search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel/ixgbe: Add missing braces.
[dragonfly.git] / sys / netinet6 / in6_src.c
blobe5f23d6881af75e88309bd5165fc40e451c38d0c
1 /* $FreeBSD: src/sys/netinet6/in6_src.c,v 1.1.2.3 2002/02/26 18:02:06 ume Exp $ */
2 /* $KAME: in6_src.c,v 1.37 2001/03/29 05:34:31 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1991, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
66 */
67
68 #include "opt_inet.h"
69 #include "opt_inet6.h"
70
71 #include <sys/param.h>
72 #include <sys/systm.h>
73 #include <sys/jail.h>
74 #include <sys/kernel.h>
75 #include <sys/malloc.h>
76 #include <sys/mbuf.h>
77 #include <sys/protosw.h>
78 #include <sys/socket.h>
79 #include <sys/socketvar.h>
80 #include <sys/sockio.h>
81 #include <sys/sysctl.h>
82 #include <sys/errno.h>
83 #include <sys/time.h>
84 #include <sys/proc.h>
85 #include <sys/priv.h>
86
87 #include <net/if.h>
88 #include <net/route.h>
89
90 #include <netinet/in.h>
91 #include <netinet/in_var.h>
92 #include <netinet/in_systm.h>
93 #include <netinet/ip.h>
94 #include <netinet/in_pcb.h>
95 #include <netinet6/in6_var.h>
96 #include <netinet/ip6.h>
97 #include <netinet6/in6_pcb.h>
98 #include <netinet6/ip6_var.h>
99 #include <netinet6/nd6.h>
100 #ifdef ENABLE_DEFAULT_SCOPE
101 #include <netinet6/scope6_var.h>
102 #endif
103
104 #include <net/net_osdep.h>
105
106 #define ADDR_LABEL_NOTAPP (-1)
107 struct in6_addrpolicy defaultaddrpolicy;
108
109 static void init_policy_queue(void);
110 static int add_addrsel_policyent(struct in6_addrpolicy *);
111 static int delete_addrsel_policyent(struct in6_addrpolicy *);
112 static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
113 void *);
114 static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
115
116
117 /*
118 * Return an IPv6 address, which is the most appropriate for a given
119 * destination and user specified options.
120 * If necessary, this function lookups the routing table and returns
121 * an entry to the caller for later use.
122 */
123 struct in6_addr *
124 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
125 struct ip6_moptions *mopts, struct route_in6 *ro,
126 struct in6_addr *laddr, int *errorp, struct thread *td)
127 {
128 struct sockaddr_in6 jsin6;
129 struct ucred *cred = NULL;
130 struct in6_addr *dst;
131 struct in6_ifaddr *ia6 = NULL;
132 struct in6_pktinfo *pi = NULL;
133 int jailed = 0;
134
135 if (td && td->td_proc && td->td_proc->p_ucred)
136 cred = td->td_proc->p_ucred;
137 if (cred && cred->cr_prison)
138 jailed = 1;
139 jsin6.sin6_family = AF_INET6;
140 dst = &dstsock->sin6_addr;
141 *errorp = 0;
142
143 /*
144 * If the source address is explicitly specified by the caller,
145 * use it.
146 */
147 if (opts && (pi = opts->ip6po_pktinfo) &&
148 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
149 jsin6.sin6_addr = pi->ipi6_addr;
150 if (jailed && !jailed_ip(cred->cr_prison,
151 (struct sockaddr *)&jsin6)) {
152 return(0);
153 } else {
154 return (&pi->ipi6_addr);
155 }
156 }
157
158 /*
159 * If the source address is not specified but the socket(if any)
160 * is already bound, use the bound address.
161 */
162 if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr)) {
163 jsin6.sin6_addr = *laddr;
164 if (jailed && !jailed_ip(cred->cr_prison,
165 (struct sockaddr *)&jsin6)) {
166 return(0);
167 } else {
168 return (laddr);
169 }
170 }
171
172 /*
173 * If the caller doesn't specify the source address but
174 * the outgoing interface, use an address associated with
175 * the interface.
176 */
177 if (pi && pi->ipi6_ifindex) {
178 /* XXX boundary check is assumed to be already done. */
179 ia6 = in6_ifawithscope(ifindex2ifnet[pi->ipi6_ifindex],
180 dst);
181
182 if (ia6 && jailed) {
183 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
184 if (!jailed_ip(cred->cr_prison,
185 (struct sockaddr *)&jsin6))
186 ia6 = NULL;
187 }
188
189 if (ia6 == NULL) {
190 *errorp = EADDRNOTAVAIL;
191 return (0);
192 }
193 return (&satosin6(&ia6->ia_addr)->sin6_addr);
194 }
195
196 /*
197 * If the destination address is a link-local unicast address or
198 * a multicast address, and if the outgoing interface is specified
199 * by the sin6_scope_id filed, use an address associated with the
200 * interface.
201 * XXX: We're now trying to define more specific semantics of
202 * sin6_scope_id field, so this part will be rewritten in
203 * the near future.
204 */
205 if ((IN6_IS_ADDR_LINKLOCAL(dst) || IN6_IS_ADDR_MULTICAST(dst)) &&
206 dstsock->sin6_scope_id) {
207 /*
208 * I'm not sure if boundary check for scope_id is done
209 * somewhere...
210 */
211 if (dstsock->sin6_scope_id < 0 ||
212 if_index < dstsock->sin6_scope_id) {
213 *errorp = ENXIO; /* XXX: better error? */
214 return (0);
215 }
216 ia6 = in6_ifawithscope(ifindex2ifnet[dstsock->sin6_scope_id],
217 dst);
218
219 if (ia6 && jailed) {
220 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
221 if (!jailed_ip(cred->cr_prison,
222 (struct sockaddr *)&jsin6))
223 ia6 = NULL;
224 }
225
226 if (ia6 == NULL) {
227 *errorp = EADDRNOTAVAIL;
228 return (0);
229 }
230 return (&satosin6(&ia6->ia_addr)->sin6_addr);
231 }
232
233 /*
234 * If the destination address is a multicast address and
235 * the outgoing interface for the address is specified
236 * by the caller, use an address associated with the interface.
237 * There is a sanity check here; if the destination has node-local
238 * scope, the outgoing interfacde should be a loopback address.
239 * Even if the outgoing interface is not specified, we also
240 * choose a loopback interface as the outgoing interface.
241 */
242 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) {
243 struct ifnet *ifp = mopts ? mopts->im6o_multicast_ifp : NULL;
244
245 if (ifp == NULL && IN6_IS_ADDR_MC_NODELOCAL(dst)) {
246 ifp = &loif[0];
247 }
248
249 if (ifp) {
250 ia6 = in6_ifawithscope(ifp, dst);
251 if (ia6 == NULL) {
252 *errorp = EADDRNOTAVAIL;
253 return (0);
254 }
255 return (&satosin6(&ia6->ia_addr)->sin6_addr);
256 }
257 }
258
259 /*
260 * If the next hop address for the packet is specified
261 * by caller, use an address associated with the route
262 * to the next hop.
263 */
264 {
265 struct sockaddr_in6 *sin6_next;
266 struct rtentry *rt;
267
268 if (opts && opts->ip6po_nexthop) {
269 sin6_next = satosin6(opts->ip6po_nexthop);
270 rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL);
271 if (rt) {
272 ia6 = in6_ifawithscope(rt->rt_ifp, dst);
273 if (ia6 == NULL)
274 ia6 = ifatoia6(rt->rt_ifa);
275 }
276 if (ia6 && jailed) {
277 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
278 if (!jailed_ip(cred->cr_prison,
279 (struct sockaddr *)&jsin6))
280 ia6 = NULL;
281 }
282
283 if (ia6 == NULL) {
284 *errorp = EADDRNOTAVAIL;
285 return (0);
286 }
287 return (&satosin6(&ia6->ia_addr)->sin6_addr);
288 }
289 }
290
291 /*
292 * If route is known or can be allocated now,
293 * our src addr is taken from the i/f, else punt.
294 */
295 if (ro) {
296 if (ro->ro_rt &&
297 (!(ro->ro_rt->rt_flags & RTF_UP) ||
298 satosin6(&ro->ro_dst)->sin6_family != AF_INET6 ||
299 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
300 dst))) {
301 RTFREE(ro->ro_rt);
302 ro->ro_rt = NULL;
303 }
304 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp == NULL) {
305 struct sockaddr_in6 *sa6;
306
307 /* No route yet, so try to acquire one */
308 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
309 sa6 = &ro->ro_dst;
310 sa6->sin6_family = AF_INET6;
311 sa6->sin6_len = sizeof(struct sockaddr_in6);
312 sa6->sin6_addr = *dst;
313 sa6->sin6_scope_id = dstsock->sin6_scope_id;
314 if (!jailed && IN6_IS_ADDR_MULTICAST(dst)) {
315 ro->ro_rt =
316 rtpurelookup((struct sockaddr *)&ro->ro_dst);
317 } else {
318 rtalloc((struct route *)ro);
319 }
320 }
321
322 /*
323 * in_pcbconnect() checks out IFF_LOOPBACK to skip using
324 * the address. But we don't know why it does so.
325 * It is necessary to ensure the scope even for lo0
326 * so doesn't check out IFF_LOOPBACK.
327 */
328
329 if (ro->ro_rt) {
330 ia6 = in6_ifawithscope(ro->ro_rt->rt_ifa->ifa_ifp, dst);
331 if (ia6 && jailed) {
332 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
333 if (!jailed_ip(cred->cr_prison,
334 (struct sockaddr *)&jsin6))
335 ia6 = NULL;
336 }
337
338 if (ia6 == NULL) /* xxx scope error ?*/
339 ia6 = ifatoia6(ro->ro_rt->rt_ifa);
340
341 if (ia6 && jailed) {
342 jsin6.sin6_addr = (&ia6->ia_addr)->sin6_addr;
343 if (!jailed_ip(cred->cr_prison,
344 (struct sockaddr *)&jsin6))
345 ia6 = NULL;
346 }
347 }
348 #if 0
349 /*
350 * xxx The followings are necessary? (kazu)
351 * I don't think so.
352 * It's for SO_DONTROUTE option in IPv4.(jinmei)
353 */
354 if (ia6 == 0) {
355 struct sockaddr_in6 sin6 = {sizeof(sin6), AF_INET6, 0};
356
357 sin6->sin6_addr = *dst;
358
359 ia6 = ifatoia6(ifa_ifwithdstaddr(sin6tosa(&sin6)));
360 if (ia6 == 0)
361 ia6 = ifatoia6(ifa_ifwithnet(sin6tosa(&sin6)));
362 if (ia6 == 0)
363 return (0);
364 return (&satosin6(&ia6->ia_addr)->sin6_addr);
365 }
366 #endif /* 0 */
367 if (ia6 == NULL) {
368 *errorp = EHOSTUNREACH; /* no route */
369 return (0);
370 }
371 return (&satosin6(&ia6->ia_addr)->sin6_addr);
372 }
373
374 *errorp = EADDRNOTAVAIL;
375 return (0);
376 }
377
378 /*
379 * Default hop limit selection. The precedence is as follows:
380 * 1. Hoplimit value specified via ioctl.
381 * 2. (If the outgoing interface is detected) the current
382 * hop limit of the interface specified by router advertisement.
383 * 3. The system default hoplimit.
384 */
385 int
386 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp)
387 {
388 if (in6p && in6p->in6p_hops >= 0)
389 return (in6p->in6p_hops);
390 else if (ifp)
391 return (ND_IFINFO(ifp)->chlim);
392 else
393 return (ip6_defhlim);
394 }
395
396 /*
397 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
398 * share this function by all *bsd*...
399 */
400 int
401 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct thread *td)
402 {
403 struct socket *so = inp->inp_socket;
404 u_int16_t lport = 0, first, last, *lastport;
405 int count, error = 0, wild = 0;
406 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
407 struct ucred *cred = NULL;
408
409 /* XXX: this is redundant when called from in6_pcbbind */
410 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
411 wild = INPLOOKUP_WILDCARD;
412 if (td->td_proc && td->td_proc->p_ucred)
413 cred = td->td_proc->p_ucred;
414
415 inp->inp_flags |= INP_ANONPORT;
416
417 if (inp->inp_flags & INP_HIGHPORT) {
418 first = ipport_hifirstauto; /* sysctl */
419 last = ipport_hilastauto;
420 lastport = &pcbinfo->lasthi;
421 } else if (inp->inp_flags & INP_LOWPORT) {
422 if ((error = priv_check(td, PRIV_ROOT)) != 0)
423 return error;
424 first = ipport_lowfirstauto; /* 1023 */
425 last = ipport_lowlastauto; /* 600 */
426 lastport = &pcbinfo->lastlow;
427 } else {
428 first = ipport_firstauto; /* sysctl */
429 last = ipport_lastauto;
430 lastport = &pcbinfo->lastport;
431 }
432 /*
433 * Simple check to ensure all ports are not used up causing
434 * a deadlock here.
435 *
436 * We split the two cases (up and down) so that the direction
437 * is not being tested on each round of the loop.
438 */
439 if (first > last) {
440 /*
441 * counting down
442 */
443 count = first - last;
444
445 do {
446 if (count-- < 0) { /* completely used? */
447 /*
448 * Undo any address bind that may have
449 * occurred above.
450 */
451 inp->in6p_laddr = kin6addr_any;
452 return (EAGAIN);
453 }
454 --*lastport;
455 if (*lastport > first || *lastport < last)
456 *lastport = first;
457 lport = htons(*lastport);
458 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr,
459 lport, wild, cred));
460 } else {
461 /*
462 * counting up
463 */
464 count = last - first;
465
466 do {
467 if (count-- < 0) { /* completely used? */
468 /*
469 * Undo any address bind that may have
470 * occurred above.
471 */
472 inp->in6p_laddr = kin6addr_any;
473 return (EAGAIN);
474 }
475 ++*lastport;
476 if (*lastport < first || *lastport > last)
477 *lastport = first;
478 lport = htons(*lastport);
479 } while (in6_pcblookup_local(pcbinfo, &inp->in6p_laddr,
480 lport, wild, cred));
481 }
482
483 inp->inp_lport = lport;
484 if (in_pcbinsporthash(inp) != 0) {
485 inp->in6p_laddr = kin6addr_any;
486 inp->inp_lport = 0;
487 return (EAGAIN);
488 }
489
490 return (0);
491 }
492
493 /*
494 * generate kernel-internal form (scopeid embedded into s6_addr16[1]).
495 * If the address scope of is link-local, embed the interface index in the
496 * address. The routine determines our precedence
497 * between advanced API scope/interface specification and basic API
498 * specification.
499 *
500 * this function should be nuked in the future, when we get rid of
501 * embedded scopeid thing.
502 *
503 * XXX actually, it is over-specification to return ifp against sin6_scope_id.
504 * there can be multiple interfaces that belong to a particular scope zone
505 * (in specification, we have 1:N mapping between a scope zone and interfaces).
506 * we may want to change the function to return something other than ifp.
507 */
508 int
509 in6_embedscope(struct in6_addr *in6,
510 const struct sockaddr_in6 *sin6,
511 #ifdef HAVE_NRL_INPCB
512 struct inpcb *in6p,
513 #define in6p_outputopts inp_outputopts6
514 #define in6p_moptions inp_moptions6
515 #else
516 struct in6pcb *in6p,
517 #endif
518 struct ifnet **ifpp)
519 {
520 struct ifnet *ifp = NULL;
521 u_int32_t scopeid;
522
523 *in6 = sin6->sin6_addr;
524 scopeid = sin6->sin6_scope_id;
525 if (ifpp)
526 *ifpp = NULL;
527
528 /*
529 * don't try to read sin6->sin6_addr beyond here, since the caller may
530 * ask us to overwrite existing sockaddr_in6
531 */
532
533 #ifdef ENABLE_DEFAULT_SCOPE
534 if (scopeid == 0)
535 scopeid = scope6_addr2default(in6);
536 #endif
537
538 if (IN6_IS_SCOPE_LINKLOCAL(in6)) {
539 struct in6_pktinfo *pi;
540
541 /*
542 * KAME assumption: link id == interface id
543 */
544
545 if (in6p && in6p->in6p_outputopts &&
546 (pi = in6p->in6p_outputopts->ip6po_pktinfo) &&
547 pi->ipi6_ifindex) {
548 ifp = ifindex2ifnet[pi->ipi6_ifindex];
549 in6->s6_addr16[1] = htons(pi->ipi6_ifindex);
550 } else if (in6p && IN6_IS_ADDR_MULTICAST(in6) &&
551 in6p->in6p_moptions &&
552 in6p->in6p_moptions->im6o_multicast_ifp) {
553 ifp = in6p->in6p_moptions->im6o_multicast_ifp;
554 in6->s6_addr16[1] = htons(ifp->if_index);
555 } else if (scopeid) {
556 /* boundary check */
557 if (scopeid < 0 || if_index < scopeid)
558 return ENXIO; /* XXX EINVAL? */
559 ifp = ifindex2ifnet[scopeid];
560 /*XXX assignment to 16bit from 32bit variable */
561 in6->s6_addr16[1] = htons(scopeid & 0xffff);
562 }
563
564 if (ifpp)
565 *ifpp = ifp;
566 }
567
568 return 0;
569 }
570 #ifdef HAVE_NRL_INPCB
571 #undef in6p_outputopts
572 #undef in6p_moptions
573 #endif
574
575 /*
576 * generate standard sockaddr_in6 from embedded form.
577 * touches sin6_addr and sin6_scope_id only.
578 *
579 * this function should be nuked in the future, when we get rid of
580 * embedded scopeid thing.
581 */
582 int
583 in6_recoverscope(struct sockaddr_in6 *sin6, const struct in6_addr *in6,
584 struct ifnet *ifp)
585 {
586 u_int32_t scopeid;
587
588 sin6->sin6_addr = *in6;
589
590 /*
591 * don't try to read *in6 beyond here, since the caller may
592 * ask us to overwrite existing sockaddr_in6
593 */
594
595 sin6->sin6_scope_id = 0;
596 if (IN6_IS_SCOPE_LINKLOCAL(in6)) {
597 /*
598 * KAME assumption: link id == interface id
599 */
600 scopeid = ntohs(sin6->sin6_addr.s6_addr16[1]);
601 if (scopeid) {
602 /* sanity check */
603 if (scopeid < 0 || if_index < scopeid)
604 return ENXIO;
605 if (ifp && ifp->if_index != scopeid)
606 return ENXIO;
607 sin6->sin6_addr.s6_addr16[1] = 0;
608 sin6->sin6_scope_id = scopeid;
609 }
610 }
611
612 return 0;
613 }
614
615 /*
616 * just clear the embedded scope identifer.
617 * XXX: currently used for bsdi4 only as a supplement function.
618 */
619 void
620 in6_clearscope(struct in6_addr *addr)
621 {
622 if (IN6_IS_SCOPE_LINKLOCAL(addr))
623 addr->s6_addr16[1] = 0;
624 }
625
626 void
627 addrsel_policy_init(void)
628 {
629
630 init_policy_queue();
631
632 /* initialize the "last resort" policy */
633 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy));
634 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
635 }
636
637 /*
638 * Subroutines to manage the address selection policy table via sysctl.
639 */
640 struct walkarg {
641 struct sysctl_req *w_req;
642 };
643
644 static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
645 SYSCTL_DECL(_net_inet6_ip6);
646 SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
647 CTLFLAG_RD, in6_src_sysctl, "Address selection policy");
648
649 static int
650 in6_src_sysctl(SYSCTL_HANDLER_ARGS)
651 {
652 struct walkarg w;
653
654 if (req->newptr)
655 return EPERM;
656
657 bzero(&w, sizeof(w));
658 w.w_req = req;
659
660 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
661 }
662
663 int
664 in6_src_ioctl(u_long cmd, caddr_t data)
665 {
666 int i;
667 struct in6_addrpolicy ent0;
668
669 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
670 return (EOPNOTSUPP); /* check for safety */
671
672 ent0 = *(struct in6_addrpolicy *)data;
673
674 if (ent0.label == ADDR_LABEL_NOTAPP)
675 return (EINVAL);
676 /* check if the prefix mask is consecutive. */
677 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
678 return (EINVAL);
679 /* clear trailing garbages (if any) of the prefix address. */
680 for (i = 0; i < 4; i++) {
681 ent0.addr.sin6_addr.s6_addr32[i] &=
682 ent0.addrmask.sin6_addr.s6_addr32[i];
683 }
684 ent0.use = 0;
685
686 switch (cmd) {
687 case SIOCAADDRCTL_POLICY:
688 return (add_addrsel_policyent(&ent0));
689 case SIOCDADDRCTL_POLICY:
690 return (delete_addrsel_policyent(&ent0));
691 }
692
693 return (0); /* XXX: compromise compilers */
694 }
695
696 /*
697 * The followings are implementation of the policy table using a
698 * simple tail queue.
699 * XXX such details should be hidden.
700 * XXX implementation using binary tree should be more efficient.
701 */
702 struct addrsel_policyent {
703 TAILQ_ENTRY(addrsel_policyent) ape_entry;
704 struct in6_addrpolicy ape_policy;
705 };
706
707 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
708
709 struct addrsel_policyhead addrsel_policytab;
710
711 static void
712 init_policy_queue(void)
713 {
714 TAILQ_INIT(&addrsel_policytab);
715 }
716
717 static int
718 add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
719 {
720 struct addrsel_policyent *new, *pol;
721
722 /* duplication check */
723 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
724 pol = TAILQ_NEXT(pol, ape_entry)) {
725 if (SA6_ARE_ADDR_EQUAL(&newpolicy->addr,
726 &pol->ape_policy.addr) &&
727 SA6_ARE_ADDR_EQUAL(&newpolicy->addrmask,
728 &pol->ape_policy.addrmask)) {
729 return (EEXIST); /* or override it? */
730 }
731 }
732
733 new = kmalloc(sizeof(*new), M_IFADDR, M_WAITOK | M_ZERO);
734
735 /* XXX: should validate entry */
736 new->ape_policy = *newpolicy;
737
738 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry);
739
740 return (0);
741 }
742
743 static int
744 delete_addrsel_policyent(struct in6_addrpolicy *key)
745 {
746 struct addrsel_policyent *pol;
747
748 /* search for the entry in the table */
749 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
750 pol = TAILQ_NEXT(pol, ape_entry)) {
751 if (SA6_ARE_ADDR_EQUAL(&key->addr, &pol->ape_policy.addr) &&
752 SA6_ARE_ADDR_EQUAL(&key->addrmask,
753 &pol->ape_policy.addrmask)) {
754 break;
755 }
756 }
757 if (pol == NULL)
758 return (ESRCH);
759
760 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry);
761 kfree(pol, M_IFADDR);
762
763 return (0);
764 }
765
766 static int
767 walk_addrsel_policy(int(*callback)(struct in6_addrpolicy *, void *), void *w)
768 {
769 struct addrsel_policyent *pol;
770 int error = 0;
771
772 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
773 pol = TAILQ_NEXT(pol, ape_entry)) {
774 if ((error = (*callback)(&pol->ape_policy, w)) != 0)
775 return (error);
776 }
777
778 return (error);
779 }
780
781 static int
782 dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
783 {
784 int error = 0;
785 struct walkarg *w = arg;
786
787 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
788
789 return (error);
790 }
DragonFly BSD