1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/route.h> 89 #include <net/if_llatbl.h> 90 #ifdef RADIX_MPATH 91 #include <net/radix_mpath.h> 92 #endif 93 94 #include <netinet/in.h> 95 #include <netinet/in_var.h> 96 #include <netinet/in_systm.h> 97 #include <netinet/ip.h> 98 #include <netinet/in_pcb.h> 99 #include <netinet/ip_var.h> 100 #include <netinet/udp.h> 101 #include <netinet/udp_var.h> 102 103 #include <netinet6/in6_var.h> 104 #include <netinet/ip6.h> 105 #include <netinet6/in6_pcb.h> 106 #include <netinet6/ip6_var.h> 107 #include <netinet6/scope6_var.h> 108 #include <netinet6/nd6.h> 109 110 static struct mtx addrsel_lock; 111 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 112 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 113 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 114 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 115 116 static struct sx addrsel_sxlock; 117 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 118 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 119 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 120 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 121 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 122 123 #define ADDR_LABEL_NOTAPP (-1) 124 125 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 126 VNET_DEFINE(int, ip6_prefer_tempaddr); 127 128 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 129 130 static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *, 131 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 132 struct rtentry **, int)); 133 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **)); 135 136 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 137 138 static void init_policy_queue(void); 139 static int add_addrsel_policyent(struct in6_addrpolicy *); 140 static int delete_addrsel_policyent(struct in6_addrpolicy *); 141 static int walk_addrsel_policy __P((int (*)(struct in6_addrpolicy *, void *), 142 void *)); 143 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 144 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 145 146 /* 147 * Return an IPv6 address, which is the most appropriate for a given 148 * destination and user specified options. 149 * If necessary, this function lookups the routing table and returns 150 * an entry to the caller for later use. 151 */ 152 #define REPLACE(r) do {\ 153 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 154 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 155 V_ip6stat.ip6s_sources_rule[(r)]++; \ 156 /* { \ 157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 159 } */ \ 160 goto replace; \ 161 } while(0) 162 #define NEXT(r) do {\ 163 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 164 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 165 V_ip6stat.ip6s_sources_rule[(r)]++; \ 166 /* { \ 167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 169 } */ \ 170 goto next; /* XXX: we can't use 'continue' here */ \ 171 } while(0) 172 #define BREAK(r) do { \ 173 if ((r) < sizeof(V_ip6stat.ip6s_sources_rule) / \ 174 sizeof(V_ip6stat.ip6s_sources_rule[0])) /* check for safety */ \ 175 V_ip6stat.ip6s_sources_rule[(r)]++; \ 176 goto out; /* XXX: we can't use 'break' here */ \ 177 } while(0) 178 179 int 180 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 181 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 182 struct ifnet **ifpp, struct in6_addr *srcp) 183 { 184 struct in6_addr dst; 185 struct ifnet *ifp = NULL; 186 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 187 struct in6_pktinfo *pi = NULL; 188 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 189 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 190 u_int32_t odstzone; 191 int prefer_tempaddr; 192 int error; 193 struct ip6_moptions *mopts; 194 195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 196 197 dst = dstsock->sin6_addr; /* make a copy for local operation */ 198 if (ifpp) 199 *ifpp = NULL; 200 201 if (inp != NULL) { 202 INP_LOCK_ASSERT(inp); 203 mopts = inp->in6p_moptions; 204 } else { 205 mopts = NULL; 206 } 207 208 /* 209 * If the source address is explicitly specified by the caller, 210 * check if the requested source address is indeed a unicast address 211 * assigned to the node, and can be used as the packet's source 212 * address. If everything is okay, use the address as source. 213 */ 214 if (opts && (pi = opts->ip6po_pktinfo) && 215 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 216 struct sockaddr_in6 srcsock; 217 struct in6_ifaddr *ia6; 218 219 /* get the outgoing interface */ 220 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 221 return (error); 222 223 /* 224 * determine the appropriate zone id of the source based on 225 * the zone of the destination and the outgoing interface. 226 * If the specified address is ambiguous wrt the scope zone, 227 * the interface must be specified; otherwise, ifa_ifwithaddr() 228 * will fail matching the address. 229 */ 230 bzero(&srcsock, sizeof(srcsock)); 231 srcsock.sin6_family = AF_INET6; 232 srcsock.sin6_len = sizeof(srcsock); 233 srcsock.sin6_addr = pi->ipi6_addr; 234 if (ifp) { 235 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 236 if (error) 237 return (error); 238 } 239 if (cred != NULL && (error = prison_local_ip6(cred, 240 &srcsock.sin6_addr, (inp != NULL && 241 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 242 return (error); 243 244 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 245 (struct sockaddr *)&srcsock); 246 if (ia6 == NULL || 247 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 248 if (ia6 != NULL) 249 ifa_free(&ia6->ia_ifa); 250 return (EADDRNOTAVAIL); 251 } 252 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 253 if (ifpp) 254 *ifpp = ifp; 255 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 256 ifa_free(&ia6->ia_ifa); 257 return (0); 258 } 259 260 /* 261 * Otherwise, if the socket has already bound the source, just use it. 262 */ 263 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 264 if (cred != NULL && 265 (error = prison_local_ip6(cred, &inp->in6p_laddr, 266 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 267 return (error); 268 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 269 return (0); 270 } 271 272 /* 273 * If the address is not specified, choose the best one based on 274 * the outgoing interface and the destination address. 275 */ 276 /* get the outgoing interface */ 277 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0) 278 return (error); 279 280 #ifdef DIAGNOSTIC 281 if (ifp == NULL) /* this should not happen */ 282 panic("in6_selectsrc: NULL ifp"); 283 #endif 284 error = in6_setscope(&dst, ifp, &odstzone); 285 if (error) 286 return (error); 287 288 IN6_IFADDR_RLOCK(); 289 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 290 int new_scope = -1, new_matchlen = -1; 291 struct in6_addrpolicy *new_policy = NULL; 292 u_int32_t srczone, osrczone, dstzone; 293 struct in6_addr src; 294 struct ifnet *ifp1 = ia->ia_ifp; 295 296 /* 297 * We'll never take an address that breaks the scope zone 298 * of the destination. We also skip an address if its zone 299 * does not contain the outgoing interface. 300 * XXX: we should probably use sin6_scope_id here. 301 */ 302 if (in6_setscope(&dst, ifp1, &dstzone) || 303 odstzone != dstzone) { 304 continue; 305 } 306 src = ia->ia_addr.sin6_addr; 307 if (in6_setscope(&src, ifp, &osrczone) || 308 in6_setscope(&src, ifp1, &srczone) || 309 osrczone != srczone) { 310 continue; 311 } 312 313 /* avoid unusable addresses */ 314 if ((ia->ia6_flags & 315 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 316 continue; 317 } 318 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 319 continue; 320 321 if (cred != NULL && 322 prison_local_ip6(cred, &ia->ia_addr.sin6_addr, 323 (inp != NULL && 324 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) 325 continue; 326 327 /* Rule 1: Prefer same address */ 328 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 329 ia_best = ia; 330 BREAK(1); /* there should be no better candidate */ 331 } 332 333 if (ia_best == NULL) 334 REPLACE(0); 335 336 /* Rule 2: Prefer appropriate scope */ 337 if (dst_scope < 0) 338 dst_scope = in6_addrscope(&dst); 339 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 340 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 341 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 342 REPLACE(2); 343 NEXT(2); 344 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 345 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 346 NEXT(2); 347 REPLACE(2); 348 } 349 350 /* 351 * Rule 3: Avoid deprecated addresses. Note that the case of 352 * !ip6_use_deprecated is already rejected above. 353 */ 354 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 355 NEXT(3); 356 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 357 REPLACE(3); 358 359 /* Rule 4: Prefer home addresses */ 360 /* 361 * XXX: This is a TODO. We should probably merge the MIP6 362 * case above. 363 */ 364 365 /* Rule 5: Prefer outgoing interface */ 366 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 367 NEXT(5); 368 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 369 REPLACE(5); 370 371 /* 372 * Rule 6: Prefer matching label 373 * Note that best_policy should be non-NULL here. 374 */ 375 if (dst_policy == NULL) 376 dst_policy = lookup_addrsel_policy(dstsock); 377 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 378 new_policy = lookup_addrsel_policy(&ia->ia_addr); 379 if (dst_policy->label == best_policy->label && 380 dst_policy->label != new_policy->label) 381 NEXT(6); 382 if (dst_policy->label != best_policy->label && 383 dst_policy->label == new_policy->label) 384 REPLACE(6); 385 } 386 387 /* 388 * Rule 7: Prefer public addresses. 389 * We allow users to reverse the logic by configuring 390 * a sysctl variable, so that privacy conscious users can 391 * always prefer temporary addresses. 392 */ 393 if (opts == NULL || 394 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 395 prefer_tempaddr = V_ip6_prefer_tempaddr; 396 } else if (opts->ip6po_prefer_tempaddr == 397 IP6PO_TEMPADDR_NOTPREFER) { 398 prefer_tempaddr = 0; 399 } else 400 prefer_tempaddr = 1; 401 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 402 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 403 if (prefer_tempaddr) 404 REPLACE(7); 405 else 406 NEXT(7); 407 } 408 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 409 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 410 if (prefer_tempaddr) 411 NEXT(7); 412 else 413 REPLACE(7); 414 } 415 416 /* 417 * Rule 8: prefer addresses on alive interfaces. 418 * This is a KAME specific rule. 419 */ 420 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 421 !(ia->ia_ifp->if_flags & IFF_UP)) 422 NEXT(8); 423 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 424 (ia->ia_ifp->if_flags & IFF_UP)) 425 REPLACE(8); 426 427 /* 428 * Rule 14: Use longest matching prefix. 429 * Note: in the address selection draft, this rule is 430 * documented as "Rule 8". However, since it is also 431 * documented that this rule can be overridden, we assign 432 * a large number so that it is easy to assign smaller numbers 433 * to more preferred rules. 434 */ 435 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 436 if (best_matchlen < new_matchlen) 437 REPLACE(14); 438 if (new_matchlen < best_matchlen) 439 NEXT(14); 440 441 /* Rule 15 is reserved. */ 442 443 /* 444 * Last resort: just keep the current candidate. 445 * Or, do we need more rules? 446 */ 447 continue; 448 449 replace: 450 ia_best = ia; 451 best_scope = (new_scope >= 0 ? new_scope : 452 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 453 best_policy = (new_policy ? new_policy : 454 lookup_addrsel_policy(&ia_best->ia_addr)); 455 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 456 in6_matchlen(&ia_best->ia_addr.sin6_addr, 457 &dst)); 458 459 next: 460 continue; 461 462 out: 463 break; 464 } 465 466 if ((ia = ia_best) == NULL) { 467 IN6_IFADDR_RUNLOCK(); 468 return (EADDRNOTAVAIL); 469 } 470 471 if (ifpp) 472 *ifpp = ifp; 473 474 bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 475 IN6_IFADDR_RUNLOCK(); 476 return (0); 477 } 478 479 /* 480 * clone - meaningful only for bsdi and freebsd 481 */ 482 static int 483 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 484 struct ip6_moptions *mopts, struct route_in6 *ro, 485 struct ifnet **retifp, struct rtentry **retrt, int norouteok) 486 { 487 int error = 0; 488 struct ifnet *ifp = NULL; 489 struct rtentry *rt = NULL; 490 struct sockaddr_in6 *sin6_next; 491 struct in6_pktinfo *pi = NULL; 492 struct in6_addr *dst = &dstsock->sin6_addr; 493 #if 0 494 char ip6buf[INET6_ADDRSTRLEN]; 495 496 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 497 dstsock->sin6_addr.s6_addr32[1] == 0 && 498 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 499 printf("in6_selectroute: strange destination %s\n", 500 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 501 } else { 502 printf("in6_selectroute: destination = %s%%%d\n", 503 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 504 dstsock->sin6_scope_id); /* for debug */ 505 } 506 #endif 507 508 /* If the caller specify the outgoing interface explicitly, use it. */ 509 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 510 /* XXX boundary check is assumed to be already done. */ 511 ifp = ifnet_byindex(pi->ipi6_ifindex); 512 if (ifp != NULL && 513 (norouteok || retrt == NULL || 514 IN6_IS_ADDR_MULTICAST(dst))) { 515 /* 516 * we do not have to check or get the route for 517 * multicast. 518 */ 519 goto done; 520 } else 521 goto getroute; 522 } 523 524 /* 525 * If the destination address is a multicast address and the outgoing 526 * interface for the address is specified by the caller, use it. 527 */ 528 if (IN6_IS_ADDR_MULTICAST(dst) && 529 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 530 goto done; /* we do not need a route for multicast. */ 531 } 532 533 getroute: 534 /* 535 * If the next hop address for the packet is specified by the caller, 536 * use it as the gateway. 537 */ 538 if (opts && opts->ip6po_nexthop) { 539 struct route_in6 *ron; 540 struct llentry *la; 541 542 sin6_next = satosin6(opts->ip6po_nexthop); 543 544 /* at this moment, we only support AF_INET6 next hops */ 545 if (sin6_next->sin6_family != AF_INET6) { 546 error = EAFNOSUPPORT; /* or should we proceed? */ 547 goto done; 548 } 549 550 /* 551 * If the next hop is an IPv6 address, then the node identified 552 * by that address must be a neighbor of the sending host. 553 */ 554 ron = &opts->ip6po_nextroute; 555 /* 556 * XXX what do we do here? 557 * PLZ to be fixing 558 */ 559 560 561 if (ron->ro_rt == NULL) { 562 rtalloc((struct route *)ron); /* multi path case? */ 563 if (ron->ro_rt == NULL) { 564 if (ron->ro_rt) { 565 RTFREE(ron->ro_rt); 566 ron->ro_rt = NULL; 567 } 568 error = EHOSTUNREACH; 569 goto done; 570 } 571 } 572 573 rt = ron->ro_rt; 574 ifp = rt->rt_ifp; 575 IF_AFDATA_LOCK(ifp); 576 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 577 IF_AFDATA_UNLOCK(ifp); 578 if (la != NULL) 579 LLE_RUNLOCK(la); 580 else { 581 error = EHOSTUNREACH; 582 goto done; 583 } 584 #if 0 585 if ((ron->ro_rt && 586 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 587 (RTF_UP | RTF_LLINFO)) || 588 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 589 &sin6_next->sin6_addr)) { 590 if (ron->ro_rt) { 591 RTFREE(ron->ro_rt); 592 ron->ro_rt = NULL; 593 } 594 *satosin6(&ron->ro_dst) = *sin6_next; 595 } 596 if (ron->ro_rt == NULL) { 597 rtalloc((struct route *)ron); /* multi path case? */ 598 if (ron->ro_rt == NULL || 599 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 600 if (ron->ro_rt) { 601 RTFREE(ron->ro_rt); 602 ron->ro_rt = NULL; 603 } 604 error = EHOSTUNREACH; 605 goto done; 606 } 607 } 608 #endif 609 610 /* 611 * When cloning is required, try to allocate a route to the 612 * destination so that the caller can store path MTU 613 * information. 614 */ 615 goto done; 616 } 617 618 /* 619 * Use a cached route if it exists and is valid, else try to allocate 620 * a new one. Note that we should check the address family of the 621 * cached destination, in case of sharing the cache with IPv4. 622 */ 623 if (ro) { 624 if (ro->ro_rt && 625 (!(ro->ro_rt->rt_flags & RTF_UP) || 626 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 627 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 628 dst))) { 629 RTFREE(ro->ro_rt); 630 ro->ro_rt = (struct rtentry *)NULL; 631 } 632 if (ro->ro_rt == (struct rtentry *)NULL) { 633 struct sockaddr_in6 *sa6; 634 635 /* No route yet, so try to acquire one */ 636 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 637 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 638 *sa6 = *dstsock; 639 sa6->sin6_scope_id = 0; 640 641 #ifdef RADIX_MPATH 642 rtalloc_mpath((struct route *)ro, 643 ntohl(sa6->sin6_addr.s6_addr32[3])); 644 #else 645 ro->ro_rt = rtalloc1(&((struct route *)ro) 646 ->ro_dst, 0, 0UL); 647 if (ro->ro_rt) 648 RT_UNLOCK(ro->ro_rt); 649 #endif 650 } 651 652 /* 653 * do not care about the result if we have the nexthop 654 * explicitly specified. 655 */ 656 if (opts && opts->ip6po_nexthop) 657 goto done; 658 659 if (ro->ro_rt) { 660 ifp = ro->ro_rt->rt_ifp; 661 662 if (ifp == NULL) { /* can this really happen? */ 663 RTFREE(ro->ro_rt); 664 ro->ro_rt = NULL; 665 } 666 } 667 if (ro->ro_rt == NULL) 668 error = EHOSTUNREACH; 669 rt = ro->ro_rt; 670 671 /* 672 * Check if the outgoing interface conflicts with 673 * the interface specified by ipi6_ifindex (if specified). 674 * Note that loopback interface is always okay. 675 * (this may happen when we are sending a packet to one of 676 * our own addresses.) 677 */ 678 if (ifp && opts && opts->ip6po_pktinfo && 679 opts->ip6po_pktinfo->ipi6_ifindex) { 680 if (!(ifp->if_flags & IFF_LOOPBACK) && 681 ifp->if_index != 682 opts->ip6po_pktinfo->ipi6_ifindex) { 683 error = EHOSTUNREACH; 684 goto done; 685 } 686 } 687 } 688 689 done: 690 if (ifp == NULL && rt == NULL) { 691 /* 692 * This can happen if the caller did not pass a cached route 693 * nor any other hints. We treat this case an error. 694 */ 695 error = EHOSTUNREACH; 696 } 697 if (error == EHOSTUNREACH) 698 V_ip6stat.ip6s_noroute++; 699 700 if (retifp != NULL) 701 *retifp = ifp; 702 if (retrt != NULL) 703 *retrt = rt; /* rt may be NULL */ 704 705 return (error); 706 } 707 708 static int 709 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 710 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp) 711 { 712 int error; 713 struct route_in6 sro; 714 struct rtentry *rt = NULL; 715 716 if (ro == NULL) { 717 bzero(&sro, sizeof(sro)); 718 ro = &sro; 719 } 720 721 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 722 &rt, 1)) != 0) { 723 if (ro == &sro && rt && rt == sro.ro_rt) 724 RTFREE(rt); 725 return (error); 726 } 727 728 /* 729 * do not use a rejected or black hole route. 730 * XXX: this check should be done in the L2 output routine. 731 * However, if we skipped this check here, we'd see the following 732 * scenario: 733 * - install a rejected route for a scoped address prefix 734 * (like fe80::/10) 735 * - send a packet to a destination that matches the scoped prefix, 736 * with ambiguity about the scope zone. 737 * - pick the outgoing interface from the route, and disambiguate the 738 * scope zone with the interface. 739 * - ip6_output() would try to get another route with the "new" 740 * destination, which may be valid. 741 * - we'd see no error on output. 742 * Although this may not be very harmful, it should still be confusing. 743 * We thus reject the case here. 744 */ 745 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 746 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 747 748 if (ro == &sro && rt && rt == sro.ro_rt) 749 RTFREE(rt); 750 return (flags); 751 } 752 753 /* 754 * Adjust the "outgoing" interface. If we're going to loop the packet 755 * back to ourselves, the ifp would be the loopback interface. 756 * However, we'd rather know the interface associated to the 757 * destination address (which should probably be one of our own 758 * addresses.) 759 */ 760 if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp) 761 *retifp = rt->rt_ifa->ifa_ifp; 762 763 if (ro == &sro && rt && rt == sro.ro_rt) 764 RTFREE(rt); 765 return (0); 766 } 767 768 /* 769 * clone - meaningful only for bsdi and freebsd 770 */ 771 int 772 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 773 struct ip6_moptions *mopts, struct route_in6 *ro, 774 struct ifnet **retifp, struct rtentry **retrt) 775 { 776 777 return (selectroute(dstsock, opts, mopts, ro, retifp, 778 retrt, 0)); 779 } 780 781 /* 782 * Default hop limit selection. The precedence is as follows: 783 * 1. Hoplimit value specified via ioctl. 784 * 2. (If the outgoing interface is detected) the current 785 * hop limit of the interface specified by router advertisement. 786 * 3. The system default hoplimit. 787 */ 788 int 789 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 790 { 791 792 if (in6p && in6p->in6p_hops >= 0) 793 return (in6p->in6p_hops); 794 else if (ifp) 795 return (ND_IFINFO(ifp)->chlim); 796 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 797 struct route_in6 ro6; 798 struct ifnet *lifp; 799 800 bzero(&ro6, sizeof(ro6)); 801 ro6.ro_dst.sin6_family = AF_INET6; 802 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 803 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 804 rtalloc((struct route *)&ro6); 805 if (ro6.ro_rt) { 806 lifp = ro6.ro_rt->rt_ifp; 807 RTFREE(ro6.ro_rt); 808 if (lifp) 809 return (ND_IFINFO(lifp)->chlim); 810 } else 811 return (V_ip6_defhlim); 812 } 813 return (V_ip6_defhlim); 814 } 815 816 /* 817 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 818 * share this function by all *bsd*... 819 */ 820 int 821 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 822 { 823 struct socket *so = inp->inp_socket; 824 u_int16_t lport = 0, first, last, *lastport; 825 int count, error, wild = 0, dorandom; 826 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 827 828 INP_INFO_WLOCK_ASSERT(pcbinfo); 829 INP_WLOCK_ASSERT(inp); 830 831 error = prison_local_ip6(cred, laddr, 832 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 833 if (error) 834 return(error); 835 836 /* XXX: this is redundant when called from in6_pcbbind */ 837 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 838 wild = INPLOOKUP_WILDCARD; 839 840 inp->inp_flags |= INP_ANONPORT; 841 842 if (inp->inp_flags & INP_HIGHPORT) { 843 first = V_ipport_hifirstauto; /* sysctl */ 844 last = V_ipport_hilastauto; 845 lastport = &pcbinfo->ipi_lasthi; 846 } else if (inp->inp_flags & INP_LOWPORT) { 847 error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0); 848 if (error) 849 return error; 850 first = V_ipport_lowfirstauto; /* 1023 */ 851 last = V_ipport_lowlastauto; /* 600 */ 852 lastport = &pcbinfo->ipi_lastlow; 853 } else { 854 first = V_ipport_firstauto; /* sysctl */ 855 last = V_ipport_lastauto; 856 lastport = &pcbinfo->ipi_lastport; 857 } 858 859 /* 860 * For UDP, use random port allocation as long as the user 861 * allows it. For TCP (and as of yet unknown) connections, 862 * use random port allocation only if the user allows it AND 863 * ipport_tick() allows it. 864 */ 865 if (V_ipport_randomized && 866 (!V_ipport_stoprandom || pcbinfo == &V_udbinfo)) 867 dorandom = 1; 868 else 869 dorandom = 0; 870 /* 871 * It makes no sense to do random port allocation if 872 * we have the only port available. 873 */ 874 if (first == last) 875 dorandom = 0; 876 /* Make sure to not include UDP packets in the count. */ 877 if (pcbinfo != &V_udbinfo) 878 V_ipport_tcpallocs++; 879 880 /* 881 * Instead of having two loops further down counting up or down 882 * make sure that first is always <= last and go with only one 883 * code path implementing all logic. 884 */ 885 if (first > last) { 886 u_int16_t aux; 887 888 aux = first; 889 first = last; 890 last = aux; 891 } 892 893 if (dorandom) 894 *lastport = first + (arc4random() % (last - first)); 895 896 count = last - first; 897 898 do { 899 if (count-- < 0) { /* completely used? */ 900 /* Undo an address bind that may have occurred. */ 901 inp->in6p_laddr = in6addr_any; 902 return (EADDRNOTAVAIL); 903 } 904 ++*lastport; 905 if (*lastport < first || *lastport > last) 906 *lastport = first; 907 lport = htons(*lastport); 908 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr, 909 lport, wild, cred)); 910 911 inp->inp_lport = lport; 912 if (in_pcbinshash(inp) != 0) { 913 inp->in6p_laddr = in6addr_any; 914 inp->inp_lport = 0; 915 return (EAGAIN); 916 } 917 918 return (0); 919 } 920 921 void 922 addrsel_policy_init(void) 923 { 924 925 V_ip6_prefer_tempaddr = 0; 926 927 init_policy_queue(); 928 929 /* initialize the "last resort" policy */ 930 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 931 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 932 933 if (!IS_DEFAULT_VNET(curvnet)) 934 return; 935 936 ADDRSEL_LOCK_INIT(); 937 ADDRSEL_SXLOCK_INIT(); 938 } 939 940 static struct in6_addrpolicy * 941 lookup_addrsel_policy(struct sockaddr_in6 *key) 942 { 943 struct in6_addrpolicy *match = NULL; 944 945 ADDRSEL_LOCK(); 946 match = match_addrsel_policy(key); 947 948 if (match == NULL) 949 match = &V_defaultaddrpolicy; 950 else 951 match->use++; 952 ADDRSEL_UNLOCK(); 953 954 return (match); 955 } 956 957 /* 958 * Subroutines to manage the address selection policy table via sysctl. 959 */ 960 struct walkarg { 961 struct sysctl_req *w_req; 962 }; 963 964 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 965 SYSCTL_DECL(_net_inet6_ip6); 966 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 967 CTLFLAG_RD, in6_src_sysctl, ""); 968 969 static int 970 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 971 { 972 struct walkarg w; 973 974 if (req->newptr) 975 return EPERM; 976 977 bzero(&w, sizeof(w)); 978 w.w_req = req; 979 980 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 981 } 982 983 int 984 in6_src_ioctl(u_long cmd, caddr_t data) 985 { 986 int i; 987 struct in6_addrpolicy ent0; 988 989 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 990 return (EOPNOTSUPP); /* check for safety */ 991 992 ent0 = *(struct in6_addrpolicy *)data; 993 994 if (ent0.label == ADDR_LABEL_NOTAPP) 995 return (EINVAL); 996 /* check if the prefix mask is consecutive. */ 997 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 998 return (EINVAL); 999 /* clear trailing garbages (if any) of the prefix address. */ 1000 for (i = 0; i < 4; i++) { 1001 ent0.addr.sin6_addr.s6_addr32[i] &= 1002 ent0.addrmask.sin6_addr.s6_addr32[i]; 1003 } 1004 ent0.use = 0; 1005 1006 switch (cmd) { 1007 case SIOCAADDRCTL_POLICY: 1008 return (add_addrsel_policyent(&ent0)); 1009 case SIOCDADDRCTL_POLICY: 1010 return (delete_addrsel_policyent(&ent0)); 1011 } 1012 1013 return (0); /* XXX: compromise compilers */ 1014 } 1015 1016 /* 1017 * The followings are implementation of the policy table using a 1018 * simple tail queue. 1019 * XXX such details should be hidden. 1020 * XXX implementation using binary tree should be more efficient. 1021 */ 1022 struct addrsel_policyent { 1023 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1024 struct in6_addrpolicy ape_policy; 1025 }; 1026 1027 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1028 1029 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1030 #define V_addrsel_policytab VNET(addrsel_policytab) 1031 1032 static void 1033 init_policy_queue(void) 1034 { 1035 1036 TAILQ_INIT(&V_addrsel_policytab); 1037 } 1038 1039 static int 1040 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1041 { 1042 struct addrsel_policyent *new, *pol; 1043 1044 new = malloc(sizeof(*new), M_IFADDR, 1045 M_WAITOK); 1046 ADDRSEL_XLOCK(); 1047 ADDRSEL_LOCK(); 1048 1049 /* duplication check */ 1050 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1051 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1052 &pol->ape_policy.addr.sin6_addr) && 1053 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1054 &pol->ape_policy.addrmask.sin6_addr)) { 1055 ADDRSEL_UNLOCK(); 1056 ADDRSEL_XUNLOCK(); 1057 free(new, M_IFADDR); 1058 return (EEXIST); /* or override it? */ 1059 } 1060 } 1061 1062 bzero(new, sizeof(*new)); 1063 1064 /* XXX: should validate entry */ 1065 new->ape_policy = *newpolicy; 1066 1067 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1068 ADDRSEL_UNLOCK(); 1069 ADDRSEL_XUNLOCK(); 1070 1071 return (0); 1072 } 1073 1074 static int 1075 delete_addrsel_policyent(struct in6_addrpolicy *key) 1076 { 1077 struct addrsel_policyent *pol; 1078 1079 ADDRSEL_XLOCK(); 1080 ADDRSEL_LOCK(); 1081 1082 /* search for the entry in the table */ 1083 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1084 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1085 &pol->ape_policy.addr.sin6_addr) && 1086 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1087 &pol->ape_policy.addrmask.sin6_addr)) { 1088 break; 1089 } 1090 } 1091 if (pol == NULL) { 1092 ADDRSEL_UNLOCK(); 1093 ADDRSEL_XUNLOCK(); 1094 return (ESRCH); 1095 } 1096 1097 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1098 ADDRSEL_UNLOCK(); 1099 ADDRSEL_XUNLOCK(); 1100 1101 return (0); 1102 } 1103 1104 static int 1105 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), 1106 void *w) 1107 { 1108 struct addrsel_policyent *pol; 1109 int error = 0; 1110 1111 ADDRSEL_SLOCK(); 1112 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1113 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1114 ADDRSEL_SUNLOCK(); 1115 return (error); 1116 } 1117 } 1118 ADDRSEL_SUNLOCK(); 1119 return (error); 1120 } 1121 1122 static int 1123 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1124 { 1125 int error = 0; 1126 struct walkarg *w = arg; 1127 1128 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1129 1130 return (error); 1131 } 1132 1133 static struct in6_addrpolicy * 1134 match_addrsel_policy(struct sockaddr_in6 *key) 1135 { 1136 struct addrsel_policyent *pent; 1137 struct in6_addrpolicy *bestpol = NULL, *pol; 1138 int matchlen, bestmatchlen = -1; 1139 u_char *mp, *ep, *k, *p, m; 1140 1141 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1142 matchlen = 0; 1143 1144 pol = &pent->ape_policy; 1145 mp = (u_char *)&pol->addrmask.sin6_addr; 1146 ep = mp + 16; /* XXX: scope field? */ 1147 k = (u_char *)&key->sin6_addr; 1148 p = (u_char *)&pol->addr.sin6_addr; 1149 for (; mp < ep && *mp; mp++, k++, p++) { 1150 m = *mp; 1151 if ((*k & m) != *p) 1152 goto next; /* not match */ 1153 if (m == 0xff) /* short cut for a typical case */ 1154 matchlen += 8; 1155 else { 1156 while (m >= 0x80) { 1157 matchlen++; 1158 m <<= 1; 1159 } 1160 } 1161 } 1162 1163 /* matched. check if this is better than the current best. */ 1164 if (bestpol == NULL || 1165 matchlen > bestmatchlen) { 1166 bestpol = pol; 1167 bestmatchlen = matchlen; 1168 } 1169 1170 next: 1171 continue; 1172 } 1173 1174 return (bestpol); 1175 } 1176