1
/*-
2
 * SPDX-License-Identifier: BSD-3-Clause
3
 *
4
 * Copyright (C) 2000 WIDE Project.
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 * 3. Neither the name of the project nor the names of its contributors
16
 *    may be used to endorse or promote products derived from this software
17
 *    without specific prior written permission.
18
 *
19
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29
 * SUCH DAMAGE.
30
 *
31
 *	$KAME: scope6.c,v 1.10 2000/07/24 13:29:31 itojun Exp $
32
 */
33

34
#include <sys/param.h>
35
#include <sys/malloc.h>
36
#include <sys/mbuf.h>
37
#include <sys/socket.h>
38
#include <sys/sockio.h>
39
#include <sys/systm.h>
40
#include <sys/queue.h>
41
#include <sys/sysctl.h>
42
#include <sys/syslog.h>
43

44
#include <net/if.h>
45
#include <net/if_var.h>
46
#include <net/if_private.h>
47
#include <net/vnet.h>
48

49
#include <netinet/in.h>
50

51
#include <netinet/ip6.h>
52
#include <netinet6/in6_var.h>
53
#include <netinet6/ip6_var.h>
54
#include <netinet6/scope6_var.h>
55

56
#ifdef ENABLE_DEFAULT_SCOPE
57
VNET_DEFINE(int, ip6_use_defzone) = 1;
58
#else
59
VNET_DEFINE(int, ip6_use_defzone) = 0;
60
#endif
61
SYSCTL_DECL(_net_inet6_ip6);
62

63
/*
64
 * The scope6_lock protects the global sid default stored in
65
 * sid_default below.
66
 */
67
static struct mtx scope6_lock;
68
#define	SCOPE6_LOCK_INIT()	mtx_init(&scope6_lock, "scope6_lock", NULL, MTX_DEF)
69
#define	SCOPE6_LOCK()		mtx_lock(&scope6_lock)
70
#define	SCOPE6_UNLOCK()		mtx_unlock(&scope6_lock)
71
#define	SCOPE6_LOCK_ASSERT()	mtx_assert(&scope6_lock, MA_OWNED)
72

73
VNET_DEFINE_STATIC(struct scope6_id, sid_default);
74
#define	V_sid_default			VNET(sid_default)
75

76
#define SID(ifp) \
77
	(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->scope6_id)
78

79
static int	scope6_get(struct ifnet *, struct scope6_id *);
80
static int	scope6_set(struct ifnet *, struct scope6_id *);
81

82
void
83
scope6_init(void)
84
{
85

86
	bzero(&V_sid_default, sizeof(V_sid_default));
87

88
	if (!IS_DEFAULT_VNET(curvnet))
89
		return;
90

91
	SCOPE6_LOCK_INIT();
92
}
93

94
struct scope6_id *
95
scope6_ifattach(struct ifnet *ifp)
96
{
97
	struct scope6_id *sid;
98

99
	sid = malloc(sizeof(*sid), M_IFADDR, M_WAITOK | M_ZERO);
100
	/*
101
	 * XXX: IPV6_ADDR_SCOPE_xxx macros are not standard.
102
	 * Should we rather hardcode here?
103
	 */
104
	sid->s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = ifp->if_index;
105
	sid->s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = ifp->if_index;
106
	return (sid);
107
}
108

109
void
110
scope6_ifdetach(struct scope6_id *sid)
111
{
112

113
	free(sid, M_IFADDR);
114
}
115

116
int
117
scope6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp)
118
{
119
	struct in6_ifreq *ifr;
120

121
	if (ifp->if_afdata[AF_INET6] == NULL)
122
		return (EPFNOSUPPORT);
123

124
	ifr = (struct in6_ifreq *)data;
125
	switch (cmd) {
126
	case SIOCSSCOPE6:
127
		return (scope6_set(ifp,
128
		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
129
	case SIOCGSCOPE6:
130
		return (scope6_get(ifp,
131
		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
132
	case SIOCGSCOPE6DEF:
133
		return (scope6_get_default(
134
		    (struct scope6_id *)ifr->ifr_ifru.ifru_scope_id));
135
	default:
136
		return (EOPNOTSUPP);
137
	}
138
}
139

140
static int
141
scope6_set(struct ifnet *ifp, struct scope6_id *idlist)
142
{
143
	int i;
144
	int error = 0;
145
	struct scope6_id *sid = NULL;
146

147
	IF_AFDATA_WLOCK(ifp);
148
	sid = SID(ifp);
149

150
	if (!sid) {	/* paranoid? */
151
		IF_AFDATA_WUNLOCK(ifp);
152
		return (EINVAL);
153
	}
154

155
	/*
156
	 * XXX: We need more consistency checks of the relationship among
157
	 * scopes (e.g. an organization should be larger than a site).
158
	 */
159

160
	/*
161
	 * TODO(XXX): after setting, we should reflect the changes to
162
	 * interface addresses, routing table entries, PCB entries...
163
	 */
164

165
	for (i = 0; i < 16; i++) {
166
		if (idlist->s6id_list[i] &&
167
		    idlist->s6id_list[i] != sid->s6id_list[i]) {
168
			/*
169
			 * An interface zone ID must be the corresponding
170
			 * interface index by definition.
171
			 */
172
			if (i == IPV6_ADDR_SCOPE_INTFACELOCAL &&
173
			    idlist->s6id_list[i] != ifp->if_index) {
174
				IF_AFDATA_WUNLOCK(ifp);
175
				return (EINVAL);
176
			}
177

178
			if (i == IPV6_ADDR_SCOPE_LINKLOCAL) {
179
				struct epoch_tracker et;
180

181
				NET_EPOCH_ENTER(et);
182
				if (!ifnet_byindex(idlist->s6id_list[i])) {
183
					/*
184
					 * XXX: theoretically, there should be
185
					 * no relationship between link IDs and
186
					 * interface IDs, but we check the
187
					 * consistency for safety in later use.
188
					 */
189
					NET_EPOCH_EXIT(et);
190
					IF_AFDATA_WUNLOCK(ifp);
191
					return (EINVAL);
192
				}
193
				NET_EPOCH_EXIT(et);
194
			}
195

196
			/*
197
			 * XXX: we must need lots of work in this case,
198
			 * but we simply set the new value in this initial
199
			 * implementation.
200
			 */
201
			sid->s6id_list[i] = idlist->s6id_list[i];
202
		}
203
	}
204
	IF_AFDATA_WUNLOCK(ifp);
205

206
	return (error);
207
}
208

209
static int
210
scope6_get(struct ifnet *ifp, struct scope6_id *idlist)
211
{
212
	struct epoch_tracker et;
213
	struct scope6_id *sid;
214

215
	/* We only need to lock the interface's afdata for SID() to work. */
216
	NET_EPOCH_ENTER(et);
217
	sid = SID(ifp);
218
	if (sid == NULL) {	/* paranoid? */
219
		NET_EPOCH_EXIT(et);
220
		return (EINVAL);
221
	}
222

223
	*idlist = *sid;
224

225
	NET_EPOCH_EXIT(et);
226
	return (0);
227
}
228

229
/*
230
 * Get a scope of the address. Node-local, link-local, site-local or global.
231
 */
232
int
233
in6_addrscope(const struct in6_addr *addr)
234
{
235

236
	if (IN6_IS_ADDR_MULTICAST(addr)) {
237
		/*
238
		 * Addresses with reserved value F must be treated as
239
		 * global multicast addresses.
240
		 */
241
		if (IPV6_ADDR_MC_SCOPE(addr) == 0x0f)
242
			return (IPV6_ADDR_SCOPE_GLOBAL);
243
		return (IPV6_ADDR_MC_SCOPE(addr));
244
	}
245
	if (IN6_IS_ADDR_LINKLOCAL(addr) ||
246
	    IN6_IS_ADDR_LOOPBACK(addr))
247
		return (IPV6_ADDR_SCOPE_LINKLOCAL);
248
	if (IN6_IS_ADDR_SITELOCAL(addr))
249
		return (IPV6_ADDR_SCOPE_SITELOCAL);
250
	return (IPV6_ADDR_SCOPE_GLOBAL);
251
}
252

253
/*
254
 * ifp - note that this might be NULL
255
 */
256

257
void
258
scope6_setdefault(struct ifnet *ifp)
259
{
260

261
	/*
262
	 * Currently, this function just sets the default "interfaces"
263
	 * and "links" according to the given interface.
264
	 * We might eventually have to separate the notion of "link" from
265
	 * "interface" and provide a user interface to set the default.
266
	 */
267
	SCOPE6_LOCK();
268
	if (ifp) {
269
		V_sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] =
270
			ifp->if_index;
271
		V_sid_default.s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] =
272
			ifp->if_index;
273
	} else {
274
		V_sid_default.s6id_list[IPV6_ADDR_SCOPE_INTFACELOCAL] = 0;
275
		V_sid_default.s6id_list[IPV6_ADDR_SCOPE_LINKLOCAL] = 0;
276
	}
277
	SCOPE6_UNLOCK();
278
}
279

280
int
281
scope6_get_default(struct scope6_id *idlist)
282
{
283

284
	SCOPE6_LOCK();
285
	*idlist = V_sid_default;
286
	SCOPE6_UNLOCK();
287

288
	return (0);
289
}
290

291
u_int32_t
292
scope6_addr2default(struct in6_addr *addr)
293
{
294
	u_int32_t id;
295

296
	/*
297
	 * special case: The loopback address should be considered as
298
	 * link-local, but there's no ambiguity in the syntax.
299
	 */
300
	if (IN6_IS_ADDR_LOOPBACK(addr))
301
		return (0);
302

303
	/*
304
	 * XXX: 32-bit read is atomic on all our platforms, is it OK
305
	 * not to lock here?
306
	 */
307
	SCOPE6_LOCK();
308
	id = V_sid_default.s6id_list[in6_addrscope(addr)];
309
	SCOPE6_UNLOCK();
310
	return (id);
311
}
312

313
/*
314
 * Validate the specified scope zone ID in the sin6_scope_id field.  If the ID
315
 * is unspecified (=0), needs to be specified, and the default zone ID can be
316
 * used, the default value will be used.
317
 * This routine then generates the kernel-internal form: if the address scope
318
 * of is interface-local or link-local, embed the interface index in the
319
 * address.
320
 */
321
int
322
sa6_embedscope(struct sockaddr_in6 *sin6, int defaultok)
323
{
324
	u_int32_t zoneid;
325

326
	if ((zoneid = sin6->sin6_scope_id) == 0 && defaultok)
327
		zoneid = scope6_addr2default(&sin6->sin6_addr);
328

329
	if (zoneid != 0 &&
330
	    (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
331
	    IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr))) {
332
		struct epoch_tracker et;
333

334
		/*
335
		 * At this moment, we only check interface-local and
336
		 * link-local scope IDs, and use interface indices as the
337
		 * zone IDs assuming a one-to-one mapping between interfaces
338
		 * and links.
339
		 */
340
		NET_EPOCH_ENTER(et);
341
		if (ifnet_byindex(zoneid) == NULL) {
342
			NET_EPOCH_EXIT(et);
343
			return (ENXIO);
344
		}
345
		NET_EPOCH_EXIT(et);
346

347
		/* XXX assignment to 16bit from 32bit variable */
348
		sin6->sin6_addr.s6_addr16[1] = htons(zoneid & 0xffff);
349
		sin6->sin6_scope_id = 0;
350
	}
351

352
	return 0;
353
}
354

355
/*
356
 * generate standard sockaddr_in6 from embedded form.
357
 */
358
int
359
sa6_recoverscope(struct sockaddr_in6 *sin6)
360
{
361
	char ip6buf[INET6_ADDRSTRLEN];
362
	u_int32_t zoneid;
363

364
	if (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) ||
365
	    IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr)) {
366
		/*
367
		 * KAME assumption: link id == interface id
368
		 */
369
		zoneid = ntohs(sin6->sin6_addr.s6_addr16[1]);
370
		if (zoneid) {
371
			struct epoch_tracker et;
372

373
			NET_EPOCH_ENTER(et);
374
			/* sanity check */
375
			if (!ifnet_byindex(zoneid)) {
376
				NET_EPOCH_EXIT(et);
377
				return (ENXIO);
378
			}
379
			NET_EPOCH_EXIT(et);
380
			if (sin6->sin6_scope_id != 0 &&
381
			    zoneid != sin6->sin6_scope_id) {
382
				log(LOG_NOTICE,
383
				    "%s: embedded scope mismatch: %s%%%d. "
384
				    "sin6_scope_id was overridden\n", __func__,
385
				    ip6_sprintf(ip6buf, &sin6->sin6_addr),
386
				    sin6->sin6_scope_id);
387
			}
388
			sin6->sin6_addr.s6_addr16[1] = 0;
389
			sin6->sin6_scope_id = zoneid;
390
		}
391
	}
392

393
	return 0;
394
}
395

396
/*
397
 * Determine the appropriate scope zone ID for in6 and ifp.  If ret_id is
398
 * non NULL, it is set to the zone ID.  If the zone ID needs to be embedded
399
 * in the in6_addr structure, in6 will be modified.
400
 *
401
 * ret_id - unnecessary?
402
 */
403
int
404
in6_setscope(struct in6_addr *in6, struct ifnet *ifp, u_int32_t *ret_id)
405
{
406
	int scope;
407
	u_int32_t zoneid = 0;
408
	struct scope6_id *sid;
409

410
	/*
411
	 * special case: the loopback address can only belong to a loopback
412
	 * interface.
413
	 */
414
	if (IN6_IS_ADDR_LOOPBACK(in6)) {
415
		if (!(ifp->if_flags & IFF_LOOPBACK))
416
			return (EINVAL);
417
	} else {
418
		scope = in6_addrscope(in6);
419
		if (scope == IPV6_ADDR_SCOPE_INTFACELOCAL ||
420
		    scope == IPV6_ADDR_SCOPE_LINKLOCAL) {
421
			/*
422
			 * Currently we use interface indices as the
423
			 * zone IDs for interface-local and link-local
424
			 * scopes.
425
			 */
426
			zoneid = ifp->if_index;
427
			in6->s6_addr16[1] = htons(zoneid & 0xffff); /* XXX */
428
		} else if (scope != IPV6_ADDR_SCOPE_GLOBAL) {
429
			struct epoch_tracker et;
430

431
			NET_EPOCH_ENTER(et);
432
			if (ifp->if_afdata[AF_INET6] == NULL) {
433
				NET_EPOCH_EXIT(et);
434
				return (ENETDOWN);
435
			}
436
			sid = SID(ifp);
437
			zoneid = sid->s6id_list[scope];
438
			NET_EPOCH_EXIT(et);
439
		}
440
	}
441

442
	if (ret_id != NULL)
443
		*ret_id = zoneid;
444

445
	return (0);
446
}
447

448
/*
449
 * Just clear the embedded scope identifier.  Return 0 if the original address
450
 * is intact; return non 0 if the address is modified.
451
 */
452
int
453
in6_clearscope(struct in6_addr *in6)
454
{
455
	int modified = 0;
456

457
	if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6)) {
458
		if (in6->s6_addr16[1] != 0)
459
			modified = 1;
460
		in6->s6_addr16[1] = 0;
461
	}
462

463
	return (modified);
464
}
465

466
/*
467
 * Return the scope identifier or zero.
468
 */
469
uint16_t
470
in6_getscope(const struct in6_addr *in6)
471
{
472

473
	if (IN6_IS_SCOPE_LINKLOCAL(in6) || IN6_IS_ADDR_MC_INTFACELOCAL(in6))
474
		return (in6->s6_addr16[1]);
475

476
	return (0);
477
}
478

479
/*
480
 * Returns scope zone id for the unicast address @in6.
481
 *
482
 * Returns 0 for global unicast and loopback addresses.
483
 * Returns interface index for the link-local addresses.
484
 */
485
uint32_t
486
in6_get_unicast_scopeid(const struct in6_addr *in6, const struct ifnet *ifp)
487
{
488

489
	if (IN6_IS_SCOPE_LINKLOCAL(in6))
490
		return (ifp->if_index);
491
	return (0);
492
}
493

494
void
495
in6_set_unicast_scopeid(struct in6_addr *in6, uint32_t scopeid)
496
{
497

498
	in6->s6_addr16[1] = htons(scopeid & 0xffff);
499
}
500

501
/*
502
 * Return pointer to ifnet structure, corresponding to the zone id of
503
 * link-local scope.
504
 */
505
struct ifnet*
506
in6_getlinkifnet(uint32_t zoneid)
507
{
508
	struct ifnet *ifp;
509

510
	ifp = ifnet_byindex((u_short)zoneid);
511

512
	if (ifp == NULL)
513
		return (NULL);
514

515
	/* An interface might not be IPv6 capable. */
516
	if (ifp->if_afdata[AF_INET6] == NULL) {
517
		log(LOG_NOTICE,
518
		    "%s: embedded scope points to an interface without "
519
		    "IPv6: %s%%%d.\n", __func__,
520
		    if_name(ifp), zoneid);
521
		return (NULL);
522
	}
523

524
	return (ifp);
525
}
526

527
/*
528
 * Return zone id for the specified scope.
529
 */
530
uint32_t
531
in6_getscopezone(const struct ifnet *ifp, int scope)
532
{
533

534
	if (scope == IPV6_ADDR_SCOPE_INTFACELOCAL ||
535
	    scope == IPV6_ADDR_SCOPE_LINKLOCAL)
536
		return (ifp->if_index);
537
	if (scope >= 0 && scope < IPV6_ADDR_SCOPES_COUNT)
538
		return (SID(ifp)->s6id_list[scope]);
539
	return (0);
540
}
541

542
/*
543
 * Extracts scope from address @dst, stores cleared address
544
 * inside @dst and zone inside @scopeid
545
 */
546
void
547
in6_splitscope(const struct in6_addr *src, struct in6_addr *dst,
548
    uint32_t *scopeid)
549
{
550
	uint32_t zoneid;
551

552
	*dst = *src;
553
	zoneid = ntohs(in6_getscope(dst));
554
	in6_clearscope(dst);
555
	*scopeid = zoneid;
556
}
557

558
/*
559
 * This function is for checking sockaddr_in6 structure passed
560
 * from the application level (usually).
561
 *
562
 * sin6_scope_id should be set for link-local unicast, link-local and
563
 * interface-local  multicast addresses.
564
 *
565
 * If it is zero, then look into default zone ids. If default zone id is
566
 * not set or disabled, then return error.
567
 */
568
int
569
sa6_checkzone(struct sockaddr_in6 *sa6)
570
{
571
	int scope;
572

573
	scope = in6_addrscope(&sa6->sin6_addr);
574
	if (scope == IPV6_ADDR_SCOPE_GLOBAL)
575
		return (sa6->sin6_scope_id ? EINVAL: 0);
576
	if (IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr) &&
577
	    scope != IPV6_ADDR_SCOPE_LINKLOCAL &&
578
	    scope != IPV6_ADDR_SCOPE_INTFACELOCAL) {
579
		if (sa6->sin6_scope_id == 0 && V_ip6_use_defzone != 0)
580
			sa6->sin6_scope_id = V_sid_default.s6id_list[scope];
581
		return (0);
582
	}
583
	/*
584
	 * Since ::1 address always configured on the lo0, we can
585
	 * automatically set its zone id, when it is not specified.
586
	 * Return error, when specified zone id doesn't match with
587
	 * actual value.
588
	 */
589
	if (IN6_IS_ADDR_LOOPBACK(&sa6->sin6_addr)) {
590
		if (sa6->sin6_scope_id == 0)
591
			sa6->sin6_scope_id = in6_getscopezone(V_loif, scope);
592
		else if (sa6->sin6_scope_id != in6_getscopezone(V_loif, scope))
593
			return (EADDRNOTAVAIL);
594
	}
595
	/* XXX: we can validate sin6_scope_id here */
596
	if (sa6->sin6_scope_id != 0)
597
		return (0);
598
	if (V_ip6_use_defzone != 0)
599
		sa6->sin6_scope_id = V_sid_default.s6id_list[scope];
600
	/* Return error if we can't determine zone id */
601
	return (sa6->sin6_scope_id ? 0: EADDRNOTAVAIL);
602
}
603

604
/*
605
 * This function is similar to sa6_checkzone, but it uses given ifp
606
 * to initialize sin6_scope_id.
607
 */
608
int
609
sa6_checkzone_ifp(struct ifnet *ifp, struct sockaddr_in6 *sa6)
610
{
611
	int scope;
612

613
	scope = in6_addrscope(&sa6->sin6_addr);
614
	if (scope == IPV6_ADDR_SCOPE_LINKLOCAL ||
615
	    scope == IPV6_ADDR_SCOPE_INTFACELOCAL) {
616
		if (sa6->sin6_scope_id == 0) {
617
			sa6->sin6_scope_id = in6_getscopezone(ifp, scope);
618
			return (0);
619
		} else if (sa6->sin6_scope_id != in6_getscopezone(ifp, scope))
620
			return (EADDRNOTAVAIL);
621
	}
622
	return (sa6_checkzone(sa6));
623
}
624

625