2 * Copyright (c) 1999 Poul-Henning Kamp.
3 * Copyright (c) 2008 Bjoern A. Zeeb.
4 * Copyright (c) 2009 James Gritton.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include "opt_compat.h"
35 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/types.h>
39 #include <sys/kernel.h>
40 #include <sys/systm.h>
41 #include <sys/errno.h>
42 #include <sys/sysproto.h>
43 #include <sys/malloc.h>
47 #include <sys/taskqueue.h>
48 #include <sys/fcntl.h>
51 #include <sys/mutex.h>
52 #include <sys/racct.h>
53 #include <sys/refcount.h>
55 #include <sys/sysent.h>
56 #include <sys/namei.h>
57 #include <sys/mount.h>
58 #include <sys/queue.h>
59 #include <sys/socket.h>
60 #include <sys/syscallsubr.h>
61 #include <sys/sysctl.h>
62 #include <sys/vnode.h>
67 #include <netinet/in.h>
70 prison_qcmp_v6(const void *ip1, const void *ip2)
72 const struct in6_addr *ia6a, *ia6b;
75 ia6a = (const struct in6_addr *)ip1;
76 ia6b = (const struct in6_addr *)ip2;
79 for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) {
80 if (ia6a->s6_addr[i] > ia6b->s6_addr[i])
82 else if (ia6a->s6_addr[i] < ia6b->s6_addr[i])
89 prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
95 if (!(pr->pr_flags & PR_IP6_USER)) {
96 /* This has no user settings, so just copy the parent's list. */
97 if (pr->pr_ip6s < ppr->pr_ip6s) {
99 * There's no room for the parent's list. Use the
100 * new list buffer, which is assumed to be big enough
101 * (if it was passed). If there's no buffer, try to
105 if (newip6 == NULL) {
106 newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6),
111 if (newip6 != NULL) {
112 bcopy(ppr->pr_ip6, newip6,
113 ppr->pr_ip6s * sizeof(*newip6));
114 free(pr->pr_ip6, M_PRISON);
116 pr->pr_ip6s = ppr->pr_ip6s;
120 pr->pr_ip6s = ppr->pr_ip6s;
122 bcopy(ppr->pr_ip6, pr->pr_ip6,
123 pr->pr_ip6s * sizeof(*newip6));
124 else if (pr->pr_ip6 != NULL) {
125 free(pr->pr_ip6, M_PRISON);
128 } else if (pr->pr_ip6s > 0) {
129 /* Remove addresses that aren't in the parent. */
130 for (ij = 0; ij < ppr->pr_ip6s; ij++)
131 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0],
134 if (ij < ppr->pr_ip6s)
137 bcopy(pr->pr_ip6 + 1, pr->pr_ip6,
138 --pr->pr_ip6s * sizeof(*pr->pr_ip6));
141 for (ij = 1; ii < pr->pr_ip6s; ) {
142 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii],
147 switch (ij >= ppr->pr_ip6s ? -1 :
148 prison_qcmp_v6(&pr->pr_ip6[ii], &ppr->pr_ip6[ij])) {
150 bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii,
151 (--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6));
162 if (pr->pr_ip6s == 0) {
163 free(pr->pr_ip6, M_PRISON);
171 * Pass back primary IPv6 address for this jail.
173 * If not restricted return success but do not alter the address. Caller has
174 * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
176 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
179 prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
183 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
184 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
186 pr = cred->cr_prison;
187 if (!(pr->pr_flags & PR_IP6))
189 mtx_lock(&pr->pr_mtx);
190 if (!(pr->pr_flags & PR_IP6)) {
191 mtx_unlock(&pr->pr_mtx);
194 if (pr->pr_ip6 == NULL) {
195 mtx_unlock(&pr->pr_mtx);
196 return (EAFNOSUPPORT);
199 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
200 mtx_unlock(&pr->pr_mtx);
205 * Return 1 if we should do proper source address selection or are not jailed.
206 * We will return 0 if we should bypass source address selection in favour
207 * of the primary jail IPv6 address. Only in this case *ia will be updated and
209 * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
212 prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
215 struct in6_addr lia6;
218 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
219 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
224 pr = cred->cr_prison;
225 if (pr->pr_flags & PR_IP6_SADDRSEL)
229 error = prison_get_ip6(cred, &lia6);
232 if (IN6_IS_ADDR_UNSPECIFIED(&lia6))
235 bcopy(&lia6, ia6, sizeof(struct in6_addr));
240 * Return true if pr1 and pr2 have the same IPv6 address restrictions.
243 prison_equal_ip6(struct prison *pr1, struct prison *pr2)
249 while (pr1 != &prison0 &&
251 !(pr1->pr_flags & PR_VNET) &&
253 !(pr1->pr_flags & PR_IP6_USER))
254 pr1 = pr1->pr_parent;
255 while (pr2 != &prison0 &&
257 !(pr2->pr_flags & PR_VNET) &&
259 !(pr2->pr_flags & PR_IP6_USER))
260 pr2 = pr2->pr_parent;
265 * Make sure our (source) address is set to something meaningful to this jail.
267 * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
268 * when needed while binding.
270 * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
271 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
272 * doesn't allow IPv6.
275 prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
280 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
281 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
283 pr = cred->cr_prison;
284 if (!(pr->pr_flags & PR_IP6))
286 mtx_lock(&pr->pr_mtx);
287 if (!(pr->pr_flags & PR_IP6)) {
288 mtx_unlock(&pr->pr_mtx);
291 if (pr->pr_ip6 == NULL) {
292 mtx_unlock(&pr->pr_mtx);
293 return (EAFNOSUPPORT);
296 if (IN6_IS_ADDR_LOOPBACK(ia6)) {
297 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
298 mtx_unlock(&pr->pr_mtx);
302 if (IN6_IS_ADDR_UNSPECIFIED(ia6)) {
304 * In case there is only 1 IPv6 address, and v6only is true,
305 * then bind directly.
307 if (v6only != 0 && pr->pr_ip6s == 1)
308 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
309 mtx_unlock(&pr->pr_mtx);
313 error = prison_check_ip6_locked(pr, ia6);
314 mtx_unlock(&pr->pr_mtx);
319 * Rewrite destination address in case we will connect to loopback address.
321 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
324 prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
328 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
329 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
331 pr = cred->cr_prison;
332 if (!(pr->pr_flags & PR_IP6))
334 mtx_lock(&pr->pr_mtx);
335 if (!(pr->pr_flags & PR_IP6)) {
336 mtx_unlock(&pr->pr_mtx);
339 if (pr->pr_ip6 == NULL) {
340 mtx_unlock(&pr->pr_mtx);
341 return (EAFNOSUPPORT);
344 if (IN6_IS_ADDR_LOOPBACK(ia6)) {
345 bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
346 mtx_unlock(&pr->pr_mtx);
351 * Return success because nothing had to be changed.
353 mtx_unlock(&pr->pr_mtx);
358 * Check if given address belongs to the jail referenced by cred/prison.
360 * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
361 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
362 * doesn't allow IPv6.
365 prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6)
370 * Check the primary IP.
372 if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6))
376 * All the other IPs are sorted so we can do a binary search.
382 d = prison_qcmp_v6(&pr->pr_ip6[i+1], ia6);
391 return (EADDRNOTAVAIL);
395 prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
400 KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
401 KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
403 pr = cred->cr_prison;
404 if (!(pr->pr_flags & PR_IP6))
406 mtx_lock(&pr->pr_mtx);
407 if (!(pr->pr_flags & PR_IP6)) {
408 mtx_unlock(&pr->pr_mtx);
411 if (pr->pr_ip6 == NULL) {
412 mtx_unlock(&pr->pr_mtx);
413 return (EAFNOSUPPORT);
416 error = prison_check_ip6_locked(pr, ia6);
417 mtx_unlock(&pr->pr_mtx);