2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * $KAME: in6.c,v 1.259 2002/01/21 11:37:50 keiichi Exp $
35 * Copyright (c) 1982, 1986, 1991, 1993
36 * The Regents of the University of California. All rights reserved.
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. Neither the name of the University nor the names of its contributors
47 * may be used to endorse or promote products derived from this software
48 * without specific prior written permission.
50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 #include <sys/cdefs.h>
65 #include "opt_inet6.h"
67 #include <sys/param.h>
68 #include <sys/eventhandler.h>
69 #include <sys/errno.h>
71 #include <sys/malloc.h>
72 #include <sys/socket.h>
73 #include <sys/socketvar.h>
74 #include <sys/sockio.h>
75 #include <sys/systm.h>
79 #include <sys/kernel.h>
81 #include <sys/rmlock.h>
82 #include <sys/sysctl.h>
83 #include <sys/syslog.h>
86 #include <net/if_var.h>
87 #include <net/if_private.h>
88 #include <net/if_types.h>
89 #include <net/route.h>
90 #include <net/route/route_ctl.h>
91 #include <net/route/nhop.h>
92 #include <net/if_dl.h>
95 #include <netinet/in.h>
96 #include <netinet/in_var.h>
97 #include <net/if_llatbl.h>
98 #include <netinet/if_ether.h>
99 #include <netinet/in_systm.h>
100 #include <netinet/ip.h>
101 #include <netinet/in_pcb.h>
102 #include <netinet/ip_carp.h>
104 #include <netinet/ip6.h>
105 #include <netinet6/ip6_var.h>
106 #include <netinet6/nd6.h>
107 #include <netinet6/mld6_var.h>
108 #include <netinet6/ip6_mroute.h>
109 #include <netinet6/in6_ifattach.h>
110 #include <netinet6/scope6_var.h>
111 #include <netinet6/in6_fib.h>
112 #include <netinet6/in6_pcb.h>
115 #include <security/mac/mac_framework.h>
119 * struct in6_ifreq and struct ifreq must be type punnable for common members
120 * of ifr_ifru to allow accessors to be shared.
122 _Static_assert(offsetof(struct in6_ifreq, ifr_ifru) ==
123 offsetof(struct ifreq, ifr_ifru),
124 "struct in6_ifreq and struct ifreq are not type punnable");
126 VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix);
127 #define V_icmp6_nodeinfo_oldmcprefix VNET(icmp6_nodeinfo_oldmcprefix)
130 * Definitions of some costant IP6 addresses.
132 const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
133 const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
134 const struct in6_addr in6addr_nodelocal_allnodes =
135 IN6ADDR_NODELOCAL_ALLNODES_INIT;
136 const struct in6_addr in6addr_linklocal_allnodes =
137 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
138 const struct in6_addr in6addr_linklocal_allrouters =
139 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
140 const struct in6_addr in6addr_linklocal_allv2routers =
141 IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT;
143 const struct in6_addr in6mask0 = IN6MASK0;
144 const struct in6_addr in6mask32 = IN6MASK32;
145 const struct in6_addr in6mask64 = IN6MASK64;
146 const struct in6_addr in6mask96 = IN6MASK96;
147 const struct in6_addr in6mask128 = IN6MASK128;
149 const struct sockaddr_in6 sa6_any =
150 { sizeof(sa6_any), AF_INET6, 0, 0, IN6ADDR_ANY_INIT, 0 };
152 static int in6_notify_ifa(struct ifnet *, struct in6_ifaddr *,
153 struct in6_aliasreq *, int);
154 static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *);
156 static int in6_validate_ifra(struct ifnet *, struct in6_aliasreq *,
157 struct in6_ifaddr *, int);
158 static struct in6_ifaddr *in6_alloc_ifa(struct ifnet *,
159 struct in6_aliasreq *, int flags);
160 static int in6_update_ifa_internal(struct ifnet *, struct in6_aliasreq *,
161 struct in6_ifaddr *, int, int);
162 static int in6_broadcast_ifa(struct ifnet *, struct in6_aliasreq *,
163 struct in6_ifaddr *, int);
165 static void in6_join_proxy_ndp_mc(struct ifnet *, const struct in6_addr *);
166 static void in6_leave_proxy_ndp_mc(struct ifnet *, const struct in6_addr *);
168 #define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
169 #define ia62ifa(ia6) (&((ia6)->ia_ifa))
171 static struct sx in6_control_sx;
172 SX_SYSINIT(in6_control_sx, &in6_control_sx, "in6_control");
175 in6_newaddrmsg(struct in6_ifaddr *ia, int cmd)
177 struct rt_addrinfo info;
179 struct sockaddr_dl gateway;
185 * Prepare info data for the host route.
186 * This code mimics one from ifa_maintain_loopback_route().
188 bzero(&info, sizeof(struct rt_addrinfo));
189 info.rti_flags = ifa->ifa_flags | RTF_HOST | RTF_STATIC | RTF_PINNED;
190 info.rti_info[RTAX_DST] = ifa->ifa_addr;
191 info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gateway;
192 link_init_sdl(ifa->ifa_ifp, (struct sockaddr *)&gateway, ifa->ifa_ifp->if_type);
193 if (cmd != RTM_DELETE)
194 info.rti_ifp = V_loif;
196 fibnum = ia62ifa(ia)->ifa_ifp->if_fib;
198 if (cmd == RTM_ADD) {
199 rt_addrmsg(cmd, &ia->ia_ifa, fibnum);
200 rt_routemsg_info(cmd, &info, fibnum);
201 } else if (cmd == RTM_DELETE) {
202 rt_routemsg_info(cmd, &info, fibnum);
203 rt_addrmsg(cmd, &ia->ia_ifa, fibnum);
208 in6_mask2len(struct in6_addr *mask, u_char *lim0)
211 u_char *lim = lim0, *p;
213 /* ignore the scope_id part */
214 if (lim0 == NULL || lim0 - (u_char *)mask > sizeof(*mask))
215 lim = (u_char *)mask + sizeof(*mask);
216 for (p = (u_char *)mask; p < lim; x++, p++) {
222 for (y = 0; y < 8; y++) {
223 if ((*p & (0x80 >> y)) == 0)
229 * when the limit pointer is given, do a stricter check on the
233 if (y != 0 && (*p & (0x00ff >> y)) != 0)
235 for (p = p + 1; p < lim; p++)
243 #ifdef COMPAT_FREEBSD32
244 struct in6_ndifreq32 {
245 char ifname[IFNAMSIZ];
248 #define SIOCGDEFIFACE32_IN6 _IOWR('i', 86, struct in6_ndifreq32)
252 in6_control_ioctl(u_long cmd, void *data,
253 struct ifnet *ifp, struct ucred *cred)
255 struct in6_ifreq *ifr = (struct in6_ifreq *)data;
256 struct in6_ifaddr *ia = NULL;
257 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
258 struct sockaddr_in6 *sa6;
260 bool control_locked = false;
263 * Compat to make pre-10.x ifconfig(8) operable.
265 if (cmd == OSIOCAIFADDR_IN6) {
266 cmd = SIOCAIFADDR_IN6;
271 case SIOCGETSGCNT_IN6:
272 case SIOCGETMIFCNT_IN6:
274 * XXX mrt_ioctl has a 3rd, unused, FIB argument in route.c.
275 * We cannot see how that would be needed, so do not adjust the
276 * KPI blindly; more likely should clean up the IPv4 variant.
278 return (mrt6_ioctl ? mrt6_ioctl(cmd, data) : EOPNOTSUPP);
282 case SIOCAADDRCTL_POLICY:
283 case SIOCDADDRCTL_POLICY:
285 error = priv_check_cred(cred, PRIV_NETINET_ADDRCTRL6);
289 return (in6_src_ioctl(cmd, data));
296 case SIOCSNDFLUSH_IN6:
297 case SIOCSPFXFLUSH_IN6:
298 case SIOCSRTRFLUSH_IN6:
299 case SIOCSDEFIFACE_IN6:
300 case SIOCSIFINFO_FLAGS:
301 case SIOCSIFINFO_IN6:
303 error = priv_check_cred(cred, PRIV_NETINET_ND6);
308 case OSIOCGIFINFO_IN6:
309 case SIOCGIFINFO_IN6:
310 case SIOCGNBRINFO_IN6:
311 case SIOCGDEFIFACE_IN6:
312 return (nd6_ioctl(cmd, data, ifp));
314 #ifdef COMPAT_FREEBSD32
315 case SIOCGDEFIFACE32_IN6:
317 struct in6_ndifreq ndif;
318 struct in6_ndifreq32 *ndif32;
320 error = nd6_ioctl(SIOCGDEFIFACE_IN6, (caddr_t)&ndif,
324 ndif32 = (struct in6_ndifreq32 *)data;
325 ndif32->ifindex = ndif.ifindex;
332 case SIOCSIFPREFIX_IN6:
333 case SIOCDIFPREFIX_IN6:
334 case SIOCAIFPREFIX_IN6:
335 case SIOCCIFPREFIX_IN6:
336 case SIOCSGIFPREFIX_IN6:
337 case SIOCGIFPREFIX_IN6:
339 "prefix ioctls are now invalidated. "
340 "please use ifconfig.\n");
347 error = priv_check_cred(cred, PRIV_NETINET_SCOPE6);
354 return (scope6_ioctl(cmd, data, ifp));
358 * Find address for this interface, if it exists.
360 * In netinet code, we have checked ifra_addr in SIOCSIF*ADDR operation
361 * only, and used the first interface address as the target of other
362 * operations (without checking ifra_addr). This was because netinet
363 * code/API assumed at most 1 interface address per interface.
364 * Since IPv6 allows a node to assign multiple addresses
365 * on a single interface, we almost always look and check the
366 * presence of ifra_addr, and reject invalid ones here.
367 * It also decreases duplicated code among SIOC*_IN6 operations.
370 case SIOCAIFADDR_IN6:
371 case SIOCSIFPHYADDR_IN6:
372 sa6 = &ifra->ifra_addr;
374 case SIOCSIFADDR_IN6:
375 case SIOCGIFADDR_IN6:
376 case SIOCSIFDSTADDR_IN6:
377 case SIOCSIFNETMASK_IN6:
378 case SIOCGIFDSTADDR_IN6:
379 case SIOCGIFNETMASK_IN6:
380 case SIOCDIFADDR_IN6:
381 case SIOCGIFPSRCADDR_IN6:
382 case SIOCGIFPDSTADDR_IN6:
383 case SIOCGIFAFLAG_IN6:
384 case SIOCSNDFLUSH_IN6:
385 case SIOCSPFXFLUSH_IN6:
386 case SIOCSRTRFLUSH_IN6:
387 case SIOCGIFALIFETIME_IN6:
388 case SIOCGIFSTAT_IN6:
389 case SIOCGIFSTAT_ICMP6:
390 sa6 = &ifr->ifr_addr;
397 * Although we should pass any non-INET6 ioctl requests
398 * down to driver, we filter some legacy INET requests.
399 * Drivers trust SIOCSIFADDR et al to come from an already
400 * privileged layer, and do not perform any credentials
401 * checks or input validation.
408 if (sa6 && sa6->sin6_family == AF_INET6) {
409 if (sa6->sin6_scope_id != 0)
410 error = sa6_embedscope(sa6, 0);
412 error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
415 if (cred != NULL && (error = prison_check_ip6(cred,
416 &sa6->sin6_addr)) != 0)
418 sx_xlock(&in6_control_sx);
419 control_locked = true;
420 ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
425 case SIOCSIFADDR_IN6:
426 case SIOCSIFDSTADDR_IN6:
427 case SIOCSIFNETMASK_IN6:
429 * Since IPv6 allows a node to assign multiple addresses
430 * on a single interface, SIOCSIFxxx ioctls are deprecated.
432 /* we decided to obsolete this command (20000704) */
436 case SIOCDIFADDR_IN6:
438 * for IPv4, we look for existing in_ifaddr here to allow
439 * "ifconfig if0 delete" to remove the first IPv4 address on
440 * the interface. For IPv6, as the spec allows multiple
441 * interface address from the day one, we consider "remove the
442 * first one" semantics to be not preferable.
445 error = EADDRNOTAVAIL;
449 case SIOCAIFADDR_IN6:
451 * We always require users to specify a valid IPv6 address for
452 * the corresponding operation.
454 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
455 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
456 error = EAFNOSUPPORT;
461 error = priv_check_cred(cred, (cmd == SIOCDIFADDR_IN6) ?
462 PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
467 case SIOCGIFSTAT_IN6:
468 case SIOCGIFSTAT_ICMP6:
469 if (ifp->if_afdata[AF_INET6] == NULL) {
470 error = EPFNOSUPPORT;
475 case SIOCGIFADDR_IN6:
476 /* This interface is basically deprecated. use SIOCGIFCONF. */
478 case SIOCGIFAFLAG_IN6:
479 case SIOCGIFNETMASK_IN6:
480 case SIOCGIFDSTADDR_IN6:
481 case SIOCGIFALIFETIME_IN6:
482 /* must think again about its semantics */
484 error = EADDRNOTAVAIL;
491 case SIOCGIFADDR_IN6:
492 ifr->ifr_addr = ia->ia_addr;
493 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
497 case SIOCGIFDSTADDR_IN6:
498 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
502 ifr->ifr_dstaddr = ia->ia_dstaddr;
503 if ((error = sa6_recoverscope(&ifr->ifr_dstaddr)) != 0)
507 case SIOCGIFNETMASK_IN6:
508 ifr->ifr_addr = ia->ia_prefixmask;
511 case SIOCGIFAFLAG_IN6:
512 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
515 case SIOCGIFSTAT_IN6:
516 COUNTER_ARRAY_COPY(((struct in6_ifextra *)
517 ifp->if_afdata[AF_INET6])->in6_ifstat,
518 &ifr->ifr_ifru.ifru_stat,
519 sizeof(struct in6_ifstat) / sizeof(uint64_t));
522 case SIOCGIFSTAT_ICMP6:
523 COUNTER_ARRAY_COPY(((struct in6_ifextra *)
524 ifp->if_afdata[AF_INET6])->icmp6_ifstat,
525 &ifr->ifr_ifru.ifru_icmp6stat,
526 sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
529 case SIOCGIFALIFETIME_IN6:
530 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
531 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
533 struct in6_addrlifetime *retlt =
534 &ifr->ifr_ifru.ifru_lifetime;
537 * XXX: adjust expiration time assuming time_t is
541 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
542 if (ia->ia6_lifetime.ia6t_vltime <
543 maxexpire - ia->ia6_updatetime) {
544 retlt->ia6t_expire = ia->ia6_updatetime +
545 ia->ia6_lifetime.ia6t_vltime;
547 retlt->ia6t_expire = maxexpire;
549 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
551 struct in6_addrlifetime *retlt =
552 &ifr->ifr_ifru.ifru_lifetime;
555 * XXX: adjust expiration time assuming time_t is
559 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
560 if (ia->ia6_lifetime.ia6t_pltime <
561 maxexpire - ia->ia6_updatetime) {
562 retlt->ia6t_preferred = ia->ia6_updatetime +
563 ia->ia6_lifetime.ia6t_pltime;
565 retlt->ia6t_preferred = maxexpire;
569 case SIOCAIFADDR_IN6:
571 /* Check if a MAC policy disallows setting the IPv6 address. */
572 error = mac_inet6_check_add_addr(cred, &sa6->sin6_addr, ifp);
576 error = in6_addifaddr(ifp, ifra, ia);
580 case SIOCDIFADDR_IN6:
582 EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa,
587 if (ifp->if_ioctl == NULL) {
591 error = (*ifp->if_ioctl)(ifp, cmd, data);
598 sx_xunlock(&in6_control_sx);
601 ifa_free(&ia->ia_ifa);
606 in6_control(struct socket *so, u_long cmd, void *data,
607 struct ifnet *ifp, struct thread *td)
609 return (in6_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL));
612 static struct in6_multi_mship *
613 in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr,
614 int *errorp, int delay)
616 struct in6_multi_mship *imm;
619 imm = malloc(sizeof(*imm), M_IP6MADDR, M_NOWAIT);
625 delay = (delay * MLD_FASTHZ) / hz;
627 error = in6_joingroup(ifp, mcaddr, NULL, &imm->i6mm_maddr, delay);
630 free(imm, M_IP6MADDR);
638 in6_solicited_node_maddr(struct in6_addr *maddr,
639 struct ifnet *ifp, const struct in6_addr *base)
643 bzero(maddr, sizeof(struct in6_addr));
644 maddr->s6_addr32[0] = IPV6_ADDR_INT32_MLL;
645 maddr->s6_addr32[2] = htonl(1);
646 maddr->s6_addr32[3] = base->s6_addr32[3];
647 maddr->s6_addr8[12] = 0xff;
648 if ((error = in6_setscope(maddr, ifp, NULL)) != 0) {
649 /* XXX: should not happen */
650 log(LOG_ERR, "%s: in6_setscope failed\n", __func__);
657 * Join necessary multicast groups. Factored out from in6_update_ifa().
658 * This entire work should only be done once, for the default FIB.
661 in6_update_ifa_join_mc(struct ifnet *ifp, struct in6_aliasreq *ifra,
662 struct in6_ifaddr *ia, int flags, struct in6_multi **in6m_sol)
664 char ip6buf[INET6_ADDRSTRLEN];
665 struct in6_addr mltaddr;
666 struct in6_multi_mship *imm;
669 KASSERT(in6m_sol != NULL, ("%s: in6m_sol is NULL", __func__));
671 /* Join solicited multicast addr for new host id. */
672 if ((error = in6_solicited_node_maddr(&mltaddr, ifp,
673 &ifra->ifra_addr.sin6_addr)) != 0)
676 if ((flags & IN6_IFAUPDATE_DADDELAY)) {
678 * We need a random delay for DAD on the address being
679 * configured. It also means delaying transmission of the
680 * corresponding MLD report to avoid report collision.
681 * [RFC 4861, Section 6.3.7]
683 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
685 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
687 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
688 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr),
689 if_name(ifp), error));
692 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
693 *in6m_sol = imm->i6mm_maddr;
696 * Join link-local all-nodes address.
698 mltaddr = in6addr_linklocal_allnodes;
699 if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0)
700 goto cleanup; /* XXX: should not fail */
702 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0);
704 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
705 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf, &mltaddr),
706 if_name(ifp), error));
709 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
712 * Join node information group address.
715 if ((flags & IN6_IFAUPDATE_DADDELAY)) {
717 * The spec does not say anything about delay for this group,
718 * but the same logic should apply.
720 delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz);
722 if (in6_nigroup(ifp, NULL, -1, &mltaddr) == 0) {
724 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
727 "%s: in6_joingroup failed for %s on %s "
728 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
729 &mltaddr), if_name(ifp), error));
730 /* XXX not very fatal, go on... */
732 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
734 if (V_icmp6_nodeinfo_oldmcprefix &&
735 in6_nigroup_oldmcprefix(ifp, NULL, -1, &mltaddr) == 0) {
736 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, delay);
739 "%s: in6_joingroup failed for %s on %s "
740 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
741 &mltaddr), if_name(ifp), error));
742 /* XXX not very fatal, go on... */
744 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
748 * Join interface-local all-nodes address.
749 * (ff01::1%ifN, and ff01::%ifN/32)
751 mltaddr = in6addr_nodelocal_allnodes;
752 if ((error = in6_setscope(&mltaddr, ifp, NULL)) != 0)
753 goto cleanup; /* XXX: should not fail */
755 imm = in6_joingroup_legacy(ifp, &mltaddr, &error, 0);
757 nd6log((LOG_WARNING, "%s: in6_joingroup failed for %s on %s "
758 "(errno=%d)\n", __func__, ip6_sprintf(ip6buf,
759 &mltaddr), if_name(ifp), error));
762 LIST_INSERT_HEAD(&ia->ia6_memberships, imm, i6mm_chain);
769 * Update parameters of an IPv6 interface address.
770 * If necessary, a new entry is created and linked into address chains.
771 * This function is separated from in6_control().
774 in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
775 struct in6_ifaddr *ia, int flags)
777 int error, hostIsNew = 0;
779 if ((error = in6_validate_ifra(ifp, ifra, ia, flags)) != 0)
784 if ((ia = in6_alloc_ifa(ifp, ifra, flags)) == NULL)
788 error = in6_update_ifa_internal(ifp, ifra, ia, hostIsNew, flags);
790 if (hostIsNew != 0) {
791 in6_unlink_ifa(ia, ifp);
792 ifa_free(&ia->ia_ifa);
798 error = in6_broadcast_ifa(ifp, ifra, ia, flags);
804 * Fill in basic IPv6 address request info.
807 in6_prepare_ifra(struct in6_aliasreq *ifra, const struct in6_addr *addr,
808 const struct in6_addr *mask)
811 memset(ifra, 0, sizeof(struct in6_aliasreq));
813 ifra->ifra_addr.sin6_family = AF_INET6;
814 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
816 ifra->ifra_addr.sin6_addr = *addr;
818 ifra->ifra_prefixmask.sin6_family = AF_INET6;
819 ifra->ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
821 ifra->ifra_prefixmask.sin6_addr = *mask;
825 in6_validate_ifra(struct ifnet *ifp, struct in6_aliasreq *ifra,
826 struct in6_ifaddr *ia, int flags)
829 struct sockaddr_in6 dst6;
830 struct in6_addrlifetime *lt;
831 char ip6buf[INET6_ADDRSTRLEN];
833 /* Validate parameters */
834 if (ifp == NULL || ifra == NULL) /* this maybe redundant */
838 * The destination address for a p2p link must have a family
839 * of AF_UNSPEC or AF_INET6.
841 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
842 ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
843 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
844 return (EAFNOSUPPORT);
849 if (ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6) ||
850 ifra->ifra_addr.sin6_family != AF_INET6)
854 * validate ifra_prefixmask. don't check sin6_family, netmask
855 * does not carry fields other than sin6_len.
857 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
860 * Because the IPv6 address architecture is classless, we require
861 * users to specify a (non 0) prefix length (mask) for a new address.
862 * We also require the prefix (when specified) mask is valid, and thus
863 * reject a non-consecutive mask.
865 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
867 if (ifra->ifra_prefixmask.sin6_len != 0) {
868 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
869 (u_char *)&ifra->ifra_prefixmask +
870 ifra->ifra_prefixmask.sin6_len);
875 * In this case, ia must not be NULL. We just use its prefix
878 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
881 * If the destination address on a p2p interface is specified,
882 * and the address is a scoped one, validate/set the scope
885 dst6 = ifra->ifra_dstaddr;
886 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) != 0 &&
887 (dst6.sin6_family == AF_INET6)) {
888 struct in6_addr in6_tmp;
891 in6_tmp = dst6.sin6_addr;
892 if (in6_setscope(&in6_tmp, ifp, &zoneid))
893 return (EINVAL); /* XXX: should be impossible */
895 if (dst6.sin6_scope_id != 0) {
896 if (dst6.sin6_scope_id != zoneid)
898 } else /* user omit to specify the ID. */
899 dst6.sin6_scope_id = zoneid;
901 /* convert into the internal form */
902 if (sa6_embedscope(&dst6, 0))
903 return (EINVAL); /* XXX: should be impossible */
905 /* Modify original ifra_dstaddr to reflect changes */
906 ifra->ifra_dstaddr = dst6;
909 * The destination address can be specified only for a p2p or a
910 * loopback interface. If specified, the corresponding prefix length
913 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
914 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
915 /* XXX: noisy message */
916 nd6log((LOG_INFO, "in6_update_ifa: a destination can "
917 "be specified for a p2p or a loopback IF only\n"));
921 nd6log((LOG_INFO, "in6_update_ifa: prefixlen should "
922 "be 128 when dstaddr is specified\n"));
926 /* lifetime consistency check */
927 lt = &ifra->ifra_lifetime;
928 if (lt->ia6t_pltime > lt->ia6t_vltime)
930 if (lt->ia6t_vltime == 0) {
932 * the following log might be noisy, but this is a typical
933 * configuration mistake or a tool's bug.
936 "in6_update_ifa: valid lifetime is 0 for %s\n",
937 ip6_sprintf(ip6buf, &ifra->ifra_addr.sin6_addr)));
940 return (0); /* there's nothing to do */
943 /* Check prefix mask */
944 if (ia != NULL && ifra->ifra_prefixmask.sin6_len != 0) {
946 * We prohibit changing the prefix length of an existing
948 * + such an operation should be rare in IPv6, and
949 * + the operation would confuse prefix management.
951 if (ia->ia_prefixmask.sin6_len != 0 &&
952 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
953 nd6log((LOG_INFO, "in6_validate_ifa: the prefix length "
954 "of an existing %s address should not be changed\n",
955 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
965 * Allocate a new ifaddr and link it into chains.
967 static struct in6_ifaddr *
968 in6_alloc_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, int flags)
970 struct in6_ifaddr *ia;
973 * When in6_alloc_ifa() is called in a process of a received
974 * RA, it is called under an interrupt context. So, we should
975 * call malloc with M_NOWAIT.
977 ia = (struct in6_ifaddr *)ifa_alloc(sizeof(*ia), M_NOWAIT);
980 LIST_INIT(&ia->ia6_memberships);
981 /* Initialize the address and masks, and put time stamp */
982 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
983 ia->ia_addr.sin6_family = AF_INET6;
984 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
985 /* XXX: Can we assign ,sin6_addr and skip the rest? */
986 ia->ia_addr = ifra->ifra_addr;
987 ia->ia6_createtime = time_uptime;
988 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
990 * Some functions expect that ifa_dstaddr is not
991 * NULL for p2p interfaces.
993 ia->ia_ifa.ifa_dstaddr =
994 (struct sockaddr *)&ia->ia_dstaddr;
996 ia->ia_ifa.ifa_dstaddr = NULL;
999 /* set prefix mask if any */
1000 ia->ia_ifa.ifa_netmask = (struct sockaddr *)&ia->ia_prefixmask;
1001 if (ifra->ifra_prefixmask.sin6_len != 0) {
1002 ia->ia_prefixmask.sin6_family = AF_INET6;
1003 ia->ia_prefixmask.sin6_len = ifra->ifra_prefixmask.sin6_len;
1004 ia->ia_prefixmask.sin6_addr = ifra->ifra_prefixmask.sin6_addr;
1008 ifa_ref(&ia->ia_ifa); /* if_addrhead */
1010 CK_STAILQ_INSERT_TAIL(&ifp->if_addrhead, &ia->ia_ifa, ifa_link);
1011 IF_ADDR_WUNLOCK(ifp);
1013 ifa_ref(&ia->ia_ifa); /* in6_ifaddrhead */
1015 CK_STAILQ_INSERT_TAIL(&V_in6_ifaddrhead, ia, ia_link);
1016 CK_LIST_INSERT_HEAD(IN6ADDR_HASH(&ia->ia_addr.sin6_addr), ia, ia6_hash);
1017 IN6_IFADDR_WUNLOCK();
1023 * Update/configure interface address parameters:
1025 * 1) Update lifetime
1026 * 2) Update interface metric ad flags
1027 * 3) Notify other subsystems
1030 in6_update_ifa_internal(struct ifnet *ifp, struct in6_aliasreq *ifra,
1031 struct in6_ifaddr *ia, int hostIsNew, int flags)
1035 /* update timestamp */
1036 ia->ia6_updatetime = time_uptime;
1039 * Set lifetimes. We do not refer to ia6t_expire and ia6t_preferred
1040 * to see if the address is deprecated or invalidated, but initialize
1041 * these members for applications.
1043 ia->ia6_lifetime = ifra->ifra_lifetime;
1044 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1045 ia->ia6_lifetime.ia6t_expire =
1046 time_uptime + ia->ia6_lifetime.ia6t_vltime;
1048 ia->ia6_lifetime.ia6t_expire = 0;
1049 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1050 ia->ia6_lifetime.ia6t_preferred =
1051 time_uptime + ia->ia6_lifetime.ia6t_pltime;
1053 ia->ia6_lifetime.ia6t_preferred = 0;
1056 * backward compatibility - if IN6_IFF_DEPRECATED is set from the
1057 * userland, make it deprecated.
1059 if ((ifra->ifra_flags & IN6_IFF_DEPRECATED) != 0) {
1060 ia->ia6_lifetime.ia6t_pltime = 0;
1061 ia->ia6_lifetime.ia6t_preferred = time_uptime;
1065 * configure address flags.
1067 ia->ia6_flags = ifra->ifra_flags;
1070 * Make the address tentative before joining multicast addresses,
1071 * so that corresponding MLD responses would not have a tentative
1074 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /* safety */
1077 * DAD should be performed for an new address or addresses on
1078 * an interface with ND6_IFF_IFDISABLED.
1080 if (in6if_do_dad(ifp) &&
1081 (hostIsNew || (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)))
1082 ia->ia6_flags |= IN6_IFF_TENTATIVE;
1084 /* notify other subsystems */
1085 error = in6_notify_ifa(ifp, ia, ifra, hostIsNew);
1091 * Do link-level ifa job:
1092 * 1) Add lle entry for added address
1093 * 2) Notifies routing socket users about new address
1094 * 3) join appropriate multicast group
1095 * 4) start DAD if enabled
1098 in6_broadcast_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra,
1099 struct in6_ifaddr *ia, int flags)
1101 struct in6_multi *in6m_sol;
1104 /* Add local address to lltable, if necessary (ex. on p2p link). */
1105 if ((error = nd6_add_ifa_lle(ia)) != 0) {
1106 in6_purgeaddr(&ia->ia_ifa);
1107 ifa_free(&ia->ia_ifa);
1111 /* Join necessary multicast groups. */
1113 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
1114 error = in6_update_ifa_join_mc(ifp, ifra, ia, flags, &in6m_sol);
1116 in6_purgeaddr(&ia->ia_ifa);
1117 ifa_free(&ia->ia_ifa);
1122 /* Perform DAD, if the address is TENTATIVE. */
1123 if ((ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1124 int delay, mindelay, maxdelay;
1127 if ((flags & IN6_IFAUPDATE_DADDELAY)) {
1129 * We need to impose a delay before sending an NS
1130 * for DAD. Check if we also needed a delay for the
1131 * corresponding MLD message. If we did, the delay
1132 * should be larger than the MLD delay (this could be
1133 * relaxed a bit, but this simple logic is at least
1135 * XXX: Break data hiding guidelines and look at
1136 * state for the solicited multicast group.
1139 if (in6m_sol != NULL &&
1140 in6m_sol->in6m_state == MLD_REPORTING_MEMBER) {
1141 mindelay = in6m_sol->in6m_timer;
1143 maxdelay = MAX_RTR_SOLICITATION_DELAY * hz;
1144 if (maxdelay - mindelay == 0)
1148 (arc4random() % (maxdelay - mindelay)) +
1152 nd6_dad_start((struct ifaddr *)ia, delay);
1155 in6_newaddrmsg(ia, RTM_ADD);
1156 ifa_free(&ia->ia_ifa);
1161 * Adds or deletes interface route for p2p ifa.
1162 * Returns 0 on success or errno.
1165 in6_handle_dstaddr_rtrequest(int cmd, struct in6_ifaddr *ia)
1167 struct epoch_tracker et;
1168 struct ifaddr *ifa = &ia->ia_ifa;
1171 /* Prepare gateway */
1172 struct sockaddr_dl_short sdl = {
1173 .sdl_family = AF_LINK,
1174 .sdl_len = sizeof(struct sockaddr_dl_short),
1175 .sdl_type = ifa->ifa_ifp->if_type,
1176 .sdl_index = ifa->ifa_ifp->if_index,
1179 struct sockaddr_in6 dst = {
1180 .sin6_family = AF_INET6,
1181 .sin6_len = sizeof(struct sockaddr_in6),
1182 .sin6_addr = ia->ia_dstaddr.sin6_addr,
1185 struct rt_addrinfo info = {
1187 .rti_ifp = ifa->ifa_ifp,
1188 .rti_flags = RTF_PINNED | RTF_HOST,
1190 [RTAX_DST] = (struct sockaddr *)&dst,
1191 [RTAX_GATEWAY] = (struct sockaddr *)&sdl,
1194 /* Don't set additional per-gw filters on removal */
1196 NET_EPOCH_ENTER(et);
1197 error = rib_handle_ifaddr_info(ifa->ifa_ifp->if_fib, cmd, &info);
1204 ifa_is_p2p(struct in6_ifaddr *ia)
1208 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1210 if ((plen == 128) && (ia->ia_dstaddr.sin6_family == AF_INET6) &&
1211 !IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &ia->ia_dstaddr.sin6_addr))
1218 in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *ia)
1220 struct nd_prefixctl pr0;
1221 struct nd_prefix *pr;
1222 int carp_attached = 0;
1226 * first, make or update the interface address structure,
1227 * and link it to the list.
1229 if ((error = in6_update_ifa(ifp, ifra, ia, 0)) != 0)
1232 if (ia->ia_ifa.ifa_carp)
1233 (*carp_detach_p)(&ia->ia_ifa, true);
1234 ifa_free(&ia->ia_ifa);
1236 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr)) == NULL) {
1238 * this can happen when the user specify the 0 valid
1244 if (ifra->ifra_vhid > 0) {
1245 if (carp_attach_p != NULL)
1246 error = (*carp_attach_p)(&ia->ia_ifa,
1249 error = EPROTONOSUPPORT;
1257 * then, make the prefix on-link on the interface.
1258 * XXX: we'd rather create the prefix before the address, but
1259 * we need at least one address to install the corresponding
1260 * interface route, so we configure the address first.
1264 * convert mask to prefix length (prefixmask has already
1265 * been validated in in6_update_ifa().
1267 bzero(&pr0, sizeof(pr0));
1269 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
1271 if (pr0.ndpr_plen == 128) {
1272 /* we don't need to install a host route. */
1275 pr0.ndpr_prefix = ifra->ifra_addr;
1276 /* apply the mask for safety. */
1277 IN6_MASK_ADDR(&pr0.ndpr_prefix.sin6_addr,
1278 &ifra->ifra_prefixmask.sin6_addr);
1281 * XXX: since we don't have an API to set prefix (not address)
1282 * lifetimes, we just use the same lifetimes as addresses.
1283 * The (temporarily) installed lifetimes can be overridden by
1284 * later advertised RAs (when accept_rtadv is non 0), which is
1285 * an intended behavior.
1287 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
1289 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
1290 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
1291 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
1293 /* add the prefix if not yet. */
1294 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
1296 * nd6_prelist_add will install the corresponding
1299 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0) {
1301 (*carp_detach_p)(&ia->ia_ifa, false);
1306 /* relate the address to the prefix */
1307 if (ia->ia6_ndpr == NULL) {
1312 * If this is the first autoconf address from the
1313 * prefix, create a temporary address as well
1316 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) &&
1317 V_ip6_use_tempaddr && pr->ndpr_addrcnt == 1) {
1319 if ((e = in6_tmpifadd(ia, 1, 0)) != 0) {
1320 log(LOG_NOTICE, "in6_control: failed "
1321 "to create a temporary address, "
1326 nd6_prefix_rele(pr);
1329 * this might affect the status of autoconfigured addresses,
1330 * that is, this address might make other addresses detached.
1332 pfxlist_onlink_check();
1336 * Try to clear the flag when a new IPv6 address is added
1337 * onto an IFDISABLED interface and it succeeds.
1339 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
1340 struct in6_ndireq nd;
1342 memset(&nd, 0, sizeof(nd));
1343 nd.ndi.flags = ND_IFINFO(ifp)->flags;
1344 nd.ndi.flags &= ~ND6_IFF_IFDISABLED;
1345 if (nd6_ioctl(SIOCSIFINFO_FLAGS, (caddr_t)&nd, ifp) < 0)
1346 log(LOG_NOTICE, "SIOCAIFADDR_IN6: "
1347 "SIOCSIFINFO_FLAGS for -ifdisabled "
1350 * Ignore failure of clearing the flag intentionally.
1351 * The failure means address duplication was detected.
1358 ifa_free(&ia->ia_ifa);
1363 in6_purgeaddr(struct ifaddr *ifa)
1365 struct ifnet *ifp = ifa->ifa_ifp;
1366 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
1367 struct in6_multi_mship *imm;
1371 (*carp_detach_p)(ifa, false);
1374 * Remove the loopback route to the interface address.
1375 * The check for the current setting of "nd6_useloopback"
1378 if (ia->ia_flags & IFA_RTSELF) {
1379 error = ifa_del_loopback_route((struct ifaddr *)ia,
1380 (struct sockaddr *)&ia->ia_addr);
1382 ia->ia_flags &= ~IFA_RTSELF;
1385 /* stop DAD processing */
1388 /* Leave multicast groups. */
1389 while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) {
1390 LIST_REMOVE(imm, i6mm_chain);
1391 if (imm->i6mm_maddr != NULL)
1392 in6_leavegroup(imm->i6mm_maddr, NULL);
1393 free(imm, M_IP6MADDR);
1395 /* Check if we need to remove p2p route */
1396 if ((ia->ia_flags & IFA_ROUTE) && ifa_is_p2p(ia)) {
1397 error = in6_handle_dstaddr_rtrequest(RTM_DELETE, ia);
1399 log(LOG_INFO, "%s: err=%d, destination address delete "
1400 "failed\n", __func__, error);
1401 ia->ia_flags &= ~IFA_ROUTE;
1404 in6_newaddrmsg(ia, RTM_DELETE);
1405 in6_unlink_ifa(ia, ifp);
1409 * Removes @ia from the corresponding interfaces and unlinks corresponding
1410 * prefix if no addresses are using it anymore.
1413 in6_purgeifaddr(struct in6_ifaddr *ia)
1415 struct nd_prefix *pr;
1418 * If the address being deleted is the only one that owns
1419 * the corresponding prefix, expire the prefix as well.
1420 * XXX: theoretically, we don't have to worry about such
1421 * relationship, since we separate the address management
1422 * and the prefix management. We do this, however, to provide
1423 * as much backward compatibility as possible in terms of
1424 * the ioctl operation.
1425 * Note that in6_purgeaddr() will decrement ndpr_addrcnt.
1428 in6_purgeaddr(&ia->ia_ifa);
1429 if (pr != NULL && pr->ndpr_addrcnt == 0) {
1431 nd6_prefix_unlink(pr, NULL);
1439 in6_unlink_ifa(struct in6_ifaddr *ia, struct ifnet *ifp)
1441 char ip6buf[INET6_ADDRSTRLEN];
1445 CK_STAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifaddr, ifa_link);
1446 IF_ADDR_WUNLOCK(ifp);
1447 ifa_free(&ia->ia_ifa); /* if_addrhead */
1450 * Defer the release of what might be the last reference to the
1451 * in6_ifaddr so that it can't be freed before the remainder of the
1455 CK_STAILQ_REMOVE(&V_in6_ifaddrhead, ia, in6_ifaddr, ia_link);
1456 CK_LIST_REMOVE(ia, ia6_hash);
1457 IN6_IFADDR_WUNLOCK();
1460 * Release the reference to the base prefix. There should be a
1461 * positive reference.
1464 if (ia->ia6_ndpr == NULL) {
1466 "in6_unlink_ifa: autoconf'ed address "
1467 "%s has no prefix\n", ip6_sprintf(ip6buf, IA6_IN6(ia))));
1469 ia->ia6_ndpr->ndpr_addrcnt--;
1470 /* Do not delete lles within prefix if refcont != 0 */
1471 if (ia->ia6_ndpr->ndpr_addrcnt == 0)
1473 ia->ia6_ndpr = NULL;
1476 nd6_rem_ifa_lle(ia, remove_lle);
1479 * Also, if the address being removed is autoconf'ed, call
1480 * pfxlist_onlink_check() since the release might affect the status of
1481 * other (detached) addresses.
1483 if ((ia->ia6_flags & IN6_IFF_AUTOCONF)) {
1484 pfxlist_onlink_check();
1486 ifa_free(&ia->ia_ifa); /* in6_ifaddrhead */
1490 * Notifies other subsystems about address change/arrival:
1491 * 1) Notifies device handler on the first IPv6 address assignment
1492 * 2) Handle routing table changes for P2P links and route
1493 * 3) Handle routing table changes for address host route
1496 in6_notify_ifa(struct ifnet *ifp, struct in6_ifaddr *ia,
1497 struct in6_aliasreq *ifra, int hostIsNew)
1499 int error = 0, ifacount = 0;
1501 struct sockaddr_in6 *pdst;
1502 char ip6buf[INET6_ADDRSTRLEN];
1505 * Give the interface a chance to initialize
1506 * if this is its first address,
1508 if (hostIsNew != 0) {
1509 struct epoch_tracker et;
1511 NET_EPOCH_ENTER(et);
1512 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1513 if (ifa->ifa_addr->sa_family != AF_INET6)
1520 if (ifacount <= 1 && ifp->if_ioctl) {
1521 error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia);
1527 * If a new destination address is specified, scrub the old one and
1528 * install the new destination. Note that the interface must be
1531 pdst = &ifra->ifra_dstaddr;
1532 if (pdst->sin6_family == AF_INET6 &&
1533 !IN6_ARE_ADDR_EQUAL(&pdst->sin6_addr, &ia->ia_dstaddr.sin6_addr)) {
1534 if ((ia->ia_flags & IFA_ROUTE) != 0 &&
1535 (in6_handle_dstaddr_rtrequest(RTM_DELETE, ia) != 0)) {
1536 nd6log((LOG_ERR, "in6_update_ifa_internal: failed to "
1537 "remove a route to the old destination: %s\n",
1538 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1539 /* proceed anyway... */
1541 ia->ia_flags &= ~IFA_ROUTE;
1542 ia->ia_dstaddr = *pdst;
1546 * If a new destination address is specified for a point-to-point
1547 * interface, install a route to the destination as an interface
1549 * XXX: the logic below rejects assigning multiple addresses on a p2p
1550 * interface that share the same destination.
1552 if (!(ia->ia_flags & IFA_ROUTE) && ifa_is_p2p(ia)) {
1553 error = in6_handle_dstaddr_rtrequest(RTM_ADD, ia);
1556 ia->ia_flags |= IFA_ROUTE;
1560 * add a loopback route to self if not exists
1562 if (!(ia->ia_flags & IFA_RTSELF) && V_nd6_useloopback) {
1563 error = ifa_add_loopback_route((struct ifaddr *)ia,
1564 (struct sockaddr *)&ia->ia_addr);
1566 ia->ia_flags |= IFA_RTSELF;
1569 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1570 "Invoking IPv6 network device address event may sleep");
1572 ifa_ref(&ia->ia_ifa);
1573 EVENTHANDLER_INVOKE(ifaddr_event_ext, ifp, &ia->ia_ifa,
1575 ifa_free(&ia->ia_ifa);
1581 * Find an IPv6 interface link-local address specific to an interface.
1582 * ifaddr is returned referenced.
1585 in6ifa_ifpforlinklocal(struct ifnet *ifp, int ignoreflags)
1591 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1592 if (ifa->ifa_addr->sa_family != AF_INET6)
1594 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1595 if ((((struct in6_ifaddr *)ifa)->ia6_flags &
1603 return ((struct in6_ifaddr *)ifa);
1607 * find the interface address corresponding to a given IPv6 address.
1608 * ifaddr is returned referenced if @referenced flag is set.
1611 in6ifa_ifwithaddr(const struct in6_addr *addr, uint32_t zoneid, bool referenced)
1613 struct rm_priotracker in6_ifa_tracker;
1614 struct in6_ifaddr *ia;
1616 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1617 CK_LIST_FOREACH(ia, IN6ADDR_HASH(addr), ia6_hash) {
1618 if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), addr)) {
1620 zoneid != ia->ia_addr.sin6_scope_id)
1623 ifa_ref(&ia->ia_ifa);
1627 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1632 * find the internet address corresponding to a given interface and address.
1633 * ifaddr is returned referenced.
1636 in6ifa_ifpwithaddr(struct ifnet *ifp, const struct in6_addr *addr)
1638 struct epoch_tracker et;
1641 NET_EPOCH_ENTER(et);
1642 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1643 if (ifa->ifa_addr->sa_family != AF_INET6)
1645 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa))) {
1652 return ((struct in6_ifaddr *)ifa);
1656 * Find a link-local scoped address on ifp and return it if any.
1659 in6ifa_llaonifp(struct ifnet *ifp)
1661 struct epoch_tracker et;
1662 struct sockaddr_in6 *sin6;
1665 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)
1667 NET_EPOCH_ENTER(et);
1668 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1669 if (ifa->ifa_addr->sa_family != AF_INET6)
1671 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
1672 if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
1673 IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr) ||
1674 IN6_IS_ADDR_MC_NODELOCAL(&sin6->sin6_addr))
1679 return ((struct in6_ifaddr *)ifa);
1683 * Convert IP6 address to printable (loggable) representation. Caller
1684 * has to make sure that ip6buf is at least INET6_ADDRSTRLEN long.
1686 static char digits[] = "0123456789abcdef";
1688 ip6_sprintf(char *ip6buf, const struct in6_addr *addr)
1690 int i, cnt = 0, maxcnt = 0, idx = 0, index = 0;
1692 const u_int16_t *a = (const u_int16_t *)addr;
1694 int dcolon = 0, zero = 0;
1698 for (i = 0; i < 8; i++) {
1699 if (*(a + i) == 0) {
1704 else if (maxcnt < cnt) {
1715 for (i = 0; i < 8; i++) {
1726 if (dcolon == 0 && *(a + 1) == 0 && i == index) {
1738 d = (const u_char *)a;
1739 /* Try to eliminate leading zeros in printout like in :0001. */
1741 *cp = digits[*d >> 4];
1746 *cp = digits[*d++ & 0xf];
1747 if (zero == 0 || (*cp != '0')) {
1751 *cp = digits[*d >> 4];
1752 if (zero == 0 || (*cp != '0')) {
1756 *cp++ = digits[*d & 0xf];
1765 in6_localaddr(struct in6_addr *in6)
1767 struct rm_priotracker in6_ifa_tracker;
1768 struct in6_ifaddr *ia;
1770 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
1773 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1774 CK_STAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
1775 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
1776 &ia->ia_prefixmask.sin6_addr)) {
1777 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1781 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1787 * Return 1 if an internet address is for the local host and configured
1788 * on one of its interfaces.
1791 in6_localip(struct in6_addr *in6)
1793 struct rm_priotracker in6_ifa_tracker;
1794 struct in6_ifaddr *ia;
1796 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1797 CK_LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) {
1798 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr)) {
1799 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1803 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1808 * Like in6_localip(), but FIB-aware.
1811 in6_localip_fib(struct in6_addr *in6, uint16_t fib)
1813 struct rm_priotracker in6_ifa_tracker;
1814 struct in6_ifaddr *ia;
1816 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1817 CK_LIST_FOREACH(ia, IN6ADDR_HASH(in6), ia6_hash) {
1818 if (IN6_ARE_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr) &&
1819 ia->ia_ifa.ifa_ifp->if_fib == fib) {
1820 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1824 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1829 * Return 1 if an internet address is configured on an interface.
1832 in6_ifhasaddr(struct ifnet *ifp, struct in6_addr *addr)
1834 struct in6_addr in6;
1836 struct in6_ifaddr *ia6;
1841 if (in6_clearscope(&in6))
1843 in6_setscope(&in6, ifp, NULL);
1845 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1846 if (ifa->ifa_addr->sa_family != AF_INET6)
1848 ia6 = (struct in6_ifaddr *)ifa;
1849 if (IN6_ARE_ADDR_EQUAL(&ia6->ia_addr.sin6_addr, &in6))
1857 in6_is_addr_deprecated(struct sockaddr_in6 *sa6)
1859 struct rm_priotracker in6_ifa_tracker;
1860 struct in6_ifaddr *ia;
1862 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1863 CK_LIST_FOREACH(ia, IN6ADDR_HASH(&sa6->sin6_addr), ia6_hash) {
1864 if (IN6_ARE_ADDR_EQUAL(IA6_IN6(ia), &sa6->sin6_addr)) {
1865 if (ia->ia6_flags & IN6_IFF_DEPRECATED) {
1866 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1867 return (1); /* true */
1872 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1874 return (0); /* false */
1878 * return length of part which dst and src are equal
1882 in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
1885 u_char *s = (u_char *)src, *d = (u_char *)dst;
1886 u_char *lim = s + 16, r;
1889 if ((r = (*d++ ^ *s++)) != 0) {
1900 /* XXX: to be scope conscious */
1902 in6_are_prefix_equal(struct in6_addr *p1, struct in6_addr *p2, int len)
1904 int bytelen, bitlen;
1907 if (0 > len || len > 128) {
1908 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n",
1916 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
1919 p1->s6_addr[bytelen] >> (8 - bitlen) !=
1920 p2->s6_addr[bytelen] >> (8 - bitlen))
1927 in6_prefixlen2mask(struct in6_addr *maskp, int len)
1929 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
1930 int bytelen, bitlen, i;
1933 if (0 > len || len > 128) {
1934 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
1939 bzero(maskp, sizeof(*maskp));
1942 for (i = 0; i < bytelen; i++)
1943 maskp->s6_addr[i] = 0xff;
1945 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
1949 * return the best address out of the same scope. if no address was
1950 * found, return the first valid address from designated IF.
1953 in6_ifawithifp(struct ifnet *ifp, struct in6_addr *dst)
1955 int dst_scope = in6_addrscope(dst), blen = -1, tlen;
1957 struct in6_ifaddr *besta = NULL;
1958 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
1962 dep[0] = dep[1] = NULL;
1965 * We first look for addresses in the same scope.
1966 * If there is one, return it.
1967 * If two or more, return one which matches the dst longest.
1968 * If none, return one of global addresses assigned other ifs.
1970 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1971 if (ifa->ifa_addr->sa_family != AF_INET6)
1973 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
1974 continue; /* XXX: is there any case to allow anycast? */
1975 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
1976 continue; /* don't use this interface */
1977 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
1979 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
1980 if (V_ip6_use_deprecated)
1981 dep[0] = (struct in6_ifaddr *)ifa;
1985 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
1987 * call in6_matchlen() as few as possible
1991 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst);
1992 tlen = in6_matchlen(IFA_IN6(ifa), dst);
1995 besta = (struct in6_ifaddr *)ifa;
1998 besta = (struct in6_ifaddr *)ifa;
2004 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2005 if (ifa->ifa_addr->sa_family != AF_INET6)
2007 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
2008 continue; /* XXX: is there any case to allow anycast? */
2009 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
2010 continue; /* don't use this interface */
2011 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
2013 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
2014 if (V_ip6_use_deprecated)
2015 dep[1] = (struct in6_ifaddr *)ifa;
2019 return (struct in6_ifaddr *)ifa;
2022 /* use the last-resort values, that are, deprecated addresses */
2032 * perform DAD when interface becomes IFF_UP.
2035 in6_if_up(struct ifnet *ifp)
2037 struct epoch_tracker et;
2039 struct in6_ifaddr *ia;
2041 NET_EPOCH_ENTER(et);
2042 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2043 if (ifa->ifa_addr->sa_family != AF_INET6)
2045 ia = (struct in6_ifaddr *)ifa;
2046 if (ia->ia6_flags & IN6_IFF_TENTATIVE) {
2048 * The TENTATIVE flag was likely set by hand
2049 * beforehand, implicitly indicating the need for DAD.
2050 * We may be able to skip the random delay in this
2051 * case, but we impose delays just in case.
2054 arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz));
2060 * special cases, like 6to4, are handled in in6_ifattach
2062 in6_ifattach(ifp, NULL);
2066 in6_ifevent(void *arg __unused, struct ifnet *ifp, int event)
2068 if (event == IFNET_EVENT_UP)
2073 in6_init(void *arg __unused)
2075 EVENTHANDLER_REGISTER(ifnet_event, in6_ifevent, NULL, EVENTHANDLER_PRI_ANY);
2077 SYSINIT(in6_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, in6_init, NULL);
2080 in6if_do_dad(struct ifnet *ifp)
2083 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
2085 if ((ifp->if_flags & IFF_MULTICAST) == 0)
2087 if ((ND_IFINFO(ifp)->flags &
2088 (ND6_IFF_IFDISABLED | ND6_IFF_NO_DAD)) != 0)
2094 * Calculate max IPv6 MTU through all the interfaces and store it
2100 struct epoch_tracker et;
2101 unsigned long maxmtu = 0;
2104 NET_EPOCH_ENTER(et);
2105 CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) {
2106 /* this function can be called during ifnet initialization */
2107 if (!ifp->if_afdata[AF_INET6])
2109 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
2110 IN6_LINKMTU(ifp) > maxmtu)
2111 maxmtu = IN6_LINKMTU(ifp);
2114 if (maxmtu) /* update only when maxmtu is positive */
2115 V_in6_maxmtu = maxmtu;
2119 * Provide the length of interface identifiers to be used for the link attached
2120 * to the given interface. The length should be defined in "IPv6 over
2121 * xxx-link" document. Note that address architecture might also define
2122 * the length for a particular set of address prefixes, regardless of the
2123 * link type. As clarified in rfc2462bis, those two definitions should be
2124 * consistent, and those really are as of August 2004.
2127 in6_if2idlen(struct ifnet *ifp)
2129 switch (ifp->if_type) {
2130 case IFT_ETHER: /* RFC2464 */
2131 case IFT_PROPVIRTUAL: /* XXX: no RFC. treat it as ether */
2132 case IFT_L2VLAN: /* ditto */
2133 case IFT_BRIDGE: /* bridge(4) only does Ethernet-like links */
2134 case IFT_INFINIBAND:
2136 case IFT_PPP: /* RFC2472 */
2138 case IFT_FRELAY: /* RFC2590 */
2140 case IFT_IEEE1394: /* RFC3146 */
2143 return (64); /* draft-ietf-v6ops-mech-v2-07 */
2145 return (64); /* XXX: is this really correct? */
2148 * Unknown link type:
2149 * It might be controversial to use the today's common constant
2150 * of 64 for these cases unconditionally. For full compliance,
2151 * we should return an error in this case. On the other hand,
2152 * if we simply miss the standard for the link type or a new
2153 * standard is defined for a new link type, the IFID length
2154 * is very likely to be the common constant. As a compromise,
2155 * we always use the constant, but make an explicit notice
2156 * indicating the "unknown" case.
2158 printf("in6_if2idlen: unknown link type (%d)\n", ifp->if_type);
2163 struct in6_llentry {
2164 struct llentry base;
2167 #define IN6_LLTBL_DEFAULT_HSIZE 32
2168 #define IN6_LLTBL_HASH(k, h) \
2169 (((((((k >> 8) ^ k) >> 8) ^ k) >> 8) ^ k) & ((h) - 1))
2172 * Do actual deallocation of @lle.
2175 in6_lltable_destroy_lle_unlocked(epoch_context_t ctx)
2177 struct llentry *lle;
2179 lle = __containerof(ctx, struct llentry, lle_epoch_ctx);
2180 LLE_LOCK_DESTROY(lle);
2181 LLE_REQ_DESTROY(lle);
2182 free(lle, M_LLTABLE);
2186 * Called by LLE_FREE_LOCKED when number of references
2190 in6_lltable_destroy_lle(struct llentry *lle)
2194 NET_EPOCH_CALL(in6_lltable_destroy_lle_unlocked, &lle->lle_epoch_ctx);
2197 static struct llentry *
2198 in6_lltable_new(const struct in6_addr *addr6, u_int flags)
2200 struct in6_llentry *lle;
2202 lle = malloc(sizeof(struct in6_llentry), M_LLTABLE, M_NOWAIT | M_ZERO);
2203 if (lle == NULL) /* NB: caller generates msg */
2206 lle->base.r_l3addr.addr6 = *addr6;
2207 lle->base.lle_refcnt = 1;
2208 lle->base.lle_free = in6_lltable_destroy_lle;
2209 LLE_LOCK_INIT(&lle->base);
2210 LLE_REQ_INIT(&lle->base);
2211 callout_init(&lle->base.lle_timer, 1);
2213 return (&lle->base);
2217 in6_lltable_match_prefix(const struct sockaddr *saddr,
2218 const struct sockaddr *smask, u_int flags, struct llentry *lle)
2220 const struct in6_addr *addr, *mask, *lle_addr;
2222 addr = &((const struct sockaddr_in6 *)saddr)->sin6_addr;
2223 mask = &((const struct sockaddr_in6 *)smask)->sin6_addr;
2224 lle_addr = &lle->r_l3addr.addr6;
2226 if (IN6_ARE_MASKED_ADDR_EQUAL(lle_addr, addr, mask) == 0)
2229 if (lle->la_flags & LLE_IFADDR) {
2231 * Delete LLE_IFADDR records IFF address & flag matches.
2232 * Note that addr is the interface address within prefix
2235 if (IN6_ARE_ADDR_EQUAL(addr, lle_addr) &&
2236 (flags & LLE_STATIC) != 0)
2241 /* flags & LLE_STATIC means deleting both dynamic and static entries */
2242 if ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))
2249 in6_lltable_free_entry(struct lltable *llt, struct llentry *lle)
2251 struct ifnet *ifp __diagused;
2253 LLE_WLOCK_ASSERT(lle);
2254 KASSERT(llt != NULL, ("lltable is NULL"));
2256 /* Unlink entry from table */
2257 if ((lle->la_flags & LLE_LINKED) != 0) {
2259 IF_AFDATA_WLOCK_ASSERT(ifp);
2260 lltable_unlink_entry(llt, lle);
2267 in6_lltable_rtcheck(struct ifnet *ifp,
2269 const struct sockaddr *l3addr)
2271 const struct sockaddr_in6 *sin6;
2272 struct nhop_object *nh;
2273 struct in6_addr dst;
2275 char ip6buf[INET6_ADDRSTRLEN];
2279 KASSERT(l3addr->sa_family == AF_INET6,
2280 ("sin_family %d", l3addr->sa_family));
2282 sin6 = (const struct sockaddr_in6 *)l3addr;
2283 in6_splitscope(&sin6->sin6_addr, &dst, &scopeid);
2284 fibnum = V_rt_add_addr_allfibs ? RT_DEFAULT_FIB : ifp->if_fib;
2285 nh = fib6_lookup(fibnum, &dst, scopeid, NHR_NONE, 0);
2286 if (nh && ((nh->nh_flags & NHF_GATEWAY) || nh->nh_ifp != ifp)) {
2289 * Create an ND6 cache for an IPv6 neighbor
2290 * that is not covered by our own prefix.
2292 ifa = ifaof_ifpforaddr(l3addr, ifp);
2296 log(LOG_INFO, "IPv6 address: \"%s\" is not on the network\n",
2297 ip6_sprintf(ip6buf, &sin6->sin6_addr));
2303 static inline uint32_t
2304 in6_lltable_hash_dst(const struct in6_addr *dst, uint32_t hsize)
2307 return (IN6_LLTBL_HASH(dst->s6_addr32[3], hsize));
2311 in6_lltable_hash(const struct llentry *lle, uint32_t hsize)
2314 return (in6_lltable_hash_dst(&lle->r_l3addr.addr6, hsize));
2318 in6_lltable_fill_sa_entry(const struct llentry *lle, struct sockaddr *sa)
2320 struct sockaddr_in6 *sin6;
2322 sin6 = (struct sockaddr_in6 *)sa;
2323 bzero(sin6, sizeof(*sin6));
2324 sin6->sin6_family = AF_INET6;
2325 sin6->sin6_len = sizeof(*sin6);
2326 sin6->sin6_addr = lle->r_l3addr.addr6;
2329 static inline struct llentry *
2330 in6_lltable_find_dst(struct lltable *llt, const struct in6_addr *dst)
2332 struct llentry *lle;
2333 struct llentries *lleh;
2336 hashidx = in6_lltable_hash_dst(dst, llt->llt_hsize);
2337 lleh = &llt->lle_head[hashidx];
2338 CK_LIST_FOREACH(lle, lleh, lle_next) {
2339 if (lle->la_flags & LLE_DELETED)
2341 if (IN6_ARE_ADDR_EQUAL(&lle->r_l3addr.addr6, dst))
2349 in6_lltable_delete_entry(struct lltable *llt, struct llentry *lle)
2352 lle->la_flags |= LLE_DELETED;
2354 /* Leave the solicited multicast group. */
2355 if ((lle->la_flags & LLE_PUB) != 0)
2356 in6_leave_proxy_ndp_mc(llt->llt_ifp, &lle->r_l3addr.addr6);
2357 EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_DELETED);
2359 log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle);
2364 static struct llentry *
2365 in6_lltable_alloc(struct lltable *llt, u_int flags,
2366 const struct sockaddr *l3addr)
2368 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr;
2369 struct ifnet *ifp = llt->llt_ifp;
2370 struct llentry *lle;
2371 char linkhdr[LLE_MAX_LINKHDR];
2375 KASSERT(l3addr->sa_family == AF_INET6,
2376 ("sin_family %d", l3addr->sa_family));
2379 * A route that covers the given address must have
2380 * been installed 1st because we are doing a resolution,
2383 if (!(flags & LLE_IFADDR) &&
2384 in6_lltable_rtcheck(ifp, flags, l3addr) != 0)
2387 lle = in6_lltable_new(&sin6->sin6_addr, flags);
2389 log(LOG_INFO, "lla_lookup: new lle malloc failed\n");
2392 lle->la_flags = flags;
2393 if ((flags & LLE_IFADDR) == LLE_IFADDR) {
2394 linkhdrsize = LLE_MAX_LINKHDR;
2395 if (lltable_calc_llheader(ifp, AF_INET6, IF_LLADDR(ifp),
2396 linkhdr, &linkhdrsize, &lladdr_off) != 0) {
2397 in6_lltable_free_entry(llt, lle);
2400 lltable_set_entry_addr(ifp, lle, linkhdr, linkhdrsize,
2402 lle->la_flags |= LLE_STATIC;
2405 if ((lle->la_flags & LLE_STATIC) != 0)
2406 lle->ln_state = ND6_LLINFO_REACHABLE;
2411 static struct llentry *
2412 in6_lltable_lookup(struct lltable *llt, u_int flags,
2413 const struct sockaddr *l3addr)
2415 const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)l3addr;
2416 int family = flags >> 16;
2417 struct llentry *lle;
2419 IF_AFDATA_LOCK_ASSERT(llt->llt_ifp);
2420 KASSERT(l3addr->sa_family == AF_INET6,
2421 ("sin_family %d", l3addr->sa_family));
2422 KASSERT((flags & (LLE_UNLOCKED | LLE_EXCLUSIVE)) !=
2423 (LLE_UNLOCKED | LLE_EXCLUSIVE),
2424 ("wrong lle request flags: %#x", flags));
2426 lle = in6_lltable_find_dst(llt, &sin6->sin6_addr);
2428 if (__predict_false(family != AF_INET6))
2429 lle = llentry_lookup_family(lle, family);
2434 if (flags & LLE_UNLOCKED)
2437 if (flags & LLE_EXCLUSIVE)
2443 * If the afdata lock is not held, the LLE may have been unlinked while
2444 * we were blocked on the LLE lock. Check for this case.
2446 if (__predict_false((lle->la_flags & LLE_LINKED) == 0)) {
2447 if (flags & LLE_EXCLUSIVE)
2457 in6_lltable_dump_entry(struct lltable *llt, struct llentry *lle,
2458 struct sysctl_req *wr)
2460 struct ifnet *ifp = llt->llt_ifp;
2463 struct rt_msghdr rtm;
2464 struct sockaddr_in6 sin6;
2466 * ndp.c assumes that sdl is word aligned
2471 struct sockaddr_dl sdl;
2473 struct sockaddr_dl *sdl;
2476 bzero(&ndpc, sizeof(ndpc));
2477 /* skip deleted entries */
2478 if ((lle->la_flags & LLE_DELETED) == LLE_DELETED)
2480 /* Skip if jailed and not a valid IP of the prison. */
2481 lltable_fill_sa_entry(lle, (struct sockaddr *)&ndpc.sin6);
2482 if (prison_if(wr->td->td_ucred, (struct sockaddr *)&ndpc.sin6) != 0)
2485 * produce a msg made of:
2487 * struct sockaddr_in6 (IPv6)
2488 * struct sockaddr_dl;
2490 ndpc.rtm.rtm_msglen = sizeof(ndpc);
2491 ndpc.rtm.rtm_version = RTM_VERSION;
2492 ndpc.rtm.rtm_type = RTM_GET;
2493 ndpc.rtm.rtm_flags = RTF_UP;
2494 ndpc.rtm.rtm_addrs = RTA_DST | RTA_GATEWAY;
2495 sa6_recoverscope(&ndpc.sin6);
2498 if (lle->la_flags & LLE_PUB)
2499 ndpc.rtm.rtm_flags |= RTF_ANNOUNCE;
2502 sdl->sdl_family = AF_LINK;
2503 sdl->sdl_len = sizeof(*sdl);
2504 sdl->sdl_index = ifp->if_index;
2505 sdl->sdl_type = ifp->if_type;
2506 if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
2507 sdl->sdl_alen = ifp->if_addrlen;
2508 bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
2511 bzero(LLADDR(sdl), ifp->if_addrlen);
2513 if (lle->la_expire != 0)
2514 ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire +
2515 lle->lle_remtime / hz + time_second - time_uptime;
2516 ndpc.rtm.rtm_flags |= (RTF_HOST | RTF_LLDATA);
2517 if (lle->la_flags & LLE_STATIC)
2518 ndpc.rtm.rtm_flags |= RTF_STATIC;
2519 if (lle->la_flags & LLE_IFADDR)
2520 ndpc.rtm.rtm_flags |= RTF_PINNED;
2521 if (lle->ln_router != 0)
2522 ndpc.rtm.rtm_flags |= RTF_GATEWAY;
2523 ndpc.rtm.rtm_rmx.rmx_pksent = lle->la_asked;
2524 /* Store state in rmx_weight value */
2525 ndpc.rtm.rtm_rmx.rmx_state = lle->ln_state;
2526 ndpc.rtm.rtm_index = ifp->if_index;
2527 error = SYSCTL_OUT(wr, &ndpc, sizeof(ndpc));
2533 in6_lltable_post_resolved(struct lltable *llt, struct llentry *lle)
2535 /* Join the solicited multicast group for dst. */
2536 if ((lle->la_flags & LLE_PUB) == LLE_PUB)
2537 in6_join_proxy_ndp_mc(llt->llt_ifp, &lle->r_l3addr.addr6);
2540 static struct lltable *
2541 in6_lltattach(struct ifnet *ifp)
2543 struct lltable *llt;
2545 llt = lltable_allocate_htbl(IN6_LLTBL_DEFAULT_HSIZE);
2546 llt->llt_af = AF_INET6;
2549 llt->llt_lookup = in6_lltable_lookup;
2550 llt->llt_alloc_entry = in6_lltable_alloc;
2551 llt->llt_delete_entry = in6_lltable_delete_entry;
2552 llt->llt_dump_entry = in6_lltable_dump_entry;
2553 llt->llt_hash = in6_lltable_hash;
2554 llt->llt_fill_sa_entry = in6_lltable_fill_sa_entry;
2555 llt->llt_free_entry = in6_lltable_free_entry;
2556 llt->llt_match_prefix = in6_lltable_match_prefix;
2557 llt->llt_mark_used = llentry_mark_used;
2558 llt->llt_post_resolved = in6_lltable_post_resolved;
2565 in6_lltable_get(struct ifnet *ifp)
2567 struct lltable *llt = NULL;
2569 void *afdata_ptr = ifp->if_afdata[AF_INET6];
2570 if (afdata_ptr != NULL)
2571 llt = ((struct in6_ifextra *)afdata_ptr)->lltable;
2576 in6_domifattach(struct ifnet *ifp)
2578 struct in6_ifextra *ext;
2580 /* There are not IPv6-capable interfaces. */
2581 switch (ifp->if_type) {
2587 ext = (struct in6_ifextra *)malloc(sizeof(*ext), M_IFADDR, M_WAITOK);
2588 bzero(ext, sizeof(*ext));
2590 ext->in6_ifstat = malloc(sizeof(counter_u64_t) *
2591 sizeof(struct in6_ifstat) / sizeof(uint64_t), M_IFADDR, M_WAITOK);
2592 COUNTER_ARRAY_ALLOC(ext->in6_ifstat,
2593 sizeof(struct in6_ifstat) / sizeof(uint64_t), M_WAITOK);
2595 ext->icmp6_ifstat = malloc(sizeof(counter_u64_t) *
2596 sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_IFADDR,
2598 COUNTER_ARRAY_ALLOC(ext->icmp6_ifstat,
2599 sizeof(struct icmp6_ifstat) / sizeof(uint64_t), M_WAITOK);
2601 ext->nd_ifinfo = nd6_ifattach(ifp);
2602 ext->scope6_id = scope6_ifattach(ifp);
2603 ext->lltable = in6_lltattach(ifp);
2605 ext->mld_ifinfo = mld_domifattach(ifp);
2611 in6_domifmtu(struct ifnet *ifp)
2613 if (ifp->if_afdata[AF_INET6] == NULL)
2616 return (IN6_LINKMTU(ifp));
2620 in6_domifdetach(struct ifnet *ifp, void *aux)
2622 struct in6_ifextra *ext = (struct in6_ifextra *)aux;
2624 mld_domifdetach(ifp);
2625 scope6_ifdetach(ext->scope6_id);
2626 nd6_ifdetach(ifp, ext->nd_ifinfo);
2627 lltable_free(ext->lltable);
2628 COUNTER_ARRAY_FREE(ext->in6_ifstat,
2629 sizeof(struct in6_ifstat) / sizeof(uint64_t));
2630 free(ext->in6_ifstat, M_IFADDR);
2631 COUNTER_ARRAY_FREE(ext->icmp6_ifstat,
2632 sizeof(struct icmp6_ifstat) / sizeof(uint64_t));
2633 free(ext->icmp6_ifstat, M_IFADDR);
2634 free(ext, M_IFADDR);
2638 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
2639 * v4 mapped addr or v4 compat addr
2642 in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2645 bzero(sin, sizeof(*sin));
2646 sin->sin_len = sizeof(struct sockaddr_in);
2647 sin->sin_family = AF_INET;
2648 sin->sin_port = sin6->sin6_port;
2649 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
2652 /* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
2654 in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2656 bzero(sin6, sizeof(*sin6));
2657 sin6->sin6_len = sizeof(struct sockaddr_in6);
2658 sin6->sin6_family = AF_INET6;
2659 sin6->sin6_port = sin->sin_port;
2660 sin6->sin6_addr.s6_addr32[0] = 0;
2661 sin6->sin6_addr.s6_addr32[1] = 0;
2662 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
2663 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
2666 /* Convert sockaddr_in6 into sockaddr_in. */
2668 in6_sin6_2_sin_in_sock(struct sockaddr *nam)
2670 struct sockaddr_in *sin_p;
2671 struct sockaddr_in6 sin6;
2674 * Save original sockaddr_in6 addr and convert it
2677 sin6 = *(struct sockaddr_in6 *)nam;
2678 sin_p = (struct sockaddr_in *)nam;
2679 in6_sin6_2_sin(sin_p, &sin6);
2683 * Join/leave the solicited multicast groups for proxy NDP entries.
2686 in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
2688 struct in6_multi *inm;
2689 struct in6_addr mltaddr;
2690 char ip6buf[INET6_ADDRSTRLEN];
2693 if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
2694 return; /* error logged in in6_solicited_node_maddr. */
2696 error = in6_joingroup(ifp, &mltaddr, NULL, &inm, 0);
2698 nd6log((LOG_WARNING,
2699 "%s: in6_joingroup failed for %s on %s (errno=%d)\n",
2700 __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp),
2706 in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
2708 struct epoch_tracker et;
2709 struct in6_multi *inm;
2710 struct in6_addr mltaddr;
2711 char ip6buf[INET6_ADDRSTRLEN];
2713 if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
2714 return; /* error logged in in6_solicited_node_maddr. */
2716 NET_EPOCH_ENTER(et);
2717 inm = in6m_lookup(ifp, &mltaddr);
2720 in6_leavegroup(inm, NULL);
2722 nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on %s\n",
2723 __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp)));
2727 in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void *farg)
2729 return ((lle->la_flags & LLE_PUB) != 0);
2733 in6_purge_proxy_ndp(struct ifnet *ifp)
2735 struct lltable *llt;
2738 if (ifp->if_afdata[AF_INET6] == NULL)
2741 llt = LLTABLE6(ifp);
2742 IF_AFDATA_WLOCK(ifp);
2743 need_purge = ((llt->llt_flags & LLT_ADDEDPROXY) != 0);
2744 IF_AFDATA_WUNLOCK(ifp);
2747 * Ever added proxy ndp entries, leave solicited node multicast
2748 * before deleting the llentry.
2751 lltable_delete_conditional(llt, in6_lle_match_pub, NULL);
projects / FreeBSD / FreeBSD.git / blob