in6_src.c revision 297445
1/*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $ 30 */ 31 32/*- 33 * Copyright (c) 1982, 1986, 1991, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 61 */ 62 63#include <sys/cdefs.h> 64__FBSDID("$FreeBSD: stable/10/sys/netinet6/in6_src.c 297445 2016-03-31 09:55:21Z ae $"); 65 66#include "opt_inet.h" 67#include "opt_inet6.h" 68#include "opt_mpath.h" 69 70#include <sys/param.h> 71#include <sys/systm.h> 72#include <sys/lock.h> 73#include <sys/malloc.h> 74#include <sys/mbuf.h> 75#include <sys/priv.h> 76#include <sys/protosw.h> 77#include <sys/socket.h> 78#include <sys/socketvar.h> 79#include <sys/sockio.h> 80#include <sys/sysctl.h> 81#include <sys/errno.h> 82#include <sys/time.h> 83#include <sys/jail.h> 84#include <sys/kernel.h> 85#include <sys/sx.h> 86 87#include <net/if.h> 88#include <net/if_dl.h> 89#include <net/route.h> 90#include <net/if_llatbl.h> 91#ifdef RADIX_MPATH 92#include <net/radix_mpath.h> 93#endif 94 95#include <netinet/in.h> 96#include <netinet/in_var.h> 97#include <netinet/in_systm.h> 98#include <netinet/ip.h> 99#include <netinet/in_pcb.h> 100#include <netinet/ip_var.h> 101#include <netinet/udp.h> 102#include <netinet/udp_var.h> 103 104#include <netinet6/in6_var.h> 105#include <netinet/ip6.h> 106#include <netinet6/in6_pcb.h> 107#include <netinet6/ip6_var.h> 108#include <netinet6/scope6_var.h> 109#include <netinet6/nd6.h> 110 111static struct mtx addrsel_lock; 112#define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF) 113#define ADDRSEL_LOCK() mtx_lock(&addrsel_lock) 114#define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock) 115#define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED) 116 117static struct sx addrsel_sxlock; 118#define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock") 119#define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock) 120#define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock) 121#define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock) 122#define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock) 123 124#define ADDR_LABEL_NOTAPP (-1) 125static VNET_DEFINE(struct in6_addrpolicy, defaultaddrpolicy); 126#define V_defaultaddrpolicy VNET(defaultaddrpolicy) 127 128VNET_DEFINE(int, ip6_prefer_tempaddr) = 0; 129 130static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, 131 struct ip6_moptions *, struct route_in6 *, struct ifnet **, 132 struct rtentry **, int, u_int); 133static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *, 134 struct ip6_moptions *, struct route_in6 *ro, struct ifnet **, 135 struct ifnet *, u_int); 136 137static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *); 138 139static void init_policy_queue(void); 140static int add_addrsel_policyent(struct in6_addrpolicy *); 141static int delete_addrsel_policyent(struct in6_addrpolicy *); 142static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *), 143 void *); 144static int dump_addrsel_policyent(struct in6_addrpolicy *, void *); 145static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *); 146 147/* 148 * Return an IPv6 address, which is the most appropriate for a given 149 * destination and user specified options. 150 * If necessary, this function lookups the routing table and returns 151 * an entry to the caller for later use. 152 */ 153#define REPLACE(r) do {\ 154 IP6STAT_INC(ip6s_sources_rule[(r)]); \ 155 rule = (r); \ 156 /* { \ 157 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 158 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 159 } */ \ 160 goto replace; \ 161} while(0) 162#define NEXT(r) do {\ 163 /* { \ 164 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \ 165 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \ 166 } */ \ 167 goto next; /* XXX: we can't use 'continue' here */ \ 168} while(0) 169#define BREAK(r) do { \ 170 IP6STAT_INC(ip6s_sources_rule[(r)]); \ 171 rule = (r); \ 172 goto out; /* XXX: we can't use 'break' here */ \ 173} while(0) 174 175int 176in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 177 struct inpcb *inp, struct route_in6 *ro, struct ucred *cred, 178 struct ifnet **ifpp, struct in6_addr *srcp) 179{ 180 struct in6_addr dst, tmp; 181 struct ifnet *ifp = NULL, *oifp = NULL; 182 struct in6_ifaddr *ia = NULL, *ia_best = NULL; 183 struct in6_pktinfo *pi = NULL; 184 int dst_scope = -1, best_scope = -1, best_matchlen = -1; 185 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL; 186 u_int32_t odstzone; 187 int prefer_tempaddr; 188 int error, rule; 189 struct ip6_moptions *mopts; 190 191 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__)); 192 193 dst = dstsock->sin6_addr; /* make a copy for local operation */ 194 if (ifpp) { 195 /* 196 * Save a possibly passed in ifp for in6_selectsrc. Only 197 * neighbor discovery code should use this feature, where 198 * we may know the interface but not the FIB number holding 199 * the connected subnet in case someone deleted it from the 200 * default FIB and we need to check the interface. 201 */ 202 if (*ifpp != NULL) 203 oifp = *ifpp; 204 *ifpp = NULL; 205 } 206 207 if (inp != NULL) { 208 INP_LOCK_ASSERT(inp); 209 mopts = inp->in6p_moptions; 210 } else { 211 mopts = NULL; 212 } 213 214 /* 215 * If the source address is explicitly specified by the caller, 216 * check if the requested source address is indeed a unicast address 217 * assigned to the node, and can be used as the packet's source 218 * address. If everything is okay, use the address as source. 219 */ 220 if (opts && (pi = opts->ip6po_pktinfo) && 221 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { 222 struct sockaddr_in6 srcsock; 223 struct in6_ifaddr *ia6; 224 225 /* get the outgoing interface */ 226 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 227 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) 228 != 0) 229 return (error); 230 231 /* 232 * determine the appropriate zone id of the source based on 233 * the zone of the destination and the outgoing interface. 234 * If the specified address is ambiguous wrt the scope zone, 235 * the interface must be specified; otherwise, ifa_ifwithaddr() 236 * will fail matching the address. 237 */ 238 bzero(&srcsock, sizeof(srcsock)); 239 srcsock.sin6_family = AF_INET6; 240 srcsock.sin6_len = sizeof(srcsock); 241 srcsock.sin6_addr = pi->ipi6_addr; 242 if (ifp) { 243 error = in6_setscope(&srcsock.sin6_addr, ifp, NULL); 244 if (error) 245 return (error); 246 } 247 if (cred != NULL && (error = prison_local_ip6(cred, 248 &srcsock.sin6_addr, (inp != NULL && 249 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 250 return (error); 251 252 /* 253 * If IPV6_BINDANY socket option is set, we allow to specify 254 * non local addresses as source address in IPV6_PKTINFO 255 * ancillary data. 256 */ 257 if ((inp->inp_flags & INP_BINDANY) == 0) { 258 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr( 259 (struct sockaddr *)&srcsock); 260 if (ia6 == NULL || (ia6->ia6_flags & (IN6_IFF_ANYCAST | 261 IN6_IFF_NOTREADY))) { 262 if (ia6 != NULL) 263 ifa_free(&ia6->ia_ifa); 264 return (EADDRNOTAVAIL); 265 } 266 bcopy(&ia6->ia_addr.sin6_addr, srcp, sizeof(*srcp)); 267 ifa_free(&ia6->ia_ifa); 268 } else 269 bcopy(&srcsock.sin6_addr, srcp, sizeof(*srcp)); 270 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */ 271 if (ifpp) 272 *ifpp = ifp; 273 return (0); 274 } 275 276 /* 277 * Otherwise, if the socket has already bound the source, just use it. 278 */ 279 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 280 if (cred != NULL && 281 (error = prison_local_ip6(cred, &inp->in6p_laddr, 282 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0) 283 return (error); 284 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp)); 285 return (0); 286 } 287 288 /* 289 * Bypass source address selection and use the primary jail IP 290 * if requested. 291 */ 292 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp)) 293 return (0); 294 295 /* 296 * If the address is not specified, choose the best one based on 297 * the outgoing interface and the destination address. 298 */ 299 /* get the outgoing interface */ 300 if ((error = in6_selectif(dstsock, opts, mopts, ro, &ifp, oifp, 301 (inp != NULL) ? inp->inp_inc.inc_fibnum : RT_DEFAULT_FIB)) != 0) 302 return (error); 303 304#ifdef DIAGNOSTIC 305 if (ifp == NULL) /* this should not happen */ 306 panic("in6_selectsrc: NULL ifp"); 307#endif 308 error = in6_setscope(&dst, ifp, &odstzone); 309 if (error) 310 return (error); 311 312 rule = 0; 313 IN6_IFADDR_RLOCK(); 314 TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) { 315 int new_scope = -1, new_matchlen = -1; 316 struct in6_addrpolicy *new_policy = NULL; 317 u_int32_t srczone, osrczone, dstzone; 318 struct in6_addr src; 319 struct ifnet *ifp1 = ia->ia_ifp; 320 321 /* 322 * We'll never take an address that breaks the scope zone 323 * of the destination. We also skip an address if its zone 324 * does not contain the outgoing interface. 325 * XXX: we should probably use sin6_scope_id here. 326 */ 327 if (in6_setscope(&dst, ifp1, &dstzone) || 328 odstzone != dstzone) { 329 continue; 330 } 331 src = ia->ia_addr.sin6_addr; 332 if (in6_setscope(&src, ifp, &osrczone) || 333 in6_setscope(&src, ifp1, &srczone) || 334 osrczone != srczone) { 335 continue; 336 } 337 338 /* avoid unusable addresses */ 339 if ((ia->ia6_flags & 340 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) { 341 continue; 342 } 343 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia)) 344 continue; 345 346 /* If jailed only take addresses of the jail into account. */ 347 if (cred != NULL && 348 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0) 349 continue; 350 351 /* Rule 1: Prefer same address */ 352 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) { 353 ia_best = ia; 354 BREAK(1); /* there should be no better candidate */ 355 } 356 357 if (ia_best == NULL) 358 REPLACE(0); 359 360 /* Rule 2: Prefer appropriate scope */ 361 if (dst_scope < 0) 362 dst_scope = in6_addrscope(&dst); 363 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr); 364 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) { 365 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0) 366 REPLACE(2); 367 NEXT(2); 368 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) { 369 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0) 370 NEXT(2); 371 REPLACE(2); 372 } 373 374 /* 375 * Rule 3: Avoid deprecated addresses. Note that the case of 376 * !ip6_use_deprecated is already rejected above. 377 */ 378 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia)) 379 NEXT(3); 380 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia)) 381 REPLACE(3); 382 383 /* Rule 4: Prefer home addresses */ 384 /* 385 * XXX: This is a TODO. We should probably merge the MIP6 386 * case above. 387 */ 388 389 /* Rule 5: Prefer outgoing interface */ 390 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) { 391 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp) 392 NEXT(5); 393 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp) 394 REPLACE(5); 395 } 396 397 /* 398 * Rule 6: Prefer matching label 399 * Note that best_policy should be non-NULL here. 400 */ 401 if (dst_policy == NULL) 402 dst_policy = lookup_addrsel_policy(dstsock); 403 if (dst_policy->label != ADDR_LABEL_NOTAPP) { 404 new_policy = lookup_addrsel_policy(&ia->ia_addr); 405 if (dst_policy->label == best_policy->label && 406 dst_policy->label != new_policy->label) 407 NEXT(6); 408 if (dst_policy->label != best_policy->label && 409 dst_policy->label == new_policy->label) 410 REPLACE(6); 411 } 412 413 /* 414 * Rule 7: Prefer public addresses. 415 * We allow users to reverse the logic by configuring 416 * a sysctl variable, so that privacy conscious users can 417 * always prefer temporary addresses. 418 */ 419 if (opts == NULL || 420 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) { 421 prefer_tempaddr = V_ip6_prefer_tempaddr; 422 } else if (opts->ip6po_prefer_tempaddr == 423 IP6PO_TEMPADDR_NOTPREFER) { 424 prefer_tempaddr = 0; 425 } else 426 prefer_tempaddr = 1; 427 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 428 (ia->ia6_flags & IN6_IFF_TEMPORARY)) { 429 if (prefer_tempaddr) 430 REPLACE(7); 431 else 432 NEXT(7); 433 } 434 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) && 435 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 436 if (prefer_tempaddr) 437 NEXT(7); 438 else 439 REPLACE(7); 440 } 441 442 /* 443 * Rule 8: prefer addresses on alive interfaces. 444 * This is a KAME specific rule. 445 */ 446 if ((ia_best->ia_ifp->if_flags & IFF_UP) && 447 !(ia->ia_ifp->if_flags & IFF_UP)) 448 NEXT(8); 449 if (!(ia_best->ia_ifp->if_flags & IFF_UP) && 450 (ia->ia_ifp->if_flags & IFF_UP)) 451 REPLACE(8); 452 453 /* 454 * Rule 9: prefer address with better virtual status. 455 */ 456 if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa)) 457 REPLACE(9); 458 if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa)) 459 NEXT(9); 460 461 /* 462 * Rule 10: prefer address with `prefer_source' flag. 463 */ 464 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 && 465 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0) 466 REPLACE(10); 467 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 && 468 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0) 469 NEXT(10); 470 471 /* 472 * Rule 14: Use longest matching prefix. 473 * Note: in the address selection draft, this rule is 474 * documented as "Rule 8". However, since it is also 475 * documented that this rule can be overridden, we assign 476 * a large number so that it is easy to assign smaller numbers 477 * to more preferred rules. 478 */ 479 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst); 480 if (best_matchlen < new_matchlen) 481 REPLACE(14); 482 if (new_matchlen < best_matchlen) 483 NEXT(14); 484 485 /* Rule 15 is reserved. */ 486 487 /* 488 * Last resort: just keep the current candidate. 489 * Or, do we need more rules? 490 */ 491 continue; 492 493 replace: 494 ia_best = ia; 495 best_scope = (new_scope >= 0 ? new_scope : 496 in6_addrscope(&ia_best->ia_addr.sin6_addr)); 497 best_policy = (new_policy ? new_policy : 498 lookup_addrsel_policy(&ia_best->ia_addr)); 499 best_matchlen = (new_matchlen >= 0 ? new_matchlen : 500 in6_matchlen(&ia_best->ia_addr.sin6_addr, 501 &dst)); 502 503 next: 504 continue; 505 506 out: 507 break; 508 } 509 510 if ((ia = ia_best) == NULL) { 511 IN6_IFADDR_RUNLOCK(); 512 IP6STAT_INC(ip6s_sources_none); 513 return (EADDRNOTAVAIL); 514 } 515 516 /* 517 * At this point at least one of the addresses belonged to the jail 518 * but it could still be, that we want to further restrict it, e.g. 519 * theoratically IN6_IS_ADDR_LOOPBACK. 520 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore. 521 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should 522 * let all others previously selected pass. 523 * Use tmp to not change ::1 on lo0 to the primary jail address. 524 */ 525 tmp = ia->ia_addr.sin6_addr; 526 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL && 527 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) { 528 IN6_IFADDR_RUNLOCK(); 529 IP6STAT_INC(ip6s_sources_none); 530 return (EADDRNOTAVAIL); 531 } 532 533 if (ifpp) 534 *ifpp = ifp; 535 536 bcopy(&tmp, srcp, sizeof(*srcp)); 537 if (ia->ia_ifp == ifp) 538 IP6STAT_INC(ip6s_sources_sameif[best_scope]); 539 else 540 IP6STAT_INC(ip6s_sources_otherif[best_scope]); 541 if (dst_scope == best_scope) 542 IP6STAT_INC(ip6s_sources_samescope[best_scope]); 543 else 544 IP6STAT_INC(ip6s_sources_otherscope[best_scope]); 545 if (IFA6_IS_DEPRECATED(ia)) 546 IP6STAT_INC(ip6s_sources_deprecated[best_scope]); 547 IN6_IFADDR_RUNLOCK(); 548 return (0); 549} 550 551/* 552 * clone - meaningful only for bsdi and freebsd 553 */ 554static int 555selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 556 struct ip6_moptions *mopts, struct route_in6 *ro, 557 struct ifnet **retifp, struct rtentry **retrt, int norouteok, u_int fibnum) 558{ 559 int error = 0; 560 struct ifnet *ifp = NULL; 561 struct rtentry *rt = NULL; 562 struct sockaddr_in6 *sin6_next; 563 struct in6_pktinfo *pi = NULL; 564 struct in6_addr *dst = &dstsock->sin6_addr; 565#if 0 566 char ip6buf[INET6_ADDRSTRLEN]; 567 568 if (dstsock->sin6_addr.s6_addr32[0] == 0 && 569 dstsock->sin6_addr.s6_addr32[1] == 0 && 570 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) { 571 printf("in6_selectroute: strange destination %s\n", 572 ip6_sprintf(ip6buf, &dstsock->sin6_addr)); 573 } else { 574 printf("in6_selectroute: destination = %s%%%d\n", 575 ip6_sprintf(ip6buf, &dstsock->sin6_addr), 576 dstsock->sin6_scope_id); /* for debug */ 577 } 578#endif 579 580 /* If the caller specify the outgoing interface explicitly, use it. */ 581 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) { 582 /* XXX boundary check is assumed to be already done. */ 583 ifp = ifnet_byindex(pi->ipi6_ifindex); 584 if (ifp != NULL && 585 (norouteok || retrt == NULL || 586 IN6_IS_ADDR_MULTICAST(dst))) { 587 /* 588 * we do not have to check or get the route for 589 * multicast. 590 */ 591 goto done; 592 } else 593 goto getroute; 594 } 595 596 /* 597 * If the destination address is a multicast address and the outgoing 598 * interface for the address is specified by the caller, use it. 599 */ 600 if (IN6_IS_ADDR_MULTICAST(dst) && 601 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) { 602 goto done; /* we do not need a route for multicast. */ 603 } 604 605 getroute: 606 /* 607 * If the next hop address for the packet is specified by the caller, 608 * use it as the gateway. 609 */ 610 if (opts && opts->ip6po_nexthop) { 611 struct route_in6 *ron; 612 struct llentry *la; 613 614 sin6_next = satosin6(opts->ip6po_nexthop); 615 616 /* at this moment, we only support AF_INET6 next hops */ 617 if (sin6_next->sin6_family != AF_INET6) { 618 error = EAFNOSUPPORT; /* or should we proceed? */ 619 goto done; 620 } 621 622 /* 623 * If the next hop is an IPv6 address, then the node identified 624 * by that address must be a neighbor of the sending host. 625 */ 626 ron = &opts->ip6po_nextroute; 627 /* 628 * XXX what do we do here? 629 * PLZ to be fixing 630 */ 631 632 633 if (ron->ro_rt == NULL) { 634 in6_rtalloc(ron, fibnum); /* multi path case? */ 635 if (ron->ro_rt == NULL) { 636 /* XXX-BZ WT.? */ 637 if (ron->ro_rt) { 638 RTFREE(ron->ro_rt); 639 ron->ro_rt = NULL; 640 } 641 error = EHOSTUNREACH; 642 goto done; 643 } 644 } 645 646 rt = ron->ro_rt; 647 ifp = rt->rt_ifp; 648 IF_AFDATA_RLOCK(ifp); 649 la = lla_lookup(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6_next->sin6_addr); 650 IF_AFDATA_RUNLOCK(ifp); 651 if (la != NULL) 652 LLE_RUNLOCK(la); 653 else { 654 error = EHOSTUNREACH; 655 goto done; 656 } 657#if 0 658 if ((ron->ro_rt && 659 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) != 660 (RTF_UP | RTF_LLINFO)) || 661 !IN6_ARE_ADDR_EQUAL(&satosin6(&ron->ro_dst)->sin6_addr, 662 &sin6_next->sin6_addr)) { 663 if (ron->ro_rt) { 664 RTFREE(ron->ro_rt); 665 ron->ro_rt = NULL; 666 } 667 *satosin6(&ron->ro_dst) = *sin6_next; 668 } 669 if (ron->ro_rt == NULL) { 670 in6_rtalloc(ron, fibnum); /* multi path case? */ 671 if (ron->ro_rt == NULL || 672 !(ron->ro_rt->rt_flags & RTF_LLINFO)) { 673 if (ron->ro_rt) { 674 RTFREE(ron->ro_rt); 675 ron->ro_rt = NULL; 676 } 677 error = EHOSTUNREACH; 678 goto done; 679 } 680 } 681#endif 682 683 /* 684 * When cloning is required, try to allocate a route to the 685 * destination so that the caller can store path MTU 686 * information. 687 */ 688 goto done; 689 } 690 691 /* 692 * Use a cached route if it exists and is valid, else try to allocate 693 * a new one. Note that we should check the address family of the 694 * cached destination, in case of sharing the cache with IPv4. 695 */ 696 if (ro) { 697 if (ro->ro_rt && 698 (!(ro->ro_rt->rt_flags & RTF_UP) || 699 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 || 700 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr, 701 dst))) { 702 RTFREE(ro->ro_rt); 703 ro->ro_rt = (struct rtentry *)NULL; 704 } 705 if (ro->ro_rt == (struct rtentry *)NULL) { 706 struct sockaddr_in6 *sa6; 707 708 /* No route yet, so try to acquire one */ 709 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6)); 710 sa6 = (struct sockaddr_in6 *)&ro->ro_dst; 711 *sa6 = *dstsock; 712 sa6->sin6_scope_id = 0; 713 714#ifdef RADIX_MPATH 715 rtalloc_mpath_fib((struct route *)ro, 716 ntohl(sa6->sin6_addr.s6_addr32[3]), fibnum); 717#else 718 ro->ro_rt = in6_rtalloc1((struct sockaddr *) 719 &ro->ro_dst, 0, 0UL, fibnum); 720 if (ro->ro_rt) 721 RT_UNLOCK(ro->ro_rt); 722#endif 723 } 724 725 /* 726 * do not care about the result if we have the nexthop 727 * explicitly specified. 728 */ 729 if (opts && opts->ip6po_nexthop) 730 goto done; 731 732 if (ro->ro_rt) { 733 ifp = ro->ro_rt->rt_ifp; 734 735 if (ifp == NULL) { /* can this really happen? */ 736 RTFREE(ro->ro_rt); 737 ro->ro_rt = NULL; 738 } 739 } 740 if (ro->ro_rt == NULL) 741 error = EHOSTUNREACH; 742 rt = ro->ro_rt; 743 744 /* 745 * Check if the outgoing interface conflicts with 746 * the interface specified by ipi6_ifindex (if specified). 747 * Note that loopback interface is always okay. 748 * (this may happen when we are sending a packet to one of 749 * our own addresses.) 750 */ 751 if (ifp && opts && opts->ip6po_pktinfo && 752 opts->ip6po_pktinfo->ipi6_ifindex) { 753 if (!(ifp->if_flags & IFF_LOOPBACK) && 754 ifp->if_index != 755 opts->ip6po_pktinfo->ipi6_ifindex) { 756 error = EHOSTUNREACH; 757 goto done; 758 } 759 } 760 } 761 762 done: 763 if (ifp == NULL && rt == NULL) { 764 /* 765 * This can happen if the caller did not pass a cached route 766 * nor any other hints. We treat this case an error. 767 */ 768 error = EHOSTUNREACH; 769 } 770 if (error == EHOSTUNREACH) 771 IP6STAT_INC(ip6s_noroute); 772 773 if (retifp != NULL) { 774 *retifp = ifp; 775 776 /* 777 * Adjust the "outgoing" interface. If we're going to loop 778 * the packet back to ourselves, the ifp would be the loopback 779 * interface. However, we'd rather know the interface associated 780 * to the destination address (which should probably be one of 781 * our own addresses.) 782 */ 783 if (rt) { 784 if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) && 785 (rt->rt_gateway->sa_family == AF_LINK)) 786 *retifp = 787 ifnet_byindex(((struct sockaddr_dl *) 788 rt->rt_gateway)->sdl_index); 789 } 790 } 791 792 if (retrt != NULL) 793 *retrt = rt; /* rt may be NULL */ 794 795 return (error); 796} 797 798static int 799in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 800 struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp, 801 struct ifnet *oifp, u_int fibnum) 802{ 803 int error; 804 struct route_in6 sro; 805 struct rtentry *rt = NULL; 806 807 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__)); 808 809 if (ro == NULL) { 810 bzero(&sro, sizeof(sro)); 811 ro = &sro; 812 } 813 814 if ((error = selectroute(dstsock, opts, mopts, ro, retifp, 815 &rt, 1, fibnum)) != 0) { 816 if (ro == &sro && rt && rt == sro.ro_rt) 817 RTFREE(rt); 818 /* Help ND. See oifp comment in in6_selectsrc(). */ 819 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) { 820 *retifp = oifp; 821 error = 0; 822 } 823 return (error); 824 } 825 826 /* 827 * do not use a rejected or black hole route. 828 * XXX: this check should be done in the L2 output routine. 829 * However, if we skipped this check here, we'd see the following 830 * scenario: 831 * - install a rejected route for a scoped address prefix 832 * (like fe80::/10) 833 * - send a packet to a destination that matches the scoped prefix, 834 * with ambiguity about the scope zone. 835 * - pick the outgoing interface from the route, and disambiguate the 836 * scope zone with the interface. 837 * - ip6_output() would try to get another route with the "new" 838 * destination, which may be valid. 839 * - we'd see no error on output. 840 * Although this may not be very harmful, it should still be confusing. 841 * We thus reject the case here. 842 */ 843 if (rt && (rt->rt_flags & (RTF_REJECT | RTF_BLACKHOLE))) { 844 int flags = (rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH); 845 846 if (ro == &sro && rt && rt == sro.ro_rt) 847 RTFREE(rt); 848 return (flags); 849 } 850 851 if (ro == &sro && rt && rt == sro.ro_rt) 852 RTFREE(rt); 853 return (0); 854} 855 856/* 857 * Public wrapper function to selectroute(). 858 * 859 * XXX-BZ in6_selectroute() should and will grow the FIB argument. The 860 * in6_selectroute_fib() function is only there for backward compat on stable. 861 */ 862int 863in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 864 struct ip6_moptions *mopts, struct route_in6 *ro, 865 struct ifnet **retifp, struct rtentry **retrt) 866{ 867 868 return (selectroute(dstsock, opts, mopts, ro, retifp, 869 retrt, 0, RT_DEFAULT_FIB)); 870} 871 872#ifndef BURN_BRIDGES 873int 874in6_selectroute_fib(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, 875 struct ip6_moptions *mopts, struct route_in6 *ro, 876 struct ifnet **retifp, struct rtentry **retrt, u_int fibnum) 877{ 878 879 return (selectroute(dstsock, opts, mopts, ro, retifp, 880 retrt, 0, fibnum)); 881} 882#endif 883 884/* 885 * Default hop limit selection. The precedence is as follows: 886 * 1. Hoplimit value specified via ioctl. 887 * 2. (If the outgoing interface is detected) the current 888 * hop limit of the interface specified by router advertisement. 889 * 3. The system default hoplimit. 890 */ 891int 892in6_selecthlim(struct inpcb *in6p, struct ifnet *ifp) 893{ 894 895 if (in6p && in6p->in6p_hops >= 0) 896 return (in6p->in6p_hops); 897 else if (ifp) 898 return (ND_IFINFO(ifp)->chlim); 899 else if (in6p && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 900 struct route_in6 ro6; 901 struct ifnet *lifp; 902 903 bzero(&ro6, sizeof(ro6)); 904 ro6.ro_dst.sin6_family = AF_INET6; 905 ro6.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 906 ro6.ro_dst.sin6_addr = in6p->in6p_faddr; 907 in6_rtalloc(&ro6, in6p->inp_inc.inc_fibnum); 908 if (ro6.ro_rt) { 909 lifp = ro6.ro_rt->rt_ifp; 910 RTFREE(ro6.ro_rt); 911 if (lifp) 912 return (ND_IFINFO(lifp)->chlim); 913 } 914 } 915 return (V_ip6_defhlim); 916} 917 918/* 919 * XXX: this is borrowed from in6_pcbbind(). If possible, we should 920 * share this function by all *bsd*... 921 */ 922int 923in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) 924{ 925 struct socket *so = inp->inp_socket; 926 u_int16_t lport = 0; 927 int error, lookupflags = 0; 928#ifdef INVARIANTS 929 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo; 930#endif 931 932 INP_WLOCK_ASSERT(inp); 933 INP_HASH_WLOCK_ASSERT(pcbinfo); 934 935 error = prison_local_ip6(cred, laddr, 936 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)); 937 if (error) 938 return(error); 939 940 /* XXX: this is redundant when called from in6_pcbbind */ 941 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0) 942 lookupflags = INPLOOKUP_WILDCARD; 943 944 inp->inp_flags |= INP_ANONPORT; 945 946 error = in_pcb_lport(inp, NULL, &lport, cred, lookupflags); 947 if (error != 0) 948 return (error); 949 950 inp->inp_lport = lport; 951 if (in_pcbinshash(inp) != 0) { 952 inp->in6p_laddr = in6addr_any; 953 inp->inp_lport = 0; 954 return (EAGAIN); 955 } 956 957 return (0); 958} 959 960void 961addrsel_policy_init(void) 962{ 963 964 init_policy_queue(); 965 966 /* initialize the "last resort" policy */ 967 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy)); 968 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP; 969 970 if (!IS_DEFAULT_VNET(curvnet)) 971 return; 972 973 ADDRSEL_LOCK_INIT(); 974 ADDRSEL_SXLOCK_INIT(); 975} 976 977static struct in6_addrpolicy * 978lookup_addrsel_policy(struct sockaddr_in6 *key) 979{ 980 struct in6_addrpolicy *match = NULL; 981 982 ADDRSEL_LOCK(); 983 match = match_addrsel_policy(key); 984 985 if (match == NULL) 986 match = &V_defaultaddrpolicy; 987 else 988 match->use++; 989 ADDRSEL_UNLOCK(); 990 991 return (match); 992} 993 994/* 995 * Subroutines to manage the address selection policy table via sysctl. 996 */ 997struct walkarg { 998 struct sysctl_req *w_req; 999}; 1000 1001static int in6_src_sysctl(SYSCTL_HANDLER_ARGS); 1002SYSCTL_DECL(_net_inet6_ip6); 1003static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, 1004 CTLFLAG_RD, in6_src_sysctl, ""); 1005 1006static int 1007in6_src_sysctl(SYSCTL_HANDLER_ARGS) 1008{ 1009 struct walkarg w; 1010 1011 if (req->newptr) 1012 return EPERM; 1013 1014 bzero(&w, sizeof(w)); 1015 w.w_req = req; 1016 1017 return (walk_addrsel_policy(dump_addrsel_policyent, &w)); 1018} 1019 1020int 1021in6_src_ioctl(u_long cmd, caddr_t data) 1022{ 1023 int i; 1024 struct in6_addrpolicy ent0; 1025 1026 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY) 1027 return (EOPNOTSUPP); /* check for safety */ 1028 1029 ent0 = *(struct in6_addrpolicy *)data; 1030 1031 if (ent0.label == ADDR_LABEL_NOTAPP) 1032 return (EINVAL); 1033 /* check if the prefix mask is consecutive. */ 1034 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0) 1035 return (EINVAL); 1036 /* clear trailing garbages (if any) of the prefix address. */ 1037 for (i = 0; i < 4; i++) { 1038 ent0.addr.sin6_addr.s6_addr32[i] &= 1039 ent0.addrmask.sin6_addr.s6_addr32[i]; 1040 } 1041 ent0.use = 0; 1042 1043 switch (cmd) { 1044 case SIOCAADDRCTL_POLICY: 1045 return (add_addrsel_policyent(&ent0)); 1046 case SIOCDADDRCTL_POLICY: 1047 return (delete_addrsel_policyent(&ent0)); 1048 } 1049 1050 return (0); /* XXX: compromise compilers */ 1051} 1052 1053/* 1054 * The followings are implementation of the policy table using a 1055 * simple tail queue. 1056 * XXX such details should be hidden. 1057 * XXX implementation using binary tree should be more efficient. 1058 */ 1059struct addrsel_policyent { 1060 TAILQ_ENTRY(addrsel_policyent) ape_entry; 1061 struct in6_addrpolicy ape_policy; 1062}; 1063 1064TAILQ_HEAD(addrsel_policyhead, addrsel_policyent); 1065 1066static VNET_DEFINE(struct addrsel_policyhead, addrsel_policytab); 1067#define V_addrsel_policytab VNET(addrsel_policytab) 1068 1069static void 1070init_policy_queue(void) 1071{ 1072 1073 TAILQ_INIT(&V_addrsel_policytab); 1074} 1075 1076static int 1077add_addrsel_policyent(struct in6_addrpolicy *newpolicy) 1078{ 1079 struct addrsel_policyent *new, *pol; 1080 1081 new = malloc(sizeof(*new), M_IFADDR, 1082 M_WAITOK); 1083 ADDRSEL_XLOCK(); 1084 ADDRSEL_LOCK(); 1085 1086 /* duplication check */ 1087 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1088 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr, 1089 &pol->ape_policy.addr.sin6_addr) && 1090 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr, 1091 &pol->ape_policy.addrmask.sin6_addr)) { 1092 ADDRSEL_UNLOCK(); 1093 ADDRSEL_XUNLOCK(); 1094 free(new, M_IFADDR); 1095 return (EEXIST); /* or override it? */ 1096 } 1097 } 1098 1099 bzero(new, sizeof(*new)); 1100 1101 /* XXX: should validate entry */ 1102 new->ape_policy = *newpolicy; 1103 1104 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry); 1105 ADDRSEL_UNLOCK(); 1106 ADDRSEL_XUNLOCK(); 1107 1108 return (0); 1109} 1110 1111static int 1112delete_addrsel_policyent(struct in6_addrpolicy *key) 1113{ 1114 struct addrsel_policyent *pol; 1115 1116 ADDRSEL_XLOCK(); 1117 ADDRSEL_LOCK(); 1118 1119 /* search for the entry in the table */ 1120 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1121 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr, 1122 &pol->ape_policy.addr.sin6_addr) && 1123 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr, 1124 &pol->ape_policy.addrmask.sin6_addr)) { 1125 break; 1126 } 1127 } 1128 if (pol == NULL) { 1129 ADDRSEL_UNLOCK(); 1130 ADDRSEL_XUNLOCK(); 1131 return (ESRCH); 1132 } 1133 1134 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry); 1135 ADDRSEL_UNLOCK(); 1136 ADDRSEL_XUNLOCK(); 1137 free(pol, M_IFADDR); 1138 1139 return (0); 1140} 1141 1142static int 1143walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w) 1144{ 1145 struct addrsel_policyent *pol; 1146 int error = 0; 1147 1148 ADDRSEL_SLOCK(); 1149 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) { 1150 if ((error = (*callback)(&pol->ape_policy, w)) != 0) { 1151 ADDRSEL_SUNLOCK(); 1152 return (error); 1153 } 1154 } 1155 ADDRSEL_SUNLOCK(); 1156 return (error); 1157} 1158 1159static int 1160dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg) 1161{ 1162 int error = 0; 1163 struct walkarg *w = arg; 1164 1165 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol)); 1166 1167 return (error); 1168} 1169 1170static struct in6_addrpolicy * 1171match_addrsel_policy(struct sockaddr_in6 *key) 1172{ 1173 struct addrsel_policyent *pent; 1174 struct in6_addrpolicy *bestpol = NULL, *pol; 1175 int matchlen, bestmatchlen = -1; 1176 u_char *mp, *ep, *k, *p, m; 1177 1178 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) { 1179 matchlen = 0; 1180 1181 pol = &pent->ape_policy; 1182 mp = (u_char *)&pol->addrmask.sin6_addr; 1183 ep = mp + 16; /* XXX: scope field? */ 1184 k = (u_char *)&key->sin6_addr; 1185 p = (u_char *)&pol->addr.sin6_addr; 1186 for (; mp < ep && *mp; mp++, k++, p++) { 1187 m = *mp; 1188 if ((*k & m) != *p) 1189 goto next; /* not match */ 1190 if (m == 0xff) /* short cut for a typical case */ 1191 matchlen += 8; 1192 else { 1193 while (m >= 0x80) { 1194 matchlen++; 1195 m <<= 1; 1196 } 1197 } 1198 } 1199 1200 /* matched. check if this is better than the current best. */ 1201 if (bestpol == NULL || 1202 matchlen > bestmatchlen) { 1203 bestpol = pol; 1204 bestmatchlen = matchlen; 1205 } 1206 1207 next: 1208 continue; 1209 } 1210 1211 return (bestpol); 1212} 1213