1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/if_dl.h> 89 #include <net/route.h> 90 #include <net/if_llatbl.h> 91 #ifdef RADIX_MPATH 92 #include <net/radix_mpath.h> 93 #endif 94 95 #include <netinet/in.h> 96 #include <netinet/in_var.h> 97 #include <netinet/in_systm.h> 98 #include <netinet/ip.h> 99 #include <netinet/in_pcb.h> 100 #include <netinet/ip_var.h> 101 #include <netinet/udp.h> 102 #include <netinet/udp_var.h> 103 104 #include <netinet6/in6_var.h> 105 #include <netinet/ip6.h> 106 #include <netinet6/in6_pcb.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/scope6_var.h> 109 #include <netinet6/nd6.h> 110 111 static struct mtx addrsel_lock; 112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 116 117 static struct sx addrsel_sxlock; 118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 123 124 #define ADDR_LABEL_NOTAPP (-1) 125 126 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 127 VNET_DEFINE(int, ip6_prefer_tempaddr); 128 129 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 130 131 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 132 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 133 struct rtentry **, int)); 134 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 135 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 136 137 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 138 139 static void init_policy_queue(void); 140 static int add_addrsel_policyent(struct in6_addrpolicy *); 141 static int delete_addrsel_policyent(struct in6_addrpolicy *); 142 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 143 void *)); 144 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 145 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 146 147 /* 148 * Return an IPv6 address, which is the most appropriate for a given 149 * destination and user specified options. 150 * If necessary, this function lookups the routing table and returns 151 * an entry to the caller for later use. 152 */ 153 #define REPLACE(r) do {\ 154 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 155 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 156 V_ip6stat.ip6s_sources_rule[(r)]++; \ 157 /* { \ 158 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 159 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 160 } */ \ 161 goto replace; \ 162 } while(0) 163 #define NEXT(r) do {\ 164 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 165 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 166 V_ip6stat.ip6s_sources_rule[(r)]++; \ 167 /* { \ 168 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 169 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 170 } */ \ 171 goto next; /* XXX: we can't use 'continue' here */ \ 172 } while(0) 173 #define BREAK(r) do { \ 174 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 175 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 176 V_ip6stat.ip6s_sources_rule[(r)]++; \ 177 goto out; /* XXX: we can't use 'break' here */ \ 178 } while(0) 179 180 int 181 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 182 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 183 struct ifnet **ifpp, struct in6_addr *srcp) 184 { 185 struct in6_addr dst; 186 struct ifnet *ifp = NULL; 187 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 188 struct in6_pktinfo *pi = NULL; 189 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 190 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 191 u_int32_t odstzone; 192 int prefer_tempaddr; 193 int error; 194 struct ip6_moptions *mopts; 195 196 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 197 198 dst = dstsock->sin6_addr; /* make a copy for local operation */ 199 if (ifpp) 200 *ifpp = NULL; 201 202 if (inp != NULL) { 203 INP_LOCK_ASSERT(inp); 204 mopts = inp->in6p_moptions; 205 } else { 206 mopts = NULL; 207 } 208 209 /* 210 * If the source address is explicitly specified by the caller, 211 * check if the requested source address is indeed a unicast address 212 * assigned to the node, and can be used as the packet's source 213 * address. If everything is okay, use the address as source. 214 */ 215 if (opts && (pi = opts->ip6po_pktinfo) && 216 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 217 struct sockaddr_in6 srcsock; 218 struct in6_ifaddr *ia6; 219 220 /* get the outgoing interface */ 221 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 222 return (error); 223 224 /* 225 * determine the appropriate zone id of the source based on 226 * the zone of the destination and the outgoing interface. 227 * If the specified address is ambiguous wrt the scope zone, 228 * the interface must be specified; otherwise, ifa_ifwithaddr() 229 * will fail matching the address. 230 */ 231 bzero(&srcsock, sizeof(srcsock)); 232 srcsock.sin6_family = AF_INET6; 233 srcsock.sin6_len = sizeof(srcsock); 234 srcsock.sin6_addr = pi->ipi6_addr; 235 if (ifp) { 236 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 237 if (error) 238 return (error); 239 } 240 if (cred != NULL && (error = prison_local_ip6(cred, 241 &srcsock.sin6_addr, (inp != NULL && 242 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 243 return (error); 244 245 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 246 (struct sockaddr *)&srcsock); 247 if (ia6 == NULL || 248 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 249 if (ia6 != NULL) 250 ifa_free(&ia6->ia_ifa); 251 return (EADDRNOTAVAIL); 252 } 253 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 254 if (ifpp) 255 *ifpp = ifp; 256 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 257 ifa_free(&ia6->ia_ifa); 258 return (0); 259 } 260 261 /* 262 * Otherwise, if the socket has already bound the source, just use it. 263 */ 264 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 265 if (cred != NULL && 266 (error = prison_local_ip6(cred, &inp->in6p_laddr, 267 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 268 return (error); 269 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 270 return (0); 271 } 272 273 /* 274 * Bypass source address selection and use the primary jail IP 275 * if requested. 276 */ 277 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 278 return (0); 279 280 /* 281 * If the address is not specified, choose the best one based on 282 * the outgoing interface and the destination address. 283 */ 284 /* get the outgoing interface */ 285 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 286 return (error); 287 288 #ifdef DIAGNOSTIC 289 if (ifp == NULL) /* this should not happen */ 290 panic("in6_selectsrc: NULL ifp"); 291 #endif 292 error = in6_setscope(&dst, ifp, &odstzone); 293 if (error) 294 return (error); 295 296 IN6_IFADDR_RLOCK(); 297 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 298 int new_scope = -1, new_matchlen = -1; 299 struct in6_addrpolicy *new_policy = NULL; 300 u_int32_t srczone, osrczone, dstzone; 301 struct in6_addr src; 302 struct ifnet *ifp1 = ia->ia_ifp; 303 304 /* 305 * We'll never take an address that breaks the scope zone 306 * of the destination. We also skip an address if its zone 307 * does not contain the outgoing interface. 308 * XXX: we should probably use sin6_scope_id here. 309 */ 310 if (in6_setscope(&dst, ifp1, &dstzone) || 311 odstzone != dstzone) { 312 continue; 313 } 314 src = ia->ia_addr.sin6_addr; 315 if (in6_setscope(&src, ifp, &osrczone) || 316 in6_setscope(&src, ifp1, &srczone) || 317 osrczone != srczone) { 318 continue; 319 } 320 321 /* avoid unusable addresses */ 322 if ((ia->ia6_flags & 323 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 324 continue; 325 } 326 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 327 continue; 328 329 if (cred != NULL && 330 prison_local_ip6(cred, &ia->ia_addr.sin6_addr, 331 (inp != NULL && 332 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) 333 continue; 334 335 /* Rule 1: Prefer same address */ 336 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 337 ia_best = ia; 338 BREAK(1); /* there should be no better candidate */ 339 } 340 341 if (ia_best == NULL) 342 REPLACE(0); 343 344 /* Rule 2: Prefer appropriate scope */ 345 if (dst_scope < 0) 346 dst_scope = in6_addrscope(&dst); 347 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 348 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 349 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 350 REPLACE(2); 351 NEXT(2); 352 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 353 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 354 NEXT(2); 355 REPLACE(2); 356 } 357 358 /* 359 * Rule 3: Avoid deprecated addresses. Note that the case of 360 * !ip6_use_deprecated is already rejected above. 361 */ 362 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 363 NEXT(3); 364 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 365 REPLACE(3); 366 367 /* Rule 4: Prefer home addresses */ 368 /* 369 * XXX: This is a TODO. We should probably merge the MIP6 370 * case above. 371 */ 372 373 /* Rule 5: Prefer outgoing interface */ 374 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 375 NEXT(5); 376 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 377 REPLACE(5); 378 379 /* 380 * Rule 6: Prefer matching label 381 * Note that best_policy should be non-NULL here. 382 */ 383 if (dst_policy == NULL) 384 dst_policy = lookup_addrsel_policy(dstsock); 385 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 386 new_policy = lookup_addrsel_policy(&ia->ia_addr); 387 if (dst_policy->label == best_policy->label && 388 dst_policy->label != new_policy->label) 389 NEXT(6); 390 if (dst_policy->label != best_policy->label && 391 dst_policy->label == new_policy->label) 392 REPLACE(6); 393 } 394 395 /* 396 * Rule 7: Prefer public addresses. 397 * We allow users to reverse the logic by configuring 398 * a sysctl variable, so that privacy conscious users can 399 * always prefer temporary addresses. 400 */ 401 if (opts == NULL || 402 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 403 prefer_tempaddr = V_ip6_prefer_tempaddr; 404 } else if (opts->ip6po_prefer_tempaddr == 405 IP6PO_TEMPADDR_NOTPREFER) { 406 prefer_tempaddr = 0; 407 } else 408 prefer_tempaddr = 1; 409 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 410 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 411 if (prefer_tempaddr) 412 REPLACE(7); 413 else 414 NEXT(7); 415 } 416 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 417 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 418 if (prefer_tempaddr) 419 NEXT(7); 420 else 421 REPLACE(7); 422 } 423 424 /* 425 * Rule 8: prefer addresses on alive interfaces. 426 * This is a KAME specific rule. 427 */ 428 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 429 !(ia->ia_ifp->if_flags & IFF_UP)) 430 NEXT(8); 431 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 432 (ia->ia_ifp->if_flags & IFF_UP)) 433 REPLACE(8); 434 435 /* 436 * Rule 14: Use longest matching prefix. 437 * Note: in the address selection draft, this rule is 438 * documented as "Rule 8". However, since it is also 439 * documented that this rule can be overridden, we assign 440 * a large number so that it is easy to assign smaller numbers 441 * to more preferred rules. 442 */ 443 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 444 if (best_matchlen < new_matchlen) 445 REPLACE(14); 446 if (new_matchlen < best_matchlen) 447 NEXT(14); 448 449 /* Rule 15 is reserved. */ 450 451 /* 452 * Last resort: just keep the current candidate. 453 * Or, do we need more rules? 454 */ 455 continue; 456 457 replace: 458 ia_best = ia; 459 best_scope = (new_scope >= 0 ? new_scope : 460 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 461 best_policy = (new_policy ? new_policy : 462 lookup_addrsel_policy(&ia_best->ia_addr)); 463 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 464 in6_matchlen(&ia_best->ia_addr.sin6_addr, 465 &dst)); 466 467 next: 468 continue; 469 470 out: 471 break; 472 } 473 474 if ((ia = ia_best) == NULL) { 475 IN6_IFADDR_RUNLOCK(); 476 return (EADDRNOTAVAIL); 477 } 478 479 if (ifpp) 480 *ifpp = ifp; 481 482 bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 483 IN6_IFADDR_RUNLOCK(); 484 return (0); 485 } 486 487 /* 488 * clone - meaningful only for bsdi and freebsd 489 */ 490 static int 491 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 492 struct ip6_moptions *mopts, struct route_in6 *ro, 493 struct ifnet **retifp, struct rtentry **retrt, int norouteok) 494 { 495 int error = 0; 496 struct ifnet *ifp = NULL; 497 struct rtentry *rt = NULL; 498 struct sockaddr_in6 *sin6_next; 499 struct in6_pktinfo *pi = NULL; 500 struct in6_addr *dst = &dstsock->sin6_addr; 501 #if 0 502 char ip6buf[INET6_ADDRSTRLEN]; 503 504 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 505 dstsock->sin6_addr.s6_addr32[1] == 0 && 506 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 507 printf("in6_selectroute: strange destination %s\n", 508 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 509 } else { 510 printf("in6_selectroute: destination = %s%%%d\n", 511 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 512 dstsock->sin6_scope_id); /* for debug */ 513 } 514 #endif 515 516 /* If the caller specify the outgoing interface explicitly, use it. */ 517 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 518 /* XXX boundary check is assumed to be already done. */ 519 ifp = ifnet_byindex(pi->ipi6_ifindex); 520 if (ifp != NULL && 521 (norouteok || retrt == NULL || 522 IN6_IS_ADDR_MULTICAST(dst))) { 523 /* 524 * we do not have to check or get the route for 525 * multicast. 526 */ 527 goto done; 528 } else 529 goto getroute; 530 } 531 532 /* 533 * If the destination address is a multicast address and the outgoing 534 * interface for the address is specified by the caller, use it. 535 */ 536 if (IN6_IS_ADDR_MULTICAST(dst) && 537 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 538 goto done; /* we do not need a route for multicast. */ 539 } 540 541 getroute: 542 /* 543 * If the next hop address for the packet is specified by the caller, 544 * use it as the gateway. 545 */ 546 if (opts && opts->ip6po_nexthop) { 547 struct route_in6 *ron; 548 struct llentry *la; 549 550 sin6_next = satosin6(opts->ip6po_nexthop); 551 552 /* at this moment, we only support AF_INET6 next hops */ 553 if (sin6_next->sin6_family != AF_INET6) { 554 error = EAFNOSUPPORT; /* or should we proceed? */ 555 goto done; 556 } 557 558 /* 559 * If the next hop is an IPv6 address, then the node identified 560 * by that address must be a neighbor of the sending host. 561 */ 562 ron = &opts->ip6po_nextroute; 563 /* 564 * XXX what do we do here? 565 * PLZ to be fixing 566 */ 567 568 569 if (ron->ro_rt == NULL) { 570 rtalloc((struct route *)ron); /* multi path case? */ 571 if (ron->ro_rt == NULL) { 572 if (ron->ro_rt) { 573 RTFREE(ron->ro_rt); 574 ron->ro_rt = NULL; 575 } 576 error = EHOSTUNREACH; 577 goto done; 578 } 579 } 580 581 rt = ron->ro_rt; 582 ifp = rt->rt_ifp; 583 IF_AFDATA_LOCK(ifp); 584 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 585 IF_AFDATA_UNLOCK(ifp); 586 if (la != NULL) 587 LLE_RUNLOCK(la); 588 else { 589 error = EHOSTUNREACH; 590 goto done; 591 } 592 #if 0 593 if ((ron->ro_rt && 594 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 595 (RTF_UP | RTF_LLINFO)) || 596 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 597 &sin6_next->sin6_addr)) { 598 if (ron->ro_rt) { 599 RTFREE(ron->ro_rt); 600 ron->ro_rt = NULL; 601 } 602 *satosin6(&ron->ro_dst) = *sin6_next; 603 } 604 if (ron->ro_rt == NULL) { 605 rtalloc((struct route *)ron); /* multi path case? */ 606 if (ron->ro_rt == NULL || 607 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 608 if (ron->ro_rt) { 609 RTFREE(ron->ro_rt); 610 ron->ro_rt = NULL; 611 } 612 error = EHOSTUNREACH; 613 goto done; 614 } 615 } 616 #endif 617 618 /* 619 * When cloning is required, try to allocate a route to the 620 * destination so that the caller can store path MTU 621 * information. 622 */ 623 goto done; 624 } 625 626 /* 627 * Use a cached route if it exists and is valid, else try to allocate 628 * a new one. Note that we should check the address family of the 629 * cached destination, in case of sharing the cache with IPv4. 630 */ 631 if (ro) { 632 if (ro->ro_rt && 633 (!(ro->ro_rt->rt_flags & RTF_UP) || 634 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 635 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 636 dst))) { 637 RTFREE(ro->ro_rt); 638 ro->ro_rt = (struct rtentry *)NULL; 639 } 640 if (ro->ro_rt == (struct rtentry *)NULL) { 641 struct sockaddr_in6 *sa6; 642 643 /* No route yet, so try to acquire one */ 644 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 645 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 646 *sa6 = *dstsock; 647 sa6->sin6_scope_id = 0; 648 649 #ifdef RADIX_MPATH 650 rtalloc_mpath((struct route *)ro, 651 ntohl(sa6->sin6_addr.s6_addr32[3])); 652 #else 653 ro->ro_rt = rtalloc1(&((struct route *)ro) 654 ->ro_dst, 0, 0UL); 655 if (ro->ro_rt) 656 RT_UNLOCK(ro->ro_rt); 657 #endif 658 } 659 660 /* 661 * do not care about the result if we have the nexthop 662 * explicitly specified. 663 */ 664 if (opts && opts->ip6po_nexthop) 665 goto done; 666 667 if (ro->ro_rt) { 668 ifp = ro->ro_rt->rt_ifp; 669 670 if (ifp == NULL) { /* can this really happen? */ 671 RTFREE(ro->ro_rt); 672 ro->ro_rt = NULL; 673 } 674 } 675 if (ro->ro_rt == NULL) 676 error = EHOSTUNREACH; 677 rt = ro->ro_rt; 678 679 /* 680 * Check if the outgoing interface conflicts with 681 * the interface specified by ipi6_ifindex (if specified). 682 * Note that loopback interface is always okay. 683 * (this may happen when we are sending a packet to one of 684 * our own addresses.) 685 */ 686 if (ifp && opts && opts->ip6po_pktinfo && 687 opts->ip6po_pktinfo->ipi6_ifindex) { 688 if (!(ifp->if_flags & IFF_LOOPBACK) && 689 ifp->if_index != 690 opts->ip6po_pktinfo->ipi6_ifindex) { 691 error = EHOSTUNREACH; 692 goto done; 693 } 694 } 695 } 696 697 done: 698 if (ifp == NULL && rt == NULL) { 699 /* 700 * This can happen if the caller did not pass a cached route 701 * nor any other hints. We treat this case an error. 702 */ 703 error = EHOSTUNREACH; 704 } 705 if (error == EHOSTUNREACH) 706 V_ip6stat.ip6s_noroute++; 707 708 if (retifp != NULL) { 709 *retifp = ifp; 710 711 /* 712 * Adjust the "outgoing" interface. If we're going to loop 713 * the packet back to ourselves, the ifp would be the loopback 714 * interface. However, we'd rather know the interface associated 715 * to the destination address (which should probably be one of 716 * our own addresses.) 717 */ 718 if (rt) { 719 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 720 (rt->rt_gateway->sa_family == AF_LINK)) 721 *retifp = 722 ifnet_byindex(((struct sockaddr_dl *) 723 rt->rt_gateway)->sdl_index); 724 } 725 } 726 727 if (retrt != NULL) 728 *retrt = rt; /* rt may be NULL */ 729 730 return (error); 731 } 732 733 static int 734 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 735 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 736 { 737 int error; 738 struct route_in6 sro; 739 struct rtentry *rt = NULL; 740 741 if (ro == NULL) { 742 bzero(&sro, sizeof(sro)); 743 ro = &sro; 744 } 745 746 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 747 &rt, 1)) != 0) { 748 if (ro == &sro && rt && rt == sro.ro_rt) 749 RTFREE(rt); 750 return (error); 751 } 752 753 /* 754 * do not use a rejected or black hole route. 755 * XXX: this check should be done in the L2 output routine. 756 * However, if we skipped this check here, we'd see the following 757 * scenario: 758 * - install a rejected route for a scoped address prefix 759 * (like fe80::/10) 760 * - send a packet to a destination that matches the scoped prefix, 761 * with ambiguity about the scope zone. 762 * - pick the outgoing interface from the route, and disambiguate the 763 * scope zone with the interface. 764 * - ip6_output() would try to get another route with the "new" 765 * destination, which may be valid. 766 * - we'd see no error on output. 767 * Although this may not be very harmful, it should still be confusing. 768 * We thus reject the case here. 769 */ 770 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 771 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 772 773 if (ro == &sro && rt && rt == sro.ro_rt) 774 RTFREE(rt); 775 return (flags); 776 } 777 778 if (ro == &sro && rt && rt == sro.ro_rt) 779 RTFREE(rt); 780 return (0); 781 } 782 783 /* 784 * clone - meaningful only for bsdi and freebsd 785 */ 786 int 787 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 788 struct ip6_moptions *mopts, struct route_in6 *ro, 789 struct ifnet **retifp, struct rtentry **retrt) 790 { 791 792 return (selectroute(dstsock, opts, mopts, ro, retifp, 793 retrt, 0)); 794 } 795 796 /* 797 * Default hop limit selection. The precedence is as follows: 798 * 1. Hoplimit value specified via ioctl. 799 * 2. (If the outgoing interface is detected) the current 800 * hop limit of the interface specified by router advertisement. 801 * 3. The system default hoplimit. 802 */ 803 int 804 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 805 { 806 807 if (in6p && in6p->in6p_hops >= 0) 808 return (in6p->in6p_hops); 809 else if (ifp) 810 return (ND_IFINFO(ifp)->chlim); 811 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 812 struct route_in6 ro6; 813 struct ifnet *lifp; 814 815 bzero(&ro6, sizeof(ro6)); 816 ro6.ro_dst.sin6_family = AF_INET6; 817 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 818 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 819 rtalloc((struct route *)&ro6); 820 if (ro6.ro_rt) { 821 lifp = ro6.ro_rt->rt_ifp; 822 RTFREE(ro6.ro_rt); 823 if (lifp) 824 return (ND_IFINFO(lifp)->chlim); 825 } else 826 return (V_ip6_defhlim); 827 } 828 return (V_ip6_defhlim); 829 } 830 831 /* 832 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 833 * share this function by all *bsd*... 834 */ 835 int 836 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 837 { 838 struct socket *so = inp->inp_socket; 839 u_int16_t lport = 0, first, last, *lastport; 840 int count, error, wild = 0, dorandom; 841 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 842 843 INP_INFO_WLOCK_ASSERT(pcbinfo); 844 INP_WLOCK_ASSERT(inp); 845 846 error = prison_local_ip6(cred, laddr, 847 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 848 if (error) 849 return(error); 850 851 /* XXX: this is redundant when called from in6_pcbbind */ 852 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 853 wild = INPLOOKUP_WILDCARD; 854 855 inp->inp_flags |= INP_ANONPORT; 856 857 if (inp->inp_flags & INP_HIGHPORT) { 858 first = V_ipport_hifirstauto; /* sysctl */ 859 last = V_ipport_hilastauto; 860 lastport = &pcbinfo->ipi_lasthi; 861 } else if (inp->inp_flags & INP_LOWPORT) { 862 error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); 863 if (error) 864 return error; 865 first = V_ipport_lowfirstauto; /* 1023 */ 866 last = V_ipport_lowlastauto; /* 600 */ 867 lastport = &pcbinfo->ipi_lastlow; 868 } else { 869 first = V_ipport_firstauto; /* sysctl */ 870 last = V_ipport_lastauto; 871 lastport = &pcbinfo->ipi_lastport; 872 } 873 874 /* 875 * For UDP, use random port allocation as long as the user 876 * allows it. For TCP (and as of yet unknown) connections, 877 * use random port allocation only if the user allows it AND 878 * ipport_tick() allows it. 879 */ 880 if (V_ipport_randomized && 881 (!V_ipport_stoprandom || pcbinfo == &V_udbinfo)) 882 dorandom = 1; 883 else 884 dorandom = 0; 885 /* 886 * It makes no sense to do random port allocation if 887 * we have the only port available. 888 */ 889 if (first == last) 890 dorandom = 0; 891 /* Make sure to not include UDP packets in the count. */ 892 if (pcbinfo != &V_udbinfo) 893 V_ipport_tcpallocs++; 894 895 /* 896 * Instead of having two loops further down counting up or down 897 * make sure that first is always <= last and go with only one 898 * code path implementing all logic. 899 */ 900 if (first > last) { 901 u_int16_t aux; 902 903 aux = first; 904 first = last; 905 last = aux; 906 } 907 908 if (dorandom) 909 *lastport = first + (arc4random() % (last - first)); 910 911 count = last - first; 912 913 do { 914 if (count-- < 0) { /* completely used? */ 915 /* Undo an address bind that may have occurred. */ 916 inp->in6p_laddr = in6addr_any; 917 return (EADDRNOTAVAIL); 918 } 919 ++*lastport; 920 if (*lastport < first || *lastport > last) 921 *lastport = first; 922 lport = htons(*lastport); 923 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 924 lport, wild, cred)); 925 926 inp->inp_lport = lport; 927 if (in_pcbinshash(inp) != 0) { 928 inp->in6p_laddr = in6addr_any; 929 inp->inp_lport = 0; 930 return (EAGAIN); 931 } 932 933 return (0); 934 } 935 936 void 937 addrsel_policy_init(void) 938 { 939 940 V_ip6_prefer_tempaddr = 0; 941 942 init_policy_queue(); 943 944 /* initialize the "last resort" policy */ 945 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 946 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 947 948 if (!IS_DEFAULT_VNET(curvnet)) 949 return; 950 951 ADDRSEL_LOCK_INIT(); 952 ADDRSEL_SXLOCK_INIT(); 953 } 954 955 static struct in6_addrpolicy * 956 lookup_addrsel_policy(struct sockaddr_in6 *key) 957 { 958 struct in6_addrpolicy *match = NULL; 959 960 ADDRSEL_LOCK(); 961 match = match_addrsel_policy(key); 962 963 if (match == NULL) 964 match = &V_defaultaddrpolicy; 965 else 966 match->use++; 967 ADDRSEL_UNLOCK(); 968 969 return (match); 970 } 971 972 /* 973 * Subroutines to manage the address selection policy table via sysctl. 974 */ 975 struct walkarg { 976 struct sysctl_req *w_req; 977 }; 978 979 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 980 SYSCTL_DECL(_net_inet6_ip6); 981 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 982 CTLFLAG_RD, in6_src_sysctl, ""); 983 984 static int 985 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 986 { 987 struct walkarg w; 988 989 if (req->newptr) 990 return EPERM; 991 992 bzero(&w, sizeof(w)); 993 w.w_req = req; 994 995 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 996 } 997 998 int 999 in6_src_ioctl(u_long cmd, caddr_t data) 1000 { 1001 int i; 1002 struct in6_addrpolicy ent0; 1003 1004 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 1005 return (EOPNOTSUPP); /* check for safety */ 1006 1007 ent0 = *(struct in6_addrpolicy *)data; 1008 1009 if (ent0.label == ADDR_LABEL_NOTAPP) 1010 return (EINVAL); 1011 /* check if the prefix mask is consecutive. */ 1012 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1013 return (EINVAL); 1014 /* clear trailing garbages (if any) of the prefix address. */ 1015 for (i = 0; i < 4; i++) { 1016 ent0.addr.sin6_addr.s6_addr32[i] &= 1017 ent0.addrmask.sin6_addr.s6_addr32[i]; 1018 } 1019 ent0.use = 0; 1020 1021 switch (cmd) { 1022 case SIOCAADDRCTL_POLICY: 1023 return (add_addrsel_policyent(&ent0)); 1024 case SIOCDADDRCTL_POLICY: 1025 return (delete_addrsel_policyent(&ent0)); 1026 } 1027 1028 return (0); /* XXX: compromise compilers */ 1029 } 1030 1031 /* 1032 * The followings are implementation of the policy table using a 1033 * simple tail queue. 1034 * XXX such details should be hidden. 1035 * XXX implementation using binary tree should be more efficient. 1036 */ 1037 struct addrsel_policyent { 1038 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1039 struct in6_addrpolicy ape_policy; 1040 }; 1041 1042 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1043 1044 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1045 #define V_addrsel_policytab VNET(addrsel_policytab) 1046 1047 static void 1048 init_policy_queue(void) 1049 { 1050 1051 TAILQ_INIT(&V_addrsel_policytab); 1052 } 1053 1054 static int 1055 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1056 { 1057 struct addrsel_policyent *new, *pol; 1058 1059 new = malloc(sizeof(*new), M_IFADDR, 1060 M_WAITOK); 1061 ADDRSEL_XLOCK(); 1062 ADDRSEL_LOCK(); 1063 1064 /* duplication check */ 1065 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1066 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1067 &pol->ape_policy.addr.sin6_addr) && 1068 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1069 &pol->ape_policy.addrmask.sin6_addr)) { 1070 ADDRSEL_UNLOCK(); 1071 ADDRSEL_XUNLOCK(); 1072 free(new, M_IFADDR); 1073 return (EEXIST); /* or override it? */ 1074 } 1075 } 1076 1077 bzero(new, sizeof(*new)); 1078 1079 /* XXX: should validate entry */ 1080 new->ape_policy = *newpolicy; 1081 1082 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1083 ADDRSEL_UNLOCK(); 1084 ADDRSEL_XUNLOCK(); 1085 1086 return (0); 1087 } 1088 1089 static int 1090 delete_addrsel_policyent(struct in6_addrpolicy *key) 1091 { 1092 struct addrsel_policyent *pol; 1093 1094 ADDRSEL_XLOCK(); 1095 ADDRSEL_LOCK(); 1096 1097 /* search for the entry in the table */ 1098 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1099 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1100 &pol->ape_policy.addr.sin6_addr) && 1101 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1102 &pol->ape_policy.addrmask.sin6_addr)) { 1103 break; 1104 } 1105 } 1106 if (pol == NULL) { 1107 ADDRSEL_UNLOCK(); 1108 ADDRSEL_XUNLOCK(); 1109 return (ESRCH); 1110 } 1111 1112 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1113 ADDRSEL_UNLOCK(); 1114 ADDRSEL_XUNLOCK(); 1115 1116 return (0); 1117 } 1118 1119 static int 1120 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1121 void *w) 1122 { 1123 struct addrsel_policyent *pol; 1124 int error = 0; 1125 1126 ADDRSEL_SLOCK(); 1127 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1128 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1129 ADDRSEL_SUNLOCK(); 1130 return (error); 1131 } 1132 } 1133 ADDRSEL_SUNLOCK(); 1134 return (error); 1135 } 1136 1137 static int 1138 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1139 { 1140 int error = 0; 1141 struct walkarg *w = arg; 1142 1143 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1144 1145 return (error); 1146 } 1147 1148 static struct in6_addrpolicy * 1149 match_addrsel_policy(struct sockaddr_in6 *key) 1150 { 1151 struct addrsel_policyent *pent; 1152 struct in6_addrpolicy *bestpol = NULL, *pol; 1153 int matchlen, bestmatchlen = -1; 1154 u_char *mp, *ep, *k, *p, m; 1155 1156 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1157 matchlen = 0; 1158 1159 pol = &pent->ape_policy; 1160 mp = (u_char *)&pol->addrmask.sin6_addr; 1161 ep = mp + 16; /* XXX: scope field? */ 1162 k = (u_char *)&key->sin6_addr; 1163 p = (u_char *)&pol->addr.sin6_addr; 1164 for (; mp < ep && *mp; mp++, k++, p++) { 1165 m = *mp; 1166 if ((*k & m) != *p) 1167 goto next; /* not match */ 1168 if (m == 0xff) /* short cut for a typical case */ 1169 matchlen += 8; 1170 else { 1171 while (m >= 0x80) { 1172 matchlen++; 1173 m <<= 1; 1174 } 1175 } 1176 } 1177 1178 /* matched. check if this is better than the current best. */ 1179 if (bestpol == NULL || 1180 matchlen > bestmatchlen) { 1181 bestpol = pol; 1182 bestmatchlen = matchlen; 1183 } 1184 1185 next: 1186 continue; 1187 } 1188 1189 return (bestpol); 1190 } 1191