1/* $NetBSD: in6.c,v 1.159.10.1 2013/07/08 07:40:56 jdc Exp $ */ 2/* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64#include <sys/cdefs.h> 65__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.159.10.1 2013/07/08 07:40:56 jdc Exp $"); 66 67#include "opt_inet.h" 68#include "opt_pfil_hooks.h" 69#include "opt_compat_netbsd.h" 70 71#include <sys/param.h> 72#include <sys/ioctl.h> 73#include <sys/errno.h> 74#include <sys/malloc.h> 75#include <sys/socket.h> 76#include <sys/socketvar.h> 77#include <sys/sockio.h> 78#include <sys/systm.h> 79#include <sys/proc.h> 80#include <sys/time.h> 81#include <sys/kernel.h> 82#include <sys/syslog.h> 83#include <sys/kauth.h> 84#include <sys/cprng.h> 85 86#include <net/if.h> 87#include <net/if_types.h> 88#include <net/route.h> 89#include <net/if_dl.h> 90 91#include <netinet/in.h> 92#include <netinet/in_var.h> 93#include <net/if_ether.h> 94 95#include <netinet/ip6.h> 96#include <netinet6/ip6_var.h> 97#include <netinet6/nd6.h> 98#include <netinet6/mld6_var.h> 99#include <netinet6/ip6_mroute.h> 100#include <netinet6/in6_ifattach.h> 101#include <netinet6/scope6_var.h> 102 103#include <net/net_osdep.h> 104 105#ifdef PFIL_HOOKS 106#include <net/pfil.h> 107#endif 108#ifdef COMPAT_50 109#include <compat/netinet6/in6_var.h> 110#endif 111 112MALLOC_DEFINE(M_IP6OPT, "ip6_options", "IPv6 options"); 113 114/* enable backward compatibility code for obsoleted ioctls */ 115#define COMPAT_IN6IFIOCTL 116 117#ifdef IN6_DEBUG 118#define IN6_DPRINTF(__fmt, ...) printf(__fmt, __VA_ARGS__) 119#else 120#define IN6_DPRINTF(__fmt, ...) do { } while (/*CONSTCOND*/0) 121#endif /* IN6_DEBUG */ 122 123/* 124 * Definitions of some constant IP6 addresses. 125 */ 126const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 127const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 128const struct in6_addr in6addr_nodelocal_allnodes = 129 IN6ADDR_NODELOCAL_ALLNODES_INIT; 130const struct in6_addr in6addr_linklocal_allnodes = 131 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 132const struct in6_addr in6addr_linklocal_allrouters = 133 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 134 135const struct in6_addr in6mask0 = IN6MASK0; 136const struct in6_addr in6mask32 = IN6MASK32; 137const struct in6_addr in6mask64 = IN6MASK64; 138const struct in6_addr in6mask96 = IN6MASK96; 139const struct in6_addr in6mask128 = IN6MASK128; 140 141const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6, 142 0, 0, IN6ADDR_ANY_INIT, 0}; 143 144static int in6_lifaddr_ioctl(struct socket *, u_long, void *, 145 struct ifnet *, struct lwp *); 146static int in6_ifinit(struct ifnet *, struct in6_ifaddr *, 147 const struct sockaddr_in6 *, int); 148static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 149 150/* 151 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 152 * This routine does actual work. 153 */ 154static void 155in6_ifloop_request(int cmd, struct ifaddr *ifa) 156{ 157 struct sockaddr_in6 lo_sa; 158 struct sockaddr_in6 all1_sa; 159 struct rtentry *nrt = NULL; 160 int e; 161 162 sockaddr_in6_init(&all1_sa, &in6mask128, 0, 0, 0); 163 sockaddr_in6_init(&lo_sa, &in6addr_loopback, 0, 0, 0); 164 165 /* 166 * We specify the address itself as the gateway, and set the 167 * RTF_LLINFO flag, so that the corresponding host route would have 168 * the flag, and thus applications that assume traditional behavior 169 * would be happy. Note that we assume the caller of the function 170 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 171 * which changes the outgoing interface to the loopback interface. 172 */ 173 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 174 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 175 if (e != 0) { 176 log(LOG_ERR, "in6_ifloop_request: " 177 "%s operation failed for %s (errno=%d)\n", 178 cmd == RTM_ADD ? "ADD" : "DELETE", 179 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), 180 e); 181 } 182 183 /* 184 * Make sure rt_ifa be equal to IFA, the second argument of the 185 * function. 186 * We need this because when we refer to rt_ifa->ia6_flags in 187 * ip6_input, we assume that the rt_ifa points to the address instead 188 * of the loopback address. 189 */ 190 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) 191 rt_replace_ifa(nrt, ifa); 192 193 /* 194 * Report the addition/removal of the address to the routing socket. 195 * XXX: since we called rtinit for a p2p interface with a destination, 196 * we end up reporting twice in such a case. Should we rather 197 * omit the second report? 198 */ 199 if (nrt) { 200 rt_newaddrmsg(cmd, ifa, e, nrt); 201 if (cmd == RTM_DELETE) { 202 if (nrt->rt_refcnt <= 0) { 203 /* XXX: we should free the entry ourselves. */ 204 nrt->rt_refcnt++; 205 rtfree(nrt); 206 } 207 } else { 208 /* the cmd must be RTM_ADD here */ 209 nrt->rt_refcnt--; 210 } 211 } 212} 213 214/* 215 * Add ownaddr as loopback rtentry. We previously add the route only if 216 * necessary (ex. on a p2p link). However, since we now manage addresses 217 * separately from prefixes, we should always add the route. We can't 218 * rely on the cloning mechanism from the corresponding interface route 219 * any more. 220 */ 221void 222in6_ifaddloop(struct ifaddr *ifa) 223{ 224 struct rtentry *rt; 225 226 /* If there is no loopback entry, allocate one. */ 227 rt = rtalloc1(ifa->ifa_addr, 0); 228 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 229 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 230 in6_ifloop_request(RTM_ADD, ifa); 231 if (rt != NULL) 232 rt->rt_refcnt--; 233} 234 235/* 236 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 237 * if it exists. 238 */ 239void 240in6_ifremloop(struct ifaddr *ifa) 241{ 242 struct in6_ifaddr *alt_ia = NULL, *ia; 243 struct rtentry *rt; 244 int ia_count = 0; 245 246 /* 247 * Some of BSD variants do not remove cloned routes 248 * from an interface direct route, when removing the direct route 249 * (see comments in net/net_osdep.h). Even for variants that do remove 250 * cloned routes, they could fail to remove the cloned routes when 251 * we handle multple addresses that share a common prefix. 252 * So, we should remove the route corresponding to the deleted address. 253 */ 254 255 /* 256 * Delete the entry only if exactly one ifaddr matches the 257 * address, ifa->ifa_addr. 258 * 259 * If more than one ifaddr matches, replace the ifaddr in 260 * the routing table, rt_ifa, with a different ifaddr than 261 * the one we are purging, ifa. It is important to do 262 * this, or else the routing table can accumulate dangling 263 * pointers rt->rt_ifa->ifa_ifp to destroyed interfaces, 264 * which will lead to crashes, later. (More than one ifaddr 265 * can match if we assign the same address to multiple---probably 266 * p2p---interfaces.) 267 * 268 * XXX An old comment at this place said, "we should avoid 269 * XXX such a configuration [i.e., interfaces with the same 270 * XXX addressed assigned --ed.] in IPv6...". I do not 271 * XXX agree, especially now that I have fixed the dangling 272 * XXX ifp-pointers bug. 273 */ 274 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 275 if (!IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) 276 continue; 277 if (ia->ia_ifp != ifa->ifa_ifp) 278 alt_ia = ia; 279 if (++ia_count > 1 && alt_ia != NULL) 280 break; 281 } 282 283 if (ia_count == 0) 284 return; 285 286 if ((rt = rtalloc1(ifa->ifa_addr, 0)) == NULL) 287 return; 288 rt->rt_refcnt--; 289 290 /* 291 * Before deleting, check if a corresponding loopbacked 292 * host route surely exists. With this check, we can avoid 293 * deleting an interface direct route whose destination is 294 * the same as the address being removed. This can happen 295 * when removing a subnet-router anycast address on an 296 * interface attached to a shared medium. 297 */ 298 if ((rt->rt_flags & RTF_HOST) == 0 || 299 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0) 300 return; 301 302 /* If we cannot replace the route's ifaddr with the equivalent 303 * ifaddr of another interface, I believe it is safest to 304 * delete the route. 305 */ 306 if (ia_count == 1 || alt_ia == NULL) 307 in6_ifloop_request(RTM_DELETE, ifa); 308 else 309 rt_replace_ifa(rt, &alt_ia->ia_ifa); 310} 311 312int 313in6_mask2len(struct in6_addr *mask, u_char *lim0) 314{ 315 int x = 0, y; 316 u_char *lim = lim0, *p; 317 318 /* ignore the scope_id part */ 319 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 320 lim = (u_char *)mask + sizeof(*mask); 321 for (p = (u_char *)mask; p < lim; x++, p++) { 322 if (*p != 0xff) 323 break; 324 } 325 y = 0; 326 if (p < lim) { 327 for (y = 0; y < NBBY; y++) { 328 if ((*p & (0x80 >> y)) == 0) 329 break; 330 } 331 } 332 333 /* 334 * when the limit pointer is given, do a stricter check on the 335 * remaining bits. 336 */ 337 if (p < lim) { 338 if (y != 0 && (*p & (0x00ff >> y)) != 0) 339 return -1; 340 for (p = p + 1; p < lim; p++) 341 if (*p != 0) 342 return -1; 343 } 344 345 return x * NBBY + y; 346} 347 348#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 349#define ia62ifa(ia6) (&((ia6)->ia_ifa)) 350 351static int 352in6_control1(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 353 lwp_t *l) 354{ 355 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 356 struct in6_ifaddr *ia = NULL; 357 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 358 struct sockaddr_in6 *sa6; 359 int error; 360 361 switch (cmd) { 362 /* 363 * XXX: Fix me, once we fix SIOCSIFADDR, SIOCIFDSTADDR, etc. 364 */ 365 case SIOCSIFADDR: 366 case SIOCSIFDSTADDR: 367#ifdef SIOCSIFCONF_X25 368 case SIOCSIFCONF_X25: 369#endif 370 case SIOCSIFBRDADDR: 371 case SIOCSIFNETMASK: 372 return EOPNOTSUPP; 373 case SIOCGETSGCNT_IN6: 374 case SIOCGETMIFCNT_IN6: 375 return mrt6_ioctl(cmd, data); 376 case SIOCGIFADDRPREF: 377 case SIOCSIFADDRPREF: 378 if (ifp == NULL) 379 return EINVAL; 380 return ifaddrpref_ioctl(so, cmd, data, ifp, l); 381 } 382 383 if (ifp == NULL) 384 return EOPNOTSUPP; 385 386 switch (cmd) { 387 case SIOCSNDFLUSH_IN6: 388 case SIOCSPFXFLUSH_IN6: 389 case SIOCSRTRFLUSH_IN6: 390 case SIOCSDEFIFACE_IN6: 391 case SIOCSIFINFO_FLAGS: 392 case SIOCSIFINFO_IN6: 393 /* Privileged. */ 394 /* FALLTHROUGH */ 395 case OSIOCGIFINFO_IN6: 396 case SIOCGIFINFO_IN6: 397 case SIOCGDRLST_IN6: 398 case SIOCGPRLST_IN6: 399 case SIOCGNBRINFO_IN6: 400 case SIOCGDEFIFACE_IN6: 401 return nd6_ioctl(cmd, data, ifp); 402 } 403 404 switch (cmd) { 405 case SIOCSIFPREFIX_IN6: 406 case SIOCDIFPREFIX_IN6: 407 case SIOCAIFPREFIX_IN6: 408 case SIOCCIFPREFIX_IN6: 409 case SIOCSGIFPREFIX_IN6: 410 case SIOCGIFPREFIX_IN6: 411 log(LOG_NOTICE, 412 "prefix ioctls are now invalidated. " 413 "please use ifconfig.\n"); 414 return EOPNOTSUPP; 415 } 416 417 switch (cmd) { 418 case SIOCALIFADDR: 419 case SIOCDLIFADDR: 420 /* Privileged. */ 421 /* FALLTHROUGH */ 422 case SIOCGLIFADDR: 423 return in6_lifaddr_ioctl(so, cmd, data, ifp, l); 424 } 425 426 /* 427 * Find address for this interface, if it exists. 428 * 429 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 430 * only, and used the first interface address as the target of other 431 * operations (without checking ifra_addr). This was because netinet 432 * code/API assumed at most 1 interface address per interface. 433 * Since IPv6 allows a node to assign multiple addresses 434 * on a single interface, we almost always look and check the 435 * presence of ifra_addr, and reject invalid ones here. 436 * It also decreases duplicated code among SIOC*_IN6 operations. 437 */ 438 switch (cmd) { 439 case SIOCAIFADDR_IN6: 440#ifdef OSIOCAIFADDR_IN6 441 case OSIOCAIFADDR_IN6: 442#endif 443#ifdef OSIOCSIFPHYADDR_IN6 444 case OSIOCSIFPHYADDR_IN6: 445#endif 446 case SIOCSIFPHYADDR_IN6: 447 sa6 = &ifra->ifra_addr; 448 break; 449 case SIOCSIFADDR_IN6: 450 case SIOCGIFADDR_IN6: 451 case SIOCSIFDSTADDR_IN6: 452 case SIOCSIFNETMASK_IN6: 453 case SIOCGIFDSTADDR_IN6: 454 case SIOCGIFNETMASK_IN6: 455 case SIOCDIFADDR_IN6: 456 case SIOCGIFPSRCADDR_IN6: 457 case SIOCGIFPDSTADDR_IN6: 458 case SIOCGIFAFLAG_IN6: 459 case SIOCSNDFLUSH_IN6: 460 case SIOCSPFXFLUSH_IN6: 461 case SIOCSRTRFLUSH_IN6: 462 case SIOCGIFALIFETIME_IN6: 463#ifdef OSIOCGIFALIFETIME_IN6 464 case OSIOCGIFALIFETIME_IN6: 465#endif 466 case SIOCGIFSTAT_IN6: 467 case SIOCGIFSTAT_ICMP6: 468 sa6 = &ifr->ifr_addr; 469 break; 470 default: 471 sa6 = NULL; 472 break; 473 } 474 if (sa6 && sa6->sin6_family == AF_INET6) { 475 if (sa6->sin6_scope_id != 0) 476 error = sa6_embedscope(sa6, 0); 477 else 478 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 479 if (error != 0) 480 return error; 481 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 482 } else 483 ia = NULL; 484 485 switch (cmd) { 486 case SIOCSIFADDR_IN6: 487 case SIOCSIFDSTADDR_IN6: 488 case SIOCSIFNETMASK_IN6: 489 /* 490 * Since IPv6 allows a node to assign multiple addresses 491 * on a single interface, SIOCSIFxxx ioctls are deprecated. 492 */ 493 return EINVAL; 494 495 case SIOCDIFADDR_IN6: 496 /* 497 * for IPv4, we look for existing in_ifaddr here to allow 498 * "ifconfig if0 delete" to remove the first IPv4 address on 499 * the interface. For IPv6, as the spec allows multiple 500 * interface address from the day one, we consider "remove the 501 * first one" semantics to be not preferable. 502 */ 503 if (ia == NULL) 504 return EADDRNOTAVAIL; 505 /* FALLTHROUGH */ 506#ifdef OSIOCAIFADDR_IN6 507 case OSIOCAIFADDR_IN6: 508#endif 509 case SIOCAIFADDR_IN6: 510 /* 511 * We always require users to specify a valid IPv6 address for 512 * the corresponding operation. 513 */ 514 if (ifra->ifra_addr.sin6_family != AF_INET6 || 515 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 516 return EAFNOSUPPORT; 517 /* Privileged. */ 518 519 break; 520 521 case SIOCGIFADDR_IN6: 522 /* This interface is basically deprecated. use SIOCGIFCONF. */ 523 /* FALLTHROUGH */ 524 case SIOCGIFAFLAG_IN6: 525 case SIOCGIFNETMASK_IN6: 526 case SIOCGIFDSTADDR_IN6: 527 case SIOCGIFALIFETIME_IN6: 528#ifdef OSIOCGIFALIFETIME_IN6 529 case OSIOCGIFALIFETIME_IN6: 530#endif 531 /* must think again about its semantics */ 532 if (ia == NULL) 533 return EADDRNOTAVAIL; 534 break; 535 } 536 537 switch (cmd) { 538 539 case SIOCGIFADDR_IN6: 540 ifr->ifr_addr = ia->ia_addr; 541 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 542 return error; 543 break; 544 545 case SIOCGIFDSTADDR_IN6: 546 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 547 return EINVAL; 548 /* 549 * XXX: should we check if ifa_dstaddr is NULL and return 550 * an error? 551 */ 552 ifr->ifr_dstaddr = ia->ia_dstaddr; 553 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 554 return error; 555 break; 556 557 case SIOCGIFNETMASK_IN6: 558 ifr->ifr_addr = ia->ia_prefixmask; 559 break; 560 561 case SIOCGIFAFLAG_IN6: 562 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 563 break; 564 565 case SIOCGIFSTAT_IN6: 566 if (ifp == NULL) 567 return EINVAL; 568 memset(&ifr->ifr_ifru.ifru_stat, 0, 569 sizeof(ifr->ifr_ifru.ifru_stat)); 570 ifr->ifr_ifru.ifru_stat = 571 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 572 break; 573 574 case SIOCGIFSTAT_ICMP6: 575 if (ifp == NULL) 576 return EINVAL; 577 memset(&ifr->ifr_ifru.ifru_icmp6stat, 0, 578 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 579 ifr->ifr_ifru.ifru_icmp6stat = 580 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 581 break; 582 583#ifdef OSIOCGIFALIFETIME_IN6 584 case OSIOCGIFALIFETIME_IN6: 585#endif 586 case SIOCGIFALIFETIME_IN6: 587 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 588 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 589 time_t maxexpire; 590 struct in6_addrlifetime *retlt = 591 &ifr->ifr_ifru.ifru_lifetime; 592 593 /* 594 * XXX: adjust expiration time assuming time_t is 595 * signed. 596 */ 597 maxexpire = ((time_t)~0) & 598 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 599 if (ia->ia6_lifetime.ia6t_vltime < 600 maxexpire - ia->ia6_updatetime) { 601 retlt->ia6t_expire = ia->ia6_updatetime + 602 ia->ia6_lifetime.ia6t_vltime; 603 } else 604 retlt->ia6t_expire = maxexpire; 605 } 606 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 607 time_t maxexpire; 608 struct in6_addrlifetime *retlt = 609 &ifr->ifr_ifru.ifru_lifetime; 610 611 /* 612 * XXX: adjust expiration time assuming time_t is 613 * signed. 614 */ 615 maxexpire = ((time_t)~0) & 616 ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1)); 617 if (ia->ia6_lifetime.ia6t_pltime < 618 maxexpire - ia->ia6_updatetime) { 619 retlt->ia6t_preferred = ia->ia6_updatetime + 620 ia->ia6_lifetime.ia6t_pltime; 621 } else 622 retlt->ia6t_preferred = maxexpire; 623 } 624#ifdef OSIOCFIFALIFETIME_IN6 625 if (cmd == OSIOCFIFALIFETIME_IN6) 626 in6_addrlifetime_to_in6_addrlifetime50( 627 &ifr->ifru.ifru_lifetime); 628#endif 629 break; 630 631#ifdef OSIOCAIFADDR_IN6 632 case OSIOCAIFADDR_IN6: 633 in6_aliasreq50_to_in6_aliasreq(ifra); 634 /*FALLTHROUGH*/ 635#endif 636 case SIOCAIFADDR_IN6: 637 { 638 int i; 639 struct nd_prefixctl pr0; 640 struct nd_prefix *pr; 641 642 /* reject read-only flags */ 643 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 644 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 645 (ifra->ifra_flags & IN6_IFF_NODAD) != 0 || 646 (ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0) { 647 return EINVAL; 648 } 649 /* 650 * first, make or update the interface address structure, 651 * and link it to the list. 652 */ 653 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 654 return error; 655 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 656 == NULL) { 657 /* 658 * this can happen when the user specify the 0 valid 659 * lifetime. 660 */ 661 break; 662 } 663 664 /* 665 * then, make the prefix on-link on the interface. 666 * XXX: we'd rather create the prefix before the address, but 667 * we need at least one address to install the corresponding 668 * interface route, so we configure the address first. 669 */ 670 671 /* 672 * convert mask to prefix length (prefixmask has already 673 * been validated in in6_update_ifa(). 674 */ 675 memset(&pr0, 0, sizeof(pr0)); 676 pr0.ndpr_ifp = ifp; 677 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 678 NULL); 679 if (pr0.ndpr_plen == 128) { 680 break; /* we don't need to install a host route. */ 681 } 682 pr0.ndpr_prefix = ifra->ifra_addr; 683 /* apply the mask for safety. */ 684 for (i = 0; i < 4; i++) { 685 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 686 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 687 } 688 /* 689 * XXX: since we don't have an API to set prefix (not address) 690 * lifetimes, we just use the same lifetimes as addresses. 691 * The (temporarily) installed lifetimes can be overridden by 692 * later advertised RAs (when accept_rtadv is non 0), which is 693 * an intended behavior. 694 */ 695 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 696 pr0.ndpr_raf_auto = 697 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 698 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 699 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 700 701 /* add the prefix if not yet. */ 702 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 703 /* 704 * nd6_prelist_add will install the corresponding 705 * interface route. 706 */ 707 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 708 return error; 709 if (pr == NULL) { 710 log(LOG_ERR, "nd6_prelist_add succeeded but " 711 "no prefix\n"); 712 return EINVAL; /* XXX panic here? */ 713 } 714 } 715 716 /* relate the address to the prefix */ 717 if (ia->ia6_ndpr == NULL) { 718 ia->ia6_ndpr = pr; 719 pr->ndpr_refcnt++; 720 721 /* 722 * If this is the first autoconf address from the 723 * prefix, create a temporary address as well 724 * (when required). 725 */ 726 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 727 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 728 int e; 729 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 730 log(LOG_NOTICE, "in6_control: failed " 731 "to create a temporary address, " 732 "errno=%d\n", e); 733 } 734 } 735 } 736 737 /* 738 * this might affect the status of autoconfigured addresses, 739 * that is, this address might make other addresses detached. 740 */ 741 pfxlist_onlink_check(); 742 743#ifdef PFIL_HOOKS 744 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCAIFADDR_IN6, 745 ifp, PFIL_IFADDR); 746#endif 747 748 break; 749 } 750 751 case SIOCDIFADDR_IN6: 752 { 753 struct nd_prefix *pr; 754 755 /* 756 * If the address being deleted is the only one that owns 757 * the corresponding prefix, expire the prefix as well. 758 * XXX: theoretically, we don't have to worry about such 759 * relationship, since we separate the address management 760 * and the prefix management. We do this, however, to provide 761 * as much backward compatibility as possible in terms of 762 * the ioctl operation. 763 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 764 */ 765 pr = ia->ia6_ndpr; 766 in6_purgeaddr(&ia->ia_ifa); 767 if (pr && pr->ndpr_refcnt == 0) 768 prelist_remove(pr); 769#ifdef PFIL_HOOKS 770 (void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCDIFADDR_IN6, 771 ifp, PFIL_IFADDR); 772#endif 773 break; 774 } 775 776 default: 777 return ENOTTY; 778 } 779 780 return 0; 781} 782 783int 784in6_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, 785 struct lwp *l) 786{ 787 int error, s; 788 789 switch (cmd) { 790 case SIOCSNDFLUSH_IN6: 791 case SIOCSPFXFLUSH_IN6: 792 case SIOCSRTRFLUSH_IN6: 793 case SIOCSDEFIFACE_IN6: 794 case SIOCSIFINFO_FLAGS: 795 case SIOCSIFINFO_IN6: 796 797 case SIOCALIFADDR: 798 case SIOCDLIFADDR: 799 800 case SIOCDIFADDR_IN6: 801#ifdef OSIOCAIFADDR_IN6 802 case OSIOCAIFADDR_IN6: 803#endif 804 case SIOCAIFADDR_IN6: 805 if (l == NULL || kauth_authorize_generic(l->l_cred, 806 KAUTH_GENERIC_ISSUSER, NULL)) 807 return EPERM; 808 break; 809 } 810 811 s = splnet(); 812 error = in6_control1(so , cmd, data, ifp, l); 813 splx(s); 814 return error; 815} 816 817/* 818 * Update parameters of an IPv6 interface address. 819 * If necessary, a new entry is created and linked into address chains. 820 * This function is separated from in6_control(). 821 * XXX: should this be performed under splnet()? 822 */ 823static int 824in6_update_ifa1(struct ifnet *ifp, struct in6_aliasreq *ifra, 825 struct in6_ifaddr *ia, int flags) 826{ 827 int error = 0, hostIsNew = 0, plen = -1; 828 struct in6_ifaddr *oia; 829 struct sockaddr_in6 dst6; 830 struct in6_addrlifetime *lt; 831 struct in6_multi_mship *imm; 832 struct in6_multi *in6m_sol; 833 struct rtentry *rt; 834 int dad_delay; 835 836 in6m_sol = NULL; 837 838 /* Validate parameters */ 839 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 840 return EINVAL; 841 842 /* 843 * The destination address for a p2p link must have a family 844 * of AF_UNSPEC or AF_INET6. 845 */ 846 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 847 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 848 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 849 return EAFNOSUPPORT; 850 /* 851 * validate ifra_prefixmask. don't check sin6_family, netmask 852 * does not carry fields other than sin6_len. 853 */ 854 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 855 return EINVAL; 856 /* 857 * Because the IPv6 address architecture is classless, we require 858 * users to specify a (non 0) prefix length (mask) for a new address. 859 * We also require the prefix (when specified) mask is valid, and thus 860 * reject a non-consecutive mask. 861 */ 862 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 863 return EINVAL; 864 if (ifra->ifra_prefixmask.sin6_len != 0) { 865 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 866 (u_char *)&ifra->ifra_prefixmask + 867 ifra->ifra_prefixmask.sin6_len); 868 if (plen <= 0) 869 return EINVAL; 870 } else { 871 /* 872 * In this case, ia must not be NULL. We just use its prefix 873 * length. 874 */ 875 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 876 } 877 /* 878 * If the destination address on a p2p interface is specified, 879 * and the address is a scoped one, validate/set the scope 880 * zone identifier. 881 */ 882 dst6 = ifra->ifra_dstaddr; 883 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 884 (dst6.sin6_family == AF_INET6)) { 885 struct in6_addr in6_tmp; 886 u_int32_t zoneid; 887 888 in6_tmp = dst6.sin6_addr; 889 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 890 return EINVAL; /* XXX: should be impossible */ 891 892 if (dst6.sin6_scope_id != 0) { 893 if (dst6.sin6_scope_id != zoneid) 894 return EINVAL; 895 } else /* user omit to specify the ID. */ 896 dst6.sin6_scope_id = zoneid; 897 898 /* convert into the internal form */ 899 if (sa6_embedscope(&dst6, 0)) 900 return EINVAL; /* XXX: should be impossible */ 901 } 902 /* 903 * The destination address can be specified only for a p2p or a 904 * loopback interface. If specified, the corresponding prefix length 905 * must be 128. 906 */ 907 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 908#ifdef FORCE_P2PPLEN 909 int i; 910#endif 911 912 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 913 /* XXX: noisy message */ 914 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 915 "be specified for a p2p or a loopback IF only\n")); 916 return EINVAL; 917 } 918 if (plen != 128) { 919 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 920 "be 128 when dstaddr is specified\n")); 921#ifdef FORCE_P2PPLEN 922 /* 923 * To be compatible with old configurations, 924 * such as ifconfig gif0 inet6 2001::1 2001::2 925 * prefixlen 126, we override the specified 926 * prefixmask as if the prefix length was 128. 927 */ 928 ifra->ifra_prefixmask.sin6_len = 929 sizeof(struct sockaddr_in6); 930 for (i = 0; i < 4; i++) 931 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i] = 932 0xffffffff; 933 plen = 128; 934#else 935 return EINVAL; 936#endif 937 } 938 } 939 /* lifetime consistency check */ 940 lt = &ifra->ifra_lifetime; 941 if (lt->ia6t_pltime > lt->ia6t_vltime) 942 return EINVAL; 943 if (lt->ia6t_vltime == 0) { 944 /* 945 * the following log might be noisy, but this is a typical 946 * configuration mistake or a tool's bug. 947 */ 948 nd6log((LOG_INFO, 949 "in6_update_ifa: valid lifetime is 0 for %s\n", 950 ip6_sprintf(&ifra->ifra_addr.sin6_addr))); 951 952 if (ia == NULL) 953 return 0; /* there's nothing to do */ 954 } 955 956 /* 957 * If this is a new address, allocate a new ifaddr and link it 958 * into chains. 959 */ 960 if (ia == NULL) { 961 hostIsNew = 1; 962 /* 963 * When in6_update_ifa() is called in a process of a received 964 * RA, it is called under an interrupt context. So, we should 965 * call malloc with M_NOWAIT. 966 */ 967 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 968 M_NOWAIT); 969 if (ia == NULL) 970 return ENOBUFS; 971 memset(ia, 0, sizeof(*ia)); 972 LIST_INIT(&ia->ia6_memberships); 973 /* Initialize the address and masks, and put time stamp */ 974 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 975 ia->ia_addr.sin6_family = AF_INET6; 976 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 977 ia->ia6_createtime = time_second; 978 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 979 /* 980 * XXX: some functions expect that ifa_dstaddr is not 981 * NULL for p2p interfaces. 982 */ 983 ia->ia_ifa.ifa_dstaddr = 984 (struct sockaddr *)&ia->ia_dstaddr; 985 } else { 986 ia->ia_ifa.ifa_dstaddr = NULL; 987 } 988 ia->ia_ifa.ifa_netmask = 989 (struct sockaddr *)&ia->ia_prefixmask; 990 991 ia->ia_ifp = ifp; 992 if ((oia = in6_ifaddr) != NULL) { 993 for ( ; oia->ia_next; oia = oia->ia_next) 994 continue; 995 oia->ia_next = ia; 996 } else 997 in6_ifaddr = ia; 998 /* gain a refcnt for the link from in6_ifaddr */ 999 IFAREF(&ia->ia_ifa); 1000 1001 ifa_insert(ifp, &ia->ia_ifa); 1002 } 1003 1004 /* update timestamp */ 1005 ia->ia6_updatetime = time_second; 1006 1007 /* set prefix mask */ 1008 if (ifra->ifra_prefixmask.sin6_len) { 1009 /* 1010 * We prohibit changing the prefix length of an existing 1011 * address, because 1012 * + such an operation should be rare in IPv6, and 1013 * + the operation would confuse prefix management. 1014 */ 1015 if (ia->ia_prefixmask.sin6_len && 1016 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1017 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 1018 " existing (%s) address should not be changed\n", 1019 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1020 error = EINVAL; 1021 goto unlink; 1022 } 1023 ia->ia_prefixmask = ifra->ifra_prefixmask; 1024 } 1025 1026 /* 1027 * If a new destination address is specified, scrub the old one and 1028 * install the new destination. Note that the interface must be 1029 * p2p or loopback (see the check above.) 1030 */ 1031 if (dst6.sin6_family == AF_INET6 && 1032 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1033 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1034 rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0) { 1035 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 1036 "a route to the old destination: %s\n", 1037 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1038 /* proceed anyway... */ 1039 } else 1040 ia->ia_flags &= ~IFA_ROUTE; 1041 ia->ia_dstaddr = dst6; 1042 } 1043 1044 /* 1045 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1046 * to see if the address is deprecated or invalidated, but initialize 1047 * these members for applications. 1048 */ 1049 ia->ia6_lifetime = ifra->ifra_lifetime; 1050 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1051 ia->ia6_lifetime.ia6t_expire = 1052 time_second + ia->ia6_lifetime.ia6t_vltime; 1053 } else 1054 ia->ia6_lifetime.ia6t_expire = 0; 1055 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1056 ia->ia6_lifetime.ia6t_preferred = 1057 time_second + ia->ia6_lifetime.ia6t_pltime; 1058 } else 1059 ia->ia6_lifetime.ia6t_preferred = 0; 1060 1061 /* reset the interface and routing table appropriately. */ 1062 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1063 goto unlink; 1064 1065 /* 1066 * configure address flags. 1067 */ 1068 ia->ia6_flags = ifra->ifra_flags; 1069 /* 1070 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1071 * userland, make it deprecated. 1072 */ 1073 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1074 ia->ia6_lifetime.ia6t_pltime = 0; 1075 ia->ia6_lifetime.ia6t_preferred = time_second; 1076 } 1077 1078 /* 1079 * Make the address tentative before joining multicast addresses, 1080 * so that corresponding MLD responses would not have a tentative 1081 * source address. 1082 */ 1083 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1084 if (hostIsNew && in6if_do_dad(ifp)) 1085 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1086 1087 /* 1088 * We are done if we have simply modified an existing address. 1089 */ 1090 if (!hostIsNew) 1091 return error; 1092 1093 /* 1094 * Beyond this point, we should call in6_purgeaddr upon an error, 1095 * not just go to unlink. 1096 */ 1097 1098 /* join necessary multicast groups */ 1099 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1100 struct sockaddr_in6 mltaddr, mltmask; 1101 struct in6_addr llsol; 1102 1103 /* join solicited multicast addr for new host id */ 1104 memset(&llsol, 0, sizeof(struct in6_addr)); 1105 llsol.s6_addr16[0] = htons(0xff02); 1106 llsol.s6_addr32[1] = 0; 1107 llsol.s6_addr32[2] = htonl(1); 1108 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1109 llsol.s6_addr8[12] = 0xff; 1110 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1111 /* XXX: should not happen */ 1112 log(LOG_ERR, "in6_update_ifa: " 1113 "in6_setscope failed\n"); 1114 goto cleanup; 1115 } 1116 dad_delay = 0; 1117 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1118 /* 1119 * We need a random delay for DAD on the address 1120 * being configured. It also means delaying 1121 * transmission of the corresponding MLD report to 1122 * avoid report collision. 1123 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1124 */ 1125 dad_delay = cprng_fast32() % 1126 (MAX_RTR_SOLICITATION_DELAY * hz); 1127 } 1128 1129#define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1130 /* join solicited multicast addr for new host id */ 1131 imm = in6_joingroup(ifp, &llsol, &error, dad_delay); 1132 if (!imm) { 1133 nd6log((LOG_ERR, 1134 "in6_update_ifa: addmulti " 1135 "failed for %s on %s (errno=%d)\n", 1136 ip6_sprintf(&llsol), if_name(ifp), error)); 1137 goto cleanup; 1138 } 1139 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1140 in6m_sol = imm->i6mm_maddr; 1141 1142 sockaddr_in6_init(&mltmask, &in6mask32, 0, 0, 0); 1143 1144 /* 1145 * join link-local all-nodes address 1146 */ 1147 sockaddr_in6_init(&mltaddr, &in6addr_linklocal_allnodes, 1148 0, 0, 0); 1149 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1150 goto cleanup; /* XXX: should not fail */ 1151 1152 /* 1153 * XXX: do we really need this automatic routes? 1154 * We should probably reconsider this stuff. Most applications 1155 * actually do not need the routes, since they usually specify 1156 * the outgoing interface. 1157 */ 1158 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1159 if (rt) { 1160 if (memcmp(&mltaddr.sin6_addr, 1161 &satocsin6(rt_getkey(rt))->sin6_addr, 1162 MLTMASK_LEN)) { 1163 RTFREE(rt); 1164 rt = NULL; 1165 } else if (rt->rt_ifp != ifp) { 1166 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1167 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1168 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1169 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1170 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1171 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1172 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1173 rt_replace_ifa(rt, &ia->ia_ifa); 1174 rt->rt_ifp = ifp; 1175 } 1176 } 1177 if (!rt) { 1178 struct rt_addrinfo info; 1179 1180 memset(&info, 0, sizeof(info)); 1181 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1182 info.rti_info[RTAX_GATEWAY] = 1183 (struct sockaddr *)&ia->ia_addr; 1184 info.rti_info[RTAX_NETMASK] = 1185 (struct sockaddr *)&mltmask; 1186 info.rti_info[RTAX_IFA] = 1187 (struct sockaddr *)&ia->ia_addr; 1188 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1189 info.rti_flags = RTF_UP | RTF_CLONING; 1190 error = rtrequest1(RTM_ADD, &info, NULL); 1191 if (error) 1192 goto cleanup; 1193 } else { 1194 RTFREE(rt); 1195 } 1196 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1197 if (!imm) { 1198 nd6log((LOG_WARNING, 1199 "in6_update_ifa: addmulti failed for " 1200 "%s on %s (errno=%d)\n", 1201 ip6_sprintf(&mltaddr.sin6_addr), 1202 if_name(ifp), error)); 1203 goto cleanup; 1204 } 1205 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1206 1207 /* 1208 * join node information group address 1209 */ 1210 dad_delay = 0; 1211 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1212 /* 1213 * The spec doesn't say anything about delay for this 1214 * group, but the same logic should apply. 1215 */ 1216 dad_delay = cprng_fast32() % 1217 (MAX_RTR_SOLICITATION_DELAY * hz); 1218 } 1219 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) != 0) 1220 ; 1221 else if ((imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1222 dad_delay)) == NULL) { /* XXX jinmei */ 1223 nd6log((LOG_WARNING, "in6_update_ifa: " 1224 "addmulti failed for %s on %s (errno=%d)\n", 1225 ip6_sprintf(&mltaddr.sin6_addr), 1226 if_name(ifp), error)); 1227 /* XXX not very fatal, go on... */ 1228 } else { 1229 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1230 } 1231 1232 1233 /* 1234 * join interface-local all-nodes address. 1235 * (ff01::1%ifN, and ff01::%ifN/32) 1236 */ 1237 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1238 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0) 1239 goto cleanup; /* XXX: should not fail */ 1240 1241 /* XXX: again, do we really need the route? */ 1242 rt = rtalloc1((struct sockaddr *)&mltaddr, 0); 1243 if (rt) { 1244 /* 32bit came from "mltmask" */ 1245 if (memcmp(&mltaddr.sin6_addr, 1246 &satocsin6(rt_getkey(rt))->sin6_addr, 1247 32 / NBBY)) { 1248 RTFREE(rt); 1249 rt = NULL; 1250 } else if (rt->rt_ifp != ifp) { 1251 IN6_DPRINTF("%s: rt_ifp %p -> %p (%s) " 1252 "network %04x:%04x::/32 = %04x:%04x::/32\n", 1253 __func__, rt->rt_ifp, ifp, ifp->if_xname, 1254 ntohs(mltaddr.sin6_addr.s6_addr16[0]), 1255 ntohs(mltaddr.sin6_addr.s6_addr16[1]), 1256 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[0], 1257 satocsin6(rt_getkey(rt))->sin6_addr.s6_addr16[1]); 1258 rt_replace_ifa(rt, &ia->ia_ifa); 1259 rt->rt_ifp = ifp; 1260 } 1261 } 1262 if (!rt) { 1263 struct rt_addrinfo info; 1264 1265 memset(&info, 0, sizeof(info)); 1266 info.rti_info[RTAX_DST] = (struct sockaddr *)&mltaddr; 1267 info.rti_info[RTAX_GATEWAY] = 1268 (struct sockaddr *)&ia->ia_addr; 1269 info.rti_info[RTAX_NETMASK] = 1270 (struct sockaddr *)&mltmask; 1271 info.rti_info[RTAX_IFA] = 1272 (struct sockaddr *)&ia->ia_addr; 1273 info.rti_flags = RTF_UP | RTF_CLONING; 1274 error = rtrequest1(RTM_ADD, &info, NULL); 1275 if (error) 1276 goto cleanup; 1277#undef MLTMASK_LEN 1278 } else { 1279 RTFREE(rt); 1280 } 1281 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1282 if (!imm) { 1283 nd6log((LOG_WARNING, "in6_update_ifa: " 1284 "addmulti failed for %s on %s (errno=%d)\n", 1285 ip6_sprintf(&mltaddr.sin6_addr), 1286 if_name(ifp), error)); 1287 goto cleanup; 1288 } else { 1289 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1290 } 1291 } 1292 1293 /* 1294 * Perform DAD, if needed. 1295 * XXX It may be of use, if we can administratively 1296 * disable DAD. 1297 */ 1298 if (hostIsNew && in6if_do_dad(ifp) && 1299 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1300 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1301 { 1302 int mindelay, maxdelay; 1303 1304 dad_delay = 0; 1305 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1306 /* 1307 * We need to impose a delay before sending an NS 1308 * for DAD. Check if we also needed a delay for the 1309 * corresponding MLD message. If we did, the delay 1310 * should be larger than the MLD delay (this could be 1311 * relaxed a bit, but this simple logic is at least 1312 * safe). 1313 */ 1314 mindelay = 0; 1315 if (in6m_sol != NULL && 1316 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1317 mindelay = in6m_sol->in6m_timer; 1318 } 1319 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1320 if (maxdelay - mindelay == 0) 1321 dad_delay = 0; 1322 else { 1323 dad_delay = 1324 (cprng_fast32() % (maxdelay - mindelay)) + 1325 mindelay; 1326 } 1327 } 1328 nd6_dad_start(&ia->ia_ifa, dad_delay); 1329 } 1330 1331 return error; 1332 1333 unlink: 1334 /* 1335 * XXX: if a change of an existing address failed, keep the entry 1336 * anyway. 1337 */ 1338 if (hostIsNew) 1339 in6_unlink_ifa(ia, ifp); 1340 return error; 1341 1342 cleanup: 1343 in6_purgeaddr(&ia->ia_ifa); 1344 return error; 1345} 1346 1347int 1348in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1349 struct in6_ifaddr *ia, int flags) 1350{ 1351 int rc, s; 1352 1353 s = splnet(); 1354 rc = in6_update_ifa1(ifp, ifra, ia, flags); 1355 splx(s); 1356 return rc; 1357} 1358 1359void 1360in6_purgeaddr(struct ifaddr *ifa) 1361{ 1362 struct ifnet *ifp = ifa->ifa_ifp; 1363 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1364 struct in6_multi_mship *imm; 1365 1366 /* stop DAD processing */ 1367 nd6_dad_stop(ifa); 1368 1369 /* 1370 * delete route to the destination of the address being purged. 1371 * The interface must be p2p or loopback in this case. 1372 */ 1373 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1374 int e; 1375 1376 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1377 != 0) { 1378 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1379 "a route to the p2p destination: %s on %s, " 1380 "errno=%d\n", 1381 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1382 e); 1383 /* proceed anyway... */ 1384 } else 1385 ia->ia_flags &= ~IFA_ROUTE; 1386 } 1387 1388 /* Remove ownaddr's loopback rtentry, if it exists. */ 1389 in6_ifremloop(&(ia->ia_ifa)); 1390 1391 /* 1392 * leave from multicast groups we have joined for the interface 1393 */ 1394 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1395 LIST_REMOVE(imm, i6mm_chain); 1396 in6_leavegroup(imm); 1397 } 1398 1399 in6_unlink_ifa(ia, ifp); 1400} 1401 1402static void 1403in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1404{ 1405 struct in6_ifaddr *oia; 1406 int s = splnet(); 1407 1408 ifa_remove(ifp, &ia->ia_ifa); 1409 1410 oia = ia; 1411 if (oia == (ia = in6_ifaddr)) 1412 in6_ifaddr = ia->ia_next; 1413 else { 1414 while (ia->ia_next && (ia->ia_next != oia)) 1415 ia = ia->ia_next; 1416 if (ia->ia_next) 1417 ia->ia_next = oia->ia_next; 1418 else { 1419 /* search failed */ 1420 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1421 } 1422 } 1423 1424 /* 1425 * XXX thorpej@NetBSD.org -- if the interface is going 1426 * XXX away, don't save the multicast entries, delete them! 1427 */ 1428 if (LIST_EMPTY(&oia->ia6_multiaddrs)) 1429 ; 1430 else if (oia->ia_ifa.ifa_ifp->if_output == if_nulloutput) { 1431 struct in6_multi *in6m, *next; 1432 1433 for (in6m = LIST_FIRST(&oia->ia6_multiaddrs); in6m != NULL; 1434 in6m = next) { 1435 next = LIST_NEXT(in6m, in6m_entry); 1436 in6_delmulti(in6m); 1437 } 1438 } else 1439 in6_savemkludge(oia); 1440 1441 /* 1442 * Release the reference to the base prefix. There should be a 1443 * positive reference. 1444 */ 1445 if (oia->ia6_ndpr == NULL) { 1446 nd6log((LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address " 1447 "%p has no prefix\n", oia)); 1448 } else { 1449 oia->ia6_ndpr->ndpr_refcnt--; 1450 oia->ia6_ndpr = NULL; 1451 } 1452 1453 /* 1454 * Also, if the address being removed is autoconf'ed, call 1455 * pfxlist_onlink_check() since the release might affect the status of 1456 * other (detached) addresses. 1457 */ 1458 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) 1459 pfxlist_onlink_check(); 1460 1461 /* 1462 * release another refcnt for the link from in6_ifaddr. 1463 * Note that we should decrement the refcnt at least once for all *BSD. 1464 */ 1465 IFAFREE(&oia->ia_ifa); 1466 1467 splx(s); 1468} 1469 1470void 1471in6_purgeif(struct ifnet *ifp) 1472{ 1473 if_purgeaddrs(ifp, AF_INET6, in6_purgeaddr); 1474 1475 in6_ifdetach(ifp); 1476} 1477 1478/* 1479 * SIOC[GAD]LIFADDR. 1480 * SIOCGLIFADDR: get first address. (?) 1481 * SIOCGLIFADDR with IFLR_PREFIX: 1482 * get first address that matches the specified prefix. 1483 * SIOCALIFADDR: add the specified address. 1484 * SIOCALIFADDR with IFLR_PREFIX: 1485 * add the specified prefix, filling hostid part from 1486 * the first link-local address. prefixlen must be <= 64. 1487 * SIOCDLIFADDR: delete the specified address. 1488 * SIOCDLIFADDR with IFLR_PREFIX: 1489 * delete the first address that matches the specified prefix. 1490 * return values: 1491 * EINVAL on invalid parameters 1492 * EADDRNOTAVAIL on prefix match failed/specified address not found 1493 * other values may be returned from in6_ioctl() 1494 * 1495 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1496 * this is to accommodate address naming scheme other than RFC2374, 1497 * in the future. 1498 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1499 * address encoding scheme. (see figure on page 8) 1500 */ 1501static int 1502in6_lifaddr_ioctl(struct socket *so, u_long cmd, void *data, 1503 struct ifnet *ifp, struct lwp *l) 1504{ 1505 struct in6_ifaddr *ia; 1506 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1507 struct ifaddr *ifa; 1508 struct sockaddr *sa; 1509 1510 /* sanity checks */ 1511 if (!data || !ifp) { 1512 panic("invalid argument to in6_lifaddr_ioctl"); 1513 /* NOTREACHED */ 1514 } 1515 1516 switch (cmd) { 1517 case SIOCGLIFADDR: 1518 /* address must be specified on GET with IFLR_PREFIX */ 1519 if ((iflr->flags & IFLR_PREFIX) == 0) 1520 break; 1521 /* FALLTHROUGH */ 1522 case SIOCALIFADDR: 1523 case SIOCDLIFADDR: 1524 /* address must be specified on ADD and DELETE */ 1525 sa = (struct sockaddr *)&iflr->addr; 1526 if (sa->sa_family != AF_INET6) 1527 return EINVAL; 1528 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1529 return EINVAL; 1530 /* XXX need improvement */ 1531 sa = (struct sockaddr *)&iflr->dstaddr; 1532 if (sa->sa_family && sa->sa_family != AF_INET6) 1533 return EINVAL; 1534 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1535 return EINVAL; 1536 break; 1537 default: /* shouldn't happen */ 1538#if 0 1539 panic("invalid cmd to in6_lifaddr_ioctl"); 1540 /* NOTREACHED */ 1541#else 1542 return EOPNOTSUPP; 1543#endif 1544 } 1545 if (sizeof(struct in6_addr) * NBBY < iflr->prefixlen) 1546 return EINVAL; 1547 1548 switch (cmd) { 1549 case SIOCALIFADDR: 1550 { 1551 struct in6_aliasreq ifra; 1552 struct in6_addr *xhostid = NULL; 1553 int prefixlen; 1554 1555 if ((iflr->flags & IFLR_PREFIX) != 0) { 1556 struct sockaddr_in6 *sin6; 1557 1558 /* 1559 * xhostid is to fill in the hostid part of the 1560 * address. xhostid points to the first link-local 1561 * address attached to the interface. 1562 */ 1563 ia = in6ifa_ifpforlinklocal(ifp, 0); 1564 if (ia == NULL) 1565 return EADDRNOTAVAIL; 1566 xhostid = IFA_IN6(&ia->ia_ifa); 1567 1568 /* prefixlen must be <= 64. */ 1569 if (64 < iflr->prefixlen) 1570 return EINVAL; 1571 prefixlen = iflr->prefixlen; 1572 1573 /* hostid part must be zero. */ 1574 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1575 if (sin6->sin6_addr.s6_addr32[2] != 0 1576 || sin6->sin6_addr.s6_addr32[3] != 0) { 1577 return EINVAL; 1578 } 1579 } else 1580 prefixlen = iflr->prefixlen; 1581 1582 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1583 memset(&ifra, 0, sizeof(ifra)); 1584 memcpy(ifra.ifra_name, iflr->iflr_name, sizeof(ifra.ifra_name)); 1585 1586 memcpy(&ifra.ifra_addr, &iflr->addr, 1587 ((struct sockaddr *)&iflr->addr)->sa_len); 1588 if (xhostid) { 1589 /* fill in hostid part */ 1590 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1591 xhostid->s6_addr32[2]; 1592 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1593 xhostid->s6_addr32[3]; 1594 } 1595 1596 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1597 memcpy(&ifra.ifra_dstaddr, &iflr->dstaddr, 1598 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1599 if (xhostid) { 1600 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1601 xhostid->s6_addr32[2]; 1602 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1603 xhostid->s6_addr32[3]; 1604 } 1605 } 1606 1607 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1608 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1609 1610 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME; 1611 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; 1612 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1613 return in6_control(so, SIOCAIFADDR_IN6, &ifra, ifp, l); 1614 } 1615 case SIOCGLIFADDR: 1616 case SIOCDLIFADDR: 1617 { 1618 struct in6_addr mask, candidate, match; 1619 struct sockaddr_in6 *sin6; 1620 int cmp; 1621 1622 memset(&mask, 0, sizeof(mask)); 1623 if (iflr->flags & IFLR_PREFIX) { 1624 /* lookup a prefix rather than address. */ 1625 in6_prefixlen2mask(&mask, iflr->prefixlen); 1626 1627 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1628 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1629 match.s6_addr32[0] &= mask.s6_addr32[0]; 1630 match.s6_addr32[1] &= mask.s6_addr32[1]; 1631 match.s6_addr32[2] &= mask.s6_addr32[2]; 1632 match.s6_addr32[3] &= mask.s6_addr32[3]; 1633 1634 /* if you set extra bits, that's wrong */ 1635 if (memcmp(&match, &sin6->sin6_addr, sizeof(match))) 1636 return EINVAL; 1637 1638 cmp = 1; 1639 } else { 1640 if (cmd == SIOCGLIFADDR) { 1641 /* on getting an address, take the 1st match */ 1642 cmp = 0; /* XXX */ 1643 } else { 1644 /* on deleting an address, do exact match */ 1645 in6_prefixlen2mask(&mask, 128); 1646 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1647 memcpy(&match, &sin6->sin6_addr, sizeof(match)); 1648 1649 cmp = 1; 1650 } 1651 } 1652 1653 IFADDR_FOREACH(ifa, ifp) { 1654 if (ifa->ifa_addr->sa_family != AF_INET6) 1655 continue; 1656 if (!cmp) 1657 break; 1658 1659 /* 1660 * XXX: this is adhoc, but is necessary to allow 1661 * a user to specify fe80::/64 (not /10) for a 1662 * link-local address. 1663 */ 1664 memcpy(&candidate, IFA_IN6(ifa), sizeof(candidate)); 1665 in6_clearscope(&candidate); 1666 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1667 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1668 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1669 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1670 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1671 break; 1672 } 1673 if (!ifa) 1674 return EADDRNOTAVAIL; 1675 ia = ifa2ia6(ifa); 1676 1677 if (cmd == SIOCGLIFADDR) { 1678 int error; 1679 1680 /* fill in the if_laddrreq structure */ 1681 memcpy(&iflr->addr, &ia->ia_addr, ia->ia_addr.sin6_len); 1682 error = sa6_recoverscope( 1683 (struct sockaddr_in6 *)&iflr->addr); 1684 if (error != 0) 1685 return error; 1686 1687 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1688 memcpy(&iflr->dstaddr, &ia->ia_dstaddr, 1689 ia->ia_dstaddr.sin6_len); 1690 error = sa6_recoverscope( 1691 (struct sockaddr_in6 *)&iflr->dstaddr); 1692 if (error != 0) 1693 return error; 1694 } else 1695 memset(&iflr->dstaddr, 0, sizeof(iflr->dstaddr)); 1696 1697 iflr->prefixlen = 1698 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1699 1700 iflr->flags = ia->ia6_flags; /* XXX */ 1701 1702 return 0; 1703 } else { 1704 struct in6_aliasreq ifra; 1705 1706 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1707 memset(&ifra, 0, sizeof(ifra)); 1708 memcpy(ifra.ifra_name, iflr->iflr_name, 1709 sizeof(ifra.ifra_name)); 1710 1711 memcpy(&ifra.ifra_addr, &ia->ia_addr, 1712 ia->ia_addr.sin6_len); 1713 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1714 memcpy(&ifra.ifra_dstaddr, &ia->ia_dstaddr, 1715 ia->ia_dstaddr.sin6_len); 1716 } else { 1717 memset(&ifra.ifra_dstaddr, 0, 1718 sizeof(ifra.ifra_dstaddr)); 1719 } 1720 memcpy(&ifra.ifra_dstaddr, &ia->ia_prefixmask, 1721 ia->ia_prefixmask.sin6_len); 1722 1723 ifra.ifra_flags = ia->ia6_flags; 1724 return in6_control(so, SIOCDIFADDR_IN6, &ifra, ifp, l); 1725 } 1726 } 1727 } 1728 1729 return EOPNOTSUPP; /* just for safety */ 1730} 1731 1732/* 1733 * Initialize an interface's internet6 address 1734 * and routing table entry. 1735 */ 1736static int 1737in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1738 const struct sockaddr_in6 *sin6, int newhost) 1739{ 1740 int error = 0, plen, ifacount = 0; 1741 int s = splnet(); 1742 struct ifaddr *ifa; 1743 1744 /* 1745 * Give the interface a chance to initialize 1746 * if this is its first address, 1747 * and to validate the address if necessary. 1748 */ 1749 IFADDR_FOREACH(ifa, ifp) { 1750 if (ifa->ifa_addr == NULL) 1751 continue; /* just for safety */ 1752 if (ifa->ifa_addr->sa_family != AF_INET6) 1753 continue; 1754 ifacount++; 1755 } 1756 1757 ia->ia_addr = *sin6; 1758 1759 if (ifacount <= 1 && 1760 (error = if_addr_init(ifp, &ia->ia_ifa, true)) != 0) { 1761 splx(s); 1762 return error; 1763 } 1764 splx(s); 1765 1766 ia->ia_ifa.ifa_metric = ifp->if_metric; 1767 1768 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1769 1770 /* 1771 * Special case: 1772 * If the destination address is specified for a point-to-point 1773 * interface, install a route to the destination as an interface 1774 * direct route. 1775 */ 1776 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1777 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) { 1778 if ((error = rtinit(&ia->ia_ifa, RTM_ADD, 1779 RTF_UP | RTF_HOST)) != 0) 1780 return error; 1781 ia->ia_flags |= IFA_ROUTE; 1782 } 1783 1784 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1785 if (newhost) { 1786 /* set the rtrequest function to create llinfo */ 1787 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1788 in6_ifaddloop(&ia->ia_ifa); 1789 } 1790 1791 if (ifp->if_flags & IFF_MULTICAST) 1792 in6_restoremkludge(ia, ifp); 1793 1794 return error; 1795} 1796 1797static struct ifaddr * 1798bestifa(struct ifaddr *best_ifa, struct ifaddr *ifa) 1799{ 1800 if (best_ifa == NULL || best_ifa->ifa_preference < ifa->ifa_preference) 1801 return ifa; 1802 return best_ifa; 1803} 1804 1805/* 1806 * Find an IPv6 interface link-local address specific to an interface. 1807 */ 1808struct in6_ifaddr * 1809in6ifa_ifpforlinklocal(const struct ifnet *ifp, const int ignoreflags) 1810{ 1811 struct ifaddr *best_ifa = NULL, *ifa; 1812 1813 IFADDR_FOREACH(ifa, ifp) { 1814 if (ifa->ifa_addr == NULL) 1815 continue; /* just for safety */ 1816 if (ifa->ifa_addr->sa_family != AF_INET6) 1817 continue; 1818 if (!IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) 1819 continue; 1820 if ((((struct in6_ifaddr *)ifa)->ia6_flags & ignoreflags) != 0) 1821 continue; 1822 best_ifa = bestifa(best_ifa, ifa); 1823 } 1824 1825 return (struct in6_ifaddr *)best_ifa; 1826} 1827 1828 1829/* 1830 * find the internet address corresponding to a given interface and address. 1831 */ 1832struct in6_ifaddr * 1833in6ifa_ifpwithaddr(const struct ifnet *ifp, const struct in6_addr *addr) 1834{ 1835 struct ifaddr *best_ifa = NULL, *ifa; 1836 1837 IFADDR_FOREACH(ifa, ifp) { 1838 if (ifa->ifa_addr == NULL) 1839 continue; /* just for safety */ 1840 if (ifa->ifa_addr->sa_family != AF_INET6) 1841 continue; 1842 if (!IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1843 continue; 1844 best_ifa = bestifa(best_ifa, ifa); 1845 } 1846 1847 return (struct in6_ifaddr *)best_ifa; 1848} 1849 1850static struct in6_ifaddr * 1851bestia(struct in6_ifaddr *best_ia, struct in6_ifaddr *ia) 1852{ 1853 if (best_ia == NULL || 1854 best_ia->ia_ifa.ifa_preference < ia->ia_ifa.ifa_preference) 1855 return ia; 1856 return best_ia; 1857} 1858 1859/* 1860 * find the internet address on a given interface corresponding to a neighbor's 1861 * address. 1862 */ 1863struct in6_ifaddr * 1864in6ifa_ifplocaladdr(const struct ifnet *ifp, const struct in6_addr *addr) 1865{ 1866 struct ifaddr *ifa; 1867 struct in6_ifaddr *best_ia = NULL, *ia; 1868 1869 IFADDR_FOREACH(ifa, ifp) { 1870 if (ifa->ifa_addr == NULL) 1871 continue; /* just for safety */ 1872 if (ifa->ifa_addr->sa_family != AF_INET6) 1873 continue; 1874 ia = (struct in6_ifaddr *)ifa; 1875 if (!IN6_ARE_MASKED_ADDR_EQUAL(addr, 1876 &ia->ia_addr.sin6_addr, 1877 &ia->ia_prefixmask.sin6_addr)) 1878 continue; 1879 best_ia = bestia(best_ia, ia); 1880 } 1881 1882 return best_ia; 1883} 1884 1885/* 1886 * Convert IP6 address to printable (loggable) representation. 1887 */ 1888static int ip6round = 0; 1889char * 1890ip6_sprintf(const struct in6_addr *addr) 1891{ 1892 static char ip6buf[8][48]; 1893 int i; 1894 char *bp; 1895 char *cp; 1896 const u_int16_t *a = (const u_int16_t *)addr; 1897 const u_int8_t *d; 1898 int dcolon = 0; 1899 1900 ip6round = (ip6round + 1) & 7; 1901 cp = ip6buf[ip6round]; 1902 1903 for (i = 0; i < 8; i++) { 1904 if (dcolon == 1) { 1905 if (*a == 0) { 1906 if (i == 7) 1907 *cp++ = ':'; 1908 a++; 1909 continue; 1910 } else 1911 dcolon = 2; 1912 } 1913 if (*a == 0) { 1914 if (dcolon == 0 && *(a + 1) == 0) { 1915 if (i == 0) 1916 *cp++ = ':'; 1917 *cp++ = ':'; 1918 dcolon = 1; 1919 } else { 1920 *cp++ = '0'; 1921 *cp++ = ':'; 1922 } 1923 a++; 1924 continue; 1925 } 1926 d = (const u_char *)a; 1927 bp = cp; 1928 *cp = hexdigits[*d >> 4]; 1929 if (*cp != '0') 1930 cp++; 1931 *cp = hexdigits[*d++ & 0xf]; 1932 if (cp != bp || *cp != '0') 1933 cp++; 1934 *cp = hexdigits[*d >> 4]; 1935 if (cp != bp || *cp != '0') 1936 cp++; 1937 *cp++ = hexdigits[*d & 0xf]; 1938 *cp++ = ':'; 1939 a++; 1940 } 1941 *--cp = 0; 1942 return ip6buf[ip6round]; 1943} 1944 1945/* 1946 * Determine if an address is on a local network. 1947 */ 1948int 1949in6_localaddr(const struct in6_addr *in6) 1950{ 1951 struct in6_ifaddr *ia; 1952 1953 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1954 return 1; 1955 1956 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1957 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1958 &ia->ia_prefixmask.sin6_addr)) 1959 return 1; 1960 1961 return 0; 1962} 1963 1964int 1965in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1966{ 1967 struct in6_ifaddr *ia; 1968 1969 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1970 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1971 &sa6->sin6_addr) && 1972#ifdef SCOPEDROUTING 1973 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id && 1974#endif 1975 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1976 return 1; /* true */ 1977 1978 /* XXX: do we still have to go thru the rest of the list? */ 1979 } 1980 1981 return 0; /* false */ 1982} 1983 1984/* 1985 * return length of part which dst and src are equal 1986 * hard coding... 1987 */ 1988int 1989in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1990{ 1991 int match = 0; 1992 u_char *s = (u_char *)src, *d = (u_char *)dst; 1993 u_char *lim = s + 16, r; 1994 1995 while (s < lim) 1996 if ((r = (*d++ ^ *s++)) != 0) { 1997 while (r < 128) { 1998 match++; 1999 r <<= 1; 2000 } 2001 break; 2002 } else 2003 match += NBBY; 2004 return match; 2005} 2006 2007/* XXX: to be scope conscious */ 2008int 2009in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 2010{ 2011 int bytelen, bitlen; 2012 2013 /* sanity check */ 2014 if (len < 0 || len > 128) { 2015 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2016 len); 2017 return 0; 2018 } 2019 2020 bytelen = len / NBBY; 2021 bitlen = len % NBBY; 2022 2023 if (memcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2024 return 0; 2025 if (bitlen != 0 && 2026 p1->s6_addr[bytelen] >> (NBBY - bitlen) != 2027 p2->s6_addr[bytelen] >> (NBBY - bitlen)) 2028 return 0; 2029 2030 return 1; 2031} 2032 2033void 2034in6_prefixlen2mask(struct in6_addr *maskp, int len) 2035{ 2036 static const u_char maskarray[NBBY] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2037 int bytelen, bitlen, i; 2038 2039 /* sanity check */ 2040 if (len < 0 || len > 128) { 2041 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2042 len); 2043 return; 2044 } 2045 2046 memset(maskp, 0, sizeof(*maskp)); 2047 bytelen = len / NBBY; 2048 bitlen = len % NBBY; 2049 for (i = 0; i < bytelen; i++) 2050 maskp->s6_addr[i] = 0xff; 2051 if (bitlen) 2052 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2053} 2054 2055/* 2056 * return the best address out of the same scope. if no address was 2057 * found, return the first valid address from designated IF. 2058 */ 2059struct in6_ifaddr * 2060in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2061{ 2062 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2063 struct ifaddr *ifa; 2064 struct in6_ifaddr *best_ia = NULL, *ia; 2065 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2066 2067 dep[0] = dep[1] = NULL; 2068 2069 /* 2070 * We first look for addresses in the same scope. 2071 * If there is one, return it. 2072 * If two or more, return one which matches the dst longest. 2073 * If none, return one of global addresses assigned other ifs. 2074 */ 2075 IFADDR_FOREACH(ifa, ifp) { 2076 if (ifa->ifa_addr->sa_family != AF_INET6) 2077 continue; 2078 ia = (struct in6_ifaddr *)ifa; 2079 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2080 continue; /* XXX: is there any case to allow anycast? */ 2081 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2082 continue; /* don't use this interface */ 2083 if (ia->ia6_flags & IN6_IFF_DETACHED) 2084 continue; 2085 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2086 if (ip6_use_deprecated) 2087 dep[0] = ia; 2088 continue; 2089 } 2090 2091 if (dst_scope != in6_addrscope(IFA_IN6(ifa))) 2092 continue; 2093 /* 2094 * call in6_matchlen() as few as possible 2095 */ 2096 if (best_ia == NULL) { 2097 best_ia = ia; 2098 continue; 2099 } 2100 if (blen == -1) 2101 blen = in6_matchlen(&best_ia->ia_addr.sin6_addr, dst); 2102 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2103 if (tlen > blen) { 2104 blen = tlen; 2105 best_ia = ia; 2106 } else if (tlen == blen) 2107 best_ia = bestia(best_ia, ia); 2108 } 2109 if (best_ia != NULL) 2110 return best_ia; 2111 2112 IFADDR_FOREACH(ifa, ifp) { 2113 if (ifa->ifa_addr->sa_family != AF_INET6) 2114 continue; 2115 ia = (struct in6_ifaddr *)ifa; 2116 if (ia->ia6_flags & IN6_IFF_ANYCAST) 2117 continue; /* XXX: is there any case to allow anycast? */ 2118 if (ia->ia6_flags & IN6_IFF_NOTREADY) 2119 continue; /* don't use this interface */ 2120 if (ia->ia6_flags & IN6_IFF_DETACHED) 2121 continue; 2122 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 2123 if (ip6_use_deprecated) 2124 dep[1] = (struct in6_ifaddr *)ifa; 2125 continue; 2126 } 2127 2128 best_ia = bestia(best_ia, ia); 2129 } 2130 if (best_ia != NULL) 2131 return best_ia; 2132 2133 /* use the last-resort values, that are, deprecated addresses */ 2134 if (dep[0]) 2135 return dep[0]; 2136 if (dep[1]) 2137 return dep[1]; 2138 2139 return NULL; 2140} 2141 2142/* 2143 * perform DAD when interface becomes IFF_UP. 2144 */ 2145void 2146in6_if_up(struct ifnet *ifp) 2147{ 2148 struct ifaddr *ifa; 2149 struct in6_ifaddr *ia; 2150 2151 IFADDR_FOREACH(ifa, ifp) { 2152 if (ifa->ifa_addr->sa_family != AF_INET6) 2153 continue; 2154 ia = (struct in6_ifaddr *)ifa; 2155 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2156 /* 2157 * The TENTATIVE flag was likely set by hand 2158 * beforehand, implicitly indicating the need for DAD. 2159 * We may be able to skip the random delay in this 2160 * case, but we impose delays just in case. 2161 */ 2162 nd6_dad_start(ifa, 2163 cprng_fast32() % 2164 (MAX_RTR_SOLICITATION_DELAY * hz)); 2165 } 2166 } 2167 2168 /* 2169 * special cases, like 6to4, are handled in in6_ifattach 2170 */ 2171 in6_ifattach(ifp, NULL); 2172} 2173 2174int 2175in6if_do_dad(struct ifnet *ifp) 2176{ 2177 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2178 return 0; 2179 2180 switch (ifp->if_type) { 2181 case IFT_FAITH: 2182 /* 2183 * These interfaces do not have the IFF_LOOPBACK flag, 2184 * but loop packets back. We do not have to do DAD on such 2185 * interfaces. We should even omit it, because loop-backed 2186 * NS would confuse the DAD procedure. 2187 */ 2188 return 0; 2189 default: 2190 /* 2191 * Our DAD routine requires the interface up and running. 2192 * However, some interfaces can be up before the RUNNING 2193 * status. Additionaly, users may try to assign addresses 2194 * before the interface becomes up (or running). 2195 * We simply skip DAD in such a case as a work around. 2196 * XXX: we should rather mark "tentative" on such addresses, 2197 * and do DAD after the interface becomes ready. 2198 */ 2199 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 2200 (IFF_UP|IFF_RUNNING)) 2201 return 0; 2202 2203 return 1; 2204 } 2205} 2206 2207/* 2208 * Calculate max IPv6 MTU through all the interfaces and store it 2209 * to in6_maxmtu. 2210 */ 2211void 2212in6_setmaxmtu(void) 2213{ 2214 unsigned long maxmtu = 0; 2215 struct ifnet *ifp; 2216 2217 TAILQ_FOREACH(ifp, &ifnet, if_list) { 2218 /* this function can be called during ifnet initialization */ 2219 if (!ifp->if_afdata[AF_INET6]) 2220 continue; 2221 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2222 IN6_LINKMTU(ifp) > maxmtu) 2223 maxmtu = IN6_LINKMTU(ifp); 2224 } 2225 if (maxmtu) /* update only when maxmtu is positive */ 2226 in6_maxmtu = maxmtu; 2227} 2228 2229/* 2230 * Provide the length of interface identifiers to be used for the link attached 2231 * to the given interface. The length should be defined in "IPv6 over 2232 * xxx-link" document. Note that address architecture might also define 2233 * the length for a particular set of address prefixes, regardless of the 2234 * link type. As clarified in rfc2462bis, those two definitions should be 2235 * consistent, and those really are as of August 2004. 2236 */ 2237int 2238in6_if2idlen(struct ifnet *ifp) 2239{ 2240 switch (ifp->if_type) { 2241 case IFT_ETHER: /* RFC2464 */ 2242 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2243 case IFT_L2VLAN: /* ditto */ 2244 case IFT_IEEE80211: /* ditto */ 2245 case IFT_FDDI: /* RFC2467 */ 2246 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2247 case IFT_PPP: /* RFC2472 */ 2248 case IFT_ARCNET: /* RFC2497 */ 2249 case IFT_FRELAY: /* RFC2590 */ 2250 case IFT_IEEE1394: /* RFC3146 */ 2251 case IFT_GIF: /* draft-ietf-v6ops-mech-v2-07 */ 2252 case IFT_LOOP: /* XXX: is this really correct? */ 2253 return 64; 2254 default: 2255 /* 2256 * Unknown link type: 2257 * It might be controversial to use the today's common constant 2258 * of 64 for these cases unconditionally. For full compliance, 2259 * we should return an error in this case. On the other hand, 2260 * if we simply miss the standard for the link type or a new 2261 * standard is defined for a new link type, the IFID length 2262 * is very likely to be the common constant. As a compromise, 2263 * we always use the constant, but make an explicit notice 2264 * indicating the "unknown" case. 2265 */ 2266 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2267 return 64; 2268 } 2269} 2270 2271void * 2272in6_domifattach(struct ifnet *ifp) 2273{ 2274 struct in6_ifextra *ext; 2275 2276 ext = malloc(sizeof(*ext), M_IFADDR, M_WAITOK|M_ZERO); 2277 2278 ext->in6_ifstat = malloc(sizeof(struct in6_ifstat), 2279 M_IFADDR, M_WAITOK|M_ZERO); 2280 2281 ext->icmp6_ifstat = malloc(sizeof(struct icmp6_ifstat), 2282 M_IFADDR, M_WAITOK|M_ZERO); 2283 2284 ext->nd_ifinfo = nd6_ifattach(ifp); 2285 ext->scope6_id = scope6_ifattach(ifp); 2286 ext->nprefixes = 0; 2287 ext->ndefrouters = 0; 2288 return ext; 2289} 2290 2291void 2292in6_domifdetach(struct ifnet *ifp, void *aux) 2293{ 2294 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2295 2296 nd6_ifdetach(ext->nd_ifinfo); 2297 free(ext->in6_ifstat, M_IFADDR); 2298 free(ext->icmp6_ifstat, M_IFADDR); 2299 scope6_ifdetach(ext->scope6_id); 2300 free(ext, M_IFADDR); 2301} 2302 2303/* 2304 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2305 * v4 mapped addr or v4 compat addr 2306 */ 2307void 2308in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2309{ 2310 memset(sin, 0, sizeof(*sin)); 2311 sin->sin_len = sizeof(struct sockaddr_in); 2312 sin->sin_family = AF_INET; 2313 sin->sin_port = sin6->sin6_port; 2314 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2315} 2316 2317/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2318void 2319in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2320{ 2321 memset(sin6, 0, sizeof(*sin6)); 2322 sin6->sin6_len = sizeof(struct sockaddr_in6); 2323 sin6->sin6_family = AF_INET6; 2324 sin6->sin6_port = sin->sin_port; 2325 sin6->sin6_addr.s6_addr32[0] = 0; 2326 sin6->sin6_addr.s6_addr32[1] = 0; 2327 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2328 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2329} 2330 2331/* Convert sockaddr_in6 into sockaddr_in. */ 2332void 2333in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2334{ 2335 struct sockaddr_in *sin_p; 2336 struct sockaddr_in6 sin6; 2337 2338 /* 2339 * Save original sockaddr_in6 addr and convert it 2340 * to sockaddr_in. 2341 */ 2342 sin6 = *(struct sockaddr_in6 *)nam; 2343 sin_p = (struct sockaddr_in *)nam; 2344 in6_sin6_2_sin(sin_p, &sin6); 2345} 2346 2347/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2348void 2349in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2350{ 2351 struct sockaddr_in *sin_p; 2352 struct sockaddr_in6 *sin6_p; 2353 2354 sin6_p = malloc(sizeof(*sin6_p), M_SONAME, M_WAITOK); 2355 sin_p = (struct sockaddr_in *)*nam; 2356 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2357 free(*nam, M_SONAME); 2358 *nam = (struct sockaddr *)sin6_p; 2359} 2360