FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6.c
1 /* $OpenBSD: in6.c,v 1.259 2022/12/06 22:19:39 mvs Exp $ */
2 /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1991, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)in.c 8.2 (Berkeley) 11/15/93
62 */
63
64 #include "carp.h"
65
66 #include <sys/param.h>
67 #include <sys/ioctl.h>
68 #include <sys/errno.h>
69 #include <sys/malloc.h>
70 #include <sys/socket.h>
71 #include <sys/socketvar.h>
72 #include <sys/sockio.h>
73 #include <sys/mbuf.h>
74 #include <sys/systm.h>
75 #include <sys/time.h>
76 #include <sys/kernel.h>
77 #include <sys/syslog.h>
78
79 #include <net/if.h>
80 #include <net/if_dl.h>
81 #include <net/if_types.h>
82 #include <net/route.h>
83
84 #include <netinet/in.h>
85 #include <netinet/if_ether.h>
86
87 #include <netinet6/in6_var.h>
88 #include <netinet/ip6.h>
89 #include <netinet6/ip6_var.h>
90 #include <netinet6/nd6.h>
91 #include <netinet6/mld6_var.h>
92 #ifdef MROUTING
93 #include <netinet6/ip6_mroute.h>
94 #endif
95 #include <netinet6/in6_ifattach.h>
96 #if NCARP > 0
97 #include <netinet/ip_carp.h>
98 #endif
99
100 /*
101 * Definitions of some constant IP6 addresses.
102 */
103 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
104 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
105 const struct in6_addr in6addr_intfacelocal_allnodes =
106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT;
107 const struct in6_addr in6addr_linklocal_allnodes =
108 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
109 const struct in6_addr in6addr_linklocal_allrouters =
110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
111
112 const struct in6_addr in6mask0 = IN6MASK0;
113 const struct in6_addr in6mask32 = IN6MASK32;
114 const struct in6_addr in6mask64 = IN6MASK64;
115 const struct in6_addr in6mask96 = IN6MASK96;
116 const struct in6_addr in6mask128 = IN6MASK128;
117
118 int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
119 int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *);
120 int in6_ioctl_get(u_long, caddr_t, struct ifnet *);
121 int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int);
122 int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int);
123 int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
124 void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
125
126 const struct sockaddr_in6 sa6_any = {
127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0
128 };
129
130 int
131 in6_mask2len(struct in6_addr *mask, u_char *lim0)
132 {
133 int x = 0, y;
134 u_char *lim = lim0, *p;
135
136 /* ignore the scope_id part */
137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
138 lim = (u_char *)mask + sizeof(*mask);
139 for (p = (u_char *)mask; p < lim; x++, p++) {
140 if (*p != 0xff)
141 break;
142 }
143 y = 0;
144 if (p < lim) {
145 for (y = 0; y < 8; y++) {
146 if ((*p & (0x80 >> y)) == 0)
147 break;
148 }
149 }
150
151 /*
152 * when the limit pointer is given, do a stricter check on the
153 * remaining bits.
154 */
155 if (p < lim) {
156 if (y != 0 && (*p & (0x00ff >> y)) != 0)
157 return (-1);
158 for (p = p + 1; p < lim; p++)
159 if (*p != 0)
160 return (-1);
161 }
162
163 return x * 8 + y;
164 }
165
166 int
167 in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6)
168 {
169 struct sockaddr *sa = mtod(nam, struct sockaddr *);
170
171 if (nam->m_len < offsetof(struct sockaddr, sa_data))
172 return EINVAL;
173 if (sa->sa_family != AF_INET6)
174 return EAFNOSUPPORT;
175 if (sa->sa_len != nam->m_len)
176 return EINVAL;
177 if (sa->sa_len != sizeof(struct sockaddr_in6))
178 return EINVAL;
179 *sin6 = satosin6(sa);
180
181 return 0;
182 }
183
184 int
185 in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6)
186 {
187 if (sa->sa_family != AF_INET6)
188 return EAFNOSUPPORT;
189 if (sa->sa_len != sizeof(struct sockaddr_in6))
190 return EINVAL;
191 *sin6 = satosin6(sa);
192
193 return 0;
194 }
195
196 int
197 in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
198 {
199 int privileged;
200 int error;
201
202 privileged = 0;
203 if ((so->so_state & SS_PRIV) != 0)
204 privileged++;
205
206 switch (cmd) {
207 #ifdef MROUTING
208 case SIOCGETSGCNT_IN6:
209 case SIOCGETMIFCNT_IN6:
210 KERNEL_LOCK();
211 error = mrt6_ioctl(so, cmd, data);
212 KERNEL_UNLOCK();
213 break;
214 #endif /* MROUTING */
215 default:
216 error = in6_ioctl(cmd, data, ifp, privileged);
217 break;
218 }
219
220 return error;
221 }
222
223 int
224 in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
225 {
226 if (ifp == NULL)
227 return (ENXIO);
228
229 switch (cmd) {
230 case SIOCGIFINFO_IN6:
231 case SIOCGNBRINFO_IN6:
232 return (nd6_ioctl(cmd, data, ifp));
233 case SIOCGIFDSTADDR_IN6:
234 case SIOCGIFNETMASK_IN6:
235 case SIOCGIFAFLAG_IN6:
236 case SIOCGIFALIFETIME_IN6:
237 return (in6_ioctl_get(cmd, data, ifp));
238 case SIOCAIFADDR_IN6:
239 case SIOCDIFADDR_IN6:
240 if (!privileged)
241 return (EPERM);
242 return (in6_ioctl_change_ifaddr(cmd, data, ifp));
243 case SIOCSIFADDR:
244 case SIOCSIFDSTADDR:
245 case SIOCSIFBRDADDR:
246 case SIOCSIFNETMASK:
247 /*
248 * Do not pass those ioctl to driver handler since they are not
249 * properly set up. Instead just error out.
250 */
251 return (EINVAL);
252 default:
253 return (EOPNOTSUPP);
254 }
255 }
256
257 int
258 in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp)
259 {
260 struct in6_ifaddr *ia6 = NULL;
261 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
262 struct sockaddr *sa;
263 struct sockaddr_in6 *sa6 = NULL;
264 int error = 0, newifaddr = 0, plen;
265
266 /*
267 * Find address for this interface, if it exists.
268 *
269 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
270 * only, and used the first interface address as the target of other
271 * operations (without checking ifra_addr). This was because netinet
272 * code/API assumed at most 1 interface address per interface.
273 * Since IPv6 allows a node to assign multiple addresses
274 * on a single interface, we almost always look and check the
275 * presence of ifra_addr, and reject invalid ones here.
276 * It also decreases duplicated code among SIOC*_IN6 operations.
277 *
278 * We always require users to specify a valid IPv6 address for
279 * the corresponding operation.
280 */
281 switch (cmd) {
282 case SIOCAIFADDR_IN6:
283 sa = sin6tosa(&ifra->ifra_addr);
284 break;
285 case SIOCDIFADDR_IN6:
286 sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr);
287 break;
288 default:
289 panic("%s: invalid ioctl %lu", __func__, cmd);
290 }
291 if (sa->sa_family == AF_INET6) {
292 error = in6_sa2sin6(sa, &sa6);
293 if (error)
294 return (error);
295 }
296
297 KERNEL_LOCK();
298 NET_LOCK();
299
300 if (sa6 != NULL) {
301 error = in6_check_embed_scope(sa6, ifp->if_index);
302 if (error)
303 goto err;
304 error = in6_clear_scope_id(sa6, ifp->if_index);
305 if (error)
306 goto err;
307 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
308 }
309
310 switch (cmd) {
311 case SIOCDIFADDR_IN6:
312 /*
313 * for IPv4, we look for existing in_ifaddr here to allow
314 * "ifconfig if0 delete" to remove the first IPv4 address on
315 * the interface. For IPv6, as the spec allows multiple
316 * interface address from the day one, we consider "remove the
317 * first one" semantics to be not preferable.
318 */
319 if (ia6 == NULL) {
320 error = EADDRNOTAVAIL;
321 break;
322 }
323 in6_purgeaddr(&ia6->ia_ifa);
324 if_addrhooks_run(ifp);
325 break;
326
327 case SIOCAIFADDR_IN6:
328 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
329 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
330 error = EAFNOSUPPORT;
331 break;
332 }
333
334 /* reject read-only flags */
335 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 ||
336 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 ||
337 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
338 error = EINVAL;
339 break;
340 }
341
342 if (ia6 == NULL)
343 newifaddr = 1;
344
345 /*
346 * Make the address tentative before joining multicast
347 * addresses, so that corresponding MLD responses would
348 * not have a tentative source address.
349 */
350 if (newifaddr && in6if_do_dad(ifp))
351 ifra->ifra_flags |= IN6_IFF_TENTATIVE;
352
353 /*
354 * first, make or update the interface address structure,
355 * and link it to the list. try to enable inet6 if there
356 * is no link-local yet.
357 */
358 error = in6_ifattach(ifp);
359 if (error)
360 break;
361 error = in6_update_ifa(ifp, ifra, ia6);
362 if (error)
363 break;
364
365 ia6 = NULL;
366 if (sa6 != NULL)
367 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
368 if (ia6 == NULL) {
369 /*
370 * this can happen when the user specify the 0 valid
371 * lifetime.
372 */
373 break;
374 }
375
376 /* Perform DAD, if needed. */
377 if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
378 nd6_dad_start(&ia6->ia_ifa);
379
380 if (!newifaddr) {
381 if_addrhooks_run(ifp);
382 break;
383 }
384
385 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
386 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) {
387 if_addrhooks_run(ifp);
388 break; /* No need to install a connected route. */
389 }
390
391 error = rt_ifa_add(&ia6->ia_ifa,
392 RTF_CLONING | RTF_CONNECTED | RTF_MPATH,
393 ia6->ia_ifa.ifa_addr, ifp->if_rdomain);
394 if (error) {
395 in6_purgeaddr(&ia6->ia_ifa);
396 break;
397 }
398 if_addrhooks_run(ifp);
399 break;
400 }
401
402 err:
403 NET_UNLOCK();
404 KERNEL_UNLOCK();
405 return (error);
406 }
407
408 int
409 in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp)
410 {
411 struct in6_ifreq *ifr = (struct in6_ifreq *)data;
412 struct in6_ifaddr *ia6 = NULL;
413 struct sockaddr *sa;
414 struct sockaddr_in6 *sa6 = NULL;
415 int error = 0;
416
417 sa = sin6tosa(&ifr->ifr_addr);
418 if (sa->sa_family == AF_INET6) {
419 sa->sa_len = sizeof(struct sockaddr_in6);
420 error = in6_sa2sin6(sa, &sa6);
421 if (error)
422 return (error);
423 }
424
425 NET_LOCK_SHARED();
426
427 if (sa6 != NULL) {
428 error = in6_check_embed_scope(sa6, ifp->if_index);
429 if (error)
430 goto err;
431 error = in6_clear_scope_id(sa6, ifp->if_index);
432 if (error)
433 goto err;
434 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
435 }
436
437 /* must think again about its semantics */
438 if (ia6 == NULL) {
439 error = EADDRNOTAVAIL;
440 goto err;
441 }
442
443 switch (cmd) {
444 case SIOCGIFDSTADDR_IN6:
445 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
446 error = EINVAL;
447 break;
448 }
449 /*
450 * XXX: should we check if ifa_dstaddr is NULL and return
451 * an error?
452 */
453 ifr->ifr_dstaddr = ia6->ia_dstaddr;
454 break;
455
456 case SIOCGIFNETMASK_IN6:
457 ifr->ifr_addr = ia6->ia_prefixmask;
458 break;
459
460 case SIOCGIFAFLAG_IN6:
461 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
462 break;
463
464 case SIOCGIFALIFETIME_IN6:
465 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
466 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
467 time_t expire, maxexpire;
468 struct in6_addrlifetime *retlt =
469 &ifr->ifr_ifru.ifru_lifetime;
470
471 /*
472 * XXX: adjust expiration time assuming time_t is
473 * signed.
474 */
475 maxexpire =
476 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
477 if (ia6->ia6_lifetime.ia6t_vltime <
478 maxexpire - ia6->ia6_updatetime) {
479 expire = ia6->ia6_updatetime +
480 ia6->ia6_lifetime.ia6t_vltime;
481 if (expire != 0) {
482 expire -= getuptime();
483 expire += gettime();
484 }
485 retlt->ia6t_expire = expire;
486 } else
487 retlt->ia6t_expire = maxexpire;
488 }
489 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
490 time_t expire, maxexpire;
491 struct in6_addrlifetime *retlt =
492 &ifr->ifr_ifru.ifru_lifetime;
493
494 /*
495 * XXX: adjust expiration time assuming time_t is
496 * signed.
497 */
498 maxexpire =
499 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
500 if (ia6->ia6_lifetime.ia6t_pltime <
501 maxexpire - ia6->ia6_updatetime) {
502 expire = ia6->ia6_updatetime +
503 ia6->ia6_lifetime.ia6t_pltime;
504 if (expire != 0) {
505 expire -= getuptime();
506 expire += gettime();
507 }
508 retlt->ia6t_preferred = expire;
509 } else
510 retlt->ia6t_preferred = maxexpire;
511 }
512 break;
513
514 default:
515 panic("%s: invalid ioctl %lu", __func__, cmd);
516 }
517
518 err:
519 NET_UNLOCK_SHARED();
520 return (error);
521 }
522
523 int
524 in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx)
525 {
526 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
527 if (sa6->sin6_addr.s6_addr16[1] == 0) {
528 /* link ID is not embedded by the user */
529 sa6->sin6_addr.s6_addr16[1] = htons(ifidx);
530 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx))
531 return EINVAL; /* link ID contradicts */
532 }
533 return 0;
534 }
535
536 int
537 in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx)
538 {
539 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
540 if (sa6->sin6_scope_id) {
541 if (sa6->sin6_scope_id != (u_int32_t)ifidx)
542 return EINVAL;
543 sa6->sin6_scope_id = 0; /* XXX: good way? */
544 }
545 }
546 return 0;
547 }
548
549 /*
550 * Update parameters of an IPv6 interface address.
551 * If necessary, a new entry is created and linked into address chains.
552 * This function is separated from in6_control().
553 */
554 int
555 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
556 struct in6_ifaddr *ia6)
557 {
558 int error = 0, hostIsNew = 0, plen = -1;
559 struct sockaddr_in6 dst6;
560 struct in6_addrlifetime *lt;
561 struct in6_multi_mship *imm;
562 struct rtentry *rt;
563 char addr[INET6_ADDRSTRLEN];
564
565 NET_ASSERT_LOCKED();
566
567 /* Validate parameters */
568 if (ifp == NULL || ifra == NULL) /* this maybe redundant */
569 return (EINVAL);
570
571 /*
572 * The destination address for a p2p link must have a family
573 * of AF_UNSPEC or AF_INET6.
574 */
575 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
576 ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
577 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
578 return (EAFNOSUPPORT);
579
580 /*
581 * validate ifra_prefixmask. don't check sin6_family, netmask
582 * does not carry fields other than sin6_len.
583 */
584 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
585 return (EINVAL);
586 /*
587 * Because the IPv6 address architecture is classless, we require
588 * users to specify a (non 0) prefix length (mask) for a new address.
589 * We also require the prefix (when specified) mask is valid, and thus
590 * reject a non-consecutive mask.
591 */
592 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0)
593 return (EINVAL);
594 if (ifra->ifra_prefixmask.sin6_len != 0) {
595 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
596 (u_char *)&ifra->ifra_prefixmask +
597 ifra->ifra_prefixmask.sin6_len);
598 if (plen <= 0)
599 return (EINVAL);
600 } else {
601 /*
602 * In this case, ia6 must not be NULL. We just use its prefix
603 * length.
604 */
605 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
606 }
607 /*
608 * If the destination address on a p2p interface is specified,
609 * and the address is a scoped one, validate/set the scope
610 * zone identifier.
611 */
612 dst6 = ifra->ifra_dstaddr;
613 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 &&
614 (dst6.sin6_family == AF_INET6)) {
615 error = in6_check_embed_scope(&dst6, ifp->if_index);
616 if (error)
617 return error;
618 }
619 /*
620 * The destination address can be specified only for a p2p or a
621 * loopback interface. If specified, the corresponding prefix length
622 * must be 128.
623 */
624 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
625 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0)
626 return (EINVAL);
627 if (plen != 128)
628 return (EINVAL);
629 }
630 /* lifetime consistency check */
631 lt = &ifra->ifra_lifetime;
632 if (lt->ia6t_pltime > lt->ia6t_vltime)
633 return (EINVAL);
634 if (lt->ia6t_vltime == 0) {
635 /*
636 * the following log might be noisy, but this is a typical
637 * configuration mistake or a tool's bug.
638 */
639 nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
640 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr,
641 addr, sizeof(addr))));
642
643 if (ia6 == NULL)
644 return (0); /* there's nothing to do */
645 }
646
647 /*
648 * If this is a new address, allocate a new ifaddr and link it
649 * into chains.
650 */
651 if (ia6 == NULL) {
652 hostIsNew = 1;
653 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO);
654 refcnt_init_trace(&ia6->ia_ifa.ifa_refcnt,
655 DT_REFCNT_IDX_IFADDR);
656 LIST_INIT(&ia6->ia6_memberships);
657 /* Initialize the address and masks, and put time stamp */
658 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr);
659 ia6->ia_addr.sin6_family = AF_INET6;
660 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr);
661 ia6->ia6_updatetime = getuptime();
662 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
663 /*
664 * XXX: some functions expect that ifa_dstaddr is not
665 * NULL for p2p interfaces.
666 */
667 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr);
668 } else {
669 ia6->ia_ifa.ifa_dstaddr = NULL;
670 }
671 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask);
672
673 ia6->ia_ifp = ifp;
674 ia6->ia_addr = ifra->ifra_addr;
675 ifa_add(ifp, &ia6->ia_ifa);
676 }
677
678 /* set prefix mask */
679 if (ifra->ifra_prefixmask.sin6_len) {
680 /*
681 * We prohibit changing the prefix length of an existing
682 * address, because
683 * + such an operation should be rare in IPv6, and
684 * + the operation would confuse prefix management.
685 */
686 if (ia6->ia_prefixmask.sin6_len &&
687 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) {
688 error = EINVAL;
689 goto unlink;
690 }
691 ia6->ia_prefixmask = ifra->ifra_prefixmask;
692 }
693
694 /*
695 * If a new destination address is specified, scrub the old one and
696 * install the new destination. Note that the interface must be
697 * p2p or loopback (see the check above.)
698 */
699 if ((ifp->if_flags & IFF_POINTOPOINT) && dst6.sin6_family == AF_INET6 &&
700 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) {
701 struct ifaddr *ifa = &ia6->ia_ifa;
702
703 if ((ia6->ia_flags & IFA_ROUTE) != 0 &&
704 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
705 ifp->if_rdomain) != 0) {
706 nd6log((LOG_ERR, "%s: failed to remove a route "
707 "to the old destination: %s\n", __func__,
708 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
709 addr, sizeof(addr))));
710 /* proceed anyway... */
711 } else
712 ia6->ia_flags &= ~IFA_ROUTE;
713 ia6->ia_dstaddr = dst6;
714 }
715
716 /*
717 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
718 * to see if the address is deprecated or invalidated, but initialize
719 * these members for applications.
720 */
721 ia6->ia6_updatetime = getuptime();
722 ia6->ia6_lifetime = ifra->ifra_lifetime;
723 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
724 ia6->ia6_lifetime.ia6t_expire =
725 getuptime() + ia6->ia6_lifetime.ia6t_vltime;
726 } else
727 ia6->ia6_lifetime.ia6t_expire = 0;
728 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
729 ia6->ia6_lifetime.ia6t_preferred =
730 getuptime() + ia6->ia6_lifetime.ia6t_pltime;
731 } else
732 ia6->ia6_lifetime.ia6t_preferred = 0;
733
734 /* reset the interface and routing table appropriately. */
735 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0)
736 goto unlink;
737
738 /* re-run DAD */
739 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
740 ifra->ifra_flags |= IN6_IFF_TENTATIVE;
741 /*
742 * configure address flags.
743 */
744 ia6->ia6_flags = ifra->ifra_flags;
745
746 nd6_expire_timer_update(ia6);
747
748 /*
749 * We are done if we have simply modified an existing address.
750 */
751 if (!hostIsNew)
752 return (error);
753
754 /*
755 * Beyond this point, we should call in6_purgeaddr upon an error,
756 * not just go to unlink.
757 */
758
759 /* join necessary multiast groups */
760 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
761 struct sockaddr_in6 mltaddr, mltmask;
762
763 /* join solicited multicast addr for new host id */
764 struct sockaddr_in6 llsol;
765
766 bzero(&llsol, sizeof(llsol));
767 llsol.sin6_family = AF_INET6;
768 llsol.sin6_len = sizeof(llsol);
769 llsol.sin6_addr.s6_addr16[0] = htons(0xff02);
770 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
771 llsol.sin6_addr.s6_addr32[1] = 0;
772 llsol.sin6_addr.s6_addr32[2] = htonl(1);
773 llsol.sin6_addr.s6_addr32[3] =
774 ifra->ifra_addr.sin6_addr.s6_addr32[3];
775 llsol.sin6_addr.s6_addr8[12] = 0xff;
776 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error);
777 if (!imm)
778 goto cleanup;
779 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
780
781 bzero(&mltmask, sizeof(mltmask));
782 mltmask.sin6_len = sizeof(struct sockaddr_in6);
783 mltmask.sin6_family = AF_INET6;
784 mltmask.sin6_addr = in6mask32;
785
786 /*
787 * join link-local all-nodes address
788 */
789 bzero(&mltaddr, sizeof(mltaddr));
790 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
791 mltaddr.sin6_family = AF_INET6;
792 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
793 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
794 mltaddr.sin6_scope_id = 0;
795
796 /*
797 * XXX: do we really need this automatic routes?
798 * We should probably reconsider this stuff. Most applications
799 * actually do not need the routes, since they usually specify
800 * the outgoing interface.
801 */
802 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
803 if (rt) {
804 /* 32bit came from "mltmask" */
805 if (memcmp(&mltaddr.sin6_addr,
806 &satosin6(rt_key(rt))->sin6_addr,
807 32 / 8)) {
808 rtfree(rt);
809 rt = NULL;
810 }
811 }
812 if (!rt) {
813 struct rt_addrinfo info;
814
815 bzero(&info, sizeof(info));
816 info.rti_ifa = &ia6->ia_ifa;
817 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
818 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
819 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
820 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
821 info.rti_flags = RTF_MULTICAST;
822 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
823 ifp->if_rdomain);
824 if (error)
825 goto cleanup;
826 } else {
827 rtfree(rt);
828 }
829 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
830 if (!imm)
831 goto cleanup;
832 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
833
834 /*
835 * join interface-local all-nodes address.
836 * (ff01::1%ifN, and ff01::%ifN/32)
837 */
838 bzero(&mltaddr, sizeof(mltaddr));
839 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
840 mltaddr.sin6_family = AF_INET6;
841 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes;
842 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
843 mltaddr.sin6_scope_id = 0;
844
845 /* XXX: again, do we really need the route? */
846 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
847 if (rt) {
848 /* 32bit came from "mltmask" */
849 if (memcmp(&mltaddr.sin6_addr,
850 &satosin6(rt_key(rt))->sin6_addr,
851 32 / 8)) {
852 rtfree(rt);
853 rt = NULL;
854 }
855 }
856 if (!rt) {
857 struct rt_addrinfo info;
858
859 bzero(&info, sizeof(info));
860 info.rti_ifa = &ia6->ia_ifa;
861 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
862 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
863 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
864 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
865 info.rti_flags = RTF_MULTICAST;
866 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
867 ifp->if_rdomain);
868 if (error)
869 goto cleanup;
870 } else {
871 rtfree(rt);
872 }
873 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
874 if (!imm)
875 goto cleanup;
876 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
877 }
878
879 return (error);
880
881 unlink:
882 /*
883 * XXX: if a change of an existing address failed, keep the entry
884 * anyway.
885 */
886 if (hostIsNew)
887 in6_unlink_ifa(ia6, ifp);
888 return (error);
889
890 cleanup:
891 in6_purgeaddr(&ia6->ia_ifa);
892 return error;
893 }
894
895 void
896 in6_purgeaddr(struct ifaddr *ifa)
897 {
898 struct ifnet *ifp = ifa->ifa_ifp;
899 struct in6_ifaddr *ia6 = ifatoia6(ifa);
900 struct in6_multi_mship *imm;
901
902 /* stop DAD processing */
903 nd6_dad_stop(ifa);
904
905 /*
906 * delete route to the destination of the address being purged.
907 * The interface must be p2p or loopback in this case.
908 */
909 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) &&
910 ia6->ia_dstaddr.sin6_len != 0) {
911 int e;
912
913 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
914 ifp->if_rdomain);
915 if (e != 0) {
916 char addr[INET6_ADDRSTRLEN];
917 log(LOG_ERR, "in6_purgeaddr: failed to remove "
918 "a route to the p2p destination: %s on %s, "
919 "errno=%d\n",
920 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
921 addr, sizeof(addr)),
922 ifp->if_xname, e);
923 /* proceed anyway... */
924 } else
925 ia6->ia_flags &= ~IFA_ROUTE;
926 }
927
928 /* Remove ownaddr's loopback rtentry, if it exists. */
929 rt_ifa_dellocal(&(ia6->ia_ifa));
930
931 /*
932 * leave from multicast groups we have joined for the interface
933 */
934 while (!LIST_EMPTY(&ia6->ia6_memberships)) {
935 imm = LIST_FIRST(&ia6->ia6_memberships);
936 LIST_REMOVE(imm, i6mm_chain);
937 in6_leavegroup(imm);
938 }
939
940 in6_unlink_ifa(ia6, ifp);
941 }
942
943 void
944 in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
945 {
946 struct ifaddr *ifa = &ia6->ia_ifa;
947 int plen;
948
949 NET_ASSERT_LOCKED();
950
951 /* Release the reference to the base prefix. */
952 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
953 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) {
954 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED,
955 ifa->ifa_addr, ifp->if_rdomain);
956 }
957
958 rt_ifa_purge(ifa);
959 ifa_del(ifp, ifa);
960
961 ia6->ia_ifp = NULL;
962 ifafree(ifa);
963 }
964
965 /*
966 * Initialize an interface's inet6 address
967 * and routing table entry.
968 */
969 int
970 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost)
971 {
972 int error = 0, plen, ifacount = 0;
973 struct ifaddr *ifa;
974
975 NET_ASSERT_LOCKED();
976
977 /*
978 * Give the interface a chance to initialize
979 * if this is its first address (or it is a CARP interface)
980 * and to validate the address if necessary.
981 */
982 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
983 if (ifa->ifa_addr->sa_family != AF_INET6)
984 continue;
985 ifacount++;
986 }
987
988 if ((ifacount <= 1 || ifp->if_type == IFT_CARP ||
989 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) &&
990 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) {
991 return (error);
992 }
993
994 ia6->ia_ifa.ifa_metric = ifp->if_metric;
995
996 /* we could do in(6)_socktrim here, but just omit it at this moment. */
997
998 /*
999 * Special case:
1000 * If the destination address is specified for a point-to-point
1001 * interface, install a route to the destination as an interface
1002 * direct route.
1003 */
1004 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */
1005 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 &&
1006 ia6->ia_dstaddr.sin6_family == AF_INET6) {
1007 ifa = &ia6->ia_ifa;
1008 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH,
1009 ifa->ifa_dstaddr, ifp->if_rdomain);
1010 if (error != 0)
1011 return (error);
1012 ia6->ia_flags |= IFA_ROUTE;
1013 }
1014
1015 if (newhost)
1016 error = rt_ifa_addlocal(&(ia6->ia_ifa));
1017
1018 return (error);
1019 }
1020
1021 /*
1022 * Add an address to the list of IP6 multicast addresses for a
1023 * given interface.
1024 */
1025 struct in6_multi *
1026 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp)
1027 {
1028 struct in6_ifreq ifr;
1029 struct in6_multi *in6m;
1030
1031 NET_ASSERT_LOCKED();
1032
1033 *errorp = 0;
1034 /*
1035 * See if address already in list.
1036 */
1037 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1038 if (in6m != NULL) {
1039 /*
1040 * Found it; just increment the reference count.
1041 */
1042 in6m->in6m_refcnt++;
1043 } else {
1044 /*
1045 * New address; allocate a new multicast record
1046 * and link it into the interface's multicast list.
1047 */
1048 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO);
1049 if (in6m == NULL) {
1050 *errorp = ENOBUFS;
1051 return (NULL);
1052 }
1053
1054 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6);
1055 in6m->in6m_sin.sin6_family = AF_INET6;
1056 in6m->in6m_sin.sin6_addr = *maddr6;
1057 in6m->in6m_refcnt = 1;
1058 in6m->in6m_ifidx = ifp->if_index;
1059 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin);
1060
1061 /*
1062 * Ask the network driver to update its multicast reception
1063 * filter appropriately for the new address.
1064 */
1065 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin));
1066 KERNEL_LOCK();
1067 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
1068 KERNEL_UNLOCK();
1069 if (*errorp) {
1070 free(in6m, M_IPMADDR, sizeof(*in6m));
1071 return (NULL);
1072 }
1073
1074 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma,
1075 ifma_list);
1076
1077 /*
1078 * Let MLD6 know that we have joined a new IP6 multicast
1079 * group.
1080 */
1081 mld6_start_listening(in6m);
1082 }
1083
1084 return (in6m);
1085 }
1086
1087 /*
1088 * Delete a multicast address record.
1089 */
1090 void
1091 in6_delmulti(struct in6_multi *in6m)
1092 {
1093 struct in6_ifreq ifr;
1094 struct ifnet *ifp;
1095
1096 NET_ASSERT_LOCKED();
1097
1098 if (--in6m->in6m_refcnt == 0) {
1099 /*
1100 * No remaining claims to this record; let MLD6 know
1101 * that we are leaving the multicast group.
1102 */
1103 mld6_stop_listening(in6m);
1104 ifp = if_get(in6m->in6m_ifidx);
1105
1106 /*
1107 * Notify the network driver to update its multicast
1108 * reception filter.
1109 */
1110 if (ifp != NULL) {
1111 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6));
1112 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6);
1113 ifr.ifr_addr.sin6_family = AF_INET6;
1114 ifr.ifr_addr.sin6_addr = in6m->in6m_addr;
1115 KERNEL_LOCK();
1116 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr);
1117 KERNEL_UNLOCK();
1118
1119 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma,
1120 ifma_list);
1121 }
1122 if_put(ifp);
1123
1124 free(in6m, M_IPMADDR, sizeof(*in6m));
1125 }
1126 }
1127
1128 /*
1129 * Return 1 if the multicast group represented by ``maddr6'' has been
1130 * joined by interface ``ifp'', 0 otherwise.
1131 */
1132 int
1133 in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp)
1134 {
1135 struct in6_multi *in6m;
1136 int joined;
1137
1138 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1139 joined = (in6m != NULL);
1140
1141 return (joined);
1142 }
1143
1144 struct in6_multi_mship *
1145 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp)
1146 {
1147 struct in6_multi_mship *imm;
1148
1149 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT);
1150 if (!imm) {
1151 *errorp = ENOBUFS;
1152 return NULL;
1153 }
1154 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp);
1155 if (!imm->i6mm_maddr) {
1156 /* *errorp is already set */
1157 free(imm, M_IPMADDR, sizeof(*imm));
1158 return NULL;
1159 }
1160 return imm;
1161 }
1162
1163 void
1164 in6_leavegroup(struct in6_multi_mship *imm)
1165 {
1166
1167 if (imm->i6mm_maddr)
1168 in6_delmulti(imm->i6mm_maddr);
1169 free(imm, M_IPMADDR, sizeof(*imm));
1170 }
1171
1172 /*
1173 * Find an IPv6 interface link-local address specific to an interface.
1174 */
1175 struct in6_ifaddr *
1176 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1177 {
1178 struct ifaddr *ifa;
1179
1180 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1181 if (ifa->ifa_addr->sa_family != AF_INET6)
1182 continue;
1183 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1184 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0)
1185 continue;
1186 break;
1187 }
1188 }
1189
1190 return (ifatoia6(ifa));
1191 }
1192
1193
1194 /*
1195 * find the internet address corresponding to a given interface and address.
1196 */
1197 struct in6_ifaddr *
1198 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
1199 {
1200 struct ifaddr *ifa;
1201
1202 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1203 if (ifa->ifa_addr->sa_family != AF_INET6)
1204 continue;
1205 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
1206 break;
1207 }
1208
1209 return (ifatoia6(ifa));
1210 }
1211
1212 /*
1213 * Get a scope of the address. Node-local, link-local, site-local or global.
1214 */
1215 int
1216 in6_addrscope(struct in6_addr *addr)
1217 {
1218 int scope;
1219
1220 if (addr->s6_addr8[0] == 0xfe) {
1221 scope = addr->s6_addr8[1] & 0xc0;
1222
1223 switch (scope) {
1224 case 0x80:
1225 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1226 break;
1227 case 0xc0:
1228 return __IPV6_ADDR_SCOPE_SITELOCAL;
1229 break;
1230 default:
1231 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */
1232 break;
1233 }
1234 }
1235
1236
1237 if (addr->s6_addr8[0] == 0xff) {
1238 scope = addr->s6_addr8[1] & 0x0f;
1239
1240 /*
1241 * due to other scope such as reserved,
1242 * return scope doesn't work.
1243 */
1244 switch (scope) {
1245 case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1246 return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1247 break;
1248 case __IPV6_ADDR_SCOPE_LINKLOCAL:
1249 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1250 break;
1251 case __IPV6_ADDR_SCOPE_SITELOCAL:
1252 return __IPV6_ADDR_SCOPE_SITELOCAL;
1253 break;
1254 default:
1255 return __IPV6_ADDR_SCOPE_GLOBAL;
1256 break;
1257 }
1258 }
1259
1260 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) {
1261 if (addr->s6_addr8[15] == 1) /* loopback */
1262 return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1263 if (addr->s6_addr8[15] == 0) /* unspecified */
1264 return __IPV6_ADDR_SCOPE_LINKLOCAL;
1265 }
1266
1267 return __IPV6_ADDR_SCOPE_GLOBAL;
1268 }
1269
1270 int
1271 in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr)
1272 {
1273 int scope = in6_addrscope(addr);
1274
1275 switch(scope) {
1276 case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1277 case __IPV6_ADDR_SCOPE_LINKLOCAL:
1278 /* XXX: we do not distinguish between a link and an I/F. */
1279 return (ifidx);
1280
1281 case __IPV6_ADDR_SCOPE_SITELOCAL:
1282 return (0); /* XXX: invalid. */
1283
1284 default:
1285 return (0); /* XXX: treat as global. */
1286 }
1287 }
1288
1289 /*
1290 * return length of part which dst and src are equal
1291 * hard coding...
1292 */
1293 int
1294 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
1295 {
1296 int match = 0;
1297 u_char *s = (u_char *)src, *d = (u_char *)dst;
1298 u_char *lim = s + 16, r;
1299
1300 while (s < lim)
1301 if ((r = (*d++ ^ *s++)) != 0) {
1302 while (r < 128) {
1303 match++;
1304 r <<= 1;
1305 }
1306 break;
1307 } else
1308 match += 8;
1309 return match;
1310 }
1311
1312 void
1313 in6_prefixlen2mask(struct in6_addr *maskp, int len)
1314 {
1315 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
1316 int bytelen, bitlen, i;
1317
1318 /* sanity check */
1319 if (0 > len || len > 128) {
1320 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
1321 len);
1322 return;
1323 }
1324
1325 bzero(maskp, sizeof(*maskp));
1326 bytelen = len / 8;
1327 bitlen = len % 8;
1328 for (i = 0; i < bytelen; i++)
1329 maskp->s6_addr[i] = 0xff;
1330 /* len == 128 is ok because bitlen == 0 then */
1331 if (bitlen)
1332 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
1333 }
1334
1335 /*
1336 * return the best address out of the same scope
1337 */
1338 struct in6_ifaddr *
1339 in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain)
1340 {
1341 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
1342 int blen = -1;
1343 struct ifaddr *ifa;
1344 struct ifnet *ifp;
1345 struct in6_ifaddr *ia6_best = NULL;
1346
1347 if (oifp == NULL) {
1348 printf("%s: output interface is not specified\n", __func__);
1349 return (NULL);
1350 }
1351
1352 /* We search for all addresses on all interfaces from the beginning. */
1353 TAILQ_FOREACH(ifp, &ifnetlist, if_list) {
1354 if (ifp->if_rdomain != rdomain)
1355 continue;
1356 #if NCARP > 0
1357 /*
1358 * Never use a carp address of an interface which is not
1359 * the master.
1360 */
1361 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp))
1362 continue;
1363 #endif
1364
1365 /*
1366 * We can never take an address that breaks the scope zone
1367 * of the destination.
1368 */
1369 if (in6_addr2scopeid(ifp->if_index, dst) !=
1370 in6_addr2scopeid(oifp->if_index, dst))
1371 continue;
1372
1373 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1374 int tlen = -1;
1375
1376 if (ifa->ifa_addr->sa_family != AF_INET6)
1377 continue;
1378
1379 src_scope = in6_addrscope(IFA_IN6(ifa));
1380
1381 /*
1382 * Don't use an address before completing DAD
1383 * nor a duplicated address.
1384 */
1385 if (ifatoia6(ifa)->ia6_flags &
1386 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
1387 continue;
1388
1389 /*
1390 * RFC 6724 allows anycast addresses as source address
1391 * because the restriction was removed in RFC 4291.
1392 * However RFC 4443 states that ICMPv6 responses
1393 * MUST use a unicast source address.
1394 *
1395 * XXX Skip anycast addresses for now since
1396 * icmp6_reflect() uses this function for source
1397 * address selection.
1398 */
1399 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST)
1400 continue;
1401
1402 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED)
1403 continue;
1404
1405 /*
1406 * If this is the first address we find,
1407 * keep it anyway.
1408 */
1409 if (ia6_best == NULL)
1410 goto replace;
1411
1412 /*
1413 * ia6_best is never NULL beyond this line except
1414 * within the block labeled "replace".
1415 */
1416
1417 /*
1418 * Rule 2: Prefer appropriate scope.
1419 * Find the address with the smallest scope that is
1420 * bigger (or equal) to the scope of the destination
1421 * address.
1422 * Accept an address with smaller scope than the
1423 * destination if non exists with bigger scope.
1424 */
1425 if (best_scope < src_scope) {
1426 if (best_scope < dst_scope)
1427 goto replace;
1428 else
1429 continue;
1430 } else if (src_scope < best_scope) {
1431 if (src_scope < dst_scope)
1432 continue;
1433 else
1434 goto replace;
1435 }
1436
1437 /* Rule 3: Avoid deprecated addresses. */
1438 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1439 /*
1440 * Ignore any deprecated addresses if
1441 * specified by configuration.
1442 */
1443 if (!ip6_use_deprecated)
1444 continue;
1445
1446 /*
1447 * If we have already found a non-deprecated
1448 * candidate, just ignore deprecated addresses.
1449 */
1450 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)
1451 == 0)
1452 continue;
1453 } else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED))
1454 goto replace;
1455
1456 /*
1457 * Rule 4: Prefer home addresses.
1458 * We do not support home addresses.
1459 */
1460
1461 /* Rule 5: Prefer outgoing interface */
1462 if (ia6_best->ia_ifp == oifp && ifp != oifp)
1463 continue;
1464 if (ia6_best->ia_ifp != oifp && ifp == oifp)
1465 goto replace;
1466
1467 /*
1468 * Rule 5.5: Prefer addresses in a prefix advertised
1469 * by the next-hop.
1470 * We do not track this information.
1471 */
1472
1473 /*
1474 * Rule 6: Prefer matching label.
1475 * We do not implement policy tables.
1476 */
1477
1478 /* Rule 7: Prefer temporary addresses. */
1479 if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1480 !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1481 continue;
1482 if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1483 (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1484 goto replace;
1485
1486 /* Rule 8: Use longest matching prefix. */
1487 tlen = in6_matchlen(IFA_IN6(ifa), dst);
1488 if (tlen > blen) {
1489 #if NCARP > 0
1490 /*
1491 * Don't let carp interfaces win a tie against
1492 * the output interface based on matchlen.
1493 * We should only use a carp address if no
1494 * other interface has a usable address.
1495 * Otherwise, when communicating from a carp
1496 * master to a carp backup, the backup system
1497 * won't respond since the carp address is also
1498 * configured as a local address on the backup.
1499 * Note that carp interfaces in backup state
1500 * were already skipped above.
1501 */
1502 if (ifp->if_type == IFT_CARP &&
1503 oifp->if_type != IFT_CARP)
1504 continue;
1505 #endif
1506 goto replace;
1507 } else if (tlen < blen)
1508 continue;
1509
1510 /*
1511 * If the eight rules fail to choose a single address,
1512 * the tiebreaker is implementation-specific.
1513 */
1514
1515 /* Prefer address with highest pltime. */
1516 if (ia6_best->ia6_updatetime +
1517 ia6_best->ia6_lifetime.ia6t_pltime <
1518 ifatoia6(ifa)->ia6_updatetime +
1519 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1520 goto replace;
1521 else if (ia6_best->ia6_updatetime +
1522 ia6_best->ia6_lifetime.ia6t_pltime >
1523 ifatoia6(ifa)->ia6_updatetime +
1524 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1525 continue;
1526
1527 /* Prefer address with highest vltime. */
1528 if (ia6_best->ia6_updatetime +
1529 ia6_best->ia6_lifetime.ia6t_vltime <
1530 ifatoia6(ifa)->ia6_updatetime +
1531 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1532 goto replace;
1533 else if (ia6_best->ia6_updatetime +
1534 ia6_best->ia6_lifetime.ia6t_vltime >
1535 ifatoia6(ifa)->ia6_updatetime +
1536 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1537 continue;
1538
1539 continue;
1540 replace:
1541 ia6_best = ifatoia6(ifa);
1542 blen = tlen >= 0 ? tlen :
1543 in6_matchlen(IFA_IN6(ifa), dst);
1544 best_scope =
1545 in6_addrscope(&ia6_best->ia_addr.sin6_addr);
1546 }
1547 }
1548
1549 /* count statistics for future improvements */
1550 if (ia6_best == NULL)
1551 ip6stat_inc(ip6s_sources_none);
1552 else {
1553 if (oifp == ia6_best->ia_ifp)
1554 ip6stat_inc(ip6s_sources_sameif + best_scope);
1555 else
1556 ip6stat_inc(ip6s_sources_otherif + best_scope);
1557
1558 if (best_scope == dst_scope)
1559 ip6stat_inc(ip6s_sources_samescope + best_scope);
1560 else
1561 ip6stat_inc(ip6s_sources_otherscope + best_scope);
1562
1563 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0)
1564 ip6stat_inc(ip6s_sources_deprecated + best_scope);
1565 }
1566
1567 return (ia6_best);
1568 }
1569
1570 int
1571 in6if_do_dad(struct ifnet *ifp)
1572 {
1573 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
1574 return (0);
1575
1576 switch (ifp->if_type) {
1577 #if NCARP > 0
1578 case IFT_CARP:
1579 /*
1580 * XXX: DAD does not work currently on carp(4)
1581 * so disable it for now.
1582 */
1583 return (0);
1584 #endif
1585 default:
1586 /*
1587 * Our DAD routine requires the interface up and running.
1588 * However, some interfaces can be up before the RUNNING
1589 * status. Additionally, users may try to assign addresses
1590 * before the interface becomes up (or running).
1591 * We simply skip DAD in such a case as a work around.
1592 * XXX: we should rather mark "tentative" on such addresses,
1593 * and do DAD after the interface becomes ready.
1594 */
1595 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) !=
1596 (IFF_UP|IFF_RUNNING))
1597 return (0);
1598
1599 return (1);
1600 }
1601 }
Cache object: d96c760ac625b45180d02a32010b2e9f
|