1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/if_dl.h> 89 #include <net/route.h> 90 #include <net/if_llatbl.h> 91 #ifdef RADIX_MPATH 92 #include <net/radix_mpath.h> 93 #endif 94 95 #include <netinet/in.h> 96 #include <netinet/in_var.h> 97 #include <netinet/in_systm.h> 98 #include <netinet/ip.h> 99 #include <netinet/in_pcb.h> 100 #include <netinet/ip_var.h> 101 #include <netinet/udp.h> 102 #include <netinet/udp_var.h> 103 104 #include <netinet6/in6_var.h> 105 #include <netinet/ip6.h> 106 #include <netinet6/in6_pcb.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/scope6_var.h> 109 #include <netinet6/nd6.h> 110 111 static struct mtx addrsel_lock; 112 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 113 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 114 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 115 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 116 117 static struct sx addrsel_sxlock; 118 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 119 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 120 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 121 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 122 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 123 124 #define ADDR_LABEL_NOTAPP (-1) 125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 126 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 127 128 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; 129 130 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 131 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 132 struct rtentry **, int)); 133 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 135 136 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 137 138 static void init_policy_queue(void); 139 static int add_addrsel_policyent(struct in6_addrpolicy *); 140 static int delete_addrsel_policyent(struct in6_addrpolicy *); 141 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 142 void *)); 143 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 144 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 145 146 /* 147 * Return an IPv6 address, which is the most appropriate for a given 148 * destination and user specified options. 149 * If necessary, this function lookups the routing table and returns 150 * an entry to the caller for later use. 151 */ 152 #define REPLACE(r) do {\ 153 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 154 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 155 V_ip6stat.ip6s_sources_rule[(r)]++; \ 156 /* { \ 157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 159 } */ \ 160 goto replace; \ 161 } while(0) 162 #define NEXT(r) do {\ 163 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 164 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 165 V_ip6stat.ip6s_sources_rule[(r)]++; \ 166 /* { \ 167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 169 } */ \ 170 goto next; /* XXX: we can't use 'continue' here */ \ 171 } while(0) 172 #define BREAK(r) do { \ 173 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 174 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 175 V_ip6stat.ip6s_sources_rule[(r)]++; \ 176 goto out; /* XXX: we can't use 'break' here */ \ 177 } while(0) 178 179 int 180 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 181 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 182 struct ifnet **ifpp, struct in6_addr *srcp) 183 { 184 struct in6_addr dst, tmp; 185 struct ifnet *ifp = NULL; 186 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 187 struct in6_pktinfo *pi = NULL; 188 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 189 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 190 u_int32_t odstzone; 191 int prefer_tempaddr; 192 int error; 193 struct ip6_moptions *mopts; 194 195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 196 197 dst = dstsock->sin6_addr; /* make a copy for local operation */ 198 if (ifpp) 199 *ifpp = NULL; 200 201 if (inp != NULL) { 202 INP_LOCK_ASSERT(inp); 203 mopts = inp->in6p_moptions; 204 } else { 205 mopts = NULL; 206 } 207 208 /* 209 * If the source address is explicitly specified by the caller, 210 * check if the requested source address is indeed a unicast address 211 * assigned to the node, and can be used as the packet's source 212 * address. If everything is okay, use the address as source. 213 */ 214 if (opts && (pi = opts->ip6po_pktinfo) && 215 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 216 struct sockaddr_in6 srcsock; 217 struct in6_ifaddr *ia6; 218 219 /* get the outgoing interface */ 220 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 221 return (error); 222 223 /* 224 * determine the appropriate zone id of the source based on 225 * the zone of the destination and the outgoing interface. 226 * If the specified address is ambiguous wrt the scope zone, 227 * the interface must be specified; otherwise, ifa_ifwithaddr() 228 * will fail matching the address. 229 */ 230 bzero(&srcsock, sizeof(srcsock)); 231 srcsock.sin6_family = AF_INET6; 232 srcsock.sin6_len = sizeof(srcsock); 233 srcsock.sin6_addr = pi->ipi6_addr; 234 if (ifp) { 235 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 236 if (error) 237 return (error); 238 } 239 if (cred != NULL && (error = prison_local_ip6(cred, 240 &srcsock.sin6_addr, (inp != NULL && 241 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 242 return (error); 243 244 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 245 (struct sockaddr *)&srcsock); 246 if (ia6 == NULL || 247 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 248 if (ia6 != NULL) 249 ifa_free(&ia6->ia_ifa); 250 return (EADDRNOTAVAIL); 251 } 252 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 253 if (ifpp) 254 *ifpp = ifp; 255 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 256 ifa_free(&ia6->ia_ifa); 257 return (0); 258 } 259 260 /* 261 * Otherwise, if the socket has already bound the source, just use it. 262 */ 263 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 264 if (cred != NULL && 265 (error = prison_local_ip6(cred, &inp->in6p_laddr, 266 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 267 return (error); 268 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 269 return (0); 270 } 271 272 /* 273 * Bypass source address selection and use the primary jail IP 274 * if requested. 275 */ 276 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 277 return (0); 278 279 /* 280 * If the address is not specified, choose the best one based on 281 * the outgoing interface and the destination address. 282 */ 283 /* get the outgoing interface */ 284 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 285 return (error); 286 287 #ifdef DIAGNOSTIC 288 if (ifp == NULL) /* this should not happen */ 289 panic("in6_selectsrc: NULL ifp"); 290 #endif 291 error = in6_setscope(&dst, ifp, &odstzone); 292 if (error) 293 return (error); 294 295 IN6_IFADDR_RLOCK(); 296 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 297 int new_scope = -1, new_matchlen = -1; 298 struct in6_addrpolicy *new_policy = NULL; 299 u_int32_t srczone, osrczone, dstzone; 300 struct in6_addr src; 301 struct ifnet *ifp1 = ia->ia_ifp; 302 303 /* 304 * We'll never take an address that breaks the scope zone 305 * of the destination. We also skip an address if its zone 306 * does not contain the outgoing interface. 307 * XXX: we should probably use sin6_scope_id here. 308 */ 309 if (in6_setscope(&dst, ifp1, &dstzone) || 310 odstzone != dstzone) { 311 continue; 312 } 313 src = ia->ia_addr.sin6_addr; 314 if (in6_setscope(&src, ifp, &osrczone) || 315 in6_setscope(&src, ifp1, &srczone) || 316 osrczone != srczone) { 317 continue; 318 } 319 320 /* avoid unusable addresses */ 321 if ((ia->ia6_flags & 322 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 323 continue; 324 } 325 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 326 continue; 327 328 /* If jailed only take addresses of the jail into account. */ 329 if (cred != NULL && 330 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0) 331 continue; 332 333 /* Rule 1: Prefer same address */ 334 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 335 ia_best = ia; 336 BREAK(1); /* there should be no better candidate */ 337 } 338 339 if (ia_best == NULL) 340 REPLACE(0); 341 342 /* Rule 2: Prefer appropriate scope */ 343 if (dst_scope < 0) 344 dst_scope = in6_addrscope(&dst); 345 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 346 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 347 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 348 REPLACE(2); 349 NEXT(2); 350 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 351 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 352 NEXT(2); 353 REPLACE(2); 354 } 355 356 /* 357 * Rule 3: Avoid deprecated addresses. Note that the case of 358 * !ip6_use_deprecated is already rejected above. 359 */ 360 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 361 NEXT(3); 362 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 363 REPLACE(3); 364 365 /* Rule 4: Prefer home addresses */ 366 /* 367 * XXX: This is a TODO. We should probably merge the MIP6 368 * case above. 369 */ 370 371 /* Rule 5: Prefer outgoing interface */ 372 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 373 NEXT(5); 374 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 375 REPLACE(5); 376 377 /* 378 * Rule 6: Prefer matching label 379 * Note that best_policy should be non-NULL here. 380 */ 381 if (dst_policy == NULL) 382 dst_policy = lookup_addrsel_policy(dstsock); 383 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 384 new_policy = lookup_addrsel_policy(&ia->ia_addr); 385 if (dst_policy->label == best_policy->label && 386 dst_policy->label != new_policy->label) 387 NEXT(6); 388 if (dst_policy->label != best_policy->label && 389 dst_policy->label == new_policy->label) 390 REPLACE(6); 391 } 392 393 /* 394 * Rule 7: Prefer public addresses. 395 * We allow users to reverse the logic by configuring 396 * a sysctl variable, so that privacy conscious users can 397 * always prefer temporary addresses. 398 */ 399 if (opts == NULL || 400 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 401 prefer_tempaddr = V_ip6_prefer_tempaddr; 402 } else if (opts->ip6po_prefer_tempaddr == 403 IP6PO_TEMPADDR_NOTPREFER) { 404 prefer_tempaddr = 0; 405 } else 406 prefer_tempaddr = 1; 407 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 408 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 409 if (prefer_tempaddr) 410 REPLACE(7); 411 else 412 NEXT(7); 413 } 414 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 415 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 416 if (prefer_tempaddr) 417 NEXT(7); 418 else 419 REPLACE(7); 420 } 421 422 /* 423 * Rule 8: prefer addresses on alive interfaces. 424 * This is a KAME specific rule. 425 */ 426 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 427 !(ia->ia_ifp->if_flags & IFF_UP)) 428 NEXT(8); 429 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 430 (ia->ia_ifp->if_flags & IFF_UP)) 431 REPLACE(8); 432 433 /* 434 * Rule 14: Use longest matching prefix. 435 * Note: in the address selection draft, this rule is 436 * documented as "Rule 8". However, since it is also 437 * documented that this rule can be overridden, we assign 438 * a large number so that it is easy to assign smaller numbers 439 * to more preferred rules. 440 */ 441 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 442 if (best_matchlen < new_matchlen) 443 REPLACE(14); 444 if (new_matchlen < best_matchlen) 445 NEXT(14); 446 447 /* Rule 15 is reserved. */ 448 449 /* 450 * Last resort: just keep the current candidate. 451 * Or, do we need more rules? 452 */ 453 continue; 454 455 replace: 456 ia_best = ia; 457 best_scope = (new_scope >= 0 ? new_scope : 458 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 459 best_policy = (new_policy ? new_policy : 460 lookup_addrsel_policy(&ia_best->ia_addr)); 461 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 462 in6_matchlen(&ia_best->ia_addr.sin6_addr, 463 &dst)); 464 465 next: 466 continue; 467 468 out: 469 break; 470 } 471 472 if ((ia = ia_best) == NULL) { 473 IN6_IFADDR_RUNLOCK(); 474 return (EADDRNOTAVAIL); 475 } 476 477 /* 478 * At this point at least one of the addresses belonged to the jail 479 * but it could still be, that we want to further restrict it, e.g. 480 * theoratically IN6_IS_ADDR_LOOPBACK. 481 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore. 482 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should 483 * let all others previously selected pass. 484 * Use tmp to not change ::1 on lo0 to the primary jail address. 485 */ 486 tmp = ia->ia_addr.sin6_addr; 487 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL && 488 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { 489 IN6_IFADDR_RUNLOCK(); 490 return (EADDRNOTAVAIL); 491 } 492 493 if (ifpp) 494 *ifpp = ifp; 495 496 bcopy(&tmp, srcp, sizeof(*srcp)); 497 IN6_IFADDR_RUNLOCK(); 498 return (0); 499 } 500 501 /* 502 * clone - meaningful only for bsdi and freebsd 503 */ 504 static int 505 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 506 struct ip6_moptions *mopts, struct route_in6 *ro, 507 struct ifnet **retifp, struct rtentry **retrt, int norouteok) 508 { 509 int error = 0; 510 struct ifnet *ifp = NULL; 511 struct rtentry *rt = NULL; 512 struct sockaddr_in6 *sin6_next; 513 struct in6_pktinfo *pi = NULL; 514 struct in6_addr *dst = &dstsock->sin6_addr; 515 #if 0 516 char ip6buf[INET6_ADDRSTRLEN]; 517 518 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 519 dstsock->sin6_addr.s6_addr32[1] == 0 && 520 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 521 printf("in6_selectroute: strange destination %s\n", 522 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 523 } else { 524 printf("in6_selectroute: destination = %s%%%d\n", 525 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 526 dstsock->sin6_scope_id); /* for debug */ 527 } 528 #endif 529 530 /* If the caller specify the outgoing interface explicitly, use it. */ 531 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 532 /* XXX boundary check is assumed to be already done. */ 533 ifp = ifnet_byindex(pi->ipi6_ifindex); 534 if (ifp != NULL && 535 (norouteok || retrt == NULL || 536 IN6_IS_ADDR_MULTICAST(dst))) { 537 /* 538 * we do not have to check or get the route for 539 * multicast. 540 */ 541 goto done; 542 } else 543 goto getroute; 544 } 545 546 /* 547 * If the destination address is a multicast address and the outgoing 548 * interface for the address is specified by the caller, use it. 549 */ 550 if (IN6_IS_ADDR_MULTICAST(dst) && 551 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 552 goto done; /* we do not need a route for multicast. */ 553 } 554 555 getroute: 556 /* 557 * If the next hop address for the packet is specified by the caller, 558 * use it as the gateway. 559 */ 560 if (opts && opts->ip6po_nexthop) { 561 struct route_in6 *ron; 562 struct llentry *la; 563 564 sin6_next = satosin6(opts->ip6po_nexthop); 565 566 /* at this moment, we only support AF_INET6 next hops */ 567 if (sin6_next->sin6_family != AF_INET6) { 568 error = EAFNOSUPPORT; /* or should we proceed? */ 569 goto done; 570 } 571 572 /* 573 * If the next hop is an IPv6 address, then the node identified 574 * by that address must be a neighbor of the sending host. 575 */ 576 ron = &opts->ip6po_nextroute; 577 /* 578 * XXX what do we do here? 579 * PLZ to be fixing 580 */ 581 582 583 if (ron->ro_rt == NULL) { 584 rtalloc((struct route *)ron); /* multi path case? */ 585 if (ron->ro_rt == NULL) { 586 if (ron->ro_rt) { 587 RTFREE(ron->ro_rt); 588 ron->ro_rt = NULL; 589 } 590 error = EHOSTUNREACH; 591 goto done; 592 } 593 } 594 595 rt = ron->ro_rt; 596 ifp = rt->rt_ifp; 597 IF_AFDATA_LOCK(ifp); 598 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 599 IF_AFDATA_UNLOCK(ifp); 600 if (la != NULL) 601 LLE_RUNLOCK(la); 602 else { 603 error = EHOSTUNREACH; 604 goto done; 605 } 606 #if 0 607 if ((ron->ro_rt && 608 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 609 (RTF_UP | RTF_LLINFO)) || 610 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 611 &sin6_next->sin6_addr)) { 612 if (ron->ro_rt) { 613 RTFREE(ron->ro_rt); 614 ron->ro_rt = NULL; 615 } 616 *satosin6(&ron->ro_dst) = *sin6_next; 617 } 618 if (ron->ro_rt == NULL) { 619 rtalloc((struct route *)ron); /* multi path case? */ 620 if (ron->ro_rt == NULL || 621 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 622 if (ron->ro_rt) { 623 RTFREE(ron->ro_rt); 624 ron->ro_rt = NULL; 625 } 626 error = EHOSTUNREACH; 627 goto done; 628 } 629 } 630 #endif 631 632 /* 633 * When cloning is required, try to allocate a route to the 634 * destination so that the caller can store path MTU 635 * information. 636 */ 637 goto done; 638 } 639 640 /* 641 * Use a cached route if it exists and is valid, else try to allocate 642 * a new one. Note that we should check the address family of the 643 * cached destination, in case of sharing the cache with IPv4. 644 */ 645 if (ro) { 646 if (ro->ro_rt && 647 (!(ro->ro_rt->rt_flags & RTF_UP) || 648 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 649 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 650 dst))) { 651 RTFREE(ro->ro_rt); 652 ro->ro_rt = (struct rtentry *)NULL; 653 } 654 if (ro->ro_rt == (struct rtentry *)NULL) { 655 struct sockaddr_in6 *sa6; 656 657 /* No route yet, so try to acquire one */ 658 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 659 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 660 *sa6 = *dstsock; 661 sa6->sin6_scope_id = 0; 662 663 #ifdef RADIX_MPATH 664 rtalloc_mpath((struct route *)ro, 665 ntohl(sa6->sin6_addr.s6_addr32[3])); 666 #else 667 ro->ro_rt = rtalloc1(&((struct route *)ro) 668 ->ro_dst, 0, 0UL); 669 if (ro->ro_rt) 670 RT_UNLOCK(ro->ro_rt); 671 #endif 672 } 673 674 /* 675 * do not care about the result if we have the nexthop 676 * explicitly specified. 677 */ 678 if (opts && opts->ip6po_nexthop) 679 goto done; 680 681 if (ro->ro_rt) { 682 ifp = ro->ro_rt->rt_ifp; 683 684 if (ifp == NULL) { /* can this really happen? */ 685 RTFREE(ro->ro_rt); 686 ro->ro_rt = NULL; 687 } 688 } 689 if (ro->ro_rt == NULL) 690 error = EHOSTUNREACH; 691 rt = ro->ro_rt; 692 693 /* 694 * Check if the outgoing interface conflicts with 695 * the interface specified by ipi6_ifindex (if specified). 696 * Note that loopback interface is always okay. 697 * (this may happen when we are sending a packet to one of 698 * our own addresses.) 699 */ 700 if (ifp && opts && opts->ip6po_pktinfo && 701 opts->ip6po_pktinfo->ipi6_ifindex) { 702 if (!(ifp->if_flags & IFF_LOOPBACK) && 703 ifp->if_index != 704 opts->ip6po_pktinfo->ipi6_ifindex) { 705 error = EHOSTUNREACH; 706 goto done; 707 } 708 } 709 } 710 711 done: 712 if (ifp == NULL && rt == NULL) { 713 /* 714 * This can happen if the caller did not pass a cached route 715 * nor any other hints. We treat this case an error. 716 */ 717 error = EHOSTUNREACH; 718 } 719 if (error == EHOSTUNREACH) 720 V_ip6stat.ip6s_noroute++; 721 722 if (retifp != NULL) { 723 *retifp = ifp; 724 725 /* 726 * Adjust the "outgoing" interface. If we're going to loop 727 * the packet back to ourselves, the ifp would be the loopback 728 * interface. However, we'd rather know the interface associated 729 * to the destination address (which should probably be one of 730 * our own addresses.) 731 */ 732 if (rt) { 733 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 734 (rt->rt_gateway->sa_family == AF_LINK)) 735 *retifp = 736 ifnet_byindex(((struct sockaddr_dl *) 737 rt->rt_gateway)->sdl_index); 738 } 739 } 740 741 if (retrt != NULL) 742 *retrt = rt; /* rt may be NULL */ 743 744 return (error); 745 } 746 747 static int 748 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 749 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 750 { 751 int error; 752 struct route_in6 sro; 753 struct rtentry *rt = NULL; 754 755 if (ro == NULL) { 756 bzero(&sro, sizeof(sro)); 757 ro = &sro; 758 } 759 760 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 761 &rt, 1)) != 0) { 762 if (ro == &sro && rt && rt == sro.ro_rt) 763 RTFREE(rt); 764 return (error); 765 } 766 767 /* 768 * do not use a rejected or black hole route. 769 * XXX: this check should be done in the L2 output routine. 770 * However, if we skipped this check here, we'd see the following 771 * scenario: 772 * - install a rejected route for a scoped address prefix 773 * (like fe80::/10) 774 * - send a packet to a destination that matches the scoped prefix, 775 * with ambiguity about the scope zone. 776 * - pick the outgoing interface from the route, and disambiguate the 777 * scope zone with the interface. 778 * - ip6_output() would try to get another route with the "new" 779 * destination, which may be valid. 780 * - we'd see no error on output. 781 * Although this may not be very harmful, it should still be confusing. 782 * We thus reject the case here. 783 */ 784 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 785 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 786 787 if (ro == &sro && rt && rt == sro.ro_rt) 788 RTFREE(rt); 789 return (flags); 790 } 791 792 if (ro == &sro && rt && rt == sro.ro_rt) 793 RTFREE(rt); 794 return (0); 795 } 796 797 /* 798 * clone - meaningful only for bsdi and freebsd 799 */ 800 int 801 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 802 struct ip6_moptions *mopts, struct route_in6 *ro, 803 struct ifnet **retifp, struct rtentry **retrt) 804 { 805 806 return (selectroute(dstsock, opts, mopts, ro, retifp, 807 retrt, 0)); 808 } 809 810 /* 811 * Default hop limit selection. The precedence is as follows: 812 * 1. Hoplimit value specified via ioctl. 813 * 2. (If the outgoing interface is detected) the current 814 * hop limit of the interface specified by router advertisement. 815 * 3. The system default hoplimit. 816 */ 817 int 818 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 819 { 820 821 if (in6p && in6p->in6p_hops >= 0) 822 return (in6p->in6p_hops); 823 else if (ifp) 824 return (ND_IFINFO(ifp)->chlim); 825 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 826 struct route_in6 ro6; 827 struct ifnet *lifp; 828 829 bzero(&ro6, sizeof(ro6)); 830 ro6.ro_dst.sin6_family = AF_INET6; 831 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 832 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 833 rtalloc((struct route *)&ro6); 834 if (ro6.ro_rt) { 835 lifp = ro6.ro_rt->rt_ifp; 836 RTFREE(ro6.ro_rt); 837 if (lifp) 838 return (ND_IFINFO(lifp)->chlim); 839 } else 840 return (V_ip6_defhlim); 841 } 842 return (V_ip6_defhlim); 843 } 844 845 /* 846 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 847 * share this function by all *bsd*... 848 */ 849 int 850 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 851 { 852 struct socket *so = inp->inp_socket; 853 u_int16_t lport = 0, first, last, *lastport; 854 int count, error, wild = 0, dorandom; 855 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 856 857 INP_INFO_WLOCK_ASSERT(pcbinfo); 858 INP_WLOCK_ASSERT(inp); 859 860 error = prison_local_ip6(cred, laddr, 861 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 862 if (error) 863 return(error); 864 865 /* XXX: this is redundant when called from in6_pcbbind */ 866 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 867 wild = INPLOOKUP_WILDCARD; 868 869 inp->inp_flags |= INP_ANONPORT; 870 871 if (inp->inp_flags & INP_HIGHPORT) { 872 first = V_ipport_hifirstauto; /* sysctl */ 873 last = V_ipport_hilastauto; 874 lastport = &pcbinfo->ipi_lasthi; 875 } else if (inp->inp_flags & INP_LOWPORT) { 876 error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); 877 if (error) 878 return error; 879 first = V_ipport_lowfirstauto; /* 1023 */ 880 last = V_ipport_lowlastauto; /* 600 */ 881 lastport = &pcbinfo->ipi_lastlow; 882 } else { 883 first = V_ipport_firstauto; /* sysctl */ 884 last = V_ipport_lastauto; 885 lastport = &pcbinfo->ipi_lastport; 886 } 887 888 /* 889 * For UDP, use random port allocation as long as the user 890 * allows it. For TCP (and as of yet unknown) connections, 891 * use random port allocation only if the user allows it AND 892 * ipport_tick() allows it. 893 */ 894 if (V_ipport_randomized && 895 (!V_ipport_stoprandom || pcbinfo == &V_udbinfo)) 896 dorandom = 1; 897 else 898 dorandom = 0; 899 /* 900 * It makes no sense to do random port allocation if 901 * we have the only port available. 902 */ 903 if (first == last) 904 dorandom = 0; 905 /* Make sure to not include UDP packets in the count. */ 906 if (pcbinfo != &V_udbinfo) 907 V_ipport_tcpallocs++; 908 909 /* 910 * Instead of having two loops further down counting up or down 911 * make sure that first is always <= last and go with only one 912 * code path implementing all logic. 913 */ 914 if (first > last) { 915 u_int16_t aux; 916 917 aux = first; 918 first = last; 919 last = aux; 920 } 921 922 if (dorandom) 923 *lastport = first + (arc4random() % (last - first)); 924 925 count = last - first; 926 927 do { 928 if (count-- < 0) { /* completely used? */ 929 /* Undo an address bind that may have occurred. */ 930 inp->in6p_laddr = in6addr_any; 931 return (EADDRNOTAVAIL); 932 } 933 ++*lastport; 934 if (*lastport < first || *lastport > last) 935 *lastport = first; 936 lport = htons(*lastport); 937 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 938 lport, wild, cred)); 939 940 inp->inp_lport = lport; 941 if (in_pcbinshash(inp) != 0) { 942 inp->in6p_laddr = in6addr_any; 943 inp->inp_lport = 0; 944 return (EAGAIN); 945 } 946 947 return (0); 948 } 949 950 void 951 addrsel_policy_init(void) 952 { 953 954 init_policy_queue(); 955 956 /* initialize the "last resort" policy */ 957 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 958 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 959 960 if (!IS_DEFAULT_VNET(curvnet)) 961 return; 962 963 ADDRSEL_LOCK_INIT(); 964 ADDRSEL_SXLOCK_INIT(); 965 } 966 967 static struct in6_addrpolicy * 968 lookup_addrsel_policy(struct sockaddr_in6 *key) 969 { 970 struct in6_addrpolicy *match = NULL; 971 972 ADDRSEL_LOCK(); 973 match = match_addrsel_policy(key); 974 975 if (match == NULL) 976 match = &V_defaultaddrpolicy; 977 else 978 match->use++; 979 ADDRSEL_UNLOCK(); 980 981 return (match); 982 } 983 984 /* 985 * Subroutines to manage the address selection policy table via sysctl. 986 */ 987 struct walkarg { 988 struct sysctl_req *w_req; 989 }; 990 991 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 992 SYSCTL_DECL(_net_inet6_ip6); 993 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 994 CTLFLAG_RD, in6_src_sysctl, ""); 995 996 static int 997 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 998 { 999 struct walkarg w; 1000 1001 if (req->newptr) 1002 return EPERM; 1003 1004 bzero(&w, sizeof(w)); 1005 w.w_req = req; 1006 1007 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 1008 } 1009 1010 int 1011 in6_src_ioctl(u_long cmd, caddr_t data) 1012 { 1013 int i; 1014 struct in6_addrpolicy ent0; 1015 1016 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 1017 return (EOPNOTSUPP); /* check for safety */ 1018 1019 ent0 = *(struct in6_addrpolicy *)data; 1020 1021 if (ent0.label == ADDR_LABEL_NOTAPP) 1022 return (EINVAL); 1023 /* check if the prefix mask is consecutive. */ 1024 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1025 return (EINVAL); 1026 /* clear trailing garbages (if any) of the prefix address. */ 1027 for (i = 0; i < 4; i++) { 1028 ent0.addr.sin6_addr.s6_addr32[i] &= 1029 ent0.addrmask.sin6_addr.s6_addr32[i]; 1030 } 1031 ent0.use = 0; 1032 1033 switch (cmd) { 1034 case SIOCAADDRCTL_POLICY: 1035 return (add_addrsel_policyent(&ent0)); 1036 case SIOCDADDRCTL_POLICY: 1037 return (delete_addrsel_policyent(&ent0)); 1038 } 1039 1040 return (0); /* XXX: compromise compilers */ 1041 } 1042 1043 /* 1044 * The followings are implementation of the policy table using a 1045 * simple tail queue. 1046 * XXX such details should be hidden. 1047 * XXX implementation using binary tree should be more efficient. 1048 */ 1049 struct addrsel_policyent { 1050 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1051 struct in6_addrpolicy ape_policy; 1052 }; 1053 1054 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1055 1056 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1057 #define V_addrsel_policytab VNET(addrsel_policytab) 1058 1059 static void 1060 init_policy_queue(void) 1061 { 1062 1063 TAILQ_INIT(&V_addrsel_policytab); 1064 } 1065 1066 static int 1067 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1068 { 1069 struct addrsel_policyent *new, *pol; 1070 1071 new = malloc(sizeof(*new), M_IFADDR, 1072 M_WAITOK); 1073 ADDRSEL_XLOCK(); 1074 ADDRSEL_LOCK(); 1075 1076 /* duplication check */ 1077 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1078 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1079 &pol->ape_policy.addr.sin6_addr) && 1080 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1081 &pol->ape_policy.addrmask.sin6_addr)) { 1082 ADDRSEL_UNLOCK(); 1083 ADDRSEL_XUNLOCK(); 1084 free(new, M_IFADDR); 1085 return (EEXIST); /* or override it? */ 1086 } 1087 } 1088 1089 bzero(new, sizeof(*new)); 1090 1091 /* XXX: should validate entry */ 1092 new->ape_policy = *newpolicy; 1093 1094 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1095 ADDRSEL_UNLOCK(); 1096 ADDRSEL_XUNLOCK(); 1097 1098 return (0); 1099 } 1100 1101 static int 1102 delete_addrsel_policyent(struct in6_addrpolicy *key) 1103 { 1104 struct addrsel_policyent *pol; 1105 1106 ADDRSEL_XLOCK(); 1107 ADDRSEL_LOCK(); 1108 1109 /* search for the entry in the table */ 1110 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1111 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1112 &pol->ape_policy.addr.sin6_addr) && 1113 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1114 &pol->ape_policy.addrmask.sin6_addr)) { 1115 break; 1116 } 1117 } 1118 if (pol == NULL) { 1119 ADDRSEL_UNLOCK(); 1120 ADDRSEL_XUNLOCK(); 1121 return (ESRCH); 1122 } 1123 1124 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1125 ADDRSEL_UNLOCK(); 1126 ADDRSEL_XUNLOCK(); 1127 1128 return (0); 1129 } 1130 1131 static int 1132 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1133 void *w) 1134 { 1135 struct addrsel_policyent *pol; 1136 int error = 0; 1137 1138 ADDRSEL_SLOCK(); 1139 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1140 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1141 ADDRSEL_SUNLOCK(); 1142 return (error); 1143 } 1144 } 1145 ADDRSEL_SUNLOCK(); 1146 return (error); 1147 } 1148 1149 static int 1150 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1151 { 1152 int error = 0; 1153 struct walkarg *w = arg; 1154 1155 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1156 1157 return (error); 1158 } 1159 1160 static struct in6_addrpolicy * 1161 match_addrsel_policy(struct sockaddr_in6 *key) 1162 { 1163 struct addrsel_policyent *pent; 1164 struct in6_addrpolicy *bestpol = NULL, *pol; 1165 int matchlen, bestmatchlen = -1; 1166 u_char *mp, *ep, *k, *p, m; 1167 1168 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1169 matchlen = 0; 1170 1171 pol = &pent->ape_policy; 1172 mp = (u_char *)&pol->addrmask.sin6_addr; 1173 ep = mp + 16; /* XXX: scope field? */ 1174 k = (u_char *)&key->sin6_addr; 1175 p = (u_char *)&pol->addr.sin6_addr; 1176 for (; mp < ep && *mp; mp++, k++, p++) { 1177 m = *mp; 1178 if ((*k & m) != *p) 1179 goto next; /* not match */ 1180 if (m == 0xff) /* short cut for a typical case */ 1181 matchlen += 8; 1182 else { 1183 while (m >= 0x80) { 1184 matchlen++; 1185 m <<= 1; 1186 } 1187 } 1188 } 1189 1190 /* matched. check if this is better than the current best. */ 1191 if (bestpol == NULL || 1192 matchlen > bestmatchlen) { 1193 bestpol = pol; 1194 bestmatchlen = matchlen; 1195 } 1196 1197 next: 1198 continue; 1199 } 1200 1201 return (bestpol); 1202 } 1203