The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_src.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  * 3. Neither the name of the project nor the names of its contributors
   14  *    may be used to endorse or promote products derived from this software
   15  *    without specific prior written permission.
   16  *
   17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   27  * SUCH DAMAGE.
   28  *
   29  *      $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
   30  */
   31 
   32 /*-
   33  * Copyright (c) 1982, 1986, 1991, 1993
   34  *      The Regents of the University of California.  All rights reserved.
   35  *
   36  * Redistribution and use in source and binary forms, with or without
   37  * modification, are permitted provided that the following conditions
   38  * are met:
   39  * 1. Redistributions of source code must retain the above copyright
   40  *    notice, this list of conditions and the following disclaimer.
   41  * 2. Redistributions in binary form must reproduce the above copyright
   42  *    notice, this list of conditions and the following disclaimer in the
   43  *    documentation and/or other materials provided with the distribution.
   44  * 4. Neither the name of the University nor the names of its contributors
   45  *    may be used to endorse or promote products derived from this software
   46  *    without specific prior written permission.
   47  *
   48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   58  * SUCH DAMAGE.
   59  *
   60  *      @(#)in_pcb.c    8.2 (Berkeley) 1/4/94
   61  */
   62 
   63 #include <sys/cdefs.h>
   64 __FBSDID("$FreeBSD: releng/10.0/sys/netinet6/in6_src.c 249546 2013-04-16 11:31:26Z ae $");
   65 
   66 #include "opt_inet.h"
   67 #include "opt_inet6.h"
   68 #include "opt_mpath.h"
   69 
   70 #include <sys/param.h>
   71 #include <sys/systm.h>
   72 #include <sys/lock.h>
   73 #include <sys/malloc.h>
   74 #include <sys/mbuf.h>
   75 #include <sys/priv.h>
   76 #include <sys/protosw.h>
   77 #include <sys/socket.h>
   78 #include <sys/socketvar.h>
   79 #include <sys/sockio.h>
   80 #include <sys/sysctl.h>
   81 #include <sys/errno.h>
   82 #include <sys/time.h>
   83 #include <sys/jail.h>
   84 #include <sys/kernel.h>
   85 #include <sys/sx.h>
   86 
   87 #include <net/if.h>
   88 #include <net/if_dl.h>
   89 #include <net/route.h>
   90 #include <net/if_llatbl.h>
   91 #ifdef RADIX_MPATH
   92 #include <net/radix_mpath.h>
   93 #endif
   94 
   95 #include <netinet/in.h>
   96 #include <netinet/in_var.h>
   97 #include <netinet/in_systm.h>
   98 #include <netinet/ip.h>
   99 #include <netinet/in_pcb.h>
  100 #include <netinet/ip_var.h>
  101 #include <netinet/udp.h>
  102 #include <netinet/udp_var.h>
  103 
  104 #include <netinet6/in6_var.h>
  105 #include <netinet/ip6.h>
  106 #include <netinet6/in6_pcb.h>
  107 #include <netinet6/ip6_var.h>
  108 #include <netinet6/scope6_var.h>
  109 #include <netinet6/nd6.h>
  110 
  111 static struct mtx addrsel_lock;
  112 #define ADDRSEL_LOCK_INIT()     mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
  113 #define ADDRSEL_LOCK()          mtx_lock(&addrsel_lock)
  114 #define ADDRSEL_UNLOCK()        mtx_unlock(&addrsel_lock)
  115 #define ADDRSEL_LOCK_ASSERT()   mtx_assert(&addrsel_lock, MA_OWNED)
  116 
  117 static struct sx addrsel_sxlock;
  118 #define ADDRSEL_SXLOCK_INIT()   sx_init(&addrsel_sxlock, "addrsel_sxlock")
  119 #define ADDRSEL_SLOCK()         sx_slock(&addrsel_sxlock)
  120 #define ADDRSEL_SUNLOCK()       sx_sunlock(&addrsel_sxlock)
  121 #define ADDRSEL_XLOCK()         sx_xlock(&addrsel_sxlock)
  122 #define ADDRSEL_XUNLOCK()       sx_xunlock(&addrsel_sxlock)
  123 
  124 #define ADDR_LABEL_NOTAPP (-1)
  125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
  126 #define V_defaultaddrpolicy             VNET(defaultaddrpolicy)
  127 
  128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
  129 
  130 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
  131         struct ip6_moptions *, struct route_in6 *, struct ifnet **,
  132         struct rtentry **, int, u_int);
  133 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
  134         struct ip6_moptions *, struct route_in6 *ro, struct ifnet **,
  135         struct ifnet *, u_int);
  136 
  137 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
  138 
  139 static void init_policy_queue(void);
  140 static int add_addrsel_policyent(struct in6_addrpolicy *);
  141 static int delete_addrsel_policyent(struct in6_addrpolicy *);
  142 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
  143         void *);
  144 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
  145 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
  146 
  147 /*
  148  * Return an IPv6 address, which is the most appropriate for a given
  149  * destination and user specified options.
  150  * If necessary, this function lookups the routing table and returns
  151  * an entry to the caller for later use.
  152  */
  153 #define REPLACE(r) do {\
  154         IP6STAT_INC(ip6s_sources_rule[(r)]); \
  155         rule = (r);     \
  156         /* { \
  157         char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
  158         printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
  159         } */ \
  160         goto replace; \
  161 } while(0)
  162 #define NEXT(r) do {\
  163         /* { \
  164         char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
  165         printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
  166         } */ \
  167         goto next;              /* XXX: we can't use 'continue' here */ \
  168 } while(0)
  169 #define BREAK(r) do { \
  170         IP6STAT_INC(ip6s_sources_rule[(r)]); \
  171         rule = (r);     \
  172         goto out;               /* XXX: we can't use 'break' here */ \
  173 } while(0)
  174 
  175 int
  176 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  177     struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
  178     struct ifnet **ifpp, struct in6_addr *srcp)
  179 {
  180         struct in6_addr dst, tmp;
  181         struct ifnet *ifp = NULL, *oifp = NULL;
  182         struct in6_ifaddr *ia = NULL, *ia_best = NULL;
  183         struct in6_pktinfo *pi = NULL;
  184         int dst_scope = -1, best_scope = -1, best_matchlen = -1;
  185         struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
  186         u_int32_t odstzone;
  187         int prefer_tempaddr;
  188         int error, rule;
  189         struct ip6_moptions *mopts;
  190 
  191         KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
  192 
  193         dst = dstsock->sin6_addr; /* make a copy for local operation */
  194         if (ifpp) {
  195                 /*
  196                  * Save a possibly passed in ifp for in6_selectsrc. Only
  197                  * neighbor discovery code should use this feature, where
  198                  * we may know the interface but not the FIB number holding
  199                  * the connected subnet in case someone deleted it from the
  200                  * default FIB and we need to check the interface.
  201                  */
  202                 if (*ifpp != NULL)
  203                         oifp = *ifpp;
  204                 *ifpp = NULL;
  205         }
  206 
  207         if (inp != NULL) {
  208                 INP_LOCK_ASSERT(inp);
  209                 mopts = inp->in6p_moptions;
  210         } else {
  211                 mopts = NULL;
  212         }
  213 
  214         /*
  215          * If the source address is explicitly specified by the caller,
  216          * check if the requested source address is indeed a unicast address
  217          * assigned to the node, and can be used as the packet's source
  218          * address.  If everything is okay, use the address as source.
  219          */
  220         if (opts && (pi = opts->ip6po_pktinfo) &&
  221             !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
  222                 struct sockaddr_in6 srcsock;
  223                 struct in6_ifaddr *ia6;
  224 
  225                 /* get the outgoing interface */
  226                 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
  227                     (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
  228                     != 0)
  229                         return (error);
  230 
  231                 /*
  232                  * determine the appropriate zone id of the source based on
  233                  * the zone of the destination and the outgoing interface.
  234                  * If the specified address is ambiguous wrt the scope zone,
  235                  * the interface must be specified; otherwise, ifa_ifwithaddr()
  236                  * will fail matching the address.
  237                  */
  238                 bzero(&srcsock, sizeof(srcsock));
  239                 srcsock.sin6_family = AF_INET6;
  240                 srcsock.sin6_len = sizeof(srcsock);
  241                 srcsock.sin6_addr = pi->ipi6_addr;
  242                 if (ifp) {
  243                         error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
  244                         if (error)
  245                                 return (error);
  246                 }
  247                 if (cred != NULL && (error = prison_local_ip6(cred,
  248                     &srcsock.sin6_addr, (inp != NULL &&
  249                     (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
  250                         return (error);
  251 
  252                 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
  253                     (struct sockaddr *)&srcsock);
  254                 if (ia6 == NULL ||
  255                     (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
  256                         if (ia6 != NULL)
  257                                 ifa_free(&ia6->ia_ifa);
  258                         return (EADDRNOTAVAIL);
  259                 }
  260                 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
  261                 if (ifpp)
  262                         *ifpp = ifp;
  263                 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
  264                 ifa_free(&ia6->ia_ifa);
  265                 return (0);
  266         }
  267 
  268         /*
  269          * Otherwise, if the socket has already bound the source, just use it.
  270          */
  271         if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
  272                 if (cred != NULL &&
  273                     (error = prison_local_ip6(cred, &inp->in6p_laddr,
  274                     ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
  275                         return (error);
  276                 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
  277                 return (0);
  278         }
  279 
  280         /*
  281          * Bypass source address selection and use the primary jail IP
  282          * if requested.
  283          */
  284         if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
  285                 return (0);
  286 
  287         /*
  288          * If the address is not specified, choose the best one based on
  289          * the outgoing interface and the destination address.
  290          */
  291         /* get the outgoing interface */
  292         if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
  293             (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
  294                 return (error);
  295 
  296 #ifdef DIAGNOSTIC
  297         if (ifp == NULL)        /* this should not happen */
  298                 panic("in6_selectsrc: NULL ifp");
  299 #endif
  300         error = in6_setscope(&dst, ifp, &odstzone);
  301         if (error)
  302                 return (error);
  303 
  304         rule = 0;
  305         IN6_IFADDR_RLOCK();
  306         TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
  307                 int new_scope = -1, new_matchlen = -1;
  308                 struct in6_addrpolicy *new_policy = NULL;
  309                 u_int32_t srczone, osrczone, dstzone;
  310                 struct in6_addr src;
  311                 struct ifnet *ifp1 = ia->ia_ifp;
  312 
  313                 /*
  314                  * We'll never take an address that breaks the scope zone
  315                  * of the destination.  We also skip an address if its zone
  316                  * does not contain the outgoing interface.
  317                  * XXX: we should probably use sin6_scope_id here.
  318                  */
  319                 if (in6_setscope(&dst, ifp1, &dstzone) ||
  320                     odstzone != dstzone) {
  321                         continue;
  322                 }
  323                 src = ia->ia_addr.sin6_addr;
  324                 if (in6_setscope(&src, ifp, &osrczone) ||
  325                     in6_setscope(&src, ifp1, &srczone) ||
  326                     osrczone != srczone) {
  327                         continue;
  328                 }
  329 
  330                 /* avoid unusable addresses */
  331                 if ((ia->ia6_flags &
  332                      (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
  333                                 continue;
  334                 }
  335                 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
  336                         continue;
  337 
  338                 /* If jailed only take addresses of the jail into account. */
  339                 if (cred != NULL &&
  340                     prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
  341                         continue;
  342 
  343                 /* Rule 1: Prefer same address */
  344                 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
  345                         ia_best = ia;
  346                         BREAK(1); /* there should be no better candidate */
  347                 }
  348 
  349                 if (ia_best == NULL)
  350                         REPLACE(0);
  351 
  352                 /* Rule 2: Prefer appropriate scope */
  353                 if (dst_scope < 0)
  354                         dst_scope = in6_addrscope(&dst);
  355                 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
  356                 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
  357                         if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
  358                                 REPLACE(2);
  359                         NEXT(2);
  360                 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
  361                         if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
  362                                 NEXT(2);
  363                         REPLACE(2);
  364                 }
  365 
  366                 /*
  367                  * Rule 3: Avoid deprecated addresses.  Note that the case of
  368                  * !ip6_use_deprecated is already rejected above.
  369                  */
  370                 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
  371                         NEXT(3);
  372                 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
  373                         REPLACE(3);
  374 
  375                 /* Rule 4: Prefer home addresses */
  376                 /*
  377                  * XXX: This is a TODO.  We should probably merge the MIP6
  378                  * case above.
  379                  */
  380 
  381                 /* Rule 5: Prefer outgoing interface */
  382                 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
  383                         if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
  384                                 NEXT(5);
  385                         if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
  386                                 REPLACE(5);
  387                 }
  388 
  389                 /*
  390                  * Rule 6: Prefer matching label
  391                  * Note that best_policy should be non-NULL here.
  392                  */
  393                 if (dst_policy == NULL)
  394                         dst_policy = lookup_addrsel_policy(dstsock);
  395                 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
  396                         new_policy = lookup_addrsel_policy(&ia->ia_addr);
  397                         if (dst_policy->label == best_policy->label &&
  398                             dst_policy->label != new_policy->label)
  399                                 NEXT(6);
  400                         if (dst_policy->label != best_policy->label &&
  401                             dst_policy->label == new_policy->label)
  402                                 REPLACE(6);
  403                 }
  404 
  405                 /*
  406                  * Rule 7: Prefer public addresses.
  407                  * We allow users to reverse the logic by configuring
  408                  * a sysctl variable, so that privacy conscious users can
  409                  * always prefer temporary addresses.
  410                  */
  411                 if (opts == NULL ||
  412                     opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
  413                         prefer_tempaddr = V_ip6_prefer_tempaddr;
  414                 } else if (opts->ip6po_prefer_tempaddr ==
  415                     IP6PO_TEMPADDR_NOTPREFER) {
  416                         prefer_tempaddr = 0;
  417                 } else
  418                         prefer_tempaddr = 1;
  419                 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
  420                     (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
  421                         if (prefer_tempaddr)
  422                                 REPLACE(7);
  423                         else
  424                                 NEXT(7);
  425                 }
  426                 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
  427                     !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
  428                         if (prefer_tempaddr)
  429                                 NEXT(7);
  430                         else
  431                                 REPLACE(7);
  432                 }
  433 
  434                 /*
  435                  * Rule 8: prefer addresses on alive interfaces.
  436                  * This is a KAME specific rule.
  437                  */
  438                 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
  439                     !(ia->ia_ifp->if_flags & IFF_UP))
  440                         NEXT(8);
  441                 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
  442                     (ia->ia_ifp->if_flags & IFF_UP))
  443                         REPLACE(8);
  444 
  445                 /*
  446                  * Rule 14: Use longest matching prefix.
  447                  * Note: in the address selection draft, this rule is
  448                  * documented as "Rule 8".  However, since it is also
  449                  * documented that this rule can be overridden, we assign
  450                  * a large number so that it is easy to assign smaller numbers
  451                  * to more preferred rules.
  452                  */
  453                 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
  454                 if (best_matchlen < new_matchlen)
  455                         REPLACE(14);
  456                 if (new_matchlen < best_matchlen)
  457                         NEXT(14);
  458 
  459                 /* Rule 15 is reserved. */
  460 
  461                 /*
  462                  * Last resort: just keep the current candidate.
  463                  * Or, do we need more rules?
  464                  */
  465                 continue;
  466 
  467           replace:
  468                 ia_best = ia;
  469                 best_scope = (new_scope >= 0 ? new_scope :
  470                               in6_addrscope(&ia_best->ia_addr.sin6_addr));
  471                 best_policy = (new_policy ? new_policy :
  472                                lookup_addrsel_policy(&ia_best->ia_addr));
  473                 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
  474                                  in6_matchlen(&ia_best->ia_addr.sin6_addr,
  475                                               &dst));
  476 
  477           next:
  478                 continue;
  479 
  480           out:
  481                 break;
  482         }
  483 
  484         if ((ia = ia_best) == NULL) {
  485                 IN6_IFADDR_RUNLOCK();
  486                 IP6STAT_INC(ip6s_sources_none);
  487                 return (EADDRNOTAVAIL);
  488         }
  489 
  490         /*
  491          * At this point at least one of the addresses belonged to the jail
  492          * but it could still be, that we want to further restrict it, e.g.
  493          * theoratically IN6_IS_ADDR_LOOPBACK.
  494          * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
  495          * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
  496          * let all others previously selected pass.
  497          * Use tmp to not change ::1 on lo0 to the primary jail address.
  498          */
  499         tmp = ia->ia_addr.sin6_addr;
  500         if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
  501             (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
  502                 IN6_IFADDR_RUNLOCK();
  503                 IP6STAT_INC(ip6s_sources_none);
  504                 return (EADDRNOTAVAIL);
  505         }
  506 
  507         if (ifpp)
  508                 *ifpp = ifp;
  509 
  510         bcopy(&tmp, srcp, sizeof(*srcp));
  511         if (ia->ia_ifp == ifp)
  512                 IP6STAT_INC(ip6s_sources_sameif[best_scope]);
  513         else
  514                 IP6STAT_INC(ip6s_sources_otherif[best_scope]);
  515         if (dst_scope == best_scope)
  516                 IP6STAT_INC(ip6s_sources_samescope[best_scope]);
  517         else
  518                 IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
  519         if (IFA6_IS_DEPRECATED(ia))
  520                 IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
  521         IN6_IFADDR_RUNLOCK();
  522         return (0);
  523 }
  524 
  525 /*
  526  * clone - meaningful only for bsdi and freebsd
  527  */
  528 static int
  529 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  530     struct ip6_moptions *mopts, struct route_in6 *ro,
  531     struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
  532 {
  533         int error = 0;
  534         struct ifnet *ifp = NULL;
  535         struct rtentry *rt = NULL;
  536         struct sockaddr_in6 *sin6_next;
  537         struct in6_pktinfo *pi = NULL;
  538         struct in6_addr *dst = &dstsock->sin6_addr;
  539 #if 0
  540         char ip6buf[INET6_ADDRSTRLEN];
  541 
  542         if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
  543             dstsock->sin6_addr.s6_addr32[1] == 0 &&
  544             !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
  545                 printf("in6_selectroute: strange destination %s\n",
  546                        ip6_sprintf(ip6buf, &dstsock->sin6_addr));
  547         } else {
  548                 printf("in6_selectroute: destination = %s%%%d\n",
  549                        ip6_sprintf(ip6buf, &dstsock->sin6_addr),
  550                        dstsock->sin6_scope_id); /* for debug */
  551         }
  552 #endif
  553 
  554         /* If the caller specify the outgoing interface explicitly, use it. */
  555         if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
  556                 /* XXX boundary check is assumed to be already done. */
  557                 ifp = ifnet_byindex(pi->ipi6_ifindex);
  558                 if (ifp != NULL &&
  559                     (norouteok || retrt == NULL ||
  560                     IN6_IS_ADDR_MULTICAST(dst))) {
  561                         /*
  562                          * we do not have to check or get the route for
  563                          * multicast.
  564                          */
  565                         goto done;
  566                 } else
  567                         goto getroute;
  568         }
  569 
  570         /*
  571          * If the destination address is a multicast address and the outgoing
  572          * interface for the address is specified by the caller, use it.
  573          */
  574         if (IN6_IS_ADDR_MULTICAST(dst) &&
  575             mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
  576                 goto done; /* we do not need a route for multicast. */
  577         }
  578 
  579   getroute:
  580         /*
  581          * If the next hop address for the packet is specified by the caller,
  582          * use it as the gateway.
  583          */
  584         if (opts && opts->ip6po_nexthop) {
  585                 struct route_in6 *ron;
  586                 struct llentry *la;
  587             
  588                 sin6_next = satosin6(opts->ip6po_nexthop);
  589                 
  590                 /* at this moment, we only support AF_INET6 next hops */
  591                 if (sin6_next->sin6_family != AF_INET6) {
  592                         error = EAFNOSUPPORT; /* or should we proceed? */
  593                         goto done;
  594                 }
  595 
  596                 /*
  597                  * If the next hop is an IPv6 address, then the node identified
  598                  * by that address must be a neighbor of the sending host.
  599                  */
  600                 ron = &opts->ip6po_nextroute;
  601                 /*
  602                  * XXX what do we do here?
  603                  * PLZ to be fixing
  604                  */
  605 
  606 
  607                 if (ron->ro_rt == NULL) {
  608                         in6_rtalloc(ron, fibnum); /* multi path case? */
  609                         if (ron->ro_rt == NULL) {
  610                                 /* XXX-BZ WT.? */
  611                                 if (ron->ro_rt) {
  612                                         RTFREE(ron->ro_rt);
  613                                         ron->ro_rt = NULL;
  614                                 }
  615                                 error = EHOSTUNREACH;
  616                                 goto done;
  617                         } 
  618                 }
  619 
  620                 rt = ron->ro_rt;
  621                 ifp = rt->rt_ifp;
  622                 IF_AFDATA_RLOCK(ifp);
  623                 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
  624                 IF_AFDATA_RUNLOCK(ifp);
  625                 if (la != NULL) 
  626                         LLE_RUNLOCK(la);
  627                 else {
  628                         error = EHOSTUNREACH;
  629                         goto done;
  630                 }
  631 #if 0
  632                 if ((ron->ro_rt &&
  633                      (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
  634                      (RTF_UP | RTF_LLINFO)) ||
  635                     !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
  636                     &sin6_next->sin6_addr)) {
  637                         if (ron->ro_rt) {
  638                                 RTFREE(ron->ro_rt);
  639                                 ron->ro_rt = NULL;
  640                         }
  641                         *satosin6(&ron->ro_dst) = *sin6_next;
  642                 }
  643                 if (ron->ro_rt == NULL) {
  644                         in6_rtalloc(ron, fibnum); /* multi path case? */
  645                         if (ron->ro_rt == NULL ||
  646                             !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
  647                                 if (ron->ro_rt) {
  648                                         RTFREE(ron->ro_rt);
  649                                         ron->ro_rt = NULL;
  650                                 }
  651                                 error = EHOSTUNREACH;
  652                                 goto done;
  653                         }
  654                 }
  655 #endif
  656 
  657                 /*
  658                  * When cloning is required, try to allocate a route to the
  659                  * destination so that the caller can store path MTU
  660                  * information.
  661                  */
  662                 goto done;
  663         }
  664 
  665         /*
  666          * Use a cached route if it exists and is valid, else try to allocate
  667          * a new one.  Note that we should check the address family of the
  668          * cached destination, in case of sharing the cache with IPv4.
  669          */
  670         if (ro) {
  671                 if (ro->ro_rt &&
  672                     (!(ro->ro_rt->rt_flags & RTF_UP) ||
  673                      ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
  674                      !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
  675                      dst))) {
  676                         RTFREE(ro->ro_rt);
  677                         ro->ro_rt = (struct rtentry *)NULL;
  678                 }
  679                 if (ro->ro_rt == (struct rtentry *)NULL) {
  680                         struct sockaddr_in6 *sa6;
  681 
  682                         /* No route yet, so try to acquire one */
  683                         bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
  684                         sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
  685                         *sa6 = *dstsock;
  686                         sa6->sin6_scope_id = 0;
  687 
  688 #ifdef RADIX_MPATH
  689                                 rtalloc_mpath_fib((struct route *)ro,
  690                                     ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
  691 #else                   
  692                                 ro->ro_rt = in6_rtalloc1((struct sockaddr *)
  693                                     &ro->ro_dst, 0, 0UL, fibnum);
  694                                 if (ro->ro_rt)
  695                                         RT_UNLOCK(ro->ro_rt);
  696 #endif
  697                 }
  698                                 
  699                 /*
  700                  * do not care about the result if we have the nexthop
  701                  * explicitly specified.
  702                  */
  703                 if (opts && opts->ip6po_nexthop)
  704                         goto done;
  705 
  706                 if (ro->ro_rt) {
  707                         ifp = ro->ro_rt->rt_ifp;
  708 
  709                         if (ifp == NULL) { /* can this really happen? */
  710                                 RTFREE(ro->ro_rt);
  711                                 ro->ro_rt = NULL;
  712                         }
  713                 }
  714                 if (ro->ro_rt == NULL)
  715                         error = EHOSTUNREACH;
  716                 rt = ro->ro_rt;
  717 
  718                 /*
  719                  * Check if the outgoing interface conflicts with
  720                  * the interface specified by ipi6_ifindex (if specified).
  721                  * Note that loopback interface is always okay.
  722                  * (this may happen when we are sending a packet to one of
  723                  *  our own addresses.)
  724                  */
  725                 if (ifp && opts && opts->ip6po_pktinfo &&
  726                     opts->ip6po_pktinfo->ipi6_ifindex) {
  727                         if (!(ifp->if_flags & IFF_LOOPBACK) &&
  728                             ifp->if_index !=
  729                             opts->ip6po_pktinfo->ipi6_ifindex) {
  730                                 error = EHOSTUNREACH;
  731                                 goto done;
  732                         }
  733                 }
  734         }
  735 
  736   done:
  737         if (ifp == NULL && rt == NULL) {
  738                 /*
  739                  * This can happen if the caller did not pass a cached route
  740                  * nor any other hints.  We treat this case an error.
  741                  */
  742                 error = EHOSTUNREACH;
  743         }
  744         if (error == EHOSTUNREACH)
  745                 IP6STAT_INC(ip6s_noroute);
  746 
  747         if (retifp != NULL) {
  748                 *retifp = ifp;
  749 
  750                 /*
  751                  * Adjust the "outgoing" interface.  If we're going to loop 
  752                  * the packet back to ourselves, the ifp would be the loopback 
  753                  * interface. However, we'd rather know the interface associated 
  754                  * to the destination address (which should probably be one of 
  755                  * our own addresses.)
  756                  */
  757                 if (rt) {
  758                         if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
  759                             (rt->rt_gateway->sa_family == AF_LINK))
  760                                 *retifp = 
  761                                         ifnet_byindex(((struct sockaddr_dl *)
  762                                                        rt->rt_gateway)->sdl_index);
  763                 }
  764         }
  765 
  766         if (retrt != NULL)
  767                 *retrt = rt;    /* rt may be NULL */
  768 
  769         return (error);
  770 }
  771 
  772 static int
  773 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  774     struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
  775     struct ifnet *oifp, u_int fibnum)
  776 {
  777         int error;
  778         struct route_in6 sro;
  779         struct rtentry *rt = NULL;
  780 
  781         KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
  782 
  783         if (ro == NULL) {
  784                 bzero(&sro, sizeof(sro));
  785                 ro = &sro;
  786         }
  787 
  788         if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
  789             &rt, 1, fibnum)) != 0) {
  790                 if (ro == &sro && rt && rt == sro.ro_rt)
  791                         RTFREE(rt);
  792                 /* Help ND. See oifp comment in in6_selectsrc(). */
  793                 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
  794                         *retifp = oifp;
  795                         error = 0;
  796                 }
  797                 return (error);
  798         }
  799 
  800         /*
  801          * do not use a rejected or black hole route.
  802          * XXX: this check should be done in the L2 output routine.
  803          * However, if we skipped this check here, we'd see the following
  804          * scenario:
  805          * - install a rejected route for a scoped address prefix
  806          *   (like fe80::/10)
  807          * - send a packet to a destination that matches the scoped prefix,
  808          *   with ambiguity about the scope zone.
  809          * - pick the outgoing interface from the route, and disambiguate the
  810          *   scope zone with the interface.
  811          * - ip6_output() would try to get another route with the "new"
  812          *   destination, which may be valid.
  813          * - we'd see no error on output.
  814          * Although this may not be very harmful, it should still be confusing.
  815          * We thus reject the case here.
  816          */
  817         if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
  818                 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
  819 
  820                 if (ro == &sro && rt && rt == sro.ro_rt)
  821                         RTFREE(rt);
  822                 return (flags);
  823         }
  824 
  825         if (ro == &sro && rt && rt == sro.ro_rt)
  826                 RTFREE(rt);
  827         return (0);
  828 }
  829 
  830 /*
  831  * Public wrapper function to selectroute().
  832  *
  833  * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
  834  * in6_selectroute_fib() function is only there for backward compat on stable.
  835  */
  836 int
  837 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  838     struct ip6_moptions *mopts, struct route_in6 *ro,
  839     struct ifnet **retifp, struct rtentry **retrt)
  840 {
  841 
  842         return (selectroute(dstsock, opts, mopts, ro, retifp,
  843             retrt, 0, RT_DEFAULT_FIB));
  844 }
  845 
  846 #ifndef BURN_BRIDGES
  847 int
  848 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  849     struct ip6_moptions *mopts, struct route_in6 *ro,
  850     struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
  851 {
  852 
  853         return (selectroute(dstsock, opts, mopts, ro, retifp,
  854             retrt, 0, fibnum));
  855 }
  856 #endif
  857 
  858 /*
  859  * Default hop limit selection. The precedence is as follows:
  860  * 1. Hoplimit value specified via ioctl.
  861  * 2. (If the outgoing interface is detected) the current
  862  *     hop limit of the interface specified by router advertisement.
  863  * 3. The system default hoplimit.
  864  */
  865 int
  866 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
  867 {
  868 
  869         if (in6p && in6p->in6p_hops >= 0)
  870                 return (in6p->in6p_hops);
  871         else if (ifp)
  872                 return (ND_IFINFO(ifp)->chlim);
  873         else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
  874                 struct route_in6 ro6;
  875                 struct ifnet *lifp;
  876 
  877                 bzero(&ro6, sizeof(ro6));
  878                 ro6.ro_dst.sin6_family = AF_INET6;
  879                 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
  880                 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
  881                 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
  882                 if (ro6.ro_rt) {
  883                         lifp = ro6.ro_rt->rt_ifp;
  884                         RTFREE(ro6.ro_rt);
  885                         if (lifp)
  886                                 return (ND_IFINFO(lifp)->chlim);
  887                 }
  888         }
  889         return (V_ip6_defhlim);
  890 }
  891 
  892 /*
  893  * XXX: this is borrowed from in6_pcbbind(). If possible, we should
  894  * share this function by all *bsd*...
  895  */
  896 int
  897 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
  898 {
  899         struct socket *so = inp->inp_socket;
  900         u_int16_t lport = 0;
  901         int error, lookupflags = 0;
  902 #ifdef INVARIANTS
  903         struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
  904 #endif
  905 
  906         INP_WLOCK_ASSERT(inp);
  907         INP_HASH_WLOCK_ASSERT(pcbinfo);
  908 
  909         error = prison_local_ip6(cred, laddr,
  910             ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
  911         if (error)
  912                 return(error);
  913 
  914         /* XXX: this is redundant when called from in6_pcbbind */
  915         if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
  916                 lookupflags = INPLOOKUP_WILDCARD;
  917 
  918         inp->inp_flags |= INP_ANONPORT;
  919 
  920         error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
  921         if (error != 0)
  922                 return (error);
  923 
  924         inp->inp_lport = lport;
  925         if (in_pcbinshash(inp) != 0) {
  926                 inp->in6p_laddr = in6addr_any;
  927                 inp->inp_lport = 0;
  928                 return (EAGAIN);
  929         }
  930 
  931         return (0);
  932 }
  933 
  934 void
  935 addrsel_policy_init(void)
  936 {
  937 
  938         init_policy_queue();
  939 
  940         /* initialize the "last resort" policy */
  941         bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
  942         V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
  943 
  944         if (!IS_DEFAULT_VNET(curvnet))
  945                 return;
  946 
  947         ADDRSEL_LOCK_INIT();
  948         ADDRSEL_SXLOCK_INIT();
  949 }
  950 
  951 static struct in6_addrpolicy *
  952 lookup_addrsel_policy(struct sockaddr_in6 *key)
  953 {
  954         struct in6_addrpolicy *match = NULL;
  955 
  956         ADDRSEL_LOCK();
  957         match = match_addrsel_policy(key);
  958 
  959         if (match == NULL)
  960                 match = &V_defaultaddrpolicy;
  961         else
  962                 match->use++;
  963         ADDRSEL_UNLOCK();
  964 
  965         return (match);
  966 }
  967 
  968 /*
  969  * Subroutines to manage the address selection policy table via sysctl.
  970  */
  971 struct walkarg {
  972         struct sysctl_req *w_req;
  973 };
  974 
  975 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
  976 SYSCTL_DECL(_net_inet6_ip6);
  977 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
  978         CTLFLAG_RD, in6_src_sysctl, "");
  979 
  980 static int
  981 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
  982 {
  983         struct walkarg w;
  984 
  985         if (req->newptr)
  986                 return EPERM;
  987 
  988         bzero(&w, sizeof(w));
  989         w.w_req = req;
  990 
  991         return (walk_addrsel_policy(dump_addrsel_policyent, &w));
  992 }
  993 
  994 int
  995 in6_src_ioctl(u_long cmd, caddr_t data)
  996 {
  997         int i;
  998         struct in6_addrpolicy ent0;
  999 
 1000         if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
 1001                 return (EOPNOTSUPP); /* check for safety */
 1002 
 1003         ent0 = *(struct in6_addrpolicy *)data;
 1004 
 1005         if (ent0.label == ADDR_LABEL_NOTAPP)
 1006                 return (EINVAL);
 1007         /* check if the prefix mask is consecutive. */
 1008         if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
 1009                 return (EINVAL);
 1010         /* clear trailing garbages (if any) of the prefix address. */
 1011         for (i = 0; i < 4; i++) {
 1012                 ent0.addr.sin6_addr.s6_addr32[i] &=
 1013                         ent0.addrmask.sin6_addr.s6_addr32[i];
 1014         }
 1015         ent0.use = 0;
 1016 
 1017         switch (cmd) {
 1018         case SIOCAADDRCTL_POLICY:
 1019                 return (add_addrsel_policyent(&ent0));
 1020         case SIOCDADDRCTL_POLICY:
 1021                 return (delete_addrsel_policyent(&ent0));
 1022         }
 1023 
 1024         return (0);             /* XXX: compromise compilers */
 1025 }
 1026 
 1027 /*
 1028  * The followings are implementation of the policy table using a
 1029  * simple tail queue.
 1030  * XXX such details should be hidden.
 1031  * XXX implementation using binary tree should be more efficient.
 1032  */
 1033 struct addrsel_policyent {
 1034         TAILQ_ENTRY(addrsel_policyent) ape_entry;
 1035         struct in6_addrpolicy ape_policy;
 1036 };
 1037 
 1038 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
 1039 
 1040 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
 1041 #define V_addrsel_policytab             VNET(addrsel_policytab)
 1042 
 1043 static void
 1044 init_policy_queue(void)
 1045 {
 1046 
 1047         TAILQ_INIT(&V_addrsel_policytab);
 1048 }
 1049 
 1050 static int
 1051 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
 1052 {
 1053         struct addrsel_policyent *new, *pol;
 1054 
 1055         new = malloc(sizeof(*new), M_IFADDR,
 1056                M_WAITOK);
 1057         ADDRSEL_XLOCK();
 1058         ADDRSEL_LOCK();
 1059 
 1060         /* duplication check */
 1061         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1062                 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
 1063                                        &pol->ape_policy.addr.sin6_addr) &&
 1064                     IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
 1065                                        &pol->ape_policy.addrmask.sin6_addr)) {
 1066                         ADDRSEL_UNLOCK();
 1067                         ADDRSEL_XUNLOCK();
 1068                         free(new, M_IFADDR);
 1069                         return (EEXIST);        /* or override it? */
 1070                 }
 1071         }
 1072 
 1073         bzero(new, sizeof(*new));
 1074 
 1075         /* XXX: should validate entry */
 1076         new->ape_policy = *newpolicy;
 1077 
 1078         TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
 1079         ADDRSEL_UNLOCK();
 1080         ADDRSEL_XUNLOCK();
 1081 
 1082         return (0);
 1083 }
 1084 
 1085 static int
 1086 delete_addrsel_policyent(struct in6_addrpolicy *key)
 1087 {
 1088         struct addrsel_policyent *pol;
 1089 
 1090         ADDRSEL_XLOCK();
 1091         ADDRSEL_LOCK();
 1092 
 1093         /* search for the entry in the table */
 1094         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1095                 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
 1096                     &pol->ape_policy.addr.sin6_addr) &&
 1097                     IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
 1098                     &pol->ape_policy.addrmask.sin6_addr)) {
 1099                         break;
 1100                 }
 1101         }
 1102         if (pol == NULL) {
 1103                 ADDRSEL_UNLOCK();
 1104                 ADDRSEL_XUNLOCK();
 1105                 return (ESRCH);
 1106         }
 1107 
 1108         TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
 1109         ADDRSEL_UNLOCK();
 1110         ADDRSEL_XUNLOCK();
 1111         free(pol, M_IFADDR);
 1112 
 1113         return (0);
 1114 }
 1115 
 1116 static int
 1117 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
 1118 {
 1119         struct addrsel_policyent *pol;
 1120         int error = 0;
 1121 
 1122         ADDRSEL_SLOCK();
 1123         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1124                 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
 1125                         ADDRSEL_SUNLOCK();
 1126                         return (error);
 1127                 }
 1128         }
 1129         ADDRSEL_SUNLOCK();
 1130         return (error);
 1131 }
 1132 
 1133 static int
 1134 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
 1135 {
 1136         int error = 0;
 1137         struct walkarg *w = arg;
 1138 
 1139         error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
 1140 
 1141         return (error);
 1142 }
 1143 
 1144 static struct in6_addrpolicy *
 1145 match_addrsel_policy(struct sockaddr_in6 *key)
 1146 {
 1147         struct addrsel_policyent *pent;
 1148         struct in6_addrpolicy *bestpol = NULL, *pol;
 1149         int matchlen, bestmatchlen = -1;
 1150         u_char *mp, *ep, *k, *p, m;
 1151 
 1152         TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
 1153                 matchlen = 0;
 1154 
 1155                 pol = &pent->ape_policy;
 1156                 mp = (u_char *)&pol->addrmask.sin6_addr;
 1157                 ep = mp + 16;   /* XXX: scope field? */
 1158                 k = (u_char *)&key->sin6_addr;
 1159                 p = (u_char *)&pol->addr.sin6_addr;
 1160                 for (; mp < ep && *mp; mp++, k++, p++) {
 1161                         m = *mp;
 1162                         if ((*k & m) != *p)
 1163                                 goto next; /* not match */
 1164                         if (m == 0xff) /* short cut for a typical case */
 1165                                 matchlen += 8;
 1166                         else {
 1167                                 while (m >= 0x80) {
 1168                                         matchlen++;
 1169                                         m <<= 1;
 1170                                 }
 1171                         }
 1172                 }
 1173 
 1174                 /* matched.  check if this is better than the current best. */
 1175                 if (bestpol == NULL ||
 1176                     matchlen > bestmatchlen) {
 1177                         bestpol = pol;
 1178                         bestmatchlen = matchlen;
 1179                 }
 1180 
 1181           next:
 1182                 continue;
 1183         }
 1184 
 1185         return (bestpol);
 1186 }

Cache object: 7842d133fa49c3e9374d439b8ec17eed


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.