search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nfs: fix real/effective id mismatch in nfs_access
[dragonfly.git] / sys / netinet6 / in6_src.c
blob409febbd28fa0f78b3830bf89c88b102a47c09ab
1 /* $FreeBSD: src/sys/netinet6/in6_src.c,v 1.1.2.3 2002/02/26 18:02:06 ume Exp $ */
2 /* $DragonFly: src/sys/netinet6/in6_src.c,v 1.13 2006/12/29 18:02:56 victor Exp $ */
3 /* $KAME: in6_src.c,v 1.37 2001/03/29 05:34:31 itojun Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /*
35 * Copyright (c) 1982, 1986, 1991, 1993
36 * The Regents of the University of California. All rights reserved.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * SUCH DAMAGE.
65 *
66 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
67 */
68
69 #include "opt_inet.h"
70 #include "opt_inet6.h"
71
72 #include <sys/param.h>
73 #include <sys/systm.h>
74 #include <sys/jail.h>
75 #include <sys/kernel.h>
76 #include <sys/malloc.h>
77 #include <sys/mbuf.h>
78 #include <sys/protosw.h>
79 #include <sys/socket.h>
80 #include <sys/socketvar.h>
81 #include <sys/sockio.h>
82 #include <sys/sysctl.h>
83 #include <sys/errno.h>
84 #include <sys/time.h>
85 #include <sys/proc.h>
86 #include <sys/priv.h>
87
88 #include <net/if.h>
89 #include <net/route.h>
90
91 #include <netinet/in.h>
92 #include <netinet/in_var.h>
93 #include <netinet/in_systm.h>
94 #include <netinet/ip.h>
95 #include <netinet/in_pcb.h>
96 #include <netinet6/in6_var.h>
97 #include <netinet/ip6.h>
98 #include <netinet6/in6_pcb.h>
99 #include <netinet6/ip6_var.h>
100 #include <netinet6/nd6.h>
101 #ifdef ENABLE_DEFAULT_SCOPE
102 #include <netinet6/scope6_var.h>
103 #endif
104
105 #include <net/net_osdep.h>
106
107 #include "use_loop.h"
108
109 #define ADDR_LABEL_NOTAPP (-1)
110 struct in6_addrpolicy defaultaddrpolicy;
111
112 static void init_policy_queue(void);
113 static int add_addrsel_policyent(struct in6_addrpolicy *);
114 static int delete_addrsel_policyent(struct in6_addrpolicy *);
115 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
116 void *);
117 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
118
119
120 /*
121 * Return an IPv6 address, which is the most appropriate for a given
122 * destination and user specified options.
123 * If necessary, this function lookups the routing table and returns
124 * an entry to the caller for later use.
125 */
126 struct in6_addr *
127 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
128 struct ip6_moptions *mopts, struct route_in6 *ro,
129 struct in6_addr *laddr, int *errorp, struct thread *td)
130 {
131 struct sockaddr_in6 jsin6;
132 struct ucred *cred = NULL;
133 struct in6_addr *dst;
134 struct in6_ifaddr *ia6 = 0;
135 struct in6_pktinfo *pi = NULL;
136 int jailed = 0;
137
138 if (td && td->td_proc && td->td_proc->p_ucred)
139 cred = td->td_proc->p_ucred;
140 if (cred && cred->cr_prison)
141 jailed = 1;
142 jsin6.sin6_family = AF_INET6;
143 dst = &dstsock->sin6_addr;
144 *errorp = 0;
145
146 /*
147 * If the source address is explicitly specified by the caller,
148 * use it.
149 */
150 if (opts && (pi = opts->ip6po_pktinfo) &&
151 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
152 jsin6.sin6_addr = pi->ipi6_addr;
153 if (jailed && !jailed_ip(cred->cr_prison,
154 (struct sockaddr *)&jsin6)) {
155 return(0);
156 } else {
157 return (&pi->ipi6_addr);
158 }
159 }
160
161 /*
162 * If the source address is not specified but the socket(if any)
163 * is already bound, use the bound address.
164 */
165 if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr)) {
166 jsin6.sin6_addr = *laddr;
167 if (jailed && !jailed_ip(cred->cr_prison,
168 (struct sockaddr *)&jsin6)) {
169 return(0);
170 } else {
171 return (laddr);
172 }
173 }
174
175 /*
176 * If the caller doesn't specify the source address but
177 * the outgoing interface, use an address associated with
178 * the interface.
179 */
180 if (pi && pi->ipi6_ifindex) {
181 /* XXX boundary check is assumed to be already done. */
182 ia6 = in6_ifawithscope(ifindex2ifnet[pi->ipi6_ifindex],
183 dst);
184
185 if (ia6 && jailed) {
186 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
187 if (!jailed_ip(cred->cr_prison,
188 (struct sockaddr *)&jsin6))
189 ia6 = 0;
190 }
191
192 if (ia6 == 0) {
193 *errorp = EADDRNOTAVAIL;
194 return (0);
195 }
196 return (&satosin6(&ia6->ia_addr)->sin6_addr);
197 }
198
199 /*
200 * If the destination address is a link-local unicast address or
201 * a multicast address, and if the outgoing interface is specified
202 * by the sin6_scope_id filed, use an address associated with the
203 * interface.
204 * XXX: We're now trying to define more specific semantics of
205 * sin6_scope_id field, so this part will be rewritten in
206 * the near future.
207 */
208 if ((IN6_IS_ADDR_LINKLOCAL(dst) || IN6_IS_ADDR_MULTICAST(dst)) &&
209 dstsock->sin6_scope_id) {
210 /*
211 * I'm not sure if boundary check for scope_id is done
212 * somewhere...
213 */
214 if (dstsock->sin6_scope_id < 0 ||
215 if_index < dstsock->sin6_scope_id) {
216 *errorp = ENXIO; /* XXX: better error? */
217 return (0);
218 }
219 ia6 = in6_ifawithscope(ifindex2ifnet[dstsock->sin6_scope_id],
220 dst);
221
222 if (ia6 && jailed) {
223 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
224 if (!jailed_ip(cred->cr_prison,
225 (struct sockaddr *)&jsin6))
226 ia6 = 0;
227 }
228
229 if (ia6 == 0) {
230 *errorp = EADDRNOTAVAIL;
231 return (0);
232 }
233 return (&satosin6(&ia6->ia_addr)->sin6_addr);
234 }
235
236 /*
237 * If the destination address is a multicast address and
238 * the outgoing interface for the address is specified
239 * by the caller, use an address associated with the interface.
240 * There is a sanity check here; if the destination has node-local
241 * scope, the outgoing interfacde should be a loopback address.
242 * Even if the outgoing interface is not specified, we also
243 * choose a loopback interface as the outgoing interface.
244 */
245 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) {
246 struct ifnet *ifp = mopts ? mopts->im6o_multicast_ifp : NULL;
247
248 if (ifp == NULL && IN6_IS_ADDR_MC_NODELOCAL(dst)) {
249 ifp = &loif[0];
250 }
251
252 if (ifp) {
253 ia6 = in6_ifawithscope(ifp, dst);
254 if (ia6 == 0) {
255 *errorp = EADDRNOTAVAIL;
256 return (0);
257 }
258 return (&satosin6(&ia6->ia_addr)->sin6_addr);
259 }
260 }
261
262 /*
263 * If the next hop address for the packet is specified
264 * by caller, use an address associated with the route
265 * to the next hop.
266 */
267 {
268 struct sockaddr_in6 *sin6_next;
269 struct rtentry *rt;
270
271 if (opts && opts->ip6po_nexthop) {
272 sin6_next = satosin6(opts->ip6po_nexthop);
273 rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL);
274 if (rt) {
275 ia6 = in6_ifawithscope(rt->rt_ifp, dst);
276 if (ia6 == 0)
277 ia6 = ifatoia6(rt->rt_ifa);
278 }
279 if (ia6 && jailed) {
280 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
281 if (!jailed_ip(cred->cr_prison,
282 (struct sockaddr *)&jsin6))
283 ia6 = 0;
284 }
285
286 if (ia6 == 0) {
287 *errorp = EADDRNOTAVAIL;
288 return (0);
289 }
290 return (&satosin6(&ia6->ia_addr)->sin6_addr);
291 }
292 }
293
294 /*
295 * If route is known or can be allocated now,
296 * our src addr is taken from the i/f, else punt.
297 */
298 if (ro) {
299 if (ro->ro_rt &&
300 (!(ro->ro_rt->rt_flags & RTF_UP) ||
301 satosin6(&ro->ro_dst)->sin6_family != AF_INET6 ||
302 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
303 dst))) {
304 RTFREE(ro->ro_rt);
305 ro->ro_rt = NULL;
306 }
307 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp == NULL) {
308 struct sockaddr_in6 *sa6;
309
310 /* No route yet, so try to acquire one */
311 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
312 sa6 = &ro->ro_dst;
313 sa6->sin6_family = AF_INET6;
314 sa6->sin6_len = sizeof(struct sockaddr_in6);
315 sa6->sin6_addr = *dst;
316 sa6->sin6_scope_id = dstsock->sin6_scope_id;
317 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) {
318 ro->ro_rt =
319 rtpurelookup((struct sockaddr *)&ro->ro_dst);
320 } else {
321 rtalloc((struct route *)ro);
322 }
323 }
324
325 /*
326 * in_pcbconnect() checks out IFF_LOOPBACK to skip using
327 * the address. But we don't know why it does so.
328 * It is necessary to ensure the scope even for lo0
329 * so doesn't check out IFF_LOOPBACK.
330 */
331
332 if (ro->ro_rt) {
333 ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst);
334 if (ia6 && jailed) {
335 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
336 if (!jailed_ip(cred->cr_prison,
337 (struct sockaddr *)&jsin6))
338 ia6 = 0;
339 }
340
341 if (ia6 == 0) /* xxx scope error ?*/
342 ia6 = ifatoia6(ro->ro_rt->rt_ifa);
343
344 if (ia6 && jailed) {
345 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
346 if (!jailed_ip(cred->cr_prison,
347 (struct sockaddr *)&jsin6))
348 ia6 = 0;
349 }
350 }
351 #if 0
352 /*
353 * xxx The followings are necessary? (kazu)
354 * I don't think so.
355 * It's for SO_DONTROUTE option in IPv4.(jinmei)
356 */
357 if (ia6 == 0) {
358 struct sockaddr_in6 sin6 = {sizeof(sin6), AF_INET6, 0};
359
360 sin6->sin6_addr = *dst;
361
362 ia6 = ifatoia6(ifa_ifwithdstaddr(sin6tosa(&sin6)));
363 if (ia6 == 0)
364 ia6 = ifatoia6(ifa_ifwithnet(sin6tosa(&sin6)));
365 if (ia6 == 0)
366 return (0);
367 return (&satosin6(&ia6->ia_addr)->sin6_addr);
368 }
369 #endif /* 0 */
370 if (ia6 == 0) {
371 *errorp = EHOSTUNREACH; /* no route */
372 return (0);
373 }
374 return (&satosin6(&ia6->ia_addr)->sin6_addr);
375 }
376
377 *errorp = EADDRNOTAVAIL;
378 return (0);
379 }
380
381 /*
382 * Default hop limit selection. The precedence is as follows:
383 * 1. Hoplimit value specified via ioctl.
384 * 2. (If the outgoing interface is detected) the current
385 * hop limit of the interface specified by router advertisement.
386 * 3. The system default hoplimit.
387 */
388 int
389 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp)
390 {
391 if (in6p && in6p->in6p_hops >= 0)
392 return (in6p->in6p_hops);
393 else if (ifp)
394 return (ND_IFINFO(ifp)->chlim);
395 else
396 return (ip6_defhlim);
397 }
398
399 /*
400 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
401 * share this function by all *bsd*...
402 */
403 int
404 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct thread *td)
405 {
406 struct socket *so = inp->inp_socket;
407 u_int16_t lport = 0, first, last, *lastport;
408 int count, error = 0, wild = 0;
409 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
410 struct ucred *cred = NULL;
411
412 /* XXX: this is redundant when called from in6_pcbbind */
413 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
414 wild = INPLOOKUP_WILDCARD;
415 if (td->td_proc && td->td_proc->p_ucred)
416 cred = td->td_proc->p_ucred;
417
418 inp->inp_flags |= INP_ANONPORT;
419
420 if (inp->inp_flags & INP_HIGHPORT) {
421 first = ipport_hifirstauto; /* sysctl */
422 last = ipport_hilastauto;
423 lastport = &pcbinfo->lasthi;
424 } else if (inp->inp_flags & INP_LOWPORT) {
425 if ((error = priv_check(td, PRIV_ROOT)) != 0)
426 return error;
427 first = ipport_lowfirstauto; /* 1023 */
428 last = ipport_lowlastauto; /* 600 */
429 lastport = &pcbinfo->lastlow;
430 } else {
431 first = ipport_firstauto; /* sysctl */
432 last = ipport_lastauto;
433 lastport = &pcbinfo->lastport;
434 }
435 /*
436 * Simple check to ensure all ports are not used up causing
437 * a deadlock here.
438 *
439 * We split the two cases (up and down) so that the direction
440 * is not being tested on each round of the loop.
441 */
442 if (first > last) {
443 /*
444 * counting down
445 */
446 count = first - last;
447
448 do {
449 if (count-- < 0) { /* completely used? */
450 /*
451 * Undo any address bind that may have
452 * occurred above.
453 */
454 inp->in6p_laddr = kin6addr_any;
455 return (EAGAIN);
456 }
457 --*lastport;
458 if (*lastport > first || *lastport < last)
459 *lastport = first;
460 lport = htons(*lastport);
461 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr,
462 lport, wild, cred));
463 } else {
464 /*
465 * counting up
466 */
467 count = last - first;
468
469 do {
470 if (count-- < 0) { /* completely used? */
471 /*
472 * Undo any address bind that may have
473 * occurred above.
474 */
475 inp->in6p_laddr = kin6addr_any;
476 return (EAGAIN);
477 }
478 ++*lastport;
479 if (*lastport < first || *lastport > last)
480 *lastport = first;
481 lport = htons(*lastport);
482 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr,
483 lport, wild, cred));
484 }
485
486 inp->inp_lport = lport;
487 if (in_pcbinsporthash(inp) != 0) {
488 inp->in6p_laddr = kin6addr_any;
489 inp->inp_lport = 0;
490 return (EAGAIN);
491 }
492
493 return (0);
494 }
495
496 /*
497 * generate kernel-internal form (scopeid embedded into s6_addr16[1]).
498 * If the address scope of is link-local, embed the interface index in the
499 * address. The routine determines our precedence
500 * between advanced API scope/interface specification and basic API
501 * specification.
502 *
503 * this function should be nuked in the future, when we get rid of
504 * embedded scopeid thing.
505 *
506 * XXX actually, it is over-specification to return ifp against sin6_scope_id.
507 * there can be multiple interfaces that belong to a particular scope zone
508 * (in specification, we have 1:N mapping between a scope zone and interfaces).
509 * we may want to change the function to return something other than ifp.
510 */
511 int
512 in6_embedscope(struct in6_addr *in6,
513 const struct sockaddr_in6 *sin6,
514 #ifdef HAVE_NRL_INPCB
515 struct inpcb *in6p,
516 #define in6p_outputopts inp_outputopts6
517 #define in6p_moptions inp_moptions6
518 #else
519 struct in6pcb *in6p,
520 #endif
521 struct ifnet **ifpp)
522 {
523 struct ifnet *ifp = NULL;
524 u_int32_t scopeid;
525
526 *in6 = sin6->sin6_addr;
527 scopeid = sin6->sin6_scope_id;
528 if (ifpp)
529 *ifpp = NULL;
530
531 /*
532 * don't try to read sin6->sin6_addr beyond here, since the caller may
533 * ask us to overwrite existing sockaddr_in6
534 */
535
536 #ifdef ENABLE_DEFAULT_SCOPE
537 if (scopeid == 0)
538 scopeid = scope6_addr2default(in6);
539 #endif
540
541 if (IN6_IS_SCOPE_LINKLOCAL(in6)) {
542 struct in6_pktinfo *pi;
543
544 /*
545 * KAME assumption: link id == interface id
546 */
547
548 if (in6p && in6p->in6p_outputopts &&
549 (pi = in6p->in6p_outputopts->ip6po_pktinfo) &&
550 pi->ipi6_ifindex) {
551 ifp = ifindex2ifnet[pi->ipi6_ifindex];
552 in6->s6_addr16[1] = htons(pi->ipi6_ifindex);
553 } else if (in6p && IN6_IS_ADDR_MULTICAST(in6) &&
554 in6p->in6p_moptions &&
555 in6p->in6p_moptions->im6o_multicast_ifp) {
556 ifp = in6p->in6p_moptions->im6o_multicast_ifp;
557 in6->s6_addr16[1] = htons(ifp->if_index);
558 } else if (scopeid) {
559 /* boundary check */
560 if (scopeid < 0 || if_index < scopeid)
561 return ENXIO; /* XXX EINVAL? */
562 ifp = ifindex2ifnet[scopeid];
563 /*XXX assignment to 16bit from 32bit variable */
564 in6->s6_addr16[1] = htons(scopeid & 0xffff);
565 }
566
567 if (ifpp)
568 *ifpp = ifp;
569 }
570
571 return 0;
572 }
573 #ifdef HAVE_NRL_INPCB
574 #undef in6p_outputopts
575 #undef in6p_moptions
576 #endif
577
578 /*
579 * generate standard sockaddr_in6 from embedded form.
580 * touches sin6_addr and sin6_scope_id only.
581 *
582 * this function should be nuked in the future, when we get rid of
583 * embedded scopeid thing.
584 */
585 int
586 in6_recoverscope(struct sockaddr_in6 *sin6, const struct in6_addr *in6,
587 struct ifnet *ifp)
588 {
589 u_int32_t scopeid;
590
591 sin6->sin6_addr = *in6;
592
593 /*
594 * don't try to read *in6 beyond here, since the caller may
595 * ask us to overwrite existing sockaddr_in6
596 */
597
598 sin6->sin6_scope_id = 0;
599 if (IN6_IS_SCOPE_LINKLOCAL(in6)) {
600 /*
601 * KAME assumption: link id == interface id
602 */
603 scopeid = ntohs(sin6->sin6_addr.s6_addr16[1]);
604 if (scopeid) {
605 /* sanity check */
606 if (scopeid < 0 || if_index < scopeid)
607 return ENXIO;
608 if (ifp && ifp->if_index != scopeid)
609 return ENXIO;
610 sin6->sin6_addr.s6_addr16[1] = 0;
611 sin6->sin6_scope_id = scopeid;
612 }
613 }
614
615 return 0;
616 }
617
618 /*
619 * just clear the embedded scope identifer.
620 * XXX: currently used for bsdi4 only as a supplement function.
621 */
622 void
623 in6_clearscope(struct in6_addr *addr)
624 {
625 if (IN6_IS_SCOPE_LINKLOCAL(addr))
626 addr->s6_addr16[1] = 0;
627 }
628
629 void
630 addrsel_policy_init(void)
631 {
632
633 init_policy_queue();
634
635 /* initialize the "last resort" policy */
636 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy));
637 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
638 }
639
640 /*
641 * Subroutines to manage the address selection policy table via sysctl.
642 */
643 struct walkarg {
644 struct sysctl_req *w_req;
645 };
646
647 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
648 SYSCTL_DECL(_net_inet6_ip6);
649 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
650 CTLFLAG_RD, in6_src_sysctl, "");
651
652 static int
653 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
654 {
655 struct walkarg w;
656
657 if (req->newptr)
658 return EPERM;
659
660 bzero(&w, sizeof(w));
661 w.w_req = req;
662
663 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
664 }
665
666 int
667 in6_src_ioctl(u_long cmd, caddr_t data)
668 {
669 int i;
670 struct in6_addrpolicy ent0;
671
672 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
673 return (EOPNOTSUPP); /* check for safety */
674
675 ent0 = *(struct in6_addrpolicy *)data;
676
677 if (ent0.label == ADDR_LABEL_NOTAPP)
678 return (EINVAL);
679 /* check if the prefix mask is consecutive. */
680 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
681 return (EINVAL);
682 /* clear trailing garbages (if any) of the prefix address. */
683 for (i = 0; i < 4; i++) {
684 ent0.addr.sin6_addr.s6_addr32[i] &=
685 ent0.addrmask.sin6_addr.s6_addr32[i];
686 }
687 ent0.use = 0;
688
689 switch (cmd) {
690 case SIOCAADDRCTL_POLICY:
691 return (add_addrsel_policyent(&ent0));
692 case SIOCDADDRCTL_POLICY:
693 return (delete_addrsel_policyent(&ent0));
694 }
695
696 return (0); /* XXX: compromise compilers */
697 }
698
699 /*
700 * The followings are implementation of the policy table using a
701 * simple tail queue.
702 * XXX such details should be hidden.
703 * XXX implementation using binary tree should be more efficient.
704 */
705 struct addrsel_policyent {
706 TAILQ_ENTRY(addrsel_policyent) ape_entry;
707 struct in6_addrpolicy ape_policy;
708 };
709
710 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
711
712 struct addrsel_policyhead addrsel_policytab;
713
714 static void
715 init_policy_queue(void)
716 {
717 TAILQ_INIT(&addrsel_policytab);
718 }
719
720 static int
721 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
722 {
723 struct addrsel_policyent *new, *pol;
724
725 /* duplication check */
726 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
727 pol = TAILQ_NEXT(pol, ape_entry)) {
728 if (SA6_ARE_ADDR_EQUAL(&newpolicy->addr,
729 &pol->ape_policy.addr) &&
730 SA6_ARE_ADDR_EQUAL(&newpolicy->addrmask,
731 &pol->ape_policy.addrmask)) {
732 return (EEXIST); /* or override it? */
733 }
734 }
735
736 new = kmalloc(sizeof(*new), M_IFADDR, M_WAITOK | M_ZERO);
737
738 /* XXX: should validate entry */
739 new->ape_policy = *newpolicy;
740
741 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry);
742
743 return (0);
744 }
745
746 static int
747 delete_addrsel_policyent(struct in6_addrpolicy *key)
748 {
749 struct addrsel_policyent *pol;
750
751 /* search for the entry in the table */
752 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
753 pol = TAILQ_NEXT(pol, ape_entry)) {
754 if (SA6_ARE_ADDR_EQUAL(&key->addr, &pol->ape_policy.addr) &&
755 SA6_ARE_ADDR_EQUAL(&key->addrmask,
756 &pol->ape_policy.addrmask)) {
757 break;
758 }
759 }
760 if (pol == NULL)
761 return (ESRCH);
762
763 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry);
764 kfree(pol, M_IFADDR);
765
766 return (0);
767 }
768
769 static int
770 walk_addrsel_policy(int(*callback)(struct in6_addrpolicy *, void *), void *w)
771 {
772 struct addrsel_policyent *pol;
773 int error = 0;
774
775 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
776 pol = TAILQ_NEXT(pol, ape_entry)) {
777 if ((error = (*callback)(&pol->ape_policy, w)) != 0)
778 return (error);
779 }
780
781 return (error);
782 }
783
784 static int
785 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
786 {
787 int error = 0;
788 struct walkarg *w = arg;
789
790 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
791
792 return (error);
793 }
DragonFly BSD