1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/if_dl.h> 89 #include <net/route.h> 90 #include <net/if_llatbl.h> 91 #ifdef RADIX_MPATH 92 #include <net/radix_mpath.h> 93 #endif 94 95 #include <netinet/in.h> 96 #include <netinet/in_var.h> 97 #include <netinet/in_systm.h> 98 #include <netinet/ip.h> 99 #include <netinet/in_pcb.h> 100 #include <netinet/ip_var.h> 101 #include <netinet/udp.h> 102 #include <netinet/udp_var.h> 103 104 #include <netinet6/in6_var.h> 105 #include <netinet/ip6.h> 106 #include <netinet6/in6_pcb.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/scope6_var.h> 109 #include <netinet6/nd6.h> 110 111 static struct mtx addrsel_lock; 112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 116 117 static struct sx addrsel_sxlock; 118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 123 124 #define ADDR_LABEL_NOTAPP (-1) 125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 126 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 127 128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; 129 130 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 131 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 132 struct rtentry **, int)); 133 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 135 136 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 137 138 static void init_policy_queue(void); 139 static int add_addrsel_policyent(struct in6_addrpolicy *); 140 static int delete_addrsel_policyent(struct in6_addrpolicy *); 141 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 142 void *)); 143 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 144 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 145 146 /* 147 * Return an IPv6 address, which is the most appropriate for a given 148 * destination and user specified options. 149 * If necessary, this function lookups the routing table and returns 150 * an entry to the caller for later use. 151 */ 152 #define REPLACE(r) do {\ 153 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 154 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 155 V_ip6stat.ip6s_sources_rule[(r)]++; \ 156 /* { \ 157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 159 } */ \ 160 goto replace; \ 161 } while(0) 162 #define NEXT(r) do {\ 163 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 164 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 165 V_ip6stat.ip6s_sources_rule[(r)]++; \ 166 /* { \ 167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 169 } */ \ 170 goto next; /* XXX: we can't use 'continue' here */ \ 171 } while(0) 172 #define BREAK(r) do { \ 173 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 174 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 175 V_ip6stat.ip6s_sources_rule[(r)]++; \ 176 goto out; /* XXX: we can't use 'break' here */ \ 177 } while(0) 178 179 int 180 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 181 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 182 struct ifnet **ifpp, struct in6_addr *srcp) 183 { 184 struct in6_addr dst, tmp; 185 struct ifnet *ifp = NULL; 186 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 187 struct in6_pktinfo *pi = NULL; 188 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 189 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 190 u_int32_t odstzone; 191 int prefer_tempaddr; 192 int error; 193 struct ip6_moptions *mopts; 194 195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 196 197 dst = dstsock->sin6_addr; /* make a copy for local operation */ 198 if (ifpp) 199 *ifpp = NULL; 200 201 if (inp != NULL) { 202 INP_LOCK_ASSERT(inp); 203 mopts = inp->in6p_moptions; 204 } else { 205 mopts = NULL; 206 } 207 208 /* 209 * If the source address is explicitly specified by the caller, 210 * check if the requested source address is indeed a unicast address 211 * assigned to the node, and can be used as the packet's source 212 * address. If everything is okay, use the address as source. 213 */ 214 if (opts && (pi = opts->ip6po_pktinfo) && 215 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 216 struct sockaddr_in6 srcsock; 217 struct in6_ifaddr *ia6; 218 219 /* get the outgoing interface */ 220 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 221 return (error); 222 223 /* 224 * determine the appropriate zone id of the source based on 225 * the zone of the destination and the outgoing interface. 226 * If the specified address is ambiguous wrt the scope zone, 227 * the interface must be specified; otherwise, ifa_ifwithaddr() 228 * will fail matching the address. 229 */ 230 bzero(&srcsock, sizeof(srcsock)); 231 srcsock.sin6_family = AF_INET6; 232 srcsock.sin6_len = sizeof(srcsock); 233 srcsock.sin6_addr = pi->ipi6_addr; 234 if (ifp) { 235 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 236 if (error) 237 return (error); 238 } 239 if (cred != NULL && (error = prison_local_ip6(cred, 240 &srcsock.sin6_addr, (inp != NULL && 241 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 242 return (error); 243 244 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 245 (struct sockaddr *)&srcsock); 246 if (ia6 == NULL || 247 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 248 if (ia6 != NULL) 249 ifa_free(&ia6->ia_ifa); 250 return (EADDRNOTAVAIL); 251 } 252 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 253 if (ifpp) 254 *ifpp = ifp; 255 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 256 ifa_free(&ia6->ia_ifa); 257 return (0); 258 } 259 260 /* 261 * Otherwise, if the socket has already bound the source, just use it. 262 */ 263 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 264 if (cred != NULL && 265 (error = prison_local_ip6(cred, &inp->in6p_laddr, 266 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 267 return (error); 268 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 269 return (0); 270 } 271 272 /* 273 * Bypass source address selection and use the primary jail IP 274 * if requested. 275 */ 276 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 277 return (0); 278 279 /* 280 * If the address is not specified, choose the best one based on 281 * the outgoing interface and the destination address. 282 */ 283 /* get the outgoing interface */ 284 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 285 return (error); 286 287 #ifdef DIAGNOSTIC 288 if (ifp == NULL) /* this should not happen */ 289 panic("in6_selectsrc: NULL ifp"); 290 #endif 291 error = in6_setscope(&dst, ifp, &odstzone); 292 if (error) 293 return (error); 294 295 IN6_IFADDR_RLOCK(); 296 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 297 int new_scope = -1, new_matchlen = -1; 298 struct in6_addrpolicy *new_policy = NULL; 299 u_int32_t srczone, osrczone, dstzone; 300 struct in6_addr src; 301 struct ifnet *ifp1 = ia->ia_ifp; 302 303 /* 304 * We'll never take an address that breaks the scope zone 305 * of the destination. We also skip an address if its zone 306 * does not contain the outgoing interface. 307 * XXX: we should probably use sin6_scope_id here. 308 */ 309 if (in6_setscope(&dst, ifp1, &dstzone) || 310 odstzone != dstzone) { 311 continue; 312 } 313 src = ia->ia_addr.sin6_addr; 314 if (in6_setscope(&src, ifp, &osrczone) || 315 in6_setscope(&src, ifp1, &srczone) || 316 osrczone != srczone) { 317 continue; 318 } 319 320 /* avoid unusable addresses */ 321 if ((ia->ia6_flags & 322 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 323 continue; 324 } 325 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 326 continue; 327 328 /* If jailed only take addresses of the jail into account. */ 329 if (cred != NULL && 330 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0) 331 continue; 332 333 /* Rule 1: Prefer same address */ 334 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 335 ia_best = ia; 336 BREAK(1); /* there should be no better candidate */ 337 } 338 339 if (ia_best == NULL) 340 REPLACE(0); 341 342 /* Rule 2: Prefer appropriate scope */ 343 if (dst_scope < 0) 344 dst_scope = in6_addrscope(&dst); 345 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 346 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 347 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 348 REPLACE(2); 349 NEXT(2); 350 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 351 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 352 NEXT(2); 353 REPLACE(2); 354 } 355 356 /* 357 * Rule 3: Avoid deprecated addresses. Note that the case of 358 * !ip6_use_deprecated is already rejected above. 359 */ 360 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 361 NEXT(3); 362 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 363 REPLACE(3); 364 365 /* Rule 4: Prefer home addresses */ 366 /* 367 * XXX: This is a TODO. We should probably merge the MIP6 368 * case above. 369 */ 370 371 /* Rule 5: Prefer outgoing interface */ 372 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 373 NEXT(5); 374 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 375 REPLACE(5); 376 377 /* 378 * Rule 6: Prefer matching label 379 * Note that best_policy should be non-NULL here. 380 */ 381 if (dst_policy == NULL) 382 dst_policy = lookup_addrsel_policy(dstsock); 383 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 384 new_policy = lookup_addrsel_policy(&ia->ia_addr); 385 if (dst_policy->label == best_policy->label && 386 dst_policy->label != new_policy->label) 387 NEXT(6); 388 if (dst_policy->label != best_policy->label && 389 dst_policy->label == new_policy->label) 390 REPLACE(6); 391 } 392 393 /* 394 * Rule 7: Prefer public addresses. 395 * We allow users to reverse the logic by configuring 396 * a sysctl variable, so that privacy conscious users can 397 * always prefer temporary addresses. 398 */ 399 if (opts == NULL || 400 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 401 prefer_tempaddr = V_ip6_prefer_tempaddr; 402 } else if (opts->ip6po_prefer_tempaddr == 403 IP6PO_TEMPADDR_NOTPREFER) { 404 prefer_tempaddr = 0; 405 } else 406 prefer_tempaddr = 1; 407 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 408 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 409 if (prefer_tempaddr) 410 REPLACE(7); 411 else 412 NEXT(7); 413 } 414 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 415 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 416 if (prefer_tempaddr) 417 NEXT(7); 418 else 419 REPLACE(7); 420 } 421 422 /* 423 * Rule 8: prefer addresses on alive interfaces. 424 * This is a KAME specific rule. 425 */ 426 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 427 !(ia->ia_ifp->if_flags & IFF_UP)) 428 NEXT(8); 429 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 430 (ia->ia_ifp->if_flags & IFF_UP)) 431 REPLACE(8); 432 433 /* 434 * Rule 14: Use longest matching prefix. 435 * Note: in the address selection draft, this rule is 436 * documented as "Rule 8". However, since it is also 437 * documented that this rule can be overridden, we assign 438 * a large number so that it is easy to assign smaller numbers 439 * to more preferred rules. 440 */ 441 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 442 if (best_matchlen < new_matchlen) 443 REPLACE(14); 444 if (new_matchlen < best_matchlen) 445 NEXT(14); 446 447 /* Rule 15 is reserved. */ 448 449 /* 450 * Last resort: just keep the current candidate. 451 * Or, do we need more rules? 452 */ 453 continue; 454 455 replace: 456 ia_best = ia; 457 best_scope = (new_scope >= 0 ? new_scope : 458 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 459 best_policy = (new_policy ? new_policy : 460 lookup_addrsel_policy(&ia_best->ia_addr)); 461 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 462 in6_matchlen(&ia_best->ia_addr.sin6_addr, 463 &dst)); 464 465 next: 466 continue; 467 468 out: 469 break; 470 } 471 472 if ((ia = ia_best) == NULL) { 473 IN6_IFADDR_RUNLOCK(); 474 return (EADDRNOTAVAIL); 475 } 476 477 /* 478 * At this point at least one of the addresses belonged to the jail 479 * but it could still be, that we want to further restrict it, e.g. 480 * theoratically IN6_IS_ADDR_LOOPBACK. 481 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore. 482 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should 483 * let all others previously selected pass. 484 * Use tmp to not change ::1 on lo0 to the primary jail address. 485 */ 486 tmp = ia->ia_addr.sin6_addr; 487 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL && 488 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { 489 IN6_IFADDR_RUNLOCK(); 490 return (EADDRNOTAVAIL); 491 } 492 493 if (ifpp) 494 *ifpp = ifp; 495 496 bcopy(&tmp, srcp, sizeof(*srcp)); 497 IN6_IFADDR_RUNLOCK(); 498 return (0); 499 } 500 501 /* 502 * clone - meaningful only for bsdi and freebsd 503 */ 504 static int 505 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 506 struct ip6_moptions *mopts, struct route_in6 *ro, 507 struct ifnet **retifp, struct rtentry **retrt, int norouteok) 508 { 509 int error = 0; 510 struct ifnet *ifp = NULL; 511 struct rtentry *rt = NULL; 512 struct sockaddr_in6 *sin6_next; 513 struct in6_pktinfo *pi = NULL; 514 struct in6_addr *dst = &dstsock->sin6_addr; 515 #if 0 516 char ip6buf[INET6_ADDRSTRLEN]; 517 518 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 519 dstsock->sin6_addr.s6_addr32[1] == 0 && 520 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 521 printf("in6_selectroute: strange destination %s\n", 522 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 523 } else { 524 printf("in6_selectroute: destination = %s%%%d\n", 525 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 526 dstsock->sin6_scope_id); /* for debug */ 527 } 528 #endif 529 530 /* If the caller specify the outgoing interface explicitly, use it. */ 531 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 532 /* XXX boundary check is assumed to be already done. */ 533 ifp = ifnet_byindex(pi->ipi6_ifindex); 534 if (ifp != NULL && 535 (norouteok || retrt == NULL || 536 IN6_IS_ADDR_MULTICAST(dst))) { 537 /* 538 * we do not have to check or get the route for 539 * multicast. 540 */ 541 goto done; 542 } else 543 goto getroute; 544 } 545 546 /* 547 * If the destination address is a multicast address and the outgoing 548 * interface for the address is specified by the caller, use it. 549 */ 550 if (IN6_IS_ADDR_MULTICAST(dst) && 551 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 552 goto done; /* we do not need a route for multicast. */ 553 } 554 555 getroute: 556 /* 557 * If the next hop address for the packet is specified by the caller, 558 * use it as the gateway. 559 */ 560 if (opts && opts->ip6po_nexthop) { 561 struct route_in6 *ron; 562 struct llentry *la; 563 564 sin6_next = satosin6(opts->ip6po_nexthop); 565 566 /* at this moment, we only support AF_INET6 next hops */ 567 if (sin6_next->sin6_family != AF_INET6) { 568 error = EAFNOSUPPORT; /* or should we proceed? */ 569 goto done; 570 } 571 572 /* 573 * If the next hop is an IPv6 address, then the node identified 574 * by that address must be a neighbor of the sending host. 575 */ 576 ron = &opts->ip6po_nextroute; 577 /* 578 * XXX what do we do here? 579 * PLZ to be fixing 580 */ 581 582 583 if (ron->ro_rt == NULL) { 584 rtalloc((struct route *)ron); /* multi path case? */ 585 if (ron->ro_rt == NULL) { 586 if (ron->ro_rt) { 587 RTFREE(ron->ro_rt); 588 ron->ro_rt = NULL; 589 } 590 error = EHOSTUNREACH; 591 goto done; 592 } 593 } 594 595 rt = ron->ro_rt; 596 ifp = rt->rt_ifp; 597 IF_AFDATA_LOCK(ifp); 598 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 599 IF_AFDATA_UNLOCK(ifp); 600 if (la != NULL) 601 LLE_RUNLOCK(la); 602 else { 603 error = EHOSTUNREACH; 604 goto done; 605 } 606 #if 0 607 if ((ron->ro_rt && 608 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 609 (RTF_UP | RTF_LLINFO)) || 610 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 611 &sin6_next->sin6_addr)) { 612 if (ron->ro_rt) { 613 RTFREE(ron->ro_rt); 614 ron->ro_rt = NULL; 615 } 616 *satosin6(&ron->ro_dst) = *sin6_next; 617 } 618 if (ron->ro_rt == NULL) { 619 rtalloc((struct route *)ron); /* multi path case? */ 620 if (ron->ro_rt == NULL || 621 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 622 if (ron->ro_rt) { 623 RTFREE(ron->ro_rt); 624 ron->ro_rt = NULL; 625 } 626 error = EHOSTUNREACH; 627 goto done; 628 } 629 } 630 #endif 631 632 /* 633 * When cloning is required, try to allocate a route to the 634 * destination so that the caller can store path MTU 635 * information. 636 */ 637 goto done; 638 } 639 640 /* 641 * Use a cached route if it exists and is valid, else try to allocate 642 * a new one. Note that we should check the address family of the 643 * cached destination, in case of sharing the cache with IPv4. 644 */ 645 if (ro) { 646 if (ro->ro_rt && 647 (!(ro->ro_rt->rt_flags & RTF_UP) || 648 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 649 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 650 dst))) { 651 RTFREE(ro->ro_rt); 652 ro->ro_rt = (struct rtentry *)NULL; 653 } 654 if (ro->ro_rt == (struct rtentry *)NULL) { 655 struct sockaddr_in6 *sa6; 656 657 /* No route yet, so try to acquire one */ 658 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 659 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 660 *sa6 = *dstsock; 661 sa6->sin6_scope_id = 0; 662 663 #ifdef RADIX_MPATH 664 rtalloc_mpath((struct route *)ro, 665 ntohl(sa6->sin6_addr.s6_addr32[3])); 666 #else 667 ro->ro_rt = rtalloc1(&((struct route *)ro) 668 ->ro_dst, 0, 0UL); 669 if (ro->ro_rt) 670 RT_UNLOCK(ro->ro_rt); 671 #endif 672 } 673 674 /* 675 * do not care about the result if we have the nexthop 676 * explicitly specified. 677 */ 678 if (opts && opts->ip6po_nexthop) 679 goto done; 680 681 if (ro->ro_rt) { 682 ifp = ro->ro_rt->rt_ifp; 683 684 if (ifp == NULL) { /* can this really happen? */ 685 RTFREE(ro->ro_rt); 686 ro->ro_rt = NULL; 687 } 688 } 689 if (ro->ro_rt == NULL) 690 error = EHOSTUNREACH; 691 rt = ro->ro_rt; 692 693 /* 694 * Check if the outgoing interface conflicts with 695 * the interface specified by ipi6_ifindex (if specified). 696 * Note that loopback interface is always okay. 697 * (this may happen when we are sending a packet to one of 698 * our own addresses.) 699 */ 700 if (ifp && opts && opts->ip6po_pktinfo && 701 opts->ip6po_pktinfo->ipi6_ifindex) { 702 if (!(ifp->if_flags & IFF_LOOPBACK) && 703 ifp->if_index != 704 opts->ip6po_pktinfo->ipi6_ifindex) { 705 error = EHOSTUNREACH; 706 goto done; 707 } 708 } 709 } 710 711 done: 712 if (ifp == NULL && rt == NULL) { 713 /* 714 * This can happen if the caller did not pass a cached route 715 * nor any other hints. We treat this case an error. 716 */ 717 error = EHOSTUNREACH; 718 } 719 if (error == EHOSTUNREACH) 720 V_ip6stat.ip6s_noroute++; 721 722 if (retifp != NULL) { 723 *retifp = ifp; 724 725 /* 726 * Adjust the "outgoing" interface. If we're going to loop 727 * the packet back to ourselves, the ifp would be the loopback 728 * interface. However, we'd rather know the interface associated 729 * to the destination address (which should probably be one of 730 * our own addresses.) 731 */ 732 if (rt) { 733 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 734 (rt->rt_gateway->sa_family == AF_LINK)) 735 *retifp = 736 ifnet_byindex(((struct sockaddr_dl *) 737 rt->rt_gateway)->sdl_index); 738 } 739 } 740 741 if (retrt != NULL) 742 *retrt = rt; /* rt may be NULL */ 743 744 return (error); 745 } 746 747 static int 748 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 749 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 750 { 751 int error; 752 struct route_in6 sro; 753 struct rtentry *rt = NULL; 754 755 if (ro == NULL) { 756 bzero(&sro, sizeof(sro)); 757 ro = &sro; 758 } 759 760 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 761 &rt, 1)) != 0) { 762 if (ro == &sro && rt && rt == sro.ro_rt) 763 RTFREE(rt); 764 return (error); 765 } 766 767 /* 768 * do not use a rejected or black hole route. 769 * XXX: this check should be done in the L2 output routine. 770 * However, if we skipped this check here, we'd see the following 771 * scenario: 772 * - install a rejected route for a scoped address prefix 773 * (like fe80::/10) 774 * - send a packet to a destination that matches the scoped prefix, 775 * with ambiguity about the scope zone. 776 * - pick the outgoing interface from the route, and disambiguate the 777 * scope zone with the interface. 778 * - ip6_output() would try to get another route with the "new" 779 * destination, which may be valid. 780 * - we'd see no error on output. 781 * Although this may not be very harmful, it should still be confusing. 782 * We thus reject the case here. 783 */ 784 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 785 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 786 787 if (ro == &sro && rt && rt == sro.ro_rt) 788 RTFREE(rt); 789 return (flags); 790 } 791 792 if (ro == &sro && rt && rt == sro.ro_rt) 793 RTFREE(rt); 794 return (0); 795 } 796 797 /* 798 * clone - meaningful only for bsdi and freebsd 799 */ 800 int 801 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 802 struct ip6_moptions *mopts, struct route_in6 *ro, 803 struct ifnet **retifp, struct rtentry **retrt) 804 { 805 806 return (selectroute(dstsock, opts, mopts, ro, retifp, 807 retrt, 0)); 808 } 809 810 /* 811 * Default hop limit selection. The precedence is as follows: 812 * 1. Hoplimit value specified via ioctl. 813 * 2. (If the outgoing interface is detected) the current 814 * hop limit of the interface specified by router advertisement. 815 * 3. The system default hoplimit. 816 */ 817 int 818 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 819 { 820 821 if (in6p && in6p->in6p_hops >= 0) 822 return (in6p->in6p_hops); 823 else if (ifp) 824 return (ND_IFINFO(ifp)->chlim); 825 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 826 struct route_in6 ro6; 827 struct ifnet *lifp; 828 829 bzero(&ro6, sizeof(ro6)); 830 ro6.ro_dst.sin6_family = AF_INET6; 831 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 832 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 833 rtalloc((struct route *)&ro6); 834 if (ro6.ro_rt) { 835 lifp = ro6.ro_rt->rt_ifp; 836 RTFREE(ro6.ro_rt); 837 if (lifp) 838 return (ND_IFINFO(lifp)->chlim); 839 } else 840 return (V_ip6_defhlim); 841 } 842 return (V_ip6_defhlim); 843 } 844 845 /* 846 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 847 * share this function by all *bsd*... 848 */ 849 int 850 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 851 { 852 struct socket *so = inp->inp_socket; 853 u_int16_t lport = 0; 854 int error, lookupflags = 0; 855 #ifdef INVARIANTS 856 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 857 #endif 858 859 INP_WLOCK_ASSERT(inp); 860 INP_HASH_WLOCK_ASSERT(pcbinfo); 861 862 error = prison_local_ip6(cred, laddr, 863 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 864 if (error) 865 return(error); 866 867 /* XXX: this is redundant when called from in6_pcbbind */ 868 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 869 lookupflags = INPLOOKUP_WILDCARD; 870 871 inp->inp_flags |= INP_ANONPORT; 872 873 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags); 874 if (error != 0) 875 return (error); 876 877 inp->inp_lport = lport; 878 if (in_pcbinshash(inp) != 0) { 879 inp->in6p_laddr = in6addr_any; 880 inp->inp_lport = 0; 881 return (EAGAIN); 882 } 883 884 return (0); 885 } 886 887 void 888 addrsel_policy_init(void) 889 { 890 891 init_policy_queue(); 892 893 /* initialize the "last resort" policy */ 894 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 895 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 896 897 if (!IS_DEFAULT_VNET(curvnet)) 898 return; 899 900 ADDRSEL_LOCK_INIT(); 901 ADDRSEL_SXLOCK_INIT(); 902 } 903 904 static struct in6_addrpolicy * 905 lookup_addrsel_policy(struct sockaddr_in6 *key) 906 { 907 struct in6_addrpolicy *match = NULL; 908 909 ADDRSEL_LOCK(); 910 match = match_addrsel_policy(key); 911 912 if (match == NULL) 913 match = &V_defaultaddrpolicy; 914 else 915 match->use++; 916 ADDRSEL_UNLOCK(); 917 918 return (match); 919 } 920 921 /* 922 * Subroutines to manage the address selection policy table via sysctl. 923 */ 924 struct walkarg { 925 struct sysctl_req *w_req; 926 }; 927 928 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 929 SYSCTL_DECL(_net_inet6_ip6); 930 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 931 CTLFLAG_RD, in6_src_sysctl, ""); 932 933 static int 934 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 935 { 936 struct walkarg w; 937 938 if (req->newptr) 939 return EPERM; 940 941 bzero(&w, sizeof(w)); 942 w.w_req = req; 943 944 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 945 } 946 947 int 948 in6_src_ioctl(u_long cmd, caddr_t data) 949 { 950 int i; 951 struct in6_addrpolicy ent0; 952 953 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 954 return (EOPNOTSUPP); /* check for safety */ 955 956 ent0 = *(struct in6_addrpolicy *)data; 957 958 if (ent0.label == ADDR_LABEL_NOTAPP) 959 return (EINVAL); 960 /* check if the prefix mask is consecutive. */ 961 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 962 return (EINVAL); 963 /* clear trailing garbages (if any) of the prefix address. */ 964 for (i = 0; i < 4; i++) { 965 ent0.addr.sin6_addr.s6_addr32[i] &= 966 ent0.addrmask.sin6_addr.s6_addr32[i]; 967 } 968 ent0.use = 0; 969 970 switch (cmd) { 971 case SIOCAADDRCTL_POLICY: 972 return (add_addrsel_policyent(&ent0)); 973 case SIOCDADDRCTL_POLICY: 974 return (delete_addrsel_policyent(&ent0)); 975 } 976 977 return (0); /* XXX: compromise compilers */ 978 } 979 980 /* 981 * The followings are implementation of the policy table using a 982 * simple tail queue. 983 * XXX such details should be hidden. 984 * XXX implementation using binary tree should be more efficient. 985 */ 986 struct addrsel_policyent { 987 TAILQ_ENTRY(addrsel_policyent) ape_entry; 988 struct in6_addrpolicy ape_policy; 989 }; 990 991 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 992 993 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 994 #define V_addrsel_policytab VNET(addrsel_policytab) 995 996 static void 997 init_policy_queue(void) 998 { 999 1000 TAILQ_INIT(&V_addrsel_policytab); 1001 } 1002 1003 static int 1004 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1005 { 1006 struct addrsel_policyent *new, *pol; 1007 1008 new = malloc(sizeof(*new), M_IFADDR, 1009 M_WAITOK); 1010 ADDRSEL_XLOCK(); 1011 ADDRSEL_LOCK(); 1012 1013 /* duplication check */ 1014 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1015 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1016 &pol->ape_policy.addr.sin6_addr) && 1017 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1018 &pol->ape_policy.addrmask.sin6_addr)) { 1019 ADDRSEL_UNLOCK(); 1020 ADDRSEL_XUNLOCK(); 1021 free(new, M_IFADDR); 1022 return (EEXIST); /* or override it? */ 1023 } 1024 } 1025 1026 bzero(new, sizeof(*new)); 1027 1028 /* XXX: should validate entry */ 1029 new->ape_policy = *newpolicy; 1030 1031 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1032 ADDRSEL_UNLOCK(); 1033 ADDRSEL_XUNLOCK(); 1034 1035 return (0); 1036 } 1037 1038 static int 1039 delete_addrsel_policyent(struct in6_addrpolicy *key) 1040 { 1041 struct addrsel_policyent *pol; 1042 1043 ADDRSEL_XLOCK(); 1044 ADDRSEL_LOCK(); 1045 1046 /* search for the entry in the table */ 1047 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1048 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1049 &pol->ape_policy.addr.sin6_addr) && 1050 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1051 &pol->ape_policy.addrmask.sin6_addr)) { 1052 break; 1053 } 1054 } 1055 if (pol == NULL) { 1056 ADDRSEL_UNLOCK(); 1057 ADDRSEL_XUNLOCK(); 1058 return (ESRCH); 1059 } 1060 1061 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1062 ADDRSEL_UNLOCK(); 1063 ADDRSEL_XUNLOCK(); 1064 1065 return (0); 1066 } 1067 1068 static int 1069 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1070 void *w) 1071 { 1072 struct addrsel_policyent *pol; 1073 int error = 0; 1074 1075 ADDRSEL_SLOCK(); 1076 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1077 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1078 ADDRSEL_SUNLOCK(); 1079 return (error); 1080 } 1081 } 1082 ADDRSEL_SUNLOCK(); 1083 return (error); 1084 } 1085 1086 static int 1087 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1088 { 1089 int error = 0; 1090 struct walkarg *w = arg; 1091 1092 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1093 1094 return (error); 1095 } 1096 1097 static struct in6_addrpolicy * 1098 match_addrsel_policy(struct sockaddr_in6 *key) 1099 { 1100 struct addrsel_policyent *pent; 1101 struct in6_addrpolicy *bestpol = NULL, *pol; 1102 int matchlen, bestmatchlen = -1; 1103 u_char *mp, *ep, *k, *p, m; 1104 1105 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1106 matchlen = 0; 1107 1108 pol = &pent->ape_policy; 1109 mp = (u_char *)&pol->addrmask.sin6_addr; 1110 ep = mp + 16; /* XXX: scope field? */ 1111 k = (u_char *)&key->sin6_addr; 1112 p = (u_char *)&pol->addr.sin6_addr; 1113 for (; mp < ep && *mp; mp++, k++, p++) { 1114 m = *mp; 1115 if ((*k & m) != *p) 1116 goto next; /* not match */ 1117 if (m == 0xff) /* short cut for a typical case */ 1118 matchlen += 8; 1119 else { 1120 while (m >= 0x80) { 1121 matchlen++; 1122 m <<= 1; 1123 } 1124 } 1125 } 1126 1127 /* matched. check if this is better than the current best. */ 1128 if (bestpol == NULL || 1129 matchlen > bestmatchlen) { 1130 bestpol = pol; 1131 bestmatchlen = matchlen; 1132 } 1133 1134 next: 1135 continue; 1136 } 1137 1138 return (bestpol); 1139 } 1140