1 /* $FreeBSD: src/sys/netinet6/in6_src.c,v 1.1.2.3 2002/02/26 18:02:06 ume Exp $ */ 2 /* $KAME: in6_src.c,v 1.37 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 66 */ 67 68 #include "opt_inet.h" 69 #include "opt_inet6.h" 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/jail.h> 74 #include <sys/kernel.h> 75 #include <sys/malloc.h> 76 #include <sys/mbuf.h> 77 #include <sys/protosw.h> 78 #include <sys/socket.h> 79 #include <sys/socketvar.h> 80 #include <sys/sockio.h> 81 #include <sys/sysctl.h> 82 #include <sys/errno.h> 83 #include <sys/time.h> 84 #include <sys/proc.h> 85 #include <sys/priv.h> 86 87 #include <net/if.h> 88 #include <net/route.h> 89 90 #include <netinet/in.h> 91 #include <netinet/in_var.h> 92 #include <netinet/in_systm.h> 93 #include <netinet/ip.h> 94 #include <netinet/in_pcb.h> 95 #include <netinet6/in6_var.h> 96 #include <netinet/ip6.h> 97 #include <netinet6/in6_pcb.h> 98 #include <netinet6/ip6_var.h> 99 #include <netinet6/nd6.h> 100 #ifdef ENABLE_DEFAULT_SCOPE 101 #include <netinet6/scope6_var.h> 102 #endif 103 104 #include <net/net_osdep.h> 105 106 #define ADDR_LABEL_NOTAPP (-1) 107 struct in6_addrpolicy defaultaddrpolicy; 108 109 static void init_policy_queue(void); 110 static int add_addrsel_policyent(struct in6_addrpolicy *); 111 static int delete_addrsel_policyent(struct in6_addrpolicy *); 112 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *), 113 void *); 114 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 115 116 117 /* 118 * Return an IPv6 address, which is the most appropriate for a given 119 * destination and user specified options. 120 * If necessary, this function lookups the routing table and returns 121 * an entry to the caller for later use. 122 */ 123 struct in6_addr * 124 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 125 struct ip6_moptions *mopts, struct route_in6 *ro, 126 struct in6_addr *laddr, int *errorp, struct thread *td) 127 { 128 struct sockaddr_in6 jsin6; 129 struct ucred *cred = NULL; 130 struct in6_addr *dst; 131 struct in6_ifaddr *ia6 = 0; 132 struct in6_pktinfo *pi = NULL; 133 int jailed = 0; 134 135 if (td && td->td_proc && td->td_proc->p_ucred) 136 cred = td->td_proc->p_ucred; 137 if (cred && cred->cr_prison) 138 jailed = 1; 139 jsin6.sin6_family = AF_INET6; 140 dst = &dstsock->sin6_addr; 141 *errorp = 0; 142 143 /* 144 * If the source address is explicitly specified by the caller, 145 * use it. 146 */ 147 if (opts && (pi = opts->ip6po_pktinfo) && 148 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 149 jsin6.sin6_addr = pi->ipi6_addr; 150 if (jailed && !jailed_ip(cred->cr_prison, 151 (struct sockaddr *)&jsin6)) { 152 return(0); 153 } else { 154 return (&pi->ipi6_addr); 155 } 156 } 157 158 /* 159 * If the source address is not specified but the socket(if any) 160 * is already bound, use the bound address. 161 */ 162 if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr)) { 163 jsin6.sin6_addr = *laddr; 164 if (jailed && !jailed_ip(cred->cr_prison, 165 (struct sockaddr *)&jsin6)) { 166 return(0); 167 } else { 168 return (laddr); 169 } 170 } 171 172 /* 173 * If the caller doesn't specify the source address but 174 * the outgoing interface, use an address associated with 175 * the interface. 176 */ 177 if (pi && pi->ipi6_ifindex) { 178 /* XXX boundary check is assumed to be already done. */ 179 ia6 = in6_ifawithscope(ifindex2ifnet[pi->ipi6_ifindex], 180 dst); 181 182 if (ia6 && jailed) { 183 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 184 if (!jailed_ip(cred->cr_prison, 185 (struct sockaddr *)&jsin6)) 186 ia6 = 0; 187 } 188 189 if (ia6 == 0) { 190 *errorp = EADDRNOTAVAIL; 191 return (0); 192 } 193 return (&satosin6(&ia6->ia_addr)->sin6_addr); 194 } 195 196 /* 197 * If the destination address is a link-local unicast address or 198 * a multicast address, and if the outgoing interface is specified 199 * by the sin6_scope_id filed, use an address associated with the 200 * interface. 201 * XXX: We're now trying to define more specific semantics of 202 * sin6_scope_id field, so this part will be rewritten in 203 * the near future. 204 */ 205 if ((IN6_IS_ADDR_LINKLOCAL(dst) || IN6_IS_ADDR_MULTICAST(dst)) && 206 dstsock->sin6_scope_id) { 207 /* 208 * I'm not sure if boundary check for scope_id is done 209 * somewhere... 210 */ 211 if (dstsock->sin6_scope_id < 0 || 212 if_index < dstsock->sin6_scope_id) { 213 *errorp = ENXIO; /* XXX: better error? */ 214 return (0); 215 } 216 ia6 = in6_ifawithscope(ifindex2ifnet[dstsock->sin6_scope_id], 217 dst); 218 219 if (ia6 && jailed) { 220 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 221 if (!jailed_ip(cred->cr_prison, 222 (struct sockaddr *)&jsin6)) 223 ia6 = 0; 224 } 225 226 if (ia6 == 0) { 227 *errorp = EADDRNOTAVAIL; 228 return (0); 229 } 230 return (&satosin6(&ia6->ia_addr)->sin6_addr); 231 } 232 233 /* 234 * If the destination address is a multicast address and 235 * the outgoing interface for the address is specified 236 * by the caller, use an address associated with the interface. 237 * There is a sanity check here; if the destination has node-local 238 * scope, the outgoing interfacde should be a loopback address. 239 * Even if the outgoing interface is not specified, we also 240 * choose a loopback interface as the outgoing interface. 241 */ 242 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) { 243 struct ifnet *ifp = mopts ? mopts->im6o_multicast_ifp : NULL; 244 245 if (ifp == NULL && IN6_IS_ADDR_MC_NODELOCAL(dst)) { 246 ifp = &loif[0]; 247 } 248 249 if (ifp) { 250 ia6 = in6_ifawithscope(ifp, dst); 251 if (ia6 == 0) { 252 *errorp = EADDRNOTAVAIL; 253 return (0); 254 } 255 return (&satosin6(&ia6->ia_addr)->sin6_addr); 256 } 257 } 258 259 /* 260 * If the next hop address for the packet is specified 261 * by caller, use an address associated with the route 262 * to the next hop. 263 */ 264 { 265 struct sockaddr_in6 *sin6_next; 266 struct rtentry *rt; 267 268 if (opts && opts->ip6po_nexthop) { 269 sin6_next = satosin6(opts->ip6po_nexthop); 270 rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL); 271 if (rt) { 272 ia6 = in6_ifawithscope(rt->rt_ifp, dst); 273 if (ia6 == 0) 274 ia6 = ifatoia6(rt->rt_ifa); 275 } 276 if (ia6 && jailed) { 277 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 278 if (!jailed_ip(cred->cr_prison, 279 (struct sockaddr *)&jsin6)) 280 ia6 = 0; 281 } 282 283 if (ia6 == 0) { 284 *errorp = EADDRNOTAVAIL; 285 return (0); 286 } 287 return (&satosin6(&ia6->ia_addr)->sin6_addr); 288 } 289 } 290 291 /* 292 * If route is known or can be allocated now, 293 * our src addr is taken from the i/f, else punt. 294 */ 295 if (ro) { 296 if (ro->ro_rt && 297 (!(ro->ro_rt->rt_flags & RTF_UP) || 298 satosin6(&ro->ro_dst)->sin6_family != AF_INET6 || 299 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 300 dst))) { 301 RTFREE(ro->ro_rt); 302 ro->ro_rt = NULL; 303 } 304 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp == NULL) { 305 struct sockaddr_in6 *sa6; 306 307 /* No route yet, so try to acquire one */ 308 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 309 sa6 = &ro->ro_dst; 310 sa6->sin6_family = AF_INET6; 311 sa6->sin6_len = sizeof(struct sockaddr_in6); 312 sa6->sin6_addr = *dst; 313 sa6->sin6_scope_id = dstsock->sin6_scope_id; 314 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) { 315 ro->ro_rt = 316 rtpurelookup((struct sockaddr *)&ro->ro_dst); 317 } else { 318 rtalloc((struct route *)ro); 319 } 320 } 321 322 /* 323 * in_pcbconnect() checks out IFF_LOOPBACK to skip using 324 * the address. But we don't know why it does so. 325 * It is necessary to ensure the scope even for lo0 326 * so doesn't check out IFF_LOOPBACK. 327 */ 328 329 if (ro->ro_rt) { 330 ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst); 331 if (ia6 && jailed) { 332 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 333 if (!jailed_ip(cred->cr_prison, 334 (struct sockaddr *)&jsin6)) 335 ia6 = 0; 336 } 337 338 if (ia6 == 0) /* xxx scope error ?*/ 339 ia6 = ifatoia6(ro->ro_rt->rt_ifa); 340 341 if (ia6 && jailed) { 342 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr; 343 if (!jailed_ip(cred->cr_prison, 344 (struct sockaddr *)&jsin6)) 345 ia6 = 0; 346 } 347 } 348 #if 0 349 /* 350 * xxx The followings are necessary? (kazu) 351 * I don't think so. 352 * It's for SO_DONTROUTE option in IPv4.(jinmei) 353 */ 354 if (ia6 == 0) { 355 struct sockaddr_in6 sin6 = {sizeof(sin6), AF_INET6, 0}; 356 357 sin6->sin6_addr = *dst; 358 359 ia6 = ifatoia6(ifa_ifwithdstaddr(sin6tosa(&sin6))); 360 if (ia6 == 0) 361 ia6 = ifatoia6(ifa_ifwithnet(sin6tosa(&sin6))); 362 if (ia6 == 0) 363 return (0); 364 return (&satosin6(&ia6->ia_addr)->sin6_addr); 365 } 366 #endif /* 0 */ 367 if (ia6 == 0) { 368 *errorp = EHOSTUNREACH; /* no route */ 369 return (0); 370 } 371 return (&satosin6(&ia6->ia_addr)->sin6_addr); 372 } 373 374 *errorp = EADDRNOTAVAIL; 375 return (0); 376 } 377 378 /* 379 * Default hop limit selection. The precedence is as follows: 380 * 1. Hoplimit value specified via ioctl. 381 * 2. (If the outgoing interface is detected) the current 382 * hop limit of the interface specified by router advertisement. 383 * 3. The system default hoplimit. 384 */ 385 int 386 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) 387 { 388 if (in6p && in6p->in6p_hops >= 0) 389 return (in6p->in6p_hops); 390 else if (ifp) 391 return (ND_IFINFO(ifp)->chlim); 392 else 393 return (ip6_defhlim); 394 } 395 396 /* 397 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 398 * share this function by all *bsd*... 399 */ 400 int 401 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct thread *td) 402 { 403 struct socket *so = inp->inp_socket; 404 u_int16_t lport = 0, first, last, *lastport; 405 int count, error = 0, wild = 0; 406 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 407 struct ucred *cred = NULL; 408 409 /* XXX: this is redundant when called from in6_pcbbind */ 410 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 411 wild = INPLOOKUP_WILDCARD; 412 if (td->td_proc && td->td_proc->p_ucred) 413 cred = td->td_proc->p_ucred; 414 415 inp->inp_flags |= INP_ANONPORT; 416 417 if (inp->inp_flags & INP_HIGHPORT) { 418 first = ipport_hifirstauto; /* sysctl */ 419 last = ipport_hilastauto; 420 lastport = &pcbinfo->lasthi; 421 } else if (inp->inp_flags & INP_LOWPORT) { 422 if ((error = priv_check(td, PRIV_ROOT)) != 0) 423 return error; 424 first = ipport_lowfirstauto; /* 1023 */ 425 last = ipport_lowlastauto; /* 600 */ 426 lastport = &pcbinfo->lastlow; 427 } else { 428 first = ipport_firstauto; /* sysctl */ 429 last = ipport_lastauto; 430 lastport = &pcbinfo->lastport; 431 } 432 /* 433 * Simple check to ensure all ports are not used up causing 434 * a deadlock here. 435 * 436 * We split the two cases (up and down) so that the direction 437 * is not being tested on each round of the loop. 438 */ 439 if (first > last) { 440 /* 441 * counting down 442 */ 443 count = first - last; 444 445 do { 446 if (count-- < 0) { /* completely used? */ 447 /* 448 * Undo any address bind that may have 449 * occurred above. 450 */ 451 inp->in6p_laddr = kin6addr_any; 452 return (EAGAIN); 453 } 454 --*lastport; 455 if (*lastport > first || *lastport < last) 456 *lastport = first; 457 lport = htons(*lastport); 458 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 459 lport, wild, cred)); 460 } else { 461 /* 462 * counting up 463 */ 464 count = last - first; 465 466 do { 467 if (count-- < 0) { /* completely used? */ 468 /* 469 * Undo any address bind that may have 470 * occurred above. 471 */ 472 inp->in6p_laddr = kin6addr_any; 473 return (EAGAIN); 474 } 475 ++*lastport; 476 if (*lastport < first || *lastport > last) 477 *lastport = first; 478 lport = htons(*lastport); 479 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 480 lport, wild, cred)); 481 } 482 483 inp->inp_lport = lport; 484 if (in_pcbinsporthash(inp) != 0) { 485 inp->in6p_laddr = kin6addr_any; 486 inp->inp_lport = 0; 487 return (EAGAIN); 488 } 489 490 return (0); 491 } 492 493 /* 494 * generate kernel-internal form (scopeid embedded into s6_addr16[1]). 495 * If the address scope of is link-local, embed the interface index in the 496 * address. The routine determines our precedence 497 * between advanced API scope/interface specification and basic API 498 * specification. 499 * 500 * this function should be nuked in the future, when we get rid of 501 * embedded scopeid thing. 502 * 503 * XXX actually, it is over-specification to return ifp against sin6_scope_id. 504 * there can be multiple interfaces that belong to a particular scope zone 505 * (in specification, we have 1:N mapping between a scope zone and interfaces). 506 * we may want to change the function to return something other than ifp. 507 */ 508 int 509 in6_embedscope(struct in6_addr *in6, 510 const struct sockaddr_in6 *sin6, 511 #ifdef HAVE_NRL_INPCB 512 struct inpcb *in6p, 513 #define in6p_outputopts inp_outputopts6 514 #define in6p_moptions inp_moptions6 515 #else 516 struct in6pcb *in6p, 517 #endif 518 struct ifnet **ifpp) 519 { 520 struct ifnet *ifp = NULL; 521 u_int32_t scopeid; 522 523 *in6 = sin6->sin6_addr; 524 scopeid = sin6->sin6_scope_id; 525 if (ifpp) 526 *ifpp = NULL; 527 528 /* 529 * don't try to read sin6->sin6_addr beyond here, since the caller may 530 * ask us to overwrite existing sockaddr_in6 531 */ 532 533 #ifdef ENABLE_DEFAULT_SCOPE 534 if (scopeid == 0) 535 scopeid = scope6_addr2default(in6); 536 #endif 537 538 if (IN6_IS_SCOPE_LINKLOCAL(in6)) { 539 struct in6_pktinfo *pi; 540 541 /* 542 * KAME assumption: link id == interface id 543 */ 544 545 if (in6p && in6p->in6p_outputopts && 546 (pi = in6p->in6p_outputopts->ip6po_pktinfo) && 547 pi->ipi6_ifindex) { 548 ifp = ifindex2ifnet[pi->ipi6_ifindex]; 549 in6->s6_addr16[1] = htons(pi->ipi6_ifindex); 550 } else if (in6p && IN6_IS_ADDR_MULTICAST(in6) && 551 in6p->in6p_moptions && 552 in6p->in6p_moptions->im6o_multicast_ifp) { 553 ifp = in6p->in6p_moptions->im6o_multicast_ifp; 554 in6->s6_addr16[1] = htons(ifp->if_index); 555 } else if (scopeid) { 556 /* boundary check */ 557 if (scopeid < 0 || if_index < scopeid) 558 return ENXIO; /* XXX EINVAL? */ 559 ifp = ifindex2ifnet[scopeid]; 560 /*XXX assignment to 16bit from 32bit variable */ 561 in6->s6_addr16[1] = htons(scopeid & 0xffff); 562 } 563 564 if (ifpp) 565 *ifpp = ifp; 566 } 567 568 return 0; 569 } 570 #ifdef HAVE_NRL_INPCB 571 #undef in6p_outputopts 572 #undef in6p_moptions 573 #endif 574 575 /* 576 * generate standard sockaddr_in6 from embedded form. 577 * touches sin6_addr and sin6_scope_id only. 578 * 579 * this function should be nuked in the future, when we get rid of 580 * embedded scopeid thing. 581 */ 582 int 583 in6_recoverscope(struct sockaddr_in6 *sin6, const struct in6_addr *in6, 584 struct ifnet *ifp) 585 { 586 u_int32_t scopeid; 587 588 sin6->sin6_addr = *in6; 589 590 /* 591 * don't try to read *in6 beyond here, since the caller may 592 * ask us to overwrite existing sockaddr_in6 593 */ 594 595 sin6->sin6_scope_id = 0; 596 if (IN6_IS_SCOPE_LINKLOCAL(in6)) { 597 /* 598 * KAME assumption: link id == interface id 599 */ 600 scopeid = ntohs(sin6->sin6_addr.s6_addr16[1]); 601 if (scopeid) { 602 /* sanity check */ 603 if (scopeid < 0 || if_index < scopeid) 604 return ENXIO; 605 if (ifp && ifp->if_index != scopeid) 606 return ENXIO; 607 sin6->sin6_addr.s6_addr16[1] = 0; 608 sin6->sin6_scope_id = scopeid; 609 } 610 } 611 612 return 0; 613 } 614 615 /* 616 * just clear the embedded scope identifer. 617 * XXX: currently used for bsdi4 only as a supplement function. 618 */ 619 void 620 in6_clearscope(struct in6_addr *addr) 621 { 622 if (IN6_IS_SCOPE_LINKLOCAL(addr)) 623 addr->s6_addr16[1] = 0; 624 } 625 626 void 627 addrsel_policy_init(void) 628 { 629 630 init_policy_queue(); 631 632 /* initialize the "last resort" policy */ 633 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy)); 634 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 635 } 636 637 /* 638 * Subroutines to manage the address selection policy table via sysctl. 639 */ 640 struct walkarg { 641 struct sysctl_req *w_req; 642 }; 643 644 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 645 SYSCTL_DECL(_net_inet6_ip6); 646 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 647 CTLFLAG_RD, in6_src_sysctl, "Address selection policy"); 648 649 static int 650 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 651 { 652 struct walkarg w; 653 654 if (req->newptr) 655 return EPERM; 656 657 bzero(&w, sizeof(w)); 658 w.w_req = req; 659 660 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 661 } 662 663 int 664 in6_src_ioctl(u_long cmd, caddr_t data) 665 { 666 int i; 667 struct in6_addrpolicy ent0; 668 669 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 670 return (EOPNOTSUPP); /* check for safety */ 671 672 ent0 = *(struct in6_addrpolicy *)data; 673 674 if (ent0.label == ADDR_LABEL_NOTAPP) 675 return (EINVAL); 676 /* check if the prefix mask is consecutive. */ 677 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 678 return (EINVAL); 679 /* clear trailing garbages (if any) of the prefix address. */ 680 for (i = 0; i < 4; i++) { 681 ent0.addr.sin6_addr.s6_addr32[i] &= 682 ent0.addrmask.sin6_addr.s6_addr32[i]; 683 } 684 ent0.use = 0; 685 686 switch (cmd) { 687 case SIOCAADDRCTL_POLICY: 688 return (add_addrsel_policyent(&ent0)); 689 case SIOCDADDRCTL_POLICY: 690 return (delete_addrsel_policyent(&ent0)); 691 } 692 693 return (0); /* XXX: compromise compilers */ 694 } 695 696 /* 697 * The followings are implementation of the policy table using a 698 * simple tail queue. 699 * XXX such details should be hidden. 700 * XXX implementation using binary tree should be more efficient. 701 */ 702 struct addrsel_policyent { 703 TAILQ_ENTRY(addrsel_policyent) ape_entry; 704 struct in6_addrpolicy ape_policy; 705 }; 706 707 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 708 709 struct addrsel_policyhead addrsel_policytab; 710 711 static void 712 init_policy_queue(void) 713 { 714 TAILQ_INIT(&addrsel_policytab); 715 } 716 717 static int 718 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 719 { 720 struct addrsel_policyent *new, *pol; 721 722 /* duplication check */ 723 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 724 pol = TAILQ_NEXT(pol, ape_entry)) { 725 if (SA6_ARE_ADDR_EQUAL(&newpolicy->addr, 726 &pol->ape_policy.addr) && 727 SA6_ARE_ADDR_EQUAL(&newpolicy->addrmask, 728 &pol->ape_policy.addrmask)) { 729 return (EEXIST); /* or override it? */ 730 } 731 } 732 733 new = kmalloc(sizeof(*new), M_IFADDR, M_WAITOK | M_ZERO); 734 735 /* XXX: should validate entry */ 736 new->ape_policy = *newpolicy; 737 738 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry); 739 740 return (0); 741 } 742 743 static int 744 delete_addrsel_policyent(struct in6_addrpolicy *key) 745 { 746 struct addrsel_policyent *pol; 747 748 /* search for the entry in the table */ 749 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 750 pol = TAILQ_NEXT(pol, ape_entry)) { 751 if (SA6_ARE_ADDR_EQUAL(&key->addr, &pol->ape_policy.addr) && 752 SA6_ARE_ADDR_EQUAL(&key->addrmask, 753 &pol->ape_policy.addrmask)) { 754 break; 755 } 756 } 757 if (pol == NULL) 758 return (ESRCH); 759 760 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry); 761 kfree(pol, M_IFADDR); 762 763 return (0); 764 } 765 766 static int 767 walk_addrsel_policy(int(*callback)(struct in6_addrpolicy *, void *), void *w) 768 { 769 struct addrsel_policyent *pol; 770 int error = 0; 771 772 for (pol = TAILQ_FIRST(&addrsel_policytab); pol; 773 pol = TAILQ_NEXT(pol, ape_entry)) { 774 if ((error = (*callback)(&pol->ape_policy, w)) != 0) 775 return (error); 776 } 777 778 return (error); 779 } 780 781 static int 782 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 783 { 784 int error = 0; 785 struct walkarg *w = arg; 786 787 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 788 789 return (error); 790 } 791