1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $ 32 */ 33 34 /*- 35 * Copyright (c) 1982, 1986, 1991, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. Neither the name of the University nor the names of its contributors 47 * may be used to endorse or promote products derived from this software 48 * without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 * 62 * @(#)in.c 8.2 (Berkeley) 11/15/93 63 */ 64 65 #include <sys/cdefs.h> 66 __FBSDID("$FreeBSD$"); 67 68 #include "opt_inet.h" 69 #include "opt_inet6.h" 70 71 #include <sys/param.h> 72 #include <sys/capsicum.h> 73 #include <sys/eventhandler.h> 74 #include <sys/errno.h> 75 #include <sys/jail.h> 76 #include <sys/malloc.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/systm.h> 81 #include <sys/priv.h> 82 #include <sys/proc.h> 83 #include <sys/protosw.h> 84 #include <sys/time.h> 85 #include <sys/kernel.h> 86 #include <sys/lock.h> 87 #include <sys/rmlock.h> 88 #include <sys/sysctl.h> 89 #include <sys/syslog.h> 90 91 #include <net/if.h> 92 #include <net/if_var.h> 93 #include <net/if_types.h> 94 #include <net/route.h> 95 #include <net/route/route_ctl.h> 96 #include <net/route/nhop.h> 97 #include <net/if_dl.h> 98 #include <net/vnet.h> 99 100 #include <netinet/in.h> 101 #include <netinet/in_var.h> 102 #include <net/if_llatbl.h> 103 #include <netinet/if_ether.h> 104 #include <netinet/in_systm.h> 105 #include <netinet/ip.h> 106 #include <netinet/in_pcb.h> 107 #include <netinet/ip_carp.h> 108 109 #include <netinet/ip6.h> 110 #include <netinet6/ip6_var.h> 111 #include <netinet6/nd6.h> 112 #include <netinet6/mld6_var.h> 113 #include <netinet6/ip6_mroute.h> 114 #include <netinet6/in6_ifattach.h> 115 #include <netinet6/scope6_var.h> 116 #include <netinet6/in6_fib.h> 117 #include <netinet6/in6_pcb.h> 118 119 /* 120 * struct in6_ifreq and struct ifreq must be type punnable for common members 121 * of ifr_ifru to allow accessors to be shared. 122 */ 123 _Static_assert(offsetof(struct in6_ifreq, ifr_ifru) == 124 offsetof(struct ifreq, ifr_ifru), 125 "struct in6_ifreq and struct ifreq are not type punnable"); 126 127 VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix); 128 #define V_icmp6_nodeinfo_oldmcprefix VNET(icmp6_nodeinfo_oldmcprefix) 129 130 /* 131 * Definitions of some costant IP6 addresses. 132 */ 133 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 134 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 135 const struct in6_addr in6addr_nodelocal_allnodes = 136 IN6ADDR_NODELOCAL_ALLNODES_INIT; 137 const struct in6_addr in6addr_linklocal_allnodes = 138 IN6ADDR_LINKLOCAL_ALLNODES_INIT; 139 const struct in6_addr in6addr_linklocal_allrouters = 140 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 141 const struct in6_addr in6addr_linklocal_allv2routers = 142 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT; 143 144 const struct in6_addr in6mask0 = IN6MASK0; 145 const struct in6_addr in6mask32 = IN6MASK32; 146 const struct in6_addr in6mask64 = IN6MASK64; 147 const struct in6_addr in6mask96 = IN6MASK96; 148 const struct in6_addr in6mask128 = IN6MASK128; 149 150 const struct sockaddr_in6 sa6_any = 151 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 }; 152 153 static int in6_notify_ifa(struct ifnet *, struct in6_ifaddr *, 154 struct in6_aliasreq *, int); 155 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *); 156 157 static int in6_validate_ifra(struct ifnet *, struct in6_aliasreq *, 158 struct in6_ifaddr *, int); 159 static struct in6_ifaddr *in6_alloc_ifa(struct ifnet *, 160 struct in6_aliasreq *, int flags); 161 static int in6_update_ifa_internal(struct ifnet *, struct in6_aliasreq *, 162 struct in6_ifaddr *, int, int); 163 static int in6_broadcast_ifa(struct ifnet *, struct in6_aliasreq *, 164 struct in6_ifaddr *, int); 165 166 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa)) 167 #define ia62ifa(ia6) (&((ia6)->ia_ifa)) 168 169 void 170 in6_newaddrmsg(struct in6_ifaddr *ia, int cmd) 171 { 172 struct rt_addrinfo info; 173 struct ifaddr *ifa; 174 struct sockaddr_dl gateway; 175 int fibnum; 176 177 ifa = &ia->ia_ifa; 178 179 /* 180 * Prepare info data for the host route. 181 * This code mimics one from ifa_maintain_loopback_route(). 182 */ 183 bzero(&info, sizeof(struct rt_addrinfo)); 184 info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED; 185 info.rti_info[RTAX_DST] = ifa->ifa_addr; 186 info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gateway; 187 link_init_sdl(ifa->ifa_ifp, (struct sockaddr *)&gateway, ifa->ifa_ifp->if_type); 188 if (cmd != RTM_DELETE) 189 info.rti_ifp = V_loif; 190 191 fibnum = ia62ifa(ia)->ifa_ifp->if_fib; 192 193 if (cmd == RTM_ADD) { 194 rt_addrmsg(cmd, &ia->ia_ifa, fibnum); 195 rt_routemsg_info(cmd, &info, fibnum); 196 } else if (cmd == RTM_DELETE) { 197 rt_routemsg_info(cmd, &info, fibnum); 198 rt_addrmsg(cmd, &ia->ia_ifa, fibnum); 199 } 200 } 201 202 int 203 in6_mask2len(struct in6_addr *mask, u_char *lim0) 204 { 205 int x = 0, y; 206 u_char *lim = lim0, *p; 207 208 /* ignore the scope_id part */ 209 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask)) 210 lim = (u_char *)mask + sizeof(*mask); 211 for (p = (u_char *)mask; p < lim; x++, p++) { 212 if (*p != 0xff) 213 break; 214 } 215 y = 0; 216 if (p < lim) { 217 for (y = 0; y < 8; y++) { 218 if ((*p & (0x80 >> y)) == 0) 219 break; 220 } 221 } 222 223 /* 224 * when the limit pointer is given, do a stricter check on the 225 * remaining bits. 226 */ 227 if (p < lim) { 228 if (y != 0 && (*p & (0x00ff >> y)) != 0) 229 return (-1); 230 for (p = p + 1; p < lim; p++) 231 if (*p != 0) 232 return (-1); 233 } 234 235 return x * 8 + y; 236 } 237 238 #ifdef COMPAT_FREEBSD32 239 struct in6_ndifreq32 { 240 char ifname[IFNAMSIZ]; 241 uint32_t ifindex; 242 }; 243 #define SIOCGDEFIFACE32_IN6 _IOWR('i', 86, struct in6_ndifreq32) 244 #endif 245 246 int 247 in6_control(struct socket *so, u_long cmd, caddr_t data, 248 struct ifnet *ifp, struct thread *td) 249 { 250 struct in6_ifreq *ifr = (struct in6_ifreq *)data; 251 struct in6_ifaddr *ia = NULL; 252 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data; 253 struct sockaddr_in6 *sa6; 254 int carp_attached = 0; 255 int error; 256 u_long ocmd = cmd; 257 258 if (td != NULL && IN_CAPABILITY_MODE(td)) 259 return (ECAPMODE); 260 261 /* 262 * Compat to make pre-10.x ifconfig(8) operable. 263 */ 264 if (cmd == OSIOCAIFADDR_IN6) 265 cmd = SIOCAIFADDR_IN6; 266 267 switch (cmd) { 268 case SIOCGETSGCNT_IN6: 269 case SIOCGETMIFCNT_IN6: 270 /* 271 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c. 272 * We cannot see how that would be needed, so do not adjust the 273 * KPI blindly; more likely should clean up the IPv4 variant. 274 */ 275 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP); 276 } 277 278 switch (cmd) { 279 case SIOCAADDRCTL_POLICY: 280 case SIOCDADDRCTL_POLICY: 281 if (td != NULL) { 282 error = priv_check(td, PRIV_NETINET_ADDRCTRL6); 283 if (error) 284 return (error); 285 } 286 return (in6_src_ioctl(cmd, data)); 287 } 288 289 if (ifp == NULL) 290 return (EOPNOTSUPP); 291 292 switch (cmd) { 293 case SIOCSNDFLUSH_IN6: 294 case SIOCSPFXFLUSH_IN6: 295 case SIOCSRTRFLUSH_IN6: 296 case SIOCSDEFIFACE_IN6: 297 case SIOCSIFINFO_FLAGS: 298 case SIOCSIFINFO_IN6: 299 if (td != NULL) { 300 error = priv_check(td, PRIV_NETINET_ND6); 301 if (error) 302 return (error); 303 } 304 /* FALLTHROUGH */ 305 case OSIOCGIFINFO_IN6: 306 case SIOCGIFINFO_IN6: 307 case SIOCGNBRINFO_IN6: 308 case SIOCGDEFIFACE_IN6: 309 return (nd6_ioctl(cmd, data, ifp)); 310 311 #ifdef COMPAT_FREEBSD32 312 case SIOCGDEFIFACE32_IN6: 313 { 314 struct in6_ndifreq ndif; 315 struct in6_ndifreq32 *ndif32; 316 317 error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif, 318 ifp); 319 if (error) 320 return (error); 321 ndif32 = (struct in6_ndifreq32 *)data; 322 ndif32->ifindex = ndif.ifindex; 323 return (0); 324 } 325 #endif 326 } 327 328 switch (cmd) { 329 case SIOCSIFPREFIX_IN6: 330 case SIOCDIFPREFIX_IN6: 331 case SIOCAIFPREFIX_IN6: 332 case SIOCCIFPREFIX_IN6: 333 case SIOCSGIFPREFIX_IN6: 334 case SIOCGIFPREFIX_IN6: 335 log(LOG_NOTICE, 336 "prefix ioctls are now invalidated. " 337 "please use ifconfig.\n"); 338 return (EOPNOTSUPP); 339 } 340 341 switch (cmd) { 342 case SIOCSSCOPE6: 343 if (td != NULL) { 344 error = priv_check(td, PRIV_NETINET_SCOPE6); 345 if (error) 346 return (error); 347 } 348 /* FALLTHROUGH */ 349 case SIOCGSCOPE6: 350 case SIOCGSCOPE6DEF: 351 return (scope6_ioctl(cmd, data, ifp)); 352 } 353 354 /* 355 * Find address for this interface, if it exists. 356 * 357 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation 358 * only, and used the first interface address as the target of other 359 * operations (without checking ifra_addr). This was because netinet 360 * code/API assumed at most 1 interface address per interface. 361 * Since IPv6 allows a node to assign multiple addresses 362 * on a single interface, we almost always look and check the 363 * presence of ifra_addr, and reject invalid ones here. 364 * It also decreases duplicated code among SIOC*_IN6 operations. 365 */ 366 switch (cmd) { 367 case SIOCAIFADDR_IN6: 368 case SIOCSIFPHYADDR_IN6: 369 sa6 = &ifra->ifra_addr; 370 break; 371 case SIOCSIFADDR_IN6: 372 case SIOCGIFADDR_IN6: 373 case SIOCSIFDSTADDR_IN6: 374 case SIOCSIFNETMASK_IN6: 375 case SIOCGIFDSTADDR_IN6: 376 case SIOCGIFNETMASK_IN6: 377 case SIOCDIFADDR_IN6: 378 case SIOCGIFPSRCADDR_IN6: 379 case SIOCGIFPDSTADDR_IN6: 380 case SIOCGIFAFLAG_IN6: 381 case SIOCSNDFLUSH_IN6: 382 case SIOCSPFXFLUSH_IN6: 383 case SIOCSRTRFLUSH_IN6: 384 case SIOCGIFALIFETIME_IN6: 385 case SIOCGIFSTAT_IN6: 386 case SIOCGIFSTAT_ICMP6: 387 sa6 = &ifr->ifr_addr; 388 break; 389 case SIOCSIFADDR: 390 case SIOCSIFBRDADDR: 391 case SIOCSIFDSTADDR: 392 case SIOCSIFNETMASK: 393 /* 394 * Although we should pass any non-INET6 ioctl requests 395 * down to driver, we filter some legacy INET requests. 396 * Drivers trust SIOCSIFADDR et al to come from an already 397 * privileged layer, and do not perform any credentials 398 * checks or input validation. 399 */ 400 return (EINVAL); 401 default: 402 sa6 = NULL; 403 break; 404 } 405 if (sa6 && sa6->sin6_family == AF_INET6) { 406 if (sa6->sin6_scope_id != 0) 407 error = sa6_embedscope(sa6, 0); 408 else 409 error = in6_setscope(&sa6->sin6_addr, ifp, NULL); 410 if (error != 0) 411 return (error); 412 if (td != NULL && (error = prison_check_ip6(td->td_ucred, 413 &sa6->sin6_addr)) != 0) 414 return (error); 415 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr); 416 } else 417 ia = NULL; 418 419 switch (cmd) { 420 case SIOCSIFADDR_IN6: 421 case SIOCSIFDSTADDR_IN6: 422 case SIOCSIFNETMASK_IN6: 423 /* 424 * Since IPv6 allows a node to assign multiple addresses 425 * on a single interface, SIOCSIFxxx ioctls are deprecated. 426 */ 427 /* we decided to obsolete this command (20000704) */ 428 error = EINVAL; 429 goto out; 430 431 case SIOCDIFADDR_IN6: 432 /* 433 * for IPv4, we look for existing in_ifaddr here to allow 434 * "ifconfig if0 delete" to remove the first IPv4 address on 435 * the interface. For IPv6, as the spec allows multiple 436 * interface address from the day one, we consider "remove the 437 * first one" semantics to be not preferable. 438 */ 439 if (ia == NULL) { 440 error = EADDRNOTAVAIL; 441 goto out; 442 } 443 /* FALLTHROUGH */ 444 case SIOCAIFADDR_IN6: 445 /* 446 * We always require users to specify a valid IPv6 address for 447 * the corresponding operation. 448 */ 449 if (ifra->ifra_addr.sin6_family != AF_INET6 || 450 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) { 451 error = EAFNOSUPPORT; 452 goto out; 453 } 454 455 if (td != NULL) { 456 error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? 457 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); 458 if (error) 459 goto out; 460 } 461 /* FALLTHROUGH */ 462 case SIOCGIFSTAT_IN6: 463 case SIOCGIFSTAT_ICMP6: 464 if (ifp->if_afdata[AF_INET6] == NULL) { 465 error = EPFNOSUPPORT; 466 goto out; 467 } 468 break; 469 470 case SIOCGIFADDR_IN6: 471 /* This interface is basically deprecated. use SIOCGIFCONF. */ 472 /* FALLTHROUGH */ 473 case SIOCGIFAFLAG_IN6: 474 case SIOCGIFNETMASK_IN6: 475 case SIOCGIFDSTADDR_IN6: 476 case SIOCGIFALIFETIME_IN6: 477 /* must think again about its semantics */ 478 if (ia == NULL) { 479 error = EADDRNOTAVAIL; 480 goto out; 481 } 482 break; 483 } 484 485 switch (cmd) { 486 case SIOCGIFADDR_IN6: 487 ifr->ifr_addr = ia->ia_addr; 488 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0) 489 goto out; 490 break; 491 492 case SIOCGIFDSTADDR_IN6: 493 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 494 error = EINVAL; 495 goto out; 496 } 497 ifr->ifr_dstaddr = ia->ia_dstaddr; 498 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0) 499 goto out; 500 break; 501 502 case SIOCGIFNETMASK_IN6: 503 ifr->ifr_addr = ia->ia_prefixmask; 504 break; 505 506 case SIOCGIFAFLAG_IN6: 507 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags; 508 break; 509 510 case SIOCGIFSTAT_IN6: 511 COUNTER_ARRAY_COPY(((struct in6_ifextra *) 512 ifp->if_afdata[AF_INET6])->in6_ifstat, 513 &ifr->ifr_ifru.ifru_stat, 514 sizeof(struct in6_ifstat) / sizeof(uint64_t)); 515 break; 516 517 case SIOCGIFSTAT_ICMP6: 518 COUNTER_ARRAY_COPY(((struct in6_ifextra *) 519 ifp->if_afdata[AF_INET6])->icmp6_ifstat, 520 &ifr->ifr_ifru.ifru_icmp6stat, 521 sizeof(struct icmp6_ifstat) / sizeof(uint64_t)); 522 break; 523 524 case SIOCGIFALIFETIME_IN6: 525 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime; 526 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 527 time_t maxexpire; 528 struct in6_addrlifetime *retlt = 529 &ifr->ifr_ifru.ifru_lifetime; 530 531 /* 532 * XXX: adjust expiration time assuming time_t is 533 * signed. 534 */ 535 maxexpire = (-1) & 536 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 537 if (ia->ia6_lifetime.ia6t_vltime < 538 maxexpire - ia->ia6_updatetime) { 539 retlt->ia6t_expire = ia->ia6_updatetime + 540 ia->ia6_lifetime.ia6t_vltime; 541 } else 542 retlt->ia6t_expire = maxexpire; 543 } 544 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 545 time_t maxexpire; 546 struct in6_addrlifetime *retlt = 547 &ifr->ifr_ifru.ifru_lifetime; 548 549 /* 550 * XXX: adjust expiration time assuming time_t is 551 * signed. 552 */ 553 maxexpire = (-1) & 554 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 555 if (ia->ia6_lifetime.ia6t_pltime < 556 maxexpire - ia->ia6_updatetime) { 557 retlt->ia6t_preferred = ia->ia6_updatetime + 558 ia->ia6_lifetime.ia6t_pltime; 559 } else 560 retlt->ia6t_preferred = maxexpire; 561 } 562 break; 563 564 case SIOCAIFADDR_IN6: 565 { 566 struct nd_prefixctl pr0; 567 struct nd_prefix *pr; 568 569 /* 570 * first, make or update the interface address structure, 571 * and link it to the list. 572 */ 573 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0) 574 goto out; 575 if (ia != NULL) { 576 if (ia->ia_ifa.ifa_carp) 577 (*carp_detach_p)(&ia->ia_ifa, true); 578 ifa_free(&ia->ia_ifa); 579 } 580 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) 581 == NULL) { 582 /* 583 * this can happen when the user specify the 0 valid 584 * lifetime. 585 */ 586 break; 587 } 588 589 if (cmd == ocmd && ifra->ifra_vhid > 0) { 590 if (carp_attach_p != NULL) 591 error = (*carp_attach_p)(&ia->ia_ifa, 592 ifra->ifra_vhid); 593 else 594 error = EPROTONOSUPPORT; 595 if (error) 596 goto out; 597 else 598 carp_attached = 1; 599 } 600 601 /* 602 * then, make the prefix on-link on the interface. 603 * XXX: we'd rather create the prefix before the address, but 604 * we need at least one address to install the corresponding 605 * interface route, so we configure the address first. 606 */ 607 608 /* 609 * convert mask to prefix length (prefixmask has already 610 * been validated in in6_update_ifa(). 611 */ 612 bzero(&pr0, sizeof(pr0)); 613 pr0.ndpr_ifp = ifp; 614 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 615 NULL); 616 if (pr0.ndpr_plen == 128) { 617 /* we don't need to install a host route. */ 618 goto aifaddr_out; 619 } 620 pr0.ndpr_prefix = ifra->ifra_addr; 621 /* apply the mask for safety. */ 622 IN6_MASK_ADDR(&pr0.ndpr_prefix.sin6_addr, 623 &ifra->ifra_prefixmask.sin6_addr); 624 625 /* 626 * XXX: since we don't have an API to set prefix (not address) 627 * lifetimes, we just use the same lifetimes as addresses. 628 * The (temporarily) installed lifetimes can be overridden by 629 * later advertised RAs (when accept_rtadv is non 0), which is 630 * an intended behavior. 631 */ 632 pr0.ndpr_raf_onlink = 1; /* should be configurable? */ 633 pr0.ndpr_raf_auto = 634 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0); 635 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime; 636 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime; 637 638 /* add the prefix if not yet. */ 639 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) { 640 /* 641 * nd6_prelist_add will install the corresponding 642 * interface route. 643 */ 644 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) { 645 if (carp_attached) 646 (*carp_detach_p)(&ia->ia_ifa, false); 647 goto out; 648 } 649 } 650 651 /* relate the address to the prefix */ 652 if (ia->ia6_ndpr == NULL) { 653 ia->ia6_ndpr = pr; 654 pr->ndpr_addrcnt++; 655 656 /* 657 * If this is the first autoconf address from the 658 * prefix, create a temporary address as well 659 * (when required). 660 */ 661 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) && 662 V_ip6_use_tempaddr && pr->ndpr_addrcnt == 1) { 663 int e; 664 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) { 665 log(LOG_NOTICE, "in6_control: failed " 666 "to create a temporary address, " 667 "errno=%d\n", e); 668 } 669 } 670 } 671 nd6_prefix_rele(pr); 672 673 /* 674 * this might affect the status of autoconfigured addresses, 675 * that is, this address might make other addresses detached. 676 */ 677 pfxlist_onlink_check(); 678 679 aifaddr_out: 680 /* 681 * Try to clear the flag when a new IPv6 address is added 682 * onto an IFDISABLED interface and it succeeds. 683 */ 684 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 685 struct in6_ndireq nd; 686 687 memset(&nd, 0, sizeof(nd)); 688 nd.ndi.flags = ND_IFINFO(ifp)->flags; 689 nd.ndi.flags &= ~ND6_IFF_IFDISABLED; 690 if (nd6_ioctl(SIOCSIFINFO_FLAGS, (caddr_t)&nd, ifp) < 0) 691 log(LOG_NOTICE, "SIOCAIFADDR_IN6: " 692 "SIOCSIFINFO_FLAGS for -ifdisabled " 693 "failed."); 694 /* 695 * Ignore failure of clearing the flag intentionally. 696 * The failure means address duplication was detected. 697 */ 698 } 699 break; 700 } 701 702 case SIOCDIFADDR_IN6: 703 in6_purgeifaddr(ia); 704 EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa, 705 IFADDR_EVENT_DEL); 706 break; 707 708 default: 709 if (ifp->if_ioctl == NULL) { 710 error = EOPNOTSUPP; 711 goto out; 712 } 713 error = (*ifp->if_ioctl)(ifp, cmd, data); 714 goto out; 715 } 716 717 error = 0; 718 out: 719 if (ia != NULL) 720 ifa_free(&ia->ia_ifa); 721 return (error); 722 } 723 724 static struct in6_multi_mship * 725 in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr, 726 int *errorp, int delay) 727 { 728 struct in6_multi_mship *imm; 729 int error; 730 731 imm = malloc(sizeof(*imm), M_IP6MADDR, M_NOWAIT); 732 if (imm == NULL) { 733 *errorp = ENOBUFS; 734 return (NULL); 735 } 736 737 delay = (delay * PR_FASTHZ) / hz; 738 739 error = in6_joingroup(ifp, mcaddr, NULL, &imm->i6mm_maddr, delay); 740 if (error) { 741 *errorp = error; 742 free(imm, M_IP6MADDR); 743 return (NULL); 744 } 745 746 return (imm); 747 } 748 /* 749 * Join necessary multicast groups. Factored out from in6_update_ifa(). 750 * This entire work should only be done once, for the default FIB. 751 */ 752 static int 753 in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra, 754 struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol) 755 { 756 char ip6buf[INET6_ADDRSTRLEN]; 757 struct in6_addr mltaddr; 758 struct in6_multi_mship *imm; 759 int delay, error; 760 761 KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__)); 762 763 /* Join solicited multicast addr for new host id. */ 764 bzero(&mltaddr, sizeof(struct in6_addr)); 765 mltaddr.s6_addr32[0] = IPV6_ADDR_INT32_MLL; 766 mltaddr.s6_addr32[2] = htonl(1); 767 mltaddr.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3]; 768 mltaddr.s6_addr8[12] = 0xff; 769 if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0) { 770 /* XXX: should not happen */ 771 log(LOG_ERR, "%s: in6_setscope failed\n", __func__); 772 goto cleanup; 773 } 774 delay = error = 0; 775 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 776 /* 777 * We need a random delay for DAD on the address being 778 * configured. It also means delaying transmission of the 779 * corresponding MLD report to avoid report collision. 780 * [RFC 4861, Section 6.3.7] 781 */ 782 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 783 } 784 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay); 785 if (imm == NULL) { 786 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s " 787 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr), 788 if_name(ifp), error)); 789 goto cleanup; 790 } 791 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 792 *in6m_sol = imm->i6mm_maddr; 793 794 /* 795 * Join link-local all-nodes address. 796 */ 797 mltaddr = in6addr_linklocal_allnodes; 798 if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0) 799 goto cleanup; /* XXX: should not fail */ 800 801 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0); 802 if (imm == NULL) { 803 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s " 804 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr), 805 if_name(ifp), error)); 806 goto cleanup; 807 } 808 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 809 810 /* 811 * Join node information group address. 812 */ 813 delay = 0; 814 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 815 /* 816 * The spec does not say anything about delay for this group, 817 * but the same logic should apply. 818 */ 819 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 820 } 821 if (in6_nigroup(ifp, NULL, -1, &mltaddr) == 0) { 822 /* XXX jinmei */ 823 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay); 824 if (imm == NULL) 825 nd6log((LOG_WARNING, 826 "%s: in6_joingroup failed for %s on %s " 827 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 828 &mltaddr), if_name(ifp), error)); 829 /* XXX not very fatal, go on... */ 830 else 831 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 832 } 833 if (V_icmp6_nodeinfo_oldmcprefix && 834 in6_nigroup_oldmcprefix(ifp, NULL, -1, &mltaddr) == 0) { 835 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay); 836 if (imm == NULL) 837 nd6log((LOG_WARNING, 838 "%s: in6_joingroup failed for %s on %s " 839 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 840 &mltaddr), if_name(ifp), error)); 841 /* XXX not very fatal, go on... */ 842 else 843 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 844 } 845 846 /* 847 * Join interface-local all-nodes address. 848 * (ff01::1%ifN, and ff01::%ifN/32) 849 */ 850 mltaddr = in6addr_nodelocal_allnodes; 851 if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0) 852 goto cleanup; /* XXX: should not fail */ 853 854 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0); 855 if (imm == NULL) { 856 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s " 857 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, 858 &mltaddr), if_name(ifp), error)); 859 goto cleanup; 860 } 861 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain); 862 863 cleanup: 864 return (error); 865 } 866 867 /* 868 * Update parameters of an IPv6 interface address. 869 * If necessary, a new entry is created and linked into address chains. 870 * This function is separated from in6_control(). 871 */ 872 int 873 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 874 struct in6_ifaddr *ia, int flags) 875 { 876 int error, hostIsNew = 0; 877 878 if ((error = in6_validate_ifra(ifp, ifra, ia, flags)) != 0) 879 return (error); 880 881 if (ia == NULL) { 882 hostIsNew = 1; 883 if ((ia = in6_alloc_ifa(ifp, ifra, flags)) == NULL) 884 return (ENOBUFS); 885 } 886 887 error = in6_update_ifa_internal(ifp, ifra, ia, hostIsNew, flags); 888 if (error != 0) { 889 if (hostIsNew != 0) { 890 in6_unlink_ifa(ia, ifp); 891 ifa_free(&ia->ia_ifa); 892 } 893 return (error); 894 } 895 896 if (hostIsNew) 897 error = in6_broadcast_ifa(ifp, ifra, ia, flags); 898 899 return (error); 900 } 901 902 /* 903 * Fill in basic IPv6 address request info. 904 */ 905 void 906 in6_prepare_ifra(struct in6_aliasreq *ifra, const struct in6_addr *addr, 907 const struct in6_addr *mask) 908 { 909 910 memset(ifra, 0, sizeof(struct in6_aliasreq)); 911 912 ifra->ifra_addr.sin6_family = AF_INET6; 913 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 914 if (addr != NULL) 915 ifra->ifra_addr.sin6_addr = *addr; 916 917 ifra->ifra_prefixmask.sin6_family = AF_INET6; 918 ifra->ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 919 if (mask != NULL) 920 ifra->ifra_prefixmask.sin6_addr = *mask; 921 } 922 923 static int 924 in6_validate_ifra(struct ifnet *ifp, struct in6_aliasreq *ifra, 925 struct in6_ifaddr *ia, int flags) 926 { 927 int plen = -1; 928 struct sockaddr_in6 dst6; 929 struct in6_addrlifetime *lt; 930 char ip6buf[INET6_ADDRSTRLEN]; 931 932 /* Validate parameters */ 933 if (ifp == NULL || ifra == NULL) /* this maybe redundant */ 934 return (EINVAL); 935 936 /* 937 * The destination address for a p2p link must have a family 938 * of AF_UNSPEC or AF_INET6. 939 */ 940 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 941 ifra->ifra_dstaddr.sin6_family != AF_INET6 && 942 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC) 943 return (EAFNOSUPPORT); 944 945 /* 946 * Validate address 947 */ 948 if (ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6) || 949 ifra->ifra_addr.sin6_family != AF_INET6) 950 return (EINVAL); 951 952 /* 953 * validate ifra_prefixmask. don't check sin6_family, netmask 954 * does not carry fields other than sin6_len. 955 */ 956 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6)) 957 return (EINVAL); 958 /* 959 * Because the IPv6 address architecture is classless, we require 960 * users to specify a (non 0) prefix length (mask) for a new address. 961 * We also require the prefix (when specified) mask is valid, and thus 962 * reject a non-consecutive mask. 963 */ 964 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0) 965 return (EINVAL); 966 if (ifra->ifra_prefixmask.sin6_len != 0) { 967 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, 968 (u_char *)&ifra->ifra_prefixmask + 969 ifra->ifra_prefixmask.sin6_len); 970 if (plen <= 0) 971 return (EINVAL); 972 } else { 973 /* 974 * In this case, ia must not be NULL. We just use its prefix 975 * length. 976 */ 977 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); 978 } 979 /* 980 * If the destination address on a p2p interface is specified, 981 * and the address is a scoped one, validate/set the scope 982 * zone identifier. 983 */ 984 dst6 = ifra->ifra_dstaddr; 985 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 && 986 (dst6.sin6_family == AF_INET6)) { 987 struct in6_addr in6_tmp; 988 u_int32_t zoneid; 989 990 in6_tmp = dst6.sin6_addr; 991 if (in6_setscope(&in6_tmp, ifp, &zoneid)) 992 return (EINVAL); /* XXX: should be impossible */ 993 994 if (dst6.sin6_scope_id != 0) { 995 if (dst6.sin6_scope_id != zoneid) 996 return (EINVAL); 997 } else /* user omit to specify the ID. */ 998 dst6.sin6_scope_id = zoneid; 999 1000 /* convert into the internal form */ 1001 if (sa6_embedscope(&dst6, 0)) 1002 return (EINVAL); /* XXX: should be impossible */ 1003 } 1004 /* Modify original ifra_dstaddr to reflect changes */ 1005 ifra->ifra_dstaddr = dst6; 1006 1007 /* 1008 * The destination address can be specified only for a p2p or a 1009 * loopback interface. If specified, the corresponding prefix length 1010 * must be 128. 1011 */ 1012 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) { 1013 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) { 1014 /* XXX: noisy message */ 1015 nd6log((LOG_INFO, "in6_update_ifa: a destination can " 1016 "be specified for a p2p or a loopback IF only\n")); 1017 return (EINVAL); 1018 } 1019 if (plen != 128) { 1020 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should " 1021 "be 128 when dstaddr is specified\n")); 1022 return (EINVAL); 1023 } 1024 } 1025 /* lifetime consistency check */ 1026 lt = &ifra->ifra_lifetime; 1027 if (lt->ia6t_pltime > lt->ia6t_vltime) 1028 return (EINVAL); 1029 if (lt->ia6t_vltime == 0) { 1030 /* 1031 * the following log might be noisy, but this is a typical 1032 * configuration mistake or a tool's bug. 1033 */ 1034 nd6log((LOG_INFO, 1035 "in6_update_ifa: valid lifetime is 0 for %s\n", 1036 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr))); 1037 1038 if (ia == NULL) 1039 return (0); /* there's nothing to do */ 1040 } 1041 1042 /* Check prefix mask */ 1043 if (ia != NULL && ifra->ifra_prefixmask.sin6_len != 0) { 1044 /* 1045 * We prohibit changing the prefix length of an existing 1046 * address, because 1047 * + such an operation should be rare in IPv6, and 1048 * + the operation would confuse prefix management. 1049 */ 1050 if (ia->ia_prefixmask.sin6_len != 0 && 1051 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) { 1052 nd6log((LOG_INFO, "in6_validate_ifa: the prefix length " 1053 "of an existing %s address should not be changed\n", 1054 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1055 1056 return (EINVAL); 1057 } 1058 } 1059 1060 return (0); 1061 } 1062 1063 /* 1064 * Allocate a new ifaddr and link it into chains. 1065 */ 1066 static struct in6_ifaddr * 1067 in6_alloc_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int flags) 1068 { 1069 struct in6_ifaddr *ia; 1070 1071 /* 1072 * When in6_alloc_ifa() is called in a process of a received 1073 * RA, it is called under an interrupt context. So, we should 1074 * call malloc with M_NOWAIT. 1075 */ 1076 ia = (struct in6_ifaddr *)ifa_alloc(sizeof(*ia), M_NOWAIT); 1077 if (ia == NULL) 1078 return (NULL); 1079 LIST_INIT(&ia->ia6_memberships); 1080 /* Initialize the address and masks, and put time stamp */ 1081 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr; 1082 ia->ia_addr.sin6_family = AF_INET6; 1083 ia->ia_addr.sin6_len = sizeof(ia->ia_addr); 1084 /* XXX: Can we assign ,sin6_addr and skip the rest? */ 1085 ia->ia_addr = ifra->ifra_addr; 1086 ia->ia6_createtime = time_uptime; 1087 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) { 1088 /* 1089 * Some functions expect that ifa_dstaddr is not 1090 * NULL for p2p interfaces. 1091 */ 1092 ia->ia_ifa.ifa_dstaddr = 1093 (struct sockaddr *)&ia->ia_dstaddr; 1094 } else { 1095 ia->ia_ifa.ifa_dstaddr = NULL; 1096 } 1097 1098 /* set prefix mask if any */ 1099 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask; 1100 if (ifra->ifra_prefixmask.sin6_len != 0) { 1101 ia->ia_prefixmask.sin6_family = AF_INET6; 1102 ia->ia_prefixmask.sin6_len = ifra->ifra_prefixmask.sin6_len; 1103 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr; 1104 } 1105 1106 ia->ia_ifp = ifp; 1107 ifa_ref(&ia->ia_ifa); /* if_addrhead */ 1108 IF_ADDR_WLOCK(ifp); 1109 CK_STAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 1110 IF_ADDR_WUNLOCK(ifp); 1111 1112 ifa_ref(&ia->ia_ifa); /* in6_ifaddrhead */ 1113 IN6_IFADDR_WLOCK(); 1114 CK_STAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link); 1115 CK_LIST_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash); 1116 IN6_IFADDR_WUNLOCK(); 1117 1118 return (ia); 1119 } 1120 1121 /* 1122 * Update/configure interface address parameters: 1123 * 1124 * 1) Update lifetime 1125 * 2) Update interface metric ad flags 1126 * 3) Notify other subsystems 1127 */ 1128 static int 1129 in6_update_ifa_internal(struct ifnet *ifp, struct in6_aliasreq *ifra, 1130 struct in6_ifaddr *ia, int hostIsNew, int flags) 1131 { 1132 int error; 1133 1134 /* update timestamp */ 1135 ia->ia6_updatetime = time_uptime; 1136 1137 /* 1138 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred 1139 * to see if the address is deprecated or invalidated, but initialize 1140 * these members for applications. 1141 */ 1142 ia->ia6_lifetime = ifra->ifra_lifetime; 1143 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 1144 ia->ia6_lifetime.ia6t_expire = 1145 time_uptime + ia->ia6_lifetime.ia6t_vltime; 1146 } else 1147 ia->ia6_lifetime.ia6t_expire = 0; 1148 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 1149 ia->ia6_lifetime.ia6t_preferred = 1150 time_uptime + ia->ia6_lifetime.ia6t_pltime; 1151 } else 1152 ia->ia6_lifetime.ia6t_preferred = 0; 1153 1154 /* 1155 * backward compatibility - if IN6_IFF_DEPRECATED is set from the 1156 * userland, make it deprecated. 1157 */ 1158 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) { 1159 ia->ia6_lifetime.ia6t_pltime = 0; 1160 ia->ia6_lifetime.ia6t_preferred = time_uptime; 1161 } 1162 1163 /* 1164 * configure address flags. 1165 */ 1166 ia->ia6_flags = ifra->ifra_flags; 1167 1168 /* 1169 * Make the address tentative before joining multicast addresses, 1170 * so that corresponding MLD responses would not have a tentative 1171 * source address. 1172 */ 1173 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */ 1174 1175 /* 1176 * DAD should be performed for an new address or addresses on 1177 * an interface with ND6_IFF_IFDISABLED. 1178 */ 1179 if (in6if_do_dad(ifp) && 1180 (hostIsNew || (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED))) 1181 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1182 1183 /* notify other subsystems */ 1184 error = in6_notify_ifa(ifp, ia, ifra, hostIsNew); 1185 1186 return (error); 1187 } 1188 1189 /* 1190 * Do link-level ifa job: 1191 * 1) Add lle entry for added address 1192 * 2) Notifies routing socket users about new address 1193 * 3) join appropriate multicast group 1194 * 4) start DAD if enabled 1195 */ 1196 static int 1197 in6_broadcast_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, 1198 struct in6_ifaddr *ia, int flags) 1199 { 1200 struct in6_multi *in6m_sol; 1201 int error = 0; 1202 1203 /* Add local address to lltable, if necessary (ex. on p2p link). */ 1204 if ((error = nd6_add_ifa_lle(ia)) != 0) { 1205 in6_purgeaddr(&ia->ia_ifa); 1206 ifa_free(&ia->ia_ifa); 1207 return (error); 1208 } 1209 1210 /* Join necessary multicast groups. */ 1211 in6m_sol = NULL; 1212 if ((ifp->if_flags & IFF_MULTICAST) != 0) { 1213 error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol); 1214 if (error != 0) { 1215 in6_purgeaddr(&ia->ia_ifa); 1216 ifa_free(&ia->ia_ifa); 1217 return (error); 1218 } 1219 } 1220 1221 /* Perform DAD, if the address is TENTATIVE. */ 1222 if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1223 int delay, mindelay, maxdelay; 1224 1225 delay = 0; 1226 if ((flags & IN6_IFAUPDATE_DADDELAY)) { 1227 /* 1228 * We need to impose a delay before sending an NS 1229 * for DAD. Check if we also needed a delay for the 1230 * corresponding MLD message. If we did, the delay 1231 * should be larger than the MLD delay (this could be 1232 * relaxed a bit, but this simple logic is at least 1233 * safe). 1234 * XXX: Break data hiding guidelines and look at 1235 * state for the solicited multicast group. 1236 */ 1237 mindelay = 0; 1238 if (in6m_sol != NULL && 1239 in6m_sol->in6m_state == MLD_REPORTING_MEMBER) { 1240 mindelay = in6m_sol->in6m_timer; 1241 } 1242 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz; 1243 if (maxdelay - mindelay == 0) 1244 delay = 0; 1245 else { 1246 delay = 1247 (arc4random() % (maxdelay - mindelay)) + 1248 mindelay; 1249 } 1250 } 1251 nd6_dad_start((struct ifaddr *)ia, delay); 1252 } 1253 1254 in6_newaddrmsg(ia, RTM_ADD); 1255 ifa_free(&ia->ia_ifa); 1256 return (error); 1257 } 1258 1259 /* 1260 * Adds or deletes interface route for p2p ifa. 1261 * Returns 0 on success or errno. 1262 */ 1263 static int 1264 in6_handle_dstaddr_rtrequest(int cmd, struct in6_ifaddr *ia) 1265 { 1266 struct epoch_tracker et; 1267 struct ifaddr *ifa = &ia->ia_ifa; 1268 int error; 1269 1270 /* Prepare gateway */ 1271 struct sockaddr_dl_short sdl = { 1272 .sdl_family = AF_LINK, 1273 .sdl_len = sizeof(struct sockaddr_dl_short), 1274 .sdl_type = ifa->ifa_ifp->if_type, 1275 .sdl_index = ifa->ifa_ifp->if_index, 1276 }; 1277 1278 struct sockaddr_in6 dst = { 1279 .sin6_family = AF_INET6, 1280 .sin6_len = sizeof(struct sockaddr_in6), 1281 .sin6_addr = ia->ia_dstaddr.sin6_addr, 1282 }; 1283 1284 struct rt_addrinfo info = { 1285 .rti_ifa = ifa, 1286 .rti_flags = RTF_PINNED | RTF_HOST, 1287 .rti_info = { 1288 [RTAX_DST] = (struct sockaddr *)&dst, 1289 [RTAX_GATEWAY] = (struct sockaddr *)&sdl, 1290 }, 1291 }; 1292 /* Don't set additional per-gw filters on removal */ 1293 1294 NET_EPOCH_ENTER(et); 1295 error = rib_handle_ifaddr_info(ifa->ifa_ifp->if_fib, cmd, &info); 1296 NET_EPOCH_EXIT(et); 1297 1298 return (error); 1299 } 1300 1301 static bool 1302 ifa_is_p2p(struct in6_ifaddr *ia) 1303 { 1304 int plen; 1305 1306 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ 1307 1308 if ((plen == 128) && (ia->ia_dstaddr.sin6_family == AF_INET6) && 1309 !IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &ia->ia_dstaddr.sin6_addr)) 1310 return (true); 1311 1312 return (false); 1313 } 1314 1315 void 1316 in6_purgeaddr(struct ifaddr *ifa) 1317 { 1318 struct ifnet *ifp = ifa->ifa_ifp; 1319 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1320 struct in6_multi_mship *imm; 1321 int error; 1322 1323 if (ifa->ifa_carp) 1324 (*carp_detach_p)(ifa, false); 1325 1326 /* 1327 * Remove the loopback route to the interface address. 1328 * The check for the current setting of "nd6_useloopback" 1329 * is not needed. 1330 */ 1331 if (ia->ia_flags & IFA_RTSELF) { 1332 error = ifa_del_loopback_route((struct ifaddr *)ia, 1333 (struct sockaddr *)&ia->ia_addr); 1334 if (error == 0) 1335 ia->ia_flags &= ~IFA_RTSELF; 1336 } 1337 1338 /* stop DAD processing */ 1339 nd6_dad_stop(ifa); 1340 1341 /* Leave multicast groups. */ 1342 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) { 1343 LIST_REMOVE(imm, i6mm_chain); 1344 if (imm->i6mm_maddr != NULL) 1345 in6_leavegroup(imm->i6mm_maddr, NULL); 1346 free(imm, M_IP6MADDR); 1347 } 1348 /* Check if we need to remove p2p route */ 1349 if ((ia->ia_flags & IFA_ROUTE) && ifa_is_p2p(ia)) { 1350 error = in6_handle_dstaddr_rtrequest(RTM_DELETE, ia); 1351 if (error != 0) 1352 log(LOG_INFO, "%s: err=%d, destination address delete " 1353 "failed\n", __func__, error); 1354 ia->ia_flags &= ~IFA_ROUTE; 1355 } 1356 1357 in6_newaddrmsg(ia, RTM_DELETE); 1358 in6_unlink_ifa(ia, ifp); 1359 } 1360 1361 /* 1362 * Removes @ia from the corresponding interfaces and unlinks corresponding 1363 * prefix if no addresses are using it anymore. 1364 */ 1365 void 1366 in6_purgeifaddr(struct in6_ifaddr *ia) 1367 { 1368 struct nd_prefix *pr; 1369 1370 /* 1371 * If the address being deleted is the only one that owns 1372 * the corresponding prefix, expire the prefix as well. 1373 * XXX: theoretically, we don't have to worry about such 1374 * relationship, since we separate the address management 1375 * and the prefix management. We do this, however, to provide 1376 * as much backward compatibility as possible in terms of 1377 * the ioctl operation. 1378 * Note that in6_purgeaddr() will decrement ndpr_addrcnt. 1379 */ 1380 pr = ia->ia6_ndpr; 1381 in6_purgeaddr(&ia->ia_ifa); 1382 if (pr != NULL && pr->ndpr_addrcnt == 0) { 1383 ND6_WLOCK(); 1384 nd6_prefix_unlink(pr, NULL); 1385 ND6_WUNLOCK(); 1386 nd6_prefix_del(pr); 1387 } 1388 } 1389 1390 1391 static void 1392 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp) 1393 { 1394 char ip6buf[INET6_ADDRSTRLEN]; 1395 int remove_lle; 1396 1397 IF_ADDR_WLOCK(ifp); 1398 CK_STAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifaddr, ifa_link); 1399 IF_ADDR_WUNLOCK(ifp); 1400 ifa_free(&ia->ia_ifa); /* if_addrhead */ 1401 1402 /* 1403 * Defer the release of what might be the last reference to the 1404 * in6_ifaddr so that it can't be freed before the remainder of the 1405 * cleanup. 1406 */ 1407 IN6_IFADDR_WLOCK(); 1408 CK_STAILQ_REMOVE(&V_in6_ifaddrhead, ia, in6_ifaddr, ia_link); 1409 CK_LIST_REMOVE(ia, ia6_hash); 1410 IN6_IFADDR_WUNLOCK(); 1411 1412 /* 1413 * Release the reference to the base prefix. There should be a 1414 * positive reference. 1415 */ 1416 remove_lle = 0; 1417 if (ia->ia6_ndpr == NULL) { 1418 nd6log((LOG_NOTICE, 1419 "in6_unlink_ifa: autoconf'ed address " 1420 "%s has no prefix\n", ip6_sprintf(ip6buf, IA6_IN6(ia)))); 1421 } else { 1422 ia->ia6_ndpr->ndpr_addrcnt--; 1423 /* Do not delete lles within prefix if refcont != 0 */ 1424 if (ia->ia6_ndpr->ndpr_addrcnt == 0) 1425 remove_lle = 1; 1426 ia->ia6_ndpr = NULL; 1427 } 1428 1429 nd6_rem_ifa_lle(ia, remove_lle); 1430 1431 /* 1432 * Also, if the address being removed is autoconf'ed, call 1433 * pfxlist_onlink_check() since the release might affect the status of 1434 * other (detached) addresses. 1435 */ 1436 if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) { 1437 pfxlist_onlink_check(); 1438 } 1439 ifa_free(&ia->ia_ifa); /* in6_ifaddrhead */ 1440 } 1441 1442 /* 1443 * Notifies other subsystems about address change/arrival: 1444 * 1) Notifies device handler on the first IPv6 address assignment 1445 * 2) Handle routing table changes for P2P links and route 1446 * 3) Handle routing table changes for address host route 1447 */ 1448 static int 1449 in6_notify_ifa(struct ifnet *ifp, struct in6_ifaddr *ia, 1450 struct in6_aliasreq *ifra, int hostIsNew) 1451 { 1452 int error = 0, ifacount = 0; 1453 struct ifaddr *ifa; 1454 struct sockaddr_in6 *pdst; 1455 char ip6buf[INET6_ADDRSTRLEN]; 1456 1457 /* 1458 * Give the interface a chance to initialize 1459 * if this is its first address, 1460 */ 1461 if (hostIsNew != 0) { 1462 struct epoch_tracker et; 1463 1464 NET_EPOCH_ENTER(et); 1465 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1466 if (ifa->ifa_addr->sa_family != AF_INET6) 1467 continue; 1468 ifacount++; 1469 } 1470 NET_EPOCH_EXIT(et); 1471 } 1472 1473 if (ifacount <= 1 && ifp->if_ioctl) { 1474 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia); 1475 if (error) 1476 goto done; 1477 } 1478 1479 /* 1480 * If a new destination address is specified, scrub the old one and 1481 * install the new destination. Note that the interface must be 1482 * p2p or loopback. 1483 */ 1484 pdst = &ifra->ifra_dstaddr; 1485 if (pdst->sin6_family == AF_INET6 && 1486 !IN6_ARE_ADDR_EQUAL(&pdst->sin6_addr, &ia->ia_dstaddr.sin6_addr)) { 1487 if ((ia->ia_flags & IFA_ROUTE) != 0 && 1488 (in6_handle_dstaddr_rtrequest(RTM_DELETE, ia) != 0)) { 1489 nd6log((LOG_ERR, "in6_update_ifa_internal: failed to " 1490 "remove a route to the old destination: %s\n", 1491 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1492 /* proceed anyway... */ 1493 } else 1494 ia->ia_flags &= ~IFA_ROUTE; 1495 ia->ia_dstaddr = *pdst; 1496 } 1497 1498 /* 1499 * If a new destination address is specified for a point-to-point 1500 * interface, install a route to the destination as an interface 1501 * direct route. 1502 * XXX: the logic below rejects assigning multiple addresses on a p2p 1503 * interface that share the same destination. 1504 */ 1505 if (!(ia->ia_flags & IFA_ROUTE) && ifa_is_p2p(ia)) { 1506 error = in6_handle_dstaddr_rtrequest(RTM_ADD, ia); 1507 if (error) 1508 goto done; 1509 ia->ia_flags |= IFA_ROUTE; 1510 } 1511 1512 /* 1513 * add a loopback route to self if not exists 1514 */ 1515 if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) { 1516 error = ifa_add_loopback_route((struct ifaddr *)ia, 1517 (struct sockaddr *)&ia->ia_addr); 1518 if (error == 0) 1519 ia->ia_flags |= IFA_RTSELF; 1520 } 1521 done: 1522 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1523 "Invoking IPv6 network device address event may sleep"); 1524 1525 ifa_ref(&ia->ia_ifa); 1526 EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa, 1527 IFADDR_EVENT_ADD); 1528 ifa_free(&ia->ia_ifa); 1529 1530 return (error); 1531 } 1532 1533 /* 1534 * Find an IPv6 interface link-local address specific to an interface. 1535 * ifaddr is returned referenced. 1536 */ 1537 struct in6_ifaddr * 1538 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags) 1539 { 1540 struct ifaddr *ifa; 1541 1542 NET_EPOCH_ASSERT(); 1543 1544 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1545 if (ifa->ifa_addr->sa_family != AF_INET6) 1546 continue; 1547 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) { 1548 if ((((struct in6_ifaddr *)ifa)->ia6_flags & 1549 ignoreflags) != 0) 1550 continue; 1551 ifa_ref(ifa); 1552 break; 1553 } 1554 } 1555 1556 return ((struct in6_ifaddr *)ifa); 1557 } 1558 1559 /* 1560 * find the interface address corresponding to a given IPv6 address. 1561 * ifaddr is returned referenced if @referenced flag is set. 1562 */ 1563 struct in6_ifaddr * 1564 in6ifa_ifwithaddr(const struct in6_addr *addr, uint32_t zoneid, bool referenced) 1565 { 1566 struct rm_priotracker in6_ifa_tracker; 1567 struct in6_ifaddr *ia; 1568 1569 IN6_IFADDR_RLOCK(&in6_ifa_tracker); 1570 CK_LIST_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) { 1571 if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), addr)) { 1572 if (zoneid != 0 && 1573 zoneid != ia->ia_addr.sin6_scope_id) 1574 continue; 1575 if (referenced) 1576 ifa_ref(&ia->ia_ifa); 1577 break; 1578 } 1579 } 1580 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1581 return (ia); 1582 } 1583 1584 /* 1585 * find the internet address corresponding to a given interface and address. 1586 * ifaddr is returned referenced. 1587 */ 1588 struct in6_ifaddr * 1589 in6ifa_ifpwithaddr(struct ifnet *ifp, const struct in6_addr *addr) 1590 { 1591 struct epoch_tracker et; 1592 struct ifaddr *ifa; 1593 1594 NET_EPOCH_ENTER(et); 1595 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1596 if (ifa->ifa_addr->sa_family != AF_INET6) 1597 continue; 1598 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) { 1599 ifa_ref(ifa); 1600 break; 1601 } 1602 } 1603 NET_EPOCH_EXIT(et); 1604 1605 return ((struct in6_ifaddr *)ifa); 1606 } 1607 1608 /* 1609 * Find a link-local scoped address on ifp and return it if any. 1610 */ 1611 struct in6_ifaddr * 1612 in6ifa_llaonifp(struct ifnet *ifp) 1613 { 1614 struct epoch_tracker et; 1615 struct sockaddr_in6 *sin6; 1616 struct ifaddr *ifa; 1617 1618 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) 1619 return (NULL); 1620 NET_EPOCH_ENTER(et); 1621 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1622 if (ifa->ifa_addr->sa_family != AF_INET6) 1623 continue; 1624 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 1625 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) || 1626 IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr) || 1627 IN6_IS_ADDR_MC_NODELOCAL(&sin6->sin6_addr)) 1628 break; 1629 } 1630 NET_EPOCH_EXIT(et); 1631 1632 return ((struct in6_ifaddr *)ifa); 1633 } 1634 1635 /* 1636 * Convert IP6 address to printable (loggable) representation. Caller 1637 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long. 1638 */ 1639 static char digits[] = "0123456789abcdef"; 1640 char * 1641 ip6_sprintf(char *ip6buf, const struct in6_addr *addr) 1642 { 1643 int i, cnt = 0, maxcnt = 0, idx = 0, index = 0; 1644 char *cp; 1645 const u_int16_t *a = (const u_int16_t *)addr; 1646 const u_int8_t *d; 1647 int dcolon = 0, zero = 0; 1648 1649 cp = ip6buf; 1650 1651 for (i = 0; i < 8; i++) { 1652 if (*(a + i) == 0) { 1653 cnt++; 1654 if (cnt == 1) 1655 idx = i; 1656 } 1657 else if (maxcnt < cnt) { 1658 maxcnt = cnt; 1659 index = idx; 1660 cnt = 0; 1661 } 1662 } 1663 if (maxcnt < cnt) { 1664 maxcnt = cnt; 1665 index = idx; 1666 } 1667 1668 for (i = 0; i < 8; i++) { 1669 if (dcolon == 1) { 1670 if (*a == 0) { 1671 if (i == 7) 1672 *cp++ = ':'; 1673 a++; 1674 continue; 1675 } else 1676 dcolon = 2; 1677 } 1678 if (*a == 0) { 1679 if (dcolon == 0 && *(a + 1) == 0 && i == index) { 1680 if (i == 0) 1681 *cp++ = ':'; 1682 *cp++ = ':'; 1683 dcolon = 1; 1684 } else { 1685 *cp++ = '0'; 1686 *cp++ = ':'; 1687 } 1688 a++; 1689 continue; 1690 } 1691 d = (const u_char *)a; 1692 /* Try to eliminate leading zeros in printout like in :0001. */ 1693 zero = 1; 1694 *cp = digits[*d >> 4]; 1695 if (*cp != '0') { 1696 zero = 0; 1697 cp++; 1698 } 1699 *cp = digits[*d++ & 0xf]; 1700 if (zero == 0 || (*cp != '0')) { 1701 zero = 0; 1702 cp++; 1703 } 1704 *cp = digits[*d >> 4]; 1705 if (zero == 0 || (*cp != '0')) { 1706 zero = 0; 1707 cp++; 1708 } 1709 *cp++ = digits[*d & 0xf]; 1710 *cp++ = ':'; 1711 a++; 1712 } 1713 *--cp = '\0'; 1714 return (ip6buf); 1715 } 1716 1717 int 1718 in6_localaddr(struct in6_addr *in6) 1719 { 1720 struct rm_priotracker in6_ifa_tracker; 1721 struct in6_ifaddr *ia; 1722 1723 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6)) 1724 return 1; 1725 1726 IN6_IFADDR_RLOCK(&in6_ifa_tracker); 1727 CK_STAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 1728 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr, 1729 &ia->ia_prefixmask.sin6_addr)) { 1730 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1731 return 1; 1732 } 1733 } 1734 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1735 1736 return (0); 1737 } 1738 1739 /* 1740 * Return 1 if an internet address is for the local host and configured 1741 * on one of its interfaces. 1742 */ 1743 int 1744 in6_localip(struct in6_addr *in6) 1745 { 1746 struct rm_priotracker in6_ifa_tracker; 1747 struct in6_ifaddr *ia; 1748 1749 IN6_IFADDR_RLOCK(&in6_ifa_tracker); 1750 CK_LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) { 1751 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) { 1752 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1753 return (1); 1754 } 1755 } 1756 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1757 return (0); 1758 } 1759 1760 /* 1761 * Return 1 if an internet address is configured on an interface. 1762 */ 1763 int 1764 in6_ifhasaddr(struct ifnet *ifp, struct in6_addr *addr) 1765 { 1766 struct in6_addr in6; 1767 struct ifaddr *ifa; 1768 struct in6_ifaddr *ia6; 1769 1770 NET_EPOCH_ASSERT(); 1771 1772 in6 = *addr; 1773 if (in6_clearscope(&in6)) 1774 return (0); 1775 in6_setscope(&in6, ifp, NULL); 1776 1777 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1778 if (ifa->ifa_addr->sa_family != AF_INET6) 1779 continue; 1780 ia6 = (struct in6_ifaddr *)ifa; 1781 if (IN6_ARE_ADDR_EQUAL(&ia6->ia_addr.sin6_addr, &in6)) 1782 return (1); 1783 } 1784 1785 return (0); 1786 } 1787 1788 int 1789 in6_is_addr_deprecated(struct sockaddr_in6 *sa6) 1790 { 1791 struct rm_priotracker in6_ifa_tracker; 1792 struct in6_ifaddr *ia; 1793 1794 IN6_IFADDR_RLOCK(&in6_ifa_tracker); 1795 CK_LIST_FOREACH(ia, IN6ADDR_HASH(&sa6->sin6_addr), ia6_hash) { 1796 if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), &sa6->sin6_addr)) { 1797 if (ia->ia6_flags & IN6_IFF_DEPRECATED) { 1798 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1799 return (1); /* true */ 1800 } 1801 break; 1802 } 1803 } 1804 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker); 1805 1806 return (0); /* false */ 1807 } 1808 1809 /* 1810 * return length of part which dst and src are equal 1811 * hard coding... 1812 */ 1813 int 1814 in6_matchlen(struct in6_addr *src, struct in6_addr *dst) 1815 { 1816 int match = 0; 1817 u_char *s = (u_char *)src, *d = (u_char *)dst; 1818 u_char *lim = s + 16, r; 1819 1820 while (s < lim) 1821 if ((r = (*d++ ^ *s++)) != 0) { 1822 while (r < 128) { 1823 match++; 1824 r <<= 1; 1825 } 1826 break; 1827 } else 1828 match += 8; 1829 return match; 1830 } 1831 1832 /* XXX: to be scope conscious */ 1833 int 1834 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len) 1835 { 1836 int bytelen, bitlen; 1837 1838 /* sanity check */ 1839 if (0 > len || len > 128) { 1840 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n", 1841 len); 1842 return (0); 1843 } 1844 1845 bytelen = len / 8; 1846 bitlen = len % 8; 1847 1848 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen)) 1849 return (0); 1850 if (bitlen != 0 && 1851 p1->s6_addr[bytelen] >> (8 - bitlen) != 1852 p2->s6_addr[bytelen] >> (8 - bitlen)) 1853 return (0); 1854 1855 return (1); 1856 } 1857 1858 void 1859 in6_prefixlen2mask(struct in6_addr *maskp, int len) 1860 { 1861 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; 1862 int bytelen, bitlen, i; 1863 1864 /* sanity check */ 1865 if (0 > len || len > 128) { 1866 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n", 1867 len); 1868 return; 1869 } 1870 1871 bzero(maskp, sizeof(*maskp)); 1872 bytelen = len / 8; 1873 bitlen = len % 8; 1874 for (i = 0; i < bytelen; i++) 1875 maskp->s6_addr[i] = 0xff; 1876 if (bitlen) 1877 maskp->s6_addr[bytelen] = maskarray[bitlen - 1]; 1878 } 1879 1880 /* 1881 * return the best address out of the same scope. if no address was 1882 * found, return the first valid address from designated IF. 1883 */ 1884 struct in6_ifaddr * 1885 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst) 1886 { 1887 int dst_scope = in6_addrscope(dst), blen = -1, tlen; 1888 struct ifaddr *ifa; 1889 struct in6_ifaddr *besta = NULL; 1890 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */ 1891 1892 NET_EPOCH_ASSERT(); 1893 1894 dep[0] = dep[1] = NULL; 1895 1896 /* 1897 * We first look for addresses in the same scope. 1898 * If there is one, return it. 1899 * If two or more, return one which matches the dst longest. 1900 * If none, return one of global addresses assigned other ifs. 1901 */ 1902 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1903 if (ifa->ifa_addr->sa_family != AF_INET6) 1904 continue; 1905 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 1906 continue; /* XXX: is there any case to allow anycast? */ 1907 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 1908 continue; /* don't use this interface */ 1909 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 1910 continue; 1911 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1912 if (V_ip6_use_deprecated) 1913 dep[0] = (struct in6_ifaddr *)ifa; 1914 continue; 1915 } 1916 1917 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) { 1918 /* 1919 * call in6_matchlen() as few as possible 1920 */ 1921 if (besta) { 1922 if (blen == -1) 1923 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst); 1924 tlen = in6_matchlen(IFA_IN6(ifa), dst); 1925 if (tlen > blen) { 1926 blen = tlen; 1927 besta = (struct in6_ifaddr *)ifa; 1928 } 1929 } else 1930 besta = (struct in6_ifaddr *)ifa; 1931 } 1932 } 1933 if (besta) 1934 return (besta); 1935 1936 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1937 if (ifa->ifa_addr->sa_family != AF_INET6) 1938 continue; 1939 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST) 1940 continue; /* XXX: is there any case to allow anycast? */ 1941 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) 1942 continue; /* don't use this interface */ 1943 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED) 1944 continue; 1945 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) { 1946 if (V_ip6_use_deprecated) 1947 dep[1] = (struct in6_ifaddr *)ifa; 1948 continue; 1949 } 1950 1951 return (struct in6_ifaddr *)ifa; 1952 } 1953 1954 /* use the last-resort values, that are, deprecated addresses */ 1955 if (dep[0]) 1956 return dep[0]; 1957 if (dep[1]) 1958 return dep[1]; 1959 1960 return NULL; 1961 } 1962 1963 /* 1964 * perform DAD when interface becomes IFF_UP. 1965 */ 1966 void 1967 in6_if_up(struct ifnet *ifp) 1968 { 1969 struct epoch_tracker et; 1970 struct ifaddr *ifa; 1971 struct in6_ifaddr *ia; 1972 1973 NET_EPOCH_ENTER(et); 1974 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1975 if (ifa->ifa_addr->sa_family != AF_INET6) 1976 continue; 1977 ia = (struct in6_ifaddr *)ifa; 1978 if (ia->ia6_flags & IN6_IFF_TENTATIVE) { 1979 /* 1980 * The TENTATIVE flag was likely set by hand 1981 * beforehand, implicitly indicating the need for DAD. 1982 * We may be able to skip the random delay in this 1983 * case, but we impose delays just in case. 1984 */ 1985 nd6_dad_start(ifa, 1986 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz)); 1987 } 1988 } 1989 NET_EPOCH_EXIT(et); 1990 1991 /* 1992 * special cases, like 6to4, are handled in in6_ifattach 1993 */ 1994 in6_ifattach(ifp, NULL); 1995 } 1996 1997 int 1998 in6if_do_dad(struct ifnet *ifp) 1999 { 2000 2001 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2002 return (0); 2003 if ((ifp->if_flags & IFF_MULTICAST) == 0) 2004 return (0); 2005 if ((ND_IFINFO(ifp)->flags & 2006 (ND6_IFF_IFDISABLED | ND6_IFF_NO_DAD)) != 0) 2007 return (0); 2008 return (1); 2009 } 2010 2011 /* 2012 * Calculate max IPv6 MTU through all the interfaces and store it 2013 * to in6_maxmtu. 2014 */ 2015 void 2016 in6_setmaxmtu(void) 2017 { 2018 struct epoch_tracker et; 2019 unsigned long maxmtu = 0; 2020 struct ifnet *ifp; 2021 2022 NET_EPOCH_ENTER(et); 2023 CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) { 2024 /* this function can be called during ifnet initialization */ 2025 if (!ifp->if_afdata[AF_INET6]) 2026 continue; 2027 if ((ifp->if_flags & IFF_LOOPBACK) == 0 && 2028 IN6_LINKMTU(ifp) > maxmtu) 2029 maxmtu = IN6_LINKMTU(ifp); 2030 } 2031 NET_EPOCH_EXIT(et); 2032 if (maxmtu) /* update only when maxmtu is positive */ 2033 V_in6_maxmtu = maxmtu; 2034 } 2035 2036 /* 2037 * Provide the length of interface identifiers to be used for the link attached 2038 * to the given interface. The length should be defined in "IPv6 over 2039 * xxx-link" document. Note that address architecture might also define 2040 * the length for a particular set of address prefixes, regardless of the 2041 * link type. As clarified in rfc2462bis, those two definitions should be 2042 * consistent, and those really are as of August 2004. 2043 */ 2044 int 2045 in6_if2idlen(struct ifnet *ifp) 2046 { 2047 switch (ifp->if_type) { 2048 case IFT_ETHER: /* RFC2464 */ 2049 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */ 2050 case IFT_L2VLAN: /* ditto */ 2051 case IFT_BRIDGE: /* bridge(4) only does Ethernet-like links */ 2052 case IFT_INFINIBAND: 2053 return (64); 2054 case IFT_PPP: /* RFC2472 */ 2055 return (64); 2056 case IFT_FRELAY: /* RFC2590 */ 2057 return (64); 2058 case IFT_IEEE1394: /* RFC3146 */ 2059 return (64); 2060 case IFT_GIF: 2061 return (64); /* draft-ietf-v6ops-mech-v2-07 */ 2062 case IFT_LOOP: 2063 return (64); /* XXX: is this really correct? */ 2064 default: 2065 /* 2066 * Unknown link type: 2067 * It might be controversial to use the today's common constant 2068 * of 64 for these cases unconditionally. For full compliance, 2069 * we should return an error in this case. On the other hand, 2070 * if we simply miss the standard for the link type or a new 2071 * standard is defined for a new link type, the IFID length 2072 * is very likely to be the common constant. As a compromise, 2073 * we always use the constant, but make an explicit notice 2074 * indicating the "unknown" case. 2075 */ 2076 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type); 2077 return (64); 2078 } 2079 } 2080 2081 struct in6_llentry { 2082 struct llentry base; 2083 }; 2084 2085 #define IN6_LLTBL_DEFAULT_HSIZE 32 2086 #define IN6_LLTBL_HASH(k, h) \ 2087 (((((((k >> 8) ^ k) >> 8) ^ k) >> 8) ^ k) & ((h) - 1)) 2088 2089 /* 2090 * Do actual deallocation of @lle. 2091 */ 2092 static void 2093 in6_lltable_destroy_lle_unlocked(epoch_context_t ctx) 2094 { 2095 struct llentry *lle; 2096 2097 lle = __containerof(ctx, struct llentry, lle_epoch_ctx); 2098 LLE_LOCK_DESTROY(lle); 2099 LLE_REQ_DESTROY(lle); 2100 free(lle, M_LLTABLE); 2101 } 2102 2103 /* 2104 * Called by LLE_FREE_LOCKED when number of references 2105 * drops to zero. 2106 */ 2107 static void 2108 in6_lltable_destroy_lle(struct llentry *lle) 2109 { 2110 2111 LLE_WUNLOCK(lle); 2112 NET_EPOCH_CALL(in6_lltable_destroy_lle_unlocked, &lle->lle_epoch_ctx); 2113 } 2114 2115 static struct llentry * 2116 in6_lltable_new(const struct in6_addr *addr6, u_int flags) 2117 { 2118 struct in6_llentry *lle; 2119 2120 lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO); 2121 if (lle == NULL) /* NB: caller generates msg */ 2122 return NULL; 2123 2124 lle->base.r_l3addr.addr6 = *addr6; 2125 lle->base.lle_refcnt = 1; 2126 lle->base.lle_free = in6_lltable_destroy_lle; 2127 LLE_LOCK_INIT(&lle->base); 2128 LLE_REQ_INIT(&lle->base); 2129 callout_init(&lle->base.lle_timer, 1); 2130 2131 return (&lle->base); 2132 } 2133 2134 static int 2135 in6_lltable_match_prefix(const struct sockaddr *saddr, 2136 const struct sockaddr *smask, u_int flags, struct llentry *lle) 2137 { 2138 const struct in6_addr *addr, *mask, *lle_addr; 2139 2140 addr = &((const struct sockaddr_in6 *)saddr)->sin6_addr; 2141 mask = &((const struct sockaddr_in6 *)smask)->sin6_addr; 2142 lle_addr = &lle->r_l3addr.addr6; 2143 2144 if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0) 2145 return (0); 2146 2147 if (lle->la_flags & LLE_IFADDR) { 2148 /* 2149 * Delete LLE_IFADDR records IFF address & flag matches. 2150 * Note that addr is the interface address within prefix 2151 * being matched. 2152 */ 2153 if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) && 2154 (flags & LLE_STATIC) != 0) 2155 return (1); 2156 return (0); 2157 } 2158 2159 /* flags & LLE_STATIC means deleting both dynamic and static entries */ 2160 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC)) 2161 return (1); 2162 2163 return (0); 2164 } 2165 2166 static void 2167 in6_lltable_free_entry(struct lltable *llt, struct llentry *lle) 2168 { 2169 struct ifnet *ifp; 2170 2171 LLE_WLOCK_ASSERT(lle); 2172 KASSERT(llt != NULL, ("lltable is NULL")); 2173 2174 /* Unlink entry from table */ 2175 if ((lle->la_flags & LLE_LINKED) != 0) { 2176 ifp = llt->llt_ifp; 2177 IF_AFDATA_WLOCK_ASSERT(ifp); 2178 lltable_unlink_entry(llt, lle); 2179 } 2180 2181 llentry_free(lle); 2182 } 2183 2184 static int 2185 in6_lltable_rtcheck(struct ifnet *ifp, 2186 u_int flags, 2187 const struct sockaddr *l3addr) 2188 { 2189 const struct sockaddr_in6 *sin6; 2190 struct nhop_object *nh; 2191 struct in6_addr dst; 2192 uint32_t scopeid; 2193 char ip6buf[INET6_ADDRSTRLEN]; 2194 int fibnum; 2195 2196 NET_EPOCH_ASSERT(); 2197 KASSERT(l3addr->sa_family == AF_INET6, 2198 ("sin_family %d", l3addr->sa_family)); 2199 2200 sin6 = (const struct sockaddr_in6 *)l3addr; 2201 in6_splitscope(&sin6->sin6_addr, &dst, &scopeid); 2202 fibnum = V_rt_add_addr_allfibs ? RT_DEFAULT_FIB : ifp->if_fib; 2203 nh = fib6_lookup(fibnum, &dst, scopeid, NHR_NONE, 0); 2204 if (nh && ((nh->nh_flags & NHF_GATEWAY) || nh->nh_ifp != ifp)) { 2205 struct ifaddr *ifa; 2206 /* 2207 * Create an ND6 cache for an IPv6 neighbor 2208 * that is not covered by our own prefix. 2209 */ 2210 ifa = ifaof_ifpforaddr(l3addr, ifp); 2211 if (ifa != NULL) { 2212 return 0; 2213 } 2214 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n", 2215 ip6_sprintf(ip6buf, &sin6->sin6_addr)); 2216 return EINVAL; 2217 } 2218 return 0; 2219 } 2220 2221 /* 2222 * Called by the datapath to indicate that the entry was used. 2223 */ 2224 static void 2225 in6_lltable_mark_used(struct llentry *lle) 2226 { 2227 2228 LLE_REQ_LOCK(lle); 2229 lle->r_skip_req = 0; 2230 2231 /* 2232 * Set the hit time so the callback function 2233 * can determine the remaining time before 2234 * transiting to the DELAY state. 2235 */ 2236 lle->lle_hittime = time_uptime; 2237 LLE_REQ_UNLOCK(lle); 2238 } 2239 2240 static inline uint32_t 2241 in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize) 2242 { 2243 2244 return (IN6_LLTBL_HASH(dst->s6_addr32[3], hsize)); 2245 } 2246 2247 static uint32_t 2248 in6_lltable_hash(const struct llentry *lle, uint32_t hsize) 2249 { 2250 2251 return (in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize)); 2252 } 2253 2254 static void 2255 in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa) 2256 { 2257 struct sockaddr_in6 *sin6; 2258 2259 sin6 = (struct sockaddr_in6 *)sa; 2260 bzero(sin6, sizeof(*sin6)); 2261 sin6->sin6_family = AF_INET6; 2262 sin6->sin6_len = sizeof(*sin6); 2263 sin6->sin6_addr = lle->r_l3addr.addr6; 2264 } 2265 2266 static inline struct llentry * 2267 in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst) 2268 { 2269 struct llentry *lle; 2270 struct llentries *lleh; 2271 u_int hashidx; 2272 2273 hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize); 2274 lleh = &llt->lle_head[hashidx]; 2275 CK_LIST_FOREACH(lle, lleh, lle_next) { 2276 if (lle->la_flags & LLE_DELETED) 2277 continue; 2278 if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst)) 2279 break; 2280 } 2281 2282 return (lle); 2283 } 2284 2285 static void 2286 in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle) 2287 { 2288 2289 lle->la_flags |= LLE_DELETED; 2290 EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_DELETED); 2291 #ifdef DIAGNOSTIC 2292 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle); 2293 #endif 2294 llentry_free(lle); 2295 } 2296 2297 static struct llentry * 2298 in6_lltable_alloc(struct lltable *llt, u_int flags, 2299 const struct sockaddr *l3addr) 2300 { 2301 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr; 2302 struct ifnet *ifp = llt->llt_ifp; 2303 struct llentry *lle; 2304 char linkhdr[LLE_MAX_LINKHDR]; 2305 size_t linkhdrsize; 2306 int lladdr_off; 2307 2308 KASSERT(l3addr->sa_family == AF_INET6, 2309 ("sin_family %d", l3addr->sa_family)); 2310 2311 /* 2312 * A route that covers the given address must have 2313 * been installed 1st because we are doing a resolution, 2314 * verify this. 2315 */ 2316 if (!(flags & LLE_IFADDR) && 2317 in6_lltable_rtcheck(ifp, flags, l3addr) != 0) 2318 return (NULL); 2319 2320 lle = in6_lltable_new(&sin6->sin6_addr, flags); 2321 if (lle == NULL) { 2322 log(LOG_INFO, "lla_lookup: new lle malloc failed\n"); 2323 return (NULL); 2324 } 2325 lle->la_flags = flags; 2326 if ((flags & LLE_IFADDR) == LLE_IFADDR) { 2327 linkhdrsize = LLE_MAX_LINKHDR; 2328 if (lltable_calc_llheader(ifp, AF_INET6, IF_LLADDR(ifp), 2329 linkhdr, &linkhdrsize, &lladdr_off) != 0) { 2330 NET_EPOCH_CALL(in6_lltable_destroy_lle_unlocked, &lle->lle_epoch_ctx); 2331 return (NULL); 2332 } 2333 lltable_set_entry_addr(ifp, lle, linkhdr, linkhdrsize, 2334 lladdr_off); 2335 lle->la_flags |= LLE_STATIC; 2336 } 2337 2338 if ((lle->la_flags & LLE_STATIC) != 0) 2339 lle->ln_state = ND6_LLINFO_REACHABLE; 2340 2341 return (lle); 2342 } 2343 2344 static struct llentry * 2345 in6_lltable_lookup(struct lltable *llt, u_int flags, 2346 const struct sockaddr *l3addr) 2347 { 2348 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr; 2349 struct llentry *lle; 2350 2351 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp); 2352 KASSERT(l3addr->sa_family == AF_INET6, 2353 ("sin_family %d", l3addr->sa_family)); 2354 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) != 2355 (LLE_UNLOCKED | LLE_EXCLUSIVE), 2356 ("wrong lle request flags: %#x", flags)); 2357 2358 lle = in6_lltable_find_dst(llt, &sin6->sin6_addr); 2359 if (lle == NULL) 2360 return (NULL); 2361 if (flags & LLE_UNLOCKED) 2362 return (lle); 2363 2364 if (flags & LLE_EXCLUSIVE) 2365 LLE_WLOCK(lle); 2366 else 2367 LLE_RLOCK(lle); 2368 2369 /* 2370 * If the afdata lock is not held, the LLE may have been unlinked while 2371 * we were blocked on the LLE lock. Check for this case. 2372 */ 2373 if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) { 2374 if (flags & LLE_EXCLUSIVE) 2375 LLE_WUNLOCK(lle); 2376 else 2377 LLE_RUNLOCK(lle); 2378 return (NULL); 2379 } 2380 return (lle); 2381 } 2382 2383 static int 2384 in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle, 2385 struct sysctl_req *wr) 2386 { 2387 struct ifnet *ifp = llt->llt_ifp; 2388 /* XXX stack use */ 2389 struct { 2390 struct rt_msghdr rtm; 2391 struct sockaddr_in6 sin6; 2392 /* 2393 * ndp.c assumes that sdl is word aligned 2394 */ 2395 #ifdef __LP64__ 2396 uint32_t pad; 2397 #endif 2398 struct sockaddr_dl sdl; 2399 } ndpc; 2400 struct sockaddr_dl *sdl; 2401 int error; 2402 2403 bzero(&ndpc, sizeof(ndpc)); 2404 /* skip deleted entries */ 2405 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED) 2406 return (0); 2407 /* Skip if jailed and not a valid IP of the prison. */ 2408 lltable_fill_sa_entry(lle, (struct sockaddr *)&ndpc.sin6); 2409 if (prison_if(wr->td->td_ucred, (struct sockaddr *)&ndpc.sin6) != 0) 2410 return (0); 2411 /* 2412 * produce a msg made of: 2413 * struct rt_msghdr; 2414 * struct sockaddr_in6 (IPv6) 2415 * struct sockaddr_dl; 2416 */ 2417 ndpc.rtm.rtm_msglen = sizeof(ndpc); 2418 ndpc.rtm.rtm_version = RTM_VERSION; 2419 ndpc.rtm.rtm_type = RTM_GET; 2420 ndpc.rtm.rtm_flags = RTF_UP; 2421 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY; 2422 sa6_recoverscope(&ndpc.sin6); 2423 2424 /* publish */ 2425 if (lle->la_flags & LLE_PUB) 2426 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE; 2427 2428 sdl = &ndpc.sdl; 2429 sdl->sdl_family = AF_LINK; 2430 sdl->sdl_len = sizeof(*sdl); 2431 sdl->sdl_index = ifp->if_index; 2432 sdl->sdl_type = ifp->if_type; 2433 if ((lle->la_flags & LLE_VALID) == LLE_VALID) { 2434 sdl->sdl_alen = ifp->if_addrlen; 2435 bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); 2436 } else { 2437 sdl->sdl_alen = 0; 2438 bzero(LLADDR(sdl), ifp->if_addrlen); 2439 } 2440 if (lle->la_expire != 0) 2441 ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire + 2442 lle->lle_remtime / hz + time_second - time_uptime; 2443 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA); 2444 if (lle->la_flags & LLE_STATIC) 2445 ndpc.rtm.rtm_flags |= RTF_STATIC; 2446 if (lle->la_flags & LLE_IFADDR) 2447 ndpc.rtm.rtm_flags |= RTF_PINNED; 2448 if (lle->ln_router != 0) 2449 ndpc.rtm.rtm_flags |= RTF_GATEWAY; 2450 ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked; 2451 /* Store state in rmx_weight value */ 2452 ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state; 2453 ndpc.rtm.rtm_index = ifp->if_index; 2454 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc)); 2455 2456 return (error); 2457 } 2458 2459 static struct lltable * 2460 in6_lltattach(struct ifnet *ifp) 2461 { 2462 struct lltable *llt; 2463 2464 llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE); 2465 llt->llt_af = AF_INET6; 2466 llt->llt_ifp = ifp; 2467 2468 llt->llt_lookup = in6_lltable_lookup; 2469 llt->llt_alloc_entry = in6_lltable_alloc; 2470 llt->llt_delete_entry = in6_lltable_delete_entry; 2471 llt->llt_dump_entry = in6_lltable_dump_entry; 2472 llt->llt_hash = in6_lltable_hash; 2473 llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry; 2474 llt->llt_free_entry = in6_lltable_free_entry; 2475 llt->llt_match_prefix = in6_lltable_match_prefix; 2476 llt->llt_mark_used = in6_lltable_mark_used; 2477 lltable_link(llt); 2478 2479 return (llt); 2480 } 2481 2482 void * 2483 in6_domifattach(struct ifnet *ifp) 2484 { 2485 struct in6_ifextra *ext; 2486 2487 /* There are not IPv6-capable interfaces. */ 2488 switch (ifp->if_type) { 2489 case IFT_PFLOG: 2490 case IFT_PFSYNC: 2491 case IFT_USB: 2492 return (NULL); 2493 } 2494 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK); 2495 bzero(ext, sizeof(*ext)); 2496 2497 ext->in6_ifstat = malloc(sizeof(counter_u64_t) * 2498 sizeof(struct in6_ifstat) / sizeof(uint64_t), M_IFADDR, M_WAITOK); 2499 COUNTER_ARRAY_ALLOC(ext->in6_ifstat, 2500 sizeof(struct in6_ifstat) / sizeof(uint64_t), M_WAITOK); 2501 2502 ext->icmp6_ifstat = malloc(sizeof(counter_u64_t) * 2503 sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_IFADDR, 2504 M_WAITOK); 2505 COUNTER_ARRAY_ALLOC(ext->icmp6_ifstat, 2506 sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_WAITOK); 2507 2508 ext->nd_ifinfo = nd6_ifattach(ifp); 2509 ext->scope6_id = scope6_ifattach(ifp); 2510 ext->lltable = in6_lltattach(ifp); 2511 2512 ext->mld_ifinfo = mld_domifattach(ifp); 2513 2514 return ext; 2515 } 2516 2517 int 2518 in6_domifmtu(struct ifnet *ifp) 2519 { 2520 if (ifp->if_afdata[AF_INET6] == NULL) 2521 return ifp->if_mtu; 2522 2523 return (IN6_LINKMTU(ifp)); 2524 } 2525 2526 void 2527 in6_domifdetach(struct ifnet *ifp, void *aux) 2528 { 2529 struct in6_ifextra *ext = (struct in6_ifextra *)aux; 2530 2531 mld_domifdetach(ifp); 2532 scope6_ifdetach(ext->scope6_id); 2533 nd6_ifdetach(ifp, ext->nd_ifinfo); 2534 lltable_free(ext->lltable); 2535 COUNTER_ARRAY_FREE(ext->in6_ifstat, 2536 sizeof(struct in6_ifstat) / sizeof(uint64_t)); 2537 free(ext->in6_ifstat, M_IFADDR); 2538 COUNTER_ARRAY_FREE(ext->icmp6_ifstat, 2539 sizeof(struct icmp6_ifstat) / sizeof(uint64_t)); 2540 free(ext->icmp6_ifstat, M_IFADDR); 2541 free(ext, M_IFADDR); 2542 } 2543 2544 /* 2545 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be 2546 * v4 mapped addr or v4 compat addr 2547 */ 2548 void 2549 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2550 { 2551 2552 bzero(sin, sizeof(*sin)); 2553 sin->sin_len = sizeof(struct sockaddr_in); 2554 sin->sin_family = AF_INET; 2555 sin->sin_port = sin6->sin6_port; 2556 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3]; 2557 } 2558 2559 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */ 2560 void 2561 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6) 2562 { 2563 bzero(sin6, sizeof(*sin6)); 2564 sin6->sin6_len = sizeof(struct sockaddr_in6); 2565 sin6->sin6_family = AF_INET6; 2566 sin6->sin6_port = sin->sin_port; 2567 sin6->sin6_addr.s6_addr32[0] = 0; 2568 sin6->sin6_addr.s6_addr32[1] = 0; 2569 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP; 2570 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr; 2571 } 2572 2573 /* Convert sockaddr_in6 into sockaddr_in. */ 2574 void 2575 in6_sin6_2_sin_in_sock(struct sockaddr *nam) 2576 { 2577 struct sockaddr_in *sin_p; 2578 struct sockaddr_in6 sin6; 2579 2580 /* 2581 * Save original sockaddr_in6 addr and convert it 2582 * to sockaddr_in. 2583 */ 2584 sin6 = *(struct sockaddr_in6 *)nam; 2585 sin_p = (struct sockaddr_in *)nam; 2586 in6_sin6_2_sin(sin_p, &sin6); 2587 } 2588 2589 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */ 2590 void 2591 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) 2592 { 2593 struct sockaddr_in *sin_p; 2594 struct sockaddr_in6 *sin6_p; 2595 2596 sin6_p = malloc(sizeof *sin6_p, M_SONAME, M_WAITOK); 2597 sin_p = (struct sockaddr_in *)*nam; 2598 in6_sin_2_v4mapsin6(sin_p, sin6_p); 2599 free(*nam, M_SONAME); 2600 *nam = (struct sockaddr *)sin6_p; 2601 } 2602