1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30 */
31
32 /*-
33 * Copyright (c) 1982, 1986, 1991, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
61 */
62
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD: releng/9.0/sys/netinet6/in6_src.c 222488 2011-05-30 09:43:55Z rwatson $");
65
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68 #include "opt_mpath.h"
69
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/lock.h>
73 #include <sys/malloc.h>
74 #include <sys/mbuf.h>
75 #include <sys/priv.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/sockio.h>
80 #include <sys/sysctl.h>
81 #include <sys/errno.h>
82 #include <sys/time.h>
83 #include <sys/jail.h>
84 #include <sys/kernel.h>
85 #include <sys/sx.h>
86
87 #include <net/if.h>
88 #include <net/if_dl.h>
89 #include <net/route.h>
90 #include <net/if_llatbl.h>
91 #ifdef RADIX_MPATH
92 #include <net/radix_mpath.h>
93 #endif
94
95 #include <netinet/in.h>
96 #include <netinet/in_var.h>
97 #include <netinet/in_systm.h>
98 #include <netinet/ip.h>
99 #include <netinet/in_pcb.h>
100 #include <netinet/ip_var.h>
101 #include <netinet/udp.h>
102 #include <netinet/udp_var.h>
103
104 #include <netinet6/in6_var.h>
105 #include <netinet/ip6.h>
106 #include <netinet6/in6_pcb.h>
107 #include <netinet6/ip6_var.h>
108 #include <netinet6/scope6_var.h>
109 #include <netinet6/nd6.h>
110
111 static struct mtx addrsel_lock;
112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock)
114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock)
115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED)
116
117 static struct sx addrsel_sxlock;
118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock")
119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock)
120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock)
121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock)
122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock)
123
124 #define ADDR_LABEL_NOTAPP (-1)
125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
126 #define V_defaultaddrpolicy VNET(defaultaddrpolicy)
127
128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
129
130 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *,
131 struct ip6_moptions *, struct route_in6 *, struct ifnet **,
132 struct rtentry **, int));
133 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *,
134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **));
135
136 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
137
138 static void init_policy_queue(void);
139 static int add_addrsel_policyent(struct in6_addrpolicy *);
140 static int delete_addrsel_policyent(struct in6_addrpolicy *);
141 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *),
142 void *));
143 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
144 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
145
146 /*
147 * Return an IPv6 address, which is the most appropriate for a given
148 * destination and user specified options.
149 * If necessary, this function lookups the routing table and returns
150 * an entry to the caller for later use.
151 */
152 #define REPLACE(r) do {\
153 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
154 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
155 V_ip6stat.ip6s_sources_rule[(r)]++; \
156 /* { \
157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
159 } */ \
160 goto replace; \
161 } while(0)
162 #define NEXT(r) do {\
163 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
164 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
165 V_ip6stat.ip6s_sources_rule[(r)]++; \
166 /* { \
167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
169 } */ \
170 goto next; /* XXX: we can't use 'continue' here */ \
171 } while(0)
172 #define BREAK(r) do { \
173 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
174 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
175 V_ip6stat.ip6s_sources_rule[(r)]++; \
176 goto out; /* XXX: we can't use 'break' here */ \
177 } while(0)
178
179 int
180 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
181 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
182 struct ifnet **ifpp, struct in6_addr *srcp)
183 {
184 struct in6_addr dst, tmp;
185 struct ifnet *ifp = NULL;
186 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
187 struct in6_pktinfo *pi = NULL;
188 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
189 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
190 u_int32_t odstzone;
191 int prefer_tempaddr;
192 int error;
193 struct ip6_moptions *mopts;
194
195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
196
197 dst = dstsock->sin6_addr; /* make a copy for local operation */
198 if (ifpp)
199 *ifpp = NULL;
200
201 if (inp != NULL) {
202 INP_LOCK_ASSERT(inp);
203 mopts = inp->in6p_moptions;
204 } else {
205 mopts = NULL;
206 }
207
208 /*
209 * If the source address is explicitly specified by the caller,
210 * check if the requested source address is indeed a unicast address
211 * assigned to the node, and can be used as the packet's source
212 * address. If everything is okay, use the address as source.
213 */
214 if (opts && (pi = opts->ip6po_pktinfo) &&
215 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
216 struct sockaddr_in6 srcsock;
217 struct in6_ifaddr *ia6;
218
219 /* get the outgoing interface */
220 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
221 return (error);
222
223 /*
224 * determine the appropriate zone id of the source based on
225 * the zone of the destination and the outgoing interface.
226 * If the specified address is ambiguous wrt the scope zone,
227 * the interface must be specified; otherwise, ifa_ifwithaddr()
228 * will fail matching the address.
229 */
230 bzero(&srcsock, sizeof(srcsock));
231 srcsock.sin6_family = AF_INET6;
232 srcsock.sin6_len = sizeof(srcsock);
233 srcsock.sin6_addr = pi->ipi6_addr;
234 if (ifp) {
235 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
236 if (error)
237 return (error);
238 }
239 if (cred != NULL && (error = prison_local_ip6(cred,
240 &srcsock.sin6_addr, (inp != NULL &&
241 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
242 return (error);
243
244 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
245 (struct sockaddr *)&srcsock);
246 if (ia6 == NULL ||
247 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
248 if (ia6 != NULL)
249 ifa_free(&ia6->ia_ifa);
250 return (EADDRNOTAVAIL);
251 }
252 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
253 if (ifpp)
254 *ifpp = ifp;
255 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
256 ifa_free(&ia6->ia_ifa);
257 return (0);
258 }
259
260 /*
261 * Otherwise, if the socket has already bound the source, just use it.
262 */
263 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
264 if (cred != NULL &&
265 (error = prison_local_ip6(cred, &inp->in6p_laddr,
266 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
267 return (error);
268 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
269 return (0);
270 }
271
272 /*
273 * Bypass source address selection and use the primary jail IP
274 * if requested.
275 */
276 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
277 return (0);
278
279 /*
280 * If the address is not specified, choose the best one based on
281 * the outgoing interface and the destination address.
282 */
283 /* get the outgoing interface */
284 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
285 return (error);
286
287 #ifdef DIAGNOSTIC
288 if (ifp == NULL) /* this should not happen */
289 panic("in6_selectsrc: NULL ifp");
290 #endif
291 error = in6_setscope(&dst, ifp, &odstzone);
292 if (error)
293 return (error);
294
295 IN6_IFADDR_RLOCK();
296 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
297 int new_scope = -1, new_matchlen = -1;
298 struct in6_addrpolicy *new_policy = NULL;
299 u_int32_t srczone, osrczone, dstzone;
300 struct in6_addr src;
301 struct ifnet *ifp1 = ia->ia_ifp;
302
303 /*
304 * We'll never take an address that breaks the scope zone
305 * of the destination. We also skip an address if its zone
306 * does not contain the outgoing interface.
307 * XXX: we should probably use sin6_scope_id here.
308 */
309 if (in6_setscope(&dst, ifp1, &dstzone) ||
310 odstzone != dstzone) {
311 continue;
312 }
313 src = ia->ia_addr.sin6_addr;
314 if (in6_setscope(&src, ifp, &osrczone) ||
315 in6_setscope(&src, ifp1, &srczone) ||
316 osrczone != srczone) {
317 continue;
318 }
319
320 /* avoid unusable addresses */
321 if ((ia->ia6_flags &
322 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
323 continue;
324 }
325 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
326 continue;
327
328 /* If jailed only take addresses of the jail into account. */
329 if (cred != NULL &&
330 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
331 continue;
332
333 /* Rule 1: Prefer same address */
334 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
335 ia_best = ia;
336 BREAK(1); /* there should be no better candidate */
337 }
338
339 if (ia_best == NULL)
340 REPLACE(0);
341
342 /* Rule 2: Prefer appropriate scope */
343 if (dst_scope < 0)
344 dst_scope = in6_addrscope(&dst);
345 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
346 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
347 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
348 REPLACE(2);
349 NEXT(2);
350 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
351 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
352 NEXT(2);
353 REPLACE(2);
354 }
355
356 /*
357 * Rule 3: Avoid deprecated addresses. Note that the case of
358 * !ip6_use_deprecated is already rejected above.
359 */
360 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
361 NEXT(3);
362 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
363 REPLACE(3);
364
365 /* Rule 4: Prefer home addresses */
366 /*
367 * XXX: This is a TODO. We should probably merge the MIP6
368 * case above.
369 */
370
371 /* Rule 5: Prefer outgoing interface */
372 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
373 NEXT(5);
374 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
375 REPLACE(5);
376
377 /*
378 * Rule 6: Prefer matching label
379 * Note that best_policy should be non-NULL here.
380 */
381 if (dst_policy == NULL)
382 dst_policy = lookup_addrsel_policy(dstsock);
383 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
384 new_policy = lookup_addrsel_policy(&ia->ia_addr);
385 if (dst_policy->label == best_policy->label &&
386 dst_policy->label != new_policy->label)
387 NEXT(6);
388 if (dst_policy->label != best_policy->label &&
389 dst_policy->label == new_policy->label)
390 REPLACE(6);
391 }
392
393 /*
394 * Rule 7: Prefer public addresses.
395 * We allow users to reverse the logic by configuring
396 * a sysctl variable, so that privacy conscious users can
397 * always prefer temporary addresses.
398 */
399 if (opts == NULL ||
400 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
401 prefer_tempaddr = V_ip6_prefer_tempaddr;
402 } else if (opts->ip6po_prefer_tempaddr ==
403 IP6PO_TEMPADDR_NOTPREFER) {
404 prefer_tempaddr = 0;
405 } else
406 prefer_tempaddr = 1;
407 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
408 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
409 if (prefer_tempaddr)
410 REPLACE(7);
411 else
412 NEXT(7);
413 }
414 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
415 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
416 if (prefer_tempaddr)
417 NEXT(7);
418 else
419 REPLACE(7);
420 }
421
422 /*
423 * Rule 8: prefer addresses on alive interfaces.
424 * This is a KAME specific rule.
425 */
426 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
427 !(ia->ia_ifp->if_flags & IFF_UP))
428 NEXT(8);
429 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
430 (ia->ia_ifp->if_flags & IFF_UP))
431 REPLACE(8);
432
433 /*
434 * Rule 14: Use longest matching prefix.
435 * Note: in the address selection draft, this rule is
436 * documented as "Rule 8". However, since it is also
437 * documented that this rule can be overridden, we assign
438 * a large number so that it is easy to assign smaller numbers
439 * to more preferred rules.
440 */
441 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
442 if (best_matchlen < new_matchlen)
443 REPLACE(14);
444 if (new_matchlen < best_matchlen)
445 NEXT(14);
446
447 /* Rule 15 is reserved. */
448
449 /*
450 * Last resort: just keep the current candidate.
451 * Or, do we need more rules?
452 */
453 continue;
454
455 replace:
456 ia_best = ia;
457 best_scope = (new_scope >= 0 ? new_scope :
458 in6_addrscope(&ia_best->ia_addr.sin6_addr));
459 best_policy = (new_policy ? new_policy :
460 lookup_addrsel_policy(&ia_best->ia_addr));
461 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
462 in6_matchlen(&ia_best->ia_addr.sin6_addr,
463 &dst));
464
465 next:
466 continue;
467
468 out:
469 break;
470 }
471
472 if ((ia = ia_best) == NULL) {
473 IN6_IFADDR_RUNLOCK();
474 return (EADDRNOTAVAIL);
475 }
476
477 /*
478 * At this point at least one of the addresses belonged to the jail
479 * but it could still be, that we want to further restrict it, e.g.
480 * theoratically IN6_IS_ADDR_LOOPBACK.
481 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
482 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
483 * let all others previously selected pass.
484 * Use tmp to not change ::1 on lo0 to the primary jail address.
485 */
486 tmp = ia->ia_addr.sin6_addr;
487 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
488 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
489 IN6_IFADDR_RUNLOCK();
490 return (EADDRNOTAVAIL);
491 }
492
493 if (ifpp)
494 *ifpp = ifp;
495
496 bcopy(&tmp, srcp, sizeof(*srcp));
497 IN6_IFADDR_RUNLOCK();
498 return (0);
499 }
500
501 /*
502 * clone - meaningful only for bsdi and freebsd
503 */
504 static int
505 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
506 struct ip6_moptions *mopts, struct route_in6 *ro,
507 struct ifnet **retifp, struct rtentry **retrt, int norouteok)
508 {
509 int error = 0;
510 struct ifnet *ifp = NULL;
511 struct rtentry *rt = NULL;
512 struct sockaddr_in6 *sin6_next;
513 struct in6_pktinfo *pi = NULL;
514 struct in6_addr *dst = &dstsock->sin6_addr;
515 #if 0
516 char ip6buf[INET6_ADDRSTRLEN];
517
518 if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
519 dstsock->sin6_addr.s6_addr32[1] == 0 &&
520 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
521 printf("in6_selectroute: strange destination %s\n",
522 ip6_sprintf(ip6buf, &dstsock->sin6_addr));
523 } else {
524 printf("in6_selectroute: destination = %s%%%d\n",
525 ip6_sprintf(ip6buf, &dstsock->sin6_addr),
526 dstsock->sin6_scope_id); /* for debug */
527 }
528 #endif
529
530 /* If the caller specify the outgoing interface explicitly, use it. */
531 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
532 /* XXX boundary check is assumed to be already done. */
533 ifp = ifnet_byindex(pi->ipi6_ifindex);
534 if (ifp != NULL &&
535 (norouteok || retrt == NULL ||
536 IN6_IS_ADDR_MULTICAST(dst))) {
537 /*
538 * we do not have to check or get the route for
539 * multicast.
540 */
541 goto done;
542 } else
543 goto getroute;
544 }
545
546 /*
547 * If the destination address is a multicast address and the outgoing
548 * interface for the address is specified by the caller, use it.
549 */
550 if (IN6_IS_ADDR_MULTICAST(dst) &&
551 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
552 goto done; /* we do not need a route for multicast. */
553 }
554
555 getroute:
556 /*
557 * If the next hop address for the packet is specified by the caller,
558 * use it as the gateway.
559 */
560 if (opts && opts->ip6po_nexthop) {
561 struct route_in6 *ron;
562 struct llentry *la;
563
564 sin6_next = satosin6(opts->ip6po_nexthop);
565
566 /* at this moment, we only support AF_INET6 next hops */
567 if (sin6_next->sin6_family != AF_INET6) {
568 error = EAFNOSUPPORT; /* or should we proceed? */
569 goto done;
570 }
571
572 /*
573 * If the next hop is an IPv6 address, then the node identified
574 * by that address must be a neighbor of the sending host.
575 */
576 ron = &opts->ip6po_nextroute;
577 /*
578 * XXX what do we do here?
579 * PLZ to be fixing
580 */
581
582
583 if (ron->ro_rt == NULL) {
584 rtalloc((struct route *)ron); /* multi path case? */
585 if (ron->ro_rt == NULL) {
586 if (ron->ro_rt) {
587 RTFREE(ron->ro_rt);
588 ron->ro_rt = NULL;
589 }
590 error = EHOSTUNREACH;
591 goto done;
592 }
593 }
594
595 rt = ron->ro_rt;
596 ifp = rt->rt_ifp;
597 IF_AFDATA_LOCK(ifp);
598 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
599 IF_AFDATA_UNLOCK(ifp);
600 if (la != NULL)
601 LLE_RUNLOCK(la);
602 else {
603 error = EHOSTUNREACH;
604 goto done;
605 }
606 #if 0
607 if ((ron->ro_rt &&
608 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
609 (RTF_UP | RTF_LLINFO)) ||
610 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
611 &sin6_next->sin6_addr)) {
612 if (ron->ro_rt) {
613 RTFREE(ron->ro_rt);
614 ron->ro_rt = NULL;
615 }
616 *satosin6(&ron->ro_dst) = *sin6_next;
617 }
618 if (ron->ro_rt == NULL) {
619 rtalloc((struct route *)ron); /* multi path case? */
620 if (ron->ro_rt == NULL ||
621 !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
622 if (ron->ro_rt) {
623 RTFREE(ron->ro_rt);
624 ron->ro_rt = NULL;
625 }
626 error = EHOSTUNREACH;
627 goto done;
628 }
629 }
630 #endif
631
632 /*
633 * When cloning is required, try to allocate a route to the
634 * destination so that the caller can store path MTU
635 * information.
636 */
637 goto done;
638 }
639
640 /*
641 * Use a cached route if it exists and is valid, else try to allocate
642 * a new one. Note that we should check the address family of the
643 * cached destination, in case of sharing the cache with IPv4.
644 */
645 if (ro) {
646 if (ro->ro_rt &&
647 (!(ro->ro_rt->rt_flags & RTF_UP) ||
648 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
649 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
650 dst))) {
651 RTFREE(ro->ro_rt);
652 ro->ro_rt = (struct rtentry *)NULL;
653 }
654 if (ro->ro_rt == (struct rtentry *)NULL) {
655 struct sockaddr_in6 *sa6;
656
657 /* No route yet, so try to acquire one */
658 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
659 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
660 *sa6 = *dstsock;
661 sa6->sin6_scope_id = 0;
662
663 #ifdef RADIX_MPATH
664 rtalloc_mpath((struct route *)ro,
665 ntohl(sa6->sin6_addr.s6_addr32[3]));
666 #else
667 ro->ro_rt = rtalloc1(&((struct route *)ro)
668 ->ro_dst, 0, 0UL);
669 if (ro->ro_rt)
670 RT_UNLOCK(ro->ro_rt);
671 #endif
672 }
673
674 /*
675 * do not care about the result if we have the nexthop
676 * explicitly specified.
677 */
678 if (opts && opts->ip6po_nexthop)
679 goto done;
680
681 if (ro->ro_rt) {
682 ifp = ro->ro_rt->rt_ifp;
683
684 if (ifp == NULL) { /* can this really happen? */
685 RTFREE(ro->ro_rt);
686 ro->ro_rt = NULL;
687 }
688 }
689 if (ro->ro_rt == NULL)
690 error = EHOSTUNREACH;
691 rt = ro->ro_rt;
692
693 /*
694 * Check if the outgoing interface conflicts with
695 * the interface specified by ipi6_ifindex (if specified).
696 * Note that loopback interface is always okay.
697 * (this may happen when we are sending a packet to one of
698 * our own addresses.)
699 */
700 if (ifp && opts && opts->ip6po_pktinfo &&
701 opts->ip6po_pktinfo->ipi6_ifindex) {
702 if (!(ifp->if_flags & IFF_LOOPBACK) &&
703 ifp->if_index !=
704 opts->ip6po_pktinfo->ipi6_ifindex) {
705 error = EHOSTUNREACH;
706 goto done;
707 }
708 }
709 }
710
711 done:
712 if (ifp == NULL && rt == NULL) {
713 /*
714 * This can happen if the caller did not pass a cached route
715 * nor any other hints. We treat this case an error.
716 */
717 error = EHOSTUNREACH;
718 }
719 if (error == EHOSTUNREACH)
720 V_ip6stat.ip6s_noroute++;
721
722 if (retifp != NULL) {
723 *retifp = ifp;
724
725 /*
726 * Adjust the "outgoing" interface. If we're going to loop
727 * the packet back to ourselves, the ifp would be the loopback
728 * interface. However, we'd rather know the interface associated
729 * to the destination address (which should probably be one of
730 * our own addresses.)
731 */
732 if (rt) {
733 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
734 (rt->rt_gateway->sa_family == AF_LINK))
735 *retifp =
736 ifnet_byindex(((struct sockaddr_dl *)
737 rt->rt_gateway)->sdl_index);
738 }
739 }
740
741 if (retrt != NULL)
742 *retrt = rt; /* rt may be NULL */
743
744 return (error);
745 }
746
747 static int
748 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
749 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp)
750 {
751 int error;
752 struct route_in6 sro;
753 struct rtentry *rt = NULL;
754
755 if (ro == NULL) {
756 bzero(&sro, sizeof(sro));
757 ro = &sro;
758 }
759
760 if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
761 &rt, 1)) != 0) {
762 if (ro == &sro && rt && rt == sro.ro_rt)
763 RTFREE(rt);
764 return (error);
765 }
766
767 /*
768 * do not use a rejected or black hole route.
769 * XXX: this check should be done in the L2 output routine.
770 * However, if we skipped this check here, we'd see the following
771 * scenario:
772 * - install a rejected route for a scoped address prefix
773 * (like fe80::/10)
774 * - send a packet to a destination that matches the scoped prefix,
775 * with ambiguity about the scope zone.
776 * - pick the outgoing interface from the route, and disambiguate the
777 * scope zone with the interface.
778 * - ip6_output() would try to get another route with the "new"
779 * destination, which may be valid.
780 * - we'd see no error on output.
781 * Although this may not be very harmful, it should still be confusing.
782 * We thus reject the case here.
783 */
784 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
785 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
786
787 if (ro == &sro && rt && rt == sro.ro_rt)
788 RTFREE(rt);
789 return (flags);
790 }
791
792 if (ro == &sro && rt && rt == sro.ro_rt)
793 RTFREE(rt);
794 return (0);
795 }
796
797 /*
798 * clone - meaningful only for bsdi and freebsd
799 */
800 int
801 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
802 struct ip6_moptions *mopts, struct route_in6 *ro,
803 struct ifnet **retifp, struct rtentry **retrt)
804 {
805
806 return (selectroute(dstsock, opts, mopts, ro, retifp,
807 retrt, 0));
808 }
809
810 /*
811 * Default hop limit selection. The precedence is as follows:
812 * 1. Hoplimit value specified via ioctl.
813 * 2. (If the outgoing interface is detected) the current
814 * hop limit of the interface specified by router advertisement.
815 * 3. The system default hoplimit.
816 */
817 int
818 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
819 {
820
821 if (in6p && in6p->in6p_hops >= 0)
822 return (in6p->in6p_hops);
823 else if (ifp)
824 return (ND_IFINFO(ifp)->chlim);
825 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
826 struct route_in6 ro6;
827 struct ifnet *lifp;
828
829 bzero(&ro6, sizeof(ro6));
830 ro6.ro_dst.sin6_family = AF_INET6;
831 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
832 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
833 rtalloc((struct route *)&ro6);
834 if (ro6.ro_rt) {
835 lifp = ro6.ro_rt->rt_ifp;
836 RTFREE(ro6.ro_rt);
837 if (lifp)
838 return (ND_IFINFO(lifp)->chlim);
839 } else
840 return (V_ip6_defhlim);
841 }
842 return (V_ip6_defhlim);
843 }
844
845 /*
846 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
847 * share this function by all *bsd*...
848 */
849 int
850 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
851 {
852 struct socket *so = inp->inp_socket;
853 u_int16_t lport = 0;
854 int error, lookupflags = 0;
855 #ifdef INVARIANTS
856 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
857 #endif
858
859 INP_WLOCK_ASSERT(inp);
860 INP_HASH_WLOCK_ASSERT(pcbinfo);
861
862 error = prison_local_ip6(cred, laddr,
863 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
864 if (error)
865 return(error);
866
867 /* XXX: this is redundant when called from in6_pcbbind */
868 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
869 lookupflags = INPLOOKUP_WILDCARD;
870
871 inp->inp_flags |= INP_ANONPORT;
872
873 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
874 if (error != 0)
875 return (error);
876
877 inp->inp_lport = lport;
878 if (in_pcbinshash(inp) != 0) {
879 inp->in6p_laddr = in6addr_any;
880 inp->inp_lport = 0;
881 return (EAGAIN);
882 }
883
884 return (0);
885 }
886
887 void
888 addrsel_policy_init(void)
889 {
890
891 init_policy_queue();
892
893 /* initialize the "last resort" policy */
894 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
895 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
896
897 if (!IS_DEFAULT_VNET(curvnet))
898 return;
899
900 ADDRSEL_LOCK_INIT();
901 ADDRSEL_SXLOCK_INIT();
902 }
903
904 static struct in6_addrpolicy *
905 lookup_addrsel_policy(struct sockaddr_in6 *key)
906 {
907 struct in6_addrpolicy *match = NULL;
908
909 ADDRSEL_LOCK();
910 match = match_addrsel_policy(key);
911
912 if (match == NULL)
913 match = &V_defaultaddrpolicy;
914 else
915 match->use++;
916 ADDRSEL_UNLOCK();
917
918 return (match);
919 }
920
921 /*
922 * Subroutines to manage the address selection policy table via sysctl.
923 */
924 struct walkarg {
925 struct sysctl_req *w_req;
926 };
927
928 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
929 SYSCTL_DECL(_net_inet6_ip6);
930 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
931 CTLFLAG_RD, in6_src_sysctl, "");
932
933 static int
934 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
935 {
936 struct walkarg w;
937
938 if (req->newptr)
939 return EPERM;
940
941 bzero(&w, sizeof(w));
942 w.w_req = req;
943
944 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
945 }
946
947 int
948 in6_src_ioctl(u_long cmd, caddr_t data)
949 {
950 int i;
951 struct in6_addrpolicy ent0;
952
953 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
954 return (EOPNOTSUPP); /* check for safety */
955
956 ent0 = *(struct in6_addrpolicy *)data;
957
958 if (ent0.label == ADDR_LABEL_NOTAPP)
959 return (EINVAL);
960 /* check if the prefix mask is consecutive. */
961 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
962 return (EINVAL);
963 /* clear trailing garbages (if any) of the prefix address. */
964 for (i = 0; i < 4; i++) {
965 ent0.addr.sin6_addr.s6_addr32[i] &=
966 ent0.addrmask.sin6_addr.s6_addr32[i];
967 }
968 ent0.use = 0;
969
970 switch (cmd) {
971 case SIOCAADDRCTL_POLICY:
972 return (add_addrsel_policyent(&ent0));
973 case SIOCDADDRCTL_POLICY:
974 return (delete_addrsel_policyent(&ent0));
975 }
976
977 return (0); /* XXX: compromise compilers */
978 }
979
980 /*
981 * The followings are implementation of the policy table using a
982 * simple tail queue.
983 * XXX such details should be hidden.
984 * XXX implementation using binary tree should be more efficient.
985 */
986 struct addrsel_policyent {
987 TAILQ_ENTRY(addrsel_policyent) ape_entry;
988 struct in6_addrpolicy ape_policy;
989 };
990
991 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
992
993 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
994 #define V_addrsel_policytab VNET(addrsel_policytab)
995
996 static void
997 init_policy_queue(void)
998 {
999
1000 TAILQ_INIT(&V_addrsel_policytab);
1001 }
1002
1003 static int
1004 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1005 {
1006 struct addrsel_policyent *new, *pol;
1007
1008 new = malloc(sizeof(*new), M_IFADDR,
1009 M_WAITOK);
1010 ADDRSEL_XLOCK();
1011 ADDRSEL_LOCK();
1012
1013 /* duplication check */
1014 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1015 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1016 &pol->ape_policy.addr.sin6_addr) &&
1017 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1018 &pol->ape_policy.addrmask.sin6_addr)) {
1019 ADDRSEL_UNLOCK();
1020 ADDRSEL_XUNLOCK();
1021 free(new, M_IFADDR);
1022 return (EEXIST); /* or override it? */
1023 }
1024 }
1025
1026 bzero(new, sizeof(*new));
1027
1028 /* XXX: should validate entry */
1029 new->ape_policy = *newpolicy;
1030
1031 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1032 ADDRSEL_UNLOCK();
1033 ADDRSEL_XUNLOCK();
1034
1035 return (0);
1036 }
1037
1038 static int
1039 delete_addrsel_policyent(struct in6_addrpolicy *key)
1040 {
1041 struct addrsel_policyent *pol;
1042
1043 ADDRSEL_XLOCK();
1044 ADDRSEL_LOCK();
1045
1046 /* search for the entry in the table */
1047 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1048 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1049 &pol->ape_policy.addr.sin6_addr) &&
1050 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1051 &pol->ape_policy.addrmask.sin6_addr)) {
1052 break;
1053 }
1054 }
1055 if (pol == NULL) {
1056 ADDRSEL_UNLOCK();
1057 ADDRSEL_XUNLOCK();
1058 return (ESRCH);
1059 }
1060
1061 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1062 ADDRSEL_UNLOCK();
1063 ADDRSEL_XUNLOCK();
1064
1065 return (0);
1066 }
1067
1068 static int
1069 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *),
1070 void *w)
1071 {
1072 struct addrsel_policyent *pol;
1073 int error = 0;
1074
1075 ADDRSEL_SLOCK();
1076 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1077 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1078 ADDRSEL_SUNLOCK();
1079 return (error);
1080 }
1081 }
1082 ADDRSEL_SUNLOCK();
1083 return (error);
1084 }
1085
1086 static int
1087 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1088 {
1089 int error = 0;
1090 struct walkarg *w = arg;
1091
1092 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1093
1094 return (error);
1095 }
1096
1097 static struct in6_addrpolicy *
1098 match_addrsel_policy(struct sockaddr_in6 *key)
1099 {
1100 struct addrsel_policyent *pent;
1101 struct in6_addrpolicy *bestpol = NULL, *pol;
1102 int matchlen, bestmatchlen = -1;
1103 u_char *mp, *ep, *k, *p, m;
1104
1105 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1106 matchlen = 0;
1107
1108 pol = &pent->ape_policy;
1109 mp = (u_char *)&pol->addrmask.sin6_addr;
1110 ep = mp + 16; /* XXX: scope field? */
1111 k = (u_char *)&key->sin6_addr;
1112 p = (u_char *)&pol->addr.sin6_addr;
1113 for (; mp < ep && *mp; mp++, k++, p++) {
1114 m = *mp;
1115 if ((*k & m) != *p)
1116 goto next; /* not match */
1117 if (m == 0xff) /* short cut for a typical case */
1118 matchlen += 8;
1119 else {
1120 while (m >= 0x80) {
1121 matchlen++;
1122 m <<= 1;
1123 }
1124 }
1125 }
1126
1127 /* matched. check if this is better than the current best. */
1128 if (bestpol == NULL ||
1129 matchlen > bestmatchlen) {
1130 bestpol = pol;
1131 bestmatchlen = matchlen;
1132 }
1133
1134 next:
1135 continue;
1136 }
1137
1138 return (bestpol);
1139 }
Cache object: 3c8959e3537ce446688568b70ec10f76
|