in_selsrc.c revision 1.14
1 /* $NetBSD: in_selsrc.c,v 1.14 2015/08/24 22:21:26 pooka Exp $ */ 2 3 /*- 4 * Copyright (c) 2005 David Young. All rights reserved. 5 * 6 * This code was written by David Young. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY 18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 19 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 20 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 21 * FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 __KERNEL_RCSID(0, "$NetBSD: in_selsrc.c,v 1.14 2015/08/24 22:21:26 pooka Exp $"); 33 34 #ifdef _KERNEL_OPT 35 #include "opt_inet.h" 36 #include "opt_inet_conf.h" 37 #endif 38 39 #include <lib/libkern/libkern.h> 40 41 #include <sys/param.h> 42 #include <sys/ioctl.h> 43 #include <sys/errno.h> 44 #include <sys/malloc.h> 45 #include <sys/socket.h> 46 #include <sys/socketvar.h> 47 #include <sys/sysctl.h> 48 #include <sys/systm.h> 49 #include <sys/proc.h> 50 #include <sys/syslog.h> 51 52 #include <net/if.h> 53 54 #include <net/if_ether.h> 55 56 #include <netinet/in_systm.h> 57 #include <netinet/in.h> 58 #include <netinet/in_var.h> 59 #include <netinet/ip.h> 60 #include <netinet/ip_var.h> 61 #include <netinet/in_ifattach.h> 62 #include <netinet/in_pcb.h> 63 #include <netinet/if_inarp.h> 64 #include <netinet/ip_mroute.h> 65 #include <netinet/igmp_var.h> 66 #include <netinet/in_selsrc.h> 67 68 #ifdef INET 69 struct score_src_name { 70 const char *sn_name; 71 const in_score_src_t sn_score_src; 72 }; 73 74 static const struct sysctlnode *in_domifattach_sysctl(struct in_ifsysctl *); 75 static int in_preference(const struct in_addr *, int, int, 76 const struct in_addr *); 77 static int in_index(const struct in_addr *, int, int, const struct in_addr *); 78 static int in_matchlen(const struct in_addr *, int, int, 79 const struct in_addr *); 80 static int in_match_category(const struct in_addr *, int, int, 81 const struct in_addr *); 82 static size_t in_get_selectsrc(const struct in_ifselsrc *, char *, 83 const size_t); 84 static int in_set_selectsrc(struct in_ifselsrc *, char *buf); 85 static int in_sysctl_selectsrc(SYSCTLFN_PROTO); 86 static in_score_src_t name_to_score_src(const char *); 87 static const char *score_src_to_name(const in_score_src_t); 88 static void in_score(const in_score_src_t *, int *, int *, 89 const struct in_addr *, int, int, const struct in_addr *); 90 91 static const struct score_src_name score_src_names[] = { 92 {"same-category", in_match_category} 93 , {"common-prefix-len", in_matchlen} 94 , {"index", in_index} 95 , {"preference", in_preference} 96 , {NULL, NULL} 97 }; 98 99 static const struct in_ifselsrc initial_iss = { 0, {NULL} }; 100 101 static struct in_ifselsrc default_iss = { 0, {in_index} }; 102 103 #ifdef GETIFA_DEBUG 104 int in_selsrc_debug = 0; 105 #endif /* GETIFA_DEBUG */ 106 107 SYSCTL_SETUP(sysctl_selectsrc_setup, "sysctl selectsrc subtree setup") 108 { 109 int rc; 110 const struct sysctlnode *rnode, *cnode; 111 112 if ((rc = sysctl_createv(clog, 0, NULL, &rnode, 113 CTLFLAG_PERMANENT, CTLTYPE_NODE, "inet", 114 NULL, NULL, 0, NULL, 0, CTL_NET, PF_INET, CTL_EOL)) != 0) { 115 printf("%s: could not create net.inet, rc = %d\n", __func__, 116 rc); 117 return; 118 } 119 if ((rc = sysctl_createv(clog, 0, NULL, &rnode, 120 CTLFLAG_PERMANENT, CTLTYPE_NODE, "ip", 121 NULL, NULL, 0, NULL, 0, 122 CTL_NET, PF_INET, IPPROTO_IP, CTL_EOL)) != 0) { 123 printf("%s: could not create net.inet.ip, rc = %d\n", __func__, 124 rc); 125 return; 126 } 127 if ((rc = sysctl_createv(clog, 0, NULL, &rnode, 128 CTLFLAG_PERMANENT, CTLTYPE_NODE, "selectsrc", 129 NULL, NULL, 0, NULL, 0, 130 CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE, CTL_EOL)) != 0) { 131 printf("%s: could not create net.inet.ip.selectsrc, " 132 "rc = %d\n", __func__, rc); 133 return; 134 } 135 #ifdef GETIFA_DEBUG 136 if ((rc = sysctl_createv(clog, 0, &rnode, &cnode, 137 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "debug", 138 SYSCTL_DESCR("enable source-selection debug messages"), 139 NULL, 0, &in_selsrc_debug, 0, CTL_CREATE, CTL_EOL)) != 0) { 140 printf("%s: could not create net.inet.ip.selectsrc.debug, " 141 "rc = %d\n", __func__, rc); 142 return; 143 } 144 #endif /* GETIFA_DEBUG */ 145 if ((rc = sysctl_createv(clog, 0, &rnode, &cnode, 146 CTLFLAG_READWRITE, CTLTYPE_STRUCT, "default", 147 SYSCTL_DESCR("default source selection policy"), 148 in_sysctl_selectsrc, 0, &default_iss, IN_SELECTSRC_LEN, 149 CTL_CREATE, CTL_EOL)) != 0) { 150 printf( 151 "%s: could not create net.inet.ip.selectsrc.default (%d)\n", 152 __func__, rc); 153 return; 154 } 155 } 156 157 /* 158 * Score by address preference: prefer addresses with higher preference 159 * number. Preference numbers are assigned with ioctl SIOCSIFADDRPREF. 160 */ 161 static int 162 in_preference(const struct in_addr *src, int preference, 163 int idx, const struct in_addr *dst) 164 { 165 return preference; 166 } 167 168 /* 169 * Score by address "index": prefer addresses nearer the head of 170 * the ifaddr list. 171 */ 172 static int 173 in_index(const struct in_addr *src, int preference, int idx, 174 const struct in_addr *dst) 175 { 176 return -idx; 177 } 178 179 /* 180 * Length of longest common prefix of src and dst. 181 * 182 * (Derived from in6_matchlen.) 183 */ 184 static int 185 in_matchlen(const struct in_addr *src, int preference, 186 int idx, const struct in_addr *dst) 187 { 188 int match = 0; 189 const uint8_t *s = (const uint8_t *)src, *d = (const uint8_t *)dst; 190 const uint8_t *lim = s + 4; 191 uint_fast8_t r = 0; 192 193 while (s < lim && (r = (*d++ ^ *s++)) == 0) 194 match += 8; 195 196 if (s == lim) 197 return match; 198 199 while ((r & 0x80) == 0) { 200 match++; 201 r <<= 1; 202 } 203 return match; 204 } 205 206 static enum in_category 207 in_categorize(const struct in_addr *s) 208 { 209 if (IN_ANY_LOCAL(s->s_addr)) 210 return IN_CATEGORY_LINKLOCAL; 211 else if (IN_PRIVATE(s->s_addr)) 212 return IN_CATEGORY_PRIVATE; 213 else 214 return IN_CATEGORY_OTHER; 215 } 216 217 static int 218 in_match_category(const struct in_addr *src, int preference, 219 int idx, const struct in_addr *dst) 220 { 221 enum in_category dst_c = in_categorize(dst), 222 src_c = in_categorize(src); 223 #ifdef GETIFA_DEBUG 224 if (in_selsrc_debug) { 225 printf("%s: dst %#08" PRIx32 " categ %d, src %#08" PRIx32 226 " categ %d\n", __func__, ntohl(dst->s_addr), dst_c, 227 ntohl(src->s_addr), src_c); 228 } 229 #endif /* GETIFA_DEBUG */ 230 231 if (dst_c == src_c) 232 return 2; 233 else if (dst_c == IN_CATEGORY_LINKLOCAL && src_c == IN_CATEGORY_PRIVATE) 234 return 1; 235 else if (dst_c == IN_CATEGORY_PRIVATE && src_c == IN_CATEGORY_LINKLOCAL) 236 return 1; 237 else if (dst_c == IN_CATEGORY_OTHER && src_c == IN_CATEGORY_PRIVATE) 238 return 1; 239 else 240 return 0; 241 } 242 243 static void 244 in_score(const in_score_src_t *score_src, int *score, int *scorelenp, 245 const struct in_addr *src, int preference, int idx, 246 const struct in_addr *dst) 247 { 248 int i; 249 250 for (i = 0; i < IN_SCORE_SRC_MAX && score_src[i] != NULL; i++) 251 score[i] = (*score_src[i])(src, preference, idx, dst); 252 if (scorelenp != NULL) 253 *scorelenp = i; 254 } 255 256 static int 257 in_score_cmp(int *score1, int *score2, int scorelen) 258 { 259 int i; 260 261 for (i = 0; i < scorelen; i++) { 262 if (score1[i] == score2[i]) 263 continue; 264 return score1[i] - score2[i]; 265 } 266 return 0; 267 } 268 269 #ifdef GETIFA_DEBUG 270 static void 271 in_score_println(int *score, int scorelen) 272 { 273 int i; 274 const char *delim = "["; 275 276 for (i = 0; i < scorelen; i++) { 277 printf("%s%d", delim, score[i]); 278 delim = ", "; 279 } 280 printf("]\n"); 281 } 282 #endif /* GETIFA_DEBUG */ 283 284 /* Scan the interface addresses on the interface ifa->ifa_ifp for 285 * the source address that best matches the destination, dst0, 286 * according to the source address-selection policy for this 287 * interface. If there is no better match than `ifa', return `ifa'. 288 * Otherwise, return the best address. 289 * 290 * Note that in_getifa is called after the kernel has decided which 291 * output interface to use (ifa->ifa_ifp), and in_getifa will not 292 * scan an address belonging to any other interface. 293 */ 294 struct ifaddr * 295 in_getifa(struct ifaddr *ifa, const struct sockaddr *dst0) 296 { 297 const in_score_src_t *score_src; 298 int idx, scorelen; 299 const struct sockaddr_in *dst, *src; 300 struct ifaddr *alt_ifa, *best_ifa; 301 struct ifnet *ifp; 302 struct in_ifsysctl *isc; 303 struct in_ifselsrc *iss; 304 int best_score[IN_SCORE_SRC_MAX], score[IN_SCORE_SRC_MAX]; 305 struct in_ifaddr *ia; 306 307 if (ifa->ifa_addr->sa_family != AF_INET || 308 dst0 == NULL || dst0->sa_family != AF_INET) { /* Possible. */ 309 ifa->ifa_seqno = NULL; 310 return ifa; 311 } 312 313 ifp = ifa->ifa_ifp; 314 isc = (struct in_ifsysctl *)ifp->if_afdata[AF_INET]; 315 if (isc != NULL && isc->isc_selsrc != NULL && 316 isc->isc_selsrc->iss_score_src[0] != NULL) 317 iss = isc->isc_selsrc; 318 else 319 iss = &default_iss; 320 score_src = &iss->iss_score_src[0]; 321 322 dst = (const struct sockaddr_in *)dst0; 323 324 best_ifa = ifa; 325 326 /* Find out the index of this ifaddr. */ 327 idx = 0; 328 IFADDR_FOREACH(alt_ifa, ifa->ifa_ifp) { 329 if (alt_ifa == best_ifa) 330 break; 331 idx++; 332 } 333 in_score(score_src, best_score, &scorelen, &IA_SIN(best_ifa)->sin_addr, 334 best_ifa->ifa_preference, idx, &dst->sin_addr); 335 336 #ifdef GETIFA_DEBUG 337 if (in_selsrc_debug) { 338 printf("%s: enter dst %#" PRIx32 " src %#" PRIx32 " score ", 339 __func__, ntohl(dst->sin_addr.s_addr), 340 ntohl(satosin(best_ifa->ifa_addr)->sin_addr.s_addr)); 341 in_score_println(best_score, scorelen); 342 } 343 #endif /* GETIFA_DEBUG */ 344 345 idx = -1; 346 IFADDR_FOREACH(alt_ifa, ifa->ifa_ifp) { 347 ++idx; 348 src = IA_SIN(alt_ifa); 349 350 if (alt_ifa == ifa || src->sin_family != AF_INET) 351 continue; 352 ia = (struct in_ifaddr *)alt_ifa; 353 if (ia->ia4_flags & IN_IFF_NOTREADY) 354 continue; 355 356 in_score(score_src, score, NULL, &src->sin_addr, 357 alt_ifa->ifa_preference, idx, &dst->sin_addr); 358 359 #ifdef GETIFA_DEBUG 360 if (in_selsrc_debug) { 361 printf("%s: src %#" PRIx32 " score ", __func__, 362 ntohl(src->sin_addr.s_addr)); 363 in_score_println(score, scorelen); 364 } 365 #endif /* GETIFA_DEBUG */ 366 367 if (in_score_cmp(score, best_score, scorelen) > 0) { 368 (void)memcpy(best_score, score, sizeof(best_score)); 369 best_ifa = alt_ifa; 370 } 371 } 372 373 ia = (struct in_ifaddr *)best_ifa; 374 if (ia->ia4_flags & IN_IFF_NOTREADY) 375 return NULL; 376 377 #ifdef GETIFA_DEBUG 378 if (in_selsrc_debug) { 379 printf("%s: choose src %#" PRIx32 " score ", __func__, 380 ntohl(IA_SIN(best_ifa)->sin_addr.s_addr)); 381 in_score_println(best_score, scorelen); 382 } 383 #endif /* GETIFA_DEBUG */ 384 385 best_ifa->ifa_seqno = &iss->iss_seqno; 386 return best_ifa; 387 } 388 389 static in_score_src_t 390 name_to_score_src(const char *name) 391 { 392 int i; 393 394 for (i = 0; score_src_names[i].sn_name != NULL; i++) { 395 if (strcmp(score_src_names[i].sn_name, name) == 0) 396 return score_src_names[i].sn_score_src; 397 } 398 return NULL; 399 } 400 401 static const char * 402 score_src_to_name(const in_score_src_t score_src) 403 { 404 int i; 405 for (i = 0; score_src_names[i].sn_name != NULL; i++) { 406 if (score_src == score_src_names[i].sn_score_src) 407 return score_src_names[i].sn_name; 408 } 409 return "<unknown>"; 410 } 411 412 static size_t 413 in_get_selectsrc(const struct in_ifselsrc *iss, char *buf0, 414 const size_t buflen0) 415 { 416 int i, rc; 417 char *buf = buf0; 418 const char *delim; 419 size_t buflen = buflen0; 420 421 KASSERT(buflen >= 1); 422 423 for (delim = "", i = 0; 424 i < IN_SCORE_SRC_MAX && iss->iss_score_src[i] != NULL; 425 delim = ",", i++) { 426 rc = snprintf(buf, buflen, "%s%s", 427 delim, score_src_to_name(iss->iss_score_src[i])); 428 if (rc == -1) 429 return buflen0 - buflen; 430 if (rc >= buflen) 431 return buflen0 + rc - buflen; 432 buf += rc; 433 buflen -= rc; 434 } 435 if (buf == buf0) 436 *buf++ = '\0'; 437 return buf - buf0; 438 } 439 440 static int 441 in_set_selectsrc(struct in_ifselsrc *iss, char *buf) 442 { 443 int i, s; 444 char *next = buf; 445 const char *name; 446 in_score_src_t score_src; 447 in_score_src_t scorers[IN_SCORE_SRC_MAX]; 448 449 memset(&scorers, 0, sizeof(scorers)); 450 for (i = 0; 451 (name = strsep(&next, ",")) != NULL && i < IN_SCORE_SRC_MAX; 452 i++) { 453 if (strcmp(name, "") == 0) 454 break; 455 if ((score_src = name_to_score_src(name)) == NULL) 456 return EINVAL; 457 scorers[i] = score_src; 458 } 459 if (i == IN_SCORE_SRC_MAX && name != NULL) 460 return EFBIG; 461 s = splnet(); 462 (void)memcpy(iss->iss_score_src, scorers, sizeof(iss->iss_score_src)); 463 /* If iss affects a specific interface that used to use 464 * the default policy, increase the sequence number on the 465 * default policy, forcing routes that cache a source 466 * (rt_ifa) found by the default policy to refresh their 467 * cache. 468 */ 469 if (iss != &default_iss && iss->iss_score_src[0] == NULL && 470 scorers[0] != NULL) 471 default_iss.iss_seqno++; 472 iss->iss_seqno++; 473 splx(s); 474 return 0; 475 } 476 477 /* 478 * sysctl helper routine for net.inet.ip.interfaces.<interface>.selectsrc. 479 * Pulls the old value out as a human-readable string, interprets 480 * and records the new value. 481 */ 482 static int 483 in_sysctl_selectsrc(SYSCTLFN_ARGS) 484 { 485 char policy[IN_SELECTSRC_LEN]; 486 int error; 487 struct sysctlnode node; 488 struct in_ifselsrc *iss; 489 490 node = *rnode; 491 iss = (struct in_ifselsrc *)node.sysctl_data; 492 if (oldp != NULL && 493 (error = in_get_selectsrc(iss, policy, sizeof(policy))) >= sizeof(policy)) 494 return error; 495 node.sysctl_data = &policy[0]; 496 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 497 if (error || newp == NULL) 498 return (error); 499 500 return in_set_selectsrc(iss, policy); 501 } 502 503 static const struct sysctlnode * 504 in_domifattach_sysctl(struct in_ifsysctl *isc) 505 { 506 int rc; 507 const struct sysctlnode *rnode; 508 509 if ((rc = sysctl_createv(&isc->isc_log, 0, NULL, &rnode, 510 CTLFLAG_READONLY, CTLTYPE_NODE, 511 "interfaces", NULL, 512 NULL, 0, NULL, 0, 513 CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE, 514 CTL_EOL)) != 0) { 515 printf("%s: could not create net.inet.ip.interfaces, rc = %d\n", 516 __func__, rc); 517 return NULL; 518 } 519 if ((rc = sysctl_createv(&isc->isc_log, 0, &rnode, &rnode, 520 CTLFLAG_READONLY, CTLTYPE_NODE, 521 isc->isc_ifp->if_xname, 522 SYSCTL_DESCR("interface ip options"), 523 NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL)) != 0) { 524 printf("%s: could not create net.inet.ip.interfaces.%s, " 525 "rc = %d\n", __func__, isc->isc_ifp->if_xname, rc); 526 goto err; 527 } 528 if ((rc = sysctl_createv(&isc->isc_log, 0, &rnode, &rnode, 529 CTLFLAG_READWRITE, CTLTYPE_STRING, 530 "selectsrc", 531 SYSCTL_DESCR("source selection policy"), 532 in_sysctl_selectsrc, 0, 533 (void *)isc->isc_selsrc, IN_SELECTSRC_LEN, 534 CTL_CREATE, CTL_EOL)) != 0) { 535 printf( 536 "%s: could not create net.inet.ip.%s.selectsrc, rc = %d\n", 537 __func__, isc->isc_ifp->if_xname, rc); 538 goto err; 539 } 540 return rnode; 541 err: 542 sysctl_teardown(&isc->isc_log); 543 return NULL; 544 } 545 546 void * 547 in_domifattach(struct ifnet *ifp) 548 { 549 struct in_ifsysctl *isc; 550 struct in_ifselsrc *iss; 551 552 isc = (struct in_ifsysctl *)malloc(sizeof(*isc), M_IFADDR, 553 M_WAITOK | M_ZERO); 554 555 iss = (struct in_ifselsrc *)malloc(sizeof(*iss), M_IFADDR, 556 M_WAITOK | M_ZERO); 557 558 memcpy(&iss->iss_score_src[0], &initial_iss.iss_score_src[0], 559 MIN(sizeof(iss->iss_score_src), sizeof(initial_iss.iss_score_src))); 560 561 isc->isc_ifp = ifp; 562 isc->isc_selsrc = iss; 563 564 if (in_domifattach_sysctl(isc) == NULL) 565 goto err; 566 567 return isc; 568 err: 569 free(iss, M_IFADDR); 570 free(isc, M_IFADDR); 571 return NULL; 572 } 573 574 void 575 in_domifdetach(struct ifnet *ifp, void *aux) 576 { 577 struct in_ifsysctl *isc; 578 struct in_ifselsrc *iss; 579 580 if (aux == NULL) 581 return; 582 isc = (struct in_ifsysctl *)aux; 583 iss = isc->isc_selsrc; 584 sysctl_teardown(&isc->isc_log); 585 free(isc, M_IFADDR); 586 free(iss, M_IFADDR); 587 } 588 #endif /* INET */ 589
Indexes created Sat Oct 11 16:09:52 GMT 2025