1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 #include <sys/vimage.h> 87 88 #include <net/if.h> 89 #include <net/route.h> 90 #include <net/if_llatbl.h> 91 #ifdef RADIX_MPATH 92 #include <net/radix_mpath.h> 93 #endif 94 95 #include <netinet/in.h> 96 #include <netinet/in_var.h> 97 #include <netinet/in_systm.h> 98 #include <netinet/ip.h> 99 #include <netinet/in_pcb.h> 100 #include <netinet/ip_var.h> 101 #include <netinet/udp.h> 102 #include <netinet/udp_var.h> 103 #include <netinet/vinet.h> 104 105 #include <netinet6/in6_var.h> 106 #include <netinet/ip6.h> 107 #include <netinet6/in6_pcb.h> 108 #include <netinet6/ip6_var.h> 109 #include <netinet6/scope6_var.h> 110 #include <netinet6/nd6.h> 111 #include <netinet6/vinet6.h> 112 113 static struct mtx addrsel_lock; 114 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 115 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 116 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 117 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 118 119 static struct sx addrsel_sxlock; 120 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 121 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 122 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 123 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 124 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 125 126 #define ADDR_LABEL_NOTAPP (-1) 127 128 #ifdef VIMAGE_GLOBALS 129 struct in6_addrpolicy defaultaddrpolicy; 130 int ip6_prefer_tempaddr; 131 #endif 132 133 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 135 struct rtentry **, int)); 136 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 137 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 138 139 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 140 141 static void init_policy_queue(void); 142 static int add_addrsel_policyent(struct in6_addrpolicy *); 143 static int delete_addrsel_policyent(struct in6_addrpolicy *); 144 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 145 void *)); 146 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 147 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 148 149 /* 150 * Return an IPv6 address, which is the most appropriate for a given 151 * destination and user specified options. 152 * If necessary, this function lookups the routing table and returns 153 * an entry to the caller for later use. 154 */ 155 #define REPLACE(r) do {\ 156 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 157 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 158 V_ip6stat.ip6s_sources_rule[(r)]++; \ 159 /* { \ 160 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 161 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 162 } */ \ 163 goto replace; \ 164 } while(0) 165 #define NEXT(r) do {\ 166 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 167 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 168 V_ip6stat.ip6s_sources_rule[(r)]++; \ 169 /* { \ 170 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 171 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 172 } */ \ 173 goto next; /* XXX: we can't use 'continue' here */ \ 174 } while(0) 175 #define BREAK(r) do { \ 176 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 177 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 178 V_ip6stat.ip6s_sources_rule[(r)]++; \ 179 goto out; /* XXX: we can't use 'break' here */ \ 180 } while(0) 181 182 int 183 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 184 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 185 struct ifnet **ifpp, struct in6_addr *srcp) 186 { 187 INIT_VNET_INET6(curvnet); 188 struct in6_addr dst; 189 struct ifnet *ifp = NULL; 190 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 191 struct in6_pktinfo *pi = NULL; 192 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 193 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 194 u_int32_t odstzone; 195 int prefer_tempaddr; 196 int error; 197 struct ip6_moptions *mopts; 198 199 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 200 201 dst = dstsock->sin6_addr; /* make a copy for local operation */ 202 if (ifpp) 203 *ifpp = NULL; 204 205 if (inp != NULL) { 206 INP_LOCK_ASSERT(inp); 207 mopts = inp->in6p_moptions; 208 } else { 209 mopts = NULL; 210 } 211 212 /* 213 * If the source address is explicitly specified by the caller, 214 * check if the requested source address is indeed a unicast address 215 * assigned to the node, and can be used as the packet's source 216 * address. If everything is okay, use the address as source. 217 */ 218 if (opts && (pi = opts->ip6po_pktinfo) && 219 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 220 struct sockaddr_in6 srcsock; 221 struct in6_ifaddr *ia6; 222 223 /* get the outgoing interface */ 224 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 225 return (error); 226 227 /* 228 * determine the appropriate zone id of the source based on 229 * the zone of the destination and the outgoing interface. 230 * If the specified address is ambiguous wrt the scope zone, 231 * the interface must be specified; otherwise, ifa_ifwithaddr() 232 * will fail matching the address. 233 */ 234 bzero(&srcsock, sizeof(srcsock)); 235 srcsock.sin6_family = AF_INET6; 236 srcsock.sin6_len = sizeof(srcsock); 237 srcsock.sin6_addr = pi->ipi6_addr; 238 if (ifp) { 239 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 240 if (error) 241 return (error); 242 } 243 if (cred != NULL && (error = prison_local_ip6(cred, 244 &srcsock.sin6_addr, (inp != NULL && 245 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 246 return (error); 247 248 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 249 (struct sockaddr *)&srcsock); 250 if (ia6 == NULL || 251 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 252 if (ia6 != NULL) 253 ifa_free(&ia6->ia_ifa); 254 return (EADDRNOTAVAIL); 255 } 256 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 257 if (ifpp) 258 *ifpp = ifp; 259 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 260 ifa_free(&ia6->ia_ifa); 261 return (0); 262 } 263 264 /* 265 * Otherwise, if the socket has already bound the source, just use it. 266 */ 267 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 268 if (cred != NULL && 269 (error = prison_local_ip6(cred, &inp->in6p_laddr, 270 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 271 return (error); 272 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 273 return (0); 274 } 275 276 /* 277 * If the address is not specified, choose the best one based on 278 * the outgoing interface and the destination address. 279 */ 280 /* get the outgoing interface */ 281 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 282 return (error); 283 284 #ifdef DIAGNOSTIC 285 if (ifp == NULL) /* this should not happen */ 286 panic("in6_selectsrc: NULL ifp"); 287 #endif 288 error = in6_setscope(&dst, ifp, &odstzone); 289 if (error) 290 return (error); 291 292 IN6_IFADDR_RLOCK(); 293 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 294 int new_scope = -1, new_matchlen = -1; 295 struct in6_addrpolicy *new_policy = NULL; 296 u_int32_t srczone, osrczone, dstzone; 297 struct in6_addr src; 298 struct ifnet *ifp1 = ia->ia_ifp; 299 300 /* 301 * We'll never take an address that breaks the scope zone 302 * of the destination. We also skip an address if its zone 303 * does not contain the outgoing interface. 304 * XXX: we should probably use sin6_scope_id here. 305 */ 306 if (in6_setscope(&dst, ifp1, &dstzone) || 307 odstzone != dstzone) { 308 continue; 309 } 310 src = ia->ia_addr.sin6_addr; 311 if (in6_setscope(&src, ifp, &osrczone) || 312 in6_setscope(&src, ifp1, &srczone) || 313 osrczone != srczone) { 314 continue; 315 } 316 317 /* avoid unusable addresses */ 318 if ((ia->ia6_flags & 319 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 320 continue; 321 } 322 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 323 continue; 324 325 if (cred != NULL && 326 prison_local_ip6(cred, &ia->ia_addr.sin6_addr, 327 (inp != NULL && 328 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) 329 continue; 330 331 /* Rule 1: Prefer same address */ 332 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 333 ia_best = ia; 334 BREAK(1); /* there should be no better candidate */ 335 } 336 337 if (ia_best == NULL) 338 REPLACE(0); 339 340 /* Rule 2: Prefer appropriate scope */ 341 if (dst_scope < 0) 342 dst_scope = in6_addrscope(&dst); 343 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 344 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 345 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 346 REPLACE(2); 347 NEXT(2); 348 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 349 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 350 NEXT(2); 351 REPLACE(2); 352 } 353 354 /* 355 * Rule 3: Avoid deprecated addresses. Note that the case of 356 * !ip6_use_deprecated is already rejected above. 357 */ 358 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 359 NEXT(3); 360 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 361 REPLACE(3); 362 363 /* Rule 4: Prefer home addresses */ 364 /* 365 * XXX: This is a TODO. We should probably merge the MIP6 366 * case above. 367 */ 368 369 /* Rule 5: Prefer outgoing interface */ 370 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 371 NEXT(5); 372 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 373 REPLACE(5); 374 375 /* 376 * Rule 6: Prefer matching label 377 * Note that best_policy should be non-NULL here. 378 */ 379 if (dst_policy == NULL) 380 dst_policy = lookup_addrsel_policy(dstsock); 381 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 382 new_policy = lookup_addrsel_policy(&ia->ia_addr); 383 if (dst_policy->label == best_policy->label && 384 dst_policy->label != new_policy->label) 385 NEXT(6); 386 if (dst_policy->label != best_policy->label && 387 dst_policy->label == new_policy->label) 388 REPLACE(6); 389 } 390 391 /* 392 * Rule 7: Prefer public addresses. 393 * We allow users to reverse the logic by configuring 394 * a sysctl variable, so that privacy conscious users can 395 * always prefer temporary addresses. 396 */ 397 if (opts == NULL || 398 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 399 prefer_tempaddr = V_ip6_prefer_tempaddr; 400 } else if (opts->ip6po_prefer_tempaddr == 401 IP6PO_TEMPADDR_NOTPREFER) { 402 prefer_tempaddr = 0; 403 } else 404 prefer_tempaddr = 1; 405 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 406 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 407 if (prefer_tempaddr) 408 REPLACE(7); 409 else 410 NEXT(7); 411 } 412 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 413 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 414 if (prefer_tempaddr) 415 NEXT(7); 416 else 417 REPLACE(7); 418 } 419 420 /* 421 * Rule 8: prefer addresses on alive interfaces. 422 * This is a KAME specific rule. 423 */ 424 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 425 !(ia->ia_ifp->if_flags & IFF_UP)) 426 NEXT(8); 427 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 428 (ia->ia_ifp->if_flags & IFF_UP)) 429 REPLACE(8); 430 431 /* 432 * Rule 14: Use longest matching prefix. 433 * Note: in the address selection draft, this rule is 434 * documented as "Rule 8". However, since it is also 435 * documented that this rule can be overridden, we assign 436 * a large number so that it is easy to assign smaller numbers 437 * to more preferred rules. 438 */ 439 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 440 if (best_matchlen < new_matchlen) 441 REPLACE(14); 442 if (new_matchlen < best_matchlen) 443 NEXT(14); 444 445 /* Rule 15 is reserved. */ 446 447 /* 448 * Last resort: just keep the current candidate. 449 * Or, do we need more rules? 450 */ 451 continue; 452 453 replace: 454 ia_best = ia; 455 best_scope = (new_scope >= 0 ? new_scope : 456 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 457 best_policy = (new_policy ? new_policy : 458 lookup_addrsel_policy(&ia_best->ia_addr)); 459 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 460 in6_matchlen(&ia_best->ia_addr.sin6_addr, 461 &dst)); 462 463 next: 464 continue; 465 466 out: 467 break; 468 } 469 470 if ((ia = ia_best) == NULL) { 471 IN6_IFADDR_RUNLOCK(); 472 return (EADDRNOTAVAIL); 473 } 474 475 if (ifpp) 476 *ifpp = ifp; 477 478 bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 479 IN6_IFADDR_RUNLOCK(); 480 return (0); 481 } 482 483 /* 484 * clone - meaningful only for bsdi and freebsd 485 */ 486 static int 487 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 488 struct ip6_moptions *mopts, struct route_in6 *ro, 489 struct ifnet **retifp, struct rtentry **retrt, int norouteok) 490 { 491 INIT_VNET_INET6(curvnet); 492 int error = 0; 493 struct ifnet *ifp = NULL; 494 struct rtentry *rt = NULL; 495 struct sockaddr_in6 *sin6_next; 496 struct in6_pktinfo *pi = NULL; 497 struct in6_addr *dst = &dstsock->sin6_addr; 498 #if 0 499 char ip6buf[INET6_ADDRSTRLEN]; 500 501 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 502 dstsock->sin6_addr.s6_addr32[1] == 0 && 503 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 504 printf("in6_selectroute: strange destination %s\n", 505 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 506 } else { 507 printf("in6_selectroute: destination = %s%%%d\n", 508 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 509 dstsock->sin6_scope_id); /* for debug */ 510 } 511 #endif 512 513 /* If the caller specify the outgoing interface explicitly, use it. */ 514 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 515 /* XXX boundary check is assumed to be already done. */ 516 ifp = ifnet_byindex(pi->ipi6_ifindex); 517 if (ifp != NULL && 518 (norouteok || retrt == NULL || 519 IN6_IS_ADDR_MULTICAST(dst))) { 520 /* 521 * we do not have to check or get the route for 522 * multicast. 523 */ 524 goto done; 525 } else 526 goto getroute; 527 } 528 529 /* 530 * If the destination address is a multicast address and the outgoing 531 * interface for the address is specified by the caller, use it. 532 */ 533 if (IN6_IS_ADDR_MULTICAST(dst) && 534 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 535 goto done; /* we do not need a route for multicast. */ 536 } 537 538 getroute: 539 /* 540 * If the next hop address for the packet is specified by the caller, 541 * use it as the gateway. 542 */ 543 if (opts && opts->ip6po_nexthop) { 544 struct route_in6 *ron; 545 struct llentry *la; 546 547 sin6_next = satosin6(opts->ip6po_nexthop); 548 549 /* at this moment, we only support AF_INET6 next hops */ 550 if (sin6_next->sin6_family != AF_INET6) { 551 error = EAFNOSUPPORT; /* or should we proceed? */ 552 goto done; 553 } 554 555 /* 556 * If the next hop is an IPv6 address, then the node identified 557 * by that address must be a neighbor of the sending host. 558 */ 559 ron = &opts->ip6po_nextroute; 560 /* 561 * XXX what do we do here? 562 * PLZ to be fixing 563 */ 564 565 566 if (ron->ro_rt == NULL) { 567 rtalloc((struct route *)ron); /* multi path case? */ 568 if (ron->ro_rt == NULL) { 569 if (ron->ro_rt) { 570 RTFREE(ron->ro_rt); 571 ron->ro_rt = NULL; 572 } 573 error = EHOSTUNREACH; 574 goto done; 575 } 576 } 577 578 rt = ron->ro_rt; 579 ifp = rt->rt_ifp; 580 IF_AFDATA_LOCK(ifp); 581 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 582 IF_AFDATA_UNLOCK(ifp); 583 if (la != NULL) 584 LLE_RUNLOCK(la); 585 else { 586 error = EHOSTUNREACH; 587 goto done; 588 } 589 #if 0 590 if ((ron->ro_rt && 591 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 592 (RTF_UP | RTF_LLINFO)) || 593 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 594 &sin6_next->sin6_addr)) { 595 if (ron->ro_rt) { 596 RTFREE(ron->ro_rt); 597 ron->ro_rt = NULL; 598 } 599 *satosin6(&ron->ro_dst) = *sin6_next; 600 } 601 if (ron->ro_rt == NULL) { 602 rtalloc((struct route *)ron); /* multi path case? */ 603 if (ron->ro_rt == NULL || 604 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 605 if (ron->ro_rt) { 606 RTFREE(ron->ro_rt); 607 ron->ro_rt = NULL; 608 } 609 error = EHOSTUNREACH; 610 goto done; 611 } 612 } 613 #endif 614 615 /* 616 * When cloning is required, try to allocate a route to the 617 * destination so that the caller can store path MTU 618 * information. 619 */ 620 goto done; 621 } 622 623 /* 624 * Use a cached route if it exists and is valid, else try to allocate 625 * a new one. Note that we should check the address family of the 626 * cached destination, in case of sharing the cache with IPv4. 627 */ 628 if (ro) { 629 if (ro->ro_rt && 630 (!(ro->ro_rt->rt_flags & RTF_UP) || 631 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 632 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 633 dst))) { 634 RTFREE(ro->ro_rt); 635 ro->ro_rt = (struct rtentry *)NULL; 636 } 637 if (ro->ro_rt == (struct rtentry *)NULL) { 638 struct sockaddr_in6 *sa6; 639 640 /* No route yet, so try to acquire one */ 641 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 642 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 643 *sa6 = *dstsock; 644 sa6->sin6_scope_id = 0; 645 646 #ifdef RADIX_MPATH 647 rtalloc_mpath((struct route *)ro, 648 ntohl(sa6->sin6_addr.s6_addr32[3])); 649 #else 650 ro->ro_rt = rtalloc1(&((struct route *)ro) 651 ->ro_dst, 0, 0UL); 652 if (ro->ro_rt) 653 RT_UNLOCK(ro->ro_rt); 654 #endif 655 } 656 657 /* 658 * do not care about the result if we have the nexthop 659 * explicitly specified. 660 */ 661 if (opts && opts->ip6po_nexthop) 662 goto done; 663 664 if (ro->ro_rt) { 665 ifp = ro->ro_rt->rt_ifp; 666 667 if (ifp == NULL) { /* can this really happen? */ 668 RTFREE(ro->ro_rt); 669 ro->ro_rt = NULL; 670 } 671 } 672 if (ro->ro_rt == NULL) 673 error = EHOSTUNREACH; 674 rt = ro->ro_rt; 675 676 /* 677 * Check if the outgoing interface conflicts with 678 * the interface specified by ipi6_ifindex (if specified). 679 * Note that loopback interface is always okay. 680 * (this may happen when we are sending a packet to one of 681 * our own addresses.) 682 */ 683 if (ifp && opts && opts->ip6po_pktinfo && 684 opts->ip6po_pktinfo->ipi6_ifindex) { 685 if (!(ifp->if_flags & IFF_LOOPBACK) && 686 ifp->if_index != 687 opts->ip6po_pktinfo->ipi6_ifindex) { 688 error = EHOSTUNREACH; 689 goto done; 690 } 691 } 692 } 693 694 done: 695 if (ifp == NULL && rt == NULL) { 696 /* 697 * This can happen if the caller did not pass a cached route 698 * nor any other hints. We treat this case an error. 699 */ 700 error = EHOSTUNREACH; 701 } 702 if (error == EHOSTUNREACH) 703 V_ip6stat.ip6s_noroute++; 704 705 if (retifp != NULL) 706 *retifp = ifp; 707 if (retrt != NULL) 708 *retrt = rt; /* rt may be NULL */ 709 710 return (error); 711 } 712 713 static int 714 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 715 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 716 { 717 int error; 718 struct route_in6 sro; 719 struct rtentry *rt = NULL; 720 721 if (ro == NULL) { 722 bzero(&sro, sizeof(sro)); 723 ro = &sro; 724 } 725 726 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 727 &rt, 1)) != 0) { 728 if (ro == &sro && rt && rt == sro.ro_rt) 729 RTFREE(rt); 730 return (error); 731 } 732 733 /* 734 * do not use a rejected or black hole route. 735 * XXX: this check should be done in the L2 output routine. 736 * However, if we skipped this check here, we'd see the following 737 * scenario: 738 * - install a rejected route for a scoped address prefix 739 * (like fe80::/10) 740 * - send a packet to a destination that matches the scoped prefix, 741 * with ambiguity about the scope zone. 742 * - pick the outgoing interface from the route, and disambiguate the 743 * scope zone with the interface. 744 * - ip6_output() would try to get another route with the "new" 745 * destination, which may be valid. 746 * - we'd see no error on output. 747 * Although this may not be very harmful, it should still be confusing. 748 * We thus reject the case here. 749 */ 750 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 751 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 752 753 if (ro == &sro && rt && rt == sro.ro_rt) 754 RTFREE(rt); 755 return (flags); 756 } 757 758 /* 759 * Adjust the "outgoing" interface. If we're going to loop the packet 760 * back to ourselves, the ifp would be the loopback interface. 761 * However, we'd rather know the interface associated to the 762 * destination address (which should probably be one of our own 763 * addresses.) 764 */ 765 if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp) 766 *retifp = rt->rt_ifa->ifa_ifp; 767 768 if (ro == &sro && rt && rt == sro.ro_rt) 769 RTFREE(rt); 770 return (0); 771 } 772 773 /* 774 * clone - meaningful only for bsdi and freebsd 775 */ 776 int 777 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 778 struct ip6_moptions *mopts, struct route_in6 *ro, 779 struct ifnet **retifp, struct rtentry **retrt) 780 { 781 782 return (selectroute(dstsock, opts, mopts, ro, retifp, 783 retrt, 0)); 784 } 785 786 /* 787 * Default hop limit selection. The precedence is as follows: 788 * 1. Hoplimit value specified via ioctl. 789 * 2. (If the outgoing interface is detected) the current 790 * hop limit of the interface specified by router advertisement. 791 * 3. The system default hoplimit. 792 */ 793 int 794 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 795 { 796 INIT_VNET_INET6(curvnet); 797 798 if (in6p && in6p->in6p_hops >= 0) 799 return (in6p->in6p_hops); 800 else if (ifp) 801 return (ND_IFINFO(ifp)->chlim); 802 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 803 struct route_in6 ro6; 804 struct ifnet *lifp; 805 806 bzero(&ro6, sizeof(ro6)); 807 ro6.ro_dst.sin6_family = AF_INET6; 808 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 809 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 810 rtalloc((struct route *)&ro6); 811 if (ro6.ro_rt) { 812 lifp = ro6.ro_rt->rt_ifp; 813 RTFREE(ro6.ro_rt); 814 if (lifp) 815 return (ND_IFINFO(lifp)->chlim); 816 } else 817 return (V_ip6_defhlim); 818 } 819 return (V_ip6_defhlim); 820 } 821 822 /* 823 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 824 * share this function by all *bsd*... 825 */ 826 int 827 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 828 { 829 INIT_VNET_INET(curvnet); 830 struct socket *so = inp->inp_socket; 831 u_int16_t lport = 0, first, last, *lastport; 832 int count, error, wild = 0, dorandom; 833 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 834 835 INP_INFO_WLOCK_ASSERT(pcbinfo); 836 INP_WLOCK_ASSERT(inp); 837 838 error = prison_local_ip6(cred, laddr, 839 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 840 if (error) 841 return(error); 842 843 /* XXX: this is redundant when called from in6_pcbbind */ 844 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 845 wild = INPLOOKUP_WILDCARD; 846 847 inp->inp_flags |= INP_ANONPORT; 848 849 if (inp->inp_flags & INP_HIGHPORT) { 850 first = V_ipport_hifirstauto; /* sysctl */ 851 last = V_ipport_hilastauto; 852 lastport = &pcbinfo->ipi_lasthi; 853 } else if (inp->inp_flags & INP_LOWPORT) { 854 error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); 855 if (error) 856 return error; 857 first = V_ipport_lowfirstauto; /* 1023 */ 858 last = V_ipport_lowlastauto; /* 600 */ 859 lastport = &pcbinfo->ipi_lastlow; 860 } else { 861 first = V_ipport_firstauto; /* sysctl */ 862 last = V_ipport_lastauto; 863 lastport = &pcbinfo->ipi_lastport; 864 } 865 866 /* 867 * For UDP, use random port allocation as long as the user 868 * allows it. For TCP (and as of yet unknown) connections, 869 * use random port allocation only if the user allows it AND 870 * ipport_tick() allows it. 871 */ 872 if (V_ipport_randomized && 873 (!V_ipport_stoprandom || pcbinfo == &V_udbinfo)) 874 dorandom = 1; 875 else 876 dorandom = 0; 877 /* 878 * It makes no sense to do random port allocation if 879 * we have the only port available. 880 */ 881 if (first == last) 882 dorandom = 0; 883 /* Make sure to not include UDP packets in the count. */ 884 if (pcbinfo != &V_udbinfo) 885 V_ipport_tcpallocs++; 886 887 /* 888 * Instead of having two loops further down counting up or down 889 * make sure that first is always <= last and go with only one 890 * code path implementing all logic. 891 */ 892 if (first > last) { 893 u_int16_t aux; 894 895 aux = first; 896 first = last; 897 last = aux; 898 } 899 900 if (dorandom) 901 *lastport = first + (arc4random() % (last - first)); 902 903 count = last - first; 904 905 do { 906 if (count-- < 0) { /* completely used? */ 907 /* Undo an address bind that may have occurred. */ 908 inp->in6p_laddr = in6addr_any; 909 return (EADDRNOTAVAIL); 910 } 911 ++*lastport; 912 if (*lastport < first || *lastport > last) 913 *lastport = first; 914 lport = htons(*lastport); 915 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 916 lport, wild, cred)); 917 918 inp->inp_lport = lport; 919 if (in_pcbinshash(inp) != 0) { 920 inp->in6p_laddr = in6addr_any; 921 inp->inp_lport = 0; 922 return (EAGAIN); 923 } 924 925 return (0); 926 } 927 928 void 929 addrsel_policy_init(void) 930 { 931 INIT_VNET_INET6(curvnet); 932 933 V_ip6_prefer_tempaddr = 0; 934 935 init_policy_queue(); 936 937 /* initialize the "last resort" policy */ 938 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 939 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 940 941 if (!IS_DEFAULT_VNET(curvnet)) 942 return; 943 944 ADDRSEL_LOCK_INIT(); 945 ADDRSEL_SXLOCK_INIT(); 946 } 947 948 static struct in6_addrpolicy * 949 lookup_addrsel_policy(struct sockaddr_in6 *key) 950 { 951 INIT_VNET_INET6(curvnet); 952 struct in6_addrpolicy *match = NULL; 953 954 ADDRSEL_LOCK(); 955 match = match_addrsel_policy(key); 956 957 if (match == NULL) 958 match = &V_defaultaddrpolicy; 959 else 960 match->use++; 961 ADDRSEL_UNLOCK(); 962 963 return (match); 964 } 965 966 /* 967 * Subroutines to manage the address selection policy table via sysctl. 968 */ 969 struct walkarg { 970 struct sysctl_req *w_req; 971 }; 972 973 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 974 SYSCTL_DECL(_net_inet6_ip6); 975 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 976 CTLFLAG_RD, in6_src_sysctl, ""); 977 978 static int 979 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 980 { 981 struct walkarg w; 982 983 if (req->newptr) 984 return EPERM; 985 986 bzero(&w, sizeof(w)); 987 w.w_req = req; 988 989 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 990 } 991 992 int 993 in6_src_ioctl(u_long cmd, caddr_t data) 994 { 995 int i; 996 struct in6_addrpolicy ent0; 997 998 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 999 return (EOPNOTSUPP); /* check for safety */ 1000 1001 ent0 = *(struct in6_addrpolicy *)data; 1002 1003 if (ent0.label == ADDR_LABEL_NOTAPP) 1004 return (EINVAL); 1005 /* check if the prefix mask is consecutive. */ 1006 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1007 return (EINVAL); 1008 /* clear trailing garbages (if any) of the prefix address. */ 1009 for (i = 0; i < 4; i++) { 1010 ent0.addr.sin6_addr.s6_addr32[i] &= 1011 ent0.addrmask.sin6_addr.s6_addr32[i]; 1012 } 1013 ent0.use = 0; 1014 1015 switch (cmd) { 1016 case SIOCAADDRCTL_POLICY: 1017 return (add_addrsel_policyent(&ent0)); 1018 case SIOCDADDRCTL_POLICY: 1019 return (delete_addrsel_policyent(&ent0)); 1020 } 1021 1022 return (0); /* XXX: compromise compilers */ 1023 } 1024 1025 /* 1026 * The followings are implementation of the policy table using a 1027 * simple tail queue. 1028 * XXX such details should be hidden. 1029 * XXX implementation using binary tree should be more efficient. 1030 */ 1031 struct addrsel_policyent { 1032 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1033 struct in6_addrpolicy ape_policy; 1034 }; 1035 1036 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1037 1038 #ifdef VIMAGE_GLOBALS 1039 struct addrsel_policyhead addrsel_policytab; 1040 #endif 1041 1042 static void 1043 init_policy_queue(void) 1044 { 1045 INIT_VNET_INET6(curvnet); 1046 1047 TAILQ_INIT(&V_addrsel_policytab); 1048 } 1049 1050 static int 1051 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1052 { 1053 INIT_VNET_INET6(curvnet); 1054 struct addrsel_policyent *new, *pol; 1055 1056 new = malloc(sizeof(*new), M_IFADDR, 1057 M_WAITOK); 1058 ADDRSEL_XLOCK(); 1059 ADDRSEL_LOCK(); 1060 1061 /* duplication check */ 1062 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1063 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1064 &pol->ape_policy.addr.sin6_addr) && 1065 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1066 &pol->ape_policy.addrmask.sin6_addr)) { 1067 ADDRSEL_UNLOCK(); 1068 ADDRSEL_XUNLOCK(); 1069 free(new, M_IFADDR); 1070 return (EEXIST); /* or override it? */ 1071 } 1072 } 1073 1074 bzero(new, sizeof(*new)); 1075 1076 /* XXX: should validate entry */ 1077 new->ape_policy = *newpolicy; 1078 1079 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1080 ADDRSEL_UNLOCK(); 1081 ADDRSEL_XUNLOCK(); 1082 1083 return (0); 1084 } 1085 1086 static int 1087 delete_addrsel_policyent(struct in6_addrpolicy *key) 1088 { 1089 INIT_VNET_INET6(curvnet); 1090 struct addrsel_policyent *pol; 1091 1092 ADDRSEL_XLOCK(); 1093 ADDRSEL_LOCK(); 1094 1095 /* search for the entry in the table */ 1096 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1097 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1098 &pol->ape_policy.addr.sin6_addr) && 1099 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1100 &pol->ape_policy.addrmask.sin6_addr)) { 1101 break; 1102 } 1103 } 1104 if (pol == NULL) { 1105 ADDRSEL_UNLOCK(); 1106 ADDRSEL_XUNLOCK(); 1107 return (ESRCH); 1108 } 1109 1110 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1111 ADDRSEL_UNLOCK(); 1112 ADDRSEL_XUNLOCK(); 1113 1114 return (0); 1115 } 1116 1117 static int 1118 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1119 void *w) 1120 { 1121 INIT_VNET_INET6(curvnet); 1122 struct addrsel_policyent *pol; 1123 int error = 0; 1124 1125 ADDRSEL_SLOCK(); 1126 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1127 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1128 ADDRSEL_SUNLOCK(); 1129 return (error); 1130 } 1131 } 1132 ADDRSEL_SUNLOCK(); 1133 return (error); 1134 } 1135 1136 static int 1137 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1138 { 1139 int error = 0; 1140 struct walkarg *w = arg; 1141 1142 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1143 1144 return (error); 1145 } 1146 1147 static struct in6_addrpolicy * 1148 match_addrsel_policy(struct sockaddr_in6 *key) 1149 { 1150 INIT_VNET_INET6(curvnet); 1151 struct addrsel_policyent *pent; 1152 struct in6_addrpolicy *bestpol = NULL, *pol; 1153 int matchlen, bestmatchlen = -1; 1154 u_char *mp, *ep, *k, *p, m; 1155 1156 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1157 matchlen = 0; 1158 1159 pol = &pent->ape_policy; 1160 mp = (u_char *)&pol->addrmask.sin6_addr; 1161 ep = mp + 16; /* XXX: scope field? */ 1162 k = (u_char *)&key->sin6_addr; 1163 p = (u_char *)&pol->addr.sin6_addr; 1164 for (; mp < ep && *mp; mp++, k++, p++) { 1165 m = *mp; 1166 if ((*k & m) != *p) 1167 goto next; /* not match */ 1168 if (m == 0xff) /* short cut for a typical case */ 1169 matchlen += 8; 1170 else { 1171 while (m >= 0x80) { 1172 matchlen++; 1173 m <<= 1; 1174 } 1175 } 1176 } 1177 1178 /* matched. check if this is better than the current best. */ 1179 if (bestpol == NULL || 1180 matchlen > bestmatchlen) { 1181 bestpol = pol; 1182 bestmatchlen = matchlen; 1183 } 1184 1185 next: 1186 continue; 1187 } 1188 1189 return (bestpol); 1190 } 1191