936 937 /* 938 * If a new destination address is specified, scrub the old one and 939 * install the new destination. Note that the interface must be 940 * p2p or loopback (see the check above.) 941 */ 942 if (dst6.sin6_family == AF_INET6 && 943 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, 944 &ia->ia_dstaddr.sin6_addr)) { 945 int e; 946 947 if ((ia->ia_flags & IFA_ROUTE) != 0 && 948 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 949 != 0) { 950 log(LOG_ERR, "in6_update_ifa: failed to remove " 951 "a route to the old destination: %s\n", 952 ip6_sprintf(&ia->ia_addr.sin6_addr)); 953 /* proceed anyway... */ 954 } 955 else 956 ia->ia_flags &= ~IFA_ROUTE; 957 ia->ia_dstaddr = dst6; 958 } 959 960 /* reset the interface and routing table appropriately. */ 961 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 962 goto unlink; 963 964 /* 965 * Beyond this point, we should call in6_purgeaddr upon an error, 966 * not just go to unlink. 967 */ 968 969 #if 0 /* disable this mechanism for now */ 970 /* update prefix list */ 971 if (hostIsNew && 972 (ifra->ifra_flags & IN6_IFF_NOPFX) == 0) { /* XXX */ 973 int iilen; 974 975 iilen = (sizeof(ia->ia_prefixmask.sin6_addr) << 3) - plen; 976 if ((error = in6_prefix_add_ifid(iilen, ia)) != 0) { 977 in6_purgeaddr((struct ifaddr *)ia); 978 return(error); 979 } 980 } 981 #endif 982 983 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 984 struct sockaddr_in6 mltaddr, mltmask; 985 struct in6_multi *in6m; 986 987 if (hostIsNew) { 988 /* 989 * join solicited multicast addr for new host id 990 */ 991 struct in6_addr llsol; 992 bzero(&llsol, sizeof(struct in6_addr)); 993 llsol.s6_addr16[0] = htons(0xff02); 994 llsol.s6_addr16[1] = htons(ifp->if_index); 995 llsol.s6_addr32[1] = 0; 996 llsol.s6_addr32[2] = htonl(1); 997 llsol.s6_addr32[3] = 998 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 999 llsol.s6_addr8[12] = 0xff; 1000 (void)in6_addmulti(&llsol, ifp, &error); 1001 if (error != 0) { 1002 log(LOG_WARNING, 1003 "in6_update_ifa: addmulti failed for " 1004 "%s on %s (errno=%d)\n", 1005 ip6_sprintf(&llsol), if_name(ifp), 1006 error); 1007 in6_purgeaddr((struct ifaddr *)ia); 1008 return(error); 1009 } 1010 } 1011 1012 bzero(&mltmask, sizeof(mltmask)); 1013 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1014 mltmask.sin6_family = AF_INET6; 1015 mltmask.sin6_addr = in6mask32; 1016 1017 /* 1018 * join link-local all-nodes address 1019 */ 1020 bzero(&mltaddr, sizeof(mltaddr)); 1021 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1022 mltaddr.sin6_family = AF_INET6; 1023 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1024 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 1025 1026 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m); 1027 if (in6m == NULL) { 1028 rtrequest(RTM_ADD, 1029 (struct sockaddr *)&mltaddr, 1030 (struct sockaddr *)&ia->ia_addr, 1031 (struct sockaddr *)&mltmask, 1032 RTF_UP|RTF_CLONING, /* xxx */ 1033 (struct rtentry **)0); 1034 (void)in6_addmulti(&mltaddr.sin6_addr, ifp, &error); 1035 if (error != 0) { 1036 log(LOG_WARNING, 1037 "in6_update_ifa: addmulti failed for " 1038 "%s on %s (errno=%d)\n", 1039 ip6_sprintf(&mltaddr.sin6_addr), 1040 if_name(ifp), error); 1041 } 1042 } 1043 1044 /* 1045 * join node information group address 1046 */ 1047 #define hostnamelen strlen(hostname) 1048 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr) 1049 == 0) { 1050 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m); 1051 if (in6m == NULL && ia != NULL) { 1052 (void)in6_addmulti(&mltaddr.sin6_addr, 1053 ifp, &error); 1054 if (error != 0) { 1055 log(LOG_WARNING, "in6_update_ifa: " 1056 "addmulti failed for " 1057 "%s on %s (errno=%d)\n", 1058 ip6_sprintf(&mltaddr.sin6_addr), 1059 if_name(ifp), error); 1060 } 1061 } 1062 } 1063 #undef hostnamelen 1064 1065 /* 1066 * join node-local all-nodes address, on loopback. 1067 * XXX: since "node-local" is obsoleted by interface-local, 1068 * we have to join the group on every interface with 1069 * some interface-boundary restriction. 1070 */ 1071 if (ifp->if_flags & IFF_LOOPBACK) { 1072 struct in6_ifaddr *ia_loop; 1073 1074 struct in6_addr loop6 = in6addr_loopback; 1075 ia_loop = in6ifa_ifpwithaddr(ifp, &loop6); 1076 1077 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1078 1079 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m); 1080 if (in6m == NULL && ia_loop != NULL) { 1081 rtrequest(RTM_ADD, 1082 (struct sockaddr *)&mltaddr, 1083 (struct sockaddr *)&ia_loop->ia_addr, 1084 (struct sockaddr *)&mltmask, 1085 RTF_UP, 1086 (struct rtentry **)0); 1087 (void)in6_addmulti(&mltaddr.sin6_addr, ifp, 1088 &error); 1089 if (error != 0) { 1090 log(LOG_WARNING, "in6_update_ifa: " 1091 "addmulti failed for %s on %s " 1092 "(errno=%d)\n", 1093 ip6_sprintf(&mltaddr.sin6_addr), 1094 if_name(ifp), error); 1095 } 1096 } 1097 } 1098 } 1099 1100 ia->ia6_flags = ifra->ifra_flags; 1101 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /*safety*/ 1102 ia->ia6_flags &= ~IN6_IFF_NODAD; /* Mobile IPv6 */ 1103 1104 ia->ia6_lifetime = ifra->ifra_lifetime; 1105 /* for sanity */ 1106 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1107 ia->ia6_lifetime.ia6t_expire = 1108 time_second + ia->ia6_lifetime.ia6t_vltime; 1109 } else 1110 ia->ia6_lifetime.ia6t_expire = 0; 1111 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1112 ia->ia6_lifetime.ia6t_preferred = 1113 time_second + ia->ia6_lifetime.ia6t_pltime; 1114 } else 1115 ia->ia6_lifetime.ia6t_preferred = 0; 1116 1117 /* 1118 * Perform DAD, if needed. 1119 * XXX It may be of use, if we can administratively 1120 * disable DAD. 1121 */ 1122 if (in6if_do_dad(ifp) && (ifra->ifra_flags & IN6_IFF_NODAD) == 0) { 1123 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1124 nd6_dad_start((struct ifaddr *)ia, NULL); 1125 } 1126 1127 return(error); 1128 1129 unlink: 1130 /* 1131 * XXX: if a change of an existing address failed, keep the entry 1132 * anyway. 1133 */ 1134 if (hostIsNew) 1135 in6_unlink_ifa(ia, ifp); 1136 return(error); 1137 } 1138 1139 void 1140 in6_purgeaddr(struct ifaddr *ifa) 1141 { 1142 struct ifnet *ifp = ifa->ifa_ifp; 1143 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1144 1145 /* stop DAD processing */ 1146 nd6_dad_stop(ifa); 1147 1148 /* 1149 * delete route to the destination of the address being purged. 1150 * The interface must be p2p or loopback in this case. 1151 */ 1152 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1153 int e; 1154 1155 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1156 != 0) { 1157 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1158 "a route to the p2p destination: %s on %s, " 1159 "errno=%d\n", 1160 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1161 e); 1162 /* proceed anyway... */ 1163 } 1164 else 1165 ia->ia_flags &= ~IFA_ROUTE; 1166 } 1167 1168 /* Remove ownaddr's loopback rtentry, if it exists. */ 1169 in6_ifremloop(&(ia->ia_ifa)); 1170 1171 if (ifp->if_flags & IFF_MULTICAST) { 1172 /* 1173 * delete solicited multicast addr for deleting host id 1174 */ 1175 struct in6_multi *in6m; 1176 struct in6_addr llsol; 1177 bzero(&llsol, sizeof(struct in6_addr)); 1178 llsol.s6_addr16[0] = htons(0xff02); 1179 llsol.s6_addr16[1] = htons(ifp->if_index); 1180 llsol.s6_addr32[1] = 0; 1181 llsol.s6_addr32[2] = htonl(1); 1182 llsol.s6_addr32[3] = 1183 ia->ia_addr.sin6_addr.s6_addr32[3]; 1184 llsol.s6_addr8[12] = 0xff; 1185 1186 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1187 if (in6m) 1188 in6_delmulti(in6m); 1189 } 1190 1191 in6_unlink_ifa(ia, ifp); 1192 } 1193 1194 static void 1195 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1196 { 1197 int plen, iilen; 1198 struct in6_ifaddr *oia; 1199 int s = splnet(); 1200 1201 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); 1202 1203 oia = ia; 1204 if (oia == (ia = in6_ifaddr)) 1205 in6_ifaddr = ia->ia_next; 1206 else { 1207 while (ia->ia_next && (ia->ia_next != oia)) 1208 ia = ia->ia_next; 1209 if (ia->ia_next) 1210 ia->ia_next = oia->ia_next; 1211 else { 1212 /* search failed */ 1213 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1214 } 1215 } 1216 1217 if (oia->ia6_ifpr) { /* check for safety */ 1218 plen = in6_mask2len(&oia->ia_prefixmask.sin6_addr, NULL); 1219 iilen = (sizeof(oia->ia_prefixmask.sin6_addr) << 3) - plen; 1220 in6_prefix_remove_ifid(iilen, oia); 1221 } 1222 1223 /* 1224 * When an autoconfigured address is being removed, release the 1225 * reference to the base prefix. Also, since the release might 1226 * affect the status of other (detached) addresses, call 1227 * pfxlist_onlink_check(). 1228 */ 1229 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) { 1230 if (oia->ia6_ndpr == NULL) { 1231 log(LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1232 "%p has no prefix\n", oia); 1233 } else { 1234 oia->ia6_ndpr->ndpr_refcnt--; 1235 oia->ia6_flags &= ~IN6_IFF_AUTOCONF; 1236 oia->ia6_ndpr = NULL; 1237 } 1238 1239 pfxlist_onlink_check(); 1240 } 1241 1242 /* 1243 * release another refcnt for the link from in6_ifaddr. 1244 * Note that we should decrement the refcnt at least once for all *BSD. 1245 */ 1246 IFAFREE(&oia->ia_ifa); 1247 1248 splx(s); 1249 } 1250 1251 void 1252 in6_purgeif(struct ifnet *ifp) 1253 { 1254 struct ifaddr *ifa, *nifa; 1255 1256 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa) 1257 { 1258 nifa = TAILQ_NEXT(ifa, ifa_list); 1259 if (ifa->ifa_addr->sa_family != AF_INET6) 1260 continue; 1261 in6_purgeaddr(ifa); 1262 } 1263 1264 in6_ifdetach(ifp); 1265 } 1266 1267 /* 1268 * SIOC[GAD]LIFADDR. 1269 * SIOCGLIFADDR: get first address. (?) 1270 * SIOCGLIFADDR with IFLR_PREFIX: 1271 * get first address that matches the specified prefix. 1272 * SIOCALIFADDR: add the specified address. 1273 * SIOCALIFADDR with IFLR_PREFIX: 1274 * add the specified prefix, filling hostid part from 1275 * the first link-local address. prefixlen must be <= 64. 1276 * SIOCDLIFADDR: delete the specified address. 1277 * SIOCDLIFADDR with IFLR_PREFIX: 1278 * delete the first address that matches the specified prefix. 1279 * return values: 1280 * EINVAL on invalid parameters 1281 * EADDRNOTAVAIL on prefix match failed/specified address not found 1282 * other values may be returned from in6_ioctl() 1283 * 1284 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1285 * this is to accomodate address naming scheme other than RFC2374, 1286 * in the future. 1287 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1288 * address encoding scheme. (see figure on page 8) 1289 */ 1290 static int 1291 in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1292 struct ifnet *ifp, struct thread *td) 1293 { 1294 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1295 struct ifaddr *ifa; 1296 struct sockaddr *sa; 1297 1298 /* sanity checks */ 1299 if (!data || !ifp) { 1300 panic("invalid argument to in6_lifaddr_ioctl"); 1301 /*NOTRECHED*/ 1302 } 1303 1304 switch (cmd) { 1305 case SIOCGLIFADDR: 1306 /* address must be specified on GET with IFLR_PREFIX */ 1307 if ((iflr->flags & IFLR_PREFIX) == 0) 1308 break; 1309 /* FALLTHROUGH */ 1310 case SIOCALIFADDR: 1311 case SIOCDLIFADDR: 1312 /* address must be specified on ADD and DELETE */ 1313 sa = (struct sockaddr *)&iflr->addr; 1314 if (sa->sa_family != AF_INET6) 1315 return EINVAL; 1316 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1317 return EINVAL; 1318 /* XXX need improvement */ 1319 sa = (struct sockaddr *)&iflr->dstaddr; 1320 if (sa->sa_family && sa->sa_family != AF_INET6) 1321 return EINVAL; 1322 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1323 return EINVAL; 1324 break; 1325 default: /* shouldn't happen */ 1326 #if 0 1327 panic("invalid cmd to in6_lifaddr_ioctl"); 1328 /* NOTREACHED */ 1329 #else 1330 return EOPNOTSUPP; 1331 #endif 1332 } 1333 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1334 return EINVAL; 1335 1336 switch (cmd) { 1337 case SIOCALIFADDR: 1338 { 1339 struct in6_aliasreq ifra; 1340 struct in6_addr *hostid = NULL; 1341 int prefixlen; 1342 1343 if ((iflr->flags & IFLR_PREFIX) != 0) { 1344 struct sockaddr_in6 *sin6; 1345 1346 /* 1347 * hostid is to fill in the hostid part of the 1348 * address. hostid points to the first link-local 1349 * address attached to the interface. 1350 */ 1351 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1352 if (!ifa) 1353 return EADDRNOTAVAIL; 1354 hostid = IFA_IN6(ifa); 1355 1356 /* prefixlen must be <= 64. */ 1357 if (64 < iflr->prefixlen) 1358 return EINVAL; 1359 prefixlen = iflr->prefixlen; 1360 1361 /* hostid part must be zero. */ 1362 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1363 if (sin6->sin6_addr.s6_addr32[2] != 0 1364 || sin6->sin6_addr.s6_addr32[3] != 0) { 1365 return EINVAL; 1366 } 1367 } else 1368 prefixlen = iflr->prefixlen; 1369 1370 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1371 bzero(&ifra, sizeof(ifra)); 1372 bcopy(iflr->iflr_name, ifra.ifra_name, 1373 sizeof(ifra.ifra_name)); 1374 1375 bcopy(&iflr->addr, &ifra.ifra_addr, 1376 ((struct sockaddr *)&iflr->addr)->sa_len); 1377 if (hostid) { 1378 /* fill in hostid part */ 1379 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1380 hostid->s6_addr32[2]; 1381 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1382 hostid->s6_addr32[3]; 1383 } 1384 1385 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/ 1386 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1387 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1388 if (hostid) { 1389 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1390 hostid->s6_addr32[2]; 1391 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1392 hostid->s6_addr32[3]; 1393 } 1394 } 1395 1396 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1397 in6_len2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1398 1399 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1400 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td); 1401 } 1402 case SIOCGLIFADDR: 1403 case SIOCDLIFADDR: 1404 { 1405 struct in6_ifaddr *ia; 1406 struct in6_addr mask, candidate, match; 1407 struct sockaddr_in6 *sin6; 1408 int cmp; 1409 1410 bzero(&mask, sizeof(mask)); 1411 if (iflr->flags & IFLR_PREFIX) { 1412 /* lookup a prefix rather than address. */ 1413 in6_len2mask(&mask, iflr->prefixlen); 1414 1415 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1416 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1417 match.s6_addr32[0] &= mask.s6_addr32[0]; 1418 match.s6_addr32[1] &= mask.s6_addr32[1]; 1419 match.s6_addr32[2] &= mask.s6_addr32[2]; 1420 match.s6_addr32[3] &= mask.s6_addr32[3]; 1421 1422 /* if you set extra bits, that's wrong */ 1423 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1424 return EINVAL; 1425 1426 cmp = 1; 1427 } else { 1428 if (cmd == SIOCGLIFADDR) { 1429 /* on getting an address, take the 1st match */ 1430 cmp = 0; /* XXX */ 1431 } else { 1432 /* on deleting an address, do exact match */ 1433 in6_len2mask(&mask, 128); 1434 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1435 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1436 1437 cmp = 1; 1438 } 1439 } 1440 1441 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 1442 { 1443 if (ifa->ifa_addr->sa_family != AF_INET6) 1444 continue; 1445 if (!cmp) 1446 break; 1447 1448 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1449 /* 1450 * XXX: this is adhoc, but is necessary to allow 1451 * a user to specify fe80::/64 (not /10) for a 1452 * link-local address. 1453 */ 1454 if (IN6_IS_ADDR_LINKLOCAL(&candidate)) 1455 candidate.s6_addr16[1] = 0; 1456 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1457 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1458 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1459 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1460 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1461 break; 1462 } 1463 if (!ifa) 1464 return EADDRNOTAVAIL; 1465 ia = ifa2ia6(ifa); 1466 1467 if (cmd == SIOCGLIFADDR) { 1468 struct sockaddr_in6 *s6; 1469 1470 /* fill in the if_laddrreq structure */ 1471 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1472 s6 = (struct sockaddr_in6 *)&iflr->addr; 1473 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) { 1474 s6->sin6_addr.s6_addr16[1] = 0; 1475 s6->sin6_scope_id = 1476 in6_addr2scopeid(ifp, &s6->sin6_addr); 1477 } 1478 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1479 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1480 ia->ia_dstaddr.sin6_len); 1481 s6 = (struct sockaddr_in6 *)&iflr->dstaddr; 1482 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) { 1483 s6->sin6_addr.s6_addr16[1] = 0; 1484 s6->sin6_scope_id = 1485 in6_addr2scopeid(ifp, 1486 &s6->sin6_addr); 1487 } 1488 } else 1489 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1490 1491 iflr->prefixlen = 1492 in6_mask2len(&ia->ia_prefixmask.sin6_addr, 1493 NULL); 1494 1495 iflr->flags = ia->ia6_flags; /* XXX */ 1496 1497 return 0; 1498 } else { 1499 struct in6_aliasreq ifra; 1500 1501 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1502 bzero(&ifra, sizeof(ifra)); 1503 bcopy(iflr->iflr_name, ifra.ifra_name, 1504 sizeof(ifra.ifra_name)); 1505 1506 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1507 ia->ia_addr.sin6_len); 1508 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1509 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1510 ia->ia_dstaddr.sin6_len); 1511 } else { 1512 bzero(&ifra.ifra_dstaddr, 1513 sizeof(ifra.ifra_dstaddr)); 1514 } 1515 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1516 ia->ia_prefixmask.sin6_len); 1517 1518 ifra.ifra_flags = ia->ia6_flags; 1519 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1520 ifp, td); 1521 } 1522 } 1523 } 1524 1525 return EOPNOTSUPP; /* just for safety */ 1526 } 1527 1528 /* 1529 * Initialize an interface's intetnet6 address 1530 * and routing table entry. 1531 */ 1532 static int 1533 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, struct sockaddr_in6 *sin6, 1534 int newhost) 1535 { 1536 int error = 0, plen, ifacount = 0; 1537 int s = splimp(); 1538 struct ifaddr *ifa; 1539 1540 /* 1541 * Give the interface a chance to initialize 1542 * if this is its first address, 1543 * and to validate the address if necessary. 1544 */ 1545 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 1546 { 1547 if (ifa->ifa_addr == NULL) 1548 continue; /* just for safety */ 1549 if (ifa->ifa_addr->sa_family != AF_INET6) 1550 continue; 1551 ifacount++; 1552 } 1553 1554 ia->ia_addr = *sin6; 1555 1556 if (ifacount <= 1 && ifp->if_ioctl && 1557 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia, 1558 (struct ucred *)NULL))) { 1559 splx(s); 1560 return(error); 1561 } 1562 splx(s); 1563 1564 ia->ia_ifa.ifa_metric = ifp->if_metric; 1565 1566 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1567 1568 /* 1569 * Special case: 1570 * If the destination address is specified for a point-to-point 1571 * interface, install a route to the destination as an interface 1572 * direct route. 1573 */ 1574 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1575 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1576 if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD, 1577 RTF_UP | RTF_HOST)) != 0) 1578 return(error); 1579 ia->ia_flags |= IFA_ROUTE; 1580 } 1581 if (plen < 128) { 1582 /* 1583 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto(). 1584 */ 1585 ia->ia_ifa.ifa_flags |= RTF_CLONING; 1586 } 1587 1588 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1589 if (newhost) { 1590 /* set the rtrequest function to create llinfo */ 1591 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1592 in6_ifaddloop(&(ia->ia_ifa)); 1593 } 1594 1595 return(error); 1596 } 1597 1598 /* 1599 * Add an address to the list of IP6 multicast addresses for a 1600 * given interface. 1601 */ 1602 struct in6_multi * 1603 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1604 { 1605 struct in6_multi *in6m; 1606 struct sockaddr_in6 sin6; 1607 struct ifmultiaddr *ifma; 1608 int s = splnet(); 1609 1610 *errorp = 0; 1611 1612 /* 1613 * Call generic routine to add membership or increment 1614 * refcount. It wants addresses in the form of a sockaddr, 1615 * so we build one here (being careful to zero the unused bytes). 1616 */ 1617 bzero(&sin6, sizeof sin6); 1618 sin6.sin6_family = AF_INET6; 1619 sin6.sin6_len = sizeof sin6; 1620 sin6.sin6_addr = *maddr6; 1621 *errorp = if_addmulti(ifp, (struct sockaddr *)&sin6, &ifma); 1622 if (*errorp) { 1623 splx(s); 1624 return 0; 1625 } 1626 1627 /* 1628 * If ifma->ifma_protospec is null, then if_addmulti() created 1629 * a new record. Otherwise, we are done. 1630 */ 1631 if (ifma->ifma_protospec != 0) 1632 return ifma->ifma_protospec; 1633 1634 /* XXX - if_addmulti uses M_WAITOK. Can this really be called 1635 at interrupt time? If so, need to fix if_addmulti. XXX */ 1636 in6m = (struct in6_multi *)malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT); 1637 if (in6m == NULL) { 1638 splx(s); 1639 return (NULL); 1640 } 1641 1642 bzero(in6m, sizeof *in6m); 1643 in6m->in6m_addr = *maddr6; 1644 in6m->in6m_ifp = ifp; 1645 in6m->in6m_ifma = ifma; 1646 ifma->ifma_protospec = in6m; 1647 LIST_INSERT_HEAD(&in6_multihead, in6m, in6m_entry); 1648 1649 /* 1650 * Let MLD6 know that we have joined a new IP6 multicast 1651 * group. 1652 */ 1653 mld6_start_listening(in6m); 1654 splx(s); 1655 return(in6m); 1656 } 1657 1658 /* 1659 * Delete a multicast address record. 1660 */ 1661 void 1662 in6_delmulti(struct in6_multi *in6m) 1663 { 1664 struct ifmultiaddr *ifma = in6m->in6m_ifma; 1665 int s = splnet(); 1666 1667 if (ifma->ifma_refcount == 1) { 1668 /* 1669 * No remaining claims to this record; let MLD6 know 1670 * that we are leaving the multicast group. 1671 */ 1672 mld6_stop_listening(in6m); 1673 ifma->ifma_protospec = 0; 1674 LIST_REMOVE(in6m, in6m_entry); 1675 free(in6m, M_IPMADDR); 1676 } 1677 /* XXX - should be separate API for when we have an ifma? */ 1678 if_delmulti(ifma->ifma_ifp, ifma->ifma_addr); 1679 splx(s); 1680 } 1681 1682 /* 1683 * Find an IPv6 interface link-local address specific to an interface. 1684 */ 1685 struct in6_ifaddr * 1686 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1687 { 1688 struct ifaddr *ifa; 1689 1690 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 1691 { 1692 if (ifa->ifa_addr == NULL) 1693 continue; /* just for safety */ 1694 if (ifa->ifa_addr->sa_family != AF_INET6) 1695 continue; 1696 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1697 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1698 ignoreflags) != 0) 1699 continue; 1700 break; 1701 } 1702 } 1703 1704 return((struct in6_ifaddr *)ifa); 1705 } 1706 1707 1708 /* 1709 * find the internet address corresponding to a given interface and address. 1710 */ 1711 struct in6_ifaddr * 1712 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1713 { 1714 struct ifaddr *ifa; 1715 1716 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 1717 { 1718 if (ifa->ifa_addr == NULL) 1719 continue; /* just for safety */ 1720 if (ifa->ifa_addr->sa_family != AF_INET6) 1721 continue; 1722 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1723 break; 1724 } 1725 1726 return((struct in6_ifaddr *)ifa); 1727 } 1728 1729 /* 1730 * Convert IP6 address to printable (loggable) representation. 1731 */ 1732 static char digits[] = "0123456789abcdef"; 1733 static int ip6round = 0; 1734 char * 1735 ip6_sprintf(const struct in6_addr *addr) 1736 { 1737 static char ip6buf[8][48]; 1738 int i; 1739 char *cp; 1740 const u_short *a = (const u_short *)addr; 1741 const u_char *d; 1742 int dcolon = 0; 1743 1744 ip6round = (ip6round + 1) & 7; 1745 cp = ip6buf[ip6round]; 1746 1747 for (i = 0; i < 8; i++) { 1748 if (dcolon == 1) { 1749 if (*a == 0) { 1750 if (i == 7) 1751 *cp++ = ':'; 1752 a++; 1753 continue; 1754 } else 1755 dcolon = 2; 1756 } 1757 if (*a == 0) { 1758 if (dcolon == 0 && *(a + 1) == 0) { 1759 if (i == 0) 1760 *cp++ = ':'; 1761 *cp++ = ':'; 1762 dcolon = 1; 1763 } else { 1764 *cp++ = '0'; 1765 *cp++ = ':'; 1766 } 1767 a++; 1768 continue; 1769 } 1770 d = (const u_char *)a; 1771 *cp++ = digits[*d >> 4]; 1772 *cp++ = digits[*d++ & 0xf]; 1773 *cp++ = digits[*d >> 4]; 1774 *cp++ = digits[*d & 0xf]; 1775 *cp++ = ':'; 1776 a++; 1777 } 1778 *--cp = 0; 1779 return(ip6buf[ip6round]); 1780 } 1781 1782 int 1783 in6_localaddr(struct in6_addr *in6) 1784 { 1785 struct in6_ifaddr *ia; 1786 1787 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1788 return 1; 1789 1790 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1791 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1792 &ia->ia_prefixmask.sin6_addr)) 1793 return 1; 1794 1795 return (0); 1796 } 1797 1798 int 1799 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1800 { 1801 struct in6_ifaddr *ia; 1802 1803 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1804 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1805 &sa6->sin6_addr) && 1806 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1807 return(1); /* true */ 1808 1809 /* XXX: do we still have to go thru the rest of the list? */ 1810 } 1811 1812 return(0); /* false */ 1813 } 1814 1815 /* 1816 * return length of part which dst and src are equal 1817 * hard coding... 1818 */ 1819 int 1820 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1821 { 1822 int match = 0; 1823 u_char *s = (u_char *)src, *d = (u_char *)dst; 1824 u_char *lim = s + 16, r; 1825 1826 while (s < lim) 1827 if ((r = (*d++ ^ *s++)) != 0) { 1828 while (r < 128) { 1829 match++; 1830 r <<= 1; 1831 } 1832 break; 1833 } else 1834 match += 8; 1835 return match; 1836 } 1837 1838 /* XXX: to be scope conscious */ 1839 int 1840 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1841 { 1842 int bytelen, bitlen; 1843 1844 /* sanity check */ 1845 if (0 > len || len > 128) { 1846 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1847 len); 1848 return(0); 1849 } 1850 1851 bytelen = len / 8; 1852 bitlen = len % 8; 1853 1854 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1855 return(0); 1856 if (p1->s6_addr[bytelen] >> (8 - bitlen) != 1857 p2->s6_addr[bytelen] >> (8 - bitlen)) 1858 return(0); 1859 1860 return(1); 1861 } 1862 1863 void 1864 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1865 { 1866 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1867 int bytelen, bitlen, i; 1868 1869 /* sanity check */ 1870 if (0 > len || len > 128) { 1871 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1872 len); 1873 return; 1874 } 1875 1876 bzero(maskp, sizeof(*maskp)); 1877 bytelen = len / 8; 1878 bitlen = len % 8; 1879 for (i = 0; i < bytelen; i++) 1880 maskp->s6_addr[i] = 0xff; 1881 if (bitlen) 1882 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1883 } 1884 1885 /* 1886 * return the best address out of the same scope 1887 */ 1888 struct in6_ifaddr * 1889 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst) 1890 { 1891 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1892 int blen = -1; 1893 struct ifaddr *ifa; 1894 struct ifnet *ifp; 1895 struct in6_ifaddr *ifa_best = NULL; 1896 1897 if (oifp == NULL) { 1898 #if 0 1899 printf("in6_ifawithscope: output interface is not specified\n"); 1900 #endif 1901 return(NULL); 1902 } 1903 1904 /* 1905 * We search for all addresses on all interfaces from the beginning. 1906 * Comparing an interface with the outgoing interface will be done 1907 * only at the final stage of tiebreaking. 1908 */ 1909 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 1910 { 1911 /* 1912 * We can never take an address that breaks the scope zone 1913 * of the destination. 1914 */ 1915 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst)) 1916 continue; 1917 1918 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 1919 { 1920 int tlen = -1, dscopecmp, bscopecmp, matchcmp; 1921 1922 if (ifa->ifa_addr->sa_family != AF_INET6) 1923 continue; 1924 1925 src_scope = in6_addrscope(IFA_IN6(ifa)); 1926 1927 /* 1928 * Don't use an address before completing DAD 1929 * nor a duplicated address. 1930 */ 1931 if (((struct in6_ifaddr *)ifa)->ia6_flags & 1932 IN6_IFF_NOTREADY) 1933 continue; 1934 1935 /* XXX: is there any case to allow anycasts? */ 1936 if (((struct in6_ifaddr *)ifa)->ia6_flags & 1937 IN6_IFF_ANYCAST) 1938 continue; 1939 1940 if (((struct in6_ifaddr *)ifa)->ia6_flags & 1941 IN6_IFF_DETACHED) 1942 continue; 1943 1944 /* 1945 * If this is the first address we find, 1946 * keep it anyway. 1947 */ 1948 if (ifa_best == NULL) 1949 goto replace; 1950 1951 /* 1952 * ifa_best is never NULL beyond this line except 1953 * within the block labeled "replace". 1954 */ 1955 1956 /* 1957 * If ifa_best has a smaller scope than dst and 1958 * the current address has a larger one than 1959 * (or equal to) dst, always replace ifa_best. 1960 * Also, if the current address has a smaller scope 1961 * than dst, ignore it unless ifa_best also has a 1962 * smaller scope. 1963 * Consequently, after the two if-clause below, 1964 * the followings must be satisfied: 1965 * (scope(src) < scope(dst) && 1966 * scope(best) < scope(dst)) 1967 * OR 1968 * (scope(best) >= scope(dst) && 1969 * scope(src) >= scope(dst)) 1970 */ 1971 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 && 1972 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0) 1973 goto replace; /* (A) */ 1974 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 && 1975 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0) 1976 continue; /* (B) */ 1977 1978 /* 1979 * A deprecated address SHOULD NOT be used in new 1980 * communications if an alternate (non-deprecated) 1981 * address is available and has sufficient scope. 1982 * RFC 2462, Section 5.5.4. 1983 */ 1984 if (((struct in6_ifaddr *)ifa)->ia6_flags & 1985 IN6_IFF_DEPRECATED) { 1986 /* 1987 * Ignore any deprecated addresses if 1988 * specified by configuration. 1989 */ 1990 if (!ip6_use_deprecated) 1991 continue; 1992 1993 /* 1994 * If we have already found a non-deprecated 1995 * candidate, just ignore deprecated addresses. 1996 */ 1997 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) 1998 == 0) 1999 continue; 2000 } 2001 2002 /* 2003 * A non-deprecated address is always preferred 2004 * to a deprecated one regardless of scopes and 2005 * address matching (Note invariants ensured by the 2006 * conditions (A) and (B) above.) 2007 */ 2008 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) && 2009 (((struct in6_ifaddr *)ifa)->ia6_flags & 2010 IN6_IFF_DEPRECATED) == 0) 2011 goto replace; 2012 2013 /* 2014 * When we use temporary addresses described in 2015 * RFC 3041, we prefer temporary addresses to 2016 * public autoconf addresses. Again, note the 2017 * invariants from (A) and (B). Also note that we 2018 * don't have any preference between static addresses 2019 * and autoconf addresses (despite of whether or not 2020 * the latter is temporary or public.) 2021 */ 2022 if (ip6_use_tempaddr) { 2023 struct in6_ifaddr *ifat; 2024 2025 ifat = (struct in6_ifaddr *)ifa; 2026 if ((ifa_best->ia6_flags & 2027 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 2028 == IN6_IFF_AUTOCONF && 2029 (ifat->ia6_flags & 2030 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 2031 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) { 2032 goto replace; 2033 } 2034 if ((ifa_best->ia6_flags & 2035 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 2036 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY) && 2037 (ifat->ia6_flags & 2038 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) 2039 == IN6_IFF_AUTOCONF) { 2040 continue; 2041 } 2042 } 2043 2044 /* 2045 * At this point, we have two cases: 2046 * 1. we are looking at a non-deprecated address, 2047 * and ifa_best is also non-deprecated. 2048 * 2. we are looking at a deprecated address, 2049 * and ifa_best is also deprecated. 2050 * Also, we do not have to consider a case where 2051 * the scope of if_best is larger(smaller) than dst and 2052 * the scope of the current address is smaller(larger) 2053 * than dst. Such a case has already been covered. 2054 * Tiebreaking is done according to the following 2055 * items: 2056 * - the scope comparison between the address and 2057 * dst (dscopecmp) 2058 * - the scope comparison between the address and 2059 * ifa_best (bscopecmp) 2060 * - if the address match dst longer than ifa_best 2061 * (matchcmp) 2062 * - if the address is on the outgoing I/F (outI/F) 2063 * 2064 * Roughly speaking, the selection policy is 2065 * - the most important item is scope. The same scope 2066 * is best. Then search for a larger scope. 2067 * Smaller scopes are the last resort. 2068 * - A deprecated address is chosen only when we have 2069 * no address that has an enough scope, but is 2070 * prefered to any addresses of smaller scopes 2071 * (this must be already done above.) 2072 * - addresses on the outgoing I/F are preferred to 2073 * ones on other interfaces if none of above 2074 * tiebreaks. In the table below, the column "bI" 2075 * means if the best_ifa is on the outgoing 2076 * interface, and the column "sI" means if the ifa 2077 * is on the outgoing interface. 2078 * - If there is no other reasons to choose one, 2079 * longest address match against dst is considered. 2080 * 2081 * The precise decision table is as follows: 2082 * dscopecmp bscopecmp match bI oI | replace? 2083 * N/A equal N/A Y N | No (1) 2084 * N/A equal N/A N Y | Yes (2) 2085 * N/A equal larger N/A | Yes (3) 2086 * N/A equal !larger N/A | No (4) 2087 * larger larger N/A N/A | No (5) 2088 * larger smaller N/A N/A | Yes (6) 2089 * smaller larger N/A N/A | Yes (7) 2090 * smaller smaller N/A N/A | No (8) 2091 * equal smaller N/A N/A | Yes (9) 2092 * equal larger (already done at A above) 2093 */ 2094 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope); 2095 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope); 2096 2097 if (bscopecmp == 0) { 2098 struct ifnet *bifp = ifa_best->ia_ifp; 2099 2100 if (bifp == oifp && ifp != oifp) /* (1) */ 2101 continue; 2102 if (bifp != oifp && ifp == oifp) /* (2) */ 2103 goto replace; 2104 2105 /* 2106 * Both bifp and ifp are on the outgoing 2107 * interface, or both two are on a different 2108 * interface from the outgoing I/F. 2109 * now we need address matching against dst 2110 * for tiebreaking. 2111 */ 2112 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2113 matchcmp = tlen - blen; 2114 if (matchcmp > 0) /* (3) */ 2115 goto replace; 2116 continue; /* (4) */ 2117 } 2118 if (dscopecmp > 0) { 2119 if (bscopecmp > 0) /* (5) */ 2120 continue; 2121 goto replace; /* (6) */ 2122 } 2123 if (dscopecmp < 0) { 2124 if (bscopecmp > 0) /* (7) */ 2125 goto replace; 2126 continue; /* (8) */ 2127 } 2128 2129 /* now dscopecmp must be 0 */ 2130 if (bscopecmp < 0) 2131 goto replace; /* (9) */ 2132 2133 replace: 2134 ifa_best = (struct in6_ifaddr *)ifa; 2135 blen = tlen >= 0 ? tlen : 2136 in6_matchlen(IFA_IN6(ifa), dst); 2137 best_scope = in6_addrscope(&ifa_best->ia_addr.sin6_addr); 2138 } 2139 } 2140 2141 /* count statistics for future improvements */ 2142 if (ifa_best == NULL) 2143 ip6stat.ip6s_sources_none++; 2144 else { 2145 if (oifp == ifa_best->ia_ifp) 2146 ip6stat.ip6s_sources_sameif[best_scope]++; 2147 else 2148 ip6stat.ip6s_sources_otherif[best_scope]++; 2149 2150 if (best_scope == dst_scope) 2151 ip6stat.ip6s_sources_samescope[best_scope]++; 2152 else 2153 ip6stat.ip6s_sources_otherscope[best_scope]++; 2154 2155 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 2156 ip6stat.ip6s_sources_deprecated[best_scope]++; 2157 } 2158 2159 return(ifa_best); 2160 } 2161 2162 /* 2163 * return the best address out of the same scope. if no address was 2164 * found, return the first valid address from designated IF. 2165 */ 2166 struct in6_ifaddr * 2167 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2168 { 2169 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2170 struct ifaddr *ifa; 2171 struct in6_ifaddr *besta = 0; 2172 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2173 2174 dep[0] = dep[1] = NULL; 2175 2176 /* 2177 * We first look for addresses in the same scope. 2178 * If there is one, return it. 2179 * If two or more, return one which matches the dst longest. 2180 * If none, return one of global addresses assigned other ifs. 2181 */ 2182 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 2183 { 2184 if (ifa->ifa_addr->sa_family != AF_INET6) 2185 continue; 2186 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2187 continue; /* XXX: is there any case to allow anycast? */ 2188 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2189 continue; /* don't use this interface */ 2190 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2191 continue; 2192 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2193 if (ip6_use_deprecated) 2194 dep[0] = (struct in6_ifaddr *)ifa; 2195 continue; 2196 } 2197 2198 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2199 /* 2200 * call in6_matchlen() as few as possible 2201 */ 2202 if (besta) { 2203 if (blen == -1) 2204 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2205 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2206 if (tlen > blen) { 2207 blen = tlen; 2208 besta = (struct in6_ifaddr *)ifa; 2209 } 2210 } else 2211 besta = (struct in6_ifaddr *)ifa; 2212 } 2213 } 2214 if (besta) 2215 return(besta); 2216 2217 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 2218 { 2219 if (ifa->ifa_addr->sa_family != AF_INET6) 2220 continue; 2221 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2222 continue; /* XXX: is there any case to allow anycast? */ 2223 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2224 continue; /* don't use this interface */ 2225 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2226 continue; 2227 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2228 if (ip6_use_deprecated) 2229 dep[1] = (struct in6_ifaddr *)ifa; 2230 continue; 2231 } 2232 2233 return (struct in6_ifaddr *)ifa; 2234 } 2235 2236 /* use the last-resort values, that are, deprecated addresses */ 2237 if (dep[0]) 2238 return dep[0]; 2239 if (dep[1]) 2240 return dep[1]; 2241 2242 return NULL; 2243 } 2244 2245 /* 2246 * perform DAD when interface becomes IFF_UP. 2247 */ 2248 void 2249 in6_if_up(struct ifnet *ifp) 2250 { 2251 struct ifaddr *ifa; 2252 struct in6_ifaddr *ia; 2253 int dad_delay; /* delay ticks before DAD output */ 2254 2255 /* 2256 * special cases, like 6to4, are handled in in6_ifattach 2257 */ 2258 in6_ifattach(ifp, NULL); 2259 2260 dad_delay = 0; 2261 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 2262 { 2263 if (ifa->ifa_addr->sa_family != AF_INET6) 2264 continue; 2265 ia = (struct in6_ifaddr *)ifa; 2266 if (ia->ia6_flags & IN6_IFF_TENTATIVE) 2267 nd6_dad_start(ifa, &dad_delay); 2268 } 2269 } 2270 2271 int 2272 in6if_do_dad(struct ifnet *ifp) 2273 { 2274 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2275 return(0); 2276 2277 switch (ifp->if_type) { 2278 #ifdef IFT_DUMMY 2279 case IFT_DUMMY: 2280 #endif 2281 case IFT_FAITH: 2282 /* 2283 * These interfaces do not have the IFF_LOOPBACK flag, 2284 * but loop packets back. We do not have to do DAD on such 2285 * interfaces. We should even omit it, because loop-backed 2286 * NS would confuse the DAD procedure. 2287 */ 2288 return(0); 2289 default: 2290 /* 2291 * Our DAD routine requires the interface up and running. 2292 * However, some interfaces can be up before the RUNNING 2293 * status. Additionaly, users may try to assign addresses 2294 * before the interface becomes up (or running). 2295 * We simply skip DAD in such a case as a work around. 2296 * XXX: we should rather mark "tentative" on such addresses, 2297 * and do DAD after the interface becomes ready. 2298 */ 2299 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2300 (IFF_UP|IFF_RUNNING)) 2301 return(0); 2302 2303 return(1); 2304 } 2305 } 2306 2307 /* 2308 * Calculate max IPv6 MTU through all the interfaces and store it 2309 * to in6_maxmtu. 2310 */ 2311 void 2312 in6_setmaxmtu(void) 2313 { 2314 unsigned long maxmtu = 0; 2315 struct ifnet *ifp; 2316 2317 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 2318 { 2319 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2320 ND_IFINFO(ifp)->linkmtu > maxmtu) 2321 maxmtu = ND_IFINFO(ifp)->linkmtu; 2322 } 2323 if (maxmtu) /* update only when maxmtu is positive */ 2324 in6_maxmtu = maxmtu; 2325 } 2326 2327 void * 2328 in6_domifattach(struct ifnet *ifp) 2329 { 2330 struct in6_ifextra *ext; 2331 2332 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2333 bzero(ext, sizeof(*ext)); 2334 2335 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2336 M_IFADDR, M_WAITOK); 2337 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2338 2339 ext->icmp6_ifstat = 2340 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2341 M_IFADDR, M_WAITOK); 2342 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2343 2344 ext->nd_ifinfo = nd6_ifattach(ifp); 2345 ext->scope6_id = scope6_ifattach(ifp); 2346 return ext; 2347 } 2348 2349 void 2350 in6_domifdetach(struct ifnet *ifp, void *aux) 2351 { 2352 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2353 scope6_ifdetach(ext->scope6_id); 2354 nd6_ifdetach(ext->nd_ifinfo); 2355 free(ext->in6_ifstat, M_IFADDR); 2356 free(ext->icmp6_ifstat, M_IFADDR); 2357 free(ext, M_IFADDR); 2358 } 2359 2360 /* 2361 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2362 * v4 mapped addr or v4 compat addr 2363 */ 2364 void 2365 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2366 { 2367 bzero(sin, sizeof(*sin)); 2368 sin->sin_len = sizeof(struct sockaddr_in); 2369 sin->sin_family = AF_INET; 2370 sin->sin_port = sin6->sin6_port; 2371 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2372 } 2373 2374 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2375 void 2376 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2377 { 2378 bzero(sin6, sizeof(*sin6)); 2379 sin6->sin6_len = sizeof(struct sockaddr_in6); 2380 sin6->sin6_family = AF_INET6; 2381 sin6->sin6_port = sin->sin_port; 2382 sin6->sin6_addr.s6_addr32[0] = 0; 2383 sin6->sin6_addr.s6_addr32[1] = 0; 2384 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2385 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2386 } 2387 2388 /* Convert sockaddr_in6 into sockaddr_in. */ 2389 void 2390 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2391 { 2392 struct sockaddr_in *sin_p; 2393 struct sockaddr_in6 sin6; 2394 2395 /* 2396 * Save original sockaddr_in6 addr and convert it 2397 * to sockaddr_in. 2398 */ 2399 sin6 = *(struct sockaddr_in6 *)nam; 2400 sin_p = (struct sockaddr_in *)nam; 2401 in6_sin6_2_sin(sin_p, &sin6); 2402 } 2403 2404 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2405 void 2406 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2407 { 2408 struct sockaddr_in *sin_p; 2409 struct sockaddr_in6 *sin6_p; 2410 2411 MALLOC(sin6_p, struct sockaddr_in6 *, sizeof *sin6_p, M_SONAME, 2412 M_WAITOK); 2413 sin_p = (struct sockaddr_in *)*nam; 2414 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2415 FREE(*nam, M_SONAME); 2416 *nam = (struct sockaddr *)sin6_p; 2417 } 2418