1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 2000 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $KAME: scope6.c,v 1.10 2000/07/24 13:29:31 itojun Exp $ 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/systm.h> 43 #include <sys/queue.h> 44 #include <sys/sysctl.h> 45 #include <sys/syslog.h> 46 47 #include <net/if.h> 48 #include <net/if_var.h> 49 #include <net/vnet.h> 50 51 #include <netinet/in.h> 52 53 #include <netinet/ip6.h> 54 #include <netinet6/in6_var.h> 55 #include <netinet6/ip6_var.h> 56 #include <netinet6/scope6_var.h> 57 58 #ifdef ENABLE_DEFAULT_SCOPE 59 VNET_DEFINE(int, ip6_use_defzone) = 1; 60 #else 61 VNET_DEFINE(int, ip6_use_defzone) = 0; 62 #endif 63 SYSCTL_DECL(_net_inet6_ip6); 64 65 /* 66 * The scope6_lock protects the global sid default stored in 67 * sid_default below. 68 */ 69 static struct mtx scope6_lock; 70 #define SCOPE6_LOCK_INIT() mtx_init(&scope6_lock, "scope6_lock", NULL, MTX_DEF) 71 #define SCOPE6_LOCK() mtx_lock(&scope6_lock) 72 #define SCOPE6_UNLOCK() mtx_unlock(&scope6_lock) 73 #define SCOPE6_LOCK_ASSERT() mtx_assert(&scope6_lock, MA_OWNED) 74 75 VNET_DEFINE_STATIC(struct scope6_id, sid_default); 76 #define V_sid_default VNET(sid_default) 77 78 #define SID(ifp) \ 79 (((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->scope6_id) 80 81 static int scope6_get(struct ifnet *, struct scope6_id *); 82 static int scope6_set(struct ifnet *, struct scope6_id *); 83 84 void 85 scope6_init(void) 86 { 87 88 bzero(&V_sid_default, sizeof(V_sid_default)); 89 90 if (!IS_DEFAULT_VNET(curvnet)) 91 return; 92 93 SCOPE6_LOCK_INIT(); 94 } 95 96 struct scope6_id * 97 scope6_ifattach(struct ifnet *ifp) 98 { 99 struct scope6_id *sid; 100 101 sid = malloc(sizeof(*sid), M_IFADDR, M_WAITOK | M_ZERO); 102 /* 103 * XXX: IPV6_ADDR_SCOPE_xxx macros are not standard. 104 * Should we rather hardcode here? 105 */ 106 sid->s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = ifp->if_index; 107 sid->s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = ifp->if_index; 108 return (sid); 109 } 110 111 void 112 scope6_ifdetach(struct scope6_id *sid) 113 { 114 115 free(sid, M_IFADDR); 116 } 117 118 int 119 scope6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 120 { 121 struct in6_ifreq *ifr; 122 123 if (ifp->if_afdata[AF_INET6] == NULL) 124 return (EPFNOSUPPORT); 125 126 ifr = (struct in6_ifreq *)data; 127 switch (cmd) { 128 case SIOCSSCOPE6: 129 return (scope6_set(ifp, 130 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 131 case SIOCGSCOPE6: 132 return (scope6_get(ifp, 133 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 134 case SIOCGSCOPE6DEF: 135 return (scope6_get_default( 136 (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id)); 137 default: 138 return (EOPNOTSUPP); 139 } 140 } 141 142 static int 143 scope6_set(struct ifnet *ifp, struct scope6_id *idlist) 144 { 145 int i; 146 int error = 0; 147 struct scope6_id *sid = NULL; 148 149 IF_AFDATA_WLOCK(ifp); 150 sid = SID(ifp); 151 152 if (!sid) { /* paranoid? */ 153 IF_AFDATA_WUNLOCK(ifp); 154 return (EINVAL); 155 } 156 157 /* 158 * XXX: We need more consistency checks of the relationship among 159 * scopes (e.g. an organization should be larger than a site). 160 */ 161 162 /* 163 * TODO(XXX): after setting, we should reflect the changes to 164 * interface addresses, routing table entries, PCB entries... 165 */ 166 167 for (i = 0; i < 16; i++) { 168 if (idlist->s6id_list[i] && 169 idlist->s6id_list[i] != sid->s6id_list[i]) { 170 /* 171 * An interface zone ID must be the corresponding 172 * interface index by definition. 173 */ 174 if (i == IPV6_ADDR_SCOPE_INTFACELOCAL && 175 idlist->s6id_list[i] != ifp->if_index) { 176 IF_AFDATA_WUNLOCK(ifp); 177 return (EINVAL); 178 } 179 180 if (i == IPV6_ADDR_SCOPE_LINKLOCAL) { 181 struct epoch_tracker et; 182 183 NET_EPOCH_ENTER(et); 184 if (!ifnet_byindex(idlist->s6id_list[i])) { 185 /* 186 * XXX: theoretically, there should be 187 * no relationship between link IDs and 188 * interface IDs, but we check the 189 * consistency for safety in later use. 190 */ 191 NET_EPOCH_EXIT(et); 192 IF_AFDATA_WUNLOCK(ifp); 193 return (EINVAL); 194 } 195 NET_EPOCH_EXIT(et); 196 } 197 198 /* 199 * XXX: we must need lots of work in this case, 200 * but we simply set the new value in this initial 201 * implementation. 202 */ 203 sid->s6id_list[i] = idlist->s6id_list[i]; 204 } 205 } 206 IF_AFDATA_WUNLOCK(ifp); 207 208 return (error); 209 } 210 211 static int 212 scope6_get(struct ifnet *ifp, struct scope6_id *idlist) 213 { 214 struct epoch_tracker et; 215 struct scope6_id *sid; 216 217 /* We only need to lock the interface's afdata for SID() to work. */ 218 NET_EPOCH_ENTER(et); 219 sid = SID(ifp); 220 if (sid == NULL) { /* paranoid? */ 221 NET_EPOCH_EXIT(et); 222 return (EINVAL); 223 } 224 225 *idlist = *sid; 226 227 NET_EPOCH_EXIT(et); 228 return (0); 229 } 230 231 /* 232 * Get a scope of the address. Node-local, link-local, site-local or global. 233 */ 234 int 235 in6_addrscope(const struct in6_addr *addr) 236 { 237 238 if (IN6_IS_ADDR_MULTICAST(addr)) { 239 /* 240 * Addresses with reserved value F must be treated as 241 * global multicast addresses. 242 */ 243 if (IPV6_ADDR_MC_SCOPE(addr) == 0x0f) 244 return (IPV6_ADDR_SCOPE_GLOBAL); 245 return (IPV6_ADDR_MC_SCOPE(addr)); 246 } 247 if (IN6_IS_ADDR_LINKLOCAL(addr) || 248 IN6_IS_ADDR_LOOPBACK(addr)) 249 return (IPV6_ADDR_SCOPE_LINKLOCAL); 250 if (IN6_IS_ADDR_SITELOCAL(addr)) 251 return (IPV6_ADDR_SCOPE_SITELOCAL); 252 return (IPV6_ADDR_SCOPE_GLOBAL); 253 } 254 255 /* 256 * ifp - note that this might be NULL 257 */ 258 259 void 260 scope6_setdefault(struct ifnet *ifp) 261 { 262 263 /* 264 * Currently, this function just sets the default "interfaces" 265 * and "links" according to the given interface. 266 * We might eventually have to separate the notion of "link" from 267 * "interface" and provide a user interface to set the default. 268 */ 269 SCOPE6_LOCK(); 270 if (ifp) { 271 V_sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = 272 ifp->if_index; 273 V_sid_default.s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = 274 ifp->if_index; 275 } else { 276 V_sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = 0; 277 V_sid_default.s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = 0; 278 } 279 SCOPE6_UNLOCK(); 280 } 281 282 int 283 scope6_get_default(struct scope6_id *idlist) 284 { 285 286 SCOPE6_LOCK(); 287 *idlist = V_sid_default; 288 SCOPE6_UNLOCK(); 289 290 return (0); 291 } 292 293 u_int32_t 294 scope6_addr2default(struct in6_addr *addr) 295 { 296 u_int32_t id; 297 298 /* 299 * special case: The loopback address should be considered as 300 * link-local, but there's no ambiguity in the syntax. 301 */ 302 if (IN6_IS_ADDR_LOOPBACK(addr)) 303 return (0); 304 305 /* 306 * XXX: 32-bit read is atomic on all our platforms, is it OK 307 * not to lock here? 308 */ 309 SCOPE6_LOCK(); 310 id = V_sid_default.s6id_list[in6_addrscope(addr)]; 311 SCOPE6_UNLOCK(); 312 return (id); 313 } 314 315 /* 316 * Validate the specified scope zone ID in the sin6_scope_id field. If the ID 317 * is unspecified (=0), needs to be specified, and the default zone ID can be 318 * used, the default value will be used. 319 * This routine then generates the kernel-internal form: if the address scope 320 * of is interface-local or link-local, embed the interface index in the 321 * address. 322 */ 323 int 324 sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok) 325 { 326 u_int32_t zoneid; 327 328 if ((zoneid = sin6->sin6_scope_id) == 0 && defaultok) 329 zoneid = scope6_addr2default(&sin6->sin6_addr); 330 331 if (zoneid != 0 && 332 (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) || 333 IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr))) { 334 struct epoch_tracker et; 335 336 /* 337 * At this moment, we only check interface-local and 338 * link-local scope IDs, and use interface indices as the 339 * zone IDs assuming a one-to-one mapping between interfaces 340 * and links. 341 */ 342 NET_EPOCH_ENTER(et); 343 if (ifnet_byindex(zoneid) == NULL) { 344 NET_EPOCH_EXIT(et); 345 return (ENXIO); 346 } 347 NET_EPOCH_EXIT(et); 348 349 /* XXX assignment to 16bit from 32bit variable */ 350 sin6->sin6_addr.s6_addr16[1] = htons(zoneid & 0xffff); 351 sin6->sin6_scope_id = 0; 352 } 353 354 return 0; 355 } 356 357 /* 358 * generate standard sockaddr_in6 from embedded form. 359 */ 360 int 361 sa6_recoverscope(struct sockaddr_in6 *sin6) 362 { 363 char ip6buf[INET6_ADDRSTRLEN]; 364 u_int32_t zoneid; 365 366 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) || 367 IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr)) { 368 /* 369 * KAME assumption: link id == interface id 370 */ 371 zoneid = ntohs(sin6->sin6_addr.s6_addr16[1]); 372 if (zoneid) { 373 struct epoch_tracker et; 374 375 NET_EPOCH_ENTER(et); 376 /* sanity check */ 377 if (!ifnet_byindex(zoneid)) { 378 NET_EPOCH_EXIT(et); 379 return (ENXIO); 380 } 381 NET_EPOCH_EXIT(et); 382 if (sin6->sin6_scope_id != 0 && 383 zoneid != sin6->sin6_scope_id) { 384 log(LOG_NOTICE, 385 "%s: embedded scope mismatch: %s%%%d. " 386 "sin6_scope_id was overridden\n", __func__, 387 ip6_sprintf(ip6buf, &sin6->sin6_addr), 388 sin6->sin6_scope_id); 389 } 390 sin6->sin6_addr.s6_addr16[1] = 0; 391 sin6->sin6_scope_id = zoneid; 392 } 393 } 394 395 return 0; 396 } 397 398 /* 399 * Determine the appropriate scope zone ID for in6 and ifp. If ret_id is 400 * non NULL, it is set to the zone ID. If the zone ID needs to be embedded 401 * in the in6_addr structure, in6 will be modified. 402 * 403 * ret_id - unnecessary? 404 */ 405 int 406 in6_setscope(struct in6_addr *in6, struct ifnet *ifp, u_int32_t *ret_id) 407 { 408 int scope; 409 u_int32_t zoneid = 0; 410 struct scope6_id *sid; 411 412 /* 413 * special case: the loopback address can only belong to a loopback 414 * interface. 415 */ 416 if (IN6_IS_ADDR_LOOPBACK(in6)) { 417 if (!(ifp->if_flags & IFF_LOOPBACK)) 418 return (EINVAL); 419 } else { 420 scope = in6_addrscope(in6); 421 if (scope == IPV6_ADDR_SCOPE_INTFACELOCAL || 422 scope == IPV6_ADDR_SCOPE_LINKLOCAL) { 423 /* 424 * Currently we use interface indices as the 425 * zone IDs for interface-local and link-local 426 * scopes. 427 */ 428 zoneid = ifp->if_index; 429 in6->s6_addr16[1] = htons(zoneid & 0xffff); /* XXX */ 430 } else if (scope != IPV6_ADDR_SCOPE_GLOBAL) { 431 struct epoch_tracker et; 432 433 NET_EPOCH_ENTER(et); 434 if (ifp->if_afdata[AF_INET6] == NULL) { 435 NET_EPOCH_EXIT(et); 436 return (ENETDOWN); 437 } 438 sid = SID(ifp); 439 zoneid = sid->s6id_list[scope]; 440 NET_EPOCH_EXIT(et); 441 } 442 } 443 444 if (ret_id != NULL) 445 *ret_id = zoneid; 446 447 return (0); 448 } 449 450 /* 451 * Just clear the embedded scope identifier. Return 0 if the original address 452 * is intact; return non 0 if the address is modified. 453 */ 454 int 455 in6_clearscope(struct in6_addr *in6) 456 { 457 int modified = 0; 458 459 if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6)) { 460 if (in6->s6_addr16[1] != 0) 461 modified = 1; 462 in6->s6_addr16[1] = 0; 463 } 464 465 return (modified); 466 } 467 468 /* 469 * Return the scope identifier or zero. 470 */ 471 uint16_t 472 in6_getscope(const struct in6_addr *in6) 473 { 474 475 if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6)) 476 return (in6->s6_addr16[1]); 477 478 return (0); 479 } 480 481 /* 482 * Returns scope zone id for the unicast address @in6. 483 * 484 * Returns 0 for global unicast and loopback addresses. 485 * Returns interface index for the link-local addresses. 486 */ 487 uint32_t 488 in6_get_unicast_scopeid(const struct in6_addr *in6, const struct ifnet *ifp) 489 { 490 491 if (IN6_IS_SCOPE_LINKLOCAL(in6)) 492 return (ifp->if_index); 493 return (0); 494 } 495 496 void 497 in6_set_unicast_scopeid(struct in6_addr *in6, uint32_t scopeid) 498 { 499 500 in6->s6_addr16[1] = htons(scopeid & 0xffff); 501 } 502 503 /* 504 * Return pointer to ifnet structure, corresponding to the zone id of 505 * link-local scope. 506 */ 507 struct ifnet* 508 in6_getlinkifnet(uint32_t zoneid) 509 { 510 511 return (ifnet_byindex((u_short)zoneid)); 512 } 513 514 /* 515 * Return zone id for the specified scope. 516 */ 517 uint32_t 518 in6_getscopezone(const struct ifnet *ifp, int scope) 519 { 520 521 if (scope == IPV6_ADDR_SCOPE_INTFACELOCAL || 522 scope == IPV6_ADDR_SCOPE_LINKLOCAL) 523 return (ifp->if_index); 524 if (scope >= 0 && scope < IPV6_ADDR_SCOPES_COUNT) 525 return (SID(ifp)->s6id_list[scope]); 526 return (0); 527 } 528 529 /* 530 * Extracts scope from adddress @dst, stores cleared address 531 * inside @dst and zone inside @scopeid 532 */ 533 void 534 in6_splitscope(const struct in6_addr *src, struct in6_addr *dst, 535 uint32_t *scopeid) 536 { 537 uint32_t zoneid; 538 539 *dst = *src; 540 zoneid = ntohs(in6_getscope(dst)); 541 in6_clearscope(dst); 542 *scopeid = zoneid; 543 } 544 545 /* 546 * This function is for checking sockaddr_in6 structure passed 547 * from the application level (usually). 548 * 549 * sin6_scope_id should be set for link-local unicast, link-local and 550 * interface-local multicast addresses. 551 * 552 * If it is zero, then look into default zone ids. If default zone id is 553 * not set or disabled, then return error. 554 */ 555 int 556 sa6_checkzone(struct sockaddr_in6 *sa6) 557 { 558 int scope; 559 560 scope = in6_addrscope(&sa6->sin6_addr); 561 if (scope == IPV6_ADDR_SCOPE_GLOBAL) 562 return (sa6->sin6_scope_id ? EINVAL: 0); 563 if (IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr) && 564 scope != IPV6_ADDR_SCOPE_LINKLOCAL && 565 scope != IPV6_ADDR_SCOPE_INTFACELOCAL) { 566 if (sa6->sin6_scope_id == 0 && V_ip6_use_defzone != 0) 567 sa6->sin6_scope_id = V_sid_default.s6id_list[scope]; 568 return (0); 569 } 570 /* 571 * Since ::1 address always configured on the lo0, we can 572 * automatically set its zone id, when it is not specified. 573 * Return error, when specified zone id doesn't match with 574 * actual value. 575 */ 576 if (IN6_IS_ADDR_LOOPBACK(&sa6->sin6_addr)) { 577 if (sa6->sin6_scope_id == 0) 578 sa6->sin6_scope_id = in6_getscopezone(V_loif, scope); 579 else if (sa6->sin6_scope_id != in6_getscopezone(V_loif, scope)) 580 return (EADDRNOTAVAIL); 581 } 582 /* XXX: we can validate sin6_scope_id here */ 583 if (sa6->sin6_scope_id != 0) 584 return (0); 585 if (V_ip6_use_defzone != 0) 586 sa6->sin6_scope_id = V_sid_default.s6id_list[scope]; 587 /* Return error if we can't determine zone id */ 588 return (sa6->sin6_scope_id ? 0: EADDRNOTAVAIL); 589 } 590 591 /* 592 * This function is similar to sa6_checkzone, but it uses given ifp 593 * to initialize sin6_scope_id. 594 */ 595 int 596 sa6_checkzone_ifp(struct ifnet *ifp, struct sockaddr_in6 *sa6) 597 { 598 int scope; 599 600 scope = in6_addrscope(&sa6->sin6_addr); 601 if (scope == IPV6_ADDR_SCOPE_LINKLOCAL || 602 scope == IPV6_ADDR_SCOPE_INTFACELOCAL) { 603 if (sa6->sin6_scope_id == 0) { 604 sa6->sin6_scope_id = in6_getscopezone(ifp, scope); 605 return (0); 606 } else if (sa6->sin6_scope_id != in6_getscopezone(ifp, scope)) 607 return (EADDRNOTAVAIL); 608 } 609 return (sa6_checkzone(sa6)); 610 } 611