]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/in6_ifattach.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2050.24.15.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6_ifattach.c
1 /*
2 * Copyright (c) 2003-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* $FreeBSD: src/sys/netinet6/in6_ifattach.c,v 1.8 2002/04/19 04:46:22 suz Exp $ */
29 /* $KAME: in6_ifattach.c,v 1.118 2001/05/24 07:44:00 itojun Exp $ */
30
31 /*
32 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. Neither the name of the project nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/malloc.h>
63 #include <sys/socket.h>
64 #include <sys/socketvar.h>
65 #include <sys/sockio.h>
66 #include <sys/kernel.h>
67 #include <sys/syslog.h>
68 #include <libkern/crypto/sha1.h>
69 #include <libkern/OSAtomic.h>
70 #include <kern/lock.h>
71
72 #include <net/if.h>
73 #include <net/if_dl.h>
74 #include <net/if_types.h>
75 #include <net/route.h>
76 #include <net/kpi_protocol.h>
77
78 #include <netinet/in.h>
79 #include <netinet/in_var.h>
80 #include <netinet/if_ether.h>
81 #include <netinet/in_pcb.h>
82 #include <netinet/icmp6.h>
83
84 #include <netinet/ip6.h>
85 #include <netinet6/ip6_var.h>
86 #include <netinet6/in6_var.h>
87 #include <netinet6/in6_pcb.h>
88 #include <netinet6/in6_ifattach.h>
89 #include <netinet6/ip6_var.h>
90 #include <netinet6/nd6.h>
91 #include <netinet6/scope6_var.h>
92
93 #include <net/net_osdep.h>
94
95 #define IN6_IFSTAT_ALLOC_SIZE \
96 sizeof(void *) + sizeof(struct in6_ifstat) + sizeof(uint64_t)
97 #define ICMP6_IFSTAT_ALLOC_SIZE \
98 sizeof(void *) + sizeof(struct icmp6_ifstat) + sizeof(uint64_t)
99
100 struct in6_ifstat **in6_ifstat = NULL;
101 struct icmp6_ifstat **icmp6_ifstat = NULL;
102 size_t in6_ifstatmax = 0;
103 size_t icmp6_ifstatmax = 0;
104 u_int32_t in6_maxmtu = 0;
105 extern lck_mtx_t *nd6_mutex;
106
107 #if IP6_AUTO_LINKLOCAL
108 int ip6_auto_linklocal = IP6_AUTO_LINKLOCAL;
109 #else
110 int ip6_auto_linklocal = 1; /* enable by default */
111 #endif
112
113 int loopattach6_done = 0;
114
115 extern struct inpcbinfo udbinfo;
116 extern struct inpcbinfo ripcbinfo;
117
118 static int get_rand_ifid(struct ifnet *, struct in6_addr *);
119 static int generate_tmp_ifid(u_int8_t *, const u_int8_t *, u_int8_t *);
120 int in6_get_hw_ifid(struct ifnet *, struct in6_addr *);
121 static int get_ifid(struct ifnet *, struct ifnet *, struct in6_addr *);
122 static int in6_ifattach_linklocal(struct ifnet *, struct ifnet *, struct in6_aliasreq *);
123 static int in6_ifattach_loopback(struct ifnet *);
124
125 /*
126 * Generate a last-resort interface identifier, when the machine has no
127 * IEEE802/EUI64 address sources.
128 * The goal here is to get an interface identifier that is
129 * (1) random enough and (2) does not change across reboot.
130 * We currently use SHA1(hostname) for it.
131 *
132 * in6 - upper 64bits are preserved
133 */
134 static int
135 get_rand_ifid(
136 __unused struct ifnet *ifp,
137 struct in6_addr *in6) /* upper 64bits are preserved */
138 {
139 SHA1_CTX ctxt;
140 u_int8_t digest[SHA1_RESULTLEN];
141 int hostnlen = strlen(hostname);
142
143 #if 0
144 /* we need at least several letters as seed for ifid */
145 if (len < 3)
146 return -1;
147 #endif
148
149 /* generate 8 bytes of pseudo-random value. */
150 bzero(&ctxt, sizeof(ctxt));
151 SHA1Init(&ctxt);
152 SHA1Update(&ctxt, hostname, hostnlen);
153 SHA1Final(digest, &ctxt);
154
155 /* assumes sizeof(digest) > sizeof(ifid) */
156 bcopy(digest, &in6->s6_addr[8], 8);
157
158 /* make sure to set "u" bit to local, and "g" bit to individual. */
159 in6->s6_addr[8] &= ~ND6_EUI64_GBIT; /* g bit to "individual" */
160 in6->s6_addr[8] |= ND6_EUI64_UBIT; /* u bit to "local" */
161
162 /* convert EUI64 into IPv6 interface identifier */
163 ND6_EUI64_TO_IFID(in6);
164
165 return 0;
166 }
167
168 static int
169 generate_tmp_ifid(
170 u_int8_t *seed0,
171 const u_int8_t *seed1,
172 u_int8_t *ret)
173 {
174 SHA1_CTX ctxt;
175 u_int8_t seed[16], nullbuf[8], digest[SHA1_RESULTLEN];
176 u_int32_t val32;
177 struct timeval tv;
178
179 /* If there's no history, start with a random seed. */
180 bzero(nullbuf, sizeof(nullbuf));
181 if (bcmp(nullbuf, seed0, sizeof(nullbuf)) == 0) {
182 int i;
183
184 for (i = 0; i < 2; i++) {
185 microtime(&tv);
186 val32 = random() ^ tv.tv_usec;
187 bcopy(&val32, seed + sizeof(val32) * i, sizeof(val32));
188 }
189 } else {
190 bcopy(seed0, seed, 8);
191 }
192
193 /* copy the right-most 64-bits of the given address */
194 /* XXX assumption on the size of IFID */
195 bcopy(seed1, &seed[8], 8);
196
197 if (0) { /* for debugging purposes only */
198 int i;
199
200 printf("generate_tmp_ifid: new randomized ID from: ");
201 for (i = 0; i < 16; i++)
202 printf("%02x", seed[i]);
203 printf(" ");
204 }
205
206 /* generate 16 bytes of pseudo-random value. */
207 bzero(&ctxt, sizeof(ctxt));
208 SHA1Init(&ctxt);
209 SHA1Update(&ctxt, seed, sizeof(seed));
210 SHA1Final(digest, &ctxt);
211
212 /*
213 * RFC 4941 3.2.1. (3)
214 * Take the left-most 64-bits of the SHA1 digest and set bit 6 (the
215 * left-most bit is numbered 0) to zero.
216 */
217 bcopy(digest, ret, 8);
218 ret[0] &= ~ND6_EUI64_UBIT;
219
220 /*
221 * XXX: we'd like to ensure that the generated value is not zero
222 * for simplicity. If the caclculated digest happens to be zero,
223 * use a random non-zero value as the last resort.
224 */
225 if (bcmp(nullbuf, ret, sizeof(nullbuf)) == 0) {
226 nd6log((LOG_INFO,
227 "generate_tmp_ifid: computed SHA1 value is zero.\n"));
228
229 microtime(&tv);
230 val32 = random() ^ tv.tv_usec;
231 val32 = 1 + (val32 % (0xffffffff - 1));
232 }
233
234 /*
235 * RFC 4941 3.2.1. (4)
236 * Take the next 64-bits of the SHA1 digest and save them in
237 * stable storage as the history value to be used in the next
238 * iteration of the algorithm.
239 */
240 bcopy(&digest[8], seed0, 8);
241
242 if (0) { /* for debugging purposes only */
243 int i;
244
245 printf("to: ");
246 for (i = 0; i < 16; i++)
247 printf("%02x", digest[i]);
248 printf("\n");
249 }
250
251 return 0;
252 }
253
254 /*
255 * Get interface identifier for the specified interface.
256 * XXX assumes single sockaddr_dl (AF_LINK address) per an interface
257 *
258 * in6 - upper 64bits are preserved
259 */
260 int
261 in6_get_hw_ifid(
262 struct ifnet *ifp,
263 struct in6_addr *in6) /* upper 64bits are preserved */
264 {
265 struct ifaddr *ifa = NULL;
266 struct sockaddr_dl *sdl;
267 u_int8_t *addr;
268 size_t addrlen;
269 static u_int8_t allzero[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
270 static u_int8_t allone[8] =
271 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
272 int err = -1;
273
274 /* Why doesn't this code use ifnet_addrs? */
275 ifnet_lock_shared(ifp);
276 ifa = ifp->if_lladdr;
277 sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
278 if (sdl->sdl_alen == 0) {
279 ifnet_lock_done(ifp);
280 return (-1);
281 }
282 IFA_ADDREF(ifa); /* for this routine */
283 ifnet_lock_done(ifp);
284
285 IFA_LOCK(ifa);
286 addr = (u_int8_t *) LLADDR(sdl);
287 addrlen = sdl->sdl_alen;
288
289 /* get EUI64 */
290 switch (ifp->if_type) {
291 case IFT_ETHER:
292 case IFT_FDDI:
293 case IFT_ISO88025:
294 case IFT_ATM:
295 case IFT_IEEE1394:
296 case IFT_L2VLAN:
297 case IFT_IEEE8023ADLAG:
298 #if IFT_IEEE80211
299 case IFT_IEEE80211:
300 #endif
301 case IFT_BRIDGE:
302 /* IEEE802/EUI64 cases - what others? */
303 /* IEEE1394 uses 16byte length address starting with EUI64 */
304 if (addrlen > 8)
305 addrlen = 8;
306
307 /* look at IEEE802/EUI64 only */
308 if (addrlen != 8 && addrlen != 6)
309 goto done;
310
311 /*
312 * check for invalid MAC address - on bsdi, we see it a lot
313 * since wildboar configures all-zero MAC on pccard before
314 * card insertion.
315 */
316 if (bcmp(addr, allzero, addrlen) == 0)
317 goto done;
318 if (bcmp(addr, allone, addrlen) == 0)
319 goto done;
320
321 /* make EUI64 address */
322 if (addrlen == 8)
323 bcopy(addr, &in6->s6_addr[8], 8);
324 else if (addrlen == 6) {
325 in6->s6_addr[8] = addr[0];
326 in6->s6_addr[9] = addr[1];
327 in6->s6_addr[10] = addr[2];
328 in6->s6_addr[11] = 0xff;
329 in6->s6_addr[12] = 0xfe;
330 in6->s6_addr[13] = addr[3];
331 in6->s6_addr[14] = addr[4];
332 in6->s6_addr[15] = addr[5];
333 }
334 break;
335
336 case IFT_ARCNET:
337 if (addrlen != 1)
338 goto done;
339 if (!addr[0])
340 goto done;
341
342 bzero(&in6->s6_addr[8], 8);
343 in6->s6_addr[15] = addr[0];
344
345 /*
346 * due to insufficient bitwidth, we mark it local.
347 */
348 in6->s6_addr[8] &= ~ND6_EUI64_GBIT; /* g bit to "individual" */
349 in6->s6_addr[8] |= ND6_EUI64_UBIT; /* u bit to "local" */
350 break;
351
352 case IFT_GIF:
353 #if IFT_STF
354 case IFT_STF:
355 #endif
356 /*
357 * RFC2893 says: "SHOULD use IPv4 address as ifid source".
358 * however, IPv4 address is not very suitable as unique
359 * identifier source (can be renumbered).
360 * we don't do this.
361 */
362 goto done;
363
364 case IFT_CELLULAR:
365 goto done;
366
367 default:
368 goto done;
369 }
370
371 /* sanity check: g bit must not indicate "group" */
372 if (ND6_EUI64_GROUP(in6))
373 goto done;
374
375 /* convert EUI64 into IPv6 interface identifier */
376 ND6_EUI64_TO_IFID(in6);
377
378 /*
379 * sanity check: ifid must not be all zero, avoid conflict with
380 * subnet router anycast
381 */
382 if ((in6->s6_addr[8] & ~(ND6_EUI64_GBIT | ND6_EUI64_UBIT)) == 0x00 &&
383 bcmp(&in6->s6_addr[9], allzero, 7) == 0) {
384 goto done;
385 }
386
387 err = 0; /* found */
388
389 done:
390 /* This must not be the last reference to the lladdr */
391 if (IFA_REMREF_LOCKED(ifa) == NULL) {
392 panic("%s: unexpected (missing) refcnt ifa=%p", __func__, ifa);
393 /* NOTREACHED */
394 }
395 IFA_UNLOCK(ifa);
396 return (err);
397 }
398
399 /*
400 * Get interface identifier for the specified interface. If it is not
401 * available on ifp0, borrow interface identifier from other information
402 * sources.
403 *
404 * altifp - secondary EUI64 source
405 */
406 static int
407 get_ifid(
408 struct ifnet *ifp0,
409 struct ifnet *altifp, /* secondary EUI64 source */
410 struct in6_addr *in6)
411 {
412 struct ifnet *ifp;
413
414 /* first, try to get it from the interface itself */
415 if (in6_get_hw_ifid(ifp0, in6) == 0) {
416 nd6log((LOG_DEBUG, "%s: got interface identifier from itself\n",
417 if_name(ifp0)));
418 goto success;
419 }
420
421 /* try secondary EUI64 source. this basically is for ATM PVC */
422 if (altifp && in6_get_hw_ifid(altifp, in6) == 0) {
423 nd6log((LOG_DEBUG, "%s: got interface identifier from %s\n",
424 if_name(ifp0), if_name(altifp)));
425 goto success;
426 }
427
428 /* next, try to get it from some other hardware interface */
429 ifnet_head_lock_shared();
430 TAILQ_FOREACH(ifp, &ifnet_head, if_list) {
431 if (ifp == ifp0)
432 continue;
433 if (in6_get_hw_ifid(ifp, in6) != 0)
434 continue;
435
436 /*
437 * to borrow ifid from other interface, ifid needs to be
438 * globally unique
439 */
440 if (ND6_IFID_UNIVERSAL(in6)) {
441 nd6log((LOG_DEBUG,
442 "%s: borrow interface identifier from %s\n",
443 if_name(ifp0), if_name(ifp)));
444 ifnet_head_done();
445 goto success;
446 }
447 }
448 ifnet_head_done();
449
450 /* last resort: get from random number source */
451 if (get_rand_ifid(ifp, in6) == 0) {
452 nd6log((LOG_DEBUG,
453 "%s: interface identifier generated by random number\n",
454 if_name(ifp0)));
455 goto success;
456 }
457
458 printf("%s: failed to get interface identifier\n", if_name(ifp0));
459 return -1;
460
461 success:
462 nd6log((LOG_INFO, "%s: ifid: "
463 "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
464 if_name(ifp0),
465 in6->s6_addr[8], in6->s6_addr[9],
466 in6->s6_addr[10], in6->s6_addr[11],
467 in6->s6_addr[12], in6->s6_addr[13],
468 in6->s6_addr[14], in6->s6_addr[15]));
469 return 0;
470 }
471
472 static int
473 in6_ifattach_linklocal(
474 struct ifnet *ifp,
475 struct ifnet *altifp, /* secondary EUI64 source */
476 struct in6_aliasreq *ifra_passed)
477 {
478 struct in6_ifaddr *ia;
479 struct in6_aliasreq ifra;
480 struct nd_prefix pr0, *pr;
481 int i, error;
482
483 /*
484 * configure link-local address.
485 */
486 bzero(&ifra, sizeof(ifra));
487
488 proto_plumb(PF_INET6, ifp);
489
490 /*
491 * in6_update_ifa() does not use ifra_name, but we accurately set it
492 * for safety.
493 */
494 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
495
496 if ((ifp->if_eflags & IFEF_NOAUTOIPV6LL) != 0 &&
497 ifra_passed != NULL) /* interface provided both addresses for us */
498 bcopy(&ifra_passed->ifra_addr, &(ifra.ifra_addr), sizeof(struct sockaddr_in6));
499 else {
500 ifra.ifra_addr.sin6_family = AF_INET6;
501 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
502 ifra.ifra_addr.sin6_addr.s6_addr16[0] = htons(0xfe80);
503 ifra.ifra_addr.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
504 ifra.ifra_addr.sin6_addr.s6_addr32[1] = 0;
505 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
506 ifra.ifra_addr.sin6_addr.s6_addr32[2] = 0;
507 ifra.ifra_addr.sin6_addr.s6_addr32[3] = htonl(1);
508 } else {
509 if (get_ifid(ifp, altifp, &ifra.ifra_addr.sin6_addr) != 0) {
510 nd6log((LOG_ERR,
511 " %s: no ifid available\n", if_name(ifp)));
512 return EADDRNOTAVAIL;
513 }
514 }
515 }
516 if (in6_setscope(&ifra.ifra_addr.sin6_addr, ifp, NULL))
517 return (EADDRNOTAVAIL);
518
519 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
520 ifra.ifra_prefixmask.sin6_family = AF_INET6;
521 ifra.ifra_prefixmask.sin6_addr = in6mask64;
522 /* link-local addresses should NEVER expire. */
523 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
524 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
525
526 /*
527 * Now call in6_update_ifa() to do a bunch of procedures to configure
528 * a link-local address. We can set the 3rd argument to NULL, because
529 * we know there's no other link-local address on the interface
530 * and therefore we are adding one (instead of updating one).
531 */
532 if ((error = in6_update_ifa(ifp, &ifra, NULL,
533 IN6_IFAUPDATE_DADDELAY, M_WAITOK)) != 0) {
534 /*
535 * XXX: When the interface does not support IPv6, this call
536 * would fail in the SIOCSIFADDR ioctl. I believe the
537 * notification is rather confusing in this case, so just
538 * suppress it. (jinmei@kame.net 20010130)
539 */
540 if (error != EAFNOSUPPORT)
541 nd6log((LOG_NOTICE, "in6_ifattach_linklocal: failed to "
542 "configure a link-local address on %s "
543 "(errno=%d)\n",
544 if_name(ifp), error));
545 return (EADDRNOTAVAIL);
546 }
547
548 ia = in6ifa_ifpforlinklocal(ifp, 0); /* ia must not be NULL */
549 #if DIAGNOSTIC
550 if (!ia) {
551 panic("ia == NULL in in6_ifattach_linklocal");
552 /*NOTREACHED*/
553 }
554 #endif
555 /*
556 * Make the link-local prefix (fe80::%link/64) as on-link.
557 * Since we'd like to manage prefixes separately from addresses,
558 * we make an ND6 prefix structure for the link-local prefix,
559 * and add it to the prefix list as a never-expire prefix.
560 * XXX: this change might affect some existing code base...
561 */
562 bzero(&pr0, sizeof(pr0));
563 lck_mtx_init(&pr0.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
564 pr0.ndpr_ifp = ifp;
565 /* this should be 64 at this moment. */
566 pr0.ndpr_plen = in6_mask2len(&ifra.ifra_prefixmask.sin6_addr, NULL);
567 pr0.ndpr_mask = ifra.ifra_prefixmask.sin6_addr;
568 pr0.ndpr_prefix = ifra.ifra_addr;
569 /* apply the mask for safety. (nd6_prelist_add will apply it again) */
570 for (i = 0; i < 4; i++) {
571 pr0.ndpr_prefix.sin6_addr.s6_addr32[i] &=
572 in6mask64.s6_addr32[i];
573 }
574 /*
575 * Initialize parameters. The link-local prefix must always be
576 * on-link, and its lifetimes never expire.
577 */
578 pr0.ndpr_raf_onlink = 1;
579 pr0.ndpr_raf_auto = 1; /* probably meaningless */
580 pr0.ndpr_vltime = ND6_INFINITE_LIFETIME;
581 pr0.ndpr_pltime = ND6_INFINITE_LIFETIME;
582 pr0.ndpr_stateflags |= NDPRF_STATIC;
583 /*
584 * Since there is no other link-local addresses, nd6_prefix_lookup()
585 * probably returns NULL. However, we cannot always expect the result.
586 * For example, if we first remove the (only) existing link-local
587 * address, and then reconfigure another one, the prefix is still
588 * valid with referring to the old link-local address.
589 */
590 if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
591 if ((error = nd6_prelist_add(&pr0, NULL, &pr, TRUE)) != 0) {
592 IFA_REMREF(&ia->ia_ifa);
593 lck_mtx_destroy(&pr0.ndpr_lock, ifa_mtx_grp);
594 return(error);
595 }
596 }
597
598 if (ia != NULL) {
599 in6_post_msg(ifp, KEV_INET6_NEW_LL_ADDR, ia);
600 IFA_REMREF(&ia->ia_ifa);
601 }
602
603 /* Drop use count held above during lookup/add */
604 if (pr != NULL)
605 NDPR_REMREF(pr);
606
607 lck_mtx_destroy(&pr0.ndpr_lock, ifa_mtx_grp);
608
609 return 0;
610 }
611
612 static int
613 in6_ifattach_loopback(
614 struct ifnet *ifp) /* must be IFT_LOOP */
615 {
616 struct in6_aliasreq ifra;
617 int error;
618
619 bzero(&ifra, sizeof(ifra));
620
621 /*
622 * in6_update_ifa() does not use ifra_name, but we accurately set it
623 * for safety.
624 */
625 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
626
627 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
628 ifra.ifra_prefixmask.sin6_family = AF_INET6;
629 ifra.ifra_prefixmask.sin6_addr = in6mask128;
630
631 /*
632 * Always initialize ia_dstaddr (= broadcast address) to loopback
633 * address. Follows IPv4 practice - see in_ifinit().
634 */
635 ifra.ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6);
636 ifra.ifra_dstaddr.sin6_family = AF_INET6;
637 ifra.ifra_dstaddr.sin6_addr = in6addr_loopback;
638
639 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
640 ifra.ifra_addr.sin6_family = AF_INET6;
641 ifra.ifra_addr.sin6_addr = in6addr_loopback;
642
643 /* the loopback address should NEVER expire. */
644 ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
645 ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
646
647 /* we don't need to perform DAD on loopback interfaces. */
648 ifra.ifra_flags |= IN6_IFF_NODAD;
649
650 /* skip registration to the prefix list. XXX should be temporary. */
651 ifra.ifra_flags |= IN6_IFF_NOPFX;
652
653 /*
654 * We are sure that this is a newly assigned address, so we can set
655 * NULL to the 3rd arg.
656 */
657 if ((error = in6_update_ifa(ifp, &ifra, NULL, 0, M_WAITOK)) != 0) {
658 nd6log((LOG_ERR, "in6_ifattach_loopback: failed to configure "
659 "the loopback address on %s (errno=%d)\n",
660 if_name(ifp), error));
661 return (EADDRNOTAVAIL);
662 }
663
664 return 0;
665 }
666
667 /*
668 * compute NI group address, based on the current hostname setting.
669 * see draft-ietf-ipngwg-icmp-name-lookup-* (04 and later).
670 *
671 * when ifp == NULL, the caller is responsible for filling scopeid.
672 */
673 int
674 in6_nigroup(
675 struct ifnet *ifp,
676 const char *name,
677 int namelen,
678 struct in6_addr *in6)
679 {
680 const char *p;
681 u_char *q;
682 SHA1_CTX ctxt;
683 u_int8_t digest[SHA1_RESULTLEN];
684 char l;
685 char n[64]; /* a single label must not exceed 63 chars */
686
687 if (!namelen || !name)
688 return -1;
689
690 p = name;
691 while (p && *p && *p != '.' && p - name < namelen)
692 p++;
693 if (p - name > sizeof(n) - 1)
694 return -1; /* label too long */
695 l = p - name;
696 strncpy(n, name, l);
697 n[(int)l] = '\0';
698 for (q = (u_char *) n; *q; q++) {
699 if ('A' <= *q && *q <= 'Z')
700 *q = *q - 'A' + 'a';
701 }
702
703 /* generate 8 bytes of pseudo-random value. */
704 bzero(&ctxt, sizeof(ctxt));
705 SHA1Init(&ctxt);
706 SHA1Update(&ctxt, &l, sizeof(l));
707 SHA1Update(&ctxt, n, l);
708 SHA1Final(digest, &ctxt);
709
710 bzero(in6, sizeof(*in6));
711 in6->s6_addr16[0] = IPV6_ADDR_INT16_MLL;
712 in6->s6_addr8[11] = 2;
713 bcopy(digest, &in6->s6_addr32[3], sizeof(in6->s6_addr32[3]));
714 if (in6_setscope(in6, ifp, NULL))
715 return (-1); /* XXX: should not fail */
716
717 return 0;
718 }
719
720 int
721 in6_domifattach(struct ifnet *ifp)
722 {
723 int error = 0;
724
725 if ((error = proto_plumb(PF_INET6, ifp))) {
726 if (error != EEXIST)
727 log(LOG_ERR, "%s: proto_plumb returned %d if=%s%d\n",
728 __func__, error, ifp->if_name, ifp->if_unit);
729 } else {
730 nd6_ifattach(ifp);
731 scope6_ifattach(ifp);
732 }
733
734 return (error);
735 }
736
737
738 /*
739 * XXX multiple loopback interface needs more care. for instance,
740 * nodelocal address needs to be configured onto only one of them.
741 * XXX multiple link-local address case
742 */
743 int
744 in6_ifattach(
745 struct ifnet *ifp,
746 struct ifnet *altifp, /* secondary EUI64 source */
747 struct in6_aliasreq *ifra)
748 {
749 static size_t if_indexlim = 8;
750 struct in6_ifaddr *ia;
751 struct in6_addr in6;
752 int error;
753 void *buf;
754
755 lck_rw_lock_exclusive(&in6_ifs_rwlock);
756 /*
757 * We have some arrays that should be indexed by if_index.
758 * since if_index will grow dynamically, they should grow too.
759 * struct in6_ifstat **in6_ifstat
760 * struct icmp6_ifstat **icmp6_ifstat
761 */
762 if (in6_ifstat == NULL || icmp6_ifstat == NULL ||
763 if_index >= if_indexlim) {
764 while (if_index >= if_indexlim)
765 if_indexlim <<= 1;
766 }
767
768 /* grow in6_ifstat */
769 if (in6_ifstatmax < if_indexlim) {
770 size_t n;
771 caddr_t q;
772
773 n = if_indexlim * sizeof(struct in6_ifstat *);
774 q = (caddr_t)_MALLOC(n, M_IFADDR, M_WAITOK|M_ZERO);
775 if (q == NULL) {
776 lck_rw_done(&in6_ifs_rwlock);
777 return ENOBUFS;
778 }
779 if (in6_ifstat) {
780 bcopy((caddr_t)in6_ifstat, q,
781 in6_ifstatmax * sizeof(struct in6_ifstat *));
782 FREE((caddr_t)in6_ifstat, M_IFADDR);
783 }
784 in6_ifstat = (struct in6_ifstat **)(void *)q;
785 in6_ifstatmax = if_indexlim;
786 }
787
788 if (in6_ifstat[ifp->if_index] == NULL) {
789 buf = _MALLOC(IN6_IFSTAT_ALLOC_SIZE, M_IFADDR, M_WAITOK);
790 if (buf == NULL) {
791 lck_rw_done(&in6_ifs_rwlock);
792 return ENOBUFS;
793 }
794 bzero(buf, IN6_IFSTAT_ALLOC_SIZE);
795 in6_ifstat[ifp->if_index] = (struct in6_ifstat *)
796 P2ROUNDUP((intptr_t)buf + sizeof(void *), sizeof(uint64_t));
797 VERIFY(IS_P2ALIGNED(in6_ifstat[ifp->if_index], sizeof(uint64_t)));
798 }
799 lck_rw_done(&in6_ifs_rwlock);
800
801 lck_rw_lock_exclusive(&icmp6_ifs_rwlock);
802 if (icmp6_ifstatmax < if_indexlim) {
803 size_t n;
804 caddr_t q;
805
806 n = if_indexlim * sizeof(struct icmp6_ifstat *);
807 q = (caddr_t)_MALLOC(n, M_IFADDR, M_WAITOK|M_ZERO);
808 if (q == NULL) {
809 lck_rw_done(&icmp6_ifs_rwlock);
810 return ENOBUFS;
811 }
812 if (icmp6_ifstat) {
813 bcopy((caddr_t)icmp6_ifstat, q,
814 icmp6_ifstatmax * sizeof(struct icmp6_ifstat *));
815 FREE((caddr_t)icmp6_ifstat, M_IFADDR);
816 }
817 icmp6_ifstat = (struct icmp6_ifstat **)(void *)q;
818 icmp6_ifstatmax = if_indexlim;
819 }
820
821 if (icmp6_ifstat[ifp->if_index] == NULL) {
822 buf = _MALLOC(ICMP6_IFSTAT_ALLOC_SIZE, M_IFADDR, M_WAITOK);
823 if (buf == NULL) {
824 lck_rw_done(&icmp6_ifs_rwlock);
825 return ENOBUFS;
826 }
827 bzero(buf, ICMP6_IFSTAT_ALLOC_SIZE);
828 icmp6_ifstat[ifp->if_index] = (struct icmp6_ifstat *)
829 P2ROUNDUP((intptr_t)buf + sizeof(void *), sizeof(uint64_t));
830 VERIFY(IS_P2ALIGNED(icmp6_ifstat[ifp->if_index], sizeof(uint64_t)));
831 }
832 lck_rw_done(&icmp6_ifs_rwlock);
833
834 /* initialize NDP variables */
835 if ((error = nd6_ifattach(ifp)) != 0)
836 return error;
837
838 /* initialize scope identifiers */
839 if ((error = scope6_ifattach(ifp)) != 0)
840 return error;
841
842 /*
843 * quirks based on interface type
844 */
845 switch (ifp->if_type) {
846 #if IFT_STF
847 case IFT_STF:
848 /*
849 * 6to4 interface is a very special kind of beast.
850 * no multicast, no linklocal. RFC2529 specifies how to make
851 * linklocals for 6to4 interface, but there's no use and
852 * it is rather harmful to have one.
853 */
854 goto statinit;
855 #endif
856 default:
857 break;
858 }
859
860 /*
861 * usually, we require multicast capability to the interface
862 */
863 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
864 nd6log((LOG_INFO, "in6_ifattach: ",
865 "%s is not multicast capable, IPv6 not enabled\n",
866 if_name(ifp)));
867 return EINVAL;
868 }
869
870 /*
871 * assign loopback address for loopback interface.
872 * XXX multiple loopback interface case.
873 */
874 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
875 struct in6_ifaddr *ia6 = NULL;
876 if (!OSCompareAndSwap(0, 1, (UInt32 *)&loopattach6_done)) {
877 in6 = in6addr_loopback;
878 if ((ia6 = in6ifa_ifpwithaddr(ifp, &in6)) == NULL) {
879 if (in6_ifattach_loopback(ifp) != 0) {
880 OSCompareAndSwap(1, 0, (UInt32 *)&loopattach6_done);
881 return EINVAL;
882 }
883 }
884 else {
885 IFA_REMREF(&ia6->ia_ifa);
886 }
887 }
888 }
889
890 /*
891 * assign a link-local address, if there's none.
892 */
893 if (ip6_auto_linklocal) {
894 ia = in6ifa_ifpforlinklocal(ifp, 0);
895 if (ia == NULL) {
896 if (in6_ifattach_linklocal(ifp, altifp, ifra) == 0) {
897 /* linklocal address assigned */
898 } else {
899 nd6log((LOG_INFO, "in6_ifattach: %s failed to "
900 "attach a linklocal address.\n",
901 if_name(ifp)));
902 /* failed to assign linklocal address. bark? */
903 }
904 } else {
905 IFA_REMREF(&ia->ia_ifa);
906 }
907 }
908
909 #if IFT_STF /* XXX */
910 statinit:
911 #endif
912
913 /* update dynamically. */
914 if (in6_maxmtu < ifp->if_mtu)
915 in6_maxmtu = ifp->if_mtu;
916
917 return 0;
918 }
919
920 /*
921 * NOTE: in6_ifdetach() does not support loopback if at this moment.
922 */
923 void
924 in6_ifdetach(struct ifnet *ifp)
925 {
926 struct in6_ifaddr *ia, *oia;
927 struct ifaddr *ifa;
928 struct rtentry *rt;
929 struct sockaddr_in6 sin6;
930 struct in6_multi_mship *imm;
931 int unlinked;
932
933 lck_mtx_assert(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
934
935 /* remove neighbor management table */
936 nd6_purge(ifp);
937
938 /* nuke any of IPv6 addresses we have */
939 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
940 ia = in6_ifaddrs;
941 while (ia != NULL) {
942 if (ia->ia_ifa.ifa_ifp != ifp) {
943 ia = ia->ia_next;
944 continue;
945 }
946 IFA_ADDREF(&ia->ia_ifa); /* for us */
947 lck_rw_done(&in6_ifaddr_rwlock);
948 in6_purgeaddr(&ia->ia_ifa);
949 IFA_REMREF(&ia->ia_ifa); /* for us */
950 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
951 /*
952 * Purging the address caused in6_ifaddr_rwlock
953 * to be dropped and reacquired;
954 * therefore search again from the beginning
955 * of in6_ifaddrs list.
956 */
957 ia = in6_ifaddrs;
958 }
959 lck_rw_done(&in6_ifaddr_rwlock);
960
961 ifnet_lock_exclusive(ifp);
962
963 /* undo everything done by in6_ifattach(), just in case */
964 ifa = TAILQ_FIRST(&ifp->if_addrlist);
965 while (ifa != NULL) {
966 IFA_LOCK(ifa);
967 if (ifa->ifa_addr->sa_family != AF_INET6 ||
968 !IN6_IS_ADDR_LINKLOCAL(&satosin6(&ifa->ifa_addr)->
969 sin6_addr)) {
970 IFA_UNLOCK(ifa);
971 ifa = TAILQ_NEXT(ifa, ifa_list);
972 continue;
973 }
974
975 ia = (struct in6_ifaddr *)ifa;
976
977 /* hold a reference for this routine */
978 IFA_ADDREF_LOCKED(ifa);
979 /* remove from the linked list */
980 if_detach_ifa(ifp, ifa);
981 IFA_UNLOCK(ifa);
982
983 /*
984 * Leaving the multicast group(s) may involve freeing the
985 * link address multicast structure(s) for the interface,
986 * which is protected by ifnet lock. To avoid violating
987 * lock ordering, we must drop ifnet lock before doing so.
988 * The ifa won't go away since we held a refcnt above.
989 */
990 ifnet_lock_done(ifp);
991
992 /*
993 * We have to do this work manually here instead of calling
994 * in6_purgeaddr() since in6_purgeaddr() uses the RTM_HOST flag.
995 */
996
997 /*
998 * leave from multicast groups we have joined for the interface
999 */
1000 IFA_LOCK(ifa);
1001 while ((imm = ia->ia6_memberships.lh_first) != NULL) {
1002 LIST_REMOVE(imm, i6mm_chain);
1003 IFA_UNLOCK(ifa);
1004 in6_leavegroup(imm);
1005 IFA_LOCK(ifa);
1006 }
1007
1008 /* remove from the routing table */
1009 if (ia->ia_flags & IFA_ROUTE) {
1010 IFA_UNLOCK(ifa);
1011 rt = rtalloc1((struct sockaddr *)&ia->ia_addr, 0, 0);
1012 if (rt != NULL) {
1013 (void) rtrequest(RTM_DELETE,
1014 (struct sockaddr *)&ia->ia_addr,
1015 (struct sockaddr *)&ia->ia_addr,
1016 (struct sockaddr *)&ia->ia_prefixmask,
1017 rt->rt_flags, (struct rtentry **)0);
1018 rtfree(rt);
1019 }
1020 } else {
1021 IFA_UNLOCK(ifa);
1022 }
1023
1024 /* also remove from the IPv6 address chain(itojun&jinmei) */
1025 unlinked = 1;
1026 oia = ia;
1027 lck_rw_lock_exclusive(&in6_ifaddr_rwlock);
1028 if (oia == (ia = in6_ifaddrs)) {
1029 in6_ifaddrs = ia->ia_next;
1030 } else {
1031 while (ia->ia_next && (ia->ia_next != oia))
1032 ia = ia->ia_next;
1033 if (ia->ia_next) {
1034 ia->ia_next = oia->ia_next;
1035 } else {
1036 nd6log((LOG_ERR,
1037 "%s: didn't unlink in6ifaddr from "
1038 "list\n", if_name(ifp)));
1039 unlinked = 0;
1040 }
1041 }
1042 lck_rw_done(&in6_ifaddr_rwlock);
1043
1044 ifa = &oia->ia_ifa;
1045 /*
1046 * release another refcnt for the link from in6_ifaddrs.
1047 * Do this only if it's not already unlinked in the event
1048 * that we lost the race, since in6_ifaddr_rwlock was momentarily
1049 * dropped above.
1050 */
1051 if (unlinked)
1052 IFA_REMREF(ifa);
1053 /* release reference held for this routine */
1054 IFA_REMREF(ifa);
1055
1056 /*
1057 * This is suboptimal, but since we dropped ifnet lock above
1058 * the list might have changed. Repeat the search from the
1059 * beginning until we find the first eligible IPv6 address.
1060 */
1061 ifnet_lock_exclusive(ifp);
1062 ifa = TAILQ_FIRST(&ifp->if_addrlist);
1063 }
1064 ifnet_lock_done(ifp);
1065
1066 /*
1067 * remove neighbor management table. we call it twice just to make
1068 * sure we nuke everything. maybe we need just one call.
1069 * XXX: since the first call did not release addresses, some prefixes
1070 * might remain. We should call nd6_purge() again to release the
1071 * prefixes after removing all addresses above.
1072 * (Or can we just delay calling nd6_purge until at this point?)
1073 */
1074 nd6_purge(ifp);
1075
1076 /* remove route to link-local allnodes multicast (ff02::1) */
1077 bzero(&sin6, sizeof(sin6));
1078 sin6.sin6_len = sizeof(struct sockaddr_in6);
1079 sin6.sin6_family = AF_INET6;
1080 sin6.sin6_addr = in6addr_linklocal_allnodes;
1081 sin6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
1082 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
1083 if (rt != NULL) {
1084 RT_LOCK(rt);
1085 if (rt->rt_ifp == ifp) {
1086 /*
1087 * Prevent another thread from modifying rt_key,
1088 * rt_gateway via rt_setgate() after the rt_lock
1089 * is dropped by marking the route as defunct.
1090 */
1091 rt->rt_flags |= RTF_CONDEMNED;
1092 RT_UNLOCK(rt);
1093 (void) rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway,
1094 rt_mask(rt), rt->rt_flags, 0);
1095 } else {
1096 RT_UNLOCK(rt);
1097 }
1098 rtfree(rt);
1099 }
1100 }
1101
1102 void
1103 in6_get_tmpifid(
1104 struct ifnet *ifp,
1105 u_int8_t *retbuf,
1106 const u_int8_t *baseid,
1107 int generate)
1108 {
1109 u_int8_t nullbuf[8];
1110 struct nd_ifinfo *ndi;
1111
1112 lck_rw_lock_shared(nd_if_rwlock);
1113 ndi = ND_IFINFO(ifp);
1114 VERIFY(ndi != NULL && ndi->initialized);
1115 lck_mtx_lock(&ndi->lock);
1116 bzero(nullbuf, sizeof(nullbuf));
1117 if (bcmp(ndi->randomid, nullbuf, sizeof(nullbuf)) == 0) {
1118 /* we've never created a random ID. Create a new one. */
1119 generate = 1;
1120 }
1121
1122 if (generate) {
1123 bcopy(baseid, ndi->randomseed1, sizeof(ndi->randomseed1));
1124
1125 /* generate_tmp_ifid will update seedn and buf */
1126 (void)generate_tmp_ifid(ndi->randomseed0, ndi->randomseed1,
1127 ndi->randomid);
1128 }
1129 bcopy(ndi->randomid, retbuf, 8);
1130 lck_mtx_unlock(&ndi->lock);
1131 lck_rw_done(nd_if_rwlock);
1132 }
1133
1134 void
1135 in6_tmpaddrtimer(void *arg)
1136 {
1137 #pragma unused(arg)
1138 int i;
1139 struct nd_ifinfo *ndi;
1140 u_int8_t nullbuf[8];
1141
1142 timeout(in6_tmpaddrtimer, (caddr_t)0,
1143 (ip6_temp_preferred_lifetime - ip6_desync_factor -
1144 ip6_temp_regen_advance) * hz);
1145
1146 lck_rw_lock_shared(nd_if_rwlock);
1147 bzero(nullbuf, sizeof(nullbuf));
1148 for (i = 1; i < if_index + 1; i++) {
1149 if (!nd_ifinfo || i >= nd_ifinfo_indexlim)
1150 break;
1151 ndi = &nd_ifinfo[i];
1152 if (!ndi->initialized)
1153 continue;
1154 lck_mtx_lock(&ndi->lock);
1155 if (bcmp(ndi->randomid, nullbuf, sizeof(nullbuf)) != 0) {
1156 /*
1157 * We've been generating a random ID on this interface.
1158 * Create a new one.
1159 */
1160 (void)generate_tmp_ifid(ndi->randomseed0,
1161 ndi->randomseed1,
1162 ndi->randomid);
1163 }
1164 lck_mtx_unlock(&ndi->lock);
1165 }
1166 lck_rw_done(nd_if_rwlock);
1167 }
mirror of XNU