1/*	$OpenBSD: in6.c,v 1.267 2024/06/07 09:48:19 florian Exp $	*/
2/*	$KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * Copyright (c) 1982, 1986, 1991, 1993
35 *	The Regents of the University of California.  All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 *    notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 *    notice, this list of conditions and the following disclaimer in the
44 *    documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the University nor the names of its contributors
46 *    may be used to endorse or promote products derived from this software
47 *    without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 *	@(#)in.c	8.2 (Berkeley) 11/15/93
62 */
63
64#include "carp.h"
65
66#include <sys/param.h>
67#include <sys/ioctl.h>
68#include <sys/errno.h>
69#include <sys/malloc.h>
70#include <sys/socket.h>
71#include <sys/socketvar.h>
72#include <sys/sockio.h>
73#include <sys/mbuf.h>
74#include <sys/systm.h>
75#include <sys/time.h>
76#include <sys/kernel.h>
77#include <sys/syslog.h>
78
79#include <net/if.h>
80#include <net/if_dl.h>
81#include <net/if_types.h>
82#include <net/route.h>
83
84#include <netinet/in.h>
85#include <netinet/if_ether.h>
86
87#include <netinet6/in6_var.h>
88#include <netinet/ip6.h>
89#include <netinet6/ip6_var.h>
90#include <netinet6/nd6.h>
91#include <netinet6/mld6_var.h>
92#ifdef MROUTING
93#include <netinet6/ip6_mroute.h>
94#endif
95#include <netinet6/in6_ifattach.h>
96#if NCARP > 0
97#include <netinet/ip_carp.h>
98#endif
99
100/*
101 * Definitions of some constant IP6 addresses.
102 */
103const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
104const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
105const struct in6_addr in6addr_intfacelocal_allnodes =
106	IN6ADDR_INTFACELOCAL_ALLNODES_INIT;
107const struct in6_addr in6addr_linklocal_allnodes =
108	IN6ADDR_LINKLOCAL_ALLNODES_INIT;
109const struct in6_addr in6addr_linklocal_allrouters =
110	IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
111
112const struct in6_addr in6mask0 = IN6MASK0;
113const struct in6_addr in6mask32 = IN6MASK32;
114const struct in6_addr in6mask64 = IN6MASK64;
115const struct in6_addr in6mask96 = IN6MASK96;
116const struct in6_addr in6mask128 = IN6MASK128;
117
118int in6_ioctl(u_long, caddr_t, struct ifnet *, int);
119int in6_ioctl_change_ifaddr(u_long, caddr_t, struct ifnet *);
120int in6_ioctl_get(u_long, caddr_t, struct ifnet *);
121int in6_check_embed_scope(struct sockaddr_in6 *, unsigned int);
122int in6_clear_scope_id(struct sockaddr_in6 *, unsigned int);
123int in6_ifinit(struct ifnet *, struct in6_ifaddr *, int);
124void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
125
126const struct sockaddr_in6 sa6_any = {
127	sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0
128};
129
130int
131in6_mask2len(struct in6_addr *mask, u_char *lim0)
132{
133	int x = 0, y;
134	u_char *lim = lim0, *p;
135
136	/* ignore the scope_id part */
137	if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
138		lim = (u_char *)mask + sizeof(*mask);
139	for (p = (u_char *)mask; p < lim; x++, p++) {
140		if (*p != 0xff)
141			break;
142	}
143	y = 0;
144	if (p < lim) {
145		for (y = 0; y < 8; y++) {
146			if ((*p & (0x80 >> y)) == 0)
147				break;
148		}
149	}
150
151	/*
152	 * when the limit pointer is given, do a stricter check on the
153	 * remaining bits.
154	 */
155	if (p < lim) {
156		if (y != 0 && (*p & (0x00ff >> y)) != 0)
157			return (-1);
158		for (p = p + 1; p < lim; p++)
159			if (*p != 0)
160				return (-1);
161	}
162
163	return x * 8 + y;
164}
165
166int
167in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6)
168{
169	struct sockaddr *sa = mtod(nam, struct sockaddr *);
170
171	if (nam->m_len < offsetof(struct sockaddr, sa_data))
172		return EINVAL;
173	if (sa->sa_family != AF_INET6)
174		return EAFNOSUPPORT;
175	if (sa->sa_len != nam->m_len)
176		return EINVAL;
177	if (sa->sa_len != sizeof(struct sockaddr_in6))
178		return EINVAL;
179	*sin6 = satosin6(sa);
180
181	return 0;
182}
183
184int
185in6_sa2sin6(struct sockaddr *sa, struct sockaddr_in6 **sin6)
186{
187	if (sa->sa_family != AF_INET6)
188		return EAFNOSUPPORT;
189	if (sa->sa_len != sizeof(struct sockaddr_in6))
190		return EINVAL;
191	*sin6 = satosin6(sa);
192
193	return 0;
194}
195
196int
197in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
198{
199	int privileged;
200
201	privileged = 0;
202	if ((so->so_state & SS_PRIV) != 0)
203		privileged++;
204
205	switch (cmd) {
206#ifdef MROUTING
207	case SIOCGETSGCNT_IN6:
208	case SIOCGETMIFCNT_IN6:
209		return mrt6_ioctl(so, cmd, data);
210#endif /* MROUTING */
211	default:
212		return in6_ioctl(cmd, data, ifp, privileged);
213	}
214}
215
216int
217in6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged)
218{
219	if (ifp == NULL)
220		return (ENXIO);
221
222	switch (cmd) {
223	case SIOCGIFINFO_IN6:
224	case SIOCGNBRINFO_IN6:
225		return (nd6_ioctl(cmd, data, ifp));
226	case SIOCGIFDSTADDR_IN6:
227	case SIOCGIFNETMASK_IN6:
228	case SIOCGIFAFLAG_IN6:
229	case SIOCGIFALIFETIME_IN6:
230		return (in6_ioctl_get(cmd, data, ifp));
231	case SIOCAIFADDR_IN6:
232	case SIOCDIFADDR_IN6:
233		if (!privileged)
234			return (EPERM);
235		return (in6_ioctl_change_ifaddr(cmd, data, ifp));
236	case SIOCSIFADDR:
237	case SIOCSIFDSTADDR:
238	case SIOCSIFBRDADDR:
239	case SIOCSIFNETMASK:
240		/*
241		 * Do not pass those ioctl to driver handler since they are not
242		 * properly set up. Instead just error out.
243		 */
244		return (EINVAL);
245	default:
246		return (EOPNOTSUPP);
247	}
248}
249
250int
251in6_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp)
252{
253	struct	in6_ifaddr *ia6 = NULL;
254	struct	in6_aliasreq *ifra = (struct in6_aliasreq *)data;
255	struct	sockaddr *sa;
256	struct	sockaddr_in6 *sa6 = NULL;
257	int	error = 0, newifaddr = 0, plen;
258
259	/*
260	 * Find address for this interface, if it exists.
261	 *
262	 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
263	 * only, and used the first interface address as the target of other
264	 * operations (without checking ifra_addr).  This was because netinet
265	 * code/API assumed at most 1 interface address per interface.
266	 * Since IPv6 allows a node to assign multiple addresses
267	 * on a single interface, we almost always look and check the
268	 * presence of ifra_addr, and reject invalid ones here.
269	 * It also decreases duplicated code among SIOC*_IN6 operations.
270	 *
271	 * We always require users to specify a valid IPv6 address for
272	 * the corresponding operation.
273	 */
274	switch (cmd) {
275	case SIOCAIFADDR_IN6:
276		sa = sin6tosa(&ifra->ifra_addr);
277		break;
278	case SIOCDIFADDR_IN6:
279		sa = sin6tosa(&((struct in6_ifreq *)data)->ifr_addr);
280		break;
281	default:
282		panic("%s: invalid ioctl %lu", __func__, cmd);
283	}
284	if (sa->sa_family == AF_INET6) {
285		error = in6_sa2sin6(sa, &sa6);
286		if (error)
287			return (error);
288	}
289
290	KERNEL_LOCK();
291	NET_LOCK();
292
293	if (sa6 != NULL) {
294		error = in6_check_embed_scope(sa6, ifp->if_index);
295		if (error)
296			goto err;
297		error = in6_clear_scope_id(sa6, ifp->if_index);
298		if (error)
299			goto err;
300		ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
301	}
302
303	switch (cmd) {
304	case SIOCDIFADDR_IN6:
305		/*
306		 * for IPv4, we look for existing in_ifaddr here to allow
307		 * "ifconfig if0 delete" to remove the first IPv4 address on
308		 * the interface.  For IPv6, as the spec allows multiple
309		 * interface address from the day one, we consider "remove the
310		 * first one" semantics to be not preferable.
311		 */
312		if (ia6 == NULL) {
313			error = EADDRNOTAVAIL;
314			break;
315		}
316		in6_purgeaddr(&ia6->ia_ifa);
317		if_addrhooks_run(ifp);
318		break;
319
320	case SIOCAIFADDR_IN6:
321		if (ifra->ifra_addr.sin6_family != AF_INET6 ||
322		    ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
323			error = EAFNOSUPPORT;
324			break;
325		}
326
327		/* reject read-only flags */
328		if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 ||
329		    (ifra->ifra_flags & IN6_IFF_DETACHED) != 0 ||
330		    (ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
331			error = EINVAL;
332			break;
333		}
334
335		if (ia6 == NULL)
336			newifaddr = 1;
337
338		/*
339		 * Make the address tentative before joining multicast
340		 * addresses, so that corresponding MLD responses would
341		 * not have a tentative source address.
342		 */
343		if (newifaddr && in6if_do_dad(ifp))
344			ifra->ifra_flags |= IN6_IFF_TENTATIVE;
345
346		/*
347		 * first, make or update the interface address structure,
348		 * and link it to the list. try to enable inet6 if there
349		 * is no link-local yet.
350		 */
351		error = in6_ifattach(ifp);
352		if (error)
353			break;
354		error = in6_update_ifa(ifp, ifra, ia6);
355		if (error)
356			break;
357
358		ia6 = NULL;
359		if (sa6 != NULL)
360			ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
361		if (ia6 == NULL) {
362			/*
363			 * this can happen when the user specify the 0 valid
364			 * lifetime.
365			 */
366			break;
367		}
368
369		/* Perform DAD, if needed. */
370		if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
371			nd6_dad_start(&ia6->ia_ifa);
372
373		if (!newifaddr) {
374			if_addrhooks_run(ifp);
375			break;
376		}
377
378		plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
379		if ((ifp->if_flags & IFF_LOOPBACK) || plen == 128) {
380			if_addrhooks_run(ifp);
381			break;	/* No need to install a connected route. */
382		}
383
384		error = rt_ifa_add(&ia6->ia_ifa,
385		    RTF_CLONING | RTF_CONNECTED | RTF_MPATH,
386		    ia6->ia_ifa.ifa_addr, ifp->if_rdomain);
387		if (error) {
388			in6_purgeaddr(&ia6->ia_ifa);
389			break;
390		}
391		if_addrhooks_run(ifp);
392		break;
393	}
394
395err:
396	NET_UNLOCK();
397	KERNEL_UNLOCK();
398	return (error);
399}
400
401int
402in6_ioctl_get(u_long cmd, caddr_t data, struct ifnet *ifp)
403{
404	struct	in6_ifreq *ifr = (struct in6_ifreq *)data;
405	struct	in6_ifaddr *ia6 = NULL;
406	struct	sockaddr *sa;
407	struct	sockaddr_in6 *sa6 = NULL;
408	int	error = 0;
409
410	sa = sin6tosa(&ifr->ifr_addr);
411	if (sa->sa_family == AF_INET6) {
412		sa->sa_len = sizeof(struct sockaddr_in6);
413		error = in6_sa2sin6(sa, &sa6);
414		if (error)
415			return (error);
416	}
417
418	NET_LOCK_SHARED();
419
420	if (sa6 != NULL) {
421		error = in6_check_embed_scope(sa6, ifp->if_index);
422		if (error)
423			goto err;
424		error = in6_clear_scope_id(sa6, ifp->if_index);
425		if (error)
426			goto err;
427		ia6 = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
428	}
429
430	/* must think again about its semantics */
431	if (ia6 == NULL) {
432		error = EADDRNOTAVAIL;
433		goto err;
434	}
435
436	switch (cmd) {
437	case SIOCGIFDSTADDR_IN6:
438		if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
439			error = EINVAL;
440			break;
441		}
442		/*
443		 * XXX: should we check if ifa_dstaddr is NULL and return
444		 * an error?
445		 */
446		ifr->ifr_dstaddr = ia6->ia_dstaddr;
447		break;
448
449	case SIOCGIFNETMASK_IN6:
450		ifr->ifr_addr = ia6->ia_prefixmask;
451		break;
452
453	case SIOCGIFAFLAG_IN6:
454		ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
455		break;
456
457	case SIOCGIFALIFETIME_IN6:
458		ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
459		if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
460			time_t expire, maxexpire;
461			struct in6_addrlifetime *retlt =
462			    &ifr->ifr_ifru.ifru_lifetime;
463
464			/*
465			 * XXX: adjust expiration time assuming time_t is
466			 * signed.
467			 */
468			maxexpire =
469			    (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
470			if (ia6->ia6_lifetime.ia6t_vltime <
471			    maxexpire - ia6->ia6_updatetime) {
472				expire = ia6->ia6_updatetime +
473				    ia6->ia6_lifetime.ia6t_vltime;
474				if (expire != 0) {
475					expire -= getuptime();
476					expire += gettime();
477				}
478				retlt->ia6t_expire = expire;
479			} else
480				retlt->ia6t_expire = maxexpire;
481		}
482		if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
483			time_t expire, maxexpire;
484			struct in6_addrlifetime *retlt =
485			    &ifr->ifr_ifru.ifru_lifetime;
486
487			/*
488			 * XXX: adjust expiration time assuming time_t is
489			 * signed.
490			 */
491			maxexpire =
492			    (time_t)~(1ULL << ((sizeof(maxexpire) * 8) - 1));
493			if (ia6->ia6_lifetime.ia6t_pltime <
494			    maxexpire - ia6->ia6_updatetime) {
495				expire = ia6->ia6_updatetime +
496				    ia6->ia6_lifetime.ia6t_pltime;
497				if (expire != 0) {
498					expire -= getuptime();
499					expire += gettime();
500				}
501				retlt->ia6t_preferred = expire;
502			} else
503				retlt->ia6t_preferred = maxexpire;
504		}
505		break;
506
507	default:
508		panic("%s: invalid ioctl %lu", __func__, cmd);
509	}
510
511err:
512	NET_UNLOCK_SHARED();
513	return (error);
514}
515
516int
517in6_check_embed_scope(struct sockaddr_in6 *sa6, unsigned int ifidx)
518{
519	if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
520		if (sa6->sin6_addr.s6_addr16[1] == 0) {
521			/* link ID is not embedded by the user */
522			sa6->sin6_addr.s6_addr16[1] = htons(ifidx);
523		} else if (sa6->sin6_addr.s6_addr16[1] != htons(ifidx))
524			return EINVAL;	/* link ID contradicts */
525	}
526	return 0;
527}
528
529int
530in6_clear_scope_id(struct sockaddr_in6 *sa6, unsigned int ifidx)
531{
532	if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
533		if (sa6->sin6_scope_id) {
534			if (sa6->sin6_scope_id != (u_int32_t)ifidx)
535				return EINVAL;
536			sa6->sin6_scope_id = 0; /* XXX: good way? */
537		}
538	}
539	return 0;
540}
541
542/*
543 * Update parameters of an IPv6 interface address.
544 * If necessary, a new entry is created and linked into address chains.
545 * This function is separated from in6_control().
546 */
547int
548in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
549    struct in6_ifaddr *ia6)
550{
551	int error = 0, hostIsNew = 0, plen = -1;
552	struct sockaddr_in6 dst6, gw6;
553	struct in6_addrlifetime *lt;
554	struct in6_multi_mship *imm;
555	struct rtentry *rt;
556	char addr[INET6_ADDRSTRLEN];
557
558	NET_ASSERT_LOCKED();
559
560	/* Validate parameters */
561	if (ifp == NULL || ifra == NULL) /* this maybe redundant */
562		return (EINVAL);
563
564	/*
565	 * The destination address for a p2p link or the address of the
566	 * announcing router for an autoconf address must have a family of
567	 * AF_UNSPEC or AF_INET6.
568	 */
569	if ((ifp->if_flags & IFF_POINTOPOINT) ||
570	    (ifp->if_flags & IFF_LOOPBACK) ||
571	    (ifra->ifra_flags & IN6_IFF_AUTOCONF)) {
572		if (ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
573		    ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
574			return (EAFNOSUPPORT);
575
576	} else if (ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
577			return (EINVAL);
578
579	/*
580	 * validate ifra_prefixmask.  don't check sin6_family, netmask
581	 * does not carry fields other than sin6_len.
582	 */
583	if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
584		return (EINVAL);
585	/*
586	 * Because the IPv6 address architecture is classless, we require
587	 * users to specify a (non 0) prefix length (mask) for a new address.
588	 * We also require the prefix (when specified) mask is valid, and thus
589	 * reject a non-consecutive mask.
590	 */
591	if (ia6 == NULL && ifra->ifra_prefixmask.sin6_len == 0)
592		return (EINVAL);
593	if (ifra->ifra_prefixmask.sin6_len != 0) {
594		plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
595		    (u_char *)&ifra->ifra_prefixmask +
596		    ifra->ifra_prefixmask.sin6_len);
597		if (plen <= 0)
598			return (EINVAL);
599	} else {
600		/*
601		 * In this case, ia6 must not be NULL.  We just use its prefix
602		 * length.
603		 */
604		plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
605	}
606
607	if (ifra->ifra_flags & IN6_IFF_AUTOCONF) {
608		gw6 = ifra->ifra_dstaddr;
609		memset(&dst6, 0, sizeof(dst6));
610	} else {
611		dst6 = ifra->ifra_dstaddr;
612		memset(&gw6, 0, sizeof(gw6));
613	}
614	if (dst6.sin6_family == AF_INET6) {
615		error = in6_check_embed_scope(&dst6, ifp->if_index);
616		if (error)
617			return error;
618
619		if (((ifp->if_flags & IFF_POINTOPOINT) ||
620		    (ifp->if_flags & IFF_LOOPBACK)) && plen != 128)
621			return (EINVAL);
622	}
623	if (gw6.sin6_family == AF_INET6) {
624		error = in6_check_embed_scope(&gw6, ifp->if_index);
625		if (error)
626			return error;
627	}
628	/* lifetime consistency check */
629	lt = &ifra->ifra_lifetime;
630	if (lt->ia6t_pltime > lt->ia6t_vltime)
631		return (EINVAL);
632	if (lt->ia6t_vltime == 0) {
633		/*
634		 * the following log might be noisy, but this is a typical
635		 * configuration mistake or a tool's bug.
636		 */
637		nd6log((LOG_INFO, "%s: valid lifetime is 0 for %s\n", __func__,
638		    inet_ntop(AF_INET6, &ifra->ifra_addr.sin6_addr,
639		    addr, sizeof(addr))));
640
641		if (ia6 == NULL)
642			return (0); /* there's nothing to do */
643	}
644
645	/*
646	 * If this is a new address, allocate a new ifaddr and link it
647	 * into chains.
648	 */
649	if (ia6 == NULL) {
650		hostIsNew = 1;
651		ia6 = malloc(sizeof(*ia6), M_IFADDR, M_WAITOK | M_ZERO);
652		refcnt_init_trace(&ia6->ia_ifa.ifa_refcnt,
653		    DT_REFCNT_IDX_IFADDR);
654		LIST_INIT(&ia6->ia6_memberships);
655		/* Initialize the address and masks, and put time stamp */
656		ia6->ia_ifa.ifa_addr = sin6tosa(&ia6->ia_addr);
657		ia6->ia_addr.sin6_family = AF_INET6;
658		ia6->ia_addr.sin6_len = sizeof(ia6->ia_addr);
659		ia6->ia6_updatetime = getuptime();
660		if ((ifp->if_flags & IFF_POINTOPOINT) ||
661		    (ifp->if_flags & IFF_LOOPBACK)) {
662			/*
663			 * XXX: some functions expect that ifa_dstaddr is not
664			 * NULL for p2p interfaces.
665			 */
666			ia6->ia_ifa.ifa_dstaddr = sin6tosa(&ia6->ia_dstaddr);
667		} else {
668			ia6->ia_ifa.ifa_dstaddr = NULL;
669		}
670		ia6->ia_ifa.ifa_netmask = sin6tosa(&ia6->ia_prefixmask);
671
672		ia6->ia_ifp = ifp;
673		ia6->ia_addr = ifra->ifra_addr;
674		ifa_add(ifp, &ia6->ia_ifa);
675	}
676
677	/* set prefix mask */
678	if (ifra->ifra_prefixmask.sin6_len) {
679		/*
680		 * We prohibit changing the prefix length of an existing
681		 * address, because
682		 * + such an operation should be rare in IPv6, and
683		 * + the operation would confuse prefix management.
684		 */
685		if (ia6->ia_prefixmask.sin6_len &&
686		    in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL) != plen) {
687			error = EINVAL;
688			goto unlink;
689		}
690		ia6->ia_prefixmask = ifra->ifra_prefixmask;
691	}
692
693	/*
694	 * If a new destination address is specified, scrub the old one and
695	 * install the new destination.
696	 */
697	if (((ifp->if_flags & IFF_POINTOPOINT)  ||
698	    (ifp->if_flags & IFF_LOOPBACK)) && dst6.sin6_family == AF_INET6 &&
699	    !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_dstaddr.sin6_addr)) {
700		struct ifaddr *ifa = &ia6->ia_ifa;
701
702		if ((ia6->ia_flags & IFA_ROUTE) != 0 &&
703		    rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
704		     ifp->if_rdomain) != 0) {
705			nd6log((LOG_ERR, "%s: failed to remove a route "
706			    "to the old destination: %s\n", __func__,
707			    inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
708			    addr, sizeof(addr))));
709			/* proceed anyway... */
710		} else
711			ia6->ia_flags &= ~IFA_ROUTE;
712		ia6->ia_dstaddr = dst6;
713	}
714
715	if ((ifra->ifra_flags & IN6_IFF_AUTOCONF) &&
716	    gw6.sin6_family == AF_INET6 &&
717	    !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia6->ia_gwaddr.sin6_addr)) {
718		/* Set or update announcing router */
719		ia6->ia_gwaddr = gw6;
720	}
721
722	/*
723	 * Set lifetimes.  We do not refer to ia6t_expire and ia6t_preferred
724	 * to see if the address is deprecated or invalidated, but initialize
725	 * these members for applications.
726	 */
727	ia6->ia6_updatetime = getuptime();
728	ia6->ia6_lifetime = ifra->ifra_lifetime;
729	if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
730		ia6->ia6_lifetime.ia6t_expire =
731		    getuptime() + ia6->ia6_lifetime.ia6t_vltime;
732	} else
733		ia6->ia6_lifetime.ia6t_expire = 0;
734	if (ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
735		ia6->ia6_lifetime.ia6t_preferred =
736		    getuptime() + ia6->ia6_lifetime.ia6t_pltime;
737	} else
738		ia6->ia6_lifetime.ia6t_preferred = 0;
739
740	/* reset the interface and routing table appropriately. */
741	if ((error = in6_ifinit(ifp, ia6, hostIsNew)) != 0)
742		goto unlink;
743
744	/* re-run DAD */
745	if (ia6->ia6_flags & (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
746		ifra->ifra_flags |= IN6_IFF_TENTATIVE;
747	/*
748	 * configure address flags.
749	 */
750	ia6->ia6_flags = ifra->ifra_flags;
751
752	nd6_expire_timer_update(ia6);
753
754	/*
755	 * We are done if we have simply modified an existing address.
756	 */
757	if (!hostIsNew) {
758		/* DAD sends RTM_CHGADDRATTR when done. */
759		if (!(ia6->ia6_flags & IN6_IFF_TENTATIVE))
760			rtm_addr(RTM_CHGADDRATTR, &ia6->ia_ifa);
761		return (error);
762	}
763
764	/*
765	 * Beyond this point, we should call in6_purgeaddr upon an error,
766	 * not just go to unlink.
767	 */
768
769	/* join necessary multiast groups */
770	if ((ifp->if_flags & IFF_MULTICAST) != 0) {
771		struct sockaddr_in6 mltaddr, mltmask;
772
773		/* join solicited multicast addr for new host id */
774		struct sockaddr_in6 llsol;
775
776		bzero(&llsol, sizeof(llsol));
777		llsol.sin6_family = AF_INET6;
778		llsol.sin6_len = sizeof(llsol);
779		llsol.sin6_addr.s6_addr16[0] = htons(0xff02);
780		llsol.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
781		llsol.sin6_addr.s6_addr32[1] = 0;
782		llsol.sin6_addr.s6_addr32[2] = htonl(1);
783		llsol.sin6_addr.s6_addr32[3] =
784		    ifra->ifra_addr.sin6_addr.s6_addr32[3];
785		llsol.sin6_addr.s6_addr8[12] = 0xff;
786		imm = in6_joingroup(ifp, &llsol.sin6_addr, &error);
787		if (!imm)
788			goto cleanup;
789		LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
790
791		bzero(&mltmask, sizeof(mltmask));
792		mltmask.sin6_len = sizeof(struct sockaddr_in6);
793		mltmask.sin6_family = AF_INET6;
794		mltmask.sin6_addr = in6mask32;
795
796		/*
797		 * join link-local all-nodes address
798		 */
799		bzero(&mltaddr, sizeof(mltaddr));
800		mltaddr.sin6_len = sizeof(struct sockaddr_in6);
801		mltaddr.sin6_family = AF_INET6;
802		mltaddr.sin6_addr = in6addr_linklocal_allnodes;
803		mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
804		mltaddr.sin6_scope_id = 0;
805
806		/*
807		 * XXX: do we really need this automatic routes?
808		 * We should probably reconsider this stuff.  Most applications
809		 * actually do not need the routes, since they usually specify
810		 * the outgoing interface.
811		 */
812		rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
813		if (rt) {
814			/* 32bit came from "mltmask" */
815			if (memcmp(&mltaddr.sin6_addr,
816			    &satosin6(rt_key(rt))->sin6_addr,
817			    32 / 8)) {
818				rtfree(rt);
819				rt = NULL;
820			}
821		}
822		if (!rt) {
823			struct rt_addrinfo info;
824
825			bzero(&info, sizeof(info));
826			info.rti_ifa = &ia6->ia_ifa;
827			info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
828			info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
829			info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
830			info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
831			info.rti_flags = RTF_MULTICAST;
832			error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
833			    ifp->if_rdomain);
834			if (error)
835				goto cleanup;
836		} else {
837			rtfree(rt);
838		}
839		imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
840		if (!imm)
841			goto cleanup;
842		LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
843
844		/*
845		 * join interface-local all-nodes address.
846		 * (ff01::1%ifN, and ff01::%ifN/32)
847		 */
848		bzero(&mltaddr, sizeof(mltaddr));
849		mltaddr.sin6_len = sizeof(struct sockaddr_in6);
850		mltaddr.sin6_family = AF_INET6;
851		mltaddr.sin6_addr = in6addr_intfacelocal_allnodes;
852		mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
853		mltaddr.sin6_scope_id = 0;
854
855		/* XXX: again, do we really need the route? */
856		rt = rtalloc(sin6tosa(&mltaddr), 0, ifp->if_rdomain);
857		if (rt) {
858			/* 32bit came from "mltmask" */
859			if (memcmp(&mltaddr.sin6_addr,
860			    &satosin6(rt_key(rt))->sin6_addr,
861			    32 / 8)) {
862				rtfree(rt);
863				rt = NULL;
864			}
865		}
866		if (!rt) {
867			struct rt_addrinfo info;
868
869			bzero(&info, sizeof(info));
870			info.rti_ifa = &ia6->ia_ifa;
871			info.rti_info[RTAX_DST] = sin6tosa(&mltaddr);
872			info.rti_info[RTAX_GATEWAY] = sin6tosa(&ia6->ia_addr);
873			info.rti_info[RTAX_NETMASK] = sin6tosa(&mltmask);
874			info.rti_info[RTAX_IFA] = sin6tosa(&ia6->ia_addr);
875			info.rti_flags = RTF_MULTICAST;
876			error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, NULL,
877			    ifp->if_rdomain);
878			if (error)
879				goto cleanup;
880		} else {
881			rtfree(rt);
882		}
883		imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
884		if (!imm)
885			goto cleanup;
886		LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
887	}
888
889	return (error);
890
891  unlink:
892	/*
893	 * XXX: if a change of an existing address failed, keep the entry
894	 * anyway.
895	 */
896	if (hostIsNew)
897		in6_unlink_ifa(ia6, ifp);
898	return (error);
899
900  cleanup:
901	in6_purgeaddr(&ia6->ia_ifa);
902	return error;
903}
904
905void
906in6_purgeaddr(struct ifaddr *ifa)
907{
908	struct ifnet *ifp = ifa->ifa_ifp;
909	struct in6_ifaddr *ia6 = ifatoia6(ifa);
910	struct in6_multi_mship *imm;
911
912	/* stop DAD processing */
913	nd6_dad_stop(ifa);
914
915	/*
916	 * delete route to the destination of the address being purged.
917	 * The interface must be p2p or loopback in this case.
918	 */
919	if ((ifp->if_flags & IFF_POINTOPOINT) && (ia6->ia_flags & IFA_ROUTE) &&
920	    ia6->ia_dstaddr.sin6_len != 0) {
921		int e;
922
923		e = rt_ifa_del(ifa, RTF_HOST, ifa->ifa_dstaddr,
924		    ifp->if_rdomain);
925		if (e != 0) {
926			char addr[INET6_ADDRSTRLEN];
927			log(LOG_ERR, "in6_purgeaddr: failed to remove "
928			    "a route to the p2p destination: %s on %s, "
929			    "errno=%d\n",
930			    inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
931				addr, sizeof(addr)),
932			    ifp->if_xname, e);
933			/* proceed anyway... */
934		} else
935			ia6->ia_flags &= ~IFA_ROUTE;
936	}
937
938	/* Remove ownaddr's loopback rtentry, if it exists. */
939	rt_ifa_dellocal(&(ia6->ia_ifa));
940
941	/*
942	 * leave from multicast groups we have joined for the interface
943	 */
944	while (!LIST_EMPTY(&ia6->ia6_memberships)) {
945		imm = LIST_FIRST(&ia6->ia6_memberships);
946		LIST_REMOVE(imm, i6mm_chain);
947		in6_leavegroup(imm);
948	}
949
950	in6_unlink_ifa(ia6, ifp);
951}
952
953void
954in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
955{
956	struct ifaddr *ifa = &ia6->ia_ifa;
957	int plen;
958
959	NET_ASSERT_LOCKED();
960
961	/* Release the reference to the base prefix. */
962	plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
963	if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) {
964		rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED,
965		    ifa->ifa_addr, ifp->if_rdomain);
966	}
967
968	rt_ifa_purge(ifa);
969	ifa_del(ifp, ifa);
970
971	ia6->ia_ifp = NULL;
972	ifafree(ifa);
973}
974
975/*
976 * Initialize an interface's inet6 address
977 * and routing table entry.
978 */
979int
980in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost)
981{
982	int	error = 0, plen, ifacount = 0;
983	struct ifaddr *ifa;
984
985	NET_ASSERT_LOCKED();
986
987	/*
988	 * Give the interface a chance to initialize
989	 * if this is its first address (or it is a CARP interface)
990	 * and to validate the address if necessary.
991	 */
992	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
993		if (ifa->ifa_addr->sa_family != AF_INET6)
994			continue;
995		ifacount++;
996	}
997
998	if ((ifacount <= 1 || ifp->if_type == IFT_CARP ||
999	    (ifp->if_flags & (IFF_LOOPBACK|IFF_POINTOPOINT))) &&
1000	    (error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) {
1001		return (error);
1002	}
1003
1004	ia6->ia_ifa.ifa_metric = ifp->if_metric;
1005
1006	/* we could do in(6)_socktrim here, but just omit it at this moment. */
1007
1008	/*
1009	 * Special case:
1010	 * If the destination address is specified for a point-to-point
1011	 * interface, install a route to the destination as an interface
1012	 * direct route.
1013	 */
1014	plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL); /* XXX */
1015	if ((ifp->if_flags & IFF_POINTOPOINT) && plen == 128 &&
1016	    ia6->ia_dstaddr.sin6_family == AF_INET6) {
1017		ifa = &ia6->ia_ifa;
1018		error = rt_ifa_add(ifa, RTF_HOST | RTF_MPATH,
1019		    ifa->ifa_dstaddr, ifp->if_rdomain);
1020		if (error != 0)
1021			return (error);
1022		ia6->ia_flags |= IFA_ROUTE;
1023	}
1024
1025	if (newhost)
1026		error = rt_ifa_addlocal(&(ia6->ia_ifa));
1027
1028	return (error);
1029}
1030
1031/*
1032 * Add an address to the list of IP6 multicast addresses for a
1033 * given interface.
1034 */
1035struct in6_multi *
1036in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, int *errorp)
1037{
1038	struct	in6_ifreq ifr;
1039	struct	in6_multi *in6m;
1040
1041	NET_ASSERT_LOCKED();
1042
1043	*errorp = 0;
1044	/*
1045	 * See if address already in list.
1046	 */
1047	IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1048	if (in6m != NULL) {
1049		/*
1050		 * Found it; just increment the reference count.
1051		 */
1052		refcnt_take(&in6m->in6m_refcnt);
1053	} else {
1054		/*
1055		 * New address; allocate a new multicast record
1056		 * and link it into the interface's multicast list.
1057		 */
1058		in6m = malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT | M_ZERO);
1059		if (in6m == NULL) {
1060			*errorp = ENOBUFS;
1061			return (NULL);
1062		}
1063
1064		in6m->in6m_sin.sin6_len = sizeof(struct sockaddr_in6);
1065		in6m->in6m_sin.sin6_family = AF_INET6;
1066		in6m->in6m_sin.sin6_addr = *maddr6;
1067		refcnt_init_trace(&in6m->in6m_refcnt, DT_REFCNT_IDX_IFMADDR);
1068		in6m->in6m_ifidx = ifp->if_index;
1069		in6m->in6m_ifma.ifma_addr = sin6tosa(&in6m->in6m_sin);
1070
1071		/*
1072		 * Ask the network driver to update its multicast reception
1073		 * filter appropriately for the new address.
1074		 */
1075		memcpy(&ifr.ifr_addr, &in6m->in6m_sin, sizeof(in6m->in6m_sin));
1076		KERNEL_LOCK();
1077		*errorp = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, (caddr_t)&ifr);
1078		KERNEL_UNLOCK();
1079		if (*errorp) {
1080			free(in6m, M_IPMADDR, sizeof(*in6m));
1081			return (NULL);
1082		}
1083
1084		TAILQ_INSERT_HEAD(&ifp->if_maddrlist, &in6m->in6m_ifma,
1085		    ifma_list);
1086
1087		/*
1088		 * Let MLD6 know that we have joined a new IP6 multicast
1089		 * group.
1090		 */
1091		mld6_start_listening(in6m);
1092	}
1093
1094	return (in6m);
1095}
1096
1097/*
1098 * Delete a multicast address record.
1099 */
1100void
1101in6_delmulti(struct in6_multi *in6m)
1102{
1103	struct	in6_ifreq ifr;
1104	struct	ifnet *ifp;
1105
1106	NET_ASSERT_LOCKED();
1107
1108	if (refcnt_rele(&in6m->in6m_refcnt) != 0) {
1109		/*
1110		 * No remaining claims to this record; let MLD6 know
1111		 * that we are leaving the multicast group.
1112		 */
1113		mld6_stop_listening(in6m);
1114		ifp = if_get(in6m->in6m_ifidx);
1115
1116		/*
1117		 * Notify the network driver to update its multicast
1118		 * reception filter.
1119		 */
1120		if (ifp != NULL) {
1121			bzero(&ifr.ifr_addr, sizeof(struct sockaddr_in6));
1122			ifr.ifr_addr.sin6_len = sizeof(struct sockaddr_in6);
1123			ifr.ifr_addr.sin6_family = AF_INET6;
1124			ifr.ifr_addr.sin6_addr = in6m->in6m_addr;
1125			KERNEL_LOCK();
1126			(*ifp->if_ioctl)(ifp, SIOCDELMULTI, (caddr_t)&ifr);
1127			KERNEL_UNLOCK();
1128
1129			TAILQ_REMOVE(&ifp->if_maddrlist, &in6m->in6m_ifma,
1130			    ifma_list);
1131		}
1132		if_put(ifp);
1133
1134		free(in6m, M_IPMADDR, sizeof(*in6m));
1135	}
1136}
1137
1138/*
1139 * Return 1 if the multicast group represented by ``maddr6'' has been
1140 * joined by interface ``ifp'', 0 otherwise.
1141 */
1142int
1143in6_hasmulti(struct in6_addr *maddr6, struct ifnet *ifp)
1144{
1145	struct in6_multi *in6m;
1146	int joined;
1147
1148	IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
1149	joined = (in6m != NULL);
1150
1151	return (joined);
1152}
1153
1154struct in6_multi_mship *
1155in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, int *errorp)
1156{
1157	struct in6_multi_mship *imm;
1158
1159	imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT);
1160	if (!imm) {
1161		*errorp = ENOBUFS;
1162		return NULL;
1163	}
1164	imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp);
1165	if (!imm->i6mm_maddr) {
1166		/* *errorp is already set */
1167		free(imm, M_IPMADDR, sizeof(*imm));
1168		return NULL;
1169	}
1170	return imm;
1171}
1172
1173void
1174in6_leavegroup(struct in6_multi_mship *imm)
1175{
1176
1177	if (imm->i6mm_maddr)
1178		in6_delmulti(imm->i6mm_maddr);
1179	free(imm,  M_IPMADDR, sizeof(*imm));
1180}
1181
1182/*
1183 * Find an IPv6 interface link-local address specific to an interface.
1184 */
1185struct in6_ifaddr *
1186in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1187{
1188	struct ifaddr *ifa;
1189
1190	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1191		if (ifa->ifa_addr->sa_family != AF_INET6)
1192			continue;
1193		if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1194			if ((ifatoia6(ifa)->ia6_flags & ignoreflags) != 0)
1195				continue;
1196			break;
1197		}
1198	}
1199
1200	return (ifatoia6(ifa));
1201}
1202
1203
1204/*
1205 * find the internet address corresponding to a given interface and address.
1206 */
1207struct in6_ifaddr *
1208in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
1209{
1210	struct ifaddr *ifa;
1211
1212	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1213		if (ifa->ifa_addr->sa_family != AF_INET6)
1214			continue;
1215		if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
1216			break;
1217	}
1218
1219	return (ifatoia6(ifa));
1220}
1221
1222/*
1223 * Get a scope of the address. Node-local, link-local, site-local or global.
1224 */
1225int
1226in6_addrscope(struct in6_addr *addr)
1227{
1228	int scope;
1229
1230	if (addr->s6_addr8[0] == 0xfe) {
1231		scope = addr->s6_addr8[1] & 0xc0;
1232
1233		switch (scope) {
1234		case 0x80:
1235			return __IPV6_ADDR_SCOPE_LINKLOCAL;
1236			break;
1237		case 0xc0:
1238			return __IPV6_ADDR_SCOPE_SITELOCAL;
1239			break;
1240		default:
1241			return __IPV6_ADDR_SCOPE_GLOBAL; /* just in case */
1242			break;
1243		}
1244	}
1245
1246
1247	if (addr->s6_addr8[0] == 0xff) {
1248		scope = addr->s6_addr8[1] & 0x0f;
1249
1250		/*
1251		 * due to other scope such as reserved,
1252		 * return scope doesn't work.
1253		 */
1254		switch (scope) {
1255		case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1256			return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1257			break;
1258		case __IPV6_ADDR_SCOPE_LINKLOCAL:
1259			return __IPV6_ADDR_SCOPE_LINKLOCAL;
1260			break;
1261		case __IPV6_ADDR_SCOPE_SITELOCAL:
1262			return __IPV6_ADDR_SCOPE_SITELOCAL;
1263			break;
1264		default:
1265			return __IPV6_ADDR_SCOPE_GLOBAL;
1266			break;
1267		}
1268	}
1269
1270	if (bcmp(&in6addr_loopback, addr, sizeof(*addr) - 1) == 0) {
1271		if (addr->s6_addr8[15] == 1) /* loopback */
1272			return __IPV6_ADDR_SCOPE_INTFACELOCAL;
1273		if (addr->s6_addr8[15] == 0) /* unspecified */
1274			return __IPV6_ADDR_SCOPE_LINKLOCAL;
1275	}
1276
1277	return __IPV6_ADDR_SCOPE_GLOBAL;
1278}
1279
1280int
1281in6_addr2scopeid(unsigned int ifidx, struct in6_addr *addr)
1282{
1283	int scope = in6_addrscope(addr);
1284
1285	switch(scope) {
1286	case __IPV6_ADDR_SCOPE_INTFACELOCAL:
1287	case __IPV6_ADDR_SCOPE_LINKLOCAL:
1288		/* XXX: we do not distinguish between a link and an I/F. */
1289		return (ifidx);
1290
1291	case __IPV6_ADDR_SCOPE_SITELOCAL:
1292		return (0);	/* XXX: invalid. */
1293
1294	default:
1295		return (0);	/* XXX: treat as global. */
1296	}
1297}
1298
1299/*
1300 * return length of part which dst and src are equal
1301 * hard coding...
1302 */
1303int
1304in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
1305{
1306	int match = 0;
1307	u_char *s = (u_char *)src, *d = (u_char *)dst;
1308	u_char *lim = s + 16, r;
1309
1310	while (s < lim)
1311		if ((r = (*d++ ^ *s++)) != 0) {
1312			while (r < 128) {
1313				match++;
1314				r <<= 1;
1315			}
1316			break;
1317		} else
1318			match += 8;
1319	return match;
1320}
1321
1322void
1323in6_prefixlen2mask(struct in6_addr *maskp, int len)
1324{
1325	u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
1326	int bytelen, bitlen, i;
1327
1328	/* sanity check */
1329	if (0 > len || len > 128) {
1330		log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
1331		    len);
1332		return;
1333	}
1334
1335	bzero(maskp, sizeof(*maskp));
1336	bytelen = len / 8;
1337	bitlen = len % 8;
1338	for (i = 0; i < bytelen; i++)
1339		maskp->s6_addr[i] = 0xff;
1340	/* len == 128 is ok because bitlen == 0 then */
1341	if (bitlen)
1342		maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
1343}
1344
1345/*
1346 * return the best address out of the same scope
1347 */
1348struct in6_ifaddr *
1349in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain,
1350    struct rtentry *rt)
1351{
1352	int dst_scope =	in6_addrscope(dst), src_scope, best_scope = 0;
1353	int blen = -1;
1354	struct ifaddr *ifa;
1355	struct ifnet *ifp;
1356	struct in6_ifaddr *ia6_best = NULL;
1357	struct in6_addr *gw6 = NULL;
1358
1359	if (rt) {
1360		if (rt->rt_gateway != NULL &&
1361		    rt->rt_gateway->sa_family == AF_INET6)
1362			gw6 = &(satosin6(rt->rt_gateway)->sin6_addr);
1363	}
1364
1365	if (oifp == NULL) {
1366		printf("%s: output interface is not specified\n", __func__);
1367		return (NULL);
1368	}
1369
1370	/* We search for all addresses on all interfaces from the beginning. */
1371	TAILQ_FOREACH(ifp, &ifnetlist, if_list) {
1372		if (ifp->if_rdomain != rdomain)
1373			continue;
1374#if NCARP > 0
1375		/*
1376		 * Never use a carp address of an interface which is not
1377		 * the master.
1378		 */
1379		if (ifp->if_type == IFT_CARP && !carp_iamatch(ifp))
1380			continue;
1381#endif
1382
1383		/*
1384		 * We can never take an address that breaks the scope zone
1385		 * of the destination.
1386		 */
1387		if (in6_addr2scopeid(ifp->if_index, dst) !=
1388		    in6_addr2scopeid(oifp->if_index, dst))
1389			continue;
1390
1391		TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
1392			int tlen = -1;
1393
1394			if (ifa->ifa_addr->sa_family != AF_INET6)
1395				continue;
1396
1397			src_scope = in6_addrscope(IFA_IN6(ifa));
1398
1399			/*
1400			 * Don't use an address before completing DAD
1401			 * nor a duplicated address.
1402			 */
1403			if (ifatoia6(ifa)->ia6_flags &
1404			    (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
1405				continue;
1406
1407			/*
1408			 * RFC 6724 allows anycast addresses as source address
1409			 * because the restriction was removed in RFC 4291.
1410			 * However RFC 4443 states that ICMPv6 responses
1411			 * MUST use a unicast source address.
1412			 *
1413			 * XXX Skip anycast addresses for now since
1414			 * icmp6_reflect() uses this function for source
1415			 * address selection.
1416			 */
1417			if (ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST)
1418				continue;
1419
1420			if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DETACHED)
1421				continue;
1422
1423			/*
1424			 * If this is the first address we find,
1425			 * keep it anyway.
1426			 */
1427			if (ia6_best == NULL)
1428				goto replace;
1429
1430			/*
1431			 * ia6_best is never NULL beyond this line except
1432			 * within the block labeled "replace".
1433			 */
1434
1435			/*
1436			 * Rule 2: Prefer appropriate scope.
1437			 * Find the address with the smallest scope that is
1438			 * bigger (or equal) to the scope of the destination
1439			 * address.
1440			 * Accept an address with smaller scope than the
1441			 * destination if non exists with bigger scope.
1442			 */
1443			if (best_scope < src_scope) {
1444				if (best_scope < dst_scope)
1445					goto replace;
1446				else
1447					continue;
1448			} else if (src_scope < best_scope) {
1449				if (src_scope < dst_scope)
1450					continue;
1451				else
1452					goto replace;
1453			}
1454
1455			/* Rule 3: Avoid deprecated addresses. */
1456			if (ifatoia6(ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1457				/*
1458				 * Ignore any deprecated addresses if
1459				 * specified by configuration.
1460				 */
1461				if (!ip6_use_deprecated)
1462					continue;
1463
1464				/*
1465				 * If we have already found a non-deprecated
1466				 * candidate, just ignore deprecated addresses.
1467				 */
1468				if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED)
1469				    == 0)
1470					continue;
1471			} else if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED))
1472				goto replace;
1473
1474			/*
1475			 * Rule 4: Prefer home addresses.
1476			 * We do not support home addresses.
1477			 */
1478
1479			/* Rule 5: Prefer outgoing interface */
1480			if (ia6_best->ia_ifp == oifp && ifp != oifp)
1481				continue;
1482			if (ia6_best->ia_ifp != oifp && ifp == oifp)
1483				goto replace;
1484
1485			/*
1486			 * Rule 5.5: Prefer addresses in a prefix advertised
1487			 * by the next-hop.
1488			 */
1489			if (gw6) {
1490				struct in6_addr *in6_bestgw, *in6_newgw;
1491
1492				in6_bestgw = &ia6_best->ia_gwaddr.sin6_addr;
1493				in6_newgw = &ifatoia6(ifa)->ia_gwaddr.sin6_addr;
1494				if (!IN6_ARE_ADDR_EQUAL(in6_bestgw, gw6) &&
1495				    IN6_ARE_ADDR_EQUAL(in6_newgw, gw6))
1496					goto replace;
1497			}
1498
1499			/*
1500			 * Rule 6: Prefer matching label.
1501			 * We do not implement policy tables.
1502			 */
1503
1504			/* Rule 7: Prefer temporary addresses. */
1505			if ((ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1506			    !(ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1507				continue;
1508			if (!(ia6_best->ia6_flags & IN6_IFF_TEMPORARY) &&
1509			    (ifatoia6(ifa)->ia6_flags & IN6_IFF_TEMPORARY))
1510				goto replace;
1511
1512			/* Rule 8: Use longest matching prefix. */
1513			tlen = in6_matchlen(IFA_IN6(ifa), dst);
1514			if (tlen > blen) {
1515#if NCARP > 0
1516				/*
1517				 * Don't let carp interfaces win a tie against
1518				 * the output interface based on matchlen.
1519				 * We should only use a carp address if no
1520				 * other interface has a usable address.
1521				 * Otherwise, when communicating from a carp
1522				 * master to a carp backup, the backup system
1523				 * won't respond since the carp address is also
1524				 * configured as a local address on the backup.
1525				 * Note that carp interfaces in backup state
1526				 * were already skipped above.
1527				 */
1528				if (ifp->if_type == IFT_CARP &&
1529				    oifp->if_type != IFT_CARP)
1530					continue;
1531#endif
1532				goto replace;
1533			} else if (tlen < blen)
1534				continue;
1535
1536			/*
1537			 * If the eight rules fail to choose a single address,
1538			 * the tiebreaker is implementation-specific.
1539			 */
1540
1541			 /* Prefer address with highest pltime. */
1542			if (ia6_best->ia6_updatetime +
1543			    ia6_best->ia6_lifetime.ia6t_pltime <
1544			    ifatoia6(ifa)->ia6_updatetime +
1545			    ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1546				goto replace;
1547			else if (ia6_best->ia6_updatetime +
1548			    ia6_best->ia6_lifetime.ia6t_pltime >
1549			    ifatoia6(ifa)->ia6_updatetime +
1550			    ifatoia6(ifa)->ia6_lifetime.ia6t_pltime)
1551				continue;
1552
1553			/* Prefer address with highest vltime. */
1554			if (ia6_best->ia6_updatetime +
1555			    ia6_best->ia6_lifetime.ia6t_vltime <
1556			    ifatoia6(ifa)->ia6_updatetime +
1557			    ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1558				goto replace;
1559			else if (ia6_best->ia6_updatetime +
1560			    ia6_best->ia6_lifetime.ia6t_vltime >
1561			    ifatoia6(ifa)->ia6_updatetime +
1562			    ifatoia6(ifa)->ia6_lifetime.ia6t_vltime)
1563				continue;
1564
1565			continue;
1566		  replace:
1567			ia6_best = ifatoia6(ifa);
1568			blen = tlen >= 0 ? tlen :
1569			    in6_matchlen(IFA_IN6(ifa), dst);
1570			best_scope =
1571			    in6_addrscope(&ia6_best->ia_addr.sin6_addr);
1572		}
1573	}
1574
1575	/* count statistics for future improvements */
1576	if (ia6_best == NULL)
1577		ip6stat_inc(ip6s_sources_none);
1578	else {
1579		if (oifp == ia6_best->ia_ifp)
1580			ip6stat_inc(ip6s_sources_sameif + best_scope);
1581		else
1582			ip6stat_inc(ip6s_sources_otherif + best_scope);
1583
1584		if (best_scope == dst_scope)
1585			ip6stat_inc(ip6s_sources_samescope + best_scope);
1586		else
1587			ip6stat_inc(ip6s_sources_otherscope + best_scope);
1588
1589		if ((ia6_best->ia6_flags & IN6_IFF_DEPRECATED) != 0)
1590			ip6stat_inc(ip6s_sources_deprecated + best_scope);
1591	}
1592
1593	return (ia6_best);
1594}
1595
1596int
1597in6if_do_dad(struct ifnet *ifp)
1598{
1599	if ((ifp->if_flags & IFF_LOOPBACK) != 0)
1600		return (0);
1601
1602	switch (ifp->if_type) {
1603#if NCARP > 0
1604	case IFT_CARP:
1605		/*
1606		 * XXX: DAD does not work currently on carp(4)
1607		 * so disable it for now.
1608		 */
1609		return (0);
1610#endif
1611	default:
1612		/*
1613		 * Our DAD routine requires the interface up and running.
1614		 * However, some interfaces can be up before the RUNNING
1615		 * status.  Additionally, users may try to assign addresses
1616		 * before the interface becomes up (or running).
1617		 * We simply skip DAD in such a case as a work around.
1618		 * XXX: we should rather mark "tentative" on such addresses,
1619		 * and do DAD after the interface becomes ready.
1620		 */
1621		if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) !=
1622		    (IFF_UP|IFF_RUNNING))
1623			return (0);
1624
1625		return (1);
1626	}
1627}
1628