FreeBSD kernel IPv6 code
in6_src.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $KAME: in6_src.c,v 1.132 2003/08/26 04:42:27 keiichi Exp $
32 */
33
34/*-
35 * Copyright (c) 1982, 1986, 1991, 1993
36 * The Regents of the University of California. All rights reserved.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. Neither the name of the University nor the names of its contributors
47 * may be used to endorse or promote products derived from this software
48 * without specific prior written permission.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 *
62 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
63 */
64
65#include <sys/cdefs.h>
66__FBSDID("$FreeBSD$");
67
68#include "opt_inet.h"
69#include "opt_inet6.h"
70#include <sys/param.h>
71#include <sys/systm.h>
72#include <sys/lock.h>
73#include <sys/malloc.h>
74#include <sys/mbuf.h>
75#include <sys/priv.h>
76#include <sys/protosw.h>
77#include <sys/socket.h>
78#include <sys/socketvar.h>
79#include <sys/sockio.h>
80#include <sys/sysctl.h>
81#include <sys/errno.h>
82#include <sys/time.h>
83#include <sys/jail.h>
84#include <sys/kernel.h>
85#include <sys/rmlock.h>
86#include <sys/sx.h>
87
88#include <net/if.h>
89#include <net/if_var.h>
90#include <net/if_dl.h>
91#include <net/route.h>
92#include <net/route/nhop.h>
93#include <net/if_llatbl.h>
94
95#include <netinet/in.h>
96#include <netinet/in_var.h>
97#include <netinet/in_systm.h>
98#include <netinet/ip.h>
99#include <netinet/in_pcb.h>
100#include <netinet/ip_var.h>
101#include <netinet/udp.h>
102#include <netinet/udp_var.h>
103
104#include <netinet6/in6_var.h>
105#include <netinet/ip6.h>
106#include <netinet6/in6_fib.h>
107#include <netinet6/in6_pcb.h>
108#include <netinet6/ip6_var.h>
109#include <netinet6/scope6_var.h>
110#include <netinet6/nd6.h>
111
112static struct mtx addrsel_lock;
113#define ADDRSEL_LOCK_INIT() mtx_init(&addrsel_lock, "addrsel_lock", NULL, MTX_DEF)
114#define ADDRSEL_LOCK() mtx_lock(&addrsel_lock)
115#define ADDRSEL_UNLOCK() mtx_unlock(&addrsel_lock)
116#define ADDRSEL_LOCK_ASSERT() mtx_assert(&addrsel_lock, MA_OWNED)
117
118static struct sx addrsel_sxlock;
119#define ADDRSEL_SXLOCK_INIT() sx_init(&addrsel_sxlock, "addrsel_sxlock")
120#define ADDRSEL_SLOCK() sx_slock(&addrsel_sxlock)
121#define ADDRSEL_SUNLOCK() sx_sunlock(&addrsel_sxlock)
122#define ADDRSEL_XLOCK() sx_xlock(&addrsel_sxlock)
123#define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock)
124
125#define ADDR_LABEL_NOTAPP (-1)
126VNET_DEFINE_STATIC(struct in6_addrpolicy, defaultaddrpolicy);
127#define V_defaultaddrpolicy VNET(defaultaddrpolicy)
128
129VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
130
131static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
132 struct ip6_moptions *, struct route_in6 *, struct ifnet **,
133 struct nhop_object **, int, u_int, uint32_t);
134static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *,
135 struct ip6_moptions *, struct ifnet **,
136 struct ifnet *, u_int);
137static int in6_selectsrc(uint32_t, struct sockaddr_in6 *,
138 struct ip6_pktopts *, struct inpcb *, struct ucred *,
139 struct ifnet **, struct in6_addr *);
140
141static struct in6_addrpolicy *lookup_addrsel_policy(struct sockaddr_in6 *);
142
143static void init_policy_queue(void);
144static int add_addrsel_policyent(struct in6_addrpolicy *);
145static int delete_addrsel_policyent(struct in6_addrpolicy *);
146static int walk_addrsel_policy(int (*)(struct in6_addrpolicy *, void *),
147 void *);
148static int dump_addrsel_policyent(struct in6_addrpolicy *, void *);
149static struct in6_addrpolicy *match_addrsel_policy(struct sockaddr_in6 *);
150
151/*
152 * Return an IPv6 address, which is the most appropriate for a given
153 * destination and user specified options.
154 * If necessary, this function lookups the routing table and returns
155 * an entry to the caller for later use.
156 */
157#define REPLACE(r) do {\
158 IP6STAT_INC(ip6s_sources_rule[(r)]); \
159 /* { \
160 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
161 printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
162 } */ \
163 goto replace; \
164} while(0)
165#define NEXT(r) do {\
166 /* { \
167 char ip6buf[INET6_ADDRSTRLEN], ip6b[INET6_ADDRSTRLEN]; \
168 printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(ip6buf, &ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(ip6b, &ia->ia_addr.sin6_addr), (r)); \
169 } */ \
170 goto next; /* XXX: we can't use 'continue' here */ \
171} while(0)
172#define BREAK(r) do { \
173 IP6STAT_INC(ip6s_sources_rule[(r)]); \
174 goto out; /* XXX: we can't use 'break' here */ \
175} while(0)
176
177static int
178in6_selectsrc(uint32_t fibnum, struct sockaddr_in6 *dstsock,
179 struct ip6_pktopts *opts, struct inpcb *inp, struct ucred *cred,
180 struct ifnet **ifpp, struct in6_addr *srcp)
181{
182 struct rm_priotracker in6_ifa_tracker;
183 struct in6_addr dst, tmp;
184 struct ifnet *ifp = NULL, *oifp = NULL;
185 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
186 struct in6_pktinfo *pi = NULL;
187 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
188 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
189 u_int32_t odstzone;
190 int prefer_tempaddr;
191 int error;
192 struct ip6_moptions *mopts;
193
194 NET_EPOCH_ASSERT();
195 KASSERT(srcp != NULL, ("%s: srcp is NULL", __func__));
196
197 dst = dstsock->sin6_addr; /* make a copy for local operation */
198 if (ifpp) {
199 /*
200 * Save a possibly passed in ifp for in6_selectsrc. Only
201 * neighbor discovery code should use this feature, where
202 * we may know the interface but not the FIB number holding
203 * the connected subnet in case someone deleted it from the
204 * default FIB and we need to check the interface.
205 */
206 if (*ifpp != NULL)
207 oifp = *ifpp;
208 *ifpp = NULL;
209 }
210
211 if (inp != NULL) {
212 INP_LOCK_ASSERT(inp);
213 mopts = inp->in6p_moptions;
214 } else {
215 mopts = NULL;
216 }
217
218 /*
219 * If the source address is explicitly specified by the caller,
220 * check if the requested source address is indeed a unicast address
221 * assigned to the node, and can be used as the packet's source
222 * address. If everything is okay, use the address as source.
223 */
224 if (opts && (pi = opts->ip6po_pktinfo) &&
225 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
226 /* get the outgoing interface */
227 if ((error = in6_selectif(dstsock, opts, mopts, &ifp, oifp,
228 fibnum))
229 != 0)
230 return (error);
231
232 /*
233 * determine the appropriate zone id of the source based on
234 * the zone of the destination and the outgoing interface.
235 * If the specified address is ambiguous wrt the scope zone,
236 * the interface must be specified; otherwise, ifa_ifwithaddr()
237 * will fail matching the address.
238 */
239 tmp = pi->ipi6_addr;
240 if (ifp) {
241 error = in6_setscope(&tmp, ifp, &odstzone);
242 if (error)
243 return (error);
244 }
245 if (cred != NULL && (error = prison_local_ip6(cred,
246 &tmp, (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0)
247 return (error);
248
249 /*
250 * If IPV6_BINDANY socket option is set, we allow to specify
251 * non local addresses as source address in IPV6_PKTINFO
252 * ancillary data.
253 */
254 if ((inp->inp_flags & INP_BINDANY) == 0) {
255 ia = in6ifa_ifwithaddr(&tmp, 0 /* XXX */, false);
256 if (ia == NULL || (ia->ia6_flags & (IN6_IFF_ANYCAST |
257 IN6_IFF_NOTREADY)))
258 return (EADDRNOTAVAIL);
259 bcopy(&ia->ia_addr.sin6_addr, srcp, sizeof(*srcp));
260 } else
261 bcopy(&tmp, srcp, sizeof(*srcp));
262 pi->ipi6_addr = tmp; /* XXX: this overrides pi */
263 if (ifpp)
264 *ifpp = ifp;
265 return (0);
266 }
267
268 /*
269 * Otherwise, if the socket has already bound the source, just use it.
270 */
271 if (inp != NULL && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
272 if (cred != NULL &&
273 (error = prison_local_ip6(cred, &inp->in6p_laddr,
274 ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
275 return (error);
276 bcopy(&inp->in6p_laddr, srcp, sizeof(*srcp));
277 return (0);
278 }
279
280 /*
281 * Bypass source address selection and use the primary jail IP
282 * if requested.
283 */
284 if (cred != NULL && !prison_saddrsel_ip6(cred, srcp))
285 return (0);
286
287 /*
288 * If the address is not specified, choose the best one based on
289 * the outgoing interface and the destination address.
290 */
291 /* get the outgoing interface */
292 if ((error = in6_selectif(dstsock, opts, mopts, &ifp, oifp,
293 (inp != NULL) ? inp->inp_inc.inc_fibnum : fibnum)) != 0)
294 return (error);
295
296#ifdef DIAGNOSTIC
297 if (ifp == NULL) /* this should not happen */
298 panic("in6_selectsrc: NULL ifp");
299#endif
300 error = in6_setscope(&dst, ifp, &odstzone);
301 if (error)
302 return (error);
303
304 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
305 CK_STAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
306 int new_scope = -1, new_matchlen = -1;
307 struct in6_addrpolicy *new_policy = NULL;
308 u_int32_t srczone, osrczone, dstzone;
309 struct in6_addr src;
310 struct ifnet *ifp1 = ia->ia_ifp;
311
312 /*
313 * We'll never take an address that breaks the scope zone
314 * of the destination. We also skip an address if its zone
315 * does not contain the outgoing interface.
316 * XXX: we should probably use sin6_scope_id here.
317 */
318 if (in6_setscope(&dst, ifp1, &dstzone) ||
319 odstzone != dstzone) {
320 continue;
321 }
322 src = ia->ia_addr.sin6_addr;
323 if (in6_setscope(&src, ifp, &osrczone) ||
324 in6_setscope(&src, ifp1, &srczone) ||
325 osrczone != srczone) {
326 continue;
327 }
328
329 /* avoid unusable addresses */
330 if ((ia->ia6_flags &
331 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
332 continue;
333 }
334 if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
335 continue;
336
337 /* If jailed only take addresses of the jail into account. */
338 if (cred != NULL &&
339 prison_check_ip6(cred, &ia->ia_addr.sin6_addr) != 0)
340 continue;
341
342 /* Rule 1: Prefer same address */
343 if (IN6_ARE_ADDR_EQUAL(&dst, &ia->ia_addr.sin6_addr)) {
344 ia_best = ia;
345 BREAK(1); /* there should be no better candidate */
346 }
347
348 if (ia_best == NULL)
349 REPLACE(0);
350
351 /* Rule 2: Prefer appropriate scope */
352 if (dst_scope < 0)
353 dst_scope = in6_addrscope(&dst);
354 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
355 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
356 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
357 REPLACE(2);
358 NEXT(2);
359 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
360 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
361 NEXT(2);
362 REPLACE(2);
363 }
364
365 /*
366 * Rule 3: Avoid deprecated addresses. Note that the case of
367 * !ip6_use_deprecated is already rejected above.
368 */
369 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
370 NEXT(3);
371 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
372 REPLACE(3);
373
374 /* Rule 4: Prefer home addresses */
375 /*
376 * XXX: This is a TODO. We should probably merge the MIP6
377 * case above.
378 */
379
380 /* Rule 5: Prefer outgoing interface */
381 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
382 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
383 NEXT(5);
384 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
385 REPLACE(5);
386 }
387
388 /*
389 * Rule 6: Prefer matching label
390 * Note that best_policy should be non-NULL here.
391 */
392 if (dst_policy == NULL)
393 dst_policy = lookup_addrsel_policy(dstsock);
394 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
395 new_policy = lookup_addrsel_policy(&ia->ia_addr);
396 if (dst_policy->label == best_policy->label &&
397 dst_policy->label != new_policy->label)
398 NEXT(6);
399 if (dst_policy->label != best_policy->label &&
400 dst_policy->label == new_policy->label)
401 REPLACE(6);
402 }
403
404 /*
405 * Rule 7: Prefer public addresses.
406 * We allow users to reverse the logic by configuring
407 * a sysctl variable, so that privacy conscious users can
408 * always prefer temporary addresses.
409 */
410 if (opts == NULL ||
411 opts->ip6po_prefer_tempaddr == IP6PO_TEMPADDR_SYSTEM) {
412 prefer_tempaddr = V_ip6_prefer_tempaddr;
413 } else if (opts->ip6po_prefer_tempaddr ==
414 IP6PO_TEMPADDR_NOTPREFER) {
415 prefer_tempaddr = 0;
416 } else
417 prefer_tempaddr = 1;
418 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
419 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
420 if (prefer_tempaddr)
421 REPLACE(7);
422 else
423 NEXT(7);
424 }
425 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
426 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
427 if (prefer_tempaddr)
428 NEXT(7);
429 else
430 REPLACE(7);
431 }
432
433 /*
434 * Rule 8: prefer addresses on alive interfaces.
435 * This is a KAME specific rule.
436 */
437 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
438 !(ia->ia_ifp->if_flags & IFF_UP))
439 NEXT(8);
440 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
441 (ia->ia_ifp->if_flags & IFF_UP))
442 REPLACE(8);
443
444 /*
445 * Rule 9: prefer address with better virtual status.
446 */
447 if (ifa_preferred(&ia_best->ia_ifa, &ia->ia_ifa))
448 REPLACE(9);
449 if (ifa_preferred(&ia->ia_ifa, &ia_best->ia_ifa))
450 NEXT(9);
451
452 /*
453 * Rule 10: prefer address with `prefer_source' flag.
454 */
455 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0 &&
456 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0)
457 REPLACE(10);
458 if ((ia_best->ia6_flags & IN6_IFF_PREFER_SOURCE) != 0 &&
459 (ia->ia6_flags & IN6_IFF_PREFER_SOURCE) == 0)
460 NEXT(10);
461
462 /*
463 * Rule 14: Use longest matching prefix.
464 * Note: in the address selection draft, this rule is
465 * documented as "Rule 8". However, since it is also
466 * documented that this rule can be overridden, we assign
467 * a large number so that it is easy to assign smaller numbers
468 * to more preferred rules.
469 */
470 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, &dst);
471 if (best_matchlen < new_matchlen)
472 REPLACE(14);
473 if (new_matchlen < best_matchlen)
474 NEXT(14);
475
476 /* Rule 15 is reserved. */
477
478 /*
479 * Last resort: just keep the current candidate.
480 * Or, do we need more rules?
481 */
482 continue;
483
484 replace:
485 ia_best = ia;
486 best_scope = (new_scope >= 0 ? new_scope :
487 in6_addrscope(&ia_best->ia_addr.sin6_addr));
488 best_policy = (new_policy ? new_policy :
489 lookup_addrsel_policy(&ia_best->ia_addr));
490 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
491 in6_matchlen(&ia_best->ia_addr.sin6_addr,
492 &dst));
493
494 next:
495 continue;
496
497 out:
498 break;
499 }
500
501 if ((ia = ia_best) == NULL) {
502 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
503 IP6STAT_INC(ip6s_sources_none);
504 return (EADDRNOTAVAIL);
505 }
506
507 /*
508 * At this point at least one of the addresses belonged to the jail
509 * but it could still be, that we want to further restrict it, e.g.
510 * theoratically IN6_IS_ADDR_LOOPBACK.
511 * It must not be IN6_IS_ADDR_UNSPECIFIED anymore.
512 * prison_local_ip6() will fix an IN6_IS_ADDR_LOOPBACK but should
513 * let all others previously selected pass.
514 * Use tmp to not change ::1 on lo0 to the primary jail address.
515 */
516 tmp = ia->ia_addr.sin6_addr;
517 if (cred != NULL && prison_local_ip6(cred, &tmp, (inp != NULL &&
518 (inp->inp_flags & IN6P_IPV6_V6ONLY) != 0)) != 0) {
519 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
520 IP6STAT_INC(ip6s_sources_none);
521 return (EADDRNOTAVAIL);
522 }
523
524 if (ifpp)
525 *ifpp = ifp;
526
527 bcopy(&tmp, srcp, sizeof(*srcp));
528 if (ia->ia_ifp == ifp)
529 IP6STAT_INC(ip6s_sources_sameif[best_scope]);
530 else
531 IP6STAT_INC(ip6s_sources_otherif[best_scope]);
532 if (dst_scope == best_scope)
533 IP6STAT_INC(ip6s_sources_samescope[best_scope]);
534 else
535 IP6STAT_INC(ip6s_sources_otherscope[best_scope]);
536 if (IFA6_IS_DEPRECATED(ia))
537 IP6STAT_INC(ip6s_sources_deprecated[best_scope]);
538 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
539 return (0);
540}
541
542/*
543 * Select source address based on @inp, @dstsock and @opts.
544 * Stores selected address to @srcp. If @scope_ambiguous is set,
545 * embed scope from selected outgoing interface. If @hlim pointer
546 * is provided, stores calculated hop limit there.
547 * Returns 0 on success.
548 */
549int
550in6_selectsrc_socket(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
551 struct inpcb *inp, struct ucred *cred, int scope_ambiguous,
552 struct in6_addr *srcp, int *hlim)
553{
554 struct ifnet *retifp;
555 uint32_t fibnum;
556 int error;
557
558 fibnum = inp->inp_inc.inc_fibnum;
559 retifp = NULL;
560
561 error = in6_selectsrc(fibnum, dstsock, opts, inp, cred, &retifp, srcp);
562 if (error != 0)
563 return (error);
564
565 if (hlim != NULL)
566 *hlim = in6_selecthlim(inp, retifp);
567
568 if (retifp == NULL || scope_ambiguous == 0)
569 return (0);
570
571 /*
572 * Application should provide a proper zone ID or the use of
573 * default zone IDs should be enabled. Unfortunately, some
574 * applications do not behave as it should, so we need a
575 * workaround. Even if an appropriate ID is not determined
576 * (when it's required), if we can determine the outgoing
577 * interface. determine the zone ID based on the interface.
578 */
579 error = in6_setscope(&dstsock->sin6_addr, retifp, NULL);
580
581 return (error);
582}
583
584/*
585 * Select source address based on @fibnum, @dst and @scopeid.
586 * Stores selected address to @srcp.
587 * Returns 0 on success.
588 *
589 * Used by non-socket based consumers (ND code mostly)
590 */
591int
592in6_selectsrc_addr(uint32_t fibnum, const struct in6_addr *dst,
593 uint32_t scopeid, struct ifnet *ifp, struct in6_addr *srcp,
594 int *hlim)
595{
596 struct ifnet *retifp;
597 struct sockaddr_in6 dst_sa;
598 int error;
599
600 retifp = ifp;
601 bzero(&dst_sa, sizeof(dst_sa));
602 dst_sa.sin6_family = AF_INET6;
603 dst_sa.sin6_len = sizeof(dst_sa);
604 dst_sa.sin6_addr = *dst;
605 dst_sa.sin6_scope_id = scopeid;
606 sa6_embedscope(&dst_sa, 0);
607
608 error = in6_selectsrc(fibnum, &dst_sa, NULL, NULL, NULL, &retifp, srcp);
609 if (hlim != NULL)
610 *hlim = in6_selecthlim(NULL, retifp);
611
612 return (error);
613}
614
615/*
616 * clone - meaningful only for bsdi and freebsd
617 */
618static int
619selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
620 struct ip6_moptions *mopts, struct route_in6 *ro,
621 struct ifnet **retifp, struct nhop_object **retnh, int norouteok,
622 u_int fibnum, uint32_t flowid)
623{
624 int error = 0;
625 struct ifnet *ifp = NULL;
626 struct nhop_object *nh = NULL;
627 struct sockaddr_in6 *sin6_next;
628 struct in6_pktinfo *pi = NULL;
629 struct in6_addr *dst = &dstsock->sin6_addr;
630 uint32_t zoneid;
631#if 0
632 char ip6buf[INET6_ADDRSTRLEN];
633
634 if (dstsock->sin6_addr.s6_addr32[0] == 0 &&
635 dstsock->sin6_addr.s6_addr32[1] == 0 &&
636 !IN6_IS_ADDR_LOOPBACK(&dstsock->sin6_addr)) {
637 printf("%s: strange destination %s\n", __func__,
638 ip6_sprintf(ip6buf, &dstsock->sin6_addr));
639 } else {
640 printf("%s: destination = %s%%%d\n", __func__,
641 ip6_sprintf(ip6buf, &dstsock->sin6_addr),
642 dstsock->sin6_scope_id); /* for debug */
643 }
644#endif
645
646 /* If the caller specify the outgoing interface explicitly, use it. */
647 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
648 /* XXX boundary check is assumed to be already done. */
649 ifp = ifnet_byindex(pi->ipi6_ifindex);
650 if (ifp != NULL &&
651 (norouteok || retnh == NULL ||
652 IN6_IS_ADDR_MULTICAST(dst))) {
653 /*
654 * we do not have to check or get the route for
655 * multicast.
656 */
657 goto done;
658 } else
659 goto getroute;
660 }
661 /*
662 * If the destination address is a multicast address and the outgoing
663 * interface for the address is specified by the caller, use it.
664 */
665 if (IN6_IS_ADDR_MULTICAST(dst) &&
666 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
667 goto done; /* we do not need a route for multicast. */
668 }
669 /*
670 * If destination address is LLA or link- or node-local multicast,
671 * use it's embedded scope zone id to determine outgoing interface.
672 */
673 if (IN6_IS_ADDR_MC_LINKLOCAL(dst) ||
674 IN6_IS_ADDR_MC_NODELOCAL(dst)) {
675 zoneid = ntohs(in6_getscope(dst));
676 if (zoneid > 0) {
677 ifp = in6_getlinkifnet(zoneid);
678 goto done;
679 }
680 }
681
682 getroute:
683 /*
684 * If the next hop address for the packet is specified by the caller,
685 * use it as the gateway.
686 */
687 if (opts && opts->ip6po_nexthop) {
688 struct route_in6 *ron;
689
690 sin6_next = satosin6(opts->ip6po_nexthop);
691 if (IN6_IS_ADDR_LINKLOCAL(&sin6_next->sin6_addr)) {
692 /*
693 * Next hop is LLA, thus it should be neighbor.
694 * Determine outgoing interface by zone index.
695 */
696 zoneid = ntohs(in6_getscope(&sin6_next->sin6_addr));
697 if (zoneid > 0) {
698 ifp = in6_getlinkifnet(zoneid);
699 goto done;
700 }
701 }
702 ron = &opts->ip6po_nextroute;
703 /* Use a cached route if it exists and is valid. */
704 if (ron->ro_nh != NULL && (
705 !NH_IS_VALID(ron->ro_nh) ||
706 ron->ro_dst.sin6_family != AF_INET6 ||
707 !IN6_ARE_ADDR_EQUAL(&ron->ro_dst.sin6_addr,
708 &sin6_next->sin6_addr)))
709 RO_NHFREE(ron);
710 if (ron->ro_nh == NULL) {
711 ron->ro_dst = *sin6_next;
712 /*
713 * sin6_next is not link-local OR scopeid is 0,
714 * no need to clear scope
715 */
716 ron->ro_nh = fib6_lookup(fibnum,
717 &sin6_next->sin6_addr, 0, NHR_REF, flowid);
718 }
719 /*
720 * The node identified by that address must be a
721 * neighbor of the sending host.
722 */
723 if (ron->ro_nh == NULL ||
724 (ron->ro_nh->nh_flags & NHF_GATEWAY) != 0)
725 error = EHOSTUNREACH;
726 else {
727 nh = ron->ro_nh;
728 ifp = nh->nh_ifp;
729 }
730 goto done;
731 }
732
733 /*
734 * Use a cached route if it exists and is valid, else try to allocate
735 * a new one. Note that we should check the address family of the
736 * cached destination, in case of sharing the cache with IPv4.
737 */
738 if (ro) {
739 if (ro->ro_nh &&
740 (!NH_IS_VALID(ro->ro_nh) ||
741 ((struct sockaddr *)(&ro->ro_dst))->sa_family != AF_INET6 ||
742 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
743 dst))) {
744 RO_NHFREE(ro);
745 }
746 if (ro->ro_nh == (struct nhop_object *)NULL) {
747 struct sockaddr_in6 *sa6;
748
749 /* No route yet, so try to acquire one */
750 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
751 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
752 *sa6 = *dstsock;
753 sa6->sin6_scope_id = 0;
754
755 /*
756 * Currently dst has scopeid embedded iff it is LL.
757 * New routing API accepts scopeid as a separate argument.
758 * Convert dst before/after doing lookup
759 */
760 uint32_t scopeid = 0;
761 if (IN6_IS_SCOPE_LINKLOCAL(&sa6->sin6_addr)) {
762 /* Unwrap in6_getscope() and in6_clearscope() */
763 scopeid = ntohs(sa6->sin6_addr.s6_addr16[1]);
764 sa6->sin6_addr.s6_addr16[1] = 0;
765 }
766
767 ro->ro_nh = fib6_lookup(fibnum,
768 &sa6->sin6_addr, scopeid, NHR_REF, flowid);
769
770 if (IN6_IS_SCOPE_LINKLOCAL(&sa6->sin6_addr))
771 sa6->sin6_addr.s6_addr16[1] = htons(scopeid);
772 }
773
774 /*
775 * do not care about the result if we have the nexthop
776 * explicitly specified.
777 */
778 if (opts && opts->ip6po_nexthop)
779 goto done;
780
781 if (ro->ro_nh)
782 ifp = ro->ro_nh->nh_ifp;
783 else
784 error = EHOSTUNREACH;
785 nh = ro->ro_nh;
786
787 /*
788 * Check if the outgoing interface conflicts with
789 * the interface specified by ipi6_ifindex (if specified).
790 * Note that loopback interface is always okay.
791 * (this may happen when we are sending a packet to one of
792 * our own addresses.)
793 */
794 if (ifp && opts && opts->ip6po_pktinfo &&
795 opts->ip6po_pktinfo->ipi6_ifindex) {
796 if (!(ifp->if_flags & IFF_LOOPBACK) &&
797 ifp->if_index !=
798 opts->ip6po_pktinfo->ipi6_ifindex) {
799 error = EHOSTUNREACH;
800 goto done;
801 }
802 }
803 }
804
805 done:
806 if (ifp == NULL && nh == NULL) {
807 /*
808 * This can happen if the caller did not pass a cached route
809 * nor any other hints. We treat this case an error.
810 */
811 error = EHOSTUNREACH;
812 }
813 if (error == EHOSTUNREACH)
814 IP6STAT_INC(ip6s_noroute);
815
816 if (retifp != NULL) {
817 if (nh != NULL)
818 *retifp = nh->nh_aifp;
819 else
820 *retifp = ifp;
821 }
822
823 if (retnh != NULL)
824 *retnh = nh; /* nh may be NULL */
825
826 return (error);
827}
828
829static int
830in6_selectif(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
831 struct ip6_moptions *mopts, struct ifnet **retifp,
832 struct ifnet *oifp, u_int fibnum)
833{
834 int error;
835 struct route_in6 sro;
836 struct nhop_object *nh = NULL;
837 uint16_t nh_flags;
838
839 KASSERT(retifp != NULL, ("%s: retifp is NULL", __func__));
840
841 bzero(&sro, sizeof(sro));
842 nh_flags = 0;
843
844 error = selectroute(dstsock, opts, mopts, &sro, retifp, &nh, 1, fibnum, 0);
845
846 if (nh != NULL)
847 nh_flags = nh->nh_flags;
848 if (nh != NULL && nh == sro.ro_nh)
849 NH_FREE(nh);
850
851 if (error != 0) {
852 /* Help ND. See oifp comment in in6_selectsrc(). */
853 if (oifp != NULL && fibnum == RT_DEFAULT_FIB) {
854 *retifp = oifp;
855 error = 0;
856 }
857 return (error);
858 }
859
860 /*
861 * do not use a rejected or black hole route.
862 * XXX: this check should be done in the L2 output routine.
863 * However, if we skipped this check here, we'd see the following
864 * scenario:
865 * - install a rejected route for a scoped address prefix
866 * (like fe80::/10)
867 * - send a packet to a destination that matches the scoped prefix,
868 * with ambiguity about the scope zone.
869 * - pick the outgoing interface from the route, and disambiguate the
870 * scope zone with the interface.
871 * - ip6_output() would try to get another route with the "new"
872 * destination, which may be valid.
873 * - we'd see no error on output.
874 * Although this may not be very harmful, it should still be confusing.
875 * We thus reject the case here.
876 */
877
878 if (nh_flags & (NHF_REJECT | NHF_BLACKHOLE)) {
879 error = (nh_flags & NHF_HOST ? EHOSTUNREACH : ENETUNREACH);
880 return (error);
881 }
882
883 return (0);
884}
885
886/* Public wrapper function to selectroute(). */
887int
888in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
889 struct ip6_moptions *mopts, struct route_in6 *ro,
890 struct ifnet **retifp, struct nhop_object **retnh, u_int fibnum, uint32_t flowid)
891{
892
893 return (selectroute(dstsock, opts, mopts, ro, retifp,
894 retnh, 0, fibnum, flowid));
895}
896
897/*
898 * Default hop limit selection. The precedence is as follows:
899 * 1. Hoplimit value specified via ioctl.
900 * 2. (If the outgoing interface is detected) the current
901 * hop limit of the interface specified by router advertisement.
902 * 3. The system default hoplimit.
903 */
904int
905in6_selecthlim(struct inpcb *inp, struct ifnet *ifp)
906{
907
908 if (inp && inp->in6p_hops >= 0)
909 return (inp->in6p_hops);
910 else if (ifp)
911 return (ND_IFINFO(ifp)->chlim);
912 else if (inp && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
913 struct nhop_object *nh;
914 struct in6_addr dst;
915 uint32_t fibnum, scopeid;
916 int hlim;
917
918 fibnum = inp->inp_inc.inc_fibnum;
919 in6_splitscope(&inp->in6p_faddr, &dst, &scopeid);
920 nh = fib6_lookup(fibnum, &dst, scopeid, 0, 0);
921 if (nh != NULL) {
922 hlim = ND_IFINFO(nh->nh_ifp)->chlim;
923 return (hlim);
924 }
925 }
926 return (V_ip6_defhlim);
927}
928
929void
930addrsel_policy_init(void)
931{
932
933 init_policy_queue();
934
935 /* initialize the "last resort" policy */
936 bzero(&V_defaultaddrpolicy, sizeof(V_defaultaddrpolicy));
937 V_defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
938
939 if (!IS_DEFAULT_VNET(curvnet))
940 return;
941
942 ADDRSEL_LOCK_INIT();
943 ADDRSEL_SXLOCK_INIT();
944}
945
946static struct in6_addrpolicy *
947lookup_addrsel_policy(struct sockaddr_in6 *key)
948{
949 struct in6_addrpolicy *match = NULL;
950
951 ADDRSEL_LOCK();
952 match = match_addrsel_policy(key);
953
954 if (match == NULL)
955 match = &V_defaultaddrpolicy;
956 else
957 match->use++;
958 ADDRSEL_UNLOCK();
959
960 return (match);
961}
962
963/*
964 * Subroutines to manage the address selection policy table via sysctl.
965 */
966struct walkarg {
967 struct sysctl_req *w_req;
968};
969
970static int in6_src_sysctl(SYSCTL_HANDLER_ARGS);
971SYSCTL_DECL(_net_inet6_ip6);
972static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy,
973 CTLFLAG_RD | CTLFLAG_MPSAFE, in6_src_sysctl,
974 "");
975
976static int
977in6_src_sysctl(SYSCTL_HANDLER_ARGS)
978{
979 struct walkarg w;
980
981 if (req->newptr)
982 return EPERM;
983
984 bzero(&w, sizeof(w));
985 w.w_req = req;
986
987 return (walk_addrsel_policy(dump_addrsel_policyent, &w));
988}
989
990int
991in6_src_ioctl(u_long cmd, caddr_t data)
992{
993 struct in6_addrpolicy ent0;
994
995 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
996 return (EOPNOTSUPP); /* check for safety */
997
998 ent0 = *(struct in6_addrpolicy *)data;
999
1000 if (ent0.label == ADDR_LABEL_NOTAPP)
1001 return (EINVAL);
1002 /* check if the prefix mask is consecutive. */
1003 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
1004 return (EINVAL);
1005 /* clear trailing garbages (if any) of the prefix address. */
1006 IN6_MASK_ADDR(&ent0.addr.sin6_addr, &ent0.addrmask.sin6_addr);
1007 ent0.use = 0;
1008
1009 switch (cmd) {
1010 case SIOCAADDRCTL_POLICY:
1011 return (add_addrsel_policyent(&ent0));
1012 case SIOCDADDRCTL_POLICY:
1013 return (delete_addrsel_policyent(&ent0));
1014 }
1015
1016 return (0); /* XXX: compromise compilers */
1017}
1018
1019/*
1020 * The followings are implementation of the policy table using a
1021 * simple tail queue.
1022 * XXX such details should be hidden.
1023 * XXX implementation using binary tree should be more efficient.
1024 */
1025struct addrsel_policyent {
1026 TAILQ_ENTRY(addrsel_policyent) ape_entry;
1027 struct in6_addrpolicy ape_policy;
1028};
1029
1030TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1031
1032VNET_DEFINE_STATIC(struct addrsel_policyhead, addrsel_policytab);
1033#define V_addrsel_policytab VNET(addrsel_policytab)
1034
1035static void
1036init_policy_queue(void)
1037{
1038
1039 TAILQ_INIT(&V_addrsel_policytab);
1040}
1041
1042static int
1043add_addrsel_policyent(struct in6_addrpolicy *newpolicy)
1044{
1045 struct addrsel_policyent *new, *pol;
1046
1047 new = malloc(sizeof(*new), M_IFADDR,
1048 M_WAITOK);
1049 ADDRSEL_XLOCK();
1050 ADDRSEL_LOCK();
1051
1052 /* duplication check */
1053 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1054 if (IN6_ARE_ADDR_EQUAL(&newpolicy->addr.sin6_addr,
1055 &pol->ape_policy.addr.sin6_addr) &&
1056 IN6_ARE_ADDR_EQUAL(&newpolicy->addrmask.sin6_addr,
1057 &pol->ape_policy.addrmask.sin6_addr)) {
1058 ADDRSEL_UNLOCK();
1059 ADDRSEL_XUNLOCK();
1060 free(new, M_IFADDR);
1061 return (EEXIST); /* or override it? */
1062 }
1063 }
1064
1065 bzero(new, sizeof(*new));
1066
1067 /* XXX: should validate entry */
1068 new->ape_policy = *newpolicy;
1069
1070 TAILQ_INSERT_TAIL(&V_addrsel_policytab, new, ape_entry);
1071 ADDRSEL_UNLOCK();
1072 ADDRSEL_XUNLOCK();
1073
1074 return (0);
1075}
1076
1077static int
1078delete_addrsel_policyent(struct in6_addrpolicy *key)
1079{
1080 struct addrsel_policyent *pol;
1081
1082 ADDRSEL_XLOCK();
1083 ADDRSEL_LOCK();
1084
1085 /* search for the entry in the table */
1086 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1087 if (IN6_ARE_ADDR_EQUAL(&key->addr.sin6_addr,
1088 &pol->ape_policy.addr.sin6_addr) &&
1089 IN6_ARE_ADDR_EQUAL(&key->addrmask.sin6_addr,
1090 &pol->ape_policy.addrmask.sin6_addr)) {
1091 break;
1092 }
1093 }
1094 if (pol == NULL) {
1095 ADDRSEL_UNLOCK();
1096 ADDRSEL_XUNLOCK();
1097 return (ESRCH);
1098 }
1099
1100 TAILQ_REMOVE(&V_addrsel_policytab, pol, ape_entry);
1101 ADDRSEL_UNLOCK();
1102 ADDRSEL_XUNLOCK();
1103 free(pol, M_IFADDR);
1104
1105 return (0);
1106}
1107
1108static int
1109walk_addrsel_policy(int (*callback)(struct in6_addrpolicy *, void *), void *w)
1110{
1111 struct addrsel_policyent *pol;
1112 int error = 0;
1113
1114 ADDRSEL_SLOCK();
1115 TAILQ_FOREACH(pol, &V_addrsel_policytab, ape_entry) {
1116 if ((error = (*callback)(&pol->ape_policy, w)) != 0) {
1117 ADDRSEL_SUNLOCK();
1118 return (error);
1119 }
1120 }
1121 ADDRSEL_SUNLOCK();
1122 return (error);
1123}
1124
1125static int
1126dump_addrsel_policyent(struct in6_addrpolicy *pol, void *arg)
1127{
1128 int error = 0;
1129 struct walkarg *w = arg;
1130
1131 error = SYSCTL_OUT(w->w_req, pol, sizeof(*pol));
1132
1133 return (error);
1134}
1135
1136static struct in6_addrpolicy *
1137match_addrsel_policy(struct sockaddr_in6 *key)
1138{
1139 struct addrsel_policyent *pent;
1140 struct in6_addrpolicy *bestpol = NULL, *pol;
1141 int matchlen, bestmatchlen = -1;
1142 u_char *mp, *ep, *k, *p, m;
1143
1144 TAILQ_FOREACH(pent, &V_addrsel_policytab, ape_entry) {
1145 matchlen = 0;
1146
1147 pol = &pent->ape_policy;
1148 mp = (u_char *)&pol->addrmask.sin6_addr;
1149 ep = mp + 16; /* XXX: scope field? */
1150 k = (u_char *)&key->sin6_addr;
1151 p = (u_char *)&pol->addr.sin6_addr;
1152 for (; mp < ep && *mp; mp++, k++, p++) {
1153 m = *mp;
1154 if ((*k & m) != *p)
1155 goto next; /* not match */
1156 if (m == 0xff) /* short cut for a typical case */
1157 matchlen += 8;
1158 else {
1159 while (m >= 0x80) {
1160 matchlen++;
1161 m <<= 1;
1162 }
1163 }
1164 }
1165
1166 /* matched. check if this is better than the current best. */
1167 if (bestpol == NULL ||
1168 matchlen > bestmatchlen) {
1169 bestpol = pol;
1170 bestmatchlen = matchlen;
1171 }
1172
1173 next:
1174 continue;
1175 }
1176
1177 return (bestpol);
1178}
in6_matchlen
int in6_matchlen(struct in6_addr *src, struct in6_addr *dst)
Definition: in6.c:1831
ip6_sprintf
char * ip6_sprintf(char *ip6buf, const struct in6_addr *addr)
Definition: in6.c:1637
in6_mask2len
int in6_mask2len(struct in6_addr *mask, u_char *lim0)
Definition: in6.c:202
in6ifa_ifwithaddr
struct in6_ifaddr * in6ifa_ifwithaddr(const struct in6_addr *addr, uint32_t zoneid, bool referenced)
Definition: in6.c:1560
satosin6
#define satosin6(sa)
Definition: in6.h:689
in6_addrscope
int in6_addrscope(const struct in6_addr *)
Definition: scope6.c:235
IN6_IS_ADDR_LINKLOCAL
#define IN6_IS_ADDR_LINKLOCAL(a)
Definition: in6.h:296
IN6_IS_ADDR_MC_LINKLOCAL
#define IN6_IS_ADDR_MC_LINKLOCAL(a)
Definition: in6.h:322
IN6_IS_ADDR_UNSPECIFIED
#define IN6_IS_ADDR_UNSPECIFIED(a)
Definition: in6.h:239
IN6_IS_ADDR_LOOPBACK
#define IN6_IS_ADDR_LOOPBACK(a)
Definition: in6.h:248
IN6_ARE_ADDR_EQUAL
#define IN6_ARE_ADDR_EQUAL(a, b)
Definition: in6.h:227
IFA6_IS_DEPRECATED
#define IFA6_IS_DEPRECATED(a)
Definition: in6.h:364
IN6_IS_ADDR_MULTICAST
#define IN6_IS_ADDR_MULTICAST(a)
Definition: in6.h:304
IN6_IS_ADDR_MC_NODELOCAL
#define IN6_IS_ADDR_MC_NODELOCAL(a)
Definition: in6.h:316
INET6_ADDRSTRLEN
#define INET6_ADDRSTRLEN
Definition: in6.h:112
IN6_IS_SCOPE_LINKLOCAL
#define IN6_IS_SCOPE_LINKLOCAL(a)
Definition: in6.h:356
in6_fib.h
fib6_lookup
struct nhop_object * fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid, uint32_t flags, uint32_t flowid)
prison_check_ip6
int prison_check_ip6(const struct ucred *cred, const struct in6_addr *ia6)
Definition: in6_jail.c:306
prison_saddrsel_ip6
int prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
Definition: in6_jail.c:144
prison_local_ip6
int prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
Definition: in6_jail.c:207
in6_pcb.h
ADDRSEL_XLOCK
#define ADDRSEL_XLOCK()
Definition: in6_src.c:122
in6_selectsrc_addr
int in6_selectsrc_addr(uint32_t fibnum, const struct in6_addr *dst, uint32_t scopeid, struct ifnet *ifp, struct in6_addr *srcp, int *hlim)
Definition: in6_src.c:586
addrsel_lock
static struct mtx addrsel_lock
Definition: in6_src.c:112
SYSCTL_DECL
SYSCTL_DECL(_net_inet6_ip6)
ADDRSEL_LOCK
#define ADDRSEL_LOCK()
Definition: in6_src.c:114
in6_src_ioctl
int in6_src_ioctl(u_long cmd, caddr_t data)
Definition: in6_src.c:985
in6_selectsrc
static int in6_selectsrc(uint32_t, struct sockaddr_in6 *, struct ip6_pktopts *, struct inpcb *, struct ucred *, struct ifnet **, struct in6_addr *)
Definition: in6_src.c:172
VNET_DEFINE_STATIC
VNET_DEFINE_STATIC(struct in6_addrpolicy, defaultaddrpolicy)
match_addrsel_policy
static struct in6_addrpolicy * match_addrsel_policy(struct sockaddr_in6 *)
Definition: in6_src.c:1131
init_policy_queue
static void init_policy_queue(void)
Definition: in6_src.c:1030
NEXT
#define NEXT(r)
Definition: in6_src.c:162
add_addrsel_policyent
static int add_addrsel_policyent(struct in6_addrpolicy *)
Definition: in6_src.c:1037
TAILQ_HEAD
TAILQ_HEAD(addrsel_policyhead, addrsel_policyent)
delete_addrsel_policyent
static int delete_addrsel_policyent(struct in6_addrpolicy *)
Definition: in6_src.c:1072
in6_selectsrc_socket
int in6_selectsrc_socket(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, struct inpcb *inp, struct ucred *cred, int scope_ambiguous, struct in6_addr *srcp, int *hlim)
Definition: in6_src.c:544
SYSCTL_NODE
static SYSCTL_NODE(_net_inet6_ip6, IPV6CTL_ADDRCTLPOLICY, addrctlpolicy, CTLFLAG_RD|CTLFLAG_MPSAFE, in6_src_sysctl, "")
REPLACE
#define REPLACE(r)
Definition: in6_src.c:157
dump_addrsel_policyent
static int dump_addrsel_policyent(struct in6_addrpolicy *, void *)
Definition: in6_src.c:1120
ADDRSEL_XUNLOCK
#define ADDRSEL_XUNLOCK()
Definition: in6_src.c:123
walk_addrsel_policy
static int walk_addrsel_policy(int(*)(struct in6_addrpolicy *, void *), void *)
Definition: in6_src.c:1103
V_defaultaddrpolicy
#define V_defaultaddrpolicy
Definition: in6_src.c:127
in6_selectroute
int in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, struct ip6_moptions *mopts, struct route_in6 *ro, struct ifnet **retifp, struct nhop_object **retnh, u_int fibnum, uint32_t flowid)
Definition: in6_src.c:882
V_addrsel_policytab
#define V_addrsel_policytab
Definition: in6_src.c:1027
__FBSDID
__FBSDID("$FreeBSD$")
ADDR_LABEL_NOTAPP
#define ADDR_LABEL_NOTAPP
Definition: in6_src.c:125
ADDRSEL_SUNLOCK
#define ADDRSEL_SUNLOCK()
Definition: in6_src.c:121
lookup_addrsel_policy
static struct in6_addrpolicy * lookup_addrsel_policy(struct sockaddr_in6 *)
Definition: in6_src.c:941
ADDRSEL_SXLOCK_INIT
#define ADDRSEL_SXLOCK_INIT()
Definition: in6_src.c:119
BREAK
#define BREAK(r)
Definition: in6_src.c:166
ADDRSEL_UNLOCK
#define ADDRSEL_UNLOCK()
Definition: in6_src.c:115
in6_src_sysctl
static int in6_src_sysctl(SYSCTL_HANDLER_ARGS)
Definition: in6_src.c:971
selectroute
static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, struct nhop_object **, int, u_int, uint32_t)
Definition: in6_src.c:613
in6_selecthlim
int in6_selecthlim(struct inpcb *inp, struct ifnet *ifp)
Definition: in6_src.c:899
addrsel_sxlock
static struct sx addrsel_sxlock
Definition: in6_src.c:118
VNET_DEFINE
VNET_DEFINE(int, ip6_prefer_tempaddr)=0
ADDRSEL_SLOCK
#define ADDRSEL_SLOCK()
Definition: in6_src.c:120
ADDRSEL_LOCK_INIT
#define ADDRSEL_LOCK_INIT()
Definition: in6_src.c:113
addrsel_policy_init
void addrsel_policy_init(void)
Definition: in6_src.c:924
in6_selectif
static int in6_selectif(struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct ifnet **, struct ifnet *, u_int)
Definition: in6_src.c:824
in6_var.h
SIOCAADDRCTL_POLICY
#define SIOCAADDRCTL_POLICY
Definition: in6_var.h:490
IN6_IFF_PREFER_SOURCE
#define IN6_IFF_PREFER_SOURCE
Definition: in6_var.h:501
IN6_IFADDR_RLOCK
#define IN6_IFADDR_RLOCK(t)
Definition: in6_var.h:537
IN6_IFF_DETACHED
#define IN6_IFF_DETACHED
Definition: in6_var.h:496
IN6_ARE_SCOPE_CMP
#define IN6_ARE_SCOPE_CMP(a, b)
Definition: in6_var.h:507
IN6_IFF_ANYCAST
#define IN6_IFF_ANYCAST
Definition: in6_var.h:493
SIOCDADDRCTL_POLICY
#define SIOCDADDRCTL_POLICY
Definition: in6_var.h:491
IN6_IFADDR_RUNLOCK
#define IN6_IFADDR_RUNLOCK(t)
Definition: in6_var.h:539
V_in6_ifaddrhead
#define V_in6_ifaddrhead
Definition: in6_var.h:515
IN6_IFF_TEMPORARY
#define IN6_IFF_TEMPORARY
Definition: in6_var.h:500
IN6_MASK_ADDR
#define IN6_MASK_ADDR(a, m)
Definition: in6_var.h:420
IN6_IFF_NOTREADY
#define IN6_IFF_NOTREADY
Definition: in6_var.h:504
ip6_var.h
IP6STAT_INC
#define IP6STAT_INC(name)
Definition: ip6_var.h:256
V_ip6_prefer_tempaddr
#define V_ip6_prefer_tempaddr
Definition: ip6_var.h:322
IP6PO_TEMPADDR_SYSTEM
#define IP6PO_TEMPADDR_SYSTEM
Definition: ip6_var.h:166
V_ip6_use_deprecated
#define V_ip6_use_deprecated
Definition: ip6_var.h:283
IP6PO_TEMPADDR_NOTPREFER
#define IP6PO_TEMPADDR_NOTPREFER
Definition: ip6_var.h:167
V_ip6_defhlim
#define V_ip6_defhlim
Definition: ip6_var.h:280
ND_IFINFO
#define ND_IFINFO(ifp)
Definition: nd6.h:99
ND6_IFF_NO_PREFER_IFACE
#define ND6_IFF_NO_PREFER_IFACE
Definition: nd6.h:89
in6_setscope
int in6_setscope(struct in6_addr *in6, struct ifnet *ifp, u_int32_t *ret_id)
Definition: scope6.c:406
in6_splitscope
void in6_splitscope(const struct in6_addr *src, struct in6_addr *dst, uint32_t *scopeid)
Definition: scope6.c:534
in6_getlinkifnet
struct ifnet * in6_getlinkifnet(uint32_t zoneid)
Definition: scope6.c:508
in6_getscope
uint16_t in6_getscope(const struct in6_addr *in6)
Definition: scope6.c:472
sa6_embedscope
int sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok)
Definition: scope6.c:324
scope6_var.h
addrsel_policyent
Definition: in6_src.c:1019
in6_addr
Definition: in6.h:97
in6_addrpolicy
Definition: in6_var.h:154
in6_addrpolicy::use
u_quad_t use
Definition: in6_var.h:159
in6_addrpolicy::addr
struct sockaddr_in6 addr
Definition: in6_var.h:155
in6_addrpolicy::label
int label
Definition: in6_var.h:158
in6_addrpolicy::addrmask
struct sockaddr_in6 addrmask
Definition: in6_var.h:156
in6_ifaddr
Definition: in6_var.h:121
in6_ifaddr::ia6_flags
int ia6_flags
Definition: in6_var.h:131
in6_ifaddr::ia_addr
struct sockaddr_in6 ia_addr
Definition: in6_var.h:125
in6_ifaddr::ia_ifa
struct ifaddr ia_ifa
Definition: in6_var.h:122
in6_pktinfo
Definition: in6.h:548
in6_pktinfo::ipi6_addr
struct in6_addr ipi6_addr
Definition: in6.h:549
in6_pktinfo::ipi6_ifindex
unsigned int ipi6_ifindex
Definition: in6.h:550
ip6_pktopts
Definition: ip6_var.h:136
ip6_pktopts::ip6po_prefer_tempaddr
int ip6po_prefer_tempaddr
Definition: ip6_var.h:164
ip6_pktopts::ip6po_pktinfo
struct in6_pktinfo * ip6po_pktinfo
Definition: ip6_var.h:141
sockaddr_in6
Definition: in6.h:125
sockaddr_in6::sin6_len
uint8_t sin6_len
Definition: in6.h:126
sockaddr_in6::sin6_addr
struct in6_addr sin6_addr
Definition: in6.h:130
sockaddr_in6::sin6_scope_id
uint32_t sin6_scope_id
Definition: in6.h:131
sockaddr_in6::sin6_family
sa_family_t sin6_family
Definition: in6.h:127
walkarg::w_req
struct sysctl_req * w_req
Definition: in6_src.c:961