1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/if_dl.h> 89 #include <net/route.h> 90 #include <net/if_llatbl.h> 91 #ifdef RADIX_MPATH 92 #include <net/radix_mpath.h> 93 #endif 94 95 #include <netinet/in.h> 96 #include <netinet/in_var.h> 97 #include <netinet/in_systm.h> 98 #include <netinet/ip.h> 99 #include <netinet/in_pcb.h> 100 #include <netinet/ip_var.h> 101 #include <netinet/udp.h> 102 #include <netinet/udp_var.h> 103 104 #include <netinet6/in6_var.h> 105 #include <netinet/ip6.h> 106 #include <netinet6/in6_pcb.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/scope6_var.h> 109 #include <netinet6/nd6.h> 110 111 static struct mtx addrsel_lock; 112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 116 117 static struct sx addrsel_sxlock; 118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 123 124 #define ADDR_LABEL_NOTAPP (-1) 125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 126 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 127 128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; 129 130 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, 131 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 132 struct rtentry **, int, u_int); 133 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **, 135 struct ifnet *, u_int); 136 137 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 138 139 static void init_policy_queue(void); 140 static int add_addrsel_policyent(struct in6_addrpolicy *); 141 static int delete_addrsel_policyent(struct in6_addrpolicy *); 142 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *), 143 void *); 144 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 145 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 146 147 /* 148 * Return an IPv6 address, which is the most appropriate for a given 149 * destination and user specified options. 150 * If necessary, this function lookups the routing table and returns 151 * an entry to the caller for later use. 152 */ 153 #define REPLACE(r) do {\ 154 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 155 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 156 V_ip6stat.ip6s_sources_rule[(r)]++; \ 157 /* { \ 158 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 159 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 160 } */ \ 161 goto replace; \ 162 } while(0) 163 #define NEXT(r) do {\ 164 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 165 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 166 V_ip6stat.ip6s_sources_rule[(r)]++; \ 167 /* { \ 168 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 169 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 170 } */ \ 171 goto next; /* XXX: we can't use 'continue' here */ \ 172 } while(0) 173 #define BREAK(r) do { \ 174 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 175 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 176 V_ip6stat.ip6s_sources_rule[(r)]++; \ 177 goto out; /* XXX: we can't use 'break' here */ \ 178 } while(0) 179 180 int 181 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 182 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 183 struct ifnet **ifpp, struct in6_addr *srcp) 184 { 185 struct in6_addr dst, tmp; 186 struct ifnet *ifp = NULL, *oifp = NULL; 187 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 188 struct in6_pktinfo *pi = NULL; 189 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 190 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 191 u_int32_t odstzone; 192 int prefer_tempaddr; 193 int error; 194 struct ip6_moptions *mopts; 195 196 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 197 198 dst = dstsock->sin6_addr; /* make a copy for local operation */ 199 if (ifpp) { 200 /* 201 * Save a possibly passed in ifp for in6_selectsrc. Only 202 * neighbor discovery code should use this feature, where 203 * we may know the interface but not the FIB number holding 204 * the connected subnet in case someone deleted it from the 205 * default FIB and we need to check the interface. 206 */ 207 if (*ifpp != NULL) 208 oifp = *ifpp; 209 *ifpp = NULL; 210 } 211 212 if (inp != NULL) { 213 INP_LOCK_ASSERT(inp); 214 mopts = inp->in6p_moptions; 215 } else { 216 mopts = NULL; 217 } 218 219 /* 220 * If the source address is explicitly specified by the caller, 221 * check if the requested source address is indeed a unicast address 222 * assigned to the node, and can be used as the packet's source 223 * address. If everything is okay, use the address as source. 224 */ 225 if (opts && (pi = opts->ip6po_pktinfo) && 226 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 227 struct sockaddr_in6 srcsock; 228 struct in6_ifaddr *ia6; 229 230 /* get the outgoing interface */ 231 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 232 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) 233 != 0) 234 return (error); 235 236 /* 237 * determine the appropriate zone id of the source based on 238 * the zone of the destination and the outgoing interface. 239 * If the specified address is ambiguous wrt the scope zone, 240 * the interface must be specified; otherwise, ifa_ifwithaddr() 241 * will fail matching the address. 242 */ 243 bzero(&srcsock, sizeof(srcsock)); 244 srcsock.sin6_family = AF_INET6; 245 srcsock.sin6_len = sizeof(srcsock); 246 srcsock.sin6_addr = pi->ipi6_addr; 247 if (ifp) { 248 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 249 if (error) 250 return (error); 251 } 252 if (cred != NULL && (error = prison_local_ip6(cred, 253 &srcsock.sin6_addr, (inp != NULL && 254 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 255 return (error); 256 257 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 258 (struct sockaddr *)&srcsock); 259 if (ia6 == NULL || 260 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 261 if (ia6 != NULL) 262 ifa_free(&ia6->ia_ifa); 263 return (EADDRNOTAVAIL); 264 } 265 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 266 if (ifpp) 267 *ifpp = ifp; 268 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 269 ifa_free(&ia6->ia_ifa); 270 return (0); 271 } 272 273 /* 274 * Otherwise, if the socket has already bound the source, just use it. 275 */ 276 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 277 if (cred != NULL && 278 (error = prison_local_ip6(cred, &inp->in6p_laddr, 279 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 280 return (error); 281 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 282 return (0); 283 } 284 285 /* 286 * Bypass source address selection and use the primary jail IP 287 * if requested. 288 */ 289 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 290 return (0); 291 292 /* 293 * If the address is not specified, choose the best one based on 294 * the outgoing interface and the destination address. 295 */ 296 /* get the outgoing interface */ 297 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 298 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0) 299 return (error); 300 301 #ifdef DIAGNOSTIC 302 if (ifp == NULL) /* this should not happen */ 303 panic("in6_selectsrc: NULL ifp"); 304 #endif 305 error = in6_setscope(&dst, ifp, &odstzone); 306 if (error) 307 return (error); 308 309 IN6_IFADDR_RLOCK(); 310 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 311 int new_scope = -1, new_matchlen = -1; 312 struct in6_addrpolicy *new_policy = NULL; 313 u_int32_t srczone, osrczone, dstzone; 314 struct in6_addr src; 315 struct ifnet *ifp1 = ia->ia_ifp; 316 317 /* 318 * We'll never take an address that breaks the scope zone 319 * of the destination. We also skip an address if its zone 320 * does not contain the outgoing interface. 321 * XXX: we should probably use sin6_scope_id here. 322 */ 323 if (in6_setscope(&dst, ifp1, &dstzone) || 324 odstzone != dstzone) { 325 continue; 326 } 327 src = ia->ia_addr.sin6_addr; 328 if (in6_setscope(&src, ifp, &osrczone) || 329 in6_setscope(&src, ifp1, &srczone) || 330 osrczone != srczone) { 331 continue; 332 } 333 334 /* avoid unusable addresses */ 335 if ((ia->ia6_flags & 336 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 337 continue; 338 } 339 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 340 continue; 341 342 /* If jailed only take addresses of the jail into account. */ 343 if (cred != NULL && 344 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0) 345 continue; 346 347 /* Rule 1: Prefer same address */ 348 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 349 ia_best = ia; 350 BREAK(1); /* there should be no better candidate */ 351 } 352 353 if (ia_best == NULL) 354 REPLACE(0); 355 356 /* Rule 2: Prefer appropriate scope */ 357 if (dst_scope < 0) 358 dst_scope = in6_addrscope(&dst); 359 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 360 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 361 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 362 REPLACE(2); 363 NEXT(2); 364 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 365 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 366 NEXT(2); 367 REPLACE(2); 368 } 369 370 /* 371 * Rule 3: Avoid deprecated addresses. Note that the case of 372 * !ip6_use_deprecated is already rejected above. 373 */ 374 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 375 NEXT(3); 376 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 377 REPLACE(3); 378 379 /* Rule 4: Prefer home addresses */ 380 /* 381 * XXX: This is a TODO. We should probably merge the MIP6 382 * case above. 383 */ 384 385 /* Rule 5: Prefer outgoing interface */ 386 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) { 387 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 388 NEXT(5); 389 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 390 REPLACE(5); 391 } 392 393 /* 394 * Rule 6: Prefer matching label 395 * Note that best_policy should be non-NULL here. 396 */ 397 if (dst_policy == NULL) 398 dst_policy = lookup_addrsel_policy(dstsock); 399 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 400 new_policy = lookup_addrsel_policy(&ia->ia_addr); 401 if (dst_policy->label == best_policy->label && 402 dst_policy->label != new_policy->label) 403 NEXT(6); 404 if (dst_policy->label != best_policy->label && 405 dst_policy->label == new_policy->label) 406 REPLACE(6); 407 } 408 409 /* 410 * Rule 7: Prefer public addresses. 411 * We allow users to reverse the logic by configuring 412 * a sysctl variable, so that privacy conscious users can 413 * always prefer temporary addresses. 414 */ 415 if (opts == NULL || 416 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 417 prefer_tempaddr = V_ip6_prefer_tempaddr; 418 } else if (opts->ip6po_prefer_tempaddr == 419 IP6PO_TEMPADDR_NOTPREFER) { 420 prefer_tempaddr = 0; 421 } else 422 prefer_tempaddr = 1; 423 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 424 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 425 if (prefer_tempaddr) 426 REPLACE(7); 427 else 428 NEXT(7); 429 } 430 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 431 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 432 if (prefer_tempaddr) 433 NEXT(7); 434 else 435 REPLACE(7); 436 } 437 438 /* 439 * Rule 8: prefer addresses on alive interfaces. 440 * This is a KAME specific rule. 441 */ 442 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 443 !(ia->ia_ifp->if_flags & IFF_UP)) 444 NEXT(8); 445 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 446 (ia->ia_ifp->if_flags & IFF_UP)) 447 REPLACE(8); 448 449 /* 450 * Rule 14: Use longest matching prefix. 451 * Note: in the address selection draft, this rule is 452 * documented as "Rule 8". However, since it is also 453 * documented that this rule can be overridden, we assign 454 * a large number so that it is easy to assign smaller numbers 455 * to more preferred rules. 456 */ 457 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 458 if (best_matchlen < new_matchlen) 459 REPLACE(14); 460 if (new_matchlen < best_matchlen) 461 NEXT(14); 462 463 /* Rule 15 is reserved. */ 464 465 /* 466 * Last resort: just keep the current candidate. 467 * Or, do we need more rules? 468 */ 469 continue; 470 471 replace: 472 ia_best = ia; 473 best_scope = (new_scope >= 0 ? new_scope : 474 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 475 best_policy = (new_policy ? new_policy : 476 lookup_addrsel_policy(&ia_best->ia_addr)); 477 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 478 in6_matchlen(&ia_best->ia_addr.sin6_addr, 479 &dst)); 480 481 next: 482 continue; 483 484 out: 485 break; 486 } 487 488 if ((ia = ia_best) == NULL) { 489 IN6_IFADDR_RUNLOCK(); 490 return (EADDRNOTAVAIL); 491 } 492 493 /* 494 * At this point at least one of the addresses belonged to the jail 495 * but it could still be, that we want to further restrict it, e.g. 496 * theoratically IN6_IS_ADDR_LOOPBACK. 497 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore. 498 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should 499 * let all others previously selected pass. 500 * Use tmp to not change ::1 on lo0 to the primary jail address. 501 */ 502 tmp = ia->ia_addr.sin6_addr; 503 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL && 504 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { 505 IN6_IFADDR_RUNLOCK(); 506 return (EADDRNOTAVAIL); 507 } 508 509 if (ifpp) 510 *ifpp = ifp; 511 512 bcopy(&tmp, srcp, sizeof(*srcp)); 513 IN6_IFADDR_RUNLOCK(); 514 return (0); 515 } 516 517 /* 518 * clone - meaningful only for bsdi and freebsd 519 */ 520 static int 521 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 522 struct ip6_moptions *mopts, struct route_in6 *ro, 523 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum) 524 { 525 int error = 0; 526 struct ifnet *ifp = NULL; 527 struct rtentry *rt = NULL; 528 struct sockaddr_in6 *sin6_next; 529 struct in6_pktinfo *pi = NULL; 530 struct in6_addr *dst = &dstsock->sin6_addr; 531 #if 0 532 char ip6buf[INET6_ADDRSTRLEN]; 533 534 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 535 dstsock->sin6_addr.s6_addr32[1] == 0 && 536 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 537 printf("in6_selectroute: strange destination %s\n", 538 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 539 } else { 540 printf("in6_selectroute: destination = %s%%%d\n", 541 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 542 dstsock->sin6_scope_id); /* for debug */ 543 } 544 #endif 545 546 /* If the caller specify the outgoing interface explicitly, use it. */ 547 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 548 /* XXX boundary check is assumed to be already done. */ 549 ifp = ifnet_byindex(pi->ipi6_ifindex); 550 if (ifp != NULL && 551 (norouteok || retrt == NULL || 552 IN6_IS_ADDR_MULTICAST(dst))) { 553 /* 554 * we do not have to check or get the route for 555 * multicast. 556 */ 557 goto done; 558 } else 559 goto getroute; 560 } 561 562 /* 563 * If the destination address is a multicast address and the outgoing 564 * interface for the address is specified by the caller, use it. 565 */ 566 if (IN6_IS_ADDR_MULTICAST(dst) && 567 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 568 goto done; /* we do not need a route for multicast. */ 569 } 570 571 getroute: 572 /* 573 * If the next hop address for the packet is specified by the caller, 574 * use it as the gateway. 575 */ 576 if (opts && opts->ip6po_nexthop) { 577 struct route_in6 *ron; 578 struct llentry *la; 579 580 sin6_next = satosin6(opts->ip6po_nexthop); 581 582 /* at this moment, we only support AF_INET6 next hops */ 583 if (sin6_next->sin6_family != AF_INET6) { 584 error = EAFNOSUPPORT; /* or should we proceed? */ 585 goto done; 586 } 587 588 /* 589 * If the next hop is an IPv6 address, then the node identified 590 * by that address must be a neighbor of the sending host. 591 */ 592 ron = &opts->ip6po_nextroute; 593 /* 594 * XXX what do we do here? 595 * PLZ to be fixing 596 */ 597 598 599 if (ron->ro_rt == NULL) { 600 in6_rtalloc(ron, fibnum); /* multi path case? */ 601 if (ron->ro_rt == NULL) { 602 /* XXX-BZ WT.? */ 603 if (ron->ro_rt) { 604 RTFREE(ron->ro_rt); 605 ron->ro_rt = NULL; 606 } 607 error = EHOSTUNREACH; 608 goto done; 609 } 610 } 611 612 rt = ron->ro_rt; 613 ifp = rt->rt_ifp; 614 IF_AFDATA_RLOCK(ifp); 615 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 616 IF_AFDATA_RUNLOCK(ifp); 617 if (la != NULL) 618 LLE_RUNLOCK(la); 619 else { 620 error = EHOSTUNREACH; 621 goto done; 622 } 623 #if 0 624 if ((ron->ro_rt && 625 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 626 (RTF_UP | RTF_LLINFO)) || 627 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 628 &sin6_next->sin6_addr)) { 629 if (ron->ro_rt) { 630 RTFREE(ron->ro_rt); 631 ron->ro_rt = NULL; 632 } 633 *satosin6(&ron->ro_dst) = *sin6_next; 634 } 635 if (ron->ro_rt == NULL) { 636 in6_rtalloc(ron, fibnum); /* multi path case? */ 637 if (ron->ro_rt == NULL || 638 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 639 if (ron->ro_rt) { 640 RTFREE(ron->ro_rt); 641 ron->ro_rt = NULL; 642 } 643 error = EHOSTUNREACH; 644 goto done; 645 } 646 } 647 #endif 648 649 /* 650 * When cloning is required, try to allocate a route to the 651 * destination so that the caller can store path MTU 652 * information. 653 */ 654 goto done; 655 } 656 657 /* 658 * Use a cached route if it exists and is valid, else try to allocate 659 * a new one. Note that we should check the address family of the 660 * cached destination, in case of sharing the cache with IPv4. 661 */ 662 if (ro) { 663 if (ro->ro_rt && 664 (!(ro->ro_rt->rt_flags & RTF_UP) || 665 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 666 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 667 dst))) { 668 RTFREE(ro->ro_rt); 669 ro->ro_rt = (struct rtentry *)NULL; 670 } 671 if (ro->ro_rt == (struct rtentry *)NULL) { 672 struct sockaddr_in6 *sa6; 673 674 /* No route yet, so try to acquire one */ 675 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 676 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 677 *sa6 = *dstsock; 678 sa6->sin6_scope_id = 0; 679 680 #ifdef RADIX_MPATH 681 rtalloc_mpath_fib((struct route *)ro, 682 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum); 683 #else 684 ro->ro_rt = in6_rtalloc1((struct sockaddr *) 685 &ro->ro_dst, 0, 0UL, fibnum); 686 if (ro->ro_rt) 687 RT_UNLOCK(ro->ro_rt); 688 #endif 689 } 690 691 /* 692 * do not care about the result if we have the nexthop 693 * explicitly specified. 694 */ 695 if (opts && opts->ip6po_nexthop) 696 goto done; 697 698 if (ro->ro_rt) { 699 ifp = ro->ro_rt->rt_ifp; 700 701 if (ifp == NULL) { /* can this really happen? */ 702 RTFREE(ro->ro_rt); 703 ro->ro_rt = NULL; 704 } 705 } 706 if (ro->ro_rt == NULL) 707 error = EHOSTUNREACH; 708 rt = ro->ro_rt; 709 710 /* 711 * Check if the outgoing interface conflicts with 712 * the interface specified by ipi6_ifindex (if specified). 713 * Note that loopback interface is always okay. 714 * (this may happen when we are sending a packet to one of 715 * our own addresses.) 716 */ 717 if (ifp && opts && opts->ip6po_pktinfo && 718 opts->ip6po_pktinfo->ipi6_ifindex) { 719 if (!(ifp->if_flags & IFF_LOOPBACK) && 720 ifp->if_index != 721 opts->ip6po_pktinfo->ipi6_ifindex) { 722 error = EHOSTUNREACH; 723 goto done; 724 } 725 } 726 } 727 728 done: 729 if (ifp == NULL && rt == NULL) { 730 /* 731 * This can happen if the caller did not pass a cached route 732 * nor any other hints. We treat this case an error. 733 */ 734 error = EHOSTUNREACH; 735 } 736 if (error == EHOSTUNREACH) 737 V_ip6stat.ip6s_noroute++; 738 739 if (retifp != NULL) { 740 *retifp = ifp; 741 742 /* 743 * Adjust the "outgoing" interface. If we're going to loop 744 * the packet back to ourselves, the ifp would be the loopback 745 * interface. However, we'd rather know the interface associated 746 * to the destination address (which should probably be one of 747 * our own addresses.) 748 */ 749 if (rt) { 750 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 751 (rt->rt_gateway->sa_family == AF_LINK)) 752 *retifp = 753 ifnet_byindex(((struct sockaddr_dl *) 754 rt->rt_gateway)->sdl_index); 755 } 756 } 757 758 if (retrt != NULL) 759 *retrt = rt; /* rt may be NULL */ 760 761 return (error); 762 } 763 764 static int 765 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 766 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp, 767 struct ifnet *oifp, u_int fibnum) 768 { 769 int error; 770 struct route_in6 sro; 771 struct rtentry *rt = NULL; 772 773 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__)); 774 775 if (ro == NULL) { 776 bzero(&sro, sizeof(sro)); 777 ro = &sro; 778 } 779 780 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 781 &rt, 1, fibnum)) != 0) { 782 if (ro == &sro && rt && rt == sro.ro_rt) 783 RTFREE(rt); 784 /* Help ND. See oifp comment in in6_selectsrc(). */ 785 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) { 786 *retifp = oifp; 787 error = 0; 788 } 789 return (error); 790 } 791 792 /* 793 * do not use a rejected or black hole route. 794 * XXX: this check should be done in the L2 output routine. 795 * However, if we skipped this check here, we'd see the following 796 * scenario: 797 * - install a rejected route for a scoped address prefix 798 * (like fe80::/10) 799 * - send a packet to a destination that matches the scoped prefix, 800 * with ambiguity about the scope zone. 801 * - pick the outgoing interface from the route, and disambiguate the 802 * scope zone with the interface. 803 * - ip6_output() would try to get another route with the "new" 804 * destination, which may be valid. 805 * - we'd see no error on output. 806 * Although this may not be very harmful, it should still be confusing. 807 * We thus reject the case here. 808 */ 809 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 810 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 811 812 if (ro == &sro && rt && rt == sro.ro_rt) 813 RTFREE(rt); 814 return (flags); 815 } 816 817 if (ro == &sro && rt && rt == sro.ro_rt) 818 RTFREE(rt); 819 return (0); 820 } 821 822 /* 823 * Public wrapper function to selectroute(). 824 * 825 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The 826 * in6_selectroute_fib() function is only there for backward compat on stable. 827 */ 828 int 829 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 830 struct ip6_moptions *mopts, struct route_in6 *ro, 831 struct ifnet **retifp, struct rtentry **retrt) 832 { 833 834 return (selectroute(dstsock, opts, mopts, ro, retifp, 835 retrt, 0, RT_DEFAULT_FIB)); 836 } 837 838 #ifndef BURN_BRIDGES 839 int 840 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 841 struct ip6_moptions *mopts, struct route_in6 *ro, 842 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum) 843 { 844 845 return (selectroute(dstsock, opts, mopts, ro, retifp, 846 retrt, 0, fibnum)); 847 } 848 #endif 849 850 /* 851 * Default hop limit selection. The precedence is as follows: 852 * 1. Hoplimit value specified via ioctl. 853 * 2. (If the outgoing interface is detected) the current 854 * hop limit of the interface specified by router advertisement. 855 * 3. The system default hoplimit. 856 */ 857 int 858 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 859 { 860 861 if (in6p && in6p->in6p_hops >= 0) 862 return (in6p->in6p_hops); 863 else if (ifp) 864 return (ND_IFINFO(ifp)->chlim); 865 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 866 struct route_in6 ro6; 867 struct ifnet *lifp; 868 869 bzero(&ro6, sizeof(ro6)); 870 ro6.ro_dst.sin6_family = AF_INET6; 871 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 872 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 873 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum); 874 if (ro6.ro_rt) { 875 lifp = ro6.ro_rt->rt_ifp; 876 RTFREE(ro6.ro_rt); 877 if (lifp) 878 return (ND_IFINFO(lifp)->chlim); 879 } 880 } 881 return (V_ip6_defhlim); 882 } 883 884 /* 885 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 886 * share this function by all *bsd*... 887 */ 888 int 889 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 890 { 891 struct socket *so = inp->inp_socket; 892 u_int16_t lport = 0; 893 int error, lookupflags = 0; 894 #ifdef INVARIANTS 895 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 896 #endif 897 898 INP_WLOCK_ASSERT(inp); 899 INP_HASH_WLOCK_ASSERT(pcbinfo); 900 901 error = prison_local_ip6(cred, laddr, 902 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 903 if (error) 904 return(error); 905 906 /* XXX: this is redundant when called from in6_pcbbind */ 907 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 908 lookupflags = INPLOOKUP_WILDCARD; 909 910 inp->inp_flags |= INP_ANONPORT; 911 912 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags); 913 if (error != 0) 914 return (error); 915 916 inp->inp_lport = lport; 917 if (in_pcbinshash(inp) != 0) { 918 inp->in6p_laddr = in6addr_any; 919 inp->inp_lport = 0; 920 return (EAGAIN); 921 } 922 923 return (0); 924 } 925 926 void 927 addrsel_policy_init(void) 928 { 929 930 init_policy_queue(); 931 932 /* initialize the "last resort" policy */ 933 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 934 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 935 936 if (!IS_DEFAULT_VNET(curvnet)) 937 return; 938 939 ADDRSEL_LOCK_INIT(); 940 ADDRSEL_SXLOCK_INIT(); 941 } 942 943 static struct in6_addrpolicy * 944 lookup_addrsel_policy(struct sockaddr_in6 *key) 945 { 946 struct in6_addrpolicy *match = NULL; 947 948 ADDRSEL_LOCK(); 949 match = match_addrsel_policy(key); 950 951 if (match == NULL) 952 match = &V_defaultaddrpolicy; 953 else 954 match->use++; 955 ADDRSEL_UNLOCK(); 956 957 return (match); 958 } 959 960 /* 961 * Subroutines to manage the address selection policy table via sysctl. 962 */ 963 struct walkarg { 964 struct sysctl_req *w_req; 965 }; 966 967 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 968 SYSCTL_DECL(_net_inet6_ip6); 969 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 970 CTLFLAG_RD, in6_src_sysctl, ""); 971 972 static int 973 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 974 { 975 struct walkarg w; 976 977 if (req->newptr) 978 return EPERM; 979 980 bzero(&w, sizeof(w)); 981 w.w_req = req; 982 983 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 984 } 985 986 int 987 in6_src_ioctl(u_long cmd, caddr_t data) 988 { 989 int i; 990 struct in6_addrpolicy ent0; 991 992 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 993 return (EOPNOTSUPP); /* check for safety */ 994 995 ent0 = *(struct in6_addrpolicy *)data; 996 997 if (ent0.label == ADDR_LABEL_NOTAPP) 998 return (EINVAL); 999 /* check if the prefix mask is consecutive. */ 1000 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1001 return (EINVAL); 1002 /* clear trailing garbages (if any) of the prefix address. */ 1003 for (i = 0; i < 4; i++) { 1004 ent0.addr.sin6_addr.s6_addr32[i] &= 1005 ent0.addrmask.sin6_addr.s6_addr32[i]; 1006 } 1007 ent0.use = 0; 1008 1009 switch (cmd) { 1010 case SIOCAADDRCTL_POLICY: 1011 return (add_addrsel_policyent(&ent0)); 1012 case SIOCDADDRCTL_POLICY: 1013 return (delete_addrsel_policyent(&ent0)); 1014 } 1015 1016 return (0); /* XXX: compromise compilers */ 1017 } 1018 1019 /* 1020 * The followings are implementation of the policy table using a 1021 * simple tail queue. 1022 * XXX such details should be hidden. 1023 * XXX implementation using binary tree should be more efficient. 1024 */ 1025 struct addrsel_policyent { 1026 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1027 struct in6_addrpolicy ape_policy; 1028 }; 1029 1030 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1031 1032 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1033 #define V_addrsel_policytab VNET(addrsel_policytab) 1034 1035 static void 1036 init_policy_queue(void) 1037 { 1038 1039 TAILQ_INIT(&V_addrsel_policytab); 1040 } 1041 1042 static int 1043 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1044 { 1045 struct addrsel_policyent *new, *pol; 1046 1047 new = malloc(sizeof(*new), M_IFADDR, 1048 M_WAITOK); 1049 ADDRSEL_XLOCK(); 1050 ADDRSEL_LOCK(); 1051 1052 /* duplication check */ 1053 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1054 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1055 &pol->ape_policy.addr.sin6_addr) && 1056 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1057 &pol->ape_policy.addrmask.sin6_addr)) { 1058 ADDRSEL_UNLOCK(); 1059 ADDRSEL_XUNLOCK(); 1060 free(new, M_IFADDR); 1061 return (EEXIST); /* or override it? */ 1062 } 1063 } 1064 1065 bzero(new, sizeof(*new)); 1066 1067 /* XXX: should validate entry */ 1068 new->ape_policy = *newpolicy; 1069 1070 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1071 ADDRSEL_UNLOCK(); 1072 ADDRSEL_XUNLOCK(); 1073 1074 return (0); 1075 } 1076 1077 static int 1078 delete_addrsel_policyent(struct in6_addrpolicy *key) 1079 { 1080 struct addrsel_policyent *pol; 1081 1082 ADDRSEL_XLOCK(); 1083 ADDRSEL_LOCK(); 1084 1085 /* search for the entry in the table */ 1086 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1087 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1088 &pol->ape_policy.addr.sin6_addr) && 1089 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1090 &pol->ape_policy.addrmask.sin6_addr)) { 1091 break; 1092 } 1093 } 1094 if (pol == NULL) { 1095 ADDRSEL_UNLOCK(); 1096 ADDRSEL_XUNLOCK(); 1097 return (ESRCH); 1098 } 1099 1100 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1101 ADDRSEL_UNLOCK(); 1102 ADDRSEL_XUNLOCK(); 1103 1104 return (0); 1105 } 1106 1107 static int 1108 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w) 1109 { 1110 struct addrsel_policyent *pol; 1111 int error = 0; 1112 1113 ADDRSEL_SLOCK(); 1114 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1115 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1116 ADDRSEL_SUNLOCK(); 1117 return (error); 1118 } 1119 } 1120 ADDRSEL_SUNLOCK(); 1121 return (error); 1122 } 1123 1124 static int 1125 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1126 { 1127 int error = 0; 1128 struct walkarg *w = arg; 1129 1130 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1131 1132 return (error); 1133 } 1134 1135 static struct in6_addrpolicy * 1136 match_addrsel_policy(struct sockaddr_in6 *key) 1137 { 1138 struct addrsel_policyent *pent; 1139 struct in6_addrpolicy *bestpol = NULL, *pol; 1140 int matchlen, bestmatchlen = -1; 1141 u_char *mp, *ep, *k, *p, m; 1142 1143 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1144 matchlen = 0; 1145 1146 pol = &pent->ape_policy; 1147 mp = (u_char *)&pol->addrmask.sin6_addr; 1148 ep = mp + 16; /* XXX: scope field? */ 1149 k = (u_char *)&key->sin6_addr; 1150 p = (u_char *)&pol->addr.sin6_addr; 1151 for (; mp < ep && *mp; mp++, k++, p++) { 1152 m = *mp; 1153 if ((*k & m) != *p) 1154 goto next; /* not match */ 1155 if (m == 0xff) /* short cut for a typical case */ 1156 matchlen += 8; 1157 else { 1158 while (m >= 0x80) { 1159 matchlen++; 1160 m <<= 1; 1161 } 1162 } 1163 } 1164 1165 /* matched. check if this is better than the current best. */ 1166 if (bestpol == NULL || 1167 matchlen > bestmatchlen) { 1168 bestpol = pol; 1169 bestmatchlen = matchlen; 1170 } 1171 1172 next: 1173 continue; 1174 } 1175 1176 return (bestpol); 1177 } 1178