xref: /freebsd/sys/netinet6/in6.c (revision 190cef3d52236565eb22e18b33e9e865ec634aa3)
1  /*-
2   * SPDX-License-Identifier: BSD-3-Clause
3   *
4   * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5   * All rights reserved.
6   *
7   * Redistribution and use in source and binary forms, with or without
8   * modification, are permitted provided that the following conditions
9   * are met:
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   * 2. Redistributions in binary form must reproduce the above copyright
13   *    notice, this list of conditions and the following disclaimer in the
14   *    documentation and/or other materials provided with the distribution.
15   * 3. Neither the name of the project nor the names of its contributors
16   *    may be used to endorse or promote products derived from this software
17   *    without specific prior written permission.
18   *
19   * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22   * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25   * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27   * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29   * SUCH DAMAGE.
30   *
31   *	$KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $
32   */
33  
34  /*-
35   * Copyright (c) 1982, 1986, 1991, 1993
36   *	The Regents of the University of California.  All rights reserved.
37   *
38   * Redistribution and use in source and binary forms, with or without
39   * modification, are permitted provided that the following conditions
40   * are met:
41   * 1. Redistributions of source code must retain the above copyright
42   *    notice, this list of conditions and the following disclaimer.
43   * 2. Redistributions in binary form must reproduce the above copyright
44   *    notice, this list of conditions and the following disclaimer in the
45   *    documentation and/or other materials provided with the distribution.
46   * 3. Neither the name of the University nor the names of its contributors
47   *    may be used to endorse or promote products derived from this software
48   *    without specific prior written permission.
49   *
50   * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51   * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53   * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56   * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58   * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60   * SUCH DAMAGE.
61   *
62   *	@(#)in.c	8.2 (Berkeley) 11/15/93
63   */
64  
65  #include <sys/cdefs.h>
66  __FBSDID("$FreeBSD$");
67  
68  #include "opt_inet.h"
69  #include "opt_inet6.h"
70  
71  #include <sys/param.h>
72  #include <sys/eventhandler.h>
73  #include <sys/errno.h>
74  #include <sys/jail.h>
75  #include <sys/malloc.h>
76  #include <sys/socket.h>
77  #include <sys/socketvar.h>
78  #include <sys/sockio.h>
79  #include <sys/systm.h>
80  #include <sys/priv.h>
81  #include <sys/proc.h>
82  #include <sys/protosw.h>
83  #include <sys/time.h>
84  #include <sys/kernel.h>
85  #include <sys/lock.h>
86  #include <sys/rmlock.h>
87  #include <sys/syslog.h>
88  
89  #include <net/if.h>
90  #include <net/if_var.h>
91  #include <net/if_types.h>
92  #include <net/route.h>
93  #include <net/if_dl.h>
94  #include <net/vnet.h>
95  
96  #include <netinet/in.h>
97  #include <netinet/in_var.h>
98  #include <net/if_llatbl.h>
99  #include <netinet/if_ether.h>
100  #include <netinet/in_systm.h>
101  #include <netinet/ip.h>
102  #include <netinet/in_pcb.h>
103  #include <netinet/ip_carp.h>
104  
105  #include <netinet/ip6.h>
106  #include <netinet6/ip6_var.h>
107  #include <netinet6/nd6.h>
108  #include <netinet6/mld6_var.h>
109  #include <netinet6/ip6_mroute.h>
110  #include <netinet6/in6_ifattach.h>
111  #include <netinet6/scope6_var.h>
112  #include <netinet6/in6_fib.h>
113  #include <netinet6/in6_pcb.h>
114  
115  
116  /*
117   * struct in6_ifreq and struct ifreq must be type punnable for common members
118   * of ifr_ifru to allow accessors to be shared.
119   */
120  _Static_assert(offsetof(struct in6_ifreq, ifr_ifru) ==
121      offsetof(struct ifreq, ifr_ifru),
122      "struct in6_ifreq and struct ifreq are not type punnable");
123  
124  VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix);
125  #define V_icmp6_nodeinfo_oldmcprefix	VNET(icmp6_nodeinfo_oldmcprefix)
126  
127  /*
128   * Definitions of some costant IP6 addresses.
129   */
130  const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
131  const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
132  const struct in6_addr in6addr_nodelocal_allnodes =
133  	IN6ADDR_NODELOCAL_ALLNODES_INIT;
134  const struct in6_addr in6addr_linklocal_allnodes =
135  	IN6ADDR_LINKLOCAL_ALLNODES_INIT;
136  const struct in6_addr in6addr_linklocal_allrouters =
137  	IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
138  const struct in6_addr in6addr_linklocal_allv2routers =
139  	IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
140  
141  const struct in6_addr in6mask0 = IN6MASK0;
142  const struct in6_addr in6mask32 = IN6MASK32;
143  const struct in6_addr in6mask64 = IN6MASK64;
144  const struct in6_addr in6mask96 = IN6MASK96;
145  const struct in6_addr in6mask128 = IN6MASK128;
146  
147  const struct sockaddr_in6 sa6_any =
148  	{ sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 };
149  
150  static int in6_notify_ifa(struct ifnet *, struct in6_ifaddr *,
151  	struct in6_aliasreq *, int);
152  static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
153  
154  static int in6_validate_ifra(struct ifnet *, struct in6_aliasreq *,
155      struct in6_ifaddr *, int);
156  static struct in6_ifaddr *in6_alloc_ifa(struct ifnet *,
157      struct in6_aliasreq *, int flags);
158  static int in6_update_ifa_internal(struct ifnet *, struct in6_aliasreq *,
159      struct in6_ifaddr *, int, int);
160  static int in6_broadcast_ifa(struct ifnet *, struct in6_aliasreq *,
161      struct in6_ifaddr *, int);
162  
163  #define ifa2ia6(ifa)	((struct in6_ifaddr *)(ifa))
164  #define ia62ifa(ia6)	(&((ia6)->ia_ifa))
165  
166  
167  void
168  in6_newaddrmsg(struct in6_ifaddr *ia, int cmd)
169  {
170  	struct sockaddr_dl gateway;
171  	struct sockaddr_in6 mask, addr;
172  	struct rtentry rt;
173  	int fibnum;
174  
175  	/*
176  	 * initialize for rtmsg generation
177  	 */
178  	bzero(&gateway, sizeof(gateway));
179  	gateway.sdl_len = sizeof(gateway);
180  	gateway.sdl_family = AF_LINK;
181  
182  	bzero(&rt, sizeof(rt));
183  	rt.rt_gateway = (struct sockaddr *)&gateway;
184  	memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask));
185  	memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr));
186  	rt_mask(&rt) = (struct sockaddr *)&mask;
187  	rt_key(&rt) = (struct sockaddr *)&addr;
188  	rt.rt_flags = RTF_HOST | RTF_STATIC;
189  	if (cmd == RTM_ADD)
190  		rt.rt_flags |= RTF_UP;
191  	fibnum = V_rt_add_addr_allfibs ? RT_ALL_FIBS : ia62ifa(ia)->ifa_ifp->if_fib;
192  	/* Announce arrival of local address to this FIB. */
193  	rt_newaddrmsg_fib(cmd, &ia->ia_ifa, 0, &rt, fibnum);
194  }
195  
196  int
197  in6_mask2len(struct in6_addr *mask, u_char *lim0)
198  {
199  	int x = 0, y;
200  	u_char *lim = lim0, *p;
201  
202  	/* ignore the scope_id part */
203  	if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
204  		lim = (u_char *)mask + sizeof(*mask);
205  	for (p = (u_char *)mask; p < lim; x++, p++) {
206  		if (*p != 0xff)
207  			break;
208  	}
209  	y = 0;
210  	if (p < lim) {
211  		for (y = 0; y < 8; y++) {
212  			if ((*p & (0x80 >> y)) == 0)
213  				break;
214  		}
215  	}
216  
217  	/*
218  	 * when the limit pointer is given, do a stricter check on the
219  	 * remaining bits.
220  	 */
221  	if (p < lim) {
222  		if (y != 0 && (*p & (0x00ff >> y)) != 0)
223  			return (-1);
224  		for (p = p + 1; p < lim; p++)
225  			if (*p != 0)
226  				return (-1);
227  	}
228  
229  	return x * 8 + y;
230  }
231  
232  #ifdef COMPAT_FREEBSD32
233  struct in6_ndifreq32 {
234  	char ifname[IFNAMSIZ];
235  	uint32_t ifindex;
236  };
237  #define	SIOCGDEFIFACE32_IN6	_IOWR('i', 86, struct in6_ndifreq32)
238  #endif
239  
240  int
241  in6_control(struct socket *so, u_long cmd, caddr_t data,
242      struct ifnet *ifp, struct thread *td)
243  {
244  	struct	in6_ifreq *ifr = (struct in6_ifreq *)data;
245  	struct	in6_ifaddr *ia = NULL;
246  	struct	in6_aliasreq *ifra = (struct in6_aliasreq *)data;
247  	struct sockaddr_in6 *sa6;
248  	int carp_attached = 0;
249  	int error;
250  	u_long ocmd = cmd;
251  
252  	/*
253  	 * Compat to make pre-10.x ifconfig(8) operable.
254  	 */
255  	if (cmd == OSIOCAIFADDR_IN6)
256  		cmd = SIOCAIFADDR_IN6;
257  
258  	switch (cmd) {
259  	case SIOCGETSGCNT_IN6:
260  	case SIOCGETMIFCNT_IN6:
261  		/*
262  		 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c.
263  		 * We cannot see how that would be needed, so do not adjust the
264  		 * KPI blindly; more likely should clean up the IPv4 variant.
265  		 */
266  		return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP);
267  	}
268  
269  	switch (cmd) {
270  	case SIOCAADDRCTL_POLICY:
271  	case SIOCDADDRCTL_POLICY:
272  		if (td != NULL) {
273  			error = priv_check(td, PRIV_NETINET_ADDRCTRL6);
274  			if (error)
275  				return (error);
276  		}
277  		return (in6_src_ioctl(cmd, data));
278  	}
279  
280  	if (ifp == NULL)
281  		return (EOPNOTSUPP);
282  
283  	switch (cmd) {
284  	case SIOCSNDFLUSH_IN6:
285  	case SIOCSPFXFLUSH_IN6:
286  	case SIOCSRTRFLUSH_IN6:
287  	case SIOCSDEFIFACE_IN6:
288  	case SIOCSIFINFO_FLAGS:
289  	case SIOCSIFINFO_IN6:
290  		if (td != NULL) {
291  			error = priv_check(td, PRIV_NETINET_ND6);
292  			if (error)
293  				return (error);
294  		}
295  		/* FALLTHROUGH */
296  	case OSIOCGIFINFO_IN6:
297  	case SIOCGIFINFO_IN6:
298  	case SIOCGNBRINFO_IN6:
299  	case SIOCGDEFIFACE_IN6:
300  		return (nd6_ioctl(cmd, data, ifp));
301  
302  #ifdef COMPAT_FREEBSD32
303  	case SIOCGDEFIFACE32_IN6:
304  		{
305  			struct in6_ndifreq ndif;
306  			struct in6_ndifreq32 *ndif32;
307  
308  			error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif,
309  			    ifp);
310  			if (error)
311  				return (error);
312  			ndif32 = (struct in6_ndifreq32 *)data;
313  			ndif32->ifindex = ndif.ifindex;
314  			return (0);
315  		}
316  #endif
317  	}
318  
319  	switch (cmd) {
320  	case SIOCSIFPREFIX_IN6:
321  	case SIOCDIFPREFIX_IN6:
322  	case SIOCAIFPREFIX_IN6:
323  	case SIOCCIFPREFIX_IN6:
324  	case SIOCSGIFPREFIX_IN6:
325  	case SIOCGIFPREFIX_IN6:
326  		log(LOG_NOTICE,
327  		    "prefix ioctls are now invalidated. "
328  		    "please use ifconfig.\n");
329  		return (EOPNOTSUPP);
330  	}
331  
332  	switch (cmd) {
333  	case SIOCSSCOPE6:
334  		if (td != NULL) {
335  			error = priv_check(td, PRIV_NETINET_SCOPE6);
336  			if (error)
337  				return (error);
338  		}
339  		/* FALLTHROUGH */
340  	case SIOCGSCOPE6:
341  	case SIOCGSCOPE6DEF:
342  		return (scope6_ioctl(cmd, data, ifp));
343  	}
344  
345  	/*
346  	 * Find address for this interface, if it exists.
347  	 *
348  	 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
349  	 * only, and used the first interface address as the target of other
350  	 * operations (without checking ifra_addr).  This was because netinet
351  	 * code/API assumed at most 1 interface address per interface.
352  	 * Since IPv6 allows a node to assign multiple addresses
353  	 * on a single interface, we almost always look and check the
354  	 * presence of ifra_addr, and reject invalid ones here.
355  	 * It also decreases duplicated code among SIOC*_IN6 operations.
356  	 */
357  	switch (cmd) {
358  	case SIOCAIFADDR_IN6:
359  	case SIOCSIFPHYADDR_IN6:
360  		sa6 = &ifra->ifra_addr;
361  		break;
362  	case SIOCSIFADDR_IN6:
363  	case SIOCGIFADDR_IN6:
364  	case SIOCSIFDSTADDR_IN6:
365  	case SIOCSIFNETMASK_IN6:
366  	case SIOCGIFDSTADDR_IN6:
367  	case SIOCGIFNETMASK_IN6:
368  	case SIOCDIFADDR_IN6:
369  	case SIOCGIFPSRCADDR_IN6:
370  	case SIOCGIFPDSTADDR_IN6:
371  	case SIOCGIFAFLAG_IN6:
372  	case SIOCSNDFLUSH_IN6:
373  	case SIOCSPFXFLUSH_IN6:
374  	case SIOCSRTRFLUSH_IN6:
375  	case SIOCGIFALIFETIME_IN6:
376  	case SIOCGIFSTAT_IN6:
377  	case SIOCGIFSTAT_ICMP6:
378  		sa6 = &ifr->ifr_addr;
379  		break;
380  	case SIOCSIFADDR:
381  	case SIOCSIFBRDADDR:
382  	case SIOCSIFDSTADDR:
383  	case SIOCSIFNETMASK:
384  		/*
385  		 * Although we should pass any non-INET6 ioctl requests
386  		 * down to driver, we filter some legacy INET requests.
387  		 * Drivers trust SIOCSIFADDR et al to come from an already
388  		 * privileged layer, and do not perform any credentials
389  		 * checks or input validation.
390  		 */
391  		return (EINVAL);
392  	default:
393  		sa6 = NULL;
394  		break;
395  	}
396  	if (sa6 && sa6->sin6_family == AF_INET6) {
397  		if (sa6->sin6_scope_id != 0)
398  			error = sa6_embedscope(sa6, 0);
399  		else
400  			error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
401  		if (error != 0)
402  			return (error);
403  		if (td != NULL && (error = prison_check_ip6(td->td_ucred,
404  		    &sa6->sin6_addr)) != 0)
405  			return (error);
406  		ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
407  	} else
408  		ia = NULL;
409  
410  	switch (cmd) {
411  	case SIOCSIFADDR_IN6:
412  	case SIOCSIFDSTADDR_IN6:
413  	case SIOCSIFNETMASK_IN6:
414  		/*
415  		 * Since IPv6 allows a node to assign multiple addresses
416  		 * on a single interface, SIOCSIFxxx ioctls are deprecated.
417  		 */
418  		/* we decided to obsolete this command (20000704) */
419  		error = EINVAL;
420  		goto out;
421  
422  	case SIOCDIFADDR_IN6:
423  		/*
424  		 * for IPv4, we look for existing in_ifaddr here to allow
425  		 * "ifconfig if0 delete" to remove the first IPv4 address on
426  		 * the interface.  For IPv6, as the spec allows multiple
427  		 * interface address from the day one, we consider "remove the
428  		 * first one" semantics to be not preferable.
429  		 */
430  		if (ia == NULL) {
431  			error = EADDRNOTAVAIL;
432  			goto out;
433  		}
434  		/* FALLTHROUGH */
435  	case SIOCAIFADDR_IN6:
436  		/*
437  		 * We always require users to specify a valid IPv6 address for
438  		 * the corresponding operation.
439  		 */
440  		if (ifra->ifra_addr.sin6_family != AF_INET6 ||
441  		    ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
442  			error = EAFNOSUPPORT;
443  			goto out;
444  		}
445  
446  		if (td != NULL) {
447  			error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ?
448  			    PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
449  			if (error)
450  				goto out;
451  		}
452  		/* FALLTHROUGH */
453  	case SIOCGIFSTAT_IN6:
454  	case SIOCGIFSTAT_ICMP6:
455  		if (ifp->if_afdata[AF_INET6] == NULL) {
456  			error = EPFNOSUPPORT;
457  			goto out;
458  		}
459  		break;
460  
461  	case SIOCGIFADDR_IN6:
462  		/* This interface is basically deprecated. use SIOCGIFCONF. */
463  		/* FALLTHROUGH */
464  	case SIOCGIFAFLAG_IN6:
465  	case SIOCGIFNETMASK_IN6:
466  	case SIOCGIFDSTADDR_IN6:
467  	case SIOCGIFALIFETIME_IN6:
468  		/* must think again about its semantics */
469  		if (ia == NULL) {
470  			error = EADDRNOTAVAIL;
471  			goto out;
472  		}
473  		break;
474  	}
475  
476  	switch (cmd) {
477  	case SIOCGIFADDR_IN6:
478  		ifr->ifr_addr = ia->ia_addr;
479  		if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
480  			goto out;
481  		break;
482  
483  	case SIOCGIFDSTADDR_IN6:
484  		if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
485  			error = EINVAL;
486  			goto out;
487  		}
488  		ifr->ifr_dstaddr = ia->ia_dstaddr;
489  		if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0)
490  			goto out;
491  		break;
492  
493  	case SIOCGIFNETMASK_IN6:
494  		ifr->ifr_addr = ia->ia_prefixmask;
495  		break;
496  
497  	case SIOCGIFAFLAG_IN6:
498  		ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
499  		break;
500  
501  	case SIOCGIFSTAT_IN6:
502  		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
503  		    ifp->if_afdata[AF_INET6])->in6_ifstat,
504  		    &ifr->ifr_ifru.ifru_stat,
505  		    sizeof(struct in6_ifstat) / sizeof(uint64_t));
506  		break;
507  
508  	case SIOCGIFSTAT_ICMP6:
509  		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
510  		    ifp->if_afdata[AF_INET6])->icmp6_ifstat,
511  		    &ifr->ifr_ifru.ifru_icmp6stat,
512  		    sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
513  		break;
514  
515  	case SIOCGIFALIFETIME_IN6:
516  		ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
517  		if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
518  			time_t maxexpire;
519  			struct in6_addrlifetime *retlt =
520  			    &ifr->ifr_ifru.ifru_lifetime;
521  
522  			/*
523  			 * XXX: adjust expiration time assuming time_t is
524  			 * signed.
525  			 */
526  			maxexpire = (-1) &
527  			    ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
528  			if (ia->ia6_lifetime.ia6t_vltime <
529  			    maxexpire - ia->ia6_updatetime) {
530  				retlt->ia6t_expire = ia->ia6_updatetime +
531  				    ia->ia6_lifetime.ia6t_vltime;
532  			} else
533  				retlt->ia6t_expire = maxexpire;
534  		}
535  		if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
536  			time_t maxexpire;
537  			struct in6_addrlifetime *retlt =
538  			    &ifr->ifr_ifru.ifru_lifetime;
539  
540  			/*
541  			 * XXX: adjust expiration time assuming time_t is
542  			 * signed.
543  			 */
544  			maxexpire = (-1) &
545  			    ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
546  			if (ia->ia6_lifetime.ia6t_pltime <
547  			    maxexpire - ia->ia6_updatetime) {
548  				retlt->ia6t_preferred = ia->ia6_updatetime +
549  				    ia->ia6_lifetime.ia6t_pltime;
550  			} else
551  				retlt->ia6t_preferred = maxexpire;
552  		}
553  		break;
554  
555  	case SIOCAIFADDR_IN6:
556  	{
557  		struct nd_prefixctl pr0;
558  		struct nd_prefix *pr;
559  
560  		/*
561  		 * first, make or update the interface address structure,
562  		 * and link it to the list.
563  		 */
564  		if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0)
565  			goto out;
566  		if (ia != NULL) {
567  			if (ia->ia_ifa.ifa_carp)
568  				(*carp_detach_p)(&ia->ia_ifa, true);
569  			ifa_free(&ia->ia_ifa);
570  		}
571  		if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
572  		    == NULL) {
573  			/*
574  			 * this can happen when the user specify the 0 valid
575  			 * lifetime.
576  			 */
577  			break;
578  		}
579  
580  		if (cmd == ocmd && ifra->ifra_vhid > 0) {
581  			if (carp_attach_p != NULL)
582  				error = (*carp_attach_p)(&ia->ia_ifa,
583  				    ifra->ifra_vhid);
584  			else
585  				error = EPROTONOSUPPORT;
586  			if (error)
587  				goto out;
588  			else
589  				carp_attached = 1;
590  		}
591  
592  		/*
593  		 * then, make the prefix on-link on the interface.
594  		 * XXX: we'd rather create the prefix before the address, but
595  		 * we need at least one address to install the corresponding
596  		 * interface route, so we configure the address first.
597  		 */
598  
599  		/*
600  		 * convert mask to prefix length (prefixmask has already
601  		 * been validated in in6_update_ifa().
602  		 */
603  		bzero(&pr0, sizeof(pr0));
604  		pr0.ndpr_ifp = ifp;
605  		pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
606  		    NULL);
607  		if (pr0.ndpr_plen == 128) {
608  			/* we don't need to install a host route. */
609  			goto aifaddr_out;
610  		}
611  		pr0.ndpr_prefix = ifra->ifra_addr;
612  		/* apply the mask for safety. */
613  		IN6_MASK_ADDR(&pr0.ndpr_prefix.sin6_addr,
614  		    &ifra->ifra_prefixmask.sin6_addr);
615  
616  		/*
617  		 * XXX: since we don't have an API to set prefix (not address)
618  		 * lifetimes, we just use the same lifetimes as addresses.
619  		 * The (temporarily) installed lifetimes can be overridden by
620  		 * later advertised RAs (when accept_rtadv is non 0), which is
621  		 * an intended behavior.
622  		 */
623  		pr0.ndpr_raf_onlink = 1; /* should be configurable? */
624  		pr0.ndpr_raf_auto =
625  		    ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
626  		pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
627  		pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
628  
629  		/* add the prefix if not yet. */
630  		if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
631  			/*
632  			 * nd6_prelist_add will install the corresponding
633  			 * interface route.
634  			 */
635  			if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) {
636  				if (carp_attached)
637  					(*carp_detach_p)(&ia->ia_ifa, false);
638  				goto out;
639  			}
640  		}
641  
642  		/* relate the address to the prefix */
643  		if (ia->ia6_ndpr == NULL) {
644  			ia->ia6_ndpr = pr;
645  			pr->ndpr_addrcnt++;
646  
647  			/*
648  			 * If this is the first autoconf address from the
649  			 * prefix, create a temporary address as well
650  			 * (when required).
651  			 */
652  			if ((ia->ia6_flags & IN6_IFF_AUTOCONF) &&
653  			    V_ip6_use_tempaddr && pr->ndpr_addrcnt == 1) {
654  				int e;
655  				if ((e = in6_tmpifadd(ia, 1, 0)) != 0) {
656  					log(LOG_NOTICE, "in6_control: failed "
657  					    "to create a temporary address, "
658  					    "errno=%d\n", e);
659  				}
660  			}
661  		}
662  		nd6_prefix_rele(pr);
663  
664  		/*
665  		 * this might affect the status of autoconfigured addresses,
666  		 * that is, this address might make other addresses detached.
667  		 */
668  		pfxlist_onlink_check();
669  
670  aifaddr_out:
671  		/*
672  		 * Try to clear the flag when a new IPv6 address is added
673  		 * onto an IFDISABLED interface and it succeeds.
674  		 */
675  		if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
676  			struct in6_ndireq nd;
677  
678  			memset(&nd, 0, sizeof(nd));
679  			nd.ndi.flags = ND_IFINFO(ifp)->flags;
680  			nd.ndi.flags &= ~ND6_IFF_IFDISABLED;
681  			if (nd6_ioctl(SIOCSIFINFO_FLAGS, (caddr_t)&nd, ifp) < 0)
682  				log(LOG_NOTICE, "SIOCAIFADDR_IN6: "
683  				    "SIOCSIFINFO_FLAGS for -ifdisabled "
684  				    "failed.");
685  			/*
686  			 * Ignore failure of clearing the flag intentionally.
687  			 * The failure means address duplication was detected.
688  			 */
689  		}
690  		break;
691  	}
692  
693  	case SIOCDIFADDR_IN6:
694  	{
695  		struct nd_prefix *pr;
696  
697  		/*
698  		 * If the address being deleted is the only one that owns
699  		 * the corresponding prefix, expire the prefix as well.
700  		 * XXX: theoretically, we don't have to worry about such
701  		 * relationship, since we separate the address management
702  		 * and the prefix management.  We do this, however, to provide
703  		 * as much backward compatibility as possible in terms of
704  		 * the ioctl operation.
705  		 * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
706  		 */
707  		pr = ia->ia6_ndpr;
708  		in6_purgeaddr(&ia->ia_ifa);
709  		if (pr != NULL && pr->ndpr_addrcnt == 0) {
710  			ND6_WLOCK();
711  			nd6_prefix_unlink(pr, NULL);
712  			ND6_WUNLOCK();
713  			nd6_prefix_del(pr);
714  		}
715  		EVENTHANDLER_INVOKE(ifaddr_event, ifp);
716  		break;
717  	}
718  
719  	default:
720  		if (ifp->if_ioctl == NULL) {
721  			error = EOPNOTSUPP;
722  			goto out;
723  		}
724  		error = (*ifp->if_ioctl)(ifp, cmd, data);
725  		goto out;
726  	}
727  
728  	error = 0;
729  out:
730  	if (ia != NULL)
731  		ifa_free(&ia->ia_ifa);
732  	return (error);
733  }
734  
735  
736  static struct in6_multi_mship *
737  in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr,
738      int *errorp, int delay)
739  {
740  	struct in6_multi_mship *imm;
741  	int error;
742  
743  	imm = malloc(sizeof(*imm), M_IP6MADDR, M_NOWAIT);
744  	if (imm == NULL) {
745  		*errorp = ENOBUFS;
746  		return (NULL);
747  	}
748  
749  	delay = (delay * PR_FASTHZ) / hz;
750  
751  	error = in6_joingroup(ifp, mcaddr, NULL, &imm->i6mm_maddr, delay);
752  	if (error) {
753  		*errorp = error;
754  		free(imm, M_IP6MADDR);
755  		return (NULL);
756  	}
757  
758  	return (imm);
759  }
760  /*
761   * Join necessary multicast groups.  Factored out from in6_update_ifa().
762   * This entire work should only be done once, for the default FIB.
763   */
764  static int
765  in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra,
766      struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol)
767  {
768  	char ip6buf[INET6_ADDRSTRLEN];
769  	struct in6_addr mltaddr;
770  	struct in6_multi_mship *imm;
771  	int delay, error;
772  
773  	KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__));
774  
775  	/* Join solicited multicast addr for new host id. */
776  	bzero(&mltaddr, sizeof(struct in6_addr));
777  	mltaddr.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
778  	mltaddr.s6_addr32[2] = htonl(1);
779  	mltaddr.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3];
780  	mltaddr.s6_addr8[12] = 0xff;
781  	if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0) {
782  		/* XXX: should not happen */
783  		log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
784  		goto cleanup;
785  	}
786  	delay = error = 0;
787  	if ((flags & IN6_IFAUPDATE_DADDELAY)) {
788  		/*
789  		 * We need a random delay for DAD on the address being
790  		 * configured.  It also means delaying transmission of the
791  		 * corresponding MLD report to avoid report collision.
792  		 * [RFC 4861, Section 6.3.7]
793  		 */
794  		delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
795  	}
796  	imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
797  	if (imm == NULL) {
798  		nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
799  		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr),
800  		    if_name(ifp), error));
801  		goto cleanup;
802  	}
803  	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
804  	*in6m_sol = imm->i6mm_maddr;
805  
806  	/*
807  	 * Join link-local all-nodes address.
808  	 */
809  	mltaddr = in6addr_linklocal_allnodes;
810  	if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0)
811  		goto cleanup; /* XXX: should not fail */
812  
813  	imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0);
814  	if (imm == NULL) {
815  		nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
816  		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr),
817  		    if_name(ifp), error));
818  		goto cleanup;
819  	}
820  	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
821  
822  	/*
823  	 * Join node information group address.
824  	 */
825  	delay = 0;
826  	if ((flags & IN6_IFAUPDATE_DADDELAY)) {
827  		/*
828  		 * The spec does not say anything about delay for this group,
829  		 * but the same logic should apply.
830  		 */
831  		delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
832  	}
833  	if (in6_nigroup(ifp, NULL, -1, &mltaddr) == 0) {
834  		/* XXX jinmei */
835  		imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
836  		if (imm == NULL)
837  			nd6log((LOG_WARNING,
838  			    "%s: in6_joingroup failed for %s on %s "
839  			    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
840  			    &mltaddr), if_name(ifp), error));
841  			/* XXX not very fatal, go on... */
842  		else
843  			LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
844  	}
845  	if (V_icmp6_nodeinfo_oldmcprefix &&
846  	    in6_nigroup_oldmcprefix(ifp, NULL, -1, &mltaddr) == 0) {
847  		imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
848  		if (imm == NULL)
849  			nd6log((LOG_WARNING,
850  			    "%s: in6_joingroup failed for %s on %s "
851  			    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
852  			    &mltaddr), if_name(ifp), error));
853  			/* XXX not very fatal, go on... */
854  		else
855  			LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
856  	}
857  
858  	/*
859  	 * Join interface-local all-nodes address.
860  	 * (ff01::1%ifN, and ff01::%ifN/32)
861  	 */
862  	mltaddr = in6addr_nodelocal_allnodes;
863  	if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0)
864  		goto cleanup; /* XXX: should not fail */
865  
866  	imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0);
867  	if (imm == NULL) {
868  		nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
869  		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
870  		    &mltaddr), if_name(ifp), error));
871  		goto cleanup;
872  	}
873  	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
874  
875  cleanup:
876  	return (error);
877  }
878  
879  /*
880   * Update parameters of an IPv6 interface address.
881   * If necessary, a new entry is created and linked into address chains.
882   * This function is separated from in6_control().
883   */
884  int
885  in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
886      struct in6_ifaddr *ia, int flags)
887  {
888  	int error, hostIsNew = 0;
889  
890  	if ((error = in6_validate_ifra(ifp, ifra, ia, flags)) != 0)
891  		return (error);
892  
893  	if (ia == NULL) {
894  		hostIsNew = 1;
895  		if ((ia = in6_alloc_ifa(ifp, ifra, flags)) == NULL)
896  			return (ENOBUFS);
897  	}
898  
899  	error = in6_update_ifa_internal(ifp, ifra, ia, hostIsNew, flags);
900  	if (error != 0) {
901  		if (hostIsNew != 0) {
902  			in6_unlink_ifa(ia, ifp);
903  			ifa_free(&ia->ia_ifa);
904  		}
905  		return (error);
906  	}
907  
908  	if (hostIsNew)
909  		error = in6_broadcast_ifa(ifp, ifra, ia, flags);
910  
911  	return (error);
912  }
913  
914  /*
915   * Fill in basic IPv6 address request info.
916   */
917  void
918  in6_prepare_ifra(struct in6_aliasreq *ifra, const struct in6_addr *addr,
919      const struct in6_addr *mask)
920  {
921  
922  	memset(ifra, 0, sizeof(struct in6_aliasreq));
923  
924  	ifra->ifra_addr.sin6_family = AF_INET6;
925  	ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
926  	if (addr != NULL)
927  		ifra->ifra_addr.sin6_addr = *addr;
928  
929  	ifra->ifra_prefixmask.sin6_family = AF_INET6;
930  	ifra->ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
931  	if (mask != NULL)
932  		ifra->ifra_prefixmask.sin6_addr = *mask;
933  }
934  
935  static int
936  in6_validate_ifra(struct ifnet *ifp, struct in6_aliasreq *ifra,
937      struct in6_ifaddr *ia, int flags)
938  {
939  	int plen = -1;
940  	struct sockaddr_in6 dst6;
941  	struct in6_addrlifetime *lt;
942  	char ip6buf[INET6_ADDRSTRLEN];
943  
944  	/* Validate parameters */
945  	if (ifp == NULL || ifra == NULL) /* this maybe redundant */
946  		return (EINVAL);
947  
948  	/*
949  	 * The destination address for a p2p link must have a family
950  	 * of AF_UNSPEC or AF_INET6.
951  	 */
952  	if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
953  	    ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
954  	    ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
955  		return (EAFNOSUPPORT);
956  
957  	/*
958  	 * Validate address
959  	 */
960  	if (ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6) ||
961  	    ifra->ifra_addr.sin6_family != AF_INET6)
962  		return (EINVAL);
963  
964  	/*
965  	 * validate ifra_prefixmask.  don't check sin6_family, netmask
966  	 * does not carry fields other than sin6_len.
967  	 */
968  	if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
969  		return (EINVAL);
970  	/*
971  	 * Because the IPv6 address architecture is classless, we require
972  	 * users to specify a (non 0) prefix length (mask) for a new address.
973  	 * We also require the prefix (when specified) mask is valid, and thus
974  	 * reject a non-consecutive mask.
975  	 */
976  	if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
977  		return (EINVAL);
978  	if (ifra->ifra_prefixmask.sin6_len != 0) {
979  		plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
980  		    (u_char *)&ifra->ifra_prefixmask +
981  		    ifra->ifra_prefixmask.sin6_len);
982  		if (plen <= 0)
983  			return (EINVAL);
984  	} else {
985  		/*
986  		 * In this case, ia must not be NULL.  We just use its prefix
987  		 * length.
988  		 */
989  		plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
990  	}
991  	/*
992  	 * If the destination address on a p2p interface is specified,
993  	 * and the address is a scoped one, validate/set the scope
994  	 * zone identifier.
995  	 */
996  	dst6 = ifra->ifra_dstaddr;
997  	if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 &&
998  	    (dst6.sin6_family == AF_INET6)) {
999  		struct in6_addr in6_tmp;
1000  		u_int32_t zoneid;
1001  
1002  		in6_tmp = dst6.sin6_addr;
1003  		if (in6_setscope(&in6_tmp, ifp, &zoneid))
1004  			return (EINVAL); /* XXX: should be impossible */
1005  
1006  		if (dst6.sin6_scope_id != 0) {
1007  			if (dst6.sin6_scope_id != zoneid)
1008  				return (EINVAL);
1009  		} else		/* user omit to specify the ID. */
1010  			dst6.sin6_scope_id = zoneid;
1011  
1012  		/* convert into the internal form */
1013  		if (sa6_embedscope(&dst6, 0))
1014  			return (EINVAL); /* XXX: should be impossible */
1015  	}
1016  	/* Modify original ifra_dstaddr to reflect changes */
1017  	ifra->ifra_dstaddr = dst6;
1018  
1019  	/*
1020  	 * The destination address can be specified only for a p2p or a
1021  	 * loopback interface.  If specified, the corresponding prefix length
1022  	 * must be 128.
1023  	 */
1024  	if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
1025  		if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
1026  			/* XXX: noisy message */
1027  			nd6log((LOG_INFO, "in6_update_ifa: a destination can "
1028  			    "be specified for a p2p or a loopback IF only\n"));
1029  			return (EINVAL);
1030  		}
1031  		if (plen != 128) {
1032  			nd6log((LOG_INFO, "in6_update_ifa: prefixlen should "
1033  			    "be 128 when dstaddr is specified\n"));
1034  			return (EINVAL);
1035  		}
1036  	}
1037  	/* lifetime consistency check */
1038  	lt = &ifra->ifra_lifetime;
1039  	if (lt->ia6t_pltime > lt->ia6t_vltime)
1040  		return (EINVAL);
1041  	if (lt->ia6t_vltime == 0) {
1042  		/*
1043  		 * the following log might be noisy, but this is a typical
1044  		 * configuration mistake or a tool's bug.
1045  		 */
1046  		nd6log((LOG_INFO,
1047  		    "in6_update_ifa: valid lifetime is 0 for %s\n",
1048  		    ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr)));
1049  
1050  		if (ia == NULL)
1051  			return (0); /* there's nothing to do */
1052  	}
1053  
1054  	/* Check prefix mask */
1055  	if (ia != NULL && ifra->ifra_prefixmask.sin6_len != 0) {
1056  		/*
1057  		 * We prohibit changing the prefix length of an existing
1058  		 * address, because
1059  		 * + such an operation should be rare in IPv6, and
1060  		 * + the operation would confuse prefix management.
1061  		 */
1062  		if (ia->ia_prefixmask.sin6_len != 0 &&
1063  		    in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
1064  			nd6log((LOG_INFO, "in6_validate_ifa: the prefix length "
1065  			    "of an existing %s address should not be changed\n",
1066  			    ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1067  
1068  			return (EINVAL);
1069  		}
1070  	}
1071  
1072  	return (0);
1073  }
1074  
1075  
1076  /*
1077   * Allocate a new ifaddr and link it into chains.
1078   */
1079  static struct in6_ifaddr *
1080  in6_alloc_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int flags)
1081  {
1082  	struct in6_ifaddr *ia;
1083  
1084  	/*
1085  	 * When in6_alloc_ifa() is called in a process of a received
1086  	 * RA, it is called under an interrupt context.  So, we should
1087  	 * call malloc with M_NOWAIT.
1088  	 */
1089  	ia = (struct in6_ifaddr *)ifa_alloc(sizeof(*ia), M_NOWAIT);
1090  	if (ia == NULL)
1091  		return (NULL);
1092  	LIST_INIT(&ia->ia6_memberships);
1093  	/* Initialize the address and masks, and put time stamp */
1094  	ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
1095  	ia->ia_addr.sin6_family = AF_INET6;
1096  	ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
1097  	/* XXX: Can we assign ,sin6_addr and skip the rest? */
1098  	ia->ia_addr = ifra->ifra_addr;
1099  	ia->ia6_createtime = time_uptime;
1100  	if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
1101  		/*
1102  		 * Some functions expect that ifa_dstaddr is not
1103  		 * NULL for p2p interfaces.
1104  		 */
1105  		ia->ia_ifa.ifa_dstaddr =
1106  		    (struct sockaddr *)&ia->ia_dstaddr;
1107  	} else {
1108  		ia->ia_ifa.ifa_dstaddr = NULL;
1109  	}
1110  
1111  	/* set prefix mask if any */
1112  	ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
1113  	if (ifra->ifra_prefixmask.sin6_len != 0) {
1114  		ia->ia_prefixmask.sin6_family = AF_INET6;
1115  		ia->ia_prefixmask.sin6_len = ifra->ifra_prefixmask.sin6_len;
1116  		ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
1117  	}
1118  
1119  	ia->ia_ifp = ifp;
1120  	ifa_ref(&ia->ia_ifa);			/* if_addrhead */
1121  	IF_ADDR_WLOCK(ifp);
1122  	CK_STAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link);
1123  	IF_ADDR_WUNLOCK(ifp);
1124  
1125  	ifa_ref(&ia->ia_ifa);			/* in6_ifaddrhead */
1126  	IN6_IFADDR_WLOCK();
1127  	CK_STAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link);
1128  	CK_LIST_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
1129  	IN6_IFADDR_WUNLOCK();
1130  
1131  	return (ia);
1132  }
1133  
1134  /*
1135   * Update/configure interface address parameters:
1136   *
1137   * 1) Update lifetime
1138   * 2) Update interface metric ad flags
1139   * 3) Notify other subsystems
1140   */
1141  static int
1142  in6_update_ifa_internal(struct ifnet *ifp, struct in6_aliasreq *ifra,
1143      struct in6_ifaddr *ia, int hostIsNew, int flags)
1144  {
1145  	int error;
1146  
1147  	/* update timestamp */
1148  	ia->ia6_updatetime = time_uptime;
1149  
1150  	/*
1151  	 * Set lifetimes.  We do not refer to ia6t_expire and ia6t_preferred
1152  	 * to see if the address is deprecated or invalidated, but initialize
1153  	 * these members for applications.
1154  	 */
1155  	ia->ia6_lifetime = ifra->ifra_lifetime;
1156  	if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1157  		ia->ia6_lifetime.ia6t_expire =
1158  		    time_uptime + ia->ia6_lifetime.ia6t_vltime;
1159  	} else
1160  		ia->ia6_lifetime.ia6t_expire = 0;
1161  	if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1162  		ia->ia6_lifetime.ia6t_preferred =
1163  		    time_uptime + ia->ia6_lifetime.ia6t_pltime;
1164  	} else
1165  		ia->ia6_lifetime.ia6t_preferred = 0;
1166  
1167  	/*
1168  	 * backward compatibility - if IN6_IFF_DEPRECATED is set from the
1169  	 * userland, make it deprecated.
1170  	 */
1171  	if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
1172  		ia->ia6_lifetime.ia6t_pltime = 0;
1173  		ia->ia6_lifetime.ia6t_preferred = time_uptime;
1174  	}
1175  
1176  	/*
1177  	 * configure address flags.
1178  	 */
1179  	ia->ia6_flags = ifra->ifra_flags;
1180  
1181  	/*
1182  	 * Make the address tentative before joining multicast addresses,
1183  	 * so that corresponding MLD responses would not have a tentative
1184  	 * source address.
1185  	 */
1186  	ia->ia6_flags &= ~IN6_IFF_DUPLICATED;	/* safety */
1187  
1188  	/*
1189  	 * DAD should be performed for an new address or addresses on
1190  	 * an interface with ND6_IFF_IFDISABLED.
1191  	 */
1192  	if (in6if_do_dad(ifp) &&
1193  	    (hostIsNew || (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)))
1194  		ia->ia6_flags |= IN6_IFF_TENTATIVE;
1195  
1196  	/* notify other subsystems */
1197  	error = in6_notify_ifa(ifp, ia, ifra, hostIsNew);
1198  
1199  	return (error);
1200  }
1201  
1202  /*
1203   * Do link-level ifa job:
1204   * 1) Add lle entry for added address
1205   * 2) Notifies routing socket users about new address
1206   * 3) join appropriate multicast group
1207   * 4) start DAD if enabled
1208   */
1209  static int
1210  in6_broadcast_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
1211      struct in6_ifaddr *ia, int flags)
1212  {
1213  	struct in6_multi *in6m_sol;
1214  	int error = 0;
1215  
1216  	/* Add local address to lltable, if necessary (ex. on p2p link). */
1217  	if ((error = nd6_add_ifa_lle(ia)) != 0) {
1218  		in6_purgeaddr(&ia->ia_ifa);
1219  		ifa_free(&ia->ia_ifa);
1220  		return (error);
1221  	}
1222  
1223  	/* Join necessary multicast groups. */
1224  	in6m_sol = NULL;
1225  	if ((ifp->if_flags & IFF_MULTICAST) != 0) {
1226  		error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol);
1227  		if (error != 0) {
1228  			in6_purgeaddr(&ia->ia_ifa);
1229  			ifa_free(&ia->ia_ifa);
1230  			return (error);
1231  		}
1232  	}
1233  
1234  	/* Perform DAD, if the address is TENTATIVE. */
1235  	if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1236  		int delay, mindelay, maxdelay;
1237  
1238  		delay = 0;
1239  		if ((flags & IN6_IFAUPDATE_DADDELAY)) {
1240  			/*
1241  			 * We need to impose a delay before sending an NS
1242  			 * for DAD.  Check if we also needed a delay for the
1243  			 * corresponding MLD message.  If we did, the delay
1244  			 * should be larger than the MLD delay (this could be
1245  			 * relaxed a bit, but this simple logic is at least
1246  			 * safe).
1247  			 * XXX: Break data hiding guidelines and look at
1248  			 * state for the solicited multicast group.
1249  			 */
1250  			mindelay = 0;
1251  			if (in6m_sol != NULL &&
1252  			    in6m_sol->in6m_state == MLD_REPORTING_MEMBER) {
1253  				mindelay = in6m_sol->in6m_timer;
1254  			}
1255  			maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
1256  			if (maxdelay - mindelay == 0)
1257  				delay = 0;
1258  			else {
1259  				delay =
1260  				    (arc4random() % (maxdelay - mindelay)) +
1261  				    mindelay;
1262  			}
1263  		}
1264  		nd6_dad_start((struct ifaddr *)ia, delay);
1265  	}
1266  
1267  	in6_newaddrmsg(ia, RTM_ADD);
1268  	ifa_free(&ia->ia_ifa);
1269  	return (error);
1270  }
1271  
1272  void
1273  in6_purgeaddr(struct ifaddr *ifa)
1274  {
1275  	struct ifnet *ifp = ifa->ifa_ifp;
1276  	struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
1277  	struct in6_multi_mship *imm;
1278  	int plen, error;
1279  
1280  	if (ifa->ifa_carp)
1281  		(*carp_detach_p)(ifa, false);
1282  
1283  	/*
1284  	 * Remove the loopback route to the interface address.
1285  	 * The check for the current setting of "nd6_useloopback"
1286  	 * is not needed.
1287  	 */
1288  	if (ia->ia_flags & IFA_RTSELF) {
1289  		error = ifa_del_loopback_route((struct ifaddr *)ia,
1290  		    (struct sockaddr *)&ia->ia_addr);
1291  		if (error == 0)
1292  			ia->ia_flags &= ~IFA_RTSELF;
1293  	}
1294  
1295  	/* stop DAD processing */
1296  	nd6_dad_stop(ifa);
1297  
1298  	/* Leave multicast groups. */
1299  	while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) {
1300  		LIST_REMOVE(imm, i6mm_chain);
1301  		if (imm->i6mm_maddr != NULL)
1302  			in6_leavegroup(imm->i6mm_maddr, NULL);
1303  		free(imm, M_IP6MADDR);
1304  	}
1305  	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1306  	if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
1307  		error = rtinit(&(ia->ia_ifa), RTM_DELETE, ia->ia_flags |
1308  		    (ia->ia_dstaddr.sin6_family == AF_INET6 ? RTF_HOST : 0));
1309  		if (error != 0)
1310  			log(LOG_INFO, "%s: err=%d, destination address delete "
1311  			    "failed\n", __func__, error);
1312  		ia->ia_flags &= ~IFA_ROUTE;
1313  	}
1314  
1315  	in6_newaddrmsg(ia, RTM_DELETE);
1316  	in6_unlink_ifa(ia, ifp);
1317  }
1318  
1319  static void
1320  in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
1321  {
1322  	char ip6buf[INET6_ADDRSTRLEN];
1323  	int remove_lle;
1324  
1325  	IF_ADDR_WLOCK(ifp);
1326  	CK_STAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifaddr, ifa_link);
1327  	IF_ADDR_WUNLOCK(ifp);
1328  	ifa_free(&ia->ia_ifa);			/* if_addrhead */
1329  
1330  	/*
1331  	 * Defer the release of what might be the last reference to the
1332  	 * in6_ifaddr so that it can't be freed before the remainder of the
1333  	 * cleanup.
1334  	 */
1335  	IN6_IFADDR_WLOCK();
1336  	CK_STAILQ_REMOVE(&V_in6_ifaddrhead, ia, in6_ifaddr, ia_link);
1337  	CK_LIST_REMOVE(ia, ia6_hash);
1338  	IN6_IFADDR_WUNLOCK();
1339  
1340  	/*
1341  	 * Release the reference to the base prefix.  There should be a
1342  	 * positive reference.
1343  	 */
1344  	remove_lle = 0;
1345  	if (ia->ia6_ndpr == NULL) {
1346  		nd6log((LOG_NOTICE,
1347  		    "in6_unlink_ifa: autoconf'ed address "
1348  		    "%s has no prefix\n", ip6_sprintf(ip6buf, IA6_IN6(ia))));
1349  	} else {
1350  		ia->ia6_ndpr->ndpr_addrcnt--;
1351  		/* Do not delete lles within prefix if refcont != 0 */
1352  		if (ia->ia6_ndpr->ndpr_addrcnt == 0)
1353  			remove_lle = 1;
1354  		ia->ia6_ndpr = NULL;
1355  	}
1356  
1357  	nd6_rem_ifa_lle(ia, remove_lle);
1358  
1359  	/*
1360  	 * Also, if the address being removed is autoconf'ed, call
1361  	 * pfxlist_onlink_check() since the release might affect the status of
1362  	 * other (detached) addresses.
1363  	 */
1364  	if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) {
1365  		pfxlist_onlink_check();
1366  	}
1367  	ifa_free(&ia->ia_ifa);			/* in6_ifaddrhead */
1368  }
1369  
1370  /*
1371   * Notifies other subsystems about address change/arrival:
1372   * 1) Notifies device handler on the first IPv6 address assignment
1373   * 2) Handle routing table changes for P2P links and route
1374   * 3) Handle routing table changes for address host route
1375   */
1376  static int
1377  in6_notify_ifa(struct ifnet *ifp, struct in6_ifaddr *ia,
1378      struct in6_aliasreq *ifra, int hostIsNew)
1379  {
1380  	int	error = 0, plen, ifacount = 0;
1381  	struct ifaddr *ifa;
1382  	struct sockaddr_in6 *pdst;
1383  	char ip6buf[INET6_ADDRSTRLEN];
1384  
1385  	/*
1386  	 * Give the interface a chance to initialize
1387  	 * if this is its first address,
1388  	 */
1389  	if (hostIsNew != 0) {
1390  		IF_ADDR_RLOCK(ifp);
1391  		CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1392  			if (ifa->ifa_addr->sa_family != AF_INET6)
1393  				continue;
1394  			ifacount++;
1395  		}
1396  		IF_ADDR_RUNLOCK(ifp);
1397  	}
1398  
1399  	if (ifacount <= 1 && ifp->if_ioctl) {
1400  		error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia);
1401  		if (error)
1402  			goto done;
1403  	}
1404  
1405  	/*
1406  	 * If a new destination address is specified, scrub the old one and
1407  	 * install the new destination.  Note that the interface must be
1408  	 * p2p or loopback.
1409  	 */
1410  	pdst = &ifra->ifra_dstaddr;
1411  	if (pdst->sin6_family == AF_INET6 &&
1412  	    !IN6_ARE_ADDR_EQUAL(&pdst->sin6_addr, &ia->ia_dstaddr.sin6_addr)) {
1413  		if ((ia->ia_flags & IFA_ROUTE) != 0 &&
1414  		    (rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST) != 0)) {
1415  			nd6log((LOG_ERR, "in6_update_ifa_internal: failed to "
1416  			    "remove a route to the old destination: %s\n",
1417  			    ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1418  			/* proceed anyway... */
1419  		} else
1420  			ia->ia_flags &= ~IFA_ROUTE;
1421  		ia->ia_dstaddr = *pdst;
1422  	}
1423  
1424  	/*
1425  	 * If a new destination address is specified for a point-to-point
1426  	 * interface, install a route to the destination as an interface
1427  	 * direct route.
1428  	 * XXX: the logic below rejects assigning multiple addresses on a p2p
1429  	 * interface that share the same destination.
1430  	 */
1431  	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1432  	if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 &&
1433  	    ia->ia_dstaddr.sin6_family == AF_INET6) {
1434  		int rtflags = RTF_UP | RTF_HOST;
1435  		/*
1436  		 * Handle the case for ::1 .
1437  		 */
1438  		if (ifp->if_flags & IFF_LOOPBACK)
1439  			ia->ia_flags |= IFA_RTSELF;
1440  		error = rtinit(&ia->ia_ifa, RTM_ADD, ia->ia_flags | rtflags);
1441  		if (error)
1442  			goto done;
1443  		ia->ia_flags |= IFA_ROUTE;
1444  	}
1445  
1446  	/*
1447  	 * add a loopback route to self if not exists
1448  	 */
1449  	if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) {
1450  		error = ifa_add_loopback_route((struct ifaddr *)ia,
1451  		    (struct sockaddr *)&ia->ia_addr);
1452  		if (error == 0)
1453  			ia->ia_flags |= IFA_RTSELF;
1454  	}
1455  done:
1456  	WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1457  	    "Invoking IPv6 network device address event may sleep");
1458  
1459  	EVENTHANDLER_INVOKE(ifaddr_event, ifp);
1460  
1461  	return (error);
1462  }
1463  
1464  /*
1465   * Find an IPv6 interface link-local address specific to an interface.
1466   * ifaddr is returned referenced.
1467   */
1468  struct in6_ifaddr *
1469  in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1470  {
1471  	struct ifaddr *ifa;
1472  
1473  	IF_ADDR_RLOCK(ifp);
1474  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1475  		if (ifa->ifa_addr->sa_family != AF_INET6)
1476  			continue;
1477  		if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1478  			if ((((struct in6_ifaddr *)ifa)->ia6_flags &
1479  			    ignoreflags) != 0)
1480  				continue;
1481  			ifa_ref(ifa);
1482  			break;
1483  		}
1484  	}
1485  	IF_ADDR_RUNLOCK(ifp);
1486  
1487  	return ((struct in6_ifaddr *)ifa);
1488  }
1489  
1490  
1491  /*
1492   * find the interface address corresponding to a given IPv6 address.
1493   * ifaddr is returned referenced.
1494   */
1495  struct in6_ifaddr *
1496  in6ifa_ifwithaddr(const struct in6_addr *addr, uint32_t zoneid)
1497  {
1498  	struct rm_priotracker in6_ifa_tracker;
1499  	struct in6_ifaddr *ia;
1500  
1501  	IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1502  	CK_LIST_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
1503  		if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), addr)) {
1504  			if (zoneid != 0 &&
1505  			    zoneid != ia->ia_addr.sin6_scope_id)
1506  				continue;
1507  			ifa_ref(&ia->ia_ifa);
1508  			break;
1509  		}
1510  	}
1511  	IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1512  	return (ia);
1513  }
1514  
1515  /*
1516   * find the internet address corresponding to a given interface and address.
1517   * ifaddr is returned referenced.
1518   */
1519  struct in6_ifaddr *
1520  in6ifa_ifpwithaddr(struct ifnet *ifp, const struct in6_addr *addr)
1521  {
1522  	struct ifaddr *ifa;
1523  
1524  	IF_ADDR_RLOCK(ifp);
1525  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1526  		if (ifa->ifa_addr->sa_family != AF_INET6)
1527  			continue;
1528  		if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
1529  			ifa_ref(ifa);
1530  			break;
1531  		}
1532  	}
1533  	IF_ADDR_RUNLOCK(ifp);
1534  
1535  	return ((struct in6_ifaddr *)ifa);
1536  }
1537  
1538  /*
1539   * Find a link-local scoped address on ifp and return it if any.
1540   */
1541  struct in6_ifaddr *
1542  in6ifa_llaonifp(struct ifnet *ifp)
1543  {
1544  	struct sockaddr_in6 *sin6;
1545  	struct ifaddr *ifa;
1546  
1547  	if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)
1548  		return (NULL);
1549  	IF_ADDR_RLOCK(ifp);
1550  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1551  		if (ifa->ifa_addr->sa_family != AF_INET6)
1552  			continue;
1553  		sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
1554  		if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
1555  		    IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr) ||
1556  		    IN6_IS_ADDR_MC_NODELOCAL(&sin6->sin6_addr))
1557  			break;
1558  	}
1559  	IF_ADDR_RUNLOCK(ifp);
1560  
1561  	return ((struct in6_ifaddr *)ifa);
1562  }
1563  
1564  /*
1565   * Convert IP6 address to printable (loggable) representation. Caller
1566   * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long.
1567   */
1568  static char digits[] = "0123456789abcdef";
1569  char *
1570  ip6_sprintf(char *ip6buf, const struct in6_addr *addr)
1571  {
1572  	int i, cnt = 0, maxcnt = 0, idx = 0, index = 0;
1573  	char *cp;
1574  	const u_int16_t *a = (const u_int16_t *)addr;
1575  	const u_int8_t *d;
1576  	int dcolon = 0, zero = 0;
1577  
1578  	cp = ip6buf;
1579  
1580  	for (i = 0; i < 8; i++) {
1581  		if (*(a + i) == 0) {
1582  			cnt++;
1583  			if (cnt == 1)
1584  				idx = i;
1585  		}
1586  		else if (maxcnt < cnt) {
1587  			maxcnt = cnt;
1588  			index = idx;
1589  			cnt = 0;
1590  		}
1591  	}
1592  	if (maxcnt < cnt) {
1593  		maxcnt = cnt;
1594  		index = idx;
1595  	}
1596  
1597  	for (i = 0; i < 8; i++) {
1598  		if (dcolon == 1) {
1599  			if (*a == 0) {
1600  				if (i == 7)
1601  					*cp++ = ':';
1602  				a++;
1603  				continue;
1604  			} else
1605  				dcolon = 2;
1606  		}
1607  		if (*a == 0) {
1608  			if (dcolon == 0 && *(a + 1) == 0 && i == index) {
1609  				if (i == 0)
1610  					*cp++ = ':';
1611  				*cp++ = ':';
1612  				dcolon = 1;
1613  			} else {
1614  				*cp++ = '0';
1615  				*cp++ = ':';
1616  			}
1617  			a++;
1618  			continue;
1619  		}
1620  		d = (const u_char *)a;
1621  		/* Try to eliminate leading zeros in printout like in :0001. */
1622  		zero = 1;
1623  		*cp = digits[*d >> 4];
1624  		if (*cp != '0') {
1625  			zero = 0;
1626  			cp++;
1627  		}
1628  		*cp = digits[*d++ & 0xf];
1629  		if (zero == 0 || (*cp != '0')) {
1630  			zero = 0;
1631  			cp++;
1632  		}
1633  		*cp = digits[*d >> 4];
1634  		if (zero == 0 || (*cp != '0')) {
1635  			zero = 0;
1636  			cp++;
1637  		}
1638  		*cp++ = digits[*d & 0xf];
1639  		*cp++ = ':';
1640  		a++;
1641  	}
1642  	*--cp = '\0';
1643  	return (ip6buf);
1644  }
1645  
1646  int
1647  in6_localaddr(struct in6_addr *in6)
1648  {
1649  	struct rm_priotracker in6_ifa_tracker;
1650  	struct in6_ifaddr *ia;
1651  
1652  	if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
1653  		return 1;
1654  
1655  	IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1656  	CK_STAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
1657  		if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
1658  		    &ia->ia_prefixmask.sin6_addr)) {
1659  			IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1660  			return 1;
1661  		}
1662  	}
1663  	IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1664  
1665  	return (0);
1666  }
1667  
1668  /*
1669   * Return 1 if an internet address is for the local host and configured
1670   * on one of its interfaces.
1671   */
1672  int
1673  in6_localip(struct in6_addr *in6)
1674  {
1675  	struct rm_priotracker in6_ifa_tracker;
1676  	struct in6_ifaddr *ia;
1677  
1678  	IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1679  	CK_LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) {
1680  		if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) {
1681  			IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1682  			return (1);
1683  		}
1684  	}
1685  	IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1686  	return (0);
1687  }
1688  
1689  /*
1690   * Return 1 if an internet address is configured on an interface.
1691   */
1692  int
1693  in6_ifhasaddr(struct ifnet *ifp, struct in6_addr *addr)
1694  {
1695  	struct in6_addr in6;
1696  	struct ifaddr *ifa;
1697  	struct in6_ifaddr *ia6;
1698  
1699  	in6 = *addr;
1700  	if (in6_clearscope(&in6))
1701  		return (0);
1702  	in6_setscope(&in6, ifp, NULL);
1703  
1704  	IF_ADDR_RLOCK(ifp);
1705  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1706  		if (ifa->ifa_addr->sa_family != AF_INET6)
1707  			continue;
1708  		ia6 = (struct in6_ifaddr *)ifa;
1709  		if (IN6_ARE_ADDR_EQUAL(&ia6->ia_addr.sin6_addr, &in6)) {
1710  			IF_ADDR_RUNLOCK(ifp);
1711  			return (1);
1712  		}
1713  	}
1714  	IF_ADDR_RUNLOCK(ifp);
1715  
1716  	return (0);
1717  }
1718  
1719  int
1720  in6_is_addr_deprecated(struct sockaddr_in6 *sa6)
1721  {
1722  	struct rm_priotracker in6_ifa_tracker;
1723  	struct in6_ifaddr *ia;
1724  
1725  	IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1726  	CK_LIST_FOREACH(ia, IN6ADDR_HASH(&sa6->sin6_addr), ia6_hash) {
1727  		if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), &sa6->sin6_addr)) {
1728  			if (ia->ia6_flags & IN6_IFF_DEPRECATED) {
1729  				IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1730  				return (1); /* true */
1731  			}
1732  			break;
1733  		}
1734  	}
1735  	IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1736  
1737  	return (0);		/* false */
1738  }
1739  
1740  /*
1741   * return length of part which dst and src are equal
1742   * hard coding...
1743   */
1744  int
1745  in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
1746  {
1747  	int match = 0;
1748  	u_char *s = (u_char *)src, *d = (u_char *)dst;
1749  	u_char *lim = s + 16, r;
1750  
1751  	while (s < lim)
1752  		if ((r = (*d++ ^ *s++)) != 0) {
1753  			while (r < 128) {
1754  				match++;
1755  				r <<= 1;
1756  			}
1757  			break;
1758  		} else
1759  			match += 8;
1760  	return match;
1761  }
1762  
1763  /* XXX: to be scope conscious */
1764  int
1765  in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len)
1766  {
1767  	int bytelen, bitlen;
1768  
1769  	/* sanity check */
1770  	if (0 > len || len > 128) {
1771  		log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n",
1772  		    len);
1773  		return (0);
1774  	}
1775  
1776  	bytelen = len / 8;
1777  	bitlen = len % 8;
1778  
1779  	if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
1780  		return (0);
1781  	if (bitlen != 0 &&
1782  	    p1->s6_addr[bytelen] >> (8 - bitlen) !=
1783  	    p2->s6_addr[bytelen] >> (8 - bitlen))
1784  		return (0);
1785  
1786  	return (1);
1787  }
1788  
1789  void
1790  in6_prefixlen2mask(struct in6_addr *maskp, int len)
1791  {
1792  	u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
1793  	int bytelen, bitlen, i;
1794  
1795  	/* sanity check */
1796  	if (0 > len || len > 128) {
1797  		log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
1798  		    len);
1799  		return;
1800  	}
1801  
1802  	bzero(maskp, sizeof(*maskp));
1803  	bytelen = len / 8;
1804  	bitlen = len % 8;
1805  	for (i = 0; i < bytelen; i++)
1806  		maskp->s6_addr[i] = 0xff;
1807  	if (bitlen)
1808  		maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
1809  }
1810  
1811  /*
1812   * return the best address out of the same scope. if no address was
1813   * found, return the first valid address from designated IF.
1814   */
1815  struct in6_ifaddr *
1816  in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
1817  {
1818  	int dst_scope =	in6_addrscope(dst), blen = -1, tlen;
1819  	struct ifaddr *ifa;
1820  	struct in6_ifaddr *besta = NULL;
1821  	struct in6_ifaddr *dep[2];	/* last-resort: deprecated */
1822  
1823  	dep[0] = dep[1] = NULL;
1824  
1825  	/*
1826  	 * We first look for addresses in the same scope.
1827  	 * If there is one, return it.
1828  	 * If two or more, return one which matches the dst longest.
1829  	 * If none, return one of global addresses assigned other ifs.
1830  	 */
1831  	IF_ADDR_RLOCK(ifp);
1832  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1833  		if (ifa->ifa_addr->sa_family != AF_INET6)
1834  			continue;
1835  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
1836  			continue; /* XXX: is there any case to allow anycast? */
1837  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
1838  			continue; /* don't use this interface */
1839  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
1840  			continue;
1841  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1842  			if (V_ip6_use_deprecated)
1843  				dep[0] = (struct in6_ifaddr *)ifa;
1844  			continue;
1845  		}
1846  
1847  		if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
1848  			/*
1849  			 * call in6_matchlen() as few as possible
1850  			 */
1851  			if (besta) {
1852  				if (blen == -1)
1853  					blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst);
1854  				tlen = in6_matchlen(IFA_IN6(ifa), dst);
1855  				if (tlen > blen) {
1856  					blen = tlen;
1857  					besta = (struct in6_ifaddr *)ifa;
1858  				}
1859  			} else
1860  				besta = (struct in6_ifaddr *)ifa;
1861  		}
1862  	}
1863  	if (besta) {
1864  		ifa_ref(&besta->ia_ifa);
1865  		IF_ADDR_RUNLOCK(ifp);
1866  		return (besta);
1867  	}
1868  
1869  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1870  		if (ifa->ifa_addr->sa_family != AF_INET6)
1871  			continue;
1872  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
1873  			continue; /* XXX: is there any case to allow anycast? */
1874  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
1875  			continue; /* don't use this interface */
1876  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
1877  			continue;
1878  		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1879  			if (V_ip6_use_deprecated)
1880  				dep[1] = (struct in6_ifaddr *)ifa;
1881  			continue;
1882  		}
1883  
1884  		if (ifa != NULL)
1885  			ifa_ref(ifa);
1886  		IF_ADDR_RUNLOCK(ifp);
1887  		return (struct in6_ifaddr *)ifa;
1888  	}
1889  
1890  	/* use the last-resort values, that are, deprecated addresses */
1891  	if (dep[0]) {
1892  		ifa_ref((struct ifaddr *)dep[0]);
1893  		IF_ADDR_RUNLOCK(ifp);
1894  		return dep[0];
1895  	}
1896  	if (dep[1]) {
1897  		ifa_ref((struct ifaddr *)dep[1]);
1898  		IF_ADDR_RUNLOCK(ifp);
1899  		return dep[1];
1900  	}
1901  
1902  	IF_ADDR_RUNLOCK(ifp);
1903  	return NULL;
1904  }
1905  
1906  /*
1907   * perform DAD when interface becomes IFF_UP.
1908   */
1909  void
1910  in6_if_up(struct ifnet *ifp)
1911  {
1912  	struct ifaddr *ifa;
1913  	struct in6_ifaddr *ia;
1914  
1915  	IF_ADDR_RLOCK(ifp);
1916  	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1917  		if (ifa->ifa_addr->sa_family != AF_INET6)
1918  			continue;
1919  		ia = (struct in6_ifaddr *)ifa;
1920  		if (ia->ia6_flags & IN6_IFF_TENTATIVE) {
1921  			/*
1922  			 * The TENTATIVE flag was likely set by hand
1923  			 * beforehand, implicitly indicating the need for DAD.
1924  			 * We may be able to skip the random delay in this
1925  			 * case, but we impose delays just in case.
1926  			 */
1927  			nd6_dad_start(ifa,
1928  			    arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz));
1929  		}
1930  	}
1931  	IF_ADDR_RUNLOCK(ifp);
1932  
1933  	/*
1934  	 * special cases, like 6to4, are handled in in6_ifattach
1935  	 */
1936  	in6_ifattach(ifp, NULL);
1937  }
1938  
1939  int
1940  in6if_do_dad(struct ifnet *ifp)
1941  {
1942  	if ((ifp->if_flags & IFF_LOOPBACK) != 0)
1943  		return (0);
1944  
1945  	if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) ||
1946  	    (ND_IFINFO(ifp)->flags & ND6_IFF_NO_DAD))
1947  		return (0);
1948  
1949  	/*
1950  	 * Our DAD routine requires the interface up and running.
1951  	 * However, some interfaces can be up before the RUNNING
1952  	 * status.  Additionally, users may try to assign addresses
1953  	 * before the interface becomes up (or running).
1954  	 * This function returns EAGAIN in that case.
1955  	 * The caller should mark "tentative" on the address instead of
1956  	 * performing DAD immediately.
1957  	 */
1958  	if (!((ifp->if_flags & IFF_UP) &&
1959  	    (ifp->if_drv_flags & IFF_DRV_RUNNING)))
1960  		return (EAGAIN);
1961  
1962  	return (1);
1963  }
1964  
1965  /*
1966   * Calculate max IPv6 MTU through all the interfaces and store it
1967   * to in6_maxmtu.
1968   */
1969  void
1970  in6_setmaxmtu(void)
1971  {
1972  	unsigned long maxmtu = 0;
1973  	struct ifnet *ifp;
1974  
1975  	IFNET_RLOCK_NOSLEEP();
1976  	CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) {
1977  		/* this function can be called during ifnet initialization */
1978  		if (!ifp->if_afdata[AF_INET6])
1979  			continue;
1980  		if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
1981  		    IN6_LINKMTU(ifp) > maxmtu)
1982  			maxmtu = IN6_LINKMTU(ifp);
1983  	}
1984  	IFNET_RUNLOCK_NOSLEEP();
1985  	if (maxmtu)	/* update only when maxmtu is positive */
1986  		V_in6_maxmtu = maxmtu;
1987  }
1988  
1989  /*
1990   * Provide the length of interface identifiers to be used for the link attached
1991   * to the given interface.  The length should be defined in "IPv6 over
1992   * xxx-link" document.  Note that address architecture might also define
1993   * the length for a particular set of address prefixes, regardless of the
1994   * link type.  As clarified in rfc2462bis, those two definitions should be
1995   * consistent, and those really are as of August 2004.
1996   */
1997  int
1998  in6_if2idlen(struct ifnet *ifp)
1999  {
2000  	switch (ifp->if_type) {
2001  	case IFT_ETHER:		/* RFC2464 */
2002  	case IFT_PROPVIRTUAL:	/* XXX: no RFC. treat it as ether */
2003  	case IFT_L2VLAN:	/* ditto */
2004  	case IFT_BRIDGE:	/* bridge(4) only does Ethernet-like links */
2005  	case IFT_INFINIBAND:
2006  		return (64);
2007  	case IFT_PPP:		/* RFC2472 */
2008  		return (64);
2009  	case IFT_FRELAY:	/* RFC2590 */
2010  		return (64);
2011  	case IFT_IEEE1394:	/* RFC3146 */
2012  		return (64);
2013  	case IFT_GIF:
2014  		return (64);	/* draft-ietf-v6ops-mech-v2-07 */
2015  	case IFT_LOOP:
2016  		return (64);	/* XXX: is this really correct? */
2017  	default:
2018  		/*
2019  		 * Unknown link type:
2020  		 * It might be controversial to use the today's common constant
2021  		 * of 64 for these cases unconditionally.  For full compliance,
2022  		 * we should return an error in this case.  On the other hand,
2023  		 * if we simply miss the standard for the link type or a new
2024  		 * standard is defined for a new link type, the IFID length
2025  		 * is very likely to be the common constant.  As a compromise,
2026  		 * we always use the constant, but make an explicit notice
2027  		 * indicating the "unknown" case.
2028  		 */
2029  		printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type);
2030  		return (64);
2031  	}
2032  }
2033  
2034  #include <sys/sysctl.h>
2035  
2036  struct in6_llentry {
2037  	struct llentry		base;
2038  };
2039  
2040  #define	IN6_LLTBL_DEFAULT_HSIZE	32
2041  #define	IN6_LLTBL_HASH(k, h) \
2042  	(((((((k >> 8) ^ k) >> 8) ^ k) >> 8) ^ k) & ((h) - 1))
2043  
2044  /*
2045   * Do actual deallocation of @lle.
2046   */
2047  static void
2048  in6_lltable_destroy_lle_unlocked(epoch_context_t ctx)
2049  {
2050  	struct llentry *lle;
2051  
2052  	lle = __containerof(ctx, struct llentry, lle_epoch_ctx);
2053  	LLE_LOCK_DESTROY(lle);
2054  	LLE_REQ_DESTROY(lle);
2055  	free(lle, M_LLTABLE);
2056  }
2057  
2058  /*
2059   * Called by LLE_FREE_LOCKED when number of references
2060   * drops to zero.
2061   */
2062  static void
2063  in6_lltable_destroy_lle(struct llentry *lle)
2064  {
2065  
2066  	LLE_WUNLOCK(lle);
2067  	epoch_call(net_epoch_preempt,  &lle->lle_epoch_ctx, in6_lltable_destroy_lle_unlocked);
2068  }
2069  
2070  static struct llentry *
2071  in6_lltable_new(const struct in6_addr *addr6, u_int flags)
2072  {
2073  	struct in6_llentry *lle;
2074  
2075  	lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
2076  	if (lle == NULL)		/* NB: caller generates msg */
2077  		return NULL;
2078  
2079  	lle->base.r_l3addr.addr6 = *addr6;
2080  	lle->base.lle_refcnt = 1;
2081  	lle->base.lle_free = in6_lltable_destroy_lle;
2082  	LLE_LOCK_INIT(&lle->base);
2083  	LLE_REQ_INIT(&lle->base);
2084  	callout_init(&lle->base.lle_timer, 1);
2085  
2086  	return (&lle->base);
2087  }
2088  
2089  static int
2090  in6_lltable_match_prefix(const struct sockaddr *saddr,
2091      const struct sockaddr *smask, u_int flags, struct llentry *lle)
2092  {
2093  	const struct in6_addr *addr, *mask, *lle_addr;
2094  
2095  	addr = &((const struct sockaddr_in6 *)saddr)->sin6_addr;
2096  	mask = &((const struct sockaddr_in6 *)smask)->sin6_addr;
2097  	lle_addr = &lle->r_l3addr.addr6;
2098  
2099  	if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0)
2100  		return (0);
2101  
2102  	if (lle->la_flags & LLE_IFADDR) {
2103  
2104  		/*
2105  		 * Delete LLE_IFADDR records IFF address & flag matches.
2106  		 * Note that addr is the interface address within prefix
2107  		 * being matched.
2108  		 */
2109  		if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) &&
2110  		    (flags & LLE_STATIC) != 0)
2111  			return (1);
2112  		return (0);
2113  	}
2114  
2115  	/* flags & LLE_STATIC means deleting both dynamic and static entries */
2116  	if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))
2117  		return (1);
2118  
2119  	return (0);
2120  }
2121  
2122  static void
2123  in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
2124  {
2125  	struct ifnet *ifp;
2126  
2127  	LLE_WLOCK_ASSERT(lle);
2128  	KASSERT(llt != NULL, ("lltable is NULL"));
2129  
2130  	/* Unlink entry from table */
2131  	if ((lle->la_flags & LLE_LINKED) != 0) {
2132  
2133  		ifp = llt->llt_ifp;
2134  		IF_AFDATA_WLOCK_ASSERT(ifp);
2135  		lltable_unlink_entry(llt, lle);
2136  	}
2137  
2138  	llentry_free(lle);
2139  }
2140  
2141  static int
2142  in6_lltable_rtcheck(struct ifnet *ifp,
2143  		    u_int flags,
2144  		    const struct sockaddr *l3addr)
2145  {
2146  	const struct sockaddr_in6 *sin6;
2147  	struct nhop6_basic nh6;
2148  	struct in6_addr dst;
2149  	uint32_t scopeid;
2150  	int error;
2151  	char ip6buf[INET6_ADDRSTRLEN];
2152  	int fibnum;
2153  
2154  	KASSERT(l3addr->sa_family == AF_INET6,
2155  	    ("sin_family %d", l3addr->sa_family));
2156  
2157  	sin6 = (const struct sockaddr_in6 *)l3addr;
2158  	in6_splitscope(&sin6->sin6_addr, &dst, &scopeid);
2159  	fibnum = V_rt_add_addr_allfibs ? RT_DEFAULT_FIB : ifp->if_fib;
2160  	error = fib6_lookup_nh_basic(fibnum, &dst, scopeid, 0, 0, &nh6);
2161  	if (error != 0 || (nh6.nh_flags & NHF_GATEWAY) || nh6.nh_ifp != ifp) {
2162  		struct ifaddr *ifa;
2163  		/*
2164  		 * Create an ND6 cache for an IPv6 neighbor
2165  		 * that is not covered by our own prefix.
2166  		 */
2167  		NET_EPOCH_ENTER();
2168  		ifa = ifaof_ifpforaddr(l3addr, ifp);
2169  		if (ifa != NULL) {
2170  			NET_EPOCH_EXIT();
2171  			return 0;
2172  		}
2173  		NET_EPOCH_EXIT();
2174  		log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
2175  		    ip6_sprintf(ip6buf, &sin6->sin6_addr));
2176  		return EINVAL;
2177  	}
2178  	return 0;
2179  }
2180  
2181  /*
2182   * Called by the datapath to indicate that the entry was used.
2183   */
2184  static void
2185  in6_lltable_mark_used(struct llentry *lle)
2186  {
2187  
2188  	LLE_REQ_LOCK(lle);
2189  	lle->r_skip_req = 0;
2190  
2191  	/*
2192  	 * Set the hit time so the callback function
2193  	 * can determine the remaining time before
2194  	 * transiting to the DELAY state.
2195  	 */
2196  	lle->lle_hittime = time_uptime;
2197  	LLE_REQ_UNLOCK(lle);
2198  }
2199  
2200  static inline uint32_t
2201  in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
2202  {
2203  
2204  	return (IN6_LLTBL_HASH(dst->s6_addr32[3], hsize));
2205  }
2206  
2207  static uint32_t
2208  in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
2209  {
2210  
2211  	return (in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize));
2212  }
2213  
2214  static void
2215  in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
2216  {
2217  	struct sockaddr_in6 *sin6;
2218  
2219  	sin6 = (struct sockaddr_in6 *)sa;
2220  	bzero(sin6, sizeof(*sin6));
2221  	sin6->sin6_family = AF_INET6;
2222  	sin6->sin6_len = sizeof(*sin6);
2223  	sin6->sin6_addr = lle->r_l3addr.addr6;
2224  }
2225  
2226  static inline struct llentry *
2227  in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
2228  {
2229  	struct llentry *lle;
2230  	struct llentries *lleh;
2231  	u_int hashidx;
2232  
2233  	hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
2234  	lleh = &llt->lle_head[hashidx];
2235  	CK_LIST_FOREACH(lle, lleh, lle_next) {
2236  		if (lle->la_flags & LLE_DELETED)
2237  			continue;
2238  		if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst))
2239  			break;
2240  	}
2241  
2242  	return (lle);
2243  }
2244  
2245  static void
2246  in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
2247  {
2248  
2249  	lle->la_flags |= LLE_DELETED;
2250  	EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_DELETED);
2251  #ifdef DIAGNOSTIC
2252  	log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
2253  #endif
2254  	llentry_free(lle);
2255  }
2256  
2257  static struct llentry *
2258  in6_lltable_alloc(struct lltable *llt, u_int flags,
2259  	const struct sockaddr *l3addr)
2260  {
2261  	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr;
2262  	struct ifnet *ifp = llt->llt_ifp;
2263  	struct llentry *lle;
2264  	char linkhdr[LLE_MAX_LINKHDR];
2265  	size_t linkhdrsize;
2266  	int lladdr_off;
2267  
2268  	KASSERT(l3addr->sa_family == AF_INET6,
2269  	    ("sin_family %d", l3addr->sa_family));
2270  
2271  	/*
2272  	 * A route that covers the given address must have
2273  	 * been installed 1st because we are doing a resolution,
2274  	 * verify this.
2275  	 */
2276  	if (!(flags & LLE_IFADDR) &&
2277  	    in6_lltable_rtcheck(ifp, flags, l3addr) != 0)
2278  		return (NULL);
2279  
2280  	lle = in6_lltable_new(&sin6->sin6_addr, flags);
2281  	if (lle == NULL) {
2282  		log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
2283  		return (NULL);
2284  	}
2285  	lle->la_flags = flags;
2286  	if ((flags & LLE_IFADDR) == LLE_IFADDR) {
2287  		linkhdrsize = LLE_MAX_LINKHDR;
2288  		if (lltable_calc_llheader(ifp, AF_INET6, IF_LLADDR(ifp),
2289  		    linkhdr, &linkhdrsize, &lladdr_off) != 0) {
2290  			epoch_call(net_epoch_preempt,  &lle->lle_epoch_ctx, in6_lltable_destroy_lle_unlocked);
2291  			return (NULL);
2292  		}
2293  		lltable_set_entry_addr(ifp, lle, linkhdr, linkhdrsize,
2294  		    lladdr_off);
2295  		lle->la_flags |= LLE_STATIC;
2296  	}
2297  
2298  	if ((lle->la_flags & LLE_STATIC) != 0)
2299  		lle->ln_state = ND6_LLINFO_REACHABLE;
2300  
2301  	return (lle);
2302  }
2303  
2304  static struct llentry *
2305  in6_lltable_lookup(struct lltable *llt, u_int flags,
2306  	const struct sockaddr *l3addr)
2307  {
2308  	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr;
2309  	struct llentry *lle;
2310  
2311  	IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
2312  	KASSERT(l3addr->sa_family == AF_INET6,
2313  	    ("sin_family %d", l3addr->sa_family));
2314  
2315  	lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
2316  
2317  	if (lle == NULL)
2318  		return (NULL);
2319  
2320  	KASSERT((flags & (LLE_UNLOCKED|LLE_EXCLUSIVE)) !=
2321  	    (LLE_UNLOCKED|LLE_EXCLUSIVE),("wrong lle request flags: 0x%X",
2322  	    flags));
2323  
2324  	if (flags & LLE_UNLOCKED)
2325  		return (lle);
2326  
2327  	if (flags & LLE_EXCLUSIVE)
2328  		LLE_WLOCK(lle);
2329  	else
2330  		LLE_RLOCK(lle);
2331  	return (lle);
2332  }
2333  
2334  static int
2335  in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
2336      struct sysctl_req *wr)
2337  {
2338  	struct ifnet *ifp = llt->llt_ifp;
2339  	/* XXX stack use */
2340  	struct {
2341  		struct rt_msghdr	rtm;
2342  		struct sockaddr_in6	sin6;
2343  		/*
2344  		 * ndp.c assumes that sdl is word aligned
2345  		 */
2346  #ifdef __LP64__
2347  		uint32_t		pad;
2348  #endif
2349  		struct sockaddr_dl	sdl;
2350  	} ndpc;
2351  	struct sockaddr_dl *sdl;
2352  	int error;
2353  
2354  	bzero(&ndpc, sizeof(ndpc));
2355  	/* skip deleted entries */
2356  	if ((lle->la_flags & LLE_DELETED) == LLE_DELETED)
2357  		return (0);
2358  	/* Skip if jailed and not a valid IP of the prison. */
2359  	lltable_fill_sa_entry(lle, (struct sockaddr *)&ndpc.sin6);
2360  	if (prison_if(wr->td->td_ucred, (struct sockaddr *)&ndpc.sin6) != 0)
2361  		return (0);
2362  	/*
2363  	 * produce a msg made of:
2364  	 *  struct rt_msghdr;
2365  	 *  struct sockaddr_in6 (IPv6)
2366  	 *  struct sockaddr_dl;
2367  	 */
2368  	ndpc.rtm.rtm_msglen = sizeof(ndpc);
2369  	ndpc.rtm.rtm_version = RTM_VERSION;
2370  	ndpc.rtm.rtm_type = RTM_GET;
2371  	ndpc.rtm.rtm_flags = RTF_UP;
2372  	ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
2373  	if (V_deembed_scopeid)
2374  		sa6_recoverscope(&ndpc.sin6);
2375  
2376  	/* publish */
2377  	if (lle->la_flags & LLE_PUB)
2378  		ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
2379  
2380  	sdl = &ndpc.sdl;
2381  	sdl->sdl_family = AF_LINK;
2382  	sdl->sdl_len = sizeof(*sdl);
2383  	sdl->sdl_index = ifp->if_index;
2384  	sdl->sdl_type = ifp->if_type;
2385  	if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
2386  		sdl->sdl_alen = ifp->if_addrlen;
2387  		bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
2388  	} else {
2389  		sdl->sdl_alen = 0;
2390  		bzero(LLADDR(sdl), ifp->if_addrlen);
2391  	}
2392  	if (lle->la_expire != 0)
2393  		ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire +
2394  		    lle->lle_remtime / hz + time_second - time_uptime;
2395  	ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
2396  	if (lle->la_flags & LLE_STATIC)
2397  		ndpc.rtm.rtm_flags |= RTF_STATIC;
2398  	if (lle->la_flags & LLE_IFADDR)
2399  		ndpc.rtm.rtm_flags |= RTF_PINNED;
2400  	if (lle->ln_router != 0)
2401  		ndpc.rtm.rtm_flags |= RTF_GATEWAY;
2402  	ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
2403  	/* Store state in rmx_weight value */
2404  	ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
2405  	ndpc.rtm.rtm_index = ifp->if_index;
2406  	error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
2407  
2408  	return (error);
2409  }
2410  
2411  static struct lltable *
2412  in6_lltattach(struct ifnet *ifp)
2413  {
2414  	struct lltable *llt;
2415  
2416  	llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
2417  	llt->llt_af = AF_INET6;
2418  	llt->llt_ifp = ifp;
2419  
2420  	llt->llt_lookup = in6_lltable_lookup;
2421  	llt->llt_alloc_entry = in6_lltable_alloc;
2422  	llt->llt_delete_entry = in6_lltable_delete_entry;
2423  	llt->llt_dump_entry = in6_lltable_dump_entry;
2424  	llt->llt_hash = in6_lltable_hash;
2425  	llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
2426  	llt->llt_free_entry = in6_lltable_free_entry;
2427  	llt->llt_match_prefix = in6_lltable_match_prefix;
2428  	llt->llt_mark_used = in6_lltable_mark_used;
2429   	lltable_link(llt);
2430  
2431  	return (llt);
2432  }
2433  
2434  void *
2435  in6_domifattach(struct ifnet *ifp)
2436  {
2437  	struct in6_ifextra *ext;
2438  
2439  	/* There are not IPv6-capable interfaces. */
2440  	switch (ifp->if_type) {
2441  	case IFT_PFLOG:
2442  	case IFT_PFSYNC:
2443  	case IFT_USB:
2444  		return (NULL);
2445  	}
2446  	ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK);
2447  	bzero(ext, sizeof(*ext));
2448  
2449  	ext->in6_ifstat = malloc(sizeof(counter_u64_t) *
2450  	    sizeof(struct in6_ifstat) / sizeof(uint64_t), M_IFADDR, M_WAITOK);
2451  	COUNTER_ARRAY_ALLOC(ext->in6_ifstat,
2452  	    sizeof(struct in6_ifstat) / sizeof(uint64_t), M_WAITOK);
2453  
2454  	ext->icmp6_ifstat = malloc(sizeof(counter_u64_t) *
2455  	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_IFADDR,
2456  	    M_WAITOK);
2457  	COUNTER_ARRAY_ALLOC(ext->icmp6_ifstat,
2458  	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_WAITOK);
2459  
2460  	ext->nd_ifinfo = nd6_ifattach(ifp);
2461  	ext->scope6_id = scope6_ifattach(ifp);
2462  	ext->lltable = in6_lltattach(ifp);
2463  
2464  	ext->mld_ifinfo = mld_domifattach(ifp);
2465  
2466  	return ext;
2467  }
2468  
2469  int
2470  in6_domifmtu(struct ifnet *ifp)
2471  {
2472  	if (ifp->if_afdata[AF_INET6] == NULL)
2473  		return ifp->if_mtu;
2474  
2475  	return (IN6_LINKMTU(ifp));
2476  }
2477  
2478  void
2479  in6_domifdetach(struct ifnet *ifp, void *aux)
2480  {
2481  	struct in6_ifextra *ext = (struct in6_ifextra *)aux;
2482  
2483  	mld_domifdetach(ifp);
2484  	scope6_ifdetach(ext->scope6_id);
2485  	nd6_ifdetach(ifp, ext->nd_ifinfo);
2486  	lltable_free(ext->lltable);
2487  	COUNTER_ARRAY_FREE(ext->in6_ifstat,
2488  	    sizeof(struct in6_ifstat) / sizeof(uint64_t));
2489  	free(ext->in6_ifstat, M_IFADDR);
2490  	COUNTER_ARRAY_FREE(ext->icmp6_ifstat,
2491  	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
2492  	free(ext->icmp6_ifstat, M_IFADDR);
2493  	free(ext, M_IFADDR);
2494  }
2495  
2496  /*
2497   * Convert sockaddr_in6 to sockaddr_in.  Original sockaddr_in6 must be
2498   * v4 mapped addr or v4 compat addr
2499   */
2500  void
2501  in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2502  {
2503  
2504  	bzero(sin, sizeof(*sin));
2505  	sin->sin_len = sizeof(struct sockaddr_in);
2506  	sin->sin_family = AF_INET;
2507  	sin->sin_port = sin6->sin6_port;
2508  	sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
2509  }
2510  
2511  /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
2512  void
2513  in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2514  {
2515  	bzero(sin6, sizeof(*sin6));
2516  	sin6->sin6_len = sizeof(struct sockaddr_in6);
2517  	sin6->sin6_family = AF_INET6;
2518  	sin6->sin6_port = sin->sin_port;
2519  	sin6->sin6_addr.s6_addr32[0] = 0;
2520  	sin6->sin6_addr.s6_addr32[1] = 0;
2521  	sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
2522  	sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
2523  }
2524  
2525  /* Convert sockaddr_in6 into sockaddr_in. */
2526  void
2527  in6_sin6_2_sin_in_sock(struct sockaddr *nam)
2528  {
2529  	struct sockaddr_in *sin_p;
2530  	struct sockaddr_in6 sin6;
2531  
2532  	/*
2533  	 * Save original sockaddr_in6 addr and convert it
2534  	 * to sockaddr_in.
2535  	 */
2536  	sin6 = *(struct sockaddr_in6 *)nam;
2537  	sin_p = (struct sockaddr_in *)nam;
2538  	in6_sin6_2_sin(sin_p, &sin6);
2539  }
2540  
2541  /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
2542  void
2543  in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
2544  {
2545  	struct sockaddr_in *sin_p;
2546  	struct sockaddr_in6 *sin6_p;
2547  
2548  	sin6_p = malloc(sizeof *sin6_p, M_SONAME, M_WAITOK);
2549  	sin_p = (struct sockaddr_in *)*nam;
2550  	in6_sin_2_v4mapsin6(sin_p, sin6_p);
2551  	free(*nam, M_SONAME);
2552  	*nam = (struct sockaddr *)sin6_p;
2553  }
2554