1 /* $FreeBSD$ */ 2 /* $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /*- 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 4. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in.c 8.2 (Berkeley) 11/15/93 62 */ 63 64 #include "opt_inet.h" 65 #include "opt_inet6.h" 66 67 #include <sys/param.h> 68 #include <sys/errno.h> 69 #include <sys/malloc.h> 70 #include <sys/socket.h> 71 #include <sys/socketvar.h> 72 #include <sys/sockio.h> 73 #include <sys/systm.h> 74 #include <sys/priv.h> 75 #include <sys/proc.h> 76 #include <sys/time.h> 77 #include <sys/kernel.h> 78 #include <sys/syslog.h> 79 80 #include <net/if.h> 81 #include <net/if_types.h> 82 #include <net/route.h> 83 #include <net/if_dl.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/if_ether.h> 88 #include <netinet/in_systm.h> 89 #include <netinet/ip.h> 90 #include <netinet/in_pcb.h> 91 92 #include <netinet/ip6.h> 93 #include <netinet6/ip6_var.h> 94 #include <netinet6/nd6.h> 95 #include <netinet6/mld6_var.h> 96 #include <netinet6/ip6_mroute.h> 97 #include <netinet6/in6_ifattach.h> 98 #include <netinet6/scope6_var.h> 99 #include <netinet6/in6_pcb.h> 100 101 MALLOC_DEFINE(M_IP6MADDR, "in6_multi", "internet multicast address"); 102 103 /* 104 * Definitions of some costant IP6 addresses. 105 */ 106 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 107 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 108 const struct in6_addr in6addr_nodelocal_allnodes = 109 IN6ADDR_NODELOCAL_ALLNODES_INIT; 110 const struct in6_addr in6addr_linklocal_allnodes = 111 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 112 const struct in6_addr in6addr_linklocal_allrouters = 113 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 114 115 const struct in6_addr in6mask0 = IN6MASK0; 116 const struct in6_addr in6mask32 = IN6MASK32; 117 const struct in6_addr in6mask64 = IN6MASK64; 118 const struct in6_addr in6mask96 = IN6MASK96; 119 const struct in6_addr in6mask128 = IN6MASK128; 120 121 const struct sockaddr_in6 sa6_any = 122 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 }; 123 124 static int in6_lifaddr_ioctl __P((struct socket *, u_long, caddr_t, 125 struct ifnet *, struct thread *)); 126 static int in6_ifinit __P((struct ifnet *, struct in6_ifaddr *, 127 struct sockaddr_in6 *, int)); 128 static void in6_unlink_ifa __P((struct in6_ifaddr *, struct ifnet *)); 129 130 struct in6_multihead in6_multihead; /* XXX BSS initialization */ 131 int (*faithprefix_p)(struct in6_addr *); 132 133 /* 134 * Subroutine for in6_ifaddloop() and in6_ifremloop(). 135 * This routine does actual work. 136 */ 137 static void 138 in6_ifloop_request(int cmd, struct ifaddr *ifa) 139 { 140 struct sockaddr_in6 all1_sa; 141 struct rtentry *nrt = NULL; 142 int e; 143 char ip6buf[INET6_ADDRSTRLEN]; 144 145 bzero(&all1_sa, sizeof(all1_sa)); 146 all1_sa.sin6_family = AF_INET6; 147 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 148 all1_sa.sin6_addr = in6mask128; 149 150 /* 151 * We specify the address itself as the gateway, and set the 152 * RTF_LLINFO flag, so that the corresponding host route would have 153 * the flag, and thus applications that assume traditional behavior 154 * would be happy. Note that we assume the caller of the function 155 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest, 156 * which changes the outgoing interface to the loopback interface. 157 */ 158 e = rtrequest(cmd, ifa->ifa_addr, ifa->ifa_addr, 159 (struct sockaddr *)&all1_sa, RTF_UP|RTF_HOST|RTF_LLINFO, &nrt); 160 if (e != 0) { 161 /* XXX need more descriptive message */ 162 163 log(LOG_ERR, "in6_ifloop_request: " 164 "%s operation failed for %s (errno=%d)\n", 165 cmd == RTM_ADD ? "ADD" : "DELETE", 166 ip6_sprintf(ip6buf, 167 &((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr), e); 168 } 169 170 /* 171 * Report the addition/removal of the address to the routing socket. 172 * XXX: since we called rtinit for a p2p interface with a destination, 173 * we end up reporting twice in such a case. Should we rather 174 * omit the second report? 175 */ 176 if (nrt) { 177 RT_LOCK(nrt); 178 /* 179 * Make sure rt_ifa be equal to IFA, the second argument of 180 * the function. We need this because when we refer to 181 * rt_ifa->ia6_flags in ip6_input, we assume that the rt_ifa 182 * points to the address instead of the loopback address. 183 */ 184 if (cmd == RTM_ADD && ifa != nrt->rt_ifa) { 185 IFAFREE(nrt->rt_ifa); 186 IFAREF(ifa); 187 nrt->rt_ifa = ifa; 188 } 189 190 rt_newaddrmsg(cmd, ifa, e, nrt); 191 if (cmd == RTM_DELETE) 192 RTFREE_LOCKED(nrt); 193 else { 194 /* the cmd must be RTM_ADD here */ 195 RT_REMREF(nrt); 196 RT_UNLOCK(nrt); 197 } 198 } 199 } 200 201 /* 202 * Add ownaddr as loopback rtentry. We previously add the route only if 203 * necessary (ex. on a p2p link). However, since we now manage addresses 204 * separately from prefixes, we should always add the route. We can't 205 * rely on the cloning mechanism from the corresponding interface route 206 * any more. 207 */ 208 void 209 in6_ifaddloop(struct ifaddr *ifa) 210 { 211 struct rtentry *rt; 212 int need_loop; 213 214 /* If there is no loopback entry, allocate one. */ 215 rt = rtalloc1(ifa->ifa_addr, 0, 0); 216 need_loop = (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 || 217 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0); 218 if (rt) 219 RTFREE_LOCKED(rt); 220 if (need_loop) 221 in6_ifloop_request(RTM_ADD, ifa); 222 } 223 224 /* 225 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(), 226 * if it exists. 227 */ 228 void 229 in6_ifremloop(struct ifaddr *ifa) 230 { 231 struct in6_ifaddr *ia; 232 struct rtentry *rt; 233 int ia_count = 0; 234 235 /* 236 * Some of BSD variants do not remove cloned routes 237 * from an interface direct route, when removing the direct route 238 * (see comments in net/net_osdep.h). Even for variants that do remove 239 * cloned routes, they could fail to remove the cloned routes when 240 * we handle multple addresses that share a common prefix. 241 * So, we should remove the route corresponding to the deleted address. 242 */ 243 244 /* 245 * Delete the entry only if exact one ifa exists. More than one ifa 246 * can exist if we assign a same single address to multiple 247 * (probably p2p) interfaces. 248 * XXX: we should avoid such a configuration in IPv6... 249 */ 250 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 251 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) { 252 ia_count++; 253 if (ia_count > 1) 254 break; 255 } 256 } 257 258 if (ia_count == 1) { 259 /* 260 * Before deleting, check if a corresponding loopbacked host 261 * route surely exists. With this check, we can avoid to 262 * delete an interface direct route whose destination is same 263 * as the address being removed. This can happen when removing 264 * a subnet-router anycast address on an interface attahced 265 * to a shared medium. 266 */ 267 rt = rtalloc1(ifa->ifa_addr, 0, 0); 268 if (rt != NULL) { 269 if ((rt->rt_flags & RTF_HOST) != 0 && 270 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 271 RTFREE_LOCKED(rt); 272 in6_ifloop_request(RTM_DELETE, ifa); 273 } else 274 RT_UNLOCK(rt); 275 } 276 } 277 } 278 279 int 280 in6_mask2len(struct in6_addr *mask, u_char *lim0) 281 { 282 int x = 0, y; 283 u_char *lim = lim0, *p; 284 285 /* ignore the scope_id part */ 286 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 287 lim = (u_char *)mask + sizeof(*mask); 288 for (p = (u_char *)mask; p < lim; x++, p++) { 289 if (*p != 0xff) 290 break; 291 } 292 y = 0; 293 if (p < lim) { 294 for (y = 0; y < 8; y++) { 295 if ((*p & (0x80 >> y)) == 0) 296 break; 297 } 298 } 299 300 /* 301 * when the limit pointer is given, do a stricter check on the 302 * remaining bits. 303 */ 304 if (p < lim) { 305 if (y != 0 && (*p & (0x00ff >> y)) != 0) 306 return (-1); 307 for (p = p + 1; p < lim; p++) 308 if (*p != 0) 309 return (-1); 310 } 311 312 return x * 8 + y; 313 } 314 315 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 316 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 317 318 int 319 in6_control(struct socket *so, u_long cmd, caddr_t data, 320 struct ifnet *ifp, struct thread *td) 321 { 322 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 323 struct in6_ifaddr *ia = NULL; 324 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 325 struct sockaddr_in6 *sa6; 326 int error; 327 328 switch (cmd) { 329 case SIOCGETSGCNT_IN6: 330 case SIOCGETMIFCNT_IN6: 331 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP); 332 } 333 334 switch(cmd) { 335 case SIOCAADDRCTL_POLICY: 336 case SIOCDADDRCTL_POLICY: 337 if (td != NULL) { 338 error = priv_check(td, PRIV_NETINET_ADDRCTRL6); 339 if (error) 340 return (error); 341 } 342 return (in6_src_ioctl(cmd, data)); 343 } 344 345 if (ifp == NULL) 346 return (EOPNOTSUPP); 347 348 switch (cmd) { 349 case SIOCSNDFLUSH_IN6: 350 case SIOCSPFXFLUSH_IN6: 351 case SIOCSRTRFLUSH_IN6: 352 case SIOCSDEFIFACE_IN6: 353 case SIOCSIFINFO_FLAGS: 354 if (td != NULL) { 355 error = priv_check(td, PRIV_NETINET_ND6); 356 if (error) 357 return (error); 358 } 359 /* FALLTHROUGH */ 360 case OSIOCGIFINFO_IN6: 361 case SIOCGIFINFO_IN6: 362 case SIOCSIFINFO_IN6: 363 case SIOCGDRLST_IN6: 364 case SIOCGPRLST_IN6: 365 case SIOCGNBRINFO_IN6: 366 case SIOCGDEFIFACE_IN6: 367 return (nd6_ioctl(cmd, data, ifp)); 368 } 369 370 switch (cmd) { 371 case SIOCSIFPREFIX_IN6: 372 case SIOCDIFPREFIX_IN6: 373 case SIOCAIFPREFIX_IN6: 374 case SIOCCIFPREFIX_IN6: 375 case SIOCSGIFPREFIX_IN6: 376 case SIOCGIFPREFIX_IN6: 377 log(LOG_NOTICE, 378 "prefix ioctls are now invalidated. " 379 "please use ifconfig.\n"); 380 return (EOPNOTSUPP); 381 } 382 383 switch (cmd) { 384 case SIOCSSCOPE6: 385 if (td != NULL) { 386 error = priv_check(td, PRIV_NETINET_SCOPE6); 387 if (error) 388 return (error); 389 } 390 return (scope6_set(ifp, 391 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 392 case SIOCGSCOPE6: 393 return (scope6_get(ifp, 394 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 395 case SIOCGSCOPE6DEF: 396 return (scope6_get_default((struct scope6_id *) 397 ifr->ifr_ifru.ifru_scope_id)); 398 } 399 400 switch (cmd) { 401 case SIOCALIFADDR: 402 case SIOCDLIFADDR: 403 /* 404 * XXXRW: Is this checked at another layer? What priv to use 405 * here? 406 */ 407 if (td != NULL) { 408 error = suser(td); 409 if (error) 410 return (error); 411 } 412 /* FALLTHROUGH */ 413 case SIOCGLIFADDR: 414 return in6_lifaddr_ioctl(so, cmd, data, ifp, td); 415 } 416 417 /* 418 * Find address for this interface, if it exists. 419 * 420 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 421 * only, and used the first interface address as the target of other 422 * operations (without checking ifra_addr). This was because netinet 423 * code/API assumed at most 1 interface address per interface. 424 * Since IPv6 allows a node to assign multiple addresses 425 * on a single interface, we almost always look and check the 426 * presence of ifra_addr, and reject invalid ones here. 427 * It also decreases duplicated code among SIOC*_IN6 operations. 428 */ 429 switch (cmd) { 430 case SIOCAIFADDR_IN6: 431 case SIOCSIFPHYADDR_IN6: 432 sa6 = &ifra->ifra_addr; 433 break; 434 case SIOCSIFADDR_IN6: 435 case SIOCGIFADDR_IN6: 436 case SIOCSIFDSTADDR_IN6: 437 case SIOCSIFNETMASK_IN6: 438 case SIOCGIFDSTADDR_IN6: 439 case SIOCGIFNETMASK_IN6: 440 case SIOCDIFADDR_IN6: 441 case SIOCGIFPSRCADDR_IN6: 442 case SIOCGIFPDSTADDR_IN6: 443 case SIOCGIFAFLAG_IN6: 444 case SIOCSNDFLUSH_IN6: 445 case SIOCSPFXFLUSH_IN6: 446 case SIOCSRTRFLUSH_IN6: 447 case SIOCGIFALIFETIME_IN6: 448 case SIOCSIFALIFETIME_IN6: 449 case SIOCGIFSTAT_IN6: 450 case SIOCGIFSTAT_ICMP6: 451 sa6 = &ifr->ifr_addr; 452 break; 453 default: 454 sa6 = NULL; 455 break; 456 } 457 if (sa6 && sa6->sin6_family == AF_INET6) { 458 int error = 0; 459 460 if (sa6->sin6_scope_id != 0) 461 error = sa6_embedscope(sa6, 0); 462 else 463 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 464 if (error != 0) 465 return (error); 466 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 467 } else 468 ia = NULL; 469 470 switch (cmd) { 471 case SIOCSIFADDR_IN6: 472 case SIOCSIFDSTADDR_IN6: 473 case SIOCSIFNETMASK_IN6: 474 /* 475 * Since IPv6 allows a node to assign multiple addresses 476 * on a single interface, SIOCSIFxxx ioctls are deprecated. 477 */ 478 /* we decided to obsolete this command (20000704) */ 479 return (EINVAL); 480 481 case SIOCDIFADDR_IN6: 482 /* 483 * for IPv4, we look for existing in_ifaddr here to allow 484 * "ifconfig if0 delete" to remove the first IPv4 address on 485 * the interface. For IPv6, as the spec allows multiple 486 * interface address from the day one, we consider "remove the 487 * first one" semantics to be not preferable. 488 */ 489 if (ia == NULL) 490 return (EADDRNOTAVAIL); 491 /* FALLTHROUGH */ 492 case SIOCAIFADDR_IN6: 493 /* 494 * We always require users to specify a valid IPv6 address for 495 * the corresponding operation. 496 */ 497 if (ifra->ifra_addr.sin6_family != AF_INET6 || 498 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) 499 return (EAFNOSUPPORT); 500 501 /* 502 * XXXRW: Is this checked at another layer? What priv to use 503 * here? 504 */ 505 if (td != NULL) { 506 error = suser(td); 507 if (error) 508 return (error); 509 } 510 511 break; 512 513 case SIOCGIFADDR_IN6: 514 /* This interface is basically deprecated. use SIOCGIFCONF. */ 515 /* FALLTHROUGH */ 516 case SIOCGIFAFLAG_IN6: 517 case SIOCGIFNETMASK_IN6: 518 case SIOCGIFDSTADDR_IN6: 519 case SIOCGIFALIFETIME_IN6: 520 /* must think again about its semantics */ 521 if (ia == NULL) 522 return (EADDRNOTAVAIL); 523 break; 524 case SIOCSIFALIFETIME_IN6: 525 { 526 struct in6_addrlifetime *lt; 527 528 if (td != NULL) { 529 error = priv_check(td, PRIV_NETINET_ALIFETIME6); 530 if (error) 531 return (error); 532 } 533 if (ia == NULL) 534 return (EADDRNOTAVAIL); 535 /* sanity for overflow - beware unsigned */ 536 lt = &ifr->ifr_ifru.ifru_lifetime; 537 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME && 538 lt->ia6t_vltime + time_second < time_second) { 539 return EINVAL; 540 } 541 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME && 542 lt->ia6t_pltime + time_second < time_second) { 543 return EINVAL; 544 } 545 break; 546 } 547 } 548 549 switch (cmd) { 550 551 case SIOCGIFADDR_IN6: 552 ifr->ifr_addr = ia->ia_addr; 553 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 554 return (error); 555 break; 556 557 case SIOCGIFDSTADDR_IN6: 558 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 559 return (EINVAL); 560 /* 561 * XXX: should we check if ifa_dstaddr is NULL and return 562 * an error? 563 */ 564 ifr->ifr_dstaddr = ia->ia_dstaddr; 565 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 566 return (error); 567 break; 568 569 case SIOCGIFNETMASK_IN6: 570 ifr->ifr_addr = ia->ia_prefixmask; 571 break; 572 573 case SIOCGIFAFLAG_IN6: 574 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 575 break; 576 577 case SIOCGIFSTAT_IN6: 578 if (ifp == NULL) 579 return EINVAL; 580 bzero(&ifr->ifr_ifru.ifru_stat, 581 sizeof(ifr->ifr_ifru.ifru_stat)); 582 ifr->ifr_ifru.ifru_stat = 583 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->in6_ifstat; 584 break; 585 586 case SIOCGIFSTAT_ICMP6: 587 if (ifp == NULL) 588 return EINVAL; 589 bzero(&ifr->ifr_ifru.ifru_icmp6stat, 590 sizeof(ifr->ifr_ifru.ifru_icmp6stat)); 591 ifr->ifr_ifru.ifru_icmp6stat = 592 *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat; 593 break; 594 595 case SIOCGIFALIFETIME_IN6: 596 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 597 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 598 time_t maxexpire; 599 struct in6_addrlifetime *retlt = 600 &ifr->ifr_ifru.ifru_lifetime; 601 602 /* 603 * XXX: adjust expiration time assuming time_t is 604 * signed. 605 */ 606 maxexpire = (-1) & 607 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 608 if (ia->ia6_lifetime.ia6t_vltime < 609 maxexpire - ia->ia6_updatetime) { 610 retlt->ia6t_expire = ia->ia6_updatetime + 611 ia->ia6_lifetime.ia6t_vltime; 612 } else 613 retlt->ia6t_expire = maxexpire; 614 } 615 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 616 time_t maxexpire; 617 struct in6_addrlifetime *retlt = 618 &ifr->ifr_ifru.ifru_lifetime; 619 620 /* 621 * XXX: adjust expiration time assuming time_t is 622 * signed. 623 */ 624 maxexpire = (-1) & 625 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 626 if (ia->ia6_lifetime.ia6t_pltime < 627 maxexpire - ia->ia6_updatetime) { 628 retlt->ia6t_preferred = ia->ia6_updatetime + 629 ia->ia6_lifetime.ia6t_pltime; 630 } else 631 retlt->ia6t_preferred = maxexpire; 632 } 633 break; 634 635 case SIOCSIFALIFETIME_IN6: 636 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime; 637 /* for sanity */ 638 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 639 ia->ia6_lifetime.ia6t_expire = 640 time_second + ia->ia6_lifetime.ia6t_vltime; 641 } else 642 ia->ia6_lifetime.ia6t_expire = 0; 643 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 644 ia->ia6_lifetime.ia6t_preferred = 645 time_second + ia->ia6_lifetime.ia6t_pltime; 646 } else 647 ia->ia6_lifetime.ia6t_preferred = 0; 648 break; 649 650 case SIOCAIFADDR_IN6: 651 { 652 int i, error = 0; 653 struct nd_prefixctl pr0; 654 struct nd_prefix *pr; 655 656 /* 657 * first, make or update the interface address structure, 658 * and link it to the list. 659 */ 660 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 661 return (error); 662 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 663 == NULL) { 664 /* 665 * this can happen when the user specify the 0 valid 666 * lifetime. 667 */ 668 break; 669 } 670 671 /* 672 * then, make the prefix on-link on the interface. 673 * XXX: we'd rather create the prefix before the address, but 674 * we need at least one address to install the corresponding 675 * interface route, so we configure the address first. 676 */ 677 678 /* 679 * convert mask to prefix length (prefixmask has already 680 * been validated in in6_update_ifa(). 681 */ 682 bzero(&pr0, sizeof(pr0)); 683 pr0.ndpr_ifp = ifp; 684 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 685 NULL); 686 if (pr0.ndpr_plen == 128) { 687 break; /* we don't need to install a host route. */ 688 } 689 pr0.ndpr_prefix = ifra->ifra_addr; 690 /* apply the mask for safety. */ 691 for (i = 0; i < 4; i++) { 692 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &= 693 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i]; 694 } 695 /* 696 * XXX: since we don't have an API to set prefix (not address) 697 * lifetimes, we just use the same lifetimes as addresses. 698 * The (temporarily) installed lifetimes can be overridden by 699 * later advertised RAs (when accept_rtadv is non 0), which is 700 * an intended behavior. 701 */ 702 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 703 pr0.ndpr_raf_auto = 704 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 705 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 706 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 707 708 /* add the prefix if not yet. */ 709 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 710 /* 711 * nd6_prelist_add will install the corresponding 712 * interface route. 713 */ 714 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) 715 return (error); 716 if (pr == NULL) { 717 log(LOG_ERR, "nd6_prelist_add succeeded but " 718 "no prefix\n"); 719 return (EINVAL); /* XXX panic here? */ 720 } 721 } 722 723 /* relate the address to the prefix */ 724 if (ia->ia6_ndpr == NULL) { 725 ia->ia6_ndpr = pr; 726 pr->ndpr_refcnt++; 727 728 /* 729 * If this is the first autoconf address from the 730 * prefix, create a temporary address as well 731 * (when required). 732 */ 733 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 734 ip6_use_tempaddr && pr->ndpr_refcnt == 1) { 735 int e; 736 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 737 log(LOG_NOTICE, "in6_control: failed " 738 "to create a temporary address, " 739 "errno=%d\n", e); 740 } 741 } 742 } 743 744 /* 745 * this might affect the status of autoconfigured addresses, 746 * that is, this address might make other addresses detached. 747 */ 748 pfxlist_onlink_check(); 749 if (error == 0 && ia) 750 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 751 break; 752 } 753 754 case SIOCDIFADDR_IN6: 755 { 756 struct nd_prefix *pr; 757 758 /* 759 * If the address being deleted is the only one that owns 760 * the corresponding prefix, expire the prefix as well. 761 * XXX: theoretically, we don't have to worry about such 762 * relationship, since we separate the address management 763 * and the prefix management. We do this, however, to provide 764 * as much backward compatibility as possible in terms of 765 * the ioctl operation. 766 * Note that in6_purgeaddr() will decrement ndpr_refcnt. 767 */ 768 pr = ia->ia6_ndpr; 769 in6_purgeaddr(&ia->ia_ifa); 770 if (pr && pr->ndpr_refcnt == 0) 771 prelist_remove(pr); 772 EVENTHANDLER_INVOKE(ifaddr_event, ifp); 773 break; 774 } 775 776 default: 777 if (ifp == NULL || ifp->if_ioctl == 0) 778 return (EOPNOTSUPP); 779 return ((*ifp->if_ioctl)(ifp, cmd, data)); 780 } 781 782 return (0); 783 } 784 785 /* 786 * Update parameters of an IPv6 interface address. 787 * If necessary, a new entry is created and linked into address chains. 788 * This function is separated from in6_control(). 789 * XXX: should this be performed under splnet()? 790 */ 791 int 792 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 793 struct in6_ifaddr *ia, int flags) 794 { 795 int error = 0, hostIsNew = 0, plen = -1; 796 struct in6_ifaddr *oia; 797 struct sockaddr_in6 dst6; 798 struct in6_addrlifetime *lt; 799 struct in6_multi_mship *imm; 800 struct in6_multi *in6m_sol; 801 struct rtentry *rt; 802 int delay; 803 char ip6buf[INET6_ADDRSTRLEN]; 804 805 /* Validate parameters */ 806 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 807 return (EINVAL); 808 809 /* 810 * The destination address for a p2p link must have a family 811 * of AF_UNSPEC or AF_INET6. 812 */ 813 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 814 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 815 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 816 return (EAFNOSUPPORT); 817 /* 818 * validate ifra_prefixmask. don't check sin6_family, netmask 819 * does not carry fields other than sin6_len. 820 */ 821 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 822 return (EINVAL); 823 /* 824 * Because the IPv6 address architecture is classless, we require 825 * users to specify a (non 0) prefix length (mask) for a new address. 826 * We also require the prefix (when specified) mask is valid, and thus 827 * reject a non-consecutive mask. 828 */ 829 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 830 return (EINVAL); 831 if (ifra->ifra_prefixmask.sin6_len != 0) { 832 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 833 (u_char *)&ifra->ifra_prefixmask + 834 ifra->ifra_prefixmask.sin6_len); 835 if (plen <= 0) 836 return (EINVAL); 837 } else { 838 /* 839 * In this case, ia must not be NULL. We just use its prefix 840 * length. 841 */ 842 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 843 } 844 /* 845 * If the destination address on a p2p interface is specified, 846 * and the address is a scoped one, validate/set the scope 847 * zone identifier. 848 */ 849 dst6 = ifra->ifra_dstaddr; 850 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 851 (dst6.sin6_family == AF_INET6)) { 852 struct in6_addr in6_tmp; 853 u_int32_t zoneid; 854 855 in6_tmp = dst6.sin6_addr; 856 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 857 return (EINVAL); /* XXX: should be impossible */ 858 859 if (dst6.sin6_scope_id != 0) { 860 if (dst6.sin6_scope_id != zoneid) 861 return (EINVAL); 862 } else /* user omit to specify the ID. */ 863 dst6.sin6_scope_id = zoneid; 864 865 /* convert into the internal form */ 866 if (sa6_embedscope(&dst6, 0)) 867 return (EINVAL); /* XXX: should be impossible */ 868 } 869 /* 870 * The destination address can be specified only for a p2p or a 871 * loopback interface. If specified, the corresponding prefix length 872 * must be 128. 873 */ 874 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 875 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 876 /* XXX: noisy message */ 877 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 878 "be specified for a p2p or a loopback IF only\n")); 879 return (EINVAL); 880 } 881 if (plen != 128) { 882 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 883 "be 128 when dstaddr is specified\n")); 884 return (EINVAL); 885 } 886 } 887 /* lifetime consistency check */ 888 lt = &ifra->ifra_lifetime; 889 if (lt->ia6t_pltime > lt->ia6t_vltime) 890 return (EINVAL); 891 if (lt->ia6t_vltime == 0) { 892 /* 893 * the following log might be noisy, but this is a typical 894 * configuration mistake or a tool's bug. 895 */ 896 nd6log((LOG_INFO, 897 "in6_update_ifa: valid lifetime is 0 for %s\n", 898 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr))); 899 900 if (ia == NULL) 901 return (0); /* there's nothing to do */ 902 } 903 904 /* 905 * If this is a new address, allocate a new ifaddr and link it 906 * into chains. 907 */ 908 if (ia == NULL) { 909 hostIsNew = 1; 910 /* 911 * When in6_update_ifa() is called in a process of a received 912 * RA, it is called under an interrupt context. So, we should 913 * call malloc with M_NOWAIT. 914 */ 915 ia = (struct in6_ifaddr *) malloc(sizeof(*ia), M_IFADDR, 916 M_NOWAIT); 917 if (ia == NULL) 918 return (ENOBUFS); 919 bzero((caddr_t)ia, sizeof(*ia)); 920 LIST_INIT(&ia->ia6_memberships); 921 /* Initialize the address and masks, and put time stamp */ 922 IFA_LOCK_INIT(&ia->ia_ifa); 923 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 924 ia->ia_addr.sin6_family = AF_INET6; 925 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 926 ia->ia6_createtime = time_second; 927 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 928 /* 929 * XXX: some functions expect that ifa_dstaddr is not 930 * NULL for p2p interfaces. 931 */ 932 ia->ia_ifa.ifa_dstaddr = 933 (struct sockaddr *)&ia->ia_dstaddr; 934 } else { 935 ia->ia_ifa.ifa_dstaddr = NULL; 936 } 937 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 938 939 ia->ia_ifp = ifp; 940 if ((oia = in6_ifaddr) != NULL) { 941 for ( ; oia->ia_next; oia = oia->ia_next) 942 continue; 943 oia->ia_next = ia; 944 } else 945 in6_ifaddr = ia; 946 947 ia->ia_ifa.ifa_refcnt = 1; 948 TAILQ_INSERT_TAIL(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); 949 } 950 951 /* update timestamp */ 952 ia->ia6_updatetime = time_second; 953 954 /* set prefix mask */ 955 if (ifra->ifra_prefixmask.sin6_len) { 956 /* 957 * We prohibit changing the prefix length of an existing 958 * address, because 959 * + such an operation should be rare in IPv6, and 960 * + the operation would confuse prefix management. 961 */ 962 if (ia->ia_prefixmask.sin6_len && 963 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 964 nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an" 965 " existing (%s) address should not be changed\n", 966 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 967 error = EINVAL; 968 goto unlink; 969 } 970 ia->ia_prefixmask = ifra->ifra_prefixmask; 971 } 972 973 /* 974 * If a new destination address is specified, scrub the old one and 975 * install the new destination. Note that the interface must be 976 * p2p or loopback (see the check above.) 977 */ 978 if (dst6.sin6_family == AF_INET6 && 979 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 980 int e; 981 982 if ((ia->ia_flags & IFA_ROUTE) != 0 && 983 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) { 984 nd6log((LOG_ERR, "in6_update_ifa: failed to remove " 985 "a route to the old destination: %s\n", 986 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 987 /* proceed anyway... */ 988 } else 989 ia->ia_flags &= ~IFA_ROUTE; 990 ia->ia_dstaddr = dst6; 991 } 992 993 /* 994 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 995 * to see if the address is deprecated or invalidated, but initialize 996 * these members for applications. 997 */ 998 ia->ia6_lifetime = ifra->ifra_lifetime; 999 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1000 ia->ia6_lifetime.ia6t_expire = 1001 time_second + ia->ia6_lifetime.ia6t_vltime; 1002 } else 1003 ia->ia6_lifetime.ia6t_expire = 0; 1004 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1005 ia->ia6_lifetime.ia6t_preferred = 1006 time_second + ia->ia6_lifetime.ia6t_pltime; 1007 } else 1008 ia->ia6_lifetime.ia6t_preferred = 0; 1009 1010 /* reset the interface and routing table appropriately. */ 1011 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0) 1012 goto unlink; 1013 1014 /* 1015 * configure address flags. 1016 */ 1017 ia->ia6_flags = ifra->ifra_flags; 1018 /* 1019 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1020 * userland, make it deprecated. 1021 */ 1022 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1023 ia->ia6_lifetime.ia6t_pltime = 0; 1024 ia->ia6_lifetime.ia6t_preferred = time_second; 1025 } 1026 /* 1027 * Make the address tentative before joining multicast addresses, 1028 * so that corresponding MLD responses would not have a tentative 1029 * source address. 1030 */ 1031 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1032 if (hostIsNew && in6if_do_dad(ifp)) 1033 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1034 1035 /* 1036 * We are done if we have simply modified an existing address. 1037 */ 1038 if (!hostIsNew) 1039 return (error); 1040 1041 /* 1042 * Beyond this point, we should call in6_purgeaddr upon an error, 1043 * not just go to unlink. 1044 */ 1045 1046 /* Join necessary multicast groups */ 1047 in6m_sol = NULL; 1048 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1049 struct sockaddr_in6 mltaddr, mltmask; 1050 struct in6_addr llsol; 1051 1052 /* join solicited multicast addr for new host id */ 1053 bzero(&llsol, sizeof(struct in6_addr)); 1054 llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 1055 llsol.s6_addr32[1] = 0; 1056 llsol.s6_addr32[2] = htonl(1); 1057 llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 1058 llsol.s6_addr8[12] = 0xff; 1059 if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) { 1060 /* XXX: should not happen */ 1061 log(LOG_ERR, "in6_update_ifa: " 1062 "in6_setscope failed\n"); 1063 goto cleanup; 1064 } 1065 delay = 0; 1066 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1067 /* 1068 * We need a random delay for DAD on the address 1069 * being configured. It also means delaying 1070 * transmission of the corresponding MLD report to 1071 * avoid report collision. 1072 * [draft-ietf-ipv6-rfc2462bis-02.txt] 1073 */ 1074 delay = arc4random() % 1075 (MAX_RTR_SOLICITATION_DELAY * hz); 1076 } 1077 imm = in6_joingroup(ifp, &llsol, &error, delay); 1078 if (imm == NULL) { 1079 nd6log((LOG_WARNING, 1080 "in6_update_ifa: addmulti failed for " 1081 "%s on %s (errno=%d)\n", 1082 ip6_sprintf(ip6buf, &llsol), if_name(ifp), 1083 error)); 1084 in6_purgeaddr((struct ifaddr *)ia); 1085 return (error); 1086 } 1087 LIST_INSERT_HEAD(&ia->ia6_memberships, 1088 imm, i6mm_chain); 1089 in6m_sol = imm->i6mm_maddr; 1090 1091 bzero(&mltmask, sizeof(mltmask)); 1092 mltmask.sin6_len = sizeof(struct sockaddr_in6); 1093 mltmask.sin6_family = AF_INET6; 1094 mltmask.sin6_addr = in6mask32; 1095 #define MLTMASK_LEN 4 /* mltmask's masklen (=32bit=4octet) */ 1096 1097 /* 1098 * join link-local all-nodes address 1099 */ 1100 bzero(&mltaddr, sizeof(mltaddr)); 1101 mltaddr.sin6_len = sizeof(struct sockaddr_in6); 1102 mltaddr.sin6_family = AF_INET6; 1103 mltaddr.sin6_addr = in6addr_linklocal_allnodes; 1104 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 1105 0) 1106 goto cleanup; /* XXX: should not fail */ 1107 1108 /* 1109 * XXX: do we really need this automatic routes? 1110 * We should probably reconsider this stuff. Most applications 1111 * actually do not need the routes, since they usually specify 1112 * the outgoing interface. 1113 */ 1114 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1115 if (rt) { 1116 if (memcmp(&mltaddr.sin6_addr, 1117 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1118 MLTMASK_LEN)) { 1119 RTFREE_LOCKED(rt); 1120 rt = NULL; 1121 } 1122 } 1123 if (!rt) { 1124 /* XXX: we need RTF_CLONING to fake nd6_rtrequest */ 1125 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1126 (struct sockaddr *)&ia->ia_addr, 1127 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1128 (struct rtentry **)0); 1129 if (error) 1130 goto cleanup; 1131 } else 1132 RTFREE_LOCKED(rt); 1133 1134 /* 1135 * XXX: do we really need this automatic routes? 1136 * We should probably reconsider this stuff. Most applications 1137 * actually do not need the routes, since they usually specify 1138 * the outgoing interface. 1139 */ 1140 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1141 if (rt) { 1142 /* XXX: only works in !SCOPEDROUTING case. */ 1143 if (memcmp(&mltaddr.sin6_addr, 1144 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1145 MLTMASK_LEN)) { 1146 RTFREE_LOCKED(rt); 1147 rt = NULL; 1148 } 1149 } 1150 if (!rt) { 1151 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1152 (struct sockaddr *)&ia->ia_addr, 1153 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1154 (struct rtentry **)0); 1155 if (error) 1156 goto cleanup; 1157 } else { 1158 RTFREE_LOCKED(rt); 1159 } 1160 1161 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1162 if (!imm) { 1163 nd6log((LOG_WARNING, 1164 "in6_update_ifa: addmulti failed for " 1165 "%s on %s (errno=%d)\n", 1166 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1167 if_name(ifp), error)); 1168 goto cleanup; 1169 } 1170 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1171 1172 /* 1173 * join node information group address 1174 */ 1175 #define hostnamelen strlen(hostname) 1176 delay = 0; 1177 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1178 /* 1179 * The spec doesn't say anything about delay for this 1180 * group, but the same logic should apply. 1181 */ 1182 delay = arc4random() % 1183 (MAX_RTR_SOLICITATION_DELAY * hz); 1184 } 1185 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr) 1186 == 0) { 1187 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 1188 delay); /* XXX jinmei */ 1189 if (!imm) { 1190 nd6log((LOG_WARNING, "in6_update_ifa: " 1191 "addmulti failed for %s on %s " 1192 "(errno=%d)\n", 1193 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1194 if_name(ifp), error)); 1195 /* XXX not very fatal, go on... */ 1196 } else { 1197 LIST_INSERT_HEAD(&ia->ia6_memberships, 1198 imm, i6mm_chain); 1199 } 1200 } 1201 #undef hostnamelen 1202 1203 /* 1204 * join interface-local all-nodes address. 1205 * (ff01::1%ifN, and ff01::%ifN/32) 1206 */ 1207 mltaddr.sin6_addr = in6addr_nodelocal_allnodes; 1208 if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) 1209 != 0) 1210 goto cleanup; /* XXX: should not fail */ 1211 /* XXX: again, do we really need the route? */ 1212 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1213 if (rt) { 1214 if (memcmp(&mltaddr.sin6_addr, 1215 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1216 MLTMASK_LEN)) { 1217 RTFREE_LOCKED(rt); 1218 rt = NULL; 1219 } 1220 } 1221 if (!rt) { 1222 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1223 (struct sockaddr *)&ia->ia_addr, 1224 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1225 (struct rtentry **)0); 1226 if (error) 1227 goto cleanup; 1228 } else 1229 RTFREE_LOCKED(rt); 1230 1231 /* XXX: again, do we really need the route? */ 1232 rt = rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL); 1233 if (rt) { 1234 if (memcmp(&mltaddr.sin6_addr, 1235 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1236 MLTMASK_LEN)) { 1237 RTFREE_LOCKED(rt); 1238 rt = NULL; 1239 } 1240 } 1241 if (!rt) { 1242 error = rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr, 1243 (struct sockaddr *)&ia->ia_addr, 1244 (struct sockaddr *)&mltmask, RTF_UP | RTF_CLONING, 1245 (struct rtentry **)0); 1246 if (error) 1247 goto cleanup; 1248 } else { 1249 RTFREE_LOCKED(rt); 1250 } 1251 1252 imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0); 1253 if (!imm) { 1254 nd6log((LOG_WARNING, "in6_update_ifa: " 1255 "addmulti failed for %s on %s " 1256 "(errno=%d)\n", 1257 ip6_sprintf(ip6buf, &mltaddr.sin6_addr), 1258 if_name(ifp), error)); 1259 goto cleanup; 1260 } 1261 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 1262 #undef MLTMASK_LEN 1263 } 1264 1265 /* 1266 * Perform DAD, if needed. 1267 * XXX It may be of use, if we can administratively 1268 * disable DAD. 1269 */ 1270 if (hostIsNew && in6if_do_dad(ifp) && 1271 ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) && 1272 (ia->ia6_flags & IN6_IFF_TENTATIVE)) 1273 { 1274 int mindelay, maxdelay; 1275 1276 delay = 0; 1277 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1278 /* 1279 * We need to impose a delay before sending an NS 1280 * for DAD. Check if we also needed a delay for the 1281 * corresponding MLD message. If we did, the delay 1282 * should be larger than the MLD delay (this could be 1283 * relaxed a bit, but this simple logic is at least 1284 * safe). 1285 */ 1286 mindelay = 0; 1287 if (in6m_sol != NULL && 1288 in6m_sol->in6m_state == MLD_REPORTPENDING) { 1289 mindelay = in6m_sol->in6m_timer; 1290 } 1291 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1292 if (maxdelay - mindelay == 0) 1293 delay = 0; 1294 else { 1295 delay = 1296 (arc4random() % (maxdelay - mindelay)) + 1297 mindelay; 1298 } 1299 } 1300 nd6_dad_start((struct ifaddr *)ia, delay); 1301 } 1302 1303 return (error); 1304 1305 unlink: 1306 /* 1307 * XXX: if a change of an existing address failed, keep the entry 1308 * anyway. 1309 */ 1310 if (hostIsNew) 1311 in6_unlink_ifa(ia, ifp); 1312 return (error); 1313 1314 cleanup: 1315 in6_purgeaddr(&ia->ia_ifa); 1316 return error; 1317 } 1318 1319 void 1320 in6_purgeaddr(struct ifaddr *ifa) 1321 { 1322 struct ifnet *ifp = ifa->ifa_ifp; 1323 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1324 char ip6buf[INET6_ADDRSTRLEN]; 1325 struct in6_multi_mship *imm; 1326 1327 /* stop DAD processing */ 1328 nd6_dad_stop(ifa); 1329 1330 /* 1331 * delete route to the destination of the address being purged. 1332 * The interface must be p2p or loopback in this case. 1333 */ 1334 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1335 int e; 1336 1337 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1338 != 0) { 1339 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1340 "a route to the p2p destination: %s on %s, " 1341 "errno=%d\n", 1342 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1343 if_name(ifp), e); 1344 /* proceed anyway... */ 1345 } else 1346 ia->ia_flags &= ~IFA_ROUTE; 1347 } 1348 1349 /* Remove ownaddr's loopback rtentry, if it exists. */ 1350 in6_ifremloop(&(ia->ia_ifa)); 1351 1352 /* 1353 * leave from multicast groups we have joined for the interface 1354 */ 1355 while ((imm = ia->ia6_memberships.lh_first) != NULL) { 1356 LIST_REMOVE(imm, i6mm_chain); 1357 in6_leavegroup(imm); 1358 } 1359 1360 in6_unlink_ifa(ia, ifp); 1361 } 1362 1363 static void 1364 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1365 { 1366 struct in6_ifaddr *oia; 1367 int s = splnet(); 1368 1369 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); 1370 1371 oia = ia; 1372 if (oia == (ia = in6_ifaddr)) 1373 in6_ifaddr = ia->ia_next; 1374 else { 1375 while (ia->ia_next && (ia->ia_next != oia)) 1376 ia = ia->ia_next; 1377 if (ia->ia_next) 1378 ia->ia_next = oia->ia_next; 1379 else { 1380 /* search failed */ 1381 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n"); 1382 } 1383 } 1384 1385 /* 1386 * Release the reference to the base prefix. There should be a 1387 * positive reference. 1388 */ 1389 if (oia->ia6_ndpr == NULL) { 1390 nd6log((LOG_NOTICE, 1391 "in6_unlink_ifa: autoconf'ed address " 1392 "%p has no prefix\n", oia)); 1393 } else { 1394 oia->ia6_ndpr->ndpr_refcnt--; 1395 oia->ia6_ndpr = NULL; 1396 } 1397 1398 /* 1399 * Also, if the address being removed is autoconf'ed, call 1400 * pfxlist_onlink_check() since the release might affect the status of 1401 * other (detached) addresses. 1402 */ 1403 if ((oia->ia6_flags & IN6_IFF_AUTOCONF)) { 1404 pfxlist_onlink_check(); 1405 } 1406 1407 /* 1408 * release another refcnt for the link from in6_ifaddr. 1409 * Note that we should decrement the refcnt at least once for all *BSD. 1410 */ 1411 IFAFREE(&oia->ia_ifa); 1412 1413 splx(s); 1414 } 1415 1416 void 1417 in6_purgeif(struct ifnet *ifp) 1418 { 1419 struct ifaddr *ifa, *nifa; 1420 1421 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); ifa != NULL; ifa = nifa) { 1422 nifa = TAILQ_NEXT(ifa, ifa_list); 1423 if (ifa->ifa_addr->sa_family != AF_INET6) 1424 continue; 1425 in6_purgeaddr(ifa); 1426 } 1427 1428 in6_ifdetach(ifp); 1429 } 1430 1431 /* 1432 * SIOC[GAD]LIFADDR. 1433 * SIOCGLIFADDR: get first address. (?) 1434 * SIOCGLIFADDR with IFLR_PREFIX: 1435 * get first address that matches the specified prefix. 1436 * SIOCALIFADDR: add the specified address. 1437 * SIOCALIFADDR with IFLR_PREFIX: 1438 * add the specified prefix, filling hostid part from 1439 * the first link-local address. prefixlen must be <= 64. 1440 * SIOCDLIFADDR: delete the specified address. 1441 * SIOCDLIFADDR with IFLR_PREFIX: 1442 * delete the first address that matches the specified prefix. 1443 * return values: 1444 * EINVAL on invalid parameters 1445 * EADDRNOTAVAIL on prefix match failed/specified address not found 1446 * other values may be returned from in6_ioctl() 1447 * 1448 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64. 1449 * this is to accomodate address naming scheme other than RFC2374, 1450 * in the future. 1451 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374 1452 * address encoding scheme. (see figure on page 8) 1453 */ 1454 static int 1455 in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data, 1456 struct ifnet *ifp, struct thread *td) 1457 { 1458 struct if_laddrreq *iflr = (struct if_laddrreq *)data; 1459 struct ifaddr *ifa; 1460 struct sockaddr *sa; 1461 1462 /* sanity checks */ 1463 if (!data || !ifp) { 1464 panic("invalid argument to in6_lifaddr_ioctl"); 1465 /* NOTREACHED */ 1466 } 1467 1468 switch (cmd) { 1469 case SIOCGLIFADDR: 1470 /* address must be specified on GET with IFLR_PREFIX */ 1471 if ((iflr->flags & IFLR_PREFIX) == 0) 1472 break; 1473 /* FALLTHROUGH */ 1474 case SIOCALIFADDR: 1475 case SIOCDLIFADDR: 1476 /* address must be specified on ADD and DELETE */ 1477 sa = (struct sockaddr *)&iflr->addr; 1478 if (sa->sa_family != AF_INET6) 1479 return EINVAL; 1480 if (sa->sa_len != sizeof(struct sockaddr_in6)) 1481 return EINVAL; 1482 /* XXX need improvement */ 1483 sa = (struct sockaddr *)&iflr->dstaddr; 1484 if (sa->sa_family && sa->sa_family != AF_INET6) 1485 return EINVAL; 1486 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6)) 1487 return EINVAL; 1488 break; 1489 default: /* shouldn't happen */ 1490 #if 0 1491 panic("invalid cmd to in6_lifaddr_ioctl"); 1492 /* NOTREACHED */ 1493 #else 1494 return EOPNOTSUPP; 1495 #endif 1496 } 1497 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen) 1498 return EINVAL; 1499 1500 switch (cmd) { 1501 case SIOCALIFADDR: 1502 { 1503 struct in6_aliasreq ifra; 1504 struct in6_addr *hostid = NULL; 1505 int prefixlen; 1506 1507 if ((iflr->flags & IFLR_PREFIX) != 0) { 1508 struct sockaddr_in6 *sin6; 1509 1510 /* 1511 * hostid is to fill in the hostid part of the 1512 * address. hostid points to the first link-local 1513 * address attached to the interface. 1514 */ 1515 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); 1516 if (!ifa) 1517 return EADDRNOTAVAIL; 1518 hostid = IFA_IN6(ifa); 1519 1520 /* prefixlen must be <= 64. */ 1521 if (64 < iflr->prefixlen) 1522 return EINVAL; 1523 prefixlen = iflr->prefixlen; 1524 1525 /* hostid part must be zero. */ 1526 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1527 if (sin6->sin6_addr.s6_addr32[2] != 0 || 1528 sin6->sin6_addr.s6_addr32[3] != 0) { 1529 return EINVAL; 1530 } 1531 } else 1532 prefixlen = iflr->prefixlen; 1533 1534 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */ 1535 bzero(&ifra, sizeof(ifra)); 1536 bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name)); 1537 1538 bcopy(&iflr->addr, &ifra.ifra_addr, 1539 ((struct sockaddr *)&iflr->addr)->sa_len); 1540 if (hostid) { 1541 /* fill in hostid part */ 1542 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 1543 hostid->s6_addr32[2]; 1544 ifra.ifra_addr.sin6_addr.s6_addr32[3] = 1545 hostid->s6_addr32[3]; 1546 } 1547 1548 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */ 1549 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr, 1550 ((struct sockaddr *)&iflr->dstaddr)->sa_len); 1551 if (hostid) { 1552 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] = 1553 hostid->s6_addr32[2]; 1554 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] = 1555 hostid->s6_addr32[3]; 1556 } 1557 } 1558 1559 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1560 in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen); 1561 1562 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX; 1563 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td); 1564 } 1565 case SIOCGLIFADDR: 1566 case SIOCDLIFADDR: 1567 { 1568 struct in6_ifaddr *ia; 1569 struct in6_addr mask, candidate, match; 1570 struct sockaddr_in6 *sin6; 1571 int cmp; 1572 1573 bzero(&mask, sizeof(mask)); 1574 if (iflr->flags & IFLR_PREFIX) { 1575 /* lookup a prefix rather than address. */ 1576 in6_prefixlen2mask(&mask, iflr->prefixlen); 1577 1578 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1579 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1580 match.s6_addr32[0] &= mask.s6_addr32[0]; 1581 match.s6_addr32[1] &= mask.s6_addr32[1]; 1582 match.s6_addr32[2] &= mask.s6_addr32[2]; 1583 match.s6_addr32[3] &= mask.s6_addr32[3]; 1584 1585 /* if you set extra bits, that's wrong */ 1586 if (bcmp(&match, &sin6->sin6_addr, sizeof(match))) 1587 return EINVAL; 1588 1589 cmp = 1; 1590 } else { 1591 if (cmd == SIOCGLIFADDR) { 1592 /* on getting an address, take the 1st match */ 1593 cmp = 0; /* XXX */ 1594 } else { 1595 /* on deleting an address, do exact match */ 1596 in6_prefixlen2mask(&mask, 128); 1597 sin6 = (struct sockaddr_in6 *)&iflr->addr; 1598 bcopy(&sin6->sin6_addr, &match, sizeof(match)); 1599 1600 cmp = 1; 1601 } 1602 } 1603 1604 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1605 if (ifa->ifa_addr->sa_family != AF_INET6) 1606 continue; 1607 if (!cmp) 1608 break; 1609 1610 /* 1611 * XXX: this is adhoc, but is necessary to allow 1612 * a user to specify fe80::/64 (not /10) for a 1613 * link-local address. 1614 */ 1615 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate)); 1616 in6_clearscope(&candidate); 1617 candidate.s6_addr32[0] &= mask.s6_addr32[0]; 1618 candidate.s6_addr32[1] &= mask.s6_addr32[1]; 1619 candidate.s6_addr32[2] &= mask.s6_addr32[2]; 1620 candidate.s6_addr32[3] &= mask.s6_addr32[3]; 1621 if (IN6_ARE_ADDR_EQUAL(&candidate, &match)) 1622 break; 1623 } 1624 if (!ifa) 1625 return EADDRNOTAVAIL; 1626 ia = ifa2ia6(ifa); 1627 1628 if (cmd == SIOCGLIFADDR) { 1629 int error; 1630 1631 /* fill in the if_laddrreq structure */ 1632 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len); 1633 error = sa6_recoverscope( 1634 (struct sockaddr_in6 *)&iflr->addr); 1635 if (error != 0) 1636 return (error); 1637 1638 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1639 bcopy(&ia->ia_dstaddr, &iflr->dstaddr, 1640 ia->ia_dstaddr.sin6_len); 1641 error = sa6_recoverscope( 1642 (struct sockaddr_in6 *)&iflr->dstaddr); 1643 if (error != 0) 1644 return (error); 1645 } else 1646 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr)); 1647 1648 iflr->prefixlen = 1649 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 1650 1651 iflr->flags = ia->ia6_flags; /* XXX */ 1652 1653 return 0; 1654 } else { 1655 struct in6_aliasreq ifra; 1656 1657 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */ 1658 bzero(&ifra, sizeof(ifra)); 1659 bcopy(iflr->iflr_name, ifra.ifra_name, 1660 sizeof(ifra.ifra_name)); 1661 1662 bcopy(&ia->ia_addr, &ifra.ifra_addr, 1663 ia->ia_addr.sin6_len); 1664 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) { 1665 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr, 1666 ia->ia_dstaddr.sin6_len); 1667 } else { 1668 bzero(&ifra.ifra_dstaddr, 1669 sizeof(ifra.ifra_dstaddr)); 1670 } 1671 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr, 1672 ia->ia_prefixmask.sin6_len); 1673 1674 ifra.ifra_flags = ia->ia6_flags; 1675 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra, 1676 ifp, td); 1677 } 1678 } 1679 } 1680 1681 return EOPNOTSUPP; /* just for safety */ 1682 } 1683 1684 /* 1685 * Initialize an interface's intetnet6 address 1686 * and routing table entry. 1687 */ 1688 static int 1689 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia, 1690 struct sockaddr_in6 *sin6, int newhost) 1691 { 1692 int error = 0, plen, ifacount = 0; 1693 int s = splimp(); 1694 struct ifaddr *ifa; 1695 1696 /* 1697 * Give the interface a chance to initialize 1698 * if this is its first address, 1699 * and to validate the address if necessary. 1700 */ 1701 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1702 if (ifa->ifa_addr->sa_family != AF_INET6) 1703 continue; 1704 ifacount++; 1705 } 1706 1707 ia->ia_addr = *sin6; 1708 1709 if (ifacount <= 1 && ifp->if_ioctl) { 1710 IFF_LOCKGIANT(ifp); 1711 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia); 1712 IFF_UNLOCKGIANT(ifp); 1713 if (error) { 1714 splx(s); 1715 return (error); 1716 } 1717 } 1718 splx(s); 1719 1720 ia->ia_ifa.ifa_metric = ifp->if_metric; 1721 1722 /* we could do in(6)_socktrim here, but just omit it at this moment. */ 1723 1724 if (newhost) { 1725 /* 1726 * set the rtrequest function to create llinfo. It also 1727 * adjust outgoing interface of the route for the local 1728 * address when called via in6_ifaddloop() below. 1729 */ 1730 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 1731 } 1732 1733 /* 1734 * Special case: 1735 * If a new destination address is specified for a point-to-point 1736 * interface, install a route to the destination as an interface 1737 * direct route. In addition, if the link is expected to have neighbor 1738 * cache entries, specify RTF_LLINFO so that a cache entry for the 1739 * destination address will be created. 1740 * created 1741 * XXX: the logic below rejects assigning multiple addresses on a p2p 1742 * interface that share the same destination. 1743 */ 1744 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1745 if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 && 1746 ia->ia_dstaddr.sin6_family == AF_INET6) { 1747 int rtflags = RTF_UP | RTF_HOST; 1748 struct rtentry *rt = NULL, **rtp = NULL; 1749 1750 if (nd6_need_cache(ifp) != 0) { 1751 rtflags |= RTF_LLINFO; 1752 rtp = &rt; 1753 } 1754 1755 error = rtrequest(RTM_ADD, (struct sockaddr *)&ia->ia_dstaddr, 1756 (struct sockaddr *)&ia->ia_addr, 1757 (struct sockaddr *)&ia->ia_prefixmask, 1758 ia->ia_flags | rtflags, rtp); 1759 if (error != 0) 1760 return (error); 1761 if (rt != NULL) { 1762 struct llinfo_nd6 *ln; 1763 1764 RT_LOCK(rt); 1765 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1766 if (ln != NULL) { 1767 /* 1768 * Set the state to STALE because we don't 1769 * have to perform address resolution on this 1770 * link. 1771 */ 1772 ln->ln_state = ND6_LLINFO_STALE; 1773 } 1774 RT_REMREF(rt); 1775 RT_UNLOCK(rt); 1776 } 1777 ia->ia_flags |= IFA_ROUTE; 1778 } 1779 if (plen < 128) { 1780 /* 1781 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto(). 1782 */ 1783 ia->ia_ifa.ifa_flags |= RTF_CLONING; 1784 } 1785 1786 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ 1787 if (newhost) 1788 in6_ifaddloop(&(ia->ia_ifa)); 1789 1790 return (error); 1791 } 1792 1793 struct in6_multi_mship * 1794 in6_joingroup(struct ifnet *ifp, struct in6_addr *addr, 1795 int *errorp, int delay) 1796 { 1797 struct in6_multi_mship *imm; 1798 1799 imm = malloc(sizeof(*imm), M_IP6MADDR, M_NOWAIT); 1800 if (!imm) { 1801 *errorp = ENOBUFS; 1802 return NULL; 1803 } 1804 imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp, delay); 1805 if (!imm->i6mm_maddr) { 1806 /* *errorp is alrady set */ 1807 free(imm, M_IP6MADDR); 1808 return NULL; 1809 } 1810 return imm; 1811 } 1812 1813 int 1814 in6_leavegroup(struct in6_multi_mship *imm) 1815 { 1816 1817 if (imm->i6mm_maddr) 1818 in6_delmulti(imm->i6mm_maddr); 1819 free(imm, M_IP6MADDR); 1820 return 0; 1821 } 1822 1823 /* 1824 * Find an IPv6 interface link-local address specific to an interface. 1825 */ 1826 struct in6_ifaddr * 1827 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1828 { 1829 struct ifaddr *ifa; 1830 1831 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1832 if (ifa->ifa_addr->sa_family != AF_INET6) 1833 continue; 1834 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1835 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1836 ignoreflags) != 0) 1837 continue; 1838 break; 1839 } 1840 } 1841 1842 return ((struct in6_ifaddr *)ifa); 1843 } 1844 1845 1846 /* 1847 * find the internet address corresponding to a given interface and address. 1848 */ 1849 struct in6_ifaddr * 1850 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr) 1851 { 1852 struct ifaddr *ifa; 1853 1854 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1855 if (ifa->ifa_addr->sa_family != AF_INET6) 1856 continue; 1857 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) 1858 break; 1859 } 1860 1861 return ((struct in6_ifaddr *)ifa); 1862 } 1863 1864 /* 1865 * Convert IP6 address to printable (loggable) representation. Caller 1866 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long. 1867 */ 1868 static char digits[] = "0123456789abcdef"; 1869 char * 1870 ip6_sprintf(char *ip6buf, const struct in6_addr *addr) 1871 { 1872 int i; 1873 char *cp; 1874 const u_int16_t *a = (const u_int16_t *)addr; 1875 const u_int8_t *d; 1876 int dcolon = 0, zero = 0; 1877 1878 cp = ip6buf; 1879 1880 for (i = 0; i < 8; i++) { 1881 if (dcolon == 1) { 1882 if (*a == 0) { 1883 if (i == 7) 1884 *cp++ = ':'; 1885 a++; 1886 continue; 1887 } else 1888 dcolon = 2; 1889 } 1890 if (*a == 0) { 1891 if (dcolon == 0 && *(a + 1) == 0) { 1892 if (i == 0) 1893 *cp++ = ':'; 1894 *cp++ = ':'; 1895 dcolon = 1; 1896 } else { 1897 *cp++ = '0'; 1898 *cp++ = ':'; 1899 } 1900 a++; 1901 continue; 1902 } 1903 d = (const u_char *)a; 1904 /* Try to eliminate leading zeros in printout like in :0001. */ 1905 zero = 1; 1906 *cp = digits[*d >> 4]; 1907 if (*cp != '0') { 1908 zero = 0; 1909 cp++; 1910 } 1911 *cp = digits[*d++ & 0xf]; 1912 if (zero == 0 || (*cp != '0')) { 1913 zero = 0; 1914 cp++; 1915 } 1916 *cp = digits[*d >> 4]; 1917 if (zero == 0 || (*cp != '0')) { 1918 zero = 0; 1919 cp++; 1920 } 1921 *cp++ = digits[*d & 0xf]; 1922 *cp++ = ':'; 1923 a++; 1924 } 1925 *--cp = '\0'; 1926 return (ip6buf); 1927 } 1928 1929 int 1930 in6_localaddr(struct in6_addr *in6) 1931 { 1932 struct in6_ifaddr *ia; 1933 1934 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1935 return 1; 1936 1937 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1938 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1939 &ia->ia_prefixmask.sin6_addr)) { 1940 return 1; 1941 } 1942 } 1943 1944 return (0); 1945 } 1946 1947 int 1948 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1949 { 1950 struct in6_ifaddr *ia; 1951 1952 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1953 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1954 &sa6->sin6_addr) && 1955 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) 1956 return (1); /* true */ 1957 1958 /* XXX: do we still have to go thru the rest of the list? */ 1959 } 1960 1961 return (0); /* false */ 1962 } 1963 1964 /* 1965 * return length of part which dst and src are equal 1966 * hard coding... 1967 */ 1968 int 1969 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1970 { 1971 int match = 0; 1972 u_char *s = (u_char *)src, *d = (u_char *)dst; 1973 u_char *lim = s + 16, r; 1974 1975 while (s < lim) 1976 if ((r = (*d++ ^ *s++)) != 0) { 1977 while (r < 128) { 1978 match++; 1979 r <<= 1; 1980 } 1981 break; 1982 } else 1983 match += 8; 1984 return match; 1985 } 1986 1987 /* XXX: to be scope conscious */ 1988 int 1989 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1990 { 1991 int bytelen, bitlen; 1992 1993 /* sanity check */ 1994 if (0 > len || len > 128) { 1995 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1996 len); 1997 return (0); 1998 } 1999 2000 bytelen = len / 8; 2001 bitlen = len % 8; 2002 2003 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 2004 return (0); 2005 if (bitlen != 0 && 2006 p1->s6_addr[bytelen] >> (8 - bitlen) != 2007 p2->s6_addr[bytelen] >> (8 - bitlen)) 2008 return (0); 2009 2010 return (1); 2011 } 2012 2013 void 2014 in6_prefixlen2mask(struct in6_addr *maskp, int len) 2015 { 2016 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 2017 int bytelen, bitlen, i; 2018 2019 /* sanity check */ 2020 if (0 > len || len > 128) { 2021 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 2022 len); 2023 return; 2024 } 2025 2026 bzero(maskp, sizeof(*maskp)); 2027 bytelen = len / 8; 2028 bitlen = len % 8; 2029 for (i = 0; i < bytelen; i++) 2030 maskp->s6_addr[i] = 0xff; 2031 if (bitlen) 2032 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 2033 } 2034 2035 /* 2036 * return the best address out of the same scope. if no address was 2037 * found, return the first valid address from designated IF. 2038 */ 2039 struct in6_ifaddr * 2040 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 2041 { 2042 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 2043 struct ifaddr *ifa; 2044 struct in6_ifaddr *besta = 0; 2045 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 2046 2047 dep[0] = dep[1] = NULL; 2048 2049 /* 2050 * We first look for addresses in the same scope. 2051 * If there is one, return it. 2052 * If two or more, return one which matches the dst longest. 2053 * If none, return one of global addresses assigned other ifs. 2054 */ 2055 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 2056 if (ifa->ifa_addr->sa_family != AF_INET6) 2057 continue; 2058 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2059 continue; /* XXX: is there any case to allow anycast? */ 2060 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2061 continue; /* don't use this interface */ 2062 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2063 continue; 2064 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2065 if (ip6_use_deprecated) 2066 dep[0] = (struct in6_ifaddr *)ifa; 2067 continue; 2068 } 2069 2070 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 2071 /* 2072 * call in6_matchlen() as few as possible 2073 */ 2074 if (besta) { 2075 if (blen == -1) 2076 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 2077 tlen = in6_matchlen(IFA_IN6(ifa), dst); 2078 if (tlen > blen) { 2079 blen = tlen; 2080 besta = (struct in6_ifaddr *)ifa; 2081 } 2082 } else 2083 besta = (struct in6_ifaddr *)ifa; 2084 } 2085 } 2086 if (besta) 2087 return (besta); 2088 2089 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 2090 if (ifa->ifa_addr->sa_family != AF_INET6) 2091 continue; 2092 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 2093 continue; /* XXX: is there any case to allow anycast? */ 2094 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 2095 continue; /* don't use this interface */ 2096 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 2097 continue; 2098 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 2099 if (ip6_use_deprecated) 2100 dep[1] = (struct in6_ifaddr *)ifa; 2101 continue; 2102 } 2103 2104 return (struct in6_ifaddr *)ifa; 2105 } 2106 2107 /* use the last-resort values, that are, deprecated addresses */ 2108 if (dep[0]) 2109 return dep[0]; 2110 if (dep[1]) 2111 return dep[1]; 2112 2113 return NULL; 2114 } 2115 2116 /* 2117 * perform DAD when interface becomes IFF_UP. 2118 */ 2119 void 2120 in6_if_up(struct ifnet *ifp) 2121 { 2122 struct ifaddr *ifa; 2123 struct in6_ifaddr *ia; 2124 2125 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 2126 if (ifa->ifa_addr->sa_family != AF_INET6) 2127 continue; 2128 ia = (struct in6_ifaddr *)ifa; 2129 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 2130 /* 2131 * The TENTATIVE flag was likely set by hand 2132 * beforehand, implicitly indicating the need for DAD. 2133 * We may be able to skip the random delay in this 2134 * case, but we impose delays just in case. 2135 */ 2136 nd6_dad_start(ifa, 2137 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 2138 } 2139 } 2140 2141 /* 2142 * special cases, like 6to4, are handled in in6_ifattach 2143 */ 2144 in6_ifattach(ifp, NULL); 2145 } 2146 2147 int 2148 in6if_do_dad(struct ifnet *ifp) 2149 { 2150 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2151 return (0); 2152 2153 switch (ifp->if_type) { 2154 #ifdef IFT_DUMMY 2155 case IFT_DUMMY: 2156 #endif 2157 case IFT_FAITH: 2158 /* 2159 * These interfaces do not have the IFF_LOOPBACK flag, 2160 * but loop packets back. We do not have to do DAD on such 2161 * interfaces. We should even omit it, because loop-backed 2162 * NS would confuse the DAD procedure. 2163 */ 2164 return (0); 2165 default: 2166 /* 2167 * Our DAD routine requires the interface up and running. 2168 * However, some interfaces can be up before the RUNNING 2169 * status. Additionaly, users may try to assign addresses 2170 * before the interface becomes up (or running). 2171 * We simply skip DAD in such a case as a work around. 2172 * XXX: we should rather mark "tentative" on such addresses, 2173 * and do DAD after the interface becomes ready. 2174 */ 2175 if (!((ifp->if_flags & IFF_UP) && 2176 (ifp->if_drv_flags & IFF_DRV_RUNNING))) 2177 return (0); 2178 2179 return (1); 2180 } 2181 } 2182 2183 /* 2184 * Calculate max IPv6 MTU through all the interfaces and store it 2185 * to in6_maxmtu. 2186 */ 2187 void 2188 in6_setmaxmtu(void) 2189 { 2190 unsigned long maxmtu = 0; 2191 struct ifnet *ifp; 2192 2193 IFNET_RLOCK(); 2194 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) { 2195 /* this function can be called during ifnet initialization */ 2196 if (!ifp->if_afdata[AF_INET6]) 2197 continue; 2198 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2199 IN6_LINKMTU(ifp) > maxmtu) 2200 maxmtu = IN6_LINKMTU(ifp); 2201 } 2202 IFNET_RUNLOCK(); 2203 if (maxmtu) /* update only when maxmtu is positive */ 2204 in6_maxmtu = maxmtu; 2205 } 2206 2207 /* 2208 * Provide the length of interface identifiers to be used for the link attached 2209 * to the given interface. The length should be defined in "IPv6 over 2210 * xxx-link" document. Note that address architecture might also define 2211 * the length for a particular set of address prefixes, regardless of the 2212 * link type. As clarified in rfc2462bis, those two definitions should be 2213 * consistent, and those really are as of August 2004. 2214 */ 2215 int 2216 in6_if2idlen(struct ifnet *ifp) 2217 { 2218 switch (ifp->if_type) { 2219 case IFT_ETHER: /* RFC2464 */ 2220 #ifdef IFT_PROPVIRTUAL 2221 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2222 #endif 2223 #ifdef IFT_L2VLAN 2224 case IFT_L2VLAN: /* ditto */ 2225 #endif 2226 #ifdef IFT_IEEE80211 2227 case IFT_IEEE80211: /* ditto */ 2228 #endif 2229 #ifdef IFT_MIP 2230 case IFT_MIP: /* ditto */ 2231 #endif 2232 return (64); 2233 case IFT_FDDI: /* RFC2467 */ 2234 return (64); 2235 case IFT_ISO88025: /* RFC2470 (IPv6 over Token Ring) */ 2236 return (64); 2237 case IFT_PPP: /* RFC2472 */ 2238 return (64); 2239 case IFT_ARCNET: /* RFC2497 */ 2240 return (64); 2241 case IFT_FRELAY: /* RFC2590 */ 2242 return (64); 2243 case IFT_IEEE1394: /* RFC3146 */ 2244 return (64); 2245 case IFT_GIF: 2246 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 2247 case IFT_LOOP: 2248 return (64); /* XXX: is this really correct? */ 2249 default: 2250 /* 2251 * Unknown link type: 2252 * It might be controversial to use the today's common constant 2253 * of 64 for these cases unconditionally. For full compliance, 2254 * we should return an error in this case. On the other hand, 2255 * if we simply miss the standard for the link type or a new 2256 * standard is defined for a new link type, the IFID length 2257 * is very likely to be the common constant. As a compromise, 2258 * we always use the constant, but make an explicit notice 2259 * indicating the "unknown" case. 2260 */ 2261 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2262 return (64); 2263 } 2264 } 2265 2266 void * 2267 in6_domifattach(struct ifnet *ifp) 2268 { 2269 struct in6_ifextra *ext; 2270 2271 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2272 bzero(ext, sizeof(*ext)); 2273 2274 ext->in6_ifstat = (struct in6_ifstat *)malloc(sizeof(struct in6_ifstat), 2275 M_IFADDR, M_WAITOK); 2276 bzero(ext->in6_ifstat, sizeof(*ext->in6_ifstat)); 2277 2278 ext->icmp6_ifstat = 2279 (struct icmp6_ifstat *)malloc(sizeof(struct icmp6_ifstat), 2280 M_IFADDR, M_WAITOK); 2281 bzero(ext->icmp6_ifstat, sizeof(*ext->icmp6_ifstat)); 2282 2283 ext->nd_ifinfo = nd6_ifattach(ifp); 2284 ext->scope6_id = scope6_ifattach(ifp); 2285 return ext; 2286 } 2287 2288 void 2289 in6_domifdetach(struct ifnet *ifp, void *aux) 2290 { 2291 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2292 2293 scope6_ifdetach(ext->scope6_id); 2294 nd6_ifdetach(ext->nd_ifinfo); 2295 free(ext->in6_ifstat, M_IFADDR); 2296 free(ext->icmp6_ifstat, M_IFADDR); 2297 free(ext, M_IFADDR); 2298 } 2299 2300 /* 2301 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2302 * v4 mapped addr or v4 compat addr 2303 */ 2304 void 2305 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2306 { 2307 2308 bzero(sin, sizeof(*sin)); 2309 sin->sin_len = sizeof(struct sockaddr_in); 2310 sin->sin_family = AF_INET; 2311 sin->sin_port = sin6->sin6_port; 2312 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2313 } 2314 2315 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2316 void 2317 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2318 { 2319 bzero(sin6, sizeof(*sin6)); 2320 sin6->sin6_len = sizeof(struct sockaddr_in6); 2321 sin6->sin6_family = AF_INET6; 2322 sin6->sin6_port = sin->sin_port; 2323 sin6->sin6_addr.s6_addr32[0] = 0; 2324 sin6->sin6_addr.s6_addr32[1] = 0; 2325 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2326 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2327 } 2328 2329 /* Convert sockaddr_in6 into sockaddr_in. */ 2330 void 2331 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2332 { 2333 struct sockaddr_in *sin_p; 2334 struct sockaddr_in6 sin6; 2335 2336 /* 2337 * Save original sockaddr_in6 addr and convert it 2338 * to sockaddr_in. 2339 */ 2340 sin6 = *(struct sockaddr_in6 *)nam; 2341 sin_p = (struct sockaddr_in *)nam; 2342 in6_sin6_2_sin(sin_p, &sin6); 2343 } 2344 2345 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2346 void 2347 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2348 { 2349 struct sockaddr_in *sin_p; 2350 struct sockaddr_in6 *sin6_p; 2351 2352 MALLOC(sin6_p, struct sockaddr_in6 *, sizeof *sin6_p, M_SONAME, 2353 M_WAITOK); 2354 sin_p = (struct sockaddr_in *)*nam; 2355 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2356 FREE(*nam, M_SONAME); 2357 *nam = (struct sockaddr *)sin6_p; 2358 } 2359