1/*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ 30 */ 31 32/*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in.c 8.2 (Berkeley) 11/15/93 61 */ 62 63#include <sys/cdefs.h> 64__FBSDID("$FreeBSD$"); 65 66#include "opt_compat.h" 67#include "opt_inet.h" 68#include "opt_inet6.h" 69 70#include <sys/param.h> 71#include <sys/errno.h> 72#include <sys/jail.h> 73#include <sys/malloc.h> 74#include <sys/socket.h> 75#include <sys/socketvar.h> 76#include <sys/sockio.h> 77#include <sys/systm.h> 78#include <sys/priv.h> 79#include <sys/proc.h> 80#include <sys/time.h> 81#include <sys/kernel.h> 82#include <sys/syslog.h> 83 84#include <net/if.h> 85#include <net/if_var.h> 86#include <net/if_types.h> 87#include <net/route.h> 88#include <net/if_dl.h> 89#include <net/vnet.h> 90 91#include <netinet/in.h> 92#include <netinet/in_var.h> 93#include <net/if_llatbl.h> 94#include <netinet/if_ether.h> 95#include <netinet/in_systm.h> 96#include <netinet/ip.h> 97#include <netinet/in_pcb.h> 98 99#include <netinet/ip6.h> 100#include <netinet6/ip6_var.h> 101#include <netinet6/nd6.h> 102#include <netinet6/mld6_var.h> 103#include <netinet6/ip6_mroute.h> 104#include <netinet6/in6_ifattach.h> 105#include <netinet6/scope6_var.h> 106#include <netinet6/in6_pcb.h> 107 108VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix); 109#define V_icmp6_nodeinfo_oldmcprefix VNET(icmp6_nodeinfo_oldmcprefix) 110 111/* 112 * Definitions of some costant IP6 addresses. 113 */ 114const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 115const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 116const struct in6_addr in6addr_nodelocal_allnodes = 117 IN6ADDR_NODELOCAL_ALLNODES_INIT; 118const struct in6_addr in6addr_linklocal_allnodes = 119 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 120const struct in6_addr in6addr_linklocal_allrouters = 121 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 122const struct in6_addr in6addr_linklocal_allv2routers = 123 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT; 124 125const struct in6_addr in6mask0 = IN6MASK0; 126const struct in6_addr in6mask32 = IN6MASK32; 127const struct in6_addr in6mask64 = IN6MASK64; 128const struct in6_addr in6mask96 = IN6MASK96; 129const struct in6_addr in6mask128 = IN6MASK128; 130 131const struct sockaddr_in6 sa6_any = 132 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 }; 133 134static int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t, 135 struct ifnet *, struct thread *); 136static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, 137 struct sockaddr_in6 *, int); 138static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 139 140int (*faithprefix_p)(struct in6_addr *); 141 142#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 143#define ia62ifa(ia6) (&((ia6)->ia_ifa)) 144 145void 146in6_ifaddloop(struct ifaddr *ifa) 147{ 148 struct sockaddr_dl gateway; 149 struct sockaddr_in6 mask, addr; 150 struct rtentry rt; 151 struct in6_ifaddr *ia; 152 struct ifnet *ifp; 153 struct llentry *ln; 154 155 ia = ifa2ia6(ifa); 156 ifp = ifa->ifa_ifp; 157 IF_AFDATA_LOCK(ifp); 158 ifa->ifa_rtrequest = nd6_rtrequest; 159 ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | 160 LLE_EXCLUSIVE), (struct sockaddr *)&ia->ia_addr); 161 IF_AFDATA_UNLOCK(ifp); 162 if (ln != NULL) { 163 ln->la_expire = 0; /* for IPv6 this means permanent */ 164 ln->ln_state = ND6_LLINFO_REACHABLE; 165 /* 166 * initialize for rtmsg generation 167 */ 168 bzero(&gateway, sizeof(gateway)); 169 gateway.sdl_len = sizeof(gateway); 170 gateway.sdl_family = AF_LINK; 171 gateway.sdl_nlen = 0; 172 gateway.sdl_alen = 6; 173 memcpy(gateway.sdl_data, &ln->ll_addr.mac_aligned, 174 sizeof(ln->ll_addr)); 175 LLE_WUNLOCK(ln); 176 } 177 178 bzero(&rt, sizeof(rt)); 179 rt.rt_gateway = (struct sockaddr *)&gateway; 180 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 181 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 182 rt_mask(&rt) = (struct sockaddr *)&mask; 183 rt_key(&rt) = (struct sockaddr *)&addr; 184 rt.rt_flags = RTF_UP | RTF_HOST | RTF_STATIC; 185 /* Announce arrival of local address to all FIBs. */ 186 rt_newaddrmsg(RTM_ADD, ifa, 0, &rt); 187} 188 189void 190in6_ifremloop(struct ifaddr *ifa) 191{ 192 struct sockaddr_dl gateway; 193 struct sockaddr_in6 mask, addr; 194 struct rtentry rt0; 195 struct in6_ifaddr *ia; 196 struct ifnet *ifp; 197 198 ia = ifa2ia6(ifa); 199 ifp = ifa->ifa_ifp; 200 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 201 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 202 lltable_prefix_free(AF_INET6, (struct sockaddr *)&addr, 203 (struct sockaddr *)&mask, LLE_STATIC); 204 205 /* 206 * initialize for rtmsg generation 207 */ 208 bzero(&gateway, sizeof(gateway)); 209 gateway.sdl_len = sizeof(gateway); 210 gateway.sdl_family = AF_LINK; 211 gateway.sdl_nlen = 0; 212 gateway.sdl_alen = ifp->if_addrlen; 213 bzero(&rt0, sizeof(rt0)); 214 rt0.rt_gateway = (struct sockaddr *)&gateway; 215 rt_mask(&rt0) = (struct sockaddr *)&mask; 216 rt_key(&rt0) = (struct sockaddr *)&addr; 217 rt0.rt_flags = RTF_HOST | RTF_STATIC; 218 /* Announce removal of local address to all FIBs. */ 219 rt_newaddrmsg(RTM_DELETE, ifa, 0, &rt0); 220} 221 222int 223in6_mask2len(struct in6_addr *mask, u_char *lim0) 224{ 225 int x = 0, y; 226 u_char *lim = lim0, *p; 227 228 /* ignore the scope_id part */ 229 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 230 lim = (u_char *)mask + sizeof(*mask); 231 for (p = (u_char *)mask; p < lim; x++, p++) { 232 if (*p != 0xff) 233 break; 234 } 235 y = 0; 236 if (p < lim) { 237 for (y = 0; y < 8; y++) { 238 if ((*p & (0x80 >> y)) == 0) 239 break; 240 } 241 } 242 243 /* 244 * when the limit pointer is given, do a stricter check on the 245 * remaining bits. 246 */ 247 if (p < lim) { 248 if (y != 0 && (*p & (0x00ff >> y)) != 0) 249 return (-1); 250 for (p = p + 1; p < lim; p++) 251 if (*p != 0) 252 return (-1); 253 } 254 255 return x * 8 + y; 256} 257 258#ifdef COMPAT_FREEBSD32 259struct in6_ndifreq32 { 260 char ifname[IFNAMSIZ]; 261 uint32_t ifindex; 262}; 263#define SIOCGDEFIFACE32_IN6 _IOWR('i', 86, struct in6_ndifreq32) 264#endif 265 266int 267in6_control(struct socket *so, u_long cmd, caddr_t data, 268 struct ifnet *ifp, struct thread *td) 269{ 270 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 271 struct in6_ifaddr *ia = NULL; 272 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 273 struct sockaddr_in6 *sa6; 274 int error; 275 276 switch (cmd) { 277 case SIOCGETSGCNT_IN6: 278 case SIOCGETMIFCNT_IN6: 279 /* 280 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c. 281 * We cannot see how that would be needed, so do not adjust the 282 * KPI blindly; more likely should clean up the IPv4 variant. 283 */ 284 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP); 285 } 286 287 switch(cmd) { 288 case SIOCAADDRCTL_POLICY: 289 case SIOCDADDRCTL_POLICY: 290 if (td != NULL) { 291 error = priv_check(td, PRIV_NETINET_ADDRCTRL6); 292 if (error) 293 return (error); 294 } 295 return (in6_src_ioctl(cmd, data)); 296 } 297 298 if (ifp == NULL) 299 return (EOPNOTSUPP); 300 301 switch (cmd) { 302 case SIOCSNDFLUSH_IN6: 303 case SIOCSPFXFLUSH_IN6: 304 case SIOCSRTRFLUSH_IN6: 305 case SIOCSDEFIFACE_IN6: 306 case SIOCSIFINFO_FLAGS: 307 case SIOCSIFINFO_IN6: 308 if (td != NULL) { 309 error = priv_check(td, PRIV_NETINET_ND6); 310 if (error) 311 return (error); 312 } 313 /* FALLTHROUGH */ 314 case OSIOCGIFINFO_IN6: 315 case SIOCGIFINFO_IN6: 316 case SIOCGDRLST_IN6: 317 case SIOCGPRLST_IN6: 318 case SIOCGNBRINFO_IN6: 319 case SIOCGDEFIFACE_IN6: 320 return (nd6_ioctl(cmd, data, ifp)); 321 322#ifdef COMPAT_FREEBSD32 323 case SIOCGDEFIFACE32_IN6: 324 { 325 struct in6_ndifreq ndif; 326 struct in6_ndifreq32 *ndif32; 327 328 error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif, 329 ifp); 330 if (error) 331 return (error); 332 ndif32 = (struct in6_ndifreq32 *)data; 333 ndif32->ifindex = ndif.ifindex; 334 return (0); 335 } 336#endif 337 } 338 339 switch (cmd) { 340 case SIOCSIFPREFIX_IN6: 341 case SIOCDIFPREFIX_IN6: 342 case SIOCAIFPREFIX_IN6: 343 case SIOCCIFPREFIX_IN6: 344 case SIOCSGIFPREFIX_IN6: 345 case SIOCGIFPREFIX_IN6: 346 log(LOG_NOTICE, 347 "prefix ioctls are now invalidated. " 348 "please use ifconfig.\n"); 349 return (EOPNOTSUPP); 350 } 351 352 switch (cmd) { 353 case SIOCSSCOPE6: 354 if (td != NULL) { 355 error = priv_check(td, PRIV_NETINET_SCOPE6); 356 if (error) 357 return (error); 358 } 359 return (scope6_set(ifp, 360 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 361 case SIOCGSCOPE6: 362 return (scope6_get(ifp, 363 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 364 case SIOCGSCOPE6DEF: 365 return (scope6_get_default((struct scope6_id *) 366 ifr->ifr_ifru.ifru_scope_id)); 367 } 368 369 switch (cmd) { 370 case SIOCALIFADDR: 371 if (td != NULL) { 372 error = priv_check(td, PRIV_NET_ADDIFADDR); 373 if (error) 374 return (error); 375 } 376 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 377 378 case SIOCDLIFADDR: 379 if (td != NULL) { 380 error = priv_check(td, PRIV_NET_DELIFADDR); 381 if (error) 382 return (error); 383 } 384 /* FALLTHROUGH */ 385 case SIOCGLIFADDR: 386 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 387 } 388 389 /* 390 * Find address for this interface, if it exists. 391 * 392 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 393 * only, and used the first interface address as the target of other 394 * operations (without checking ifra_addr). This was because netinet 395 * code/API assumed at most 1 interface address per interface. 396 * Since IPv6 allows a node to assign multiple addresses 397 * on a single interface, we almost always look and check the 398 * presence of ifra_addr, and reject invalid ones here. 399 * It also decreases duplicated code among SIOC*_IN6 operations. 400 */ 401 switch (cmd) { 402 case SIOCAIFADDR_IN6: 403 case SIOCSIFPHYADDR_IN6: 404 sa6 = &ifra->ifra_addr; 405 break; 406 case SIOCSIFADDR_IN6: 407 case SIOCGIFADDR_IN6: 408 case SIOCSIFDSTADDR_IN6: 409 case SIOCSIFNETMASK_IN6: 410 case SIOCGIFDSTADDR_IN6: 411 case SIOCGIFNETMASK_IN6: 412 case SIOCDIFADDR_IN6: 413 case SIOCGIFPSRCADDR_IN6: 414 case SIOCGIFPDSTADDR_IN6: 415 case SIOCGIFAFLAG_IN6: 416 case SIOCSNDFLUSH_IN6: 417 case SIOCSPFXFLUSH_IN6: 418 case SIOCSRTRFLUSH_IN6: 419 case SIOCGIFALIFETIME_IN6: 420 case SIOCSIFALIFETIME_IN6: 421 case SIOCGIFSTAT_IN6: 422 case SIOCGIFSTAT_ICMP6: 423 sa6 = &ifr->ifr_addr; 424 break; 425 case SIOCSIFADDR: 426 case SIOCSIFBRDADDR: 427 case SIOCSIFDSTADDR: 428 case SIOCSIFNETMASK: 429 /* 430 * Although we should pass any non-INET6 ioctl requests 431 * down to driver, we filter some legacy INET requests. 432 * Drivers trust SIOCSIFADDR et al to come from an already 433 * privileged layer, and do not perform any credentials 434 * checks or input validation. 435 */ 436 return (EINVAL); 437 default: 438 sa6 = NULL; 439 break; 440 } 441 if (sa6 && sa6->sin6_family == AF_INET6) { 442 if (sa6->sin6_scope_id != 0) 443 error = sa6_embedscope(sa6, 0); 444 else 445 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 446 if (error != 0) 447 return (error); 448 if (td != NULL && (error = prison_check_ip6(td->td_ucred, 449 &sa6->sin6_addr)) != 0) 450 return (error); 451 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 452 } else 453 ia = NULL; 454 455 switch (cmd) { 456 case SIOCSIFADDR_IN6: 457 case SIOCSIFDSTADDR_IN6: 458 case SIOCSIFNETMASK_IN6: 459 /* 460 * Since IPv6 allows a node to assign multiple addresses 461 * on a single interface, SIOCSIFxxx ioctls are deprecated. 462 */ 463 /* we decided to obsolete this command (20000704) */ 464 error = EINVAL; 465 goto out; 466 467 case SIOCDIFADDR_IN6: 468 /* 469 * for IPv4, we look for existing in_ifaddr here to allow 470 * "ifconfig if0 delete" to remove the first IPv4 address on 471 * the interface. For IPv6, as the spec allows multiple 472 * interface address from the day one, we consider "remove the 473 * first one" semantics to be not preferable. 474 */ 475 if (ia == NULL) { 476 error = EADDRNOTAVAIL; 477 goto out; 478 } 479 /* FALLTHROUGH */ 480 case SIOCAIFADDR_IN6: 481 /* 482 * We always require users to specify a valid IPv6 address for 483 * the corresponding operation. 484 */ 485 if (ifra->ifra_addr.sin6_family != AF_INET6 || 486 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 487 error = EAFNOSUPPORT; 488 goto out; 489 } 490 491 if (td != NULL) { 492 error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? 493 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); 494 if (error) 495 goto out; 496 } 497 break; 498 499 case SIOCGIFADDR_IN6: 500 /* This interface is basically deprecated. use SIOCGIFCONF. */ 501 /* FALLTHROUGH */ 502 case SIOCGIFAFLAG_IN6: 503 case SIOCGIFNETMASK_IN6: 504 case SIOCGIFDSTADDR_IN6: 505 case SIOCGIFALIFETIME_IN6: 506 /* must think again about its semantics */ 507 if (ia == NULL) { 508 error = EADDRNOTAVAIL; 509 goto out; 510 } 511 break; 512 513 case SIOCSIFALIFETIME_IN6: 514 { 515 struct in6_addrlifetime *lt; 516 517 if (td != NULL) { 518 error = priv_check(td, PRIV_NETINET_ALIFETIME6); 519 if (error) 520 goto out; 521 } 522 if (ia == NULL) { 523 error = EADDRNOTAVAIL; 524 goto out; 525 } 526 /* sanity for overflow - beware unsigned */ 527 lt = &ifr->ifr_ifru.ifru_lifetime; 528 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME && 529 lt->ia6t_vltime + time_second < time_second) { 530 error = EINVAL; 531 goto out; 532 } 533 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME && 534 lt->ia6t_pltime + time_second < time_second) { 535 error = EINVAL; 536 goto out; 537 } 538 break; 539 } 540 } 541 542 switch (cmd) { 543 case SIOCGIFADDR_IN6: 544 ifr->ifr_addr = ia->ia_addr; 545 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 546 goto out; 547 break; 548 549 case SIOCGIFDSTADDR_IN6: 550 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 551 error = EINVAL; 552 goto out; 553 } 554 /* 555 * XXX: should we check if ifa_dstaddr is NULL and return 556 * an error? 557 */ 558 ifr->ifr_dstaddr = ia->ia_dstaddr; 559 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 560 goto out; 561 break; 562 563 case SIOCGIFNETMASK_IN6: 564 ifr->ifr_addr = ia->ia_prefixmask; 565 break; 566 567 case SIOCGIFAFLAG_IN6: 568 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 569 break; 570 571 case SIOCGIFSTAT_IN6: 572 if (ifp == NULL) { 573 error = EINVAL; 574 goto out; 575 } 576 bzero(&ifr->ifr_ifru.ifru_stat, 577 sizeof(ifr->ifr_ifru.ifru_stat)); 578 ifr->ifr_ifru.ifru_stat = 579 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 580 break; 581 582 case SIOCGIFSTAT_ICMP6: 583 if (ifp == NULL) { 584 error = EINVAL; 585 goto out; 586 } 587 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 588 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 589 ifr->ifr_ifru.ifru_icmp6stat = 590 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 591 break; 592 593 case SIOCGIFALIFETIME_IN6: 594 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 595 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 596 time_t maxexpire; 597 struct in6_addrlifetime *retlt = 598 &ifr->ifr_ifru.ifru_lifetime; 599 600 /* 601 * XXX: adjust expiration time assuming time_t is 602 * signed. 603 */ 604 maxexpire = (-1) & 605 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 606 if (ia->ia6_lifetime.ia6t_vltime < 607 maxexpire - ia->ia6_updatetime) { 608 retlt->ia6t_expire = ia->ia6_updatetime + 609 ia->ia6_lifetime.ia6t_vltime; 610 } else 611 retlt->ia6t_expire = maxexpire; 612 } 613 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 614 time_t maxexpire; 615 struct in6_addrlifetime *retlt = 616 &ifr->ifr_ifru.ifru_lifetime; 617 618 /* 619 * XXX: adjust expiration time assuming time_t is 620 * signed. 621 */ 622 maxexpire = (-1) & 623 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 624 if (ia->ia6_lifetime.ia6t_pltime < 625 maxexpire - ia->ia6_updatetime) { 626 retlt->ia6t_preferred = ia->ia6_updatetime + 627 ia->ia6_lifetime.ia6t_pltime; 628 } else 629 retlt->ia6t_preferred = maxexpire; 630 } 631 break; 632 633 case SIOCSIFALIFETIME_IN6: 634 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 635 /* for sanity */ 636 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 637 ia->ia6_lifetime.ia6t_expire = 638 time_second + ia->ia6_lifetime.ia6t_vltime; 639 } else 640 ia->ia6_lifetime.ia6t_expire = 0; 641 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 642 ia->ia6_lifetime.ia6t_preferred = 643 time_second + ia->ia6_lifetime.ia6t_pltime; 644 } else 645 ia->ia6_lifetime.ia6t_preferred = 0; 646 break; 647 648 case SIOCAIFADDR_IN6: 649 { 650 int i; 651 struct nd_prefixctl pr0; 652 struct nd_prefix *pr; 653 654 /* 655 * first, make or update the interface address structure, 656 * and link it to the list. 657 */ 658 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 659 goto out; 660 if (ia != NULL) 661 ifa_free(&ia->ia_ifa); 662 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 663 == NULL) { 664 /* 665 * this can happen when the user specify the 0 valid 666 * lifetime. 667 */ 668 break; 669 } 670 671 /* 672 * then, make the prefix on-link on the interface. 673 * XXX: we'd rather create the prefix before the address, but 674 * we need at least one address to install the corresponding 675 * interface route, so we configure the address first. 676 */ 677 678 /* 679 * convert mask to prefix length (prefixmask has already 680 * been validated in in6_update_ifa(). 681 */ 682 bzero(&pr0, sizeof(pr0)); 683 pr0.ndpr_ifp = ifp; 684 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 685 NULL); 686 if (pr0.ndpr_plen == 128) { 687 break; /* we don't need to install a host route. */ 688 } 689 pr0.ndpr_prefix = ifra->ifra_addr; 690 /* apply the mask for safety. */ 691 for (i = 0; i < 4; i++) { 692 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 693 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 694 } 695 /* 696 * XXX: since we don't have an API to set prefix (not address) 697 * lifetimes, we just use the same lifetimes as addresses. 698 * The (temporarily) installed lifetimes can be overridden by 699 * later advertised RAs (when accept_rtadv is non 0), which is 700 * an intended behavior. 701 */ 702 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 703 pr0.ndpr_raf_auto = 704 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 705 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 706 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 707 708 /* add the prefix if not yet. */ 709 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 710 /* 711 * nd6_prelist_add will install the corresponding 712 * interface route. 713 */ 714 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 715 goto out; 716 if (pr == NULL) { 717 log(LOG_ERR, "nd6_prelist_add succeeded but " 718 "no prefix\n"); 719 error = EINVAL; 720 goto out; 721 } 722 } 723 724 /* relate the address to the prefix */ 725 if (ia->ia6_ndpr == NULL) { 726 ia->ia6_ndpr = pr; 727 pr->ndpr_refcnt++; 728 729 /* 730 * If this is the first autoconf address from the 731 * prefix, create a temporary address as well 732 * (when required). 733 */ 734 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 735 V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 736 int e; 737 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 738 log(LOG_NOTICE, "in6_control: failed " 739 "to create a temporary address, " 740 "errno=%d\n", e); 741 } 742 } 743 } 744 745 /* 746 * this might affect the status of autoconfigured addresses, 747 * that is, this address might make other addresses detached. 748 */ 749 pfxlist_onlink_check(); 750 if (error == 0 && ia) { 751 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 752 /* 753 * Try to clear the flag when a new 754 * IPv6 address is added onto an 755 * IFDISABLED interface and it 756 * succeeds. 757 */ 758 struct in6_ndireq nd; 759 760 memset(&nd, 0, sizeof(nd)); 761 nd.ndi.flags = ND_IFINFO(ifp)->flags; 762 nd.ndi.flags &= ~ND6_IFF_IFDISABLED; 763 if (nd6_ioctl(SIOCSIFINFO_FLAGS, 764 (caddr_t)&nd, ifp) < 0) 765 log(LOG_NOTICE, "SIOCAIFADDR_IN6: " 766 "SIOCSIFINFO_FLAGS for -ifdisabled " 767 "failed."); 768 /* 769 * Ignore failure of clearing the flag 770 * intentionally. The failure means 771 * address duplication was detected. 772 */ 773 } 774 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 775 } 776 break; 777 } 778 779 case SIOCDIFADDR_IN6: 780 { 781 struct nd_prefix *pr; 782 783 /* 784 * If the address being deleted is the only one that owns 785 * the corresponding prefix, expire the prefix as well. 786 * XXX: theoretically, we don't have to worry about such 787 * relationship, since we separate the address management 788 * and the prefix management. We do this, however, to provide 789 * as much backward compatibility as possible in terms of 790 * the ioctl operation. 791 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 792 */ 793 pr = ia->ia6_ndpr; 794 in6_purgeaddr(&ia->ia_ifa); 795 if (pr && pr->ndpr_refcnt == 0) 796 prelist_remove(pr); 797 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 798 break; 799 } 800 801 default: 802 if (ifp == NULL || ifp->if_ioctl == 0) { 803 error = EOPNOTSUPP; 804 goto out; 805 } 806 error = (*ifp->if_ioctl)(ifp, cmd, data); 807 goto out; 808 } 809 810 error = 0; 811out: 812 if (ia != NULL) 813 ifa_free(&ia->ia_ifa); 814 return (error); 815} 816 817 818/* 819 * Join necessary multicast groups. Factored out from in6_update_ifa(). 820 * This entire work should only be done once, for the default FIB. 821 */ 822static int 823in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra, 824 struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol) 825{ 826 char ip6buf[INET6_ADDRSTRLEN]; 827 struct sockaddr_in6 mltaddr, mltmask; 828 struct in6_addr llsol; 829 struct in6_multi_mship *imm; 830 struct rtentry *rt; 831 int delay, error; 832 833 KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__)); 834 835 /* Join solicited multicast addr for new host id. */ 836 bzero(&llsol, sizeof(struct in6_addr)); 837 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 838 llsol.s6_addr32[1] = 0; 839 llsol.s6_addr32[2] = htonl(1); 840 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 841 llsol.s6_addr8[12] = 0xff; 842 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 843 /* XXX: should not happen */ 844 log(LOG_ERR, "%s: in6_setscope failed\n", __func__); 845 goto cleanup; 846 } 847 delay = 0; 848 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 849 /* 850 * We need a random delay for DAD on the address being 851 * configured. It also means delaying transmission of the 852 * corresponding MLD report to avoid report collision. 853 * [RFC 4861, Section 6.3.7] 854 */ 855 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 856 } 857 imm = in6_joingroup(ifp, &llsol, &error, delay); 858 if (imm == NULL) { 859 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 860 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &llsol), 861 if_name(ifp), error)); 862 goto cleanup; 863 } 864 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 865 *in6m_sol = imm->i6mm_maddr; 866 867 bzero(&mltmask, sizeof(mltmask)); 868 mltmask.sin6_len = sizeof(struct sockaddr_in6); 869 mltmask.sin6_family = AF_INET6; 870 mltmask.sin6_addr = in6mask32; 871#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 872 873 /* 874 * Join link-local all-nodes address. 875 */ 876 bzero(&mltaddr, sizeof(mltaddr)); 877 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 878 mltaddr.sin6_family = AF_INET6; 879 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 880 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 881 goto cleanup; /* XXX: should not fail */ 882 883 /* 884 * XXX: do we really need this automatic routes? We should probably 885 * reconsider this stuff. Most applications actually do not need the 886 * routes, since they usually specify the outgoing interface. 887 */ 888 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 889 if (rt != NULL) { 890 /* XXX: only works in !SCOPEDROUTING case. */ 891 if (memcmp(&mltaddr.sin6_addr, 892 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 893 MLTMASK_LEN)) { 894 RTFREE_LOCKED(rt); 895 rt = NULL; 896 } 897 } 898 if (rt == NULL) { 899 error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 900 (struct sockaddr *)&ia->ia_addr, 901 (struct sockaddr *)&mltmask, RTF_UP, 902 (struct rtentry **)0, RT_DEFAULT_FIB); 903 if (error) 904 goto cleanup; 905 } else 906 RTFREE_LOCKED(rt); 907 908 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 909 if (imm == NULL) { 910 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 911 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 912 &mltaddr.sin6_addr), if_name(ifp), error)); 913 goto cleanup; 914 } 915 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 916 917 /* 918 * Join node information group address. 919 */ 920 delay = 0; 921 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 922 /* 923 * The spec does not say anything about delay for this group, 924 * but the same logic should apply. 925 */ 926 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 927 } 928 if (in6_nigroup(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) { 929 /* XXX jinmei */ 930 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, delay); 931 if (imm == NULL) 932 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 933 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 934 &mltaddr.sin6_addr), if_name(ifp), error)); 935 /* XXX not very fatal, go on... */ 936 else 937 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 938 } 939 if (V_icmp6_nodeinfo_oldmcprefix && 940 in6_nigroup_oldmcprefix(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) { 941 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, delay); 942 if (imm == NULL) 943 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 944 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 945 &mltaddr.sin6_addr), if_name(ifp), error)); 946 /* XXX not very fatal, go on... */ 947 else 948 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 949 } 950 951 /* 952 * Join interface-local all-nodes address. 953 * (ff01::1%ifN, and ff01::%ifN/32) 954 */ 955 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 956 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 957 goto cleanup; /* XXX: should not fail */ 958 /* XXX: again, do we really need the route? */ 959 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 960 if (rt != NULL) { 961 if (memcmp(&mltaddr.sin6_addr, 962 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 963 MLTMASK_LEN)) { 964 RTFREE_LOCKED(rt); 965 rt = NULL; 966 } 967 } 968 if (rt == NULL) { 969 error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 970 (struct sockaddr *)&ia->ia_addr, 971 (struct sockaddr *)&mltmask, RTF_UP, 972 (struct rtentry **)0, RT_DEFAULT_FIB); 973 if (error) 974 goto cleanup; 975 } else 976 RTFREE_LOCKED(rt); 977 978 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 979 if (imm == NULL) { 980 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 981 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 982 &mltaddr.sin6_addr), if_name(ifp), error)); 983 goto cleanup; 984 } 985 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 986#undef MLTMASK_LEN 987 988cleanup: 989 return (error); 990} 991 992/* 993 * Update parameters of an IPv6 interface address. 994 * If necessary, a new entry is created and linked into address chains. 995 * This function is separated from in6_control(). 996 * XXX: should this be performed under splnet()? 997 */ 998int 999in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1000 struct in6_ifaddr *ia, int flags) 1001{ 1002 int error = 0, hostIsNew = 0, plen = -1; 1003 struct sockaddr_in6 dst6; 1004 struct in6_addrlifetime *lt; 1005 struct in6_multi *in6m_sol; 1006 int delay; 1007 char ip6buf[INET6_ADDRSTRLEN]; 1008 1009 /* Validate parameters */ 1010 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 1011 return (EINVAL); 1012 1013 /* 1014 * The destination address for a p2p link must have a family 1015 * of AF_UNSPEC or AF_INET6. 1016 */ 1017 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1018 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 1019 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 1020 return (EAFNOSUPPORT); 1021 /* 1022 * validate ifra_prefixmask. don't check sin6_family, netmask 1023 * does not carry fields other than sin6_len. 1024 */ 1025 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 1026 return (EINVAL); 1027 /* 1028 * Because the IPv6 address architecture is classless, we require 1029 * users to specify a (non 0) prefix length (mask) for a new address. 1030 * We also require the prefix (when specified) mask is valid, and thus 1031 * reject a non-consecutive mask. 1032 */ 1033 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 1034 return (EINVAL); 1035 if (ifra->ifra_prefixmask.sin6_len != 0) { 1036 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 1037 (u_char *)&ifra->ifra_prefixmask + 1038 ifra->ifra_prefixmask.sin6_len); 1039 if (plen <= 0) 1040 return (EINVAL); 1041 } else { 1042 /* 1043 * In this case, ia must not be NULL. We just use its prefix 1044 * length. 1045 */ 1046 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1047 } 1048 /* 1049 * If the destination address on a p2p interface is specified, 1050 * and the address is a scoped one, validate/set the scope 1051 * zone identifier. 1052 */ 1053 dst6 = ifra->ifra_dstaddr; 1054 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 1055 (dst6.sin6_family == AF_INET6)) { 1056 struct in6_addr in6_tmp; 1057 u_int32_t zoneid; 1058 1059 in6_tmp = dst6.sin6_addr; 1060 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 1061 return (EINVAL); /* XXX: should be impossible */ 1062 1063 if (dst6.sin6_scope_id != 0) { 1064 if (dst6.sin6_scope_id != zoneid) 1065 return (EINVAL); 1066 } else /* user omit to specify the ID. */ 1067 dst6.sin6_scope_id = zoneid; 1068 1069 /* convert into the internal form */ 1070 if (sa6_embedscope(&dst6, 0)) 1071 return (EINVAL); /* XXX: should be impossible */ 1072 } 1073 /* 1074 * The destination address can be specified only for a p2p or a 1075 * loopback interface. If specified, the corresponding prefix length 1076 * must be 128. 1077 */ 1078 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 1079 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 1080 /* XXX: noisy message */ 1081 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 1082 "be specified for a p2p or a loopback IF only\n")); 1083 return (EINVAL); 1084 } 1085 if (plen != 128) { 1086 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 1087 "be 128 when dstaddr is specified\n")); 1088 return (EINVAL); 1089 } 1090 } 1091 /* lifetime consistency check */ 1092 lt = &ifra->ifra_lifetime; 1093 if (lt->ia6t_pltime > lt->ia6t_vltime) 1094 return (EINVAL); 1095 if (lt->ia6t_vltime == 0) { 1096 /* 1097 * the following log might be noisy, but this is a typical 1098 * configuration mistake or a tool's bug. 1099 */ 1100 nd6log((LOG_INFO, 1101 "in6_update_ifa: valid lifetime is 0 for %s\n", 1102 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr))); 1103 1104 if (ia == NULL) 1105 return (0); /* there's nothing to do */ 1106 } 1107 1108 /* 1109 * If this is a new address, allocate a new ifaddr and link it 1110 * into chains. 1111 */ 1112 if (ia == NULL) { 1113 hostIsNew = 1; 1114 /* 1115 * When in6_update_ifa() is called in a process of a received 1116 * RA, it is called under an interrupt context. So, we should 1117 * call malloc with M_NOWAIT. 1118 */ 1119 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 1120 M_NOWAIT); 1121 if (ia == NULL) 1122 return (ENOBUFS); 1123 bzero((caddr_t)ia, sizeof(*ia)); 1124 ifa_init(&ia->ia_ifa); 1125 LIST_INIT(&ia->ia6_memberships); 1126 /* Initialize the address and masks, and put time stamp */ 1127 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 1128 ia->ia_addr.sin6_family = AF_INET6; 1129 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 1130 ia->ia6_createtime = time_second; 1131 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 1132 /* 1133 * XXX: some functions expect that ifa_dstaddr is not 1134 * NULL for p2p interfaces. 1135 */ 1136 ia->ia_ifa.ifa_dstaddr = 1137 (struct sockaddr *)&ia->ia_dstaddr; 1138 } else { 1139 ia->ia_ifa.ifa_dstaddr = NULL; 1140 } 1141 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 1142 ia->ia_ifp = ifp; 1143 ifa_ref(&ia->ia_ifa); /* if_addrhead */ 1144 IF_ADDR_WLOCK(ifp); 1145 TAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1146 IF_ADDR_WUNLOCK(ifp); 1147 1148 ifa_ref(&ia->ia_ifa); /* in6_ifaddrhead */ 1149 IN6_IFADDR_WLOCK(); 1150 TAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link); 1151 IN6_IFADDR_WUNLOCK(); 1152 } 1153 1154 /* update timestamp */ 1155 ia->ia6_updatetime = time_second; 1156 1157 /* set prefix mask */ 1158 if (ifra->ifra_prefixmask.sin6_len) { 1159 /* 1160 * We prohibit changing the prefix length of an existing 1161 * address, because 1162 * + such an operation should be rare in IPv6, and 1163 * + the operation would confuse prefix management. 1164 */ 1165 if (ia->ia_prefixmask.sin6_len && 1166 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1167 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1168 " existing (%s) address should not be changed\n", 1169 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1170 error = EINVAL; 1171 goto unlink; 1172 } 1173 ia->ia_prefixmask = ifra->ifra_prefixmask; 1174 } 1175 1176 /* 1177 * If a new destination address is specified, scrub the old one and 1178 * install the new destination. Note that the interface must be 1179 * p2p or loopback (see the check above.) 1180 */ 1181 if (dst6.sin6_family == AF_INET6 && 1182 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1183 int e; 1184 1185 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1186 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) { 1187 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1188 "a route to the old destination: %s\n", 1189 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1190 /* proceed anyway... */ 1191 } else 1192 ia->ia_flags &= ~IFA_ROUTE; 1193 ia->ia_dstaddr = dst6; 1194 } 1195 1196 /* 1197 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1198 * to see if the address is deprecated or invalidated, but initialize 1199 * these members for applications. 1200 */ 1201 ia->ia6_lifetime = ifra->ifra_lifetime; 1202 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1203 ia->ia6_lifetime.ia6t_expire = 1204 time_second + ia->ia6_lifetime.ia6t_vltime; 1205 } else 1206 ia->ia6_lifetime.ia6t_expire = 0; 1207 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1208 ia->ia6_lifetime.ia6t_preferred = 1209 time_second + ia->ia6_lifetime.ia6t_pltime; 1210 } else 1211 ia->ia6_lifetime.ia6t_preferred = 0; 1212 1213 /* reset the interface and routing table appropriately. */ 1214 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1215 goto unlink; 1216 1217 /* 1218 * configure address flags. 1219 */ 1220 ia->ia6_flags = ifra->ifra_flags; 1221 /* 1222 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1223 * userland, make it deprecated. 1224 */ 1225 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1226 ia->ia6_lifetime.ia6t_pltime = 0; 1227 ia->ia6_lifetime.ia6t_preferred = time_second; 1228 } 1229 /* 1230 * Make the address tentative before joining multicast addresses, 1231 * so that corresponding MLD responses would not have a tentative 1232 * source address. 1233 */ 1234 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1235 if (hostIsNew && in6if_do_dad(ifp)) 1236 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1237 1238 /* DAD should be performed after ND6_IFF_IFDISABLED is cleared. */ 1239 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 1240 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1241 1242 /* 1243 * We are done if we have simply modified an existing address. 1244 */ 1245 if (!hostIsNew) 1246 return (error); 1247 1248 /* 1249 * Beyond this point, we should call in6_purgeaddr upon an error, 1250 * not just go to unlink. 1251 */ 1252 1253 /* Join necessary multicast groups. */ 1254 in6m_sol = NULL; 1255 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1256 error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol); 1257 if (error) 1258 goto cleanup; 1259 } 1260 1261 /* 1262 * Perform DAD, if needed. 1263 * XXX It may be of use, if we can administratively disable DAD. 1264 */ 1265 if (in6if_do_dad(ifp) && ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1266 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1267 { 1268 int mindelay, maxdelay; 1269 1270 delay = 0; 1271 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1272 /* 1273 * We need to impose a delay before sending an NS 1274 * for DAD. Check if we also needed a delay for the 1275 * corresponding MLD message. If we did, the delay 1276 * should be larger than the MLD delay (this could be 1277 * relaxed a bit, but this simple logic is at least 1278 * safe). 1279 * XXX: Break data hiding guidelines and look at 1280 * state for the solicited multicast group. 1281 */ 1282 mindelay = 0; 1283 if (in6m_sol != NULL && 1284 in6m_sol->in6m_state == MLD_REPORTING_MEMBER) { 1285 mindelay = in6m_sol->in6m_timer; 1286 } 1287 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1288 if (maxdelay - mindelay == 0) 1289 delay = 0; 1290 else { 1291 delay = 1292 (arc4random() % (maxdelay - mindelay)) + 1293 mindelay; 1294 } 1295 } 1296 nd6_dad_start((struct ifaddr *)ia, delay); 1297 } 1298 1299 KASSERT(hostIsNew, ("in6_update_ifa: !hostIsNew")); 1300 ifa_free(&ia->ia_ifa); 1301 return (error); 1302 1303 unlink: 1304 /* 1305 * XXX: if a change of an existing address failed, keep the entry 1306 * anyway. 1307 */ 1308 if (hostIsNew) { 1309 in6_unlink_ifa(ia, ifp); 1310 ifa_free(&ia->ia_ifa); 1311 } 1312 return (error); 1313 1314 cleanup: 1315 KASSERT(hostIsNew, ("in6_update_ifa: cleanup: !hostIsNew")); 1316 ifa_free(&ia->ia_ifa); 1317 in6_purgeaddr(&ia->ia_ifa); 1318 return error; 1319} 1320 1321/* 1322 * Leave multicast groups. Factored out from in6_purgeaddr(). 1323 * This entire work should only be done once, for the default FIB. 1324 */ 1325static int 1326in6_purgeaddr_mc(struct ifnet *ifp, struct in6_ifaddr *ia, struct ifaddr *ifa0) 1327{ 1328 struct sockaddr_in6 mltaddr, mltmask; 1329 struct in6_multi_mship *imm; 1330 struct rtentry *rt; 1331 struct sockaddr_in6 sin6; 1332 int error; 1333 1334 /* 1335 * Leave from multicast groups we have joined for the interface. 1336 */ 1337 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1338 LIST_REMOVE(imm, i6mm_chain); 1339 in6_leavegroup(imm); 1340 } 1341 1342 /* 1343 * Remove the link-local all-nodes address. 1344 */ 1345 bzero(&mltmask, sizeof(mltmask)); 1346 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1347 mltmask.sin6_family = AF_INET6; 1348 mltmask.sin6_addr = in6mask32; 1349 1350 bzero(&mltaddr, sizeof(mltaddr)); 1351 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1352 mltaddr.sin6_family = AF_INET6; 1353 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1354 1355 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1356 return (error); 1357 1358 /* 1359 * As for the mltaddr above, proactively prepare the sin6 to avoid 1360 * rtentry un- and re-locking. 1361 */ 1362 if (ifa0 != NULL) { 1363 bzero(&sin6, sizeof(sin6)); 1364 sin6.sin6_len = sizeof(sin6); 1365 sin6.sin6_family = AF_INET6; 1366 memcpy(&sin6.sin6_addr, &satosin6(ifa0->ifa_addr)->sin6_addr, 1367 sizeof(sin6.sin6_addr)); 1368 error = in6_setscope(&sin6.sin6_addr, ifa0->ifa_ifp, NULL); 1369 if (error != 0) 1370 return (error); 1371 } 1372 1373 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 1374 if (rt != NULL && rt->rt_gateway != NULL && 1375 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1376 &ia->ia_addr.sin6_addr, 1377 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1378 /* 1379 * If no more IPv6 address exists on this interface then 1380 * remove the multicast address route. 1381 */ 1382 if (ifa0 == NULL) { 1383 memcpy(&mltaddr.sin6_addr, 1384 &satosin6(rt_key(rt))->sin6_addr, 1385 sizeof(mltaddr.sin6_addr)); 1386 RTFREE_LOCKED(rt); 1387 error = in6_rtrequest(RTM_DELETE, 1388 (struct sockaddr *)&mltaddr, 1389 (struct sockaddr *)&ia->ia_addr, 1390 (struct sockaddr *)&mltmask, RTF_UP, 1391 (struct rtentry **)0, RT_DEFAULT_FIB); 1392 if (error) 1393 log(LOG_INFO, "%s: link-local all-nodes " 1394 "multicast address deletion error\n", 1395 __func__); 1396 } else { 1397 /* 1398 * Replace the gateway of the route. 1399 */ 1400 memcpy(rt->rt_gateway, &sin6, sizeof(sin6)); 1401 RTFREE_LOCKED(rt); 1402 } 1403 } else { 1404 if (rt != NULL) 1405 RTFREE_LOCKED(rt); 1406 } 1407 1408 /* 1409 * Remove the node-local all-nodes address. 1410 */ 1411 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1412 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1413 return (error); 1414 1415 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 1416 if (rt != NULL && rt->rt_gateway != NULL && 1417 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1418 &ia->ia_addr.sin6_addr, 1419 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1420 /* 1421 * If no more IPv6 address exists on this interface then 1422 * remove the multicast address route. 1423 */ 1424 if (ifa0 == NULL) { 1425 memcpy(&mltaddr.sin6_addr, 1426 &satosin6(rt_key(rt))->sin6_addr, 1427 sizeof(mltaddr.sin6_addr)); 1428 1429 RTFREE_LOCKED(rt); 1430 error = in6_rtrequest(RTM_DELETE, 1431 (struct sockaddr *)&mltaddr, 1432 (struct sockaddr *)&ia->ia_addr, 1433 (struct sockaddr *)&mltmask, RTF_UP, 1434 (struct rtentry **)0, RT_DEFAULT_FIB); 1435 if (error) 1436 log(LOG_INFO, "%s: node-local all-nodes" 1437 "multicast address deletion error\n", 1438 __func__); 1439 } else { 1440 /* 1441 * Replace the gateway of the route. 1442 */ 1443 memcpy(rt->rt_gateway, &sin6, sizeof(sin6)); 1444 RTFREE_LOCKED(rt); 1445 } 1446 } else { 1447 if (rt != NULL) 1448 RTFREE_LOCKED(rt); 1449 } 1450 1451 return (0); 1452} 1453 1454void 1455in6_purgeaddr(struct ifaddr *ifa) 1456{ 1457 struct ifnet *ifp = ifa->ifa_ifp; 1458 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1459 int plen, error; 1460 struct ifaddr *ifa0; 1461 1462 /* 1463 * find another IPv6 address as the gateway for the 1464 * link-local and node-local all-nodes multicast 1465 * address routes 1466 */ 1467 IF_ADDR_RLOCK(ifp); 1468 TAILQ_FOREACH(ifa0, &ifp->if_addrhead, ifa_link) { 1469 if ((ifa0->ifa_addr->sa_family != AF_INET6) || 1470 memcmp(&satosin6(ifa0->ifa_addr)->sin6_addr, 1471 &ia->ia_addr.sin6_addr, sizeof(struct in6_addr)) == 0) 1472 continue; 1473 else 1474 break; 1475 } 1476 if (ifa0 != NULL) 1477 ifa_ref(ifa0); 1478 IF_ADDR_RUNLOCK(ifp); 1479 1480 /* 1481 * Remove the loopback route to the interface address. 1482 * The check for the current setting of "nd6_useloopback" 1483 * is not needed. 1484 */ 1485 if (ia->ia_flags & IFA_RTSELF) { 1486 error = ifa_del_loopback_route((struct ifaddr *)ia, 1487 (struct sockaddr *)&ia->ia_addr); 1488 if (error == 0) 1489 ia->ia_flags &= ~IFA_RTSELF; 1490 } 1491 1492 /* stop DAD processing */ 1493 nd6_dad_stop(ifa); 1494 1495 /* Remove local address entry from lltable. */ 1496 in6_ifremloop(ifa); 1497 1498 /* Leave multicast groups. */ 1499 error = in6_purgeaddr_mc(ifp, ia, ifa0); 1500 1501 if (ifa0 != NULL) 1502 ifa_free(ifa0); 1503 1504 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1505 if ((ia->ia_flags & IFA_ROUTE) && plen == 128) { 1506 error = rtinit(&(ia->ia_ifa), RTM_DELETE, ia->ia_flags | 1507 (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0); 1508 if (error != 0) 1509 log(LOG_INFO, "%s: err=%d, destination address delete " 1510 "failed\n", __func__, error); 1511 ia->ia_flags &= ~IFA_ROUTE; 1512 } 1513 1514 in6_unlink_ifa(ia, ifp); 1515} 1516 1517static void 1518in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1519{ 1520 int s = splnet(); 1521 1522 IF_ADDR_WLOCK(ifp); 1523 TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1524 IF_ADDR_WUNLOCK(ifp); 1525 ifa_free(&ia->ia_ifa); /* if_addrhead */ 1526 1527 /* 1528 * Defer the release of what might be the last reference to the 1529 * in6_ifaddr so that it can't be freed before the remainder of the 1530 * cleanup. 1531 */ 1532 IN6_IFADDR_WLOCK(); 1533 TAILQ_REMOVE(&V_in6_ifaddrhead, ia, ia_link); 1534 IN6_IFADDR_WUNLOCK(); 1535 1536 /* 1537 * Release the reference to the base prefix. There should be a 1538 * positive reference. 1539 */ 1540 if (ia->ia6_ndpr == NULL) { 1541 nd6log((LOG_NOTICE, 1542 "in6_unlink_ifa: autoconf'ed address " 1543 "%p has no prefix\n", ia)); 1544 } else { 1545 ia->ia6_ndpr->ndpr_refcnt--; 1546 ia->ia6_ndpr = NULL; 1547 } 1548 1549 /* 1550 * Also, if the address being removed is autoconf'ed, call 1551 * pfxlist_onlink_check() since the release might affect the status of 1552 * other (detached) addresses. 1553 */ 1554 if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) { 1555 pfxlist_onlink_check(); 1556 } 1557 ifa_free(&ia->ia_ifa); /* in6_ifaddrhead */ 1558 splx(s); 1559} 1560 1561void 1562in6_purgeif(struct ifnet *ifp) 1563{ 1564 struct ifaddr *ifa, *nifa; 1565 1566 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, nifa) { 1567 if (ifa->ifa_addr->sa_family != AF_INET6) 1568 continue; 1569 in6_purgeaddr(ifa); 1570 } 1571 1572 in6_ifdetach(ifp); 1573} 1574 1575/* 1576 * SIOC[GAD]LIFADDR. 1577 * SIOCGLIFADDR: get first address. (?) 1578 * SIOCGLIFADDR with IFLR_PREFIX: 1579 * get first address that matches the specified prefix. 1580 * SIOCALIFADDR: add the specified address. 1581 * SIOCALIFADDR with IFLR_PREFIX: 1582 * add the specified prefix, filling hostid part from 1583 * the first link-local address. prefixlen must be <= 64. 1584 * SIOCDLIFADDR: delete the specified address. 1585 * SIOCDLIFADDR with IFLR_PREFIX: 1586 * delete the first address that matches the specified prefix. 1587 * return values: 1588 * EINVAL on invalid parameters 1589 * EADDRNOTAVAIL on prefix match failed/specified address not found 1590 * other values may be returned from in6_ioctl() 1591 * 1592 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1593 * this is to accomodate address naming scheme other than RFC2374, 1594 * in the future. 1595 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1596 * address encoding scheme. (see figure on page 8) 1597 */ 1598static int 1599in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1600 struct ifnet *ifp, struct thread *td) 1601{ 1602 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1603 struct ifaddr *ifa; 1604 struct sockaddr *sa; 1605 1606 /* sanity checks */ 1607 if (!data || !ifp) { 1608 panic("invalid argument to in6_lifaddr_ioctl"); 1609 /* NOTREACHED */ 1610 } 1611 1612 switch (cmd) { 1613 case SIOCGLIFADDR: 1614 /* address must be specified on GET with IFLR_PREFIX */ 1615 if ((iflr->flags & IFLR_PREFIX) == 0) 1616 break; 1617 /* FALLTHROUGH */ 1618 case SIOCALIFADDR: 1619 case SIOCDLIFADDR: 1620 /* address must be specified on ADD and DELETE */ 1621 sa = (struct sockaddr *)&iflr->addr; 1622 if (sa->sa_family != AF_INET6) 1623 return EINVAL; 1624 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1625 return EINVAL; 1626 /* XXX need improvement */ 1627 sa = (struct sockaddr *)&iflr->dstaddr; 1628 if (sa->sa_family && sa->sa_family != AF_INET6) 1629 return EINVAL; 1630 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1631 return EINVAL; 1632 break; 1633 default: /* shouldn't happen */ 1634#if 0 1635 panic("invalid cmd to in6_lifaddr_ioctl"); 1636 /* NOTREACHED */ 1637#else 1638 return EOPNOTSUPP; 1639#endif 1640 } 1641 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1642 return EINVAL; 1643 1644 switch (cmd) { 1645 case SIOCALIFADDR: 1646 { 1647 struct in6_aliasreq ifra; 1648 struct in6_addr *hostid = NULL; 1649 int prefixlen; 1650 1651 ifa = NULL; 1652 if ((iflr->flags & IFLR_PREFIX) != 0) { 1653 struct sockaddr_in6 *sin6; 1654 1655 /* 1656 * hostid is to fill in the hostid part of the 1657 * address. hostid points to the first link-local 1658 * address attached to the interface. 1659 */ 1660 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1661 if (!ifa) 1662 return EADDRNOTAVAIL; 1663 hostid = IFA_IN6(ifa); 1664 1665 /* prefixlen must be <= 64. */ 1666 if (64 < iflr->prefixlen) { 1667 if (ifa != NULL) 1668 ifa_free(ifa); 1669 return EINVAL; 1670 } 1671 prefixlen = iflr->prefixlen; 1672 1673 /* hostid part must be zero. */ 1674 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1675 if (sin6->sin6_addr.s6_addr32[2] != 0 || 1676 sin6->sin6_addr.s6_addr32[3] != 0) { 1677 if (ifa != NULL) 1678 ifa_free(ifa); 1679 return EINVAL; 1680 } 1681 } else 1682 prefixlen = iflr->prefixlen; 1683 1684 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1685 bzero(&ifra, sizeof(ifra)); 1686 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1687 1688 bcopy(&iflr->addr, &ifra.ifra_addr, 1689 ((struct sockaddr *)&iflr->addr)->sa_len); 1690 if (hostid) { 1691 /* fill in hostid part */ 1692 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1693 hostid->s6_addr32[2]; 1694 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1695 hostid->s6_addr32[3]; 1696 } 1697 1698 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1699 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1700 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1701 if (hostid) { 1702 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1703 hostid->s6_addr32[2]; 1704 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1705 hostid->s6_addr32[3]; 1706 } 1707 } 1708 if (ifa != NULL) 1709 ifa_free(ifa); 1710 1711 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1712 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1713 1714 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1715 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td); 1716 } 1717 case SIOCGLIFADDR: 1718 case SIOCDLIFADDR: 1719 { 1720 struct in6_ifaddr *ia; 1721 struct in6_addr mask, candidate, match; 1722 struct sockaddr_in6 *sin6; 1723 int cmp; 1724 1725 bzero(&mask, sizeof(mask)); 1726 if (iflr->flags & IFLR_PREFIX) { 1727 /* lookup a prefix rather than address. */ 1728 in6_prefixlen2mask(&mask, iflr->prefixlen); 1729 1730 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1731 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1732 match.s6_addr32[0] &= mask.s6_addr32[0]; 1733 match.s6_addr32[1] &= mask.s6_addr32[1]; 1734 match.s6_addr32[2] &= mask.s6_addr32[2]; 1735 match.s6_addr32[3] &= mask.s6_addr32[3]; 1736 1737 /* if you set extra bits, that's wrong */ 1738 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1739 return EINVAL; 1740 1741 cmp = 1; 1742 } else { 1743 if (cmd == SIOCGLIFADDR) { 1744 /* on getting an address, take the 1st match */ 1745 cmp = 0; /* XXX */ 1746 } else { 1747 /* on deleting an address, do exact match */ 1748 in6_prefixlen2mask(&mask, 128); 1749 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1750 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1751 1752 cmp = 1; 1753 } 1754 } 1755 1756 IF_ADDR_RLOCK(ifp); 1757 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1758 if (ifa->ifa_addr->sa_family != AF_INET6) 1759 continue; 1760 if (!cmp) 1761 break; 1762 1763 /* 1764 * XXX: this is adhoc, but is necessary to allow 1765 * a user to specify fe80::/64 (not /10) for a 1766 * link-local address. 1767 */ 1768 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1769 in6_clearscope(&candidate); 1770 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1771 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1772 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1773 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1774 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1775 break; 1776 } 1777 if (ifa != NULL) 1778 ifa_ref(ifa); 1779 IF_ADDR_RUNLOCK(ifp); 1780 if (!ifa) 1781 return EADDRNOTAVAIL; 1782 ia = ifa2ia6(ifa); 1783 1784 if (cmd == SIOCGLIFADDR) { 1785 int error; 1786 1787 /* fill in the if_laddrreq structure */ 1788 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1789 error = sa6_recoverscope( 1790 (struct sockaddr_in6 *)&iflr->addr); 1791 if (error != 0) { 1792 ifa_free(ifa); 1793 return (error); 1794 } 1795 1796 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1797 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1798 ia->ia_dstaddr.sin6_len); 1799 error = sa6_recoverscope( 1800 (struct sockaddr_in6 *)&iflr->dstaddr); 1801 if (error != 0) { 1802 ifa_free(ifa); 1803 return (error); 1804 } 1805 } else 1806 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1807 1808 iflr->prefixlen = 1809 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1810 1811 iflr->flags = ia->ia6_flags; /* XXX */ 1812 ifa_free(ifa); 1813 1814 return 0; 1815 } else { 1816 struct in6_aliasreq ifra; 1817 1818 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1819 bzero(&ifra, sizeof(ifra)); 1820 bcopy(iflr->iflr_name, ifra.ifra_name, 1821 sizeof(ifra.ifra_name)); 1822 1823 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1824 ia->ia_addr.sin6_len); 1825 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1826 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1827 ia->ia_dstaddr.sin6_len); 1828 } else { 1829 bzero(&ifra.ifra_dstaddr, 1830 sizeof(ifra.ifra_dstaddr)); 1831 } 1832 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1833 ia->ia_prefixmask.sin6_len); 1834 1835 ifra.ifra_flags = ia->ia6_flags; 1836 ifa_free(ifa); 1837 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1838 ifp, td); 1839 } 1840 } 1841 } 1842 1843 return EOPNOTSUPP; /* just for safety */ 1844} 1845 1846/* 1847 * Initialize an interface's IPv6 address and routing table entry. 1848 */ 1849static int 1850in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1851 struct sockaddr_in6 *sin6, int newhost) 1852{ 1853 int error = 0, plen, ifacount = 0; 1854 int s = splimp(); 1855 struct ifaddr *ifa; 1856 1857 /* 1858 * Give the interface a chance to initialize 1859 * if this is its first address, 1860 * and to validate the address if necessary. 1861 */ 1862 IF_ADDR_RLOCK(ifp); 1863 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1864 if (ifa->ifa_addr->sa_family != AF_INET6) 1865 continue; 1866 ifacount++; 1867 } 1868 IF_ADDR_RUNLOCK(ifp); 1869 1870 ia->ia_addr = *sin6; 1871 1872 if (ifacount <= 1 && ifp->if_ioctl) { 1873 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia); 1874 if (error) { 1875 splx(s); 1876 return (error); 1877 } 1878 } 1879 splx(s); 1880 1881 ia->ia_ifa.ifa_metric = ifp->if_metric; 1882 1883 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1884 1885 /* 1886 * Special case: 1887 * If a new destination address is specified for a point-to-point 1888 * interface, install a route to the destination as an interface 1889 * direct route. 1890 * XXX: the logic below rejects assigning multiple addresses on a p2p 1891 * interface that share the same destination. 1892 */ 1893 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1894 if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 && 1895 ia->ia_dstaddr.sin6_family == AF_INET6) { 1896 int rtflags = RTF_UP | RTF_HOST; 1897 error = rtinit(&ia->ia_ifa, RTM_ADD, ia->ia_flags | rtflags); 1898 if (error) 1899 return (error); 1900 ia->ia_flags |= IFA_ROUTE; 1901 /* 1902 * Handle the case for ::1 . 1903 */ 1904 if (ifp->if_flags & IFF_LOOPBACK) 1905 ia->ia_flags |= IFA_RTSELF; 1906 } 1907 1908 /* 1909 * add a loopback route to self 1910 */ 1911 if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) { 1912 error = ifa_add_loopback_route((struct ifaddr *)ia, 1913 (struct sockaddr *)&ia->ia_addr); 1914 if (error == 0) 1915 ia->ia_flags |= IFA_RTSELF; 1916 } 1917 1918 /* Add local address to lltable, if necessary (ex. on p2p link). */ 1919 if (newhost) 1920 in6_ifaddloop(&(ia->ia_ifa)); 1921 1922 return (error); 1923} 1924 1925/* 1926 * Find an IPv6 interface link-local address specific to an interface. 1927 * ifaddr is returned referenced. 1928 */ 1929struct in6_ifaddr * 1930in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1931{ 1932 struct ifaddr *ifa; 1933 1934 IF_ADDR_RLOCK(ifp); 1935 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1936 if (ifa->ifa_addr->sa_family != AF_INET6) 1937 continue; 1938 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1939 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1940 ignoreflags) != 0) 1941 continue; 1942 ifa_ref(ifa); 1943 break; 1944 } 1945 } 1946 IF_ADDR_RUNLOCK(ifp); 1947 1948 return ((struct in6_ifaddr *)ifa); 1949} 1950 1951 1952/* 1953 * find the internet address corresponding to a given interface and address. 1954 * ifaddr is returned referenced. 1955 */ 1956struct in6_ifaddr * 1957in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1958{ 1959 struct ifaddr *ifa; 1960 1961 IF_ADDR_RLOCK(ifp); 1962 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1963 if (ifa->ifa_addr->sa_family != AF_INET6) 1964 continue; 1965 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) { 1966 ifa_ref(ifa); 1967 break; 1968 } 1969 } 1970 IF_ADDR_RUNLOCK(ifp); 1971 1972 return ((struct in6_ifaddr *)ifa); 1973} 1974 1975/* 1976 * Find a link-local scoped address on ifp and return it if any. 1977 */ 1978struct in6_ifaddr * 1979in6ifa_llaonifp(struct ifnet *ifp) 1980{ 1981 struct sockaddr_in6 *sin6; 1982 struct ifaddr *ifa; 1983 1984 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 1985 return (NULL); 1986 if_addr_rlock(ifp); 1987 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1988 if (ifa->ifa_addr->sa_family != AF_INET6) 1989 continue; 1990 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1991 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) || 1992 IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr) || 1993 IN6_IS_ADDR_MC_NODELOCAL(&sin6->sin6_addr)) 1994 break; 1995 } 1996 if_addr_runlock(ifp); 1997 1998 return ((struct in6_ifaddr *)ifa); 1999} 2000 2001/* 2002 * Convert IP6 address to printable (loggable) representation. Caller 2003 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long. 2004 */ 2005static char digits[] = "0123456789abcdef"; 2006char * 2007ip6_sprintf(char *ip6buf, const struct in6_addr *addr) 2008{ 2009 int i, cnt = 0, maxcnt = 0, idx = 0, index = 0; 2010 char *cp; 2011 const u_int16_t *a = (const u_int16_t *)addr; 2012 const u_int8_t *d; 2013 int dcolon = 0, zero = 0; 2014 2015 cp = ip6buf; 2016 2017 for (i = 0; i < 8; i++) { 2018 if (*(a + i) == 0) { 2019 cnt++; 2020 if (cnt == 1) 2021 idx = i; 2022 } 2023 else if (maxcnt < cnt) { 2024 maxcnt = cnt; 2025 index = idx; 2026 cnt = 0; 2027 } 2028 } 2029 if (maxcnt < cnt) { 2030 maxcnt = cnt; 2031 index = idx; 2032 } 2033 2034 for (i = 0; i < 8; i++) { 2035 if (dcolon == 1) { 2036 if (*a == 0) { 2037 if (i == 7) 2038 *cp++ = ':'; 2039 a++; 2040 continue; 2041 } else 2042 dcolon = 2; 2043 } 2044 if (*a == 0) { 2045 if (dcolon == 0 && *(a + 1) == 0 && i == index) { 2046 if (i == 0) 2047 *cp++ = ':'; 2048 *cp++ = ':'; 2049 dcolon = 1; 2050 } else { 2051 *cp++ = '0'; 2052 *cp++ = ':'; 2053 } 2054 a++; 2055 continue; 2056 } 2057 d = (const u_char *)a; 2058 /* Try to eliminate leading zeros in printout like in :0001. */ 2059 zero = 1; 2060 *cp = digits[*d >> 4]; 2061 if (*cp != '0') { 2062 zero = 0; 2063 cp++; 2064 } 2065 *cp = digits[*d++ & 0xf]; 2066 if (zero == 0 || (*cp != '0')) { 2067 zero = 0; 2068 cp++; 2069 } 2070 *cp = digits[*d >> 4]; 2071 if (zero == 0 || (*cp != '0')) { 2072 zero = 0; 2073 cp++; 2074 } 2075 *cp++ = digits[*d & 0xf]; 2076 *cp++ = ':'; 2077 a++; 2078 } 2079 *--cp = '\0'; 2080 return (ip6buf); 2081} 2082 2083int 2084in6_localaddr(struct in6_addr *in6) 2085{ 2086 struct in6_ifaddr *ia; 2087 2088 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 2089 return 1; 2090 2091 IN6_IFADDR_RLOCK(); 2092 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2093 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 2094 &ia->ia_prefixmask.sin6_addr)) { 2095 IN6_IFADDR_RUNLOCK(); 2096 return 1; 2097 } 2098 } 2099 IN6_IFADDR_RUNLOCK(); 2100 2101 return (0); 2102} 2103 2104/* 2105 * Return 1 if an internet address is for the local host and configured 2106 * on one of its interfaces. 2107 */ 2108int 2109in6_localip(struct in6_addr *in6) 2110{ 2111 struct in6_ifaddr *ia; 2112 2113 IN6_IFADDR_RLOCK(); 2114 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2115 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) { 2116 IN6_IFADDR_RUNLOCK(); 2117 return (1); 2118 } 2119 } 2120 IN6_IFADDR_RUNLOCK(); 2121 return (0); 2122} 2123 2124 2125int 2126in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 2127{ 2128 struct in6_ifaddr *ia; 2129 2130 IN6_IFADDR_RLOCK(); 2131 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2132 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 2133 &sa6->sin6_addr) && 2134 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) { 2135 IN6_IFADDR_RUNLOCK(); 2136 return (1); /* true */ 2137 } 2138 2139 /* XXX: do we still have to go thru the rest of the list? */ 2140 } 2141 IN6_IFADDR_RUNLOCK(); 2142 2143 return (0); /* false */ 2144} 2145 2146/* 2147 * return length of part which dst and src are equal 2148 * hard coding... 2149 */ 2150int 2151in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 2152{ 2153 int match = 0; 2154 u_char *s = (u_char *)src, *d = (u_char *)dst; 2155 u_char *lim = s + 16, r; 2156 2157 while (s < lim) 2158 if ((r = (*d++ ^ *s++)) != 0) { 2159 while (r < 128) { 2160 match++; 2161 r <<= 1; 2162 } 2163 break; 2164 } else 2165 match += 8; 2166 return match; 2167} 2168 2169/* XXX: to be scope conscious */ 2170int 2171in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 2172{ 2173 int bytelen, bitlen; 2174 2175 /* sanity check */ 2176 if (0 > len || len > 128) { 2177 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2178 len); 2179 return (0); 2180 } 2181 2182 bytelen = len / 8; 2183 bitlen = len % 8; 2184 2185 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2186 return (0); 2187 if (bitlen != 0 && 2188 p1->s6_addr[bytelen] >> (8 - bitlen) != 2189 p2->s6_addr[bytelen] >> (8 - bitlen)) 2190 return (0); 2191 2192 return (1); 2193} 2194 2195void 2196in6_prefixlen2mask(struct in6_addr *maskp, int len) 2197{ 2198 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2199 int bytelen, bitlen, i; 2200 2201 /* sanity check */ 2202 if (0 > len || len > 128) { 2203 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2204 len); 2205 return; 2206 } 2207 2208 bzero(maskp, sizeof(*maskp)); 2209 bytelen = len / 8; 2210 bitlen = len % 8; 2211 for (i = 0; i < bytelen; i++) 2212 maskp->s6_addr[i] = 0xff; 2213 if (bitlen) 2214 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2215} 2216 2217/* 2218 * return the best address out of the same scope. if no address was 2219 * found, return the first valid address from designated IF. 2220 */ 2221struct in6_ifaddr * 2222in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2223{ 2224 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2225 struct ifaddr *ifa; 2226 struct in6_ifaddr *besta = 0; 2227 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2228 2229 dep[0] = dep[1] = NULL; 2230 2231 /* 2232 * We first look for addresses in the same scope. 2233 * If there is one, return it. 2234 * If two or more, return one which matches the dst longest. 2235 * If none, return one of global addresses assigned other ifs. 2236 */ 2237 IF_ADDR_RLOCK(ifp); 2238 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2239 if (ifa->ifa_addr->sa_family != AF_INET6) 2240 continue; 2241 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2242 continue; /* XXX: is there any case to allow anycast? */ 2243 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2244 continue; /* don't use this interface */ 2245 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2246 continue; 2247 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2248 if (V_ip6_use_deprecated) 2249 dep[0] = (struct in6_ifaddr *)ifa; 2250 continue; 2251 } 2252 2253 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2254 /* 2255 * call in6_matchlen() as few as possible 2256 */ 2257 if (besta) { 2258 if (blen == -1) 2259 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2260 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2261 if (tlen > blen) { 2262 blen = tlen; 2263 besta = (struct in6_ifaddr *)ifa; 2264 } 2265 } else 2266 besta = (struct in6_ifaddr *)ifa; 2267 } 2268 } 2269 if (besta) { 2270 ifa_ref(&besta->ia_ifa); 2271 IF_ADDR_RUNLOCK(ifp); 2272 return (besta); 2273 } 2274 2275 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2276 if (ifa->ifa_addr->sa_family != AF_INET6) 2277 continue; 2278 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2279 continue; /* XXX: is there any case to allow anycast? */ 2280 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2281 continue; /* don't use this interface */ 2282 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2283 continue; 2284 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2285 if (V_ip6_use_deprecated) 2286 dep[1] = (struct in6_ifaddr *)ifa; 2287 continue; 2288 } 2289 2290 if (ifa != NULL) 2291 ifa_ref(ifa); 2292 IF_ADDR_RUNLOCK(ifp); 2293 return (struct in6_ifaddr *)ifa; 2294 } 2295 2296 /* use the last-resort values, that are, deprecated addresses */ 2297 if (dep[0]) { 2298 ifa_ref((struct ifaddr *)dep[0]); 2299 IF_ADDR_RUNLOCK(ifp); 2300 return dep[0]; 2301 } 2302 if (dep[1]) { 2303 ifa_ref((struct ifaddr *)dep[1]); 2304 IF_ADDR_RUNLOCK(ifp); 2305 return dep[1]; 2306 } 2307 2308 IF_ADDR_RUNLOCK(ifp); 2309 return NULL; 2310} 2311 2312/* 2313 * perform DAD when interface becomes IFF_UP. 2314 */ 2315void 2316in6_if_up(struct ifnet *ifp) 2317{ 2318 struct ifaddr *ifa; 2319 struct in6_ifaddr *ia; 2320 2321 IF_ADDR_RLOCK(ifp); 2322 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2323 if (ifa->ifa_addr->sa_family != AF_INET6) 2324 continue; 2325 ia = (struct in6_ifaddr *)ifa; 2326 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2327 /* 2328 * The TENTATIVE flag was likely set by hand 2329 * beforehand, implicitly indicating the need for DAD. 2330 * We may be able to skip the random delay in this 2331 * case, but we impose delays just in case. 2332 */ 2333 nd6_dad_start(ifa, 2334 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2335 } 2336 } 2337 IF_ADDR_RUNLOCK(ifp); 2338 2339 /* 2340 * special cases, like 6to4, are handled in in6_ifattach 2341 */ 2342 in6_ifattach(ifp, NULL); 2343} 2344 2345int 2346in6if_do_dad(struct ifnet *ifp) 2347{ 2348 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2349 return (0); 2350 2351 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 2352 return (0); 2353 2354 switch (ifp->if_type) { 2355#ifdef IFT_DUMMY 2356 case IFT_DUMMY: 2357#endif 2358 case IFT_FAITH: 2359 /* 2360 * These interfaces do not have the IFF_LOOPBACK flag, 2361 * but loop packets back. We do not have to do DAD on such 2362 * interfaces. We should even omit it, because loop-backed 2363 * NS would confuse the DAD procedure. 2364 */ 2365 return (0); 2366 default: 2367 /* 2368 * Our DAD routine requires the interface up and running. 2369 * However, some interfaces can be up before the RUNNING 2370 * status. Additionaly, users may try to assign addresses 2371 * before the interface becomes up (or running). 2372 * We simply skip DAD in such a case as a work around. 2373 * XXX: we should rather mark "tentative" on such addresses, 2374 * and do DAD after the interface becomes ready. 2375 */ 2376 if (!((ifp->if_flags & IFF_UP) && 2377 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 2378 return (0); 2379 2380 return (1); 2381 } 2382} 2383 2384/* 2385 * Calculate max IPv6 MTU through all the interfaces and store it 2386 * to in6_maxmtu. 2387 */ 2388void 2389in6_setmaxmtu(void) 2390{ 2391 unsigned long maxmtu = 0; 2392 struct ifnet *ifp; 2393 2394 IFNET_RLOCK_NOSLEEP(); 2395 TAILQ_FOREACH(ifp, &V_ifnet, if_list) { 2396 /* this function can be called during ifnet initialization */ 2397 if (!ifp->if_afdata[AF_INET6]) 2398 continue; 2399 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2400 IN6_LINKMTU(ifp) > maxmtu) 2401 maxmtu = IN6_LINKMTU(ifp); 2402 } 2403 IFNET_RUNLOCK_NOSLEEP(); 2404 if (maxmtu) /* update only when maxmtu is positive */ 2405 V_in6_maxmtu = maxmtu; 2406} 2407 2408/* 2409 * Provide the length of interface identifiers to be used for the link attached 2410 * to the given interface. The length should be defined in "IPv6 over 2411 * xxx-link" document. Note that address architecture might also define 2412 * the length for a particular set of address prefixes, regardless of the 2413 * link type. As clarified in rfc2462bis, those two definitions should be 2414 * consistent, and those really are as of August 2004. 2415 */ 2416int 2417in6_if2idlen(struct ifnet *ifp) 2418{ 2419 switch (ifp->if_type) { 2420 case IFT_ETHER: /* RFC2464 */ 2421#ifdef IFT_PROPVIRTUAL 2422 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2423#endif 2424#ifdef IFT_L2VLAN 2425 case IFT_L2VLAN: /* ditto */ 2426#endif 2427#ifdef IFT_IEEE80211 2428 case IFT_IEEE80211: /* ditto */ 2429#endif 2430#ifdef IFT_MIP 2431 case IFT_MIP: /* ditto */ 2432#endif 2433 case IFT_INFINIBAND: 2434 return (64); 2435 case IFT_FDDI: /* RFC2467 */ 2436 return (64); 2437 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2438 return (64); 2439 case IFT_PPP: /* RFC2472 */ 2440 return (64); 2441 case IFT_ARCNET: /* RFC2497 */ 2442 return (64); 2443 case IFT_FRELAY: /* RFC2590 */ 2444 return (64); 2445 case IFT_IEEE1394: /* RFC3146 */ 2446 return (64); 2447 case IFT_GIF: 2448 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 2449 case IFT_LOOP: 2450 return (64); /* XXX: is this really correct? */ 2451 default: 2452 /* 2453 * Unknown link type: 2454 * It might be controversial to use the today's common constant 2455 * of 64 for these cases unconditionally. For full compliance, 2456 * we should return an error in this case. On the other hand, 2457 * if we simply miss the standard for the link type or a new 2458 * standard is defined for a new link type, the IFID length 2459 * is very likely to be the common constant. As a compromise, 2460 * we always use the constant, but make an explicit notice 2461 * indicating the "unknown" case. 2462 */ 2463 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2464 return (64); 2465 } 2466} 2467 2468#include <sys/sysctl.h> 2469 2470struct in6_llentry { 2471 struct llentry base; 2472 struct sockaddr_in6 l3_addr6; 2473}; 2474 2475/* 2476 * Deletes an address from the address table. 2477 * This function is called by the timer functions 2478 * such as arptimer() and nd6_llinfo_timer(), and 2479 * the caller does the locking. 2480 */ 2481static void 2482in6_lltable_free(struct lltable *llt, struct llentry *lle) 2483{ 2484 LLE_WUNLOCK(lle); 2485 LLE_LOCK_DESTROY(lle); 2486 free(lle, M_LLTABLE); 2487} 2488 2489static struct llentry * 2490in6_lltable_new(const struct sockaddr *l3addr, u_int flags) 2491{ 2492 struct in6_llentry *lle; 2493 2494 lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO); 2495 if (lle == NULL) /* NB: caller generates msg */ 2496 return NULL; 2497 2498 lle->l3_addr6 = *(const struct sockaddr_in6 *)l3addr; 2499 lle->base.lle_refcnt = 1; 2500 lle->base.lle_free = in6_lltable_free; 2501 LLE_LOCK_INIT(&lle->base); 2502 callout_init_rw(&lle->base.ln_timer_ch, &lle->base.lle_lock, 2503 CALLOUT_RETURNUNLOCKED); 2504 2505 return (&lle->base); 2506} 2507 2508static void 2509in6_lltable_prefix_free(struct lltable *llt, const struct sockaddr *prefix, 2510 const struct sockaddr *mask, u_int flags) 2511{ 2512 const struct sockaddr_in6 *pfx = (const struct sockaddr_in6 *)prefix; 2513 const struct sockaddr_in6 *msk = (const struct sockaddr_in6 *)mask; 2514 struct llentry *lle, *next; 2515 int i; 2516 2517 /* 2518 * (flags & LLE_STATIC) means deleting all entries 2519 * including static ND6 entries. 2520 */ 2521 IF_AFDATA_WLOCK(llt->llt_ifp); 2522 for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) { 2523 LIST_FOREACH_SAFE(lle, &llt->lle_head[i], lle_next, next) { 2524 if (IN6_ARE_MASKED_ADDR_EQUAL( 2525 &satosin6(L3_ADDR(lle))->sin6_addr, 2526 &pfx->sin6_addr, &msk->sin6_addr) && 2527 ((flags & LLE_STATIC) || 2528 !(lle->la_flags & LLE_STATIC))) { 2529 LLE_WLOCK(lle); 2530 if (callout_stop(&lle->la_timer)) 2531 LLE_REMREF(lle); 2532 llentry_free(lle); 2533 } 2534 } 2535 } 2536 IF_AFDATA_WUNLOCK(llt->llt_ifp); 2537} 2538 2539static int 2540in6_lltable_rtcheck(struct ifnet *ifp, 2541 u_int flags, 2542 const struct sockaddr *l3addr) 2543{ 2544 struct rtentry *rt; 2545 char ip6buf[INET6_ADDRSTRLEN]; 2546 2547 KASSERT(l3addr->sa_family == AF_INET6, 2548 ("sin_family %d", l3addr->sa_family)); 2549 2550 /* Our local addresses are always only installed on the default FIB. */ 2551 /* XXX rtalloc1 should take a const param */ 2552 rt = in6_rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0, 2553 RT_DEFAULT_FIB); 2554 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) { 2555 struct ifaddr *ifa; 2556 /* 2557 * Create an ND6 cache for an IPv6 neighbor 2558 * that is not covered by our own prefix. 2559 */ 2560 /* XXX ifaof_ifpforaddr should take a const param */ 2561 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp); 2562 if (ifa != NULL) { 2563 ifa_free(ifa); 2564 if (rt != NULL) 2565 RTFREE_LOCKED(rt); 2566 return 0; 2567 } 2568 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n", 2569 ip6_sprintf(ip6buf, &((const struct sockaddr_in6 *)l3addr)->sin6_addr)); 2570 if (rt != NULL) 2571 RTFREE_LOCKED(rt); 2572 return EINVAL; 2573 } 2574 RTFREE_LOCKED(rt); 2575 return 0; 2576} 2577 2578static struct llentry * 2579in6_lltable_lookup(struct lltable *llt, u_int flags, 2580 const struct sockaddr *l3addr) 2581{ 2582 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr; 2583 struct ifnet *ifp = llt->llt_ifp; 2584 struct llentry *lle; 2585 struct llentries *lleh; 2586 u_int hashkey; 2587 2588 IF_AFDATA_LOCK_ASSERT(ifp); 2589 KASSERT(l3addr->sa_family == AF_INET6, 2590 ("sin_family %d", l3addr->sa_family)); 2591 2592 hashkey = sin6->sin6_addr.s6_addr32[3]; 2593 lleh = &llt->lle_head[LLATBL_HASH(hashkey, LLTBL_HASHMASK)]; 2594 LIST_FOREACH(lle, lleh, lle_next) { 2595 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)L3_ADDR(lle); 2596 if (lle->la_flags & LLE_DELETED) 2597 continue; 2598 if (bcmp(&sa6->sin6_addr, &sin6->sin6_addr, 2599 sizeof(struct in6_addr)) == 0) 2600 break; 2601 } 2602 2603 if (lle == NULL) { 2604 if (!(flags & LLE_CREATE)) 2605 return (NULL); 2606 IF_AFDATA_WLOCK_ASSERT(ifp); 2607 /* 2608 * A route that covers the given address must have 2609 * been installed 1st because we are doing a resolution, 2610 * verify this. 2611 */ 2612 if (!(flags & LLE_IFADDR) && 2613 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) 2614 return NULL; 2615 2616 lle = in6_lltable_new(l3addr, flags); 2617 if (lle == NULL) { 2618 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2619 return NULL; 2620 } 2621 lle->la_flags = flags & ~LLE_CREATE; 2622 if ((flags & (LLE_CREATE | LLE_IFADDR)) == (LLE_CREATE | LLE_IFADDR)) { 2623 bcopy(IF_LLADDR(ifp), &lle->ll_addr, ifp->if_addrlen); 2624 lle->la_flags |= (LLE_VALID | LLE_STATIC); 2625 } 2626 2627 lle->lle_tbl = llt; 2628 lle->lle_head = lleh; 2629 lle->la_flags |= LLE_LINKED; 2630 LIST_INSERT_HEAD(lleh, lle, lle_next); 2631 } else if (flags & LLE_DELETE) { 2632 if (!(lle->la_flags & LLE_IFADDR) || (flags & LLE_IFADDR)) { 2633 LLE_WLOCK(lle); 2634 lle->la_flags |= LLE_DELETED; 2635#ifdef DIAGNOSTIC 2636 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle); 2637#endif 2638 if ((lle->la_flags & 2639 (LLE_STATIC | LLE_IFADDR)) == LLE_STATIC) 2640 llentry_free(lle); 2641 else 2642 LLE_WUNLOCK(lle); 2643 } 2644 lle = (void *)-1; 2645 } 2646 if (LLE_IS_VALID(lle)) { 2647 if (flags & LLE_EXCLUSIVE) 2648 LLE_WLOCK(lle); 2649 else 2650 LLE_RLOCK(lle); 2651 } 2652 return (lle); 2653} 2654 2655static int 2656in6_lltable_dump(struct lltable *llt, struct sysctl_req *wr) 2657{ 2658 struct ifnet *ifp = llt->llt_ifp; 2659 struct llentry *lle; 2660 /* XXX stack use */ 2661 struct { 2662 struct rt_msghdr rtm; 2663 struct sockaddr_in6 sin6; 2664 /* 2665 * ndp.c assumes that sdl is word aligned 2666 */ 2667#ifdef __LP64__ 2668 uint32_t pad; 2669#endif 2670 struct sockaddr_dl sdl; 2671 } ndpc; 2672 int i, error; 2673 2674 if (ifp->if_flags & IFF_LOOPBACK) 2675 return 0; 2676 2677 LLTABLE_LOCK_ASSERT(); 2678 2679 error = 0; 2680 for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) { 2681 LIST_FOREACH(lle, &llt->lle_head[i], lle_next) { 2682 struct sockaddr_dl *sdl; 2683 2684 /* skip deleted or invalid entries */ 2685 if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) 2686 continue; 2687 /* Skip if jailed and not a valid IP of the prison. */ 2688 if (prison_if(wr->td->td_ucred, L3_ADDR(lle)) != 0) 2689 continue; 2690 /* 2691 * produce a msg made of: 2692 * struct rt_msghdr; 2693 * struct sockaddr_in6 (IPv6) 2694 * struct sockaddr_dl; 2695 */ 2696 bzero(&ndpc, sizeof(ndpc)); 2697 ndpc.rtm.rtm_msglen = sizeof(ndpc); 2698 ndpc.rtm.rtm_version = RTM_VERSION; 2699 ndpc.rtm.rtm_type = RTM_GET; 2700 ndpc.rtm.rtm_flags = RTF_UP; 2701 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY; 2702 ndpc.sin6.sin6_family = AF_INET6; 2703 ndpc.sin6.sin6_len = sizeof(ndpc.sin6); 2704 bcopy(L3_ADDR(lle), &ndpc.sin6, L3_ADDR_LEN(lle)); 2705 2706 /* publish */ 2707 if (lle->la_flags & LLE_PUB) 2708 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE; 2709 2710 sdl = &ndpc.sdl; 2711 sdl->sdl_family = AF_LINK; 2712 sdl->sdl_len = sizeof(*sdl); 2713 sdl->sdl_alen = ifp->if_addrlen; 2714 sdl->sdl_index = ifp->if_index; 2715 sdl->sdl_type = ifp->if_type; 2716 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); 2717 ndpc.rtm.rtm_rmx.rmx_expire = 2718 lle->la_flags & LLE_STATIC ? 0 : lle->la_expire; 2719 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA); 2720 if (lle->la_flags & LLE_STATIC) 2721 ndpc.rtm.rtm_flags |= RTF_STATIC; 2722 ndpc.rtm.rtm_index = ifp->if_index; 2723 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc)); 2724 if (error) 2725 break; 2726 } 2727 } 2728 return error; 2729} 2730 2731void * 2732in6_domifattach(struct ifnet *ifp) 2733{ 2734 struct in6_ifextra *ext; 2735 2736 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2737 bzero(ext, sizeof(*ext)); 2738 2739 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2740 M_IFADDR, M_WAITOK); 2741 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2742 2743 ext->icmp6_ifstat = 2744 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2745 M_IFADDR, M_WAITOK); 2746 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2747 2748 ext->nd_ifinfo = nd6_ifattach(ifp); 2749 ext->scope6_id = scope6_ifattach(ifp); 2750 ext->lltable = lltable_init(ifp, AF_INET6); 2751 if (ext->lltable != NULL) { 2752 ext->lltable->llt_prefix_free = in6_lltable_prefix_free; 2753 ext->lltable->llt_lookup = in6_lltable_lookup; 2754 ext->lltable->llt_dump = in6_lltable_dump; 2755 } 2756 2757 ext->mld_ifinfo = mld_domifattach(ifp); 2758 2759 return ext; 2760} 2761 2762void 2763in6_domifdetach(struct ifnet *ifp, void *aux) 2764{ 2765 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2766 2767 mld_domifdetach(ifp); 2768 scope6_ifdetach(ext->scope6_id); 2769 nd6_ifdetach(ext->nd_ifinfo); 2770 lltable_free(ext->lltable); 2771 free(ext->in6_ifstat, M_IFADDR); 2772 free(ext->icmp6_ifstat, M_IFADDR); 2773 free(ext, M_IFADDR); 2774} 2775 2776/* 2777 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2778 * v4 mapped addr or v4 compat addr 2779 */ 2780void 2781in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2782{ 2783 2784 bzero(sin, sizeof(*sin)); 2785 sin->sin_len = sizeof(struct sockaddr_in); 2786 sin->sin_family = AF_INET; 2787 sin->sin_port = sin6->sin6_port; 2788 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2789} 2790 2791/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2792void 2793in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2794{ 2795 bzero(sin6, sizeof(*sin6)); 2796 sin6->sin6_len = sizeof(struct sockaddr_in6); 2797 sin6->sin6_family = AF_INET6; 2798 sin6->sin6_port = sin->sin_port; 2799 sin6->sin6_addr.s6_addr32[0] = 0; 2800 sin6->sin6_addr.s6_addr32[1] = 0; 2801 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2802 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2803} 2804 2805/* Convert sockaddr_in6 into sockaddr_in. */ 2806void 2807in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2808{ 2809 struct sockaddr_in *sin_p; 2810 struct sockaddr_in6 sin6; 2811 2812 /* 2813 * Save original sockaddr_in6 addr and convert it 2814 * to sockaddr_in. 2815 */ 2816 sin6 = *(struct sockaddr_in6 *)nam; 2817 sin_p = (struct sockaddr_in *)nam; 2818 in6_sin6_2_sin(sin_p, &sin6); 2819} 2820 2821/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2822void 2823in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2824{ 2825 struct sockaddr_in *sin_p; 2826 struct sockaddr_in6 *sin6_p; 2827 2828 sin6_p = malloc(sizeof *sin6_p, M_SONAME, M_WAITOK); 2829 sin_p = (struct sockaddr_in *)*nam; 2830 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2831 free(*nam, M_SONAME); 2832 *nam = (struct sockaddr *)sin6_p; 2833} 2834