in6_ifattach.c revision 197703
192108Sphk/*- 292108Sphk * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 392108Sphk * All rights reserved. 492108Sphk * 592108Sphk * Redistribution and use in source and binary forms, with or without 692108Sphk * modification, are permitted provided that the following conditions 792108Sphk * are met: 892108Sphk * 1. Redistributions of source code must retain the above copyright 992108Sphk * notice, this list of conditions and the following disclaimer. 1092108Sphk * 2. Redistributions in binary form must reproduce the above copyright 1192108Sphk * notice, this list of conditions and the following disclaimer in the 1292108Sphk * documentation and/or other materials provided with the distribution. 1392108Sphk * 3. Neither the name of the project nor the names of its contributors 1492108Sphk * may be used to endorse or promote products derived from this software 1592108Sphk * without specific prior written permission. 1692108Sphk * 1792108Sphk * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 1892108Sphk * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1992108Sphk * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2092108Sphk * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2192108Sphk * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2292108Sphk * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2392108Sphk * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2492108Sphk * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2592108Sphk * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2692108Sphk * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2792108Sphk * SUCH DAMAGE. 2892108Sphk * 2992108Sphk * $KAME: in6_ifattach.c,v 1.118 2001/05/24 07:44:00 itojun Exp $ 3092108Sphk */ 3192108Sphk 3292108Sphk#include <sys/cdefs.h> 3392108Sphk__FBSDID("$FreeBSD: head/sys/netinet6/in6_ifattach.c 197703 2009-10-02 07:00:20Z hrs $"); 3492108Sphk 3592108Sphk#include <sys/param.h> 3692108Sphk#include <sys/systm.h> 3792108Sphk#include <sys/malloc.h> 3892108Sphk#include <sys/socket.h> 3992108Sphk#include <sys/sockio.h> 4092108Sphk#include <sys/jail.h> 4192108Sphk#include <sys/kernel.h> 4292108Sphk#include <sys/proc.h> 4392108Sphk#include <sys/syslog.h> 4492108Sphk#include <sys/md5.h> 4592108Sphk 4692108Sphk#include <net/if.h> 4792108Sphk#include <net/if_dl.h> 4892108Sphk#include <net/if_types.h> 49112988Sphk#include <net/route.h> 5092108Sphk#include <net/vnet.h> 5192108Sphk 5292108Sphk#include <netinet/in.h> 5393250Sphk#include <netinet/in_var.h> 5492108Sphk#include <netinet/if_ether.h> 55113938Sphk#include <netinet/in_pcb.h> 56113938Sphk#include <netinet/ip_var.h> 5792108Sphk#include <netinet/udp.h> 58109170Sphk#include <netinet/udp_var.h> 5992108Sphk 60104053Sphk#include <netinet/ip6.h> 61112517Sphk#include <netinet6/ip6_var.h> 6292108Sphk#include <netinet6/in6_var.h> 63113938Sphk#include <netinet6/in6_pcb.h> 64113938Sphk#include <netinet6/in6_ifattach.h> 65113938Sphk#include <netinet6/ip6_var.h> 66113938Sphk#include <netinet6/nd6.h> 67113940Sphk#include <netinet6/mld6_var.h> 68113938Sphk#include <netinet6/scope6_var.h> 69113940Sphk 70113938SphkVNET_DEFINE(unsigned long, in6_maxmtu); 71113938SphkVNET_DEFINE(int, ip6_auto_linklocal); 72113938SphkVNET_DEFINE(struct callout, in6_tmpaddrtimer_ch); 73113940Sphk 74113940Sphk#define V_in6_tmpaddrtimer_ch VNET(in6_tmpaddrtimer_ch) 75114450Sphk 76113940SphkVNET_DECLARE(struct inpcbinfo, ripcbinfo); 7792108Sphk#define V_ripcbinfo VNET(ripcbinfo) 7898066Sphk 7992108Sphkstatic int get_rand_ifid(struct ifnet *, struct in6_addr *); 8092108Sphkstatic int generate_tmp_ifid(u_int8_t *, const u_int8_t *, u_int8_t *); 8192108Sphkstatic int get_ifid(struct ifnet *, struct ifnet *, struct in6_addr *); 8298066Sphkstatic int in6_ifattach_linklocal(struct ifnet *, struct ifnet *); 8392108Sphkstatic int in6_ifattach_loopback(struct ifnet *); 8492108Sphkstatic void in6_purgemaddrs(struct ifnet *); 8592108Sphk 86112517Sphk#define EUI64_GBIT 0x01 87112517Sphk#define EUI64_UBIT 0x02 88112517Sphk#define EUI64_TO_IFID(in6) do {(in6)->s6_addr[8] ^= EUI64_UBIT; } while (0) 89112533Sphk#define EUI64_GROUP(in6) ((in6)->s6_addr[8] & EUI64_GBIT) 90112517Sphk#define EUI64_INDIVIDUAL(in6) (!EUI64_GROUP(in6)) 91112517Sphk#define EUI64_LOCAL(in6) ((in6)->s6_addr[8] & EUI64_UBIT) 92112517Sphk#define EUI64_UNIVERSAL(in6) (!EUI64_LOCAL(in6)) 93112517Sphk 94112517Sphk#define IFID_LOCAL(in6) (!EUI64_LOCAL(in6)) 95112517Sphk#define IFID_UNIVERSAL(in6) (!EUI64_UNIVERSAL(in6)) 96112533Sphk 97112517Sphk/* 98112517Sphk * Generate a last-resort interface identifier, when the machine has no 99112517Sphk * IEEE802/EUI64 address sources. 10092108Sphk * The goal here is to get an interface identifier that is 10192108Sphk * (1) random enough and (2) does not change across reboot. 10292108Sphk * We currently use MD5(hostname) for it. 10392108Sphk * 10492108Sphk * in6 - upper 64bits are preserved 10592108Sphk */ 10692108Sphkstatic int 10792108Sphkget_rand_ifid(struct ifnet *ifp, struct in6_addr *in6) 10892108Sphk{ 109104053Sphk MD5_CTX ctxt; 11092108Sphk struct prison *pr; 111104053Sphk u_int8_t digest[16]; 11292108Sphk int hostnamelen; 11392108Sphk 11492108Sphk pr = curthread->td_ucred->cr_prison; 11592108Sphk mtx_lock(&pr->pr_mtx); 11692108Sphk hostnamelen = strlen(pr->pr_hostname); 11792108Sphk#if 0 11892108Sphk /* we need at least several letters as seed for ifid */ 11992108Sphk if (hostnamelen < 3) { 12092108Sphk mtx_unlock(&pr->pr_mtx); 12193250Sphk return -1; 12292108Sphk } 12392108Sphk#endif 12492108Sphk 12592108Sphk /* generate 8 bytes of pseudo-random value. */ 12692108Sphk bzero(&ctxt, sizeof(ctxt)); 12792108Sphk MD5Init(&ctxt); 12892108Sphk MD5Update(&ctxt, pr->pr_hostname, hostnamelen); 12992108Sphk mtx_unlock(&pr->pr_mtx); 130112029Sphk MD5Final(digest, &ctxt); 13192108Sphk 13292108Sphk /* assumes sizeof(digest) > sizeof(ifid) */ 13392108Sphk bcopy(digest, &in6->s6_addr[8], 8); 13492108Sphk 13593776Sphk /* make sure to set "u" bit to local, and "g" bit to individual. */ 13693776Sphk in6->s6_addr[8] &= ~EUI64_GBIT; /* g bit to "individual" */ 13793776Sphk in6->s6_addr[8] |= EUI64_UBIT; /* u bit to "local" */ 13893776Sphk 13992108Sphk /* convert EUI64 into IPv6 interface identifier */ 14092108Sphk EUI64_TO_IFID(in6); 141112322Sphk 142112070Sphk return 0; 143112070Sphk} 144112070Sphk 145112070Sphkstatic int 146112070Sphkgenerate_tmp_ifid(u_int8_t *seed0, const u_int8_t *seed1, u_int8_t *ret) 147112322Sphk{ 14892108Sphk MD5_CTX ctxt; 14992108Sphk u_int8_t seed[16], digest[16], nullbuf[8]; 15092108Sphk u_int32_t val32; 15193250Sphk 15292108Sphk /* If there's no history, start with a random seed. */ 15392108Sphk bzero(nullbuf, sizeof(nullbuf)); 15492108Sphk if (bcmp(nullbuf, seed0, sizeof(nullbuf)) == 0) { 15592108Sphk int i; 156112517Sphk 15792108Sphk for (i = 0; i < 2; i++) { 15892108Sphk val32 = arc4random(); 159104053Sphk bcopy(&val32, seed + sizeof(val32) * i, sizeof(val32)); 16092108Sphk } 16192108Sphk } else 16292108Sphk bcopy(seed0, seed, 8); 163104053Sphk 16492108Sphk /* copy the right-most 64-bits of the given address */ 16592108Sphk /* XXX assumption on the size of IFID */ 16693250Sphk bcopy(seed1, &seed[8], 8); 16792108Sphk 168104056Sphk if (0) { /* for debugging purposes only */ 16992108Sphk int i; 17092108Sphk 171104056Sphk printf("generate_tmp_ifid: new randomized ID from: "); 17292108Sphk for (i = 0; i < 16; i++) 173112517Sphk printf("%02x", seed[i]); 17492108Sphk printf(" "); 17592108Sphk } 17692108Sphk 177104056Sphk /* generate 16 bytes of pseudo-random value. */ 178113934Sphk bzero(&ctxt, sizeof(ctxt)); 179113934Sphk MD5Init(&ctxt); 180113934Sphk MD5Update(&ctxt, seed, sizeof(seed)); 181113940Sphk MD5Final(digest, &ctxt); 182113940Sphk 183113940Sphk /* 184113940Sphk * RFC 3041 3.2.1. (3) 185114490Sphk * Take the left-most 64-bits of the MD5 digest and set bit 6 (the 186113940Sphk * left-most bit is numbered 0) to zero. 18792108Sphk */ 188106408Sphk bcopy(digest, ret, 8); 18992108Sphk ret[0] &= ~EUI64_UBIT; 19092108Sphk 191112517Sphk /* 19292108Sphk * XXX: we'd like to ensure that the generated value is not zero 19392108Sphk * for simplicity. If the caclculated digest happens to be zero, 19492108Sphk * use a random non-zero value as the last resort. 19592108Sphk */ 19693250Sphk if (bcmp(nullbuf, ret, sizeof(nullbuf)) == 0) { 19792108Sphk nd6log((LOG_INFO, 19892108Sphk "generate_tmp_ifid: computed MD5 value is zero.\n")); 19993250Sphk 20092108Sphk val32 = arc4random(); 20192108Sphk val32 = 1 + (val32 % (0xffffffff - 1)); 20292108Sphk } 20392108Sphk 204112988Sphk /* 205112518Sphk * RFC 3041 3.2.1. (4) 206112518Sphk * Take the rightmost 64-bits of the MD5 digest and save them in 207114447Sphk * stable storage as the history value to be used in the next 208112988Sphk * iteration of the algorithm. 209112518Sphk */ 210112518Sphk bcopy(&digest[8], seed0, 8); 211114447Sphk 212114447Sphk if (0) { /* for debugging purposes only */ 213114447Sphk int i; 214114447Sphk 215114447Sphk printf("to: "); 216114447Sphk for (i = 0; i < 16; i++) 217112988Sphk printf("%02x", digest[i]); 218112518Sphk printf("\n"); 219112988Sphk } 220112988Sphk 221112988Sphk return 0; 222112988Sphk} 223112988Sphk 224113934Sphk/* 225113940Sphk * Get interface identifier for the specified interface. 226113940Sphk * XXX assumes single sockaddr_dl (AF_LINK address) per an interface 227114450Sphk * 228113940Sphk * in6 - upper 64bits are preserved 229113940Sphk */ 230114490Sphkint 231113940Sphkin6_get_hw_ifid(struct ifnet *ifp, struct in6_addr *in6) 232112988Sphk{ 233112988Sphk struct ifaddr *ifa; 234112518Sphk struct sockaddr_dl *sdl; 235112518Sphk u_int8_t *addr; 236112518Sphk size_t addrlen; 237112518Sphk static u_int8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; 238112518Sphk static u_int8_t allone[8] = 239113940Sphk { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 240113940Sphk 241104056Sphk IF_ADDR_LOCK(ifp); 242104056Sphk TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 243112988Sphk if (ifa->ifa_addr->sa_family != AF_LINK) 244112988Sphk continue; 245104056Sphk sdl = (struct sockaddr_dl *)ifa->ifa_addr; 246113940Sphk if (sdl == NULL) 247113937Sphk continue; 248104056Sphk if (sdl->sdl_alen == 0) 249104056Sphk continue; 250113940Sphk 251112988Sphk goto found; 252112988Sphk } 253112988Sphk IF_ADDR_UNLOCK(ifp); 254112988Sphk 255112988Sphk return -1; 256112988Sphk 257112988Sphkfound: 258112988Sphk IF_ADDR_LOCK_ASSERT(ifp); 259112988Sphk addr = LLADDR(sdl); 260104056Sphk addrlen = sdl->sdl_alen; 261104056Sphk 262104056Sphk /* get EUI64 */ 263104056Sphk switch (ifp->if_type) { 264104056Sphk case IFT_ETHER: 265104056Sphk case IFT_FDDI: 266104056Sphk case IFT_ISO88025: 267113940Sphk case IFT_ATM: 268113940Sphk case IFT_IEEE1394: 269104056Sphk#ifdef IFT_IEEE80211 270104056Sphk case IFT_IEEE80211: 271104056Sphk#endif 272113940Sphk /* IEEE802/EUI64 cases - what others? */ 273113940Sphk /* IEEE1394 uses 16byte length address starting with EUI64 */ 274113940Sphk if (addrlen > 8) 275113940Sphk addrlen = 8; 276113940Sphk 277113940Sphk /* look at IEEE802/EUI64 only */ 278113940Sphk if (addrlen != 8 && addrlen != 6) { 279113940Sphk IF_ADDR_UNLOCK(ifp); 280113940Sphk return -1; 281113940Sphk } 282113940Sphk 283113940Sphk /* 284113940Sphk * check for invalid MAC address - on bsdi, we see it a lot 285113940Sphk * since wildboar configures all-zero MAC on pccard before 286113940Sphk * card insertion. 287113940Sphk */ 288113940Sphk if (bcmp(addr, allzero, addrlen) == 0) { 289113940Sphk IF_ADDR_UNLOCK(ifp); 290113940Sphk return -1; 291113940Sphk } 292113940Sphk if (bcmp(addr, allone, addrlen) == 0) { 293113940Sphk IF_ADDR_UNLOCK(ifp); 294113940Sphk return -1; 295113940Sphk } 296113940Sphk 297113940Sphk /* make EUI64 address */ 298113940Sphk if (addrlen == 8) 299113940Sphk bcopy(addr, &in6->s6_addr[8], 8); 300113940Sphk else if (addrlen == 6) { 301113940Sphk in6->s6_addr[8] = addr[0]; 302113940Sphk in6->s6_addr[9] = addr[1]; 303113940Sphk in6->s6_addr[10] = addr[2]; 304113940Sphk in6->s6_addr[11] = 0xff; 305113940Sphk in6->s6_addr[12] = 0xfe; 306113940Sphk in6->s6_addr[13] = addr[3]; 307113940Sphk in6->s6_addr[14] = addr[4]; 308114450Sphk in6->s6_addr[15] = addr[5]; 309114450Sphk } 310114490Sphk break; 311114450Sphk 312113940Sphk case IFT_ARCNET: 313113940Sphk if (addrlen != 1) { 31492108Sphk IF_ADDR_UNLOCK(ifp); 31592108Sphk return -1; 31692108Sphk } 31792108Sphk if (!addr[0]) { 318104053Sphk IF_ADDR_UNLOCK(ifp); 319112517Sphk return -1; 32092108Sphk } 321 322 bzero(&in6->s6_addr[8], 8); 323 in6->s6_addr[15] = addr[0]; 324 325 /* 326 * due to insufficient bitwidth, we mark it local. 327 */ 328 in6->s6_addr[8] &= ~EUI64_GBIT; /* g bit to "individual" */ 329 in6->s6_addr[8] |= EUI64_UBIT; /* u bit to "local" */ 330 break; 331 332 case IFT_GIF: 333#ifdef IFT_STF 334 case IFT_STF: 335#endif 336 /* 337 * RFC2893 says: "SHOULD use IPv4 address as ifid source". 338 * however, IPv4 address is not very suitable as unique 339 * identifier source (can be renumbered). 340 * we don't do this. 341 */ 342 IF_ADDR_UNLOCK(ifp); 343 return -1; 344 345 default: 346 IF_ADDR_UNLOCK(ifp); 347 return -1; 348 } 349 350 /* sanity check: g bit must not indicate "group" */ 351 if (EUI64_GROUP(in6)) { 352 IF_ADDR_UNLOCK(ifp); 353 return -1; 354 } 355 356 /* convert EUI64 into IPv6 interface identifier */ 357 EUI64_TO_IFID(in6); 358 359 /* 360 * sanity check: ifid must not be all zero, avoid conflict with 361 * subnet router anycast 362 */ 363 if ((in6->s6_addr[8] & ~(EUI64_GBIT | EUI64_UBIT)) == 0x00 && 364 bcmp(&in6->s6_addr[9], allzero, 7) == 0) { 365 IF_ADDR_UNLOCK(ifp); 366 return -1; 367 } 368 369 IF_ADDR_UNLOCK(ifp); 370 return 0; 371} 372 373/* 374 * Get interface identifier for the specified interface. If it is not 375 * available on ifp0, borrow interface identifier from other information 376 * sources. 377 * 378 * altifp - secondary EUI64 source 379 */ 380static int 381get_ifid(struct ifnet *ifp0, struct ifnet *altifp, 382 struct in6_addr *in6) 383{ 384 struct ifnet *ifp; 385 386 /* first, try to get it from the interface itself */ 387 if (in6_get_hw_ifid(ifp0, in6) == 0) { 388 nd6log((LOG_DEBUG, "%s: got interface identifier from itself\n", 389 if_name(ifp0))); 390 goto success; 391 } 392 393 /* try secondary EUI64 source. this basically is for ATM PVC */ 394 if (altifp && in6_get_hw_ifid(altifp, in6) == 0) { 395 nd6log((LOG_DEBUG, "%s: got interface identifier from %s\n", 396 if_name(ifp0), if_name(altifp))); 397 goto success; 398 } 399 400 /* next, try to get it from some other hardware interface */ 401 IFNET_RLOCK_NOSLEEP(); 402 for (ifp = V_ifnet.tqh_first; ifp; ifp = ifp->if_list.tqe_next) { 403 if (ifp == ifp0) 404 continue; 405 if (in6_get_hw_ifid(ifp, in6) != 0) 406 continue; 407 408 /* 409 * to borrow ifid from other interface, ifid needs to be 410 * globally unique 411 */ 412 if (IFID_UNIVERSAL(in6)) { 413 nd6log((LOG_DEBUG, 414 "%s: borrow interface identifier from %s\n", 415 if_name(ifp0), if_name(ifp))); 416 IFNET_RUNLOCK_NOSLEEP(); 417 goto success; 418 } 419 } 420 IFNET_RUNLOCK_NOSLEEP(); 421 422 /* last resort: get from random number source */ 423 if (get_rand_ifid(ifp, in6) == 0) { 424 nd6log((LOG_DEBUG, 425 "%s: interface identifier generated by random number\n", 426 if_name(ifp0))); 427 goto success; 428 } 429 430 printf("%s: failed to get interface identifier\n", if_name(ifp0)); 431 return -1; 432 433success: 434 nd6log((LOG_INFO, "%s: ifid: %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n", 435 if_name(ifp0), in6->s6_addr[8], in6->s6_addr[9], in6->s6_addr[10], 436 in6->s6_addr[11], in6->s6_addr[12], in6->s6_addr[13], 437 in6->s6_addr[14], in6->s6_addr[15])); 438 return 0; 439} 440 441/* 442 * altifp - secondary EUI64 source 443 */ 444static int 445in6_ifattach_linklocal(struct ifnet *ifp, struct ifnet *altifp) 446{ 447 struct in6_ifaddr *ia; 448 struct in6_aliasreq ifra; 449 struct nd_prefixctl pr0; 450 int i, error; 451 452 /* 453 * configure link-local address. 454 */ 455 bzero(&ifra, sizeof(ifra)); 456 457 /* 458 * in6_update_ifa() does not use ifra_name, but we accurately set it 459 * for safety. 460 */ 461 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 462 463 ifra.ifra_addr.sin6_family = AF_INET6; 464 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 465 ifra.ifra_addr.sin6_addr.s6_addr32[0] = htonl(0xfe800000); 466 ifra.ifra_addr.sin6_addr.s6_addr32[1] = 0; 467 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 468 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 0; 469 ifra.ifra_addr.sin6_addr.s6_addr32[3] = htonl(1); 470 } else { 471 if (get_ifid(ifp, altifp, &ifra.ifra_addr.sin6_addr) != 0) { 472 nd6log((LOG_ERR, 473 "%s: no ifid available\n", if_name(ifp))); 474 return (-1); 475 } 476 } 477 if (in6_setscope(&ifra.ifra_addr.sin6_addr, ifp, NULL)) 478 return (-1); 479 480 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 481 ifra.ifra_prefixmask.sin6_family = AF_INET6; 482 ifra.ifra_prefixmask.sin6_addr = in6mask64; 483 /* link-local addresses should NEVER expire. */ 484 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 485 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 486 487 /* 488 * Now call in6_update_ifa() to do a bunch of procedures to configure 489 * a link-local address. We can set the 3rd argument to NULL, because 490 * we know there's no other link-local address on the interface 491 * and therefore we are adding one (instead of updating one). 492 */ 493 if ((error = in6_update_ifa(ifp, &ifra, NULL, 494 IN6_IFAUPDATE_DADDELAY)) != 0) { 495 /* 496 * XXX: When the interface does not support IPv6, this call 497 * would fail in the SIOCSIFADDR ioctl. I believe the 498 * notification is rather confusing in this case, so just 499 * suppress it. (jinmei@kame.net 20010130) 500 */ 501 if (error != EAFNOSUPPORT) 502 nd6log((LOG_NOTICE, "in6_ifattach_linklocal: failed to " 503 "configure a link-local address on %s " 504 "(errno=%d)\n", 505 if_name(ifp), error)); 506 return (-1); 507 } 508 509 ia = in6ifa_ifpforlinklocal(ifp, 0); /* ia must not be NULL */ 510#ifdef DIAGNOSTIC 511 if (!ia) { 512 panic("ia == NULL in in6_ifattach_linklocal"); 513 /* NOTREACHED */ 514 } 515#endif 516 ifa_free(&ia->ia_ifa); 517 518 /* 519 * Make the link-local prefix (fe80::%link/64) as on-link. 520 * Since we'd like to manage prefixes separately from addresses, 521 * we make an ND6 prefix structure for the link-local prefix, 522 * and add it to the prefix list as a never-expire prefix. 523 * XXX: this change might affect some existing code base... 524 */ 525 bzero(&pr0, sizeof(pr0)); 526 pr0.ndpr_ifp = ifp; 527 /* this should be 64 at this moment. */ 528 pr0.ndpr_plen = in6_mask2len(&ifra.ifra_prefixmask.sin6_addr, NULL); 529 pr0.ndpr_prefix = ifra.ifra_addr; 530 /* apply the mask for safety. (nd6_prelist_add will apply it again) */ 531 for (i = 0; i < 4; i++) { 532 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 533 in6mask64.s6_addr32[i]; 534 } 535 /* 536 * Initialize parameters. The link-local prefix must always be 537 * on-link, and its lifetimes never expire. 538 */ 539 pr0.ndpr_raf_onlink = 1; 540 pr0.ndpr_raf_auto = 1; /* probably meaningless */ 541 pr0.ndpr_vltime = ND6_INFINITE_LIFETIME; 542 pr0.ndpr_pltime = ND6_INFINITE_LIFETIME; 543 /* 544 * Since there is no other link-local addresses, nd6_prefix_lookup() 545 * probably returns NULL. However, we cannot always expect the result. 546 * For example, if we first remove the (only) existing link-local 547 * address, and then reconfigure another one, the prefix is still 548 * valid with referring to the old link-local address. 549 */ 550 if (nd6_prefix_lookup(&pr0) == NULL) { 551 if ((error = nd6_prelist_add(&pr0, NULL, NULL)) != 0) 552 return (error); 553 } 554 555 return 0; 556} 557 558/* 559 * ifp - must be IFT_LOOP 560 */ 561static int 562in6_ifattach_loopback(struct ifnet *ifp) 563{ 564 struct in6_aliasreq ifra; 565 int error; 566 567 bzero(&ifra, sizeof(ifra)); 568 569 /* 570 * in6_update_ifa() does not use ifra_name, but we accurately set it 571 * for safety. 572 */ 573 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 574 575 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 576 ifra.ifra_prefixmask.sin6_family = AF_INET6; 577 ifra.ifra_prefixmask.sin6_addr = in6mask128; 578 579 /* 580 * Always initialize ia_dstaddr (= broadcast address) to loopback 581 * address. Follows IPv4 practice - see in_ifinit(). 582 */ 583 ifra.ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 584 ifra.ifra_dstaddr.sin6_family = AF_INET6; 585 ifra.ifra_dstaddr.sin6_addr = in6addr_loopback; 586 587 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 588 ifra.ifra_addr.sin6_family = AF_INET6; 589 ifra.ifra_addr.sin6_addr = in6addr_loopback; 590 591 /* the loopback address should NEVER expire. */ 592 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 593 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 594 595 /* we don't need to perform DAD on loopback interfaces. */ 596 ifra.ifra_flags |= IN6_IFF_NODAD; 597 598 /* skip registration to the prefix list. XXX should be temporary. */ 599 ifra.ifra_flags |= IN6_IFF_NOPFX; 600 601 /* 602 * We are sure that this is a newly assigned address, so we can set 603 * NULL to the 3rd arg. 604 */ 605 if ((error = in6_update_ifa(ifp, &ifra, NULL, 0)) != 0) { 606 nd6log((LOG_ERR, "in6_ifattach_loopback: failed to configure " 607 "the loopback address on %s (errno=%d)\n", 608 if_name(ifp), error)); 609 return (-1); 610 } 611 612 return 0; 613} 614 615/* 616 * compute NI group address, based on the current hostname setting. 617 * see draft-ietf-ipngwg-icmp-name-lookup-* (04 and later). 618 * 619 * when ifp == NULL, the caller is responsible for filling scopeid. 620 */ 621int 622in6_nigroup(struct ifnet *ifp, const char *name, int namelen, 623 struct in6_addr *in6) 624{ 625 struct prison *pr; 626 const char *p; 627 u_char *q; 628 MD5_CTX ctxt; 629 u_int8_t digest[16]; 630 char l; 631 char n[64]; /* a single label must not exceed 63 chars */ 632 633 /* 634 * If no name is given and namelen is -1, 635 * we try to do the hostname lookup ourselves. 636 */ 637 if (!name && namelen == -1) { 638 pr = curthread->td_ucred->cr_prison; 639 mtx_lock(&pr->pr_mtx); 640 name = pr->pr_hostname; 641 namelen = strlen(name); 642 } else 643 pr = NULL; 644 if (!name || !namelen) { 645 if (pr != NULL) 646 mtx_unlock(&pr->pr_mtx); 647 return -1; 648 } 649 650 p = name; 651 while (p && *p && *p != '.' && p - name < namelen) 652 p++; 653 if (p == name || p - name > sizeof(n) - 1) { 654 if (pr != NULL) 655 mtx_unlock(&pr->pr_mtx); 656 return -1; /* label too long */ 657 } 658 l = p - name; 659 strncpy(n, name, l); 660 if (pr != NULL) 661 mtx_unlock(&pr->pr_mtx); 662 n[(int)l] = '\0'; 663 for (q = n; *q; q++) { 664 if ('A' <= *q && *q <= 'Z') 665 *q = *q - 'A' + 'a'; 666 } 667 668 /* generate 8 bytes of pseudo-random value. */ 669 bzero(&ctxt, sizeof(ctxt)); 670 MD5Init(&ctxt); 671 MD5Update(&ctxt, &l, sizeof(l)); 672 MD5Update(&ctxt, n, l); 673 MD5Final(digest, &ctxt); 674 675 bzero(in6, sizeof(*in6)); 676 in6->s6_addr16[0] = IPV6_ADDR_INT16_MLL; 677 in6->s6_addr8[11] = 2; 678 bcopy(digest, &in6->s6_addr32[3], sizeof(in6->s6_addr32[3])); 679 if (in6_setscope(in6, ifp, NULL)) 680 return (-1); /* XXX: should not fail */ 681 682 return 0; 683} 684 685/* 686 * XXX multiple loopback interface needs more care. for instance, 687 * nodelocal address needs to be configured onto only one of them. 688 * XXX multiple link-local address case 689 * 690 * altifp - secondary EUI64 source 691 */ 692void 693in6_ifattach(struct ifnet *ifp, struct ifnet *altifp) 694{ 695 struct in6_ifaddr *ia; 696 struct in6_addr in6; 697 698 /* some of the interfaces are inherently not IPv6 capable */ 699 switch (ifp->if_type) { 700 case IFT_PFLOG: 701 case IFT_PFSYNC: 702 case IFT_CARP: 703 return; 704 } 705 706 /* 707 * quirks based on interface type 708 */ 709 switch (ifp->if_type) { 710#ifdef IFT_STF 711 case IFT_STF: 712 /* 713 * 6to4 interface is a very special kind of beast. 714 * no multicast, no linklocal. RFC2529 specifies how to make 715 * linklocals for 6to4 interface, but there's no use and 716 * it is rather harmful to have one. 717 */ 718 goto statinit; 719#endif 720 default: 721 break; 722 } 723 724 /* 725 * usually, we require multicast capability to the interface 726 */ 727 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 728 nd6log((LOG_INFO, "in6_ifattach: " 729 "%s is not multicast capable, IPv6 not enabled\n", 730 if_name(ifp))); 731 return; 732 } 733 734 /* 735 * assign loopback address for loopback interface. 736 * XXX multiple loopback interface case. 737 */ 738 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 739 struct ifaddr *ifa; 740 741 in6 = in6addr_loopback; 742 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &in6); 743 if (ifa == NULL) { 744 if (in6_ifattach_loopback(ifp) != 0) 745 return; 746 } else 747 ifa_free(ifa); 748 } 749 750 /* 751 * assign a link-local address, if there's none. 752 */ 753 if (ifp->if_type != IFT_BRIDGE && 754 ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL) { 755 int error; 756 757 ia = in6ifa_ifpforlinklocal(ifp, 0); 758 if (ia == NULL) { 759 error = in6_ifattach_linklocal(ifp, altifp); 760 if (error) 761 log(LOG_NOTICE, "in6_ifattach_linklocal: " 762 "failed to add a link-local addr to %s\n", 763 if_name(ifp)); 764 } else 765 ifa_free(&ia->ia_ifa); 766 } 767 768#ifdef IFT_STF /* XXX */ 769statinit: 770#endif 771 772 /* update dynamically. */ 773 if (V_in6_maxmtu < ifp->if_mtu) 774 V_in6_maxmtu = ifp->if_mtu; 775} 776 777/* 778 * NOTE: in6_ifdetach() does not support loopback if at this moment. 779 * We don't need this function in bsdi, because interfaces are never removed 780 * from the ifnet list in bsdi. 781 */ 782void 783in6_ifdetach(struct ifnet *ifp) 784{ 785 struct in6_ifaddr *ia; 786 struct ifaddr *ifa, *next; 787 struct radix_node_head *rnh; 788 struct rtentry *rt; 789 short rtflags; 790 struct sockaddr_in6 sin6; 791 struct in6_multi_mship *imm; 792 793 /* remove neighbor management table */ 794 nd6_purge(ifp); 795 796 /* nuke any of IPv6 addresses we have */ 797 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) { 798 if (ifa->ifa_addr->sa_family != AF_INET6) 799 continue; 800 in6_purgeaddr(ifa); 801 } 802 803 /* undo everything done by in6_ifattach(), just in case */ 804 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) { 805 if (ifa->ifa_addr->sa_family != AF_INET6 806 || !IN6_IS_ADDR_LINKLOCAL(&satosin6(&ifa->ifa_addr)->sin6_addr)) { 807 continue; 808 } 809 810 ia = (struct in6_ifaddr *)ifa; 811 812 /* 813 * leave from multicast groups we have joined for the interface 814 */ 815 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 816 LIST_REMOVE(imm, i6mm_chain); 817 in6_leavegroup(imm); 818 } 819 820 /* remove from the routing table */ 821 if ((ia->ia_flags & IFA_ROUTE) && 822 (rt = rtalloc1((struct sockaddr *)&ia->ia_addr, 0, 0UL))) { 823 rtflags = rt->rt_flags; 824 RTFREE_LOCKED(rt); 825 rtrequest(RTM_DELETE, (struct sockaddr *)&ia->ia_addr, 826 (struct sockaddr *)&ia->ia_addr, 827 (struct sockaddr *)&ia->ia_prefixmask, 828 rtflags, (struct rtentry **)0); 829 } 830 831 /* remove from the linked list */ 832 IF_ADDR_LOCK(ifp); 833 TAILQ_REMOVE(&ifp->if_addrhead, ifa, ifa_link); 834 IF_ADDR_UNLOCK(ifp); 835 ifa_free(ifa); /* if_addrhead */ 836 837 IN6_IFADDR_WLOCK(); 838 TAILQ_REMOVE(&V_in6_ifaddrhead, ia, ia_link); 839 IN6_IFADDR_WUNLOCK(); 840 ifa_free(ifa); 841 } 842 843 in6_pcbpurgeif0(&V_udbinfo, ifp); 844 in6_pcbpurgeif0(&V_ripcbinfo, ifp); 845 /* leave from all multicast groups joined */ 846 in6_purgemaddrs(ifp); 847 848 /* 849 * remove neighbor management table. we call it twice just to make 850 * sure we nuke everything. maybe we need just one call. 851 * XXX: since the first call did not release addresses, some prefixes 852 * might remain. We should call nd6_purge() again to release the 853 * prefixes after removing all addresses above. 854 * (Or can we just delay calling nd6_purge until at this point?) 855 */ 856 nd6_purge(ifp); 857 858 /* remove route to link-local allnodes multicast (ff02::1) */ 859 bzero(&sin6, sizeof(sin6)); 860 sin6.sin6_len = sizeof(struct sockaddr_in6); 861 sin6.sin6_family = AF_INET6; 862 sin6.sin6_addr = in6addr_linklocal_allnodes; 863 if (in6_setscope(&sin6.sin6_addr, ifp, NULL)) 864 /* XXX: should not fail */ 865 return; 866 /* XXX grab lock first to avoid LOR */ 867 rnh = rt_tables_get_rnh(0, AF_INET6); 868 if (rnh != NULL) { 869 RADIX_NODE_HEAD_LOCK(rnh); 870 rt = rtalloc1((struct sockaddr *)&sin6, 0, RTF_RNH_LOCKED); 871 if (rt) { 872 if (rt->rt_ifp == ifp) 873 rtexpunge(rt); 874 RTFREE_LOCKED(rt); 875 } 876 RADIX_NODE_HEAD_UNLOCK(rnh); 877 } 878} 879 880int 881in6_get_tmpifid(struct ifnet *ifp, u_int8_t *retbuf, 882 const u_int8_t *baseid, int generate) 883{ 884 u_int8_t nullbuf[8]; 885 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 886 887 bzero(nullbuf, sizeof(nullbuf)); 888 if (bcmp(ndi->randomid, nullbuf, sizeof(nullbuf)) == 0) { 889 /* we've never created a random ID. Create a new one. */ 890 generate = 1; 891 } 892 893 if (generate) { 894 bcopy(baseid, ndi->randomseed1, sizeof(ndi->randomseed1)); 895 896 /* generate_tmp_ifid will update seedn and buf */ 897 (void)generate_tmp_ifid(ndi->randomseed0, ndi->randomseed1, 898 ndi->randomid); 899 } 900 bcopy(ndi->randomid, retbuf, 8); 901 902 return (0); 903} 904 905void 906in6_tmpaddrtimer(void *arg) 907{ 908 CURVNET_SET((struct vnet *) arg); 909 struct nd_ifinfo *ndi; 910 u_int8_t nullbuf[8]; 911 struct ifnet *ifp; 912 913 callout_reset(&V_in6_tmpaddrtimer_ch, 914 (V_ip6_temp_preferred_lifetime - V_ip6_desync_factor - 915 V_ip6_temp_regen_advance) * hz, in6_tmpaddrtimer, curvnet); 916 917 bzero(nullbuf, sizeof(nullbuf)); 918 for (ifp = TAILQ_FIRST(&V_ifnet); ifp; 919 ifp = TAILQ_NEXT(ifp, if_list)) { 920 ndi = ND_IFINFO(ifp); 921 if (bcmp(ndi->randomid, nullbuf, sizeof(nullbuf)) != 0) { 922 /* 923 * We've been generating a random ID on this interface. 924 * Create a new one. 925 */ 926 (void)generate_tmp_ifid(ndi->randomseed0, 927 ndi->randomseed1, ndi->randomid); 928 } 929 } 930 931 CURVNET_RESTORE(); 932} 933 934static void 935in6_purgemaddrs(struct ifnet *ifp) 936{ 937 LIST_HEAD(,in6_multi) purgeinms; 938 struct in6_multi *inm, *tinm; 939 struct ifmultiaddr *ifma; 940 941 LIST_INIT(&purgeinms); 942 IN6_MULTI_LOCK(); 943 944 /* 945 * Extract list of in6_multi associated with the detaching ifp 946 * which the PF_INET6 layer is about to release. 947 * We need to do this as IF_ADDR_LOCK() may be re-acquired 948 * by code further down. 949 */ 950 IF_ADDR_LOCK(ifp); 951 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 952 if (ifma->ifma_addr->sa_family != AF_INET6 || 953 ifma->ifma_protospec == NULL) 954 continue; 955 inm = (struct in6_multi *)ifma->ifma_protospec; 956 LIST_INSERT_HEAD(&purgeinms, inm, in6m_entry); 957 } 958 IF_ADDR_UNLOCK(ifp); 959 960 LIST_FOREACH_SAFE(inm, &purgeinms, in6m_entry, tinm) { 961 LIST_REMOVE(inm, in6m_entry); 962 in6m_release_locked(inm); 963 } 964 mld_ifdetach(ifp); 965 966 IN6_MULTI_UNLOCK(); 967} 968