The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_src.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  * 3. Neither the name of the project nor the names of its contributors
   14  *    may be used to endorse or promote products derived from this software
   15  *    without specific prior written permission.
   16  *
   17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   27  * SUCH DAMAGE.
   28  *
   29  *      $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
   30  */
   31 
   32 /*-
   33  * Copyright (c) 1982, 1986, 1991, 1993
   34  *      The Regents of the University of California.  All rights reserved.
   35  *
   36  * Redistribution and use in source and binary forms, with or without
   37  * modification, are permitted provided that the following conditions
   38  * are met:
   39  * 1. Redistributions of source code must retain the above copyright
   40  *    notice, this list of conditions and the following disclaimer.
   41  * 2. Redistributions in binary form must reproduce the above copyright
   42  *    notice, this list of conditions and the following disclaimer in the
   43  *    documentation and/or other materials provided with the distribution.
   44  * 4. Neither the name of the University nor the names of its contributors
   45  *    may be used to endorse or promote products derived from this software
   46  *    without specific prior written permission.
   47  *
   48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   58  * SUCH DAMAGE.
   59  *
   60  *      @(#)in_pcb.c    8.2 (Berkeley) 1/4/94
   61  */
   62 
   63 #include <sys/cdefs.h>
   64 __FBSDID("$FreeBSD: releng/8.3/sys/netinet6/in6_src.c 220813 2011-04-19 07:23:16Z bz $");
   65 
   66 #include "opt_inet.h"
   67 #include "opt_inet6.h"
   68 #include "opt_mpath.h"
   69 
   70 #include <sys/param.h>
   71 #include <sys/systm.h>
   72 #include <sys/lock.h>
   73 #include <sys/malloc.h>
   74 #include <sys/mbuf.h>
   75 #include <sys/priv.h>
   76 #include <sys/protosw.h>
   77 #include <sys/socket.h>
   78 #include <sys/socketvar.h>
   79 #include <sys/sockio.h>
   80 #include <sys/sysctl.h>
   81 #include <sys/errno.h>
   82 #include <sys/time.h>
   83 #include <sys/jail.h>
   84 #include <sys/kernel.h>
   85 #include <sys/sx.h>
   86 
   87 #include <net/if.h>
   88 #include <net/if_dl.h>
   89 #include <net/route.h>
   90 #include <net/if_llatbl.h>
   91 #ifdef RADIX_MPATH
   92 #include <net/radix_mpath.h>
   93 #endif
   94 
   95 #include <netinet/in.h>
   96 #include <netinet/in_var.h>
   97 #include <netinet/in_systm.h>
   98 #include <netinet/ip.h>
   99 #include <netinet/in_pcb.h>
  100 #include <netinet/ip_var.h>
  101 #include <netinet/udp.h>
  102 #include <netinet/udp_var.h>
  103 
  104 #include <netinet6/in6_var.h>
  105 #include <netinet/ip6.h>
  106 #include <netinet6/in6_pcb.h>
  107 #include <netinet6/ip6_var.h>
  108 #include <netinet6/scope6_var.h>
  109 #include <netinet6/nd6.h>
  110 
  111 static struct mtx addrsel_lock;
  112 #define ADDRSEL_LOCK_INIT()     mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
  113 #define ADDRSEL_LOCK()          mtx_lock(&addrsel_lock)
  114 #define ADDRSEL_UNLOCK()        mtx_unlock(&addrsel_lock)
  115 #define ADDRSEL_LOCK_ASSERT()   mtx_assert(&addrsel_lock, MA_OWNED)
  116 
  117 static struct sx addrsel_sxlock;
  118 #define ADDRSEL_SXLOCK_INIT()   sx_init(&addrsel_sxlock, "addrsel_sxlock")
  119 #define ADDRSEL_SLOCK()         sx_slock(&addrsel_sxlock)
  120 #define ADDRSEL_SUNLOCK()       sx_sunlock(&addrsel_sxlock)
  121 #define ADDRSEL_XLOCK()         sx_xlock(&addrsel_sxlock)
  122 #define ADDRSEL_XUNLOCK()       sx_xunlock(&addrsel_sxlock)
  123 
  124 #define ADDR_LABEL_NOTAPP (-1)
  125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
  126 #define V_defaultaddrpolicy             VNET(defaultaddrpolicy)
  127 
  128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
  129 
  130 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *,
  131         struct ip6_moptions *, struct route_in6 *, struct ifnet **,
  132         struct rtentry **, int));
  133 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *,
  134         struct ip6_moptions *, struct route_in6 *ro, struct ifnet **));
  135 
  136 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
  137 
  138 static void init_policy_queue(void);
  139 static int add_addrsel_policyent(struct in6_addrpolicy *);
  140 static int delete_addrsel_policyent(struct in6_addrpolicy *);
  141 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *),
  142                                     void *));
  143 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
  144 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
  145 
  146 /*
  147  * Return an IPv6 address, which is the most appropriate for a given
  148  * destination and user specified options.
  149  * If necessary, this function lookups the routing table and returns
  150  * an entry to the caller for later use.
  151  */
  152 #define REPLACE(r) do {\
  153         if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
  154                 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
  155                 V_ip6stat.ip6s_sources_rule[(r)]++; \
  156         /* { \
  157         char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
  158         printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
  159         } */ \
  160         goto replace; \
  161 } while(0)
  162 #define NEXT(r) do {\
  163         if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
  164                 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
  165                 V_ip6stat.ip6s_sources_rule[(r)]++; \
  166         /* { \
  167         char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
  168         printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
  169         } */ \
  170         goto next;              /* XXX: we can't use 'continue' here */ \
  171 } while(0)
  172 #define BREAK(r) do { \
  173         if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
  174                 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
  175                 V_ip6stat.ip6s_sources_rule[(r)]++; \
  176         goto out;               /* XXX: we can't use 'break' here */ \
  177 } while(0)
  178 
  179 int
  180 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  181     struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
  182     struct ifnet **ifpp, struct in6_addr *srcp)
  183 {
  184         struct in6_addr dst, tmp;
  185         struct ifnet *ifp = NULL;
  186         struct in6_ifaddr *ia = NULL, *ia_best = NULL;
  187         struct in6_pktinfo *pi = NULL;
  188         int dst_scope = -1, best_scope = -1, best_matchlen = -1;
  189         struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
  190         u_int32_t odstzone;
  191         int prefer_tempaddr;
  192         int error;
  193         struct ip6_moptions *mopts;
  194 
  195         KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
  196 
  197         dst = dstsock->sin6_addr; /* make a copy for local operation */
  198         if (ifpp)
  199                 *ifpp = NULL;
  200 
  201         if (inp != NULL) {
  202                 INP_LOCK_ASSERT(inp);
  203                 mopts = inp->in6p_moptions;
  204         } else {
  205                 mopts = NULL;
  206         }
  207 
  208         /*
  209          * If the source address is explicitly specified by the caller,
  210          * check if the requested source address is indeed a unicast address
  211          * assigned to the node, and can be used as the packet's source
  212          * address.  If everything is okay, use the address as source.
  213          */
  214         if (opts && (pi = opts->ip6po_pktinfo) &&
  215             !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
  216                 struct sockaddr_in6 srcsock;
  217                 struct in6_ifaddr *ia6;
  218 
  219                 /* get the outgoing interface */
  220                 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
  221                         return (error);
  222 
  223                 /*
  224                  * determine the appropriate zone id of the source based on
  225                  * the zone of the destination and the outgoing interface.
  226                  * If the specified address is ambiguous wrt the scope zone,
  227                  * the interface must be specified; otherwise, ifa_ifwithaddr()
  228                  * will fail matching the address.
  229                  */
  230                 bzero(&srcsock, sizeof(srcsock));
  231                 srcsock.sin6_family = AF_INET6;
  232                 srcsock.sin6_len = sizeof(srcsock);
  233                 srcsock.sin6_addr = pi->ipi6_addr;
  234                 if (ifp) {
  235                         error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
  236                         if (error)
  237                                 return (error);
  238                 }
  239                 if (cred != NULL && (error = prison_local_ip6(cred,
  240                     &srcsock.sin6_addr, (inp != NULL &&
  241                     (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
  242                         return (error);
  243 
  244                 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
  245                     (struct sockaddr *)&srcsock);
  246                 if (ia6 == NULL ||
  247                     (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
  248                         if (ia6 != NULL)
  249                                 ifa_free(&ia6->ia_ifa);
  250                         return (EADDRNOTAVAIL);
  251                 }
  252                 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
  253                 if (ifpp)
  254                         *ifpp = ifp;
  255                 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
  256                 ifa_free(&ia6->ia_ifa);
  257                 return (0);
  258         }
  259 
  260         /*
  261          * Otherwise, if the socket has already bound the source, just use it.
  262          */
  263         if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
  264                 if (cred != NULL &&
  265                     (error = prison_local_ip6(cred, &inp->in6p_laddr,
  266                     ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
  267                         return (error);
  268                 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
  269                 return (0);
  270         }
  271 
  272         /*
  273          * Bypass source address selection and use the primary jail IP
  274          * if requested.
  275          */
  276         if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
  277                 return (0);
  278 
  279         /*
  280          * If the address is not specified, choose the best one based on
  281          * the outgoing interface and the destination address.
  282          */
  283         /* get the outgoing interface */
  284         if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
  285                 return (error);
  286 
  287 #ifdef DIAGNOSTIC
  288         if (ifp == NULL)        /* this should not happen */
  289                 panic("in6_selectsrc: NULL ifp");
  290 #endif
  291         error = in6_setscope(&dst, ifp, &odstzone);
  292         if (error)
  293                 return (error);
  294 
  295         IN6_IFADDR_RLOCK();
  296         TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
  297                 int new_scope = -1, new_matchlen = -1;
  298                 struct in6_addrpolicy *new_policy = NULL;
  299                 u_int32_t srczone, osrczone, dstzone;
  300                 struct in6_addr src;
  301                 struct ifnet *ifp1 = ia->ia_ifp;
  302 
  303                 /*
  304                  * We'll never take an address that breaks the scope zone
  305                  * of the destination.  We also skip an address if its zone
  306                  * does not contain the outgoing interface.
  307                  * XXX: we should probably use sin6_scope_id here.
  308                  */
  309                 if (in6_setscope(&dst, ifp1, &dstzone) ||
  310                     odstzone != dstzone) {
  311                         continue;
  312                 }
  313                 src = ia->ia_addr.sin6_addr;
  314                 if (in6_setscope(&src, ifp, &osrczone) ||
  315                     in6_setscope(&src, ifp1, &srczone) ||
  316                     osrczone != srczone) {
  317                         continue;
  318                 }
  319 
  320                 /* avoid unusable addresses */
  321                 if ((ia->ia6_flags &
  322                      (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
  323                                 continue;
  324                 }
  325                 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
  326                         continue;
  327 
  328                 /* If jailed only take addresses of the jail into account. */
  329                 if (cred != NULL &&
  330                     prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
  331                         continue;
  332 
  333                 /* Rule 1: Prefer same address */
  334                 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
  335                         ia_best = ia;
  336                         BREAK(1); /* there should be no better candidate */
  337                 }
  338 
  339                 if (ia_best == NULL)
  340                         REPLACE(0);
  341 
  342                 /* Rule 2: Prefer appropriate scope */
  343                 if (dst_scope < 0)
  344                         dst_scope = in6_addrscope(&dst);
  345                 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
  346                 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
  347                         if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
  348                                 REPLACE(2);
  349                         NEXT(2);
  350                 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
  351                         if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
  352                                 NEXT(2);
  353                         REPLACE(2);
  354                 }
  355 
  356                 /*
  357                  * Rule 3: Avoid deprecated addresses.  Note that the case of
  358                  * !ip6_use_deprecated is already rejected above.
  359                  */
  360                 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
  361                         NEXT(3);
  362                 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
  363                         REPLACE(3);
  364 
  365                 /* Rule 4: Prefer home addresses */
  366                 /*
  367                  * XXX: This is a TODO.  We should probably merge the MIP6
  368                  * case above.
  369                  */
  370 
  371                 /* Rule 5: Prefer outgoing interface */
  372                 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
  373                         NEXT(5);
  374                 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
  375                         REPLACE(5);
  376 
  377                 /*
  378                  * Rule 6: Prefer matching label
  379                  * Note that best_policy should be non-NULL here.
  380                  */
  381                 if (dst_policy == NULL)
  382                         dst_policy = lookup_addrsel_policy(dstsock);
  383                 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
  384                         new_policy = lookup_addrsel_policy(&ia->ia_addr);
  385                         if (dst_policy->label == best_policy->label &&
  386                             dst_policy->label != new_policy->label)
  387                                 NEXT(6);
  388                         if (dst_policy->label != best_policy->label &&
  389                             dst_policy->label == new_policy->label)
  390                                 REPLACE(6);
  391                 }
  392 
  393                 /*
  394                  * Rule 7: Prefer public addresses.
  395                  * We allow users to reverse the logic by configuring
  396                  * a sysctl variable, so that privacy conscious users can
  397                  * always prefer temporary addresses.
  398                  */
  399                 if (opts == NULL ||
  400                     opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
  401                         prefer_tempaddr = V_ip6_prefer_tempaddr;
  402                 } else if (opts->ip6po_prefer_tempaddr ==
  403                     IP6PO_TEMPADDR_NOTPREFER) {
  404                         prefer_tempaddr = 0;
  405                 } else
  406                         prefer_tempaddr = 1;
  407                 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
  408                     (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
  409                         if (prefer_tempaddr)
  410                                 REPLACE(7);
  411                         else
  412                                 NEXT(7);
  413                 }
  414                 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
  415                     !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
  416                         if (prefer_tempaddr)
  417                                 NEXT(7);
  418                         else
  419                                 REPLACE(7);
  420                 }
  421 
  422                 /*
  423                  * Rule 8: prefer addresses on alive interfaces.
  424                  * This is a KAME specific rule.
  425                  */
  426                 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
  427                     !(ia->ia_ifp->if_flags & IFF_UP))
  428                         NEXT(8);
  429                 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
  430                     (ia->ia_ifp->if_flags & IFF_UP))
  431                         REPLACE(8);
  432 
  433                 /*
  434                  * Rule 14: Use longest matching prefix.
  435                  * Note: in the address selection draft, this rule is
  436                  * documented as "Rule 8".  However, since it is also
  437                  * documented that this rule can be overridden, we assign
  438                  * a large number so that it is easy to assign smaller numbers
  439                  * to more preferred rules.
  440                  */
  441                 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
  442                 if (best_matchlen < new_matchlen)
  443                         REPLACE(14);
  444                 if (new_matchlen < best_matchlen)
  445                         NEXT(14);
  446 
  447                 /* Rule 15 is reserved. */
  448 
  449                 /*
  450                  * Last resort: just keep the current candidate.
  451                  * Or, do we need more rules?
  452                  */
  453                 continue;
  454 
  455           replace:
  456                 ia_best = ia;
  457                 best_scope = (new_scope >= 0 ? new_scope :
  458                               in6_addrscope(&ia_best->ia_addr.sin6_addr));
  459                 best_policy = (new_policy ? new_policy :
  460                                lookup_addrsel_policy(&ia_best->ia_addr));
  461                 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
  462                                  in6_matchlen(&ia_best->ia_addr.sin6_addr,
  463                                               &dst));
  464 
  465           next:
  466                 continue;
  467 
  468           out:
  469                 break;
  470         }
  471 
  472         if ((ia = ia_best) == NULL) {
  473                 IN6_IFADDR_RUNLOCK();
  474                 return (EADDRNOTAVAIL);
  475         }
  476 
  477         /*
  478          * At this point at least one of the addresses belonged to the jail
  479          * but it could still be, that we want to further restrict it, e.g.
  480          * theoratically IN6_IS_ADDR_LOOPBACK.
  481          * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
  482          * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
  483          * let all others previously selected pass.
  484          * Use tmp to not change ::1 on lo0 to the primary jail address.
  485          */
  486         tmp = ia->ia_addr.sin6_addr;
  487         if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
  488             (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
  489                 IN6_IFADDR_RUNLOCK();
  490                 return (EADDRNOTAVAIL);
  491         }
  492 
  493         if (ifpp)
  494                 *ifpp = ifp;
  495 
  496         bcopy(&tmp, srcp, sizeof(*srcp));
  497         IN6_IFADDR_RUNLOCK();
  498         return (0);
  499 }
  500 
  501 /*
  502  * clone - meaningful only for bsdi and freebsd
  503  */
  504 static int
  505 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  506     struct ip6_moptions *mopts, struct route_in6 *ro,
  507     struct ifnet **retifp, struct rtentry **retrt, int norouteok)
  508 {
  509         int error = 0;
  510         struct ifnet *ifp = NULL;
  511         struct rtentry *rt = NULL;
  512         struct sockaddr_in6 *sin6_next;
  513         struct in6_pktinfo *pi = NULL;
  514         struct in6_addr *dst = &dstsock->sin6_addr;
  515 #if 0
  516         char ip6buf[INET6_ADDRSTRLEN];
  517 
  518         if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
  519             dstsock->sin6_addr.s6_addr32[1] == 0 &&
  520             !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
  521                 printf("in6_selectroute: strange destination %s\n",
  522                        ip6_sprintf(ip6buf, &dstsock->sin6_addr));
  523         } else {
  524                 printf("in6_selectroute: destination = %s%%%d\n",
  525                        ip6_sprintf(ip6buf, &dstsock->sin6_addr),
  526                        dstsock->sin6_scope_id); /* for debug */
  527         }
  528 #endif
  529 
  530         /* If the caller specify the outgoing interface explicitly, use it. */
  531         if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
  532                 /* XXX boundary check is assumed to be already done. */
  533                 ifp = ifnet_byindex(pi->ipi6_ifindex);
  534                 if (ifp != NULL &&
  535                     (norouteok || retrt == NULL ||
  536                     IN6_IS_ADDR_MULTICAST(dst))) {
  537                         /*
  538                          * we do not have to check or get the route for
  539                          * multicast.
  540                          */
  541                         goto done;
  542                 } else
  543                         goto getroute;
  544         }
  545 
  546         /*
  547          * If the destination address is a multicast address and the outgoing
  548          * interface for the address is specified by the caller, use it.
  549          */
  550         if (IN6_IS_ADDR_MULTICAST(dst) &&
  551             mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
  552                 goto done; /* we do not need a route for multicast. */
  553         }
  554 
  555   getroute:
  556         /*
  557          * If the next hop address for the packet is specified by the caller,
  558          * use it as the gateway.
  559          */
  560         if (opts && opts->ip6po_nexthop) {
  561                 struct route_in6 *ron;
  562                 struct llentry *la;
  563             
  564                 sin6_next = satosin6(opts->ip6po_nexthop);
  565                 
  566                 /* at this moment, we only support AF_INET6 next hops */
  567                 if (sin6_next->sin6_family != AF_INET6) {
  568                         error = EAFNOSUPPORT; /* or should we proceed? */
  569                         goto done;
  570                 }
  571 
  572                 /*
  573                  * If the next hop is an IPv6 address, then the node identified
  574                  * by that address must be a neighbor of the sending host.
  575                  */
  576                 ron = &opts->ip6po_nextroute;
  577                 /*
  578                  * XXX what do we do here?
  579                  * PLZ to be fixing
  580                  */
  581 
  582 
  583                 if (ron->ro_rt == NULL) {
  584                         rtalloc((struct route *)ron); /* multi path case? */
  585                         if (ron->ro_rt == NULL) {
  586                                 if (ron->ro_rt) {
  587                                         RTFREE(ron->ro_rt);
  588                                         ron->ro_rt = NULL;
  589                                 }
  590                                 error = EHOSTUNREACH;
  591                                 goto done;
  592                         } 
  593                 }
  594 
  595                 rt = ron->ro_rt;
  596                 ifp = rt->rt_ifp;
  597                 IF_AFDATA_LOCK(ifp);
  598                 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
  599                 IF_AFDATA_UNLOCK(ifp);
  600                 if (la != NULL) 
  601                         LLE_RUNLOCK(la);
  602                 else {
  603                         error = EHOSTUNREACH;
  604                         goto done;
  605                 }
  606 #if 0
  607                 if ((ron->ro_rt &&
  608                      (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
  609                      (RTF_UP | RTF_LLINFO)) ||
  610                     !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
  611                     &sin6_next->sin6_addr)) {
  612                         if (ron->ro_rt) {
  613                                 RTFREE(ron->ro_rt);
  614                                 ron->ro_rt = NULL;
  615                         }
  616                         *satosin6(&ron->ro_dst) = *sin6_next;
  617                 }
  618                 if (ron->ro_rt == NULL) {
  619                         rtalloc((struct route *)ron); /* multi path case? */
  620                         if (ron->ro_rt == NULL ||
  621                             !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
  622                                 if (ron->ro_rt) {
  623                                         RTFREE(ron->ro_rt);
  624                                         ron->ro_rt = NULL;
  625                                 }
  626                                 error = EHOSTUNREACH;
  627                                 goto done;
  628                         }
  629                 }
  630 #endif
  631 
  632                 /*
  633                  * When cloning is required, try to allocate a route to the
  634                  * destination so that the caller can store path MTU
  635                  * information.
  636                  */
  637                 goto done;
  638         }
  639 
  640         /*
  641          * Use a cached route if it exists and is valid, else try to allocate
  642          * a new one.  Note that we should check the address family of the
  643          * cached destination, in case of sharing the cache with IPv4.
  644          */
  645         if (ro) {
  646                 if (ro->ro_rt &&
  647                     (!(ro->ro_rt->rt_flags & RTF_UP) ||
  648                      ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
  649                      !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
  650                      dst))) {
  651                         RTFREE(ro->ro_rt);
  652                         ro->ro_rt = (struct rtentry *)NULL;
  653                 }
  654                 if (ro->ro_rt == (struct rtentry *)NULL) {
  655                         struct sockaddr_in6 *sa6;
  656 
  657                         /* No route yet, so try to acquire one */
  658                         bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
  659                         sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
  660                         *sa6 = *dstsock;
  661                         sa6->sin6_scope_id = 0;
  662 
  663 #ifdef RADIX_MPATH
  664                                 rtalloc_mpath((struct route *)ro,
  665                                     ntohl(sa6->sin6_addr.s6_addr32[3]));
  666 #else                   
  667                                 ro->ro_rt = rtalloc1(&((struct route *)ro)
  668                                     ->ro_dst, 0, 0UL);
  669                                 if (ro->ro_rt)
  670                                         RT_UNLOCK(ro->ro_rt);
  671 #endif
  672                 }
  673                                 
  674                 /*
  675                  * do not care about the result if we have the nexthop
  676                  * explicitly specified.
  677                  */
  678                 if (opts && opts->ip6po_nexthop)
  679                         goto done;
  680 
  681                 if (ro->ro_rt) {
  682                         ifp = ro->ro_rt->rt_ifp;
  683 
  684                         if (ifp == NULL) { /* can this really happen? */
  685                                 RTFREE(ro->ro_rt);
  686                                 ro->ro_rt = NULL;
  687                         }
  688                 }
  689                 if (ro->ro_rt == NULL)
  690                         error = EHOSTUNREACH;
  691                 rt = ro->ro_rt;
  692 
  693                 /*
  694                  * Check if the outgoing interface conflicts with
  695                  * the interface specified by ipi6_ifindex (if specified).
  696                  * Note that loopback interface is always okay.
  697                  * (this may happen when we are sending a packet to one of
  698                  *  our own addresses.)
  699                  */
  700                 if (ifp && opts && opts->ip6po_pktinfo &&
  701                     opts->ip6po_pktinfo->ipi6_ifindex) {
  702                         if (!(ifp->if_flags & IFF_LOOPBACK) &&
  703                             ifp->if_index !=
  704                             opts->ip6po_pktinfo->ipi6_ifindex) {
  705                                 error = EHOSTUNREACH;
  706                                 goto done;
  707                         }
  708                 }
  709         }
  710 
  711   done:
  712         if (ifp == NULL && rt == NULL) {
  713                 /*
  714                  * This can happen if the caller did not pass a cached route
  715                  * nor any other hints.  We treat this case an error.
  716                  */
  717                 error = EHOSTUNREACH;
  718         }
  719         if (error == EHOSTUNREACH)
  720                 V_ip6stat.ip6s_noroute++;
  721 
  722         if (retifp != NULL) {
  723                 *retifp = ifp;
  724 
  725                 /*
  726                  * Adjust the "outgoing" interface.  If we're going to loop 
  727                  * the packet back to ourselves, the ifp would be the loopback 
  728                  * interface. However, we'd rather know the interface associated 
  729                  * to the destination address (which should probably be one of 
  730                  * our own addresses.)
  731                  */
  732                 if (rt) {
  733                         if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
  734                             (rt->rt_gateway->sa_family == AF_LINK))
  735                                 *retifp = 
  736                                         ifnet_byindex(((struct sockaddr_dl *)
  737                                                        rt->rt_gateway)->sdl_index);
  738                 }
  739         }
  740 
  741         if (retrt != NULL)
  742                 *retrt = rt;    /* rt may be NULL */
  743 
  744         return (error);
  745 }
  746 
  747 static int
  748 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  749     struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp)
  750 {
  751         int error;
  752         struct route_in6 sro;
  753         struct rtentry *rt = NULL;
  754 
  755         if (ro == NULL) {
  756                 bzero(&sro, sizeof(sro));
  757                 ro = &sro;
  758         }
  759 
  760         if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
  761                                      &rt, 1)) != 0) {
  762                 if (ro == &sro && rt && rt == sro.ro_rt)
  763                         RTFREE(rt);
  764                 return (error);
  765         }
  766 
  767         /*
  768          * do not use a rejected or black hole route.
  769          * XXX: this check should be done in the L2 output routine.
  770          * However, if we skipped this check here, we'd see the following
  771          * scenario:
  772          * - install a rejected route for a scoped address prefix
  773          *   (like fe80::/10)
  774          * - send a packet to a destination that matches the scoped prefix,
  775          *   with ambiguity about the scope zone.
  776          * - pick the outgoing interface from the route, and disambiguate the
  777          *   scope zone with the interface.
  778          * - ip6_output() would try to get another route with the "new"
  779          *   destination, which may be valid.
  780          * - we'd see no error on output.
  781          * Although this may not be very harmful, it should still be confusing.
  782          * We thus reject the case here.
  783          */
  784         if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
  785                 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
  786 
  787                 if (ro == &sro && rt && rt == sro.ro_rt)
  788                         RTFREE(rt);
  789                 return (flags);
  790         }
  791 
  792         if (ro == &sro && rt && rt == sro.ro_rt)
  793                 RTFREE(rt);
  794         return (0);
  795 }
  796 
  797 /*
  798  * clone - meaningful only for bsdi and freebsd
  799  */
  800 int
  801 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
  802     struct ip6_moptions *mopts, struct route_in6 *ro,
  803     struct ifnet **retifp, struct rtentry **retrt)
  804 {
  805 
  806         return (selectroute(dstsock, opts, mopts, ro, retifp,
  807             retrt, 0));
  808 }
  809 
  810 /*
  811  * Default hop limit selection. The precedence is as follows:
  812  * 1. Hoplimit value specified via ioctl.
  813  * 2. (If the outgoing interface is detected) the current
  814  *     hop limit of the interface specified by router advertisement.
  815  * 3. The system default hoplimit.
  816  */
  817 int
  818 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
  819 {
  820 
  821         if (in6p && in6p->in6p_hops >= 0)
  822                 return (in6p->in6p_hops);
  823         else if (ifp)
  824                 return (ND_IFINFO(ifp)->chlim);
  825         else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
  826                 struct route_in6 ro6;
  827                 struct ifnet *lifp;
  828 
  829                 bzero(&ro6, sizeof(ro6));
  830                 ro6.ro_dst.sin6_family = AF_INET6;
  831                 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
  832                 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
  833                 rtalloc((struct route *)&ro6);
  834                 if (ro6.ro_rt) {
  835                         lifp = ro6.ro_rt->rt_ifp;
  836                         RTFREE(ro6.ro_rt);
  837                         if (lifp)
  838                                 return (ND_IFINFO(lifp)->chlim);
  839                 } else
  840                         return (V_ip6_defhlim);
  841         }
  842         return (V_ip6_defhlim);
  843 }
  844 
  845 /*
  846  * XXX: this is borrowed from in6_pcbbind(). If possible, we should
  847  * share this function by all *bsd*...
  848  */
  849 int
  850 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
  851 {
  852         struct socket *so = inp->inp_socket;
  853         u_int16_t lport = 0;
  854         int error, wild = 0;
  855 #ifdef INVARIANTS
  856         struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
  857 #endif
  858 
  859         INP_INFO_WLOCK_ASSERT(pcbinfo);
  860         INP_WLOCK_ASSERT(inp);
  861 
  862         error = prison_local_ip6(cred, laddr,
  863             ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
  864         if (error)
  865                 return(error);
  866 
  867         /* XXX: this is redundant when called from in6_pcbbind */
  868         if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
  869                 wild = INPLOOKUP_WILDCARD;
  870 
  871         inp->inp_flags |= INP_ANONPORT;
  872 
  873         error = in_pcb_lport(inp, NULL, &lport, cred, wild);
  874         if (error != 0)
  875                 return (error);
  876 
  877         inp->inp_lport = lport;
  878         if (in_pcbinshash(inp) != 0) {
  879                 inp->in6p_laddr = in6addr_any;
  880                 inp->inp_lport = 0;
  881                 return (EAGAIN);
  882         }
  883 
  884         return (0);
  885 }
  886 
  887 void
  888 addrsel_policy_init(void)
  889 {
  890 
  891         init_policy_queue();
  892 
  893         /* initialize the "last resort" policy */
  894         bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
  895         V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
  896 
  897         if (!IS_DEFAULT_VNET(curvnet))
  898                 return;
  899 
  900         ADDRSEL_LOCK_INIT();
  901         ADDRSEL_SXLOCK_INIT();
  902 }
  903 
  904 static struct in6_addrpolicy *
  905 lookup_addrsel_policy(struct sockaddr_in6 *key)
  906 {
  907         struct in6_addrpolicy *match = NULL;
  908 
  909         ADDRSEL_LOCK();
  910         match = match_addrsel_policy(key);
  911 
  912         if (match == NULL)
  913                 match = &V_defaultaddrpolicy;
  914         else
  915                 match->use++;
  916         ADDRSEL_UNLOCK();
  917 
  918         return (match);
  919 }
  920 
  921 /*
  922  * Subroutines to manage the address selection policy table via sysctl.
  923  */
  924 struct walkarg {
  925         struct sysctl_req *w_req;
  926 };
  927 
  928 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
  929 SYSCTL_DECL(_net_inet6_ip6);
  930 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
  931         CTLFLAG_RD, in6_src_sysctl, "");
  932 
  933 static int
  934 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
  935 {
  936         struct walkarg w;
  937 
  938         if (req->newptr)
  939                 return EPERM;
  940 
  941         bzero(&w, sizeof(w));
  942         w.w_req = req;
  943 
  944         return (walk_addrsel_policy(dump_addrsel_policyent, &w));
  945 }
  946 
  947 int
  948 in6_src_ioctl(u_long cmd, caddr_t data)
  949 {
  950         int i;
  951         struct in6_addrpolicy ent0;
  952 
  953         if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
  954                 return (EOPNOTSUPP); /* check for safety */
  955 
  956         ent0 = *(struct in6_addrpolicy *)data;
  957 
  958         if (ent0.label == ADDR_LABEL_NOTAPP)
  959                 return (EINVAL);
  960         /* check if the prefix mask is consecutive. */
  961         if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
  962                 return (EINVAL);
  963         /* clear trailing garbages (if any) of the prefix address. */
  964         for (i = 0; i < 4; i++) {
  965                 ent0.addr.sin6_addr.s6_addr32[i] &=
  966                         ent0.addrmask.sin6_addr.s6_addr32[i];
  967         }
  968         ent0.use = 0;
  969 
  970         switch (cmd) {
  971         case SIOCAADDRCTL_POLICY:
  972                 return (add_addrsel_policyent(&ent0));
  973         case SIOCDADDRCTL_POLICY:
  974                 return (delete_addrsel_policyent(&ent0));
  975         }
  976 
  977         return (0);             /* XXX: compromise compilers */
  978 }
  979 
  980 /*
  981  * The followings are implementation of the policy table using a
  982  * simple tail queue.
  983  * XXX such details should be hidden.
  984  * XXX implementation using binary tree should be more efficient.
  985  */
  986 struct addrsel_policyent {
  987         TAILQ_ENTRY(addrsel_policyent) ape_entry;
  988         struct in6_addrpolicy ape_policy;
  989 };
  990 
  991 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
  992 
  993 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
  994 #define V_addrsel_policytab             VNET(addrsel_policytab)
  995 
  996 static void
  997 init_policy_queue(void)
  998 {
  999 
 1000         TAILQ_INIT(&V_addrsel_policytab);
 1001 }
 1002 
 1003 static int
 1004 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
 1005 {
 1006         struct addrsel_policyent *new, *pol;
 1007 
 1008         new = malloc(sizeof(*new), M_IFADDR,
 1009                M_WAITOK);
 1010         ADDRSEL_XLOCK();
 1011         ADDRSEL_LOCK();
 1012 
 1013         /* duplication check */
 1014         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1015                 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
 1016                                        &pol->ape_policy.addr.sin6_addr) &&
 1017                     IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
 1018                                        &pol->ape_policy.addrmask.sin6_addr)) {
 1019                         ADDRSEL_UNLOCK();
 1020                         ADDRSEL_XUNLOCK();
 1021                         free(new, M_IFADDR);
 1022                         return (EEXIST);        /* or override it? */
 1023                 }
 1024         }
 1025 
 1026         bzero(new, sizeof(*new));
 1027 
 1028         /* XXX: should validate entry */
 1029         new->ape_policy = *newpolicy;
 1030 
 1031         TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
 1032         ADDRSEL_UNLOCK();
 1033         ADDRSEL_XUNLOCK();
 1034 
 1035         return (0);
 1036 }
 1037 
 1038 static int
 1039 delete_addrsel_policyent(struct in6_addrpolicy *key)
 1040 {
 1041         struct addrsel_policyent *pol;
 1042 
 1043         ADDRSEL_XLOCK();
 1044         ADDRSEL_LOCK();
 1045 
 1046         /* search for the entry in the table */
 1047         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1048                 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
 1049                     &pol->ape_policy.addr.sin6_addr) &&
 1050                     IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
 1051                     &pol->ape_policy.addrmask.sin6_addr)) {
 1052                         break;
 1053                 }
 1054         }
 1055         if (pol == NULL) {
 1056                 ADDRSEL_UNLOCK();
 1057                 ADDRSEL_XUNLOCK();
 1058                 return (ESRCH);
 1059         }
 1060 
 1061         TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
 1062         ADDRSEL_UNLOCK();
 1063         ADDRSEL_XUNLOCK();
 1064 
 1065         return (0);
 1066 }
 1067 
 1068 static int
 1069 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *),
 1070     void *w)
 1071 {
 1072         struct addrsel_policyent *pol;
 1073         int error = 0;
 1074 
 1075         ADDRSEL_SLOCK();
 1076         TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
 1077                 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
 1078                         ADDRSEL_SUNLOCK();
 1079                         return (error);
 1080                 }
 1081         }
 1082         ADDRSEL_SUNLOCK();
 1083         return (error);
 1084 }
 1085 
 1086 static int
 1087 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
 1088 {
 1089         int error = 0;
 1090         struct walkarg *w = arg;
 1091 
 1092         error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
 1093 
 1094         return (error);
 1095 }
 1096 
 1097 static struct in6_addrpolicy *
 1098 match_addrsel_policy(struct sockaddr_in6 *key)
 1099 {
 1100         struct addrsel_policyent *pent;
 1101         struct in6_addrpolicy *bestpol = NULL, *pol;
 1102         int matchlen, bestmatchlen = -1;
 1103         u_char *mp, *ep, *k, *p, m;
 1104 
 1105         TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
 1106                 matchlen = 0;
 1107 
 1108                 pol = &pent->ape_policy;
 1109                 mp = (u_char *)&pol->addrmask.sin6_addr;
 1110                 ep = mp + 16;   /* XXX: scope field? */
 1111                 k = (u_char *)&key->sin6_addr;
 1112                 p = (u_char *)&pol->addr.sin6_addr;
 1113                 for (; mp < ep && *mp; mp++, k++, p++) {
 1114                         m = *mp;
 1115                         if ((*k & m) != *p)
 1116                                 goto next; /* not match */
 1117                         if (m == 0xff) /* short cut for a typical case */
 1118                                 matchlen += 8;
 1119                         else {
 1120                                 while (m >= 0x80) {
 1121                                         matchlen++;
 1122                                         m <<= 1;
 1123                                 }
 1124                         }
 1125                 }
 1126 
 1127                 /* matched.  check if this is better than the current best. */
 1128                 if (bestpol == NULL ||
 1129                     matchlen > bestmatchlen) {
 1130                         bestpol = pol;
 1131                         bestmatchlen = matchlen;
 1132                 }
 1133 
 1134           next:
 1135                 continue;
 1136         }
 1137 
 1138         return (bestpol);
 1139 }

Cache object: e8bc1bde21eb11288750ca8f93ecda70


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.