1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30 */
31
32 /*-
33 * Copyright (c) 1982, 1986, 1991, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
61 */
62
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD: releng/10.2/sys/netinet6/in6_src.c 272790 2014-10-09 02:49:33Z ae $");
65
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68 #include "opt_mpath.h"
69
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/lock.h>
73 #include <sys/malloc.h>
74 #include <sys/mbuf.h>
75 #include <sys/priv.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/sockio.h>
80 #include <sys/sysctl.h>
81 #include <sys/errno.h>
82 #include <sys/time.h>
83 #include <sys/jail.h>
84 #include <sys/kernel.h>
85 #include <sys/sx.h>
86
87 #include <net/if.h>
88 #include <net/if_dl.h>
89 #include <net/route.h>
90 #include <net/if_llatbl.h>
91 #ifdef RADIX_MPATH
92 #include <net/radix_mpath.h>
93 #endif
94
95 #include <netinet/in.h>
96 #include <netinet/in_var.h>
97 #include <netinet/in_systm.h>
98 #include <netinet/ip.h>
99 #include <netinet/in_pcb.h>
100 #include <netinet/ip_var.h>
101 #include <netinet/udp.h>
102 #include <netinet/udp_var.h>
103
104 #include <netinet6/in6_var.h>
105 #include <netinet/ip6.h>
106 #include <netinet6/in6_pcb.h>
107 #include <netinet6/ip6_var.h>
108 #include <netinet6/scope6_var.h>
109 #include <netinet6/nd6.h>
110
111 static struct mtx addrsel_lock;
112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock)
114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock)
115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED)
116
117 static struct sx addrsel_sxlock;
118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock")
119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock)
120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock)
121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock)
122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock)
123
124 #define ADDR_LABEL_NOTAPP (-1)
125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
126 #define V_defaultaddrpolicy VNET(defaultaddrpolicy)
127
128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
129
130 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
131 struct ip6_moptions *, struct route_in6 *, struct ifnet **,
132 struct rtentry **, int, u_int);
133 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **,
135 struct ifnet *, u_int);
136
137 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
138
139 static void init_policy_queue(void);
140 static int add_addrsel_policyent(struct in6_addrpolicy *);
141 static int delete_addrsel_policyent(struct in6_addrpolicy *);
142 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
143 void *);
144 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
145 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
146
147 /*
148 * Return an IPv6 address, which is the most appropriate for a given
149 * destination and user specified options.
150 * If necessary, this function lookups the routing table and returns
151 * an entry to the caller for later use.
152 */
153 #define REPLACE(r) do {\
154 IP6STAT_INC(ip6s_sources_rule[(r)]); \
155 rule = (r); \
156 /* { \
157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
159 } */ \
160 goto replace; \
161 } while(0)
162 #define NEXT(r) do {\
163 /* { \
164 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
165 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
166 } */ \
167 goto next; /* XXX: we can't use 'continue' here */ \
168 } while(0)
169 #define BREAK(r) do { \
170 IP6STAT_INC(ip6s_sources_rule[(r)]); \
171 rule = (r); \
172 goto out; /* XXX: we can't use 'break' here */ \
173 } while(0)
174
175 int
176 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
177 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
178 struct ifnet **ifpp, struct in6_addr *srcp)
179 {
180 struct in6_addr dst, tmp;
181 struct ifnet *ifp = NULL, *oifp = NULL;
182 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
183 struct in6_pktinfo *pi = NULL;
184 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
185 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
186 u_int32_t odstzone;
187 int prefer_tempaddr;
188 int error, rule;
189 struct ip6_moptions *mopts;
190
191 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
192
193 dst = dstsock->sin6_addr; /* make a copy for local operation */
194 if (ifpp) {
195 /*
196 * Save a possibly passed in ifp for in6_selectsrc. Only
197 * neighbor discovery code should use this feature, where
198 * we may know the interface but not the FIB number holding
199 * the connected subnet in case someone deleted it from the
200 * default FIB and we need to check the interface.
201 */
202 if (*ifpp != NULL)
203 oifp = *ifpp;
204 *ifpp = NULL;
205 }
206
207 if (inp != NULL) {
208 INP_LOCK_ASSERT(inp);
209 mopts = inp->in6p_moptions;
210 } else {
211 mopts = NULL;
212 }
213
214 /*
215 * If the source address is explicitly specified by the caller,
216 * check if the requested source address is indeed a unicast address
217 * assigned to the node, and can be used as the packet's source
218 * address. If everything is okay, use the address as source.
219 */
220 if (opts && (pi = opts->ip6po_pktinfo) &&
221 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
222 struct sockaddr_in6 srcsock;
223 struct in6_ifaddr *ia6;
224
225 /* get the outgoing interface */
226 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
227 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
228 != 0)
229 return (error);
230
231 /*
232 * determine the appropriate zone id of the source based on
233 * the zone of the destination and the outgoing interface.
234 * If the specified address is ambiguous wrt the scope zone,
235 * the interface must be specified; otherwise, ifa_ifwithaddr()
236 * will fail matching the address.
237 */
238 bzero(&srcsock, sizeof(srcsock));
239 srcsock.sin6_family = AF_INET6;
240 srcsock.sin6_len = sizeof(srcsock);
241 srcsock.sin6_addr = pi->ipi6_addr;
242 if (ifp) {
243 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
244 if (error)
245 return (error);
246 }
247 if (cred != NULL && (error = prison_local_ip6(cred,
248 &srcsock.sin6_addr, (inp != NULL &&
249 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
250 return (error);
251
252 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
253 (struct sockaddr *)&srcsock);
254 if (ia6 == NULL ||
255 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
256 if (ia6 != NULL)
257 ifa_free(&ia6->ia_ifa);
258 return (EADDRNOTAVAIL);
259 }
260 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
261 if (ifpp)
262 *ifpp = ifp;
263 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
264 ifa_free(&ia6->ia_ifa);
265 return (0);
266 }
267
268 /*
269 * Otherwise, if the socket has already bound the source, just use it.
270 */
271 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
272 if (cred != NULL &&
273 (error = prison_local_ip6(cred, &inp->in6p_laddr,
274 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
275 return (error);
276 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
277 return (0);
278 }
279
280 /*
281 * Bypass source address selection and use the primary jail IP
282 * if requested.
283 */
284 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
285 return (0);
286
287 /*
288 * If the address is not specified, choose the best one based on
289 * the outgoing interface and the destination address.
290 */
291 /* get the outgoing interface */
292 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
293 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
294 return (error);
295
296 #ifdef DIAGNOSTIC
297 if (ifp == NULL) /* this should not happen */
298 panic("in6_selectsrc: NULL ifp");
299 #endif
300 error = in6_setscope(&dst, ifp, &odstzone);
301 if (error)
302 return (error);
303
304 rule = 0;
305 IN6_IFADDR_RLOCK();
306 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
307 int new_scope = -1, new_matchlen = -1;
308 struct in6_addrpolicy *new_policy = NULL;
309 u_int32_t srczone, osrczone, dstzone;
310 struct in6_addr src;
311 struct ifnet *ifp1 = ia->ia_ifp;
312
313 /*
314 * We'll never take an address that breaks the scope zone
315 * of the destination. We also skip an address if its zone
316 * does not contain the outgoing interface.
317 * XXX: we should probably use sin6_scope_id here.
318 */
319 if (in6_setscope(&dst, ifp1, &dstzone) ||
320 odstzone != dstzone) {
321 continue;
322 }
323 src = ia->ia_addr.sin6_addr;
324 if (in6_setscope(&src, ifp, &osrczone) ||
325 in6_setscope(&src, ifp1, &srczone) ||
326 osrczone != srczone) {
327 continue;
328 }
329
330 /* avoid unusable addresses */
331 if ((ia->ia6_flags &
332 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
333 continue;
334 }
335 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
336 continue;
337
338 /* If jailed only take addresses of the jail into account. */
339 if (cred != NULL &&
340 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
341 continue;
342
343 /* Rule 1: Prefer same address */
344 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
345 ia_best = ia;
346 BREAK(1); /* there should be no better candidate */
347 }
348
349 if (ia_best == NULL)
350 REPLACE(0);
351
352 /* Rule 2: Prefer appropriate scope */
353 if (dst_scope < 0)
354 dst_scope = in6_addrscope(&dst);
355 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
356 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
357 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
358 REPLACE(2);
359 NEXT(2);
360 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
361 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
362 NEXT(2);
363 REPLACE(2);
364 }
365
366 /*
367 * Rule 3: Avoid deprecated addresses. Note that the case of
368 * !ip6_use_deprecated is already rejected above.
369 */
370 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
371 NEXT(3);
372 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
373 REPLACE(3);
374
375 /* Rule 4: Prefer home addresses */
376 /*
377 * XXX: This is a TODO. We should probably merge the MIP6
378 * case above.
379 */
380
381 /* Rule 5: Prefer outgoing interface */
382 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
383 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
384 NEXT(5);
385 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
386 REPLACE(5);
387 }
388
389 /*
390 * Rule 6: Prefer matching label
391 * Note that best_policy should be non-NULL here.
392 */
393 if (dst_policy == NULL)
394 dst_policy = lookup_addrsel_policy(dstsock);
395 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
396 new_policy = lookup_addrsel_policy(&ia->ia_addr);
397 if (dst_policy->label == best_policy->label &&
398 dst_policy->label != new_policy->label)
399 NEXT(6);
400 if (dst_policy->label != best_policy->label &&
401 dst_policy->label == new_policy->label)
402 REPLACE(6);
403 }
404
405 /*
406 * Rule 7: Prefer public addresses.
407 * We allow users to reverse the logic by configuring
408 * a sysctl variable, so that privacy conscious users can
409 * always prefer temporary addresses.
410 */
411 if (opts == NULL ||
412 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
413 prefer_tempaddr = V_ip6_prefer_tempaddr;
414 } else if (opts->ip6po_prefer_tempaddr ==
415 IP6PO_TEMPADDR_NOTPREFER) {
416 prefer_tempaddr = 0;
417 } else
418 prefer_tempaddr = 1;
419 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
420 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
421 if (prefer_tempaddr)
422 REPLACE(7);
423 else
424 NEXT(7);
425 }
426 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
427 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
428 if (prefer_tempaddr)
429 NEXT(7);
430 else
431 REPLACE(7);
432 }
433
434 /*
435 * Rule 8: prefer addresses on alive interfaces.
436 * This is a KAME specific rule.
437 */
438 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
439 !(ia->ia_ifp->if_flags & IFF_UP))
440 NEXT(8);
441 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
442 (ia->ia_ifp->if_flags & IFF_UP))
443 REPLACE(8);
444
445 /*
446 * Rule 9: prefer address with better virtual status.
447 */
448 if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa))
449 REPLACE(9);
450 if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa))
451 NEXT(9);
452
453 /*
454 * Rule 10: prefer address with `prefer_source' flag.
455 */
456 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 &&
457 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0)
458 REPLACE(10);
459 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 &&
460 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0)
461 NEXT(10);
462
463 /*
464 * Rule 14: Use longest matching prefix.
465 * Note: in the address selection draft, this rule is
466 * documented as "Rule 8". However, since it is also
467 * documented that this rule can be overridden, we assign
468 * a large number so that it is easy to assign smaller numbers
469 * to more preferred rules.
470 */
471 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
472 if (best_matchlen < new_matchlen)
473 REPLACE(14);
474 if (new_matchlen < best_matchlen)
475 NEXT(14);
476
477 /* Rule 15 is reserved. */
478
479 /*
480 * Last resort: just keep the current candidate.
481 * Or, do we need more rules?
482 */
483 continue;
484
485 replace:
486 ia_best = ia;
487 best_scope = (new_scope >= 0 ? new_scope :
488 in6_addrscope(&ia_best->ia_addr.sin6_addr));
489 best_policy = (new_policy ? new_policy :
490 lookup_addrsel_policy(&ia_best->ia_addr));
491 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
492 in6_matchlen(&ia_best->ia_addr.sin6_addr,
493 &dst));
494
495 next:
496 continue;
497
498 out:
499 break;
500 }
501
502 if ((ia = ia_best) == NULL) {
503 IN6_IFADDR_RUNLOCK();
504 IP6STAT_INC(ip6s_sources_none);
505 return (EADDRNOTAVAIL);
506 }
507
508 /*
509 * At this point at least one of the addresses belonged to the jail
510 * but it could still be, that we want to further restrict it, e.g.
511 * theoratically IN6_IS_ADDR_LOOPBACK.
512 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
513 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
514 * let all others previously selected pass.
515 * Use tmp to not change ::1 on lo0 to the primary jail address.
516 */
517 tmp = ia->ia_addr.sin6_addr;
518 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
519 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
520 IN6_IFADDR_RUNLOCK();
521 IP6STAT_INC(ip6s_sources_none);
522 return (EADDRNOTAVAIL);
523 }
524
525 if (ifpp)
526 *ifpp = ifp;
527
528 bcopy(&tmp, srcp, sizeof(*srcp));
529 if (ia->ia_ifp == ifp)
530 IP6STAT_INC(ip6s_sources_sameif[best_scope]);
531 else
532 IP6STAT_INC(ip6s_sources_otherif[best_scope]);
533 if (dst_scope == best_scope)
534 IP6STAT_INC(ip6s_sources_samescope[best_scope]);
535 else
536 IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
537 if (IFA6_IS_DEPRECATED(ia))
538 IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
539 IN6_IFADDR_RUNLOCK();
540 return (0);
541 }
542
543 /*
544 * clone - meaningful only for bsdi and freebsd
545 */
546 static int
547 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
548 struct ip6_moptions *mopts, struct route_in6 *ro,
549 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
550 {
551 int error = 0;
552 struct ifnet *ifp = NULL;
553 struct rtentry *rt = NULL;
554 struct sockaddr_in6 *sin6_next;
555 struct in6_pktinfo *pi = NULL;
556 struct in6_addr *dst = &dstsock->sin6_addr;
557 #if 0
558 char ip6buf[INET6_ADDRSTRLEN];
559
560 if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
561 dstsock->sin6_addr.s6_addr32[1] == 0 &&
562 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
563 printf("in6_selectroute: strange destination %s\n",
564 ip6_sprintf(ip6buf, &dstsock->sin6_addr));
565 } else {
566 printf("in6_selectroute: destination = %s%%%d\n",
567 ip6_sprintf(ip6buf, &dstsock->sin6_addr),
568 dstsock->sin6_scope_id); /* for debug */
569 }
570 #endif
571
572 /* If the caller specify the outgoing interface explicitly, use it. */
573 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
574 /* XXX boundary check is assumed to be already done. */
575 ifp = ifnet_byindex(pi->ipi6_ifindex);
576 if (ifp != NULL &&
577 (norouteok || retrt == NULL ||
578 IN6_IS_ADDR_MULTICAST(dst))) {
579 /*
580 * we do not have to check or get the route for
581 * multicast.
582 */
583 goto done;
584 } else
585 goto getroute;
586 }
587
588 /*
589 * If the destination address is a multicast address and the outgoing
590 * interface for the address is specified by the caller, use it.
591 */
592 if (IN6_IS_ADDR_MULTICAST(dst) &&
593 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
594 goto done; /* we do not need a route for multicast. */
595 }
596
597 getroute:
598 /*
599 * If the next hop address for the packet is specified by the caller,
600 * use it as the gateway.
601 */
602 if (opts && opts->ip6po_nexthop) {
603 struct route_in6 *ron;
604 struct llentry *la;
605
606 sin6_next = satosin6(opts->ip6po_nexthop);
607
608 /* at this moment, we only support AF_INET6 next hops */
609 if (sin6_next->sin6_family != AF_INET6) {
610 error = EAFNOSUPPORT; /* or should we proceed? */
611 goto done;
612 }
613
614 /*
615 * If the next hop is an IPv6 address, then the node identified
616 * by that address must be a neighbor of the sending host.
617 */
618 ron = &opts->ip6po_nextroute;
619 /*
620 * XXX what do we do here?
621 * PLZ to be fixing
622 */
623
624
625 if (ron->ro_rt == NULL) {
626 in6_rtalloc(ron, fibnum); /* multi path case? */
627 if (ron->ro_rt == NULL) {
628 /* XXX-BZ WT.? */
629 if (ron->ro_rt) {
630 RTFREE(ron->ro_rt);
631 ron->ro_rt = NULL;
632 }
633 error = EHOSTUNREACH;
634 goto done;
635 }
636 }
637
638 rt = ron->ro_rt;
639 ifp = rt->rt_ifp;
640 IF_AFDATA_RLOCK(ifp);
641 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
642 IF_AFDATA_RUNLOCK(ifp);
643 if (la != NULL)
644 LLE_RUNLOCK(la);
645 else {
646 error = EHOSTUNREACH;
647 goto done;
648 }
649 #if 0
650 if ((ron->ro_rt &&
651 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
652 (RTF_UP | RTF_LLINFO)) ||
653 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
654 &sin6_next->sin6_addr)) {
655 if (ron->ro_rt) {
656 RTFREE(ron->ro_rt);
657 ron->ro_rt = NULL;
658 }
659 *satosin6(&ron->ro_dst) = *sin6_next;
660 }
661 if (ron->ro_rt == NULL) {
662 in6_rtalloc(ron, fibnum); /* multi path case? */
663 if (ron->ro_rt == NULL ||
664 !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
665 if (ron->ro_rt) {
666 RTFREE(ron->ro_rt);
667 ron->ro_rt = NULL;
668 }
669 error = EHOSTUNREACH;
670 goto done;
671 }
672 }
673 #endif
674
675 /*
676 * When cloning is required, try to allocate a route to the
677 * destination so that the caller can store path MTU
678 * information.
679 */
680 goto done;
681 }
682
683 /*
684 * Use a cached route if it exists and is valid, else try to allocate
685 * a new one. Note that we should check the address family of the
686 * cached destination, in case of sharing the cache with IPv4.
687 */
688 if (ro) {
689 if (ro->ro_rt &&
690 (!(ro->ro_rt->rt_flags & RTF_UP) ||
691 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
692 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
693 dst))) {
694 RTFREE(ro->ro_rt);
695 ro->ro_rt = (struct rtentry *)NULL;
696 }
697 if (ro->ro_rt == (struct rtentry *)NULL) {
698 struct sockaddr_in6 *sa6;
699
700 /* No route yet, so try to acquire one */
701 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
702 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
703 *sa6 = *dstsock;
704 sa6->sin6_scope_id = 0;
705
706 #ifdef RADIX_MPATH
707 rtalloc_mpath_fib((struct route *)ro,
708 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
709 #else
710 ro->ro_rt = in6_rtalloc1((struct sockaddr *)
711 &ro->ro_dst, 0, 0UL, fibnum);
712 if (ro->ro_rt)
713 RT_UNLOCK(ro->ro_rt);
714 #endif
715 }
716
717 /*
718 * do not care about the result if we have the nexthop
719 * explicitly specified.
720 */
721 if (opts && opts->ip6po_nexthop)
722 goto done;
723
724 if (ro->ro_rt) {
725 ifp = ro->ro_rt->rt_ifp;
726
727 if (ifp == NULL) { /* can this really happen? */
728 RTFREE(ro->ro_rt);
729 ro->ro_rt = NULL;
730 }
731 }
732 if (ro->ro_rt == NULL)
733 error = EHOSTUNREACH;
734 rt = ro->ro_rt;
735
736 /*
737 * Check if the outgoing interface conflicts with
738 * the interface specified by ipi6_ifindex (if specified).
739 * Note that loopback interface is always okay.
740 * (this may happen when we are sending a packet to one of
741 * our own addresses.)
742 */
743 if (ifp && opts && opts->ip6po_pktinfo &&
744 opts->ip6po_pktinfo->ipi6_ifindex) {
745 if (!(ifp->if_flags & IFF_LOOPBACK) &&
746 ifp->if_index !=
747 opts->ip6po_pktinfo->ipi6_ifindex) {
748 error = EHOSTUNREACH;
749 goto done;
750 }
751 }
752 }
753
754 done:
755 if (ifp == NULL && rt == NULL) {
756 /*
757 * This can happen if the caller did not pass a cached route
758 * nor any other hints. We treat this case an error.
759 */
760 error = EHOSTUNREACH;
761 }
762 if (error == EHOSTUNREACH)
763 IP6STAT_INC(ip6s_noroute);
764
765 if (retifp != NULL) {
766 *retifp = ifp;
767
768 /*
769 * Adjust the "outgoing" interface. If we're going to loop
770 * the packet back to ourselves, the ifp would be the loopback
771 * interface. However, we'd rather know the interface associated
772 * to the destination address (which should probably be one of
773 * our own addresses.)
774 */
775 if (rt) {
776 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
777 (rt->rt_gateway->sa_family == AF_LINK))
778 *retifp =
779 ifnet_byindex(((struct sockaddr_dl *)
780 rt->rt_gateway)->sdl_index);
781 }
782 }
783
784 if (retrt != NULL)
785 *retrt = rt; /* rt may be NULL */
786
787 return (error);
788 }
789
790 static int
791 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
792 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
793 struct ifnet *oifp, u_int fibnum)
794 {
795 int error;
796 struct route_in6 sro;
797 struct rtentry *rt = NULL;
798
799 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
800
801 if (ro == NULL) {
802 bzero(&sro, sizeof(sro));
803 ro = &sro;
804 }
805
806 if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
807 &rt, 1, fibnum)) != 0) {
808 if (ro == &sro && rt && rt == sro.ro_rt)
809 RTFREE(rt);
810 /* Help ND. See oifp comment in in6_selectsrc(). */
811 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
812 *retifp = oifp;
813 error = 0;
814 }
815 return (error);
816 }
817
818 /*
819 * do not use a rejected or black hole route.
820 * XXX: this check should be done in the L2 output routine.
821 * However, if we skipped this check here, we'd see the following
822 * scenario:
823 * - install a rejected route for a scoped address prefix
824 * (like fe80::/10)
825 * - send a packet to a destination that matches the scoped prefix,
826 * with ambiguity about the scope zone.
827 * - pick the outgoing interface from the route, and disambiguate the
828 * scope zone with the interface.
829 * - ip6_output() would try to get another route with the "new"
830 * destination, which may be valid.
831 * - we'd see no error on output.
832 * Although this may not be very harmful, it should still be confusing.
833 * We thus reject the case here.
834 */
835 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
836 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
837
838 if (ro == &sro && rt && rt == sro.ro_rt)
839 RTFREE(rt);
840 return (flags);
841 }
842
843 if (ro == &sro && rt && rt == sro.ro_rt)
844 RTFREE(rt);
845 return (0);
846 }
847
848 /*
849 * Public wrapper function to selectroute().
850 *
851 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
852 * in6_selectroute_fib() function is only there for backward compat on stable.
853 */
854 int
855 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
856 struct ip6_moptions *mopts, struct route_in6 *ro,
857 struct ifnet **retifp, struct rtentry **retrt)
858 {
859
860 return (selectroute(dstsock, opts, mopts, ro, retifp,
861 retrt, 0, RT_DEFAULT_FIB));
862 }
863
864 #ifndef BURN_BRIDGES
865 int
866 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
867 struct ip6_moptions *mopts, struct route_in6 *ro,
868 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
869 {
870
871 return (selectroute(dstsock, opts, mopts, ro, retifp,
872 retrt, 0, fibnum));
873 }
874 #endif
875
876 /*
877 * Default hop limit selection. The precedence is as follows:
878 * 1. Hoplimit value specified via ioctl.
879 * 2. (If the outgoing interface is detected) the current
880 * hop limit of the interface specified by router advertisement.
881 * 3. The system default hoplimit.
882 */
883 int
884 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
885 {
886
887 if (in6p && in6p->in6p_hops >= 0)
888 return (in6p->in6p_hops);
889 else if (ifp)
890 return (ND_IFINFO(ifp)->chlim);
891 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
892 struct route_in6 ro6;
893 struct ifnet *lifp;
894
895 bzero(&ro6, sizeof(ro6));
896 ro6.ro_dst.sin6_family = AF_INET6;
897 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
898 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
899 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
900 if (ro6.ro_rt) {
901 lifp = ro6.ro_rt->rt_ifp;
902 RTFREE(ro6.ro_rt);
903 if (lifp)
904 return (ND_IFINFO(lifp)->chlim);
905 }
906 }
907 return (V_ip6_defhlim);
908 }
909
910 /*
911 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
912 * share this function by all *bsd*...
913 */
914 int
915 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
916 {
917 struct socket *so = inp->inp_socket;
918 u_int16_t lport = 0;
919 int error, lookupflags = 0;
920 #ifdef INVARIANTS
921 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
922 #endif
923
924 INP_WLOCK_ASSERT(inp);
925 INP_HASH_WLOCK_ASSERT(pcbinfo);
926
927 error = prison_local_ip6(cred, laddr,
928 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
929 if (error)
930 return(error);
931
932 /* XXX: this is redundant when called from in6_pcbbind */
933 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
934 lookupflags = INPLOOKUP_WILDCARD;
935
936 inp->inp_flags |= INP_ANONPORT;
937
938 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
939 if (error != 0)
940 return (error);
941
942 inp->inp_lport = lport;
943 if (in_pcbinshash(inp) != 0) {
944 inp->in6p_laddr = in6addr_any;
945 inp->inp_lport = 0;
946 return (EAGAIN);
947 }
948
949 return (0);
950 }
951
952 void
953 addrsel_policy_init(void)
954 {
955
956 init_policy_queue();
957
958 /* initialize the "last resort" policy */
959 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
960 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
961
962 if (!IS_DEFAULT_VNET(curvnet))
963 return;
964
965 ADDRSEL_LOCK_INIT();
966 ADDRSEL_SXLOCK_INIT();
967 }
968
969 static struct in6_addrpolicy *
970 lookup_addrsel_policy(struct sockaddr_in6 *key)
971 {
972 struct in6_addrpolicy *match = NULL;
973
974 ADDRSEL_LOCK();
975 match = match_addrsel_policy(key);
976
977 if (match == NULL)
978 match = &V_defaultaddrpolicy;
979 else
980 match->use++;
981 ADDRSEL_UNLOCK();
982
983 return (match);
984 }
985
986 /*
987 * Subroutines to manage the address selection policy table via sysctl.
988 */
989 struct walkarg {
990 struct sysctl_req *w_req;
991 };
992
993 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
994 SYSCTL_DECL(_net_inet6_ip6);
995 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
996 CTLFLAG_RD, in6_src_sysctl, "");
997
998 static int
999 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
1000 {
1001 struct walkarg w;
1002
1003 if (req->newptr)
1004 return EPERM;
1005
1006 bzero(&w, sizeof(w));
1007 w.w_req = req;
1008
1009 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
1010 }
1011
1012 int
1013 in6_src_ioctl(u_long cmd, caddr_t data)
1014 {
1015 int i;
1016 struct in6_addrpolicy ent0;
1017
1018 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
1019 return (EOPNOTSUPP); /* check for safety */
1020
1021 ent0 = *(struct in6_addrpolicy *)data;
1022
1023 if (ent0.label == ADDR_LABEL_NOTAPP)
1024 return (EINVAL);
1025 /* check if the prefix mask is consecutive. */
1026 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
1027 return (EINVAL);
1028 /* clear trailing garbages (if any) of the prefix address. */
1029 for (i = 0; i < 4; i++) {
1030 ent0.addr.sin6_addr.s6_addr32[i] &=
1031 ent0.addrmask.sin6_addr.s6_addr32[i];
1032 }
1033 ent0.use = 0;
1034
1035 switch (cmd) {
1036 case SIOCAADDRCTL_POLICY:
1037 return (add_addrsel_policyent(&ent0));
1038 case SIOCDADDRCTL_POLICY:
1039 return (delete_addrsel_policyent(&ent0));
1040 }
1041
1042 return (0); /* XXX: compromise compilers */
1043 }
1044
1045 /*
1046 * The followings are implementation of the policy table using a
1047 * simple tail queue.
1048 * XXX such details should be hidden.
1049 * XXX implementation using binary tree should be more efficient.
1050 */
1051 struct addrsel_policyent {
1052 TAILQ_ENTRY(addrsel_policyent) ape_entry;
1053 struct in6_addrpolicy ape_policy;
1054 };
1055
1056 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1057
1058 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
1059 #define V_addrsel_policytab VNET(addrsel_policytab)
1060
1061 static void
1062 init_policy_queue(void)
1063 {
1064
1065 TAILQ_INIT(&V_addrsel_policytab);
1066 }
1067
1068 static int
1069 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1070 {
1071 struct addrsel_policyent *new, *pol;
1072
1073 new = malloc(sizeof(*new), M_IFADDR,
1074 M_WAITOK);
1075 ADDRSEL_XLOCK();
1076 ADDRSEL_LOCK();
1077
1078 /* duplication check */
1079 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1080 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1081 &pol->ape_policy.addr.sin6_addr) &&
1082 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1083 &pol->ape_policy.addrmask.sin6_addr)) {
1084 ADDRSEL_UNLOCK();
1085 ADDRSEL_XUNLOCK();
1086 free(new, M_IFADDR);
1087 return (EEXIST); /* or override it? */
1088 }
1089 }
1090
1091 bzero(new, sizeof(*new));
1092
1093 /* XXX: should validate entry */
1094 new->ape_policy = *newpolicy;
1095
1096 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1097 ADDRSEL_UNLOCK();
1098 ADDRSEL_XUNLOCK();
1099
1100 return (0);
1101 }
1102
1103 static int
1104 delete_addrsel_policyent(struct in6_addrpolicy *key)
1105 {
1106 struct addrsel_policyent *pol;
1107
1108 ADDRSEL_XLOCK();
1109 ADDRSEL_LOCK();
1110
1111 /* search for the entry in the table */
1112 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1113 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1114 &pol->ape_policy.addr.sin6_addr) &&
1115 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1116 &pol->ape_policy.addrmask.sin6_addr)) {
1117 break;
1118 }
1119 }
1120 if (pol == NULL) {
1121 ADDRSEL_UNLOCK();
1122 ADDRSEL_XUNLOCK();
1123 return (ESRCH);
1124 }
1125
1126 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1127 ADDRSEL_UNLOCK();
1128 ADDRSEL_XUNLOCK();
1129 free(pol, M_IFADDR);
1130
1131 return (0);
1132 }
1133
1134 static int
1135 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
1136 {
1137 struct addrsel_policyent *pol;
1138 int error = 0;
1139
1140 ADDRSEL_SLOCK();
1141 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1142 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1143 ADDRSEL_SUNLOCK();
1144 return (error);
1145 }
1146 }
1147 ADDRSEL_SUNLOCK();
1148 return (error);
1149 }
1150
1151 static int
1152 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1153 {
1154 int error = 0;
1155 struct walkarg *w = arg;
1156
1157 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1158
1159 return (error);
1160 }
1161
1162 static struct in6_addrpolicy *
1163 match_addrsel_policy(struct sockaddr_in6 *key)
1164 {
1165 struct addrsel_policyent *pent;
1166 struct in6_addrpolicy *bestpol = NULL, *pol;
1167 int matchlen, bestmatchlen = -1;
1168 u_char *mp, *ep, *k, *p, m;
1169
1170 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1171 matchlen = 0;
1172
1173 pol = &pent->ape_policy;
1174 mp = (u_char *)&pol->addrmask.sin6_addr;
1175 ep = mp + 16; /* XXX: scope field? */
1176 k = (u_char *)&key->sin6_addr;
1177 p = (u_char *)&pol->addr.sin6_addr;
1178 for (; mp < ep && *mp; mp++, k++, p++) {
1179 m = *mp;
1180 if ((*k & m) != *p)
1181 goto next; /* not match */
1182 if (m == 0xff) /* short cut for a typical case */
1183 matchlen += 8;
1184 else {
1185 while (m >= 0x80) {
1186 matchlen++;
1187 m <<= 1;
1188 }
1189 }
1190 }
1191
1192 /* matched. check if this is better than the current best. */
1193 if (bestpol == NULL ||
1194 matchlen > bestmatchlen) {
1195 bestpol = pol;
1196 bestmatchlen = matchlen;
1197 }
1198
1199 next:
1200 continue;
1201 }
1202
1203 return (bestpol);
1204 }
Cache object: 01705e724e280b4d9959d4f49742bb33
|