1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63 #include <sys/cdefs.h> 64 __FBSDID("$FreeBSD$"); 65 66 #include "opt_inet.h" 67 #include "opt_inet6.h" 68 #include "opt_mpath.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/lock.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/priv.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/sockio.h> 80 #include <sys/sysctl.h> 81 #include <sys/errno.h> 82 #include <sys/time.h> 83 #include <sys/jail.h> 84 #include <sys/kernel.h> 85 #include <sys/sx.h> 86 87 #include <net/if.h> 88 #include <net/if_var.h> 89 #include <net/if_dl.h> 90 #include <net/route.h> 91 #include <net/if_llatbl.h> 92 #ifdef RADIX_MPATH 93 #include <net/radix_mpath.h> 94 #endif 95 96 #include <netinet/in.h> 97 #include <netinet/in_var.h> 98 #include <netinet/in_systm.h> 99 #include <netinet/ip.h> 100 #include <netinet/in_pcb.h> 101 #include <netinet/ip_var.h> 102 #include <netinet/udp.h> 103 #include <netinet/udp_var.h> 104 105 #include <netinet6/in6_var.h> 106 #include <netinet/ip6.h> 107 #include <netinet6/in6_pcb.h> 108 #include <netinet6/ip6_var.h> 109 #include <netinet6/scope6_var.h> 110 #include <netinet6/nd6.h> 111 112 static struct mtx addrsel_lock; 113 #define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 114 #define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 115 #define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 116 #define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 117 118 static struct sx addrsel_sxlock; 119 #define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 120 #define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 121 #define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 122 #define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 123 #define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 124 125 #define ADDR_LABEL_NOTAPP (-1) 126 static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 127 #define V_defaultaddrpolicy VNET(defaultaddrpolicy) 128 129 VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; 130 131 static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, 132 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 133 struct rtentry **, int, u_int); 134 static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *, 135 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **, 136 struct ifnet *, u_int); 137 138 static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 139 140 static void init_policy_queue(void); 141 static int add_addrsel_policyent(struct in6_addrpolicy *); 142 static int delete_addrsel_policyent(struct in6_addrpolicy *); 143 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *), 144 void *); 145 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 146 static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 147 148 /* 149 * Return an IPv6 address, which is the most appropriate for a given 150 * destination and user specified options. 151 * If necessary, this function lookups the routing table and returns 152 * an entry to the caller for later use. 153 */ 154 #define REPLACE(r) do {\ 155 IP6STAT_INC(ip6s_sources_rule[(r)]); \ 156 rule = (r); \ 157 /* { \ 158 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 159 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 160 } */ \ 161 goto replace; \ 162 } while(0) 163 #define NEXT(r) do {\ 164 /* { \ 165 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 166 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 167 } */ \ 168 goto next; /* XXX: we can't use 'continue' here */ \ 169 } while(0) 170 #define BREAK(r) do { \ 171 IP6STAT_INC(ip6s_sources_rule[(r)]); \ 172 rule = (r); \ 173 goto out; /* XXX: we can't use 'break' here */ \ 174 } while(0) 175 176 int 177 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 178 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 179 struct ifnet **ifpp, struct in6_addr *srcp) 180 { 181 struct in6_addr dst, tmp; 182 struct ifnet *ifp = NULL, *oifp = NULL; 183 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 184 struct in6_pktinfo *pi = NULL; 185 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 186 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 187 u_int32_t odstzone; 188 int prefer_tempaddr; 189 int error, rule; 190 struct ip6_moptions *mopts; 191 192 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 193 194 dst = dstsock->sin6_addr; /* make a copy for local operation */ 195 if (ifpp) { 196 /* 197 * Save a possibly passed in ifp for in6_selectsrc. Only 198 * neighbor discovery code should use this feature, where 199 * we may know the interface but not the FIB number holding 200 * the connected subnet in case someone deleted it from the 201 * default FIB and we need to check the interface. 202 */ 203 if (*ifpp != NULL) 204 oifp = *ifpp; 205 *ifpp = NULL; 206 } 207 208 if (inp != NULL) { 209 INP_LOCK_ASSERT(inp); 210 mopts = inp->in6p_moptions; 211 } else { 212 mopts = NULL; 213 } 214 215 /* 216 * If the source address is explicitly specified by the caller, 217 * check if the requested source address is indeed a unicast address 218 * assigned to the node, and can be used as the packet's source 219 * address. If everything is okay, use the address as source. 220 */ 221 if (opts && (pi = opts->ip6po_pktinfo) && 222 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 223 struct sockaddr_in6 srcsock; 224 struct in6_ifaddr *ia6; 225 226 /* get the outgoing interface */ 227 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 228 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) 229 != 0) 230 return (error); 231 232 /* 233 * determine the appropriate zone id of the source based on 234 * the zone of the destination and the outgoing interface. 235 * If the specified address is ambiguous wrt the scope zone, 236 * the interface must be specified; otherwise, ifa_ifwithaddr() 237 * will fail matching the address. 238 */ 239 bzero(&srcsock, sizeof(srcsock)); 240 srcsock.sin6_family = AF_INET6; 241 srcsock.sin6_len = sizeof(srcsock); 242 srcsock.sin6_addr = pi->ipi6_addr; 243 if (ifp) { 244 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 245 if (error) 246 return (error); 247 } 248 if (cred != NULL && (error = prison_local_ip6(cred, 249 &srcsock.sin6_addr, (inp != NULL && 250 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 251 return (error); 252 253 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 254 (struct sockaddr *)&srcsock); 255 if (ia6 == NULL || 256 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) { 257 if (ia6 != NULL) 258 ifa_free(&ia6->ia_ifa); 259 return (EADDRNOTAVAIL); 260 } 261 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 262 if (ifpp) 263 *ifpp = ifp; 264 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 265 ifa_free(&ia6->ia_ifa); 266 return (0); 267 } 268 269 /* 270 * Otherwise, if the socket has already bound the source, just use it. 271 */ 272 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 273 if (cred != NULL && 274 (error = prison_local_ip6(cred, &inp->in6p_laddr, 275 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 276 return (error); 277 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 278 return (0); 279 } 280 281 /* 282 * Bypass source address selection and use the primary jail IP 283 * if requested. 284 */ 285 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 286 return (0); 287 288 /* 289 * If the address is not specified, choose the best one based on 290 * the outgoing interface and the destination address. 291 */ 292 /* get the outgoing interface */ 293 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 294 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0) 295 return (error); 296 297 #ifdef DIAGNOSTIC 298 if (ifp == NULL) /* this should not happen */ 299 panic("in6_selectsrc: NULL ifp"); 300 #endif 301 error = in6_setscope(&dst, ifp, &odstzone); 302 if (error) 303 return (error); 304 305 rule = 0; 306 IN6_IFADDR_RLOCK(); 307 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 308 int new_scope = -1, new_matchlen = -1; 309 struct in6_addrpolicy *new_policy = NULL; 310 u_int32_t srczone, osrczone, dstzone; 311 struct in6_addr src; 312 struct ifnet *ifp1 = ia->ia_ifp; 313 314 /* 315 * We'll never take an address that breaks the scope zone 316 * of the destination. We also skip an address if its zone 317 * does not contain the outgoing interface. 318 * XXX: we should probably use sin6_scope_id here. 319 */ 320 if (in6_setscope(&dst, ifp1, &dstzone) || 321 odstzone != dstzone) { 322 continue; 323 } 324 src = ia->ia_addr.sin6_addr; 325 if (in6_setscope(&src, ifp, &osrczone) || 326 in6_setscope(&src, ifp1, &srczone) || 327 osrczone != srczone) { 328 continue; 329 } 330 331 /* avoid unusable addresses */ 332 if ((ia->ia6_flags & 333 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 334 continue; 335 } 336 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 337 continue; 338 339 /* If jailed only take addresses of the jail into account. */ 340 if (cred != NULL && 341 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0) 342 continue; 343 344 /* Rule 1: Prefer same address */ 345 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 346 ia_best = ia; 347 BREAK(1); /* there should be no better candidate */ 348 } 349 350 if (ia_best == NULL) 351 REPLACE(0); 352 353 /* Rule 2: Prefer appropriate scope */ 354 if (dst_scope < 0) 355 dst_scope = in6_addrscope(&dst); 356 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 357 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 358 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 359 REPLACE(2); 360 NEXT(2); 361 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 362 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 363 NEXT(2); 364 REPLACE(2); 365 } 366 367 /* 368 * Rule 3: Avoid deprecated addresses. Note that the case of 369 * !ip6_use_deprecated is already rejected above. 370 */ 371 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 372 NEXT(3); 373 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 374 REPLACE(3); 375 376 /* Rule 4: Prefer home addresses */ 377 /* 378 * XXX: This is a TODO. We should probably merge the MIP6 379 * case above. 380 */ 381 382 /* Rule 5: Prefer outgoing interface */ 383 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) { 384 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 385 NEXT(5); 386 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 387 REPLACE(5); 388 } 389 390 /* 391 * Rule 6: Prefer matching label 392 * Note that best_policy should be non-NULL here. 393 */ 394 if (dst_policy == NULL) 395 dst_policy = lookup_addrsel_policy(dstsock); 396 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 397 new_policy = lookup_addrsel_policy(&ia->ia_addr); 398 if (dst_policy->label == best_policy->label && 399 dst_policy->label != new_policy->label) 400 NEXT(6); 401 if (dst_policy->label != best_policy->label && 402 dst_policy->label == new_policy->label) 403 REPLACE(6); 404 } 405 406 /* 407 * Rule 7: Prefer public addresses. 408 * We allow users to reverse the logic by configuring 409 * a sysctl variable, so that privacy conscious users can 410 * always prefer temporary addresses. 411 */ 412 if (opts == NULL || 413 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 414 prefer_tempaddr = V_ip6_prefer_tempaddr; 415 } else if (opts->ip6po_prefer_tempaddr == 416 IP6PO_TEMPADDR_NOTPREFER) { 417 prefer_tempaddr = 0; 418 } else 419 prefer_tempaddr = 1; 420 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 421 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 422 if (prefer_tempaddr) 423 REPLACE(7); 424 else 425 NEXT(7); 426 } 427 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 428 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 429 if (prefer_tempaddr) 430 NEXT(7); 431 else 432 REPLACE(7); 433 } 434 435 /* 436 * Rule 8: prefer addresses on alive interfaces. 437 * This is a KAME specific rule. 438 */ 439 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 440 !(ia->ia_ifp->if_flags & IFF_UP)) 441 NEXT(8); 442 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 443 (ia->ia_ifp->if_flags & IFF_UP)) 444 REPLACE(8); 445 446 /* 447 * Rule 9: prefer address with better virtual status. 448 */ 449 if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa)) 450 REPLACE(9); 451 if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa)) 452 NEXT(9); 453 454 /* 455 * Rule 10: prefer address with `prefer_source' flag. 456 */ 457 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 && 458 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0) 459 REPLACE(10); 460 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 && 461 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0) 462 NEXT(10); 463 464 /* 465 * Rule 14: Use longest matching prefix. 466 * Note: in the address selection draft, this rule is 467 * documented as "Rule 8". However, since it is also 468 * documented that this rule can be overridden, we assign 469 * a large number so that it is easy to assign smaller numbers 470 * to more preferred rules. 471 */ 472 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 473 if (best_matchlen < new_matchlen) 474 REPLACE(14); 475 if (new_matchlen < best_matchlen) 476 NEXT(14); 477 478 /* Rule 15 is reserved. */ 479 480 /* 481 * Last resort: just keep the current candidate. 482 * Or, do we need more rules? 483 */ 484 continue; 485 486 replace: 487 ia_best = ia; 488 best_scope = (new_scope >= 0 ? new_scope : 489 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 490 best_policy = (new_policy ? new_policy : 491 lookup_addrsel_policy(&ia_best->ia_addr)); 492 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 493 in6_matchlen(&ia_best->ia_addr.sin6_addr, 494 &dst)); 495 496 next: 497 continue; 498 499 out: 500 break; 501 } 502 503 if ((ia = ia_best) == NULL) { 504 IN6_IFADDR_RUNLOCK(); 505 IP6STAT_INC(ip6s_sources_none); 506 return (EADDRNOTAVAIL); 507 } 508 509 /* 510 * At this point at least one of the addresses belonged to the jail 511 * but it could still be, that we want to further restrict it, e.g. 512 * theoratically IN6_IS_ADDR_LOOPBACK. 513 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore. 514 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should 515 * let all others previously selected pass. 516 * Use tmp to not change ::1 on lo0 to the primary jail address. 517 */ 518 tmp = ia->ia_addr.sin6_addr; 519 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL && 520 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { 521 IN6_IFADDR_RUNLOCK(); 522 IP6STAT_INC(ip6s_sources_none); 523 return (EADDRNOTAVAIL); 524 } 525 526 if (ifpp) 527 *ifpp = ifp; 528 529 bcopy(&tmp, srcp, sizeof(*srcp)); 530 if (ia->ia_ifp == ifp) 531 IP6STAT_INC(ip6s_sources_sameif[best_scope]); 532 else 533 IP6STAT_INC(ip6s_sources_otherif[best_scope]); 534 if (dst_scope == best_scope) 535 IP6STAT_INC(ip6s_sources_samescope[best_scope]); 536 else 537 IP6STAT_INC(ip6s_sources_otherscope[best_scope]); 538 if (IFA6_IS_DEPRECATED(ia)) 539 IP6STAT_INC(ip6s_sources_deprecated[best_scope]); 540 IN6_IFADDR_RUNLOCK(); 541 return (0); 542 } 543 544 /* 545 * clone - meaningful only for bsdi and freebsd 546 */ 547 static int 548 selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 549 struct ip6_moptions *mopts, struct route_in6 *ro, 550 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum) 551 { 552 int error = 0; 553 struct ifnet *ifp = NULL; 554 struct rtentry *rt = NULL; 555 struct sockaddr_in6 *sin6_next; 556 struct in6_pktinfo *pi = NULL; 557 struct in6_addr *dst = &dstsock->sin6_addr; 558 uint32_t zoneid; 559 #if 0 560 char ip6buf[INET6_ADDRSTRLEN]; 561 562 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 563 dstsock->sin6_addr.s6_addr32[1] == 0 && 564 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 565 printf("in6_selectroute: strange destination %s\n", 566 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 567 } else { 568 printf("in6_selectroute: destination = %s%%%d\n", 569 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 570 dstsock->sin6_scope_id); /* for debug */ 571 } 572 #endif 573 574 /* If the caller specify the outgoing interface explicitly, use it. */ 575 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 576 /* XXX boundary check is assumed to be already done. */ 577 ifp = ifnet_byindex(pi->ipi6_ifindex); 578 if (ifp != NULL && 579 (norouteok || retrt == NULL || 580 IN6_IS_ADDR_MULTICAST(dst))) { 581 /* 582 * we do not have to check or get the route for 583 * multicast. 584 */ 585 goto done; 586 } else 587 goto getroute; 588 } 589 /* 590 * If the destination address is a multicast address and the outgoing 591 * interface for the address is specified by the caller, use it. 592 */ 593 if (IN6_IS_ADDR_MULTICAST(dst) && 594 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 595 goto done; /* we do not need a route for multicast. */ 596 } 597 /* 598 * If destination address is LLA or link- or node-local multicast, 599 * use it's embedded scope zone id to determine outgoing interface. 600 */ 601 if (IN6_IS_ADDR_MC_LINKLOCAL(dst) || 602 IN6_IS_ADDR_MC_NODELOCAL(dst)) { 603 zoneid = ntohs(in6_getscope(dst)); 604 if (zoneid > 0) { 605 ifp = in6_getlinkifnet(zoneid); 606 goto done; 607 } 608 } 609 610 getroute: 611 /* 612 * If the next hop address for the packet is specified by the caller, 613 * use it as the gateway. 614 */ 615 if (opts && opts->ip6po_nexthop) { 616 struct route_in6 *ron; 617 struct llentry *la; 618 619 sin6_next = satosin6(opts->ip6po_nexthop); 620 621 /* at this moment, we only support AF_INET6 next hops */ 622 if (sin6_next->sin6_family != AF_INET6) { 623 error = EAFNOSUPPORT; /* or should we proceed? */ 624 goto done; 625 } 626 627 /* 628 * If the next hop is an IPv6 address, then the node identified 629 * by that address must be a neighbor of the sending host. 630 */ 631 ron = &opts->ip6po_nextroute; 632 /* 633 * XXX what do we do here? 634 * PLZ to be fixing 635 */ 636 637 638 if (ron->ro_rt == NULL) { 639 in6_rtalloc(ron, fibnum); /* multi path case? */ 640 if (ron->ro_rt == NULL) { 641 /* XXX-BZ WT.? */ 642 if (ron->ro_rt) { 643 RTFREE(ron->ro_rt); 644 ron->ro_rt = NULL; 645 } 646 error = EHOSTUNREACH; 647 goto done; 648 } 649 } 650 651 rt = ron->ro_rt; 652 ifp = rt->rt_ifp; 653 IF_AFDATA_RLOCK(ifp); 654 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)sin6_next); 655 IF_AFDATA_RUNLOCK(ifp); 656 if (la != NULL) 657 LLE_RUNLOCK(la); 658 else { 659 error = EHOSTUNREACH; 660 goto done; 661 } 662 #if 0 663 if ((ron->ro_rt && 664 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 665 (RTF_UP | RTF_LLINFO)) || 666 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 667 &sin6_next->sin6_addr)) { 668 if (ron->ro_rt) { 669 RTFREE(ron->ro_rt); 670 ron->ro_rt = NULL; 671 } 672 *satosin6(&ron->ro_dst) = *sin6_next; 673 } 674 if (ron->ro_rt == NULL) { 675 in6_rtalloc(ron, fibnum); /* multi path case? */ 676 if (ron->ro_rt == NULL || 677 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 678 if (ron->ro_rt) { 679 RTFREE(ron->ro_rt); 680 ron->ro_rt = NULL; 681 } 682 error = EHOSTUNREACH; 683 goto done; 684 } 685 } 686 #endif 687 688 /* 689 * When cloning is required, try to allocate a route to the 690 * destination so that the caller can store path MTU 691 * information. 692 */ 693 goto done; 694 } 695 696 /* 697 * Use a cached route if it exists and is valid, else try to allocate 698 * a new one. Note that we should check the address family of the 699 * cached destination, in case of sharing the cache with IPv4. 700 */ 701 if (ro) { 702 if (ro->ro_rt && 703 (!(ro->ro_rt->rt_flags & RTF_UP) || 704 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 705 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 706 dst))) { 707 RTFREE(ro->ro_rt); 708 ro->ro_rt = (struct rtentry *)NULL; 709 } 710 if (ro->ro_rt == (struct rtentry *)NULL) { 711 struct sockaddr_in6 *sa6; 712 713 /* No route yet, so try to acquire one */ 714 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 715 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 716 *sa6 = *dstsock; 717 sa6->sin6_scope_id = 0; 718 719 #ifdef RADIX_MPATH 720 rtalloc_mpath_fib((struct route *)ro, 721 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum); 722 #else 723 ro->ro_rt = in6_rtalloc1((struct sockaddr *) 724 &ro->ro_dst, 0, 0UL, fibnum); 725 if (ro->ro_rt) 726 RT_UNLOCK(ro->ro_rt); 727 #endif 728 } 729 730 /* 731 * do not care about the result if we have the nexthop 732 * explicitly specified. 733 */ 734 if (opts && opts->ip6po_nexthop) 735 goto done; 736 737 if (ro->ro_rt) { 738 ifp = ro->ro_rt->rt_ifp; 739 740 if (ifp == NULL) { /* can this really happen? */ 741 RTFREE(ro->ro_rt); 742 ro->ro_rt = NULL; 743 } 744 } 745 if (ro->ro_rt == NULL) 746 error = EHOSTUNREACH; 747 rt = ro->ro_rt; 748 749 /* 750 * Check if the outgoing interface conflicts with 751 * the interface specified by ipi6_ifindex (if specified). 752 * Note that loopback interface is always okay. 753 * (this may happen when we are sending a packet to one of 754 * our own addresses.) 755 */ 756 if (ifp && opts && opts->ip6po_pktinfo && 757 opts->ip6po_pktinfo->ipi6_ifindex) { 758 if (!(ifp->if_flags & IFF_LOOPBACK) && 759 ifp->if_index != 760 opts->ip6po_pktinfo->ipi6_ifindex) { 761 error = EHOSTUNREACH; 762 goto done; 763 } 764 } 765 } 766 767 done: 768 if (ifp == NULL && rt == NULL) { 769 /* 770 * This can happen if the caller did not pass a cached route 771 * nor any other hints. We treat this case an error. 772 */ 773 error = EHOSTUNREACH; 774 } 775 if (error == EHOSTUNREACH) 776 IP6STAT_INC(ip6s_noroute); 777 778 if (retifp != NULL) { 779 *retifp = ifp; 780 781 /* 782 * Adjust the "outgoing" interface. If we're going to loop 783 * the packet back to ourselves, the ifp would be the loopback 784 * interface. However, we'd rather know the interface associated 785 * to the destination address (which should probably be one of 786 * our own addresses.) 787 */ 788 if (rt) { 789 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 790 (rt->rt_gateway->sa_family == AF_LINK)) 791 *retifp = 792 ifnet_byindex(((struct sockaddr_dl *) 793 rt->rt_gateway)->sdl_index); 794 } 795 } 796 797 if (retrt != NULL) 798 *retrt = rt; /* rt may be NULL */ 799 800 return (error); 801 } 802 803 static int 804 in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 805 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp, 806 struct ifnet *oifp, u_int fibnum) 807 { 808 int error; 809 struct route_in6 sro; 810 struct rtentry *rt = NULL; 811 812 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__)); 813 814 if (ro == NULL) { 815 bzero(&sro, sizeof(sro)); 816 ro = &sro; 817 } 818 819 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 820 &rt, 1, fibnum)) != 0) { 821 if (ro == &sro && rt && rt == sro.ro_rt) 822 RTFREE(rt); 823 /* Help ND. See oifp comment in in6_selectsrc(). */ 824 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) { 825 *retifp = oifp; 826 error = 0; 827 } 828 return (error); 829 } 830 831 /* 832 * do not use a rejected or black hole route. 833 * XXX: this check should be done in the L2 output routine. 834 * However, if we skipped this check here, we'd see the following 835 * scenario: 836 * - install a rejected route for a scoped address prefix 837 * (like fe80::/10) 838 * - send a packet to a destination that matches the scoped prefix, 839 * with ambiguity about the scope zone. 840 * - pick the outgoing interface from the route, and disambiguate the 841 * scope zone with the interface. 842 * - ip6_output() would try to get another route with the "new" 843 * destination, which may be valid. 844 * - we'd see no error on output. 845 * Although this may not be very harmful, it should still be confusing. 846 * We thus reject the case here. 847 */ 848 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 849 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 850 851 if (ro == &sro && rt && rt == sro.ro_rt) 852 RTFREE(rt); 853 return (flags); 854 } 855 856 if (ro == &sro && rt && rt == sro.ro_rt) 857 RTFREE(rt); 858 return (0); 859 } 860 861 /* 862 * Public wrapper function to selectroute(). 863 * 864 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The 865 * in6_selectroute_fib() function is only there for backward compat on stable. 866 */ 867 int 868 in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 869 struct ip6_moptions *mopts, struct route_in6 *ro, 870 struct ifnet **retifp, struct rtentry **retrt) 871 { 872 873 return (selectroute(dstsock, opts, mopts, ro, retifp, 874 retrt, 0, RT_DEFAULT_FIB)); 875 } 876 877 #ifndef BURN_BRIDGES 878 int 879 in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 880 struct ip6_moptions *mopts, struct route_in6 *ro, 881 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum) 882 { 883 884 return (selectroute(dstsock, opts, mopts, ro, retifp, 885 retrt, 0, fibnum)); 886 } 887 #endif 888 889 /* 890 * Default hop limit selection. The precedence is as follows: 891 * 1. Hoplimit value specified via ioctl. 892 * 2. (If the outgoing interface is detected) the current 893 * hop limit of the interface specified by router advertisement. 894 * 3. The system default hoplimit. 895 */ 896 int 897 in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 898 { 899 900 if (in6p && in6p->in6p_hops >= 0) 901 return (in6p->in6p_hops); 902 else if (ifp) 903 return (ND_IFINFO(ifp)->chlim); 904 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 905 struct route_in6 ro6; 906 struct ifnet *lifp; 907 908 bzero(&ro6, sizeof(ro6)); 909 ro6.ro_dst.sin6_family = AF_INET6; 910 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 911 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 912 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum); 913 if (ro6.ro_rt) { 914 lifp = ro6.ro_rt->rt_ifp; 915 RTFREE(ro6.ro_rt); 916 if (lifp) 917 return (ND_IFINFO(lifp)->chlim); 918 } 919 } 920 return (V_ip6_defhlim); 921 } 922 923 /* 924 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 925 * share this function by all *bsd*... 926 */ 927 int 928 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 929 { 930 struct socket *so = inp->inp_socket; 931 u_int16_t lport = 0; 932 int error, lookupflags = 0; 933 #ifdef INVARIANTS 934 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 935 #endif 936 937 INP_WLOCK_ASSERT(inp); 938 INP_HASH_WLOCK_ASSERT(pcbinfo); 939 940 error = prison_local_ip6(cred, laddr, 941 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 942 if (error) 943 return(error); 944 945 /* XXX: this is redundant when called from in6_pcbbind */ 946 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 947 lookupflags = INPLOOKUP_WILDCARD; 948 949 inp->inp_flags |= INP_ANONPORT; 950 951 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags); 952 if (error != 0) 953 return (error); 954 955 inp->inp_lport = lport; 956 if (in_pcbinshash(inp) != 0) { 957 inp->in6p_laddr = in6addr_any; 958 inp->inp_lport = 0; 959 return (EAGAIN); 960 } 961 962 return (0); 963 } 964 965 void 966 addrsel_policy_init(void) 967 { 968 969 init_policy_queue(); 970 971 /* initialize the "last resort" policy */ 972 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 973 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 974 975 if (!IS_DEFAULT_VNET(curvnet)) 976 return; 977 978 ADDRSEL_LOCK_INIT(); 979 ADDRSEL_SXLOCK_INIT(); 980 } 981 982 static struct in6_addrpolicy * 983 lookup_addrsel_policy(struct sockaddr_in6 *key) 984 { 985 struct in6_addrpolicy *match = NULL; 986 987 ADDRSEL_LOCK(); 988 match = match_addrsel_policy(key); 989 990 if (match == NULL) 991 match = &V_defaultaddrpolicy; 992 else 993 match->use++; 994 ADDRSEL_UNLOCK(); 995 996 return (match); 997 } 998 999 /* 1000 * Subroutines to manage the address selection policy table via sysctl. 1001 */ 1002 struct walkarg { 1003 struct sysctl_req *w_req; 1004 }; 1005 1006 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 1007 SYSCTL_DECL(_net_inet6_ip6); 1008 static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 1009 CTLFLAG_RD, in6_src_sysctl, ""); 1010 1011 static int 1012 in6_src_sysctl(SYSCTL_HANDLER_ARGS) 1013 { 1014 struct walkarg w; 1015 1016 if (req->newptr) 1017 return EPERM; 1018 1019 bzero(&w, sizeof(w)); 1020 w.w_req = req; 1021 1022 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 1023 } 1024 1025 int 1026 in6_src_ioctl(u_long cmd, caddr_t data) 1027 { 1028 struct in6_addrpolicy ent0; 1029 1030 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 1031 return (EOPNOTSUPP); /* check for safety */ 1032 1033 ent0 = *(struct in6_addrpolicy *)data; 1034 1035 if (ent0.label == ADDR_LABEL_NOTAPP) 1036 return (EINVAL); 1037 /* check if the prefix mask is consecutive. */ 1038 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1039 return (EINVAL); 1040 /* clear trailing garbages (if any) of the prefix address. */ 1041 IN6_MASK_ADDR(&ent0.addr.sin6_addr, &ent0.addrmask.sin6_addr); 1042 ent0.use = 0; 1043 1044 switch (cmd) { 1045 case SIOCAADDRCTL_POLICY: 1046 return (add_addrsel_policyent(&ent0)); 1047 case SIOCDADDRCTL_POLICY: 1048 return (delete_addrsel_policyent(&ent0)); 1049 } 1050 1051 return (0); /* XXX: compromise compilers */ 1052 } 1053 1054 /* 1055 * The followings are implementation of the policy table using a 1056 * simple tail queue. 1057 * XXX such details should be hidden. 1058 * XXX implementation using binary tree should be more efficient. 1059 */ 1060 struct addrsel_policyent { 1061 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1062 struct in6_addrpolicy ape_policy; 1063 }; 1064 1065 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1066 1067 static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1068 #define V_addrsel_policytab VNET(addrsel_policytab) 1069 1070 static void 1071 init_policy_queue(void) 1072 { 1073 1074 TAILQ_INIT(&V_addrsel_policytab); 1075 } 1076 1077 static int 1078 add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1079 { 1080 struct addrsel_policyent *new, *pol; 1081 1082 new = malloc(sizeof(*new), M_IFADDR, 1083 M_WAITOK); 1084 ADDRSEL_XLOCK(); 1085 ADDRSEL_LOCK(); 1086 1087 /* duplication check */ 1088 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1089 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1090 &pol->ape_policy.addr.sin6_addr) && 1091 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1092 &pol->ape_policy.addrmask.sin6_addr)) { 1093 ADDRSEL_UNLOCK(); 1094 ADDRSEL_XUNLOCK(); 1095 free(new, M_IFADDR); 1096 return (EEXIST); /* or override it? */ 1097 } 1098 } 1099 1100 bzero(new, sizeof(*new)); 1101 1102 /* XXX: should validate entry */ 1103 new->ape_policy = *newpolicy; 1104 1105 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1106 ADDRSEL_UNLOCK(); 1107 ADDRSEL_XUNLOCK(); 1108 1109 return (0); 1110 } 1111 1112 static int 1113 delete_addrsel_policyent(struct in6_addrpolicy *key) 1114 { 1115 struct addrsel_policyent *pol; 1116 1117 ADDRSEL_XLOCK(); 1118 ADDRSEL_LOCK(); 1119 1120 /* search for the entry in the table */ 1121 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1122 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1123 &pol->ape_policy.addr.sin6_addr) && 1124 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1125 &pol->ape_policy.addrmask.sin6_addr)) { 1126 break; 1127 } 1128 } 1129 if (pol == NULL) { 1130 ADDRSEL_UNLOCK(); 1131 ADDRSEL_XUNLOCK(); 1132 return (ESRCH); 1133 } 1134 1135 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1136 ADDRSEL_UNLOCK(); 1137 ADDRSEL_XUNLOCK(); 1138 free(pol, M_IFADDR); 1139 1140 return (0); 1141 } 1142 1143 static int 1144 walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w) 1145 { 1146 struct addrsel_policyent *pol; 1147 int error = 0; 1148 1149 ADDRSEL_SLOCK(); 1150 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1151 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1152 ADDRSEL_SUNLOCK(); 1153 return (error); 1154 } 1155 } 1156 ADDRSEL_SUNLOCK(); 1157 return (error); 1158 } 1159 1160 static int 1161 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1162 { 1163 int error = 0; 1164 struct walkarg *w = arg; 1165 1166 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1167 1168 return (error); 1169 } 1170 1171 static struct in6_addrpolicy * 1172 match_addrsel_policy(struct sockaddr_in6 *key) 1173 { 1174 struct addrsel_policyent *pent; 1175 struct in6_addrpolicy *bestpol = NULL, *pol; 1176 int matchlen, bestmatchlen = -1; 1177 u_char *mp, *ep, *k, *p, m; 1178 1179 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1180 matchlen = 0; 1181 1182 pol = &pent->ape_policy; 1183 mp = (u_char *)&pol->addrmask.sin6_addr; 1184 ep = mp + 16; /* XXX: scope field? */ 1185 k = (u_char *)&key->sin6_addr; 1186 p = (u_char *)&pol->addr.sin6_addr; 1187 for (; mp < ep && *mp; mp++, k++, p++) { 1188 m = *mp; 1189 if ((*k & m) != *p) 1190 goto next; /* not match */ 1191 if (m == 0xff) /* short cut for a typical case */ 1192 matchlen += 8; 1193 else { 1194 while (m >= 0x80) { 1195 matchlen++; 1196 m <<= 1; 1197 } 1198 } 1199 } 1200 1201 /* matched. check if this is better than the current best. */ 1202 if (bestpol == NULL || 1203 matchlen > bestmatchlen) { 1204 bestpol = pol; 1205 bestmatchlen = matchlen; 1206 } 1207 1208 next: 1209 continue; 1210 } 1211 1212 return (bestpol); 1213 } 1214