FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6.c
1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $
30 */
31
32 /*-
33 * Copyright (c) 1982, 1986, 1991, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in.c 8.2 (Berkeley) 11/15/93
61 */
62
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD: src/sys/netinet6/in6.c,v 1.86 2008/12/02 21:37:28 bz Exp $");
65
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68
69 #include <sys/param.h>
70 #include <sys/errno.h>
71 #include <sys/malloc.h>
72 #include <sys/socket.h>
73 #include <sys/socketvar.h>
74 #include <sys/sockio.h>
75 #include <sys/systm.h>
76 #include <sys/priv.h>
77 #include <sys/proc.h>
78 #include <sys/time.h>
79 #include <sys/kernel.h>
80 #include <sys/syslog.h>
81 #include <sys/vimage.h>
82
83 #include <net/if.h>
84 #include <net/if_types.h>
85 #include <net/route.h>
86 #include <net/if_dl.h>
87 #include <net/vnet.h>
88
89 #include <netinet/in.h>
90 #include <netinet/in_var.h>
91 #include <netinet/if_ether.h>
92 #include <netinet/in_systm.h>
93 #include <netinet/ip.h>
94 #include <netinet/in_pcb.h>
95
96 #include <netinet/ip6.h>
97 #include <netinet6/ip6_var.h>
98 #include <netinet6/nd6.h>
99 #include <netinet6/mld6_var.h>
100 #include <netinet6/ip6_mroute.h>
101 #include <netinet6/in6_ifattach.h>
102 #include <netinet6/scope6_var.h>
103 #include <netinet6/in6_pcb.h>
104 #include <netinet6/vinet6.h>
105
106 MALLOC_DEFINE(M_IP6MADDR, "in6_multi", "internet multicast address");
107
108 /*
109 * Definitions of some costant IP6 addresses.
110 */
111 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
112 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
113 const struct in6_addr in6addr_nodelocal_allnodes =
114 IN6ADDR_NODELOCAL_ALLNODES_INIT;
115 const struct in6_addr in6addr_linklocal_allnodes =
116 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
117 const struct in6_addr in6addr_linklocal_allrouters =
118 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
119
120 const struct in6_addr in6mask0 = IN6MASK0;
121 const struct in6_addr in6mask32 = IN6MASK32;
122 const struct in6_addr in6mask64 = IN6MASK64;
123 const struct in6_addr in6mask96 = IN6MASK96;
124 const struct in6_addr in6mask128 = IN6MASK128;
125
126 const struct sockaddr_in6 sa6_any =
127 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 };
128
129 static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t,
130 struct ifnet *, struct thread *));
131 static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *,
132 struct sockaddr_in6 *, int));
133 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
134
135 struct in6_multihead in6_multihead; /* XXX BSS initialization */
136 int (*faithprefix_p)(struct in6_addr *);
137
138 /*
139 * Subroutine for in6_ifaddloop() and in6_ifremloop().
140 * This routine does actual work.
141 */
142 static void
143 in6_ifloop_request(int cmd, struct ifaddr *ifa)
144 {
145 struct sockaddr_in6 all1_sa;
146 struct rtentry *nrt = NULL;
147 int e;
148 char ip6buf[INET6_ADDRSTRLEN];
149
150 bzero(&all1_sa, sizeof(all1_sa));
151 all1_sa.sin6_family = AF_INET6;
152 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
153 all1_sa.sin6_addr = in6mask128;
154
155 /*
156 * We specify the address itself as the gateway, and set the
157 * RTF_LLINFO flag, so that the corresponding host route would have
158 * the flag, and thus applications that assume traditional behavior
159 * would be happy. Note that we assume the caller of the function
160 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
161 * which changes the outgoing interface to the loopback interface.
162 */
163 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr,
164 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt);
165 if (e != 0) {
166 /* XXX need more descriptive message */
167
168 log(LOG_ERR, "in6_ifloop_request: "
169 "%s operation failed for %s (errno=%d)\n",
170 cmd == RTM_ADD ? "ADD" : "DELETE",
171 ip6_sprintf(ip6buf,
172 &((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), e);
173 }
174
175 /*
176 * Report the addition/removal of the address to the routing socket.
177 * XXX: since we called rtinit for a p2p interface with a destination,
178 * we end up reporting twice in such a case. Should we rather
179 * omit the second report?
180 */
181 if (nrt) {
182 RT_LOCK(nrt);
183 /*
184 * Make sure rt_ifa be equal to IFA, the second argument of
185 * the function. We need this because when we refer to
186 * rt_ifa->ia6_flags in ip6_input, we assume that the rt_ifa
187 * points to the address instead of the loopback address.
188 */
189 if (cmd == RTM_ADD && ifa != nrt->rt_ifa) {
190 IFAFREE(nrt->rt_ifa);
191 IFAREF(ifa);
192 nrt->rt_ifa = ifa;
193 }
194
195 rt_newaddrmsg(cmd, ifa, e, nrt);
196 if (cmd == RTM_DELETE)
197 RTFREE_LOCKED(nrt);
198 else {
199 /* the cmd must be RTM_ADD here */
200 RT_REMREF(nrt);
201 RT_UNLOCK(nrt);
202 }
203 }
204 }
205
206 /*
207 * Add ownaddr as loopback rtentry. We previously add the route only if
208 * necessary (ex. on a p2p link). However, since we now manage addresses
209 * separately from prefixes, we should always add the route. We can't
210 * rely on the cloning mechanism from the corresponding interface route
211 * any more.
212 */
213 void
214 in6_ifaddloop(struct ifaddr *ifa)
215 {
216 struct rtentry *rt;
217 int need_loop;
218
219 /* If there is no loopback entry, allocate one. */
220 rt = rtalloc1(ifa->ifa_addr, 0, 0);
221 need_loop = (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
222 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0);
223 if (rt)
224 RTFREE_LOCKED(rt);
225 if (need_loop)
226 in6_ifloop_request(RTM_ADD, ifa);
227 }
228
229 /*
230 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
231 * if it exists.
232 */
233 void
234 in6_ifremloop(struct ifaddr *ifa)
235 {
236 INIT_VNET_INET6(curvnet);
237 struct in6_ifaddr *ia;
238 struct rtentry *rt;
239 int ia_count = 0;
240
241 /*
242 * Some of BSD variants do not remove cloned routes
243 * from an interface direct route, when removing the direct route
244 * (see comments in net/net_osdep.h). Even for variants that do remove
245 * cloned routes, they could fail to remove the cloned routes when
246 * we handle multple addresses that share a common prefix.
247 * So, we should remove the route corresponding to the deleted address.
248 */
249
250 /*
251 * Delete the entry only if exact one ifa exists. More than one ifa
252 * can exist if we assign a same single address to multiple
253 * (probably p2p) interfaces.
254 * XXX: we should avoid such a configuration in IPv6...
255 */
256 for (ia = V_in6_ifaddr; ia; ia = ia->ia_next) {
257 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
258 ia_count++;
259 if (ia_count > 1)
260 break;
261 }
262 }
263
264 if (ia_count == 1) {
265 /*
266 * Before deleting, check if a corresponding loopbacked host
267 * route surely exists. With this check, we can avoid to
268 * delete an interface direct route whose destination is same
269 * as the address being removed. This can happen when removing
270 * a subnet-router anycast address on an interface attahced
271 * to a shared medium.
272 */
273 rt = rtalloc1(ifa->ifa_addr, 0, 0);
274 if (rt != NULL) {
275 if ((rt->rt_flags & RTF_HOST) != 0 &&
276 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
277 RTFREE_LOCKED(rt);
278 in6_ifloop_request(RTM_DELETE, ifa);
279 } else
280 RT_UNLOCK(rt);
281 }
282 }
283 }
284
285 int
286 in6_mask2len(struct in6_addr *mask, u_char *lim0)
287 {
288 int x = 0, y;
289 u_char *lim = lim0, *p;
290
291 /* ignore the scope_id part */
292 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
293 lim = (u_char *)mask + sizeof(*mask);
294 for (p = (u_char *)mask; p < lim; x++, p++) {
295 if (*p != 0xff)
296 break;
297 }
298 y = 0;
299 if (p < lim) {
300 for (y = 0; y < 8; y++) {
301 if ((*p & (0x80 >> y)) == 0)
302 break;
303 }
304 }
305
306 /*
307 * when the limit pointer is given, do a stricter check on the
308 * remaining bits.
309 */
310 if (p < lim) {
311 if (y != 0 && (*p & (0x00ff >> y)) != 0)
312 return (-1);
313 for (p = p + 1; p < lim; p++)
314 if (*p != 0)
315 return (-1);
316 }
317
318 return x * 8 + y;
319 }
320
321 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
322 #define ia62ifa(ia6) (&((ia6)->ia_ifa))
323
324 int
325 in6_control(struct socket *so, u_long cmd, caddr_t data,
326 struct ifnet *ifp, struct thread *td)
327 {
328 INIT_VNET_INET6(curvnet);
329 struct in6_ifreq *ifr = (struct in6_ifreq *)data;
330 struct in6_ifaddr *ia = NULL;
331 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
332 struct sockaddr_in6 *sa6;
333 int error;
334
335 switch (cmd) {
336 case SIOCGETSGCNT_IN6:
337 case SIOCGETMIFCNT_IN6:
338 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP);
339 }
340
341 switch(cmd) {
342 case SIOCAADDRCTL_POLICY:
343 case SIOCDADDRCTL_POLICY:
344 if (td != NULL) {
345 error = priv_check(td, PRIV_NETINET_ADDRCTRL6);
346 if (error)
347 return (error);
348 }
349 return (in6_src_ioctl(cmd, data));
350 }
351
352 if (ifp == NULL)
353 return (EOPNOTSUPP);
354
355 switch (cmd) {
356 case SIOCSNDFLUSH_IN6:
357 case SIOCSPFXFLUSH_IN6:
358 case SIOCSRTRFLUSH_IN6:
359 case SIOCSDEFIFACE_IN6:
360 case SIOCSIFINFO_FLAGS:
361 if (td != NULL) {
362 error = priv_check(td, PRIV_NETINET_ND6);
363 if (error)
364 return (error);
365 }
366 /* FALLTHROUGH */
367 case OSIOCGIFINFO_IN6:
368 case SIOCGIFINFO_IN6:
369 case SIOCSIFINFO_IN6:
370 case SIOCGDRLST_IN6:
371 case SIOCGPRLST_IN6:
372 case SIOCGNBRINFO_IN6:
373 case SIOCGDEFIFACE_IN6:
374 return (nd6_ioctl(cmd, data, ifp));
375 }
376
377 switch (cmd) {
378 case SIOCSIFPREFIX_IN6:
379 case SIOCDIFPREFIX_IN6:
380 case SIOCAIFPREFIX_IN6:
381 case SIOCCIFPREFIX_IN6:
382 case SIOCSGIFPREFIX_IN6:
383 case SIOCGIFPREFIX_IN6:
384 log(LOG_NOTICE,
385 "prefix ioctls are now invalidated. "
386 "please use ifconfig.\n");
387 return (EOPNOTSUPP);
388 }
389
390 switch (cmd) {
391 case SIOCSSCOPE6:
392 if (td != NULL) {
393 error = priv_check(td, PRIV_NETINET_SCOPE6);
394 if (error)
395 return (error);
396 }
397 return (scope6_set(ifp,
398 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
399 case SIOCGSCOPE6:
400 return (scope6_get(ifp,
401 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
402 case SIOCGSCOPE6DEF:
403 return (scope6_get_default((struct scope6_id *)
404 ifr->ifr_ifru.ifru_scope_id));
405 }
406
407 switch (cmd) {
408 case SIOCALIFADDR:
409 if (td != NULL) {
410 error = priv_check(td, PRIV_NET_ADDIFADDR);
411 if (error)
412 return (error);
413 }
414 return in6_lifaddr_ioctl(so, cmd, data, ifp, td);
415
416 case SIOCDLIFADDR:
417 if (td != NULL) {
418 error = priv_check(td, PRIV_NET_DELIFADDR);
419 if (error)
420 return (error);
421 }
422 /* FALLTHROUGH */
423 case SIOCGLIFADDR:
424 return in6_lifaddr_ioctl(so, cmd, data, ifp, td);
425 }
426
427 /*
428 * Find address for this interface, if it exists.
429 *
430 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
431 * only, and used the first interface address as the target of other
432 * operations (without checking ifra_addr). This was because netinet
433 * code/API assumed at most 1 interface address per interface.
434 * Since IPv6 allows a node to assign multiple addresses
435 * on a single interface, we almost always look and check the
436 * presence of ifra_addr, and reject invalid ones here.
437 * It also decreases duplicated code among SIOC*_IN6 operations.
438 */
439 switch (cmd) {
440 case SIOCAIFADDR_IN6:
441 case SIOCSIFPHYADDR_IN6:
442 sa6 = &ifra->ifra_addr;
443 break;
444 case SIOCSIFADDR_IN6:
445 case SIOCGIFADDR_IN6:
446 case SIOCSIFDSTADDR_IN6:
447 case SIOCSIFNETMASK_IN6:
448 case SIOCGIFDSTADDR_IN6:
449 case SIOCGIFNETMASK_IN6:
450 case SIOCDIFADDR_IN6:
451 case SIOCGIFPSRCADDR_IN6:
452 case SIOCGIFPDSTADDR_IN6:
453 case SIOCGIFAFLAG_IN6:
454 case SIOCSNDFLUSH_IN6:
455 case SIOCSPFXFLUSH_IN6:
456 case SIOCSRTRFLUSH_IN6:
457 case SIOCGIFALIFETIME_IN6:
458 case SIOCSIFALIFETIME_IN6:
459 case SIOCGIFSTAT_IN6:
460 case SIOCGIFSTAT_ICMP6:
461 sa6 = &ifr->ifr_addr;
462 break;
463 default:
464 sa6 = NULL;
465 break;
466 }
467 if (sa6 && sa6->sin6_family == AF_INET6) {
468 int error = 0;
469
470 if (sa6->sin6_scope_id != 0)
471 error = sa6_embedscope(sa6, 0);
472 else
473 error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
474 if (error != 0)
475 return (error);
476 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
477 } else
478 ia = NULL;
479
480 switch (cmd) {
481 case SIOCSIFADDR_IN6:
482 case SIOCSIFDSTADDR_IN6:
483 case SIOCSIFNETMASK_IN6:
484 /*
485 * Since IPv6 allows a node to assign multiple addresses
486 * on a single interface, SIOCSIFxxx ioctls are deprecated.
487 */
488 /* we decided to obsolete this command (20000704) */
489 return (EINVAL);
490
491 case SIOCDIFADDR_IN6:
492 /*
493 * for IPv4, we look for existing in_ifaddr here to allow
494 * "ifconfig if0 delete" to remove the first IPv4 address on
495 * the interface. For IPv6, as the spec allows multiple
496 * interface address from the day one, we consider "remove the
497 * first one" semantics to be not preferable.
498 */
499 if (ia == NULL)
500 return (EADDRNOTAVAIL);
501 /* FALLTHROUGH */
502 case SIOCAIFADDR_IN6:
503 /*
504 * We always require users to specify a valid IPv6 address for
505 * the corresponding operation.
506 */
507 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
508 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6))
509 return (EAFNOSUPPORT);
510
511 if (td != NULL) {
512 error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ?
513 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
514 if (error)
515 return (error);
516 }
517
518 break;
519
520 case SIOCGIFADDR_IN6:
521 /* This interface is basically deprecated. use SIOCGIFCONF. */
522 /* FALLTHROUGH */
523 case SIOCGIFAFLAG_IN6:
524 case SIOCGIFNETMASK_IN6:
525 case SIOCGIFDSTADDR_IN6:
526 case SIOCGIFALIFETIME_IN6:
527 /* must think again about its semantics */
528 if (ia == NULL)
529 return (EADDRNOTAVAIL);
530 break;
531 case SIOCSIFALIFETIME_IN6:
532 {
533 struct in6_addrlifetime *lt;
534
535 if (td != NULL) {
536 error = priv_check(td, PRIV_NETINET_ALIFETIME6);
537 if (error)
538 return (error);
539 }
540 if (ia == NULL)
541 return (EADDRNOTAVAIL);
542 /* sanity for overflow - beware unsigned */
543 lt = &ifr->ifr_ifru.ifru_lifetime;
544 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME &&
545 lt->ia6t_vltime + time_second < time_second) {
546 return EINVAL;
547 }
548 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME &&
549 lt->ia6t_pltime + time_second < time_second) {
550 return EINVAL;
551 }
552 break;
553 }
554 }
555
556 switch (cmd) {
557
558 case SIOCGIFADDR_IN6:
559 ifr->ifr_addr = ia->ia_addr;
560 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
561 return (error);
562 break;
563
564 case SIOCGIFDSTADDR_IN6:
565 if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
566 return (EINVAL);
567 /*
568 * XXX: should we check if ifa_dstaddr is NULL and return
569 * an error?
570 */
571 ifr->ifr_dstaddr = ia->ia_dstaddr;
572 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0)
573 return (error);
574 break;
575
576 case SIOCGIFNETMASK_IN6:
577 ifr->ifr_addr = ia->ia_prefixmask;
578 break;
579
580 case SIOCGIFAFLAG_IN6:
581 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
582 break;
583
584 case SIOCGIFSTAT_IN6:
585 if (ifp == NULL)
586 return EINVAL;
587 bzero(&ifr->ifr_ifru.ifru_stat,
588 sizeof(ifr->ifr_ifru.ifru_stat));
589 ifr->ifr_ifru.ifru_stat =
590 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat;
591 break;
592
593 case SIOCGIFSTAT_ICMP6:
594 if (ifp == NULL)
595 return EINVAL;
596 bzero(&ifr->ifr_ifru.ifru_icmp6stat,
597 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
598 ifr->ifr_ifru.ifru_icmp6stat =
599 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat;
600 break;
601
602 case SIOCGIFALIFETIME_IN6:
603 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
604 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
605 time_t maxexpire;
606 struct in6_addrlifetime *retlt =
607 &ifr->ifr_ifru.ifru_lifetime;
608
609 /*
610 * XXX: adjust expiration time assuming time_t is
611 * signed.
612 */
613 maxexpire = (-1) &
614 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
615 if (ia->ia6_lifetime.ia6t_vltime <
616 maxexpire - ia->ia6_updatetime) {
617 retlt->ia6t_expire = ia->ia6_updatetime +
618 ia->ia6_lifetime.ia6t_vltime;
619 } else
620 retlt->ia6t_expire = maxexpire;
621 }
622 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
623 time_t maxexpire;
624 struct in6_addrlifetime *retlt =
625 &ifr->ifr_ifru.ifru_lifetime;
626
627 /*
628 * XXX: adjust expiration time assuming time_t is
629 * signed.
630 */
631 maxexpire = (-1) &
632 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
633 if (ia->ia6_lifetime.ia6t_pltime <
634 maxexpire - ia->ia6_updatetime) {
635 retlt->ia6t_preferred = ia->ia6_updatetime +
636 ia->ia6_lifetime.ia6t_pltime;
637 } else
638 retlt->ia6t_preferred = maxexpire;
639 }
640 break;
641
642 case SIOCSIFALIFETIME_IN6:
643 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime;
644 /* for sanity */
645 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
646 ia->ia6_lifetime.ia6t_expire =
647 time_second + ia->ia6_lifetime.ia6t_vltime;
648 } else
649 ia->ia6_lifetime.ia6t_expire = 0;
650 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
651 ia->ia6_lifetime.ia6t_preferred =
652 time_second + ia->ia6_lifetime.ia6t_pltime;
653 } else
654 ia->ia6_lifetime.ia6t_preferred = 0;
655 break;
656
657 case SIOCAIFADDR_IN6:
658 {
659 int i, error = 0;
660 struct nd_prefixctl pr0;
661 struct nd_prefix *pr;
662
663 /*
664 * first, make or update the interface address structure,
665 * and link it to the list.
666 */
667 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0)
668 return (error);
669 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
670 == NULL) {
671 /*
672 * this can happen when the user specify the 0 valid
673 * lifetime.
674 */
675 break;
676 }
677
678 /*
679 * then, make the prefix on-link on the interface.
680 * XXX: we'd rather create the prefix before the address, but
681 * we need at least one address to install the corresponding
682 * interface route, so we configure the address first.
683 */
684
685 /*
686 * convert mask to prefix length (prefixmask has already
687 * been validated in in6_update_ifa().
688 */
689 bzero(&pr0, sizeof(pr0));
690 pr0.ndpr_ifp = ifp;
691 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
692 NULL);
693 if (pr0.ndpr_plen == 128) {
694 break; /* we don't need to install a host route. */
695 }
696 pr0.ndpr_prefix = ifra->ifra_addr;
697 /* apply the mask for safety. */
698 for (i = 0; i < 4; i++) {
699 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
700 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
701 }
702 /*
703 * XXX: since we don't have an API to set prefix (not address)
704 * lifetimes, we just use the same lifetimes as addresses.
705 * The (temporarily) installed lifetimes can be overridden by
706 * later advertised RAs (when accept_rtadv is non 0), which is
707 * an intended behavior.
708 */
709 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
710 pr0.ndpr_raf_auto =
711 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
712 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
713 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
714
715 /* add the prefix if not yet. */
716 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
717 /*
718 * nd6_prelist_add will install the corresponding
719 * interface route.
720 */
721 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
722 return (error);
723 if (pr == NULL) {
724 log(LOG_ERR, "nd6_prelist_add succeeded but "
725 "no prefix\n");
726 return (EINVAL); /* XXX panic here? */
727 }
728 }
729
730 /* relate the address to the prefix */
731 if (ia->ia6_ndpr == NULL) {
732 ia->ia6_ndpr = pr;
733 pr->ndpr_refcnt++;
734
735 /*
736 * If this is the first autoconf address from the
737 * prefix, create a temporary address as well
738 * (when required).
739 */
740 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) &&
741 V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) {
742 int e;
743 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) {
744 log(LOG_NOTICE, "in6_control: failed "
745 "to create a temporary address, "
746 "errno=%d\n", e);
747 }
748 }
749 }
750
751 /*
752 * this might affect the status of autoconfigured addresses,
753 * that is, this address might make other addresses detached.
754 */
755 pfxlist_onlink_check();
756 if (error == 0 && ia)
757 EVENTHANDLER_INVOKE(ifaddr_event, ifp);
758 break;
759 }
760
761 case SIOCDIFADDR_IN6:
762 {
763 struct nd_prefix *pr;
764
765 /*
766 * If the address being deleted is the only one that owns
767 * the corresponding prefix, expire the prefix as well.
768 * XXX: theoretically, we don't have to worry about such
769 * relationship, since we separate the address management
770 * and the prefix management. We do this, however, to provide
771 * as much backward compatibility as possible in terms of
772 * the ioctl operation.
773 * Note that in6_purgeaddr() will decrement ndpr_refcnt.
774 */
775 pr = ia->ia6_ndpr;
776 in6_purgeaddr(&ia->ia_ifa);
777 if (pr && pr->ndpr_refcnt == 0)
778 prelist_remove(pr);
779 EVENTHANDLER_INVOKE(ifaddr_event, ifp);
780 break;
781 }
782
783 default:
784 if (ifp == NULL || ifp->if_ioctl == 0)
785 return (EOPNOTSUPP);
786 return ((*ifp->if_ioctl)(ifp, cmd, data));
787 }
788
789 return (0);
790 }
791
792 /*
793 * Update parameters of an IPv6 interface address.
794 * If necessary, a new entry is created and linked into address chains.
795 * This function is separated from in6_control().
796 * XXX: should this be performed under splnet()?
797 */
798 int
799 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
800 struct in6_ifaddr *ia, int flags)
801 {
802 INIT_VNET_INET6(ifp->if_vnet);
803 INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */
804 int error = 0, hostIsNew = 0, plen = -1;
805 struct in6_ifaddr *oia;
806 struct sockaddr_in6 dst6;
807 struct in6_addrlifetime *lt;
808 struct in6_multi_mship *imm;
809 struct in6_multi *in6m_sol;
810 struct rtentry *rt;
811 int delay;
812 char ip6buf[INET6_ADDRSTRLEN];
813
814 /* Validate parameters */
815 if (ifp == NULL || ifra == NULL) /* this maybe redundant */
816 return (EINVAL);
817
818 /*
819 * The destination address for a p2p link must have a family
820 * of AF_UNSPEC or AF_INET6.
821 */
822 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
823 ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
824 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
825 return (EAFNOSUPPORT);
826 /*
827 * validate ifra_prefixmask. don't check sin6_family, netmask
828 * does not carry fields other than sin6_len.
829 */
830 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
831 return (EINVAL);
832 /*
833 * Because the IPv6 address architecture is classless, we require
834 * users to specify a (non 0) prefix length (mask) for a new address.
835 * We also require the prefix (when specified) mask is valid, and thus
836 * reject a non-consecutive mask.
837 */
838 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
839 return (EINVAL);
840 if (ifra->ifra_prefixmask.sin6_len != 0) {
841 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
842 (u_char *)&ifra->ifra_prefixmask +
843 ifra->ifra_prefixmask.sin6_len);
844 if (plen <= 0)
845 return (EINVAL);
846 } else {
847 /*
848 * In this case, ia must not be NULL. We just use its prefix
849 * length.
850 */
851 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
852 }
853 /*
854 * If the destination address on a p2p interface is specified,
855 * and the address is a scoped one, validate/set the scope
856 * zone identifier.
857 */
858 dst6 = ifra->ifra_dstaddr;
859 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 &&
860 (dst6.sin6_family == AF_INET6)) {
861 struct in6_addr in6_tmp;
862 u_int32_t zoneid;
863
864 in6_tmp = dst6.sin6_addr;
865 if (in6_setscope(&in6_tmp, ifp, &zoneid))
866 return (EINVAL); /* XXX: should be impossible */
867
868 if (dst6.sin6_scope_id != 0) {
869 if (dst6.sin6_scope_id != zoneid)
870 return (EINVAL);
871 } else /* user omit to specify the ID. */
872 dst6.sin6_scope_id = zoneid;
873
874 /* convert into the internal form */
875 if (sa6_embedscope(&dst6, 0))
876 return (EINVAL); /* XXX: should be impossible */
877 }
878 /*
879 * The destination address can be specified only for a p2p or a
880 * loopback interface. If specified, the corresponding prefix length
881 * must be 128.
882 */
883 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
884 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
885 /* XXX: noisy message */
886 nd6log((LOG_INFO, "in6_update_ifa: a destination can "
887 "be specified for a p2p or a loopback IF only\n"));
888 return (EINVAL);
889 }
890 if (plen != 128) {
891 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should "
892 "be 128 when dstaddr is specified\n"));
893 return (EINVAL);
894 }
895 }
896 /* lifetime consistency check */
897 lt = &ifra->ifra_lifetime;
898 if (lt->ia6t_pltime > lt->ia6t_vltime)
899 return (EINVAL);
900 if (lt->ia6t_vltime == 0) {
901 /*
902 * the following log might be noisy, but this is a typical
903 * configuration mistake or a tool's bug.
904 */
905 nd6log((LOG_INFO,
906 "in6_update_ifa: valid lifetime is 0 for %s\n",
907 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr)));
908
909 if (ia == NULL)
910 return (0); /* there's nothing to do */
911 }
912
913 /*
914 * If this is a new address, allocate a new ifaddr and link it
915 * into chains.
916 */
917 if (ia == NULL) {
918 hostIsNew = 1;
919 /*
920 * When in6_update_ifa() is called in a process of a received
921 * RA, it is called under an interrupt context. So, we should
922 * call malloc with M_NOWAIT.
923 */
924 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR,
925 M_NOWAIT);
926 if (ia == NULL)
927 return (ENOBUFS);
928 bzero((caddr_t)ia, sizeof(*ia));
929 LIST_INIT(&ia->ia6_memberships);
930 /* Initialize the address and masks, and put time stamp */
931 IFA_LOCK_INIT(&ia->ia_ifa);
932 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
933 ia->ia_addr.sin6_family = AF_INET6;
934 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
935 ia->ia6_createtime = time_second;
936 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
937 /*
938 * XXX: some functions expect that ifa_dstaddr is not
939 * NULL for p2p interfaces.
940 */
941 ia->ia_ifa.ifa_dstaddr =
942 (struct sockaddr *)&ia->ia_dstaddr;
943 } else {
944 ia->ia_ifa.ifa_dstaddr = NULL;
945 }
946 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
947
948 ia->ia_ifp = ifp;
949 if ((oia = V_in6_ifaddr) != NULL) {
950 for ( ; oia->ia_next; oia = oia->ia_next)
951 continue;
952 oia->ia_next = ia;
953 } else
954 V_in6_ifaddr = ia;
955
956 ia->ia_ifa.ifa_refcnt = 1;
957 TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa, ifa_list);
958 }
959
960 /* update timestamp */
961 ia->ia6_updatetime = time_second;
962
963 /* set prefix mask */
964 if (ifra->ifra_prefixmask.sin6_len) {
965 /*
966 * We prohibit changing the prefix length of an existing
967 * address, because
968 * + such an operation should be rare in IPv6, and
969 * + the operation would confuse prefix management.
970 */
971 if (ia->ia_prefixmask.sin6_len &&
972 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
973 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an"
974 " existing (%s) address should not be changed\n",
975 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
976 error = EINVAL;
977 goto unlink;
978 }
979 ia->ia_prefixmask = ifra->ifra_prefixmask;
980 }
981
982 /*
983 * If a new destination address is specified, scrub the old one and
984 * install the new destination. Note that the interface must be
985 * p2p or loopback (see the check above.)
986 */
987 if (dst6.sin6_family == AF_INET6 &&
988 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) {
989 int e;
990
991 if ((ia->ia_flags & IFA_ROUTE) != 0 &&
992 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) {
993 nd6log((LOG_ERR, "in6_update_ifa: failed to remove "
994 "a route to the old destination: %s\n",
995 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
996 /* proceed anyway... */
997 } else
998 ia->ia_flags &= ~IFA_ROUTE;
999 ia->ia_dstaddr = dst6;
1000 }
1001
1002 /*
1003 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
1004 * to see if the address is deprecated or invalidated, but initialize
1005 * these members for applications.
1006 */
1007 ia->ia6_lifetime = ifra->ifra_lifetime;
1008 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1009 ia->ia6_lifetime.ia6t_expire =
1010 time_second + ia->ia6_lifetime.ia6t_vltime;
1011 } else
1012 ia->ia6_lifetime.ia6t_expire = 0;
1013 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1014 ia->ia6_lifetime.ia6t_preferred =
1015 time_second + ia->ia6_lifetime.ia6t_pltime;
1016 } else
1017 ia->ia6_lifetime.ia6t_preferred = 0;
1018
1019 /* reset the interface and routing table appropriately. */ |