1/* $OpenBSD: in6.c,v 1.267 2024/06/07 09:48:19 florian Exp $ */ 2/* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64#include "carp.h" 65 66#include <sys/param.h> 67#include <sys/ioctl.h> 68#include <sys/errno.h> 69#include <sys/malloc.h> 70#include <sys/socket.h> 71#include <sys/socketvar.h> 72#include <sys/sockio.h> 73#include <sys/mbuf.h> 74#include <sys/systm.h> 75#include <sys/time.h> 76#include <sys/kernel.h> 77#include <sys/syslog.h> 78 79#include <net/if.h> 80#include <net/if_dl.h> 81#include <net/if_types.h> 82#include <net/route.h> 83 84#include <netinet/in.h> 85#include <netinet/if_ether.h> 86 87#include <netinet6/in6_var.h> 88#include <netinet/ip6.h> 89#include <netinet6/ip6_var.h> 90#include <netinet6/nd6.h> 91#include <netinet6/mld6_var.h> 92#ifdef MROUTING 93#include <netinet6/ip6_mroute.h> 94#endif 95#include <netinet6/in6_ifattach.h> 96#if NCARP > 0 97#include <netinet/ip_carp.h> 98#endif 99 100/* 101 * Definitions of some constant IP6 addresses. 102 */ 103const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 104const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 105const struct in6_addr in6addr_intfacelocal_allnodes = 106 IN6ADDR_INTFACELOCAL_ALLNODES_INIT; 107const struct in6_addr in6addr_linklocal_allnodes = 108 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 109const struct in6_addr in6addr_linklocal_allrouters = 110 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 111 112const struct in6_addr in6mask0 = IN6MASK0; 113const struct in6_addr in6mask32 = IN6MASK32; 114const struct in6_addr in6mask64 = IN6MASK64; 115const struct in6_addr in6mask96 = IN6MASK96; 116const struct in6_addr in6mask128 = IN6MASK128; 117 118int in6_ioctl(u_long, caddr_t, struct ifnet *, int); 119int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *); 120int in6_ioctl_get(u_long, caddr_t, struct ifnet *); 121int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int); 122int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int); 123int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int); 124void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 125 126const struct sockaddr_in6 sa6_any = { 127 sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 128}; 129 130int 131in6_mask2len(struct in6_addr *mask, u_char *lim0) 132{ 133 int x = 0, y; 134 u_char *lim = lim0, *p; 135 136 /* ignore the scope_id part */ 137 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 138 lim = (u_char *)mask + sizeof(*mask); 139 for (p = (u_char *)mask; p < lim; x++, p++) { 140 if (*p != 0xff) 141 break; 142 } 143 y = 0; 144 if (p < lim) { 145 for (y = 0; y < 8; y++) { 146 if ((*p & (0x80 >> y)) == 0) 147 break; 148 } 149 } 150 151 /* 152 * when the limit pointer is given, do a stricter check on the 153 * remaining bits. 154 */ 155 if (p < lim) { 156 if (y != 0 && (*p & (0x00ff >> y)) != 0) 157 return (-1); 158 for (p = p + 1; p < lim; p++) 159 if (*p != 0) 160 return (-1); 161 } 162 163 return x * 8 + y; 164} 165 166int 167in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) 168{ 169 struct sockaddr *sa = mtod(nam, struct sockaddr *); 170 171 if (nam->m_len < offsetof(struct sockaddr, sa_data)) 172 return EINVAL; 173 if (sa->sa_family != AF_INET6) 174 return EAFNOSUPPORT; 175 if (sa->sa_len != nam->m_len) 176 return EINVAL; 177 if (sa->sa_len != sizeof(struct sockaddr_in6)) 178 return EINVAL; 179 *sin6 = satosin6(sa); 180 181 return 0; 182} 183 184int 185in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6) 186{ 187 if (sa->sa_family != AF_INET6) 188 return EAFNOSUPPORT; 189 if (sa->sa_len != sizeof(struct sockaddr_in6)) 190 return EINVAL; 191 *sin6 = satosin6(sa); 192 193 return 0; 194} 195 196int 197in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) 198{ 199 int privileged; 200 201 privileged = 0; 202 if ((so->so_state & SS_PRIV) != 0) 203 privileged++; 204 205 switch (cmd) { 206#ifdef MROUTING 207 case SIOCGETSGCNT_IN6: 208 case SIOCGETMIFCNT_IN6: 209 return mrt6_ioctl(so, cmd, data); 210#endif /* MROUTING */ 211 default: 212 return in6_ioctl(cmd, data, ifp, privileged); 213 } 214} 215 216int 217in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) 218{ 219 if (ifp == NULL) 220 return (ENXIO); 221 222 switch (cmd) { 223 case SIOCGIFINFO_IN6: 224 case SIOCGNBRINFO_IN6: 225 return (nd6_ioctl(cmd, data, ifp)); 226 case SIOCGIFDSTADDR_IN6: 227 case SIOCGIFNETMASK_IN6: 228 case SIOCGIFAFLAG_IN6: 229 case SIOCGIFALIFETIME_IN6: 230 return (in6_ioctl_get(cmd, data, ifp)); 231 case SIOCAIFADDR_IN6: 232 case SIOCDIFADDR_IN6: 233 if (!privileged) 234 return (EPERM); 235 return (in6_ioctl_change_ifaddr(cmd, data, ifp)); 236 case SIOCSIFADDR: 237 case SIOCSIFDSTADDR: 238 case SIOCSIFBRDADDR: 239 case SIOCSIFNETMASK: 240 /* 241 * Do not pass those ioctl to driver handler since they are not 242 * properly set up. Instead just error out. 243 */ 244 return (EINVAL); 245 default: 246 return (EOPNOTSUPP); 247 } 248} 249 250int 251in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp) 252{ 253 struct in6_ifaddr *ia6 = NULL; 254 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 255 struct sockaddr *sa; 256 struct sockaddr_in6 *sa6 = NULL; 257 int error = 0, newifaddr = 0, plen; 258 259 /* 260 * Find address for this interface, if it exists. 261 * 262 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 263 * only, and used the first interface address as the target of other 264 * operations (without checking ifra_addr). This was because netinet 265 * code/API assumed at most 1 interface address per interface. 266 * Since IPv6 allows a node to assign multiple addresses 267 * on a single interface, we almost always look and check the 268 * presence of ifra_addr, and reject invalid ones here. 269 * It also decreases duplicated code among SIOC*_IN6 operations. 270 * 271 * We always require users to specify a valid IPv6 address for 272 * the corresponding operation. 273 */ 274 switch (cmd) { 275 case SIOCAIFADDR_IN6: 276 sa = sin6tosa(&ifra->ifra_addr); 277 break; 278 case SIOCDIFADDR_IN6: 279 sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr); 280 break; 281 default: 282 panic("%s: invalid ioctl %lu", __func__, cmd); 283 } 284 if (sa->sa_family == AF_INET6) { 285 error = in6_sa2sin6(sa, &sa6); 286 if (error) 287 return (error); 288 } 289 290 KERNEL_LOCK(); 291 NET_LOCK(); 292 293 if (sa6 != NULL) { 294 error = in6_check_embed_scope(sa6, ifp->if_index); 295 if (error) 296 goto err; 297 error = in6_clear_scope_id(sa6, ifp->if_index); 298 if (error) 299 goto err; 300 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 301 } 302 303 switch (cmd) { 304 case SIOCDIFADDR_IN6: 305 /* 306 * for IPv4, we look for existing in_ifaddr here to allow 307 * "ifconfig if0 delete" to remove the first IPv4 address on 308 * the interface. For IPv6, as the spec allows multiple 309 * interface address from the day one, we consider "remove the 310 * first one" semantics to be not preferable. 311 */ 312 if (ia6 == NULL) { 313 error = EADDRNOTAVAIL; 314 break; 315 } 316 in6_purgeaddr(&ia6->ia_ifa); 317 if_addrhooks_run(ifp); 318 break; 319 320 case SIOCAIFADDR_IN6: 321 if (ifra->ifra_addr.sin6_family != AF_INET6 || 322 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 323 error = EAFNOSUPPORT; 324 break; 325 } 326 327 /* reject read-only flags */ 328 if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 || 329 (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 || 330 (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 331 error = EINVAL; 332 break; 333 } 334 335 if (ia6 == NULL) 336 newifaddr = 1; 337 338 /* 339 * Make the address tentative before joining multicast 340 * addresses, so that corresponding MLD responses would 341 * not have a tentative source address. 342 */ 343 if (newifaddr && in6if_do_dad(ifp)) 344 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 345 346 /* 347 * first, make or update the interface address structure, 348 * and link it to the list. try to enable inet6 if there 349 * is no link-local yet. 350 */ 351 error = in6_ifattach(ifp); 352 if (error) 353 break; 354 error = in6_update_ifa(ifp, ifra, ia6); 355 if (error) 356 break; 357 358 ia6 = NULL; 359 if (sa6 != NULL) 360 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 361 if (ia6 == NULL) { 362 /* 363 * this can happen when the user specify the 0 valid 364 * lifetime. 365 */ 366 break; 367 } 368 369 /* Perform DAD, if needed. */ 370 if (ia6->ia6_flags & IN6_IFF_TENTATIVE) 371 nd6_dad_start(&ia6->ia_ifa); 372 373 if (!newifaddr) { 374 if_addrhooks_run(ifp); 375 break; 376 } 377 378 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 379 if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) { 380 if_addrhooks_run(ifp); 381 break; /* No need to install a connected route. */ 382 } 383 384 error = rt_ifa_add(&ia6->ia_ifa, 385 RTF_CLONING | RTF_CONNECTED | RTF_MPATH, 386 ia6->ia_ifa.ifa_addr, ifp->if_rdomain); 387 if (error) { 388 in6_purgeaddr(&ia6->ia_ifa); 389 break; 390 } 391 if_addrhooks_run(ifp); 392 break; 393 } 394 395err: 396 NET_UNLOCK(); 397 KERNEL_UNLOCK(); 398 return (error); 399} 400 401int 402in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp) 403{ 404 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 405 struct in6_ifaddr *ia6 = NULL; 406 struct sockaddr *sa; 407 struct sockaddr_in6 *sa6 = NULL; 408 int error = 0; 409 410 sa = sin6tosa(&ifr->ifr_addr); 411 if (sa->sa_family == AF_INET6) { 412 sa->sa_len = sizeof(struct sockaddr_in6); 413 error = in6_sa2sin6(sa, &sa6); 414 if (error) 415 return (error); 416 } 417 418 NET_LOCK_SHARED(); 419 420 if (sa6 != NULL) { 421 error = in6_check_embed_scope(sa6, ifp->if_index); 422 if (error) 423 goto err; 424 error = in6_clear_scope_id(sa6, ifp->if_index); 425 if (error) 426 goto err; 427 ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 428 } 429 430 /* must think again about its semantics */ 431 if (ia6 == NULL) { 432 error = EADDRNOTAVAIL; 433 goto err; 434 } 435 436 switch (cmd) { 437 case SIOCGIFDSTADDR_IN6: 438 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 439 error = EINVAL; 440 break; 441 } 442 /* 443 * XXX: should we check if ifa_dstaddr is NULL and return 444 * an error? 445 */ 446 ifr->ifr_dstaddr = ia6->ia_dstaddr; 447 break; 448 449 case SIOCGIFNETMASK_IN6: 450 ifr->ifr_addr = ia6->ia_prefixmask; 451 break; 452 453 case SIOCGIFAFLAG_IN6: 454 ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags; 455 break; 456 457 case SIOCGIFALIFETIME_IN6: 458 ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime; 459 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 460 time_t expire, maxexpire; 461 struct in6_addrlifetime *retlt = 462 &ifr->ifr_ifru.ifru_lifetime; 463 464 /* 465 * XXX: adjust expiration time assuming time_t is 466 * signed. 467 */ 468 maxexpire = 469 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 470 if (ia6->ia6_lifetime.ia6t_vltime < 471 maxexpire - ia6->ia6_updatetime) { 472 expire = ia6->ia6_updatetime + 473 ia6->ia6_lifetime.ia6t_vltime; 474 if (expire != 0) { 475 expire -= getuptime(); 476 expire += gettime(); 477 } 478 retlt->ia6t_expire = expire; 479 } else 480 retlt->ia6t_expire = maxexpire; 481 } 482 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 483 time_t expire, maxexpire; 484 struct in6_addrlifetime *retlt = 485 &ifr->ifr_ifru.ifru_lifetime; 486 487 /* 488 * XXX: adjust expiration time assuming time_t is 489 * signed. 490 */ 491 maxexpire = 492 (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1)); 493 if (ia6->ia6_lifetime.ia6t_pltime < 494 maxexpire - ia6->ia6_updatetime) { 495 expire = ia6->ia6_updatetime + 496 ia6->ia6_lifetime.ia6t_pltime; 497 if (expire != 0) { 498 expire -= getuptime(); 499 expire += gettime(); 500 } 501 retlt->ia6t_preferred = expire; 502 } else 503 retlt->ia6t_preferred = maxexpire; 504 } 505 break; 506 507 default: 508 panic("%s: invalid ioctl %lu", __func__, cmd); 509 } 510 511err: 512 NET_UNLOCK_SHARED(); 513 return (error); 514} 515 516int 517in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx) 518{ 519 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 520 if (sa6->sin6_addr.s6_addr16[1] == 0) { 521 /* link ID is not embedded by the user */ 522 sa6->sin6_addr.s6_addr16[1] = htons(ifidx); 523 } else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx)) 524 return EINVAL; /* link ID contradicts */ 525 } 526 return 0; 527} 528 529int 530in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx) 531{ 532 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) { 533 if (sa6->sin6_scope_id) { 534 if (sa6->sin6_scope_id != (u_int32_t)ifidx) 535 return EINVAL; 536 sa6->sin6_scope_id = 0; /* XXX: good way? */ 537 } 538 } 539 return 0; 540} 541 542/* 543 * Update parameters of an IPv6 interface address. 544 * If necessary, a new entry is created and linked into address chains. 545 * This function is separated from in6_control(). 546 */ 547int 548in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 549 struct in6_ifaddr *ia6) 550{ 551 int error = 0, hostIsNew = 0, plen = -1; 552 struct sockaddr_in6 dst6, gw6; 553 struct in6_addrlifetime *lt; 554 struct in6_multi_mship *imm; 555 struct rtentry *rt; 556 char addr[INET6_ADDRSTRLEN]; 557 558 NET_ASSERT_LOCKED(); 559 560 /* Validate parameters */ 561 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 562 return (EINVAL); 563 564 /* 565 * The destination address for a p2p link or the address of the 566 * announcing router for an autoconf address must have a family of 567 * AF_UNSPEC or AF_INET6. 568 */ 569 if ((ifp->if_flags & IFF_POINTOPOINT) || 570 (ifp->if_flags & IFF_LOOPBACK) || 571 (ifra->ifra_flags & IN6_IFF_AUTOCONF)) { 572 if (ifra->ifra_dstaddr.sin6_family != AF_INET6 && 573 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 574 return (EAFNOSUPPORT); 575 576 } else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 577 return (EINVAL); 578 579 /* 580 * validate ifra_prefixmask. don't check sin6_family, netmask 581 * does not carry fields other than sin6_len. 582 */ 583 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 584 return (EINVAL); 585 /* 586 * Because the IPv6 address architecture is classless, we require 587 * users to specify a (non 0) prefix length (mask) for a new address. 588 * We also require the prefix (when specified) mask is valid, and thus 589 * reject a non-consecutive mask. 590 */ 591 if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0) 592 return (EINVAL); 593 if (ifra->ifra_prefixmask.sin6_len != 0) { 594 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 595 (u_char *)&ifra->ifra_prefixmask + 596 ifra->ifra_prefixmask.sin6_len); 597 if (plen <= 0) 598 return (EINVAL); 599 } else { 600 /* 601 * In this case, ia6 must not be NULL. We just use its prefix 602 * length. 603 */ 604 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 605 } 606 607 if (ifra->ifra_flags & IN6_IFF_AUTOCONF) { 608 gw6 = ifra->ifra_dstaddr; 609 memset(&dst6, 0, sizeof(dst6)); 610 } else { 611 dst6 = ifra->ifra_dstaddr; 612 memset(&gw6, 0, sizeof(gw6)); 613 } 614 if (dst6.sin6_family == AF_INET6) { 615 error = in6_check_embed_scope(&dst6, ifp->if_index); 616 if (error) 617 return error; 618 619 if (((ifp->if_flags & IFF_POINTOPOINT) || 620 (ifp->if_flags & IFF_LOOPBACK)) && plen != 128) 621 return (EINVAL); 622 } 623 if (gw6.sin6_family == AF_INET6) { 624 error = in6_check_embed_scope(&gw6, ifp->if_index); 625 if (error) 626 return error; 627 } 628 /* lifetime consistency check */ 629 lt = &ifra->ifra_lifetime; 630 if (lt->ia6t_pltime > lt->ia6t_vltime) 631 return (EINVAL); 632 if (lt->ia6t_vltime == 0) { 633 /* 634 * the following log might be noisy, but this is a typical 635 * configuration mistake or a tool's bug. 636 */ 637 nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__, 638 inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr, 639 addr, sizeof(addr)))); 640 641 if (ia6 == NULL) 642 return (0); /* there's nothing to do */ 643 } 644 645 /* 646 * If this is a new address, allocate a new ifaddr and link it 647 * into chains. 648 */ 649 if (ia6 == NULL) { 650 hostIsNew = 1; 651 ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO); 652 refcnt_init_trace(&ia6->ia_ifa.ifa_refcnt, 653 DT_REFCNT_IDX_IFADDR); 654 LIST_INIT(&ia6->ia6_memberships); 655 /* Initialize the address and masks, and put time stamp */ 656 ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr); 657 ia6->ia_addr.sin6_family = AF_INET6; 658 ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr); 659 ia6->ia6_updatetime = getuptime(); 660 if ((ifp->if_flags & IFF_POINTOPOINT) || 661 (ifp->if_flags & IFF_LOOPBACK)) { 662 /* 663 * XXX: some functions expect that ifa_dstaddr is not 664 * NULL for p2p interfaces. 665 */ 666 ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr); 667 } else { 668 ia6->ia_ifa.ifa_dstaddr = NULL; 669 } 670 ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask); 671 672 ia6->ia_ifp = ifp; 673 ia6->ia_addr = ifra->ifra_addr; 674 ifa_add(ifp, &ia6->ia_ifa); 675 } 676 677 /* set prefix mask */ 678 if (ifra->ifra_prefixmask.sin6_len) { 679 /* 680 * We prohibit changing the prefix length of an existing 681 * address, because 682 * + such an operation should be rare in IPv6, and 683 * + the operation would confuse prefix management. 684 */ 685 if (ia6->ia_prefixmask.sin6_len && 686 in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) { 687 error = EINVAL; 688 goto unlink; 689 } 690 ia6->ia_prefixmask = ifra->ifra_prefixmask; 691 } 692 693 /* 694 * If a new destination address is specified, scrub the old one and 695 * install the new destination. 696 */ 697 if (((ifp->if_flags & IFF_POINTOPOINT) || 698 (ifp->if_flags & IFF_LOOPBACK)) && dst6.sin6_family == AF_INET6 && 699 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) { 700 struct ifaddr *ifa = &ia6->ia_ifa; 701 702 if ((ia6->ia_flags & IFA_ROUTE) != 0 && 703 rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 704 ifp->if_rdomain) != 0) { 705 nd6log((LOG_ERR, "%s: failed to remove a route " 706 "to the old destination: %s\n", __func__, 707 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 708 addr, sizeof(addr)))); 709 /* proceed anyway... */ 710 } else 711 ia6->ia_flags &= ~IFA_ROUTE; 712 ia6->ia_dstaddr = dst6; 713 } 714 715 if ((ifra->ifra_flags & IN6_IFF_AUTOCONF) && 716 gw6.sin6_family == AF_INET6 && 717 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_gwaddr.sin6_addr)) { 718 /* Set or update announcing router */ 719 ia6->ia_gwaddr = gw6; 720 } 721 722 /* 723 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 724 * to see if the address is deprecated or invalidated, but initialize 725 * these members for applications. 726 */ 727 ia6->ia6_updatetime = getuptime(); 728 ia6->ia6_lifetime = ifra->ifra_lifetime; 729 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 730 ia6->ia6_lifetime.ia6t_expire = 731 getuptime() + ia6->ia6_lifetime.ia6t_vltime; 732 } else 733 ia6->ia6_lifetime.ia6t_expire = 0; 734 if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 735 ia6->ia6_lifetime.ia6t_preferred = 736 getuptime() + ia6->ia6_lifetime.ia6t_pltime; 737 } else 738 ia6->ia6_lifetime.ia6t_preferred = 0; 739 740 /* reset the interface and routing table appropriately. */ 741 if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0) 742 goto unlink; 743 744 /* re-run DAD */ 745 if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 746 ifra->ifra_flags |= IN6_IFF_TENTATIVE; 747 /* 748 * configure address flags. 749 */ 750 ia6->ia6_flags = ifra->ifra_flags; 751 752 nd6_expire_timer_update(ia6); 753 754 /* 755 * We are done if we have simply modified an existing address. 756 */ 757 if (!hostIsNew) { 758 /* DAD sends RTM_CHGADDRATTR when done. */ 759 if (!(ia6->ia6_flags & IN6_IFF_TENTATIVE)) 760 rtm_addr(RTM_CHGADDRATTR, &ia6->ia_ifa); 761 return (error); 762 } 763 764 /* 765 * Beyond this point, we should call in6_purgeaddr upon an error, 766 * not just go to unlink. 767 */ 768 769 /* join necessary multiast groups */ 770 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 771 struct sockaddr_in6 mltaddr, mltmask; 772 773 /* join solicited multicast addr for new host id */ 774 struct sockaddr_in6 llsol; 775 776 bzero(&llsol, sizeof(llsol)); 777 llsol.sin6_family = AF_INET6; 778 llsol.sin6_len = sizeof(llsol); 779 llsol.sin6_addr.s6_addr16[0] = htons(0xff02); 780 llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 781 llsol.sin6_addr.s6_addr32[1] = 0; 782 llsol.sin6_addr.s6_addr32[2] = htonl(1); 783 llsol.sin6_addr.s6_addr32[3] = 784 ifra->ifra_addr.sin6_addr.s6_addr32[3]; 785 llsol.sin6_addr.s6_addr8[12] = 0xff; 786 imm = in6_joingroup(ifp, &llsol.sin6_addr, &error); 787 if (!imm) 788 goto cleanup; 789 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 790 791 bzero(&mltmask, sizeof(mltmask)); 792 mltmask.sin6_len = sizeof(struct sockaddr_in6); 793 mltmask.sin6_family = AF_INET6; 794 mltmask.sin6_addr = in6mask32; 795 796 /* 797 * join link-local all-nodes address 798 */ 799 bzero(&mltaddr, sizeof(mltaddr)); 800 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 801 mltaddr.sin6_family = AF_INET6; 802 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 803 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 804 mltaddr.sin6_scope_id = 0; 805 806 /* 807 * XXX: do we really need this automatic routes? 808 * We should probably reconsider this stuff. Most applications 809 * actually do not need the routes, since they usually specify 810 * the outgoing interface. 811 */ 812 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 813 if (rt) { 814 /* 32bit came from "mltmask" */ 815 if (memcmp(&mltaddr.sin6_addr, 816 &satosin6(rt_key(rt))->sin6_addr, 817 32 / 8)) { 818 rtfree(rt); 819 rt = NULL; 820 } 821 } 822 if (!rt) { 823 struct rt_addrinfo info; 824 825 bzero(&info, sizeof(info)); 826 info.rti_ifa = &ia6->ia_ifa; 827 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 828 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 829 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 830 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 831 info.rti_flags = RTF_MULTICAST; 832 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 833 ifp->if_rdomain); 834 if (error) 835 goto cleanup; 836 } else { 837 rtfree(rt); 838 } 839 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 840 if (!imm) 841 goto cleanup; 842 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 843 844 /* 845 * join interface-local all-nodes address. 846 * (ff01::1%ifN, and ff01::%ifN/32) 847 */ 848 bzero(&mltaddr, sizeof(mltaddr)); 849 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 850 mltaddr.sin6_family = AF_INET6; 851 mltaddr.sin6_addr = in6addr_intfacelocal_allnodes; 852 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index); 853 mltaddr.sin6_scope_id = 0; 854 855 /* XXX: again, do we really need the route? */ 856 rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain); 857 if (rt) { 858 /* 32bit came from "mltmask" */ 859 if (memcmp(&mltaddr.sin6_addr, 860 &satosin6(rt_key(rt))->sin6_addr, 861 32 / 8)) { 862 rtfree(rt); 863 rt = NULL; 864 } 865 } 866 if (!rt) { 867 struct rt_addrinfo info; 868 869 bzero(&info, sizeof(info)); 870 info.rti_ifa = &ia6->ia_ifa; 871 info.rti_info[RTAX_DST] = sin6tosa(&mltaddr); 872 info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr); 873 info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask); 874 info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr); 875 info.rti_flags = RTF_MULTICAST; 876 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL, 877 ifp->if_rdomain); 878 if (error) 879 goto cleanup; 880 } else { 881 rtfree(rt); 882 } 883 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error); 884 if (!imm) 885 goto cleanup; 886 LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain); 887 } 888 889 return (error); 890 891 unlink: 892 /* 893 * XXX: if a change of an existing address failed, keep the entry 894 * anyway. 895 */ 896 if (hostIsNew) 897 in6_unlink_ifa(ia6, ifp); 898 return (error); 899 900 cleanup: 901 in6_purgeaddr(&ia6->ia_ifa); 902 return error; 903} 904 905void 906in6_purgeaddr(struct ifaddr *ifa) 907{ 908 struct ifnet *ifp = ifa->ifa_ifp; 909 struct in6_ifaddr *ia6 = ifatoia6(ifa); 910 struct in6_multi_mship *imm; 911 912 /* stop DAD processing */ 913 nd6_dad_stop(ifa); 914 915 /* 916 * delete route to the destination of the address being purged. 917 * The interface must be p2p or loopback in this case. 918 */ 919 if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) && 920 ia6->ia_dstaddr.sin6_len != 0) { 921 int e; 922 923 e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr, 924 ifp->if_rdomain); 925 if (e != 0) { 926 char addr[INET6_ADDRSTRLEN]; 927 log(LOG_ERR, "in6_purgeaddr: failed to remove " 928 "a route to the p2p destination: %s on %s, " 929 "errno=%d\n", 930 inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr, 931 addr, sizeof(addr)), 932 ifp->if_xname, e); 933 /* proceed anyway... */ 934 } else 935 ia6->ia_flags &= ~IFA_ROUTE; 936 } 937 938 /* Remove ownaddr's loopback rtentry, if it exists. */ 939 rt_ifa_dellocal(&(ia6->ia_ifa)); 940 941 /* 942 * leave from multicast groups we have joined for the interface 943 */ 944 while (!LIST_EMPTY(&ia6->ia6_memberships)) { 945 imm = LIST_FIRST(&ia6->ia6_memberships); 946 LIST_REMOVE(imm, i6mm_chain); 947 in6_leavegroup(imm); 948 } 949 950 in6_unlink_ifa(ia6, ifp); 951} 952 953void 954in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp) 955{ 956 struct ifaddr *ifa = &ia6->ia_ifa; 957 int plen; 958 959 NET_ASSERT_LOCKED(); 960 961 /* Release the reference to the base prefix. */ 962 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); 963 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) { 964 rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED, 965 ifa->ifa_addr, ifp->if_rdomain); 966 } 967 968 rt_ifa_purge(ifa); 969 ifa_del(ifp, ifa); 970 971 ia6->ia_ifp = NULL; 972 ifafree(ifa); 973} 974 975/* 976 * Initialize an interface's inet6 address 977 * and routing table entry. 978 */ 979int 980in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost) 981{ 982 int error = 0, plen, ifacount = 0; 983 struct ifaddr *ifa; 984 985 NET_ASSERT_LOCKED(); 986 987 /* 988 * Give the interface a chance to initialize 989 * if this is its first address (or it is a CARP interface) 990 * and to validate the address if necessary. 991 */ 992 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 993 if (ifa->ifa_addr->sa_family != AF_INET6) 994 continue; 995 ifacount++; 996 } 997 998 if ((ifacount <= 1 || ifp->if_type == IFT_CARP || 999 (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) && 1000 (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) { 1001 return (error); 1002 } 1003 1004 ia6->ia_ifa.ifa_metric = ifp->if_metric; 1005 1006 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1007 1008 /* 1009 * Special case: 1010 * If the destination address is specified for a point-to-point 1011 * interface, install a route to the destination as an interface 1012 * direct route. 1013 */ 1014 plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1015 if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 && 1016 ia6->ia_dstaddr.sin6_family == AF_INET6) { 1017 ifa = &ia6->ia_ifa; 1018 error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH, 1019 ifa->ifa_dstaddr, ifp->if_rdomain); 1020 if (error != 0) 1021 return (error); 1022 ia6->ia_flags |= IFA_ROUTE; 1023 } 1024 1025 if (newhost) 1026 error = rt_ifa_addlocal(&(ia6->ia_ifa)); 1027 1028 return (error); 1029} 1030 1031/* 1032 * Add an address to the list of IP6 multicast addresses for a 1033 * given interface. 1034 */ 1035struct in6_multi * 1036in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp) 1037{ 1038 struct in6_ifreq ifr; 1039 struct in6_multi *in6m; 1040 1041 NET_ASSERT_LOCKED(); 1042 1043 *errorp = 0; 1044 /* 1045 * See if address already in list. 1046 */ 1047 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1048 if (in6m != NULL) { 1049 /* 1050 * Found it; just increment the reference count. 1051 */ 1052 refcnt_take(&in6m->in6m_refcnt); 1053 } else { 1054 /* 1055 * New address; allocate a new multicast record 1056 * and link it into the interface's multicast list. 1057 */ 1058 in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO); 1059 if (in6m == NULL) { 1060 *errorp = ENOBUFS; 1061 return (NULL); 1062 } 1063 1064 in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6); 1065 in6m->in6m_sin.sin6_family = AF_INET6; 1066 in6m->in6m_sin.sin6_addr = *maddr6; 1067 refcnt_init_trace(&in6m->in6m_refcnt, DT_REFCNT_IDX_IFMADDR); 1068 in6m->in6m_ifidx = ifp->if_index; 1069 in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin); 1070 1071 /* 1072 * Ask the network driver to update its multicast reception 1073 * filter appropriately for the new address. 1074 */ 1075 memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin)); 1076 KERNEL_LOCK(); 1077 *errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr); 1078 KERNEL_UNLOCK(); 1079 if (*errorp) { 1080 free(in6m, M_IPMADDR, sizeof(*in6m)); 1081 return (NULL); 1082 } 1083 1084 TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma, 1085 ifma_list); 1086 1087 /* 1088 * Let MLD6 know that we have joined a new IP6 multicast 1089 * group. 1090 */ 1091 mld6_start_listening(in6m); 1092 } 1093 1094 return (in6m); 1095} 1096 1097/* 1098 * Delete a multicast address record. 1099 */ 1100void 1101in6_delmulti(struct in6_multi *in6m) 1102{ 1103 struct in6_ifreq ifr; 1104 struct ifnet *ifp; 1105 1106 NET_ASSERT_LOCKED(); 1107 1108 if (refcnt_rele(&in6m->in6m_refcnt) != 0) { 1109 /* 1110 * No remaining claims to this record; let MLD6 know 1111 * that we are leaving the multicast group. 1112 */ 1113 mld6_stop_listening(in6m); 1114 ifp = if_get(in6m->in6m_ifidx); 1115 1116 /* 1117 * Notify the network driver to update its multicast 1118 * reception filter. 1119 */ 1120 if (ifp != NULL) { 1121 bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6)); 1122 ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6); 1123 ifr.ifr_addr.sin6_family = AF_INET6; 1124 ifr.ifr_addr.sin6_addr = in6m->in6m_addr; 1125 KERNEL_LOCK(); 1126 (*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr); 1127 KERNEL_UNLOCK(); 1128 1129 TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma, 1130 ifma_list); 1131 } 1132 if_put(ifp); 1133 1134 free(in6m, M_IPMADDR, sizeof(*in6m)); 1135 } 1136} 1137 1138/* 1139 * Return 1 if the multicast group represented by ``maddr6'' has been 1140 * joined by interface ``ifp'', 0 otherwise. 1141 */ 1142int 1143in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp) 1144{ 1145 struct in6_multi *in6m; 1146 int joined; 1147 1148 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 1149 joined = (in6m != NULL); 1150 1151 return (joined); 1152} 1153 1154struct in6_multi_mship * 1155in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp) 1156{ 1157 struct in6_multi_mship *imm; 1158 1159 imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT); 1160 if (!imm) { 1161 *errorp = ENOBUFS; 1162 return NULL; 1163 } 1164 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp); 1165 if (!imm->i6mm_maddr) { 1166 /* *errorp is already set */ 1167 free(imm, M_IPMADDR, sizeof(*imm)); 1168 return NULL; 1169 } 1170 return imm; 1171} 1172 1173void 1174in6_leavegroup(struct in6_multi_mship *imm) 1175{ 1176 1177 if (imm->i6mm_maddr) 1178 in6_delmulti(imm->i6mm_maddr); 1179 free(imm, M_IPMADDR, sizeof(*imm)); 1180} 1181 1182/* 1183 * Find an IPv6 interface link-local address specific to an interface. 1184 */ 1185struct in6_ifaddr * 1186in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1187{ 1188 struct ifaddr *ifa; 1189 1190 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1191 if (ifa->ifa_addr->sa_family != AF_INET6) 1192 continue; 1193 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1194 if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0) 1195 continue; 1196 break; 1197 } 1198 } 1199 1200 return (ifatoia6(ifa)); 1201} 1202 1203 1204/* 1205 * find the internet address corresponding to a given interface and address. 1206 */ 1207struct in6_ifaddr * 1208in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1209{ 1210 struct ifaddr *ifa; 1211 1212 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1213 if (ifa->ifa_addr->sa_family != AF_INET6) 1214 continue; 1215 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1216 break; 1217 } 1218 1219 return (ifatoia6(ifa)); 1220} 1221 1222/* 1223 * Get a scope of the address. Node-local, link-local, site-local or global. 1224 */ 1225int 1226in6_addrscope(struct in6_addr *addr) 1227{ 1228 int scope; 1229 1230 if (addr->s6_addr8[0] == 0xfe) { 1231 scope = addr->s6_addr8[1] & 0xc0; 1232 1233 switch (scope) { 1234 case 0x80: 1235 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1236 break; 1237 case 0xc0: 1238 return __IPV6_ADDR_SCOPE_SITELOCAL; 1239 break; 1240 default: 1241 return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */ 1242 break; 1243 } 1244 } 1245 1246 1247 if (addr->s6_addr8[0] == 0xff) { 1248 scope = addr->s6_addr8[1] & 0x0f; 1249 1250 /* 1251 * due to other scope such as reserved, 1252 * return scope doesn't work. 1253 */ 1254 switch (scope) { 1255 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1256 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1257 break; 1258 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1259 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1260 break; 1261 case __IPV6_ADDR_SCOPE_SITELOCAL: 1262 return __IPV6_ADDR_SCOPE_SITELOCAL; 1263 break; 1264 default: 1265 return __IPV6_ADDR_SCOPE_GLOBAL; 1266 break; 1267 } 1268 } 1269 1270 if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) { 1271 if (addr->s6_addr8[15] == 1) /* loopback */ 1272 return __IPV6_ADDR_SCOPE_INTFACELOCAL; 1273 if (addr->s6_addr8[15] == 0) /* unspecified */ 1274 return __IPV6_ADDR_SCOPE_LINKLOCAL; 1275 } 1276 1277 return __IPV6_ADDR_SCOPE_GLOBAL; 1278} 1279 1280int 1281in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr) 1282{ 1283 int scope = in6_addrscope(addr); 1284 1285 switch(scope) { 1286 case __IPV6_ADDR_SCOPE_INTFACELOCAL: 1287 case __IPV6_ADDR_SCOPE_LINKLOCAL: 1288 /* XXX: we do not distinguish between a link and an I/F. */ 1289 return (ifidx); 1290 1291 case __IPV6_ADDR_SCOPE_SITELOCAL: 1292 return (0); /* XXX: invalid. */ 1293 1294 default: 1295 return (0); /* XXX: treat as global. */ 1296 } 1297} 1298 1299/* 1300 * return length of part which dst and src are equal 1301 * hard coding... 1302 */ 1303int 1304in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1305{ 1306 int match = 0; 1307 u_char *s = (u_char *)src, *d = (u_char *)dst; 1308 u_char *lim = s + 16, r; 1309 1310 while (s < lim) 1311 if ((r = (*d++ ^ *s++)) != 0) { 1312 while (r < 128) { 1313 match++; 1314 r <<= 1; 1315 } 1316 break; 1317 } else 1318 match += 8; 1319 return match; 1320} 1321 1322void 1323in6_prefixlen2mask(struct in6_addr *maskp, int len) 1324{ 1325 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1326 int bytelen, bitlen, i; 1327 1328 /* sanity check */ 1329 if (0 > len || len > 128) { 1330 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1331 len); 1332 return; 1333 } 1334 1335 bzero(maskp, sizeof(*maskp)); 1336 bytelen = len / 8; 1337 bitlen = len % 8; 1338 for (i = 0; i < bytelen; i++) 1339 maskp->s6_addr[i] = 0xff; 1340 /* len == 128 is ok because bitlen == 0 then */ 1341 if (bitlen) 1342 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1343} 1344 1345/* 1346 * return the best address out of the same scope 1347 */ 1348struct in6_ifaddr * 1349in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain, 1350 struct rtentry *rt) 1351{ 1352 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0; 1353 int blen = -1; 1354 struct ifaddr *ifa; 1355 struct ifnet *ifp; 1356 struct in6_ifaddr *ia6_best = NULL; 1357 struct in6_addr *gw6 = NULL; 1358 1359 if (rt) { 1360 if (rt->rt_gateway != NULL && 1361 rt->rt_gateway->sa_family == AF_INET6) 1362 gw6 = &(satosin6(rt->rt_gateway)->sin6_addr); 1363 } 1364 1365 if (oifp == NULL) { 1366 printf("%s: output interface is not specified\n", __func__); 1367 return (NULL); 1368 } 1369 1370 /* We search for all addresses on all interfaces from the beginning. */ 1371 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 1372 if (ifp->if_rdomain != rdomain) 1373 continue; 1374#if NCARP > 0 1375 /* 1376 * Never use a carp address of an interface which is not 1377 * the master. 1378 */ 1379 if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp)) 1380 continue; 1381#endif 1382 1383 /* 1384 * We can never take an address that breaks the scope zone 1385 * of the destination. 1386 */ 1387 if (in6_addr2scopeid(ifp->if_index, dst) != 1388 in6_addr2scopeid(oifp->if_index, dst)) 1389 continue; 1390 1391 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1392 int tlen = -1; 1393 1394 if (ifa->ifa_addr->sa_family != AF_INET6) 1395 continue; 1396 1397 src_scope = in6_addrscope(IFA_IN6(ifa)); 1398 1399 /* 1400 * Don't use an address before completing DAD 1401 * nor a duplicated address. 1402 */ 1403 if (ifatoia6(ifa)->ia6_flags & 1404 (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)) 1405 continue; 1406 1407 /* 1408 * RFC 6724 allows anycast addresses as source address 1409 * because the restriction was removed in RFC 4291. 1410 * However RFC 4443 states that ICMPv6 responses 1411 * MUST use a unicast source address. 1412 * 1413 * XXX Skip anycast addresses for now since 1414 * icmp6_reflect() uses this function for source 1415 * address selection. 1416 */ 1417 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST) 1418 continue; 1419 1420 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED) 1421 continue; 1422 1423 /* 1424 * If this is the first address we find, 1425 * keep it anyway. 1426 */ 1427 if (ia6_best == NULL) 1428 goto replace; 1429 1430 /* 1431 * ia6_best is never NULL beyond this line except 1432 * within the block labeled "replace". 1433 */ 1434 1435 /* 1436 * Rule 2: Prefer appropriate scope. 1437 * Find the address with the smallest scope that is 1438 * bigger (or equal) to the scope of the destination 1439 * address. 1440 * Accept an address with smaller scope than the 1441 * destination if non exists with bigger scope. 1442 */ 1443 if (best_scope < src_scope) { 1444 if (best_scope < dst_scope) 1445 goto replace; 1446 else 1447 continue; 1448 } else if (src_scope < best_scope) { 1449 if (src_scope < dst_scope) 1450 continue; 1451 else 1452 goto replace; 1453 } 1454 1455 /* Rule 3: Avoid deprecated addresses. */ 1456 if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1457 /* 1458 * Ignore any deprecated addresses if 1459 * specified by configuration. 1460 */ 1461 if (!ip6_use_deprecated) 1462 continue; 1463 1464 /* 1465 * If we have already found a non-deprecated 1466 * candidate, just ignore deprecated addresses. 1467 */ 1468 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) 1469 == 0) 1470 continue; 1471 } else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)) 1472 goto replace; 1473 1474 /* 1475 * Rule 4: Prefer home addresses. 1476 * We do not support home addresses. 1477 */ 1478 1479 /* Rule 5: Prefer outgoing interface */ 1480 if (ia6_best->ia_ifp == oifp && ifp != oifp) 1481 continue; 1482 if (ia6_best->ia_ifp != oifp && ifp == oifp) 1483 goto replace; 1484 1485 /* 1486 * Rule 5.5: Prefer addresses in a prefix advertised 1487 * by the next-hop. 1488 */ 1489 if (gw6) { 1490 struct in6_addr *in6_bestgw, *in6_newgw; 1491 1492 in6_bestgw = &ia6_best->ia_gwaddr.sin6_addr; 1493 in6_newgw = &ifatoia6(ifa)->ia_gwaddr.sin6_addr; 1494 if (!IN6_ARE_ADDR_EQUAL(in6_bestgw, gw6) && 1495 IN6_ARE_ADDR_EQUAL(in6_newgw, gw6)) 1496 goto replace; 1497 } 1498 1499 /* 1500 * Rule 6: Prefer matching label. 1501 * We do not implement policy tables. 1502 */ 1503 1504 /* Rule 7: Prefer temporary addresses. */ 1505 if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1506 !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1507 continue; 1508 if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) && 1509 (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY)) 1510 goto replace; 1511 1512 /* Rule 8: Use longest matching prefix. */ 1513 tlen = in6_matchlen(IFA_IN6(ifa), dst); 1514 if (tlen > blen) { 1515#if NCARP > 0 1516 /* 1517 * Don't let carp interfaces win a tie against 1518 * the output interface based on matchlen. 1519 * We should only use a carp address if no 1520 * other interface has a usable address. 1521 * Otherwise, when communicating from a carp 1522 * master to a carp backup, the backup system 1523 * won't respond since the carp address is also 1524 * configured as a local address on the backup. 1525 * Note that carp interfaces in backup state 1526 * were already skipped above. 1527 */ 1528 if (ifp->if_type == IFT_CARP && 1529 oifp->if_type != IFT_CARP) 1530 continue; 1531#endif 1532 goto replace; 1533 } else if (tlen < blen) 1534 continue; 1535 1536 /* 1537 * If the eight rules fail to choose a single address, 1538 * the tiebreaker is implementation-specific. 1539 */ 1540 1541 /* Prefer address with highest pltime. */ 1542 if (ia6_best->ia6_updatetime + 1543 ia6_best->ia6_lifetime.ia6t_pltime < 1544 ifatoia6(ifa)->ia6_updatetime + 1545 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1546 goto replace; 1547 else if (ia6_best->ia6_updatetime + 1548 ia6_best->ia6_lifetime.ia6t_pltime > 1549 ifatoia6(ifa)->ia6_updatetime + 1550 ifatoia6(ifa)->ia6_lifetime.ia6t_pltime) 1551 continue; 1552 1553 /* Prefer address with highest vltime. */ 1554 if (ia6_best->ia6_updatetime + 1555 ia6_best->ia6_lifetime.ia6t_vltime < 1556 ifatoia6(ifa)->ia6_updatetime + 1557 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1558 goto replace; 1559 else if (ia6_best->ia6_updatetime + 1560 ia6_best->ia6_lifetime.ia6t_vltime > 1561 ifatoia6(ifa)->ia6_updatetime + 1562 ifatoia6(ifa)->ia6_lifetime.ia6t_vltime) 1563 continue; 1564 1565 continue; 1566 replace: 1567 ia6_best = ifatoia6(ifa); 1568 blen = tlen >= 0 ? tlen : 1569 in6_matchlen(IFA_IN6(ifa), dst); 1570 best_scope = 1571 in6_addrscope(&ia6_best->ia_addr.sin6_addr); 1572 } 1573 } 1574 1575 /* count statistics for future improvements */ 1576 if (ia6_best == NULL) 1577 ip6stat_inc(ip6s_sources_none); 1578 else { 1579 if (oifp == ia6_best->ia_ifp) 1580 ip6stat_inc(ip6s_sources_sameif + best_scope); 1581 else 1582 ip6stat_inc(ip6s_sources_otherif + best_scope); 1583 1584 if (best_scope == dst_scope) 1585 ip6stat_inc(ip6s_sources_samescope + best_scope); 1586 else 1587 ip6stat_inc(ip6s_sources_otherscope + best_scope); 1588 1589 if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1590 ip6stat_inc(ip6s_sources_deprecated + best_scope); 1591 } 1592 1593 return (ia6_best); 1594} 1595 1596int 1597in6if_do_dad(struct ifnet *ifp) 1598{ 1599 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 1600 return (0); 1601 1602 switch (ifp->if_type) { 1603#if NCARP > 0 1604 case IFT_CARP: 1605 /* 1606 * XXX: DAD does not work currently on carp(4) 1607 * so disable it for now. 1608 */ 1609 return (0); 1610#endif 1611 default: 1612 /* 1613 * Our DAD routine requires the interface up and running. 1614 * However, some interfaces can be up before the RUNNING 1615 * status. Additionally, users may try to assign addresses 1616 * before the interface becomes up (or running). 1617 * We simply skip DAD in such a case as a work around. 1618 * XXX: we should rather mark "tentative" on such addresses, 1619 * and do DAD after the interface becomes ready. 1620 */ 1621 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != 1622 (IFF_UP|IFF_RUNNING)) 1623 return (0); 1624 1625 return (1); 1626 } 1627} 1628