1 /* $FreeBSD: src/sys/netinet6/in6_src.c,v 1.1.2.3 2002/02/26 18:02:06 ume Exp $ */ 2 /* $DragonFly: src/sys/netinet6/in6_src.c,v 1.13 2006/12/29 18:02:56 victor Exp $ */ 3 /* $KAME: in6_src.c,v 1.37 2001/03/29 05:34:31 itojun Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 1982, 1986, 1991, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. All advertising materials mentioning features or use of this software 47 * must display the following acknowledgement: 48 * This product includes software developed by the University of 49 * California, Berkeley and its contributors. 50 * 4. Neither the name of the University nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 64 * SUCH DAMAGE. 65 * 66 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 67 */ 68 69 #include "opt_inet.h" 70 #include "opt_inet6.h" 71 72 #include <sys/param.h> 73 #include <sys/systm.h> 74 #include <sys/jail.h> 75 #include <sys/kernel.h> 76 #include <sys/malloc.h> 77 #include <sys/mbuf.h> 78 #include <sys/protosw.h> 79 #include <sys/socket.h> 80 #include <sys/socketvar.h> 81 #include <sys/sockio.h> 82 #include <sys/sysctl.h> 83 #include <sys/errno.h> 84 #include <sys/time.h> 85 #include <sys/proc.h> 86 #include <sys/priv.h> 87 88 #include <net/if.h> 89 #include <net/route.h> 90 91 #include <netinet/in.h> 92 #include <netinet/in_var.h> 93 #include <netinet/in_systm.h> 94 #include <netinet/ip.h> 95 #include <netinet/in_pcb.h> 96 #include <netinet6/in6_var.h> 97 #include <netinet/ip6.h> 98 #include <netinet6/in6_pcb.h> 99 #include <netinet6/ip6_var.h> 100 #include <netinet6/nd6.h> 101 #ifdef ENABLE_DEFAULT_SCOPE 102 #include <netinet6/scope6_var.h> 103 #endif 104 105 #include <net/net_osdep.h> 106 107 #include "use_loop.h" 108 109 #define ADDR_LABEL_NOTAPP (-1) 110 struct in6_addrpolicy defaultaddrpolicy; 111 112 static void init_policy_queue(void); 113 static int add_addrsel_policyent(struct in6_addrpolicy *); 114 static int delete_addrsel_policyent(struct in6_addrpolicy *); 115 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *), 116 void *); 117 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 118 119 120 /* 121 * Return an IPv6 address, which is the most appropriate for a given 122 * destination and user specified options. 123 * If necessary, this function lookups the routing table and returns 124 * an entry to the caller for later use. 125 */ 126 struct in6_addr * 127 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 128 struct ip6_moptions *mopts, struct route_in6 *ro, 129 struct in6_addr *laddr, int *errorp, struct thread *td) 130 { 131 struct sockaddr_in6 jsin6; 132 struct ucred *cred = NULL; 133 struct in6_addr *dst; 134 struct in6_ifaddr *ia6 = 0; 135 struct in6_pktinfo *pi = NULL; 136 int jailed = 0; 137 138 if (td && td->td_proc && td->td_proc->p_ucred) 139 cred = td->td_proc->p_ucred; 140 if (cred && cred->cr_prison) 141 jailed = 1; 142 jsin6.sin6_family = AF_INET6; 143 dst = &dstsock->sin6_addr; 144 *errorp = 0; 145 146 /* 147 * If the source address is explicitly specified by the caller, 148 * use it. 149 */ 150 if (opts && (pi = opts->ip6po_pktinfo) && 151 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 152 jsin6.sin6_addr = pi->ipi6_addr; 153 if (jailed && !jailed_ip(cred->cr_prison, 154 (struct sockaddr *)&jsin6)) { 155 return(0); 156 } else { 157 return (&pi->ipi6_addr); 158 } 159 } 160 161 /* 162 * If the source address is not specified but the socket(if any) 163 * is already bound, use the bound address. 164 */ 165 if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr)) { 166 jsin6.sin6_addr = *laddr; 167 if (jailed && !jailed_ip(cred->cr_prison, 168 (struct sockaddr *)&jsin6)) { 169 return(0); 170 } else { 171 return (laddr); 172 } 173 } 174 175 /* 176 * If the caller doesn't specify the source address but 177 * the outgoing interface, use an address associated with 178 * the interface. 179 */ 180 if (pi && pi->ipi6_ifindex) { 181 /* XXX boundary check is assumed to be already done. */ 182 ia6 = in6_ifawithscope(ifindex2ifnet[pi->ipi6_ifindex], 183 dst); 184 185 if (ia6 && jailed) { 186 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 187 if (!jailed_ip(cred->cr_prison, 188 (struct sockaddr *)&jsin6)) 189 ia6 = 0; 190 } 191 192 if (ia6 == 0) { 193 *errorp = EADDRNOTAVAIL; 194 return (0); 195 } 196 return (&satosin6(&ia6->ia_addr)->sin6_addr); 197 } 198 199 /* 200 * If the destination address is a link-local unicast address or 201 * a multicast address, and if the outgoing interface is specified 202 * by the sin6_scope_id filed, use an address associated with the 203 * interface. 204 * XXX: We're now trying to define more specific semantics of 205 * sin6_scope_id field, so this part will be rewritten in 206 * the near future. 207 */ 208 if ((IN6_IS_ADDR_LINKLOCAL(dst) || IN6_IS_ADDR_MULTICAST(dst)) && 209 dstsock->sin6_scope_id) { 210 /* 211 * I'm not sure if boundary check for scope_id is done 212 * somewhere... 213 */ 214 if (dstsock->sin6_scope_id < 0 || 215 if_index < dstsock->sin6_scope_id) { 216 *errorp = ENXIO; /* XXX: better error? */ 217 return (0); 218 } 219 ia6 = in6_ifawithscope(ifindex2ifnet[dstsock->sin6_scope_id], 220 dst); 221 222 if (ia6 && jailed) { 223 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 224 if (!jailed_ip(cred->cr_prison, 225 (struct sockaddr *)&jsin6)) 226 ia6 = 0; 227 } 228 229 if (ia6 == 0) { 230 *errorp = EADDRNOTAVAIL; 231 return (0); 232 } 233 return (&satosin6(&ia6->ia_addr)->sin6_addr); 234 } 235 236 /* 237 * If the destination address is a multicast address and 238 * the outgoing interface for the address is specified 239 * by the caller, use an address associated with the interface. 240 * There is a sanity check here; if the destination has node-local 241 * scope, the outgoing interfacde should be a loopback address. 242 * Even if the outgoing interface is not specified, we also 243 * choose a loopback interface as the outgoing interface. 244 */ 245 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) { 246 struct ifnet *ifp = mopts ? mopts->im6o_multicast_ifp : NULL; 247 248 if (ifp == NULL && IN6_IS_ADDR_MC_NODELOCAL(dst)) { 249 ifp = &loif[0]; 250 } 251 252 if (ifp) { 253 ia6 = in6_ifawithscope(ifp, dst); 254 if (ia6 == 0) { 255 *errorp = EADDRNOTAVAIL; 256 return (0); 257 } 258 return (&satosin6(&ia6->ia_addr)->sin6_addr); 259 } 260 } 261 262 /* 263 * If the next hop address for the packet is specified 264 * by caller, use an address associated with the route 265 * to the next hop. 266 */ 267 { 268 struct sockaddr_in6 *sin6_next; 269 struct rtentry *rt; 270 271 if (opts && opts->ip6po_nexthop) { 272 sin6_next = satosin6(opts->ip6po_nexthop); 273 rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL); 274 if (rt) { 275 ia6 = in6_ifawithscope(rt->rt_ifp, dst); 276 if (ia6 == 0) 277 ia6 = ifatoia6(rt->rt_ifa); 278 } 279 if (ia6 && jailed) { 280 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 281 if (!jailed_ip(cred->cr_prison, 282 (struct sockaddr *)&jsin6)) 283 ia6 = 0; 284 } 285 286 if (ia6 == 0) { 287 *errorp = EADDRNOTAVAIL; 288 return (0); 289 } 290 return (&satosin6(&ia6->ia_addr)->sin6_addr); 291 } 292 } 293 294 /* 295 * If route is known or can be allocated now, 296 * our src addr is taken from the i/f, else punt. 297 */ 298 if (ro) { 299 if (ro->ro_rt && 300 (!(ro->ro_rt->rt_flags & RTF_UP) || 301 satosin6(&ro->ro_dst)->sin6_family != AF_INET6 || 302 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 303 dst))) { 304 RTFREE(ro->ro_rt); 305 ro->ro_rt = NULL; 306 } 307 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp == NULL) { 308 struct sockaddr_in6 *sa6; 309 310 /* No route yet, so try to acquire one */ 311 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 312 sa6 = &ro->ro_dst; 313 sa6->sin6_family = AF_INET6; 314 sa6->sin6_len = sizeof(struct sockaddr_in6); 315 sa6->sin6_addr = *dst; 316 sa6->sin6_scope_id = dstsock->sin6_scope_id; 317 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) { 318 ro->ro_rt = 319 rtpurelookup((struct sockaddr *)&ro->ro_dst); 320 } else { 321 rtalloc((struct route *)ro); 322 } 323 } 324 325 /* 326 * in_pcbconnect() checks out IFF_LOOPBACK to skip using 327 * the address. But we don't know why it does so. 328 * It is necessary to ensure the scope even for lo0 329 * so doesn't check out IFF_LOOPBACK. 330 */ 331 332 if (ro->ro_rt) { 333 ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst); 334 if (ia6 && jailed) { 335 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 336 if (!jailed_ip(cred->cr_prison, 337 (struct sockaddr *)&jsin6)) 338 ia6 = 0; 339 } 340 341 if (ia6 == 0) /* xxx scope error ?*/ 342 ia6 = ifatoia6(ro->ro_rt->rt_ifa); 343 344 if (ia6 && jailed) { 345 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 346 if (!jailed_ip(cred->cr_prison, 347 (struct sockaddr *)&jsin6)) 348 ia6 = 0; 349 } 350 } 351 #if 0 352 /* 353 * xxx The followings are necessary? (kazu) 354 * I don't think so. 355 * It's for SO_DONTROUTE option in IPv4.(jinmei) 356 */ 357 if (ia6 == 0) { 358 struct sockaddr_in6 sin6 = {sizeof(sin6), AF_INET6, 0}; 359 360 sin6->sin6_addr = *dst; 361 362 ia6 = ifatoia6(ifa_ifwithdstaddr(sin6tosa(&sin6))); 363 if (ia6 == 0) 364 ia6 = ifatoia6(ifa_ifwithnet(sin6tosa(&sin6))); 365 if (ia6 == 0) 366 return (0); 367 return (&satosin6(&ia6->ia_addr)->sin6_addr); 368 } 369 #endif /* 0 */ 370 if (ia6 == 0) { 371 *errorp = EHOSTUNREACH; /* no route */ 372 return (0); 373 } 374 return (&satosin6(&ia6->ia_addr)->sin6_addr); 375 } 376 377 *errorp = EADDRNOTAVAIL; 378 return (0); 379 } 380 381 /* 382 * Default hop limit selection. The precedence is as follows: 383 * 1. Hoplimit value specified via ioctl. 384 * 2. (If the outgoing interface is detected) the current 385 * hop limit of the interface specified by router advertisement. 386 * 3. The system default hoplimit. 387 */ 388 int 389 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) 390 { 391 if (in6p && in6p->in6p_hops >= 0) 392 return (in6p->in6p_hops); 393 else if (ifp) 394 return (ND_IFINFO(ifp)->chlim); 395 else 396 return (ip6_defhlim); 397 } 398 399 /* 400 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 401 * share this function by all *bsd*... 402 */ 403 int 404 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct thread *td) 405 { 406 struct socket *so = inp->inp_socket; 407 u_int16_t lport = 0, first, last, *lastport; 408 int count, error = 0, wild = 0; 409 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 410 struct ucred *cred = NULL; 411 412 /* XXX: this is redundant when called from in6_pcbbind */ 413 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 414 wild = INPLOOKUP_WILDCARD; 415 if (td->td_proc && td->td_proc->p_ucred) 416 cred = td->td_proc->p_ucred; 417 418 inp->inp_flags |= INP_ANONPORT; 419 420 if (inp->inp_flags & INP_HIGHPORT) { 421 first = ipport_hifirstauto; /* sysctl */ 422 last = ipport_hilastauto; 423 lastport = &pcbinfo->lasthi; 424 } else if (inp->inp_flags & INP_LOWPORT) { 425 if ((error = priv_check(td, PRIV_ROOT)) != 0) 426 return error; 427 first = ipport_lowfirstauto; /* 1023 */ 428 last = ipport_lowlastauto; /* 600 */ 429 lastport = &pcbinfo->lastlow; 430 } else { 431 first = ipport_firstauto; /* sysctl */ 432 last = ipport_lastauto; 433 lastport = &pcbinfo->lastport; 434 } 435 /* 436 * Simple check to ensure all ports are not used up causing 437 * a deadlock here. 438 * 439 * We split the two cases (up and down) so that the direction 440 * is not being tested on each round of the loop. 441 */ 442 if (first > last) { 443 /* 444 * counting down 445 */ 446 count = first - last; 447 448 do { 449 if (count-- < 0) { /* completely used? */ 450 /* 451 * Undo any address bind that may have 452 * occurred above. 453 */ 454 inp->in6p_laddr = kin6addr_any; 455 return (EAGAIN); 456 } 457 --*lastport; 458 if (*lastport > first || *lastport < last) 459 *lastport = first; 460 lport = htons(*lastport); 461 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 462 lport, wild, cred)); 463 } else { 464 /* 465 * counting up 466 */ 467 count = last - first; 468 469 do { 470 if (count-- < 0) { /* completely used? */ 471 /* 472 * Undo any address bind that may have 473 * occurred above. 474 */ 475 inp->in6p_laddr = kin6addr_any; 476 return (EAGAIN); 477 } 478 ++*lastport; 479 if (*lastport < first || *lastport > last) 480 *lastport = first; 481 lport = htons(*lastport); 482 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 483 lport, wild, cred)); 484 } 485 486 inp->inp_lport = lport; 487 if (in_pcbinsporthash(inp) != 0) { 488 inp->in6p_laddr = kin6addr_any; 489 inp->inp_lport = 0; 490 return (EAGAIN); 491 } 492 493 return (0); 494 } 495 496 /* 497 * generate kernel-internal form (scopeid embedded into s6_addr16[1]). 498 * If the address scope of is link-local, embed the interface index in the 499 * address. The routine determines our precedence 500 * between advanced API scope/interface specification and basic API 501 * specification. 502 * 503 * this function should be nuked in the future, when we get rid of 504 * embedded scopeid thing. 505 * 506 * XXX actually, it is over-specification to return ifp against sin6_scope_id. 507 * there can be multiple interfaces that belong to a particular scope zone 508 * (in specification, we have 1:N mapping between a scope zone and interfaces). 509 * we may want to change the function to return something other than ifp. 510 */ 511 int 512 in6_embedscope(struct in6_addr *in6, 513 const struct sockaddr_in6 *sin6, 514 #ifdef HAVE_NRL_INPCB 515 struct inpcb *in6p, 516 #define in6p_outputopts inp_outputopts6 517 #define in6p_moptions inp_moptions6 518 #else 519 struct in6pcb *in6p, 520 #endif 521 struct ifnet **ifpp) 522 { 523 struct ifnet *ifp = NULL; 524 u_int32_t scopeid; 525 526 *in6 = sin6->sin6_addr; 527 scopeid = sin6->sin6_scope_id; 528 if (ifpp) 529 *ifpp = NULL; 530 531 /* 532 * don't try to read sin6->sin6_addr beyond here, since the caller may 533 * ask us to overwrite existing sockaddr_in6 534 */ 535 536 #ifdef ENABLE_DEFAULT_SCOPE 537 if (scopeid == 0) 538 scopeid = scope6_addr2default(in6); 539 #endif 540 541 if (IN6_IS_SCOPE_LINKLOCAL(in6)) { 542 struct in6_pktinfo *pi; 543 544 /* 545 * KAME assumption: link id == interface id 546 */ 547 548 if (in6p && in6p->in6p_outputopts && 549 (pi = in6p->in6p_outputopts->ip6po_pktinfo) && 550 pi->ipi6_ifindex) { 551 ifp = ifindex2ifnet[pi->ipi6_ifindex]; 552 in6->s6_addr16[1] = htons(pi->ipi6_ifindex); 553 } else if (in6p && IN6_IS_ADDR_MULTICAST(in6) && 554 in6p->in6p_moptions && 555 in6p->in6p_moptions->im6o_multicast_ifp) { 556 ifp = in6p->in6p_moptions->im6o_multicast_ifp; 557 in6->s6_addr16[1] = htons(ifp->if_index); 558 } else if (scopeid) { 559 /* boundary check */ 560 if (scopeid < 0 || if_index < scopeid) 561 return ENXIO; /* XXX EINVAL? */ 562 ifp = ifindex2ifnet[scopeid]; 563 /*XXX assignment to 16bit from 32bit variable */ 564 in6->s6_addr16[1] = htons(scopeid & 0xffff); 565 } 566 567 if (ifpp) 568 *ifpp = ifp; 569 } 570 571 return 0; 572 } 573 #ifdef HAVE_NRL_INPCB 574 #undef in6p_outputopts 575 #undef in6p_moptions 576 #endif 577 578 /* 579 * generate standard sockaddr_in6 from embedded form. 580 * touches sin6_addr and sin6_scope_id only. 581 * 582 * this function should be nuked in the future, when we get rid of 583 * embedded scopeid thing. 584 */ 585 int 586 in6_recoverscope(struct sockaddr_in6 *sin6, const struct in6_addr *in6, 587 struct ifnet *ifp) 588 { 589 u_int32_t scopeid; 590 591 sin6->sin6_addr = *in6; 592 593 /* 594 * don't try to read *in6 beyond here, since the caller may 595 * ask us to overwrite existing sockaddr_in6 596 */ 597 598 sin6->sin6_scope_id = 0; 599 if (IN6_IS_SCOPE_LINKLOCAL(in6)) { 600 /* 601 * KAME assumption: link id == interface id 602 */ 603 scopeid = ntohs(sin6->sin6_addr.s6_addr16[1]); 604 if (scopeid) { 605 /* sanity check */ 606 if (scopeid < 0 || if_index < scopeid) 607 return ENXIO; 608 if (ifp && ifp->if_index != scopeid) 609 return ENXIO; 610 sin6->sin6_addr.s6_addr16[1] = 0; 611 sin6->sin6_scope_id = scopeid; 612 } 613 } 614 615 return 0; 616 } 617 618 /* 619 * just clear the embedded scope identifer. 620 * XXX: currently used for bsdi4 only as a supplement function. 621 */ 622 void 623 in6_clearscope(struct in6_addr *addr) 624 { 625 if (IN6_IS_SCOPE_LINKLOCAL(addr)) 626 addr->s6_addr16[1] = 0; 627 } 628 629 void 630 addrsel_policy_init(void) 631 { 632 633 init_policy_queue(); 634 635 /* initialize the "last resort" policy */ 636 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy)); 637 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 638 } 639 640 /* 641 * Subroutines to manage the address selection policy table via sysctl. 642 */ 643 struct walkarg { 644 struct sysctl_req *w_req; 645 }; 646 647 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 648 SYSCTL_DECL(_net_inet6_ip6); 649 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 650 CTLFLAG_RD, in6_src_sysctl, ""); 651 652 static int 653 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 654 { 655 struct walkarg w; 656 657 if (req->newptr) 658 return EPERM; 659 660 bzero(&w, sizeof(w)); 661 w.w_req = req; 662 663 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 664 } 665 666 int 667 in6_src_ioctl(u_long cmd, caddr_t data) 668 { 669 int i; 670 struct in6_addrpolicy ent0; 671 672 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 673 return (EOPNOTSUPP); /* check for safety */ 674 675 ent0 = *(struct in6_addrpolicy *)data; 676 677 if (ent0.label == ADDR_LABEL_NOTAPP) 678 return (EINVAL); 679 /* check if the prefix mask is consecutive. */ 680 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 681 return (EINVAL); 682 /* clear trailing garbages (if any) of the prefix address. */ 683 for (i = 0; i < 4; i++) { 684 ent0.addr.sin6_addr.s6_addr32[i] &= 685 ent0.addrmask.sin6_addr.s6_addr32[i]; 686 } 687 ent0.use = 0; 688 689 switch (cmd) { 690 case SIOCAADDRCTL_POLICY: 691 return (add_addrsel_policyent(&ent0)); 692 case SIOCDADDRCTL_POLICY: 693 return (delete_addrsel_policyent(&ent0)); 694 } 695 696 return (0); /* XXX: compromise compilers */ 697 } 698 699 /* 700 * The followings are implementation of the policy table using a 701 * simple tail queue. 702 * XXX such details should be hidden. 703 * XXX implementation using binary tree should be more efficient. 704 */ 705 struct addrsel_policyent { 706 TAILQ_ENTRY(addrsel_policyent) ape_entry; 707 struct in6_addrpolicy ape_policy; 708 }; 709 710 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 711 712 struct addrsel_policyhead addrsel_policytab; 713 714 static void 715 init_policy_queue(void) 716 { 717 TAILQ_INIT(&addrsel_policytab); 718 } 719 720 static int 721 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 722 { 723 struct addrsel_policyent *new, *pol; 724 725 /* duplication check */ 726 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 727 pol = TAILQ_NEXT(pol, ape_entry)) { 728 if (SA6_ARE_ADDR_EQUAL(&newpolicy->addr, 729 &pol->ape_policy.addr) && 730 SA6_ARE_ADDR_EQUAL(&newpolicy->addrmask, 731 &pol->ape_policy.addrmask)) { 732 return (EEXIST); /* or override it? */ 733 } 734 } 735 736 new = kmalloc(sizeof(*new), M_IFADDR, M_WAITOK | M_ZERO); 737 738 /* XXX: should validate entry */ 739 new->ape_policy = *newpolicy; 740 741 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry); 742 743 return (0); 744 } 745 746 static int 747 delete_addrsel_policyent(struct in6_addrpolicy *key) 748 { 749 struct addrsel_policyent *pol; 750 751 /* search for the entry in the table */ 752 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 753 pol = TAILQ_NEXT(pol, ape_entry)) { 754 if (SA6_ARE_ADDR_EQUAL(&key->addr, &pol->ape_policy.addr) && 755 SA6_ARE_ADDR_EQUAL(&key->addrmask, 756 &pol->ape_policy.addrmask)) { 757 break; 758 } 759 } 760 if (pol == NULL) 761 return (ESRCH); 762 763 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry); 764 kfree(pol, M_IFADDR); 765 766 return (0); 767 } 768 769 static int 770 walk_addrsel_policy(int(*callback)(struct in6_addrpolicy *, void *), void *w) 771 { 772 struct addrsel_policyent *pol; 773 int error = 0; 774 775 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 776 pol = TAILQ_NEXT(pol, ape_entry)) { 777 if ((error = (*callback)(&pol->ape_policy, w)) != 0) 778 return (error); 779 } 780 781 return (error); 782 } 783 784 static int 785 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 786 { 787 int error = 0; 788 struct walkarg *w = arg; 789 790 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 791 792 return (error); 793 } 794