]> git.saurik.com Git - apple/xnu.git/blame - bsd/netinet6/in6.c
xnu-792.17.14.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6.c
CommitLineData
9bccf70c
A
1/* $FreeBSD: src/sys/netinet6/in6.c,v 1.7.2.7 2001/08/06 20:26:22 ume Exp $ */
2/* $KAME: in6.c,v 1.187 2001/05/24 07:43:59 itojun Exp $ */
1c79356b
A
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * Copyright (c) 1982, 1986, 1991, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)in.c 8.2 (Berkeley) 11/15/93
66 */
67
1c79356b
A
68
69#include <sys/param.h>
1c79356b 70#include <sys/ioctl.h>
1c79356b
A
71#include <sys/errno.h>
72#include <sys/malloc.h>
73#include <sys/socket.h>
74#include <sys/socketvar.h>
75#include <sys/sockio.h>
76#include <sys/systm.h>
77#include <sys/time.h>
78#include <sys/kernel.h>
79#include <sys/syslog.h>
9bccf70c 80#include <sys/kern_event.h>
91447636 81#include <kern/lock.h>
1c79356b
A
82
83#include <net/if.h>
84#include <net/if_types.h>
85#include <net/route.h>
1c79356b
A
86#include <net/if_dl.h>
87
88#include <netinet/in.h>
89#include <netinet/in_var.h>
1c79356b 90#include <netinet/if_ether.h>
9bccf70c
A
91#ifndef SCOPEDROUTING
92#include <netinet/in_systm.h>
93#include <netinet/ip.h>
94#include <netinet/in_pcb.h>
1c79356b
A
95#endif
96
97#include <netinet6/nd6.h>
98#include <netinet/ip6.h>
99#include <netinet6/ip6_var.h>
100#include <netinet6/mld6_var.h>
101#include <netinet6/ip6_mroute.h>
102#include <netinet6/in6_ifattach.h>
9bccf70c
A
103#include <netinet6/scope6_var.h>
104#ifndef SCOPEDROUTING
105#include <netinet6/in6_pcb.h>
106#endif
1c79356b
A
107
108#include <net/net_osdep.h>
109
9bccf70c 110#ifndef __APPLE__
1c79356b
A
111MALLOC_DEFINE(M_IPMADDR, "in6_multi", "internet multicast address");
112#endif
9bccf70c 113 /*
1c79356b
A
114 * Definitions of some costant IP6 addresses.
115 */
116const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
117const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
118const struct in6_addr in6addr_nodelocal_allnodes =
119 IN6ADDR_NODELOCAL_ALLNODES_INIT;
120const struct in6_addr in6addr_linklocal_allnodes =
121 IN6ADDR_LINKLOCAL_ALLNODES_INIT;
122const struct in6_addr in6addr_linklocal_allrouters =
123 IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
124
125const struct in6_addr in6mask0 = IN6MASK0;
126const struct in6_addr in6mask32 = IN6MASK32;
127const struct in6_addr in6mask64 = IN6MASK64;
128const struct in6_addr in6mask96 = IN6MASK96;
129const struct in6_addr in6mask128 = IN6MASK128;
130
9bccf70c
A
131const struct sockaddr_in6 sa6_any = {sizeof(sa6_any), AF_INET6,
132 0, 0, IN6ADDR_ANY_INIT, 0};
133
91447636
A
134static int in6_lifaddr_ioctl(struct socket *, u_long, caddr_t,
135 struct ifnet *, struct proc *);
136static int in6_ifinit(struct ifnet *, struct in6_ifaddr *,
137 struct sockaddr_in6 *, int);
138static void in6_unlink_ifa(struct in6_ifaddr *, struct ifnet *, int);
1c79356b 139
1c79356b 140struct in6_multihead in6_multihead; /* XXX BSS initialization */
91447636 141extern struct lck_mtx_t *nd6_mutex;
1c79356b
A
142
143/*
144 * Subroutine for in6_ifaddloop() and in6_ifremloop().
145 * This routine does actual work.
146 */
147static void
148in6_ifloop_request(int cmd, struct ifaddr *ifa)
149{
1c79356b
A
150 struct sockaddr_in6 all1_sa;
151 struct rtentry *nrt = NULL;
9bccf70c 152 int e;
1c79356b 153
1c79356b 154 bzero(&all1_sa, sizeof(all1_sa));
9bccf70c
A
155 all1_sa.sin6_family = AF_INET6;
156 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
1c79356b 157 all1_sa.sin6_addr = in6mask128;
9bccf70c
A
158
159 /*
160 * We specify the address itself as the gateway, and set the
161 * RTF_LLINFO flag, so that the corresponding host route would have
162 * the flag, and thus applications that assume traditional behavior
163 * would be happy. Note that we assume the caller of the function
164 * (probably implicitly) set nd6_rtrequest() to ifa->ifa_rtrequest,
165 * which changes the outgoing interface to the loopback interface.
166 */
91447636 167 e = rtrequest_locked(cmd, ifa->ifa_addr, ifa->ifa_addr,
9bccf70c
A
168 (struct sockaddr *)&all1_sa,
169 RTF_UP|RTF_HOST|RTF_LLINFO, &nrt);
170 if (e != 0) {
171 log(LOG_ERR, "in6_ifloop_request: "
172 "%s operation failed for %s (errno=%d)\n",
173 cmd == RTM_ADD ? "ADD" : "DELETE",
174 ip6_sprintf(&((struct in6_ifaddr *)ifa)->ia_addr.sin6_addr),
175 e);
176 }
1c79356b
A
177
178 /*
179 * Make sure rt_ifa be equal to IFA, the second argument of the
180 * function.
9bccf70c
A
181 * We need this because when we refer to rt_ifa->ia6_flags in
182 * ip6_input, we assume that the rt_ifa points to the address instead
183 * of the loopback address.
1c79356b
A
184 */
185 if (cmd == RTM_ADD && nrt && ifa != nrt->rt_ifa) {
9bccf70c 186 rtsetifa(nrt, ifa);
1c79356b 187 }
9bccf70c
A
188
189 /*
190 * Report the addition/removal of the address to the routing socket.
191 * XXX: since we called rtinit for a p2p interface with a destination,
192 * we end up reporting twice in such a case. Should we rather
193 * omit the second report?
194 */
195 if (nrt) {
196 rt_newaddrmsg(cmd, ifa, e, nrt);
197 if (cmd == RTM_DELETE) {
198 if (nrt->rt_refcnt <= 0) {
199 /* XXX: we should free the entry ourselves. */
200 rtref(nrt);
91447636 201 rtfree_locked(nrt);
9bccf70c
A
202 }
203 } else {
204 /* the cmd must be RTM_ADD here */
205 rtunref(nrt);
206 }
207 }
1c79356b
A
208}
209
210/*
9bccf70c
A
211 * Add ownaddr as loopback rtentry. We previously add the route only if
212 * necessary (ex. on a p2p link). However, since we now manage addresses
213 * separately from prefixes, we should always add the route. We can't
214 * rely on the cloning mechanism from the corresponding interface route
215 * any more.
1c79356b
A
216 */
217static void
218in6_ifaddloop(struct ifaddr *ifa)
219{
9bccf70c
A
220 struct rtentry *rt;
221
91447636 222 lck_mtx_lock(rt_mtx);
9bccf70c 223 /* If there is no loopback entry, allocate one. */
91447636 224 rt = rtalloc1_locked(ifa->ifa_addr, 0, 0);
9bccf70c
A
225 if (rt == NULL || (rt->rt_flags & RTF_HOST) == 0 ||
226 (rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0)
227 in6_ifloop_request(RTM_ADD, ifa);
228 if (rt)
229 rt->rt_refcnt--;
91447636 230 lck_mtx_unlock(rt_mtx);
1c79356b
A
231}
232
233/*
234 * Remove loopback rtentry of ownaddr generated by in6_ifaddloop(),
235 * if it exists.
236 */
237static void
91447636 238in6_ifremloop(struct ifaddr *ifa, int locked)
1c79356b 239{
9bccf70c
A
240 struct in6_ifaddr *ia;
241 struct rtentry *rt;
242 int ia_count = 0;
243
244 /*
245 * Some of BSD variants do not remove cloned routes
246 * from an interface direct route, when removing the direct route
247 * (see comments in net/net_osdep.h). Even for variants that do remove
248 * cloned routes, they could fail to remove the cloned routes when
249 * we handle multple addresses that share a common prefix.
250 * So, we should remove the route corresponding to the deleted address
251 * regardless of the result of in6_is_ifloop_auto().
252 */
253
254 /*
55e303ae 255 * Delete the entry only if exact one ifa exists. More than one ifa
9bccf70c
A
256 * can exist if we assign a same single address to multiple
257 * (probably p2p) interfaces.
258 * XXX: we should avoid such a configuration in IPv6...
259 */
91447636
A
260 if (!locked)
261 lck_mtx_lock(nd6_mutex);
262 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
9bccf70c
A
263 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ia->ia_addr.sin6_addr)) {
264 ia_count++;
265 if (ia_count > 1)
266 break;
1c79356b 267 }
9bccf70c 268 }
91447636
A
269 if (!locked)
270 lck_mtx_unlock(nd6_mutex);
9bccf70c
A
271
272 if (ia_count == 1) {
273 /*
274 * Before deleting, check if a corresponding loopbacked host
55e303ae 275 * route surely exists. With this check, we can avoid to
9bccf70c 276 * delete an interface direct route whose destination is same
55e303ae 277 * as the address being removed. This can happen when remofing
9bccf70c
A
278 * a subnet-router anycast address on an interface attahced
279 * to a shared medium.
280 */
91447636
A
281 lck_mtx_lock(rt_mtx);
282 rt = rtalloc1_locked(ifa->ifa_addr, 0, 0);
9bccf70c
A
283 if (rt != NULL && (rt->rt_flags & RTF_HOST) != 0 &&
284 (rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
285 rt->rt_refcnt--;
1c79356b 286 in6_ifloop_request(RTM_DELETE, ifa);
9bccf70c 287 }
91447636 288 lck_mtx_unlock(rt_mtx);
1c79356b
A
289 }
290}
291
292int
293in6_ifindex2scopeid(idx)
294 int idx;
295{
296 struct ifnet *ifp;
297 struct ifaddr *ifa;
298 struct sockaddr_in6 *sin6;
299
300 if (idx < 0 || if_index < idx)
301 return -1;
91447636
A
302
303 ifnet_head_lock_shared();
1c79356b 304 ifp = ifindex2ifnet[idx];
91447636 305 ifnet_head_done();
1c79356b 306
91447636 307 ifnet_lock_shared(ifp);
9bccf70c 308 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
309 {
310 if (ifa->ifa_addr->sa_family != AF_INET6)
311 continue;
312 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
91447636
A
313 if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
314 ifnet_lock_done(ifp);
1c79356b 315 return sin6->sin6_scope_id & 0xffff;
91447636 316 }
1c79356b 317 }
91447636 318 ifnet_lock_done(ifp);
1c79356b
A
319
320 return -1;
321}
322
323int
9bccf70c 324in6_mask2len(mask, lim0)
1c79356b 325 struct in6_addr *mask;
9bccf70c 326 u_char *lim0;
1c79356b 327{
9bccf70c
A
328 int x = 0, y;
329 u_char *lim = lim0, *p;
330
331 if (lim0 == NULL ||
332 lim0 - (u_char *)mask > sizeof(*mask)) /* ignore the scope_id part */
333 lim = (u_char *)mask + sizeof(*mask);
334 for (p = (u_char *)mask; p < lim; x++, p++) {
335 if (*p != 0xff)
1c79356b
A
336 break;
337 }
338 y = 0;
9bccf70c 339 if (p < lim) {
1c79356b 340 for (y = 0; y < 8; y++) {
9bccf70c 341 if ((*p & (0x80 >> y)) == 0)
1c79356b
A
342 break;
343 }
344 }
9bccf70c
A
345
346 /*
347 * when the limit pointer is given, do a stricter check on the
348 * remaining bits.
349 */
350 if (p < lim) {
351 if (y != 0 && (*p & (0x00ff >> y)) != 0)
352 return(-1);
353 for (p = p + 1; p < lim; p++)
354 if (*p != 0)
355 return(-1);
356 }
357
1c79356b
A
358 return x * 8 + y;
359}
360
361void
362in6_len2mask(mask, len)
363 struct in6_addr *mask;
364 int len;
365{
366 int i;
367
368 bzero(mask, sizeof(*mask));
369 for (i = 0; i < len / 8; i++)
370 mask->s6_addr8[i] = 0xff;
371 if (len % 8)
372 mask->s6_addr8[i] = (0xff00 >> (len % 8)) & 0xff;
373}
374
375#define ifa2ia6(ifa) ((struct in6_ifaddr *)(ifa))
376#define ia62ifa(ia6) (&((ia6)->ia_ifa))
377
378int
1c79356b
A
379in6_control(so, cmd, data, ifp, p)
380 struct socket *so;
381 u_long cmd;
382 caddr_t data;
383 struct ifnet *ifp;
384 struct proc *p;
1c79356b
A
385{
386 struct in6_ifreq *ifr = (struct in6_ifreq *)data;
9bccf70c 387 struct in6_ifaddr *ia = NULL;
1c79356b 388 struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
9bccf70c 389 int privileged, error = 0;
91447636
A
390 int index;
391 struct timeval timenow;
392
393 getmicrotime(&timenow);
1c79356b
A
394
395 privileged = 0;
9bccf70c 396#ifdef __APPLE__
91447636 397 if (p == NULL || !proc_suser(p))
1c79356b 398#else
9bccf70c 399 if (p == NULL || !suser(p))
1c79356b 400#endif
9bccf70c 401 privileged++;
1c79356b 402
1c79356b
A
403 switch (cmd) {
404 case SIOCGETSGCNT_IN6:
405 case SIOCGETMIFCNT_IN6:
406 return (mrt6_ioctl(cmd, data));
407 }
1c79356b
A
408
409 if (ifp == NULL)
410 return(EOPNOTSUPP);
411
412 switch (cmd) {
91447636
A
413 case SIOCAUTOCONF_START:
414 case SIOCAUTOCONF_STOP:
415 case SIOCLL_START:
416 case SIOCLL_STOP:
417 case SIOCPROTOATTACH_IN6:
418 case SIOCPROTODETACH_IN6:
419 if (!privileged)
420 return(EPERM);
421 break;
1c79356b
A
422 case SIOCSNDFLUSH_IN6:
423 case SIOCSPFXFLUSH_IN6:
424 case SIOCSRTRFLUSH_IN6:
425 case SIOCSDEFIFACE_IN6:
426 case SIOCSIFINFO_FLAGS:
427 if (!privileged)
428 return(EPERM);
55e303ae 429 /* fall through */
9bccf70c 430 case OSIOCGIFINFO_IN6:
1c79356b
A
431 case SIOCGIFINFO_IN6:
432 case SIOCGDRLST_IN6:
433 case SIOCGPRLST_IN6:
434 case SIOCGNBRINFO_IN6:
435 case SIOCGDEFIFACE_IN6:
436 return(nd6_ioctl(cmd, data, ifp));
437 }
438
439 switch (cmd) {
440 case SIOCSIFPREFIX_IN6:
441 case SIOCDIFPREFIX_IN6:
442 case SIOCAIFPREFIX_IN6:
443 case SIOCCIFPREFIX_IN6:
444 case SIOCSGIFPREFIX_IN6:
1c79356b 445 case SIOCGIFPREFIX_IN6:
9bccf70c
A
446 log(LOG_NOTICE,
447 "prefix ioctls are now invalidated. "
448 "please use ifconfig.\n");
449 return(EOPNOTSUPP);
450 }
451
55e303ae 452 switch (cmd) {
9bccf70c
A
453 case SIOCSSCOPE6:
454 if (!privileged)
1c79356b 455 return(EPERM);
9bccf70c
A
456 return(scope6_set(ifp, ifr->ifr_ifru.ifru_scope_id));
457 break;
458 case SIOCGSCOPE6:
459 return(scope6_get(ifp, ifr->ifr_ifru.ifru_scope_id));
460 break;
461 case SIOCGSCOPE6DEF:
462 return(scope6_get_default(ifr->ifr_ifru.ifru_scope_id));
463 break;
1c79356b
A
464 }
465
466 switch (cmd) {
467 case SIOCALIFADDR:
468 case SIOCDLIFADDR:
469 if (!privileged)
470 return(EPERM);
55e303ae 471 /* fall through */
1c79356b 472 case SIOCGLIFADDR:
1c79356b 473 return in6_lifaddr_ioctl(so, cmd, data, ifp, p);
1c79356b 474 }
9bccf70c
A
475
476#ifdef __APPLE__
477
478 switch (cmd) {
479
55e303ae 480 case SIOCAUTOCONF_START:
91447636 481 ifnet_lock_exclusive(ifp);
55e303ae 482 ifp->if_eflags |= IFEF_ACCEPT_RTADVD;
91447636 483 ifnet_lock_done(ifp);
55e303ae
A
484 return (0);
485
486 case SIOCAUTOCONF_STOP:
487 {
91447636
A
488 struct in6_ifaddr *ia, *nia = NULL;
489
490 ifnet_lock_exclusive(ifp);
55e303ae 491 ifp->if_eflags &= ~IFEF_ACCEPT_RTADVD;
91447636 492 ifnet_lock_done(ifp);
55e303ae 493
91447636 494 /* nuke prefix list. this may try to remove some ifaddrs as well */
55e303ae
A
495 in6_purgeprefix(ifp);
496
497 /* removed autoconfigured address from interface */
91447636
A
498 lck_mtx_lock(nd6_mutex);
499 for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
500 nia = ia->ia_next;
501 if (ia->ia_ifa.ifa_ifp != ifp)
55e303ae 502 continue;
91447636
A
503 if (ia->ia6_flags & IN6_IFF_AUTOCONF)
504 in6_purgeaddr(&ia->ia_ifa, 1);
55e303ae 505 }
91447636 506 lck_mtx_unlock(nd6_mutex);
55e303ae
A
507 return (0);
508 }
509
510
511 case SIOCLL_START:
512
513 /* NOTE: All the interface specific DLIL attachements should be done here
514 * They are currently done in in6_ifattach() for the interfaces that need it
515 */
516
517 if (ifp->if_type == IFT_PPP && ifra->ifra_addr.sin6_family == AF_INET6 &&
518 ifra->ifra_dstaddr.sin6_family == AF_INET6)
519 in6_if_up(ifp, ifra); /* PPP may provide LinkLocal addresses */
520 else
521 in6_if_up(ifp, 0);
522
523 return(0);
524
525 case SIOCLL_STOP:
526 {
91447636
A
527 struct in6_ifaddr *ia, *nia = NULL;
528
55e303ae
A
529 /* removed link local addresses from interface */
530
91447636
A
531 lck_mtx_lock(nd6_mutex);
532 for (ia = in6_ifaddrs; ia != NULL; ia = nia) {
533 nia = ia->ia_next;
534 if (ia->ia_ifa.ifa_ifp != ifp)
55e303ae 535 continue;
91447636
A
536 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr))
537 in6_purgeaddr(&ia->ia_ifa, 1);
55e303ae 538 }
91447636 539 lck_mtx_unlock(nd6_mutex);
55e303ae
A
540 return (0);
541 }
542
543
544 case SIOCPROTOATTACH_IN6:
91447636 545
9bccf70c 546 switch (ifp->if_type) {
55e303ae
A
547#if IFT_BRIDGE /*OpenBSD 2.8*/
548 /* some of the interfaces are inherently not IPv6 capable */
549 case IFT_BRIDGE:
550 return;
551#endif
552 default:
553
91447636 554 if (error = dlil_plumb_protocol(PF_INET6, ifp))
55e303ae
A
555 printf("SIOCPROTOATTACH_IN6: %s error=%d\n",
556 if_name(ifp), error);
9bccf70c 557 break;
55e303ae 558
9bccf70c 559 }
55e303ae
A
560 return (error);
561
562
563 case SIOCPROTODETACH_IN6:
564
565 in6_purgeif(ifp); /* Cleanup interface routes and addresses */
566
567 if (error = dlil_unplumb_protocol(PF_INET6, ifp))
568 printf("SIOCPROTODETACH_IN6: %s error=%d\n",
569 if_name(ifp), error);
570 return(error);
1c79356b 571
9bccf70c
A
572 }
573#endif
1c79356b
A
574 /*
575 * Find address for this interface, if it exists.
576 */
577 if (ifra->ifra_addr.sin6_family == AF_INET6) { /* XXX */
578 struct sockaddr_in6 *sa6 =
579 (struct sockaddr_in6 *)&ifra->ifra_addr;
580
581 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) {
582 if (sa6->sin6_addr.s6_addr16[1] == 0) {
9bccf70c 583 /* link ID is not embedded by the user */
1c79356b
A
584 sa6->sin6_addr.s6_addr16[1] =
585 htons(ifp->if_index);
586 } else if (sa6->sin6_addr.s6_addr16[1] !=
587 htons(ifp->if_index)) {
9bccf70c 588 return(EINVAL); /* link ID contradicts */
1c79356b
A
589 }
590 if (sa6->sin6_scope_id) {
591 if (sa6->sin6_scope_id !=
592 (u_int32_t)ifp->if_index)
593 return(EINVAL);
594 sa6->sin6_scope_id = 0; /* XXX: good way? */
595 }
596 }
597 ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr);
598 }
599
600 switch (cmd) {
9bccf70c
A
601 case SIOCSIFADDR_IN6:
602 case SIOCSIFDSTADDR_IN6:
603 case SIOCSIFNETMASK_IN6:
604 /*
605 * Since IPv6 allows a node to assign multiple addresses
606 * on a single interface, SIOCSIFxxx ioctls are not suitable
607 * and should be unused.
608 */
609 /* we decided to obsolete this command (20000704) */
91447636
A
610 error = EINVAL;
611 goto ioctl_cleanup;
1c79356b
A
612
613 case SIOCDIFADDR_IN6:
614 /*
9bccf70c 615 * for IPv4, we look for existing in_ifaddr here to allow
1c79356b
A
616 * "ifconfig if0 delete" to remove first IPv4 address on the
617 * interface. For IPv6, as the spec allow multiple interface
618 * address from the day one, we consider "remove the first one"
9bccf70c 619 * semantics to be not preferable.
1c79356b 620 */
91447636
A
621 if (ia == NULL) {
622 error = EADDRNOTAVAIL;
623 goto ioctl_cleanup;
624 }
625
1c79356b
A
626 /* FALLTHROUGH */
627 case SIOCAIFADDR_IN6:
1c79356b 628 /*
9bccf70c
A
629 * We always require users to specify a valid IPv6 address for
630 * the corresponding operation.
1c79356b 631 */
9bccf70c 632 if (ifra->ifra_addr.sin6_family != AF_INET6 ||
91447636
A
633 ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) {
634 error = EAFNOSUPPORT;
635 goto ioctl_cleanup;
636 }
637 if (!privileged) {
638 error = EPERM;
639 goto ioctl_cleanup;
640 }
1c79356b 641
1c79356b
A
642 break;
643
644 case SIOCGIFADDR_IN6:
645 /* This interface is basically deprecated. use SIOCGIFCONF. */
646 /* fall through */
647 case SIOCGIFAFLAG_IN6:
648 case SIOCGIFNETMASK_IN6:
649 case SIOCGIFDSTADDR_IN6:
650 case SIOCGIFALIFETIME_IN6:
651 /* must think again about its semantics */
91447636
A
652 if (ia == NULL) {
653 error = EADDRNOTAVAIL;
654 goto ioctl_cleanup;
655 }
1c79356b
A
656 break;
657 case SIOCSIFALIFETIME_IN6:
658 {
659 struct in6_addrlifetime *lt;
660
91447636
A
661 if (!privileged) {
662 error = EPERM;
663 goto ioctl_cleanup;
664 }
665 if (ia == NULL) {
666 error = EADDRNOTAVAIL;
667 goto ioctl_cleanup;
668 }
1c79356b
A
669 /* sanity for overflow - beware unsigned */
670 lt = &ifr->ifr_ifru.ifru_lifetime;
671 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
91447636
A
672 && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
673 error = EINVAL;
674 goto ioctl_cleanup;
1c79356b
A
675 }
676 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
91447636
A
677 && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
678 error = EINVAL;
679 goto ioctl_cleanup;
1c79356b
A
680 }
681 break;
682 }
683 }
684
685 switch (cmd) {
686
687 case SIOCGIFADDR_IN6:
688 ifr->ifr_addr = ia->ia_addr;
689 break;
690
691 case SIOCGIFDSTADDR_IN6:
91447636
A
692 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
693 error = EINVAL;
694 goto ioctl_cleanup;
695 }
9bccf70c
A
696 /*
697 * XXX: should we check if ifa_dstaddr is NULL and return
698 * an error?
699 */
1c79356b
A
700 ifr->ifr_dstaddr = ia->ia_dstaddr;
701 break;
702
703 case SIOCGIFNETMASK_IN6:
704 ifr->ifr_addr = ia->ia_prefixmask;
705 break;
706
707 case SIOCGIFAFLAG_IN6:
708 ifr->ifr_ifru.ifru_flags6 = ia->ia6_flags;
709 break;
710
711 case SIOCGIFSTAT_IN6:
91447636
A
712 if (ifp == NULL) {
713 error = EINVAL;
714 goto ioctl_cleanup;
715 }
716 index = ifp->if_index;
717 if (in6_ifstat == NULL || index >= in6_ifstatmax
718 || in6_ifstat[index] == NULL) {
1c79356b
A
719 /* return EAFNOSUPPORT? */
720 bzero(&ifr->ifr_ifru.ifru_stat,
721 sizeof(ifr->ifr_ifru.ifru_stat));
722 } else
91447636 723 ifr->ifr_ifru.ifru_stat = *in6_ifstat[index];
1c79356b
A
724 break;
725
726 case SIOCGIFSTAT_ICMP6:
91447636
A
727 if (ifp == NULL) {
728 error = EINVAL;
729 goto ioctl_cleanup;
730 }
731 index = ifp->if_index;
732 if (icmp6_ifstat == NULL || index >= icmp6_ifstatmax ||
733 icmp6_ifstat[index] == NULL) {
1c79356b
A
734 /* return EAFNOSUPPORT? */
735 bzero(&ifr->ifr_ifru.ifru_stat,
736 sizeof(ifr->ifr_ifru.ifru_icmp6stat));
737 } else
738 ifr->ifr_ifru.ifru_icmp6stat =
91447636 739 *icmp6_ifstat[index];
1c79356b 740 break;
1c79356b 741
1c79356b
A
742 case SIOCGIFALIFETIME_IN6:
743 ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
744 break;
745
746 case SIOCSIFALIFETIME_IN6:
747 ia->ia6_lifetime = ifr->ifr_ifru.ifru_lifetime;
748 /* for sanity */
749 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
750 ia->ia6_lifetime.ia6t_expire =
91447636 751 timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
1c79356b
A
752 } else
753 ia->ia6_lifetime.ia6t_expire = 0;
754 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
755 ia->ia6_lifetime.ia6t_preferred =
91447636 756 timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
1c79356b
A
757 } else
758 ia->ia6_lifetime.ia6t_preferred = 0;
759 break;
760
1c79356b 761 case SIOCAIFADDR_IN6:
9bccf70c 762 {
91447636 763 int i;
9bccf70c 764 struct nd_prefix pr0, *pr;
55e303ae 765
91447636
A
766 /* Attempt to attache the protocol, in case it isn't attached */
767 error = dlil_plumb_protocol(PF_INET6, ifp);
768 if (error) {
769 if (error != EEXIST) {
55e303ae
A
770 printf("SIOCAIFADDR_IN6: %s can't plumb protocol error=%d\n",
771 if_name(ifp), error);
91447636 772 goto ioctl_cleanup;
55e303ae 773 }
91447636
A
774
775 /* Ignore, EEXIST */
776 error = 0;
777 }
778 else {
779 /* PF_INET6 wasn't previously attached */
55e303ae 780 in6_if_up(ifp, NULL);
9bccf70c 781 }
1c79356b 782
1c79356b 783 /*
9bccf70c
A
784 * first, make or update the interface address structure,
785 * and link it to the list.
1c79356b 786 */
9bccf70c 787 if ((error = in6_update_ifa(ifp, ifra, ia)) != 0)
91447636 788 goto ioctl_cleanup;
9bccf70c 789
1c79356b 790 /*
9bccf70c
A
791 * then, make the prefix on-link on the interface.
792 * XXX: we'd rather create the prefix before the address, but
793 * we need at least one address to install the corresponding
794 * interface route, so we configure the address first.
1c79356b 795 */
1c79356b 796
9bccf70c
A
797 /*
798 * convert mask to prefix length (prefixmask has already
799 * been validated in in6_update_ifa().
800 */
801 bzero(&pr0, sizeof(pr0));
802 pr0.ndpr_ifp = ifp;
803 pr0.ndpr_plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
804 NULL);
805 if (pr0.ndpr_plen == 128)
806 break; /* we don't need to install a host route. */
807 pr0.ndpr_prefix = ifra->ifra_addr;
808 pr0.ndpr_mask = ifra->ifra_prefixmask.sin6_addr;
809 /* apply the mask for safety. */
810 for (i = 0; i < 4; i++) {
811 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
812 ifra->ifra_prefixmask.sin6_addr.s6_addr32[i];
1c79356b 813 }
9bccf70c 814 /*
55e303ae
A
815 * XXX: since we don't have an API to set prefix (not address)
816 * lifetimes, we just use the same lifetimes as addresses.
817 * The (temporarily) installed lifetimes can be overridden by
818 * later advertised RAs (when accept_rtadv is non 0), which is
819 * an intended behavior.
9bccf70c
A
820 */
821 pr0.ndpr_raf_onlink = 1; /* should be configurable? */
822 pr0.ndpr_raf_auto =
823 ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0);
824 pr0.ndpr_vltime = ifra->ifra_lifetime.ia6t_vltime;
825 pr0.ndpr_pltime = ifra->ifra_lifetime.ia6t_pltime;
826
827 /* add the prefix if there's one. */
828 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
829 /*
830 * nd6_prelist_add will install the corresponding
831 * interface route.
832 */
833 if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
91447636 834 goto ioctl_cleanup;
9bccf70c
A
835 if (pr == NULL) {
836 log(LOG_ERR, "nd6_prelist_add succedded but "
837 "no prefix\n");
91447636
A
838 error = EINVAL;
839 goto ioctl_cleanup;
1c79356b 840 }
1c79356b 841 }
9bccf70c
A
842 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra->ifra_addr.sin6_addr))
843 == NULL) {
844 /* XXX: this should not happen! */
845 log(LOG_ERR, "in6_control: addition succeeded, but"
846 " no ifaddr\n");
847 } else {
848 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
849 ia->ia6_ndpr == NULL) { /* new autoconfed addr */
850 ia->ia6_ndpr = pr;
851 pr->ndpr_refcnt++;
852
853 /*
854 * If this is the first autoconf address from
855 * the prefix, create a temporary address
856 * as well (when specified).
857 */
858 if (ip6_use_tempaddr &&
859 pr->ndpr_refcnt == 1) {
860 int e;
861 if ((e = in6_tmpifadd(ia, 1)) != 0) {
862 log(LOG_NOTICE, "in6_control: "
863 "failed to create a "
864 "temporary address, "
865 "errno=%d\n",
866 e);
867 }
868 }
869 }
1c79356b
A
870
871 /*
9bccf70c
A
872 * this might affect the status of autoconfigured
873 * addresses, that is, this address might make
874 * other addresses detached.
1c79356b 875 */
91447636 876 pfxlist_onlink_check(0);
1c79356b
A
877 }
878
9bccf70c
A
879 break;
880 }
881
882 case SIOCDIFADDR_IN6:
883 {
884 int i = 0;
885 struct nd_prefix pr0, *pr;
1c79356b
A
886
887 /*
9bccf70c
A
888 * If the address being deleted is the only one that owns
889 * the corresponding prefix, expire the prefix as well.
890 * XXX: theoretically, we don't have to warry about such
891 * relationship, since we separate the address management
892 * and the prefix management. We do this, however, to provide
893 * as much backward compatibility as possible in terms of
894 * the ioctl operation.
1c79356b 895 */
9bccf70c
A
896 bzero(&pr0, sizeof(pr0));
897 pr0.ndpr_ifp = ifp;
898 pr0.ndpr_plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr,
899 NULL);
900 if (pr0.ndpr_plen == 128)
901 goto purgeaddr;
902 pr0.ndpr_prefix = ia->ia_addr;
903 pr0.ndpr_mask = ia->ia_prefixmask.sin6_addr;
904 for (i = 0; i < 4; i++) {
905 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
906 ia->ia_prefixmask.sin6_addr.s6_addr32[i];
1c79356b 907 }
9bccf70c
A
908 /*
909 * The logic of the following condition is a bit complicated.
910 * We expire the prefix when
911 * 1. the address obeys autoconfiguration and it is the
912 * only owner of the associated prefix, or
913 * 2. the address does not obey autoconf and there is no
914 * other owner of the prefix.
915 */
916 if ((pr = nd6_prefix_lookup(&pr0)) != NULL &&
917 (((ia->ia6_flags & IN6_IFF_AUTOCONF) != 0 &&
918 pr->ndpr_refcnt == 1) ||
919 ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0 &&
920 pr->ndpr_refcnt == 0))) {
921 pr->ndpr_expire = 1; /* XXX: just for expiration */
1c79356b
A
922 }
923
9bccf70c 924 purgeaddr:
91447636 925 in6_purgeaddr(&ia->ia_ifa, 0);
1c79356b 926 break;
9bccf70c 927 }
1c79356b
A
928
929 default:
930#ifdef __APPLE__
91447636
A
931 error = dlil_ioctl(PF_INET6, ifp, cmd, (caddr_t)data);
932 goto ioctl_cleanup;
1c79356b
A
933#else
934 if (ifp == NULL || ifp->if_ioctl == 0)
935 return(EOPNOTSUPP);
936 return((*ifp->if_ioctl)(ifp, cmd, data));
937#endif
938 }
91447636
A
939ioctl_cleanup:
940 return error;
1c79356b
A
941}
942
9bccf70c
A
943/*
944 * Update parameters of an IPv6 interface address.
945 * If necessary, a new entry is created and linked into address chains.
946 * This function is separated from in6_control().
947 * XXX: should this be performed under splnet()?
948 */
949int
950in6_update_ifa(ifp, ifra, ia)
951 struct ifnet *ifp;
952 struct in6_aliasreq *ifra;
953 struct in6_ifaddr *ia;
1c79356b 954{
9bccf70c
A
955 int error = 0, hostIsNew = 0, plen = -1;
956 struct in6_ifaddr *oia;
957 struct sockaddr_in6 dst6;
958 struct in6_addrlifetime *lt;
91447636 959 struct timeval timenow;
1c79356b 960
91447636
A
961
962 lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
9bccf70c
A
963 /* Validate parameters */
964 if (ifp == NULL || ifra == NULL) /* this maybe redundant */
965 return(EINVAL);
966
967 /*
968 * The destination address for a p2p link must have a family
969 * of AF_UNSPEC or AF_INET6.
970 */
971 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
972 ifra->ifra_dstaddr.sin6_family != AF_INET6 &&
973 ifra->ifra_dstaddr.sin6_family != AF_UNSPEC)
974 return(EAFNOSUPPORT);
975 /*
976 * validate ifra_prefixmask. don't check sin6_family, netmask
977 * does not carry fields other than sin6_len.
978 */
979 if (ifra->ifra_prefixmask.sin6_len > sizeof(struct sockaddr_in6))
980 return(EINVAL);
91447636
A
981 /*
982 * Set the address family value for the mask if it was not set.
983 * Radar 3899482.
984 */
985 if (ifra->ifra_prefixmask.sin6_len == sizeof(struct sockaddr_in6) &&
986 ifra->ifra_prefixmask.sin6_family == 0) {
987 ifra->ifra_prefixmask.sin6_family = AF_INET6;
988 }
9bccf70c
A
989 /*
990 * Because the IPv6 address architecture is classless, we require
991 * users to specify a (non 0) prefix length (mask) for a new address.
992 * We also require the prefix (when specified) mask is valid, and thus
993 * reject a non-consecutive mask.
994 */
995 if (ia == NULL && ifra->ifra_prefixmask.sin6_len == 0)
996 return(EINVAL);
997 if (ifra->ifra_prefixmask.sin6_len != 0) {
998 plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr,
999 (u_char *)&ifra->ifra_prefixmask +
1000 ifra->ifra_prefixmask.sin6_len);
1001 if (plen <= 0)
1002 return(EINVAL);
1003 }
1004 else {
1005 /*
55e303ae 1006 * In this case, ia must not be NULL. We just use its prefix
9bccf70c
A
1007 * length.
1008 */
1009 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL);
1010 }
1011 /*
1012 * If the destination address on a p2p interface is specified,
1013 * and the address is a scoped one, validate/set the scope
1014 * zone identifier.
1015 */
1016 dst6 = ifra->ifra_dstaddr;
1017 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) &&
1018 (dst6.sin6_family == AF_INET6)) {
1019 int scopeid;
1020
1021#ifndef SCOPEDROUTING
1022 if ((error = in6_recoverscope(&dst6,
1023 &ifra->ifra_dstaddr.sin6_addr,
1024 ifp)) != 0)
1025 return(error);
1026#endif
1027 scopeid = in6_addr2scopeid(ifp, &dst6.sin6_addr);
1028 if (dst6.sin6_scope_id == 0) /* user omit to specify the ID. */
1029 dst6.sin6_scope_id = scopeid;
1030 else if (dst6.sin6_scope_id != scopeid)
1031 return(EINVAL); /* scope ID mismatch. */
1032#ifndef SCOPEDROUTING
1033 if ((error = in6_embedscope(&dst6.sin6_addr, &dst6, NULL, NULL))
1034 != 0)
1035 return(error);
1036 dst6.sin6_scope_id = 0; /* XXX */
1037#endif
1038 }
1039 /*
1040 * The destination address can be specified only for a p2p or a
1041 * loopback interface. If specified, the corresponding prefix length
1042 * must be 128.
1043 */
1044 if (ifra->ifra_dstaddr.sin6_family == AF_INET6) {
1045 if ((ifp->if_flags & (IFF_POINTOPOINT|IFF_LOOPBACK)) == 0) {
1046 /* XXX: noisy message */
1047 log(LOG_INFO, "in6_update_ifa: a destination can be "
1048 "specified for a p2p or a loopback IF only\n");
1049 return(EINVAL);
1050 }
1051 if (plen != 128) {
1052 /*
1053 * The following message seems noisy, but we dare to
1054 * add it for diagnosis.
1055 */
1056 log(LOG_INFO, "in6_update_ifa: prefixlen must be 128 "
1057 "when dstaddr is specified\n");
1058 return(EINVAL);
1059 }
1060 }
1061 /* lifetime consistency check */
91447636
A
1062
1063 getmicrotime(&timenow);
9bccf70c
A
1064 lt = &ifra->ifra_lifetime;
1065 if (lt->ia6t_vltime != ND6_INFINITE_LIFETIME
91447636 1066 && lt->ia6t_vltime + timenow.tv_sec < timenow.tv_sec) {
9bccf70c
A
1067 return EINVAL;
1068 }
1069 if (lt->ia6t_vltime == 0) {
1070 /*
1071 * the following log might be noisy, but this is a typical
1072 * configuration mistake or a tool's bug.
1073 */
1074 log(LOG_INFO,
1075 "in6_update_ifa: valid lifetime is 0 for %s\n",
1076 ip6_sprintf(&ifra->ifra_addr.sin6_addr));
1077 }
1078 if (lt->ia6t_pltime != ND6_INFINITE_LIFETIME
91447636 1079 && lt->ia6t_pltime + timenow.tv_sec < timenow.tv_sec) {
9bccf70c
A
1080 return EINVAL;
1081 }
1082
1083 /*
1084 * If this is a new address, allocate a new ifaddr and link it
1085 * into chains.
1086 */
1087 if (ia == NULL) {
1088 hostIsNew = 1;
1089 /*
1090 * When in6_update_ifa() is called in a process of a received
1091 * RA, it is called under splnet(). So, we should call malloc
1092 * with M_NOWAIT.
1093 */
1094 ia = (struct in6_ifaddr *)
1095 _MALLOC(sizeof(*ia), M_IFADDR, M_NOWAIT);
1096 if (ia == NULL)
91447636 1097 return ENOBUFS;
9bccf70c
A
1098 bzero((caddr_t)ia, sizeof(*ia));
1099 /* Initialize the address and masks */
1100 ia->ia_ifa.ifa_addr = (struct sockaddr *)&ia->ia_addr;
1101 ia->ia_addr.sin6_family = AF_INET6;
1102 ia->ia_addr.sin6_len = sizeof(ia->ia_addr);
1103 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) != 0) {
1104 /*
1105 * XXX: some functions expect that ifa_dstaddr is not
1106 * NULL for p2p interfaces.
1107 */
1108 ia->ia_ifa.ifa_dstaddr
1109 = (struct sockaddr *)&ia->ia_dstaddr;
1110 } else {
1111 ia->ia_ifa.ifa_dstaddr = NULL;
1112 }
1113 ia->ia_ifa.ifa_netmask
1114 = (struct sockaddr *)&ia->ia_prefixmask;
1115
1116 ia->ia_ifp = ifp;
91447636
A
1117 lck_mtx_lock(nd6_mutex);
1118 if ((oia = in6_ifaddrs) != NULL) {
9bccf70c
A
1119 for ( ; oia->ia_next; oia = oia->ia_next)
1120 continue;
1121 oia->ia_next = ia;
1122 } else
91447636
A
1123 in6_ifaddrs = ia;
1124 lck_mtx_unlock(nd6_mutex);
9bccf70c 1125
91447636
A
1126 ifnet_lock_exclusive(ifp);
1127 if_attach_ifa(ifp, &ia->ia_ifa);
1128 ifnet_lock_done(ifp);
9bccf70c
A
1129 }
1130
1131 /* set prefix mask */
1132 if (ifra->ifra_prefixmask.sin6_len) {
1133 /*
1134 * We prohibit changing the prefix length of an existing
1135 * address, because
1136 * + such an operation should be rare in IPv6, and
1137 * + the operation would confuse prefix management.
1138 */
1139 if (ia->ia_prefixmask.sin6_len &&
1140 in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL) != plen) {
1141 log(LOG_INFO, "in6_update_ifa: the prefix length of an"
1142 " existing (%s) address should not be changed\n",
1143 ip6_sprintf(&ia->ia_addr.sin6_addr));
1144 error = EINVAL;
1145 goto unlink;
1146 }
1147 ia->ia_prefixmask = ifra->ifra_prefixmask;
1148 }
1149
1150 /*
1151 * If a new destination address is specified, scrub the old one and
1152 * install the new destination. Note that the interface must be
1153 * p2p or loopback (see the check above.)
1154 */
1155 if (dst6.sin6_family == AF_INET6 &&
1156 !IN6_ARE_ADDR_EQUAL(&dst6.sin6_addr,
1157 &ia->ia_dstaddr.sin6_addr)) {
1158 int e;
1159
1160 if ((ia->ia_flags & IFA_ROUTE) != 0 &&
1161 (e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST))
1162 != 0) {
1163 log(LOG_ERR, "in6_update_ifa: failed to remove "
1164 "a route to the old destination: %s\n",
1165 ip6_sprintf(&ia->ia_addr.sin6_addr));
1166 /* proceed anyway... */
1167 }
1168 else
1169 ia->ia_flags &= ~IFA_ROUTE;
1170 ia->ia_dstaddr = dst6;
1171 }
1172
1173 /* reset the interface and routing table appropriately. */
1174 if ((error = in6_ifinit(ifp, ia, &ifra->ifra_addr, hostIsNew)) != 0)
1175 goto unlink;
1176
1177 /*
1178 * Beyond this point, we should call in6_purgeaddr upon an error,
1179 * not just go to unlink.
1180 */
1181
1182#if 0 /* disable this mechanism for now */
1183 /* update prefix list */
1184 if (hostIsNew &&
1185 (ifra->ifra_flags & IN6_IFF_NOPFX) == 0) { /* XXX */
1186 int iilen;
1187
1188 iilen = (sizeof(ia->ia_prefixmask.sin6_addr) << 3) - plen;
1189 if ((error = in6_prefix_add_ifid(iilen, ia)) != 0) {
91447636 1190 in6_purgeaddr((struct ifaddr *)ia, 0);
9bccf70c
A
1191 return(error);
1192 }
1193 }
1194#endif
1195
1196 if ((ifp->if_flags & IFF_MULTICAST) != 0) {
1197 struct sockaddr_in6 mltaddr, mltmask;
1198 struct in6_multi *in6m;
1199
1200 if (hostIsNew) {
1201 /*
1202 * join solicited multicast addr for new host id
1203 */
1204 struct in6_addr llsol;
1205 bzero(&llsol, sizeof(struct in6_addr));
1206 llsol.s6_addr16[0] = htons(0xff02);
1207 llsol.s6_addr16[1] = htons(ifp->if_index);
1208 llsol.s6_addr32[1] = 0;
1209 llsol.s6_addr32[2] = htonl(1);
1210 llsol.s6_addr32[3] =
1211 ifra->ifra_addr.sin6_addr.s6_addr32[3];
1212 llsol.s6_addr8[12] = 0xff;
91447636 1213 (void)in6_addmulti(&llsol, ifp, &error, 0);
9bccf70c
A
1214 if (error != 0) {
1215 log(LOG_WARNING,
1216 "in6_update_ifa: addmulti failed for "
1217 "%s on %s (errno=%d)\n",
1218 ip6_sprintf(&llsol), if_name(ifp),
1219 error);
91447636 1220 in6_purgeaddr((struct ifaddr *)ia, 0);
9bccf70c
A
1221 return(error);
1222 }
1223 }
1224
1225 bzero(&mltmask, sizeof(mltmask));
1226 mltmask.sin6_len = sizeof(struct sockaddr_in6);
1227 mltmask.sin6_family = AF_INET6;
1228 mltmask.sin6_addr = in6mask32;
1229
1230 /*
1231 * join link-local all-nodes address
1232 */
1233 bzero(&mltaddr, sizeof(mltaddr));
1234 mltaddr.sin6_len = sizeof(struct sockaddr_in6);
1235 mltaddr.sin6_family = AF_INET6;
1236 mltaddr.sin6_addr = in6addr_linklocal_allnodes;
1237 mltaddr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
1238
91447636 1239 ifnet_lock_shared(ifp);
9bccf70c 1240 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
91447636 1241 ifnet_lock_done(ifp);
9bccf70c
A
1242 if (in6m == NULL) {
1243 rtrequest(RTM_ADD,
1244 (struct sockaddr *)&mltaddr,
1245 (struct sockaddr *)&ia->ia_addr,
1246 (struct sockaddr *)&mltmask,
1247 RTF_UP|RTF_CLONING, /* xxx */
1248 (struct rtentry **)0);
91447636 1249 (void)in6_addmulti(&mltaddr.sin6_addr, ifp, &error, 0);
9bccf70c
A
1250 if (error != 0) {
1251 log(LOG_WARNING,
1252 "in6_update_ifa: addmulti failed for "
1253 "%s on %s (errno=%d)\n",
1254 ip6_sprintf(&mltaddr.sin6_addr),
1255 if_name(ifp), error);
1256 }
1257 }
1258
1259 /*
1260 * join node information group address
1261 */
1262#define hostnamelen strlen(hostname)
1263 if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr.sin6_addr)
1264 == 0) {
91447636 1265 ifnet_lock_shared(ifp);
9bccf70c 1266 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
91447636 1267 ifnet_lock_done(ifp);
9bccf70c
A
1268 if (in6m == NULL && ia != NULL) {
1269 (void)in6_addmulti(&mltaddr.sin6_addr,
91447636 1270 ifp, &error, 0);
9bccf70c
A
1271 if (error != 0) {
1272 log(LOG_WARNING, "in6_update_ifa: "
1273 "addmulti failed for "
1274 "%s on %s (errno=%d)\n",
1275 ip6_sprintf(&mltaddr.sin6_addr),
1276 if_name(ifp), error);
1277 }
1278 }
1279 }
1280#undef hostnamelen
1281
1282 /*
1283 * join node-local all-nodes address, on loopback.
1284 * XXX: since "node-local" is obsoleted by interface-local,
1285 * we have to join the group on every interface with
1286 * some interface-boundary restriction.
1287 */
1288 if (ifp->if_flags & IFF_LOOPBACK) {
1289 struct in6_ifaddr *ia_loop;
1290
1291 struct in6_addr loop6 = in6addr_loopback;
1292 ia_loop = in6ifa_ifpwithaddr(ifp, &loop6);
1293
1294 mltaddr.sin6_addr = in6addr_nodelocal_allnodes;
1295
91447636 1296 ifnet_lock_shared(ifp);
9bccf70c 1297 IN6_LOOKUP_MULTI(mltaddr.sin6_addr, ifp, in6m);
91447636 1298 ifnet_lock_done(ifp);
9bccf70c
A
1299 if (in6m == NULL && ia_loop != NULL) {
1300 rtrequest(RTM_ADD,
1301 (struct sockaddr *)&mltaddr,
1302 (struct sockaddr *)&ia_loop->ia_addr,
1303 (struct sockaddr *)&mltmask,
1304 RTF_UP,
1305 (struct rtentry **)0);
1306 (void)in6_addmulti(&mltaddr.sin6_addr, ifp,
91447636 1307 &error, 0);
9bccf70c
A
1308 if (error != 0) {
1309 log(LOG_WARNING, "in6_update_ifa: "
1310 "addmulti failed for %s on %s "
1311 "(errno=%d)\n",
1312 ip6_sprintf(&mltaddr.sin6_addr),
1313 if_name(ifp), error);
1314 }
1315 }
1316 }
1317 }
1318
1319 ia->ia6_flags = ifra->ifra_flags;
1320 ia->ia6_flags &= ~IN6_IFF_DUPLICATED; /*safety*/
1321 ia->ia6_flags &= ~IN6_IFF_NODAD; /* Mobile IPv6 */
1322
1323 ia->ia6_lifetime = ifra->ifra_lifetime;
1324 /* for sanity */
1325 if (ia->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
1326 ia->ia6_lifetime.ia6t_expire =
91447636 1327 timenow.tv_sec + ia->ia6_lifetime.ia6t_vltime;
9bccf70c
A
1328 } else
1329 ia->ia6_lifetime.ia6t_expire = 0;
1330 if (ia->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
1331 ia->ia6_lifetime.ia6t_preferred =
91447636 1332 timenow.tv_sec + ia->ia6_lifetime.ia6t_pltime;
9bccf70c
A
1333 } else
1334 ia->ia6_lifetime.ia6t_preferred = 0;
1335
1336 /*
1337 * make sure to initialize ND6 information. this is to workaround
1338 * issues with interfaces with IPv6 addresses, which have never brought
1339 * up. We are assuming that it is safe to nd6_ifattach multiple times.
1340 */
1341 nd6_ifattach(ifp);
1342
1343 /*
1344 * Perform DAD, if needed.
1345 * XXX It may be of use, if we can administratively
1346 * disable DAD.
1347 */
1348 if (in6if_do_dad(ifp) && (ifra->ifra_flags & IN6_IFF_NODAD) == 0) {
1349 ia->ia6_flags |= IN6_IFF_TENTATIVE;
1350 nd6_dad_start((struct ifaddr *)ia, NULL);
1351 }
1352
1353 return(error);
1354
1355 unlink:
1356 /*
1357 * XXX: if a change of an existing address failed, keep the entry
1358 * anyway.
1359 */
1360 if (hostIsNew)
91447636 1361 in6_unlink_ifa(ia, ifp, 0);
9bccf70c
A
1362 return(error);
1363}
1364
1365void
91447636
A
1366in6_purgeaddr(
1367 struct ifaddr *ifa, int nd6_locked)
9bccf70c
A
1368{
1369 struct ifnet *ifp = ifa->ifa_ifp;
1370 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa;
1371
1372 /* stop DAD processing */
55e303ae 1373 nd6_dad_stop(ifa);
9bccf70c
A
1374
1375 /*
1376 * delete route to the destination of the address being purged.
1377 * The interface must be p2p or loopback in this case.
1378 */
1379 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) {
1380 int e;
1381
1382 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST))
1383 != 0) {
1384 log(LOG_ERR, "in6_purgeaddr: failed to remove "
1385 "a route to the p2p destination: %s on %s, "
1386 "errno=%d\n",
1387 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp),
1388 e);
1389 /* proceed anyway... */
1390 }
1391 else
1392 ia->ia_flags &= ~IFA_ROUTE;
1393 }
1394
1395 /* Remove ownaddr's loopback rtentry, if it exists. */
91447636 1396 in6_ifremloop(&(ia->ia_ifa), nd6_locked);
1c79356b
A
1397
1398 if (ifp->if_flags & IFF_MULTICAST) {
1399 /*
1400 * delete solicited multicast addr for deleting host id
1401 */
1402 struct in6_multi *in6m;
1403 struct in6_addr llsol;
1404 bzero(&llsol, sizeof(struct in6_addr));
1405 llsol.s6_addr16[0] = htons(0xff02);
1406 llsol.s6_addr16[1] = htons(ifp->if_index);
1407 llsol.s6_addr32[1] = 0;
1408 llsol.s6_addr32[2] = htonl(1);
1409 llsol.s6_addr32[3] =
1410 ia->ia_addr.sin6_addr.s6_addr32[3];
1411 llsol.s6_addr8[12] = 0xff;
1412
91447636 1413 ifnet_lock_shared(ifp);
1c79356b 1414 IN6_LOOKUP_MULTI(llsol, ifp, in6m);
91447636 1415 ifnet_lock_done(ifp);
1c79356b 1416 if (in6m)
91447636 1417 in6_delmulti(in6m, nd6_locked);
1c79356b
A
1418 }
1419
91447636 1420 in6_unlink_ifa(ia, ifp, nd6_locked);
9bccf70c 1421 in6_post_msg(ifp, KEV_INET6_ADDR_DELETED, ia);
9bccf70c
A
1422}
1423
1424static void
91447636 1425in6_unlink_ifa(ia, ifp, nd6_locked)
9bccf70c
A
1426 struct in6_ifaddr *ia;
1427 struct ifnet *ifp;
91447636 1428 int nd6_locked;
9bccf70c
A
1429{
1430 int plen, iilen;
1431 struct in6_ifaddr *oia;
9bccf70c 1432
91447636
A
1433 ifnet_lock_exclusive(ifp);
1434 if_detach_ifa(ifp, &ia->ia_ifa);
1435 ifnet_lock_done(ifp);
1c79356b 1436
91447636
A
1437 if (!nd6_locked)
1438 lck_mtx_lock(nd6_mutex);
1c79356b 1439 oia = ia;
91447636
A
1440 if (oia == (ia = in6_ifaddrs))
1441 in6_ifaddrs = ia->ia_next;
1c79356b
A
1442 else {
1443 while (ia->ia_next && (ia->ia_next != oia))
1444 ia = ia->ia_next;
1445 if (ia->ia_next)
1446 ia->ia_next = oia->ia_next;
9bccf70c
A
1447 else {
1448 /* search failed */
1449 printf("Couldn't unlink in6_ifaddr from in6_ifaddr\n");
1450 }
1c79356b 1451 }
9bccf70c
A
1452 if (oia->ia6_ifpr) { /* check for safety */
1453 plen = in6_mask2len(&oia->ia_prefixmask.sin6_addr, NULL);
1454 iilen = (sizeof(oia->ia_prefixmask.sin6_addr) << 3) - plen;
1c79356b
A
1455 in6_prefix_remove_ifid(iilen, oia);
1456 }
1c79356b 1457
9bccf70c
A
1458 /*
1459 * When an autoconfigured address is being removed, release the
1460 * reference to the base prefix. Also, since the release might
1461 * affect the status of other (detached) addresses, call
1462 * pfxlist_onlink_check().
1463 */
1464 if ((oia->ia6_flags & IN6_IFF_AUTOCONF) != 0) {
1465 if (oia->ia6_ndpr == NULL) {
1466 log(LOG_NOTICE, "in6_unlink_ifa: autoconf'ed address "
1467 "%p has no prefix\n", oia);
1468 } else {
1469 oia->ia6_ndpr->ndpr_refcnt--;
1470 oia->ia6_flags &= ~IN6_IFF_AUTOCONF;
1471 oia->ia6_ndpr = NULL;
1472 }
1473
91447636 1474 pfxlist_onlink_check(1);
9bccf70c 1475 }
91447636
A
1476 if (!nd6_locked)
1477 lck_mtx_unlock(nd6_mutex);
1478
9bccf70c
A
1479
1480 /*
91447636 1481 * release another refcnt for the link from in6_ifaddrs.
9bccf70c
A
1482 * Note that we should decrement the refcnt at least once for all *BSD.
1483 */
1484 ifafree(&oia->ia_ifa);
1485
9bccf70c
A
1486}
1487
1488void
1489in6_purgeif(ifp)
1490 struct ifnet *ifp;
1491{
91447636 1492 struct in6_ifaddr *ia, *nia = NULL;
9bccf70c
A
1493
1494 if (ifp == NULL || &ifp->if_addrlist == NULL)
1495 return;
1496
91447636
A
1497 lck_mtx_lock(nd6_mutex);
1498 for (ia = in6_ifaddrs; ia != NULL; ia = nia)
9bccf70c 1499 {
91447636
A
1500 nia = ia->ia_next;
1501 if (ia->ia_ifa.ifa_ifp != ifp)
9bccf70c 1502 continue;
91447636 1503 in6_purgeaddr(&ia->ia_ifa, 1);
9bccf70c 1504 }
91447636 1505 lck_mtx_unlock(nd6_mutex);
9bccf70c
A
1506
1507 in6_ifdetach(ifp);
1c79356b
A
1508}
1509
1510/*
1511 * SIOC[GAD]LIFADDR.
9bccf70c 1512 * SIOCGLIFADDR: get first address. (?)
1c79356b
A
1513 * SIOCGLIFADDR with IFLR_PREFIX:
1514 * get first address that matches the specified prefix.
1515 * SIOCALIFADDR: add the specified address.
1516 * SIOCALIFADDR with IFLR_PREFIX:
1517 * add the specified prefix, filling hostid part from
1518 * the first link-local address. prefixlen must be <= 64.
1519 * SIOCDLIFADDR: delete the specified address.
1520 * SIOCDLIFADDR with IFLR_PREFIX:
1521 * delete the first address that matches the specified prefix.
1522 * return values:
1523 * EINVAL on invalid parameters
1524 * EADDRNOTAVAIL on prefix match failed/specified address not found
1525 * other values may be returned from in6_ioctl()
1526 *
1527 * NOTE: SIOCALIFADDR(with IFLR_PREFIX set) allows prefixlen less than 64.
1528 * this is to accomodate address naming scheme other than RFC2374,
1529 * in the future.
1530 * RFC2373 defines interface id to be 64bit, but it allows non-RFC2374
1531 * address encoding scheme. (see figure on page 8)
1532 */
1533static int
1c79356b
A
1534in6_lifaddr_ioctl(so, cmd, data, ifp, p)
1535 struct socket *so;
1536 u_long cmd;
1537 caddr_t data;
1538 struct ifnet *ifp;
1539 struct proc *p;
1c79356b
A
1540{
1541 struct if_laddrreq *iflr = (struct if_laddrreq *)data;
1542 struct ifaddr *ifa;
1543 struct sockaddr *sa;
1544
1545 /* sanity checks */
1546 if (!data || !ifp) {
1547 panic("invalid argument to in6_lifaddr_ioctl");
1548 /*NOTRECHED*/
1549 }
1550
1551 switch (cmd) {
1552 case SIOCGLIFADDR:
1553 /* address must be specified on GET with IFLR_PREFIX */
1554 if ((iflr->flags & IFLR_PREFIX) == 0)
1555 break;
55e303ae 1556 /* FALLTHROUGH */
1c79356b
A
1557 case SIOCALIFADDR:
1558 case SIOCDLIFADDR:
1559 /* address must be specified on ADD and DELETE */
1560 sa = (struct sockaddr *)&iflr->addr;
1561 if (sa->sa_family != AF_INET6)
1562 return EINVAL;
1563 if (sa->sa_len != sizeof(struct sockaddr_in6))
1564 return EINVAL;
1565 /* XXX need improvement */
1566 sa = (struct sockaddr *)&iflr->dstaddr;
1567 if (sa->sa_family && sa->sa_family != AF_INET6)
1568 return EINVAL;
1569 if (sa->sa_len && sa->sa_len != sizeof(struct sockaddr_in6))
1570 return EINVAL;
1571 break;
55e303ae 1572 default: /* shouldn't happen */
1c79356b
A
1573#if 0
1574 panic("invalid cmd to in6_lifaddr_ioctl");
55e303ae 1575 /* NOTREACHED */
1c79356b
A
1576#else
1577 return EOPNOTSUPP;
1578#endif
1579 }
1580 if (sizeof(struct in6_addr) * 8 < iflr->prefixlen)
1581 return EINVAL;
1582
1583 switch (cmd) {
1584 case SIOCALIFADDR:
1585 {
1586 struct in6_aliasreq ifra;
91447636 1587 struct in6_addr hostid;
1c79356b 1588 int prefixlen;
91447636 1589 int hostid_found = 0;
1c79356b
A
1590
1591 if ((iflr->flags & IFLR_PREFIX) != 0) {
1592 struct sockaddr_in6 *sin6;
1593
1594 /*
1595 * hostid is to fill in the hostid part of the
1596 * address. hostid points to the first link-local
1597 * address attached to the interface.
1598 */
1599 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0);
1600 if (!ifa)
1601 return EADDRNOTAVAIL;
91447636
A
1602 hostid = *IFA_IN6(ifa);
1603 hostid_found = 1;
1c79356b
A
1604
1605 /* prefixlen must be <= 64. */
1606 if (64 < iflr->prefixlen)
1607 return EINVAL;
1608 prefixlen = iflr->prefixlen;
1609
1610 /* hostid part must be zero. */
1611 sin6 = (struct sockaddr_in6 *)&iflr->addr;
1612 if (sin6->sin6_addr.s6_addr32[2] != 0
1613 || sin6->sin6_addr.s6_addr32[3] != 0) {
1614 return EINVAL;
1615 }
1616 } else
1617 prefixlen = iflr->prefixlen;
1618
1619 /* copy args to in6_aliasreq, perform ioctl(SIOCAIFADDR_IN6). */
1620 bzero(&ifra, sizeof(ifra));
1621 bcopy(iflr->iflr_name, ifra.ifra_name,
1622 sizeof(ifra.ifra_name));
1623
1624 bcopy(&iflr->addr, &ifra.ifra_addr,
1625 ((struct sockaddr *)&iflr->addr)->sa_len);
91447636 1626 if (hostid_found) {
1c79356b
A
1627 /* fill in hostid part */
1628 ifra.ifra_addr.sin6_addr.s6_addr32[2] =
91447636 1629 hostid.s6_addr32[2];
1c79356b 1630 ifra.ifra_addr.sin6_addr.s6_addr32[3] =
91447636 1631 hostid.s6_addr32[3];
1c79356b
A
1632 }
1633
1634 if (((struct sockaddr *)&iflr->dstaddr)->sa_family) { /*XXX*/
1635 bcopy(&iflr->dstaddr, &ifra.ifra_dstaddr,
1636 ((struct sockaddr *)&iflr->dstaddr)->sa_len);
91447636 1637 if (hostid_found) {
1c79356b 1638 ifra.ifra_dstaddr.sin6_addr.s6_addr32[2] =
91447636 1639 hostid.s6_addr32[2];
1c79356b 1640 ifra.ifra_dstaddr.sin6_addr.s6_addr32[3] =
91447636 1641 hostid.s6_addr32[3];
1c79356b
A
1642 }
1643 }
1644
1c79356b
A
1645 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
1646 in6_len2mask(&ifra.ifra_prefixmask.sin6_addr, prefixlen);
1647
1648 ifra.ifra_flags = iflr->flags & ~IFLR_PREFIX;
1c79356b 1649 return in6_control(so, SIOCAIFADDR_IN6, (caddr_t)&ifra, ifp, p);
1c79356b
A
1650 }
1651 case SIOCGLIFADDR:
1652 case SIOCDLIFADDR:
1653 {
1654 struct in6_ifaddr *ia;
1655 struct in6_addr mask, candidate, match;
1656 struct sockaddr_in6 *sin6;
1657 int cmp;
1658
1659 bzero(&mask, sizeof(mask));
1660 if (iflr->flags & IFLR_PREFIX) {
1661 /* lookup a prefix rather than address. */
1662 in6_len2mask(&mask, iflr->prefixlen);
1663
1664 sin6 = (struct sockaddr_in6 *)&iflr->addr;
1665 bcopy(&sin6->sin6_addr, &match, sizeof(match));
1666 match.s6_addr32[0] &= mask.s6_addr32[0];
1667 match.s6_addr32[1] &= mask.s6_addr32[1];
1668 match.s6_addr32[2] &= mask.s6_addr32[2];
1669 match.s6_addr32[3] &= mask.s6_addr32[3];
1670
1671 /* if you set extra bits, that's wrong */
1672 if (bcmp(&match, &sin6->sin6_addr, sizeof(match)))
1673 return EINVAL;
1674
1675 cmp = 1;
1676 } else {
1677 if (cmd == SIOCGLIFADDR) {
1678 /* on getting an address, take the 1st match */
55e303ae 1679 cmp = 0; /* XXX */
1c79356b
A
1680 } else {
1681 /* on deleting an address, do exact match */
1682 in6_len2mask(&mask, 128);
1683 sin6 = (struct sockaddr_in6 *)&iflr->addr;
1684 bcopy(&sin6->sin6_addr, &match, sizeof(match));
1685
1686 cmp = 1;
1687 }
1688 }
1689
91447636 1690 ifnet_lock_shared(ifp);
9bccf70c 1691 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
1692 {
1693 if (ifa->ifa_addr->sa_family != AF_INET6)
1694 continue;
1695 if (!cmp)
1696 break;
9bccf70c 1697
1c79356b 1698 bcopy(IFA_IN6(ifa), &candidate, sizeof(candidate));
9bccf70c
A
1699#ifndef SCOPEDROUTING
1700 /*
1701 * XXX: this is adhoc, but is necessary to allow
1702 * a user to specify fe80::/64 (not /10) for a
1703 * link-local address.
1704 */
1705 if (IN6_IS_ADDR_LINKLOCAL(&candidate))
1706 candidate.s6_addr16[1] = 0;
1707#endif
1c79356b
A
1708 candidate.s6_addr32[0] &= mask.s6_addr32[0];
1709 candidate.s6_addr32[1] &= mask.s6_addr32[1];
1710 candidate.s6_addr32[2] &= mask.s6_addr32[2];
1711 candidate.s6_addr32[3] &= mask.s6_addr32[3];
1712 if (IN6_ARE_ADDR_EQUAL(&candidate, &match))
1713 break;
1714 }
91447636 1715 ifnet_lock_done(ifp);
1c79356b
A
1716 if (!ifa)
1717 return EADDRNOTAVAIL;
1718 ia = ifa2ia6(ifa);
1719
1720 if (cmd == SIOCGLIFADDR) {
9bccf70c
A
1721#ifndef SCOPEDROUTING
1722 struct sockaddr_in6 *s6;
1723#endif
1724
1c79356b
A
1725 /* fill in the if_laddrreq structure */
1726 bcopy(&ia->ia_addr, &iflr->addr, ia->ia_addr.sin6_len);
9bccf70c
A
1727#ifndef SCOPEDROUTING /* XXX see above */
1728 s6 = (struct sockaddr_in6 *)&iflr->addr;
1729 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) {
1730 s6->sin6_addr.s6_addr16[1] = 0;
1731 s6->sin6_scope_id =
1732 in6_addr2scopeid(ifp, &s6->sin6_addr);
1733 }
1734#endif
1c79356b
A
1735 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
1736 bcopy(&ia->ia_dstaddr, &iflr->dstaddr,
1737 ia->ia_dstaddr.sin6_len);
9bccf70c
A
1738#ifndef SCOPEDROUTING /* XXX see above */
1739 s6 = (struct sockaddr_in6 *)&iflr->dstaddr;
1740 if (IN6_IS_ADDR_LINKLOCAL(&s6->sin6_addr)) {
1741 s6->sin6_addr.s6_addr16[1] = 0;
1742 s6->sin6_scope_id =
1743 in6_addr2scopeid(ifp,
1744 &s6->sin6_addr);
1745 }
1746#endif
1c79356b
A
1747 } else
1748 bzero(&iflr->dstaddr, sizeof(iflr->dstaddr));
1749
1750 iflr->prefixlen =
9bccf70c
A
1751 in6_mask2len(&ia->ia_prefixmask.sin6_addr,
1752 NULL);
1c79356b 1753
55e303ae 1754 iflr->flags = ia->ia6_flags; /* XXX */
1c79356b
A
1755
1756 return 0;
1757 } else {
1758 struct in6_aliasreq ifra;
1759
1760 /* fill in6_aliasreq and do ioctl(SIOCDIFADDR_IN6) */
1761 bzero(&ifra, sizeof(ifra));
1762 bcopy(iflr->iflr_name, ifra.ifra_name,
1763 sizeof(ifra.ifra_name));
1764
1765 bcopy(&ia->ia_addr, &ifra.ifra_addr,
1766 ia->ia_addr.sin6_len);
1767 if ((ifp->if_flags & IFF_POINTOPOINT) != 0) {
1768 bcopy(&ia->ia_dstaddr, &ifra.ifra_dstaddr,
1769 ia->ia_dstaddr.sin6_len);
1770 } else {
1771 bzero(&ifra.ifra_dstaddr,
1772 sizeof(ifra.ifra_dstaddr));
1773 }
1774 bcopy(&ia->ia_prefixmask, &ifra.ifra_dstaddr,
1775 ia->ia_prefixmask.sin6_len);
1776
1777 ifra.ifra_flags = ia->ia6_flags;
1c79356b
A
1778 return in6_control(so, SIOCDIFADDR_IN6, (caddr_t)&ifra,
1779 ifp, p);
1c79356b 1780 }
9bccf70c 1781 }
1c79356b 1782 }
9bccf70c 1783
55e303ae 1784 return EOPNOTSUPP; /* just for safety */
1c79356b
A
1785}
1786
1787/*
9bccf70c
A
1788 * Initialize an interface's intetnet6 address
1789 * and routing table entry.
1c79356b 1790 */
9bccf70c
A
1791static int
1792in6_ifinit(ifp, ia, sin6, newhost)
1c79356b 1793 struct ifnet *ifp;
9bccf70c
A
1794 struct in6_ifaddr *ia;
1795 struct sockaddr_in6 *sin6;
1796 int newhost;
1c79356b 1797{
9bccf70c 1798 int error = 0, plen, ifacount = 0;
9bccf70c 1799 struct ifaddr *ifa;
1c79356b 1800
9bccf70c
A
1801 /*
1802 * Give the interface a chance to initialize
1803 * if this is its first address,
1804 * and to validate the address if necessary.
1805 */
91447636 1806 ifnet_lock_shared(ifp);
9bccf70c
A
1807 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1808 {
1809 if (ifa->ifa_addr == NULL)
1810 continue; /* just for safety */
1811 if (ifa->ifa_addr->sa_family != AF_INET6)
1c79356b 1812 continue;
9bccf70c 1813 ifacount++;
1c79356b 1814 }
91447636 1815 ifnet_lock_done(ifp);
1c79356b 1816
9bccf70c 1817 ia->ia_addr = *sin6;
1c79356b 1818
1c79356b 1819
9bccf70c 1820 if (ifacount <= 1 &&
55e303ae 1821 (error = dlil_ioctl(PF_INET6, ifp, SIOCSIFADDR, (caddr_t)ia))) {
9bccf70c 1822 if (error) {
9bccf70c 1823 return(error);
1c79356b 1824 }
1c79356b 1825 }
1c79356b 1826
9bccf70c 1827 ia->ia_ifa.ifa_metric = ifp->if_metric;
1c79356b 1828
9bccf70c 1829 /* we could do in(6)_socktrim here, but just omit it at this moment. */
1c79356b 1830
9bccf70c
A
1831 /*
1832 * Special case:
1833 * If the destination address is specified for a point-to-point
1834 * interface, install a route to the destination as an interface
1835 * direct route.
1836 */
1837 plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
1838 if (plen == 128 && ia->ia_dstaddr.sin6_family == AF_INET6) {
1839 if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD,
1840 RTF_UP | RTF_HOST)) != 0)
1841 return(error);
1842 ia->ia_flags |= IFA_ROUTE;
1843 }
1844 if (plen < 128) {
1c79356b 1845 /*
9bccf70c 1846 * The RTF_CLONING flag is necessary for in6_is_ifloop_auto().
1c79356b 1847 */
9bccf70c 1848 ia->ia_ifa.ifa_flags |= RTF_CLONING;
1c79356b 1849 }
9bccf70c 1850
55e303ae 1851 /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
9bccf70c
A
1852 if (newhost) {
1853 /* set the rtrequest function to create llinfo */
1854 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
1855 in6_ifaddloop(&(ia->ia_ifa));
1856 }
1857
1858 return(error);
1c79356b 1859}
9bccf70c 1860
1c79356b
A
1861/*
1862 * Add an address to the list of IP6 multicast addresses for a
1863 * given interface.
1864 */
1865struct in6_multi *
91447636 1866in6_addmulti(maddr6, ifp, errorp, nd6_locked)
9bccf70c
A
1867 struct in6_addr *maddr6;
1868 struct ifnet *ifp;
1c79356b 1869 int *errorp;
91447636 1870 int nd6_locked;
1c79356b
A
1871{
1872 struct in6_multi *in6m;
1873 struct sockaddr_in6 sin6;
1874 struct ifmultiaddr *ifma;
1c79356b
A
1875
1876 *errorp = 0;
1877
1878 /*
1879 * Call generic routine to add membership or increment
1880 * refcount. It wants addresses in the form of a sockaddr,
1881 * so we build one here (being careful to zero the unused bytes).
1882 */
1883 bzero(&sin6, sizeof sin6);
1884 sin6.sin6_family = AF_INET6;
1885 sin6.sin6_len = sizeof sin6;
1886 sin6.sin6_addr = *maddr6;
1887 *errorp = if_addmulti(ifp, (struct sockaddr *)&sin6, &ifma);
1888 if (*errorp) {
1c79356b
A
1889 return 0;
1890 }
1891
1892 /*
1893 * If ifma->ifma_protospec is null, then if_addmulti() created
1894 * a new record. Otherwise, we are done.
1895 */
1896 if (ifma->ifma_protospec != 0)
1897 return ifma->ifma_protospec;
1898
1899 /* XXX - if_addmulti uses M_WAITOK. Can this really be called
1900 at interrupt time? If so, need to fix if_addmulti. XXX */
1901 in6m = (struct in6_multi *)_MALLOC(sizeof(*in6m), M_IPMADDR, M_NOWAIT);
1902 if (in6m == NULL) {
1c79356b
A
1903 return (NULL);
1904 }
1905
1906 bzero(in6m, sizeof *in6m);
1907 in6m->in6m_addr = *maddr6;
1908 in6m->in6m_ifp = ifp;
1909 in6m->in6m_ifma = ifma;
1910 ifma->ifma_protospec = in6m;
91447636
A
1911 if (nd6_locked == 0)
1912 lck_mtx_lock(nd6_mutex);
1c79356b 1913 LIST_INSERT_HEAD(&in6_multihead, in6m, in6m_entry);
91447636
A
1914 if (nd6_locked == 0)
1915 lck_mtx_unlock(nd6_mutex);
1c79356b
A
1916
1917 /*
1918 * Let MLD6 know that we have joined a new IP6 multicast
1919 * group.
1920 */
1921 mld6_start_listening(in6m);
1c79356b
A
1922 return(in6m);
1923}
1924
1925/*
1926 * Delete a multicast address record.
1927 */
1928void
91447636
A
1929in6_delmulti(
1930 struct in6_multi *in6m, int nd6locked)
1c79356b
A
1931{
1932 struct ifmultiaddr *ifma = in6m->in6m_ifma;
1c79356b 1933
91447636 1934 if (ifma && ifma->ifma_usecount == 1) {
1c79356b
A
1935 /*
1936 * No remaining claims to this record; let MLD6 know
1937 * that we are leaving the multicast group.
1938 */
1939 mld6_stop_listening(in6m);
1940 ifma->ifma_protospec = 0;
91447636
A
1941 if (nd6locked == 0)
1942 lck_mtx_lock(nd6_mutex);
1c79356b 1943 LIST_REMOVE(in6m, in6m_entry);
91447636
A
1944 if (nd6locked == 0)
1945 lck_mtx_unlock(nd6_mutex);
9bccf70c 1946 FREE(in6m, M_IPMADDR);
1c79356b
A
1947 }
1948 /* XXX - should be separate API for when we have an ifma? */
91447636
A
1949 if (ifma) {
1950 if_delmultiaddr(ifma, 0);
1951 ifma_release(ifma);
1952 }
1c79356b 1953}
1c79356b
A
1954
1955/*
1956 * Find an IPv6 interface link-local address specific to an interface.
1957 */
1958struct in6_ifaddr *
1959in6ifa_ifpforlinklocal(ifp, ignoreflags)
1960 struct ifnet *ifp;
1961 int ignoreflags;
1962{
9bccf70c 1963 struct ifaddr *ifa;
1c79356b 1964
91447636 1965 ifnet_lock_shared(ifp);
9bccf70c 1966 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
1967 {
1968 if (ifa->ifa_addr == NULL)
1969 continue; /* just for safety */
1970 if (ifa->ifa_addr->sa_family != AF_INET6)
1971 continue;
1972 if (IN6_IS_ADDR_LINKLOCAL(IFA_IN6(ifa))) {
1973 if ((((struct in6_ifaddr *)ifa)->ia6_flags &
1974 ignoreflags) != 0)
1975 continue;
1976 break;
1977 }
1978 }
91447636 1979 ifnet_lock_done(ifp);
1c79356b
A
1980
1981 return((struct in6_ifaddr *)ifa);
1982}
1983
1c79356b
A
1984/*
1985 * find the internet address corresponding to a given interface and address.
1986 */
1987struct in6_ifaddr *
1988in6ifa_ifpwithaddr(ifp, addr)
1989 struct ifnet *ifp;
1990 struct in6_addr *addr;
1991{
9bccf70c 1992 struct ifaddr *ifa;
1c79356b 1993
91447636 1994 ifnet_lock_shared(ifp);
9bccf70c 1995 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
1996 {
1997 if (ifa->ifa_addr == NULL)
1998 continue; /* just for safety */
1999 if (ifa->ifa_addr->sa_family != AF_INET6)
2000 continue;
2001 if (IN6_ARE_ADDR_EQUAL(addr, IFA_IN6(ifa)))
2002 break;
2003 }
91447636 2004 ifnet_lock_done(ifp);
1c79356b
A
2005
2006 return((struct in6_ifaddr *)ifa);
2007}
2008
2009/*
2010 * Convert IP6 address to printable (loggable) representation.
2011 */
2012static char digits[] = "0123456789abcdef";
2013static int ip6round = 0;
2014char *
2015ip6_sprintf(addr)
9bccf70c 2016 const struct in6_addr *addr;
1c79356b
A
2017{
2018 static char ip6buf[8][48];
9bccf70c
A
2019 int i;
2020 char *cp;
55e303ae
A
2021 const u_short *a = (const u_short *)addr;
2022 const u_char *d;
1c79356b
A
2023 int dcolon = 0;
2024
2025 ip6round = (ip6round + 1) & 7;
2026 cp = ip6buf[ip6round];
2027
2028 for (i = 0; i < 8; i++) {
2029 if (dcolon == 1) {
2030 if (*a == 0) {
2031 if (i == 7)
2032 *cp++ = ':';
2033 a++;
2034 continue;
2035 } else
2036 dcolon = 2;
2037 }
2038 if (*a == 0) {
2039 if (dcolon == 0 && *(a + 1) == 0) {
2040 if (i == 0)
2041 *cp++ = ':';
2042 *cp++ = ':';
2043 dcolon = 1;
2044 } else {
2045 *cp++ = '0';
2046 *cp++ = ':';
2047 }
2048 a++;
2049 continue;
2050 }
55e303ae 2051 d = (const u_char *)a;
1c79356b
A
2052 *cp++ = digits[*d >> 4];
2053 *cp++ = digits[*d++ & 0xf];
2054 *cp++ = digits[*d >> 4];
2055 *cp++ = digits[*d & 0xf];
2056 *cp++ = ':';
2057 a++;
2058 }
2059 *--cp = 0;
2060 return(ip6buf[ip6round]);
2061}
2062
2063int
2064in6_localaddr(in6)
2065 struct in6_addr *in6;
2066{
2067 struct in6_ifaddr *ia;
2068
2069 if (IN6_IS_ADDR_LOOPBACK(in6) || IN6_IS_ADDR_LINKLOCAL(in6))
2070 return 1;
2071
91447636
A
2072 lck_mtx_lock(nd6_mutex);
2073 for (ia = in6_ifaddrs; ia; ia = ia->ia_next)
1c79356b 2074 if (IN6_ARE_MASKED_ADDR_EQUAL(in6, &ia->ia_addr.sin6_addr,
91447636
A
2075 &ia->ia_prefixmask.sin6_addr)) {
2076 lck_mtx_unlock(nd6_mutex);
1c79356b 2077 return 1;
91447636 2078 }
1c79356b 2079
91447636 2080 lck_mtx_unlock(nd6_mutex);
1c79356b
A
2081 return (0);
2082}
2083
1c79356b 2084int
9bccf70c
A
2085in6_is_addr_deprecated(sa6)
2086 struct sockaddr_in6 *sa6;
1c79356b 2087{
9bccf70c 2088 struct in6_ifaddr *ia;
1c79356b 2089
91447636
A
2090 lck_mtx_lock(nd6_mutex);
2091 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
9bccf70c
A
2092 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr,
2093 &sa6->sin6_addr) &&
2094#if SCOPEDROUTING
2095 ia->ia_addr.sin6_scope_id == sa6->sin6_scope_id &&
2096#endif
91447636
A
2097 (ia->ia6_flags & IN6_IFF_DEPRECATED) != 0) {
2098 lck_mtx_unlock(nd6_mutex);
9bccf70c 2099 return(1); /* true */
91447636 2100 }
1c79356b 2101
9bccf70c 2102 /* XXX: do we still have to go thru the rest of the list? */
1c79356b
A
2103 }
2104
91447636 2105 lck_mtx_unlock(nd6_mutex);
9bccf70c 2106 return(0); /* false */
1c79356b
A
2107}
2108
2109/*
2110 * return length of part which dst and src are equal
2111 * hard coding...
2112 */
1c79356b
A
2113int
2114in6_matchlen(src, dst)
2115struct in6_addr *src, *dst;
2116{
2117 int match = 0;
2118 u_char *s = (u_char *)src, *d = (u_char *)dst;
2119 u_char *lim = s + 16, r;
2120
2121 while (s < lim)
2122 if ((r = (*d++ ^ *s++)) != 0) {
2123 while (r < 128) {
2124 match++;
2125 r <<= 1;
2126 }
2127 break;
2128 } else
2129 match += 8;
2130 return match;
2131}
2132
9bccf70c 2133/* XXX: to be scope conscious */
1c79356b
A
2134int
2135in6_are_prefix_equal(p1, p2, len)
2136 struct in6_addr *p1, *p2;
2137 int len;
2138{
2139 int bytelen, bitlen;
2140
2141 /* sanity check */
2142 if (0 > len || len > 128) {
2143 log(LOG_ERR, "in6_are_prefix_equal: invalid prefix length(%d)\n",
2144 len);
2145 return(0);
2146 }
2147
2148 bytelen = len / 8;
2149 bitlen = len % 8;
2150
2151 if (bcmp(&p1->s6_addr, &p2->s6_addr, bytelen))
2152 return(0);
91447636
A
2153 if (bitlen != 0 &&
2154 p1->s6_addr[bytelen] >> (8 - bitlen) !=
1c79356b
A
2155 p2->s6_addr[bytelen] >> (8 - bitlen))
2156 return(0);
2157
2158 return(1);
2159}
2160
2161void
2162in6_prefixlen2mask(maskp, len)
2163 struct in6_addr *maskp;
2164 int len;
2165{
2166 u_char maskarray[8] = {0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff};
2167 int bytelen, bitlen, i;
2168
2169 /* sanity check */
2170 if (0 > len || len > 128) {
2171 log(LOG_ERR, "in6_prefixlen2mask: invalid prefix length(%d)\n",
2172 len);
2173 return;
2174 }
2175
2176 bzero(maskp, sizeof(*maskp));
2177 bytelen = len / 8;
2178 bitlen = len % 8;
2179 for (i = 0; i < bytelen; i++)
2180 maskp->s6_addr[i] = 0xff;
2181 if (bitlen)
2182 maskp->s6_addr[bytelen] = maskarray[bitlen - 1];
2183}
2184
2185/*
2186 * return the best address out of the same scope
2187 */
2188struct in6_ifaddr *
91447636
A
2189in6_ifawithscope(
2190 struct ifnet *oifp,
2191 struct in6_addr *dst)
1c79356b
A
2192{
2193 int dst_scope = in6_addrscope(dst), src_scope, best_scope = 0;
2194 int blen = -1;
2195 struct ifaddr *ifa;
2196 struct ifnet *ifp;
2197 struct in6_ifaddr *ifa_best = NULL;
2198
2199 if (oifp == NULL) {
9bccf70c 2200#if 0
1c79356b 2201 printf("in6_ifawithscope: output interface is not specified\n");
9bccf70c 2202#endif
1c79356b
A
2203 return(NULL);
2204 }
2205
2206 /*
2207 * We search for all addresses on all interfaces from the beginning.
2208 * Comparing an interface with the outgoing interface will be done
2209 * only at the final stage of tiebreaking.
2210 */
91447636
A
2211 ifnet_head_lock_shared();
2212 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
1c79356b
A
2213 /*
2214 * We can never take an address that breaks the scope zone
2215 * of the destination.
2216 */
2217 if (in6_addr2scopeid(ifp, dst) != in6_addr2scopeid(oifp, dst))
2218 continue;
2219
91447636 2220 ifnet_lock_shared(ifp);
1c79356b 2221 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
2222 {
2223 int tlen = -1, dscopecmp, bscopecmp, matchcmp;
2224
2225 if (ifa->ifa_addr->sa_family != AF_INET6)
2226 continue;
2227
2228 src_scope = in6_addrscope(IFA_IN6(ifa));
2229
1c79356b
A
2230 /*
2231 * Don't use an address before completing DAD
2232 * nor a duplicated address.
2233 */
2234 if (((struct in6_ifaddr *)ifa)->ia6_flags &
2235 IN6_IFF_NOTREADY)
2236 continue;
2237
2238 /* XXX: is there any case to allow anycasts? */
2239 if (((struct in6_ifaddr *)ifa)->ia6_flags &
2240 IN6_IFF_ANYCAST)
2241 continue;
2242
2243 if (((struct in6_ifaddr *)ifa)->ia6_flags &
2244 IN6_IFF_DETACHED)
2245 continue;
2246
2247 /*
2248 * If this is the first address we find,
2249 * keep it anyway.
2250 */
2251 if (ifa_best == NULL)
2252 goto replace;
2253
2254 /*
2255 * ifa_best is never NULL beyond this line except
2256 * within the block labeled "replace".
2257 */
2258
2259 /*
2260 * If ifa_best has a smaller scope than dst and
2261 * the current address has a larger one than
2262 * (or equal to) dst, always replace ifa_best.
2263 * Also, if the current address has a smaller scope
2264 * than dst, ignore it unless ifa_best also has a
2265 * smaller scope.
9bccf70c
A
2266 * Consequently, after the two if-clause below,
2267 * the followings must be satisfied:
2268 * (scope(src) < scope(dst) &&
2269 * scope(best) < scope(dst))
2270 * OR
2271 * (scope(best) >= scope(dst) &&
2272 * scope(src) >= scope(dst))
1c79356b
A
2273 */
2274 if (IN6_ARE_SCOPE_CMP(best_scope, dst_scope) < 0 &&
2275 IN6_ARE_SCOPE_CMP(src_scope, dst_scope) >= 0)
9bccf70c 2276 goto replace; /* (A) */
1c79356b
A
2277 if (IN6_ARE_SCOPE_CMP(src_scope, dst_scope) < 0 &&
2278 IN6_ARE_SCOPE_CMP(best_scope, dst_scope) >= 0)
9bccf70c 2279 continue; /* (B) */
1c79356b
A
2280
2281 /*
2282 * A deprecated address SHOULD NOT be used in new
2283 * communications if an alternate (non-deprecated)
2284 * address is available and has sufficient scope.
2285 * RFC 2462, Section 5.5.4.
2286 */
2287 if (((struct in6_ifaddr *)ifa)->ia6_flags &
2288 IN6_IFF_DEPRECATED) {
2289 /*
2290 * Ignore any deprecated addresses if
2291 * specified by configuration.
2292 */
2293 if (!ip6_use_deprecated)
2294 continue;
2295
2296 /*
2297 * If we have already found a non-deprecated
2298 * candidate, just ignore deprecated addresses.
2299 */
2300 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED)
2301 == 0)
2302 continue;
2303 }
2304
2305 /*
2306 * A non-deprecated address is always preferred
2307 * to a deprecated one regardless of scopes and
9bccf70c
A
2308 * address matching (Note invariants ensured by the
2309 * conditions (A) and (B) above.)
1c79356b
A
2310 */
2311 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) &&
2312 (((struct in6_ifaddr *)ifa)->ia6_flags &
2313 IN6_IFF_DEPRECATED) == 0)
2314 goto replace;
2315
9bccf70c
A
2316 /*
2317 * When we use temporary addresses described in
2318 * RFC 3041, we prefer temporary addresses to
2319 * public autoconf addresses. Again, note the
2320 * invariants from (A) and (B). Also note that we
2321 * don't have any preference between static addresses
2322 * and autoconf addresses (despite of whether or not
2323 * the latter is temporary or public.)
2324 */
2325 if (ip6_use_tempaddr) {
2326 struct in6_ifaddr *ifat;
2327
2328 ifat = (struct in6_ifaddr *)ifa;
2329 if ((ifa_best->ia6_flags &
2330 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
2331 == IN6_IFF_AUTOCONF &&
2332 (ifat->ia6_flags &
2333 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
2334 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) {
2335 goto replace;
2336 }
2337 if ((ifa_best->ia6_flags &
2338 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
2339 == (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY) &&
2340 (ifat->ia6_flags &
2341 (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY))
2342 == IN6_IFF_AUTOCONF) {
2343 continue;
2344 }
2345 }
2346
1c79356b
A
2347 /*
2348 * At this point, we have two cases:
2349 * 1. we are looking at a non-deprecated address,
2350 * and ifa_best is also non-deprecated.
2351 * 2. we are looking at a deprecated address,
2352 * and ifa_best is also deprecated.
2353 * Also, we do not have to consider a case where
2354 * the scope of if_best is larger(smaller) than dst and
2355 * the scope of the current address is smaller(larger)
2356 * than dst. Such a case has already been covered.
2357 * Tiebreaking is done according to the following
2358 * items:
2359 * - the scope comparison between the address and
2360 * dst (dscopecmp)
2361 * - the scope comparison between the address and
2362 * ifa_best (bscopecmp)
2363 * - if the address match dst longer than ifa_best
2364 * (matchcmp)
2365 * - if the address is on the outgoing I/F (outI/F)
2366 *
2367 * Roughly speaking, the selection policy is
2368 * - the most important item is scope. The same scope
2369 * is best. Then search for a larger scope.
2370 * Smaller scopes are the last resort.
2371 * - A deprecated address is chosen only when we have
2372 * no address that has an enough scope, but is
9bccf70c
A
2373 * prefered to any addresses of smaller scopes
2374 * (this must be already done above.)
2375 * - addresses on the outgoing I/F are preferred to
2376 * ones on other interfaces if none of above
2377 * tiebreaks. In the table below, the column "bI"
2378 * means if the best_ifa is on the outgoing
2379 * interface, and the column "sI" means if the ifa
2380 * is on the outgoing interface.
1c79356b 2381 * - If there is no other reasons to choose one,
9bccf70c 2382 * longest address match against dst is considered.
1c79356b
A
2383 *
2384 * The precise decision table is as follows:
9bccf70c
A
2385 * dscopecmp bscopecmp match bI oI | replace?
2386 * N/A equal N/A Y N | No (1)
2387 * N/A equal N/A N Y | Yes (2)
2388 * N/A equal larger N/A | Yes (3)
2389 * N/A equal !larger N/A | No (4)
2390 * larger larger N/A N/A | No (5)
2391 * larger smaller N/A N/A | Yes (6)
2392 * smaller larger N/A N/A | Yes (7)
2393 * smaller smaller N/A N/A | No (8)
2394 * equal smaller N/A N/A | Yes (9)
2395 * equal larger (already done at A above)
1c79356b
A
2396 */
2397 dscopecmp = IN6_ARE_SCOPE_CMP(src_scope, dst_scope);
2398 bscopecmp = IN6_ARE_SCOPE_CMP(src_scope, best_scope);
2399
9bccf70c
A
2400 if (bscopecmp == 0) {
2401 struct ifnet *bifp = ifa_best->ia_ifp;
2402
2403 if (bifp == oifp && ifp != oifp) /* (1) */
2404 continue;
2405 if (bifp != oifp && ifp == oifp) /* (2) */
2406 goto replace;
2407
2408 /*
2409 * Both bifp and ifp are on the outgoing
2410 * interface, or both two are on a different
2411 * interface from the outgoing I/F.
2412 * now we need address matching against dst
2413 * for tiebreaking.
2414 */
2415 tlen = in6_matchlen(IFA_IN6(ifa), dst);
2416 matchcmp = tlen - blen;
2417 if (matchcmp > 0) /* (3) */
1c79356b 2418 goto replace;
9bccf70c 2419 continue; /* (4) */
1c79356b
A
2420 }
2421 if (dscopecmp > 0) {
9bccf70c 2422 if (bscopecmp > 0) /* (5) */
1c79356b 2423 continue;
9bccf70c 2424 goto replace; /* (6) */
1c79356b
A
2425 }
2426 if (dscopecmp < 0) {
9bccf70c 2427 if (bscopecmp > 0) /* (7) */
1c79356b 2428 goto replace;
9bccf70c 2429 continue; /* (8) */
1c79356b
A
2430 }
2431
2432 /* now dscopecmp must be 0 */
2433 if (bscopecmp < 0)
9bccf70c 2434 goto replace; /* (9) */
1c79356b
A
2435
2436 replace:
91447636
A
2437 ifaref(ifa);
2438 if (ifa_best)
2439 ifafree(&ifa_best->ia_ifa);
1c79356b
A
2440 ifa_best = (struct in6_ifaddr *)ifa;
2441 blen = tlen >= 0 ? tlen :
2442 in6_matchlen(IFA_IN6(ifa), dst);
2443 best_scope = in6_addrscope(&ifa_best->ia_addr.sin6_addr);
2444 }
91447636 2445 ifnet_lock_done(ifp);
1c79356b 2446 }
91447636 2447 ifnet_head_done();
1c79356b
A
2448
2449 /* count statistics for future improvements */
2450 if (ifa_best == NULL)
2451 ip6stat.ip6s_sources_none++;
2452 else {
2453 if (oifp == ifa_best->ia_ifp)
2454 ip6stat.ip6s_sources_sameif[best_scope]++;
2455 else
2456 ip6stat.ip6s_sources_otherif[best_scope]++;
2457
2458 if (best_scope == dst_scope)
2459 ip6stat.ip6s_sources_samescope[best_scope]++;
2460 else
2461 ip6stat.ip6s_sources_otherscope[best_scope]++;
2462
2463 if ((ifa_best->ia6_flags & IN6_IFF_DEPRECATED) != 0)
2464 ip6stat.ip6s_sources_deprecated[best_scope]++;
2465 }
2466
2467 return(ifa_best);
2468}
2469
2470/*
2471 * return the best address out of the same scope. if no address was
2472 * found, return the first valid address from designated IF.
2473 */
1c79356b 2474struct in6_ifaddr *
91447636
A
2475in6_ifawithifp(
2476 struct ifnet *ifp,
2477 struct in6_addr *dst)
1c79356b
A
2478{
2479 int dst_scope = in6_addrscope(dst), blen = -1, tlen;
2480 struct ifaddr *ifa;
2481 struct in6_ifaddr *besta = 0;
55e303ae 2482 struct in6_ifaddr *dep[2]; /* last-resort: deprecated */
1c79356b
A
2483
2484 dep[0] = dep[1] = NULL;
2485
1c79356b
A
2486 /*
2487 * We first look for addresses in the same scope.
2488 * If there is one, return it.
2489 * If two or more, return one which matches the dst longest.
2490 * If none, return one of global addresses assigned other ifs.
2491 */
91447636 2492 ifnet_lock_shared(ifp);
9bccf70c 2493 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
2494 {
2495 if (ifa->ifa_addr->sa_family != AF_INET6)
2496 continue;
2497 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
2498 continue; /* XXX: is there any case to allow anycast? */
2499 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
2500 continue; /* don't use this interface */
2501 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
2502 continue;
2503 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
2504 if (ip6_use_deprecated)
2505 dep[0] = (struct in6_ifaddr *)ifa;
2506 continue;
2507 }
2508
2509 if (dst_scope == in6_addrscope(IFA_IN6(ifa))) {
2510 /*
2511 * call in6_matchlen() as few as possible
2512 */
2513 if (besta) {
2514 if (blen == -1)
2515 blen = in6_matchlen(&besta->ia_addr.sin6_addr, dst);
2516 tlen = in6_matchlen(IFA_IN6(ifa), dst);
2517 if (tlen > blen) {
2518 blen = tlen;
2519 besta = (struct in6_ifaddr *)ifa;
2520 }
2521 } else
2522 besta = (struct in6_ifaddr *)ifa;
2523 }
2524 }
91447636
A
2525 if (besta) {
2526 ifnet_lock_done(ifp);
1c79356b 2527 return(besta);
91447636 2528 }
1c79356b 2529
9bccf70c 2530 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b
A
2531 {
2532 if (ifa->ifa_addr->sa_family != AF_INET6)
2533 continue;
2534 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)
2535 continue; /* XXX: is there any case to allow anycast? */
2536 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY)
2537 continue; /* don't use this interface */
2538 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DETACHED)
2539 continue;
2540 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DEPRECATED) {
2541 if (ip6_use_deprecated)
2542 dep[1] = (struct in6_ifaddr *)ifa;
2543 continue;
2544 }
91447636
A
2545
2546 ifnet_lock_done(ifp);
1c79356b
A
2547 return (struct in6_ifaddr *)ifa;
2548 }
91447636 2549 ifnet_lock_done(ifp);
1c79356b
A
2550
2551 /* use the last-resort values, that are, deprecated addresses */
2552 if (dep[0])
2553 return dep[0];
2554 if (dep[1])
2555 return dep[1];
2556
2557 return NULL;
2558}
2559
9bccf70c
A
2560extern int in6_init2done;
2561
1c79356b
A
2562/*
2563 * perform DAD when interface becomes IFF_UP.
2564 */
2565void
91447636
A
2566in6_if_up(
2567 struct ifnet *ifp,
2568 struct in6_aliasreq *ifra)
1c79356b
A
2569{
2570 struct ifaddr *ifa;
2571 struct in6_ifaddr *ia;
1c79356b
A
2572 int dad_delay; /* delay ticks before DAD output */
2573
9bccf70c
A
2574 if (!in6_init2done)
2575 return;
1c79356b 2576
9bccf70c
A
2577 /*
2578 * special cases, like 6to4, are handled in in6_ifattach
2579 */
55e303ae 2580 in6_ifattach(ifp, NULL, ifra);
9bccf70c
A
2581
2582 dad_delay = 0;
91447636 2583 ifnet_lock_exclusive(ifp);
9bccf70c 2584 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
1c79356b 2585 {
9bccf70c 2586 if (ifa->ifa_addr->sa_family != AF_INET6)
1c79356b 2587 continue;
9bccf70c
A
2588 ia = (struct in6_ifaddr *)ifa;
2589 if (ia->ia6_flags & IN6_IFF_TENTATIVE)
2590 nd6_dad_start(ifa, &dad_delay);
1c79356b 2591 }
91447636 2592 ifnet_lock_done(ifp);
9bccf70c
A
2593}
2594
2595int
91447636
A
2596in6if_do_dad(
2597 struct ifnet *ifp)
9bccf70c
A
2598{
2599 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
2600 return(0);
1c79356b
A
2601
2602 switch (ifp->if_type) {
9bccf70c 2603#if IFT_DUMMY
1c79356b 2604 case IFT_DUMMY:
9bccf70c 2605#endif
1c79356b 2606 case IFT_FAITH:
1c79356b 2607 /*
9bccf70c
A
2608 * These interfaces do not have the IFF_LOOPBACK flag,
2609 * but loop packets back. We do not have to do DAD on such
2610 * interfaces. We should even omit it, because loop-backed
2611 * NS would confuse the DAD procedure.
1c79356b 2612 */
9bccf70c 2613 return(0);
1c79356b 2614 default:
9bccf70c
A
2615 /*
2616 * Our DAD routine requires the interface up and running.
2617 * However, some interfaces can be up before the RUNNING
2618 * status. Additionaly, users may try to assign addresses
2619 * before the interface becomes up (or running).
2620 * We simply skip DAD in such a case as a work around.
2621 * XXX: we should rather mark "tentative" on such addresses,
2622 * and do DAD after the interface becomes ready.
2623 */
2624 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) !=
2625 (IFF_UP|IFF_RUNNING))
2626 return(0);
1c79356b 2627
9bccf70c 2628 return(1);
1c79356b
A
2629 }
2630}
2631
2632/*
2633 * Calculate max IPv6 MTU through all the interfaces and store it
2634 * to in6_maxmtu.
2635 */
2636void
2637in6_setmaxmtu()
2638{
2639 unsigned long maxmtu = 0;
2640 struct ifnet *ifp;
2641
91447636
A
2642 ifnet_head_lock_shared();
2643 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
1c79356b
A
2644 if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
2645 nd_ifinfo[ifp->if_index].linkmtu > maxmtu)
2646 maxmtu = nd_ifinfo[ifp->if_index].linkmtu;
2647 }
91447636 2648 ifnet_head_done();
1c79356b
A
2649 if (maxmtu) /* update only when maxmtu is positive */
2650 in6_maxmtu = maxmtu;
2651}
2652
9bccf70c 2653/*
55e303ae 2654 * Convert sockaddr_in6 to sockaddr_in. Original sockaddr_in6 must be
1c79356b
A
2655 * v4 mapped addr or v4 compat addr
2656 */
2657void
2658in6_sin6_2_sin(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2659{
2660 bzero(sin, sizeof(*sin));
2661 sin->sin_len = sizeof(struct sockaddr_in);
2662 sin->sin_family = AF_INET;
2663 sin->sin_port = sin6->sin6_port;
2664 sin->sin_addr.s_addr = sin6->sin6_addr.s6_addr32[3];
2665}
2666
2667/* Convert sockaddr_in to sockaddr_in6 in v4 mapped addr format. */
2668void
2669in6_sin_2_v4mapsin6(struct sockaddr_in *sin, struct sockaddr_in6 *sin6)
2670{
2671 bzero(sin6, sizeof(*sin6));
2672 sin6->sin6_len = sizeof(struct sockaddr_in6);
2673 sin6->sin6_family = AF_INET6;
2674 sin6->sin6_port = sin->sin_port;
2675 sin6->sin6_addr.s6_addr32[0] = 0;
2676 sin6->sin6_addr.s6_addr32[1] = 0;
2677 sin6->sin6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
2678 sin6->sin6_addr.s6_addr32[3] = sin->sin_addr.s_addr;
2679}
2680
2681/* Convert sockaddr_in6 into sockaddr_in. */
2682void
2683in6_sin6_2_sin_in_sock(struct sockaddr *nam)
2684{
2685 struct sockaddr_in *sin_p;
2686 struct sockaddr_in6 sin6;
2687
2688 /*
2689 * Save original sockaddr_in6 addr and convert it
2690 * to sockaddr_in.
2691 */
2692 sin6 = *(struct sockaddr_in6 *)nam;
2693 sin_p = (struct sockaddr_in *)nam;
2694 in6_sin6_2_sin(sin_p, &sin6);
2695}
2696
2697/* Convert sockaddr_in into sockaddr_in6 in v4 mapped addr format. */
2698void
2699in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
2700{
2701 struct sockaddr_in *sin_p;
2702 struct sockaddr_in6 *sin6_p;
2703
2704 MALLOC(sin6_p, struct sockaddr_in6 *, sizeof *sin6_p, M_SONAME,
2705 M_WAITOK);
2706 sin_p = (struct sockaddr_in *)*nam;
2707 in6_sin_2_v4mapsin6(sin_p, sin6_p);
2708 FREE(*nam, M_SONAME);
2709 *nam = (struct sockaddr *)sin6_p;
2710}
1c79356b 2711
9bccf70c
A
2712/* Posts in6_event_data message kernel events */
2713void
2714in6_post_msg(struct ifnet *ifp, u_long event_code, struct in6_ifaddr *ifa)
2715{
2716 struct kev_msg ev_msg;
2717 struct kev_in6_data in6_event_data;
2718
2719 ev_msg.vendor_code = KEV_VENDOR_APPLE;
2720 ev_msg.kev_class = KEV_NETWORK_CLASS;
2721 ev_msg.kev_subclass = KEV_INET6_SUBCLASS;
2722 ev_msg.event_code = event_code;
2723
2724 in6_event_data.ia_addr = ifa->ia_addr;
2725 in6_event_data.ia_net = ifa->ia_net;
2726 in6_event_data.ia_dstaddr = ifa->ia_dstaddr;
2727 in6_event_data.ia_prefixmask = ifa->ia_prefixmask;
2728 in6_event_data.ia_plen = ifa->ia_plen;
2729 in6_event_data.ia6_flags = (u_int32_t)ifa->ia6_flags;
2730 in6_event_data.ia_lifetime = ifa->ia6_lifetime;
2731
2732 if (ifp != NULL) {
2733 strncpy(&in6_event_data.link_data.if_name[0], ifp->if_name, IFNAMSIZ);
2734 in6_event_data.link_data.if_family = ifp->if_family;
2735 in6_event_data.link_data.if_unit = (unsigned long) ifp->if_unit;
2736 }
2737
2738 ev_msg.dv[0].data_ptr = &in6_event_data;
2739 ev_msg.dv[0].data_length = sizeof(struct kev_in6_data);
2740 ev_msg.dv[1].data_length = 0;
2741
2742 kev_post_msg(&ev_msg);
2743}