Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_src.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 69 #include <sys/param.h> 70 #include <sys/systm.h> 71 #include <sys/lock.h> 72 #include <sys/malloc.h> 73 #include <sys/mbuf.h> 74 #include <sys/priv.h> 75 #include <sys/protosw.h> 76 #include <sys/socket.h> 77 #include <sys/socketvar.h> 78 #include <sys/sockio.h> 79 #include <sys/sysctl.h> 80 #include <sys/errno.h> 81 #include <sys/time.h> 82 #include <sys/kernel.h> 83 #include <sys/sx.h> 84 85 #include <net/if.h> 86 #include <net/route.h> 87 88 #include <netinet/in.h> 89 #include <netinet/in_var.h> 90 #include <netinet/in_systm.h> 91 #include <netinet/ip.h> 92 #include <netinet/in_pcb.h> 93 #include <netinet6/in6_var.h> 94 #include <netinet/ip6.h> 95 #include <netinet6/in6_pcb.h> 96 #include <netinet6/ip6_var.h> 97 #include <netinet6/scope6_var.h> 98 #include <netinet6/nd6.h> 99 100 static struct mtx addrsel_lock; 101 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 102 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 103 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 104 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 105 106 static struct sx addrsel_sxlock; 107 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 108 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 109 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 110 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 111 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 112 113 #define ADDR_LABEL_NOTAPP (-1) 114 struct in6_addrpolicy defaultaddrpolicy; 115 116 int ip6_prefer_tempaddr = 0; 117 118 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 119 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 120 struct rtentry **, int, int)); 121 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 122 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 123 124 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 125 126 static void init_policy_queue(void); 127 static int add_addrsel_policyent(struct in6_addrpolicy *); 128 static int delete_addrsel_policyent(struct in6_addrpolicy *); 129 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 130 void *)); 131 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 132 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 133 134 /* 135 * Return an IPv6 address, which is the most appropriate for a given 136 * destination and user specified options. 137 * If necessary, this function lookups the routing table and returns 138 * an entry to the caller for later use. 139 */ 140 #define REPLACE(r) do {\ 141 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \ 142 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 143 ip6stat.ip6s_sources_rule[(r)]++; \ 144 /* { \ 145 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 146 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 147 } */ \ 148 goto replace; \ 149 } while(0) 150 #define NEXT(r) do {\ 151 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \ 152 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 153 ip6stat.ip6s_sources_rule[(r)]++; \ 154 /* { \ 155 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 156 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 157 } */ \ 158 goto next; /* XXX: we can't use 'continue' here */ \ 159 } while(0) 160 #define BREAK(r) do { \ 161 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \ 162 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 163 ip6stat.ip6s_sources_rule[(r)]++; \ 164 goto out; /* XXX: we can't use 'break' here */ \ 165 } while(0) 166 167 struct in6_addr * 168 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 169 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 170 struct ifnet **ifpp, int *errorp) 171 { 172 struct in6_addr dst; 173 struct ifnet *ifp = NULL; 174 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 175 struct in6_pktinfo *pi = NULL; 176 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 177 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 178 u_int32_t odstzone; 179 int prefer_tempaddr; 180 struct ip6_moptions *mopts; 181 182 dst = dstsock->sin6_addr; /* make a copy for local operation */ 183 *errorp = 0; 184 if (ifpp) 185 *ifpp = NULL; 186 187 if (inp != NULL) { 188 INP_LOCK_ASSERT(inp); 189 mopts = inp->in6p_moptions; 190 } else { 191 mopts = NULL; 192 } 193 194 /* 195 * If the source address is explicitly specified by the caller, 196 * check if the requested source address is indeed a unicast address 197 * assigned to the node, and can be used as the packet's source 198 * address. If everything is okay, use the address as source. 199 */ 200 if (opts && (pi = opts->ip6po_pktinfo) && 201 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 202 struct sockaddr_in6 srcsock; 203 struct in6_ifaddr *ia6; 204 205 /* get the outgoing interface */ 206 if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp)) 207 != 0) { 208 return (NULL); 209 } 210 211 /* 212 * determine the appropriate zone id of the source based on 213 * the zone of the destination and the outgoing interface. 214 * If the specified address is ambiguous wrt the scope zone, 215 * the interface must be specified; otherwise, ifa_ifwithaddr() 216 * will fail matching the address. 217 */ 218 bzero(&srcsock, sizeof(srcsock)); 219 srcsock.sin6_family = AF_INET6; 220 srcsock.sin6_len = sizeof(srcsock); 221 srcsock.sin6_addr = pi->ipi6_addr; 222 if (ifp) { 223 *errorp = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 224 if (*errorp != 0) 225 return (NULL); 226 } 227 228 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr((struct sockaddr *)(&srcsock)); 229 if (ia6 == NULL || 230 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 231 *errorp = EADDRNOTAVAIL; 232 return (NULL); 233 } 234 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 235 if (ifpp) 236 *ifpp = ifp; 237 return (&ia6->ia_addr.sin6_addr); 238 } 239 240 /* 241 * Otherwise, if the socket has already bound the source, just use it. 242 */ 243 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 244 return (&inp->in6p_laddr); 245 } 246 247 /* 248 * If the address is not specified, choose the best one based on 249 * the outgoing interface and the destination address. 250 */ 251 /* get the outgoing interface */ 252 if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 253 return (NULL); 254 255 #ifdef DIAGNOSTIC 256 if (ifp == NULL) /* this should not happen */ 257 panic("in6_selectsrc: NULL ifp"); 258 #endif 259 *errorp = in6_setscope(&dst, ifp, &odstzone); 260 if (*errorp != 0) 261 return (NULL); 262 263 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 264 int new_scope = -1, new_matchlen = -1; 265 struct in6_addrpolicy *new_policy = NULL; 266 u_int32_t srczone, osrczone, dstzone; 267 struct in6_addr src; 268 struct ifnet *ifp1 = ia->ia_ifp; 269 270 /* 271 * We'll never take an address that breaks the scope zone 272 * of the destination. We also skip an address if its zone 273 * does not contain the outgoing interface. 274 * XXX: we should probably use sin6_scope_id here. 275 */ 276 if (in6_setscope(&dst, ifp1, &dstzone) || 277 odstzone != dstzone) { 278 continue; 279 } 280 src = ia->ia_addr.sin6_addr; 281 if (in6_setscope(&src, ifp, &osrczone) || 282 in6_setscope(&src, ifp1, &srczone) || 283 osrczone != srczone) { 284 continue; 285 } 286 287 /* avoid unusable addresses */ 288 if ((ia->ia6_flags & 289 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 290 continue; 291 } 292 if (!ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 293 continue; 294 295 /* Rule 1: Prefer same address */ 296 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 297 ia_best = ia; 298 BREAK(1); /* there should be no better candidate */ 299 } 300 301 if (ia_best == NULL) 302 REPLACE(0); 303 304 /* Rule 2: Prefer appropriate scope */ 305 if (dst_scope < 0) 306 dst_scope = in6_addrscope(&dst); 307 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 308 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 309 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 310 REPLACE(2); 311 NEXT(2); 312 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 313 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 314 NEXT(2); 315 REPLACE(2); 316 } 317 318 /* 319 * Rule 3: Avoid deprecated addresses. Note that the case of 320 * !ip6_use_deprecated is already rejected above. 321 */ 322 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 323 NEXT(3); 324 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 325 REPLACE(3); 326 327 /* Rule 4: Prefer home addresses */ 328 /* 329 * XXX: This is a TODO. We should probably merge the MIP6 330 * case above. 331 */ 332 333 /* Rule 5: Prefer outgoing interface */ 334 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 335 NEXT(5); 336 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 337 REPLACE(5); 338 339 /* 340 * Rule 6: Prefer matching label 341 * Note that best_policy should be non-NULL here. 342 */ 343 if (dst_policy == NULL) 344 dst_policy = lookup_addrsel_policy(dstsock); 345 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 346 new_policy = lookup_addrsel_policy(&ia->ia_addr); 347 if (dst_policy->label == best_policy->label && 348 dst_policy->label != new_policy->label) 349 NEXT(6); 350 if (dst_policy->label != best_policy->label && 351 dst_policy->label == new_policy->label) 352 REPLACE(6); 353 } 354 355 /* 356 * Rule 7: Prefer public addresses. 357 * We allow users to reverse the logic by configuring 358 * a sysctl variable, so that privacy conscious users can 359 * always prefer temporary addresses. 360 */ 361 if (opts == NULL || 362 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 363 prefer_tempaddr = ip6_prefer_tempaddr; 364 } else if (opts->ip6po_prefer_tempaddr == 365 IP6PO_TEMPADDR_NOTPREFER) { 366 prefer_tempaddr = 0; 367 } else 368 prefer_tempaddr = 1; 369 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 370 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 371 if (prefer_tempaddr) 372 REPLACE(7); 373 else 374 NEXT(7); 375 } 376 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 377 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 378 if (prefer_tempaddr) 379 NEXT(7); 380 else 381 REPLACE(7); 382 } 383 384 /* 385 * Rule 8: prefer addresses on alive interfaces. 386 * This is a KAME specific rule. 387 */ 388 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 389 !(ia->ia_ifp->if_flags & IFF_UP)) 390 NEXT(8); 391 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 392 (ia->ia_ifp->if_flags & IFF_UP)) 393 REPLACE(8); 394 395 /* 396 * Rule 14: Use longest matching prefix. 397 * Note: in the address selection draft, this rule is 398 * documented as "Rule 8". However, since it is also 399 * documented that this rule can be overridden, we assign 400 * a large number so that it is easy to assign smaller numbers 401 * to more preferred rules. 402 */ 403 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 404 if (best_matchlen < new_matchlen) 405 REPLACE(14); 406 if (new_matchlen < best_matchlen) 407 NEXT(14); 408 409 /* Rule 15 is reserved. */ 410 411 /* 412 * Last resort: just keep the current candidate. 413 * Or, do we need more rules? 414 */ 415 continue; 416 417 replace: 418 ia_best = ia; 419 best_scope = (new_scope >= 0 ? new_scope : 420 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 421 best_policy = (new_policy ? new_policy : 422 lookup_addrsel_policy(&ia_best->ia_addr)); 423 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 424 in6_matchlen(&ia_best->ia_addr.sin6_addr, 425 &dst)); 426 427 next: 428 continue; 429 430 out: 431 break; 432 } 433 434 if ((ia = ia_best) == NULL) { 435 *errorp = EADDRNOTAVAIL; 436 return (NULL); 437 } 438 439 if (ifpp) 440 *ifpp = ifp; 441 442 return (&ia->ia_addr.sin6_addr); 443 } 444 445 /* 446 * clone - meaningful only for bsdi and freebsd 447 */ 448 static int 449 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 450 struct ip6_moptions *mopts, struct route_in6 *ro, 451 struct ifnet **retifp, struct rtentry **retrt, int clone, 452 int norouteok) 453 { 454 int error = 0; 455 struct ifnet *ifp = NULL; 456 struct rtentry *rt = NULL; 457 struct sockaddr_in6 *sin6_next; 458 struct in6_pktinfo *pi = NULL; 459 struct in6_addr *dst = &dstsock->sin6_addr; 460 #if 0 461 char ip6buf[INET6_ADDRSTRLEN]; 462 463 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 464 dstsock->sin6_addr.s6_addr32[1] == 0 && 465 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 466 printf("in6_selectroute: strange destination %s\n", 467 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 468 } else { 469 printf("in6_selectroute: destination = %s%%%d\n", 470 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 471 dstsock->sin6_scope_id); /* for debug */ 472 } 473 #endif 474 475 /* If the caller specify the outgoing interface explicitly, use it. */ 476 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 477 /* XXX boundary check is assumed to be already done. */ 478 ifp = ifnet_byindex(pi->ipi6_ifindex); 479 if (ifp != NULL && 480 (norouteok || retrt == NULL || 481 IN6_IS_ADDR_MULTICAST(dst))) { 482 /* 483 * we do not have to check or get the route for 484 * multicast. 485 */ 486 goto done; 487 } else 488 goto getroute; 489 } 490 491 /* 492 * If the destination address is a multicast address and the outgoing 493 * interface for the address is specified by the caller, use it. 494 */ 495 if (IN6_IS_ADDR_MULTICAST(dst) && 496 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 497 goto done; /* we do not need a route for multicast. */ 498 } 499 500 getroute: 501 /* 502 * If the next hop address for the packet is specified by the caller, 503 * use it as the gateway. 504 */ 505 if (opts && opts->ip6po_nexthop) { 506 struct route_in6 *ron; 507 508 sin6_next = satosin6(opts->ip6po_nexthop); 509 510 /* at this moment, we only support AF_INET6 next hops */ 511 if (sin6_next->sin6_family != AF_INET6) { 512 error = EAFNOSUPPORT; /* or should we proceed? */ 513 goto done; 514 } 515 516 /* 517 * If the next hop is an IPv6 address, then the node identified 518 * by that address must be a neighbor of the sending host. 519 */ 520 ron = &opts->ip6po_nextroute; 521 if ((ron->ro_rt && 522 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 523 (RTF_UP | RTF_LLINFO)) || 524 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 525 &sin6_next->sin6_addr)) { 526 if (ron->ro_rt) { 527 RTFREE(ron->ro_rt); 528 ron->ro_rt = NULL; 529 } 530 *satosin6(&ron->ro_dst) = *sin6_next; 531 } 532 if (ron->ro_rt == NULL) { 533 rtalloc((struct route *)ron); /* multi path case? */ 534 if (ron->ro_rt == NULL || 535 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 536 if (ron->ro_rt) { 537 RTFREE(ron->ro_rt); 538 ron->ro_rt = NULL; 539 } 540 error = EHOSTUNREACH; 541 goto done; 542 } 543 } 544 rt = ron->ro_rt; 545 ifp = rt->rt_ifp; 546 547 /* 548 * When cloning is required, try to allocate a route to the 549 * destination so that the caller can store path MTU 550 * information. 551 */ 552 if (!clone) 553 goto done; 554 } 555 556 /* 557 * Use a cached route if it exists and is valid, else try to allocate 558 * a new one. Note that we should check the address family of the 559 * cached destination, in case of sharing the cache with IPv4. 560 */ 561 if (ro) { 562 if (ro->ro_rt && 563 (!(ro->ro_rt->rt_flags & RTF_UP) || 564 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 565 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 566 dst))) { 567 RTFREE(ro->ro_rt); 568 ro->ro_rt = (struct rtentry *)NULL; 569 } 570 if (ro->ro_rt == (struct rtentry *)NULL) { 571 struct sockaddr_in6 *sa6; 572 573 /* No route yet, so try to acquire one */ 574 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 575 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 576 *sa6 = *dstsock; 577 sa6->sin6_scope_id = 0; 578 579 if (clone) { 580 rtalloc((struct route *)ro); 581 } else { 582 ro->ro_rt = rtalloc1(&((struct route *)ro) 583 ->ro_dst, 0, 0UL); 584 if (ro->ro_rt) 585 RT_UNLOCK(ro->ro_rt); 586 } 587 } 588 589 /* 590 * do not care about the result if we have the nexthop 591 * explicitly specified. 592 */ 593 if (opts && opts->ip6po_nexthop) 594 goto done; 595 596 if (ro->ro_rt) { 597 ifp = ro->ro_rt->rt_ifp; 598 599 if (ifp == NULL) { /* can this really happen? */ 600 RTFREE(ro->ro_rt); 601 ro->ro_rt = NULL; 602 } 603 } 604 if (ro->ro_rt == NULL) 605 error = EHOSTUNREACH; 606 rt = ro->ro_rt; 607 608 /* 609 * Check if the outgoing interface conflicts with 610 * the interface specified by ipi6_ifindex (if specified). 611 * Note that loopback interface is always okay. 612 * (this may happen when we are sending a packet to one of 613 * our own addresses.) 614 */ 615 if (ifp && opts && opts->ip6po_pktinfo && 616 opts->ip6po_pktinfo->ipi6_ifindex) { 617 if (!(ifp->if_flags & IFF_LOOPBACK) && 618 ifp->if_index != 619 opts->ip6po_pktinfo->ipi6_ifindex) { 620 error = EHOSTUNREACH; 621 goto done; 622 } 623 } 624 } 625 626 done: 627 if (ifp == NULL && rt == NULL) { 628 /* 629 * This can happen if the caller did not pass a cached route 630 * nor any other hints. We treat this case an error. 631 */ 632 error = EHOSTUNREACH; 633 } 634 if (error == EHOSTUNREACH) 635 ip6stat.ip6s_noroute++; 636 637 if (retifp != NULL) 638 *retifp = ifp; 639 if (retrt != NULL) 640 *retrt = rt; /* rt may be NULL */ 641 642 return (error); 643 } 644 645 static int 646 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 647 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 648 { 649 int error; 650 struct route_in6 sro; 651 struct rtentry *rt = NULL; 652 653 if (ro == NULL) { 654 bzero(&sro, sizeof(sro)); 655 ro = &sro; 656 } 657 658 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 659 &rt, 0, 1)) != 0) { 660 if (ro == &sro && rt && rt == sro.ro_rt) 661 RTFREE(rt); 662 return (error); 663 } 664 665 /* 666 * do not use a rejected or black hole route. 667 * XXX: this check should be done in the L2 output routine. 668 * However, if we skipped this check here, we'd see the following 669 * scenario: 670 * - install a rejected route for a scoped address prefix 671 * (like fe80::/10) 672 * - send a packet to a destination that matches the scoped prefix, 673 * with ambiguity about the scope zone. 674 * - pick the outgoing interface from the route, and disambiguate the 675 * scope zone with the interface. 676 * - ip6_output() would try to get another route with the "new" 677 * destination, which may be valid. 678 * - we'd see no error on output. 679 * Although this may not be very harmful, it should still be confusing. 680 * We thus reject the case here. 681 */ 682 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 683 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 684 685 if (ro == &sro && rt && rt == sro.ro_rt) 686 RTFREE(rt); 687 return (flags); 688 } 689 690 /* 691 * Adjust the "outgoing" interface. If we're going to loop the packet 692 * back to ourselves, the ifp would be the loopback interface. 693 * However, we'd rather know the interface associated to the 694 * destination address (which should probably be one of our own 695 * addresses.) 696 */ 697 if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp) 698 *retifp = rt->rt_ifa->ifa_ifp; 699 700 if (ro == &sro && rt && rt == sro.ro_rt) 701 RTFREE(rt); 702 return (0); 703 } 704 705 /* 706 * clone - meaningful only for bsdi and freebsd 707 */ 708 int 709 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 710 struct ip6_moptions *mopts, struct route_in6 *ro, 711 struct ifnet **retifp, struct rtentry **retrt, int clone) 712 { 713 714 return (selectroute(dstsock, opts, mopts, ro, retifp, 715 retrt, clone, 0)); 716 } 717 718 /* 719 * Default hop limit selection. The precedence is as follows: 720 * 1. Hoplimit value specified via ioctl. 721 * 2. (If the outgoing interface is detected) the current 722 * hop limit of the interface specified by router advertisement. 723 * 3. The system default hoplimit. 724 */ 725 int 726 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp) 727 { 728 729 if (in6p && in6p->in6p_hops >= 0) 730 return (in6p->in6p_hops); 731 else if (ifp) 732 return (ND_IFINFO(ifp)->chlim); 733 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 734 struct route_in6 ro6; 735 struct ifnet *lifp; 736 737 bzero(&ro6, sizeof(ro6)); 738 ro6.ro_dst.sin6_family = AF_INET6; 739 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 740 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 741 rtalloc((struct route *)&ro6); 742 if (ro6.ro_rt) { 743 lifp = ro6.ro_rt->rt_ifp; 744 RTFREE(ro6.ro_rt); 745 if (lifp) 746 return (ND_IFINFO(lifp)->chlim); 747 } else 748 return (ip6_defhlim); 749 } 750 return (ip6_defhlim); 751 } 752 753 /* 754 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 755 * share this function by all *bsd*... 756 */ 757 int 758 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 759 { 760 struct socket *so = inp->inp_socket; 761 u_int16_t lport = 0, first, last, *lastport; 762 int count, error = 0, wild = 0; 763 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 764 765 INP_INFO_WLOCK_ASSERT(pcbinfo); 766 INP_WLOCK_ASSERT(inp); 767 768 /* XXX: this is redundant when called from in6_pcbbind */ 769 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 770 wild = INPLOOKUP_WILDCARD; 771 772 inp->inp_flags |= INP_ANONPORT; 773 774 if (inp->inp_flags & INP_HIGHPORT) { 775 first = ipport_hifirstauto; /* sysctl */ 776 last = ipport_hilastauto; 777 lastport = &pcbinfo->ipi_lasthi; 778 } else if (inp->inp_flags & INP_LOWPORT) { 779 error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); 780 if (error) 781 return error; 782 first = ipport_lowfirstauto; /* 1023 */ 783 last = ipport_lowlastauto; /* 600 */ 784 lastport = &pcbinfo->ipi_lastlow; 785 } else { 786 first = ipport_firstauto; /* sysctl */ 787 last = ipport_lastauto; 788 lastport = &pcbinfo->ipi_lastport; 789 } 790 /* 791 * Simple check to ensure all ports are not used up causing 792 * a deadlock here. 793 * 794 * We split the two cases (up and down) so that the direction 795 * is not being tested on each round of the loop. 796 */ 797 if (first > last) { 798 /* 799 * counting down 800 */ 801 count = first - last; 802 803 do { 804 if (count-- < 0) { /* completely used? */ 805 /* 806 * Undo any address bind that may have 807 * occurred above. 808 */ 809 inp->in6p_laddr = in6addr_any; 810 return (EAGAIN); 811 } 812 --*lastport; 813 if (*lastport > first || *lastport < last) 814 *lastport = first; 815 lport = htons(*lastport); 816 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 817 lport, wild, cred)); 818 } else { 819 /* 820 * counting up 821 */ 822 count = last - first; 823 824 do { 825 if (count-- < 0) { /* completely used? */ 826 /* 827 * Undo any address bind that may have 828 * occurred above. 829 */ 830 inp->in6p_laddr = in6addr_any; 831 return (EAGAIN); 832 } 833 ++*lastport; 834 if (*lastport < first || *lastport > last) 835 *lastport = first; 836 lport = htons(*lastport); 837 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 838 lport, wild, cred)); 839 } 840 841 inp->inp_lport = lport; 842 if (in_pcbinshash(inp) != 0) { 843 inp->in6p_laddr = in6addr_any; 844 inp->inp_lport = 0; 845 return (EAGAIN); 846 } 847 848 return (0); 849 } 850 851 void 852 addrsel_policy_init(void) 853 { 854 ADDRSEL_LOCK_INIT(); 855 ADDRSEL_SXLOCK_INIT(); 856 857 init_policy_queue(); 858 859 /* initialize the "last resort" policy */ 860 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy)); 861 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 862 } 863 864 static struct in6_addrpolicy * 865 lookup_addrsel_policy(struct sockaddr_in6 *key) 866 { 867 struct in6_addrpolicy *match = NULL; 868 869 ADDRSEL_LOCK(); 870 match = match_addrsel_policy(key); 871 872 if (match == NULL) 873 match = &defaultaddrpolicy; 874 else 875 match->use++; 876 ADDRSEL_UNLOCK(); 877 878 return (match); 879 } 880 881 /* 882 * Subroutines to manage the address selection policy table via sysctl. 883 */ 884 struct walkarg { 885 struct sysctl_req *w_req; 886 }; 887 888 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 889 SYSCTL_DECL(_net_inet6_ip6); 890 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 891 CTLFLAG_RD, in6_src_sysctl, ""); 892 893 static int 894 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 895 { 896 struct walkarg w; 897 898 if (req->newptr) 899 return EPERM; 900 901 bzero(&w, sizeof(w)); 902 w.w_req = req; 903 904 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 905 } 906 907 int 908 in6_src_ioctl(u_long cmd, caddr_t data) 909 { 910 int i; 911 struct in6_addrpolicy ent0; 912 913 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 914 return (EOPNOTSUPP); /* check for safety */ 915 916 ent0 = *(struct in6_addrpolicy *)data; 917 918 if (ent0.label == ADDR_LABEL_NOTAPP) 919 return (EINVAL); 920 /* check if the prefix mask is consecutive. */ 921 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 922 return (EINVAL); 923 /* clear trailing garbages (if any) of the prefix address. */ 924 for (i = 0; i < 4; i++) { 925 ent0.addr.sin6_addr.s6_addr32[i] &= 926 ent0.addrmask.sin6_addr.s6_addr32[i]; 927 } 928 ent0.use = 0; 929 930 switch (cmd) { 931 case SIOCAADDRCTL_POLICY: 932 return (add_addrsel_policyent(&ent0)); 933 case SIOCDADDRCTL_POLICY: 934 return (delete_addrsel_policyent(&ent0)); 935 } 936 937 return (0); /* XXX: compromise compilers */ 938 } 939 940 /* 941 * The followings are implementation of the policy table using a 942 * simple tail queue. 943 * XXX such details should be hidden. 944 * XXX implementation using binary tree should be more efficient. 945 */ 946 struct addrsel_policyent { 947 TAILQ_ENTRY(addrsel_policyent) ape_entry; 948 struct in6_addrpolicy ape_policy; 949 }; 950 951 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 952 953 struct addrsel_policyhead addrsel_policytab; 954 955 static void 956 init_policy_queue(void) 957 { 958 959 TAILQ_INIT(&addrsel_policytab); 960 } 961 962 static int 963 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 964 { 965 struct addrsel_policyent *new, *pol; 966 967 MALLOC(new, struct addrsel_policyent *, sizeof(*new), M_IFADDR, 968 M_WAITOK); 969 ADDRSEL_XLOCK(); 970 ADDRSEL_LOCK(); 971 972 /* duplication check */ 973 TAILQ_FOREACH(pol, &addrsel_policytab, ape_entry) { 974 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 975 &pol->ape_policy.addr.sin6_addr) && 976 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 977 &pol->ape_policy.addrmask.sin6_addr)) { 978 ADDRSEL_UNLOCK(); 979 ADDRSEL_XUNLOCK(); 980 FREE(new, M_IFADDR); 981 return (EEXIST); /* or override it? */ 982 } 983 } 984 985 bzero(new, sizeof(*new)); 986 987 /* XXX: should validate entry */ 988 new->ape_policy = *newpolicy; 989 990 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry); 991 ADDRSEL_UNLOCK(); 992 ADDRSEL_XUNLOCK(); 993 994 return (0); 995 } 996 997 static int 998 delete_addrsel_policyent(struct in6_addrpolicy *key) 999 { 1000 struct addrsel_policyent *pol; 1001 1002 ADDRSEL_XLOCK(); 1003 ADDRSEL_LOCK(); 1004 1005 /* search for the entry in the table */ 1006 TAILQ_FOREACH(pol, &addrsel_policytab, ape_entry) { 1007 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1008 &pol->ape_policy.addr.sin6_addr) && 1009 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1010 &pol->ape_policy.addrmask.sin6_addr)) { 1011 break; 1012 } 1013 } 1014 if (pol == NULL) { 1015 ADDRSEL_UNLOCK(); 1016 ADDRSEL_XUNLOCK(); 1017 return (ESRCH); 1018 } 1019 1020 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry); 1021 ADDRSEL_UNLOCK(); 1022 ADDRSEL_XUNLOCK(); 1023 1024 return (0); 1025 } 1026 1027 static int 1028 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1029 void *w) 1030 { 1031 struct addrsel_policyent *pol; 1032 int error = 0; 1033 1034 ADDRSEL_SLOCK(); 1035 TAILQ_FOREACH(pol, &addrsel_policytab, ape_entry) { 1036 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1037 ADDRSEL_SUNLOCK(); 1038 return (error); 1039 } 1040 } 1041 ADDRSEL_SUNLOCK(); 1042 return (error); 1043 } 1044 1045 static int 1046 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1047 { 1048 int error = 0; 1049 struct walkarg *w = arg; 1050 1051 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1052 1053 return (error); 1054 } 1055 1056 static struct in6_addrpolicy * 1057 match_addrsel_policy(struct sockaddr_in6 *key) 1058 { 1059 struct addrsel_policyent *pent; 1060 struct in6_addrpolicy *bestpol = NULL, *pol; 1061 int matchlen, bestmatchlen = -1; 1062 u_char *mp, *ep, *k, *p, m; 1063 1064 TAILQ_FOREACH(pent, &addrsel_policytab, ape_entry) { 1065 matchlen = 0; 1066 1067 pol = &pent->ape_policy; 1068 mp = (u_char *)&pol->addrmask.sin6_addr; 1069 ep = mp + 16; /* XXX: scope field? */ 1070 k = (u_char *)&key->sin6_addr; 1071 p = (u_char *)&pol->addr.sin6_addr; 1072 for (; mp < ep && *mp; mp++, k++, p++) { 1073 m = *mp; 1074 if ((*k & m) != *p) 1075 goto next; /* not match */ 1076 if (m == 0xff) /* short cut for a typical case */ 1077 matchlen += 8; 1078 else { 1079 while (m >= 0x80) { 1080 matchlen++; 1081 m <<= 1; 1082 } 1083 } 1084 } 1085 1086 /* matched. check if this is better than the current best. */ 1087 if (bestpol == NULL || 1088 matchlen > bestmatchlen) { 1089 bestpol = pol; 1090 bestmatchlen = matchlen; 1091 } 1092 1093 next: 1094 continue; 1095 } 1096 1097 return (bestpol); 1098 }
Cache object: aba686ca1a7904bb61d8da89666c44b4
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]