1 //==========================================================================
3 // src/sys/netinet6/in6_src.c
5 //==========================================================================
6 //####BSDCOPYRIGHTBEGIN####
8 // -------------------------------------------
10 // Portions of this software may have been derived from OpenBSD,
11 // FreeBSD or other sources, and are covered by the appropriate
12 // copyright disclaimers included herein.
14 // Portions created by Red Hat are
15 // Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
17 // -------------------------------------------
19 //####BSDCOPYRIGHTEND####
20 //==========================================================================
22 /* $KAME: in6_src.c,v 1.96 2001/12/24 10:39:29 jinmei Exp $ */
25 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
26 * All rights reserved.
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
31 * 1. Redistributions of source code must retain the above copyright
32 * notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 * notice, this list of conditions and the following disclaimer in the
35 * documentation and/or other materials provided with the distribution.
36 * 3. Neither the name of the project nor the names of its contributors
37 * may be used to endorse or promote products derived from this software
38 * without specific prior written permission.
40 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54 * Copyright (c) 1982, 1986, 1991, 1993
55 * The Regents of the University of California. All rights reserved.
57 * Redistribution and use in source and binary forms, with or without
58 * modification, are permitted provided that the following conditions
60 * 1. Redistributions of source code must retain the above copyright
61 * notice, this list of conditions and the following disclaimer.
62 * 2. Redistributions in binary form must reproduce the above copyright
63 * notice, this list of conditions and the following disclaimer in the
64 * documentation and/or other materials provided with the distribution.
65 * 3. All advertising materials mentioning features or use of this software
66 * must display the following acknowledgement:
67 * This product includes software developed by the University of
68 * California, Berkeley and its contributors.
69 * 4. Neither the name of the University nor the names of its contributors
70 * may be used to endorse or promote products derived from this software
71 * without specific prior written permission.
73 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
74 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
75 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
76 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
77 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
78 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
79 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
80 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
81 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
82 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
85 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94
88 #include <sys/param.h>
89 #include <sys/malloc.h>
91 #include <sys/protosw.h>
92 #include <sys/socket.h>
93 #include <sys/socketvar.h>
94 #include <sys/sockio.h>
95 #include <sys/errno.h>
98 #include <net/route.h>
100 #include <netinet/in.h>
101 #include <netinet/in_var.h>
102 #include <netinet/in_systm.h>
103 #include <netinet/ip.h>
104 #include <netinet/in_pcb.h>
105 #include <netinet6/in6_var.h>
106 #include <netinet/ip6.h>
107 #include <netinet6/ip6_var.h>
108 #include <netinet6/in6_pcb.h>
109 #include <netinet6/nd6.h>
110 #include <netinet6/scope6_var.h>
113 #include <netinet6/mip6.h>
116 #if defined(__NetBSD__)
117 extern struct ifnet loif[NLOOP];
120 #define ADDR_LABEL_NOTAPP (-1)
121 struct in6_addrpolicy defaultaddrpolicy;
123 int ip6_prefer_tempaddr = 0;
125 #ifdef NEW_STRUCT_ROUTE
126 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *,
127 struct ip6_moptions *,
131 static int in6_selectif __P((struct sockaddr_in6 *, struct ip6_pktopts *,
132 struct ip6_moptions *,
133 struct route_in6 *ro,
137 static struct in6_addrpolicy *lookup_addrsel_policy __P((struct sockaddr_in6 *));
139 static void init_policy_queue __P((void));
140 static int add_addrsel_policyent __P((struct in6_addrpolicy *));
141 static int delete_addrsel_policyent __P((struct in6_addrpolicy *));
142 static struct in6_addrpolicy *match_addrsel_policy __P((struct sockaddr_in6 *));
145 * Return an IPv6 address, which is the most appropriate for a given
146 * destination and user specified options.
147 * If necessary, this function lookups the routing table and returns
148 * an entry to the caller for later use.
150 #define REPLACE(r) do {\
151 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \
152 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
153 ip6stat.ip6s_sources_rule[(r)]++; \
154 /* printf("in6_selectsrc: replace %s with %s by %d\n", ia_best ? ip6_sprintf(&ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(&ia->ia_addr.sin6_addr), (r)); */ \
157 #define NEXT(r) do {\
158 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \
159 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
160 ip6stat.ip6s_sources_rule[(r)]++; \
161 /* printf("in6_selectsrc: keep %s against %s by %d\n", ia_best ? ip6_sprintf(&ia_best->ia_addr.sin6_addr) : "none", ip6_sprintf(&ia->ia_addr.sin6_addr), (r)); */ \
162 goto next; /* XXX: we can't use 'continue' here */ \
164 #define BREAK(r) do { \
165 if ((r) < sizeof(ip6stat.ip6s_sources_rule) / \
166 sizeof(ip6stat.ip6s_sources_rule[0])) /* check for safety */ \
167 ip6stat.ip6s_sources_rule[(r)]++; \
168 goto out; /* XXX: we can't use 'break' here */ \
172 in6_selectsrc(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts,
173 struct ip6_moptions *mopts, struct route *ro,
174 struct ifnet **ifpp, struct in6_addr *laddr,
177 struct in6_addr *dst;
178 struct ifnet *ifp = NULL;
179 struct in6_ifaddr *ia = NULL, *ia_best = NULL;
180 struct in6_pktinfo *pi = NULL;
181 int dst_scope = -1, best_scope = -1, best_matchlen = -1;
182 struct in6_addrpolicy *dst_policy = NULL, *best_policy = NULL;
184 struct hif_softc *sc;
185 #ifdef MIP6_ALLOW_COA_FALLBACK
186 struct mip6_bu *mbu_dst;
187 u_int8_t coafallback = 0;
191 dst = &dstsock->sin6_addr;
197 * If the source address is explicitly specified by the caller,
198 * check if the requested source address is indeed a unicast address
199 * assigned to the node, and can be used as the packet's source
200 * address. If everything is okay, use the address as source.
202 if (opts && (pi = opts->ip6po_pktinfo) &&
203 !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) {
204 struct sockaddr_in6 srcsock;
205 struct in6_ifaddr *ia6;
207 /* get the outgoing interface */
208 if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp))
214 * determine the appropriate zone id of the source based on
215 * the zone of the destination and the outgoing interface.
217 bzero(&srcsock, sizeof(srcsock));
218 srcsock.sin6_family = AF_INET6;
219 srcsock.sin6_len = sizeof(srcsock);
220 srcsock.sin6_addr = pi->ipi6_addr;
224 zone = in6_addr2zoneid(ifp, &pi->ipi6_addr);
225 if (zone < 0) { /* XXX: this should not happen */
229 srcsock.sin6_scope_id = zone;
231 if ((*errorp = in6_embedscope(&srcsock.sin6_addr, &srcsock))
235 #ifndef SCOPEDROUTING
236 srcsock.sin6_scope_id = 0; /* XXX: ifa_ifwithaddr expects 0 */
238 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr((struct sockaddr *)(&srcsock));
240 (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY))) {
241 *errorp = EADDRNOTAVAIL;
244 pi->ipi6_addr = srcsock.sin6_addr; /* XXX: this overrides pi */
247 return(&pi->ipi6_addr);
251 * Otherwise, if the socket has already bound the source, just use it.
253 if (laddr && !IN6_IS_ADDR_UNSPECIFIED(laddr))
257 * If the address is not specified, choose the best one based on
258 * the outgoing interface and the destination address.
260 /* get the outgoing interface */
261 if ((*errorp = in6_selectif(dstsock, opts, mopts, ro, &ifp)) != 0)
265 #ifdef MIP6_ALLOW_COA_FALLBACK
266 for (sc = TAILQ_FIRST(&hif_softc_list);
268 sc = TAILQ_NEXT(sc, hif_entry)) {
269 mbu_dst = mip6_bu_list_find_withpaddr(&sc->hif_bu_list, dst);
271 coafallback = mbu_dst->mbu_coafallback;
273 #endif /* MIP6_ALLOW_COA_FALLBACK */
277 if (ifp == NULL) /* this should not happen */
278 panic("in6_selectsrc: NULL ifp");
280 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
281 int new_scope = -1, new_matchlen = -1;
282 struct in6_addrpolicy *new_policy = NULL;
283 int64_t srczone, dstzone;
284 struct ifnet *ifp1 = ia->ia_ifp;
287 * We'll never take an address that breaks the scope zone
288 * of the destination. We also skip an address if its zone
289 * does not contain the outgoing interface.
290 * XXX: we should probably use sin6_scope_id here.
292 if ((dstzone = in6_addr2zoneid(ifp1, dst)) < 0 ||
293 dstzone != in6_addr2zoneid(ifp, dst)) {
296 if ((srczone = in6_addr2zoneid(ifp1, &ia->ia_addr.sin6_addr))
298 srczone != in6_addr2zoneid(ifp, &ia->ia_addr.sin6_addr)) {
302 /* avoid unusable addresses */
304 (IN6_IFF_NOTREADY | IN6_IFF_ANYCAST | IN6_IFF_DETACHED))) {
307 if (!ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
310 /* Rule 1: Prefer same address */
311 if (IN6_ARE_ADDR_EQUAL(dst, &ia->ia_addr.sin6_addr)) {
313 BREAK(1); /* there should be no better candidate */
319 /* Rule 2: Prefer appropriate scope */
321 dst_scope = in6_addrscope(dst);
322 new_scope = in6_addrscope(&ia->ia_addr.sin6_addr);
323 if (IN6_ARE_SCOPE_CMP(best_scope, new_scope) < 0) {
324 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0)
327 } else if (IN6_ARE_SCOPE_CMP(new_scope, best_scope) < 0) {
328 if (IN6_ARE_SCOPE_CMP(new_scope, dst_scope) < 0)
334 * Rule 3: Avoid deprecated addresses. Note that the case of
335 * !ip6_use_deprecated is already rejected above.
337 if (!IFA6_IS_DEPRECATED(ia_best) && IFA6_IS_DEPRECATED(ia))
339 if (IFA6_IS_DEPRECATED(ia_best) && !IFA6_IS_DEPRECATED(ia))
342 /* Rule 4: Prefer home addresses */
344 * XXX: This is a TODO. We should probably merge the MIP6
349 * If SA is simultaneously a home address and care-of address
350 * and SB is not, then prefer SA. Similarly, if SB is
351 * simultaneously a home address and care-of address and SA is
352 * not, then prefer SB.
355 struct mip6_bu *mbu_ia_best = NULL, *mbu_ia = NULL;
357 if (ia_best->ia6_flags & IN6_IFF_HOME) {
359 * find a binding update entry for ia_best.
361 for (sc = TAILQ_FIRST(&hif_softc_list);
363 sc = TAILQ_NEXT(sc, hif_entry)) {
364 mbu_ia_best = mip6_bu_list_find_home_registration(
366 &ia->ia_addr.sin6_addr);
371 if (ia->ia6_flags & IN6_IFF_HOME) {
373 * find a binding update entry for ia.
375 for (sc = TAILQ_FIRST(&hif_softc_list);
377 sc = TAILQ_NEXT(sc, hif_entry)) {
378 mbu_ia = mip6_bu_list_find_home_registration(
380 &ia->ia_addr.sin6_addr);
386 * if the binding update entry for a certain address
387 * exists and its registration status is
388 * MIP6_BU_REG_STATE_NOTREG, the address is a home
389 * address and a care of addres simultaneously.
392 (mbu_ia_best->mbu_reg_state
393 == MIP6_BU_REG_STATE_NOTREG))
396 (mbu_ia->mbu_reg_state
397 == MIP6_BU_REG_STATE_NOTREG))) {
401 (mbu_ia_best->mbu_reg_state
402 == MIP6_BU_REG_STATE_NOTREG))
405 (mbu_ia->mbu_reg_state
406 == MIP6_BU_REG_STATE_NOTREG))) {
410 #ifdef MIP6_ALLOW_COA_FALLBACK
413 * if the peer doesn't recognize a home
414 * address destination option, we will use a
415 * CoA as a source address instead of a home
416 * address we have registered before. Though
417 * this behavior may arouse a mip6 beleiver's
418 * anger, is very useful in the current
419 * transition period that many hosts don't
420 * recognize a home address destination
423 if ((ia_best->ia6_flags & IN6_IFF_HOME) == 0 &&
424 (ia->ia6_flags & IN6_IFF_HOME) != 0) {
425 /* XXX will break stat! */
428 if ((ia_best->ia6_flags & IN6_IFF_HOME) != 0 &&
429 (ia->ia6_flags & IN6_IFF_HOME) == 0) {
430 /* XXX will break stat! */
437 * If SA is just a home address and SB is just
438 * a care-of address, then prefer
439 * SA. Similarly, if SB is just a home address
440 * and SA is just a care-of address, then
443 if ((ia_best->ia6_flags & IN6_IFF_HOME) != 0 &&
444 (ia->ia6_flags & IN6_IFF_HOME) == 0) {
447 if ((ia_best->ia6_flags & IN6_IFF_HOME) == 0 &&
448 (ia->ia6_flags & IN6_IFF_HOME) != 0) {
454 /* Rule 5: Prefer outgoing interface */
455 if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
457 if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
461 * Rule 6: Prefer matching label
462 * Note that best_policy should be non-NULL here.
464 if (dst_policy == NULL)
465 dst_policy = lookup_addrsel_policy(dstsock);
466 if (dst_policy->label != ADDR_LABEL_NOTAPP) {
467 new_policy = lookup_addrsel_policy(&ia->ia_addr);
468 if (dst_policy->label == best_policy->label &&
469 dst_policy->label != new_policy->label)
471 if (dst_policy->label != best_policy->label &&
472 dst_policy->label == new_policy->label)
477 * Rule 7: Prefer public addresses.
478 * We allow users to reverse the logic by configuring
479 * a sysctl variable, so that privacy conscious users can
480 * always prefer temporary addresses.
482 if (!(ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
483 (ia->ia6_flags & IN6_IFF_TEMPORARY)) {
484 if (ip6_prefer_tempaddr)
489 if ((ia_best->ia6_flags & IN6_IFF_TEMPORARY) &&
490 !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
491 if (ip6_prefer_tempaddr)
498 * Rule 8: prefer addresses on alive interfaces.
499 * This is a KAME specific rule.
501 if ((ia_best->ia_ifp->if_flags & IFF_UP) &&
502 !(ia->ia_ifp->if_flags & IFF_UP))
504 if (!(ia_best->ia_ifp->if_flags & IFF_UP) &&
505 (ia->ia_ifp->if_flags & IFF_UP))
509 * Rule 9: prefer addresses on "preferred" interfaces.
510 * This is a KAME specific rule.
512 #define NDI_BEST (nd_ifinfo[ia_best->ia_ifp->if_index])
513 #define NDI_NEW (nd_ifinfo[ia->ia_ifp->if_index])
514 if ((NDI_BEST.flags & ND6_IFF_PREFER_SOURCE) &&
515 !(NDI_NEW.flags & ND6_IFF_PREFER_SOURCE))
517 if (!(NDI_BEST.flags & ND6_IFF_PREFER_SOURCE) &&
518 (NDI_NEW.flags & ND6_IFF_PREFER_SOURCE))
524 * Rule 14: Use longest matching prefix.
525 * Note: in the address selection draft, this rule is
526 * documented as "Rule 8". However, since it is also
527 * documented that this rule can be overridden, we assign
528 * a large number so that it is easy to assign smaller numbers
529 * to more preferred rules.
531 new_matchlen = in6_matchlen(&ia->ia_addr.sin6_addr, dst);
532 if (best_matchlen < new_matchlen)
534 if (new_matchlen < best_matchlen)
537 /* Rule 15 is reserved. */
540 * Last resort: just keep the current candidate.
541 * Or, do we need more rules?
547 best_scope = (new_scope >= 0 ? new_scope :
548 in6_addrscope(&ia_best->ia_addr.sin6_addr));
549 best_policy = (new_policy ? new_policy :
550 lookup_addrsel_policy(&ia_best->ia_addr));
551 best_matchlen = (new_matchlen >= 0 ? new_matchlen :
552 in6_matchlen(&ia_best->ia_addr.sin6_addr,
562 if ((ia = ia_best) == NULL) {
563 *errorp = EADDRNOTAVAIL;
569 return(&ia->ia_addr.sin6_addr);
576 in6_selectif(dstsock, opts, mopts, ro, retifp)
577 struct sockaddr_in6 *dstsock;
578 struct ip6_pktopts *opts;
579 struct ip6_moptions *mopts;
580 #ifdef NEW_STRUCT_ROUTE
583 struct route_in6 *ro;
585 struct ifnet **retifp;
588 struct rtentry *rt = NULL;
590 clone = IN6_IS_ADDR_MULTICAST(&dstsock->sin6_addr) ? 0 : 1;
591 if ((error = in6_selectroute(dstsock, opts, mopts, ro, retifp,
596 * Adjust the "outgoing" interface. If we're going to loop the packet
597 * back to ourselves, the ifp would be the loopback interface.
598 * However, we'd rather know the interface associated to the
599 * destination address (which should probably be one of our own
602 if (rt && rt->rt_ifa && rt->rt_ifa->ifa_ifp)
603 *retifp = rt->rt_ifa->ifa_ifp;
609 in6_selectroute(dstsock, opts, mopts, ro, retifp, retrt, clone)
610 struct sockaddr_in6 *dstsock;
611 struct ip6_pktopts *opts;
612 struct ip6_moptions *mopts;
613 #ifdef NEW_STRUCT_ROUTE
616 struct route_in6 *ro;
618 struct ifnet **retifp;
619 struct rtentry **retrt;
620 int clone; /* meaningful only for bsdi and freebsd. */
623 struct ifnet *ifp = NULL;
624 struct rtentry *rt = NULL;
625 struct sockaddr_in6 *sin6_next;
626 struct in6_pktinfo *pi = NULL;
627 struct in6_addr *dst = &dstsock->sin6_addr;
629 /* If the caller specify the outgoing interface explicitly, use it. */
630 if (opts && (pi = opts->ip6po_pktinfo) != NULL && pi->ipi6_ifindex) {
631 /* XXX boundary check is assumed to be already done. */
632 #if defined(__FreeBSD__) && __FreeBSD__ >= 5
633 ifp = ifnet_byindex(pi->ipi6_ifindex);
635 ifp = ifindex2ifnet[pi->ipi6_ifindex];
638 (retrt == NULL || IN6_IS_ADDR_MULTICAST(dst))) {
640 * we do not have to check nor get the route for
649 * If the destination address is a multicast address and the outgoing
650 * interface for the address is specified by the caller, use it.
652 if (IN6_IS_ADDR_MULTICAST(dst) &&
653 mopts != NULL && (ifp = mopts->im6o_multicast_ifp) != NULL) {
654 goto done; /* we do not need a route for multicast. */
659 * If the next hop address for the packet is specified by the caller,
660 * use it as the gateway.
662 if (opts && opts->ip6po_nexthop) {
663 #ifdef NEW_STRUCT_ROUTE
666 struct route_in6 *ron;
669 sin6_next = satosin6(opts->ip6po_nexthop);
671 /* at this moment, we only support AF_INET6 next hops */
672 if (sin6_next->sin6_family != AF_INET6) {
673 error = EAFNOSUPPORT; /* or should we proceed? */
678 * If the next hop is an IPv6 address, then the node identified
679 * by that address must be a neighbor of the sending host.
681 ron = &opts->ip6po_nextroute;
683 (ron->ro_rt->rt_flags & (RTF_UP | RTF_LLINFO)) !=
684 (RTF_UP | RTF_LLINFO)) ||
685 !SA6_ARE_ADDR_EQUAL(satosin6(&ron->ro_dst), sin6_next)) {
690 *satosin6(&ron->ro_dst) = *sin6_next;
692 if (ron->ro_rt == NULL) {
693 rtalloc((struct route *)ron); /* multi path case? */
694 if (ron->ro_rt == NULL ||
695 !(ron->ro_rt->rt_flags & RTF_LLINFO)) {
700 error = EHOSTUNREACH;
708 * When cloning is required, try to allocate a route to the
709 * destination so that the caller can store path MTU
717 * Use a cached route if it exists and is valid, else try to allocate
724 (!(ro->ro_rt->rt_flags & RTF_UP) ||
725 !IN6_ARE_ADDR_EQUAL(&satosin6(&ro->ro_dst)->sin6_addr,
728 ro->ro_rt = (struct rtentry *)NULL;
730 if (ro->ro_rt == (struct rtentry *)NULL) {
731 struct sockaddr_in6 *sa6;
733 /* No route yet, so try to acquire one */
735 bzero(&ro->ro_dst, sizeof(struct sockaddr_in6));
736 sa6 = (struct sockaddr_in6 *)&ro->ro_dst;
737 sa6->sin6_family = AF_INET6;
738 sa6->sin6_len = sizeof(struct sockaddr_in6);
739 sa6->sin6_addr = *dst;
741 sa6->sin6_scope_id = dstsock->sin6_scope_id;
745 rtcalloc((struct route *)ro);
748 rtalloc_mpath((struct route *)ro,
749 ntohl(dstsock->sin6_addr.s6_addr32[3]));
751 rtalloc((struct route *)ro);
752 #endif /* RADIX_MPATH */
756 ro->ro_rt = rtalloc1(&((struct route *)ro)
757 ->ro_dst, (int)NULL, 0UL);
760 rtalloc_mpath((struct route *)ro,
761 ntohl(dstsock->sin6_addr.s6_addr32[3]));
763 ro->ro_rt = rtalloc1(&((struct route *)ro)
765 #endif /* RADIX_MPATH */
766 #endif /* __FreeBSD__ */
771 * do not care about the result if we have the nexthop
772 * explicitly specified.
774 if (opts && opts->ip6po_nexthop)
778 ifp = ro->ro_rt->rt_ifp;
780 if (ifp == NULL) { /* can this really happen? */
785 if (ro->ro_rt == NULL)
786 error = EHOSTUNREACH;
790 * Check if the outgoing interface conflicts with
791 * the interface specified by ipi6_ifindex (if specified).
792 * Note that loopback interface is always okay.
793 * (this may happen when we are sending a packet to one of
794 * our own addresses.)
796 if (opts && opts->ip6po_pktinfo
797 && opts->ip6po_pktinfo->ipi6_ifindex) {
798 if (!(ifp->if_flags & IFF_LOOPBACK) &&
800 opts->ip6po_pktinfo->ipi6_ifindex) {
801 error = EHOSTUNREACH;
808 if (error == EHOSTUNREACH)
809 ip6stat.ip6s_noroute++;
814 *retrt = rt; /* rt may be NULL */
820 * Default hop limit selection. The precedence is as follows:
821 * 1. Hoplimit value specified via ioctl.
822 * 2. (If the outgoing interface is detected) the current
823 * hop limit of the interface specified by router advertisement.
824 * 3. The system default hoplimit.
826 #ifdef HAVE_NRL_INPCB
828 #define in6p_hops inp_hops
831 in6_selecthlim(struct in6pcb *in6p, struct ifnet *ifp)
833 if (in6p && in6p->in6p_hops >= 0)
834 return(in6p->in6p_hops);
836 return(nd_ifinfo[ifp->if_index].chlim);
840 #ifdef HAVE_NRL_INPCB
845 #if !(defined(__FreeBSD__) && __FreeBSD__ >= 3) && !defined(__OpenBSD__)
847 * Find an empty port and set it to the specified PCB.
849 #ifdef HAVE_NRL_INPCB /* XXX: I really hate such ugly macros...(jinmei) */
851 #define in6p_socket inp_socket
852 #define in6p_lport inp_lport
853 #define in6p_head inp_head
854 #define in6p_flags inp_flags
855 #define IN6PLOOKUP_WILDCARD INPLOOKUP_WILDCARD
858 in6_pcbsetport(struct in6_addr *laddr, struct in6pcb *in6p)
860 struct socket *so = in6p->in6p_socket;
861 struct in6pcb *head = in6p->in6p_head;
862 u_int16_t last_port, lport = 0;
867 /* XXX: this is redundant when called from in6_pcbbind */
868 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 &&
869 ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
870 (so->so_options & SO_ACCEPTCONN) == 0))
871 wild = IN6PLOOKUP_WILDCARD;
873 if (in6p->in6p_flags & IN6P_LOWPORT) {
874 min = ip6_lowportmin;
875 max = ip6_lowportmax;
877 min = ip6_anonportmin;
878 max = ip6_anonportmax;
881 /* value out of range */
882 if (head->in6p_lport < min)
883 head->in6p_lport = min;
884 else if (head->in6p_lport > max)
885 head->in6p_lport = min;
886 last_port = head->in6p_lport;
887 goto startover; /*to randomize*/
889 lport = htons(head->in6p_lport);
890 if (IN6_IS_ADDR_V4MAPPED(laddr)) {
891 #ifdef HAVE_NRL_INPCB
892 #ifdef INPLOOKUP_WILDCARD6
893 wild &= ~INPLOOKUP_WILDCARD6;
897 t = in_pcblookup_bind(&tcbtable,
898 (struct in_addr *)&in6p->in6p_laddr.s6_addr32[3],
904 #ifdef HAVE_NRL_INPCB
905 #ifdef INPLOOKUP_WILDCARD4
906 wild &= ~INPLOOKUP_WILDCARD4;
908 /* XXX: ugly cast... */
909 t = in_pcblookup(head, (struct in_addr *)&zeroin6_addr,
910 0, (struct in_addr *)laddr,
911 lport, wild | INPLOOKUP_IPV6);
913 t = in6_pcblookup(head, &zeroin6_addr, 0, laddr,
920 if (head->in6p_lport >= max)
921 head->in6p_lport = min;
924 if (head->in6p_lport == last_port)
928 in6p->in6p_lport = lport;
929 return(0); /* success */
931 #ifdef HAVE_NRL_INPCB
937 #undef IN6PLOOKUP_WILDCARD
939 #endif /* !FreeBSD3 && !OpenBSD*/
941 #if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
943 * XXX: this is borrowed from in6_pcbbind(). If possible, we should
944 * share this function by all *bsd*...
947 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct proc *p)
949 struct socket *so = inp->inp_socket;
950 u_int16_t lport = 0, first, last, *lastport;
952 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
954 /* XXX: this is redundant when called from in6_pcbbind */
955 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0)
956 wild = INPLOOKUP_WILDCARD;
958 inp->inp_flags |= INP_ANONPORT;
960 if (inp->inp_flags & INP_HIGHPORT) {
961 first = ipport_hifirstauto; /* sysctl */
962 last = ipport_hilastauto;
963 lastport = &pcbinfo->lasthi;
964 } else if (inp->inp_flags & INP_LOWPORT) {
965 first = ipport_lowfirstauto; /* 1023 */
966 last = ipport_lowlastauto; /* 600 */
967 lastport = &pcbinfo->lastlow;
969 first = ipport_firstauto; /* sysctl */
970 last = ipport_lastauto;
971 lastport = &pcbinfo->lastport;
974 * Simple check to ensure all ports are not used up causing
977 * We split the two cases (up and down) so that the direction
978 * is not being tested on each round of the loop.
984 count = first - last;
987 if (count-- < 0) { /* completely used? */
989 * Undo any address bind that may have
992 inp->in6p_laddr = in6addr_any;
996 if (*lastport > first || *lastport < last)
998 lport = htons(*lastport);
999 } while (in6_pcblookup_local(pcbinfo,
1000 &inp->in6p_laddr, lport, wild));
1005 count = last - first;
1008 if (count-- < 0) { /* completely used? */
1010 * Undo any address bind that may have
1013 inp->in6p_laddr = in6addr_any;
1017 if (*lastport < first || *lastport > last)
1019 lport = htons(*lastport);
1020 } while (in6_pcblookup_local(pcbinfo,
1021 &inp->in6p_laddr, lport, wild));
1024 inp->inp_lport = lport;
1025 if (in_pcbinshash(inp) != 0) {
1026 inp->in6p_laddr = in6addr_any;
1036 * Generate kernel-internal form (scopeid embedded into s6_addr16[1]).
1037 * If the address scope of is interface-local or link-local, embed the
1038 * interface index in the address.
1040 * This function should be nuked in the future, when we get rid of embedded
1044 in6_embedscope(in6, sin6)
1045 struct in6_addr *in6;
1046 const struct sockaddr_in6 *sin6;
1048 #ifdef SCOPEDROUTING
1050 * XXX: the SCOPEDROUTING code path is NOT expected to work at this
1051 * moment (20011112). We added this just in case.
1053 return(0); /* do nothing */
1056 u_int32_t zoneid = sin6->sin6_scope_id;
1058 *in6 = sin6->sin6_addr;
1061 * don't try to read sin6->sin6_addr beyond here, since the caller may
1062 * ask us to overwrite existing sockaddr_in6
1065 if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6)) {
1066 /* KAME assumption: link id == interface id */
1068 if (if_index < zoneid)
1069 return(ENXIO); /* XXX EINVAL? */
1070 #if defined(__FreeBSD__) && __FreeBSD__ >= 5
1071 ifp = ifnet_byindex(zoneid);
1073 ifp = ifindex2ifnet[zoneid];
1075 if (ifp == NULL) /* XXX: this can happen for some OS */
1078 /* XXX assignment to 16bit from 32bit variable */
1079 in6->s6_addr16[1] = htons(zoneid & 0xffff);
1088 * generate standard sockaddr_in6 from embedded form.
1089 * touches sin6_addr and sin6_scope_id only.
1091 * this function should be nuked in the future, when we get rid of
1092 * embedded scopeid thing.
1095 in6_recoverscope(sin6, in6, ifp)
1096 struct sockaddr_in6 *sin6;
1097 const struct in6_addr *in6;
1102 sin6->sin6_addr = *in6;
1105 * don't try to read *in6 beyond here, since the caller may
1106 * ask us to overwrite existing sockaddr_in6
1109 sin6->sin6_scope_id = 0;
1110 if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6)) {
1112 * KAME assumption: link id == interface id
1114 zoneid = ntohs(sin6->sin6_addr.s6_addr16[1]);
1117 if (zoneid < 0 || if_index < zoneid)
1119 if (ifp && ifp->if_index != zoneid)
1121 sin6->sin6_addr.s6_addr16[1] = 0;
1122 sin6->sin6_scope_id = zoneid;
1130 * just clear the embedded scope identifer.
1131 * XXX: currently used for bsdi4 only as a supplement function.
1134 in6_clearscope(addr)
1135 struct in6_addr *addr;
1137 if (IN6_IS_SCOPE_LINKLOCAL(addr) || IN6_IS_ADDR_MC_INTFACELOCAL(addr))
1138 addr->s6_addr16[1] = 0;
1142 addrsel_policy_init()
1144 init_policy_queue();
1146 /* initialize the "last resort" policy */
1147 bzero(&defaultaddrpolicy, sizeof(defaultaddrpolicy));
1148 defaultaddrpolicy.label = ADDR_LABEL_NOTAPP;
1151 static struct in6_addrpolicy *
1152 lookup_addrsel_policy(key)
1153 struct sockaddr_in6 *key;
1155 struct in6_addrpolicy *match = NULL;
1157 match = match_addrsel_policy(key);
1160 match = &defaultaddrpolicy;
1169 in6_src_ioctl(cmd, data)
1174 struct in6_addrpolicy ent0;
1176 if (cmd != SIOCAADDRCTL_POLICY && cmd != SIOCDADDRCTL_POLICY)
1177 return(EOPNOTSUPP); /* check for safety */
1179 ent0 = *(struct in6_addrpolicy *)data;
1181 if (ent0.label == ADDR_LABEL_NOTAPP)
1183 /* check if the prefix mask is consecutive. */
1184 if (in6_mask2len(&ent0.addrmask.sin6_addr, NULL) < 0)
1186 /* clear trailing garbages (if any) of the prefix address. */
1187 for (i = 0; i < 4; i++) {
1188 ent0.addr.sin6_addr.s6_addr32[i] &=
1189 ent0.addrmask.sin6_addr.s6_addr32[i];
1194 case SIOCAADDRCTL_POLICY:
1195 return(add_addrsel_policyent(&ent0));
1196 case SIOCDADDRCTL_POLICY:
1197 return(delete_addrsel_policyent(&ent0));
1200 return(0); /* XXX: compromise compilers */
1204 * The followings are implementation of the policy table using a
1205 * simple tail queue.
1206 * XXX such details should be hidden.
1207 * XXX implementation using binary tree should be more efficient.
1209 struct addrsel_policyent {
1210 TAILQ_ENTRY(addrsel_policyent) ape_entry;
1211 struct in6_addrpolicy ape_policy;
1214 TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
1216 struct addrsel_policyhead addrsel_policytab;
1221 TAILQ_INIT(&addrsel_policytab);
1225 add_addrsel_policyent(newpolicy)
1226 struct in6_addrpolicy *newpolicy;
1228 struct addrsel_policyent *new, *pol;
1230 /* duplication check */
1231 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
1232 pol = TAILQ_NEXT(pol, ape_entry)) {
1233 if (SA6_ARE_ADDR_EQUAL(&newpolicy->addr,
1234 &pol->ape_policy.addr) &&
1235 SA6_ARE_ADDR_EQUAL(&newpolicy->addrmask,
1236 &pol->ape_policy.addrmask)) {
1237 return(EEXIST); /* or override it? */
1241 MALLOC(new, struct addrsel_policyent *, sizeof(*new), M_IFADDR,
1243 bzero(new, sizeof(*new));
1245 /* XXX: should validate entry */
1246 new->ape_policy = *newpolicy;
1248 TAILQ_INSERT_TAIL(&addrsel_policytab, new, ape_entry);
1254 delete_addrsel_policyent(key)
1255 struct in6_addrpolicy *key;
1257 struct addrsel_policyent *pol;
1259 /* search for the entry in the table */
1260 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
1261 pol = TAILQ_NEXT(pol, ape_entry)) {
1262 if (SA6_ARE_ADDR_EQUAL(&key->addr, &pol->ape_policy.addr) &&
1263 SA6_ARE_ADDR_EQUAL(&key->addrmask,
1264 &pol->ape_policy.addrmask)) {
1271 TAILQ_REMOVE(&addrsel_policytab, pol, ape_entry);
1277 _show_addrsel_policy(void)
1279 struct addrsel_policyent *pol;
1281 log(LOG_ADDR, "IPv6 address policy table\n");
1282 for (pol = TAILQ_FIRST(&addrsel_policytab); pol;
1283 pol = TAILQ_NEXT(pol, ape_entry)) {
1284 log(LOG_ADDR, "Addr: \n");
1285 log_dump(LOG_ADDR, &pol->ape_policy.addr, 16);
1286 log(LOG_ADDR, "Mask:\n");
1287 log_dump(LOG_ADDR, &pol->ape_policy.addrmask, 16);
1291 static struct in6_addrpolicy *
1292 match_addrsel_policy(key)
1293 struct sockaddr_in6 *key;
1295 struct addrsel_policyent *pent;
1296 struct in6_addrpolicy *bestpol = NULL, *pol;
1297 int matchlen, bestmatchlen = -1;
1298 u_char *mp, *ep, *k, *p, m;
1300 for (pent = TAILQ_FIRST(&addrsel_policytab); pent;
1301 pent = TAILQ_NEXT(pent, ape_entry)) {
1304 pol = &pent->ape_policy;
1305 mp = (u_char *)&pol->addrmask.sin6_addr;
1306 ep = mp + 16; /* XXX: scope field? */
1307 k = (u_char *)&key->sin6_addr;
1308 p = (u_char *)&pol->addr.sin6_addr;
1309 for (; mp < ep && *mp; mp++, k++, p++) {
1312 goto next; /* not match */
1313 if (m == 0xff) /* short cut for a typical case */
1323 /* matched. check if this is better than the current best. */
1324 if (bestpol == NULL ||
1325 matchlen > bestmatchlen) {
1327 bestmatchlen = matchlen;