in6.c revision 238476
1/*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ 30 */ 31 32/*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in.c 8.2 (Berkeley) 11/15/93 61 */ 62 63#include <sys/cdefs.h> 64__FBSDID("$FreeBSD: stable/9/sys/netinet6/in6.c 238476 2012-07-15 11:13:09Z bz $"); 65 66#include "opt_compat.h" 67#include "opt_inet.h" 68#include "opt_inet6.h" 69 70#include <sys/param.h> 71#include <sys/errno.h> 72#include <sys/jail.h> 73#include <sys/malloc.h> 74#include <sys/socket.h> 75#include <sys/socketvar.h> 76#include <sys/sockio.h> 77#include <sys/systm.h> 78#include <sys/priv.h> 79#include <sys/proc.h> 80#include <sys/time.h> 81#include <sys/kernel.h> 82#include <sys/syslog.h> 83 84#include <net/if.h> 85#include <net/if_var.h> 86#include <net/if_types.h> 87#include <net/route.h> 88#include <net/if_dl.h> 89#include <net/vnet.h> 90 91#include <netinet/in.h> 92#include <netinet/in_var.h> 93#include <net/if_llatbl.h> 94#include <netinet/if_ether.h> 95#include <netinet/in_systm.h> 96#include <netinet/ip.h> 97#include <netinet/in_pcb.h> 98 99#include <netinet/ip6.h> 100#include <netinet6/ip6_var.h> 101#include <netinet6/nd6.h> 102#include <netinet6/mld6_var.h> 103#include <netinet6/ip6_mroute.h> 104#include <netinet6/in6_ifattach.h> 105#include <netinet6/scope6_var.h> 106#include <netinet6/in6_pcb.h> 107 108/* 109 * Definitions of some costant IP6 addresses. 110 */ 111const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 112const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 113const struct in6_addr in6addr_nodelocal_allnodes = 114 IN6ADDR_NODELOCAL_ALLNODES_INIT; 115const struct in6_addr in6addr_linklocal_allnodes = 116 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 117const struct in6_addr in6addr_linklocal_allrouters = 118 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 119const struct in6_addr in6addr_linklocal_allv2routers = 120 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT; 121 122const struct in6_addr in6mask0 = IN6MASK0; 123const struct in6_addr in6mask32 = IN6MASK32; 124const struct in6_addr in6mask64 = IN6MASK64; 125const struct in6_addr in6mask96 = IN6MASK96; 126const struct in6_addr in6mask128 = IN6MASK128; 127 128const struct sockaddr_in6 sa6_any = 129 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 }; 130 131static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t, 132 struct ifnet *, struct thread *)); 133static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *, 134 struct sockaddr_in6 *, int)); 135static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 136 137int (*faithprefix_p)(struct in6_addr *); 138 139#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 140#define ia62ifa(ia6) (&((ia6)->ia_ifa)) 141 142void 143in6_ifaddloop(struct ifaddr *ifa) 144{ 145 struct sockaddr_dl gateway; 146 struct sockaddr_in6 mask, addr; 147 struct rtentry rt; 148 struct in6_ifaddr *ia; 149 struct ifnet *ifp; 150 struct llentry *ln; 151 152 ia = ifa2ia6(ifa); 153 ifp = ifa->ifa_ifp; 154 IF_AFDATA_LOCK(ifp); 155 ifa->ifa_rtrequest = nd6_rtrequest; 156 ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | 157 LLE_EXCLUSIVE), (struct sockaddr *)&ia->ia_addr); 158 IF_AFDATA_UNLOCK(ifp); 159 if (ln != NULL) { 160 ln->la_expire = 0; /* for IPv6 this means permanent */ 161 ln->ln_state = ND6_LLINFO_REACHABLE; 162 /* 163 * initialize for rtmsg generation 164 */ 165 bzero(&gateway, sizeof(gateway)); 166 gateway.sdl_len = sizeof(gateway); 167 gateway.sdl_family = AF_LINK; 168 gateway.sdl_nlen = 0; 169 gateway.sdl_alen = 6; 170 memcpy(gateway.sdl_data, &ln->ll_addr.mac_aligned, 171 sizeof(ln->ll_addr)); 172 LLE_WUNLOCK(ln); 173 } 174 175 bzero(&rt, sizeof(rt)); 176 rt.rt_gateway = (struct sockaddr *)&gateway; 177 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 178 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 179 rt_mask(&rt) = (struct sockaddr *)&mask; 180 rt_key(&rt) = (struct sockaddr *)&addr; 181 rt.rt_flags = RTF_UP | RTF_HOST | RTF_STATIC; 182 /* Announce arrival of local address to all FIBs. */ 183 rt_newaddrmsg(RTM_ADD, ifa, 0, &rt); 184} 185 186void 187in6_ifremloop(struct ifaddr *ifa) 188{ 189 struct sockaddr_dl gateway; 190 struct sockaddr_in6 mask, addr; 191 struct rtentry rt0; 192 struct in6_ifaddr *ia; 193 struct ifnet *ifp; 194 195 ia = ifa2ia6(ifa); 196 ifp = ifa->ifa_ifp; 197 IF_AFDATA_LOCK(ifp); 198 lla_lookup(LLTABLE6(ifp), (LLE_DELETE | LLE_IFADDR), 199 (struct sockaddr *)&ia->ia_addr); 200 IF_AFDATA_UNLOCK(ifp); 201 202 /* 203 * initialize for rtmsg generation 204 */ 205 bzero(&gateway, sizeof(gateway)); 206 gateway.sdl_len = sizeof(gateway); 207 gateway.sdl_family = AF_LINK; 208 gateway.sdl_nlen = 0; 209 gateway.sdl_alen = ifp->if_addrlen; 210 bzero(&rt0, sizeof(rt0)); 211 rt0.rt_gateway = (struct sockaddr *)&gateway; 212 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 213 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 214 rt_mask(&rt0) = (struct sockaddr *)&mask; 215 rt_key(&rt0) = (struct sockaddr *)&addr; 216 rt0.rt_flags = RTF_HOST | RTF_STATIC; 217 /* Announce removal of local address to all FIBs. */ 218 rt_newaddrmsg(RTM_DELETE, ifa, 0, &rt0); 219} 220 221int 222in6_mask2len(struct in6_addr *mask, u_char *lim0) 223{ 224 int x = 0, y; 225 u_char *lim = lim0, *p; 226 227 /* ignore the scope_id part */ 228 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 229 lim = (u_char *)mask + sizeof(*mask); 230 for (p = (u_char *)mask; p < lim; x++, p++) { 231 if (*p != 0xff) 232 break; 233 } 234 y = 0; 235 if (p < lim) { 236 for (y = 0; y < 8; y++) { 237 if ((*p & (0x80 >> y)) == 0) 238 break; 239 } 240 } 241 242 /* 243 * when the limit pointer is given, do a stricter check on the 244 * remaining bits. 245 */ 246 if (p < lim) { 247 if (y != 0 && (*p & (0x00ff >> y)) != 0) 248 return (-1); 249 for (p = p + 1; p < lim; p++) 250 if (*p != 0) 251 return (-1); 252 } 253 254 return x * 8 + y; 255} 256 257#ifdef COMPAT_FREEBSD32 258struct in6_ndifreq32 { 259 char ifname[IFNAMSIZ]; 260 uint32_t ifindex; 261}; 262#define SIOCGDEFIFACE32_IN6 _IOWR('i', 86, struct in6_ndifreq32) 263#endif 264 265int 266in6_control(struct socket *so, u_long cmd, caddr_t data, 267 struct ifnet *ifp, struct thread *td) 268{ 269 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 270 struct in6_ifaddr *ia = NULL; 271 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 272 struct sockaddr_in6 *sa6; 273 int error; 274 275 switch (cmd) { 276 case SIOCGETSGCNT_IN6: 277 case SIOCGETMIFCNT_IN6: 278 /* 279 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c. 280 * We cannot see how that would be needed, so do not adjust the 281 * KPI blindly; more likely should clean up the IPv4 variant. 282 */ 283 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP); 284 } 285 286 switch(cmd) { 287 case SIOCAADDRCTL_POLICY: 288 case SIOCDADDRCTL_POLICY: 289 if (td != NULL) { 290 error = priv_check(td, PRIV_NETINET_ADDRCTRL6); 291 if (error) 292 return (error); 293 } 294 return (in6_src_ioctl(cmd, data)); 295 } 296 297 if (ifp == NULL) 298 return (EOPNOTSUPP); 299 300 switch (cmd) { 301 case SIOCSNDFLUSH_IN6: 302 case SIOCSPFXFLUSH_IN6: 303 case SIOCSRTRFLUSH_IN6: 304 case SIOCSDEFIFACE_IN6: 305 case SIOCSIFINFO_FLAGS: 306 case SIOCSIFINFO_IN6: 307 if (td != NULL) { 308 error = priv_check(td, PRIV_NETINET_ND6); 309 if (error) 310 return (error); 311 } 312 /* FALLTHROUGH */ 313 case OSIOCGIFINFO_IN6: 314 case SIOCGIFINFO_IN6: 315 case SIOCGDRLST_IN6: 316 case SIOCGPRLST_IN6: 317 case SIOCGNBRINFO_IN6: 318 case SIOCGDEFIFACE_IN6: 319 return (nd6_ioctl(cmd, data, ifp)); 320 321#ifdef COMPAT_FREEBSD32 322 case SIOCGDEFIFACE32_IN6: 323 { 324 struct in6_ndifreq ndif; 325 struct in6_ndifreq32 *ndif32; 326 327 error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif, 328 ifp); 329 if (error) 330 return (error); 331 ndif32 = (struct in6_ndifreq32 *)data; 332 ndif32->ifindex = ndif.ifindex; 333 return (0); 334 } 335#endif 336 } 337 338 switch (cmd) { 339 case SIOCSIFPREFIX_IN6: 340 case SIOCDIFPREFIX_IN6: 341 case SIOCAIFPREFIX_IN6: 342 case SIOCCIFPREFIX_IN6: 343 case SIOCSGIFPREFIX_IN6: 344 case SIOCGIFPREFIX_IN6: 345 log(LOG_NOTICE, 346 "prefix ioctls are now invalidated. " 347 "please use ifconfig.\n"); 348 return (EOPNOTSUPP); 349 } 350 351 switch (cmd) { 352 case SIOCSSCOPE6: 353 if (td != NULL) { 354 error = priv_check(td, PRIV_NETINET_SCOPE6); 355 if (error) 356 return (error); 357 } 358 return (scope6_set(ifp, 359 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 360 case SIOCGSCOPE6: 361 return (scope6_get(ifp, 362 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 363 case SIOCGSCOPE6DEF: 364 return (scope6_get_default((struct scope6_id *) 365 ifr->ifr_ifru.ifru_scope_id)); 366 } 367 368 switch (cmd) { 369 case SIOCALIFADDR: 370 if (td != NULL) { 371 error = priv_check(td, PRIV_NET_ADDIFADDR); 372 if (error) 373 return (error); 374 } 375 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 376 377 case SIOCDLIFADDR: 378 if (td != NULL) { 379 error = priv_check(td, PRIV_NET_DELIFADDR); 380 if (error) 381 return (error); 382 } 383 /* FALLTHROUGH */ 384 case SIOCGLIFADDR: 385 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 386 } 387 388 /* 389 * Find address for this interface, if it exists. 390 * 391 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 392 * only, and used the first interface address as the target of other 393 * operations (without checking ifra_addr). This was because netinet 394 * code/API assumed at most 1 interface address per interface. 395 * Since IPv6 allows a node to assign multiple addresses 396 * on a single interface, we almost always look and check the 397 * presence of ifra_addr, and reject invalid ones here. 398 * It also decreases duplicated code among SIOC*_IN6 operations. 399 */ 400 switch (cmd) { 401 case SIOCAIFADDR_IN6: 402 case SIOCSIFPHYADDR_IN6: 403 sa6 = &ifra->ifra_addr; 404 break; 405 case SIOCSIFADDR_IN6: 406 case SIOCGIFADDR_IN6: 407 case SIOCSIFDSTADDR_IN6: 408 case SIOCSIFNETMASK_IN6: 409 case SIOCGIFDSTADDR_IN6: 410 case SIOCGIFNETMASK_IN6: 411 case SIOCDIFADDR_IN6: 412 case SIOCGIFPSRCADDR_IN6: 413 case SIOCGIFPDSTADDR_IN6: 414 case SIOCGIFAFLAG_IN6: 415 case SIOCSNDFLUSH_IN6: 416 case SIOCSPFXFLUSH_IN6: 417 case SIOCSRTRFLUSH_IN6: 418 case SIOCGIFALIFETIME_IN6: 419 case SIOCSIFALIFETIME_IN6: 420 case SIOCGIFSTAT_IN6: 421 case SIOCGIFSTAT_ICMP6: 422 sa6 = &ifr->ifr_addr; 423 break; 424 default: 425 sa6 = NULL; 426 break; 427 } 428 if (sa6 && sa6->sin6_family == AF_INET6) { 429 if (sa6->sin6_scope_id != 0) 430 error = sa6_embedscope(sa6, 0); 431 else 432 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 433 if (error != 0) 434 return (error); 435 if (td != NULL && (error = prison_check_ip6(td->td_ucred, 436 &sa6->sin6_addr)) != 0) 437 return (error); 438 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 439 } else 440 ia = NULL; 441 442 switch (cmd) { 443 case SIOCSIFADDR_IN6: 444 case SIOCSIFDSTADDR_IN6: 445 case SIOCSIFNETMASK_IN6: 446 /* 447 * Since IPv6 allows a node to assign multiple addresses 448 * on a single interface, SIOCSIFxxx ioctls are deprecated. 449 */ 450 /* we decided to obsolete this command (20000704) */ 451 error = EINVAL; 452 goto out; 453 454 case SIOCDIFADDR_IN6: 455 /* 456 * for IPv4, we look for existing in_ifaddr here to allow 457 * "ifconfig if0 delete" to remove the first IPv4 address on 458 * the interface. For IPv6, as the spec allows multiple 459 * interface address from the day one, we consider "remove the 460 * first one" semantics to be not preferable. 461 */ 462 if (ia == NULL) { 463 error = EADDRNOTAVAIL; 464 goto out; 465 } 466 /* FALLTHROUGH */ 467 case SIOCAIFADDR_IN6: 468 /* 469 * We always require users to specify a valid IPv6 address for 470 * the corresponding operation. 471 */ 472 if (ifra->ifra_addr.sin6_family != AF_INET6 || 473 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 474 error = EAFNOSUPPORT; 475 goto out; 476 } 477 478 if (td != NULL) { 479 error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? 480 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); 481 if (error) 482 goto out; 483 } 484 break; 485 486 case SIOCGIFADDR_IN6: 487 /* This interface is basically deprecated. use SIOCGIFCONF. */ 488 /* FALLTHROUGH */ 489 case SIOCGIFAFLAG_IN6: 490 case SIOCGIFNETMASK_IN6: 491 case SIOCGIFDSTADDR_IN6: 492 case SIOCGIFALIFETIME_IN6: 493 /* must think again about its semantics */ 494 if (ia == NULL) { 495 error = EADDRNOTAVAIL; 496 goto out; 497 } 498 break; 499 500 case SIOCSIFALIFETIME_IN6: 501 { 502 struct in6_addrlifetime *lt; 503 504 if (td != NULL) { 505 error = priv_check(td, PRIV_NETINET_ALIFETIME6); 506 if (error) 507 goto out; 508 } 509 if (ia == NULL) { 510 error = EADDRNOTAVAIL; 511 goto out; 512 } 513 /* sanity for overflow - beware unsigned */ 514 lt = &ifr->ifr_ifru.ifru_lifetime; 515 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME && 516 lt->ia6t_vltime + time_second < time_second) { 517 error = EINVAL; 518 goto out; 519 } 520 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME && 521 lt->ia6t_pltime + time_second < time_second) { 522 error = EINVAL; 523 goto out; 524 } 525 break; 526 } 527 } 528 529 switch (cmd) { 530 case SIOCGIFADDR_IN6: 531 ifr->ifr_addr = ia->ia_addr; 532 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 533 goto out; 534 break; 535 536 case SIOCGIFDSTADDR_IN6: 537 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 538 error = EINVAL; 539 goto out; 540 } 541 /* 542 * XXX: should we check if ifa_dstaddr is NULL and return 543 * an error? 544 */ 545 ifr->ifr_dstaddr = ia->ia_dstaddr; 546 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 547 goto out; 548 break; 549 550 case SIOCGIFNETMASK_IN6: 551 ifr->ifr_addr = ia->ia_prefixmask; 552 break; 553 554 case SIOCGIFAFLAG_IN6: 555 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 556 break; 557 558 case SIOCGIFSTAT_IN6: 559 if (ifp == NULL) { 560 error = EINVAL; 561 goto out; 562 } 563 bzero(&ifr->ifr_ifru.ifru_stat, 564 sizeof(ifr->ifr_ifru.ifru_stat)); 565 ifr->ifr_ifru.ifru_stat = 566 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 567 break; 568 569 case SIOCGIFSTAT_ICMP6: 570 if (ifp == NULL) { 571 error = EINVAL; 572 goto out; 573 } 574 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 575 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 576 ifr->ifr_ifru.ifru_icmp6stat = 577 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 578 break; 579 580 case SIOCGIFALIFETIME_IN6: 581 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 582 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 583 time_t maxexpire; 584 struct in6_addrlifetime *retlt = 585 &ifr->ifr_ifru.ifru_lifetime; 586 587 /* 588 * XXX: adjust expiration time assuming time_t is 589 * signed. 590 */ 591 maxexpire = (-1) & 592 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 593 if (ia->ia6_lifetime.ia6t_vltime < 594 maxexpire - ia->ia6_updatetime) { 595 retlt->ia6t_expire = ia->ia6_updatetime + 596 ia->ia6_lifetime.ia6t_vltime; 597 } else 598 retlt->ia6t_expire = maxexpire; 599 } 600 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 601 time_t maxexpire; 602 struct in6_addrlifetime *retlt = 603 &ifr->ifr_ifru.ifru_lifetime; 604 605 /* 606 * XXX: adjust expiration time assuming time_t is 607 * signed. 608 */ 609 maxexpire = (-1) & 610 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 611 if (ia->ia6_lifetime.ia6t_pltime < 612 maxexpire - ia->ia6_updatetime) { 613 retlt->ia6t_preferred = ia->ia6_updatetime + 614 ia->ia6_lifetime.ia6t_pltime; 615 } else 616 retlt->ia6t_preferred = maxexpire; 617 } 618 break; 619 620 case SIOCSIFALIFETIME_IN6: 621 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 622 /* for sanity */ 623 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 624 ia->ia6_lifetime.ia6t_expire = 625 time_second + ia->ia6_lifetime.ia6t_vltime; 626 } else 627 ia->ia6_lifetime.ia6t_expire = 0; 628 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 629 ia->ia6_lifetime.ia6t_preferred = 630 time_second + ia->ia6_lifetime.ia6t_pltime; 631 } else 632 ia->ia6_lifetime.ia6t_preferred = 0; 633 break; 634 635 case SIOCAIFADDR_IN6: 636 { 637 int i; 638 struct nd_prefixctl pr0; 639 struct nd_prefix *pr; 640 641 /* 642 * first, make or update the interface address structure, 643 * and link it to the list. 644 */ 645 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 646 goto out; 647 if (ia != NULL) 648 ifa_free(&ia->ia_ifa); 649 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 650 == NULL) { 651 /* 652 * this can happen when the user specify the 0 valid 653 * lifetime. 654 */ 655 break; 656 } 657 658 /* 659 * then, make the prefix on-link on the interface. 660 * XXX: we'd rather create the prefix before the address, but 661 * we need at least one address to install the corresponding 662 * interface route, so we configure the address first. 663 */ 664 665 /* 666 * convert mask to prefix length (prefixmask has already 667 * been validated in in6_update_ifa(). 668 */ 669 bzero(&pr0, sizeof(pr0)); 670 pr0.ndpr_ifp = ifp; 671 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 672 NULL); 673 if (pr0.ndpr_plen == 128) { 674 break; /* we don't need to install a host route. */ 675 } 676 pr0.ndpr_prefix = ifra->ifra_addr; 677 /* apply the mask for safety. */ 678 for (i = 0; i < 4; i++) { 679 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 680 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 681 } 682 /* 683 * XXX: since we don't have an API to set prefix (not address) 684 * lifetimes, we just use the same lifetimes as addresses. 685 * The (temporarily) installed lifetimes can be overridden by 686 * later advertised RAs (when accept_rtadv is non 0), which is 687 * an intended behavior. 688 */ 689 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 690 pr0.ndpr_raf_auto = 691 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 692 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 693 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 694 695 /* add the prefix if not yet. */ 696 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 697 /* 698 * nd6_prelist_add will install the corresponding 699 * interface route. 700 */ 701 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 702 goto out; 703 if (pr == NULL) { 704 log(LOG_ERR, "nd6_prelist_add succeeded but " 705 "no prefix\n"); 706 error = EINVAL; 707 goto out; 708 } 709 } 710 711 /* relate the address to the prefix */ 712 if (ia->ia6_ndpr == NULL) { 713 ia->ia6_ndpr = pr; 714 pr->ndpr_refcnt++; 715 716 /* 717 * If this is the first autoconf address from the 718 * prefix, create a temporary address as well 719 * (when required). 720 */ 721 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 722 V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 723 int e; 724 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 725 log(LOG_NOTICE, "in6_control: failed " 726 "to create a temporary address, " 727 "errno=%d\n", e); 728 } 729 } 730 } 731 732 /* 733 * this might affect the status of autoconfigured addresses, 734 * that is, this address might make other addresses detached. 735 */ 736 pfxlist_onlink_check(); 737 if (error == 0 && ia) { 738 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 739 /* 740 * Try to clear the flag when a new 741 * IPv6 address is added onto an 742 * IFDISABLED interface and it 743 * succeeds. 744 */ 745 struct in6_ndireq nd; 746 747 memset(&nd, 0, sizeof(nd)); 748 nd.ndi.flags = ND_IFINFO(ifp)->flags; 749 nd.ndi.flags &= ~ND6_IFF_IFDISABLED; 750 if (nd6_ioctl(SIOCSIFINFO_FLAGS, 751 (caddr_t)&nd, ifp) < 0) 752 log(LOG_NOTICE, "SIOCAIFADDR_IN6: " 753 "SIOCSIFINFO_FLAGS for -ifdisabled " 754 "failed."); 755 /* 756 * Ignore failure of clearing the flag 757 * intentionally. The failure means 758 * address duplication was detected. 759 */ 760 } 761 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 762 } 763 break; 764 } 765 766 case SIOCDIFADDR_IN6: 767 { 768 struct nd_prefix *pr; 769 770 /* 771 * If the address being deleted is the only one that owns 772 * the corresponding prefix, expire the prefix as well. 773 * XXX: theoretically, we don't have to worry about such 774 * relationship, since we separate the address management 775 * and the prefix management. We do this, however, to provide 776 * as much backward compatibility as possible in terms of 777 * the ioctl operation. 778 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 779 */ 780 pr = ia->ia6_ndpr; 781 in6_purgeaddr(&ia->ia_ifa); 782 if (pr && pr->ndpr_refcnt == 0) 783 prelist_remove(pr); 784 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 785 break; 786 } 787 788 default: 789 if (ifp == NULL || ifp->if_ioctl == 0) { 790 error = EOPNOTSUPP; 791 goto out; 792 } 793 error = (*ifp->if_ioctl)(ifp, cmd, data); 794 goto out; 795 } 796 797 error = 0; 798out: 799 if (ia != NULL) 800 ifa_free(&ia->ia_ifa); 801 return (error); 802} 803 804 805/* 806 * Join necessary multicast groups. Factored out from in6_update_ifa(). 807 * This entire work should only be done once, for the default FIB. 808 */ 809static int 810in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra, 811 struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol) 812{ 813 char ip6buf[INET6_ADDRSTRLEN]; 814 struct sockaddr_in6 mltaddr, mltmask; 815 struct in6_addr llsol; 816 struct in6_multi_mship *imm; 817 struct rtentry *rt; 818 int delay, error; 819 820 KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__)); 821 822 /* Join solicited multicast addr for new host id. */ 823 bzero(&llsol, sizeof(struct in6_addr)); 824 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 825 llsol.s6_addr32[1] = 0; 826 llsol.s6_addr32[2] = htonl(1); 827 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 828 llsol.s6_addr8[12] = 0xff; 829 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 830 /* XXX: should not happen */ 831 log(LOG_ERR, "%s: in6_setscope failed\n", __func__); 832 goto cleanup; 833 } 834 delay = 0; 835 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 836 /* 837 * We need a random delay for DAD on the address being 838 * configured. It also means delaying transmission of the 839 * corresponding MLD report to avoid report collision. 840 * [RFC 4861, Section 6.3.7] 841 */ 842 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 843 } 844 imm = in6_joingroup(ifp, &llsol, &error, delay); 845 if (imm == NULL) { 846 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 847 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &llsol), 848 if_name(ifp), error)); 849 goto cleanup; 850 } 851 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 852 *in6m_sol = imm->i6mm_maddr; 853 854 bzero(&mltmask, sizeof(mltmask)); 855 mltmask.sin6_len = sizeof(struct sockaddr_in6); 856 mltmask.sin6_family = AF_INET6; 857 mltmask.sin6_addr = in6mask32; 858#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 859 860 /* 861 * Join link-local all-nodes address. 862 */ 863 bzero(&mltaddr, sizeof(mltaddr)); 864 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 865 mltaddr.sin6_family = AF_INET6; 866 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 867 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 868 goto cleanup; /* XXX: should not fail */ 869 870 /* 871 * XXX: do we really need this automatic routes? We should probably 872 * reconsider this stuff. Most applications actually do not need the 873 * routes, since they usually specify the outgoing interface. 874 */ 875 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 876 if (rt != NULL) { 877 /* XXX: only works in !SCOPEDROUTING case. */ 878 if (memcmp(&mltaddr.sin6_addr, 879 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 880 MLTMASK_LEN)) { 881 RTFREE_LOCKED(rt); 882 rt = NULL; 883 } 884 } 885 if (rt == NULL) { 886 error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 887 (struct sockaddr *)&ia->ia_addr, 888 (struct sockaddr *)&mltmask, RTF_UP, 889 (struct rtentry **)0, RT_DEFAULT_FIB); 890 if (error) 891 goto cleanup; 892 } else 893 RTFREE_LOCKED(rt); 894 895 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 896 if (imm == NULL) { 897 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 898 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 899 &mltaddr.sin6_addr), if_name(ifp), error)); 900 goto cleanup; 901 } 902 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 903 904 /* 905 * Join node information group address. 906 */ 907 delay = 0; 908 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 909 /* 910 * The spec does not say anything about delay for this group, 911 * but the same logic should apply. 912 */ 913 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 914 } 915 if (in6_nigroup(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) { 916 /* XXX jinmei */ 917 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, delay); 918 if (imm == NULL) 919 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 920 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 921 &mltaddr.sin6_addr), if_name(ifp), error)); 922 /* XXX not very fatal, go on... */ 923 else 924 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 925 } 926 927 /* 928 * Join interface-local all-nodes address. 929 * (ff01::1%ifN, and ff01::%ifN/32) 930 */ 931 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 932 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 933 goto cleanup; /* XXX: should not fail */ 934 /* XXX: again, do we really need the route? */ 935 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 936 if (rt != NULL) { 937 if (memcmp(&mltaddr.sin6_addr, 938 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 939 MLTMASK_LEN)) { 940 RTFREE_LOCKED(rt); 941 rt = NULL; 942 } 943 } 944 if (rt == NULL) { 945 error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 946 (struct sockaddr *)&ia->ia_addr, 947 (struct sockaddr *)&mltmask, RTF_UP, 948 (struct rtentry **)0, RT_DEFAULT_FIB); 949 if (error) 950 goto cleanup; 951 } else 952 RTFREE_LOCKED(rt); 953 954 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 955 if (imm == NULL) { 956 nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s " 957 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 958 &mltaddr.sin6_addr), if_name(ifp), error)); 959 goto cleanup; 960 } 961 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 962#undef MLTMASK_LEN 963 964cleanup: 965 return (error); 966} 967 968/* 969 * Update parameters of an IPv6 interface address. 970 * If necessary, a new entry is created and linked into address chains. 971 * This function is separated from in6_control(). 972 * XXX: should this be performed under splnet()? 973 */ 974int 975in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 976 struct in6_ifaddr *ia, int flags) 977{ 978 int error = 0, hostIsNew = 0, plen = -1; 979 struct sockaddr_in6 dst6; 980 struct in6_addrlifetime *lt; 981 struct in6_multi *in6m_sol; 982 int delay; 983 char ip6buf[INET6_ADDRSTRLEN]; 984 985 /* Validate parameters */ 986 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 987 return (EINVAL); 988 989 /* 990 * The destination address for a p2p link must have a family 991 * of AF_UNSPEC or AF_INET6. 992 */ 993 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 994 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 995 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 996 return (EAFNOSUPPORT); 997 /* 998 * validate ifra_prefixmask. don't check sin6_family, netmask 999 * does not carry fields other than sin6_len. 1000 */ 1001 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 1002 return (EINVAL); 1003 /* 1004 * Because the IPv6 address architecture is classless, we require 1005 * users to specify a (non 0) prefix length (mask) for a new address. 1006 * We also require the prefix (when specified) mask is valid, and thus 1007 * reject a non-consecutive mask. 1008 */ 1009 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 1010 return (EINVAL); 1011 if (ifra->ifra_prefixmask.sin6_len != 0) { 1012 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 1013 (u_char *)&ifra->ifra_prefixmask + 1014 ifra->ifra_prefixmask.sin6_len); 1015 if (plen <= 0) 1016 return (EINVAL); 1017 } else { 1018 /* 1019 * In this case, ia must not be NULL. We just use its prefix 1020 * length. 1021 */ 1022 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1023 } 1024 /* 1025 * If the destination address on a p2p interface is specified, 1026 * and the address is a scoped one, validate/set the scope 1027 * zone identifier. 1028 */ 1029 dst6 = ifra->ifra_dstaddr; 1030 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 1031 (dst6.sin6_family == AF_INET6)) { 1032 struct in6_addr in6_tmp; 1033 u_int32_t zoneid; 1034 1035 in6_tmp = dst6.sin6_addr; 1036 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 1037 return (EINVAL); /* XXX: should be impossible */ 1038 1039 if (dst6.sin6_scope_id != 0) { 1040 if (dst6.sin6_scope_id != zoneid) 1041 return (EINVAL); 1042 } else /* user omit to specify the ID. */ 1043 dst6.sin6_scope_id = zoneid; 1044 1045 /* convert into the internal form */ 1046 if (sa6_embedscope(&dst6, 0)) 1047 return (EINVAL); /* XXX: should be impossible */ 1048 } 1049 /* 1050 * The destination address can be specified only for a p2p or a 1051 * loopback interface. If specified, the corresponding prefix length 1052 * must be 128. 1053 */ 1054 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 1055 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 1056 /* XXX: noisy message */ 1057 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 1058 "be specified for a p2p or a loopback IF only\n")); 1059 return (EINVAL); 1060 } 1061 if (plen != 128) { 1062 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 1063 "be 128 when dstaddr is specified\n")); 1064 return (EINVAL); 1065 } 1066 } 1067 /* lifetime consistency check */ 1068 lt = &ifra->ifra_lifetime; 1069 if (lt->ia6t_pltime > lt->ia6t_vltime) 1070 return (EINVAL); 1071 if (lt->ia6t_vltime == 0) { 1072 /* 1073 * the following log might be noisy, but this is a typical 1074 * configuration mistake or a tool's bug. 1075 */ 1076 nd6log((LOG_INFO, 1077 "in6_update_ifa: valid lifetime is 0 for %s\n", 1078 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr))); 1079 1080 if (ia == NULL) 1081 return (0); /* there's nothing to do */ 1082 } 1083 1084 /* 1085 * If this is a new address, allocate a new ifaddr and link it 1086 * into chains. 1087 */ 1088 if (ia == NULL) { 1089 hostIsNew = 1; 1090 /* 1091 * When in6_update_ifa() is called in a process of a received 1092 * RA, it is called under an interrupt context. So, we should 1093 * call malloc with M_NOWAIT. 1094 */ 1095 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 1096 M_NOWAIT); 1097 if (ia == NULL) 1098 return (ENOBUFS); 1099 bzero((caddr_t)ia, sizeof(*ia)); 1100 ifa_init(&ia->ia_ifa); 1101 LIST_INIT(&ia->ia6_memberships); 1102 /* Initialize the address and masks, and put time stamp */ 1103 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 1104 ia->ia_addr.sin6_family = AF_INET6; 1105 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 1106 ia->ia6_createtime = time_second; 1107 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 1108 /* 1109 * XXX: some functions expect that ifa_dstaddr is not 1110 * NULL for p2p interfaces. 1111 */ 1112 ia->ia_ifa.ifa_dstaddr = 1113 (struct sockaddr *)&ia->ia_dstaddr; 1114 } else { 1115 ia->ia_ifa.ifa_dstaddr = NULL; 1116 } 1117 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 1118 ia->ia_ifp = ifp; 1119 ifa_ref(&ia->ia_ifa); /* if_addrhead */ 1120 IF_ADDR_WLOCK(ifp); 1121 TAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1122 IF_ADDR_WUNLOCK(ifp); 1123 1124 ifa_ref(&ia->ia_ifa); /* in6_ifaddrhead */ 1125 IN6_IFADDR_WLOCK(); 1126 TAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link); 1127 IN6_IFADDR_WUNLOCK(); 1128 } 1129 1130 /* update timestamp */ 1131 ia->ia6_updatetime = time_second; 1132 1133 /* set prefix mask */ 1134 if (ifra->ifra_prefixmask.sin6_len) { 1135 /* 1136 * We prohibit changing the prefix length of an existing 1137 * address, because 1138 * + such an operation should be rare in IPv6, and 1139 * + the operation would confuse prefix management. 1140 */ 1141 if (ia->ia_prefixmask.sin6_len && 1142 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1143 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1144 " existing (%s) address should not be changed\n", 1145 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1146 error = EINVAL; 1147 goto unlink; 1148 } 1149 ia->ia_prefixmask = ifra->ifra_prefixmask; 1150 } 1151 1152 /* 1153 * If a new destination address is specified, scrub the old one and 1154 * install the new destination. Note that the interface must be 1155 * p2p or loopback (see the check above.) 1156 */ 1157 if (dst6.sin6_family == AF_INET6 && 1158 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1159 int e; 1160 1161 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1162 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) { 1163 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1164 "a route to the old destination: %s\n", 1165 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1166 /* proceed anyway... */ 1167 } else 1168 ia->ia_flags &= ~IFA_ROUTE; 1169 ia->ia_dstaddr = dst6; 1170 } 1171 1172 /* 1173 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1174 * to see if the address is deprecated or invalidated, but initialize 1175 * these members for applications. 1176 */ 1177 ia->ia6_lifetime = ifra->ifra_lifetime; 1178 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1179 ia->ia6_lifetime.ia6t_expire = 1180 time_second + ia->ia6_lifetime.ia6t_vltime; 1181 } else 1182 ia->ia6_lifetime.ia6t_expire = 0; 1183 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1184 ia->ia6_lifetime.ia6t_preferred = 1185 time_second + ia->ia6_lifetime.ia6t_pltime; 1186 } else 1187 ia->ia6_lifetime.ia6t_preferred = 0; 1188 1189 /* reset the interface and routing table appropriately. */ 1190 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1191 goto unlink; 1192 1193 /* 1194 * configure address flags. 1195 */ 1196 ia->ia6_flags = ifra->ifra_flags; 1197 /* 1198 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1199 * userland, make it deprecated. 1200 */ 1201 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1202 ia->ia6_lifetime.ia6t_pltime = 0; 1203 ia->ia6_lifetime.ia6t_preferred = time_second; 1204 } 1205 /* 1206 * Make the address tentative before joining multicast addresses, 1207 * so that corresponding MLD responses would not have a tentative 1208 * source address. 1209 */ 1210 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1211 if (hostIsNew && in6if_do_dad(ifp)) 1212 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1213 1214 /* DAD should be performed after ND6_IFF_IFDISABLED is cleared. */ 1215 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 1216 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1217 1218 /* 1219 * We are done if we have simply modified an existing address. 1220 */ 1221 if (!hostIsNew) 1222 return (error); 1223 1224 /* 1225 * Beyond this point, we should call in6_purgeaddr upon an error, 1226 * not just go to unlink. 1227 */ 1228 1229 /* Join necessary multicast groups. */ 1230 in6m_sol = NULL; 1231 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1232 error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol); 1233 if (error) 1234 goto cleanup; 1235 } 1236 1237 /* 1238 * Perform DAD, if needed. 1239 * XXX It may be of use, if we can administratively disable DAD. 1240 */ 1241 if (in6if_do_dad(ifp) && ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1242 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1243 { 1244 int mindelay, maxdelay; 1245 1246 delay = 0; 1247 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1248 /* 1249 * We need to impose a delay before sending an NS 1250 * for DAD. Check if we also needed a delay for the 1251 * corresponding MLD message. If we did, the delay 1252 * should be larger than the MLD delay (this could be 1253 * relaxed a bit, but this simple logic is at least 1254 * safe). 1255 * XXX: Break data hiding guidelines and look at 1256 * state for the solicited multicast group. 1257 */ 1258 mindelay = 0; 1259 if (in6m_sol != NULL && 1260 in6m_sol->in6m_state == MLD_REPORTING_MEMBER) { 1261 mindelay = in6m_sol->in6m_timer; 1262 } 1263 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1264 if (maxdelay - mindelay == 0) 1265 delay = 0; 1266 else { 1267 delay = 1268 (arc4random() % (maxdelay - mindelay)) + 1269 mindelay; 1270 } 1271 } 1272 nd6_dad_start((struct ifaddr *)ia, delay); 1273 } 1274 1275 KASSERT(hostIsNew, ("in6_update_ifa: !hostIsNew")); 1276 ifa_free(&ia->ia_ifa); 1277 return (error); 1278 1279 unlink: 1280 /* 1281 * XXX: if a change of an existing address failed, keep the entry 1282 * anyway. 1283 */ 1284 if (hostIsNew) { 1285 in6_unlink_ifa(ia, ifp); 1286 ifa_free(&ia->ia_ifa); 1287 } 1288 return (error); 1289 1290 cleanup: 1291 KASSERT(hostIsNew, ("in6_update_ifa: cleanup: !hostIsNew")); 1292 ifa_free(&ia->ia_ifa); 1293 in6_purgeaddr(&ia->ia_ifa); 1294 return error; 1295} 1296 1297/* 1298 * Leave multicast groups. Factored out from in6_purgeaddr(). 1299 * This entire work should only be done once, for the default FIB. 1300 */ 1301static int 1302in6_purgeaddr_mc(struct ifnet *ifp, struct in6_ifaddr *ia, struct ifaddr *ifa0) 1303{ 1304 struct sockaddr_in6 mltaddr, mltmask; 1305 struct in6_multi_mship *imm; 1306 struct rtentry *rt; 1307 struct sockaddr_in6 sin6; 1308 int error; 1309 1310 /* 1311 * Leave from multicast groups we have joined for the interface. 1312 */ 1313 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1314 LIST_REMOVE(imm, i6mm_chain); 1315 in6_leavegroup(imm); 1316 } 1317 1318 /* 1319 * Remove the link-local all-nodes address. 1320 */ 1321 bzero(&mltmask, sizeof(mltmask)); 1322 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1323 mltmask.sin6_family = AF_INET6; 1324 mltmask.sin6_addr = in6mask32; 1325 1326 bzero(&mltaddr, sizeof(mltaddr)); 1327 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1328 mltaddr.sin6_family = AF_INET6; 1329 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1330 1331 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1332 return (error); 1333 1334 /* 1335 * As for the mltaddr above, proactively prepare the sin6 to avoid 1336 * rtentry un- and re-locking. 1337 */ 1338 if (ifa0 != NULL) { 1339 bzero(&sin6, sizeof(sin6)); 1340 sin6.sin6_len = sizeof(sin6); 1341 sin6.sin6_family = AF_INET6; 1342 memcpy(&sin6.sin6_addr, &satosin6(ifa0->ifa_addr)->sin6_addr, 1343 sizeof(sin6.sin6_addr)); 1344 error = in6_setscope(&sin6.sin6_addr, ifa0->ifa_ifp, NULL); 1345 if (error != 0) 1346 return (error); 1347 } 1348 1349 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 1350 if (rt != NULL && rt->rt_gateway != NULL && 1351 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1352 &ia->ia_addr.sin6_addr, 1353 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1354 /* 1355 * If no more IPv6 address exists on this interface then 1356 * remove the multicast address route. 1357 */ 1358 if (ifa0 == NULL) { 1359 memcpy(&mltaddr.sin6_addr, &satosin6(rt_key(rt))->sin6_addr, 1360 sizeof(mltaddr.sin6_addr)); 1361 RTFREE_LOCKED(rt); 1362 error = in6_rtrequest(RTM_DELETE, 1363 (struct sockaddr *)&mltaddr, 1364 (struct sockaddr *)&ia->ia_addr, 1365 (struct sockaddr *)&mltmask, RTF_UP, 1366 (struct rtentry **)0, RT_DEFAULT_FIB); 1367 if (error) 1368 log(LOG_INFO, "%s: link-local all-nodes " 1369 "multicast address deletion error\n", 1370 __func__); 1371 } else { 1372 /* 1373 * Replace the gateway of the route. 1374 */ 1375 memcpy(rt->rt_gateway, &sin6, sizeof(sin6)); 1376 RTFREE_LOCKED(rt); 1377 } 1378 } else { 1379 if (rt != NULL) 1380 RTFREE_LOCKED(rt); 1381 } 1382 1383 /* 1384 * Remove the node-local all-nodes address. 1385 */ 1386 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1387 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1388 return (error); 1389 1390 rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB); 1391 if (rt != NULL && rt->rt_gateway != NULL && 1392 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1393 &ia->ia_addr.sin6_addr, 1394 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1395 /* 1396 * If no more IPv6 address exists on this interface then 1397 * remove the multicast address route. 1398 */ 1399 if (ifa0 == NULL) { 1400 memcpy(&mltaddr.sin6_addr, &satosin6(rt_key(rt))->sin6_addr, 1401 sizeof(mltaddr.sin6_addr)); 1402 1403 RTFREE_LOCKED(rt); 1404 error = in6_rtrequest(RTM_DELETE, 1405 (struct sockaddr *)&mltaddr, 1406 (struct sockaddr *)&ia->ia_addr, 1407 (struct sockaddr *)&mltmask, RTF_UP, 1408 (struct rtentry **)0, RT_DEFAULT_FIB); 1409 if (error) 1410 log(LOG_INFO, "%s: node-local all-nodes" 1411 "multicast address deletion error\n", 1412 __func__); 1413 } else { 1414 /* 1415 * Replace the gateway of the route. 1416 */ 1417 memcpy(rt->rt_gateway, &sin6, sizeof(sin6)); 1418 RTFREE_LOCKED(rt); 1419 } 1420 } else { 1421 if (rt != NULL) 1422 RTFREE_LOCKED(rt); 1423 } 1424 1425 return (0); 1426} 1427 1428void 1429in6_purgeaddr(struct ifaddr *ifa) 1430{ 1431 struct ifnet *ifp = ifa->ifa_ifp; 1432 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1433 int plen, error; 1434 struct ifaddr *ifa0; 1435 1436 /* 1437 * find another IPv6 address as the gateway for the 1438 * link-local and node-local all-nodes multicast 1439 * address routes 1440 */ 1441 IF_ADDR_RLOCK(ifp); 1442 TAILQ_FOREACH(ifa0, &ifp->if_addrhead, ifa_link) { 1443 if ((ifa0->ifa_addr->sa_family != AF_INET6) || 1444 memcmp(&satosin6(ifa0->ifa_addr)->sin6_addr, 1445 &ia->ia_addr.sin6_addr, 1446 sizeof(struct in6_addr)) == 0) 1447 continue; 1448 else 1449 break; 1450 } 1451 if (ifa0 != NULL) 1452 ifa_ref(ifa0); 1453 IF_ADDR_RUNLOCK(ifp); 1454 1455 /* 1456 * Remove the loopback route to the interface address. 1457 * The check for the current setting of "nd6_useloopback" 1458 * is not needed. 1459 */ 1460 if (ia->ia_flags & IFA_RTSELF) { 1461 error = ifa_del_loopback_route((struct ifaddr *)ia, 1462 (struct sockaddr *)&ia->ia_addr); 1463 if (error == 0) 1464 ia->ia_flags &= ~IFA_RTSELF; 1465 } 1466 1467 /* stop DAD processing */ 1468 nd6_dad_stop(ifa); 1469 1470 /* Remove local address entry from lltable. */ 1471 in6_ifremloop(ifa); 1472 1473 /* Leave multicast groups. */ 1474 error = in6_purgeaddr_mc(ifp, ia, ifa0); 1475 1476 if (ifa0 != NULL) 1477 ifa_free(ifa0); 1478 1479 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1480 if ((ia->ia_flags & IFA_ROUTE) && plen == 128) { 1481 error = rtinit(&(ia->ia_ifa), RTM_DELETE, ia->ia_flags | 1482 (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0); 1483 if (error != 0) 1484 log(LOG_INFO, "%s: err=%d, destination address delete " 1485 "failed\n", __func__, error); 1486 ia->ia_flags &= ~IFA_ROUTE; 1487 } 1488 1489 in6_unlink_ifa(ia, ifp); 1490} 1491 1492static void 1493in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1494{ 1495 int s = splnet(); 1496 1497 IF_ADDR_WLOCK(ifp); 1498 TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1499 IF_ADDR_WUNLOCK(ifp); 1500 ifa_free(&ia->ia_ifa); /* if_addrhead */ 1501 1502 /* 1503 * Defer the release of what might be the last reference to the 1504 * in6_ifaddr so that it can't be freed before the remainder of the 1505 * cleanup. 1506 */ 1507 IN6_IFADDR_WLOCK(); 1508 TAILQ_REMOVE(&V_in6_ifaddrhead, ia, ia_link); 1509 IN6_IFADDR_WUNLOCK(); 1510 1511 /* 1512 * Release the reference to the base prefix. There should be a 1513 * positive reference. 1514 */ 1515 if (ia->ia6_ndpr == NULL) { 1516 nd6log((LOG_NOTICE, 1517 "in6_unlink_ifa: autoconf'ed address " 1518 "%p has no prefix\n", ia)); 1519 } else { 1520 ia->ia6_ndpr->ndpr_refcnt--; 1521 ia->ia6_ndpr = NULL; 1522 } 1523 1524 /* 1525 * Also, if the address being removed is autoconf'ed, call 1526 * pfxlist_onlink_check() since the release might affect the status of 1527 * other (detached) addresses. 1528 */ 1529 if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) { 1530 pfxlist_onlink_check(); 1531 } 1532 ifa_free(&ia->ia_ifa); /* in6_ifaddrhead */ 1533 splx(s); 1534} 1535 1536void 1537in6_purgeif(struct ifnet *ifp) 1538{ 1539 struct ifaddr *ifa, *nifa; 1540 1541 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, nifa) { 1542 if (ifa->ifa_addr->sa_family != AF_INET6) 1543 continue; 1544 in6_purgeaddr(ifa); 1545 } 1546 1547 in6_ifdetach(ifp); 1548} 1549 1550/* 1551 * SIOC[GAD]LIFADDR. 1552 * SIOCGLIFADDR: get first address. (?) 1553 * SIOCGLIFADDR with IFLR_PREFIX: 1554 * get first address that matches the specified prefix. 1555 * SIOCALIFADDR: add the specified address. 1556 * SIOCALIFADDR with IFLR_PREFIX: 1557 * add the specified prefix, filling hostid part from 1558 * the first link-local address. prefixlen must be <= 64. 1559 * SIOCDLIFADDR: delete the specified address. 1560 * SIOCDLIFADDR with IFLR_PREFIX: 1561 * delete the first address that matches the specified prefix. 1562 * return values: 1563 * EINVAL on invalid parameters 1564 * EADDRNOTAVAIL on prefix match failed/specified address not found 1565 * other values may be returned from in6_ioctl() 1566 * 1567 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1568 * this is to accomodate address naming scheme other than RFC2374, 1569 * in the future. 1570 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1571 * address encoding scheme. (see figure on page 8) 1572 */ 1573static int 1574in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1575 struct ifnet *ifp, struct thread *td) 1576{ 1577 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1578 struct ifaddr *ifa; 1579 struct sockaddr *sa; 1580 1581 /* sanity checks */ 1582 if (!data || !ifp) { 1583 panic("invalid argument to in6_lifaddr_ioctl"); 1584 /* NOTREACHED */ 1585 } 1586 1587 switch (cmd) { 1588 case SIOCGLIFADDR: 1589 /* address must be specified on GET with IFLR_PREFIX */ 1590 if ((iflr->flags & IFLR_PREFIX) == 0) 1591 break; 1592 /* FALLTHROUGH */ 1593 case SIOCALIFADDR: 1594 case SIOCDLIFADDR: 1595 /* address must be specified on ADD and DELETE */ 1596 sa = (struct sockaddr *)&iflr->addr; 1597 if (sa->sa_family != AF_INET6) 1598 return EINVAL; 1599 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1600 return EINVAL; 1601 /* XXX need improvement */ 1602 sa = (struct sockaddr *)&iflr->dstaddr; 1603 if (sa->sa_family && sa->sa_family != AF_INET6) 1604 return EINVAL; 1605 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1606 return EINVAL; 1607 break; 1608 default: /* shouldn't happen */ 1609#if 0 1610 panic("invalid cmd to in6_lifaddr_ioctl"); 1611 /* NOTREACHED */ 1612#else 1613 return EOPNOTSUPP; 1614#endif 1615 } 1616 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1617 return EINVAL; 1618 1619 switch (cmd) { 1620 case SIOCALIFADDR: 1621 { 1622 struct in6_aliasreq ifra; 1623 struct in6_addr *hostid = NULL; 1624 int prefixlen; 1625 1626 ifa = NULL; 1627 if ((iflr->flags & IFLR_PREFIX) != 0) { 1628 struct sockaddr_in6 *sin6; 1629 1630 /* 1631 * hostid is to fill in the hostid part of the 1632 * address. hostid points to the first link-local 1633 * address attached to the interface. 1634 */ 1635 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1636 if (!ifa) 1637 return EADDRNOTAVAIL; 1638 hostid = IFA_IN6(ifa); 1639 1640 /* prefixlen must be <= 64. */ 1641 if (64 < iflr->prefixlen) { 1642 if (ifa != NULL) 1643 ifa_free(ifa); 1644 return EINVAL; 1645 } 1646 prefixlen = iflr->prefixlen; 1647 1648 /* hostid part must be zero. */ 1649 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1650 if (sin6->sin6_addr.s6_addr32[2] != 0 || 1651 sin6->sin6_addr.s6_addr32[3] != 0) { 1652 if (ifa != NULL) 1653 ifa_free(ifa); 1654 return EINVAL; 1655 } 1656 } else 1657 prefixlen = iflr->prefixlen; 1658 1659 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1660 bzero(&ifra, sizeof(ifra)); 1661 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1662 1663 bcopy(&iflr->addr, &ifra.ifra_addr, 1664 ((struct sockaddr *)&iflr->addr)->sa_len); 1665 if (hostid) { 1666 /* fill in hostid part */ 1667 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1668 hostid->s6_addr32[2]; 1669 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1670 hostid->s6_addr32[3]; 1671 } 1672 1673 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1674 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1675 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1676 if (hostid) { 1677 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1678 hostid->s6_addr32[2]; 1679 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1680 hostid->s6_addr32[3]; 1681 } 1682 } 1683 if (ifa != NULL) 1684 ifa_free(ifa); 1685 1686 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1687 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1688 1689 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1690 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td); 1691 } 1692 case SIOCGLIFADDR: 1693 case SIOCDLIFADDR: 1694 { 1695 struct in6_ifaddr *ia; 1696 struct in6_addr mask, candidate, match; 1697 struct sockaddr_in6 *sin6; 1698 int cmp; 1699 1700 bzero(&mask, sizeof(mask)); 1701 if (iflr->flags & IFLR_PREFIX) { 1702 /* lookup a prefix rather than address. */ 1703 in6_prefixlen2mask(&mask, iflr->prefixlen); 1704 1705 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1706 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1707 match.s6_addr32[0] &= mask.s6_addr32[0]; 1708 match.s6_addr32[1] &= mask.s6_addr32[1]; 1709 match.s6_addr32[2] &= mask.s6_addr32[2]; 1710 match.s6_addr32[3] &= mask.s6_addr32[3]; 1711 1712 /* if you set extra bits, that's wrong */ 1713 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1714 return EINVAL; 1715 1716 cmp = 1; 1717 } else { 1718 if (cmd == SIOCGLIFADDR) { 1719 /* on getting an address, take the 1st match */ 1720 cmp = 0; /* XXX */ 1721 } else { 1722 /* on deleting an address, do exact match */ 1723 in6_prefixlen2mask(&mask, 128); 1724 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1725 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1726 1727 cmp = 1; 1728 } 1729 } 1730 1731 IF_ADDR_RLOCK(ifp); 1732 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1733 if (ifa->ifa_addr->sa_family != AF_INET6) 1734 continue; 1735 if (!cmp) 1736 break; 1737 1738 /* 1739 * XXX: this is adhoc, but is necessary to allow 1740 * a user to specify fe80::/64 (not /10) for a 1741 * link-local address. 1742 */ 1743 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1744 in6_clearscope(&candidate); 1745 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1746 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1747 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1748 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1749 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1750 break; 1751 } 1752 if (ifa != NULL) 1753 ifa_ref(ifa); 1754 IF_ADDR_RUNLOCK(ifp); 1755 if (!ifa) 1756 return EADDRNOTAVAIL; 1757 ia = ifa2ia6(ifa); 1758 1759 if (cmd == SIOCGLIFADDR) { 1760 int error; 1761 1762 /* fill in the if_laddrreq structure */ 1763 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1764 error = sa6_recoverscope( 1765 (struct sockaddr_in6 *)&iflr->addr); 1766 if (error != 0) { 1767 ifa_free(ifa); 1768 return (error); 1769 } 1770 1771 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1772 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1773 ia->ia_dstaddr.sin6_len); 1774 error = sa6_recoverscope( 1775 (struct sockaddr_in6 *)&iflr->dstaddr); 1776 if (error != 0) { 1777 ifa_free(ifa); 1778 return (error); 1779 } 1780 } else 1781 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1782 1783 iflr->prefixlen = 1784 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1785 1786 iflr->flags = ia->ia6_flags; /* XXX */ 1787 ifa_free(ifa); 1788 1789 return 0; 1790 } else { 1791 struct in6_aliasreq ifra; 1792 1793 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1794 bzero(&ifra, sizeof(ifra)); 1795 bcopy(iflr->iflr_name, ifra.ifra_name, 1796 sizeof(ifra.ifra_name)); 1797 1798 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1799 ia->ia_addr.sin6_len); 1800 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1801 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1802 ia->ia_dstaddr.sin6_len); 1803 } else { 1804 bzero(&ifra.ifra_dstaddr, 1805 sizeof(ifra.ifra_dstaddr)); 1806 } 1807 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1808 ia->ia_prefixmask.sin6_len); 1809 1810 ifra.ifra_flags = ia->ia6_flags; 1811 ifa_free(ifa); 1812 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1813 ifp, td); 1814 } 1815 } 1816 } 1817 1818 return EOPNOTSUPP; /* just for safety */ 1819} 1820 1821/* 1822 * Initialize an interface's IPv6 address and routing table entry. 1823 */ 1824static int 1825in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1826 struct sockaddr_in6 *sin6, int newhost) 1827{ 1828 int error = 0, plen, ifacount = 0; 1829 int s = splimp(); 1830 struct ifaddr *ifa; 1831 1832 /* 1833 * Give the interface a chance to initialize 1834 * if this is its first address, 1835 * and to validate the address if necessary. 1836 */ 1837 IF_ADDR_RLOCK(ifp); 1838 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1839 if (ifa->ifa_addr->sa_family != AF_INET6) 1840 continue; 1841 ifacount++; 1842 } 1843 IF_ADDR_RUNLOCK(ifp); 1844 1845 ia->ia_addr = *sin6; 1846 1847 if (ifacount <= 1 && ifp->if_ioctl) { 1848 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia); 1849 if (error) { 1850 splx(s); 1851 return (error); 1852 } 1853 } 1854 splx(s); 1855 1856 ia->ia_ifa.ifa_metric = ifp->if_metric; 1857 1858 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1859 1860 /* 1861 * Special case: 1862 * If a new destination address is specified for a point-to-point 1863 * interface, install a route to the destination as an interface 1864 * direct route. 1865 * XXX: the logic below rejects assigning multiple addresses on a p2p 1866 * interface that share the same destination. 1867 */ 1868 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1869 if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 && 1870 ia->ia_dstaddr.sin6_family == AF_INET6) { 1871 int rtflags = RTF_UP | RTF_HOST; 1872 error = rtinit(&ia->ia_ifa, RTM_ADD, ia->ia_flags | rtflags); 1873 if (error) 1874 return (error); 1875 ia->ia_flags |= IFA_ROUTE; 1876 /* 1877 * Handle the case for ::1 . 1878 */ 1879 if (ifp->if_flags & IFF_LOOPBACK) 1880 ia->ia_flags |= IFA_RTSELF; 1881 } 1882 1883 /* 1884 * add a loopback route to self 1885 */ 1886 if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) { 1887 error = ifa_add_loopback_route((struct ifaddr *)ia, 1888 (struct sockaddr *)&ia->ia_addr); 1889 if (error == 0) 1890 ia->ia_flags |= IFA_RTSELF; 1891 } 1892 1893 /* Add local address to lltable, if necessary (ex. on p2p link). */ 1894 if (newhost) 1895 in6_ifaddloop(&(ia->ia_ifa)); 1896 1897 return (error); 1898} 1899 1900/* 1901 * Find an IPv6 interface link-local address specific to an interface. 1902 * ifaddr is returned referenced. 1903 */ 1904struct in6_ifaddr * 1905in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1906{ 1907 struct ifaddr *ifa; 1908 1909 IF_ADDR_RLOCK(ifp); 1910 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1911 if (ifa->ifa_addr->sa_family != AF_INET6) 1912 continue; 1913 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1914 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1915 ignoreflags) != 0) 1916 continue; 1917 ifa_ref(ifa); 1918 break; 1919 } 1920 } 1921 IF_ADDR_RUNLOCK(ifp); 1922 1923 return ((struct in6_ifaddr *)ifa); 1924} 1925 1926 1927/* 1928 * find the internet address corresponding to a given interface and address. 1929 * ifaddr is returned referenced. 1930 */ 1931struct in6_ifaddr * 1932in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1933{ 1934 struct ifaddr *ifa; 1935 1936 IF_ADDR_RLOCK(ifp); 1937 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1938 if (ifa->ifa_addr->sa_family != AF_INET6) 1939 continue; 1940 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) { 1941 ifa_ref(ifa); 1942 break; 1943 } 1944 } 1945 IF_ADDR_RUNLOCK(ifp); 1946 1947 return ((struct in6_ifaddr *)ifa); 1948} 1949 1950/* 1951 * Convert IP6 address to printable (loggable) representation. Caller 1952 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long. 1953 */ 1954static char digits[] = "0123456789abcdef"; 1955char * 1956ip6_sprintf(char *ip6buf, const struct in6_addr *addr) 1957{ 1958 int i, cnt = 0, maxcnt = 0, idx = 0, index = 0; 1959 char *cp; 1960 const u_int16_t *a = (const u_int16_t *)addr; 1961 const u_int8_t *d; 1962 int dcolon = 0, zero = 0; 1963 1964 cp = ip6buf; 1965 1966 for (i = 0; i < 8; i++) { 1967 if (*(a + i) == 0) { 1968 cnt++; 1969 if (cnt == 1) 1970 idx = i; 1971 } 1972 else if (maxcnt < cnt) { 1973 maxcnt = cnt; 1974 index = idx; 1975 cnt = 0; 1976 } 1977 } 1978 if (maxcnt < cnt) { 1979 maxcnt = cnt; 1980 index = idx; 1981 } 1982 1983 for (i = 0; i < 8; i++) { 1984 if (dcolon == 1) { 1985 if (*a == 0) { 1986 if (i == 7) 1987 *cp++ = ':'; 1988 a++; 1989 continue; 1990 } else 1991 dcolon = 2; 1992 } 1993 if (*a == 0) { 1994 if (dcolon == 0 && *(a + 1) == 0 && i == index) { 1995 if (i == 0) 1996 *cp++ = ':'; 1997 *cp++ = ':'; 1998 dcolon = 1; 1999 } else { 2000 *cp++ = '0'; 2001 *cp++ = ':'; 2002 } 2003 a++; 2004 continue; 2005 } 2006 d = (const u_char *)a; 2007 /* Try to eliminate leading zeros in printout like in :0001. */ 2008 zero = 1; 2009 *cp = digits[*d >> 4]; 2010 if (*cp != '0') { 2011 zero = 0; 2012 cp++; 2013 } 2014 *cp = digits[*d++ & 0xf]; 2015 if (zero == 0 || (*cp != '0')) { 2016 zero = 0; 2017 cp++; 2018 } 2019 *cp = digits[*d >> 4]; 2020 if (zero == 0 || (*cp != '0')) { 2021 zero = 0; 2022 cp++; 2023 } 2024 *cp++ = digits[*d & 0xf]; 2025 *cp++ = ':'; 2026 a++; 2027 } 2028 *--cp = '\0'; 2029 return (ip6buf); 2030} 2031 2032int 2033in6_localaddr(struct in6_addr *in6) 2034{ 2035 struct in6_ifaddr *ia; 2036 2037 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 2038 return 1; 2039 2040 IN6_IFADDR_RLOCK(); 2041 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2042 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 2043 &ia->ia_prefixmask.sin6_addr)) { 2044 IN6_IFADDR_RUNLOCK(); 2045 return 1; 2046 } 2047 } 2048 IN6_IFADDR_RUNLOCK(); 2049 2050 return (0); 2051} 2052 2053/* 2054 * Return 1 if an internet address is for the local host and configured 2055 * on one of its interfaces. 2056 */ 2057int 2058in6_localip(struct in6_addr *in6) 2059{ 2060 struct in6_ifaddr *ia; 2061 2062 IN6_IFADDR_RLOCK(); 2063 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2064 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) { 2065 IN6_IFADDR_RUNLOCK(); 2066 return (1); 2067 } 2068 } 2069 IN6_IFADDR_RUNLOCK(); 2070 return (0); 2071} 2072 2073 2074int 2075in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 2076{ 2077 struct in6_ifaddr *ia; 2078 2079 IN6_IFADDR_RLOCK(); 2080 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2081 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 2082 &sa6->sin6_addr) && 2083 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) { 2084 IN6_IFADDR_RUNLOCK(); 2085 return (1); /* true */ 2086 } 2087 2088 /* XXX: do we still have to go thru the rest of the list? */ 2089 } 2090 IN6_IFADDR_RUNLOCK(); 2091 2092 return (0); /* false */ 2093} 2094 2095/* 2096 * return length of part which dst and src are equal 2097 * hard coding... 2098 */ 2099int 2100in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 2101{ 2102 int match = 0; 2103 u_char *s = (u_char *)src, *d = (u_char *)dst; 2104 u_char *lim = s + 16, r; 2105 2106 while (s < lim) 2107 if ((r = (*d++ ^ *s++)) != 0) { 2108 while (r < 128) { 2109 match++; 2110 r <<= 1; 2111 } 2112 break; 2113 } else 2114 match += 8; 2115 return match; 2116} 2117 2118/* XXX: to be scope conscious */ 2119int 2120in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 2121{ 2122 int bytelen, bitlen; 2123 2124 /* sanity check */ 2125 if (0 > len || len > 128) { 2126 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2127 len); 2128 return (0); 2129 } 2130 2131 bytelen = len / 8; 2132 bitlen = len % 8; 2133 2134 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2135 return (0); 2136 if (bitlen != 0 && 2137 p1->s6_addr[bytelen] >> (8 - bitlen) != 2138 p2->s6_addr[bytelen] >> (8 - bitlen)) 2139 return (0); 2140 2141 return (1); 2142} 2143 2144void 2145in6_prefixlen2mask(struct in6_addr *maskp, int len) 2146{ 2147 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2148 int bytelen, bitlen, i; 2149 2150 /* sanity check */ 2151 if (0 > len || len > 128) { 2152 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2153 len); 2154 return; 2155 } 2156 2157 bzero(maskp, sizeof(*maskp)); 2158 bytelen = len / 8; 2159 bitlen = len % 8; 2160 for (i = 0; i < bytelen; i++) 2161 maskp->s6_addr[i] = 0xff; 2162 if (bitlen) 2163 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2164} 2165 2166/* 2167 * return the best address out of the same scope. if no address was 2168 * found, return the first valid address from designated IF. 2169 */ 2170struct in6_ifaddr * 2171in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2172{ 2173 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2174 struct ifaddr *ifa; 2175 struct in6_ifaddr *besta = 0; 2176 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2177 2178 dep[0] = dep[1] = NULL; 2179 2180 /* 2181 * We first look for addresses in the same scope. 2182 * If there is one, return it. 2183 * If two or more, return one which matches the dst longest. 2184 * If none, return one of global addresses assigned other ifs. 2185 */ 2186 IF_ADDR_RLOCK(ifp); 2187 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2188 if (ifa->ifa_addr->sa_family != AF_INET6) 2189 continue; 2190 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2191 continue; /* XXX: is there any case to allow anycast? */ 2192 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2193 continue; /* don't use this interface */ 2194 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2195 continue; 2196 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2197 if (V_ip6_use_deprecated) 2198 dep[0] = (struct in6_ifaddr *)ifa; 2199 continue; 2200 } 2201 2202 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2203 /* 2204 * call in6_matchlen() as few as possible 2205 */ 2206 if (besta) { 2207 if (blen == -1) 2208 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2209 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2210 if (tlen > blen) { 2211 blen = tlen; 2212 besta = (struct in6_ifaddr *)ifa; 2213 } 2214 } else 2215 besta = (struct in6_ifaddr *)ifa; 2216 } 2217 } 2218 if (besta) { 2219 ifa_ref(&besta->ia_ifa); 2220 IF_ADDR_RUNLOCK(ifp); 2221 return (besta); 2222 } 2223 2224 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2225 if (ifa->ifa_addr->sa_family != AF_INET6) 2226 continue; 2227 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2228 continue; /* XXX: is there any case to allow anycast? */ 2229 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2230 continue; /* don't use this interface */ 2231 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2232 continue; 2233 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2234 if (V_ip6_use_deprecated) 2235 dep[1] = (struct in6_ifaddr *)ifa; 2236 continue; 2237 } 2238 2239 if (ifa != NULL) 2240 ifa_ref(ifa); 2241 IF_ADDR_RUNLOCK(ifp); 2242 return (struct in6_ifaddr *)ifa; 2243 } 2244 2245 /* use the last-resort values, that are, deprecated addresses */ 2246 if (dep[0]) { 2247 ifa_ref((struct ifaddr *)dep[0]); 2248 IF_ADDR_RUNLOCK(ifp); 2249 return dep[0]; 2250 } 2251 if (dep[1]) { 2252 ifa_ref((struct ifaddr *)dep[1]); 2253 IF_ADDR_RUNLOCK(ifp); 2254 return dep[1]; 2255 } 2256 2257 IF_ADDR_RUNLOCK(ifp); 2258 return NULL; 2259} 2260 2261/* 2262 * perform DAD when interface becomes IFF_UP. 2263 */ 2264void 2265in6_if_up(struct ifnet *ifp) 2266{ 2267 struct ifaddr *ifa; 2268 struct in6_ifaddr *ia; 2269 2270 IF_ADDR_RLOCK(ifp); 2271 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2272 if (ifa->ifa_addr->sa_family != AF_INET6) 2273 continue; 2274 ia = (struct in6_ifaddr *)ifa; 2275 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2276 /* 2277 * The TENTATIVE flag was likely set by hand 2278 * beforehand, implicitly indicating the need for DAD. 2279 * We may be able to skip the random delay in this 2280 * case, but we impose delays just in case. 2281 */ 2282 nd6_dad_start(ifa, 2283 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2284 } 2285 } 2286 IF_ADDR_RUNLOCK(ifp); 2287 2288 /* 2289 * special cases, like 6to4, are handled in in6_ifattach 2290 */ 2291 in6_ifattach(ifp, NULL); 2292} 2293 2294int 2295in6if_do_dad(struct ifnet *ifp) 2296{ 2297 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2298 return (0); 2299 2300 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 2301 return (0); 2302 2303 switch (ifp->if_type) { 2304#ifdef IFT_DUMMY 2305 case IFT_DUMMY: 2306#endif 2307 case IFT_FAITH: 2308 /* 2309 * These interfaces do not have the IFF_LOOPBACK flag, 2310 * but loop packets back. We do not have to do DAD on such 2311 * interfaces. We should even omit it, because loop-backed 2312 * NS would confuse the DAD procedure. 2313 */ 2314 return (0); 2315 default: 2316 /* 2317 * Our DAD routine requires the interface up and running. 2318 * However, some interfaces can be up before the RUNNING 2319 * status. Additionaly, users may try to assign addresses 2320 * before the interface becomes up (or running). 2321 * We simply skip DAD in such a case as a work around. 2322 * XXX: we should rather mark "tentative" on such addresses, 2323 * and do DAD after the interface becomes ready. 2324 */ 2325 if (!((ifp->if_flags & IFF_UP) && 2326 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 2327 return (0); 2328 2329 return (1); 2330 } 2331} 2332 2333/* 2334 * Calculate max IPv6 MTU through all the interfaces and store it 2335 * to in6_maxmtu. 2336 */ 2337void 2338in6_setmaxmtu(void) 2339{ 2340 unsigned long maxmtu = 0; 2341 struct ifnet *ifp; 2342 2343 IFNET_RLOCK_NOSLEEP(); 2344 TAILQ_FOREACH(ifp, &V_ifnet, if_list) { 2345 /* this function can be called during ifnet initialization */ 2346 if (!ifp->if_afdata[AF_INET6]) 2347 continue; 2348 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2349 IN6_LINKMTU(ifp) > maxmtu) 2350 maxmtu = IN6_LINKMTU(ifp); 2351 } 2352 IFNET_RUNLOCK_NOSLEEP(); 2353 if (maxmtu) /* update only when maxmtu is positive */ 2354 V_in6_maxmtu = maxmtu; 2355} 2356 2357/* 2358 * Provide the length of interface identifiers to be used for the link attached 2359 * to the given interface. The length should be defined in "IPv6 over 2360 * xxx-link" document. Note that address architecture might also define 2361 * the length for a particular set of address prefixes, regardless of the 2362 * link type. As clarified in rfc2462bis, those two definitions should be 2363 * consistent, and those really are as of August 2004. 2364 */ 2365int 2366in6_if2idlen(struct ifnet *ifp) 2367{ 2368 switch (ifp->if_type) { 2369 case IFT_ETHER: /* RFC2464 */ 2370#ifdef IFT_PROPVIRTUAL 2371 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2372#endif 2373#ifdef IFT_L2VLAN 2374 case IFT_L2VLAN: /* ditto */ 2375#endif 2376#ifdef IFT_IEEE80211 2377 case IFT_IEEE80211: /* ditto */ 2378#endif 2379#ifdef IFT_MIP 2380 case IFT_MIP: /* ditto */ 2381#endif 2382 case IFT_INFINIBAND: 2383 return (64); 2384 case IFT_FDDI: /* RFC2467 */ 2385 return (64); 2386 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2387 return (64); 2388 case IFT_PPP: /* RFC2472 */ 2389 return (64); 2390 case IFT_ARCNET: /* RFC2497 */ 2391 return (64); 2392 case IFT_FRELAY: /* RFC2590 */ 2393 return (64); 2394 case IFT_IEEE1394: /* RFC3146 */ 2395 return (64); 2396 case IFT_GIF: 2397 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 2398 case IFT_LOOP: 2399 return (64); /* XXX: is this really correct? */ 2400 default: 2401 /* 2402 * Unknown link type: 2403 * It might be controversial to use the today's common constant 2404 * of 64 for these cases unconditionally. For full compliance, 2405 * we should return an error in this case. On the other hand, 2406 * if we simply miss the standard for the link type or a new 2407 * standard is defined for a new link type, the IFID length 2408 * is very likely to be the common constant. As a compromise, 2409 * we always use the constant, but make an explicit notice 2410 * indicating the "unknown" case. 2411 */ 2412 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2413 return (64); 2414 } 2415} 2416 2417#include <sys/sysctl.h> 2418 2419struct in6_llentry { 2420 struct llentry base; 2421 struct sockaddr_in6 l3_addr6; 2422}; 2423 2424static struct llentry * 2425in6_lltable_new(const struct sockaddr *l3addr, u_int flags) 2426{ 2427 struct in6_llentry *lle; 2428 2429 lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, 2430 M_DONTWAIT | M_ZERO); 2431 if (lle == NULL) /* NB: caller generates msg */ 2432 return NULL; 2433 2434 lle->l3_addr6 = *(const struct sockaddr_in6 *)l3addr; 2435 lle->base.lle_refcnt = 1; 2436 LLE_LOCK_INIT(&lle->base); 2437 callout_init_rw(&lle->base.ln_timer_ch, &lle->base.lle_lock, 2438 CALLOUT_RETURNUNLOCKED); 2439 2440 return &lle->base; 2441} 2442 2443/* 2444 * Deletes an address from the address table. 2445 * This function is called by the timer functions 2446 * such as arptimer() and nd6_llinfo_timer(), and 2447 * the caller does the locking. 2448 */ 2449static void 2450in6_lltable_free(struct lltable *llt, struct llentry *lle) 2451{ 2452 LLE_WUNLOCK(lle); 2453 LLE_LOCK_DESTROY(lle); 2454 free(lle, M_LLTABLE); 2455} 2456 2457static void 2458in6_lltable_prefix_free(struct lltable *llt, 2459 const struct sockaddr *prefix, 2460 const struct sockaddr *mask, 2461 u_int flags) 2462{ 2463 const struct sockaddr_in6 *pfx = (const struct sockaddr_in6 *)prefix; 2464 const struct sockaddr_in6 *msk = (const struct sockaddr_in6 *)mask; 2465 struct llentry *lle, *next; 2466 register int i; 2467 2468 /* 2469 * (flags & LLE_STATIC) means deleting all entries 2470 * including static ND6 entries 2471 */ 2472 for (i=0; i < LLTBL_HASHTBL_SIZE; i++) { 2473 LIST_FOREACH_SAFE(lle, &llt->lle_head[i], lle_next, next) { 2474 if (IN6_ARE_MASKED_ADDR_EQUAL( 2475 &((struct sockaddr_in6 *)L3_ADDR(lle))->sin6_addr, 2476 &pfx->sin6_addr, 2477 &msk->sin6_addr) && 2478 ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))) { 2479 int canceled; 2480 2481 canceled = callout_drain(&lle->la_timer); 2482 LLE_WLOCK(lle); 2483 if (canceled) 2484 LLE_REMREF(lle); 2485 llentry_free(lle); 2486 } 2487 } 2488 } 2489} 2490 2491static int 2492in6_lltable_rtcheck(struct ifnet *ifp, 2493 u_int flags, 2494 const struct sockaddr *l3addr) 2495{ 2496 struct rtentry *rt; 2497 char ip6buf[INET6_ADDRSTRLEN]; 2498 2499 KASSERT(l3addr->sa_family == AF_INET6, 2500 ("sin_family %d", l3addr->sa_family)); 2501 2502 /* Our local addresses are always only installed on the default FIB. */ 2503 /* XXX rtalloc1 should take a const param */ 2504 rt = in6_rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0, 2505 RT_DEFAULT_FIB); 2506 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) { 2507 struct ifaddr *ifa; 2508 /* 2509 * Create an ND6 cache for an IPv6 neighbor 2510 * that is not covered by our own prefix. 2511 */ 2512 /* XXX ifaof_ifpforaddr should take a const param */ 2513 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp); 2514 if (ifa != NULL) { 2515 ifa_free(ifa); 2516 if (rt != NULL) 2517 RTFREE_LOCKED(rt); 2518 return 0; 2519 } 2520 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n", 2521 ip6_sprintf(ip6buf, &((const struct sockaddr_in6 *)l3addr)->sin6_addr)); 2522 if (rt != NULL) 2523 RTFREE_LOCKED(rt); 2524 return EINVAL; 2525 } 2526 RTFREE_LOCKED(rt); 2527 return 0; 2528} 2529 2530static struct llentry * 2531in6_lltable_lookup(struct lltable *llt, u_int flags, 2532 const struct sockaddr *l3addr) 2533{ 2534 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr; 2535 struct ifnet *ifp = llt->llt_ifp; 2536 struct llentry *lle; 2537 struct llentries *lleh; 2538 u_int hashkey; 2539 2540 IF_AFDATA_LOCK_ASSERT(ifp); 2541 KASSERT(l3addr->sa_family == AF_INET6, 2542 ("sin_family %d", l3addr->sa_family)); 2543 2544 hashkey = sin6->sin6_addr.s6_addr32[3]; 2545 lleh = &llt->lle_head[LLATBL_HASH(hashkey, LLTBL_HASHMASK)]; 2546 LIST_FOREACH(lle, lleh, lle_next) { 2547 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)L3_ADDR(lle); 2548 if (lle->la_flags & LLE_DELETED) 2549 continue; 2550 if (bcmp(&sa6->sin6_addr, &sin6->sin6_addr, 2551 sizeof(struct in6_addr)) == 0) 2552 break; 2553 } 2554 2555 if (lle == NULL) { 2556 if (!(flags & LLE_CREATE)) 2557 return (NULL); 2558 /* 2559 * A route that covers the given address must have 2560 * been installed 1st because we are doing a resolution, 2561 * verify this. 2562 */ 2563 if (!(flags & LLE_IFADDR) && 2564 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) 2565 return NULL; 2566 2567 lle = in6_lltable_new(l3addr, flags); 2568 if (lle == NULL) { 2569 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2570 return NULL; 2571 } 2572 lle->la_flags = flags & ~LLE_CREATE; 2573 if ((flags & (LLE_CREATE | LLE_IFADDR)) == (LLE_CREATE | LLE_IFADDR)) { 2574 bcopy(IF_LLADDR(ifp), &lle->ll_addr, ifp->if_addrlen); 2575 lle->la_flags |= (LLE_VALID | LLE_STATIC); 2576 } 2577 2578 lle->lle_tbl = llt; 2579 lle->lle_head = lleh; 2580 LIST_INSERT_HEAD(lleh, lle, lle_next); 2581 } else if (flags & LLE_DELETE) { 2582 if (!(lle->la_flags & LLE_IFADDR) || (flags & LLE_IFADDR)) { 2583 LLE_WLOCK(lle); 2584 lle->la_flags = LLE_DELETED; 2585 LLE_WUNLOCK(lle); 2586#ifdef DIAGNOSTIC 2587 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle); 2588#endif 2589 } 2590 lle = (void *)-1; 2591 } 2592 if (LLE_IS_VALID(lle)) { 2593 if (flags & LLE_EXCLUSIVE) 2594 LLE_WLOCK(lle); 2595 else 2596 LLE_RLOCK(lle); 2597 } 2598 return (lle); 2599} 2600 2601static int 2602in6_lltable_dump(struct lltable *llt, struct sysctl_req *wr) 2603{ 2604 struct ifnet *ifp = llt->llt_ifp; 2605 struct llentry *lle; 2606 /* XXX stack use */ 2607 struct { 2608 struct rt_msghdr rtm; 2609 struct sockaddr_in6 sin6; 2610 /* 2611 * ndp.c assumes that sdl is word aligned 2612 */ 2613#ifdef __LP64__ 2614 uint32_t pad; 2615#endif 2616 struct sockaddr_dl sdl; 2617 } ndpc; 2618 int i, error; 2619 2620 if (ifp->if_flags & IFF_LOOPBACK) 2621 return 0; 2622 2623 LLTABLE_LOCK_ASSERT(); 2624 2625 error = 0; 2626 for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) { 2627 LIST_FOREACH(lle, &llt->lle_head[i], lle_next) { 2628 struct sockaddr_dl *sdl; 2629 2630 /* skip deleted or invalid entries */ 2631 if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) 2632 continue; 2633 /* Skip if jailed and not a valid IP of the prison. */ 2634 if (prison_if(wr->td->td_ucred, L3_ADDR(lle)) != 0) 2635 continue; 2636 /* 2637 * produce a msg made of: 2638 * struct rt_msghdr; 2639 * struct sockaddr_in6 (IPv6) 2640 * struct sockaddr_dl; 2641 */ 2642 bzero(&ndpc, sizeof(ndpc)); 2643 ndpc.rtm.rtm_msglen = sizeof(ndpc); 2644 ndpc.rtm.rtm_version = RTM_VERSION; 2645 ndpc.rtm.rtm_type = RTM_GET; 2646 ndpc.rtm.rtm_flags = RTF_UP; 2647 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY; 2648 ndpc.sin6.sin6_family = AF_INET6; 2649 ndpc.sin6.sin6_len = sizeof(ndpc.sin6); 2650 bcopy(L3_ADDR(lle), &ndpc.sin6, L3_ADDR_LEN(lle)); 2651 2652 /* publish */ 2653 if (lle->la_flags & LLE_PUB) 2654 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE; 2655 2656 sdl = &ndpc.sdl; 2657 sdl->sdl_family = AF_LINK; 2658 sdl->sdl_len = sizeof(*sdl); 2659 sdl->sdl_alen = ifp->if_addrlen; 2660 sdl->sdl_index = ifp->if_index; 2661 sdl->sdl_type = ifp->if_type; 2662 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); 2663 ndpc.rtm.rtm_rmx.rmx_expire = 2664 lle->la_flags & LLE_STATIC ? 0 : lle->la_expire; 2665 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA); 2666 if (lle->la_flags & LLE_STATIC) 2667 ndpc.rtm.rtm_flags |= RTF_STATIC; 2668 ndpc.rtm.rtm_index = ifp->if_index; 2669 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc)); 2670 if (error) 2671 break; 2672 } 2673 } 2674 return error; 2675} 2676 2677void * 2678in6_domifattach(struct ifnet *ifp) 2679{ 2680 struct in6_ifextra *ext; 2681 2682 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2683 bzero(ext, sizeof(*ext)); 2684 2685 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2686 M_IFADDR, M_WAITOK); 2687 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2688 2689 ext->icmp6_ifstat = 2690 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2691 M_IFADDR, M_WAITOK); 2692 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2693 2694 ext->nd_ifinfo = nd6_ifattach(ifp); 2695 ext->scope6_id = scope6_ifattach(ifp); 2696 ext->lltable = lltable_init(ifp, AF_INET6); 2697 if (ext->lltable != NULL) { 2698 ext->lltable->llt_free = in6_lltable_free; 2699 ext->lltable->llt_prefix_free = in6_lltable_prefix_free; 2700 ext->lltable->llt_lookup = in6_lltable_lookup; 2701 ext->lltable->llt_dump = in6_lltable_dump; 2702 } 2703 2704 ext->mld_ifinfo = mld_domifattach(ifp); 2705 2706 return ext; 2707} 2708 2709void 2710in6_domifdetach(struct ifnet *ifp, void *aux) 2711{ 2712 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2713 2714 mld_domifdetach(ifp); 2715 scope6_ifdetach(ext->scope6_id); 2716 nd6_ifdetach(ext->nd_ifinfo); 2717 lltable_free(ext->lltable); 2718 free(ext->in6_ifstat, M_IFADDR); 2719 free(ext->icmp6_ifstat, M_IFADDR); 2720 free(ext, M_IFADDR); 2721} 2722 2723/* 2724 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2725 * v4 mapped addr or v4 compat addr 2726 */ 2727void 2728in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2729{ 2730 2731 bzero(sin, sizeof(*sin)); 2732 sin->sin_len = sizeof(struct sockaddr_in); 2733 sin->sin_family = AF_INET; 2734 sin->sin_port = sin6->sin6_port; 2735 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2736} 2737 2738/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2739void 2740in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2741{ 2742 bzero(sin6, sizeof(*sin6)); 2743 sin6->sin6_len = sizeof(struct sockaddr_in6); 2744 sin6->sin6_family = AF_INET6; 2745 sin6->sin6_port = sin->sin_port; 2746 sin6->sin6_addr.s6_addr32[0] = 0; 2747 sin6->sin6_addr.s6_addr32[1] = 0; 2748 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2749 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2750} 2751 2752/* Convert sockaddr_in6 into sockaddr_in. */ 2753void 2754in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2755{ 2756 struct sockaddr_in *sin_p; 2757 struct sockaddr_in6 sin6; 2758 2759 /* 2760 * Save original sockaddr_in6 addr and convert it 2761 * to sockaddr_in. 2762 */ 2763 sin6 = *(struct sockaddr_in6 *)nam; 2764 sin_p = (struct sockaddr_in *)nam; 2765 in6_sin6_2_sin(sin_p, &sin6); 2766} 2767 2768/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2769void 2770in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2771{ 2772 struct sockaddr_in *sin_p; 2773 struct sockaddr_in6 *sin6_p; 2774 2775 sin6_p = malloc(sizeof *sin6_p, M_SONAME, 2776 M_WAITOK); 2777 sin_p = (struct sockaddr_in *)*nam; 2778 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2779 free(*nam, M_SONAME); 2780 *nam = (struct sockaddr *)sin6_p; 2781} 2782