xref: /freebsd/sys/netinet6/in6_src.c (revision a812392203d7c4c3f0db9d8a0f3391374c49c71f)
1 /*-
2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the project nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	$KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
30  */
31 
32 /*-
33  * Copyright (c) 1982, 1986, 1991, 1993
34  *	The Regents of the University of California.  All rights reserved.
35  *
36  * Redistribution and use in source and binary forms, with or without
37  * modification, are permitted provided that the following conditions
38  * are met:
39  * 1. Redistributions of source code must retain the above copyright
40  *    notice, this list of conditions and the following disclaimer.
41  * 2. Redistributions in binary form must reproduce the above copyright
42  *    notice, this list of conditions and the following disclaimer in the
43  *    documentation and/or other materials provided with the distribution.
44  * 4. Neither the name of the University nor the names of its contributors
45  *    may be used to endorse or promote products derived from this software
46  *    without specific prior written permission.
47  *
48  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58  * SUCH DAMAGE.
59  *
60  *	@(#)in_pcb.c	8.2 (Berkeley) 1/4/94
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68 #include "opt_mpath.h"
69 
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/lock.h>
73 #include <sys/malloc.h>
74 #include <sys/mbuf.h>
75 #include <sys/priv.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/sockio.h>
80 #include <sys/sysctl.h>
81 #include <sys/errno.h>
82 #include <sys/time.h>
83 #include <sys/jail.h>
84 #include <sys/kernel.h>
85 #include <sys/sx.h>
86 
87 #include <net/if.h>
88 #include <net/if_var.h>
89 #include <net/if_dl.h>
90 #include <net/route.h>
91 #include <net/if_llatbl.h>
92 #ifdef RADIX_MPATH
93 #include <net/radix_mpath.h>
94 #endif
95 
96 #include <netinet/in.h>
97 #include <netinet/in_var.h>
98 #include <netinet/in_systm.h>
99 #include <netinet/ip.h>
100 #include <netinet/in_pcb.h>
101 #include <netinet/ip_var.h>
102 #include <netinet/udp.h>
103 #include <netinet/udp_var.h>
104 
105 #include <netinet6/in6_var.h>
106 #include <netinet/ip6.h>
107 #include <netinet6/in6_pcb.h>
108 #include <netinet6/ip6_var.h>
109 #include <netinet6/scope6_var.h>
110 #include <netinet6/nd6.h>
111 
112 static struct mtx addrsel_lock;
113 #define	ADDRSEL_LOCK_INIT()	mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
114 #define	ADDRSEL_LOCK()		mtx_lock(&addrsel_lock)
115 #define	ADDRSEL_UNLOCK()	mtx_unlock(&addrsel_lock)
116 #define	ADDRSEL_LOCK_ASSERT()	mtx_assert(&addrsel_lock, MA_OWNED)
117 
118 static struct sx addrsel_sxlock;
119 #define	ADDRSEL_SXLOCK_INIT()	sx_init(&addrsel_sxlock, "addrsel_sxlock")
120 #define	ADDRSEL_SLOCK()		sx_slock(&addrsel_sxlock)
121 #define	ADDRSEL_SUNLOCK()	sx_sunlock(&addrsel_sxlock)
122 #define	ADDRSEL_XLOCK()		sx_xlock(&addrsel_sxlock)
123 #define	ADDRSEL_XUNLOCK()	sx_xunlock(&addrsel_sxlock)
124 
125 #define ADDR_LABEL_NOTAPP (-1)
126 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy);
127 #define	V_defaultaddrpolicy		VNET(defaultaddrpolicy)
128 
129 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
130 
131 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
132 	struct ip6_moptions *, struct route_in6 *, struct ifnet **,
133 	struct rtentry **, int, u_int);
134 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
135 	struct ip6_moptions *, struct route_in6 *ro, struct ifnet **,
136 	struct ifnet *, u_int);
137 
138 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
139 
140 static void init_policy_queue(void);
141 static int add_addrsel_policyent(struct in6_addrpolicy *);
142 static int delete_addrsel_policyent(struct in6_addrpolicy *);
143 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
144 	void *);
145 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
146 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
147 
148 /*
149  * Return an IPv6 address, which is the most appropriate for a given
150  * destination and user specified options.
151  * If necessary, this function lookups the routing table and returns
152  * an entry to the caller for later use.
153  */
154 #define REPLACE(r) do {\
155 	IP6STAT_INC(ip6s_sources_rule[(r)]); \
156 	rule = (r);	\
157 	/* { \
158 	char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
159 	printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
160 	} */ \
161 	goto replace; \
162 } while(0)
163 #define NEXT(r) do {\
164 	/* { \
165 	char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
166 	printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
167 	} */ \
168 	goto next;		/* XXX: we can't use 'continue' here */ \
169 } while(0)
170 #define BREAK(r) do { \
171 	IP6STAT_INC(ip6s_sources_rule[(r)]); \
172 	rule = (r);	\
173 	goto out;		/* XXX: we can't use 'break' here */ \
174 } while(0)
175 
176 int
177 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
178     struct inpcb *inp, struct route_in6 *ro, struct ucred *cred,
179     struct ifnet **ifpp, struct in6_addr *srcp)
180 {
181 	struct in6_addr dst, tmp;
182 	struct ifnet *ifp = NULL, *oifp = NULL;
183 	struct in6_ifaddr *ia = NULL, *ia_best = NULL;
184 	struct in6_pktinfo *pi = NULL;
185 	int dst_scope = -1, best_scope = -1, best_matchlen = -1;
186 	struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
187 	u_int32_t odstzone;
188 	int prefer_tempaddr;
189 	int error, rule;
190 	struct ip6_moptions *mopts;
191 
192 	KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
193 
194 	dst = dstsock->sin6_addr; /* make a copy for local operation */
195 	if (ifpp) {
196 		/*
197 		 * Save a possibly passed in ifp for in6_selectsrc. Only
198 		 * neighbor discovery code should use this feature, where
199 		 * we may know the interface but not the FIB number holding
200 		 * the connected subnet in case someone deleted it from the
201 		 * default FIB and we need to check the interface.
202 		 */
203 		if (*ifpp != NULL)
204 			oifp = *ifpp;
205 		*ifpp = NULL;
206 	}
207 
208 	if (inp != NULL) {
209 		INP_LOCK_ASSERT(inp);
210 		mopts = inp->in6p_moptions;
211 	} else {
212 		mopts = NULL;
213 	}
214 
215 	/*
216 	 * If the source address is explicitly specified by the caller,
217 	 * check if the requested source address is indeed a unicast address
218 	 * assigned to the node, and can be used as the packet's source
219 	 * address.  If everything is okay, use the address as source.
220 	 */
221 	if (opts && (pi = opts->ip6po_pktinfo) &&
222 	    !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
223 		struct sockaddr_in6 srcsock;
224 		struct in6_ifaddr *ia6;
225 
226 		/* get the outgoing interface */
227 		if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
228 		    (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB))
229 		    != 0)
230 			return (error);
231 
232 		/*
233 		 * determine the appropriate zone id of the source based on
234 		 * the zone of the destination and the outgoing interface.
235 		 * If the specified address is ambiguous wrt the scope zone,
236 		 * the interface must be specified; otherwise, ifa_ifwithaddr()
237 		 * will fail matching the address.
238 		 */
239 		bzero(&srcsock, sizeof(srcsock));
240 		srcsock.sin6_family = AF_INET6;
241 		srcsock.sin6_len = sizeof(srcsock);
242 		srcsock.sin6_addr = pi->ipi6_addr;
243 		if (ifp) {
244 			error = in6_setscope(&srcsock.sin6_addr, ifp, NULL);
245 			if (error)
246 				return (error);
247 		}
248 		if (cred != NULL && (error = prison_local_ip6(cred,
249 		    &srcsock.sin6_addr, (inp != NULL &&
250 		    (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
251 			return (error);
252 
253 		ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(
254 		    (struct sockaddr *)&srcsock);
255 		if (ia6 == NULL ||
256 		    (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
257 			if (ia6 != NULL)
258 				ifa_free(&ia6->ia_ifa);
259 			return (EADDRNOTAVAIL);
260 		}
261 		pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
262 		if (ifpp)
263 			*ifpp = ifp;
264 		bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp));
265 		ifa_free(&ia6->ia_ifa);
266 		return (0);
267 	}
268 
269 	/*
270 	 * Otherwise, if the socket has already bound the source, just use it.
271 	 */
272 	if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
273 		if (cred != NULL &&
274 		    (error = prison_local_ip6(cred, &inp->in6p_laddr,
275 		    ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
276 			return (error);
277 		bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
278 		return (0);
279 	}
280 
281 	/*
282 	 * Bypass source address selection and use the primary jail IP
283 	 * if requested.
284 	 */
285 	if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
286 		return (0);
287 
288 	/*
289 	 * If the address is not specified, choose the best one based on
290 	 * the outgoing interface and the destination address.
291 	 */
292 	/* get the outgoing interface */
293 	if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp,
294 	    (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0)
295 		return (error);
296 
297 #ifdef DIAGNOSTIC
298 	if (ifp == NULL)	/* this should not happen */
299 		panic("in6_selectsrc: NULL ifp");
300 #endif
301 	error = in6_setscope(&dst, ifp, &odstzone);
302 	if (error)
303 		return (error);
304 
305 	rule = 0;
306 	IN6_IFADDR_RLOCK();
307 	TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
308 		int new_scope = -1, new_matchlen = -1;
309 		struct in6_addrpolicy *new_policy = NULL;
310 		u_int32_t srczone, osrczone, dstzone;
311 		struct in6_addr src;
312 		struct ifnet *ifp1 = ia->ia_ifp;
313 
314 		/*
315 		 * We'll never take an address that breaks the scope zone
316 		 * of the destination.  We also skip an address if its zone
317 		 * does not contain the outgoing interface.
318 		 * XXX: we should probably use sin6_scope_id here.
319 		 */
320 		if (in6_setscope(&dst, ifp1, &dstzone) ||
321 		    odstzone != dstzone) {
322 			continue;
323 		}
324 		src = ia->ia_addr.sin6_addr;
325 		if (in6_setscope(&src, ifp, &osrczone) ||
326 		    in6_setscope(&src, ifp1, &srczone) ||
327 		    osrczone != srczone) {
328 			continue;
329 		}
330 
331 		/* avoid unusable addresses */
332 		if ((ia->ia6_flags &
333 		     (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
334 				continue;
335 		}
336 		if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
337 			continue;
338 
339 		/* If jailed only take addresses of the jail into account. */
340 		if (cred != NULL &&
341 		    prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
342 			continue;
343 
344 		/* Rule 1: Prefer same address */
345 		if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
346 			ia_best = ia;
347 			BREAK(1); /* there should be no better candidate */
348 		}
349 
350 		if (ia_best == NULL)
351 			REPLACE(0);
352 
353 		/* Rule 2: Prefer appropriate scope */
354 		if (dst_scope < 0)
355 			dst_scope = in6_addrscope(&dst);
356 		new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
357 		if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
358 			if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
359 				REPLACE(2);
360 			NEXT(2);
361 		} else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
362 			if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
363 				NEXT(2);
364 			REPLACE(2);
365 		}
366 
367 		/*
368 		 * Rule 3: Avoid deprecated addresses.  Note that the case of
369 		 * !ip6_use_deprecated is already rejected above.
370 		 */
371 		if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
372 			NEXT(3);
373 		if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
374 			REPLACE(3);
375 
376 		/* Rule 4: Prefer home addresses */
377 		/*
378 		 * XXX: This is a TODO.  We should probably merge the MIP6
379 		 * case above.
380 		 */
381 
382 		/* Rule 5: Prefer outgoing interface */
383 		if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
384 			if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
385 				NEXT(5);
386 			if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
387 				REPLACE(5);
388 		}
389 
390 		/*
391 		 * Rule 6: Prefer matching label
392 		 * Note that best_policy should be non-NULL here.
393 		 */
394 		if (dst_policy == NULL)
395 			dst_policy = lookup_addrsel_policy(dstsock);
396 		if (dst_policy->label != ADDR_LABEL_NOTAPP) {
397 			new_policy = lookup_addrsel_policy(&ia->ia_addr);
398 			if (dst_policy->label == best_policy->label &&
399 			    dst_policy->label != new_policy->label)
400 				NEXT(6);
401 			if (dst_policy->label != best_policy->label &&
402 			    dst_policy->label == new_policy->label)
403 				REPLACE(6);
404 		}
405 
406 		/*
407 		 * Rule 7: Prefer public addresses.
408 		 * We allow users to reverse the logic by configuring
409 		 * a sysctl variable, so that privacy conscious users can
410 		 * always prefer temporary addresses.
411 		 */
412 		if (opts == NULL ||
413 		    opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
414 			prefer_tempaddr = V_ip6_prefer_tempaddr;
415 		} else if (opts->ip6po_prefer_tempaddr ==
416 		    IP6PO_TEMPADDR_NOTPREFER) {
417 			prefer_tempaddr = 0;
418 		} else
419 			prefer_tempaddr = 1;
420 		if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
421 		    (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
422 			if (prefer_tempaddr)
423 				REPLACE(7);
424 			else
425 				NEXT(7);
426 		}
427 		if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
428 		    !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
429 			if (prefer_tempaddr)
430 				NEXT(7);
431 			else
432 				REPLACE(7);
433 		}
434 
435 		/*
436 		 * Rule 8: prefer addresses on alive interfaces.
437 		 * This is a KAME specific rule.
438 		 */
439 		if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
440 		    !(ia->ia_ifp->if_flags & IFF_UP))
441 			NEXT(8);
442 		if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
443 		    (ia->ia_ifp->if_flags & IFF_UP))
444 			REPLACE(8);
445 
446 		/*
447 		 * Rule 9: prefer address with better virtual status.
448 		 */
449 		if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa))
450 			REPLACE(9);
451 		if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa))
452 			NEXT(9);
453 
454 		/*
455 		 * Rule 10: prefer address with `prefer_source' flag.
456 		 */
457 		if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 &&
458 		    (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0)
459 			REPLACE(10);
460 		if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 &&
461 		    (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0)
462 			NEXT(10);
463 
464 		/*
465 		 * Rule 14: Use longest matching prefix.
466 		 * Note: in the address selection draft, this rule is
467 		 * documented as "Rule 8".  However, since it is also
468 		 * documented that this rule can be overridden, we assign
469 		 * a large number so that it is easy to assign smaller numbers
470 		 * to more preferred rules.
471 		 */
472 		new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
473 		if (best_matchlen < new_matchlen)
474 			REPLACE(14);
475 		if (new_matchlen < best_matchlen)
476 			NEXT(14);
477 
478 		/* Rule 15 is reserved. */
479 
480 		/*
481 		 * Last resort: just keep the current candidate.
482 		 * Or, do we need more rules?
483 		 */
484 		continue;
485 
486 	  replace:
487 		ia_best = ia;
488 		best_scope = (new_scope >= 0 ? new_scope :
489 			      in6_addrscope(&ia_best->ia_addr.sin6_addr));
490 		best_policy = (new_policy ? new_policy :
491 			       lookup_addrsel_policy(&ia_best->ia_addr));
492 		best_matchlen = (new_matchlen >= 0 ? new_matchlen :
493 				 in6_matchlen(&ia_best->ia_addr.sin6_addr,
494 					      &dst));
495 
496 	  next:
497 		continue;
498 
499 	  out:
500 		break;
501 	}
502 
503 	if ((ia = ia_best) == NULL) {
504 		IN6_IFADDR_RUNLOCK();
505 		IP6STAT_INC(ip6s_sources_none);
506 		return (EADDRNOTAVAIL);
507 	}
508 
509 	/*
510 	 * At this point at least one of the addresses belonged to the jail
511 	 * but it could still be, that we want to further restrict it, e.g.
512 	 * theoratically IN6_IS_ADDR_LOOPBACK.
513 	 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
514 	 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
515 	 * let all others previously selected pass.
516 	 * Use tmp to not change ::1 on lo0 to the primary jail address.
517 	 */
518 	tmp = ia->ia_addr.sin6_addr;
519 	if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
520 	    (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
521 		IN6_IFADDR_RUNLOCK();
522 		IP6STAT_INC(ip6s_sources_none);
523 		return (EADDRNOTAVAIL);
524 	}
525 
526 	if (ifpp)
527 		*ifpp = ifp;
528 
529 	bcopy(&tmp, srcp, sizeof(*srcp));
530 	if (ia->ia_ifp == ifp)
531 		IP6STAT_INC(ip6s_sources_sameif[best_scope]);
532 	else
533 		IP6STAT_INC(ip6s_sources_otherif[best_scope]);
534 	if (dst_scope == best_scope)
535 		IP6STAT_INC(ip6s_sources_samescope[best_scope]);
536 	else
537 		IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
538 	if (IFA6_IS_DEPRECATED(ia))
539 		IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
540 	IN6_IFADDR_RUNLOCK();
541 	return (0);
542 }
543 
544 /*
545  * clone - meaningful only for bsdi and freebsd
546  */
547 static int
548 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
549     struct ip6_moptions *mopts, struct route_in6 *ro,
550     struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum)
551 {
552 	int error = 0;
553 	struct ifnet *ifp = NULL;
554 	struct rtentry *rt = NULL;
555 	struct sockaddr_in6 *sin6_next;
556 	struct in6_pktinfo *pi = NULL;
557 	struct in6_addr *dst = &dstsock->sin6_addr;
558 	uint32_t zoneid;
559 #if 0
560 	char ip6buf[INET6_ADDRSTRLEN];
561 
562 	if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
563 	    dstsock->sin6_addr.s6_addr32[1] == 0 &&
564 	    !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
565 		printf("in6_selectroute: strange destination %s\n",
566 		       ip6_sprintf(ip6buf, &dstsock->sin6_addr));
567 	} else {
568 		printf("in6_selectroute: destination = %s%%%d\n",
569 		       ip6_sprintf(ip6buf, &dstsock->sin6_addr),
570 		       dstsock->sin6_scope_id); /* for debug */
571 	}
572 #endif
573 
574 	/* If the caller specify the outgoing interface explicitly, use it. */
575 	if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
576 		/* XXX boundary check is assumed to be already done. */
577 		ifp = ifnet_byindex(pi->ipi6_ifindex);
578 		if (ifp != NULL &&
579 		    (norouteok || retrt == NULL ||
580 		    IN6_IS_ADDR_MULTICAST(dst))) {
581 			/*
582 			 * we do not have to check or get the route for
583 			 * multicast.
584 			 */
585 			goto done;
586 		} else
587 			goto getroute;
588 	}
589 	/*
590 	 * If the destination address is a multicast address and the outgoing
591 	 * interface for the address is specified by the caller, use it.
592 	 */
593 	if (IN6_IS_ADDR_MULTICAST(dst) &&
594 	    mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
595 		goto done; /* we do not need a route for multicast. */
596 	}
597 	/*
598 	 * If destination address is LLA or link- or node-local multicast,
599 	 * use it's embedded scope zone id to determine outgoing interface.
600 	 */
601 	if (IN6_IS_ADDR_MC_LINKLOCAL(dst) ||
602 	    IN6_IS_ADDR_MC_NODELOCAL(dst)) {
603 		zoneid = ntohs(in6_getscope(dst));
604 		if (zoneid > 0) {
605 			ifp = in6_getlinkifnet(zoneid);
606 			goto done;
607 		}
608 	}
609 
610   getroute:
611 	/*
612 	 * If the next hop address for the packet is specified by the caller,
613 	 * use it as the gateway.
614 	 */
615 	if (opts && opts->ip6po_nexthop) {
616 		struct route_in6 *ron;
617 		struct llentry *la;
618 
619 		sin6_next = satosin6(opts->ip6po_nexthop);
620 
621 		/* at this moment, we only support AF_INET6 next hops */
622 		if (sin6_next->sin6_family != AF_INET6) {
623 			error = EAFNOSUPPORT; /* or should we proceed? */
624 			goto done;
625 		}
626 
627 		/*
628 		 * If the next hop is an IPv6 address, then the node identified
629 		 * by that address must be a neighbor of the sending host.
630 		 */
631 		ron = &opts->ip6po_nextroute;
632 		/*
633 		 * XXX what do we do here?
634 		 * PLZ to be fixing
635 		 */
636 
637 
638 		if (ron->ro_rt == NULL) {
639 			in6_rtalloc(ron, fibnum); /* multi path case? */
640 			if (ron->ro_rt == NULL) {
641 				/* XXX-BZ WT.? */
642 				if (ron->ro_rt) {
643 					RTFREE(ron->ro_rt);
644 					ron->ro_rt = NULL;
645 				}
646 				error = EHOSTUNREACH;
647 				goto done;
648 			}
649 		}
650 
651 		rt = ron->ro_rt;
652 		ifp = rt->rt_ifp;
653 		IF_AFDATA_RLOCK(ifp);
654 		la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)sin6_next);
655 		IF_AFDATA_RUNLOCK(ifp);
656 		if (la != NULL)
657 			LLE_RUNLOCK(la);
658 		else {
659 			error = EHOSTUNREACH;
660 			goto done;
661 		}
662 #if 0
663 		if ((ron->ro_rt &&
664 		     (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
665 		     (RTF_UP | RTF_LLINFO)) ||
666 		    !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr,
667 		    &sin6_next->sin6_addr)) {
668 			if (ron->ro_rt) {
669 				RTFREE(ron->ro_rt);
670 				ron->ro_rt = NULL;
671 			}
672 			*satosin6(&ron->ro_dst) = *sin6_next;
673 		}
674 		if (ron->ro_rt == NULL) {
675 			in6_rtalloc(ron, fibnum); /* multi path case? */
676 			if (ron->ro_rt == NULL ||
677 			    !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
678 				if (ron->ro_rt) {
679 					RTFREE(ron->ro_rt);
680 					ron->ro_rt = NULL;
681 				}
682 				error = EHOSTUNREACH;
683 				goto done;
684 			}
685 		}
686 #endif
687 
688 		/*
689 		 * When cloning is required, try to allocate a route to the
690 		 * destination so that the caller can store path MTU
691 		 * information.
692 		 */
693 		goto done;
694 	}
695 
696 	/*
697 	 * Use a cached route if it exists and is valid, else try to allocate
698 	 * a new one.  Note that we should check the address family of the
699 	 * cached destination, in case of sharing the cache with IPv4.
700 	 */
701 	if (ro) {
702 		if (ro->ro_rt &&
703 		    (!(ro->ro_rt->rt_flags & RTF_UP) ||
704 		     ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
705 		     !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
706 		     dst))) {
707 			RTFREE(ro->ro_rt);
708 			ro->ro_rt = (struct rtentry *)NULL;
709 		}
710 		if (ro->ro_rt == (struct rtentry *)NULL) {
711 			struct sockaddr_in6 *sa6;
712 
713 			/* No route yet, so try to acquire one */
714 			bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
715 			sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
716 			*sa6 = *dstsock;
717 			sa6->sin6_scope_id = 0;
718 
719 #ifdef RADIX_MPATH
720 				rtalloc_mpath_fib((struct route *)ro,
721 				    ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum);
722 #else
723 				ro->ro_rt = in6_rtalloc1((struct sockaddr *)
724 				    &ro->ro_dst, 0, 0UL, fibnum);
725 				if (ro->ro_rt)
726 					RT_UNLOCK(ro->ro_rt);
727 #endif
728 		}
729 
730 		/*
731 		 * do not care about the result if we have the nexthop
732 		 * explicitly specified.
733 		 */
734 		if (opts && opts->ip6po_nexthop)
735 			goto done;
736 
737 		if (ro->ro_rt) {
738 			ifp = ro->ro_rt->rt_ifp;
739 
740 			if (ifp == NULL) { /* can this really happen? */
741 				RTFREE(ro->ro_rt);
742 				ro->ro_rt = NULL;
743 			}
744 		}
745 		if (ro->ro_rt == NULL)
746 			error = EHOSTUNREACH;
747 		rt = ro->ro_rt;
748 
749 		/*
750 		 * Check if the outgoing interface conflicts with
751 		 * the interface specified by ipi6_ifindex (if specified).
752 		 * Note that loopback interface is always okay.
753 		 * (this may happen when we are sending a packet to one of
754 		 *  our own addresses.)
755 		 */
756 		if (ifp && opts && opts->ip6po_pktinfo &&
757 		    opts->ip6po_pktinfo->ipi6_ifindex) {
758 			if (!(ifp->if_flags & IFF_LOOPBACK) &&
759 			    ifp->if_index !=
760 			    opts->ip6po_pktinfo->ipi6_ifindex) {
761 				error = EHOSTUNREACH;
762 				goto done;
763 			}
764 		}
765 	}
766 
767   done:
768 	if (ifp == NULL && rt == NULL) {
769 		/*
770 		 * This can happen if the caller did not pass a cached route
771 		 * nor any other hints.  We treat this case an error.
772 		 */
773 		error = EHOSTUNREACH;
774 	}
775 	if (error == EHOSTUNREACH)
776 		IP6STAT_INC(ip6s_noroute);
777 
778 	if (retifp != NULL) {
779 		*retifp = ifp;
780 
781 		/*
782 		 * Adjust the "outgoing" interface.  If we're going to loop
783 		 * the packet back to ourselves, the ifp would be the loopback
784 		 * interface. However, we'd rather know the interface associated
785 		 * to the destination address (which should probably be one of
786 		 * our own addresses.)
787 		 */
788 		if (rt) {
789 			if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
790 			    (rt->rt_gateway->sa_family == AF_LINK))
791 				*retifp =
792 					ifnet_byindex(((struct sockaddr_dl *)
793 						       rt->rt_gateway)->sdl_index);
794 		}
795 	}
796 
797 	if (retrt != NULL)
798 		*retrt = rt;	/* rt may be NULL */
799 
800 	return (error);
801 }
802 
803 static int
804 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
805     struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp,
806     struct ifnet *oifp, u_int fibnum)
807 {
808 	int error;
809 	struct route_in6 sro;
810 	struct rtentry *rt = NULL;
811 
812 	KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
813 
814 	if (ro == NULL) {
815 		bzero(&sro, sizeof(sro));
816 		ro = &sro;
817 	}
818 
819 	if ((error = selectroute(dstsock, opts, mopts, ro, retifp,
820 	    &rt, 1, fibnum)) != 0) {
821 		if (ro == &sro && rt && rt == sro.ro_rt)
822 			RTFREE(rt);
823 		/* Help ND. See oifp comment in in6_selectsrc(). */
824 		if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
825 			*retifp = oifp;
826 			error = 0;
827 		}
828 		return (error);
829 	}
830 
831 	/*
832 	 * do not use a rejected or black hole route.
833 	 * XXX: this check should be done in the L2 output routine.
834 	 * However, if we skipped this check here, we'd see the following
835 	 * scenario:
836 	 * - install a rejected route for a scoped address prefix
837 	 *   (like fe80::/10)
838 	 * - send a packet to a destination that matches the scoped prefix,
839 	 *   with ambiguity about the scope zone.
840 	 * - pick the outgoing interface from the route, and disambiguate the
841 	 *   scope zone with the interface.
842 	 * - ip6_output() would try to get another route with the "new"
843 	 *   destination, which may be valid.
844 	 * - we'd see no error on output.
845 	 * Although this may not be very harmful, it should still be confusing.
846 	 * We thus reject the case here.
847 	 */
848 	if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) {
849 		int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
850 
851 		if (ro == &sro && rt && rt == sro.ro_rt)
852 			RTFREE(rt);
853 		return (flags);
854 	}
855 
856 	if (ro == &sro && rt && rt == sro.ro_rt)
857 		RTFREE(rt);
858 	return (0);
859 }
860 
861 /*
862  * Public wrapper function to selectroute().
863  *
864  * XXX-BZ in6_selectroute() should and will grow the FIB argument. The
865  * in6_selectroute_fib() function is only there for backward compat on stable.
866  */
867 int
868 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
869     struct ip6_moptions *mopts, struct route_in6 *ro,
870     struct ifnet **retifp, struct rtentry **retrt)
871 {
872 
873 	return (selectroute(dstsock, opts, mopts, ro, retifp,
874 	    retrt, 0, RT_DEFAULT_FIB));
875 }
876 
877 #ifndef BURN_BRIDGES
878 int
879 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
880     struct ip6_moptions *mopts, struct route_in6 *ro,
881     struct ifnet **retifp, struct rtentry **retrt, u_int fibnum)
882 {
883 
884 	return (selectroute(dstsock, opts, mopts, ro, retifp,
885 	    retrt, 0, fibnum));
886 }
887 #endif
888 
889 /*
890  * Default hop limit selection. The precedence is as follows:
891  * 1. Hoplimit value specified via ioctl.
892  * 2. (If the outgoing interface is detected) the current
893  *     hop limit of the interface specified by router advertisement.
894  * 3. The system default hoplimit.
895  */
896 int
897 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp)
898 {
899 
900 	if (in6p && in6p->in6p_hops >= 0)
901 		return (in6p->in6p_hops);
902 	else if (ifp)
903 		return (ND_IFINFO(ifp)->chlim);
904 	else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
905 		struct route_in6 ro6;
906 		struct ifnet *lifp;
907 
908 		bzero(&ro6, sizeof(ro6));
909 		ro6.ro_dst.sin6_family = AF_INET6;
910 		ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
911 		ro6.ro_dst.sin6_addr = in6p->in6p_faddr;
912 		in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum);
913 		if (ro6.ro_rt) {
914 			lifp = ro6.ro_rt->rt_ifp;
915 			RTFREE(ro6.ro_rt);
916 			if (lifp)
917 				return (ND_IFINFO(lifp)->chlim);
918 		}
919 	}
920 	return (V_ip6_defhlim);
921 }
922 
923 /*
924  * XXX: this is borrowed from in6_pcbbind(). If possible, we should
925  * share this function by all *bsd*...
926  */
927 int
928 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
929 {
930 	struct socket *so = inp->inp_socket;
931 	u_int16_t lport = 0;
932 	int error, lookupflags = 0;
933 #ifdef INVARIANTS
934 	struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
935 #endif
936 
937 	INP_WLOCK_ASSERT(inp);
938 	INP_HASH_WLOCK_ASSERT(pcbinfo);
939 
940 	error = prison_local_ip6(cred, laddr,
941 	    ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0));
942 	if (error)
943 		return(error);
944 
945 	/* XXX: this is redundant when called from in6_pcbbind */
946 	if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
947 		lookupflags = INPLOOKUP_WILDCARD;
948 
949 	inp->inp_flags |= INP_ANONPORT;
950 
951 	error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags);
952 	if (error != 0)
953 		return (error);
954 
955 	inp->inp_lport = lport;
956 	if (in_pcbinshash(inp) != 0) {
957 		inp->in6p_laddr = in6addr_any;
958 		inp->inp_lport = 0;
959 		return (EAGAIN);
960 	}
961 
962 	return (0);
963 }
964 
965 void
966 addrsel_policy_init(void)
967 {
968 
969 	init_policy_queue();
970 
971 	/* initialize the "last resort" policy */
972 	bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
973 	V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
974 
975 	if (!IS_DEFAULT_VNET(curvnet))
976 		return;
977 
978 	ADDRSEL_LOCK_INIT();
979 	ADDRSEL_SXLOCK_INIT();
980 }
981 
982 static struct in6_addrpolicy *
983 lookup_addrsel_policy(struct sockaddr_in6 *key)
984 {
985 	struct in6_addrpolicy *match = NULL;
986 
987 	ADDRSEL_LOCK();
988 	match = match_addrsel_policy(key);
989 
990 	if (match == NULL)
991 		match = &V_defaultaddrpolicy;
992 	else
993 		match->use++;
994 	ADDRSEL_UNLOCK();
995 
996 	return (match);
997 }
998 
999 /*
1000  * Subroutines to manage the address selection policy table via sysctl.
1001  */
1002 struct walkarg {
1003 	struct sysctl_req *w_req;
1004 };
1005 
1006 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
1007 SYSCTL_DECL(_net_inet6_ip6);
1008 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
1009 	CTLFLAG_RD, in6_src_sysctl, "");
1010 
1011 static int
1012 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
1013 {
1014 	struct walkarg w;
1015 
1016 	if (req->newptr)
1017 		return EPERM;
1018 
1019 	bzero(&w, sizeof(w));
1020 	w.w_req = req;
1021 
1022 	return (walk_addrsel_policy(dump_addrsel_policyent, &w));
1023 }
1024 
1025 int
1026 in6_src_ioctl(u_long cmd, caddr_t data)
1027 {
1028 	struct in6_addrpolicy ent0;
1029 
1030 	if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
1031 		return (EOPNOTSUPP); /* check for safety */
1032 
1033 	ent0 = *(struct in6_addrpolicy *)data;
1034 
1035 	if (ent0.label == ADDR_LABEL_NOTAPP)
1036 		return (EINVAL);
1037 	/* check if the prefix mask is consecutive. */
1038 	if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
1039 		return (EINVAL);
1040 	/* clear trailing garbages (if any) of the prefix address. */
1041 	IN6_MASK_ADDR(&ent0.addr.sin6_addr, &ent0.addrmask.sin6_addr);
1042 	ent0.use = 0;
1043 
1044 	switch (cmd) {
1045 	case SIOCAADDRCTL_POLICY:
1046 		return (add_addrsel_policyent(&ent0));
1047 	case SIOCDADDRCTL_POLICY:
1048 		return (delete_addrsel_policyent(&ent0));
1049 	}
1050 
1051 	return (0);		/* XXX: compromise compilers */
1052 }
1053 
1054 /*
1055  * The followings are implementation of the policy table using a
1056  * simple tail queue.
1057  * XXX such details should be hidden.
1058  * XXX implementation using binary tree should be more efficient.
1059  */
1060 struct addrsel_policyent {
1061 	TAILQ_ENTRY(addrsel_policyent) ape_entry;
1062 	struct in6_addrpolicy ape_policy;
1063 };
1064 
1065 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1066 
1067 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab);
1068 #define	V_addrsel_policytab		VNET(addrsel_policytab)
1069 
1070 static void
1071 init_policy_queue(void)
1072 {
1073 
1074 	TAILQ_INIT(&V_addrsel_policytab);
1075 }
1076 
1077 static int
1078 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1079 {
1080 	struct addrsel_policyent *new, *pol;
1081 
1082 	new = malloc(sizeof(*new), M_IFADDR,
1083 	       M_WAITOK);
1084 	ADDRSEL_XLOCK();
1085 	ADDRSEL_LOCK();
1086 
1087 	/* duplication check */
1088 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1089 		if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1090 				       &pol->ape_policy.addr.sin6_addr) &&
1091 		    IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1092 				       &pol->ape_policy.addrmask.sin6_addr)) {
1093 			ADDRSEL_UNLOCK();
1094 			ADDRSEL_XUNLOCK();
1095 			free(new, M_IFADDR);
1096 			return (EEXIST);	/* or override it? */
1097 		}
1098 	}
1099 
1100 	bzero(new, sizeof(*new));
1101 
1102 	/* XXX: should validate entry */
1103 	new->ape_policy = *newpolicy;
1104 
1105 	TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1106 	ADDRSEL_UNLOCK();
1107 	ADDRSEL_XUNLOCK();
1108 
1109 	return (0);
1110 }
1111 
1112 static int
1113 delete_addrsel_policyent(struct in6_addrpolicy *key)
1114 {
1115 	struct addrsel_policyent *pol;
1116 
1117 	ADDRSEL_XLOCK();
1118 	ADDRSEL_LOCK();
1119 
1120 	/* search for the entry in the table */
1121 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1122 		if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1123 		    &pol->ape_policy.addr.sin6_addr) &&
1124 		    IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1125 		    &pol->ape_policy.addrmask.sin6_addr)) {
1126 			break;
1127 		}
1128 	}
1129 	if (pol == NULL) {
1130 		ADDRSEL_UNLOCK();
1131 		ADDRSEL_XUNLOCK();
1132 		return (ESRCH);
1133 	}
1134 
1135 	TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1136 	ADDRSEL_UNLOCK();
1137 	ADDRSEL_XUNLOCK();
1138 	free(pol, M_IFADDR);
1139 
1140 	return (0);
1141 }
1142 
1143 static int
1144 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
1145 {
1146 	struct addrsel_policyent *pol;
1147 	int error = 0;
1148 
1149 	ADDRSEL_SLOCK();
1150 	TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1151 		if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1152 			ADDRSEL_SUNLOCK();
1153 			return (error);
1154 		}
1155 	}
1156 	ADDRSEL_SUNLOCK();
1157 	return (error);
1158 }
1159 
1160 static int
1161 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1162 {
1163 	int error = 0;
1164 	struct walkarg *w = arg;
1165 
1166 	error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1167 
1168 	return (error);
1169 }
1170 
1171 static struct in6_addrpolicy *
1172 match_addrsel_policy(struct sockaddr_in6 *key)
1173 {
1174 	struct addrsel_policyent *pent;
1175 	struct in6_addrpolicy *bestpol = NULL, *pol;
1176 	int matchlen, bestmatchlen = -1;
1177 	u_char *mp, *ep, *k, *p, m;
1178 
1179 	TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1180 		matchlen = 0;
1181 
1182 		pol = &pent->ape_policy;
1183 		mp = (u_char *)&pol->addrmask.sin6_addr;
1184 		ep = mp + 16;	/* XXX: scope field? */
1185 		k = (u_char *)&key->sin6_addr;
1186 		p = (u_char *)&pol->addr.sin6_addr;
1187 		for (; mp < ep && *mp; mp++, k++, p++) {
1188 			m = *mp;
1189 			if ((*k & m) != *p)
1190 				goto next; /* not match */
1191 			if (m == 0xff) /* short cut for a typical case */
1192 				matchlen += 8;
1193 			else {
1194 				while (m >= 0x80) {
1195 					matchlen++;
1196 					m <<= 1;
1197 				}
1198 			}
1199 		}
1200 
1201 		/* matched.  check if this is better than the current best. */
1202 		if (bestpol == NULL ||
1203 		    matchlen > bestmatchlen) {
1204 			bestpol = pol;
1205 			bestmatchlen = matchlen;
1206 		}
1207 
1208 	  next:
1209 		continue;
1210 	}
1211 
1212 	return (bestpol);
1213 }
1214