1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in.c 8.2 (Berkeley) 11/15/93 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_compat.h" 67 #include "opt_inet.h" 68 #include "opt_inet6.h" 69 70 #include <sys/param.h> 71 #include <sys/errno.h> 72 #include <sys/jail.h> 73 #include <sys/malloc.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/sockio.h> 77 #include <sys/systm.h> 78 #include <sys/priv.h> 79 #include <sys/proc.h> 80 #include <sys/time.h> 81 #include <sys/kernel.h> 82 #include <sys/syslog.h> 83 84 #include <net/if.h> 85 #include <net/if_var.h> 86 #include <net/if_types.h> 87 #include <net/route.h> 88 #include <net/if_dl.h> 89 #include <net/vnet.h> 90 91 #include <netinet/in.h> 92 #include <netinet/in_var.h> 93 #include <net/if_llatbl.h> 94 #include <netinet/if_ether.h> 95 #include <netinet/in_systm.h> 96 #include <netinet/ip.h> 97 #include <netinet/in_pcb.h> 98 99 #include <netinet/ip6.h> 100 #include <netinet6/ip6_var.h> 101 #include <netinet6/nd6.h> 102 #include <netinet6/mld6_var.h> 103 #include <netinet6/ip6_mroute.h> 104 #include <netinet6/in6_ifattach.h> 105 #include <netinet6/scope6_var.h> 106 #include <netinet6/in6_pcb.h> 107 108 /* 109 * Definitions of some costant IP6 addresses. 110 */ 111 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 112 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 113 const struct in6_addr in6addr_nodelocal_allnodes = 114 IN6ADDR_NODELOCAL_ALLNODES_INIT; 115 const struct in6_addr in6addr_linklocal_allnodes = 116 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 117 const struct in6_addr in6addr_linklocal_allrouters = 118 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 119 const struct in6_addr in6addr_linklocal_allv2routers = 120 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT; 121 122 const struct in6_addr in6mask0 = IN6MASK0; 123 const struct in6_addr in6mask32 = IN6MASK32; 124 const struct in6_addr in6mask64 = IN6MASK64; 125 const struct in6_addr in6mask96 = IN6MASK96; 126 const struct in6_addr in6mask128 = IN6MASK128; 127 128 const struct sockaddr_in6 sa6_any = 129 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 }; 130 131 static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t, 132 struct ifnet *, struct thread *)); 133 static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *, 134 struct sockaddr_in6 *, int)); 135 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 136 137 int (*faithprefix_p)(struct in6_addr *); 138 139 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 140 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 141 142 void 143 in6_ifaddloop(struct ifaddr *ifa) 144 { 145 struct sockaddr_dl gateway; 146 struct sockaddr_in6 mask, addr; 147 struct rtentry rt; 148 struct in6_ifaddr *ia; 149 struct ifnet *ifp; 150 struct llentry *ln; 151 152 ia = ifa2ia6(ifa); 153 ifp = ifa->ifa_ifp; 154 IF_AFDATA_LOCK(ifp); 155 ifa->ifa_rtrequest = nd6_rtrequest; 156 157 /* XXX QL 158 * we need to report rt_newaddrmsg 159 */ 160 ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | 161 LLE_EXCLUSIVE), (struct sockaddr *)&ia->ia_addr); 162 IF_AFDATA_UNLOCK(ifp); 163 if (ln != NULL) { 164 ln->la_expire = 0; /* for IPv6 this means permanent */ 165 ln->ln_state = ND6_LLINFO_REACHABLE; 166 /* 167 * initialize for rtmsg generation 168 */ 169 bzero(&gateway, sizeof(gateway)); 170 gateway.sdl_len = sizeof(gateway); 171 gateway.sdl_family = AF_LINK; 172 gateway.sdl_nlen = 0; 173 gateway.sdl_alen = 6; 174 memcpy(gateway.sdl_data, &ln->ll_addr.mac_aligned, 175 sizeof(ln->ll_addr)); 176 LLE_WUNLOCK(ln); 177 } 178 179 bzero(&rt, sizeof(rt)); 180 rt.rt_gateway = (struct sockaddr *)&gateway; 181 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 182 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 183 rt_mask(&rt) = (struct sockaddr *)&mask; 184 rt_key(&rt) = (struct sockaddr *)&addr; 185 rt.rt_flags = RTF_UP | RTF_HOST | RTF_STATIC; 186 rt_newaddrmsg(RTM_ADD, ifa, 0, &rt); 187 } 188 189 void 190 in6_ifremloop(struct ifaddr *ifa) 191 { 192 struct sockaddr_dl gateway; 193 struct sockaddr_in6 mask, addr; 194 struct rtentry rt0; 195 struct in6_ifaddr *ia; 196 struct ifnet *ifp; 197 198 ia = ifa2ia6(ifa); 199 ifp = ifa->ifa_ifp; 200 IF_AFDATA_LOCK(ifp); 201 lla_lookup(LLTABLE6(ifp), (LLE_DELETE | LLE_IFADDR), 202 (struct sockaddr *)&ia->ia_addr); 203 IF_AFDATA_UNLOCK(ifp); 204 205 /* 206 * initialize for rtmsg generation 207 */ 208 bzero(&gateway, sizeof(gateway)); 209 gateway.sdl_len = sizeof(gateway); 210 gateway.sdl_family = AF_LINK; 211 gateway.sdl_nlen = 0; 212 gateway.sdl_alen = ifp->if_addrlen; 213 bzero(&rt0, sizeof(rt0)); 214 rt0.rt_gateway = (struct sockaddr *)&gateway; 215 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 216 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 217 rt_mask(&rt0) = (struct sockaddr *)&mask; 218 rt_key(&rt0) = (struct sockaddr *)&addr; 219 rt0.rt_flags = RTF_HOST | RTF_STATIC; 220 rt_newaddrmsg(RTM_DELETE, ifa, 0, &rt0); 221 } 222 223 int 224 in6_mask2len(struct in6_addr *mask, u_char *lim0) 225 { 226 int x = 0, y; 227 u_char *lim = lim0, *p; 228 229 /* ignore the scope_id part */ 230 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 231 lim = (u_char *)mask + sizeof(*mask); 232 for (p = (u_char *)mask; p < lim; x++, p++) { 233 if (*p != 0xff) 234 break; 235 } 236 y = 0; 237 if (p < lim) { 238 for (y = 0; y < 8; y++) { 239 if ((*p & (0x80 >> y)) == 0) 240 break; 241 } 242 } 243 244 /* 245 * when the limit pointer is given, do a stricter check on the 246 * remaining bits. 247 */ 248 if (p < lim) { 249 if (y != 0 && (*p & (0x00ff >> y)) != 0) 250 return (-1); 251 for (p = p + 1; p < lim; p++) 252 if (*p != 0) 253 return (-1); 254 } 255 256 return x * 8 + y; 257 } 258 259 #ifdef COMPAT_FREEBSD32 260 struct in6_ndifreq32 { 261 char ifname[IFNAMSIZ]; 262 uint32_t ifindex; 263 }; 264 #define SIOCGDEFIFACE32_IN6 _IOWR('i', 86, struct in6_ndifreq32) 265 #endif 266 267 int 268 in6_control(struct socket *so, u_long cmd, caddr_t data, 269 struct ifnet *ifp, struct thread *td) 270 { 271 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 272 struct in6_ifaddr *ia = NULL; 273 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 274 struct sockaddr_in6 *sa6; 275 int error; 276 277 switch (cmd) { 278 case SIOCGETSGCNT_IN6: 279 case SIOCGETMIFCNT_IN6: 280 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP); 281 } 282 283 switch(cmd) { 284 case SIOCAADDRCTL_POLICY: 285 case SIOCDADDRCTL_POLICY: 286 if (td != NULL) { 287 error = priv_check(td, PRIV_NETINET_ADDRCTRL6); 288 if (error) 289 return (error); 290 } 291 return (in6_src_ioctl(cmd, data)); 292 } 293 294 if (ifp == NULL) 295 return (EOPNOTSUPP); 296 297 switch (cmd) { 298 case SIOCSNDFLUSH_IN6: 299 case SIOCSPFXFLUSH_IN6: 300 case SIOCSRTRFLUSH_IN6: 301 case SIOCSDEFIFACE_IN6: 302 case SIOCSIFINFO_FLAGS: 303 case SIOCSIFINFO_IN6: 304 if (td != NULL) { 305 error = priv_check(td, PRIV_NETINET_ND6); 306 if (error) 307 return (error); 308 } 309 /* FALLTHROUGH */ 310 case OSIOCGIFINFO_IN6: 311 case SIOCGIFINFO_IN6: 312 case SIOCGDRLST_IN6: 313 case SIOCGPRLST_IN6: 314 case SIOCGNBRINFO_IN6: 315 case SIOCGDEFIFACE_IN6: 316 return (nd6_ioctl(cmd, data, ifp)); 317 318 #ifdef COMPAT_FREEBSD32 319 case SIOCGDEFIFACE32_IN6: 320 { 321 struct in6_ndifreq ndif; 322 struct in6_ndifreq32 *ndif32; 323 324 error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif, 325 ifp); 326 if (error) 327 return (error); 328 ndif32 = (struct in6_ndifreq32 *)data; 329 ndif32->ifindex = ndif.ifindex; 330 return (0); 331 } 332 #endif 333 } 334 335 switch (cmd) { 336 case SIOCSIFPREFIX_IN6: 337 case SIOCDIFPREFIX_IN6: 338 case SIOCAIFPREFIX_IN6: 339 case SIOCCIFPREFIX_IN6: 340 case SIOCSGIFPREFIX_IN6: 341 case SIOCGIFPREFIX_IN6: 342 log(LOG_NOTICE, 343 "prefix ioctls are now invalidated. " 344 "please use ifconfig.\n"); 345 return (EOPNOTSUPP); 346 } 347 348 switch (cmd) { 349 case SIOCSSCOPE6: 350 if (td != NULL) { 351 error = priv_check(td, PRIV_NETINET_SCOPE6); 352 if (error) 353 return (error); 354 } 355 return (scope6_set(ifp, 356 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 357 case SIOCGSCOPE6: 358 return (scope6_get(ifp, 359 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 360 case SIOCGSCOPE6DEF: 361 return (scope6_get_default((struct scope6_id *) 362 ifr->ifr_ifru.ifru_scope_id)); 363 } 364 365 switch (cmd) { 366 case SIOCALIFADDR: 367 if (td != NULL) { 368 error = priv_check(td, PRIV_NET_ADDIFADDR); 369 if (error) 370 return (error); 371 } 372 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 373 374 case SIOCDLIFADDR: 375 if (td != NULL) { 376 error = priv_check(td, PRIV_NET_DELIFADDR); 377 if (error) 378 return (error); 379 } 380 /* FALLTHROUGH */ 381 case SIOCGLIFADDR: 382 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 383 } 384 385 /* 386 * Find address for this interface, if it exists. 387 * 388 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 389 * only, and used the first interface address as the target of other 390 * operations (without checking ifra_addr). This was because netinet 391 * code/API assumed at most 1 interface address per interface. 392 * Since IPv6 allows a node to assign multiple addresses 393 * on a single interface, we almost always look and check the 394 * presence of ifra_addr, and reject invalid ones here. 395 * It also decreases duplicated code among SIOC*_IN6 operations. 396 */ 397 switch (cmd) { 398 case SIOCAIFADDR_IN6: 399 case SIOCSIFPHYADDR_IN6: 400 sa6 = &ifra->ifra_addr; 401 break; 402 case SIOCSIFADDR_IN6: 403 case SIOCGIFADDR_IN6: 404 case SIOCSIFDSTADDR_IN6: 405 case SIOCSIFNETMASK_IN6: 406 case SIOCGIFDSTADDR_IN6: 407 case SIOCGIFNETMASK_IN6: 408 case SIOCDIFADDR_IN6: 409 case SIOCGIFPSRCADDR_IN6: 410 case SIOCGIFPDSTADDR_IN6: 411 case SIOCGIFAFLAG_IN6: 412 case SIOCSNDFLUSH_IN6: 413 case SIOCSPFXFLUSH_IN6: 414 case SIOCSRTRFLUSH_IN6: 415 case SIOCGIFALIFETIME_IN6: 416 case SIOCSIFALIFETIME_IN6: 417 case SIOCGIFSTAT_IN6: 418 case SIOCGIFSTAT_ICMP6: 419 sa6 = &ifr->ifr_addr; 420 break; 421 default: 422 sa6 = NULL; 423 break; 424 } 425 if (sa6 && sa6->sin6_family == AF_INET6) { 426 if (sa6->sin6_scope_id != 0) 427 error = sa6_embedscope(sa6, 0); 428 else 429 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 430 if (error != 0) 431 return (error); 432 if (td != NULL && (error = prison_check_ip6(td->td_ucred, 433 &sa6->sin6_addr)) != 0) 434 return (error); 435 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 436 } else 437 ia = NULL; 438 439 switch (cmd) { 440 case SIOCSIFADDR_IN6: 441 case SIOCSIFDSTADDR_IN6: 442 case SIOCSIFNETMASK_IN6: 443 /* 444 * Since IPv6 allows a node to assign multiple addresses 445 * on a single interface, SIOCSIFxxx ioctls are deprecated. 446 */ 447 /* we decided to obsolete this command (20000704) */ 448 error = EINVAL; 449 goto out; 450 451 case SIOCDIFADDR_IN6: 452 /* 453 * for IPv4, we look for existing in_ifaddr here to allow 454 * "ifconfig if0 delete" to remove the first IPv4 address on 455 * the interface. For IPv6, as the spec allows multiple 456 * interface address from the day one, we consider "remove the 457 * first one" semantics to be not preferable. 458 */ 459 if (ia == NULL) { 460 error = EADDRNOTAVAIL; 461 goto out; 462 } 463 /* FALLTHROUGH */ 464 case SIOCAIFADDR_IN6: 465 /* 466 * We always require users to specify a valid IPv6 address for 467 * the corresponding operation. 468 */ 469 if (ifra->ifra_addr.sin6_family != AF_INET6 || 470 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 471 error = EAFNOSUPPORT; 472 goto out; 473 } 474 475 if (td != NULL) { 476 error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? 477 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); 478 if (error) 479 goto out; 480 } 481 break; 482 483 case SIOCGIFADDR_IN6: 484 /* This interface is basically deprecated. use SIOCGIFCONF. */ 485 /* FALLTHROUGH */ 486 case SIOCGIFAFLAG_IN6: 487 case SIOCGIFNETMASK_IN6: 488 case SIOCGIFDSTADDR_IN6: 489 case SIOCGIFALIFETIME_IN6: 490 /* must think again about its semantics */ 491 if (ia == NULL) { 492 error = EADDRNOTAVAIL; 493 goto out; 494 } 495 break; 496 497 case SIOCSIFALIFETIME_IN6: 498 { 499 struct in6_addrlifetime *lt; 500 501 if (td != NULL) { 502 error = priv_check(td, PRIV_NETINET_ALIFETIME6); 503 if (error) 504 goto out; 505 } 506 if (ia == NULL) { 507 error = EADDRNOTAVAIL; 508 goto out; 509 } 510 /* sanity for overflow - beware unsigned */ 511 lt = &ifr->ifr_ifru.ifru_lifetime; 512 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME && 513 lt->ia6t_vltime + time_second < time_second) { 514 error = EINVAL; 515 goto out; 516 } 517 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME && 518 lt->ia6t_pltime + time_second < time_second) { 519 error = EINVAL; 520 goto out; 521 } 522 break; 523 } 524 } 525 526 switch (cmd) { 527 case SIOCGIFADDR_IN6: 528 ifr->ifr_addr = ia->ia_addr; 529 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 530 goto out; 531 break; 532 533 case SIOCGIFDSTADDR_IN6: 534 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 535 error = EINVAL; 536 goto out; 537 } 538 /* 539 * XXX: should we check if ifa_dstaddr is NULL and return 540 * an error? 541 */ 542 ifr->ifr_dstaddr = ia->ia_dstaddr; 543 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 544 goto out; 545 break; 546 547 case SIOCGIFNETMASK_IN6: 548 ifr->ifr_addr = ia->ia_prefixmask; 549 break; 550 551 case SIOCGIFAFLAG_IN6: 552 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 553 break; 554 555 case SIOCGIFSTAT_IN6: 556 if (ifp == NULL) { 557 error = EINVAL; 558 goto out; 559 } 560 bzero(&ifr->ifr_ifru.ifru_stat, 561 sizeof(ifr->ifr_ifru.ifru_stat)); 562 ifr->ifr_ifru.ifru_stat = 563 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 564 break; 565 566 case SIOCGIFSTAT_ICMP6: 567 if (ifp == NULL) { 568 error = EINVAL; 569 goto out; 570 } 571 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 572 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 573 ifr->ifr_ifru.ifru_icmp6stat = 574 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 575 break; 576 577 case SIOCGIFALIFETIME_IN6: 578 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 579 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 580 time_t maxexpire; 581 struct in6_addrlifetime *retlt = 582 &ifr->ifr_ifru.ifru_lifetime; 583 584 /* 585 * XXX: adjust expiration time assuming time_t is 586 * signed. 587 */ 588 maxexpire = (-1) & 589 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 590 if (ia->ia6_lifetime.ia6t_vltime < 591 maxexpire - ia->ia6_updatetime) { 592 retlt->ia6t_expire = ia->ia6_updatetime + 593 ia->ia6_lifetime.ia6t_vltime; 594 } else 595 retlt->ia6t_expire = maxexpire; 596 } 597 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 598 time_t maxexpire; 599 struct in6_addrlifetime *retlt = 600 &ifr->ifr_ifru.ifru_lifetime; 601 602 /* 603 * XXX: adjust expiration time assuming time_t is 604 * signed. 605 */ 606 maxexpire = (-1) & 607 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 608 if (ia->ia6_lifetime.ia6t_pltime < 609 maxexpire - ia->ia6_updatetime) { 610 retlt->ia6t_preferred = ia->ia6_updatetime + 611 ia->ia6_lifetime.ia6t_pltime; 612 } else 613 retlt->ia6t_preferred = maxexpire; 614 } 615 break; 616 617 case SIOCSIFALIFETIME_IN6: 618 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 619 /* for sanity */ 620 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 621 ia->ia6_lifetime.ia6t_expire = 622 time_second + ia->ia6_lifetime.ia6t_vltime; 623 } else 624 ia->ia6_lifetime.ia6t_expire = 0; 625 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 626 ia->ia6_lifetime.ia6t_preferred = 627 time_second + ia->ia6_lifetime.ia6t_pltime; 628 } else 629 ia->ia6_lifetime.ia6t_preferred = 0; 630 break; 631 632 case SIOCAIFADDR_IN6: 633 { 634 int i; 635 struct nd_prefixctl pr0; 636 struct nd_prefix *pr; 637 638 /* 639 * first, make or update the interface address structure, 640 * and link it to the list. 641 */ 642 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 643 goto out; 644 if (ia != NULL) 645 ifa_free(&ia->ia_ifa); 646 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 647 == NULL) { 648 /* 649 * this can happen when the user specify the 0 valid 650 * lifetime. 651 */ 652 break; 653 } 654 655 /* 656 * then, make the prefix on-link on the interface. 657 * XXX: we'd rather create the prefix before the address, but 658 * we need at least one address to install the corresponding 659 * interface route, so we configure the address first. 660 */ 661 662 /* 663 * convert mask to prefix length (prefixmask has already 664 * been validated in in6_update_ifa(). 665 */ 666 bzero(&pr0, sizeof(pr0)); 667 pr0.ndpr_ifp = ifp; 668 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 669 NULL); 670 if (pr0.ndpr_plen == 128) { 671 break; /* we don't need to install a host route. */ 672 } 673 pr0.ndpr_prefix = ifra->ifra_addr; 674 /* apply the mask for safety. */ 675 for (i = 0; i < 4; i++) { 676 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 677 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 678 } 679 /* 680 * XXX: since we don't have an API to set prefix (not address) 681 * lifetimes, we just use the same lifetimes as addresses. 682 * The (temporarily) installed lifetimes can be overridden by 683 * later advertised RAs (when accept_rtadv is non 0), which is 684 * an intended behavior. 685 */ 686 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 687 pr0.ndpr_raf_auto = 688 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 689 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 690 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 691 692 /* add the prefix if not yet. */ 693 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 694 /* 695 * nd6_prelist_add will install the corresponding 696 * interface route. 697 */ 698 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 699 goto out; 700 if (pr == NULL) { 701 log(LOG_ERR, "nd6_prelist_add succeeded but " 702 "no prefix\n"); 703 error = EINVAL; 704 goto out; 705 } 706 } 707 708 /* relate the address to the prefix */ 709 if (ia->ia6_ndpr == NULL) { 710 ia->ia6_ndpr = pr; 711 pr->ndpr_refcnt++; 712 713 /* 714 * If this is the first autoconf address from the 715 * prefix, create a temporary address as well 716 * (when required). 717 */ 718 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 719 V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 720 int e; 721 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 722 log(LOG_NOTICE, "in6_control: failed " 723 "to create a temporary address, " 724 "errno=%d\n", e); 725 } 726 } 727 } 728 729 /* 730 * this might affect the status of autoconfigured addresses, 731 * that is, this address might make other addresses detached. 732 */ 733 pfxlist_onlink_check(); 734 if (error == 0 && ia) { 735 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 736 /* 737 * Try to clear the flag when a new 738 * IPv6 address is added onto an 739 * IFDISABLED interface and it 740 * succeeds. 741 */ 742 struct in6_ndireq nd; 743 744 memset(&nd, 0, sizeof(nd)); 745 nd.ndi.flags = ND_IFINFO(ifp)->flags; 746 nd.ndi.flags &= ~ND6_IFF_IFDISABLED; 747 if (nd6_ioctl(SIOCSIFINFO_FLAGS, 748 (caddr_t)&nd, ifp) < 0) 749 log(LOG_NOTICE, "SIOCAIFADDR_IN6: " 750 "SIOCSIFINFO_FLAGS for -ifdisabled " 751 "failed."); 752 /* 753 * Ignore failure of clearing the flag 754 * intentionally. The failure means 755 * address duplication was detected. 756 */ 757 } 758 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 759 } 760 break; 761 } 762 763 case SIOCDIFADDR_IN6: 764 { 765 struct nd_prefix *pr; 766 767 /* 768 * If the address being deleted is the only one that owns 769 * the corresponding prefix, expire the prefix as well. 770 * XXX: theoretically, we don't have to worry about such 771 * relationship, since we separate the address management 772 * and the prefix management. We do this, however, to provide 773 * as much backward compatibility as possible in terms of 774 * the ioctl operation. 775 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 776 */ 777 pr = ia->ia6_ndpr; 778 in6_purgeaddr(&ia->ia_ifa); 779 if (pr && pr->ndpr_refcnt == 0) 780 prelist_remove(pr); 781 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 782 break; 783 } 784 785 default: 786 if (ifp == NULL || ifp->if_ioctl == 0) { 787 error = EOPNOTSUPP; 788 goto out; 789 } 790 error = (*ifp->if_ioctl)(ifp, cmd, data); 791 goto out; 792 } 793 794 error = 0; 795 out: 796 if (ia != NULL) 797 ifa_free(&ia->ia_ifa); 798 return (error); 799 } 800 801 /* 802 * Update parameters of an IPv6 interface address. 803 * If necessary, a new entry is created and linked into address chains. 804 * This function is separated from in6_control(). 805 * XXX: should this be performed under splnet()? 806 */ 807 int 808 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 809 struct in6_ifaddr *ia, int flags) 810 { 811 int error = 0, hostIsNew = 0, plen = -1; 812 struct sockaddr_in6 dst6; 813 struct in6_addrlifetime *lt; 814 struct in6_multi_mship *imm; 815 struct in6_multi *in6m_sol; 816 struct rtentry *rt; 817 int delay; 818 char ip6buf[INET6_ADDRSTRLEN]; 819 820 /* Validate parameters */ 821 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 822 return (EINVAL); 823 824 /* 825 * The destination address for a p2p link must have a family 826 * of AF_UNSPEC or AF_INET6. 827 */ 828 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 829 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 830 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 831 return (EAFNOSUPPORT); 832 /* 833 * validate ifra_prefixmask. don't check sin6_family, netmask 834 * does not carry fields other than sin6_len. 835 */ 836 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 837 return (EINVAL); 838 /* 839 * Because the IPv6 address architecture is classless, we require 840 * users to specify a (non 0) prefix length (mask) for a new address. 841 * We also require the prefix (when specified) mask is valid, and thus 842 * reject a non-consecutive mask. 843 */ 844 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 845 return (EINVAL); 846 if (ifra->ifra_prefixmask.sin6_len != 0) { 847 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 848 (u_char *)&ifra->ifra_prefixmask + 849 ifra->ifra_prefixmask.sin6_len); 850 if (plen <= 0) 851 return (EINVAL); 852 } else { 853 /* 854 * In this case, ia must not be NULL. We just use its prefix 855 * length. 856 */ 857 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 858 } 859 /* 860 * If the destination address on a p2p interface is specified, 861 * and the address is a scoped one, validate/set the scope 862 * zone identifier. 863 */ 864 dst6 = ifra->ifra_dstaddr; 865 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 866 (dst6.sin6_family == AF_INET6)) { 867 struct in6_addr in6_tmp; 868 u_int32_t zoneid; 869 870 in6_tmp = dst6.sin6_addr; 871 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 872 return (EINVAL); /* XXX: should be impossible */ 873 874 if (dst6.sin6_scope_id != 0) { 875 if (dst6.sin6_scope_id != zoneid) 876 return (EINVAL); 877 } else /* user omit to specify the ID. */ 878 dst6.sin6_scope_id = zoneid; 879 880 /* convert into the internal form */ 881 if (sa6_embedscope(&dst6, 0)) 882 return (EINVAL); /* XXX: should be impossible */ 883 } 884 /* 885 * The destination address can be specified only for a p2p or a 886 * loopback interface. If specified, the corresponding prefix length 887 * must be 128. 888 */ 889 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 890 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 891 /* XXX: noisy message */ 892 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 893 "be specified for a p2p or a loopback IF only\n")); 894 return (EINVAL); 895 } 896 if (plen != 128) { 897 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 898 "be 128 when dstaddr is specified\n")); 899 return (EINVAL); 900 } 901 } 902 /* lifetime consistency check */ 903 lt = &ifra->ifra_lifetime; 904 if (lt->ia6t_pltime > lt->ia6t_vltime) 905 return (EINVAL); 906 if (lt->ia6t_vltime == 0) { 907 /* 908 * the following log might be noisy, but this is a typical 909 * configuration mistake or a tool's bug. 910 */ 911 nd6log((LOG_INFO, 912 "in6_update_ifa: valid lifetime is 0 for %s\n", 913 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr))); 914 915 if (ia == NULL) 916 return (0); /* there's nothing to do */ 917 } 918 919 /* 920 * If this is a new address, allocate a new ifaddr and link it 921 * into chains. 922 */ 923 if (ia == NULL) { 924 hostIsNew = 1; 925 /* 926 * When in6_update_ifa() is called in a process of a received 927 * RA, it is called under an interrupt context. So, we should 928 * call malloc with M_NOWAIT. 929 */ 930 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 931 M_NOWAIT); 932 if (ia == NULL) 933 return (ENOBUFS); 934 bzero((caddr_t)ia, sizeof(*ia)); 935 ifa_init(&ia->ia_ifa); 936 LIST_INIT(&ia->ia6_memberships); 937 /* Initialize the address and masks, and put time stamp */ 938 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 939 ia->ia_addr.sin6_family = AF_INET6; 940 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 941 ia->ia6_createtime = time_second; 942 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 943 /* 944 * XXX: some functions expect that ifa_dstaddr is not 945 * NULL for p2p interfaces. 946 */ 947 ia->ia_ifa.ifa_dstaddr = 948 (struct sockaddr *)&ia->ia_dstaddr; 949 } else { 950 ia->ia_ifa.ifa_dstaddr = NULL; 951 } 952 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 953 ia->ia_ifp = ifp; 954 ifa_ref(&ia->ia_ifa); /* if_addrhead */ 955 IF_ADDR_LOCK(ifp); 956 TAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 957 IF_ADDR_UNLOCK(ifp); 958 959 ifa_ref(&ia->ia_ifa); /* in6_ifaddrhead */ 960 IN6_IFADDR_WLOCK(); 961 TAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link); 962 IN6_IFADDR_WUNLOCK(); 963 } 964 965 /* update timestamp */ 966 ia->ia6_updatetime = time_second; 967 968 /* set prefix mask */ 969 if (ifra->ifra_prefixmask.sin6_len) { 970 /* 971 * We prohibit changing the prefix length of an existing 972 * address, because 973 * + such an operation should be rare in IPv6, and 974 * + the operation would confuse prefix management. 975 */ 976 if (ia->ia_prefixmask.sin6_len && 977 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 978 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 979 " existing (%s) address should not be changed\n", 980 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 981 error = EINVAL; 982 goto unlink; 983 } 984 ia->ia_prefixmask = ifra->ifra_prefixmask; 985 } 986 987 /* 988 * If a new destination address is specified, scrub the old one and 989 * install the new destination. Note that the interface must be 990 * p2p or loopback (see the check above.) 991 */ 992 if (dst6.sin6_family == AF_INET6 && 993 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 994 int e; 995 996 if ((ia->ia_flags & IFA_ROUTE) != 0 && 997 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) { 998 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 999 "a route to the old destination: %s\n", 1000 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1001 /* proceed anyway... */ 1002 } else 1003 ia->ia_flags &= ~IFA_ROUTE; 1004 ia->ia_dstaddr = dst6; 1005 } 1006 1007 /* 1008 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1009 * to see if the address is deprecated or invalidated, but initialize 1010 * these members for applications. 1011 */ 1012 ia->ia6_lifetime = ifra->ifra_lifetime; 1013 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1014 ia->ia6_lifetime.ia6t_expire = 1015 time_second + ia->ia6_lifetime.ia6t_vltime; 1016 } else 1017 ia->ia6_lifetime.ia6t_expire = 0; 1018 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1019 ia->ia6_lifetime.ia6t_preferred = 1020 time_second + ia->ia6_lifetime.ia6t_pltime; 1021 } else 1022 ia->ia6_lifetime.ia6t_preferred = 0; 1023 1024 /* reset the interface and routing table appropriately. */ 1025 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1026 goto unlink; 1027 1028 /* 1029 * configure address flags. 1030 */ 1031 ia->ia6_flags = ifra->ifra_flags; 1032 /* 1033 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1034 * userland, make it deprecated. 1035 */ 1036 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1037 ia->ia6_lifetime.ia6t_pltime = 0; 1038 ia->ia6_lifetime.ia6t_preferred = time_second; 1039 } 1040 /* 1041 * Make the address tentative before joining multicast addresses, 1042 * so that corresponding MLD responses would not have a tentative 1043 * source address. 1044 */ 1045 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1046 if (hostIsNew && in6if_do_dad(ifp)) 1047 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1048 1049 /* DAD should be performed after ND6_IFF_IFDISABLED is cleared. */ 1050 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 1051 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1052 1053 /* 1054 * We are done if we have simply modified an existing address. 1055 */ 1056 if (!hostIsNew) 1057 return (error); 1058 1059 /* 1060 * Beyond this point, we should call in6_purgeaddr upon an error, 1061 * not just go to unlink. 1062 */ 1063 1064 /* Join necessary multicast groups */ 1065 in6m_sol = NULL; 1066 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1067 struct sockaddr_in6 mltaddr, mltmask; 1068 struct in6_addr llsol; 1069 1070 /* join solicited multicast addr for new host id */ 1071 bzero(&llsol, sizeof(struct in6_addr)); 1072 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 1073 llsol.s6_addr32[1] = 0; 1074 llsol.s6_addr32[2] = htonl(1); 1075 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1076 llsol.s6_addr8[12] = 0xff; 1077 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1078 /* XXX: should not happen */ 1079 log(LOG_ERR, "in6_update_ifa: " 1080 "in6_setscope failed\n"); 1081 goto cleanup; 1082 } 1083 delay = 0; 1084 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1085 /* 1086 * We need a random delay for DAD on the address 1087 * being configured. It also means delaying 1088 * transmission of the corresponding MLD report to 1089 * avoid report collision. 1090 * [RFC 4861, Section 6.3.7] 1091 */ 1092 delay = arc4random() % 1093 (MAX_RTR_SOLICITATION_DELAY * hz); 1094 } 1095 imm = in6_joingroup(ifp, &llsol, &error, delay); 1096 if (imm == NULL) { 1097 nd6log((LOG_WARNING, 1098 "in6_update_ifa: addmulti failed for " 1099 "%s on %s (errno=%d)\n", 1100 ip6_sprintf(ip6buf, &llsol), if_name(ifp), 1101 error)); 1102 goto cleanup; 1103 } 1104 LIST_INSERT_HEAD(&ia->ia6_memberships, 1105 imm, i6mm_chain); 1106 in6m_sol = imm->i6mm_maddr; 1107 1108 bzero(&mltmask, sizeof(mltmask)); 1109 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1110 mltmask.sin6_family = AF_INET6; 1111 mltmask.sin6_addr = in6mask32; 1112 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1113 1114 /* 1115 * join link-local all-nodes address 1116 */ 1117 bzero(&mltaddr, sizeof(mltaddr)); 1118 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1119 mltaddr.sin6_family = AF_INET6; 1120 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1121 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1122 0) 1123 goto cleanup; /* XXX: should not fail */ 1124 1125 /* 1126 * XXX: do we really need this automatic routes? 1127 * We should probably reconsider this stuff. Most applications 1128 * actually do not need the routes, since they usually specify 1129 * the outgoing interface. 1130 */ 1131 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1132 if (rt) { 1133 /* XXX: only works in !SCOPEDROUTING case. */ 1134 if (memcmp(&mltaddr.sin6_addr, 1135 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1136 MLTMASK_LEN)) { 1137 RTFREE_LOCKED(rt); 1138 rt = NULL; 1139 } 1140 } 1141 if (!rt) { 1142 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1143 (struct sockaddr *)&ia->ia_addr, 1144 (struct sockaddr *)&mltmask, RTF_UP, 1145 (struct rtentry **)0); 1146 if (error) 1147 goto cleanup; 1148 } else { 1149 RTFREE_LOCKED(rt); 1150 } 1151 1152 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1153 if (!imm) { 1154 nd6log((LOG_WARNING, 1155 "in6_update_ifa: addmulti failed for " 1156 "%s on %s (errno=%d)\n", 1157 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1158 if_name(ifp), error)); 1159 goto cleanup; 1160 } 1161 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1162 1163 /* 1164 * join node information group address 1165 */ 1166 delay = 0; 1167 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1168 /* 1169 * The spec doesn't say anything about delay for this 1170 * group, but the same logic should apply. 1171 */ 1172 delay = arc4random() % 1173 (MAX_RTR_SOLICITATION_DELAY * hz); 1174 } 1175 if (in6_nigroup(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) { 1176 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1177 delay); /* XXX jinmei */ 1178 if (!imm) { 1179 nd6log((LOG_WARNING, "in6_update_ifa: " 1180 "addmulti failed for %s on %s " 1181 "(errno=%d)\n", 1182 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1183 if_name(ifp), error)); 1184 /* XXX not very fatal, go on... */ 1185 } else { 1186 LIST_INSERT_HEAD(&ia->ia6_memberships, 1187 imm, i6mm_chain); 1188 } 1189 } 1190 1191 /* 1192 * join interface-local all-nodes address. 1193 * (ff01::1%ifN, and ff01::%ifN/32) 1194 */ 1195 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1196 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) 1197 != 0) 1198 goto cleanup; /* XXX: should not fail */ 1199 /* XXX: again, do we really need the route? */ 1200 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1201 if (rt) { 1202 if (memcmp(&mltaddr.sin6_addr, 1203 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1204 MLTMASK_LEN)) { 1205 RTFREE_LOCKED(rt); 1206 rt = NULL; 1207 } 1208 } 1209 if (!rt) { 1210 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1211 (struct sockaddr *)&ia->ia_addr, 1212 (struct sockaddr *)&mltmask, RTF_UP, 1213 (struct rtentry **)0); 1214 if (error) 1215 goto cleanup; 1216 } else 1217 RTFREE_LOCKED(rt); 1218 1219 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1220 if (!imm) { 1221 nd6log((LOG_WARNING, "in6_update_ifa: " 1222 "addmulti failed for %s on %s " 1223 "(errno=%d)\n", 1224 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1225 if_name(ifp), error)); 1226 goto cleanup; 1227 } 1228 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1229 #undef MLTMASK_LEN 1230 } 1231 1232 /* 1233 * Perform DAD, if needed. 1234 * XXX It may be of use, if we can administratively 1235 * disable DAD. 1236 */ 1237 if (in6if_do_dad(ifp) && ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1238 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1239 { 1240 int mindelay, maxdelay; 1241 1242 delay = 0; 1243 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1244 /* 1245 * We need to impose a delay before sending an NS 1246 * for DAD. Check if we also needed a delay for the 1247 * corresponding MLD message. If we did, the delay 1248 * should be larger than the MLD delay (this could be 1249 * relaxed a bit, but this simple logic is at least 1250 * safe). 1251 * XXX: Break data hiding guidelines and look at 1252 * state for the solicited multicast group. 1253 */ 1254 mindelay = 0; 1255 if (in6m_sol != NULL && 1256 in6m_sol->in6m_state == MLD_REPORTING_MEMBER) { 1257 mindelay = in6m_sol->in6m_timer; 1258 } 1259 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1260 if (maxdelay - mindelay == 0) 1261 delay = 0; 1262 else { 1263 delay = 1264 (arc4random() % (maxdelay - mindelay)) + 1265 mindelay; 1266 } 1267 } 1268 nd6_dad_start((struct ifaddr *)ia, delay); 1269 } 1270 1271 KASSERT(hostIsNew, ("in6_update_ifa: !hostIsNew")); 1272 ifa_free(&ia->ia_ifa); 1273 return (error); 1274 1275 unlink: 1276 /* 1277 * XXX: if a change of an existing address failed, keep the entry 1278 * anyway. 1279 */ 1280 if (hostIsNew) { 1281 in6_unlink_ifa(ia, ifp); 1282 ifa_free(&ia->ia_ifa); 1283 } 1284 return (error); 1285 1286 cleanup: 1287 KASSERT(hostIsNew, ("in6_update_ifa: cleanup: !hostIsNew")); 1288 ifa_free(&ia->ia_ifa); 1289 in6_purgeaddr(&ia->ia_ifa); 1290 return error; 1291 } 1292 1293 void 1294 in6_purgeaddr(struct ifaddr *ifa) 1295 { 1296 struct ifnet *ifp = ifa->ifa_ifp; 1297 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1298 struct in6_multi_mship *imm; 1299 struct sockaddr_in6 mltaddr, mltmask; 1300 int plen, error; 1301 struct rtentry *rt; 1302 struct ifaddr *ifa0, *nifa; 1303 1304 /* 1305 * find another IPv6 address as the gateway for the 1306 * link-local and node-local all-nodes multicast 1307 * address routes 1308 */ 1309 IF_ADDR_LOCK(ifp); 1310 TAILQ_FOREACH_SAFE(ifa0, &ifp->if_addrhead, ifa_link, nifa) { 1311 if ((ifa0->ifa_addr->sa_family != AF_INET6) || 1312 memcmp(&satosin6(ifa0->ifa_addr)->sin6_addr, 1313 &ia->ia_addr.sin6_addr, 1314 sizeof(struct in6_addr)) == 0) 1315 continue; 1316 else 1317 break; 1318 } 1319 if (ifa0 != NULL) 1320 ifa_ref(ifa0); 1321 IF_ADDR_UNLOCK(ifp); 1322 1323 /* 1324 * Remove the loopback route to the interface address. 1325 * The check for the current setting of "nd6_useloopback" 1326 * is not needed. 1327 */ 1328 if (ia->ia_flags & IFA_RTSELF) { 1329 error = ifa_del_loopback_route((struct ifaddr *)ia, 1330 (struct sockaddr *)&ia->ia_addr); 1331 if (error == 0) 1332 ia->ia_flags &= ~IFA_RTSELF; 1333 } 1334 1335 /* stop DAD processing */ 1336 nd6_dad_stop(ifa); 1337 1338 in6_ifremloop(ifa); 1339 1340 /* 1341 * leave from multicast groups we have joined for the interface 1342 */ 1343 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 1344 LIST_REMOVE(imm, i6mm_chain); 1345 in6_leavegroup(imm); 1346 } 1347 1348 /* 1349 * remove the link-local all-nodes address 1350 */ 1351 bzero(&mltmask, sizeof(mltmask)); 1352 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1353 mltmask.sin6_family = AF_INET6; 1354 mltmask.sin6_addr = in6mask32; 1355 1356 bzero(&mltaddr, sizeof(mltaddr)); 1357 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1358 mltaddr.sin6_family = AF_INET6; 1359 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1360 1361 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1362 0) 1363 goto cleanup; 1364 1365 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1366 if (rt != NULL && rt->rt_gateway != NULL && 1367 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1368 &ia->ia_addr.sin6_addr, 1369 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1370 /* 1371 * if no more IPv6 address exists on this interface 1372 * then remove the multicast address route 1373 */ 1374 if (ifa0 == NULL) { 1375 memcpy(&mltaddr.sin6_addr, &satosin6(rt_key(rt))->sin6_addr, 1376 sizeof(mltaddr.sin6_addr)); 1377 RTFREE_LOCKED(rt); 1378 error = rtrequest(RTM_DELETE, (struct sockaddr *)&mltaddr, 1379 (struct sockaddr *)&ia->ia_addr, 1380 (struct sockaddr *)&mltmask, RTF_UP, 1381 (struct rtentry **)0); 1382 if (error) 1383 log(LOG_INFO, "in6_purgeaddr: link-local all-nodes" 1384 "multicast address deletion error\n"); 1385 } else { 1386 /* 1387 * replace the gateway of the route 1388 */ 1389 struct sockaddr_in6 sa; 1390 1391 bzero(&sa, sizeof(sa)); 1392 sa.sin6_len = sizeof(struct sockaddr_in6); 1393 sa.sin6_family = AF_INET6; 1394 memcpy(&sa.sin6_addr, &satosin6(ifa0->ifa_addr)->sin6_addr, 1395 sizeof(sa.sin6_addr)); 1396 in6_setscope(&sa.sin6_addr, ifa0->ifa_ifp, NULL); 1397 memcpy(rt->rt_gateway, &sa, sizeof(sa)); 1398 RTFREE_LOCKED(rt); 1399 } 1400 } else { 1401 if (rt != NULL) 1402 RTFREE_LOCKED(rt); 1403 } 1404 1405 /* 1406 * remove the node-local all-nodes address 1407 */ 1408 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1409 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1410 0) 1411 goto cleanup; 1412 1413 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1414 if (rt != NULL && rt->rt_gateway != NULL && 1415 (memcmp(&satosin6(rt->rt_gateway)->sin6_addr, 1416 &ia->ia_addr.sin6_addr, 1417 sizeof(ia->ia_addr.sin6_addr)) == 0)) { 1418 /* 1419 * if no more IPv6 address exists on this interface 1420 * then remove the multicast address route 1421 */ 1422 if (ifa0 == NULL) { 1423 memcpy(&mltaddr.sin6_addr, &satosin6(rt_key(rt))->sin6_addr, 1424 sizeof(mltaddr.sin6_addr)); 1425 1426 RTFREE_LOCKED(rt); 1427 error = rtrequest(RTM_DELETE, (struct sockaddr *)&mltaddr, 1428 (struct sockaddr *)&ia->ia_addr, 1429 (struct sockaddr *)&mltmask, RTF_UP, 1430 (struct rtentry **)0); 1431 1432 if (error) 1433 log(LOG_INFO, "in6_purgeaddr: node-local all-nodes" 1434 "multicast address deletion error\n"); 1435 } else { 1436 /* 1437 * replace the gateway of the route 1438 */ 1439 struct sockaddr_in6 sa; 1440 1441 bzero(&sa, sizeof(sa)); 1442 sa.sin6_len = sizeof(struct sockaddr_in6); 1443 sa.sin6_family = AF_INET6; 1444 memcpy(&sa.sin6_addr, &satosin6(ifa0->ifa_addr)->sin6_addr, 1445 sizeof(sa.sin6_addr)); 1446 in6_setscope(&sa.sin6_addr, ifa0->ifa_ifp, NULL); 1447 memcpy(rt->rt_gateway, &sa, sizeof(sa)); 1448 RTFREE_LOCKED(rt); 1449 } 1450 } else { 1451 if (rt != NULL) 1452 RTFREE_LOCKED(rt); 1453 } 1454 1455 cleanup: 1456 1457 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1458 if ((ia->ia_flags & IFA_ROUTE) && plen == 128) { 1459 int error; 1460 struct sockaddr *dstaddr; 1461 1462 /* 1463 * use the interface address if configuring an 1464 * interface address with a /128 prefix len 1465 */ 1466 if (ia->ia_dstaddr.sin6_family == AF_INET6) 1467 dstaddr = (struct sockaddr *)&ia->ia_dstaddr; 1468 else 1469 dstaddr = (struct sockaddr *)&ia->ia_addr; 1470 1471 error = rtrequest(RTM_DELETE, 1472 (struct sockaddr *)dstaddr, 1473 (struct sockaddr *)&ia->ia_addr, 1474 (struct sockaddr *)&ia->ia_prefixmask, 1475 ia->ia_flags | RTF_HOST, NULL); 1476 if (error != 0) 1477 return; 1478 ia->ia_flags &= ~IFA_ROUTE; 1479 } 1480 if (ifa0 != NULL) 1481 ifa_free(ifa0); 1482 1483 in6_unlink_ifa(ia, ifp); 1484 } 1485 1486 static void 1487 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1488 { 1489 int s = splnet(); 1490 1491 IF_ADDR_LOCK(ifp); 1492 TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1493 IF_ADDR_UNLOCK(ifp); 1494 ifa_free(&ia->ia_ifa); /* if_addrhead */ 1495 1496 /* 1497 * Defer the release of what might be the last reference to the 1498 * in6_ifaddr so that it can't be freed before the remainder of the 1499 * cleanup. 1500 */ 1501 IN6_IFADDR_WLOCK(); 1502 TAILQ_REMOVE(&V_in6_ifaddrhead, ia, ia_link); 1503 IN6_IFADDR_WUNLOCK(); 1504 1505 /* 1506 * Release the reference to the base prefix. There should be a 1507 * positive reference. 1508 */ 1509 if (ia->ia6_ndpr == NULL) { 1510 nd6log((LOG_NOTICE, 1511 "in6_unlink_ifa: autoconf'ed address " 1512 "%p has no prefix\n", ia)); 1513 } else { 1514 ia->ia6_ndpr->ndpr_refcnt--; 1515 ia->ia6_ndpr = NULL; 1516 } 1517 1518 /* 1519 * Also, if the address being removed is autoconf'ed, call 1520 * pfxlist_onlink_check() since the release might affect the status of 1521 * other (detached) addresses. 1522 */ 1523 if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) { 1524 pfxlist_onlink_check(); 1525 } 1526 ifa_free(&ia->ia_ifa); /* in6_ifaddrhead */ 1527 splx(s); 1528 } 1529 1530 void 1531 in6_purgeif(struct ifnet *ifp) 1532 { 1533 struct ifaddr *ifa, *nifa; 1534 1535 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, nifa) { 1536 if (ifa->ifa_addr->sa_family != AF_INET6) 1537 continue; 1538 in6_purgeaddr(ifa); 1539 } 1540 1541 in6_ifdetach(ifp); 1542 } 1543 1544 /* 1545 * SIOC[GAD]LIFADDR. 1546 * SIOCGLIFADDR: get first address. (?) 1547 * SIOCGLIFADDR with IFLR_PREFIX: 1548 * get first address that matches the specified prefix. 1549 * SIOCALIFADDR: add the specified address. 1550 * SIOCALIFADDR with IFLR_PREFIX: 1551 * add the specified prefix, filling hostid part from 1552 * the first link-local address. prefixlen must be <= 64. 1553 * SIOCDLIFADDR: delete the specified address. 1554 * SIOCDLIFADDR with IFLR_PREFIX: 1555 * delete the first address that matches the specified prefix. 1556 * return values: 1557 * EINVAL on invalid parameters 1558 * EADDRNOTAVAIL on prefix match failed/specified address not found 1559 * other values may be returned from in6_ioctl() 1560 * 1561 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1562 * this is to accomodate address naming scheme other than RFC2374, 1563 * in the future. 1564 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1565 * address encoding scheme. (see figure on page 8) 1566 */ 1567 static int 1568 in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1569 struct ifnet *ifp, struct thread *td) 1570 { 1571 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1572 struct ifaddr *ifa; 1573 struct sockaddr *sa; 1574 1575 /* sanity checks */ 1576 if (!data || !ifp) { 1577 panic("invalid argument to in6_lifaddr_ioctl"); 1578 /* NOTREACHED */ 1579 } 1580 1581 switch (cmd) { 1582 case SIOCGLIFADDR: 1583 /* address must be specified on GET with IFLR_PREFIX */ 1584 if ((iflr->flags & IFLR_PREFIX) == 0) 1585 break; 1586 /* FALLTHROUGH */ 1587 case SIOCALIFADDR: 1588 case SIOCDLIFADDR: 1589 /* address must be specified on ADD and DELETE */ 1590 sa = (struct sockaddr *)&iflr->addr; 1591 if (sa->sa_family != AF_INET6) 1592 return EINVAL; 1593 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1594 return EINVAL; 1595 /* XXX need improvement */ 1596 sa = (struct sockaddr *)&iflr->dstaddr; 1597 if (sa->sa_family && sa->sa_family != AF_INET6) 1598 return EINVAL; 1599 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1600 return EINVAL; 1601 break; 1602 default: /* shouldn't happen */ 1603 #if 0 1604 panic("invalid cmd to in6_lifaddr_ioctl"); 1605 /* NOTREACHED */ 1606 #else 1607 return EOPNOTSUPP; 1608 #endif 1609 } 1610 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1611 return EINVAL; 1612 1613 switch (cmd) { 1614 case SIOCALIFADDR: 1615 { 1616 struct in6_aliasreq ifra; 1617 struct in6_addr *hostid = NULL; 1618 int prefixlen; 1619 1620 ifa = NULL; 1621 if ((iflr->flags & IFLR_PREFIX) != 0) { 1622 struct sockaddr_in6 *sin6; 1623 1624 /* 1625 * hostid is to fill in the hostid part of the 1626 * address. hostid points to the first link-local 1627 * address attached to the interface. 1628 */ 1629 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1630 if (!ifa) 1631 return EADDRNOTAVAIL; 1632 hostid = IFA_IN6(ifa); 1633 1634 /* prefixlen must be <= 64. */ 1635 if (64 < iflr->prefixlen) 1636 return EINVAL; 1637 prefixlen = iflr->prefixlen; 1638 1639 /* hostid part must be zero. */ 1640 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1641 if (sin6->sin6_addr.s6_addr32[2] != 0 || 1642 sin6->sin6_addr.s6_addr32[3] != 0) { 1643 return EINVAL; 1644 } 1645 } else 1646 prefixlen = iflr->prefixlen; 1647 1648 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1649 bzero(&ifra, sizeof(ifra)); 1650 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1651 1652 bcopy(&iflr->addr, &ifra.ifra_addr, 1653 ((struct sockaddr *)&iflr->addr)->sa_len); 1654 if (hostid) { 1655 /* fill in hostid part */ 1656 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1657 hostid->s6_addr32[2]; 1658 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1659 hostid->s6_addr32[3]; 1660 } 1661 1662 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1663 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1664 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1665 if (hostid) { 1666 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1667 hostid->s6_addr32[2]; 1668 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1669 hostid->s6_addr32[3]; 1670 } 1671 } 1672 if (ifa != NULL) 1673 ifa_free(ifa); 1674 1675 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1676 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1677 1678 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1679 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td); 1680 } 1681 case SIOCGLIFADDR: 1682 case SIOCDLIFADDR: 1683 { 1684 struct in6_ifaddr *ia; 1685 struct in6_addr mask, candidate, match; 1686 struct sockaddr_in6 *sin6; 1687 int cmp; 1688 1689 bzero(&mask, sizeof(mask)); 1690 if (iflr->flags & IFLR_PREFIX) { 1691 /* lookup a prefix rather than address. */ 1692 in6_prefixlen2mask(&mask, iflr->prefixlen); 1693 1694 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1695 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1696 match.s6_addr32[0] &= mask.s6_addr32[0]; 1697 match.s6_addr32[1] &= mask.s6_addr32[1]; 1698 match.s6_addr32[2] &= mask.s6_addr32[2]; 1699 match.s6_addr32[3] &= mask.s6_addr32[3]; 1700 1701 /* if you set extra bits, that's wrong */ 1702 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1703 return EINVAL; 1704 1705 cmp = 1; 1706 } else { 1707 if (cmd == SIOCGLIFADDR) { 1708 /* on getting an address, take the 1st match */ 1709 cmp = 0; /* XXX */ 1710 } else { 1711 /* on deleting an address, do exact match */ 1712 in6_prefixlen2mask(&mask, 128); 1713 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1714 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1715 1716 cmp = 1; 1717 } 1718 } 1719 1720 IF_ADDR_LOCK(ifp); 1721 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1722 if (ifa->ifa_addr->sa_family != AF_INET6) 1723 continue; 1724 if (!cmp) 1725 break; 1726 1727 /* 1728 * XXX: this is adhoc, but is necessary to allow 1729 * a user to specify fe80::/64 (not /10) for a 1730 * link-local address. 1731 */ 1732 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1733 in6_clearscope(&candidate); 1734 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1735 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1736 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1737 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1738 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1739 break; 1740 } 1741 IF_ADDR_UNLOCK(ifp); 1742 if (!ifa) 1743 return EADDRNOTAVAIL; 1744 ia = ifa2ia6(ifa); 1745 1746 if (cmd == SIOCGLIFADDR) { 1747 int error; 1748 1749 /* fill in the if_laddrreq structure */ 1750 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1751 error = sa6_recoverscope( 1752 (struct sockaddr_in6 *)&iflr->addr); 1753 if (error != 0) 1754 return (error); 1755 1756 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1757 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1758 ia->ia_dstaddr.sin6_len); 1759 error = sa6_recoverscope( 1760 (struct sockaddr_in6 *)&iflr->dstaddr); 1761 if (error != 0) 1762 return (error); 1763 } else 1764 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1765 1766 iflr->prefixlen = 1767 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1768 1769 iflr->flags = ia->ia6_flags; /* XXX */ 1770 1771 return 0; 1772 } else { 1773 struct in6_aliasreq ifra; 1774 1775 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1776 bzero(&ifra, sizeof(ifra)); 1777 bcopy(iflr->iflr_name, ifra.ifra_name, 1778 sizeof(ifra.ifra_name)); 1779 1780 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1781 ia->ia_addr.sin6_len); 1782 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1783 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1784 ia->ia_dstaddr.sin6_len); 1785 } else { 1786 bzero(&ifra.ifra_dstaddr, 1787 sizeof(ifra.ifra_dstaddr)); 1788 } 1789 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1790 ia->ia_prefixmask.sin6_len); 1791 1792 ifra.ifra_flags = ia->ia6_flags; 1793 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1794 ifp, td); 1795 } 1796 } 1797 } 1798 1799 return EOPNOTSUPP; /* just for safety */ 1800 } 1801 1802 /* 1803 * Initialize an interface's intetnet6 address 1804 * and routing table entry. 1805 */ 1806 static int 1807 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1808 struct sockaddr_in6 *sin6, int newhost) 1809 { 1810 int error = 0, plen, ifacount = 0; 1811 int s = splimp(); 1812 struct ifaddr *ifa; 1813 1814 /* 1815 * Give the interface a chance to initialize 1816 * if this is its first address, 1817 * and to validate the address if necessary. 1818 */ 1819 IF_ADDR_LOCK(ifp); 1820 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1821 if (ifa->ifa_addr->sa_family != AF_INET6) 1822 continue; 1823 ifacount++; 1824 } 1825 IF_ADDR_UNLOCK(ifp); 1826 1827 ia->ia_addr = *sin6; 1828 1829 if (ifacount <= 1 && ifp->if_ioctl) { 1830 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia); 1831 if (error) { 1832 splx(s); 1833 return (error); 1834 } 1835 } 1836 splx(s); 1837 1838 ia->ia_ifa.ifa_metric = ifp->if_metric; 1839 1840 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1841 1842 /* 1843 * Special case: 1844 * If a new destination address is specified for a point-to-point 1845 * interface, install a route to the destination as an interface 1846 * direct route. 1847 * XXX: the logic below rejects assigning multiple addresses on a p2p 1848 * interface that share the same destination. 1849 */ 1850 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1851 if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 && 1852 ia->ia_dstaddr.sin6_family == AF_INET6) { 1853 int rtflags = RTF_UP | RTF_HOST; 1854 1855 error = rtrequest(RTM_ADD, 1856 (struct sockaddr *)&ia->ia_dstaddr, 1857 (struct sockaddr *)&ia->ia_addr, 1858 (struct sockaddr *)&ia->ia_prefixmask, 1859 ia->ia_flags | rtflags, NULL); 1860 if (error != 0) 1861 return (error); 1862 ia->ia_flags |= IFA_ROUTE; 1863 /* 1864 * Handle the case for ::1 . 1865 */ 1866 if (ifp->if_flags & IFF_LOOPBACK) 1867 ia->ia_flags |= IFA_RTSELF; 1868 } 1869 1870 /* 1871 * add a loopback route to self 1872 */ 1873 if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) { 1874 error = ifa_add_loopback_route((struct ifaddr *)ia, 1875 (struct sockaddr *)&ia->ia_addr); 1876 if (error == 0) 1877 ia->ia_flags |= IFA_RTSELF; 1878 } 1879 1880 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1881 if (newhost) 1882 in6_ifaddloop(&(ia->ia_ifa)); 1883 1884 return (error); 1885 } 1886 1887 /* 1888 * Find an IPv6 interface link-local address specific to an interface. 1889 * ifaddr is returned referenced. 1890 */ 1891 struct in6_ifaddr * 1892 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1893 { 1894 struct ifaddr *ifa; 1895 1896 IF_ADDR_LOCK(ifp); 1897 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1898 if (ifa->ifa_addr->sa_family != AF_INET6) 1899 continue; 1900 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1901 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1902 ignoreflags) != 0) 1903 continue; 1904 ifa_ref(ifa); 1905 break; 1906 } 1907 } 1908 IF_ADDR_UNLOCK(ifp); 1909 1910 return ((struct in6_ifaddr *)ifa); 1911 } 1912 1913 1914 /* 1915 * find the internet address corresponding to a given interface and address. 1916 * ifaddr is returned referenced. 1917 */ 1918 struct in6_ifaddr * 1919 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1920 { 1921 struct ifaddr *ifa; 1922 1923 IF_ADDR_LOCK(ifp); 1924 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1925 if (ifa->ifa_addr->sa_family != AF_INET6) 1926 continue; 1927 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) { 1928 ifa_ref(ifa); 1929 break; 1930 } 1931 } 1932 IF_ADDR_UNLOCK(ifp); 1933 1934 return ((struct in6_ifaddr *)ifa); 1935 } 1936 1937 /* 1938 * Convert IP6 address to printable (loggable) representation. Caller 1939 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long. 1940 */ 1941 static char digits[] = "0123456789abcdef"; 1942 char * 1943 ip6_sprintf(char *ip6buf, const struct in6_addr *addr) 1944 { 1945 int i, cnt = 0, maxcnt = 0, idx = 0, index = 0; 1946 char *cp; 1947 const u_int16_t *a = (const u_int16_t *)addr; 1948 const u_int8_t *d; 1949 int dcolon = 0, zero = 0; 1950 1951 cp = ip6buf; 1952 1953 for (i = 0; i < 8; i++) { 1954 if (*(a + i) == 0) { 1955 cnt++; 1956 if (cnt == 1) 1957 idx = i; 1958 } 1959 else if (maxcnt < cnt) { 1960 maxcnt = cnt; 1961 index = idx; 1962 cnt = 0; 1963 } 1964 } 1965 if (maxcnt < cnt) { 1966 maxcnt = cnt; 1967 index = idx; 1968 } 1969 1970 for (i = 0; i < 8; i++) { 1971 if (dcolon == 1) { 1972 if (*a == 0) { 1973 if (i == 7) 1974 *cp++ = ':'; 1975 a++; 1976 continue; 1977 } else 1978 dcolon = 2; 1979 } 1980 if (*a == 0) { 1981 if (dcolon == 0 && *(a + 1) == 0 && i == index) { 1982 if (i == 0) 1983 *cp++ = ':'; 1984 *cp++ = ':'; 1985 dcolon = 1; 1986 } else { 1987 *cp++ = '0'; 1988 *cp++ = ':'; 1989 } 1990 a++; 1991 continue; 1992 } 1993 d = (const u_char *)a; 1994 /* Try to eliminate leading zeros in printout like in :0001. */ 1995 zero = 1; 1996 *cp = digits[*d >> 4]; 1997 if (*cp != '0') { 1998 zero = 0; 1999 cp++; 2000 } 2001 *cp = digits[*d++ & 0xf]; 2002 if (zero == 0 || (*cp != '0')) { 2003 zero = 0; 2004 cp++; 2005 } 2006 *cp = digits[*d >> 4]; 2007 if (zero == 0 || (*cp != '0')) { 2008 zero = 0; 2009 cp++; 2010 } 2011 *cp++ = digits[*d & 0xf]; 2012 *cp++ = ':'; 2013 a++; 2014 } 2015 *--cp = '\0'; 2016 return (ip6buf); 2017 } 2018 2019 int 2020 in6_localaddr(struct in6_addr *in6) 2021 { 2022 struct in6_ifaddr *ia; 2023 2024 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 2025 return 1; 2026 2027 IN6_IFADDR_RLOCK(); 2028 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2029 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 2030 &ia->ia_prefixmask.sin6_addr)) { 2031 IN6_IFADDR_RUNLOCK(); 2032 return 1; 2033 } 2034 } 2035 IN6_IFADDR_RUNLOCK(); 2036 2037 return (0); 2038 } 2039 2040 /* 2041 * Return 1 if an internet address is for the local host and configured 2042 * on one of its interfaces. 2043 */ 2044 int 2045 in6_localip(struct in6_addr *in6) 2046 { 2047 struct in6_ifaddr *ia; 2048 2049 IN6_IFADDR_RLOCK(); 2050 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2051 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) { 2052 IN6_IFADDR_RUNLOCK(); 2053 return (1); 2054 } 2055 } 2056 IN6_IFADDR_RUNLOCK(); 2057 return (0); 2058 } 2059 2060 2061 int 2062 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 2063 { 2064 struct in6_ifaddr *ia; 2065 2066 IN6_IFADDR_RLOCK(); 2067 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 2068 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 2069 &sa6->sin6_addr) && 2070 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) { 2071 IN6_IFADDR_RUNLOCK(); 2072 return (1); /* true */ 2073 } 2074 2075 /* XXX: do we still have to go thru the rest of the list? */ 2076 } 2077 IN6_IFADDR_RUNLOCK(); 2078 2079 return (0); /* false */ 2080 } 2081 2082 /* 2083 * return length of part which dst and src are equal 2084 * hard coding... 2085 */ 2086 int 2087 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 2088 { 2089 int match = 0; 2090 u_char *s = (u_char *)src, *d = (u_char *)dst; 2091 u_char *lim = s + 16, r; 2092 2093 while (s < lim) 2094 if ((r = (*d++ ^ *s++)) != 0) { 2095 while (r < 128) { 2096 match++; 2097 r <<= 1; 2098 } 2099 break; 2100 } else 2101 match += 8; 2102 return match; 2103 } 2104 2105 /* XXX: to be scope conscious */ 2106 int 2107 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 2108 { 2109 int bytelen, bitlen; 2110 2111 /* sanity check */ 2112 if (0 > len || len > 128) { 2113 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 2114 len); 2115 return (0); 2116 } 2117 2118 bytelen = len / 8; 2119 bitlen = len % 8; 2120 2121 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2122 return (0); 2123 if (bitlen != 0 && 2124 p1->s6_addr[bytelen] >> (8 - bitlen) != 2125 p2->s6_addr[bytelen] >> (8 - bitlen)) 2126 return (0); 2127 2128 return (1); 2129 } 2130 2131 void 2132 in6_prefixlen2mask(struct in6_addr *maskp, int len) 2133 { 2134 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2135 int bytelen, bitlen, i; 2136 2137 /* sanity check */ 2138 if (0 > len || len > 128) { 2139 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2140 len); 2141 return; 2142 } 2143 2144 bzero(maskp, sizeof(*maskp)); 2145 bytelen = len / 8; 2146 bitlen = len % 8; 2147 for (i = 0; i < bytelen; i++) 2148 maskp->s6_addr[i] = 0xff; 2149 if (bitlen) 2150 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2151 } 2152 2153 /* 2154 * return the best address out of the same scope. if no address was 2155 * found, return the first valid address from designated IF. 2156 */ 2157 struct in6_ifaddr * 2158 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2159 { 2160 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2161 struct ifaddr *ifa; 2162 struct in6_ifaddr *besta = 0; 2163 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2164 2165 dep[0] = dep[1] = NULL; 2166 2167 /* 2168 * We first look for addresses in the same scope. 2169 * If there is one, return it. 2170 * If two or more, return one which matches the dst longest. 2171 * If none, return one of global addresses assigned other ifs. 2172 */ 2173 IF_ADDR_LOCK(ifp); 2174 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2175 if (ifa->ifa_addr->sa_family != AF_INET6) 2176 continue; 2177 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2178 continue; /* XXX: is there any case to allow anycast? */ 2179 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2180 continue; /* don't use this interface */ 2181 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2182 continue; 2183 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2184 if (V_ip6_use_deprecated) 2185 dep[0] = (struct in6_ifaddr *)ifa; 2186 continue; 2187 } 2188 2189 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2190 /* 2191 * call in6_matchlen() as few as possible 2192 */ 2193 if (besta) { 2194 if (blen == -1) 2195 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2196 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2197 if (tlen > blen) { 2198 blen = tlen; 2199 besta = (struct in6_ifaddr *)ifa; 2200 } 2201 } else 2202 besta = (struct in6_ifaddr *)ifa; 2203 } 2204 } 2205 if (besta) { 2206 ifa_ref(&besta->ia_ifa); 2207 IF_ADDR_UNLOCK(ifp); 2208 return (besta); 2209 } 2210 IF_ADDR_UNLOCK(ifp); 2211 2212 IN6_IFADDR_RLOCK(); 2213 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2214 if (ifa->ifa_addr->sa_family != AF_INET6) 2215 continue; 2216 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2217 continue; /* XXX: is there any case to allow anycast? */ 2218 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2219 continue; /* don't use this interface */ 2220 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2221 continue; 2222 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2223 if (V_ip6_use_deprecated) 2224 dep[1] = (struct in6_ifaddr *)ifa; 2225 continue; 2226 } 2227 2228 if (ifa != NULL) 2229 ifa_ref(ifa); 2230 IN6_IFADDR_RUNLOCK(); 2231 return (struct in6_ifaddr *)ifa; 2232 } 2233 IN6_IFADDR_RUNLOCK(); 2234 2235 /* use the last-resort values, that are, deprecated addresses */ 2236 if (dep[0]) 2237 return dep[0]; 2238 if (dep[1]) 2239 return dep[1]; 2240 2241 return NULL; 2242 } 2243 2244 /* 2245 * perform DAD when interface becomes IFF_UP. 2246 */ 2247 void 2248 in6_if_up(struct ifnet *ifp) 2249 { 2250 struct ifaddr *ifa; 2251 struct in6_ifaddr *ia; 2252 2253 IF_ADDR_LOCK(ifp); 2254 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 2255 if (ifa->ifa_addr->sa_family != AF_INET6) 2256 continue; 2257 ia = (struct in6_ifaddr *)ifa; 2258 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2259 /* 2260 * The TENTATIVE flag was likely set by hand 2261 * beforehand, implicitly indicating the need for DAD. 2262 * We may be able to skip the random delay in this 2263 * case, but we impose delays just in case. 2264 */ 2265 nd6_dad_start(ifa, 2266 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2267 } 2268 } 2269 IF_ADDR_UNLOCK(ifp); 2270 2271 /* 2272 * special cases, like 6to4, are handled in in6_ifattach 2273 */ 2274 in6_ifattach(ifp, NULL); 2275 } 2276 2277 int 2278 in6if_do_dad(struct ifnet *ifp) 2279 { 2280 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2281 return (0); 2282 2283 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 2284 return (0); 2285 2286 switch (ifp->if_type) { 2287 #ifdef IFT_DUMMY 2288 case IFT_DUMMY: 2289 #endif 2290 case IFT_FAITH: 2291 /* 2292 * These interfaces do not have the IFF_LOOPBACK flag, 2293 * but loop packets back. We do not have to do DAD on such 2294 * interfaces. We should even omit it, because loop-backed 2295 * NS would confuse the DAD procedure. 2296 */ 2297 return (0); 2298 default: 2299 /* 2300 * Our DAD routine requires the interface up and running. 2301 * However, some interfaces can be up before the RUNNING 2302 * status. Additionaly, users may try to assign addresses 2303 * before the interface becomes up (or running). 2304 * We simply skip DAD in such a case as a work around. 2305 * XXX: we should rather mark "tentative" on such addresses, 2306 * and do DAD after the interface becomes ready. 2307 */ 2308 if (!((ifp->if_flags & IFF_UP) && 2309 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 2310 return (0); 2311 2312 return (1); 2313 } 2314 } 2315 2316 /* 2317 * Calculate max IPv6 MTU through all the interfaces and store it 2318 * to in6_maxmtu. 2319 */ 2320 void 2321 in6_setmaxmtu(void) 2322 { 2323 unsigned long maxmtu = 0; 2324 struct ifnet *ifp; 2325 2326 IFNET_RLOCK_NOSLEEP(); 2327 for (ifp = TAILQ_FIRST(&V_ifnet); ifp; 2328 ifp = TAILQ_NEXT(ifp, if_list)) { 2329 /* this function can be called during ifnet initialization */ 2330 if (!ifp->if_afdata[AF_INET6]) 2331 continue; 2332 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2333 IN6_LINKMTU(ifp) > maxmtu) 2334 maxmtu = IN6_LINKMTU(ifp); 2335 } 2336 IFNET_RUNLOCK_NOSLEEP(); 2337 if (maxmtu) /* update only when maxmtu is positive */ 2338 V_in6_maxmtu = maxmtu; 2339 } 2340 2341 /* 2342 * Provide the length of interface identifiers to be used for the link attached 2343 * to the given interface. The length should be defined in "IPv6 over 2344 * xxx-link" document. Note that address architecture might also define 2345 * the length for a particular set of address prefixes, regardless of the 2346 * link type. As clarified in rfc2462bis, those two definitions should be 2347 * consistent, and those really are as of August 2004. 2348 */ 2349 int 2350 in6_if2idlen(struct ifnet *ifp) 2351 { 2352 switch (ifp->if_type) { 2353 case IFT_ETHER: /* RFC2464 */ 2354 #ifdef IFT_PROPVIRTUAL 2355 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2356 #endif 2357 #ifdef IFT_L2VLAN 2358 case IFT_L2VLAN: /* ditto */ 2359 #endif 2360 #ifdef IFT_IEEE80211 2361 case IFT_IEEE80211: /* ditto */ 2362 #endif 2363 #ifdef IFT_MIP 2364 case IFT_MIP: /* ditto */ 2365 #endif 2366 case IFT_INFINIBAND: 2367 return (64); 2368 case IFT_FDDI: /* RFC2467 */ 2369 return (64); 2370 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2371 return (64); 2372 case IFT_PPP: /* RFC2472 */ 2373 return (64); 2374 case IFT_ARCNET: /* RFC2497 */ 2375 return (64); 2376 case IFT_FRELAY: /* RFC2590 */ 2377 return (64); 2378 case IFT_IEEE1394: /* RFC3146 */ 2379 return (64); 2380 case IFT_GIF: 2381 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 2382 case IFT_LOOP: 2383 return (64); /* XXX: is this really correct? */ 2384 default: 2385 /* 2386 * Unknown link type: 2387 * It might be controversial to use the today's common constant 2388 * of 64 for these cases unconditionally. For full compliance, 2389 * we should return an error in this case. On the other hand, 2390 * if we simply miss the standard for the link type or a new 2391 * standard is defined for a new link type, the IFID length 2392 * is very likely to be the common constant. As a compromise, 2393 * we always use the constant, but make an explicit notice 2394 * indicating the "unknown" case. 2395 */ 2396 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2397 return (64); 2398 } 2399 } 2400 2401 #include <sys/sysctl.h> 2402 2403 struct in6_llentry { 2404 struct llentry base; 2405 struct sockaddr_in6 l3_addr6; 2406 }; 2407 2408 static struct llentry * 2409 in6_lltable_new(const struct sockaddr *l3addr, u_int flags) 2410 { 2411 struct in6_llentry *lle; 2412 2413 lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, 2414 M_DONTWAIT | M_ZERO); 2415 if (lle == NULL) /* NB: caller generates msg */ 2416 return NULL; 2417 2418 lle->l3_addr6 = *(const struct sockaddr_in6 *)l3addr; 2419 lle->base.lle_refcnt = 1; 2420 LLE_LOCK_INIT(&lle->base); 2421 callout_init_rw(&lle->base.ln_timer_ch, &lle->base.lle_lock, 2422 CALLOUT_RETURNUNLOCKED); 2423 2424 return &lle->base; 2425 } 2426 2427 /* 2428 * Deletes an address from the address table. 2429 * This function is called by the timer functions 2430 * such as arptimer() and nd6_llinfo_timer(), and 2431 * the caller does the locking. 2432 */ 2433 static void 2434 in6_lltable_free(struct lltable *llt, struct llentry *lle) 2435 { 2436 LLE_WUNLOCK(lle); 2437 LLE_LOCK_DESTROY(lle); 2438 free(lle, M_LLTABLE); 2439 } 2440 2441 static void 2442 in6_lltable_prefix_free(struct lltable *llt, 2443 const struct sockaddr *prefix, 2444 const struct sockaddr *mask, 2445 u_int flags) 2446 { 2447 const struct sockaddr_in6 *pfx = (const struct sockaddr_in6 *)prefix; 2448 const struct sockaddr_in6 *msk = (const struct sockaddr_in6 *)mask; 2449 struct llentry *lle, *next; 2450 register int i; 2451 2452 /* 2453 * (flags & LLE_STATIC) means deleting all entries 2454 * including static ND6 entries 2455 */ 2456 for (i=0; i < LLTBL_HASHTBL_SIZE; i++) { 2457 LIST_FOREACH_SAFE(lle, &llt->lle_head[i], lle_next, next) { 2458 if (IN6_ARE_MASKED_ADDR_EQUAL( 2459 &((struct sockaddr_in6 *)L3_ADDR(lle))->sin6_addr, 2460 &pfx->sin6_addr, 2461 &msk->sin6_addr) && 2462 ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))) { 2463 int canceled; 2464 2465 canceled = callout_drain(&lle->la_timer); 2466 LLE_WLOCK(lle); 2467 if (canceled) 2468 LLE_REMREF(lle); 2469 llentry_free(lle); 2470 } 2471 } 2472 } 2473 } 2474 2475 static int 2476 in6_lltable_rtcheck(struct ifnet *ifp, 2477 u_int flags, 2478 const struct sockaddr *l3addr) 2479 { 2480 struct rtentry *rt; 2481 char ip6buf[INET6_ADDRSTRLEN]; 2482 2483 KASSERT(l3addr->sa_family == AF_INET6, 2484 ("sin_family %d", l3addr->sa_family)); 2485 2486 /* XXX rtalloc1 should take a const param */ 2487 rt = rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0); 2488 if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) { 2489 struct ifaddr *ifa; 2490 /* 2491 * Create an ND6 cache for an IPv6 neighbor 2492 * that is not covered by our own prefix. 2493 */ 2494 /* XXX ifaof_ifpforaddr should take a const param */ 2495 ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp); 2496 if (ifa != NULL) { 2497 ifa_free(ifa); 2498 if (rt != NULL) 2499 RTFREE_LOCKED(rt); 2500 return 0; 2501 } 2502 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n", 2503 ip6_sprintf(ip6buf, &((const struct sockaddr_in6 *)l3addr)->sin6_addr)); 2504 if (rt != NULL) 2505 RTFREE_LOCKED(rt); 2506 return EINVAL; 2507 } 2508 RTFREE_LOCKED(rt); 2509 return 0; 2510 } 2511 2512 static struct llentry * 2513 in6_lltable_lookup(struct lltable *llt, u_int flags, 2514 const struct sockaddr *l3addr) 2515 { 2516 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr; 2517 struct ifnet *ifp = llt->llt_ifp; 2518 struct llentry *lle; 2519 struct llentries *lleh; 2520 u_int hashkey; 2521 2522 IF_AFDATA_LOCK_ASSERT(ifp); 2523 KASSERT(l3addr->sa_family == AF_INET6, 2524 ("sin_family %d", l3addr->sa_family)); 2525 2526 hashkey = sin6->sin6_addr.s6_addr32[3]; 2527 lleh = &llt->lle_head[LLATBL_HASH(hashkey, LLTBL_HASHMASK)]; 2528 LIST_FOREACH(lle, lleh, lle_next) { 2529 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)L3_ADDR(lle); 2530 if (lle->la_flags & LLE_DELETED) 2531 continue; 2532 if (bcmp(&sa6->sin6_addr, &sin6->sin6_addr, 2533 sizeof(struct in6_addr)) == 0) 2534 break; 2535 } 2536 2537 if (lle == NULL) { 2538 if (!(flags & LLE_CREATE)) 2539 return (NULL); 2540 /* 2541 * A route that covers the given address must have 2542 * been installed 1st because we are doing a resolution, 2543 * verify this. 2544 */ 2545 if (!(flags & LLE_IFADDR) && 2546 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) 2547 return NULL; 2548 2549 lle = in6_lltable_new(l3addr, flags); 2550 if (lle == NULL) { 2551 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2552 return NULL; 2553 } 2554 lle->la_flags = flags & ~LLE_CREATE; 2555 if ((flags & (LLE_CREATE | LLE_IFADDR)) == (LLE_CREATE | LLE_IFADDR)) { 2556 bcopy(IF_LLADDR(ifp), &lle->ll_addr, ifp->if_addrlen); 2557 lle->la_flags |= (LLE_VALID | LLE_STATIC); 2558 } 2559 2560 lle->lle_tbl = llt; 2561 lle->lle_head = lleh; 2562 LIST_INSERT_HEAD(lleh, lle, lle_next); 2563 } else if (flags & LLE_DELETE) { 2564 if (!(lle->la_flags & LLE_IFADDR) || (flags & LLE_IFADDR)) { 2565 LLE_WLOCK(lle); 2566 lle->la_flags = LLE_DELETED; 2567 LLE_WUNLOCK(lle); 2568 #ifdef DIAGNOSTIC 2569 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle); 2570 #endif 2571 } 2572 lle = (void *)-1; 2573 } 2574 if (LLE_IS_VALID(lle)) { 2575 if (flags & LLE_EXCLUSIVE) 2576 LLE_WLOCK(lle); 2577 else 2578 LLE_RLOCK(lle); 2579 } 2580 return (lle); 2581 } 2582 2583 static int 2584 in6_lltable_dump(struct lltable *llt, struct sysctl_req *wr) 2585 { 2586 struct ifnet *ifp = llt->llt_ifp; 2587 struct llentry *lle; 2588 /* XXX stack use */ 2589 struct { 2590 struct rt_msghdr rtm; 2591 struct sockaddr_in6 sin6; 2592 /* 2593 * ndp.c assumes that sdl is word aligned 2594 */ 2595 #ifdef __LP64__ 2596 uint32_t pad; 2597 #endif 2598 struct sockaddr_dl sdl; 2599 } ndpc; 2600 int i, error; 2601 2602 if (ifp->if_flags & IFF_LOOPBACK) 2603 return 0; 2604 2605 LLTABLE_LOCK_ASSERT(); 2606 2607 error = 0; 2608 for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) { 2609 LIST_FOREACH(lle, &llt->lle_head[i], lle_next) { 2610 struct sockaddr_dl *sdl; 2611 2612 /* skip deleted or invalid entries */ 2613 if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID) 2614 continue; 2615 /* Skip if jailed and not a valid IP of the prison. */ 2616 if (prison_if(wr->td->td_ucred, L3_ADDR(lle)) != 0) 2617 continue; 2618 /* 2619 * produce a msg made of: 2620 * struct rt_msghdr; 2621 * struct sockaddr_in6 (IPv6) 2622 * struct sockaddr_dl; 2623 */ 2624 bzero(&ndpc, sizeof(ndpc)); 2625 ndpc.rtm.rtm_msglen = sizeof(ndpc); 2626 ndpc.rtm.rtm_version = RTM_VERSION; 2627 ndpc.rtm.rtm_type = RTM_GET; 2628 ndpc.rtm.rtm_flags = RTF_UP; 2629 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY; 2630 ndpc.sin6.sin6_family = AF_INET6; 2631 ndpc.sin6.sin6_len = sizeof(ndpc.sin6); 2632 bcopy(L3_ADDR(lle), &ndpc.sin6, L3_ADDR_LEN(lle)); 2633 2634 /* publish */ 2635 if (lle->la_flags & LLE_PUB) 2636 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE; 2637 2638 sdl = &ndpc.sdl; 2639 sdl->sdl_family = AF_LINK; 2640 sdl->sdl_len = sizeof(*sdl); 2641 sdl->sdl_alen = ifp->if_addrlen; 2642 sdl->sdl_index = ifp->if_index; 2643 sdl->sdl_type = ifp->if_type; 2644 bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); 2645 ndpc.rtm.rtm_rmx.rmx_expire = 2646 lle->la_flags & LLE_STATIC ? 0 : lle->la_expire; 2647 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA); 2648 if (lle->la_flags & LLE_STATIC) 2649 ndpc.rtm.rtm_flags |= RTF_STATIC; 2650 ndpc.rtm.rtm_index = ifp->if_index; 2651 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc)); 2652 if (error) 2653 break; 2654 } 2655 } 2656 return error; 2657 } 2658 2659 void * 2660 in6_domifattach(struct ifnet *ifp) 2661 { 2662 struct in6_ifextra *ext; 2663 2664 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2665 bzero(ext, sizeof(*ext)); 2666 2667 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2668 M_IFADDR, M_WAITOK); 2669 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2670 2671 ext->icmp6_ifstat = 2672 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2673 M_IFADDR, M_WAITOK); 2674 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2675 2676 ext->nd_ifinfo = nd6_ifattach(ifp); 2677 ext->scope6_id = scope6_ifattach(ifp); 2678 ext->lltable = lltable_init(ifp, AF_INET6); 2679 if (ext->lltable != NULL) { 2680 ext->lltable->llt_free = in6_lltable_free; 2681 ext->lltable->llt_prefix_free = in6_lltable_prefix_free; 2682 ext->lltable->llt_lookup = in6_lltable_lookup; 2683 ext->lltable->llt_dump = in6_lltable_dump; 2684 } 2685 2686 ext->mld_ifinfo = mld_domifattach(ifp); 2687 2688 return ext; 2689 } 2690 2691 void 2692 in6_domifdetach(struct ifnet *ifp, void *aux) 2693 { 2694 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2695 2696 mld_domifdetach(ifp); 2697 scope6_ifdetach(ext->scope6_id); 2698 nd6_ifdetach(ext->nd_ifinfo); 2699 lltable_free(ext->lltable); 2700 free(ext->in6_ifstat, M_IFADDR); 2701 free(ext->icmp6_ifstat, M_IFADDR); 2702 free(ext, M_IFADDR); 2703 } 2704 2705 /* 2706 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2707 * v4 mapped addr or v4 compat addr 2708 */ 2709 void 2710 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2711 { 2712 2713 bzero(sin, sizeof(*sin)); 2714 sin->sin_len = sizeof(struct sockaddr_in); 2715 sin->sin_family = AF_INET; 2716 sin->sin_port = sin6->sin6_port; 2717 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2718 } 2719 2720 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2721 void 2722 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2723 { 2724 bzero(sin6, sizeof(*sin6)); 2725 sin6->sin6_len = sizeof(struct sockaddr_in6); 2726 sin6->sin6_family = AF_INET6; 2727 sin6->sin6_port = sin->sin_port; 2728 sin6->sin6_addr.s6_addr32[0] = 0; 2729 sin6->sin6_addr.s6_addr32[1] = 0; 2730 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2731 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2732 } 2733 2734 /* Convert sockaddr_in6 into sockaddr_in. */ 2735 void 2736 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2737 { 2738 struct sockaddr_in *sin_p; 2739 struct sockaddr_in6 sin6; 2740 2741 /* 2742 * Save original sockaddr_in6 addr and convert it 2743 * to sockaddr_in. 2744 */ 2745 sin6 = *(struct sockaddr_in6 *)nam; 2746 sin_p = (struct sockaddr_in *)nam; 2747 in6_sin6_2_sin(sin_p, &sin6); 2748 } 2749 2750 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2751 void 2752 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2753 { 2754 struct sockaddr_in *sin_p; 2755 struct sockaddr_in6 *sin6_p; 2756 2757 sin6_p = malloc(sizeof *sin6_p, M_SONAME, 2758 M_WAITOK); 2759 sin_p = (struct sockaddr_in *)*nam; 2760 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2761 free(*nam, M_SONAME); 2762 *nam = (struct sockaddr *)sin6_p; 2763 } 2764