xref: /freebsd/sys/netinet6/in6.c (revision 8d20be1e22095c27faf8fe8b2f0d089739cc742e)
1 /*-
2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the project nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	$KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $
30  */
31 
32 /*-
33  * Copyright (c) 1982, 1986, 1991, 1993
34  *	The Regents of the University of California.  All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  * 4. Neither the name of the University nor the names of its contributors
45  *    may be used to endorse or promote products derived from this software
46  *    without specific prior written permission.
47  *
48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58  * SUCH DAMAGE.
59  *
60  *	@(#)in.c	8.2 (Berkeley) 11/15/93
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include "opt_compat.h"
67 #include "opt_inet.h"
68 #include "opt_inet6.h"
69 
70 #include <sys/param.h>
71 #include <sys/eventhandler.h>
72 #include <sys/errno.h>
73 #include <sys/jail.h>
74 #include <sys/malloc.h>
75 #include <sys/socket.h>
76 #include <sys/socketvar.h>
77 #include <sys/sockio.h>
78 #include <sys/systm.h>
79 #include <sys/priv.h>
80 #include <sys/proc.h>
81 #include <sys/time.h>
82 #include <sys/kernel.h>
83 #include <sys/syslog.h>
84 
85 #include <net/if.h>
86 #include <net/if_var.h>
87 #include <net/if_types.h>
88 #include <net/route.h>
89 #include <net/if_dl.h>
90 #include <net/vnet.h>
91 
92 #include <netinet/in.h>
93 #include <netinet/in_var.h>
94 #include <net/if_llatbl.h>
95 #include <netinet/if_ether.h>
96 #include <netinet/in_systm.h>
97 #include <netinet/ip.h>
98 #include <netinet/in_pcb.h>
99 #include <netinet/ip_carp.h>
100 
101 #include <netinet/ip6.h>
102 #include <netinet6/ip6_var.h>
103 #include <netinet6/nd6.h>
104 #include <netinet6/mld6_var.h>
105 #include <netinet6/ip6_mroute.h>
106 #include <netinet6/in6_ifattach.h>
107 #include <netinet6/scope6_var.h>
108 #include <netinet6/in6_pcb.h>
109 
110 VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix);
111 #define V_icmp6_nodeinfo_oldmcprefix	VNET(icmp6_nodeinfo_oldmcprefix)
112 
113 /*
114  * Definitions of some costant IP6 addresses.
115  */
116 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
117 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
118 const struct in6_addr in6addr_nodelocal_allnodes =
119 	IN6ADDR_NODELOCAL_ALLNODES_INIT;
120 const struct in6_addr in6addr_linklocal_allnodes =
121 	IN6ADDR_LINKLOCAL_ALLNODES_INIT;
122 const struct in6_addr in6addr_linklocal_allrouters =
123 	IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
124 const struct in6_addr in6addr_linklocal_allv2routers =
125 	IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
126 
127 const struct in6_addr in6mask0 = IN6MASK0;
128 const struct in6_addr in6mask32 = IN6MASK32;
129 const struct in6_addr in6mask64 = IN6MASK64;
130 const struct in6_addr in6mask96 = IN6MASK96;
131 const struct in6_addr in6mask128 = IN6MASK128;
132 
133 const struct sockaddr_in6 sa6_any =
134 	{ sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 };
135 
136 static int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t,
137 	struct ifnet *, struct thread *);
138 static int in6_ifinit(struct ifnet *, struct in6_ifaddr *,
139 	struct sockaddr_in6 *, int);
140 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
141 
142 int	(*faithprefix_p)(struct in6_addr *);
143 
144 #define ifa2ia6(ifa)	((struct in6_ifaddr *)(ifa))
145 #define ia62ifa(ia6)	(&((ia6)->ia_ifa))
146 
147 void
148 in6_ifaddloop(struct ifaddr *ifa)
149 {
150 	struct sockaddr_dl gateway;
151 	struct sockaddr_in6 mask, addr;
152 	struct rtentry rt;
153 	struct in6_ifaddr *ia;
154 	struct ifnet *ifp;
155 	struct llentry *ln;
156 
157 	ia = ifa2ia6(ifa);
158 	ifp = ifa->ifa_ifp;
159 	IF_AFDATA_LOCK(ifp);
160 	ifa->ifa_rtrequest = nd6_rtrequest;
161 	ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR |
162 	    LLE_EXCLUSIVE), (struct sockaddr *)&ia->ia_addr);
163 	IF_AFDATA_UNLOCK(ifp);
164 	if (ln != NULL) {
165 		ln->la_expire = 0;  /* for IPv6 this means permanent */
166 		ln->ln_state = ND6_LLINFO_REACHABLE;
167 		/*
168 		 * initialize for rtmsg generation
169 		 */
170 		bzero(&gateway, sizeof(gateway));
171 		gateway.sdl_len = sizeof(gateway);
172 		gateway.sdl_family = AF_LINK;
173 		gateway.sdl_nlen = 0;
174 		gateway.sdl_alen = 6;
175 		memcpy(gateway.sdl_data, &ln->ll_addr.mac_aligned,
176 		    sizeof(ln->ll_addr));
177 		LLE_WUNLOCK(ln);
178 	}
179 
180 	bzero(&rt, sizeof(rt));
181 	rt.rt_gateway = (struct sockaddr *)&gateway;
182 	memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask));
183 	memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr));
184 	rt_mask(&rt) = (struct sockaddr *)&mask;
185 	rt_key(&rt) = (struct sockaddr *)&addr;
186 	rt.rt_flags = RTF_UP | RTF_HOST | RTF_STATIC;
187 	/* Announce arrival of local address to all FIBs. */
188 	rt_newaddrmsg(RTM_ADD, ifa, 0, &rt);
189 }
190 
191 void
192 in6_ifremloop(struct ifaddr *ifa)
193 {
194 	struct sockaddr_dl gateway;
195 	struct sockaddr_in6 mask, addr;
196 	struct rtentry rt0;
197 	struct in6_ifaddr *ia;
198 	struct ifnet *ifp;
199 
200 	ia = ifa2ia6(ifa);
201 	ifp = ifa->ifa_ifp;
202 	memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr));
203 	memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask));
204 	lltable_prefix_free(AF_INET6, (struct sockaddr *)&addr,
205 	            (struct sockaddr *)&mask, LLE_STATIC);
206 
207 	/*
208 	 * initialize for rtmsg generation
209 	 */
210 	bzero(&gateway, sizeof(gateway));
211 	gateway.sdl_len = sizeof(gateway);
212 	gateway.sdl_family = AF_LINK;
213 	gateway.sdl_nlen = 0;
214 	gateway.sdl_alen = ifp->if_addrlen;
215 	bzero(&rt0, sizeof(rt0));
216 	rt0.rt_gateway = (struct sockaddr *)&gateway;
217 	rt_mask(&rt0) = (struct sockaddr *)&mask;
218 	rt_key(&rt0) = (struct sockaddr *)&addr;
219 	rt0.rt_flags = RTF_HOST | RTF_STATIC;
220 	/* Announce removal of local address to all FIBs. */
221 	rt_newaddrmsg(RTM_DELETE, ifa, 0, &rt0);
222 }
223 
224 int
225 in6_mask2len(struct in6_addr *mask, u_char *lim0)
226 {
227 	int x = 0, y;
228 	u_char *lim = lim0, *p;
229 
230 	/* ignore the scope_id part */
231 	if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
232 		lim = (u_char *)mask + sizeof(*mask);
233 	for (p = (u_char *)mask; p < lim; x++, p++) {
234 		if (*p != 0xff)
235 			break;
236 	}
237 	y = 0;
238 	if (p < lim) {
239 		for (y = 0; y < 8; y++) {
240 			if ((*p & (0x80 >> y)) == 0)
241 				break;
242 		}
243 	}
244 
245 	/*
246 	 * when the limit pointer is given, do a stricter check on the
247 	 * remaining bits.
248 	 */
249 	if (p < lim) {
250 		if (y != 0 && (*p & (0x00ff >> y)) != 0)
251 			return (-1);
252 		for (p = p + 1; p < lim; p++)
253 			if (*p != 0)
254 				return (-1);
255 	}
256 
257 	return x * 8 + y;
258 }
259 
260 #ifdef COMPAT_FREEBSD32
261 struct in6_ndifreq32 {
262 	char ifname[IFNAMSIZ];
263 	uint32_t ifindex;
264 };
265 #define	SIOCGDEFIFACE32_IN6	_IOWR('i', 86, struct in6_ndifreq32)
266 #endif
267 
268 int
269 in6_control(struct socket *so, u_long cmd, caddr_t data,
270     struct ifnet *ifp, struct thread *td)
271 {
272 	struct	in6_ifreq *ifr = (struct in6_ifreq *)data;
273 	struct	in6_ifaddr *ia = NULL;
274 	struct	in6_aliasreq *ifra = (struct in6_aliasreq *)data;
275 	struct sockaddr_in6 *sa6;
276 	int carp_attached = 0;
277 	int error;
278 	u_long ocmd = cmd;
279 
280 	/*
281 	 * Compat to make pre-10.x ifconfig(8) operable.
282 	 */
283 	if (cmd == OSIOCAIFADDR_IN6)
284 		cmd = SIOCAIFADDR_IN6;
285 
286 	switch (cmd) {
287 	case SIOCGETSGCNT_IN6:
288 	case SIOCGETMIFCNT_IN6:
289 		/*
290 		 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c.
291 		 * We cannot see how that would be needed, so do not adjust the
292 		 * KPI blindly; more likely should clean up the IPv4 variant.
293 		 */
294 		return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP);
295 	}
296 
297 	switch(cmd) {
298 	case SIOCAADDRCTL_POLICY:
299 	case SIOCDADDRCTL_POLICY:
300 		if (td != NULL) {
301 			error = priv_check(td, PRIV_NETINET_ADDRCTRL6);
302 			if (error)
303 				return (error);
304 		}
305 		return (in6_src_ioctl(cmd, data));
306 	}
307 
308 	if (ifp == NULL)
309 		return (EOPNOTSUPP);
310 
311 	switch (cmd) {
312 	case SIOCSNDFLUSH_IN6:
313 	case SIOCSPFXFLUSH_IN6:
314 	case SIOCSRTRFLUSH_IN6:
315 	case SIOCSDEFIFACE_IN6:
316 	case SIOCSIFINFO_FLAGS:
317 	case SIOCSIFINFO_IN6:
318 		if (td != NULL) {
319 			error = priv_check(td, PRIV_NETINET_ND6);
320 			if (error)
321 				return (error);
322 		}
323 		/* FALLTHROUGH */
324 	case OSIOCGIFINFO_IN6:
325 	case SIOCGIFINFO_IN6:
326 	case SIOCGDRLST_IN6:
327 	case SIOCGPRLST_IN6:
328 	case SIOCGNBRINFO_IN6:
329 	case SIOCGDEFIFACE_IN6:
330 		return (nd6_ioctl(cmd, data, ifp));
331 
332 #ifdef COMPAT_FREEBSD32
333 	case SIOCGDEFIFACE32_IN6:
334 		{
335 			struct in6_ndifreq ndif;
336 			struct in6_ndifreq32 *ndif32;
337 
338 			error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif,
339 			    ifp);
340 			if (error)
341 				return (error);
342 			ndif32 = (struct in6_ndifreq32 *)data;
343 			ndif32->ifindex = ndif.ifindex;
344 			return (0);
345 		}
346 #endif
347 	}
348 
349 	switch (cmd) {
350 	case SIOCSIFPREFIX_IN6:
351 	case SIOCDIFPREFIX_IN6:
352 	case SIOCAIFPREFIX_IN6:
353 	case SIOCCIFPREFIX_IN6:
354 	case SIOCSGIFPREFIX_IN6:
355 	case SIOCGIFPREFIX_IN6:
356 		log(LOG_NOTICE,
357 		    "prefix ioctls are now invalidated. "
358 		    "please use ifconfig.\n");
359 		return (EOPNOTSUPP);
360 	}
361 
362 	switch (cmd) {
363 	case SIOCSSCOPE6:
364 		if (td != NULL) {
365 			error = priv_check(td, PRIV_NETINET_SCOPE6);
366 			if (error)
367 				return (error);
368 		}
369 		return (scope6_set(ifp,
370 		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
371 	case SIOCGSCOPE6:
372 		return (scope6_get(ifp,
373 		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
374 	case SIOCGSCOPE6DEF:
375 		return (scope6_get_default((struct scope6_id *)
376 		    ifr->ifr_ifru.ifru_scope_id));
377 	}
378 
379 	switch (cmd) {
380 	case SIOCALIFADDR:
381 		if (td != NULL) {
382 			error = priv_check(td, PRIV_NET_ADDIFADDR);
383 			if (error)
384 				return (error);
385 		}
386 		return in6_lifaddr_ioctl(so, cmd, data, ifp, td);
387 
388 	case SIOCDLIFADDR:
389 		if (td != NULL) {
390 			error = priv_check(td, PRIV_NET_DELIFADDR);
391 			if (error)
392 				return (error);
393 		}
394 		/* FALLTHROUGH */
395 	case SIOCGLIFADDR:
396 		return in6_lifaddr_ioctl(so, cmd, data, ifp, td);
397 	}
398 
399 	/*
400 	 * Find address for this interface, if it exists.
401 	 *
402 	 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
403 	 * only, and used the first interface address as the target of other
404 	 * operations (without checking ifra_addr).  This was because netinet
405 	 * code/API assumed at most 1 interface address per interface.
406 	 * Since IPv6 allows a node to assign multiple addresses
407 	 * on a single interface, we almost always look and check the
408 	 * presence of ifra_addr, and reject invalid ones here.
409 	 * It also decreases duplicated code among SIOC*_IN6 operations.
410 	 */
411 	switch (cmd) {
412 	case SIOCAIFADDR_IN6:
413 	case SIOCSIFPHYADDR_IN6:
414 		sa6 = &ifra->ifra_addr;
415 		break;
416 	case SIOCSIFADDR_IN6:
417 	case SIOCGIFADDR_IN6:
418 	case SIOCSIFDSTADDR_IN6:
419 	case SIOCSIFNETMASK_IN6:
420 	case SIOCGIFDSTADDR_IN6:
421 	case SIOCGIFNETMASK_IN6:
422 	case SIOCDIFADDR_IN6:
423 	case SIOCGIFPSRCADDR_IN6:
424 	case SIOCGIFPDSTADDR_IN6:
425 	case SIOCGIFAFLAG_IN6:
426 	case SIOCSNDFLUSH_IN6:
427 	case SIOCSPFXFLUSH_IN6:
428 	case SIOCSRTRFLUSH_IN6:
429 	case SIOCGIFALIFETIME_IN6:
430 	case SIOCSIFALIFETIME_IN6:
431 	case SIOCGIFSTAT_IN6:
432 	case SIOCGIFSTAT_ICMP6:
433 		sa6 = &ifr->ifr_addr;
434 		break;
435 	case SIOCSIFADDR:
436 	case SIOCSIFBRDADDR:
437 	case SIOCSIFDSTADDR:
438 	case SIOCSIFNETMASK:
439 		/*
440 		 * Although we should pass any non-INET6 ioctl requests
441 		 * down to driver, we filter some legacy INET requests.
442 		 * Drivers trust SIOCSIFADDR et al to come from an already
443 		 * privileged layer, and do not perform any credentials
444 		 * checks or input validation.
445 		 */
446 		return (EINVAL);
447 	default:
448 		sa6 = NULL;
449 		break;
450 	}
451 	if (sa6 && sa6->sin6_family == AF_INET6) {
452 		if (sa6->sin6_scope_id != 0)
453 			error = sa6_embedscope(sa6, 0);
454 		else
455 			error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
456 		if (error != 0)
457 			return (error);
458 		if (td != NULL && (error = prison_check_ip6(td->td_ucred,
459 		    &sa6->sin6_addr)) != 0)
460 			return (error);
461 		ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
462 	} else
463 		ia = NULL;
464 
465 	switch (cmd) {
466 	case SIOCSIFADDR_IN6:
467 	case SIOCSIFDSTADDR_IN6:
468 	case SIOCSIFNETMASK_IN6:
469 		/*
470 		 * Since IPv6 allows a node to assign multiple addresses
471 		 * on a single interface, SIOCSIFxxx ioctls are deprecated.
472 		 */
473 		/* we decided to obsolete this command (20000704) */
474 		error = EINVAL;
475 		goto out;
476 
477 	case SIOCDIFADDR_IN6:
478 		/*
479 		 * for IPv4, we look for existing in_ifaddr here to allow
480 		 * "ifconfig if0 delete" to remove the first IPv4 address on
481 		 * the interface.  For IPv6, as the spec allows multiple
482 		 * interface address from the day one, we consider "remove the
483 		 * first one" semantics to be not preferable.
484 		 */
485 		if (ia == NULL) {
486 			error = EADDRNOTAVAIL;
487 			goto out;
488 		}
489 		/* FALLTHROUGH */
490 	case SIOCAIFADDR_IN6:
491 		/*
492 		 * We always require users to specify a valid IPv6 address for
493 		 * the corresponding operation.
494 		 */
495 		if (ifra->ifra_addr.sin6_family != AF_INET6 ||
496 		    ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
497 			error = EAFNOSUPPORT;
498 			goto out;
499 		}
500 
501 		if (td != NULL) {
502 			error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ?
503 			    PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
504 			if (error)
505 				goto out;
506 		}
507 		break;
508 
509 	case SIOCGIFADDR_IN6:
510 		/* This interface is basically deprecated. use SIOCGIFCONF. */
511 		/* FALLTHROUGH */
512 	case SIOCGIFAFLAG_IN6:
513 	case SIOCGIFNETMASK_IN6:
514 	case SIOCGIFDSTADDR_IN6:
515 	case SIOCGIFALIFETIME_IN6:
516 		/* must think again about its semantics */
517 		if (ia == NULL) {
518 			error = EADDRNOTAVAIL;
519 			goto out;
520 		}
521 		break;
522 
523 	case SIOCSIFALIFETIME_IN6:
524 	    {
525 		struct in6_addrlifetime *lt;
526 
527 		if (td != NULL) {
528 			error = priv_check(td, PRIV_NETINET_ALIFETIME6);
529 			if (error)
530 				goto out;
531 		}
532 		if (ia == NULL) {
533 			error = EADDRNOTAVAIL;
534 			goto out;
535 		}
536 		/* sanity for overflow - beware unsigned */
537 		lt = &ifr->ifr_ifru.ifru_lifetime;
538 		if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME &&
539 		    lt->ia6t_vltime + time_uptime < time_uptime) {
540 			error = EINVAL;
541 			goto out;
542 		}
543 		if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME &&
544 		    lt->ia6t_pltime + time_uptime < time_uptime) {
545 			error = EINVAL;
546 			goto out;
547 		}
548 		break;
549 	    }
550 	}
551 
552 	switch (cmd) {
553 	case SIOCGIFADDR_IN6:
554 		ifr->ifr_addr = ia->ia_addr;
555 		if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
556 			goto out;
557 		break;
558 
559 	case SIOCGIFDSTADDR_IN6:
560 		if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
561 			error = EINVAL;
562 			goto out;
563 		}
564 		/*
565 		 * XXX: should we check if ifa_dstaddr is NULL and return
566 		 * an error?
567 		 */
568 		ifr->ifr_dstaddr = ia->ia_dstaddr;
569 		if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0)
570 			goto out;
571 		break;
572 
573 	case SIOCGIFNETMASK_IN6:
574 		ifr->ifr_addr = ia->ia_prefixmask;
575 		break;
576 
577 	case SIOCGIFAFLAG_IN6:
578 		ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
579 		break;
580 
581 	case SIOCGIFSTAT_IN6:
582 		if (ifp == NULL) {
583 			error = EINVAL;
584 			goto out;
585 		}
586 		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
587 		    ifp->if_afdata[AF_INET6])->in6_ifstat,
588 		    &ifr->ifr_ifru.ifru_stat,
589 		    sizeof(struct in6_ifstat) / sizeof(uint64_t));
590 		break;
591 
592 	case SIOCGIFSTAT_ICMP6:
593 		if (ifp == NULL) {
594 			error = EINVAL;
595 			goto out;
596 		}
597 		COUNTER_ARRAY_COPY(((struct in6_ifextra *)
598 		    ifp->if_afdata[AF_INET6])->icmp6_ifstat,
599 		    &ifr->ifr_ifru.ifru_icmp6stat,
600 		    sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
601 		break;
602 
603 	case SIOCGIFALIFETIME_IN6:
604 		ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
605 		if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
606 			time_t maxexpire;
607 			struct in6_addrlifetime *retlt =
608 			    &ifr->ifr_ifru.ifru_lifetime;
609 
610 			/*
611 			 * XXX: adjust expiration time assuming time_t is
612 			 * signed.
613 			 */
614 			maxexpire = (-1) &
615 			    ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
616 			if (ia->ia6_lifetime.ia6t_vltime <
617 			    maxexpire - ia->ia6_updatetime) {
618 				retlt->ia6t_expire = ia->ia6_updatetime +
619 				    ia->ia6_lifetime.ia6t_vltime;
620 			} else
621 				retlt->ia6t_expire = maxexpire;
622 		}
623 		if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
624 			time_t maxexpire;
625 			struct in6_addrlifetime *retlt =
626 			    &ifr->ifr_ifru.ifru_lifetime;
627 
628 			/*
629 			 * XXX: adjust expiration time assuming time_t is
630 			 * signed.
631 			 */
632 			maxexpire = (-1) &
633 			    ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
634 			if (ia->ia6_lifetime.ia6t_pltime <
635 			    maxexpire - ia->ia6_updatetime) {
636 				retlt->ia6t_preferred = ia->ia6_updatetime +
637 				    ia->ia6_lifetime.ia6t_pltime;
638 			} else
639 				retlt->ia6t_preferred = maxexpire;
640 		}
641 		break;
642 
643 	case SIOCSIFALIFETIME_IN6:
644 		ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime;
645 		/* for sanity */
646 		if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
647 			ia->ia6_lifetime.ia6t_expire =
648 				time_uptime + ia->ia6_lifetime.ia6t_vltime;
649 		} else
650 			ia->ia6_lifetime.ia6t_expire = 0;
651 		if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
652 			ia->ia6_lifetime.ia6t_preferred =
653 				time_uptime + ia->ia6_lifetime.ia6t_pltime;
654 		} else
655 			ia->ia6_lifetime.ia6t_preferred = 0;
656 		break;
657 
658 	case SIOCAIFADDR_IN6:
659 	{
660 		int i;
661 		struct nd_prefixctl pr0;
662 		struct nd_prefix *pr;
663 
664 		/*
665 		 * first, make or update the interface address structure,
666 		 * and link it to the list.
667 		 */
668 		if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0)
669 			goto out;
670 		if (ia != NULL)
671 			ifa_free(&ia->ia_ifa);
672 		if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
673 		    == NULL) {
674 			/*
675 			 * this can happen when the user specify the 0 valid
676 			 * lifetime.
677 			 */
678 			break;
679 		}
680 
681 		if (cmd == ocmd && ifra->ifra_vhid > 0) {
682 			if (carp_attach_p != NULL)
683 				error = (*carp_attach_p)(&ia->ia_ifa,
684 				    ifra->ifra_vhid);
685 			else
686 				error = EPROTONOSUPPORT;
687 			if (error)
688 				goto out;
689 			else
690 				carp_attached = 1;
691 		}
692 
693 		/*
694 		 * then, make the prefix on-link on the interface.
695 		 * XXX: we'd rather create the prefix before the address, but
696 		 * we need at least one address to install the corresponding
697 		 * interface route, so we configure the address first.
698 		 */
699 
700 		/*
701 		 * convert mask to prefix length (prefixmask has already
702 		 * been validated in in6_update_ifa().
703 		 */
704 		bzero(&pr0, sizeof(pr0));
705 		pr0.ndpr_ifp = ifp;
706 		pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
707 		    NULL);
708 		if (pr0.ndpr_plen == 128) {
709 			break;	/* we don't need to install a host route. */
710 		}
711 		pr0.ndpr_prefix = ifra->ifra_addr;
712 		/* apply the mask for safety. */
713 		for (i = 0; i < 4; i++) {
714 			pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
715 			    ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
716 		}
717 		/*
718 		 * XXX: since we don't have an API to set prefix (not address)
719 		 * lifetimes, we just use the same lifetimes as addresses.
720 		 * The (temporarily) installed lifetimes can be overridden by
721 		 * later advertised RAs (when accept_rtadv is non 0), which is
722 		 * an intended behavior.
723 		 */
724 		pr0.ndpr_raf_onlink = 1; /* should be configurable? */
725 		pr0.ndpr_raf_auto =
726 		    ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
727 		pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
728 		pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
729 
730 		/* add the prefix if not yet. */
731 		if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
732 			/*
733 			 * nd6_prelist_add will install the corresponding
734 			 * interface route.
735 			 */
736 			if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) {
737 				if (carp_attached)
738 					(*carp_detach_p)(&ia->ia_ifa);
739 				goto out;
740 			}
741 			if (pr == NULL) {
742 				if (carp_attached)
743 					(*carp_detach_p)(&ia->ia_ifa);
744 				log(LOG_ERR, "nd6_prelist_add succeeded but "
745 				    "no prefix\n");
746 				error = EINVAL;
747 				goto out;
748 			}
749 		}
750 
751 		/* relate the address to the prefix */
752 		if (ia->ia6_ndpr == NULL) {
753 			ia->ia6_ndpr = pr;
754 			pr->ndpr_refcnt++;
755 
756 			/*
757 			 * If this is the first autoconf address from the
758 			 * prefix, create a temporary address as well
759 			 * (when required).
760 			 */
761 			if ((ia->ia6_flags & IN6_IFF_AUTOCONF) &&
762 			    V_ip6_use_tempaddr && pr->ndpr_refcnt == 1) {
763 				int e;
764 				if ((e = in6_tmpifadd(ia, 1, 0)) != 0) {
765 					log(LOG_NOTICE, "in6_control: failed "
766 					    "to create a temporary address, "
767 					    "errno=%d\n", e);
768 				}
769 			}
770 		}
771 
772 		/*
773 		 * this might affect the status of autoconfigured addresses,
774 		 * that is, this address might make other addresses detached.
775 		 */
776 		pfxlist_onlink_check();
777 		if (error == 0 && ia) {
778 			if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
779 				/*
780 				 * Try to clear the flag when a new
781 				 * IPv6 address is added onto an
782 				 * IFDISABLED interface and it
783 				 * succeeds.
784 				 */
785 				struct in6_ndireq nd;
786 
787 				memset(&nd, 0, sizeof(nd));
788 				nd.ndi.flags = ND_IFINFO(ifp)->flags;
789 				nd.ndi.flags &= ~ND6_IFF_IFDISABLED;
790 				if (nd6_ioctl(SIOCSIFINFO_FLAGS,
791 				    (caddr_t)&nd, ifp) < 0)
792 					log(LOG_NOTICE, "SIOCAIFADDR_IN6: "
793 					    "SIOCSIFINFO_FLAGS for -ifdisabled "
794 					    "failed.");
795 				/*
796 				 * Ignore failure of clearing the flag
797 				 * intentionally.  The failure means
798 				 * address duplication was detected.
799 				 */
800 			}
801 			EVENTHANDLER_INVOKE(ifaddr_event, ifp);
802 		}
803 		break;
804 	}
805 
806 	case SIOCDIFADDR_IN6:
807 	{
808 		struct nd_prefix *pr;
809 
810 		/*
811 		 * If the address being deleted is the only one that owns
812 		 * the corresponding prefix, expire the prefix as well.
813 		 * XXX: theoretically, we don't have to worry about such
814 		 * relationship, since we separate the address management
815 		 * and the prefix management.  We do this, however, to provide
816 		 * as much backward compatibility as possible in terms of
817 		 * the ioctl operation.
818 		 * Note that in6_purgeaddr() will decrement ndpr_refcnt.
819 		 */
820 		pr = ia->ia6_ndpr;
821 		in6_purgeaddr(&ia->ia_ifa);
822 		if (pr && pr->ndpr_refcnt == 0)
823 			prelist_remove(pr);
824 		EVENTHANDLER_INVOKE(ifaddr_event, ifp);
825 		break;
826 	}
827 
828 	default:
829 		if (ifp == NULL || ifp->if_ioctl == 0) {
830 			error = EOPNOTSUPP;
831 			goto out;
832 		}
833 		error = (*ifp->if_ioctl)(ifp, cmd, data);
834 		goto out;
835 	}
836 
837 	error = 0;
838 out:
839 	if (ia != NULL)
840 		ifa_free(&ia->ia_ifa);
841 	return (error);
842 }
843 
844 
845 /*
846  * Join necessary multicast groups.  Factored out from in6_update_ifa().
847  * This entire work should only be done once, for the default FIB.
848  */
849 static int
850 in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra,
851     struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol)
852 {
853 	char ip6buf[INET6_ADDRSTRLEN];
854 	struct sockaddr_in6 mltaddr, mltmask;
855 	struct in6_addr llsol;
856 	struct in6_multi_mship *imm;
857 	struct rtentry *rt;
858 	int delay, error;
859 
860 	KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__));
861 
862 	/* Join solicited multicast addr for new host id. */
863 	bzero(&llsol, sizeof(struct in6_addr));
864 	llsol.s6_addr32[0] = IPV6_ADDR_INT32_MLL;
865 	llsol.s6_addr32[1] = 0;
866 	llsol.s6_addr32[2] = htonl(1);
867 	llsol.s6_addr32[3] = ifra->ifra_addr.sin6_addr.s6_addr32[3];
868 	llsol.s6_addr8[12] = 0xff;
869 	if ((error = in6_setscope(&llsol, ifp, NULL)) != 0) {
870 		/* XXX: should not happen */
871 		log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
872 		goto cleanup;
873 	}
874 	delay = 0;
875 	if ((flags & IN6_IFAUPDATE_DADDELAY)) {
876 		/*
877 		 * We need a random delay for DAD on the address being
878 		 * configured.  It also means delaying transmission of the
879 		 * corresponding MLD report to avoid report collision.
880 		 * [RFC 4861, Section 6.3.7]
881 		 */
882 		delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
883 	}
884 	imm = in6_joingroup(ifp, &llsol, &error, delay);
885 	if (imm == NULL) {
886 		nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s "
887 		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &llsol),
888 		    if_name(ifp), error));
889 		goto cleanup;
890 	}
891 	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
892 	*in6m_sol = imm->i6mm_maddr;
893 
894 	bzero(&mltmask, sizeof(mltmask));
895 	mltmask.sin6_len = sizeof(struct sockaddr_in6);
896 	mltmask.sin6_family = AF_INET6;
897 	mltmask.sin6_addr = in6mask32;
898 #define	MLTMASK_LEN  4	/* mltmask's masklen (=32bit=4octet) */
899 
900 	/*
901 	 * Join link-local all-nodes address.
902 	 */
903 	bzero(&mltaddr, sizeof(mltaddr));
904 	mltaddr.sin6_len = sizeof(struct sockaddr_in6);
905 	mltaddr.sin6_family = AF_INET6;
906 	mltaddr.sin6_addr = in6addr_linklocal_allnodes;
907 	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0)
908 		goto cleanup; /* XXX: should not fail */
909 
910 	/*
911 	 * XXX: do we really need this automatic routes?  We should probably
912 	 * reconsider this stuff.  Most applications actually do not need the
913 	 * routes, since they usually specify the outgoing interface.
914 	 */
915 	rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB);
916 	if (rt != NULL) {
917 		/* XXX: only works in !SCOPEDROUTING case. */
918 		if (memcmp(&mltaddr.sin6_addr,
919 		    &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr,
920 		    MLTMASK_LEN)) {
921 			RTFREE_LOCKED(rt);
922 			rt = NULL;
923 		}
924 	}
925 	if (rt == NULL) {
926 		error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr,
927 		    (struct sockaddr *)&ia->ia_addr,
928 		    (struct sockaddr *)&mltmask, RTF_UP,
929 		    (struct rtentry **)0, RT_DEFAULT_FIB);
930 		if (error)
931 			goto cleanup;
932 	} else
933 		RTFREE_LOCKED(rt);
934 
935 	imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
936 	if (imm == NULL) {
937 		nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s "
938 		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
939 		    &mltaddr.sin6_addr), if_name(ifp), error));
940 		goto cleanup;
941 	}
942 	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
943 
944 	/*
945 	 * Join node information group address.
946 	 */
947 	delay = 0;
948 	if ((flags & IN6_IFAUPDATE_DADDELAY)) {
949 		/*
950 		 * The spec does not say anything about delay for this group,
951 		 * but the same logic should apply.
952 		 */
953 		delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
954 	}
955 	if (in6_nigroup(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) {
956 		/* XXX jinmei */
957 		imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, delay);
958 		if (imm == NULL)
959 			nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s "
960 			    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
961 			    &mltaddr.sin6_addr), if_name(ifp), error));
962 			/* XXX not very fatal, go on... */
963 		else
964 			LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
965 	}
966 	if (V_icmp6_nodeinfo_oldmcprefix &&
967 	     in6_nigroup_oldmcprefix(ifp, NULL, -1, &mltaddr.sin6_addr) == 0) {
968 		imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, delay);
969 		if (imm == NULL)
970 			nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s "
971 			    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
972 			    &mltaddr.sin6_addr), if_name(ifp), error));
973 			/* XXX not very fatal, go on... */
974 		else
975 			LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
976 	}
977 
978 	/*
979 	 * Join interface-local all-nodes address.
980 	 * (ff01::1%ifN, and ff01::%ifN/32)
981 	 */
982 	mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
983 	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0)
984 		goto cleanup; /* XXX: should not fail */
985 	/* XXX: again, do we really need the route? */
986 	rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB);
987 	if (rt != NULL) {
988 		if (memcmp(&mltaddr.sin6_addr,
989 		    &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr,
990 		    MLTMASK_LEN)) {
991 			RTFREE_LOCKED(rt);
992 			rt = NULL;
993 		}
994 	}
995 	if (rt == NULL) {
996 		error = in6_rtrequest(RTM_ADD, (struct sockaddr *)&mltaddr,
997 		    (struct sockaddr *)&ia->ia_addr,
998 		    (struct sockaddr *)&mltmask, RTF_UP,
999 		    (struct rtentry **)0, RT_DEFAULT_FIB);
1000 		if (error)
1001 			goto cleanup;
1002 	} else
1003 		RTFREE_LOCKED(rt);
1004 
1005 	imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error, 0);
1006 	if (imm == NULL) {
1007 		nd6log((LOG_WARNING, "%s: addmulti failed for %s on %s "
1008 		    "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
1009 		    &mltaddr.sin6_addr), if_name(ifp), error));
1010 		goto cleanup;
1011 	}
1012 	LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
1013 #undef	MLTMASK_LEN
1014 
1015 cleanup:
1016 	return (error);
1017 }
1018 
1019 /*
1020  * Update parameters of an IPv6 interface address.
1021  * If necessary, a new entry is created and linked into address chains.
1022  * This function is separated from in6_control().
1023  */
1024 int
1025 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
1026     struct in6_ifaddr *ia, int flags)
1027 {
1028 	int error = 0, hostIsNew = 0, plen = -1;
1029 	struct sockaddr_in6 dst6;
1030 	struct in6_addrlifetime *lt;
1031 	struct in6_multi *in6m_sol;
1032 	int delay;
1033 	char ip6buf[INET6_ADDRSTRLEN];
1034 
1035 	/* Validate parameters */
1036 	if (ifp == NULL || ifra == NULL) /* this maybe redundant */
1037 		return (EINVAL);
1038 
1039 	/*
1040 	 * The destination address for a p2p link must have a family
1041 	 * of AF_UNSPEC or AF_INET6.
1042 	 */
1043 	if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
1044 	    ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
1045 	    ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
1046 		return (EAFNOSUPPORT);
1047 	/*
1048 	 * validate ifra_prefixmask.  don't check sin6_family, netmask
1049 	 * does not carry fields other than sin6_len.
1050 	 */
1051 	if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
1052 		return (EINVAL);
1053 	/*
1054 	 * Because the IPv6 address architecture is classless, we require
1055 	 * users to specify a (non 0) prefix length (mask) for a new address.
1056 	 * We also require the prefix (when specified) mask is valid, and thus
1057 	 * reject a non-consecutive mask.
1058 	 */
1059 	if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
1060 		return (EINVAL);
1061 	if (ifra->ifra_prefixmask.sin6_len != 0) {
1062 		plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
1063 		    (u_char *)&ifra->ifra_prefixmask +
1064 		    ifra->ifra_prefixmask.sin6_len);
1065 		if (plen <= 0)
1066 			return (EINVAL);
1067 	} else {
1068 		/*
1069 		 * In this case, ia must not be NULL.  We just use its prefix
1070 		 * length.
1071 		 */
1072 		plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1073 	}
1074 	/*
1075 	 * If the destination address on a p2p interface is specified,
1076 	 * and the address is a scoped one, validate/set the scope
1077 	 * zone identifier.
1078 	 */
1079 	dst6 = ifra->ifra_dstaddr;
1080 	if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 &&
1081 	    (dst6.sin6_family == AF_INET6)) {
1082 		struct in6_addr in6_tmp;
1083 		u_int32_t zoneid;
1084 
1085 		in6_tmp = dst6.sin6_addr;
1086 		if (in6_setscope(&in6_tmp, ifp, &zoneid))
1087 			return (EINVAL); /* XXX: should be impossible */
1088 
1089 		if (dst6.sin6_scope_id != 0) {
1090 			if (dst6.sin6_scope_id != zoneid)
1091 				return (EINVAL);
1092 		} else		/* user omit to specify the ID. */
1093 			dst6.sin6_scope_id = zoneid;
1094 
1095 		/* convert into the internal form */
1096 		if (sa6_embedscope(&dst6, 0))
1097 			return (EINVAL); /* XXX: should be impossible */
1098 	}
1099 	/*
1100 	 * The destination address can be specified only for a p2p or a
1101 	 * loopback interface.  If specified, the corresponding prefix length
1102 	 * must be 128.
1103 	 */
1104 	if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
1105 		if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
1106 			/* XXX: noisy message */
1107 			nd6log((LOG_INFO, "in6_update_ifa: a destination can "
1108 			    "be specified for a p2p or a loopback IF only\n"));
1109 			return (EINVAL);
1110 		}
1111 		if (plen != 128) {
1112 			nd6log((LOG_INFO, "in6_update_ifa: prefixlen should "
1113 			    "be 128 when dstaddr is specified\n"));
1114 			return (EINVAL);
1115 		}
1116 	}
1117 	/* lifetime consistency check */
1118 	lt = &ifra->ifra_lifetime;
1119 	if (lt->ia6t_pltime > lt->ia6t_vltime)
1120 		return (EINVAL);
1121 	if (lt->ia6t_vltime == 0) {
1122 		/*
1123 		 * the following log might be noisy, but this is a typical
1124 		 * configuration mistake or a tool's bug.
1125 		 */
1126 		nd6log((LOG_INFO,
1127 		    "in6_update_ifa: valid lifetime is 0 for %s\n",
1128 		    ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr)));
1129 
1130 		if (ia == NULL)
1131 			return (0); /* there's nothing to do */
1132 	}
1133 
1134 	/*
1135 	 * If this is a new address, allocate a new ifaddr and link it
1136 	 * into chains.
1137 	 */
1138 	if (ia == NULL) {
1139 		hostIsNew = 1;
1140 		/*
1141 		 * When in6_update_ifa() is called in a process of a received
1142 		 * RA, it is called under an interrupt context.  So, we should
1143 		 * call malloc with M_NOWAIT.
1144 		 */
1145 		ia = (struct in6_ifaddr *)ifa_alloc(sizeof(*ia), M_NOWAIT);
1146 		if (ia == NULL)
1147 			return (ENOBUFS);
1148 		LIST_INIT(&ia->ia6_memberships);
1149 		/* Initialize the address and masks, and put time stamp */
1150 		ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
1151 		ia->ia_addr.sin6_family = AF_INET6;
1152 		ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
1153 		ia->ia6_createtime = time_uptime;
1154 		if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
1155 			/*
1156 			 * XXX: some functions expect that ifa_dstaddr is not
1157 			 * NULL for p2p interfaces.
1158 			 */
1159 			ia->ia_ifa.ifa_dstaddr =
1160 			    (struct sockaddr *)&ia->ia_dstaddr;
1161 		} else {
1162 			ia->ia_ifa.ifa_dstaddr = NULL;
1163 		}
1164 		ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
1165 		ia->ia_ifp = ifp;
1166 		ifa_ref(&ia->ia_ifa);			/* if_addrhead */
1167 		IF_ADDR_WLOCK(ifp);
1168 		TAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link);
1169 		IF_ADDR_WUNLOCK(ifp);
1170 
1171 		ifa_ref(&ia->ia_ifa);			/* in6_ifaddrhead */
1172 		IN6_IFADDR_WLOCK();
1173 		TAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link);
1174 		LIST_INSERT_HEAD(IN6ADDR_HASH(&ifra->ifra_addr.sin6_addr),
1175 		    ia, ia6_hash);
1176 		IN6_IFADDR_WUNLOCK();
1177 	}
1178 
1179 	/* update timestamp */
1180 	ia->ia6_updatetime = time_uptime;
1181 
1182 	/* set prefix mask */
1183 	if (ifra->ifra_prefixmask.sin6_len) {
1184 		/*
1185 		 * We prohibit changing the prefix length of an existing
1186 		 * address, because
1187 		 * + such an operation should be rare in IPv6, and
1188 		 * + the operation would confuse prefix management.
1189 		 */
1190 		if (ia->ia_prefixmask.sin6_len &&
1191 		    in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
1192 			nd6log((LOG_INFO, "in6_update_ifa: the prefix length of an"
1193 			    " existing (%s) address should not be changed\n",
1194 			    ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1195 			error = EINVAL;
1196 			goto unlink;
1197 		}
1198 		ia->ia_prefixmask = ifra->ifra_prefixmask;
1199 		ia->ia_prefixmask.sin6_family = AF_INET6;
1200 	}
1201 
1202 	/*
1203 	 * If a new destination address is specified, scrub the old one and
1204 	 * install the new destination.  Note that the interface must be
1205 	 * p2p or loopback (see the check above.)
1206 	 */
1207 	if (dst6.sin6_family == AF_INET6 &&
1208 	    !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr, &ia->ia_dstaddr.sin6_addr)) {
1209 		int e;
1210 
1211 		if ((ia->ia_flags & IFA_ROUTE) != 0 &&
1212 		    (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) != 0) {
1213 			nd6log((LOG_ERR, "in6_update_ifa: failed to remove "
1214 			    "a route to the old destination: %s\n",
1215 			    ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1216 			/* proceed anyway... */
1217 		} else
1218 			ia->ia_flags &= ~IFA_ROUTE;
1219 		ia->ia_dstaddr = dst6;
1220 	}
1221 
1222 	/*
1223 	 * Set lifetimes.  We do not refer to ia6t_expire and ia6t_preferred
1224 	 * to see if the address is deprecated or invalidated, but initialize
1225 	 * these members for applications.
1226 	 */
1227 	ia->ia6_lifetime = ifra->ifra_lifetime;
1228 	if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1229 		ia->ia6_lifetime.ia6t_expire =
1230 		    time_uptime + ia->ia6_lifetime.ia6t_vltime;
1231 	} else
1232 		ia->ia6_lifetime.ia6t_expire = 0;
1233 	if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1234 		ia->ia6_lifetime.ia6t_preferred =
1235 		    time_uptime + ia->ia6_lifetime.ia6t_pltime;
1236 	} else
1237 		ia->ia6_lifetime.ia6t_preferred = 0;
1238 
1239 	/* reset the interface and routing table appropriately. */
1240 	if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0)
1241 		goto unlink;
1242 
1243 	/*
1244 	 * configure address flags.
1245 	 */
1246 	ia->ia6_flags = ifra->ifra_flags;
1247 	/*
1248 	 * backward compatibility - if IN6_IFF_DEPRECATED is set from the
1249 	 * userland, make it deprecated.
1250 	 */
1251 	if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
1252 		ia->ia6_lifetime.ia6t_pltime = 0;
1253 		ia->ia6_lifetime.ia6t_preferred = time_uptime;
1254 	}
1255 	/*
1256 	 * Make the address tentative before joining multicast addresses,
1257 	 * so that corresponding MLD responses would not have a tentative
1258 	 * source address.
1259 	 */
1260 	ia->ia6_flags &= ~IN6_IFF_DUPLICATED;	/* safety */
1261 	if (hostIsNew && in6if_do_dad(ifp))
1262 		ia->ia6_flags |= IN6_IFF_TENTATIVE;
1263 
1264 	/* DAD should be performed after ND6_IFF_IFDISABLED is cleared. */
1265 	if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)
1266 		ia->ia6_flags |= IN6_IFF_TENTATIVE;
1267 
1268 	/*
1269 	 * We are done if we have simply modified an existing address.
1270 	 */
1271 	if (!hostIsNew)
1272 		return (error);
1273 
1274 	/*
1275 	 * Beyond this point, we should call in6_purgeaddr upon an error,
1276 	 * not just go to unlink.
1277 	 */
1278 
1279 	/* Join necessary multicast groups. */
1280 	in6m_sol = NULL;
1281 	if ((ifp->if_flags & IFF_MULTICAST) != 0) {
1282 		error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol);
1283 		if (error)
1284 			goto cleanup;
1285 	}
1286 
1287 	/*
1288 	 * Perform DAD, if needed.
1289 	 * XXX It may be of use, if we can administratively disable DAD.
1290 	 */
1291 	if (in6if_do_dad(ifp) && ((ifra->ifra_flags & IN6_IFF_NODAD) == 0) &&
1292 	    (ia->ia6_flags & IN6_IFF_TENTATIVE))
1293 	{
1294 		int mindelay, maxdelay;
1295 
1296 		delay = 0;
1297 		if ((flags & IN6_IFAUPDATE_DADDELAY)) {
1298 			/*
1299 			 * We need to impose a delay before sending an NS
1300 			 * for DAD.  Check if we also needed a delay for the
1301 			 * corresponding MLD message.  If we did, the delay
1302 			 * should be larger than the MLD delay (this could be
1303 			 * relaxed a bit, but this simple logic is at least
1304 			 * safe).
1305 			 * XXX: Break data hiding guidelines and look at
1306 			 * state for the solicited multicast group.
1307 			 */
1308 			mindelay = 0;
1309 			if (in6m_sol != NULL &&
1310 			    in6m_sol->in6m_state == MLD_REPORTING_MEMBER) {
1311 				mindelay = in6m_sol->in6m_timer;
1312 			}
1313 			maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
1314 			if (maxdelay - mindelay == 0)
1315 				delay = 0;
1316 			else {
1317 				delay =
1318 				    (arc4random() % (maxdelay - mindelay)) +
1319 				    mindelay;
1320 			}
1321 		}
1322 		nd6_dad_start((struct ifaddr *)ia, delay);
1323 	}
1324 
1325 	KASSERT(hostIsNew, ("in6_update_ifa: !hostIsNew"));
1326 	ifa_free(&ia->ia_ifa);
1327 	return (error);
1328 
1329   unlink:
1330 	/*
1331 	 * XXX: if a change of an existing address failed, keep the entry
1332 	 * anyway.
1333 	 */
1334 	if (hostIsNew) {
1335 		in6_unlink_ifa(ia, ifp);
1336 		ifa_free(&ia->ia_ifa);
1337 	}
1338 	return (error);
1339 
1340   cleanup:
1341 	KASSERT(hostIsNew, ("in6_update_ifa: cleanup: !hostIsNew"));
1342 	ifa_free(&ia->ia_ifa);
1343 	in6_purgeaddr(&ia->ia_ifa);
1344 	return error;
1345 }
1346 
1347 /*
1348  * Leave multicast groups.  Factored out from in6_purgeaddr().
1349  * This entire work should only be done once, for the default FIB.
1350  */
1351 static int
1352 in6_purgeaddr_mc(struct ifnet *ifp, struct in6_ifaddr *ia, struct ifaddr *ifa0)
1353 {
1354 	struct sockaddr_in6 mltaddr, mltmask;
1355 	struct in6_multi_mship *imm;
1356 	struct rtentry *rt;
1357 	struct sockaddr_in6 sin6;
1358 	int error;
1359 
1360 	/*
1361 	 * Leave from multicast groups we have joined for the interface.
1362 	 */
1363 	while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) {
1364 		LIST_REMOVE(imm, i6mm_chain);
1365 		in6_leavegroup(imm);
1366 	}
1367 
1368 	/*
1369 	 * Remove the link-local all-nodes address.
1370 	 */
1371 	bzero(&mltmask, sizeof(mltmask));
1372 	mltmask.sin6_len = sizeof(struct sockaddr_in6);
1373 	mltmask.sin6_family = AF_INET6;
1374 	mltmask.sin6_addr = in6mask32;
1375 
1376 	bzero(&mltaddr, sizeof(mltaddr));
1377 	mltaddr.sin6_len = sizeof(struct sockaddr_in6);
1378 	mltaddr.sin6_family = AF_INET6;
1379 	mltaddr.sin6_addr = in6addr_linklocal_allnodes;
1380 
1381 	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0)
1382 		return (error);
1383 
1384 	/*
1385 	 * As for the mltaddr above, proactively prepare the sin6 to avoid
1386 	 * rtentry un- and re-locking.
1387 	 */
1388 	if (ifa0 != NULL) {
1389 		bzero(&sin6, sizeof(sin6));
1390 		sin6.sin6_len = sizeof(sin6);
1391 		sin6.sin6_family = AF_INET6;
1392 		memcpy(&sin6.sin6_addr, &satosin6(ifa0->ifa_addr)->sin6_addr,
1393 		    sizeof(sin6.sin6_addr));
1394 		error = in6_setscope(&sin6.sin6_addr, ifa0->ifa_ifp, NULL);
1395 		if (error != 0)
1396 			return (error);
1397 	}
1398 
1399 	rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB);
1400 	if (rt != NULL && rt->rt_gateway != NULL &&
1401 	    (memcmp(&satosin6(rt->rt_gateway)->sin6_addr,
1402 		    &ia->ia_addr.sin6_addr,
1403 		    sizeof(ia->ia_addr.sin6_addr)) == 0)) {
1404 		/*
1405 		 * If no more IPv6 address exists on this interface then
1406 		 * remove the multicast address route.
1407 		 */
1408 		if (ifa0 == NULL) {
1409 			memcpy(&mltaddr.sin6_addr,
1410 			    &satosin6(rt_key(rt))->sin6_addr,
1411 			    sizeof(mltaddr.sin6_addr));
1412 			RTFREE_LOCKED(rt);
1413 			error = in6_rtrequest(RTM_DELETE,
1414 			    (struct sockaddr *)&mltaddr,
1415 			    (struct sockaddr *)&ia->ia_addr,
1416 			    (struct sockaddr *)&mltmask, RTF_UP,
1417 			    (struct rtentry **)0, RT_DEFAULT_FIB);
1418 			if (error)
1419 				log(LOG_INFO, "%s: link-local all-nodes "
1420 				    "multicast address deletion error\n",
1421 				    __func__);
1422 		} else {
1423 			/*
1424 			 * Replace the gateway of the route.
1425 			 */
1426 			memcpy(rt->rt_gateway, &sin6, sizeof(sin6));
1427 			RTFREE_LOCKED(rt);
1428 		}
1429 	} else {
1430 		if (rt != NULL)
1431 			RTFREE_LOCKED(rt);
1432 	}
1433 
1434 	/*
1435 	 * Remove the node-local all-nodes address.
1436 	 */
1437 	mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
1438 	if ((error = in6_setscope(&mltaddr.sin6_addr, ifp, NULL)) != 0)
1439 		return (error);
1440 
1441 	rt = in6_rtalloc1((struct sockaddr *)&mltaddr, 0, 0UL, RT_DEFAULT_FIB);
1442 	if (rt != NULL && rt->rt_gateway != NULL &&
1443 	    (memcmp(&satosin6(rt->rt_gateway)->sin6_addr,
1444 		    &ia->ia_addr.sin6_addr,
1445 		    sizeof(ia->ia_addr.sin6_addr)) == 0)) {
1446 		/*
1447 		 * If no more IPv6 address exists on this interface then
1448 		 * remove the multicast address route.
1449 		 */
1450 		if (ifa0 == NULL) {
1451 			memcpy(&mltaddr.sin6_addr,
1452 			    &satosin6(rt_key(rt))->sin6_addr,
1453 			    sizeof(mltaddr.sin6_addr));
1454 
1455 			RTFREE_LOCKED(rt);
1456 			error = in6_rtrequest(RTM_DELETE,
1457 			    (struct sockaddr *)&mltaddr,
1458 			    (struct sockaddr *)&ia->ia_addr,
1459 			    (struct sockaddr *)&mltmask, RTF_UP,
1460 			    (struct rtentry **)0, RT_DEFAULT_FIB);
1461 			if (error)
1462 				log(LOG_INFO, "%s: node-local all-nodes"
1463 				    "multicast address deletion error\n",
1464 				    __func__);
1465 		} else {
1466 			/*
1467 			 * Replace the gateway of the route.
1468 			 */
1469 			memcpy(rt->rt_gateway, &sin6, sizeof(sin6));
1470 			RTFREE_LOCKED(rt);
1471 		}
1472 	} else {
1473 		if (rt != NULL)
1474 			RTFREE_LOCKED(rt);
1475 	}
1476 
1477 	return (0);
1478 }
1479 
1480 void
1481 in6_purgeaddr(struct ifaddr *ifa)
1482 {
1483 	struct ifnet *ifp = ifa->ifa_ifp;
1484 	struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
1485 	int plen, error;
1486 	struct ifaddr *ifa0;
1487 
1488 	if (ifa->ifa_carp)
1489 		(*carp_detach_p)(ifa);
1490 
1491 	/*
1492 	 * find another IPv6 address as the gateway for the
1493 	 * link-local and node-local all-nodes multicast
1494 	 * address routes
1495 	 */
1496 	IF_ADDR_RLOCK(ifp);
1497 	TAILQ_FOREACH(ifa0, &ifp->if_addrhead, ifa_link) {
1498 		if ((ifa0->ifa_addr->sa_family != AF_INET6) ||
1499 		    memcmp(&satosin6(ifa0->ifa_addr)->sin6_addr,
1500 		    &ia->ia_addr.sin6_addr, sizeof(struct in6_addr)) == 0)
1501 			continue;
1502 		else
1503 			break;
1504 	}
1505 	if (ifa0 != NULL)
1506 		ifa_ref(ifa0);
1507 	IF_ADDR_RUNLOCK(ifp);
1508 
1509 	/*
1510 	 * Remove the loopback route to the interface address.
1511 	 * The check for the current setting of "nd6_useloopback"
1512 	 * is not needed.
1513 	 */
1514 	if (ia->ia_flags & IFA_RTSELF) {
1515 		error = ifa_del_loopback_route((struct ifaddr *)ia,
1516 		    (struct sockaddr *)&ia->ia_addr);
1517 		if (error == 0)
1518 			ia->ia_flags &= ~IFA_RTSELF;
1519 	}
1520 
1521 	/* stop DAD processing */
1522 	nd6_dad_stop(ifa);
1523 
1524 	/* Remove local address entry from lltable. */
1525 	in6_ifremloop(ifa);
1526 
1527 	/* Leave multicast groups. */
1528 	error = in6_purgeaddr_mc(ifp, ia, ifa0);
1529 
1530 	if (ifa0 != NULL)
1531 		ifa_free(ifa0);
1532 
1533 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1534 	if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
1535 		error = rtinit(&(ia->ia_ifa), RTM_DELETE, ia->ia_flags |
1536 		    (ia->ia_dstaddr.sin6_family == AF_INET6) ? RTF_HOST : 0);
1537 		if (error != 0)
1538 			log(LOG_INFO, "%s: err=%d, destination address delete "
1539 			    "failed\n", __func__, error);
1540 		ia->ia_flags &= ~IFA_ROUTE;
1541 	}
1542 
1543 	in6_unlink_ifa(ia, ifp);
1544 }
1545 
1546 static void
1547 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
1548 {
1549 
1550 	IF_ADDR_WLOCK(ifp);
1551 	TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link);
1552 	IF_ADDR_WUNLOCK(ifp);
1553 	ifa_free(&ia->ia_ifa);			/* if_addrhead */
1554 
1555 	/*
1556 	 * Defer the release of what might be the last reference to the
1557 	 * in6_ifaddr so that it can't be freed before the remainder of the
1558 	 * cleanup.
1559 	 */
1560 	IN6_IFADDR_WLOCK();
1561 	TAILQ_REMOVE(&V_in6_ifaddrhead, ia, ia_link);
1562 	LIST_REMOVE(ia, ia6_hash);
1563 	IN6_IFADDR_WUNLOCK();
1564 
1565 	/*
1566 	 * Release the reference to the base prefix.  There should be a
1567 	 * positive reference.
1568 	 */
1569 	if (ia->ia6_ndpr == NULL) {
1570 		nd6log((LOG_NOTICE,
1571 		    "in6_unlink_ifa: autoconf'ed address "
1572 		    "%p has no prefix\n", ia));
1573 	} else {
1574 		ia->ia6_ndpr->ndpr_refcnt--;
1575 		ia->ia6_ndpr = NULL;
1576 	}
1577 
1578 	/*
1579 	 * Also, if the address being removed is autoconf'ed, call
1580 	 * pfxlist_onlink_check() since the release might affect the status of
1581 	 * other (detached) addresses.
1582 	 */
1583 	if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) {
1584 		pfxlist_onlink_check();
1585 	}
1586 	ifa_free(&ia->ia_ifa);			/* in6_ifaddrhead */
1587 }
1588 
1589 void
1590 in6_purgeif(struct ifnet *ifp)
1591 {
1592 	struct ifaddr *ifa, *nifa;
1593 
1594 	TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, nifa) {
1595 		if (ifa->ifa_addr->sa_family != AF_INET6)
1596 			continue;
1597 		in6_purgeaddr(ifa);
1598 	}
1599 
1600 	in6_ifdetach(ifp);
1601 }
1602 
1603 /*
1604  * SIOC[GAD]LIFADDR.
1605  *	SIOCGLIFADDR: get first address. (?)
1606  *	SIOCGLIFADDR with IFLR_PREFIX:
1607  *		get first address that matches the specified prefix.
1608  *	SIOCALIFADDR: add the specified address.
1609  *	SIOCALIFADDR with IFLR_PREFIX:
1610  *		add the specified prefix, filling hostid part from
1611  *		the first link-local address.  prefixlen must be <= 64.
1612  *	SIOCDLIFADDR: delete the specified address.
1613  *	SIOCDLIFADDR with IFLR_PREFIX:
1614  *		delete the first address that matches the specified prefix.
1615  * return values:
1616  *	EINVAL on invalid parameters
1617  *	EADDRNOTAVAIL on prefix match failed/specified address not found
1618  *	other values may be returned from in6_ioctl()
1619  *
1620  * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64.
1621  * this is to accomodate address naming scheme other than RFC2374,
1622  * in the future.
1623  * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374
1624  * address encoding scheme. (see figure on page 8)
1625  */
1626 static int
1627 in6_lifaddr_ioctl(struct socket *so, u_long cmd, caddr_t data,
1628     struct ifnet *ifp, struct thread *td)
1629 {
1630 	struct if_laddrreq *iflr = (struct if_laddrreq *)data;
1631 	struct ifaddr *ifa;
1632 	struct sockaddr *sa;
1633 
1634 	/* sanity checks */
1635 	if (!data || !ifp) {
1636 		panic("invalid argument to in6_lifaddr_ioctl");
1637 		/* NOTREACHED */
1638 	}
1639 
1640 	switch (cmd) {
1641 	case SIOCGLIFADDR:
1642 		/* address must be specified on GET with IFLR_PREFIX */
1643 		if ((iflr->flags & IFLR_PREFIX) == 0)
1644 			break;
1645 		/* FALLTHROUGH */
1646 	case SIOCALIFADDR:
1647 	case SIOCDLIFADDR:
1648 		/* address must be specified on ADD and DELETE */
1649 		sa = (struct sockaddr *)&iflr->addr;
1650 		if (sa->sa_family != AF_INET6)
1651 			return EINVAL;
1652 		if (sa->sa_len != sizeof(struct sockaddr_in6))
1653 			return EINVAL;
1654 		/* XXX need improvement */
1655 		sa = (struct sockaddr *)&iflr->dstaddr;
1656 		if (sa->sa_family && sa->sa_family != AF_INET6)
1657 			return EINVAL;
1658 		if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6))
1659 			return EINVAL;
1660 		break;
1661 	default: /* shouldn't happen */
1662 #if 0
1663 		panic("invalid cmd to in6_lifaddr_ioctl");
1664 		/* NOTREACHED */
1665 #else
1666 		return EOPNOTSUPP;
1667 #endif
1668 	}
1669 	if (sizeof(struct in6_addr) * 8 < iflr->prefixlen)
1670 		return EINVAL;
1671 
1672 	switch (cmd) {
1673 	case SIOCALIFADDR:
1674 	    {
1675 		struct in6_aliasreq ifra;
1676 		struct in6_addr *hostid = NULL;
1677 		int prefixlen;
1678 
1679 		ifa = NULL;
1680 		if ((iflr->flags & IFLR_PREFIX) != 0) {
1681 			struct sockaddr_in6 *sin6;
1682 
1683 			/*
1684 			 * hostid is to fill in the hostid part of the
1685 			 * address.  hostid points to the first link-local
1686 			 * address attached to the interface.
1687 			 */
1688 			ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0);
1689 			if (!ifa)
1690 				return EADDRNOTAVAIL;
1691 			hostid = IFA_IN6(ifa);
1692 
1693 			/* prefixlen must be <= 64. */
1694 			if (64 < iflr->prefixlen) {
1695 				if (ifa != NULL)
1696 					ifa_free(ifa);
1697 				return EINVAL;
1698 			}
1699 			prefixlen = iflr->prefixlen;
1700 
1701 			/* hostid part must be zero. */
1702 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
1703 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
1704 			    sin6->sin6_addr.s6_addr32[3] != 0) {
1705 				if (ifa != NULL)
1706 					ifa_free(ifa);
1707 				return EINVAL;
1708 			}
1709 		} else
1710 			prefixlen = iflr->prefixlen;
1711 
1712 		/* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */
1713 		bzero(&ifra, sizeof(ifra));
1714 		bcopy(iflr->iflr_name, ifra.ifra_name, sizeof(ifra.ifra_name));
1715 
1716 		bcopy(&iflr->addr, &ifra.ifra_addr,
1717 		    ((struct sockaddr *)&iflr->addr)->sa_len);
1718 		if (hostid) {
1719 			/* fill in hostid part */
1720 			ifra.ifra_addr.sin6_addr.s6_addr32[2] =
1721 			    hostid->s6_addr32[2];
1722 			ifra.ifra_addr.sin6_addr.s6_addr32[3] =
1723 			    hostid->s6_addr32[3];
1724 		}
1725 
1726 		if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /* XXX */
1727 			bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr,
1728 			    ((struct sockaddr *)&iflr->dstaddr)->sa_len);
1729 			if (hostid) {
1730 				ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] =
1731 				    hostid->s6_addr32[2];
1732 				ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] =
1733 				    hostid->s6_addr32[3];
1734 			}
1735 		}
1736 		if (ifa != NULL)
1737 			ifa_free(ifa);
1738 
1739 		ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
1740 		in6_prefixlen2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen);
1741 
1742 		ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX;
1743 		return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, td);
1744 	    }
1745 	case SIOCGLIFADDR:
1746 	case SIOCDLIFADDR:
1747 	    {
1748 		struct in6_ifaddr *ia;
1749 		struct in6_addr mask, candidate, match;
1750 		struct sockaddr_in6 *sin6;
1751 		int cmp;
1752 
1753 		bzero(&mask, sizeof(mask));
1754 		if (iflr->flags & IFLR_PREFIX) {
1755 			/* lookup a prefix rather than address. */
1756 			in6_prefixlen2mask(&mask, iflr->prefixlen);
1757 
1758 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
1759 			bcopy(&sin6->sin6_addr, &match, sizeof(match));
1760 			match.s6_addr32[0] &= mask.s6_addr32[0];
1761 			match.s6_addr32[1] &= mask.s6_addr32[1];
1762 			match.s6_addr32[2] &= mask.s6_addr32[2];
1763 			match.s6_addr32[3] &= mask.s6_addr32[3];
1764 
1765 			/* if you set extra bits, that's wrong */
1766 			if (bcmp(&match, &sin6->sin6_addr, sizeof(match)))
1767 				return EINVAL;
1768 
1769 			cmp = 1;
1770 		} else {
1771 			if (cmd == SIOCGLIFADDR) {
1772 				/* on getting an address, take the 1st match */
1773 				cmp = 0;	/* XXX */
1774 			} else {
1775 				/* on deleting an address, do exact match */
1776 				in6_prefixlen2mask(&mask, 128);
1777 				sin6 = (struct sockaddr_in6 *)&iflr->addr;
1778 				bcopy(&sin6->sin6_addr, &match, sizeof(match));
1779 
1780 				cmp = 1;
1781 			}
1782 		}
1783 
1784 		IF_ADDR_RLOCK(ifp);
1785 		TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1786 			if (ifa->ifa_addr->sa_family != AF_INET6)
1787 				continue;
1788 			if (!cmp)
1789 				break;
1790 
1791 			/*
1792 			 * XXX: this is adhoc, but is necessary to allow
1793 			 * a user to specify fe80::/64 (not /10) for a
1794 			 * link-local address.
1795 			 */
1796 			bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate));
1797 			in6_clearscope(&candidate);
1798 			candidate.s6_addr32[0] &= mask.s6_addr32[0];
1799 			candidate.s6_addr32[1] &= mask.s6_addr32[1];
1800 			candidate.s6_addr32[2] &= mask.s6_addr32[2];
1801 			candidate.s6_addr32[3] &= mask.s6_addr32[3];
1802 			if (IN6_ARE_ADDR_EQUAL(&candidate, &match))
1803 				break;
1804 		}
1805 		if (ifa != NULL)
1806 			ifa_ref(ifa);
1807 		IF_ADDR_RUNLOCK(ifp);
1808 		if (!ifa)
1809 			return EADDRNOTAVAIL;
1810 		ia = ifa2ia6(ifa);
1811 
1812 		if (cmd == SIOCGLIFADDR) {
1813 			int error;
1814 
1815 			/* fill in the if_laddrreq structure */
1816 			bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len);
1817 			error = sa6_recoverscope(
1818 			    (struct sockaddr_in6 *)&iflr->addr);
1819 			if (error != 0) {
1820 				ifa_free(ifa);
1821 				return (error);
1822 			}
1823 
1824 			if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
1825 				bcopy(&ia->ia_dstaddr, &iflr->dstaddr,
1826 				    ia->ia_dstaddr.sin6_len);
1827 				error = sa6_recoverscope(
1828 				    (struct sockaddr_in6 *)&iflr->dstaddr);
1829 				if (error != 0) {
1830 					ifa_free(ifa);
1831 					return (error);
1832 				}
1833 			} else
1834 				bzero(&iflr->dstaddr, sizeof(iflr->dstaddr));
1835 
1836 			iflr->prefixlen =
1837 			    in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1838 
1839 			iflr->flags = ia->ia6_flags;	/* XXX */
1840 			ifa_free(ifa);
1841 
1842 			return 0;
1843 		} else {
1844 			struct in6_aliasreq ifra;
1845 
1846 			/* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */
1847 			bzero(&ifra, sizeof(ifra));
1848 			bcopy(iflr->iflr_name, ifra.ifra_name,
1849 			    sizeof(ifra.ifra_name));
1850 
1851 			bcopy(&ia->ia_addr, &ifra.ifra_addr,
1852 			    ia->ia_addr.sin6_len);
1853 			if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
1854 				bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr,
1855 				    ia->ia_dstaddr.sin6_len);
1856 			} else {
1857 				bzero(&ifra.ifra_dstaddr,
1858 				    sizeof(ifra.ifra_dstaddr));
1859 			}
1860 			bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr,
1861 			    ia->ia_prefixmask.sin6_len);
1862 
1863 			ifra.ifra_flags = ia->ia6_flags;
1864 			ifa_free(ifa);
1865 			return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra,
1866 			    ifp, td);
1867 		}
1868 	    }
1869 	}
1870 
1871 	return EOPNOTSUPP;	/* just for safety */
1872 }
1873 
1874 /*
1875  * Initialize an interface's IPv6 address and routing table entry.
1876  */
1877 static int
1878 in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia,
1879     struct sockaddr_in6 *sin6, int newhost)
1880 {
1881 	int	error = 0, plen, ifacount = 0;
1882 	struct ifaddr *ifa;
1883 
1884 	/*
1885 	 * Give the interface a chance to initialize
1886 	 * if this is its first address,
1887 	 * and to validate the address if necessary.
1888 	 */
1889 	IF_ADDR_RLOCK(ifp);
1890 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1891 		if (ifa->ifa_addr->sa_family != AF_INET6)
1892 			continue;
1893 		ifacount++;
1894 	}
1895 	IF_ADDR_RUNLOCK(ifp);
1896 
1897 	ia->ia_addr = *sin6;
1898 
1899 	if (ifacount <= 1 && ifp->if_ioctl) {
1900 		error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia);
1901 		if (error)
1902 			return (error);
1903 	}
1904 
1905 	ia->ia_ifa.ifa_metric = ifp->if_metric;
1906 
1907 	/* we could do in(6)_socktrim here, but just omit it at this moment. */
1908 
1909 	/*
1910 	 * Special case:
1911 	 * If a new destination address is specified for a point-to-point
1912 	 * interface, install a route to the destination as an interface
1913 	 * direct route.
1914 	 * XXX: the logic below rejects assigning multiple addresses on a p2p
1915 	 * interface that share the same destination.
1916 	 */
1917 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1918 	if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 &&
1919 	    ia->ia_dstaddr.sin6_family == AF_INET6) {
1920 		int rtflags = RTF_UP | RTF_HOST;
1921 		error = rtinit(&ia->ia_ifa, RTM_ADD, ia->ia_flags | rtflags);
1922 		if (error)
1923 			return (error);
1924 		ia->ia_flags |= IFA_ROUTE;
1925 		/*
1926 		 * Handle the case for ::1 .
1927 		 */
1928 		if (ifp->if_flags & IFF_LOOPBACK)
1929 			ia->ia_flags |= IFA_RTSELF;
1930 	}
1931 
1932 	/*
1933 	 * add a loopback route to self
1934 	 */
1935 	if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) {
1936 		error = ifa_add_loopback_route((struct ifaddr *)ia,
1937 		    (struct sockaddr *)&ia->ia_addr);
1938 		if (error == 0)
1939 			ia->ia_flags |= IFA_RTSELF;
1940 	}
1941 
1942 	/* Add local address to lltable, if necessary (ex. on p2p link). */
1943 	if (newhost)
1944 		in6_ifaddloop(&(ia->ia_ifa));
1945 
1946 	return (error);
1947 }
1948 
1949 /*
1950  * Find an IPv6 interface link-local address specific to an interface.
1951  * ifaddr is returned referenced.
1952  */
1953 struct in6_ifaddr *
1954 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1955 {
1956 	struct ifaddr *ifa;
1957 
1958 	IF_ADDR_RLOCK(ifp);
1959 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1960 		if (ifa->ifa_addr->sa_family != AF_INET6)
1961 			continue;
1962 		if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1963 			if ((((struct in6_ifaddr *)ifa)->ia6_flags &
1964 			    ignoreflags) != 0)
1965 				continue;
1966 			ifa_ref(ifa);
1967 			break;
1968 		}
1969 	}
1970 	IF_ADDR_RUNLOCK(ifp);
1971 
1972 	return ((struct in6_ifaddr *)ifa);
1973 }
1974 
1975 
1976 /*
1977  * find the internet address corresponding to a given interface and address.
1978  * ifaddr is returned referenced.
1979  */
1980 struct in6_ifaddr *
1981 in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
1982 {
1983 	struct ifaddr *ifa;
1984 
1985 	IF_ADDR_RLOCK(ifp);
1986 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1987 		if (ifa->ifa_addr->sa_family != AF_INET6)
1988 			continue;
1989 		if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
1990 			ifa_ref(ifa);
1991 			break;
1992 		}
1993 	}
1994 	IF_ADDR_RUNLOCK(ifp);
1995 
1996 	return ((struct in6_ifaddr *)ifa);
1997 }
1998 
1999 /*
2000  * Find a link-local scoped address on ifp and return it if any.
2001  */
2002 struct in6_ifaddr *
2003 in6ifa_llaonifp(struct ifnet *ifp)
2004 {
2005 	struct sockaddr_in6 *sin6;
2006 	struct ifaddr *ifa;
2007 
2008 	if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)
2009 		return (NULL);
2010 	if_addr_rlock(ifp);
2011 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2012 		if (ifa->ifa_addr->sa_family != AF_INET6)
2013 			continue;
2014 		sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
2015 		if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
2016 		    IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr) ||
2017 		    IN6_IS_ADDR_MC_NODELOCAL(&sin6->sin6_addr))
2018 			break;
2019 	}
2020 	if_addr_runlock(ifp);
2021 
2022 	return ((struct in6_ifaddr *)ifa);
2023 }
2024 
2025 /*
2026  * Convert IP6 address to printable (loggable) representation. Caller
2027  * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long.
2028  */
2029 static char digits[] = "0123456789abcdef";
2030 char *
2031 ip6_sprintf(char *ip6buf, const struct in6_addr *addr)
2032 {
2033 	int i, cnt = 0, maxcnt = 0, idx = 0, index = 0;
2034 	char *cp;
2035 	const u_int16_t *a = (const u_int16_t *)addr;
2036 	const u_int8_t *d;
2037 	int dcolon = 0, zero = 0;
2038 
2039 	cp = ip6buf;
2040 
2041 	for (i = 0; i < 8; i++) {
2042 		if (*(a + i) == 0) {
2043 			cnt++;
2044 			if (cnt == 1)
2045 				idx = i;
2046 		}
2047 		else if (maxcnt < cnt) {
2048 			maxcnt = cnt;
2049 			index = idx;
2050 			cnt = 0;
2051 		}
2052 	}
2053 	if (maxcnt < cnt) {
2054 		maxcnt = cnt;
2055 		index = idx;
2056 	}
2057 
2058 	for (i = 0; i < 8; i++) {
2059 		if (dcolon == 1) {
2060 			if (*a == 0) {
2061 				if (i == 7)
2062 					*cp++ = ':';
2063 				a++;
2064 				continue;
2065 			} else
2066 				dcolon = 2;
2067 		}
2068 		if (*a == 0) {
2069 			if (dcolon == 0 && *(a + 1) == 0 && i == index) {
2070 				if (i == 0)
2071 					*cp++ = ':';
2072 				*cp++ = ':';
2073 				dcolon = 1;
2074 			} else {
2075 				*cp++ = '0';
2076 				*cp++ = ':';
2077 			}
2078 			a++;
2079 			continue;
2080 		}
2081 		d = (const u_char *)a;
2082 		/* Try to eliminate leading zeros in printout like in :0001. */
2083 		zero = 1;
2084 		*cp = digits[*d >> 4];
2085 		if (*cp != '0') {
2086 			zero = 0;
2087 			cp++;
2088 		}
2089 		*cp = digits[*d++ & 0xf];
2090 		if (zero == 0 || (*cp != '0')) {
2091 			zero = 0;
2092 			cp++;
2093 		}
2094 		*cp = digits[*d >> 4];
2095 		if (zero == 0 || (*cp != '0')) {
2096 			zero = 0;
2097 			cp++;
2098 		}
2099 		*cp++ = digits[*d & 0xf];
2100 		*cp++ = ':';
2101 		a++;
2102 	}
2103 	*--cp = '\0';
2104 	return (ip6buf);
2105 }
2106 
2107 int
2108 in6_localaddr(struct in6_addr *in6)
2109 {
2110 	struct in6_ifaddr *ia;
2111 
2112 	if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
2113 		return 1;
2114 
2115 	IN6_IFADDR_RLOCK();
2116 	TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
2117 		if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
2118 		    &ia->ia_prefixmask.sin6_addr)) {
2119 			IN6_IFADDR_RUNLOCK();
2120 			return 1;
2121 		}
2122 	}
2123 	IN6_IFADDR_RUNLOCK();
2124 
2125 	return (0);
2126 }
2127 
2128 /*
2129  * Return 1 if an internet address is for the local host and configured
2130  * on one of its interfaces.
2131  */
2132 int
2133 in6_localip(struct in6_addr *in6)
2134 {
2135 	struct in6_ifaddr *ia;
2136 
2137 	IN6_IFADDR_RLOCK();
2138 	LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) {
2139 		if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) {
2140 			IN6_IFADDR_RUNLOCK();
2141 			return (1);
2142 		}
2143 	}
2144 	IN6_IFADDR_RUNLOCK();
2145 	return (0);
2146 }
2147 
2148 int
2149 in6_is_addr_deprecated(struct sockaddr_in6 *sa6)
2150 {
2151 	struct in6_ifaddr *ia;
2152 
2153 	IN6_IFADDR_RLOCK();
2154 	LIST_FOREACH(ia, IN6ADDR_HASH(&sa6->sin6_addr), ia6_hash) {
2155 		if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), &sa6->sin6_addr)) {
2156 			if (ia->ia6_flags & IN6_IFF_DEPRECATED) {
2157 				IN6_IFADDR_RUNLOCK();
2158 				return (1); /* true */
2159 			}
2160 			break;
2161 		}
2162 	}
2163 	IN6_IFADDR_RUNLOCK();
2164 
2165 	return (0);		/* false */
2166 }
2167 
2168 /*
2169  * return length of part which dst and src are equal
2170  * hard coding...
2171  */
2172 int
2173 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
2174 {
2175 	int match = 0;
2176 	u_char *s = (u_char *)src, *d = (u_char *)dst;
2177 	u_char *lim = s + 16, r;
2178 
2179 	while (s < lim)
2180 		if ((r = (*d++ ^ *s++)) != 0) {
2181 			while (r < 128) {
2182 				match++;
2183 				r <<= 1;
2184 			}
2185 			break;
2186 		} else
2187 			match += 8;
2188 	return match;
2189 }
2190 
2191 /* XXX: to be scope conscious */
2192 int
2193 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len)
2194 {
2195 	int bytelen, bitlen;
2196 
2197 	/* sanity check */
2198 	if (0 > len || len > 128) {
2199 		log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n",
2200 		    len);
2201 		return (0);
2202 	}
2203 
2204 	bytelen = len / 8;
2205 	bitlen = len % 8;
2206 
2207 	if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
2208 		return (0);
2209 	if (bitlen != 0 &&
2210 	    p1->s6_addr[bytelen] >> (8 - bitlen) !=
2211 	    p2->s6_addr[bytelen] >> (8 - bitlen))
2212 		return (0);
2213 
2214 	return (1);
2215 }
2216 
2217 void
2218 in6_prefixlen2mask(struct in6_addr *maskp, int len)
2219 {
2220 	u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
2221 	int bytelen, bitlen, i;
2222 
2223 	/* sanity check */
2224 	if (0 > len || len > 128) {
2225 		log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
2226 		    len);
2227 		return;
2228 	}
2229 
2230 	bzero(maskp, sizeof(*maskp));
2231 	bytelen = len / 8;
2232 	bitlen = len % 8;
2233 	for (i = 0; i < bytelen; i++)
2234 		maskp->s6_addr[i] = 0xff;
2235 	if (bitlen)
2236 		maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
2237 }
2238 
2239 /*
2240  * return the best address out of the same scope. if no address was
2241  * found, return the first valid address from designated IF.
2242  */
2243 struct in6_ifaddr *
2244 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
2245 {
2246 	int dst_scope =	in6_addrscope(dst), blen = -1, tlen;
2247 	struct ifaddr *ifa;
2248 	struct in6_ifaddr *besta = 0;
2249 	struct in6_ifaddr *dep[2];	/* last-resort: deprecated */
2250 
2251 	dep[0] = dep[1] = NULL;
2252 
2253 	/*
2254 	 * We first look for addresses in the same scope.
2255 	 * If there is one, return it.
2256 	 * If two or more, return one which matches the dst longest.
2257 	 * If none, return one of global addresses assigned other ifs.
2258 	 */
2259 	IF_ADDR_RLOCK(ifp);
2260 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2261 		if (ifa->ifa_addr->sa_family != AF_INET6)
2262 			continue;
2263 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
2264 			continue; /* XXX: is there any case to allow anycast? */
2265 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
2266 			continue; /* don't use this interface */
2267 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
2268 			continue;
2269 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
2270 			if (V_ip6_use_deprecated)
2271 				dep[0] = (struct in6_ifaddr *)ifa;
2272 			continue;
2273 		}
2274 
2275 		if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
2276 			/*
2277 			 * call in6_matchlen() as few as possible
2278 			 */
2279 			if (besta) {
2280 				if (blen == -1)
2281 					blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst);
2282 				tlen = in6_matchlen(IFA_IN6(ifa), dst);
2283 				if (tlen > blen) {
2284 					blen = tlen;
2285 					besta = (struct in6_ifaddr *)ifa;
2286 				}
2287 			} else
2288 				besta = (struct in6_ifaddr *)ifa;
2289 		}
2290 	}
2291 	if (besta) {
2292 		ifa_ref(&besta->ia_ifa);
2293 		IF_ADDR_RUNLOCK(ifp);
2294 		return (besta);
2295 	}
2296 
2297 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2298 		if (ifa->ifa_addr->sa_family != AF_INET6)
2299 			continue;
2300 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
2301 			continue; /* XXX: is there any case to allow anycast? */
2302 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
2303 			continue; /* don't use this interface */
2304 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
2305 			continue;
2306 		if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
2307 			if (V_ip6_use_deprecated)
2308 				dep[1] = (struct in6_ifaddr *)ifa;
2309 			continue;
2310 		}
2311 
2312 		if (ifa != NULL)
2313 			ifa_ref(ifa);
2314 		IF_ADDR_RUNLOCK(ifp);
2315 		return (struct in6_ifaddr *)ifa;
2316 	}
2317 
2318 	/* use the last-resort values, that are, deprecated addresses */
2319 	if (dep[0]) {
2320 		ifa_ref((struct ifaddr *)dep[0]);
2321 		IF_ADDR_RUNLOCK(ifp);
2322 		return dep[0];
2323 	}
2324 	if (dep[1]) {
2325 		ifa_ref((struct ifaddr *)dep[1]);
2326 		IF_ADDR_RUNLOCK(ifp);
2327 		return dep[1];
2328 	}
2329 
2330 	IF_ADDR_RUNLOCK(ifp);
2331 	return NULL;
2332 }
2333 
2334 /*
2335  * perform DAD when interface becomes IFF_UP.
2336  */
2337 void
2338 in6_if_up(struct ifnet *ifp)
2339 {
2340 	struct ifaddr *ifa;
2341 	struct in6_ifaddr *ia;
2342 
2343 	IF_ADDR_RLOCK(ifp);
2344 	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2345 		if (ifa->ifa_addr->sa_family != AF_INET6)
2346 			continue;
2347 		ia = (struct in6_ifaddr *)ifa;
2348 		if (ia->ia6_flags & IN6_IFF_TENTATIVE) {
2349 			/*
2350 			 * The TENTATIVE flag was likely set by hand
2351 			 * beforehand, implicitly indicating the need for DAD.
2352 			 * We may be able to skip the random delay in this
2353 			 * case, but we impose delays just in case.
2354 			 */
2355 			nd6_dad_start(ifa,
2356 			    arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz));
2357 		}
2358 	}
2359 	IF_ADDR_RUNLOCK(ifp);
2360 
2361 	/*
2362 	 * special cases, like 6to4, are handled in in6_ifattach
2363 	 */
2364 	in6_ifattach(ifp, NULL);
2365 }
2366 
2367 int
2368 in6if_do_dad(struct ifnet *ifp)
2369 {
2370 	if ((ifp->if_flags & IFF_LOOPBACK) != 0)
2371 		return (0);
2372 
2373 	if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)
2374 		return (0);
2375 
2376 	switch (ifp->if_type) {
2377 #ifdef IFT_DUMMY
2378 	case IFT_DUMMY:
2379 #endif
2380 	case IFT_FAITH:
2381 		/*
2382 		 * These interfaces do not have the IFF_LOOPBACK flag,
2383 		 * but loop packets back.  We do not have to do DAD on such
2384 		 * interfaces.  We should even omit it, because loop-backed
2385 		 * NS would confuse the DAD procedure.
2386 		 */
2387 		return (0);
2388 	default:
2389 		/*
2390 		 * Our DAD routine requires the interface up and running.
2391 		 * However, some interfaces can be up before the RUNNING
2392 		 * status.  Additionaly, users may try to assign addresses
2393 		 * before the interface becomes up (or running).
2394 		 * We simply skip DAD in such a case as a work around.
2395 		 * XXX: we should rather mark "tentative" on such addresses,
2396 		 * and do DAD after the interface becomes ready.
2397 		 */
2398 		if (!((ifp->if_flags & IFF_UP) &&
2399 		    (ifp->if_drv_flags & IFF_DRV_RUNNING)))
2400 			return (0);
2401 
2402 		return (1);
2403 	}
2404 }
2405 
2406 /*
2407  * Calculate max IPv6 MTU through all the interfaces and store it
2408  * to in6_maxmtu.
2409  */
2410 void
2411 in6_setmaxmtu(void)
2412 {
2413 	unsigned long maxmtu = 0;
2414 	struct ifnet *ifp;
2415 
2416 	IFNET_RLOCK_NOSLEEP();
2417 	TAILQ_FOREACH(ifp, &V_ifnet, if_list) {
2418 		/* this function can be called during ifnet initialization */
2419 		if (!ifp->if_afdata[AF_INET6])
2420 			continue;
2421 		if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
2422 		    IN6_LINKMTU(ifp) > maxmtu)
2423 			maxmtu = IN6_LINKMTU(ifp);
2424 	}
2425 	IFNET_RUNLOCK_NOSLEEP();
2426 	if (maxmtu)	/* update only when maxmtu is positive */
2427 		V_in6_maxmtu = maxmtu;
2428 }
2429 
2430 /*
2431  * Provide the length of interface identifiers to be used for the link attached
2432  * to the given interface.  The length should be defined in "IPv6 over
2433  * xxx-link" document.  Note that address architecture might also define
2434  * the length for a particular set of address prefixes, regardless of the
2435  * link type.  As clarified in rfc2462bis, those two definitions should be
2436  * consistent, and those really are as of August 2004.
2437  */
2438 int
2439 in6_if2idlen(struct ifnet *ifp)
2440 {
2441 	switch (ifp->if_type) {
2442 	case IFT_ETHER:		/* RFC2464 */
2443 #ifdef IFT_PROPVIRTUAL
2444 	case IFT_PROPVIRTUAL:	/* XXX: no RFC. treat it as ether */
2445 #endif
2446 #ifdef IFT_L2VLAN
2447 	case IFT_L2VLAN:	/* ditto */
2448 #endif
2449 #ifdef IFT_IEEE80211
2450 	case IFT_IEEE80211:	/* ditto */
2451 #endif
2452 #ifdef IFT_MIP
2453 	case IFT_MIP:	/* ditto */
2454 #endif
2455 	case IFT_INFINIBAND:
2456 		return (64);
2457 	case IFT_FDDI:		/* RFC2467 */
2458 		return (64);
2459 	case IFT_ISO88025:	/* RFC2470 (IPv6 over Token Ring) */
2460 		return (64);
2461 	case IFT_PPP:		/* RFC2472 */
2462 		return (64);
2463 	case IFT_ARCNET:	/* RFC2497 */
2464 		return (64);
2465 	case IFT_FRELAY:	/* RFC2590 */
2466 		return (64);
2467 	case IFT_IEEE1394:	/* RFC3146 */
2468 		return (64);
2469 	case IFT_GIF:
2470 		return (64);	/* draft-ietf-v6ops-mech-v2-07 */
2471 	case IFT_LOOP:
2472 		return (64);	/* XXX: is this really correct? */
2473 	default:
2474 		/*
2475 		 * Unknown link type:
2476 		 * It might be controversial to use the today's common constant
2477 		 * of 64 for these cases unconditionally.  For full compliance,
2478 		 * we should return an error in this case.  On the other hand,
2479 		 * if we simply miss the standard for the link type or a new
2480 		 * standard is defined for a new link type, the IFID length
2481 		 * is very likely to be the common constant.  As a compromise,
2482 		 * we always use the constant, but make an explicit notice
2483 		 * indicating the "unknown" case.
2484 		 */
2485 		printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type);
2486 		return (64);
2487 	}
2488 }
2489 
2490 #include <sys/sysctl.h>
2491 
2492 struct in6_llentry {
2493 	struct llentry		base;
2494 	struct sockaddr_in6	l3_addr6;
2495 };
2496 
2497 /*
2498  * Deletes an address from the address table.
2499  * This function is called by the timer functions
2500  * such as arptimer() and nd6_llinfo_timer(), and
2501  * the caller does the locking.
2502  */
2503 static void
2504 in6_lltable_free(struct lltable *llt, struct llentry *lle)
2505 {
2506 	LLE_WUNLOCK(lle);
2507 	LLE_LOCK_DESTROY(lle);
2508 	free(lle, M_LLTABLE);
2509 }
2510 
2511 static struct llentry *
2512 in6_lltable_new(const struct sockaddr *l3addr, u_int flags)
2513 {
2514 	struct in6_llentry *lle;
2515 
2516 	lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
2517 	if (lle == NULL)		/* NB: caller generates msg */
2518 		return NULL;
2519 
2520 	lle->l3_addr6 = *(const struct sockaddr_in6 *)l3addr;
2521 	lle->base.lle_refcnt = 1;
2522 	lle->base.lle_free = in6_lltable_free;
2523 	LLE_LOCK_INIT(&lle->base);
2524 	callout_init_rw(&lle->base.ln_timer_ch, &lle->base.lle_lock,
2525 	    CALLOUT_RETURNUNLOCKED);
2526 
2527 	return (&lle->base);
2528 }
2529 
2530 static void
2531 in6_lltable_prefix_free(struct lltable *llt, const struct sockaddr *prefix,
2532     const struct sockaddr *mask, u_int flags)
2533 {
2534 	const struct sockaddr_in6 *pfx = (const struct sockaddr_in6 *)prefix;
2535 	const struct sockaddr_in6 *msk = (const struct sockaddr_in6 *)mask;
2536 	struct llentry *lle, *next;
2537 	int i;
2538 
2539 	/*
2540 	 * (flags & LLE_STATIC) means deleting all entries
2541 	 * including static ND6 entries.
2542 	 */
2543 	IF_AFDATA_WLOCK(llt->llt_ifp);
2544 	for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) {
2545 		LIST_FOREACH_SAFE(lle, &llt->lle_head[i], lle_next, next) {
2546 			if (IN6_ARE_MASKED_ADDR_EQUAL(
2547 			    &satosin6(L3_ADDR(lle))->sin6_addr,
2548 			    &pfx->sin6_addr, &msk->sin6_addr) &&
2549 			    ((flags & LLE_STATIC) ||
2550 			    !(lle->la_flags & LLE_STATIC))) {
2551 				LLE_WLOCK(lle);
2552 				if (callout_stop(&lle->la_timer))
2553 					LLE_REMREF(lle);
2554 				llentry_free(lle);
2555 			}
2556 		}
2557 	}
2558 	IF_AFDATA_WUNLOCK(llt->llt_ifp);
2559 }
2560 
2561 static int
2562 in6_lltable_rtcheck(struct ifnet *ifp,
2563 		    u_int flags,
2564 		    const struct sockaddr *l3addr)
2565 {
2566 	struct rtentry *rt;
2567 	char ip6buf[INET6_ADDRSTRLEN];
2568 
2569 	KASSERT(l3addr->sa_family == AF_INET6,
2570 	    ("sin_family %d", l3addr->sa_family));
2571 
2572 	/* Our local addresses are always only installed on the default FIB. */
2573 	/* XXX rtalloc1 should take a const param */
2574 	rt = in6_rtalloc1(__DECONST(struct sockaddr *, l3addr), 0, 0,
2575 	    RT_DEFAULT_FIB);
2576 	if (rt == NULL || (rt->rt_flags & RTF_GATEWAY) || rt->rt_ifp != ifp) {
2577 		struct ifaddr *ifa;
2578 		/*
2579 		 * Create an ND6 cache for an IPv6 neighbor
2580 		 * that is not covered by our own prefix.
2581 		 */
2582 		/* XXX ifaof_ifpforaddr should take a const param */
2583 		ifa = ifaof_ifpforaddr(__DECONST(struct sockaddr *, l3addr), ifp);
2584 		if (ifa != NULL) {
2585 			ifa_free(ifa);
2586 			if (rt != NULL)
2587 				RTFREE_LOCKED(rt);
2588 			return 0;
2589 		}
2590 		log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
2591 		    ip6_sprintf(ip6buf, &((const struct sockaddr_in6 *)l3addr)->sin6_addr));
2592 		if (rt != NULL)
2593 			RTFREE_LOCKED(rt);
2594 		return EINVAL;
2595 	}
2596 	RTFREE_LOCKED(rt);
2597 	return 0;
2598 }
2599 
2600 static struct llentry *
2601 in6_lltable_lookup(struct lltable *llt, u_int flags,
2602 	const struct sockaddr *l3addr)
2603 {
2604 	const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr;
2605 	struct ifnet *ifp = llt->llt_ifp;
2606 	struct llentry *lle;
2607 	struct llentries *lleh;
2608 	u_int hashkey;
2609 
2610 	IF_AFDATA_LOCK_ASSERT(ifp);
2611 	KASSERT(l3addr->sa_family == AF_INET6,
2612 	    ("sin_family %d", l3addr->sa_family));
2613 
2614 	hashkey = sin6->sin6_addr.s6_addr32[3];
2615 	lleh = &llt->lle_head[LLATBL_HASH(hashkey, LLTBL_HASHMASK)];
2616 	LIST_FOREACH(lle, lleh, lle_next) {
2617 		struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)L3_ADDR(lle);
2618 		if (lle->la_flags & LLE_DELETED)
2619 			continue;
2620 		if (bcmp(&sa6->sin6_addr, &sin6->sin6_addr,
2621 		    sizeof(struct in6_addr)) == 0)
2622 			break;
2623 	}
2624 
2625 	if (lle == NULL) {
2626 		if (!(flags & LLE_CREATE))
2627 			return (NULL);
2628 		/*
2629 		 * A route that covers the given address must have
2630 		 * been installed 1st because we are doing a resolution,
2631 		 * verify this.
2632 		 */
2633 		if (!(flags & LLE_IFADDR) &&
2634 		    in6_lltable_rtcheck(ifp, flags, l3addr) != 0)
2635 			return NULL;
2636 
2637 		lle = in6_lltable_new(l3addr, flags);
2638 		if (lle == NULL) {
2639 			log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
2640 			return NULL;
2641 		}
2642 		lle->la_flags = flags & ~LLE_CREATE;
2643 		if ((flags & (LLE_CREATE | LLE_IFADDR)) == (LLE_CREATE | LLE_IFADDR)) {
2644 			bcopy(IF_LLADDR(ifp), &lle->ll_addr, ifp->if_addrlen);
2645 			lle->la_flags |= (LLE_VALID | LLE_STATIC);
2646 		}
2647 
2648 		lle->lle_tbl  = llt;
2649 		lle->lle_head = lleh;
2650 		lle->la_flags |= LLE_LINKED;
2651 		LIST_INSERT_HEAD(lleh, lle, lle_next);
2652 	} else if (flags & LLE_DELETE) {
2653 		if (!(lle->la_flags & LLE_IFADDR) || (flags & LLE_IFADDR)) {
2654 			LLE_WLOCK(lle);
2655 			lle->la_flags |= LLE_DELETED;
2656 #ifdef DIAGNOSTIC
2657 			log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
2658 #endif
2659 			if ((lle->la_flags &
2660 			    (LLE_STATIC | LLE_IFADDR)) == LLE_STATIC)
2661 				llentry_free(lle);
2662 			else
2663 				LLE_WUNLOCK(lle);
2664 		}
2665 		lle = (void *)-1;
2666 	}
2667 	if (LLE_IS_VALID(lle)) {
2668 		if (flags & LLE_EXCLUSIVE)
2669 			LLE_WLOCK(lle);
2670 		else
2671 			LLE_RLOCK(lle);
2672 	}
2673 	return (lle);
2674 }
2675 
2676 static int
2677 in6_lltable_dump(struct lltable *llt, struct sysctl_req *wr)
2678 {
2679 	struct ifnet *ifp = llt->llt_ifp;
2680 	struct llentry *lle;
2681 	/* XXX stack use */
2682 	struct {
2683 		struct rt_msghdr	rtm;
2684 		struct sockaddr_in6	sin6;
2685 		/*
2686 		 * ndp.c assumes that sdl is word aligned
2687 		 */
2688 #ifdef __LP64__
2689 		uint32_t		pad;
2690 #endif
2691 		struct sockaddr_dl	sdl;
2692 	} ndpc;
2693 	int i, error;
2694 
2695 	if (ifp->if_flags & IFF_LOOPBACK)
2696 		return 0;
2697 
2698 	LLTABLE_LOCK_ASSERT();
2699 
2700 	error = 0;
2701 	for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) {
2702 		LIST_FOREACH(lle, &llt->lle_head[i], lle_next) {
2703 			struct sockaddr_dl *sdl;
2704 
2705 			/* skip deleted or invalid entries */
2706 			if ((lle->la_flags & (LLE_DELETED|LLE_VALID)) != LLE_VALID)
2707 				continue;
2708 			/* Skip if jailed and not a valid IP of the prison. */
2709 			if (prison_if(wr->td->td_ucred, L3_ADDR(lle)) != 0)
2710 				continue;
2711 			/*
2712 			 * produce a msg made of:
2713 			 *  struct rt_msghdr;
2714 			 *  struct sockaddr_in6 (IPv6)
2715 			 *  struct sockaddr_dl;
2716 			 */
2717 			bzero(&ndpc, sizeof(ndpc));
2718 			ndpc.rtm.rtm_msglen = sizeof(ndpc);
2719 			ndpc.rtm.rtm_version = RTM_VERSION;
2720 			ndpc.rtm.rtm_type = RTM_GET;
2721 			ndpc.rtm.rtm_flags = RTF_UP;
2722 			ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
2723 			ndpc.sin6.sin6_family = AF_INET6;
2724 			ndpc.sin6.sin6_len = sizeof(ndpc.sin6);
2725 			bcopy(L3_ADDR(lle), &ndpc.sin6, L3_ADDR_LEN(lle));
2726 			if (V_deembed_scopeid)
2727 				sa6_recoverscope(&ndpc.sin6);
2728 
2729 			/* publish */
2730 			if (lle->la_flags & LLE_PUB)
2731 				ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
2732 
2733 			sdl = &ndpc.sdl;
2734 			sdl->sdl_family = AF_LINK;
2735 			sdl->sdl_len = sizeof(*sdl);
2736 			sdl->sdl_alen = ifp->if_addrlen;
2737 			sdl->sdl_index = ifp->if_index;
2738 			sdl->sdl_type = ifp->if_type;
2739 			bcopy(&lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
2740 			ndpc.rtm.rtm_rmx.rmx_expire =
2741 			    lle->la_flags & LLE_STATIC ? 0 : lle->la_expire;
2742 			ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
2743 			if (lle->la_flags & LLE_STATIC)
2744 				ndpc.rtm.rtm_flags |= RTF_STATIC;
2745 			ndpc.rtm.rtm_index = ifp->if_index;
2746 			error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
2747 			if (error)
2748 				break;
2749 		}
2750 	}
2751 	return error;
2752 }
2753 
2754 void *
2755 in6_domifattach(struct ifnet *ifp)
2756 {
2757 	struct in6_ifextra *ext;
2758 
2759 	/* There are not IPv6-capable interfaces. */
2760 	switch (ifp->if_type) {
2761 	case IFT_PFLOG:
2762 	case IFT_PFSYNC:
2763 	case IFT_USB:
2764 		return (NULL);
2765 	}
2766 	ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK);
2767 	bzero(ext, sizeof(*ext));
2768 
2769 	ext->in6_ifstat = malloc(sizeof(counter_u64_t) *
2770 	    sizeof(struct in6_ifstat) / sizeof(uint64_t), M_IFADDR, M_WAITOK);
2771 	COUNTER_ARRAY_ALLOC(ext->in6_ifstat,
2772 	    sizeof(struct in6_ifstat) / sizeof(uint64_t), M_WAITOK);
2773 
2774 	ext->icmp6_ifstat = malloc(sizeof(counter_u64_t) *
2775 	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_IFADDR,
2776 	    M_WAITOK);
2777 	COUNTER_ARRAY_ALLOC(ext->icmp6_ifstat,
2778 	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_WAITOK);
2779 
2780 	ext->nd_ifinfo = nd6_ifattach(ifp);
2781 	ext->scope6_id = scope6_ifattach(ifp);
2782 	ext->lltable = lltable_init(ifp, AF_INET6);
2783 	if (ext->lltable != NULL) {
2784 		ext->lltable->llt_prefix_free = in6_lltable_prefix_free;
2785 		ext->lltable->llt_lookup = in6_lltable_lookup;
2786 		ext->lltable->llt_dump = in6_lltable_dump;
2787 	}
2788 
2789 	ext->mld_ifinfo = mld_domifattach(ifp);
2790 
2791 	return ext;
2792 }
2793 
2794 void
2795 in6_domifdetach(struct ifnet *ifp, void *aux)
2796 {
2797 	struct in6_ifextra *ext = (struct in6_ifextra *)aux;
2798 
2799 	mld_domifdetach(ifp);
2800 	scope6_ifdetach(ext->scope6_id);
2801 	nd6_ifdetach(ext->nd_ifinfo);
2802 	lltable_free(ext->lltable);
2803 	COUNTER_ARRAY_FREE(ext->in6_ifstat,
2804 	    sizeof(struct in6_ifstat) / sizeof(uint64_t));
2805 	free(ext->in6_ifstat, M_IFADDR);
2806 	COUNTER_ARRAY_FREE(ext->icmp6_ifstat,
2807 	    sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
2808 	free(ext->icmp6_ifstat, M_IFADDR);
2809 	free(ext, M_IFADDR);
2810 }
2811 
2812 /*
2813  * Convert sockaddr_in6 to sockaddr_in.  Original sockaddr_in6 must be
2814  * v4 mapped addr or v4 compat addr
2815  */
2816 void
2817 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2818 {
2819 
2820 	bzero(sin, sizeof(*sin));
2821 	sin->sin_len = sizeof(struct sockaddr_in);
2822 	sin->sin_family = AF_INET;
2823 	sin->sin_port = sin6->sin6_port;
2824 	sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
2825 }
2826 
2827 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
2828 void
2829 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2830 {
2831 	bzero(sin6, sizeof(*sin6));
2832 	sin6->sin6_len = sizeof(struct sockaddr_in6);
2833 	sin6->sin6_family = AF_INET6;
2834 	sin6->sin6_port = sin->sin_port;
2835 	sin6->sin6_addr.s6_addr32[0] = 0;
2836 	sin6->sin6_addr.s6_addr32[1] = 0;
2837 	sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
2838 	sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
2839 }
2840 
2841 /* Convert sockaddr_in6 into sockaddr_in. */
2842 void
2843 in6_sin6_2_sin_in_sock(struct sockaddr *nam)
2844 {
2845 	struct sockaddr_in *sin_p;
2846 	struct sockaddr_in6 sin6;
2847 
2848 	/*
2849 	 * Save original sockaddr_in6 addr and convert it
2850 	 * to sockaddr_in.
2851 	 */
2852 	sin6 = *(struct sockaddr_in6 *)nam;
2853 	sin_p = (struct sockaddr_in *)nam;
2854 	in6_sin6_2_sin(sin_p, &sin6);
2855 }
2856 
2857 /* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
2858 void
2859 in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
2860 {
2861 	struct sockaddr_in *sin_p;
2862 	struct sockaddr_in6 *sin6_p;
2863 
2864 	sin6_p = malloc(sizeof *sin6_p, M_SONAME, M_WAITOK);
2865 	sin_p = (struct sockaddr_in *)*nam;
2866 	in6_sin_2_v4mapsin6(sin_p, sin6_p);
2867 	free(*nam, M_SONAME);
2868 	*nam = (struct sockaddr *)sin6_p;
2869 }
2870