xref: /freebsd/sys/netinet6/in6_src.c (revision 39ee7a7a6bdd1557b1c3532abf60d139798ac88b)
1 /*-
2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the project nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	$KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30  */
31 
32 /*-
33  * Copyright (c) 1982, 1986, 1991, 1993
34  *	The Regents of the University of California.  All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  * 4. Neither the name of the University nor the names of its contributors
45  *    may be used to endorse or promote products derived from this software
46  *    without specific prior written permission.
47  *
48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58  * SUCH DAMAGE.
59  *
60  *	@(#)in_pcb.c	8.2 (Berkeley) 1/4/94
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68 #include "opt_mpath.h"
69 
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/lock.h>
73 #include <sys/malloc.h>
74 #include <sys/mbuf.h>
75 #include <sys/priv.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/sockio.h>
80 #include <sys/sysctl.h>
81 #include <sys/errno.h>
82 #include <sys/time.h>
83 #include <sys/jail.h>
84 #include <sys/kernel.h>
85 #include <sys/rmlock.h>
86 #include <sys/sx.h>
87 
88 #include <net/if.h>
89 #include <net/if_var.h>
90 #include <net/if_dl.h>
91 #include <net/route.h>
92 #include <net/if_llatbl.h>
93 #ifdef RADIX_MPATH
94 #include <net/radix_mpath.h>
95 #endif
96 
97 #include <netinet/in.h>
98 #include <netinet/in_var.h>
99 #include <netinet/in_systm.h>
100 #include <netinet/ip.h>
101 #include <netinet/in_pcb.h>
102 #include <netinet/ip_var.h>
103 #include <netinet/udp.h>
104 #include <netinet/udp_var.h>
105 
106 #include <netinet6/in6_var.h>
107 #include <netinet/ip6.h>
108 #include <netinet6/in6_pcb.h>
109 #include <netinet6/ip6_var.h>
110 #include <netinet6/scope6_var.h>
111 #include <netinet6/nd6.h>
112 
113 static struct mtx addrsel_lock;
114 #define	ADDRSEL_LOCK_INIT()	mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
115 #define	ADDRSEL_LOCK()		mtx_lock(&addrsel_lock)
116 #define	ADDRSEL_UNLOCK()	mtx_unlock(&addrsel_lock)
117 #define	ADDRSEL_LOCK_ASSERT()	mtx_assert(&addrsel_lock, MA_OWNED)
118 
119 static struct sx addrsel_sxlock;
120 #define	ADDRSEL_SXLOCK_INIT()	sx_init(&addrsel_sxlock, "addrsel_sxlock")
121 #define	ADDRSEL_SLOCK()		sx_slock(&addrsel_sxlock)
122 #define	ADDRSEL_SUNLOCK()	sx_sunlock(&addrsel_sxlock)
123 #define	ADDRSEL_XLOCK()		sx_xlock(&addrsel_sxlock)
124 #define	ADDRSEL_XUNLOCK()	sx_xunlock(&addrsel_sxlock)
125 
126 #define ADDR_LABEL_NOTAPP (-1)
127 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
128 #define	V_defaultaddrpolicy		VNET(defaultaddrpolicy)
129 
130 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
131 
132 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
133 	struct ip6_moptions *, struct route_in6 *, struct ifnet **,
134 	struct rtentry **, int, u_int);
135 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
136 	struct ip6_moptions *, struct route_in6 *ro, struct ifnet **,
137 	struct ifnet *, u_int);
138 
139 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
140 
141 static void init_policy_queue(void);
142 static int add_addrsel_policyent(struct in6_addrpolicy *);
143 static int delete_addrsel_policyent(struct in6_addrpolicy *);
144 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
145 	void *);
146 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
147 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
148 
149 /*
150  * Return an IPv6 address, which is the most appropriate for a given
151  * destination and user specified options.
152  * If necessary, this function lookups the routing table and returns
153  * an entry to the caller for later use.
154  */
155 #define REPLACE(r) do {\
156 	IP6STAT_INC(ip6s_sources_rule[(r)]); \
157 	rule = (r);	\
158 	/* { \
159 	char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
160 	printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
161 	} */ \
162 	goto replace; \
163 } while(0)
164 #define NEXT(r) do {\
165 	/* { \
166 	char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
167 	printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
168 	} */ \
169 	goto next;		/* XXX: we can't use 'continue' here */ \
170 } while(0)
171 #define BREAK(r) do { \
172 	IP6STAT_INC(ip6s_sources_rule[(r)]); \
173 	rule = (r);	\
174 	goto out;		/* XXX: we can't use 'break' here */ \
175 } while(0)
176 
177 int
178 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
179     struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
180     struct ifnet **ifpp, struct in6_addr *srcp)
181 {
182 	struct rm_priotracker in6_ifa_tracker;
183 	struct in6_addr dst, tmp;
184 	struct ifnet *ifp = NULL, *oifp = NULL;
185 	struct in6_ifaddr *ia = NULL, *ia_best = NULL;
186 	struct in6_pktinfo *pi = NULL;
187 	int dst_scope = -1, best_scope = -1, best_matchlen = -1;
188 	struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
189 	u_int32_t odstzone;
190 	int prefer_tempaddr;
191 	int error, rule;
192 	struct ip6_moptions *mopts;
193 
194 	KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
195 
196 	dst = dstsock->sin6_addr; /* make a copy for local operation */
197 	if (ifpp) {
198 		/*
199 		 * Save a possibly passed in ifp for in6_selectsrc. Only
200 		 * neighbor discovery code should use this feature, where
201 		 * we may know the interface but not the FIB number holding
202 		 * the connected subnet in case someone deleted it from the
203 		 * default FIB and we need to check the interface.
204 		 */
205 		if (*ifpp != NULL)
206 			oifp = *ifpp;
207 		*ifpp = NULL;
208 	}
209 
210 	if (inp != NULL) {
211 		INP_LOCK_ASSERT(inp);
212 		mopts = inp->in6p_moptions;
213 	} else {
214 		mopts = NULL;
215 	}
216 
217 	/*
218 	 * If the source address is explicitly specified by the caller,
219 	 * check if the requested source address is indeed a unicast address
220 	 * assigned to the node, and can be used as the packet's source
221 	 * address.  If everything is okay, use the address as source.
222 	 */
223 	if (opts && (pi = opts->ip6po_pktinfo) &&
224 	    !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
225 		struct sockaddr_in6 srcsock;
226 		struct in6_ifaddr *ia6;
227 
228 		/* get the outgoing interface */
229 		if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
230 		    (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
231 		    != 0)
232 			return (error);
233 
234 		/*
235 		 * determine the appropriate zone id of the source based on
236 		 * the zone of the destination and the outgoing interface.
237 		 * If the specified address is ambiguous wrt the scope zone,
238 		 * the interface must be specified; otherwise, ifa_ifwithaddr()
239 		 * will fail matching the address.
240 		 */
241 		bzero(&srcsock, sizeof(srcsock));
242 		srcsock.sin6_family = AF_INET6;
243 		srcsock.sin6_len = sizeof(srcsock);
244 		srcsock.sin6_addr = pi->ipi6_addr;
245 		if (ifp) {
246 			error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
247 			if (error)
248 				return (error);
249 		}
250 		if (cred != NULL && (error = prison_local_ip6(cred,
251 		    &srcsock.sin6_addr, (inp != NULL &&
252 		    (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
253 			return (error);
254 
255 		ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
256 		    (struct sockaddr *)&srcsock);
257 		if (ia6 == NULL ||
258 		    (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
259 			if (ia6 != NULL)
260 				ifa_free(&ia6->ia_ifa);
261 			return (EADDRNOTAVAIL);
262 		}
263 		pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
264 		if (ifpp)
265 			*ifpp = ifp;
266 		bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
267 		ifa_free(&ia6->ia_ifa);
268 		return (0);
269 	}
270 
271 	/*
272 	 * Otherwise, if the socket has already bound the source, just use it.
273 	 */
274 	if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
275 		if (cred != NULL &&
276 		    (error = prison_local_ip6(cred, &inp->in6p_laddr,
277 		    ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
278 			return (error);
279 		bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
280 		return (0);
281 	}
282 
283 	/*
284 	 * Bypass source address selection and use the primary jail IP
285 	 * if requested.
286 	 */
287 	if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
288 		return (0);
289 
290 	/*
291 	 * If the address is not specified, choose the best one based on
292 	 * the outgoing interface and the destination address.
293 	 */
294 	/* get the outgoing interface */
295 	if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
296 	    (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
297 		return (error);
298 
299 #ifdef DIAGNOSTIC
300 	if (ifp == NULL)	/* this should not happen */
301 		panic("in6_selectsrc: NULL ifp");
302 #endif
303 	error = in6_setscope(&dst, ifp, &odstzone);
304 	if (error)
305 		return (error);
306 
307 	rule = 0;
308 	IN6_IFADDR_RLOCK(&in6_ifa_tracker);
309 	TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
310 		int new_scope = -1, new_matchlen = -1;
311 		struct in6_addrpolicy *new_policy = NULL;
312 		u_int32_t srczone, osrczone, dstzone;
313 		struct in6_addr src;
314 		struct ifnet *ifp1 = ia->ia_ifp;
315 
316 		/*
317 		 * We'll never take an address that breaks the scope zone
318 		 * of the destination.  We also skip an address if its zone
319 		 * does not contain the outgoing interface.
320 		 * XXX: we should probably use sin6_scope_id here.
321 		 */
322 		if (in6_setscope(&dst, ifp1, &dstzone) ||
323 		    odstzone != dstzone) {
324 			continue;
325 		}
326 		src = ia->ia_addr.sin6_addr;
327 		if (in6_setscope(&src, ifp, &osrczone) ||
328 		    in6_setscope(&src, ifp1, &srczone) ||
329 		    osrczone != srczone) {
330 			continue;
331 		}
332 
333 		/* avoid unusable addresses */
334 		if ((ia->ia6_flags &
335 		     (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
336 				continue;
337 		}
338 		if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
339 			continue;
340 
341 		/* If jailed only take addresses of the jail into account. */
342 		if (cred != NULL &&
343 		    prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
344 			continue;
345 
346 		/* Rule 1: Prefer same address */
347 		if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
348 			ia_best = ia;
349 			BREAK(1); /* there should be no better candidate */
350 		}
351 
352 		if (ia_best == NULL)
353 			REPLACE(0);
354 
355 		/* Rule 2: Prefer appropriate scope */
356 		if (dst_scope < 0)
357 			dst_scope = in6_addrscope(&dst);
358 		new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
359 		if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
360 			if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
361 				REPLACE(2);
362 			NEXT(2);
363 		} else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
364 			if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
365 				NEXT(2);
366 			REPLACE(2);
367 		}
368 
369 		/*
370 		 * Rule 3: Avoid deprecated addresses.  Note that the case of
371 		 * !ip6_use_deprecated is already rejected above.
372 		 */
373 		if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
374 			NEXT(3);
375 		if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
376 			REPLACE(3);
377 
378 		/* Rule 4: Prefer home addresses */
379 		/*
380 		 * XXX: This is a TODO.  We should probably merge the MIP6
381 		 * case above.
382 		 */
383 
384 		/* Rule 5: Prefer outgoing interface */
385 		if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
386 			if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
387 				NEXT(5);
388 			if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
389 				REPLACE(5);
390 		}
391 
392 		/*
393 		 * Rule 6: Prefer matching label
394 		 * Note that best_policy should be non-NULL here.
395 		 */
396 		if (dst_policy == NULL)
397 			dst_policy = lookup_addrsel_policy(dstsock);
398 		if (dst_policy->label != ADDR_LABEL_NOTAPP) {
399 			new_policy = lookup_addrsel_policy(&ia->ia_addr);
400 			if (dst_policy->label == best_policy->label &&
401 			    dst_policy->label != new_policy->label)
402 				NEXT(6);
403 			if (dst_policy->label != best_policy->label &&
404 			    dst_policy->label == new_policy->label)
405 				REPLACE(6);
406 		}
407 
408 		/*
409 		 * Rule 7: Prefer public addresses.
410 		 * We allow users to reverse the logic by configuring
411 		 * a sysctl variable, so that privacy conscious users can
412 		 * always prefer temporary addresses.
413 		 */
414 		if (opts == NULL ||
415 		    opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
416 			prefer_tempaddr = V_ip6_prefer_tempaddr;
417 		} else if (opts->ip6po_prefer_tempaddr ==
418 		    IP6PO_TEMPADDR_NOTPREFER) {
419 			prefer_tempaddr = 0;
420 		} else
421 			prefer_tempaddr = 1;
422 		if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
423 		    (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
424 			if (prefer_tempaddr)
425 				REPLACE(7);
426 			else
427 				NEXT(7);
428 		}
429 		if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
430 		    !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
431 			if (prefer_tempaddr)
432 				NEXT(7);
433 			else
434 				REPLACE(7);
435 		}
436 
437 		/*
438 		 * Rule 8: prefer addresses on alive interfaces.
439 		 * This is a KAME specific rule.
440 		 */
441 		if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
442 		    !(ia->ia_ifp->if_flags & IFF_UP))
443 			NEXT(8);
444 		if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
445 		    (ia->ia_ifp->if_flags & IFF_UP))
446 			REPLACE(8);
447 
448 		/*
449 		 * Rule 9: prefer address with better virtual status.
450 		 */
451 		if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa))
452 			REPLACE(9);
453 		if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa))
454 			NEXT(9);
455 
456 		/*
457 		 * Rule 10: prefer address with `prefer_source' flag.
458 		 */
459 		if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 &&
460 		    (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0)
461 			REPLACE(10);
462 		if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 &&
463 		    (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0)
464 			NEXT(10);
465 
466 		/*
467 		 * Rule 14: Use longest matching prefix.
468 		 * Note: in the address selection draft, this rule is
469 		 * documented as "Rule 8".  However, since it is also
470 		 * documented that this rule can be overridden, we assign
471 		 * a large number so that it is easy to assign smaller numbers
472 		 * to more preferred rules.
473 		 */
474 		new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
475 		if (best_matchlen < new_matchlen)
476 			REPLACE(14);
477 		if (new_matchlen < best_matchlen)
478 			NEXT(14);
479 
480 		/* Rule 15 is reserved. */
481 
482 		/*
483 		 * Last resort: just keep the current candidate.
484 		 * Or, do we need more rules?
485 		 */
486 		continue;
487 
488 	  replace:
489 		ia_best = ia;
490 		best_scope = (new_scope >= 0 ? new_scope :
491 			      in6_addrscope(&ia_best->ia_addr.sin6_addr));
492 		best_policy = (new_policy ? new_policy :
493 			       lookup_addrsel_policy(&ia_best->ia_addr));
494 		best_matchlen = (new_matchlen >= 0 ? new_matchlen :
495 				 in6_matchlen(&ia_best->ia_addr.sin6_addr,
496 					      &dst));
497 
498 	  next:
499 		continue;
500 
501 	  out:
502 		break;
503 	}
504 
505 	if ((ia = ia_best) == NULL) {
506 		IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
507 		IP6STAT_INC(ip6s_sources_none);
508 		return (EADDRNOTAVAIL);
509 	}
510 
511 	/*
512 	 * At this point at least one of the addresses belonged to the jail
513 	 * but it could still be, that we want to further restrict it, e.g.
514 	 * theoratically IN6_IS_ADDR_LOOPBACK.
515 	 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
516 	 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
517 	 * let all others previously selected pass.
518 	 * Use tmp to not change ::1 on lo0 to the primary jail address.
519 	 */
520 	tmp = ia->ia_addr.sin6_addr;
521 	if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
522 	    (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
523 		IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
524 		IP6STAT_INC(ip6s_sources_none);
525 		return (EADDRNOTAVAIL);
526 	}
527 
528 	if (ifpp)
529 		*ifpp = ifp;
530 
531 	bcopy(&tmp, srcp, sizeof(*srcp));
532 	if (ia->ia_ifp == ifp)
533 		IP6STAT_INC(ip6s_sources_sameif[best_scope]);
534 	else
535 		IP6STAT_INC(ip6s_sources_otherif[best_scope]);
536 	if (dst_scope == best_scope)
537 		IP6STAT_INC(ip6s_sources_samescope[best_scope]);
538 	else
539 		IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
540 	if (IFA6_IS_DEPRECATED(ia))
541 		IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
542 	IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
543 	return (0);
544 }
545 
546 /*
547  * clone - meaningful only for bsdi and freebsd
548  */
549 static int
550 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
551     struct ip6_moptions *mopts, struct route_in6 *ro,
552     struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
553 {
554 	int error = 0;
555 	struct ifnet *ifp = NULL;
556 	struct rtentry *rt = NULL;
557 	struct sockaddr_in6 *sin6_next;
558 	struct in6_pktinfo *pi = NULL;
559 	struct in6_addr *dst = &dstsock->sin6_addr;
560 	uint32_t zoneid;
561 #if 0
562 	char ip6buf[INET6_ADDRSTRLEN];
563 
564 	if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
565 	    dstsock->sin6_addr.s6_addr32[1] == 0 &&
566 	    !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
567 		printf("in6_selectroute: strange destination %s\n",
568 		       ip6_sprintf(ip6buf, &dstsock->sin6_addr));
569 	} else {
570 		printf("in6_selectroute: destination = %s%%%d\n",
571 		       ip6_sprintf(ip6buf, &dstsock->sin6_addr),
572 		       dstsock->sin6_scope_id); /* for debug */
573 	}
574 #endif
575 
576 	/* If the caller specify the outgoing interface explicitly, use it. */
577 	if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
578 		/* XXX boundary check is assumed to be already done. */
579 		ifp = ifnet_byindex(pi->ipi6_ifindex);
580 		if (ifp != NULL &&
581 		    (norouteok || retrt == NULL ||
582 		    IN6_IS_ADDR_MULTICAST(dst))) {
583 			/*
584 			 * we do not have to check or get the route for
585 			 * multicast.
586 			 */
587 			goto done;
588 		} else
589 			goto getroute;
590 	}
591 	/*
592 	 * If the destination address is a multicast address and the outgoing
593 	 * interface for the address is specified by the caller, use it.
594 	 */
595 	if (IN6_IS_ADDR_MULTICAST(dst) &&
596 	    mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
597 		goto done; /* we do not need a route for multicast. */
598 	}
599 	/*
600 	 * If destination address is LLA or link- or node-local multicast,
601 	 * use it's embedded scope zone id to determine outgoing interface.
602 	 */
603 	if (IN6_IS_ADDR_MC_LINKLOCAL(dst) ||
604 	    IN6_IS_ADDR_MC_NODELOCAL(dst)) {
605 		zoneid = ntohs(in6_getscope(dst));
606 		if (zoneid > 0) {
607 			ifp = in6_getlinkifnet(zoneid);
608 			goto done;
609 		}
610 	}
611 
612   getroute:
613 	/*
614 	 * If the next hop address for the packet is specified by the caller,
615 	 * use it as the gateway.
616 	 */
617 	if (opts && opts->ip6po_nexthop) {
618 		struct route_in6 *ron;
619 
620 		sin6_next = satosin6(opts->ip6po_nexthop);
621 		if (IN6_IS_ADDR_LINKLOCAL(&sin6_next->sin6_addr)) {
622 			/*
623 			 * Next hop is LLA, thus it should be neighbor.
624 			 * Determine outgoing interface by zone index.
625 			 */
626 			zoneid = ntohs(in6_getscope(&sin6_next->sin6_addr));
627 			if (zoneid > 0) {
628 				ifp = in6_getlinkifnet(zoneid);
629 				goto done;
630 			}
631 		}
632 		ron = &opts->ip6po_nextroute;
633 		/* Use a cached route if it exists and is valid. */
634 		if (ron->ro_rt != NULL && (
635 		    (ron->ro_rt->rt_flags & RTF_UP) == 0 ||
636 		    ron->ro_dst.sin6_family != AF_INET6 ||
637 		    !IN6_ARE_ADDR_EQUAL(&ron->ro_dst.sin6_addr,
638 			&sin6_next->sin6_addr)))
639 			RO_RTFREE(ron);
640 		if (ron->ro_rt == NULL) {
641 			ron->ro_dst = *sin6_next;
642 			in6_rtalloc(ron, fibnum); /* multi path case? */
643 		}
644 		/*
645 		 * The node identified by that address must be a
646 		 * neighbor of the sending host.
647 		 */
648 		if (ron->ro_rt == NULL ||
649 		    (ron->ro_rt->rt_flags & RTF_GATEWAY) != 0)
650 			error = EHOSTUNREACH;
651 		goto done;
652 	}
653 
654 	/*
655 	 * Use a cached route if it exists and is valid, else try to allocate
656 	 * a new one.  Note that we should check the address family of the
657 	 * cached destination, in case of sharing the cache with IPv4.
658 	 */
659 	if (ro) {
660 		if (ro->ro_rt &&
661 		    (!(ro->ro_rt->rt_flags & RTF_UP) ||
662 		     ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
663 		     !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
664 		     dst))) {
665 			RTFREE(ro->ro_rt);
666 			ro->ro_rt = (struct rtentry *)NULL;
667 		}
668 		if (ro->ro_rt == (struct rtentry *)NULL) {
669 			struct sockaddr_in6 *sa6;
670 
671 			/* No route yet, so try to acquire one */
672 			bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
673 			sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
674 			*sa6 = *dstsock;
675 			sa6->sin6_scope_id = 0;
676 
677 #ifdef RADIX_MPATH
678 				rtalloc_mpath_fib((struct route *)ro,
679 				    ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
680 #else
681 				ro->ro_rt = in6_rtalloc1((struct sockaddr *)
682 				    &ro->ro_dst, 0, 0UL, fibnum);
683 				if (ro->ro_rt)
684 					RT_UNLOCK(ro->ro_rt);
685 #endif
686 		}
687 
688 		/*
689 		 * do not care about the result if we have the nexthop
690 		 * explicitly specified.
691 		 */
692 		if (opts && opts->ip6po_nexthop)
693 			goto done;
694 
695 		if (ro->ro_rt) {
696 			ifp = ro->ro_rt->rt_ifp;
697 
698 			if (ifp == NULL) { /* can this really happen? */
699 				RTFREE(ro->ro_rt);
700 				ro->ro_rt = NULL;
701 			}
702 		}
703 		if (ro->ro_rt == NULL)
704 			error = EHOSTUNREACH;
705 		rt = ro->ro_rt;
706 
707 		/*
708 		 * Check if the outgoing interface conflicts with
709 		 * the interface specified by ipi6_ifindex (if specified).
710 		 * Note that loopback interface is always okay.
711 		 * (this may happen when we are sending a packet to one of
712 		 *  our own addresses.)
713 		 */
714 		if (ifp && opts && opts->ip6po_pktinfo &&
715 		    opts->ip6po_pktinfo->ipi6_ifindex) {
716 			if (!(ifp->if_flags & IFF_LOOPBACK) &&
717 			    ifp->if_index !=
718 			    opts->ip6po_pktinfo->ipi6_ifindex) {
719 				error = EHOSTUNREACH;
720 				goto done;
721 			}
722 		}
723 	}
724 
725   done:
726 	if (ifp == NULL && rt == NULL) {
727 		/*
728 		 * This can happen if the caller did not pass a cached route
729 		 * nor any other hints.  We treat this case an error.
730 		 */
731 		error = EHOSTUNREACH;
732 	}
733 	if (error == EHOSTUNREACH)
734 		IP6STAT_INC(ip6s_noroute);
735 
736 	if (retifp != NULL) {
737 		*retifp = ifp;
738 
739 		/*
740 		 * Adjust the "outgoing" interface.  If we're going to loop
741 		 * the packet back to ourselves, the ifp would be the loopback
742 		 * interface. However, we'd rather know the interface associated
743 		 * to the destination address (which should probably be one of
744 		 * our own addresses.)
745 		 */
746 		if (rt) {
747 			if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
748 			    (rt->rt_gateway->sa_family == AF_LINK))
749 				*retifp =
750 					ifnet_byindex(((struct sockaddr_dl *)
751 						       rt->rt_gateway)->sdl_index);
752 		}
753 	}
754 
755 	if (retrt != NULL)
756 		*retrt = rt;	/* rt may be NULL */
757 
758 	return (error);
759 }
760 
761 static int
762 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
763     struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
764     struct ifnet *oifp, u_int fibnum)
765 {
766 	int error;
767 	struct route_in6 sro;
768 	struct rtentry *rt = NULL;
769 
770 	KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
771 
772 	if (ro == NULL) {
773 		bzero(&sro, sizeof(sro));
774 		ro = &sro;
775 	}
776 
777 	if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
778 	    &rt, 1, fibnum)) != 0) {
779 		if (ro == &sro && rt && rt == sro.ro_rt)
780 			RTFREE(rt);
781 		/* Help ND. See oifp comment in in6_selectsrc(). */
782 		if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
783 			*retifp = oifp;
784 			error = 0;
785 		}
786 		return (error);
787 	}
788 
789 	/*
790 	 * do not use a rejected or black hole route.
791 	 * XXX: this check should be done in the L2 output routine.
792 	 * However, if we skipped this check here, we'd see the following
793 	 * scenario:
794 	 * - install a rejected route for a scoped address prefix
795 	 *   (like fe80::/10)
796 	 * - send a packet to a destination that matches the scoped prefix,
797 	 *   with ambiguity about the scope zone.
798 	 * - pick the outgoing interface from the route, and disambiguate the
799 	 *   scope zone with the interface.
800 	 * - ip6_output() would try to get another route with the "new"
801 	 *   destination, which may be valid.
802 	 * - we'd see no error on output.
803 	 * Although this may not be very harmful, it should still be confusing.
804 	 * We thus reject the case here.
805 	 */
806 	if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
807 		int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
808 
809 		if (ro == &sro && rt && rt == sro.ro_rt)
810 			RTFREE(rt);
811 		return (flags);
812 	}
813 
814 	if (ro == &sro && rt && rt == sro.ro_rt)
815 		RTFREE(rt);
816 	return (0);
817 }
818 
819 /*
820  * Public wrapper function to selectroute().
821  *
822  * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
823  * in6_selectroute_fib() function is only there for backward compat on stable.
824  */
825 int
826 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
827     struct ip6_moptions *mopts, struct route_in6 *ro,
828     struct ifnet **retifp, struct rtentry **retrt)
829 {
830 
831 	return (selectroute(dstsock, opts, mopts, ro, retifp,
832 	    retrt, 0, RT_DEFAULT_FIB));
833 }
834 
835 #ifndef BURN_BRIDGES
836 int
837 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
838     struct ip6_moptions *mopts, struct route_in6 *ro,
839     struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
840 {
841 
842 	return (selectroute(dstsock, opts, mopts, ro, retifp,
843 	    retrt, 0, fibnum));
844 }
845 #endif
846 
847 /*
848  * Default hop limit selection. The precedence is as follows:
849  * 1. Hoplimit value specified via ioctl.
850  * 2. (If the outgoing interface is detected) the current
851  *     hop limit of the interface specified by router advertisement.
852  * 3. The system default hoplimit.
853  */
854 int
855 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
856 {
857 
858 	if (in6p && in6p->in6p_hops >= 0)
859 		return (in6p->in6p_hops);
860 	else if (ifp)
861 		return (ND_IFINFO(ifp)->chlim);
862 	else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
863 		struct route_in6 ro6;
864 		struct ifnet *lifp;
865 
866 		bzero(&ro6, sizeof(ro6));
867 		ro6.ro_dst.sin6_family = AF_INET6;
868 		ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
869 		ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
870 		in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
871 		if (ro6.ro_rt) {
872 			lifp = ro6.ro_rt->rt_ifp;
873 			RTFREE(ro6.ro_rt);
874 			if (lifp)
875 				return (ND_IFINFO(lifp)->chlim);
876 		}
877 	}
878 	return (V_ip6_defhlim);
879 }
880 
881 /*
882  * XXX: this is borrowed from in6_pcbbind(). If possible, we should
883  * share this function by all *bsd*...
884  */
885 int
886 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
887 {
888 	struct socket *so = inp->inp_socket;
889 	u_int16_t lport = 0;
890 	int error, lookupflags = 0;
891 #ifdef INVARIANTS
892 	struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
893 #endif
894 
895 	INP_WLOCK_ASSERT(inp);
896 	INP_HASH_WLOCK_ASSERT(pcbinfo);
897 
898 	error = prison_local_ip6(cred, laddr,
899 	    ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
900 	if (error)
901 		return(error);
902 
903 	/* XXX: this is redundant when called from in6_pcbbind */
904 	if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
905 		lookupflags = INPLOOKUP_WILDCARD;
906 
907 	inp->inp_flags |= INP_ANONPORT;
908 
909 	error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
910 	if (error != 0)
911 		return (error);
912 
913 	inp->inp_lport = lport;
914 	if (in_pcbinshash(inp) != 0) {
915 		inp->in6p_laddr = in6addr_any;
916 		inp->inp_lport = 0;
917 		return (EAGAIN);
918 	}
919 
920 	return (0);
921 }
922 
923 void
924 addrsel_policy_init(void)
925 {
926 
927 	init_policy_queue();
928 
929 	/* initialize the "last resort" policy */
930 	bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
931 	V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
932 
933 	if (!IS_DEFAULT_VNET(curvnet))
934 		return;
935 
936 	ADDRSEL_LOCK_INIT();
937 	ADDRSEL_SXLOCK_INIT();
938 }
939 
940 static struct in6_addrpolicy *
941 lookup_addrsel_policy(struct sockaddr_in6 *key)
942 {
943 	struct in6_addrpolicy *match = NULL;
944 
945 	ADDRSEL_LOCK();
946 	match = match_addrsel_policy(key);
947 
948 	if (match == NULL)
949 		match = &V_defaultaddrpolicy;
950 	else
951 		match->use++;
952 	ADDRSEL_UNLOCK();
953 
954 	return (match);
955 }
956 
957 /*
958  * Subroutines to manage the address selection policy table via sysctl.
959  */
960 struct walkarg {
961 	struct sysctl_req *w_req;
962 };
963 
964 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
965 SYSCTL_DECL(_net_inet6_ip6);
966 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
967 	CTLFLAG_RD, in6_src_sysctl, "");
968 
969 static int
970 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
971 {
972 	struct walkarg w;
973 
974 	if (req->newptr)
975 		return EPERM;
976 
977 	bzero(&w, sizeof(w));
978 	w.w_req = req;
979 
980 	return (walk_addrsel_policy(dump_addrsel_policyent, &w));
981 }
982 
983 int
984 in6_src_ioctl(u_long cmd, caddr_t data)
985 {
986 	struct in6_addrpolicy ent0;
987 
988 	if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
989 		return (EOPNOTSUPP); /* check for safety */
990 
991 	ent0 = *(struct in6_addrpolicy *)data;
992 
993 	if (ent0.label == ADDR_LABEL_NOTAPP)
994 		return (EINVAL);
995 	/* check if the prefix mask is consecutive. */
996 	if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
997 		return (EINVAL);
998 	/* clear trailing garbages (if any) of the prefix address. */
999 	IN6_MASK_ADDR(&ent0.addr.sin6_addr, &ent0.addrmask.sin6_addr);
1000 	ent0.use = 0;
1001 
1002 	switch (cmd) {
1003 	case SIOCAADDRCTL_POLICY:
1004 		return (add_addrsel_policyent(&ent0));
1005 	case SIOCDADDRCTL_POLICY:
1006 		return (delete_addrsel_policyent(&ent0));
1007 	}
1008 
1009 	return (0);		/* XXX: compromise compilers */
1010 }
1011 
1012 /*
1013  * The followings are implementation of the policy table using a
1014  * simple tail queue.
1015  * XXX such details should be hidden.
1016  * XXX implementation using binary tree should be more efficient.
1017  */
1018 struct addrsel_policyent {
1019 	TAILQ_ENTRY(addrsel_policyent) ape_entry;
1020 	struct in6_addrpolicy ape_policy;
1021 };
1022 
1023 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1024 
1025 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
1026 #define	V_addrsel_policytab		VNET(addrsel_policytab)
1027 
1028 static void
1029 init_policy_queue(void)
1030 {
1031 
1032 	TAILQ_INIT(&V_addrsel_policytab);
1033 }
1034 
1035 static int
1036 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1037 {
1038 	struct addrsel_policyent *new, *pol;
1039 
1040 	new = malloc(sizeof(*new), M_IFADDR,
1041 	       M_WAITOK);
1042 	ADDRSEL_XLOCK();
1043 	ADDRSEL_LOCK();
1044 
1045 	/* duplication check */
1046 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1047 		if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1048 				       &pol->ape_policy.addr.sin6_addr) &&
1049 		    IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1050 				       &pol->ape_policy.addrmask.sin6_addr)) {
1051 			ADDRSEL_UNLOCK();
1052 			ADDRSEL_XUNLOCK();
1053 			free(new, M_IFADDR);
1054 			return (EEXIST);	/* or override it? */
1055 		}
1056 	}
1057 
1058 	bzero(new, sizeof(*new));
1059 
1060 	/* XXX: should validate entry */
1061 	new->ape_policy = *newpolicy;
1062 
1063 	TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1064 	ADDRSEL_UNLOCK();
1065 	ADDRSEL_XUNLOCK();
1066 
1067 	return (0);
1068 }
1069 
1070 static int
1071 delete_addrsel_policyent(struct in6_addrpolicy *key)
1072 {
1073 	struct addrsel_policyent *pol;
1074 
1075 	ADDRSEL_XLOCK();
1076 	ADDRSEL_LOCK();
1077 
1078 	/* search for the entry in the table */
1079 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1080 		if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1081 		    &pol->ape_policy.addr.sin6_addr) &&
1082 		    IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1083 		    &pol->ape_policy.addrmask.sin6_addr)) {
1084 			break;
1085 		}
1086 	}
1087 	if (pol == NULL) {
1088 		ADDRSEL_UNLOCK();
1089 		ADDRSEL_XUNLOCK();
1090 		return (ESRCH);
1091 	}
1092 
1093 	TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1094 	ADDRSEL_UNLOCK();
1095 	ADDRSEL_XUNLOCK();
1096 	free(pol, M_IFADDR);
1097 
1098 	return (0);
1099 }
1100 
1101 static int
1102 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
1103 {
1104 	struct addrsel_policyent *pol;
1105 	int error = 0;
1106 
1107 	ADDRSEL_SLOCK();
1108 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1109 		if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1110 			ADDRSEL_SUNLOCK();
1111 			return (error);
1112 		}
1113 	}
1114 	ADDRSEL_SUNLOCK();
1115 	return (error);
1116 }
1117 
1118 static int
1119 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1120 {
1121 	int error = 0;
1122 	struct walkarg *w = arg;
1123 
1124 	error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1125 
1126 	return (error);
1127 }
1128 
1129 static struct in6_addrpolicy *
1130 match_addrsel_policy(struct sockaddr_in6 *key)
1131 {
1132 	struct addrsel_policyent *pent;
1133 	struct in6_addrpolicy *bestpol = NULL, *pol;
1134 	int matchlen, bestmatchlen = -1;
1135 	u_char *mp, *ep, *k, *p, m;
1136 
1137 	TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1138 		matchlen = 0;
1139 
1140 		pol = &pent->ape_policy;
1141 		mp = (u_char *)&pol->addrmask.sin6_addr;
1142 		ep = mp + 16;	/* XXX: scope field? */
1143 		k = (u_char *)&key->sin6_addr;
1144 		p = (u_char *)&pol->addr.sin6_addr;
1145 		for (; mp < ep && *mp; mp++, k++, p++) {
1146 			m = *mp;
1147 			if ((*k & m) != *p)
1148 				goto next; /* not match */
1149 			if (m == 0xff) /* short cut for a typical case */
1150 				matchlen += 8;
1151 			else {
1152 				while (m >= 0x80) {
1153 					matchlen++;
1154 					m <<= 1;
1155 				}
1156 			}
1157 		}
1158 
1159 		/* matched.  check if this is better than the current best. */
1160 		if (bestpol == NULL ||
1161 		    matchlen > bestmatchlen) {
1162 			bestpol = pol;
1163 			bestmatchlen = matchlen;
1164 		}
1165 
1166 	  next:
1167 		continue;
1168 	}
1169 
1170 	return (bestpol);
1171 }
1172