1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
32 */
33
34 /*-
35 * Copyright (c) 1982, 1986, 1991, 1993
36 * The Regents of the University of California. All rights reserved.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. Neither the name of the University nor the names of its contributors
47 * may be used to endorse or promote products derived from this software
48 * without specific prior written permission.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 *
62 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
63 */
64
65 #include <sys/cdefs.h>
66 __FBSDID("$FreeBSD$");
67
68 #include "opt_inet.h"
69 #include "opt_inet6.h"
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/lock.h>
73 #include <sys/malloc.h>
74 #include <sys/mbuf.h>
75 #include <sys/priv.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/sockio.h>
80 #include <sys/sysctl.h>
81 #include <sys/errno.h>
82 #include <sys/time.h>
83 #include <sys/jail.h>
84 #include <sys/kernel.h>
85 #include <sys/rmlock.h>
86 #include <sys/sx.h>
87
88 #include <net/if.h>
89 #include <net/if_var.h>
90 #include <net/if_dl.h>
91 #include <net/route.h>
92 #include <net/route/nhop.h>
93 #include <net/if_llatbl.h>
94
95 #include <netinet/in.h>
96 #include <netinet/in_var.h>
97 #include <netinet/in_systm.h>
98 #include <netinet/ip.h>
99 #include <netinet/in_pcb.h>
100 #include <netinet/ip_var.h>
101 #include <netinet/udp.h>
102 #include <netinet/udp_var.h>
103
104 #include <netinet6/in6_var.h>
105 #include <netinet/ip6.h>
106 #include <netinet6/in6_fib.h>
107 #include <netinet6/in6_pcb.h>
108 #include <netinet6/ip6_var.h>
109 #include <netinet6/scope6_var.h>
110 #include <netinet6/nd6.h>
111
112 static struct mtx addrsel_lock;
113 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
114 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock)
115 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock)
116 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED)
117
118 static struct sx addrsel_sxlock;
119 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock")
120 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock)
121 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock)
122 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock)
123 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock)
124
125 #define ADDR_LABEL_NOTAPP (-1)
126 VNET_DEFINE_STATIC(struct in6_addrpolicy, defaultaddrpolicy);
127 #define V_defaultaddrpolicy VNET(defaultaddrpolicy)
128
129 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
130
131 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
132 struct ip6_moptions *, struct route_in6 *, struct ifnet **,
133 struct nhop_object **, int, u_int, uint32_t);
134 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
135 struct ip6_moptions *, struct ifnet **,
136 struct ifnet *, u_int);
137 static int in6_selectsrc(uint32_t, struct sockaddr_in6 *,
138 struct ip6_pktopts *, struct inpcb *, struct ucred *,
139 struct ifnet **, struct in6_addr *);
140
141 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
142
143 static void init_policy_queue(void);
144 static int add_addrsel_policyent(struct in6_addrpolicy *);
145 static int delete_addrsel_policyent(struct in6_addrpolicy *);
146 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
147 void *);
148 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
149 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
150
151 /*
152 * Return an IPv6 address, which is the most appropriate for a given
153 * destination and user specified options.
154 * If necessary, this function lookups the routing table and returns
155 * an entry to the caller for later use.
156 */
157 #define REPLACE(r) do {\
158 IP6STAT_INC(ip6s_sources_rule[(r)]); \
159 /* { \
160 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
161 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
162 } */ \
163 goto replace; \
164 } while(0)
165 #define NEXT(r) do {\
166 /* { \
167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
169 } */ \
170 goto next; /* XXX: we can't use 'continue' here */ \
171 } while(0)
172 #define BREAK(r) do { \
173 IP6STAT_INC(ip6s_sources_rule[(r)]); \
174 goto out; /* XXX: we can't use 'break' here */ \
175 } while(0)
176
177 static int
178 in6_selectsrc(uint32_t fibnum, struct sockaddr_in6 *dstsock,
179 struct ip6_pktopts *opts, struct inpcb *inp, struct ucred *cred,
180 struct ifnet **ifpp, struct in6_addr *srcp)
181 {
182 struct rm_priotracker in6_ifa_tracker;
183 struct in6_addr dst, tmp;
184 struct ifnet *ifp = NULL, *oifp = NULL;
185 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
186 struct in6_pktinfo *pi = NULL;
187 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
188 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
189 u_int32_t odstzone;
190 int prefer_tempaddr;
191 int error;
192 struct ip6_moptions *mopts;
193
194 NET_EPOCH_ASSERT();
195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
196
197 dst = dstsock->sin6_addr; /* make a copy for local operation */
198 if (ifpp) {
199 /*
200 * Save a possibly passed in ifp for in6_selectsrc. Only
201 * neighbor discovery code should use this feature, where
202 * we may know the interface but not the FIB number holding
203 * the connected subnet in case someone deleted it from the
204 * default FIB and we need to check the interface.
205 */
206 if (*ifpp != NULL)
207 oifp = *ifpp;
208 *ifpp = NULL;
209 }
210
211 if (inp != NULL) {
212 INP_LOCK_ASSERT(inp);
213 mopts = inp->in6p_moptions;
214 } else {
215 mopts = NULL;
216 }
217
218 /*
219 * If the source address is explicitly specified by the caller,
220 * check if the requested source address is indeed a unicast address
221 * assigned to the node, and can be used as the packet's source
222 * address. If everything is okay, use the address as source.
223 */
224 if (opts && (pi = opts->ip6po_pktinfo) &&
225 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
226 /* get the outgoing interface */
227 if ((error = in6_selectif(dstsock, opts, mopts, &ifp, oifp,
228 fibnum))
229 != 0)
230 return (error);
231
232 /*
233 * determine the appropriate zone id of the source based on
234 * the zone of the destination and the outgoing interface.
235 * If the specified address is ambiguous wrt the scope zone,
236 * the interface must be specified; otherwise, ifa_ifwithaddr()
237 * will fail matching the address.
238 */
239 tmp = pi->ipi6_addr;
240 if (ifp) {
241 error = in6_setscope(&tmp, ifp, &odstzone);
242 if (error)
243 return (error);
244 }
245 if (cred != NULL && (error = prison_local_ip6(cred,
246 &tmp, (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0)
247 return (error);
248
249 /*
250 * If IPV6_BINDANY socket option is set, we allow to specify
251 * non local addresses as source address in IPV6_PKTINFO
252 * ancillary data.
253 */
254 if ((inp->inp_flags & INP_BINDANY) == 0) {
255 ia = in6ifa_ifwithaddr(&tmp, 0 /* XXX */, false);
256 if (ia == NULL || (ia->ia6_flags & (IN6_IFF_ANYCAST |
257 IN6_IFF_NOTREADY)))
258 return (EADDRNOTAVAIL);
259 bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp));
260 } else
261 bcopy(&tmp, srcp, sizeof(*srcp));
262 pi->ipi6_addr = tmp; /* XXX: this overrides pi */
263 if (ifpp)
264 *ifpp = ifp;
265 return (0);
266 }
267
268 /*
269 * Otherwise, if the socket has already bound the source, just use it.
270 */
271 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
272 if (cred != NULL &&
273 (error = prison_local_ip6(cred, &inp->in6p_laddr,
274 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
275 return (error);
276 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
277 return (0);
278 }
279
280 /*
281 * Bypass source address selection and use the primary jail IP
282 * if requested.
283 */
284 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
285 return (0);
286
287 /*
288 * If the address is not specified, choose the best one based on
289 * the outgoing interface and the destination address.
290 */
291 /* get the outgoing interface */
292 if ((error = in6_selectif(dstsock, opts, mopts, &ifp, oifp,
293 (inp != NULL) ? inp->inp_inc.inc_fibnum : fibnum)) != 0)
294 return (error);
295
296 #ifdef DIAGNOSTIC
297 if (ifp == NULL) /* this should not happen */
298 panic("in6_selectsrc: NULL ifp");
299 #endif
300 error = in6_setscope(&dst, ifp, &odstzone);
301 if (error)
302 return (error);
303
304 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
305 CK_STAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
306 int new_scope = -1, new_matchlen = -1;
307 struct in6_addrpolicy *new_policy = NULL;
308 u_int32_t srczone, osrczone, dstzone;
309 struct in6_addr src;
310 struct ifnet *ifp1 = ia->ia_ifp;
311
312 /*
313 * We'll never take an address that breaks the scope zone
314 * of the destination. We also skip an address if its zone
315 * does not contain the outgoing interface.
316 * XXX: we should probably use sin6_scope_id here.
317 */
318 if (in6_setscope(&dst, ifp1, &dstzone) ||
319 odstzone != dstzone) {
320 continue;
321 }
322 src = ia->ia_addr.sin6_addr;
323 if (in6_setscope(&src, ifp, &osrczone) ||
324 in6_setscope(&src, ifp1, &srczone) ||
325 osrczone != srczone) {
326 continue;
327 }
328
329 /* avoid unusable addresses */
330 if ((ia->ia6_flags &
331 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
332 continue;
333 }
334 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
335 continue;
336
337 /* If jailed only take addresses of the jail into account. */
338 if (cred != NULL &&
339 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
340 continue;
341
342 /* Rule 1: Prefer same address */
343 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
344 ia_best = ia;
345 BREAK(1); /* there should be no better candidate */
346 }
347
348 if (ia_best == NULL)
349 REPLACE(0);
350
351 /* Rule 2: Prefer appropriate scope */
352 if (dst_scope < 0)
353 dst_scope = in6_addrscope(&dst);
354 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
355 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
356 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
357 REPLACE(2);
358 NEXT(2);
359 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
360 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
361 NEXT(2);
362 REPLACE(2);
363 }
364
365 /*
366 * Rule 3: Avoid deprecated addresses. Note that the case of
367 * !ip6_use_deprecated is already rejected above.
368 */
369 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
370 NEXT(3);
371 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
372 REPLACE(3);
373
374 /* Rule 4: Prefer home addresses */
375 /*
376 * XXX: This is a TODO. We should probably merge the MIP6
377 * case above.
378 */
379
380 /* Rule 5: Prefer outgoing interface */
381 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
382 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
383 NEXT(5);
384 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
385 REPLACE(5);
386 }
387
388 /*
389 * Rule 6: Prefer matching label
390 * Note that best_policy should be non-NULL here.
391 */
392 if (dst_policy == NULL)
393 dst_policy = lookup_addrsel_policy(dstsock);
394 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
395 new_policy = lookup_addrsel_policy(&ia->ia_addr);
396 if (dst_policy->label == best_policy->label &&
397 dst_policy->label != new_policy->label)
398 NEXT(6);
399 if (dst_policy->label != best_policy->label &&
400 dst_policy->label == new_policy->label)
401 REPLACE(6);
402 }
403
404 /*
405 * Rule 7: Prefer public addresses.
406 * We allow users to reverse the logic by configuring
407 * a sysctl variable, so that privacy conscious users can
408 * always prefer temporary addresses.
409 */
410 if (opts == NULL ||
411 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
412 prefer_tempaddr = V_ip6_prefer_tempaddr;
413 } else if (opts->ip6po_prefer_tempaddr ==
414 IP6PO_TEMPADDR_NOTPREFER) {
415 prefer_tempaddr = 0;
416 } else
417 prefer_tempaddr = 1;
418 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
419 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
420 if (prefer_tempaddr)
421 REPLACE(7);
422 else
423 NEXT(7);
424 }
425 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
426 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
427 if (prefer_tempaddr)
428 NEXT(7);
429 else
430 REPLACE(7);
431 }
432
433 /*
434 * Rule 8: prefer addresses on alive interfaces.
435 * This is a KAME specific rule.
436 */
437 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
438 !(ia->ia_ifp->if_flags & IFF_UP))
439 NEXT(8);
440 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
441 (ia->ia_ifp->if_flags & IFF_UP))
442 REPLACE(8);
443
444 /*
445 * Rule 9: prefer address with better virtual status.
446 */
447 if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa))
448 REPLACE(9);
449 if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa))
450 NEXT(9);
451
452 /*
453 * Rule 10: prefer address with `prefer_source' flag.
454 */
455 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 &&
456 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0)
457 REPLACE(10);
458 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 &&
459 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0)
460 NEXT(10);
461
462 /*
463 * Rule 14: Use longest matching prefix.
464 * Note: in the address selection draft, this rule is
465 * documented as "Rule 8". However, since it is also
466 * documented that this rule can be overridden, we assign
467 * a large number so that it is easy to assign smaller numbers
468 * to more preferred rules.
469 */
470 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
471 if (best_matchlen < new_matchlen)
472 REPLACE(14);
473 if (new_matchlen < best_matchlen)
474 NEXT(14);
475
476 /* Rule 15 is reserved. */
477
478 /*
479 * Last resort: just keep the current candidate.
480 * Or, do we need more rules?
481 */
482 continue;
483
484 replace:
485 ia_best = ia;
486 best_scope = (new_scope >= 0 ? new_scope :
487 in6_addrscope(&ia_best->ia_addr.sin6_addr));
488 best_policy = (new_policy ? new_policy :
489 lookup_addrsel_policy(&ia_best->ia_addr));
490 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
491 in6_matchlen(&ia_best->ia_addr.sin6_addr,
492 &dst));
493
494 next:
495 continue;
496
497 out:
498 break;
499 }
500
501 if ((ia = ia_best) == NULL) {
502 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
503 IP6STAT_INC(ip6s_sources_none);
504 return (EADDRNOTAVAIL);
505 }
506
507 /*
508 * At this point at least one of the addresses belonged to the jail
509 * but it could still be, that we want to further restrict it, e.g.
510 * theoratically IN6_IS_ADDR_LOOPBACK.
511 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
512 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
513 * let all others previously selected pass.
514 * Use tmp to not change ::1 on lo0 to the primary jail address.
515 */
516 tmp = ia->ia_addr.sin6_addr;
517 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
518 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
519 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
520 IP6STAT_INC(ip6s_sources_none);
521 return (EADDRNOTAVAIL);
522 }
523
524 if (ifpp)
525 *ifpp = ifp;
526
527 bcopy(&tmp, srcp, sizeof(*srcp));
528 if (ia->ia_ifp == ifp)
529 IP6STAT_INC(ip6s_sources_sameif[best_scope]);
530 else
531 IP6STAT_INC(ip6s_sources_otherif[best_scope]);
532 if (dst_scope == best_scope)
533 IP6STAT_INC(ip6s_sources_samescope[best_scope]);
534 else
535 IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
536 if (IFA6_IS_DEPRECATED(ia))
537 IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
538 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
539 return (0);
540 }
541
542 /*
543 * Select source address based on @inp, @dstsock and @opts.
544 * Stores selected address to @srcp. If @scope_ambiguous is set,
545 * embed scope from selected outgoing interface. If @hlim pointer
546 * is provided, stores calculated hop limit there.
547 * Returns 0 on success.
548 */
549 int
550 in6_selectsrc_socket(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
551 struct inpcb *inp, struct ucred *cred, int scope_ambiguous,
552 struct in6_addr *srcp, int *hlim)
553 {
554 struct ifnet *retifp;
555 uint32_t fibnum;
556 int error;
557
558 fibnum = inp->inp_inc.inc_fibnum;
559 retifp = NULL;
560
561 error = in6_selectsrc(fibnum, dstsock, opts, inp, cred, &retifp, srcp);
562 if (error != 0)
563 return (error);
564
565 if (hlim != NULL)
566 *hlim = in6_selecthlim(inp, retifp);
567
568 if (retifp == NULL || scope_ambiguous == 0)
569 return (0);
570
571 /*
572 * Application should provide a proper zone ID or the use of
573 * default zone IDs should be enabled. Unfortunately, some
574 * applications do not behave as it should, so we need a
575 * workaround. Even if an appropriate ID is not determined
576 * (when it's required), if we can determine the outgoing
577 * interface. determine the zone ID based on the interface.
578 */
579 error = in6_setscope(&dstsock->sin6_addr, retifp, NULL);
580
581 return (error);
582 }
583
584 /*
585 * Select source address based on @fibnum, @dst and @scopeid.
586 * Stores selected address to @srcp.
587 * Returns 0 on success.
588 *
589 * Used by non-socket based consumers (ND code mostly)
590 */
591 int
592 in6_selectsrc_addr(uint32_t fibnum, const struct in6_addr *dst,
593 uint32_t scopeid, struct ifnet *ifp, struct in6_addr *srcp,
594 int *hlim)
595 {
596 struct ifnet *retifp;
597 struct sockaddr_in6 dst_sa;
598 int error;
599
600 retifp = ifp;
601 bzero(&dst_sa, sizeof(dst_sa));
602 dst_sa.sin6_family = AF_INET6;
603 dst_sa.sin6_len = sizeof(dst_sa);
604 dst_sa.sin6_addr = *dst;
605 dst_sa.sin6_scope_id = scopeid;
606 sa6_embedscope(&dst_sa, 0);
607
608 error = in6_selectsrc(fibnum, &dst_sa, NULL, NULL, NULL, &retifp, srcp);
609 if (hlim != NULL)
610 *hlim = in6_selecthlim(NULL, retifp);
611
612 return (error);
613 }
614
615 static struct nhop_object *
616 cache_route(uint32_t fibnum, const struct sockaddr_in6 *dst, struct route_in6 *ro,
617 uint32_t flowid)
618 {
619 /*
620 * Use a cached route if it exists and is valid, else try to allocate
621 * a new one. Note that we should check the address family of the
622 * cached destination, in case of sharing the cache with IPv4.
623 * Assumes that 'struct route_in6' is exclusively locked.
624 */
625 if (ro->ro_nh != NULL && (
626 !NH_IS_VALID(ro->ro_nh) || ro->ro_dst.sin6_family != AF_INET6 ||
627 !IN6_ARE_ADDR_EQUAL(&ro->ro_dst.sin6_addr, &dst->sin6_addr)))
628 RO_NHFREE(ro);
629
630 if (ro->ro_nh == NULL) {
631 ro->ro_dst = *dst;
632
633 const struct in6_addr *paddr;
634 struct in6_addr unscoped_addr;
635 uint32_t scopeid = 0;
636 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr)) {
637 in6_splitscope(&dst->sin6_addr, &unscoped_addr, &scopeid);
638 paddr = &unscoped_addr;
639 } else
640 paddr = &dst->sin6_addr;
641 ro->ro_nh = fib6_lookup(fibnum, paddr, scopeid, NHR_REF, flowid);
642 }
643 return (ro->ro_nh);
644 }
645
646 static struct nhop_object *
647 lookup_route(uint32_t fibnum, struct sockaddr_in6 *dst, struct route_in6 *ro,
648 struct ip6_pktopts *opts, uint32_t flowid)
649 {
650 struct nhop_object *nh = NULL;
651
652 /*
653 * If the next hop address for the packet is specified by the caller,
654 * use it as the gateway.
655 */
656 if (opts && opts->ip6po_nexthop) {
657 struct route_in6 *ron = &opts->ip6po_nextroute;
658 struct sockaddr_in6 *sin6_next = satosin6(opts->ip6po_nexthop);
659
660 nh = cache_route(fibnum, sin6_next, ron, flowid);
661
662 /*
663 * The node identified by that address must be a
664 * neighbor of the sending host.
665 */
666 if (nh != NULL && (nh->nh_flags & NHF_GATEWAY) != 0)
667 nh = NULL;
668 } else if (ro != NULL) {
669 nh = cache_route(fibnum, dst, ro, flowid);
670 if (nh == NULL)
671 return (NULL);
672
673 /*
674 * Check if the outgoing interface conflicts with
675 * the interface specified by ipi6_ifindex (if specified).
676 */
677 struct in6_pktinfo *pi;
678 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
679 if (nh->nh_aifp->if_index != pi->ipi6_ifindex)
680 nh = NULL;
681 }
682 }
683
684 return (nh);
685 }
686
687 /*
688 * Finds outgoing nexthop or the outgoing interface for the
689 * @dstsock.
690 * Return 0 on success and stores the lookup result in @retnh and @retifp
691 */
692 static int
693 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
694 struct ip6_moptions *mopts, struct route_in6 *ro,
695 struct ifnet **retifp, struct nhop_object **retnh, int norouteok,
696 u_int fibnum, uint32_t flowid)
697 {
698 int error = 0;
699 struct ifnet *ifp = NULL;
700 struct in6_pktinfo *pi = NULL;
701 struct in6_addr *dst = &dstsock->sin6_addr;
702
703 /* If the caller specify the outgoing interface explicitly, use it. */
704 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
705 /* XXX boundary check is assumed to be already done. */
706 ifp = ifnet_byindex(pi->ipi6_ifindex);
707 if (ifp != NULL && (norouteok || IN6_IS_ADDR_MULTICAST(dst))) {
708 /*
709 * we do not have to check or get the route for
710 * multicast.
711 */
712 goto done;
713 } else
714 goto getroute;
715 }
716 /*
717 * If the destination address is a multicast address and the outgoing
718 * interface for the address is specified by the caller, use it.
719 */
720 if (IN6_IS_ADDR_MULTICAST(dst) &&
721 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
722 goto done; /* we do not need a route for multicast. */
723 }
724 /*
725 * If destination address is LLA or link- or node-local multicast,
726 * use it's embedded scope zone id to determine outgoing interface.
727 */
728 if (IN6_IS_ADDR_MC_LINKLOCAL(dst) ||
729 IN6_IS_ADDR_MC_NODELOCAL(dst)) {
730 uint32_t zoneid = ntohs(in6_getscope(dst));
731 if (zoneid > 0) {
732 ifp = in6_getlinkifnet(zoneid);
733 goto done;
734 }
735 }
736
737 getroute:;
738 struct nhop_object *nh = lookup_route(fibnum, dstsock, ro, opts, flowid);
739 if (nh != NULL) {
740 *retifp = nh->nh_aifp;
741 error = 0;
742 } else {
743 *retifp = NULL;
744 IP6STAT_INC(ip6s_noroute);
745 error = EHOSTUNREACH;
746 }
747 *retnh = nh;
748 return (error);
749
750 done:
751 if (ifp == NULL) {
752 /*
753 * This can happen if the caller did not pass a cached route
754 * nor any other hints. We treat this case an error.
755 */
756 error = EHOSTUNREACH;
757 }
758 if (error == EHOSTUNREACH)
759 IP6STAT_INC(ip6s_noroute);
760
761 *retifp = ifp;
762 *retnh = NULL;
763
764 return (error);
765 }
766
767 static int
768 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
769 struct ip6_moptions *mopts, struct ifnet **retifp,
770 struct ifnet *oifp, u_int fibnum)
771 {
772 int error;
773 struct route_in6 sro;
774 struct nhop_object *nh = NULL;
775 uint16_t nh_flags;
776
777 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
778
779 bzero(&sro, sizeof(sro));
780 nh_flags = 0;
781
782 error = selectroute(dstsock, opts, mopts, &sro, retifp, &nh, 1, fibnum, 0);
783
784 if (nh != NULL)
785 nh_flags = nh->nh_flags;
786 if (nh != NULL && nh == sro.ro_nh)
787 NH_FREE(nh);
788
789 if (error != 0) {
790 /* Help ND. See oifp comment in in6_selectsrc(). */
791 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
792 *retifp = oifp;
793 error = 0;
794 }
795 return (error);
796 }
797
798 /*
799 * do not use a rejected or black hole route.
800 * XXX: this check should be done in the L2 output routine.
801 * However, if we skipped this check here, we'd see the following
802 * scenario:
803 * - install a rejected route for a scoped address prefix
804 * (like fe80::/10)
805 * - send a packet to a destination that matches the scoped prefix,
806 * with ambiguity about the scope zone.
807 * - pick the outgoing interface from the route, and disambiguate the
808 * scope zone with the interface.
809 * - ip6_output() would try to get another route with the "new"
810 * destination, which may be valid.
811 * - we'd see no error on output.
812 * Although this may not be very harmful, it should still be confusing.
813 * We thus reject the case here.
814 */
815
816 if (nh_flags & (NHF_REJECT | NHF_BLACKHOLE)) {
817 error = (nh_flags & NHF_HOST ? EHOSTUNREACH : ENETUNREACH);
818 return (error);
819 }
820
821 return (0);
822 }
823
824 /* Public wrapper function to selectroute(). */
825 int
826 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
827 struct ip6_moptions *mopts, struct route_in6 *ro,
828 struct ifnet **retifp, struct nhop_object **retnh, u_int fibnum, uint32_t flowid)
829 {
830 MPASS(retifp != NULL);
831 MPASS(retnh != NULL);
832
833 return (selectroute(dstsock, opts, mopts, ro, retifp,
834 retnh, 0, fibnum, flowid));
835 }
836
837 /*
838 * Default hop limit selection. The precedence is as follows:
839 * 1. Hoplimit value specified via ioctl.
840 * 2. (If the outgoing interface is detected) the current
841 * hop limit of the interface specified by router advertisement.
842 * 3. The system default hoplimit.
843 */
844 int
845 in6_selecthlim(struct inpcb *inp, struct ifnet *ifp)
846 {
847
848 if (inp && inp->in6p_hops >= 0)
849 return (inp->in6p_hops);
850 else if (ifp)
851 return (ND_IFINFO(ifp)->chlim);
852 else if (inp && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
853 struct nhop_object *nh;
854 struct in6_addr dst;
855 uint32_t fibnum, scopeid;
856 int hlim;
857
858 fibnum = inp->inp_inc.inc_fibnum;
859 in6_splitscope(&inp->in6p_faddr, &dst, &scopeid);
860 nh = fib6_lookup(fibnum, &dst, scopeid, 0, 0);
861 if (nh != NULL) {
862 hlim = ND_IFINFO(nh->nh_ifp)->chlim;
863 return (hlim);
864 }
865 }
866 return (V_ip6_defhlim);
867 }
868
869 void
870 addrsel_policy_init(void)
871 {
872
873 init_policy_queue();
874
875 /* initialize the "last resort" policy */
876 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
877 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
878
879 if (!IS_DEFAULT_VNET(curvnet))
880 return;
881
882 ADDRSEL_LOCK_INIT();
883 ADDRSEL_SXLOCK_INIT();
884 }
885
886 static struct in6_addrpolicy *
887 lookup_addrsel_policy(struct sockaddr_in6 *key)
888 {
889 struct in6_addrpolicy *match = NULL;
890
891 ADDRSEL_LOCK();
892 match = match_addrsel_policy(key);
893
894 if (match == NULL)
895 match = &V_defaultaddrpolicy;
896 else
897 match->use++;
898 ADDRSEL_UNLOCK();
899
900 return (match);
901 }
902
903 /*
904 * Subroutines to manage the address selection policy table via sysctl.
905 */
906 struct walkarg {
907 struct sysctl_req *w_req;
908 };
909
910 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
911 SYSCTL_DECL(_net_inet6_ip6);
912 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
913 CTLFLAG_RD | CTLFLAG_MPSAFE, in6_src_sysctl,
914 "");
915
916 static int
917 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
918 {
919 struct walkarg w;
920
921 if (req->newptr)
922 return EPERM;
923
924 bzero(&w, sizeof(w));
925 w.w_req = req;
926
927 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
928 }
929
930 int
931 in6_src_ioctl(u_long cmd, caddr_t data)
932 {
933 struct in6_addrpolicy ent0;
934
935 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
936 return (EOPNOTSUPP); /* check for safety */
937
938 ent0 = *(struct in6_addrpolicy *)data;
939
940 if (ent0.label == ADDR_LABEL_NOTAPP)
941 return (EINVAL);
942 /* check if the prefix mask is consecutive. */
943 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
944 return (EINVAL);
945 /* clear trailing garbages (if any) of the prefix address. */
946 IN6_MASK_ADDR(&ent0.addr.sin6_addr, &ent0.addrmask.sin6_addr);
947 ent0.use = 0;
948
949 switch (cmd) {
950 case SIOCAADDRCTL_POLICY:
951 return (add_addrsel_policyent(&ent0));
952 case SIOCDADDRCTL_POLICY:
953 return (delete_addrsel_policyent(&ent0));
954 }
955
956 return (0); /* XXX: compromise compilers */
957 }
958
959 /*
960 * The followings are implementation of the policy table using a
961 * simple tail queue.
962 * XXX such details should be hidden.
963 * XXX implementation using binary tree should be more efficient.
964 */
965 struct addrsel_policyent {
966 TAILQ_ENTRY(addrsel_policyent) ape_entry;
967 struct in6_addrpolicy ape_policy;
968 };
969
970 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
971
972 VNET_DEFINE_STATIC(struct addrsel_policyhead, addrsel_policytab);
973 #define V_addrsel_policytab VNET(addrsel_policytab)
974
975 static void
976 init_policy_queue(void)
977 {
978
979 TAILQ_INIT(&V_addrsel_policytab);
980 }
981
982 static int
983 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
984 {
985 struct addrsel_policyent *new, *pol;
986
987 new = malloc(sizeof(*new), M_IFADDR,
988 M_WAITOK);
989 ADDRSEL_XLOCK();
990 ADDRSEL_LOCK();
991
992 /* duplication check */
993 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
994 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
995 &pol->ape_policy.addr.sin6_addr) &&
996 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
997 &pol->ape_policy.addrmask.sin6_addr)) {
998 ADDRSEL_UNLOCK();
999 ADDRSEL_XUNLOCK();
1000 free(new, M_IFADDR);
1001 return (EEXIST); /* or override it? */
1002 }
1003 }
1004
1005 bzero(new, sizeof(*new));
1006
1007 /* XXX: should validate entry */
1008 new->ape_policy = *newpolicy;
1009
1010 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1011 ADDRSEL_UNLOCK();
1012 ADDRSEL_XUNLOCK();
1013
1014 return (0);
1015 }
1016
1017 static int
1018 delete_addrsel_policyent(struct in6_addrpolicy *key)
1019 {
1020 struct addrsel_policyent *pol;
1021
1022 ADDRSEL_XLOCK();
1023 ADDRSEL_LOCK();
1024
1025 /* search for the entry in the table */
1026 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1027 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1028 &pol->ape_policy.addr.sin6_addr) &&
1029 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1030 &pol->ape_policy.addrmask.sin6_addr)) {
1031 break;
1032 }
1033 }
1034 if (pol == NULL) {
1035 ADDRSEL_UNLOCK();
1036 ADDRSEL_XUNLOCK();
1037 return (ESRCH);
1038 }
1039
1040 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1041 ADDRSEL_UNLOCK();
1042 ADDRSEL_XUNLOCK();
1043 free(pol, M_IFADDR);
1044
1045 return (0);
1046 }
1047
1048 static int
1049 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
1050 {
1051 struct addrsel_policyent *pol;
1052 int error = 0;
1053
1054 ADDRSEL_SLOCK();
1055 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1056 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1057 ADDRSEL_SUNLOCK();
1058 return (error);
1059 }
1060 }
1061 ADDRSEL_SUNLOCK();
1062 return (error);
1063 }
1064
1065 static int
1066 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1067 {
1068 int error = 0;
1069 struct walkarg *w = arg;
1070
1071 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1072
1073 return (error);
1074 }
1075
1076 static struct in6_addrpolicy *
1077 match_addrsel_policy(struct sockaddr_in6 *key)
1078 {
1079 struct addrsel_policyent *pent;
1080 struct in6_addrpolicy *bestpol = NULL, *pol;
1081 int matchlen, bestmatchlen = -1;
1082 u_char *mp, *ep, *k, *p, m;
1083
1084 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1085 matchlen = 0;
1086
1087 pol = &pent->ape_policy;
1088 mp = (u_char *)&pol->addrmask.sin6_addr;
1089 ep = mp + 16; /* XXX: scope field? */
1090 k = (u_char *)&key->sin6_addr;
1091 p = (u_char *)&pol->addr.sin6_addr;
1092 for (; mp < ep && *mp; mp++, k++, p++) {
1093 m = *mp;
1094 if ((*k & m) != *p)
1095 goto next; /* not match */
1096 if (m == 0xff) /* short cut for a typical case */
1097 matchlen += 8;
1098 else {
1099 while (m >= 0x80) {
1100 matchlen++;
1101 m <<= 1;
1102 }
1103 }
1104 }
1105
1106 /* matched. check if this is better than the current best. */
1107 if (bestpol == NULL ||
1108 matchlen > bestmatchlen) {
1109 bestpol = pol;
1110 bestmatchlen = matchlen;
1111 }
1112
1113 next:
1114 continue;
1115 }
1116
1117 return (bestpol);
1118 }
Cache object: 35b2111b66df11e818c0906574f2b3e1
|