1/*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30 */
31
32/*-
33 * Copyright (c) 1982, 1986, 1991, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
61 */
62
63#include <sys/cdefs.h>
| 1/*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30 */
31
32/*-
33 * Copyright (c) 1982, 1986, 1991, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
61 */
62
63#include <sys/cdefs.h>
|
144static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
145static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
146
147/*
148 * Return an IPv6 address, which is the most appropriate for a given
149 * destination and user specified options.
150 * If necessary, this function lookups the routing table and returns
151 * an entry to the caller for later use.
152 */
153#define REPLACE(r) do {\
154 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
155 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
156 V_ip6stat.ip6s_sources_rule[(r)]++; \
157 /* { \
158 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
159 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
160 } */ \
161 goto replace; \
162} while(0)
163#define NEXT(r) do {\
164 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
165 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
166 V_ip6stat.ip6s_sources_rule[(r)]++; \
167 /* { \
168 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
169 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
170 } */ \
171 goto next; /* XXX: we can't use 'continue' here */ \
172} while(0)
173#define BREAK(r) do { \
174 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
175 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
176 V_ip6stat.ip6s_sources_rule[(r)]++; \
177 goto out; /* XXX: we can't use 'break' here */ \
178} while(0)
179
180int
181in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
182 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
183 struct ifnet **ifpp, struct in6_addr *srcp)
184{
185 struct in6_addr dst, tmp;
186 struct ifnet *ifp = NULL, *oifp = NULL;
187 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
188 struct in6_pktinfo *pi = NULL;
189 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
190 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
191 u_int32_t odstzone;
192 int prefer_tempaddr;
193 int error;
194 struct ip6_moptions *mopts;
195
196 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
197
198 dst = dstsock->sin6_addr; /* make a copy for local operation */
199 if (ifpp) {
200 /*
201 * Save a possibly passed in ifp for in6_selectsrc. Only
202 * neighbor discovery code should use this feature, where
203 * we may know the interface but not the FIB number holding
204 * the connected subnet in case someone deleted it from the
205 * default FIB and we need to check the interface.
206 */
207 if (*ifpp != NULL)
208 oifp = *ifpp;
209 *ifpp = NULL;
210 }
211
212 if (inp != NULL) {
213 INP_LOCK_ASSERT(inp);
214 mopts = inp->in6p_moptions;
215 } else {
216 mopts = NULL;
217 }
218
219 /*
220 * If the source address is explicitly specified by the caller,
221 * check if the requested source address is indeed a unicast address
222 * assigned to the node, and can be used as the packet's source
223 * address. If everything is okay, use the address as source.
224 */
225 if (opts && (pi = opts->ip6po_pktinfo) &&
226 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
227 struct sockaddr_in6 srcsock;
228 struct in6_ifaddr *ia6;
229
230 /* get the outgoing interface */
231 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
232 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
233 != 0)
234 return (error);
235
236 /*
237 * determine the appropriate zone id of the source based on
238 * the zone of the destination and the outgoing interface.
239 * If the specified address is ambiguous wrt the scope zone,
240 * the interface must be specified; otherwise, ifa_ifwithaddr()
241 * will fail matching the address.
242 */
243 bzero(&srcsock, sizeof(srcsock));
244 srcsock.sin6_family = AF_INET6;
245 srcsock.sin6_len = sizeof(srcsock);
246 srcsock.sin6_addr = pi->ipi6_addr;
247 if (ifp) {
248 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
249 if (error)
250 return (error);
251 }
252 if (cred != NULL && (error = prison_local_ip6(cred,
253 &srcsock.sin6_addr, (inp != NULL &&
254 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
255 return (error);
256
257 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
258 (struct sockaddr *)&srcsock);
259 if (ia6 == NULL ||
260 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
261 if (ia6 != NULL)
262 ifa_free(&ia6->ia_ifa);
263 return (EADDRNOTAVAIL);
264 }
265 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
266 if (ifpp)
267 *ifpp = ifp;
268 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
269 ifa_free(&ia6->ia_ifa);
270 return (0);
271 }
272
273 /*
274 * Otherwise, if the socket has already bound the source, just use it.
275 */
276 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
277 if (cred != NULL &&
278 (error = prison_local_ip6(cred, &inp->in6p_laddr,
279 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
280 return (error);
281 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
282 return (0);
283 }
284
285 /*
286 * Bypass source address selection and use the primary jail IP
287 * if requested.
288 */
289 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
290 return (0);
291
292 /*
293 * If the address is not specified, choose the best one based on
294 * the outgoing interface and the destination address.
295 */
296 /* get the outgoing interface */
297 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
298 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
299 return (error);
300
301#ifdef DIAGNOSTIC
302 if (ifp == NULL) /* this should not happen */
303 panic("in6_selectsrc: NULL ifp");
304#endif
305 error = in6_setscope(&dst, ifp, &odstzone);
306 if (error)
307 return (error);
308
309 IN6_IFADDR_RLOCK();
310 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
311 int new_scope = -1, new_matchlen = -1;
312 struct in6_addrpolicy *new_policy = NULL;
313 u_int32_t srczone, osrczone, dstzone;
314 struct in6_addr src;
315 struct ifnet *ifp1 = ia->ia_ifp;
316
317 /*
318 * We'll never take an address that breaks the scope zone
319 * of the destination. We also skip an address if its zone
320 * does not contain the outgoing interface.
321 * XXX: we should probably use sin6_scope_id here.
322 */
323 if (in6_setscope(&dst, ifp1, &dstzone) ||
324 odstzone != dstzone) {
325 continue;
326 }
327 src = ia->ia_addr.sin6_addr;
328 if (in6_setscope(&src, ifp, &osrczone) ||
329 in6_setscope(&src, ifp1, &srczone) ||
330 osrczone != srczone) {
331 continue;
332 }
333
334 /* avoid unusable addresses */
335 if ((ia->ia6_flags &
336 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
337 continue;
338 }
339 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
340 continue;
341
342 /* If jailed only take addresses of the jail into account. */
343 if (cred != NULL &&
344 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
345 continue;
346
347 /* Rule 1: Prefer same address */
348 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
349 ia_best = ia;
350 BREAK(1); /* there should be no better candidate */
351 }
352
353 if (ia_best == NULL)
354 REPLACE(0);
355
356 /* Rule 2: Prefer appropriate scope */
357 if (dst_scope < 0)
358 dst_scope = in6_addrscope(&dst);
359 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
360 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
361 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
362 REPLACE(2);
363 NEXT(2);
364 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
365 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
366 NEXT(2);
367 REPLACE(2);
368 }
369
370 /*
371 * Rule 3: Avoid deprecated addresses. Note that the case of
372 * !ip6_use_deprecated is already rejected above.
373 */
374 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
375 NEXT(3);
376 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
377 REPLACE(3);
378
379 /* Rule 4: Prefer home addresses */
380 /*
381 * XXX: This is a TODO. We should probably merge the MIP6
382 * case above.
383 */
384
385 /* Rule 5: Prefer outgoing interface */
386 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
387 NEXT(5);
388 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
389 REPLACE(5);
390
391 /*
392 * Rule 6: Prefer matching label
393 * Note that best_policy should be non-NULL here.
394 */
395 if (dst_policy == NULL)
396 dst_policy = lookup_addrsel_policy(dstsock);
397 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
398 new_policy = lookup_addrsel_policy(&ia->ia_addr);
399 if (dst_policy->label == best_policy->label &&
400 dst_policy->label != new_policy->label)
401 NEXT(6);
402 if (dst_policy->label != best_policy->label &&
403 dst_policy->label == new_policy->label)
404 REPLACE(6);
405 }
406
407 /*
408 * Rule 7: Prefer public addresses.
409 * We allow users to reverse the logic by configuring
410 * a sysctl variable, so that privacy conscious users can
411 * always prefer temporary addresses.
412 */
413 if (opts == NULL ||
414 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
415 prefer_tempaddr = V_ip6_prefer_tempaddr;
416 } else if (opts->ip6po_prefer_tempaddr ==
417 IP6PO_TEMPADDR_NOTPREFER) {
418 prefer_tempaddr = 0;
419 } else
420 prefer_tempaddr = 1;
421 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
422 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
423 if (prefer_tempaddr)
424 REPLACE(7);
425 else
426 NEXT(7);
427 }
428 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
429 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
430 if (prefer_tempaddr)
431 NEXT(7);
432 else
433 REPLACE(7);
434 }
435
436 /*
437 * Rule 8: prefer addresses on alive interfaces.
438 * This is a KAME specific rule.
439 */
440 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
441 !(ia->ia_ifp->if_flags & IFF_UP))
442 NEXT(8);
443 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
444 (ia->ia_ifp->if_flags & IFF_UP))
445 REPLACE(8);
446
447 /*
448 * Rule 14: Use longest matching prefix.
449 * Note: in the address selection draft, this rule is
450 * documented as "Rule 8". However, since it is also
451 * documented that this rule can be overridden, we assign
452 * a large number so that it is easy to assign smaller numbers
453 * to more preferred rules.
454 */
455 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
456 if (best_matchlen < new_matchlen)
457 REPLACE(14);
458 if (new_matchlen < best_matchlen)
459 NEXT(14);
460
461 /* Rule 15 is reserved. */
462
463 /*
464 * Last resort: just keep the current candidate.
465 * Or, do we need more rules?
466 */
467 continue;
468
469 replace:
470 ia_best = ia;
471 best_scope = (new_scope >= 0 ? new_scope :
472 in6_addrscope(&ia_best->ia_addr.sin6_addr));
473 best_policy = (new_policy ? new_policy :
474 lookup_addrsel_policy(&ia_best->ia_addr));
475 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
476 in6_matchlen(&ia_best->ia_addr.sin6_addr,
477 &dst));
478
479 next:
480 continue;
481
482 out:
483 break;
484 }
485
486 if ((ia = ia_best) == NULL) {
487 IN6_IFADDR_RUNLOCK();
488 return (EADDRNOTAVAIL);
489 }
490
491 /*
492 * At this point at least one of the addresses belonged to the jail
493 * but it could still be, that we want to further restrict it, e.g.
494 * theoratically IN6_IS_ADDR_LOOPBACK.
495 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
496 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
497 * let all others previously selected pass.
498 * Use tmp to not change ::1 on lo0 to the primary jail address.
499 */
500 tmp = ia->ia_addr.sin6_addr;
501 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
502 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
503 IN6_IFADDR_RUNLOCK();
504 return (EADDRNOTAVAIL);
505 }
506
507 if (ifpp)
508 *ifpp = ifp;
509
510 bcopy(&tmp, srcp, sizeof(*srcp));
511 IN6_IFADDR_RUNLOCK();
512 return (0);
513}
514
515/*
516 * clone - meaningful only for bsdi and freebsd
517 */
518static int
519selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
520 struct ip6_moptions *mopts, struct route_in6 *ro,
521 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
522{
523 int error = 0;
524 struct ifnet *ifp = NULL;
525 struct rtentry *rt = NULL;
526 struct sockaddr_in6 *sin6_next;
527 struct in6_pktinfo *pi = NULL;
528 struct in6_addr *dst = &dstsock->sin6_addr;
529#if 0
530 char ip6buf[INET6_ADDRSTRLEN];
531
532 if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
533 dstsock->sin6_addr.s6_addr32[1] == 0 &&
534 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
535 printf("in6_selectroute: strange destination %s\n",
536 ip6_sprintf(ip6buf, &dstsock->sin6_addr));
537 } else {
538 printf("in6_selectroute: destination = %s%%%d\n",
539 ip6_sprintf(ip6buf, &dstsock->sin6_addr),
540 dstsock->sin6_scope_id); /* for debug */
541 }
542#endif
543
544 /* If the caller specify the outgoing interface explicitly, use it. */
545 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
546 /* XXX boundary check is assumed to be already done. */
547 ifp = ifnet_byindex(pi->ipi6_ifindex);
548 if (ifp != NULL &&
549 (norouteok || retrt == NULL ||
550 IN6_IS_ADDR_MULTICAST(dst))) {
551 /*
552 * we do not have to check or get the route for
553 * multicast.
554 */
555 goto done;
556 } else
557 goto getroute;
558 }
559
560 /*
561 * If the destination address is a multicast address and the outgoing
562 * interface for the address is specified by the caller, use it.
563 */
564 if (IN6_IS_ADDR_MULTICAST(dst) &&
565 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
566 goto done; /* we do not need a route for multicast. */
567 }
568
569 getroute:
570 /*
571 * If the next hop address for the packet is specified by the caller,
572 * use it as the gateway.
573 */
574 if (opts && opts->ip6po_nexthop) {
575 struct route_in6 *ron;
576 struct llentry *la;
577
578 sin6_next = satosin6(opts->ip6po_nexthop);
579
580 /* at this moment, we only support AF_INET6 next hops */
581 if (sin6_next->sin6_family != AF_INET6) {
582 error = EAFNOSUPPORT; /* or should we proceed? */
583 goto done;
584 }
585
586 /*
587 * If the next hop is an IPv6 address, then the node identified
588 * by that address must be a neighbor of the sending host.
589 */
590 ron = &opts->ip6po_nextroute;
591 /*
592 * XXX what do we do here?
593 * PLZ to be fixing
594 */
595
596
597 if (ron->ro_rt == NULL) {
598 in6_rtalloc(ron, fibnum); /* multi path case? */
599 if (ron->ro_rt == NULL) {
600 /* XXX-BZ WT.? */
601 if (ron->ro_rt) {
602 RTFREE(ron->ro_rt);
603 ron->ro_rt = NULL;
604 }
605 error = EHOSTUNREACH;
606 goto done;
607 }
608 }
609
610 rt = ron->ro_rt;
611 ifp = rt->rt_ifp;
612 IF_AFDATA_LOCK(ifp);
613 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
614 IF_AFDATA_UNLOCK(ifp);
615 if (la != NULL)
616 LLE_RUNLOCK(la);
617 else {
618 error = EHOSTUNREACH;
619 goto done;
620 }
621#if 0
622 if ((ron->ro_rt &&
623 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
624 (RTF_UP | RTF_LLINFO)) ||
625 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
626 &sin6_next->sin6_addr)) {
627 if (ron->ro_rt) {
628 RTFREE(ron->ro_rt);
629 ron->ro_rt = NULL;
630 }
631 *satosin6(&ron->ro_dst) = *sin6_next;
632 }
633 if (ron->ro_rt == NULL) {
634 in6_rtalloc(ron, fibnum); /* multi path case? */
635 if (ron->ro_rt == NULL ||
636 !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
637 if (ron->ro_rt) {
638 RTFREE(ron->ro_rt);
639 ron->ro_rt = NULL;
640 }
641 error = EHOSTUNREACH;
642 goto done;
643 }
644 }
645#endif
646
647 /*
648 * When cloning is required, try to allocate a route to the
649 * destination so that the caller can store path MTU
650 * information.
651 */
652 goto done;
653 }
654
655 /*
656 * Use a cached route if it exists and is valid, else try to allocate
657 * a new one. Note that we should check the address family of the
658 * cached destination, in case of sharing the cache with IPv4.
659 */
660 if (ro) {
661 if (ro->ro_rt &&
662 (!(ro->ro_rt->rt_flags & RTF_UP) ||
663 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
664 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
665 dst))) {
666 RTFREE(ro->ro_rt);
667 ro->ro_rt = (struct rtentry *)NULL;
668 }
669 if (ro->ro_rt == (struct rtentry *)NULL) {
670 struct sockaddr_in6 *sa6;
671
672 /* No route yet, so try to acquire one */
673 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
674 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
675 *sa6 = *dstsock;
676 sa6->sin6_scope_id = 0;
677
678#ifdef RADIX_MPATH
679 rtalloc_mpath_fib((struct route *)ro,
680 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
681#else
682 ro->ro_rt = in6_rtalloc1((struct sockaddr *)
683 &ro->ro_dst, 0, 0UL, fibnum);
684 if (ro->ro_rt)
685 RT_UNLOCK(ro->ro_rt);
686#endif
687 }
688
689 /*
690 * do not care about the result if we have the nexthop
691 * explicitly specified.
692 */
693 if (opts && opts->ip6po_nexthop)
694 goto done;
695
696 if (ro->ro_rt) {
697 ifp = ro->ro_rt->rt_ifp;
698
699 if (ifp == NULL) { /* can this really happen? */
700 RTFREE(ro->ro_rt);
701 ro->ro_rt = NULL;
702 }
703 }
704 if (ro->ro_rt == NULL)
705 error = EHOSTUNREACH;
706 rt = ro->ro_rt;
707
708 /*
709 * Check if the outgoing interface conflicts with
710 * the interface specified by ipi6_ifindex (if specified).
711 * Note that loopback interface is always okay.
712 * (this may happen when we are sending a packet to one of
713 * our own addresses.)
714 */
715 if (ifp && opts && opts->ip6po_pktinfo &&
716 opts->ip6po_pktinfo->ipi6_ifindex) {
717 if (!(ifp->if_flags & IFF_LOOPBACK) &&
718 ifp->if_index !=
719 opts->ip6po_pktinfo->ipi6_ifindex) {
720 error = EHOSTUNREACH;
721 goto done;
722 }
723 }
724 }
725
726 done:
727 if (ifp == NULL && rt == NULL) {
728 /*
729 * This can happen if the caller did not pass a cached route
730 * nor any other hints. We treat this case an error.
731 */
732 error = EHOSTUNREACH;
733 }
734 if (error == EHOSTUNREACH)
735 V_ip6stat.ip6s_noroute++;
736
737 if (retifp != NULL) {
738 *retifp = ifp;
739
740 /*
741 * Adjust the "outgoing" interface. If we're going to loop
742 * the packet back to ourselves, the ifp would be the loopback
743 * interface. However, we'd rather know the interface associated
744 * to the destination address (which should probably be one of
745 * our own addresses.)
746 */
747 if (rt) {
748 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
749 (rt->rt_gateway->sa_family == AF_LINK))
750 *retifp =
751 ifnet_byindex(((struct sockaddr_dl *)
752 rt->rt_gateway)->sdl_index);
753 }
754 }
755
756 if (retrt != NULL)
757 *retrt = rt; /* rt may be NULL */
758
759 return (error);
760}
761
762static int
763in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
764 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
765 struct ifnet *oifp, u_int fibnum)
766{
767 int error;
768 struct route_in6 sro;
769 struct rtentry *rt = NULL;
770
771 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
772
773 if (ro == NULL) {
774 bzero(&sro, sizeof(sro));
775 ro = &sro;
776 }
777
778 if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
779 &rt, 1, fibnum)) != 0) {
780 if (ro == &sro && rt && rt == sro.ro_rt)
781 RTFREE(rt);
782 /* Help ND. See oifp comment in in6_selectsrc(). */
783 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
784 *retifp = oifp;
785 error = 0;
786 }
787 return (error);
788 }
789
790 /*
791 * do not use a rejected or black hole route.
792 * XXX: this check should be done in the L2 output routine.
793 * However, if we skipped this check here, we'd see the following
794 * scenario:
795 * - install a rejected route for a scoped address prefix
796 * (like fe80::/10)
797 * - send a packet to a destination that matches the scoped prefix,
798 * with ambiguity about the scope zone.
799 * - pick the outgoing interface from the route, and disambiguate the
800 * scope zone with the interface.
801 * - ip6_output() would try to get another route with the "new"
802 * destination, which may be valid.
803 * - we'd see no error on output.
804 * Although this may not be very harmful, it should still be confusing.
805 * We thus reject the case here.
806 */
807 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
808 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
809
810 if (ro == &sro && rt && rt == sro.ro_rt)
811 RTFREE(rt);
812 return (flags);
813 }
814
815 if (ro == &sro && rt && rt == sro.ro_rt)
816 RTFREE(rt);
817 return (0);
818}
819
820/*
821 * Public wrapper function to selectroute().
822 *
823 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
824 * in6_selectroute_fib() function is only there for backward compat on stable.
825 */
826int
827in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
828 struct ip6_moptions *mopts, struct route_in6 *ro,
829 struct ifnet **retifp, struct rtentry **retrt)
830{
831
832 return (selectroute(dstsock, opts, mopts, ro, retifp,
833 retrt, 0, RT_DEFAULT_FIB));
834}
835
836#ifndef BURN_BRIDGES
837int
838in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
839 struct ip6_moptions *mopts, struct route_in6 *ro,
840 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
841{
842
843 return (selectroute(dstsock, opts, mopts, ro, retifp,
844 retrt, 0, fibnum));
845}
846#endif
847
848/*
849 * Default hop limit selection. The precedence is as follows:
850 * 1. Hoplimit value specified via ioctl.
851 * 2. (If the outgoing interface is detected) the current
852 * hop limit of the interface specified by router advertisement.
853 * 3. The system default hoplimit.
854 */
855int
856in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
857{
858
859 if (in6p && in6p->in6p_hops >= 0)
860 return (in6p->in6p_hops);
861 else if (ifp)
862 return (ND_IFINFO(ifp)->chlim);
863 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
864 struct route_in6 ro6;
865 struct ifnet *lifp;
866
867 bzero(&ro6, sizeof(ro6));
868 ro6.ro_dst.sin6_family = AF_INET6;
869 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
870 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
871 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
872 if (ro6.ro_rt) {
873 lifp = ro6.ro_rt->rt_ifp;
874 RTFREE(ro6.ro_rt);
875 if (lifp)
876 return (ND_IFINFO(lifp)->chlim);
877 }
878 }
879 return (V_ip6_defhlim);
880}
881
882/*
883 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
884 * share this function by all *bsd*...
885 */
886int
887in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
888{
889 struct socket *so = inp->inp_socket;
890 u_int16_t lport = 0;
891 int error, lookupflags = 0;
892#ifdef INVARIANTS
893 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
894#endif
895
896 INP_WLOCK_ASSERT(inp);
897 INP_HASH_WLOCK_ASSERT(pcbinfo);
898
899 error = prison_local_ip6(cred, laddr,
900 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
901 if (error)
902 return(error);
903
904 /* XXX: this is redundant when called from in6_pcbbind */
905 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
906 lookupflags = INPLOOKUP_WILDCARD;
907
908 inp->inp_flags |= INP_ANONPORT;
909
910 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
911 if (error != 0)
912 return (error);
913
914 inp->inp_lport = lport;
915 if (in_pcbinshash(inp) != 0) {
916 inp->in6p_laddr = in6addr_any;
917 inp->inp_lport = 0;
918 return (EAGAIN);
919 }
920
921 return (0);
922}
923
924void
925addrsel_policy_init(void)
926{
927
928 init_policy_queue();
929
930 /* initialize the "last resort" policy */
931 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
932 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
933
934 if (!IS_DEFAULT_VNET(curvnet))
935 return;
936
937 ADDRSEL_LOCK_INIT();
938 ADDRSEL_SXLOCK_INIT();
939}
940
941static struct in6_addrpolicy *
942lookup_addrsel_policy(struct sockaddr_in6 *key)
943{
944 struct in6_addrpolicy *match = NULL;
945
946 ADDRSEL_LOCK();
947 match = match_addrsel_policy(key);
948
949 if (match == NULL)
950 match = &V_defaultaddrpolicy;
951 else
952 match->use++;
953 ADDRSEL_UNLOCK();
954
955 return (match);
956}
957
958/*
959 * Subroutines to manage the address selection policy table via sysctl.
960 */
961struct walkarg {
962 struct sysctl_req *w_req;
963};
964
965static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
966SYSCTL_DECL(_net_inet6_ip6);
967static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
968 CTLFLAG_RD, in6_src_sysctl, "");
969
970static int
971in6_src_sysctl(SYSCTL_HANDLER_ARGS)
972{
973 struct walkarg w;
974
975 if (req->newptr)
976 return EPERM;
977
978 bzero(&w, sizeof(w));
979 w.w_req = req;
980
981 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
982}
983
984int
985in6_src_ioctl(u_long cmd, caddr_t data)
986{
987 int i;
988 struct in6_addrpolicy ent0;
989
990 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
991 return (EOPNOTSUPP); /* check for safety */
992
993 ent0 = *(struct in6_addrpolicy *)data;
994
995 if (ent0.label == ADDR_LABEL_NOTAPP)
996 return (EINVAL);
997 /* check if the prefix mask is consecutive. */
998 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
999 return (EINVAL);
1000 /* clear trailing garbages (if any) of the prefix address. */
1001 for (i = 0; i < 4; i++) {
1002 ent0.addr.sin6_addr.s6_addr32[i] &=
1003 ent0.addrmask.sin6_addr.s6_addr32[i];
1004 }
1005 ent0.use = 0;
1006
1007 switch (cmd) {
1008 case SIOCAADDRCTL_POLICY:
1009 return (add_addrsel_policyent(&ent0));
1010 case SIOCDADDRCTL_POLICY:
1011 return (delete_addrsel_policyent(&ent0));
1012 }
1013
1014 return (0); /* XXX: compromise compilers */
1015}
1016
1017/*
1018 * The followings are implementation of the policy table using a
1019 * simple tail queue.
1020 * XXX such details should be hidden.
1021 * XXX implementation using binary tree should be more efficient.
1022 */
1023struct addrsel_policyent {
1024 TAILQ_ENTRY(addrsel_policyent) ape_entry;
1025 struct in6_addrpolicy ape_policy;
1026};
1027
1028TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1029
1030static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
1031#define V_addrsel_policytab VNET(addrsel_policytab)
1032
1033static void
1034init_policy_queue(void)
1035{
1036
1037 TAILQ_INIT(&V_addrsel_policytab);
1038}
1039
1040static int
1041add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1042{
1043 struct addrsel_policyent *new, *pol;
1044
1045 new = malloc(sizeof(*new), M_IFADDR,
1046 M_WAITOK);
1047 ADDRSEL_XLOCK();
1048 ADDRSEL_LOCK();
1049
1050 /* duplication check */
1051 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1052 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1053 &pol->ape_policy.addr.sin6_addr) &&
1054 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1055 &pol->ape_policy.addrmask.sin6_addr)) {
1056 ADDRSEL_UNLOCK();
1057 ADDRSEL_XUNLOCK();
1058 free(new, M_IFADDR);
1059 return (EEXIST); /* or override it? */
1060 }
1061 }
1062
1063 bzero(new, sizeof(*new));
1064
1065 /* XXX: should validate entry */
1066 new->ape_policy = *newpolicy;
1067
1068 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1069 ADDRSEL_UNLOCK();
1070 ADDRSEL_XUNLOCK();
1071
1072 return (0);
1073}
1074
1075static int
1076delete_addrsel_policyent(struct in6_addrpolicy *key)
1077{
1078 struct addrsel_policyent *pol;
1079
1080 ADDRSEL_XLOCK();
1081 ADDRSEL_LOCK();
1082
1083 /* search for the entry in the table */
1084 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1085 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1086 &pol->ape_policy.addr.sin6_addr) &&
1087 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1088 &pol->ape_policy.addrmask.sin6_addr)) {
1089 break;
1090 }
1091 }
1092 if (pol == NULL) {
1093 ADDRSEL_UNLOCK();
1094 ADDRSEL_XUNLOCK();
1095 return (ESRCH);
1096 }
1097
1098 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1099 ADDRSEL_UNLOCK();
1100 ADDRSEL_XUNLOCK();
1101
1102 return (0);
1103}
1104
1105static int
1106walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *),
1107 void *w)
1108{
1109 struct addrsel_policyent *pol;
1110 int error = 0;
1111
1112 ADDRSEL_SLOCK();
1113 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1114 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1115 ADDRSEL_SUNLOCK();
1116 return (error);
1117 }
1118 }
1119 ADDRSEL_SUNLOCK();
1120 return (error);
1121}
1122
1123static int
1124dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1125{
1126 int error = 0;
1127 struct walkarg *w = arg;
1128
1129 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1130
1131 return (error);
1132}
1133
1134static struct in6_addrpolicy *
1135match_addrsel_policy(struct sockaddr_in6 *key)
1136{
1137 struct addrsel_policyent *pent;
1138 struct in6_addrpolicy *bestpol = NULL, *pol;
1139 int matchlen, bestmatchlen = -1;
1140 u_char *mp, *ep, *k, *p, m;
1141
1142 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1143 matchlen = 0;
1144
1145 pol = &pent->ape_policy;
1146 mp = (u_char *)&pol->addrmask.sin6_addr;
1147 ep = mp + 16; /* XXX: scope field? */
1148 k = (u_char *)&key->sin6_addr;
1149 p = (u_char *)&pol->addr.sin6_addr;
1150 for (; mp < ep && *mp; mp++, k++, p++) {
1151 m = *mp;
1152 if ((*k & m) != *p)
1153 goto next; /* not match */
1154 if (m == 0xff) /* short cut for a typical case */
1155 matchlen += 8;
1156 else {
1157 while (m >= 0x80) {
1158 matchlen++;
1159 m <<= 1;
1160 }
1161 }
1162 }
1163
1164 /* matched. check if this is better than the current best. */
1165 if (bestpol == NULL ||
1166 matchlen > bestmatchlen) {
1167 bestpol = pol;
1168 bestmatchlen = matchlen;
1169 }
1170
1171 next:
1172 continue;
1173 }
1174
1175 return (bestpol);
1176}
| 144static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
145static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
146
147/*
148 * Return an IPv6 address, which is the most appropriate for a given
149 * destination and user specified options.
150 * If necessary, this function lookups the routing table and returns
151 * an entry to the caller for later use.
152 */
153#define REPLACE(r) do {\
154 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
155 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
156 V_ip6stat.ip6s_sources_rule[(r)]++; \
157 /* { \
158 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
159 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
160 } */ \
161 goto replace; \
162} while(0)
163#define NEXT(r) do {\
164 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
165 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
166 V_ip6stat.ip6s_sources_rule[(r)]++; \
167 /* { \
168 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
169 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
170 } */ \
171 goto next; /* XXX: we can't use 'continue' here */ \
172} while(0)
173#define BREAK(r) do { \
174 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \
175 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
176 V_ip6stat.ip6s_sources_rule[(r)]++; \
177 goto out; /* XXX: we can't use 'break' here */ \
178} while(0)
179
180int
181in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
182 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
183 struct ifnet **ifpp, struct in6_addr *srcp)
184{
185 struct in6_addr dst, tmp;
186 struct ifnet *ifp = NULL, *oifp = NULL;
187 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
188 struct in6_pktinfo *pi = NULL;
189 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
190 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
191 u_int32_t odstzone;
192 int prefer_tempaddr;
193 int error;
194 struct ip6_moptions *mopts;
195
196 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
197
198 dst = dstsock->sin6_addr; /* make a copy for local operation */
199 if (ifpp) {
200 /*
201 * Save a possibly passed in ifp for in6_selectsrc. Only
202 * neighbor discovery code should use this feature, where
203 * we may know the interface but not the FIB number holding
204 * the connected subnet in case someone deleted it from the
205 * default FIB and we need to check the interface.
206 */
207 if (*ifpp != NULL)
208 oifp = *ifpp;
209 *ifpp = NULL;
210 }
211
212 if (inp != NULL) {
213 INP_LOCK_ASSERT(inp);
214 mopts = inp->in6p_moptions;
215 } else {
216 mopts = NULL;
217 }
218
219 /*
220 * If the source address is explicitly specified by the caller,
221 * check if the requested source address is indeed a unicast address
222 * assigned to the node, and can be used as the packet's source
223 * address. If everything is okay, use the address as source.
224 */
225 if (opts && (pi = opts->ip6po_pktinfo) &&
226 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
227 struct sockaddr_in6 srcsock;
228 struct in6_ifaddr *ia6;
229
230 /* get the outgoing interface */
231 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
232 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
233 != 0)
234 return (error);
235
236 /*
237 * determine the appropriate zone id of the source based on
238 * the zone of the destination and the outgoing interface.
239 * If the specified address is ambiguous wrt the scope zone,
240 * the interface must be specified; otherwise, ifa_ifwithaddr()
241 * will fail matching the address.
242 */
243 bzero(&srcsock, sizeof(srcsock));
244 srcsock.sin6_family = AF_INET6;
245 srcsock.sin6_len = sizeof(srcsock);
246 srcsock.sin6_addr = pi->ipi6_addr;
247 if (ifp) {
248 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
249 if (error)
250 return (error);
251 }
252 if (cred != NULL && (error = prison_local_ip6(cred,
253 &srcsock.sin6_addr, (inp != NULL &&
254 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
255 return (error);
256
257 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
258 (struct sockaddr *)&srcsock);
259 if (ia6 == NULL ||
260 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
261 if (ia6 != NULL)
262 ifa_free(&ia6->ia_ifa);
263 return (EADDRNOTAVAIL);
264 }
265 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
266 if (ifpp)
267 *ifpp = ifp;
268 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
269 ifa_free(&ia6->ia_ifa);
270 return (0);
271 }
272
273 /*
274 * Otherwise, if the socket has already bound the source, just use it.
275 */
276 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
277 if (cred != NULL &&
278 (error = prison_local_ip6(cred, &inp->in6p_laddr,
279 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
280 return (error);
281 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
282 return (0);
283 }
284
285 /*
286 * Bypass source address selection and use the primary jail IP
287 * if requested.
288 */
289 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
290 return (0);
291
292 /*
293 * If the address is not specified, choose the best one based on
294 * the outgoing interface and the destination address.
295 */
296 /* get the outgoing interface */
297 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
298 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
299 return (error);
300
301#ifdef DIAGNOSTIC
302 if (ifp == NULL) /* this should not happen */
303 panic("in6_selectsrc: NULL ifp");
304#endif
305 error = in6_setscope(&dst, ifp, &odstzone);
306 if (error)
307 return (error);
308
309 IN6_IFADDR_RLOCK();
310 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
311 int new_scope = -1, new_matchlen = -1;
312 struct in6_addrpolicy *new_policy = NULL;
313 u_int32_t srczone, osrczone, dstzone;
314 struct in6_addr src;
315 struct ifnet *ifp1 = ia->ia_ifp;
316
317 /*
318 * We'll never take an address that breaks the scope zone
319 * of the destination. We also skip an address if its zone
320 * does not contain the outgoing interface.
321 * XXX: we should probably use sin6_scope_id here.
322 */
323 if (in6_setscope(&dst, ifp1, &dstzone) ||
324 odstzone != dstzone) {
325 continue;
326 }
327 src = ia->ia_addr.sin6_addr;
328 if (in6_setscope(&src, ifp, &osrczone) ||
329 in6_setscope(&src, ifp1, &srczone) ||
330 osrczone != srczone) {
331 continue;
332 }
333
334 /* avoid unusable addresses */
335 if ((ia->ia6_flags &
336 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
337 continue;
338 }
339 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
340 continue;
341
342 /* If jailed only take addresses of the jail into account. */
343 if (cred != NULL &&
344 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
345 continue;
346
347 /* Rule 1: Prefer same address */
348 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
349 ia_best = ia;
350 BREAK(1); /* there should be no better candidate */
351 }
352
353 if (ia_best == NULL)
354 REPLACE(0);
355
356 /* Rule 2: Prefer appropriate scope */
357 if (dst_scope < 0)
358 dst_scope = in6_addrscope(&dst);
359 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
360 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
361 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
362 REPLACE(2);
363 NEXT(2);
364 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
365 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
366 NEXT(2);
367 REPLACE(2);
368 }
369
370 /*
371 * Rule 3: Avoid deprecated addresses. Note that the case of
372 * !ip6_use_deprecated is already rejected above.
373 */
374 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
375 NEXT(3);
376 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
377 REPLACE(3);
378
379 /* Rule 4: Prefer home addresses */
380 /*
381 * XXX: This is a TODO. We should probably merge the MIP6
382 * case above.
383 */
384
385 /* Rule 5: Prefer outgoing interface */
386 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
387 NEXT(5);
388 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
389 REPLACE(5);
390
391 /*
392 * Rule 6: Prefer matching label
393 * Note that best_policy should be non-NULL here.
394 */
395 if (dst_policy == NULL)
396 dst_policy = lookup_addrsel_policy(dstsock);
397 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
398 new_policy = lookup_addrsel_policy(&ia->ia_addr);
399 if (dst_policy->label == best_policy->label &&
400 dst_policy->label != new_policy->label)
401 NEXT(6);
402 if (dst_policy->label != best_policy->label &&
403 dst_policy->label == new_policy->label)
404 REPLACE(6);
405 }
406
407 /*
408 * Rule 7: Prefer public addresses.
409 * We allow users to reverse the logic by configuring
410 * a sysctl variable, so that privacy conscious users can
411 * always prefer temporary addresses.
412 */
413 if (opts == NULL ||
414 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
415 prefer_tempaddr = V_ip6_prefer_tempaddr;
416 } else if (opts->ip6po_prefer_tempaddr ==
417 IP6PO_TEMPADDR_NOTPREFER) {
418 prefer_tempaddr = 0;
419 } else
420 prefer_tempaddr = 1;
421 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
422 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
423 if (prefer_tempaddr)
424 REPLACE(7);
425 else
426 NEXT(7);
427 }
428 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
429 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
430 if (prefer_tempaddr)
431 NEXT(7);
432 else
433 REPLACE(7);
434 }
435
436 /*
437 * Rule 8: prefer addresses on alive interfaces.
438 * This is a KAME specific rule.
439 */
440 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
441 !(ia->ia_ifp->if_flags & IFF_UP))
442 NEXT(8);
443 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
444 (ia->ia_ifp->if_flags & IFF_UP))
445 REPLACE(8);
446
447 /*
448 * Rule 14: Use longest matching prefix.
449 * Note: in the address selection draft, this rule is
450 * documented as "Rule 8". However, since it is also
451 * documented that this rule can be overridden, we assign
452 * a large number so that it is easy to assign smaller numbers
453 * to more preferred rules.
454 */
455 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
456 if (best_matchlen < new_matchlen)
457 REPLACE(14);
458 if (new_matchlen < best_matchlen)
459 NEXT(14);
460
461 /* Rule 15 is reserved. */
462
463 /*
464 * Last resort: just keep the current candidate.
465 * Or, do we need more rules?
466 */
467 continue;
468
469 replace:
470 ia_best = ia;
471 best_scope = (new_scope >= 0 ? new_scope :
472 in6_addrscope(&ia_best->ia_addr.sin6_addr));
473 best_policy = (new_policy ? new_policy :
474 lookup_addrsel_policy(&ia_best->ia_addr));
475 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
476 in6_matchlen(&ia_best->ia_addr.sin6_addr,
477 &dst));
478
479 next:
480 continue;
481
482 out:
483 break;
484 }
485
486 if ((ia = ia_best) == NULL) {
487 IN6_IFADDR_RUNLOCK();
488 return (EADDRNOTAVAIL);
489 }
490
491 /*
492 * At this point at least one of the addresses belonged to the jail
493 * but it could still be, that we want to further restrict it, e.g.
494 * theoratically IN6_IS_ADDR_LOOPBACK.
495 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
496 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
497 * let all others previously selected pass.
498 * Use tmp to not change ::1 on lo0 to the primary jail address.
499 */
500 tmp = ia->ia_addr.sin6_addr;
501 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
502 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
503 IN6_IFADDR_RUNLOCK();
504 return (EADDRNOTAVAIL);
505 }
506
507 if (ifpp)
508 *ifpp = ifp;
509
510 bcopy(&tmp, srcp, sizeof(*srcp));
511 IN6_IFADDR_RUNLOCK();
512 return (0);
513}
514
515/*
516 * clone - meaningful only for bsdi and freebsd
517 */
518static int
519selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
520 struct ip6_moptions *mopts, struct route_in6 *ro,
521 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
522{
523 int error = 0;
524 struct ifnet *ifp = NULL;
525 struct rtentry *rt = NULL;
526 struct sockaddr_in6 *sin6_next;
527 struct in6_pktinfo *pi = NULL;
528 struct in6_addr *dst = &dstsock->sin6_addr;
529#if 0
530 char ip6buf[INET6_ADDRSTRLEN];
531
532 if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
533 dstsock->sin6_addr.s6_addr32[1] == 0 &&
534 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
535 printf("in6_selectroute: strange destination %s\n",
536 ip6_sprintf(ip6buf, &dstsock->sin6_addr));
537 } else {
538 printf("in6_selectroute: destination = %s%%%d\n",
539 ip6_sprintf(ip6buf, &dstsock->sin6_addr),
540 dstsock->sin6_scope_id); /* for debug */
541 }
542#endif
543
544 /* If the caller specify the outgoing interface explicitly, use it. */
545 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
546 /* XXX boundary check is assumed to be already done. */
547 ifp = ifnet_byindex(pi->ipi6_ifindex);
548 if (ifp != NULL &&
549 (norouteok || retrt == NULL ||
550 IN6_IS_ADDR_MULTICAST(dst))) {
551 /*
552 * we do not have to check or get the route for
553 * multicast.
554 */
555 goto done;
556 } else
557 goto getroute;
558 }
559
560 /*
561 * If the destination address is a multicast address and the outgoing
562 * interface for the address is specified by the caller, use it.
563 */
564 if (IN6_IS_ADDR_MULTICAST(dst) &&
565 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
566 goto done; /* we do not need a route for multicast. */
567 }
568
569 getroute:
570 /*
571 * If the next hop address for the packet is specified by the caller,
572 * use it as the gateway.
573 */
574 if (opts && opts->ip6po_nexthop) {
575 struct route_in6 *ron;
576 struct llentry *la;
577
578 sin6_next = satosin6(opts->ip6po_nexthop);
579
580 /* at this moment, we only support AF_INET6 next hops */
581 if (sin6_next->sin6_family != AF_INET6) {
582 error = EAFNOSUPPORT; /* or should we proceed? */
583 goto done;
584 }
585
586 /*
587 * If the next hop is an IPv6 address, then the node identified
588 * by that address must be a neighbor of the sending host.
589 */
590 ron = &opts->ip6po_nextroute;
591 /*
592 * XXX what do we do here?
593 * PLZ to be fixing
594 */
595
596
597 if (ron->ro_rt == NULL) {
598 in6_rtalloc(ron, fibnum); /* multi path case? */
599 if (ron->ro_rt == NULL) {
600 /* XXX-BZ WT.? */
601 if (ron->ro_rt) {
602 RTFREE(ron->ro_rt);
603 ron->ro_rt = NULL;
604 }
605 error = EHOSTUNREACH;
606 goto done;
607 }
608 }
609
610 rt = ron->ro_rt;
611 ifp = rt->rt_ifp;
612 IF_AFDATA_LOCK(ifp);
613 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr);
614 IF_AFDATA_UNLOCK(ifp);
615 if (la != NULL)
616 LLE_RUNLOCK(la);
617 else {
618 error = EHOSTUNREACH;
619 goto done;
620 }
621#if 0
622 if ((ron->ro_rt &&
623 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
624 (RTF_UP | RTF_LLINFO)) ||
625 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
626 &sin6_next->sin6_addr)) {
627 if (ron->ro_rt) {
628 RTFREE(ron->ro_rt);
629 ron->ro_rt = NULL;
630 }
631 *satosin6(&ron->ro_dst) = *sin6_next;
632 }
633 if (ron->ro_rt == NULL) {
634 in6_rtalloc(ron, fibnum); /* multi path case? */
635 if (ron->ro_rt == NULL ||
636 !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
637 if (ron->ro_rt) {
638 RTFREE(ron->ro_rt);
639 ron->ro_rt = NULL;
640 }
641 error = EHOSTUNREACH;
642 goto done;
643 }
644 }
645#endif
646
647 /*
648 * When cloning is required, try to allocate a route to the
649 * destination so that the caller can store path MTU
650 * information.
651 */
652 goto done;
653 }
654
655 /*
656 * Use a cached route if it exists and is valid, else try to allocate
657 * a new one. Note that we should check the address family of the
658 * cached destination, in case of sharing the cache with IPv4.
659 */
660 if (ro) {
661 if (ro->ro_rt &&
662 (!(ro->ro_rt->rt_flags & RTF_UP) ||
663 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
664 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
665 dst))) {
666 RTFREE(ro->ro_rt);
667 ro->ro_rt = (struct rtentry *)NULL;
668 }
669 if (ro->ro_rt == (struct rtentry *)NULL) {
670 struct sockaddr_in6 *sa6;
671
672 /* No route yet, so try to acquire one */
673 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
674 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
675 *sa6 = *dstsock;
676 sa6->sin6_scope_id = 0;
677
678#ifdef RADIX_MPATH
679 rtalloc_mpath_fib((struct route *)ro,
680 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
681#else
682 ro->ro_rt = in6_rtalloc1((struct sockaddr *)
683 &ro->ro_dst, 0, 0UL, fibnum);
684 if (ro->ro_rt)
685 RT_UNLOCK(ro->ro_rt);
686#endif
687 }
688
689 /*
690 * do not care about the result if we have the nexthop
691 * explicitly specified.
692 */
693 if (opts && opts->ip6po_nexthop)
694 goto done;
695
696 if (ro->ro_rt) {
697 ifp = ro->ro_rt->rt_ifp;
698
699 if (ifp == NULL) { /* can this really happen? */
700 RTFREE(ro->ro_rt);
701 ro->ro_rt = NULL;
702 }
703 }
704 if (ro->ro_rt == NULL)
705 error = EHOSTUNREACH;
706 rt = ro->ro_rt;
707
708 /*
709 * Check if the outgoing interface conflicts with
710 * the interface specified by ipi6_ifindex (if specified).
711 * Note that loopback interface is always okay.
712 * (this may happen when we are sending a packet to one of
713 * our own addresses.)
714 */
715 if (ifp && opts && opts->ip6po_pktinfo &&
716 opts->ip6po_pktinfo->ipi6_ifindex) {
717 if (!(ifp->if_flags & IFF_LOOPBACK) &&
718 ifp->if_index !=
719 opts->ip6po_pktinfo->ipi6_ifindex) {
720 error = EHOSTUNREACH;
721 goto done;
722 }
723 }
724 }
725
726 done:
727 if (ifp == NULL && rt == NULL) {
728 /*
729 * This can happen if the caller did not pass a cached route
730 * nor any other hints. We treat this case an error.
731 */
732 error = EHOSTUNREACH;
733 }
734 if (error == EHOSTUNREACH)
735 V_ip6stat.ip6s_noroute++;
736
737 if (retifp != NULL) {
738 *retifp = ifp;
739
740 /*
741 * Adjust the "outgoing" interface. If we're going to loop
742 * the packet back to ourselves, the ifp would be the loopback
743 * interface. However, we'd rather know the interface associated
744 * to the destination address (which should probably be one of
745 * our own addresses.)
746 */
747 if (rt) {
748 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
749 (rt->rt_gateway->sa_family == AF_LINK))
750 *retifp =
751 ifnet_byindex(((struct sockaddr_dl *)
752 rt->rt_gateway)->sdl_index);
753 }
754 }
755
756 if (retrt != NULL)
757 *retrt = rt; /* rt may be NULL */
758
759 return (error);
760}
761
762static int
763in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
764 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
765 struct ifnet *oifp, u_int fibnum)
766{
767 int error;
768 struct route_in6 sro;
769 struct rtentry *rt = NULL;
770
771 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
772
773 if (ro == NULL) {
774 bzero(&sro, sizeof(sro));
775 ro = &sro;
776 }
777
778 if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
779 &rt, 1, fibnum)) != 0) {
780 if (ro == &sro && rt && rt == sro.ro_rt)
781 RTFREE(rt);
782 /* Help ND. See oifp comment in in6_selectsrc(). */
783 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
784 *retifp = oifp;
785 error = 0;
786 }
787 return (error);
788 }
789
790 /*
791 * do not use a rejected or black hole route.
792 * XXX: this check should be done in the L2 output routine.
793 * However, if we skipped this check here, we'd see the following
794 * scenario:
795 * - install a rejected route for a scoped address prefix
796 * (like fe80::/10)
797 * - send a packet to a destination that matches the scoped prefix,
798 * with ambiguity about the scope zone.
799 * - pick the outgoing interface from the route, and disambiguate the
800 * scope zone with the interface.
801 * - ip6_output() would try to get another route with the "new"
802 * destination, which may be valid.
803 * - we'd see no error on output.
804 * Although this may not be very harmful, it should still be confusing.
805 * We thus reject the case here.
806 */
807 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
808 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
809
810 if (ro == &sro && rt && rt == sro.ro_rt)
811 RTFREE(rt);
812 return (flags);
813 }
814
815 if (ro == &sro && rt && rt == sro.ro_rt)
816 RTFREE(rt);
817 return (0);
818}
819
820/*
821 * Public wrapper function to selectroute().
822 *
823 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
824 * in6_selectroute_fib() function is only there for backward compat on stable.
825 */
826int
827in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
828 struct ip6_moptions *mopts, struct route_in6 *ro,
829 struct ifnet **retifp, struct rtentry **retrt)
830{
831
832 return (selectroute(dstsock, opts, mopts, ro, retifp,
833 retrt, 0, RT_DEFAULT_FIB));
834}
835
836#ifndef BURN_BRIDGES
837int
838in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
839 struct ip6_moptions *mopts, struct route_in6 *ro,
840 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
841{
842
843 return (selectroute(dstsock, opts, mopts, ro, retifp,
844 retrt, 0, fibnum));
845}
846#endif
847
848/*
849 * Default hop limit selection. The precedence is as follows:
850 * 1. Hoplimit value specified via ioctl.
851 * 2. (If the outgoing interface is detected) the current
852 * hop limit of the interface specified by router advertisement.
853 * 3. The system default hoplimit.
854 */
855int
856in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
857{
858
859 if (in6p && in6p->in6p_hops >= 0)
860 return (in6p->in6p_hops);
861 else if (ifp)
862 return (ND_IFINFO(ifp)->chlim);
863 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
864 struct route_in6 ro6;
865 struct ifnet *lifp;
866
867 bzero(&ro6, sizeof(ro6));
868 ro6.ro_dst.sin6_family = AF_INET6;
869 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
870 ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
871 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
872 if (ro6.ro_rt) {
873 lifp = ro6.ro_rt->rt_ifp;
874 RTFREE(ro6.ro_rt);
875 if (lifp)
876 return (ND_IFINFO(lifp)->chlim);
877 }
878 }
879 return (V_ip6_defhlim);
880}
881
882/*
883 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
884 * share this function by all *bsd*...
885 */
886int
887in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
888{
889 struct socket *so = inp->inp_socket;
890 u_int16_t lport = 0;
891 int error, lookupflags = 0;
892#ifdef INVARIANTS
893 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
894#endif
895
896 INP_WLOCK_ASSERT(inp);
897 INP_HASH_WLOCK_ASSERT(pcbinfo);
898
899 error = prison_local_ip6(cred, laddr,
900 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
901 if (error)
902 return(error);
903
904 /* XXX: this is redundant when called from in6_pcbbind */
905 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
906 lookupflags = INPLOOKUP_WILDCARD;
907
908 inp->inp_flags |= INP_ANONPORT;
909
910 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
911 if (error != 0)
912 return (error);
913
914 inp->inp_lport = lport;
915 if (in_pcbinshash(inp) != 0) {
916 inp->in6p_laddr = in6addr_any;
917 inp->inp_lport = 0;
918 return (EAGAIN);
919 }
920
921 return (0);
922}
923
924void
925addrsel_policy_init(void)
926{
927
928 init_policy_queue();
929
930 /* initialize the "last resort" policy */
931 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
932 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
933
934 if (!IS_DEFAULT_VNET(curvnet))
935 return;
936
937 ADDRSEL_LOCK_INIT();
938 ADDRSEL_SXLOCK_INIT();
939}
940
941static struct in6_addrpolicy *
942lookup_addrsel_policy(struct sockaddr_in6 *key)
943{
944 struct in6_addrpolicy *match = NULL;
945
946 ADDRSEL_LOCK();
947 match = match_addrsel_policy(key);
948
949 if (match == NULL)
950 match = &V_defaultaddrpolicy;
951 else
952 match->use++;
953 ADDRSEL_UNLOCK();
954
955 return (match);
956}
957
958/*
959 * Subroutines to manage the address selection policy table via sysctl.
960 */
961struct walkarg {
962 struct sysctl_req *w_req;
963};
964
965static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
966SYSCTL_DECL(_net_inet6_ip6);
967static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
968 CTLFLAG_RD, in6_src_sysctl, "");
969
970static int
971in6_src_sysctl(SYSCTL_HANDLER_ARGS)
972{
973 struct walkarg w;
974
975 if (req->newptr)
976 return EPERM;
977
978 bzero(&w, sizeof(w));
979 w.w_req = req;
980
981 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
982}
983
984int
985in6_src_ioctl(u_long cmd, caddr_t data)
986{
987 int i;
988 struct in6_addrpolicy ent0;
989
990 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
991 return (EOPNOTSUPP); /* check for safety */
992
993 ent0 = *(struct in6_addrpolicy *)data;
994
995 if (ent0.label == ADDR_LABEL_NOTAPP)
996 return (EINVAL);
997 /* check if the prefix mask is consecutive. */
998 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
999 return (EINVAL);
1000 /* clear trailing garbages (if any) of the prefix address. */
1001 for (i = 0; i < 4; i++) {
1002 ent0.addr.sin6_addr.s6_addr32[i] &=
1003 ent0.addrmask.sin6_addr.s6_addr32[i];
1004 }
1005 ent0.use = 0;
1006
1007 switch (cmd) {
1008 case SIOCAADDRCTL_POLICY:
1009 return (add_addrsel_policyent(&ent0));
1010 case SIOCDADDRCTL_POLICY:
1011 return (delete_addrsel_policyent(&ent0));
1012 }
1013
1014 return (0); /* XXX: compromise compilers */
1015}
1016
1017/*
1018 * The followings are implementation of the policy table using a
1019 * simple tail queue.
1020 * XXX such details should be hidden.
1021 * XXX implementation using binary tree should be more efficient.
1022 */
1023struct addrsel_policyent {
1024 TAILQ_ENTRY(addrsel_policyent) ape_entry;
1025 struct in6_addrpolicy ape_policy;
1026};
1027
1028TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1029
1030static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
1031#define V_addrsel_policytab VNET(addrsel_policytab)
1032
1033static void
1034init_policy_queue(void)
1035{
1036
1037 TAILQ_INIT(&V_addrsel_policytab);
1038}
1039
1040static int
1041add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1042{
1043 struct addrsel_policyent *new, *pol;
1044
1045 new = malloc(sizeof(*new), M_IFADDR,
1046 M_WAITOK);
1047 ADDRSEL_XLOCK();
1048 ADDRSEL_LOCK();
1049
1050 /* duplication check */
1051 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1052 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1053 &pol->ape_policy.addr.sin6_addr) &&
1054 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1055 &pol->ape_policy.addrmask.sin6_addr)) {
1056 ADDRSEL_UNLOCK();
1057 ADDRSEL_XUNLOCK();
1058 free(new, M_IFADDR);
1059 return (EEXIST); /* or override it? */
1060 }
1061 }
1062
1063 bzero(new, sizeof(*new));
1064
1065 /* XXX: should validate entry */
1066 new->ape_policy = *newpolicy;
1067
1068 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1069 ADDRSEL_UNLOCK();
1070 ADDRSEL_XUNLOCK();
1071
1072 return (0);
1073}
1074
1075static int
1076delete_addrsel_policyent(struct in6_addrpolicy *key)
1077{
1078 struct addrsel_policyent *pol;
1079
1080 ADDRSEL_XLOCK();
1081 ADDRSEL_LOCK();
1082
1083 /* search for the entry in the table */
1084 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1085 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1086 &pol->ape_policy.addr.sin6_addr) &&
1087 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1088 &pol->ape_policy.addrmask.sin6_addr)) {
1089 break;
1090 }
1091 }
1092 if (pol == NULL) {
1093 ADDRSEL_UNLOCK();
1094 ADDRSEL_XUNLOCK();
1095 return (ESRCH);
1096 }
1097
1098 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1099 ADDRSEL_UNLOCK();
1100 ADDRSEL_XUNLOCK();
1101
1102 return (0);
1103}
1104
1105static int
1106walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *),
1107 void *w)
1108{
1109 struct addrsel_policyent *pol;
1110 int error = 0;
1111
1112 ADDRSEL_SLOCK();
1113 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1114 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1115 ADDRSEL_SUNLOCK();
1116 return (error);
1117 }
1118 }
1119 ADDRSEL_SUNLOCK();
1120 return (error);
1121}
1122
1123static int
1124dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1125{
1126 int error = 0;
1127 struct walkarg *w = arg;
1128
1129 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1130
1131 return (error);
1132}
1133
1134static struct in6_addrpolicy *
1135match_addrsel_policy(struct sockaddr_in6 *key)
1136{
1137 struct addrsel_policyent *pent;
1138 struct in6_addrpolicy *bestpol = NULL, *pol;
1139 int matchlen, bestmatchlen = -1;
1140 u_char *mp, *ep, *k, *p, m;
1141
1142 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1143 matchlen = 0;
1144
1145 pol = &pent->ape_policy;
1146 mp = (u_char *)&pol->addrmask.sin6_addr;
1147 ep = mp + 16; /* XXX: scope field? */
1148 k = (u_char *)&key->sin6_addr;
1149 p = (u_char *)&pol->addr.sin6_addr;
1150 for (; mp < ep && *mp; mp++, k++, p++) {
1151 m = *mp;
1152 if ((*k & m) != *p)
1153 goto next; /* not match */
1154 if (m == 0xff) /* short cut for a typical case */
1155 matchlen += 8;
1156 else {
1157 while (m >= 0x80) {
1158 matchlen++;
1159 m <<= 1;
1160 }
1161 }
1162 }
1163
1164 /* matched. check if this is better than the current best. */
1165 if (bestpol == NULL ||
1166 matchlen > bestmatchlen) {
1167 bestpol = pol;
1168 bestmatchlen = matchlen;
1169 }
1170
1171 next:
1172 continue;
1173 }
1174
1175 return (bestpol);
1176}
|