nd6.c revision 1.187
1 /* $NetBSD: nd6.c,v 1.187 2016/04/01 08:12:00 ozaki-r Exp $ */ 2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.187 2016/04/01 08:12:00 ozaki-r Exp $"); 35 36 #ifdef _KERNEL_OPT 37 #include "opt_net_mpsafe.h" 38 #endif 39 40 #include "bridge.h" 41 #include "carp.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/callout.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/socket.h> 49 #include <sys/socketvar.h> 50 #include <sys/sockio.h> 51 #include <sys/time.h> 52 #include <sys/kernel.h> 53 #include <sys/protosw.h> 54 #include <sys/errno.h> 55 #include <sys/ioctl.h> 56 #include <sys/syslog.h> 57 #include <sys/queue.h> 58 #include <sys/cprng.h> 59 60 #include <net/if.h> 61 #include <net/if_dl.h> 62 #include <net/if_llatbl.h> 63 #include <net/if_types.h> 64 #include <net/route.h> 65 #include <net/if_ether.h> 66 #include <net/if_fddi.h> 67 #include <net/if_arc.h> 68 69 #include <netinet/in.h> 70 #include <netinet6/in6_var.h> 71 #include <netinet/ip6.h> 72 #include <netinet6/ip6_var.h> 73 #include <netinet6/scope6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet6/in6_ifattach.h> 76 #include <netinet/icmp6.h> 77 #include <netinet6/icmp6_private.h> 78 79 #include <net/net_osdep.h> 80 81 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 82 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 83 84 /* timer values */ 85 int nd6_prune = 1; /* walk list every 1 seconds */ 86 int nd6_delay = 5; /* delay first probe time 5 second */ 87 int nd6_umaxtries = 3; /* maximum unicast query */ 88 int nd6_mmaxtries = 3; /* maximum multicast query */ 89 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 90 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 91 92 /* preventing too many loops in ND option parsing */ 93 int nd6_maxndopt = 10; /* max # of ND options allowed */ 94 95 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 96 97 int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */ 98 99 #ifdef ND6_DEBUG 100 int nd6_debug = 1; 101 #else 102 int nd6_debug = 0; 103 #endif 104 105 /* for debugging? */ 106 static int nd6_inuse, nd6_allocated; 107 108 struct nd_drhead nd_defrouter; 109 struct nd_prhead nd_prefix = { 0 }; 110 111 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 112 static const struct sockaddr_in6 all1_sa = { 113 .sin6_family = AF_INET6 114 , .sin6_len = sizeof(struct sockaddr_in6) 115 , .sin6_addr = {.s6_addr = {0xff, 0xff, 0xff, 0xff, 116 0xff, 0xff, 0xff, 0xff, 117 0xff, 0xff, 0xff, 0xff, 118 0xff, 0xff, 0xff, 0xff}} 119 }; 120 121 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 122 static void nd6_slowtimo(void *); 123 static int regen_tmpaddr(struct in6_ifaddr *); 124 static void nd6_free(struct rtentry *, struct llentry *, int); 125 static void nd6_llinfo_timer(void *); 126 static void nd6_timer(void *); 127 static void clear_llinfo_pqueue(struct llentry *); 128 129 static callout_t nd6_slowtimo_ch; 130 static callout_t nd6_timer_ch; 131 132 static int fill_drlist(void *, size_t *, size_t); 133 static int fill_prlist(void *, size_t *, size_t); 134 135 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery"); 136 137 void 138 nd6_init(void) 139 { 140 141 /* initialization of the default router list */ 142 TAILQ_INIT(&nd_defrouter); 143 144 callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE); 145 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 146 147 /* start timer */ 148 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 149 nd6_slowtimo, NULL); 150 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 151 } 152 153 struct nd_ifinfo * 154 nd6_ifattach(struct ifnet *ifp) 155 { 156 struct nd_ifinfo *nd; 157 158 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO); 159 160 nd->initialized = 1; 161 162 nd->chlim = IPV6_DEFHLIM; 163 nd->basereachable = REACHABLE_TIME; 164 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 165 nd->retrans = RETRANS_TIMER; 166 167 nd->flags = ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV; 168 169 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 170 * A bridge interface should not have ND6_IFF_AUTO_LINKLOCAL 171 * because one of its members should. */ 172 if ((ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 173 (ifp->if_flags & IFF_LOOPBACK)) 174 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 175 176 /* A loopback interface does not need to accept RTADV. 177 * A bridge interface should not accept RTADV 178 * because one of its members should. */ 179 if (ip6_accept_rtadv && 180 !(ifp->if_flags & IFF_LOOPBACK) && 181 !(ifp->if_type != IFT_BRIDGE)) 182 nd->flags |= ND6_IFF_ACCEPT_RTADV; 183 184 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 185 nd6_setmtu0(ifp, nd); 186 187 return nd; 188 } 189 190 void 191 nd6_ifdetach(struct ifnet *ifp, struct in6_ifextra *ext) 192 { 193 194 nd6_purge(ifp, ext); 195 free(ext->nd_ifinfo, M_IP6NDP); 196 } 197 198 void 199 nd6_setmtu(struct ifnet *ifp) 200 { 201 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 202 } 203 204 void 205 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 206 { 207 u_int32_t omaxmtu; 208 209 omaxmtu = ndi->maxmtu; 210 211 switch (ifp->if_type) { 212 case IFT_ARCNET: 213 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */ 214 break; 215 case IFT_FDDI: 216 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 217 break; 218 default: 219 ndi->maxmtu = ifp->if_mtu; 220 break; 221 } 222 223 /* 224 * Decreasing the interface MTU under IPV6 minimum MTU may cause 225 * undesirable situation. We thus notify the operator of the change 226 * explicitly. The check for omaxmtu is necessary to restrict the 227 * log to the case of changing the MTU, not initializing it. 228 */ 229 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 230 log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too" 231 " small for IPv6 which needs %lu\n", 232 if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long) 233 IPV6_MMTU); 234 } 235 236 if (ndi->maxmtu > in6_maxmtu) 237 in6_setmaxmtu(); /* check all interfaces just in case */ 238 } 239 240 void 241 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 242 { 243 244 memset(ndopts, 0, sizeof(*ndopts)); 245 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 246 ndopts->nd_opts_last 247 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 248 249 if (icmp6len == 0) { 250 ndopts->nd_opts_done = 1; 251 ndopts->nd_opts_search = NULL; 252 } 253 } 254 255 /* 256 * Take one ND option. 257 */ 258 struct nd_opt_hdr * 259 nd6_option(union nd_opts *ndopts) 260 { 261 struct nd_opt_hdr *nd_opt; 262 int olen; 263 264 KASSERT(ndopts != NULL); 265 KASSERT(ndopts->nd_opts_last != NULL); 266 267 if (ndopts->nd_opts_search == NULL) 268 return NULL; 269 if (ndopts->nd_opts_done) 270 return NULL; 271 272 nd_opt = ndopts->nd_opts_search; 273 274 /* make sure nd_opt_len is inside the buffer */ 275 if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) { 276 memset(ndopts, 0, sizeof(*ndopts)); 277 return NULL; 278 } 279 280 olen = nd_opt->nd_opt_len << 3; 281 if (olen == 0) { 282 /* 283 * Message validation requires that all included 284 * options have a length that is greater than zero. 285 */ 286 memset(ndopts, 0, sizeof(*ndopts)); 287 return NULL; 288 } 289 290 ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen); 291 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 292 /* option overruns the end of buffer, invalid */ 293 memset(ndopts, 0, sizeof(*ndopts)); 294 return NULL; 295 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 296 /* reached the end of options chain */ 297 ndopts->nd_opts_done = 1; 298 ndopts->nd_opts_search = NULL; 299 } 300 return nd_opt; 301 } 302 303 /* 304 * Parse multiple ND options. 305 * This function is much easier to use, for ND routines that do not need 306 * multiple options of the same type. 307 */ 308 int 309 nd6_options(union nd_opts *ndopts) 310 { 311 struct nd_opt_hdr *nd_opt; 312 int i = 0; 313 314 KASSERT(ndopts != NULL); 315 KASSERT(ndopts->nd_opts_last != NULL); 316 317 if (ndopts->nd_opts_search == NULL) 318 return 0; 319 320 while (1) { 321 nd_opt = nd6_option(ndopts); 322 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 323 /* 324 * Message validation requires that all included 325 * options have a length that is greater than zero. 326 */ 327 ICMP6_STATINC(ICMP6_STAT_ND_BADOPT); 328 memset(ndopts, 0, sizeof(*ndopts)); 329 return -1; 330 } 331 332 if (nd_opt == NULL) 333 goto skip1; 334 335 switch (nd_opt->nd_opt_type) { 336 case ND_OPT_SOURCE_LINKADDR: 337 case ND_OPT_TARGET_LINKADDR: 338 case ND_OPT_MTU: 339 case ND_OPT_REDIRECTED_HEADER: 340 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 341 nd6log(LOG_INFO, 342 "duplicated ND6 option found (type=%d)\n", 343 nd_opt->nd_opt_type); 344 /* XXX bark? */ 345 } else { 346 ndopts->nd_opt_array[nd_opt->nd_opt_type] 347 = nd_opt; 348 } 349 break; 350 case ND_OPT_PREFIX_INFORMATION: 351 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 352 ndopts->nd_opt_array[nd_opt->nd_opt_type] 353 = nd_opt; 354 } 355 ndopts->nd_opts_pi_end = 356 (struct nd_opt_prefix_info *)nd_opt; 357 break; 358 default: 359 /* 360 * Unknown options must be silently ignored, 361 * to accommodate future extension to the protocol. 362 */ 363 nd6log(LOG_DEBUG, 364 "nd6_options: unsupported option %d - " 365 "option ignored\n", nd_opt->nd_opt_type); 366 } 367 368 skip1: 369 i++; 370 if (i > nd6_maxndopt) { 371 ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT); 372 nd6log(LOG_INFO, "too many loop in nd opt\n"); 373 break; 374 } 375 376 if (ndopts->nd_opts_done) 377 break; 378 } 379 380 return 0; 381 } 382 383 /* 384 * ND6 timer routine to handle ND6 entries 385 */ 386 void 387 nd6_llinfo_settimer_locked(struct llentry *ln, time_t xtick) 388 { 389 390 CTASSERT(sizeof(time_t) > sizeof(int)); 391 LLE_WLOCK_ASSERT(ln); 392 393 if (xtick < 0) { 394 ln->ln_expire = 0; 395 ln->ln_ntick = 0; 396 callout_halt(&ln->ln_timer_ch, &ln->lle_lock); 397 } else { 398 ln->ln_expire = time_uptime + xtick / hz; 399 LLE_ADDREF(ln); 400 if (xtick > INT_MAX) { 401 ln->ln_ntick = xtick - INT_MAX; 402 callout_reset(&ln->ln_timer_ch, INT_MAX, 403 nd6_llinfo_timer, ln); 404 } else { 405 ln->ln_ntick = 0; 406 callout_reset(&ln->ln_timer_ch, xtick, 407 nd6_llinfo_timer, ln); 408 } 409 } 410 } 411 412 void 413 nd6_llinfo_settimer(struct llentry *ln, time_t xtick) 414 { 415 416 LLE_WLOCK(ln); 417 nd6_llinfo_settimer_locked(ln, xtick); 418 LLE_WUNLOCK(ln); 419 } 420 421 /* 422 * Gets source address of the first packet in hold queue 423 * and stores it in @src. 424 * Returns pointer to @src (if hold queue is not empty) or NULL. 425 */ 426 static struct in6_addr * 427 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 428 { 429 struct ip6_hdr *hip6; 430 431 if (ln == NULL || ln->ln_hold == NULL) 432 return NULL; 433 434 /* 435 * assuming every packet in ln_hold has the same IP header 436 */ 437 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 438 /* XXX pullup? */ 439 if (sizeof(*hip6) < ln->ln_hold->m_len) 440 *src = hip6->ip6_src; 441 else 442 src = NULL; 443 444 return src; 445 } 446 447 static void 448 nd6_llinfo_timer(void *arg) 449 { 450 struct llentry *ln = arg; 451 struct rtentry *rt; 452 const struct sockaddr_in6 *dst; 453 struct ifnet *ifp; 454 struct nd_ifinfo *ndi = NULL; 455 bool send_ns = false; 456 const struct in6_addr *daddr6 = NULL; 457 458 mutex_enter(softnet_lock); 459 KERNEL_LOCK(1, NULL); 460 461 LLE_WLOCK(ln); 462 if (ln->ln_ntick > 0) { 463 nd6_llinfo_settimer_locked(ln, ln->ln_ntick); 464 goto out; 465 } 466 467 if (callout_pending(&ln->la_timer)) { 468 /* 469 * Here we are a bit odd here in the treatment of 470 * active/pending. If the pending bit is set, it got 471 * rescheduled before I ran. The active 472 * bit we ignore, since if it was stopped 473 * in ll_tablefree() and was currently running 474 * it would have return 0 so the code would 475 * not have deleted it since the callout could 476 * not be stopped so we want to go through 477 * with the delete here now. If the callout 478 * was restarted, the pending bit will be back on and 479 * we just want to bail since the callout_reset would 480 * return 1 and our reference would have been removed 481 * by nd6_llinfo_settimer_locked above since canceled 482 * would have been 1. 483 */ 484 goto out; 485 } 486 487 ifp = ln->lle_tbl->llt_ifp; 488 rt = ln->ln_rt; 489 490 KASSERT(rt != NULL); 491 KASSERT(ifp != NULL); 492 493 ndi = ND_IFINFO(ifp); 494 dst = satocsin6(rt_getkey(rt)); 495 496 /* sanity check */ 497 if (rt->rt_llinfo && (struct llentry *)rt->rt_llinfo != ln) 498 panic("rt_llinfo(%p) is not equal to ln(%p)", 499 rt->rt_llinfo, ln); 500 if (!dst) 501 panic("dst=0 in nd6_timer(ln=%p)", ln); 502 503 switch (ln->ln_state) { 504 case ND6_LLINFO_INCOMPLETE: 505 if (ln->ln_asked < nd6_mmaxtries) { 506 ln->ln_asked++; 507 send_ns = true; 508 } else { 509 struct mbuf *m = ln->ln_hold; 510 if (m) { 511 struct mbuf *m0; 512 513 /* 514 * assuming every packet in ln_hold has 515 * the same IP header 516 */ 517 m0 = m->m_nextpkt; 518 m->m_nextpkt = NULL; 519 ln->ln_hold = m0; 520 clear_llinfo_pqueue(ln); 521 } 522 nd6_free(rt, ln, 0); 523 ln = NULL; 524 if (m != NULL) 525 icmp6_error2(m, ICMP6_DST_UNREACH, 526 ICMP6_DST_UNREACH_ADDR, 0, ifp); 527 } 528 break; 529 case ND6_LLINFO_REACHABLE: 530 if (!ND6_LLINFO_PERMANENT(ln)) { 531 ln->ln_state = ND6_LLINFO_STALE; 532 nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz); 533 } 534 break; 535 536 case ND6_LLINFO_PURGE: 537 case ND6_LLINFO_STALE: 538 /* Garbage Collection(RFC 2461 5.3) */ 539 if (!ND6_LLINFO_PERMANENT(ln)) { 540 nd6_free(rt, ln, 1); 541 ln = NULL; 542 } 543 break; 544 545 case ND6_LLINFO_DELAY: 546 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 547 /* We need NUD */ 548 ln->ln_asked = 1; 549 ln->ln_state = ND6_LLINFO_PROBE; 550 daddr6 = &dst->sin6_addr; 551 send_ns = true; 552 } else { 553 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 554 nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz); 555 } 556 break; 557 case ND6_LLINFO_PROBE: 558 if (ln->ln_asked < nd6_umaxtries) { 559 ln->ln_asked++; 560 daddr6 = &dst->sin6_addr; 561 send_ns = true; 562 } else { 563 nd6_free(rt, ln, 0); 564 ln = NULL; 565 } 566 break; 567 } 568 569 if (send_ns) { 570 struct in6_addr src, *psrc; 571 572 nd6_llinfo_settimer_locked(ln, ndi->retrans * hz / 1000); 573 psrc = nd6_llinfo_get_holdsrc(ln, &src); 574 LLE_FREE_LOCKED(ln); 575 ln = NULL; 576 nd6_ns_output(ifp, daddr6, &dst->sin6_addr, psrc, 0); 577 } 578 579 out: 580 if (ln != NULL) 581 LLE_FREE_LOCKED(ln); 582 KERNEL_UNLOCK_ONE(NULL); 583 mutex_exit(softnet_lock); 584 } 585 586 /* 587 * ND6 timer routine to expire default route list and prefix list 588 */ 589 static void 590 nd6_timer(void *ignored_arg) 591 { 592 struct nd_defrouter *next_dr, *dr; 593 struct nd_prefix *next_pr, *pr; 594 struct in6_ifaddr *ia6, *nia6; 595 596 callout_reset(&nd6_timer_ch, nd6_prune * hz, 597 nd6_timer, NULL); 598 599 mutex_enter(softnet_lock); 600 KERNEL_LOCK(1, NULL); 601 602 /* expire default router list */ 603 604 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, next_dr) { 605 if (dr->expire && dr->expire < time_uptime) { 606 defrtrlist_del(dr, NULL); 607 } 608 } 609 610 /* 611 * expire interface addresses. 612 * in the past the loop was inside prefix expiry processing. 613 * However, from a stricter speci-confrmance standpoint, we should 614 * rather separate address lifetimes and prefix lifetimes. 615 */ 616 addrloop: 617 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 618 nia6 = ia6->ia_next; 619 /* check address lifetime */ 620 if (IFA6_IS_INVALID(ia6)) { 621 int regen = 0; 622 623 /* 624 * If the expiring address is temporary, try 625 * regenerating a new one. This would be useful when 626 * we suspended a laptop PC, then turned it on after a 627 * period that could invalidate all temporary 628 * addresses. Although we may have to restart the 629 * loop (see below), it must be after purging the 630 * address. Otherwise, we'd see an infinite loop of 631 * regeneration. 632 */ 633 if (ip6_use_tempaddr && 634 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 635 if (regen_tmpaddr(ia6) == 0) 636 regen = 1; 637 } 638 639 in6_purgeaddr(&ia6->ia_ifa); 640 641 if (regen) 642 goto addrloop; /* XXX: see below */ 643 } else if (IFA6_IS_DEPRECATED(ia6)) { 644 int oldflags = ia6->ia6_flags; 645 646 if ((oldflags & IN6_IFF_DEPRECATED) == 0) { 647 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 648 rt_newaddrmsg(RTM_NEWADDR, 649 (struct ifaddr *)ia6, 0, NULL); 650 } 651 652 /* 653 * If a temporary address has just become deprecated, 654 * regenerate a new one if possible. 655 */ 656 if (ip6_use_tempaddr && 657 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 658 (oldflags & IN6_IFF_DEPRECATED) == 0) { 659 660 if (regen_tmpaddr(ia6) == 0) { 661 /* 662 * A new temporary address is 663 * generated. 664 * XXX: this means the address chain 665 * has changed while we are still in 666 * the loop. Although the change 667 * would not cause disaster (because 668 * it's not a deletion, but an 669 * addition,) we'd rather restart the 670 * loop just for safety. Or does this 671 * significantly reduce performance?? 672 */ 673 goto addrloop; 674 } 675 } 676 } else { 677 /* 678 * A new RA might have made a deprecated address 679 * preferred. 680 */ 681 if (ia6->ia6_flags & IN6_IFF_DEPRECATED) { 682 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 683 rt_newaddrmsg(RTM_NEWADDR, 684 (struct ifaddr *)ia6, 0, NULL); 685 } 686 } 687 } 688 689 /* expire prefix list */ 690 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, next_pr) { 691 /* 692 * check prefix lifetime. 693 * since pltime is just for autoconf, pltime processing for 694 * prefix is not necessary. 695 */ 696 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 697 time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) { 698 699 /* 700 * address expiration and prefix expiration are 701 * separate. NEVER perform in6_purgeaddr here. 702 */ 703 704 prelist_remove(pr); 705 } 706 } 707 708 KERNEL_UNLOCK_ONE(NULL); 709 mutex_exit(softnet_lock); 710 } 711 712 /* ia6: deprecated/invalidated temporary address */ 713 static int 714 regen_tmpaddr(struct in6_ifaddr *ia6) 715 { 716 struct ifaddr *ifa; 717 struct ifnet *ifp; 718 struct in6_ifaddr *public_ifa6 = NULL; 719 720 ifp = ia6->ia_ifa.ifa_ifp; 721 IFADDR_FOREACH(ifa, ifp) { 722 struct in6_ifaddr *it6; 723 724 if (ifa->ifa_addr->sa_family != AF_INET6) 725 continue; 726 727 it6 = (struct in6_ifaddr *)ifa; 728 729 /* ignore no autoconf addresses. */ 730 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 731 continue; 732 733 /* ignore autoconf addresses with different prefixes. */ 734 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 735 continue; 736 737 /* 738 * Now we are looking at an autoconf address with the same 739 * prefix as ours. If the address is temporary and is still 740 * preferred, do not create another one. It would be rare, but 741 * could happen, for example, when we resume a laptop PC after 742 * a long period. 743 */ 744 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 745 !IFA6_IS_DEPRECATED(it6)) { 746 public_ifa6 = NULL; 747 break; 748 } 749 750 /* 751 * This is a public autoconf address that has the same prefix 752 * as ours. If it is preferred, keep it. We can't break the 753 * loop here, because there may be a still-preferred temporary 754 * address with the prefix. 755 */ 756 if (!IFA6_IS_DEPRECATED(it6)) 757 public_ifa6 = it6; 758 } 759 760 if (public_ifa6 != NULL) { 761 int e; 762 763 /* 764 * Random factor is introduced in the preferred lifetime, so 765 * we do not need additional delay (3rd arg to in6_tmpifadd). 766 */ 767 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 768 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 769 " tmp addr, errno=%d\n", e); 770 return -1; 771 } 772 return 0; 773 } 774 775 return -1; 776 } 777 778 bool 779 nd6_accepts_rtadv(const struct nd_ifinfo *ndi) 780 { 781 switch (ndi->flags & (ND6_IFF_ACCEPT_RTADV|ND6_IFF_OVERRIDE_RTADV)) { 782 case ND6_IFF_OVERRIDE_RTADV|ND6_IFF_ACCEPT_RTADV: 783 return true; 784 case ND6_IFF_ACCEPT_RTADV: 785 return ip6_accept_rtadv != 0; 786 case ND6_IFF_OVERRIDE_RTADV: 787 case 0: 788 default: 789 return false; 790 } 791 } 792 793 /* 794 * Nuke neighbor cache/prefix/default router management table, right before 795 * ifp goes away. 796 */ 797 void 798 nd6_purge(struct ifnet *ifp, struct in6_ifextra *ext) 799 { 800 struct nd_defrouter *dr, *ndr; 801 struct nd_prefix *pr, *npr; 802 803 /* 804 * During detach, the ND info might be already removed, but 805 * then is explitly passed as argument. 806 * Otherwise get it from ifp->if_afdata. 807 */ 808 if (ext == NULL) 809 ext = ifp->if_afdata[AF_INET6]; 810 if (ext == NULL) 811 return; 812 813 /* 814 * Nuke default router list entries toward ifp. 815 * We defer removal of default router list entries that is installed 816 * in the routing table, in order to keep additional side effects as 817 * small as possible. 818 */ 819 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 820 if (dr->installed) 821 continue; 822 823 if (dr->ifp == ifp) { 824 KASSERT(ext != NULL); 825 defrtrlist_del(dr, ext); 826 } 827 } 828 829 TAILQ_FOREACH_SAFE(dr, &nd_defrouter, dr_entry, ndr) { 830 if (!dr->installed) 831 continue; 832 833 if (dr->ifp == ifp) { 834 KASSERT(ext != NULL); 835 defrtrlist_del(dr, ext); 836 } 837 } 838 839 /* Nuke prefix list entries toward ifp */ 840 LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, npr) { 841 if (pr->ndpr_ifp == ifp) { 842 /* 843 * Because if_detach() does *not* release prefixes 844 * while purging addresses the reference count will 845 * still be above zero. We therefore reset it to 846 * make sure that the prefix really gets purged. 847 */ 848 pr->ndpr_refcnt = 0; 849 /* 850 * Previously, pr->ndpr_addr is removed as well, 851 * but I strongly believe we don't have to do it. 852 * nd6_purge() is only called from in6_ifdetach(), 853 * which removes all the associated interface addresses 854 * by itself. 855 * (jinmei (at) kame.net 20010129) 856 */ 857 prelist_remove(pr); 858 } 859 } 860 861 /* cancel default outgoing interface setting */ 862 if (nd6_defifindex == ifp->if_index) 863 nd6_setdefaultiface(0); 864 865 /* XXX: too restrictive? */ 866 if (!ip6_forwarding && ifp->if_afdata[AF_INET6]) { 867 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 868 if (ndi && nd6_accepts_rtadv(ndi)) { 869 /* refresh default router list */ 870 defrouter_select(); 871 } 872 } 873 874 /* 875 * We may not need to nuke the neighbor cache entries here 876 * because the neighbor cache is kept in if_afdata[AF_INET6]. 877 * nd6_purge() is invoked by in6_ifdetach() which is called 878 * from if_detach() where everything gets purged. However 879 * in6_ifdetach is directly called from vlan(4), so we still 880 * need to purge entries here. 881 */ 882 if (ext->lltable != NULL) 883 lltable_purge_entries(ext->lltable); 884 } 885 886 static struct rtentry * 887 nd6_lookup1(const struct in6_addr *addr6, int create, struct ifnet *ifp, 888 int cloning) 889 { 890 struct rtentry *rt; 891 struct sockaddr_in6 sin6; 892 893 sockaddr_in6_init(&sin6, addr6, 0, 0, 0); 894 rt = rtalloc1((struct sockaddr *)&sin6, create); 895 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 896 /* 897 * This is the case for the default route. 898 * If we want to create a neighbor cache for the address, we 899 * should free the route for the destination and allocate an 900 * interface route. 901 */ 902 if (create) { 903 rtfree(rt); 904 rt = NULL; 905 } 906 } 907 if (rt != NULL) 908 ; 909 else if (create && ifp) { 910 int e; 911 912 /* 913 * If no route is available and create is set, 914 * we allocate a host route for the destination 915 * and treat it like an interface route. 916 * This hack is necessary for a neighbor which can't 917 * be covered by our own prefix. 918 */ 919 struct ifaddr *ifa = 920 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 921 if (ifa == NULL) 922 return NULL; 923 924 /* 925 * Create a new route. RTF_LLINFO is necessary 926 * to create a Neighbor Cache entry for the 927 * destination in nd6_rtrequest which will be 928 * called in rtrequest via ifa->ifa_rtrequest. 929 */ 930 if ((e = rtrequest(RTM_ADD, (const struct sockaddr *)&sin6, 931 ifa->ifa_addr, (const struct sockaddr *)&all1_sa, 932 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) & 933 ~RTF_CLONING, &rt)) != 0) { 934 #if 0 935 log(LOG_ERR, 936 "nd6_lookup: failed to add route for a " 937 "neighbor(%s), errno=%d\n", 938 ip6_sprintf(addr6), e); 939 #endif 940 return NULL; 941 } 942 if (rt == NULL) 943 return NULL; 944 if (rt->rt_llinfo) { 945 struct llentry *ln = rt->rt_llinfo; 946 ln->ln_state = ND6_LLINFO_NOSTATE; 947 } 948 } else 949 return NULL; 950 951 /* 952 * Check for a cloning route to match the address. 953 * This should only be set from in6_is_addr_neighbor so we avoid 954 * a potentially expensive second call to rtalloc1. 955 */ 956 if (cloning && 957 rt->rt_flags & (RTF_CLONING | RTF_CLONED) && 958 (rt->rt_ifp == ifp 959 #if NBRIDGE > 0 960 || rt->rt_ifp->if_bridge == ifp->if_bridge 961 #endif 962 #if NCARP > 0 963 || (ifp->if_type == IFT_CARP && rt->rt_ifp == ifp->if_carpdev) || 964 (rt->rt_ifp->if_type == IFT_CARP && rt->rt_ifp->if_carpdev == ifp)|| 965 (ifp->if_type == IFT_CARP && rt->rt_ifp->if_type == IFT_CARP && 966 rt->rt_ifp->if_carpdev == ifp->if_carpdev) 967 #endif 968 )) 969 return rt; 970 971 /* 972 * Validation for the entry. 973 * Note that the check for rt_llinfo is necessary because a cloned 974 * route from a parent route that has the L flag (e.g. the default 975 * route to a p2p interface) may have the flag, too, while the 976 * destination is not actually a neighbor. 977 * XXX: we can't use rt->rt_ifp to check for the interface, since 978 * it might be the loopback interface if the entry is for our 979 * own address on a non-loopback interface. Instead, we should 980 * use rt->rt_ifa->ifa_ifp, which would specify the REAL 981 * interface. 982 * Note also that ifa_ifp and ifp may differ when we connect two 983 * interfaces to a same link, install a link prefix to an interface, 984 * and try to install a neighbor cache on an interface that does not 985 * have a route to the prefix. 986 */ 987 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 988 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 989 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 990 if (create) { 991 nd6log(LOG_DEBUG, 992 "nd6_lookup: failed to lookup %s (if = %s)\n", 993 ip6_sprintf(addr6), 994 ifp ? if_name(ifp) : "unspec"); 995 } 996 rtfree(rt); 997 return NULL; 998 } 999 return rt; 1000 } 1001 1002 struct rtentry * 1003 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp) 1004 { 1005 1006 return nd6_lookup1(addr6, create, ifp, 0); 1007 } 1008 1009 /* 1010 * Detect if a given IPv6 address identifies a neighbor on a given link. 1011 * XXX: should take care of the destination of a p2p link? 1012 */ 1013 int 1014 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1015 { 1016 struct nd_prefix *pr; 1017 struct rtentry *rt; 1018 1019 /* 1020 * A link-local address is always a neighbor. 1021 * XXX: a link does not necessarily specify a single interface. 1022 */ 1023 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 1024 struct sockaddr_in6 sin6_copy; 1025 u_int32_t zone; 1026 1027 /* 1028 * We need sin6_copy since sa6_recoverscope() may modify the 1029 * content (XXX). 1030 */ 1031 sin6_copy = *addr; 1032 if (sa6_recoverscope(&sin6_copy)) 1033 return 0; /* XXX: should be impossible */ 1034 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 1035 return 0; 1036 if (sin6_copy.sin6_scope_id == zone) 1037 return 1; 1038 else 1039 return 0; 1040 } 1041 1042 /* 1043 * If the address matches one of our on-link prefixes, it should be a 1044 * neighbor. 1045 */ 1046 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1047 if (pr->ndpr_ifp != ifp) 1048 continue; 1049 1050 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) 1051 continue; 1052 1053 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1054 &addr->sin6_addr, &pr->ndpr_mask)) 1055 return 1; 1056 } 1057 1058 /* 1059 * If the default router list is empty, all addresses are regarded 1060 * as on-link, and thus, as a neighbor. 1061 * XXX: we restrict the condition to hosts, because routers usually do 1062 * not have the "default router list". 1063 */ 1064 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL && 1065 nd6_defifindex == ifp->if_index) { 1066 return 1; 1067 } 1068 1069 /* 1070 * Even if the address matches none of our addresses, it might match 1071 * a cloning route or be in the neighbor cache. 1072 */ 1073 rt = nd6_lookup1(&addr->sin6_addr, 0, ifp, 1); 1074 if (rt != NULL) { 1075 rtfree(rt); 1076 return 1; 1077 } 1078 1079 return 0; 1080 } 1081 1082 /* 1083 * Free an nd6 llinfo entry. 1084 * Since the function would cause significant changes in the kernel, DO NOT 1085 * make it global, unless you have a strong reason for the change, and are sure 1086 * that the change is safe. 1087 */ 1088 static void 1089 nd6_free(struct rtentry *rt, struct llentry *ln, int gc) 1090 { 1091 struct in6_addr in6 = satocsin6(rt_getkey(rt))->sin6_addr; 1092 struct nd_defrouter *dr; 1093 int error; 1094 1095 KASSERT(ln != NULL); 1096 KASSERT(ln == rt->rt_llinfo); 1097 LLE_WLOCK_ASSERT(ln); 1098 1099 /* 1100 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1101 * even though it is not harmful, it was not really necessary. 1102 */ 1103 1104 /* cancel timer */ 1105 nd6_llinfo_settimer_locked(ln, -1); 1106 1107 if (!ip6_forwarding) { 1108 int s; 1109 s = splsoftnet(); 1110 dr = defrouter_lookup(&satocsin6(rt_getkey(rt))->sin6_addr, 1111 rt->rt_ifp); 1112 1113 if (dr != NULL && dr->expire && 1114 ln->ln_state == ND6_LLINFO_STALE && gc) { 1115 /* 1116 * If the reason for the deletion is just garbage 1117 * collection, and the neighbor is an active default 1118 * router, do not delete it. Instead, reset the GC 1119 * timer using the router's lifetime. 1120 * Simply deleting the entry would affect default 1121 * router selection, which is not necessarily a good 1122 * thing, especially when we're using router preference 1123 * values. 1124 * XXX: the check for ln_state would be redundant, 1125 * but we intentionally keep it just in case. 1126 */ 1127 if (dr->expire > time_uptime) 1128 nd6_llinfo_settimer_locked(ln, 1129 (dr->expire - time_uptime) * hz); 1130 else 1131 nd6_llinfo_settimer_locked(ln, 1132 nd6_gctimer * hz); 1133 splx(s); 1134 LLE_WUNLOCK(ln); 1135 return; 1136 } 1137 1138 if (ln->ln_router || dr) { 1139 /* 1140 * rt6_flush must be called whether or not the neighbor 1141 * is in the Default Router List. 1142 * See a corresponding comment in nd6_na_input(). 1143 */ 1144 rt6_flush(&in6, rt->rt_ifp); 1145 } 1146 1147 if (dr) { 1148 /* 1149 * Unreachablity of a router might affect the default 1150 * router selection and on-link detection of advertised 1151 * prefixes. 1152 */ 1153 1154 /* 1155 * Temporarily fake the state to choose a new default 1156 * router and to perform on-link determination of 1157 * prefixes correctly. 1158 * Below the state will be set correctly, 1159 * or the entry itself will be deleted. 1160 */ 1161 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1162 1163 /* 1164 * Since defrouter_select() does not affect the 1165 * on-link determination and MIP6 needs the check 1166 * before the default router selection, we perform 1167 * the check now. 1168 */ 1169 pfxlist_onlink_check(); 1170 1171 /* 1172 * refresh default router list 1173 */ 1174 defrouter_select(); 1175 } 1176 splx(s); 1177 } 1178 1179 LLE_WUNLOCK(ln); 1180 /* 1181 * Detach the route from the routing tree and the list of neighbor 1182 * caches, and disable the route entry not to be used in already 1183 * cached routes. 1184 */ 1185 error = rtrequest_newmsg(RTM_DELETE, rt_getkey(rt), NULL, 1186 rt_mask(rt), 0); 1187 if (error != 0) { 1188 /* XXX need error message? */; 1189 } 1190 } 1191 1192 /* 1193 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1194 * 1195 * XXX cost-effective methods? 1196 */ 1197 void 1198 nd6_nud_hint(struct rtentry *rt) 1199 { 1200 struct llentry *ln; 1201 1202 if (rt == NULL) 1203 return; 1204 1205 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 1206 (rt->rt_flags & RTF_LLINFO) == 0 || 1207 !rt->rt_llinfo || !rt->rt_gateway || 1208 rt->rt_gateway->sa_family != AF_LINK) { 1209 /* This is not a host route. */ 1210 return; 1211 } 1212 1213 ln = rt->rt_llinfo; 1214 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1215 return; 1216 1217 /* 1218 * if we get upper-layer reachability confirmation many times, 1219 * it is possible we have false information. 1220 */ 1221 ln->ln_byhint++; 1222 if (ln->ln_byhint > nd6_maxnudhint) 1223 return; 1224 1225 ln->ln_state = ND6_LLINFO_REACHABLE; 1226 if (!ND6_LLINFO_PERMANENT(ln)) { 1227 nd6_llinfo_settimer(ln, 1228 ND_IFINFO(rt->rt_ifp)->reachable * hz); 1229 } 1230 1231 return; 1232 } 1233 1234 static int 1235 nd6_purge_entry(struct lltable *llt, struct llentry *ln, void *farg) 1236 { 1237 int *n = farg; 1238 1239 if (*n <= 0) 1240 return 0; 1241 1242 if (ND6_LLINFO_PERMANENT(ln)) 1243 return 0; 1244 1245 LLE_WLOCK(ln); 1246 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1247 ln->ln_state = ND6_LLINFO_STALE; 1248 else 1249 ln->ln_state = ND6_LLINFO_PURGE; 1250 nd6_llinfo_settimer_locked(ln, 0); 1251 LLE_WUNLOCK(ln); 1252 1253 (*n)--; 1254 return 0; 1255 } 1256 1257 static void 1258 nd6_gc_neighbors(struct lltable *llt) 1259 { 1260 int max_gc_entries = 10; 1261 1262 if (ip6_neighborgcthresh >= 0 && 1263 lltable_get_entry_count(llt) >= ip6_neighborgcthresh) { 1264 /* 1265 * XXX entries that are "less recently used" should be 1266 * freed first. 1267 */ 1268 lltable_foreach_lle(llt, nd6_purge_entry, &max_gc_entries); 1269 } 1270 } 1271 1272 void 1273 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info) 1274 { 1275 struct sockaddr *gate = rt->rt_gateway; 1276 struct llentry *ln; 1277 struct ifnet *ifp = rt->rt_ifp; 1278 uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen; 1279 struct ifaddr *ifa; 1280 int flags = 0; 1281 bool use_lo0ifp = false; 1282 1283 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1284 1285 if (req == RTM_LLINFO_UPD) { 1286 int rc; 1287 struct in6_addr *in6; 1288 struct in6_addr in6_all; 1289 int anycast; 1290 1291 if ((ifa = info->rti_ifa) == NULL) 1292 return; 1293 1294 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr; 1295 anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST; 1296 1297 in6_all = in6addr_linklocal_allnodes; 1298 if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) { 1299 log(LOG_ERR, "%s: failed to set scope %s " 1300 "(errno=%d)\n", __func__, if_name(ifp), rc); 1301 return; 1302 } 1303 1304 /* XXX don't set Override for proxy addresses */ 1305 nd6_na_output(ifa->ifa_ifp, &in6_all, in6, 1306 (anycast ? 0 : ND_NA_FLAG_OVERRIDE) 1307 #if 0 1308 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 1309 #endif 1310 , 1, NULL); 1311 return; 1312 } 1313 1314 if ((rt->rt_flags & RTF_GATEWAY) != 0) 1315 return; 1316 1317 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1318 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1319 /* 1320 * This is probably an interface direct route for a link 1321 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1322 * We do not need special treatment below for such a route. 1323 * Moreover, the RTF_LLINFO flag which would be set below 1324 * would annoy the ndp(8) command. 1325 */ 1326 return; 1327 } 1328 1329 IF_AFDATA_RLOCK(ifp); 1330 ln = lla_lookup(LLTABLE6(ifp), flags, rt_getkey(rt)); 1331 IF_AFDATA_RUNLOCK(ifp); 1332 1333 if (req == RTM_RESOLVE && 1334 (nd6_need_cache(ifp) == 0 || /* stf case */ 1335 !nd6_is_addr_neighbor(satocsin6(rt_getkey(rt)), ifp))) { 1336 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1337 /* 1338 * FreeBSD and BSD/OS often make a cloned host route based 1339 * on a less-specific route (e.g. the default route). 1340 * If the less specific route does not have a "gateway" 1341 * (this is the case when the route just goes to a p2p or an 1342 * stf interface), we'll mistakenly make a neighbor cache for 1343 * the host route, and will see strange neighbor solicitation 1344 * for the corresponding destination. In order to avoid the 1345 * confusion, we check if the destination of the route is 1346 * a neighbor in terms of neighbor discovery, and stop the 1347 * process if not. Additionally, we remove the LLINFO flag 1348 * so that ndp(8) will not try to get the neighbor information 1349 * of the destination. 1350 */ 1351 rt->rt_flags &= ~RTF_LLINFO; 1352 return; 1353 } 1354 1355 switch (req) { 1356 case RTM_ADD: 1357 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1358 /* 1359 * There is no backward compatibility :) 1360 * 1361 * if ((rt->rt_flags & RTF_HOST) == 0 && 1362 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1363 * rt->rt_flags |= RTF_CLONING; 1364 */ 1365 if ((rt->rt_flags & RTF_CLONING) || 1366 ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) { 1367 union { 1368 struct sockaddr sa; 1369 struct sockaddr_dl sdl; 1370 struct sockaddr_storage ss; 1371 } u; 1372 /* 1373 * Case 1: This route should come from a route to 1374 * interface (RTF_CLONING case) or the route should be 1375 * treated as on-link but is currently not 1376 * (RTF_LLINFO && ln == NULL case). 1377 */ 1378 if (sockaddr_dl_init(&u.sdl, sizeof(u.ss), 1379 ifp->if_index, ifp->if_type, 1380 NULL, namelen, NULL, addrlen) == NULL) { 1381 printf("%s.%d: sockaddr_dl_init(, %zu, ) " 1382 "failed on %s\n", __func__, __LINE__, 1383 sizeof(u.ss), if_name(ifp)); 1384 } 1385 rt_setgate(rt, &u.sa); 1386 gate = rt->rt_gateway; 1387 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1388 if (ln != NULL) 1389 nd6_llinfo_settimer_locked(ln, 0); 1390 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1391 if ((rt->rt_flags & RTF_CLONING) != 0) 1392 break; 1393 } 1394 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1395 /* 1396 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1397 * We don't do that here since llinfo is not ready yet. 1398 * 1399 * There are also couple of other things to be discussed: 1400 * - unsolicited NA code needs improvement beforehand 1401 * - RFC2461 says we MAY send multicast unsolicited NA 1402 * (7.2.6 paragraph 4), however, it also says that we 1403 * SHOULD provide a mechanism to prevent multicast NA storm. 1404 * we don't have anything like it right now. 1405 * note that the mechanism needs a mutual agreement 1406 * between proxies, which means that we need to implement 1407 * a new protocol, or a new kludge. 1408 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1409 * we need to check ip6forwarding before sending it. 1410 * (or should we allow proxy ND configuration only for 1411 * routers? there's no mention about proxy ND from hosts) 1412 */ 1413 #if 0 1414 /* XXX it does not work */ 1415 if (rt->rt_flags & RTF_ANNOUNCE) 1416 nd6_na_output(ifp, 1417 &satocsin6(rt_getkey(rt))->sin6_addr, 1418 &satocsin6(rt_getkey(rt))->sin6_addr, 1419 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1420 1, NULL); 1421 #endif 1422 /* FALLTHROUGH */ 1423 case RTM_RESOLVE: 1424 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1425 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1426 /* 1427 * Address resolution isn't necessary for a point to 1428 * point link, so we can skip this test for a p2p link. 1429 */ 1430 if (gate->sa_family != AF_LINK || 1431 gate->sa_len < 1432 sockaddr_dl_measure(namelen, addrlen)) { 1433 log(LOG_DEBUG, 1434 "nd6_rtrequest: bad gateway value: %s\n", 1435 if_name(ifp)); 1436 break; 1437 } 1438 satosdl(gate)->sdl_type = ifp->if_type; 1439 satosdl(gate)->sdl_index = ifp->if_index; 1440 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1441 } 1442 if (ln != NULL) 1443 break; /* This happens on a route change */ 1444 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1445 1446 /* Determine to use lo0ifp or not before lla_create */ 1447 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 1448 &satocsin6(rt_getkey(rt))->sin6_addr); 1449 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1450 if (ifa != NULL && nd6_useloopback) 1451 use_lo0ifp = true; 1452 1453 /* 1454 * Case 2: This route may come from cloning, or a manual route 1455 * add with a LL address. 1456 */ 1457 flags = LLE_EXCLUSIVE; 1458 if ((rt->rt_flags & RTF_CLONED) == 0) 1459 flags |= LLE_IFADDR; 1460 1461 #define _IFP() (use_lo0ifp ? lo0ifp : ifp) 1462 IF_AFDATA_WLOCK(_IFP()); 1463 ln = lla_create(LLTABLE6(_IFP()), flags, rt_getkey(rt)); 1464 IF_AFDATA_WUNLOCK(_IFP()); 1465 1466 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1467 if (ln == NULL) { 1468 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1469 break; 1470 } 1471 1472 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1473 nd6_inuse++; 1474 nd6_allocated++; 1475 ln->ln_rt = rt; 1476 rt->rt_refcnt++; 1477 rt->rt_llinfo = ln; 1478 LLE_ADDREF(ln); 1479 rt->rt_flags |= RTF_LLINFO; 1480 switch (_IFP()->if_type) { 1481 #if NTOKEN > 0 1482 case IFT_ISO88025: 1483 ln->la_opaque = kmem_alloc(sizeof(struct token_rif), 1484 KM_SLEEP); 1485 break; 1486 #endif /* NTOKEN > 0 */ 1487 default: 1488 break; 1489 } 1490 #undef _IFP 1491 1492 /* this is required for "ndp" command. - shin */ 1493 if (req == RTM_ADD) { 1494 /* 1495 * gate should have some valid AF_LINK entry, 1496 * and ln->ln_expire should have some lifetime 1497 * which is specified by ndp command. 1498 */ 1499 ln->ln_state = ND6_LLINFO_REACHABLE; 1500 ln->ln_byhint = 0; 1501 } else { 1502 /* 1503 * When req == RTM_RESOLVE, rt is created and 1504 * initialized in rtrequest(), so rt_expire is 0. 1505 */ 1506 ln->ln_state = ND6_LLINFO_NOSTATE; 1507 nd6_llinfo_settimer_locked(ln, 0); 1508 } 1509 RT_DPRINTF("rt_getkey(rt) = %p\n", rt_getkey(rt)); 1510 1511 /* 1512 * check if rt_getkey(rt) is an address assigned 1513 * to the interface. 1514 */ 1515 if (ifa != NULL) { 1516 const void *mac; 1517 nd6_llinfo_settimer_locked(ln, -1); 1518 ln->ln_state = ND6_LLINFO_REACHABLE; 1519 ln->ln_byhint = 0; 1520 if ((mac = nd6_ifptomac(ifp)) != NULL) { 1521 /* XXX check for error */ 1522 if (sockaddr_dl_setaddr(satosdl(gate), 1523 gate->sa_len, mac, 1524 ifp->if_addrlen) == NULL) { 1525 printf("%s.%d: " 1526 "sockaddr_dl_setaddr(, %d, ) " 1527 "failed on %s\n", __func__, 1528 __LINE__, gate->sa_len, 1529 if_name(ifp)); 1530 } 1531 } 1532 if (nd6_useloopback) { 1533 ifp = rt->rt_ifp = lo0ifp; /* XXX */ 1534 /* 1535 * Make sure rt_ifa be equal to the ifaddr 1536 * corresponding to the address. 1537 * We need this because when we refer 1538 * rt_ifa->ia6_flags in ip6_input, we assume 1539 * that the rt_ifa points to the address instead 1540 * of the loopback address. 1541 */ 1542 if (ifa != rt->rt_ifa) 1543 rt_replace_ifa(rt, ifa); 1544 rt->rt_rmx.rmx_mtu = 0; 1545 rt->rt_flags &= ~RTF_CLONED; 1546 } 1547 rt->rt_flags |= RTF_LOCAL; 1548 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1549 nd6_llinfo_settimer_locked(ln, -1); 1550 ln->ln_state = ND6_LLINFO_REACHABLE; 1551 ln->ln_byhint = 0; 1552 1553 /* join solicited node multicast for proxy ND */ 1554 if (ifp->if_flags & IFF_MULTICAST) { 1555 struct in6_addr llsol; 1556 int error; 1557 1558 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1559 llsol.s6_addr32[0] = htonl(0xff020000); 1560 llsol.s6_addr32[1] = 0; 1561 llsol.s6_addr32[2] = htonl(1); 1562 llsol.s6_addr8[12] = 0xff; 1563 if (in6_setscope(&llsol, ifp, NULL)) 1564 break; 1565 if (!in6_addmulti(&llsol, ifp, &error, 0)) { 1566 nd6log(LOG_ERR, "%s: failed to join " 1567 "%s (errno=%d)\n", if_name(ifp), 1568 ip6_sprintf(&llsol), error); 1569 } 1570 } 1571 } 1572 LLE_WUNLOCK(ln); 1573 /* 1574 * If we have too many cache entries, initiate immediate 1575 * purging for some entries. 1576 */ 1577 nd6_gc_neighbors(ln->lle_tbl); 1578 ln = NULL; 1579 1580 break; 1581 1582 case RTM_DELETE: 1583 if (ln == NULL) 1584 break; 1585 /* leave from solicited node multicast for proxy ND */ 1586 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1587 (ifp->if_flags & IFF_MULTICAST) != 0) { 1588 struct in6_addr llsol; 1589 struct in6_multi *in6m; 1590 1591 llsol = satocsin6(rt_getkey(rt))->sin6_addr; 1592 llsol.s6_addr32[0] = htonl(0xff020000); 1593 llsol.s6_addr32[1] = 0; 1594 llsol.s6_addr32[2] = htonl(1); 1595 llsol.s6_addr8[12] = 0xff; 1596 if (in6_setscope(&llsol, ifp, NULL) == 0) { 1597 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1598 if (in6m) 1599 in6_delmulti(in6m); 1600 } 1601 } 1602 nd6_inuse--; 1603 rt->rt_llinfo = NULL; 1604 rt->rt_flags &= ~RTF_LLINFO; 1605 1606 /* Have to do before IF_AFDATA_WLOCK to avoid deadlock */ 1607 callout_halt(&ln->la_timer, &ln->lle_lock); 1608 /* XXX: LOR avoidance. We still have ref on lle. */ 1609 LLE_RUNLOCK(ln); 1610 1611 IF_AFDATA_WLOCK(ifp); 1612 LLE_WLOCK(ln); 1613 1614 clear_llinfo_pqueue(ln); 1615 if (ln->la_opaque != NULL) { 1616 switch (ifp->if_type) { 1617 #if NTOKEN > 0 1618 case IFT_ISO88025: 1619 kmem_free(ln->la_opaque, 1620 sizeof(struct token_rif)); 1621 break; 1622 #endif /* NTOKEN > 0 */ 1623 default: 1624 break; 1625 } 1626 } 1627 1628 if (ln->la_rt != NULL) { 1629 /* 1630 * Don't rtfree (may actually free objects) here. 1631 * Leave it to rtrequest1. 1632 */ 1633 ln->la_rt->rt_refcnt--; 1634 ln->la_rt = NULL; 1635 } 1636 /* Guard against race with other llentry_free(). */ 1637 if (ln->la_flags & LLE_LINKED) { 1638 LLE_REMREF(ln); 1639 llentry_free(ln); 1640 } else { 1641 LLE_FREE_LOCKED(ln); 1642 } 1643 1644 IF_AFDATA_WUNLOCK(ifp); 1645 ln = NULL; 1646 } 1647 1648 if (ln != NULL) { 1649 if (flags & LLE_EXCLUSIVE) 1650 LLE_WUNLOCK(ln); 1651 else 1652 LLE_RUNLOCK(ln); 1653 } 1654 } 1655 1656 int 1657 nd6_ioctl(u_long cmd, void *data, struct ifnet *ifp) 1658 { 1659 struct in6_drlist *drl = (struct in6_drlist *)data; 1660 struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1661 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1662 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1663 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1664 struct nd_defrouter *dr; 1665 struct nd_prefix *pr; 1666 int i = 0, error = 0; 1667 int s; 1668 1669 switch (cmd) { 1670 case SIOCGDRLST_IN6: 1671 /* 1672 * obsolete API, use sysctl under net.inet6.icmp6 1673 */ 1674 memset(drl, 0, sizeof(*drl)); 1675 s = splsoftnet(); 1676 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 1677 if (i >= DRLSTSIZ) 1678 break; 1679 drl->defrouter[i].rtaddr = dr->rtaddr; 1680 in6_clearscope(&drl->defrouter[i].rtaddr); 1681 1682 drl->defrouter[i].flags = dr->flags; 1683 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1684 drl->defrouter[i].expire = dr->expire ? 1685 time_mono_to_wall(dr->expire) : 0; 1686 drl->defrouter[i].if_index = dr->ifp->if_index; 1687 i++; 1688 } 1689 splx(s); 1690 break; 1691 case SIOCGPRLST_IN6: 1692 /* 1693 * obsolete API, use sysctl under net.inet6.icmp6 1694 * 1695 * XXX the structure in6_prlist was changed in backward- 1696 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1697 * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1698 */ 1699 /* 1700 * XXX meaning of fields, especialy "raflags", is very 1701 * differnet between RA prefix list and RR/static prefix list. 1702 * how about separating ioctls into two? 1703 */ 1704 memset(oprl, 0, sizeof(*oprl)); 1705 s = splsoftnet(); 1706 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1707 struct nd_pfxrouter *pfr; 1708 int j; 1709 1710 if (i >= PRLSTSIZ) 1711 break; 1712 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1713 oprl->prefix[i].raflags = pr->ndpr_raf; 1714 oprl->prefix[i].prefixlen = pr->ndpr_plen; 1715 oprl->prefix[i].vltime = pr->ndpr_vltime; 1716 oprl->prefix[i].pltime = pr->ndpr_pltime; 1717 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1718 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1719 oprl->prefix[i].expire = 0; 1720 else { 1721 time_t maxexpire; 1722 1723 /* XXX: we assume time_t is signed. */ 1724 maxexpire = (-1) & 1725 ~((time_t)1 << 1726 ((sizeof(maxexpire) * 8) - 1)); 1727 if (pr->ndpr_vltime < 1728 maxexpire - pr->ndpr_lastupdate) { 1729 time_t expire; 1730 expire = pr->ndpr_lastupdate + 1731 pr->ndpr_vltime; 1732 oprl->prefix[i].expire = expire ? 1733 time_mono_to_wall(expire) : 0; 1734 } else 1735 oprl->prefix[i].expire = maxexpire; 1736 } 1737 1738 j = 0; 1739 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 1740 if (j < DRLSTSIZ) { 1741 #define RTRADDR oprl->prefix[i].advrtr[j] 1742 RTRADDR = pfr->router->rtaddr; 1743 in6_clearscope(&RTRADDR); 1744 #undef RTRADDR 1745 } 1746 j++; 1747 } 1748 oprl->prefix[i].advrtrs = j; 1749 oprl->prefix[i].origin = PR_ORIG_RA; 1750 1751 i++; 1752 } 1753 splx(s); 1754 1755 break; 1756 case OSIOCGIFINFO_IN6: 1757 #define ND ndi->ndi 1758 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1759 memset(&ND, 0, sizeof(ND)); 1760 ND.linkmtu = IN6_LINKMTU(ifp); 1761 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1762 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1763 ND.reachable = ND_IFINFO(ifp)->reachable; 1764 ND.retrans = ND_IFINFO(ifp)->retrans; 1765 ND.flags = ND_IFINFO(ifp)->flags; 1766 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1767 ND.chlim = ND_IFINFO(ifp)->chlim; 1768 break; 1769 case SIOCGIFINFO_IN6: 1770 ND = *ND_IFINFO(ifp); 1771 break; 1772 case SIOCSIFINFO_IN6: 1773 /* 1774 * used to change host variables from userland. 1775 * intented for a use on router to reflect RA configurations. 1776 */ 1777 /* 0 means 'unspecified' */ 1778 if (ND.linkmtu != 0) { 1779 if (ND.linkmtu < IPV6_MMTU || 1780 ND.linkmtu > IN6_LINKMTU(ifp)) { 1781 error = EINVAL; 1782 break; 1783 } 1784 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1785 } 1786 1787 if (ND.basereachable != 0) { 1788 int obasereachable = ND_IFINFO(ifp)->basereachable; 1789 1790 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1791 if (ND.basereachable != obasereachable) 1792 ND_IFINFO(ifp)->reachable = 1793 ND_COMPUTE_RTIME(ND.basereachable); 1794 } 1795 if (ND.retrans != 0) 1796 ND_IFINFO(ifp)->retrans = ND.retrans; 1797 if (ND.chlim != 0) 1798 ND_IFINFO(ifp)->chlim = ND.chlim; 1799 /* FALLTHROUGH */ 1800 case SIOCSIFINFO_FLAGS: 1801 { 1802 struct ifaddr *ifa; 1803 struct in6_ifaddr *ia; 1804 1805 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1806 !(ND.flags & ND6_IFF_IFDISABLED)) 1807 { 1808 /* 1809 * If the interface is marked as ND6_IFF_IFDISABLED and 1810 * has a link-local address with IN6_IFF_DUPLICATED, 1811 * do not clear ND6_IFF_IFDISABLED. 1812 * See RFC 4862, section 5.4.5. 1813 */ 1814 int duplicated_linklocal = 0; 1815 1816 IFADDR_FOREACH(ifa, ifp) { 1817 if (ifa->ifa_addr->sa_family != AF_INET6) 1818 continue; 1819 ia = (struct in6_ifaddr *)ifa; 1820 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1821 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1822 { 1823 duplicated_linklocal = 1; 1824 break; 1825 } 1826 } 1827 1828 if (duplicated_linklocal) { 1829 ND.flags |= ND6_IFF_IFDISABLED; 1830 log(LOG_ERR, "Cannot enable an interface" 1831 " with a link-local address marked" 1832 " duplicate.\n"); 1833 } else { 1834 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1835 if (ifp->if_flags & IFF_UP) 1836 in6_if_up(ifp); 1837 } 1838 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1839 (ND.flags & ND6_IFF_IFDISABLED)) 1840 { 1841 /* Mark all IPv6 addresses as tentative. */ 1842 1843 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1844 IFADDR_FOREACH(ifa, ifp) { 1845 if (ifa->ifa_addr->sa_family != AF_INET6) 1846 continue; 1847 nd6_dad_stop(ifa); 1848 ia = (struct in6_ifaddr *)ifa; 1849 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1850 } 1851 } 1852 1853 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1854 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1855 /* auto_linklocal 0->1 transition */ 1856 1857 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1858 in6_ifattach(ifp, NULL); 1859 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1860 ifp->if_flags & IFF_UP) 1861 { 1862 /* 1863 * When the IF already has 1864 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1865 * address is assigned, and IFF_UP, try to 1866 * assign one. 1867 */ 1868 int haslinklocal = 0; 1869 1870 IFADDR_FOREACH(ifa, ifp) { 1871 if (ifa->ifa_addr->sa_family !=AF_INET6) 1872 continue; 1873 ia = (struct in6_ifaddr *)ifa; 1874 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))){ 1875 haslinklocal = 1; 1876 break; 1877 } 1878 } 1879 if (!haslinklocal) 1880 in6_ifattach(ifp, NULL); 1881 } 1882 } 1883 } 1884 ND_IFINFO(ifp)->flags = ND.flags; 1885 break; 1886 #undef ND 1887 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1888 /* sync kernel routing table with the default router list */ 1889 defrouter_reset(); 1890 defrouter_select(); 1891 break; 1892 case SIOCSPFXFLUSH_IN6: 1893 { 1894 /* flush all the prefix advertised by routers */ 1895 struct nd_prefix *pfx, *next; 1896 1897 s = splsoftnet(); 1898 LIST_FOREACH_SAFE(pfx, &nd_prefix, ndpr_entry, next) { 1899 struct in6_ifaddr *ia, *ia_next; 1900 1901 if (IN6_IS_ADDR_LINKLOCAL(&pfx->ndpr_prefix.sin6_addr)) 1902 continue; /* XXX */ 1903 1904 /* do we really have to remove addresses as well? */ 1905 for (ia = in6_ifaddr; ia; ia = ia_next) { 1906 /* ia might be removed. keep the next ptr. */ 1907 ia_next = ia->ia_next; 1908 1909 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1910 continue; 1911 1912 if (ia->ia6_ndpr == pfx) 1913 in6_purgeaddr(&ia->ia_ifa); 1914 } 1915 prelist_remove(pfx); 1916 } 1917 splx(s); 1918 break; 1919 } 1920 case SIOCSRTRFLUSH_IN6: 1921 { 1922 /* flush all the default routers */ 1923 struct nd_defrouter *drtr, *next; 1924 1925 s = splsoftnet(); 1926 defrouter_reset(); 1927 TAILQ_FOREACH_SAFE(drtr, &nd_defrouter, dr_entry, next) { 1928 defrtrlist_del(drtr, NULL); 1929 } 1930 defrouter_select(); 1931 splx(s); 1932 break; 1933 } 1934 case SIOCGNBRINFO_IN6: 1935 { 1936 struct llentry *ln; 1937 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1938 struct rtentry *rt; 1939 1940 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1941 return error; 1942 1943 s = splsoftnet(); 1944 rt = nd6_lookup(&nb_addr, 0, ifp); 1945 if (rt == NULL) { 1946 error = EINVAL; 1947 splx(s); 1948 break; 1949 } 1950 1951 ln = rt->rt_llinfo; 1952 rtfree(rt); 1953 if (ln == NULL) { 1954 error = EINVAL; 1955 splx(s); 1956 break; 1957 } 1958 nbi->state = ln->ln_state; 1959 nbi->asked = ln->ln_asked; 1960 nbi->isrouter = ln->ln_router; 1961 nbi->expire = ln->ln_expire ? 1962 time_mono_to_wall(ln->ln_expire) : 0; 1963 splx(s); 1964 1965 break; 1966 } 1967 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1968 ndif->ifindex = nd6_defifindex; 1969 break; 1970 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1971 return nd6_setdefaultiface(ndif->ifindex); 1972 } 1973 return error; 1974 } 1975 1976 void 1977 nd6_llinfo_release_pkts(struct llentry *ln, struct ifnet *ifp, 1978 struct rtentry *rt) 1979 { 1980 struct mbuf *m_hold, *m_hold_next; 1981 1982 for (m_hold = ln->la_hold, ln->la_hold = NULL, ln->la_numheld = 0; 1983 m_hold != NULL; 1984 m_hold = m_hold_next) { 1985 m_hold_next = m_hold->m_nextpkt; 1986 m_hold->m_nextpkt = NULL; 1987 1988 /* 1989 * we assume ifp is not a p2p here, so 1990 * just set the 2nd argument as the 1991 * 1st one. 1992 */ 1993 nd6_output(ifp, ifp, m_hold, satocsin6(rt_getkey(rt)), rt); 1994 } 1995 } 1996 1997 /* 1998 * Create neighbor cache entry and cache link-layer address, 1999 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 2000 */ 2001 void 2002 nd6_cache_lladdr( 2003 struct ifnet *ifp, 2004 struct in6_addr *from, 2005 char *lladdr, 2006 int lladdrlen, 2007 int type, /* ICMP6 type */ 2008 int code /* type dependent information */ 2009 ) 2010 { 2011 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 2012 struct rtentry *rt = NULL; 2013 struct llentry *ln = NULL; 2014 int is_newentry; 2015 struct sockaddr_dl *sdl = NULL; 2016 int do_update; 2017 int olladdr; 2018 int llchange; 2019 int newstate = 0; 2020 2021 KASSERT(ifp != NULL); 2022 KASSERT(from != NULL); 2023 2024 /* nothing must be updated for unspecified address */ 2025 if (IN6_IS_ADDR_UNSPECIFIED(from)) 2026 return; 2027 2028 /* 2029 * Validation about ifp->if_addrlen and lladdrlen must be done in 2030 * the caller. 2031 * 2032 * XXX If the link does not have link-layer adderss, what should 2033 * we do? (ifp->if_addrlen == 0) 2034 * Spec says nothing in sections for RA, RS and NA. There's small 2035 * description on it in NS section (RFC 2461 7.2.3). 2036 */ 2037 2038 rt = nd6_lookup(from, 0, ifp); 2039 if (rt == NULL) { 2040 #if 0 2041 /* nothing must be done if there's no lladdr */ 2042 if (!lladdr || !lladdrlen) 2043 return NULL; 2044 #endif 2045 2046 rt = nd6_lookup(from, 1, ifp); 2047 is_newentry = 1; 2048 } else { 2049 /* do nothing if static ndp is set */ 2050 if (rt->rt_flags & RTF_STATIC) { 2051 rtfree(rt); 2052 return; 2053 } 2054 is_newentry = 0; 2055 } 2056 2057 if (rt == NULL) 2058 return; 2059 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 2060 fail: 2061 if (rt->rt_llinfo != NULL) 2062 LLE_WLOCK((struct llentry *)rt->rt_llinfo); 2063 nd6_free(rt, rt->rt_llinfo, 0); 2064 rtfree(rt); 2065 return; 2066 } 2067 ln = rt->rt_llinfo; 2068 if (ln == NULL) 2069 goto fail; 2070 if (rt->rt_gateway == NULL) 2071 goto fail; 2072 if (rt->rt_gateway->sa_family != AF_LINK) 2073 goto fail; 2074 sdl = satosdl(rt->rt_gateway); 2075 2076 olladdr = (sdl->sdl_alen) ? 1 : 0; 2077 if (olladdr && lladdr) { 2078 if (memcmp(lladdr, CLLADDR(sdl), ifp->if_addrlen)) 2079 llchange = 1; 2080 else 2081 llchange = 0; 2082 } else 2083 llchange = 0; 2084 2085 /* 2086 * newentry olladdr lladdr llchange (*=record) 2087 * 0 n n -- (1) 2088 * 0 y n -- (2) 2089 * 0 n y -- (3) * STALE 2090 * 0 y y n (4) * 2091 * 0 y y y (5) * STALE 2092 * 1 -- n -- (6) NOSTATE(= PASSIVE) 2093 * 1 -- y -- (7) * STALE 2094 */ 2095 2096 if (lladdr) { /* (3-5) and (7) */ 2097 /* 2098 * Record source link-layer address 2099 * XXX is it dependent to ifp->if_type? 2100 */ 2101 /* XXX check for error */ 2102 if (sockaddr_dl_setaddr(sdl, sdl->sdl_len, lladdr, 2103 ifp->if_addrlen) == NULL) { 2104 printf("%s.%d: sockaddr_dl_setaddr(, %d, ) " 2105 "failed on %s\n", __func__, __LINE__, 2106 sdl->sdl_len, if_name(ifp)); 2107 } 2108 } 2109 2110 if (!is_newentry) { 2111 if ((!olladdr && lladdr) || /* (3) */ 2112 (olladdr && lladdr && llchange)) { /* (5) */ 2113 do_update = 1; 2114 newstate = ND6_LLINFO_STALE; 2115 } else /* (1-2,4) */ 2116 do_update = 0; 2117 } else { 2118 do_update = 1; 2119 if (lladdr == NULL) /* (6) */ 2120 newstate = ND6_LLINFO_NOSTATE; 2121 else /* (7) */ 2122 newstate = ND6_LLINFO_STALE; 2123 } 2124 2125 if (do_update) { 2126 /* 2127 * Update the state of the neighbor cache. 2128 */ 2129 ln->ln_state = newstate; 2130 2131 if (ln->ln_state == ND6_LLINFO_STALE) { 2132 /* 2133 * XXX: since nd6_output() below will cause 2134 * state tansition to DELAY and reset the timer, 2135 * we must set the timer now, although it is actually 2136 * meaningless. 2137 */ 2138 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 2139 2140 nd6_llinfo_release_pkts(ln, ifp, rt); 2141 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 2142 /* probe right away */ 2143 nd6_llinfo_settimer((void *)ln, 0); 2144 } 2145 } 2146 2147 /* 2148 * ICMP6 type dependent behavior. 2149 * 2150 * NS: clear IsRouter if new entry 2151 * RS: clear IsRouter 2152 * RA: set IsRouter if there's lladdr 2153 * redir: clear IsRouter if new entry 2154 * 2155 * RA case, (1): 2156 * The spec says that we must set IsRouter in the following cases: 2157 * - If lladdr exist, set IsRouter. This means (1-5). 2158 * - If it is old entry (!newentry), set IsRouter. This means (7). 2159 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 2160 * A quetion arises for (1) case. (1) case has no lladdr in the 2161 * neighbor cache, this is similar to (6). 2162 * This case is rare but we figured that we MUST NOT set IsRouter. 2163 * 2164 * newentry olladdr lladdr llchange NS RS RA redir 2165 * D R 2166 * 0 n n -- (1) c ? s 2167 * 0 y n -- (2) c s s 2168 * 0 n y -- (3) c s s 2169 * 0 y y n (4) c s s 2170 * 0 y y y (5) c s s 2171 * 1 -- n -- (6) c c c s 2172 * 1 -- y -- (7) c c s c s 2173 * 2174 * (c=clear s=set) 2175 */ 2176 switch (type & 0xff) { 2177 case ND_NEIGHBOR_SOLICIT: 2178 /* 2179 * New entry must have is_router flag cleared. 2180 */ 2181 if (is_newentry) /* (6-7) */ 2182 ln->ln_router = 0; 2183 break; 2184 case ND_REDIRECT: 2185 /* 2186 * If the icmp is a redirect to a better router, always set the 2187 * is_router flag. Otherwise, if the entry is newly created, 2188 * clear the flag. [RFC 2461, sec 8.3] 2189 */ 2190 if (code == ND_REDIRECT_ROUTER) 2191 ln->ln_router = 1; 2192 else if (is_newentry) /* (6-7) */ 2193 ln->ln_router = 0; 2194 break; 2195 case ND_ROUTER_SOLICIT: 2196 /* 2197 * is_router flag must always be cleared. 2198 */ 2199 ln->ln_router = 0; 2200 break; 2201 case ND_ROUTER_ADVERT: 2202 /* 2203 * Mark an entry with lladdr as a router. 2204 */ 2205 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 2206 (is_newentry && lladdr)) { /* (7) */ 2207 ln->ln_router = 1; 2208 } 2209 break; 2210 } 2211 2212 if (do_update) 2213 rt_newmsg(RTM_CHANGE, rt); /* tell user process */ 2214 2215 /* 2216 * When the link-layer address of a router changes, select the 2217 * best router again. In particular, when the neighbor entry is newly 2218 * created, it might affect the selection policy. 2219 * Question: can we restrict the first condition to the "is_newentry" 2220 * case? 2221 * XXX: when we hear an RA from a new router with the link-layer 2222 * address option, defrouter_select() is called twice, since 2223 * defrtrlist_update called the function as well. However, I believe 2224 * we can compromise the overhead, since it only happens the first 2225 * time. 2226 * XXX: although defrouter_select() should not have a bad effect 2227 * for those are not autoconfigured hosts, we explicitly avoid such 2228 * cases for safety. 2229 */ 2230 if (do_update && ln->ln_router && !ip6_forwarding && 2231 nd6_accepts_rtadv(ndi)) 2232 defrouter_select(); 2233 2234 rtfree(rt); 2235 } 2236 2237 static void 2238 nd6_slowtimo(void *ignored_arg) 2239 { 2240 struct nd_ifinfo *nd6if; 2241 struct ifnet *ifp; 2242 2243 mutex_enter(softnet_lock); 2244 KERNEL_LOCK(1, NULL); 2245 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 2246 nd6_slowtimo, NULL); 2247 IFNET_FOREACH(ifp) { 2248 nd6if = ND_IFINFO(ifp); 2249 if (nd6if->basereachable && /* already initialized */ 2250 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 2251 /* 2252 * Since reachable time rarely changes by router 2253 * advertisements, we SHOULD insure that a new random 2254 * value gets recomputed at least once every few hours. 2255 * (RFC 2461, 6.3.4) 2256 */ 2257 nd6if->recalctm = nd6_recalc_reachtm_interval; 2258 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 2259 } 2260 } 2261 KERNEL_UNLOCK_ONE(NULL); 2262 mutex_exit(softnet_lock); 2263 } 2264 2265 /* 2266 * Next hop determination. This routine was derived from ether_output. 2267 */ 2268 static int 2269 nd6_determine_nexthop(struct ifnet *ifp, const struct sockaddr_in6 *dst, 2270 struct rtentry *rt00, struct rtentry **ret_rt, bool *sendpkt) 2271 { 2272 struct rtentry *rt, *rt0; 2273 struct rtentry *gwrt; 2274 struct sockaddr_in6 *gw6; 2275 2276 #define RTFREE_IF_NEEDED(_rt) \ 2277 if ((_rt) != NULL && (_rt) != rt00) \ 2278 rtfree((_rt)); 2279 2280 KASSERT(rt00 != NULL); 2281 2282 rt = rt0 = rt00; 2283 2284 if ((rt->rt_flags & RTF_UP) == 0) { 2285 rt0 = rt = rtalloc1(sin6tocsa(dst), 1); 2286 if (rt == NULL) 2287 goto hostunreach; 2288 if (rt->rt_ifp != ifp) 2289 goto hostunreach; 2290 } 2291 2292 if ((rt->rt_flags & RTF_GATEWAY) == 0) 2293 goto out; 2294 2295 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 2296 2297 /* 2298 * We skip link-layer address resolution and NUD 2299 * if the gateway is not a neighbor from ND point 2300 * of view, regardless of the value of nd_ifinfo.flags. 2301 * The second condition is a bit tricky; we skip 2302 * if the gateway is our own address, which is 2303 * sometimes used to install a route to a p2p link. 2304 */ 2305 if (!nd6_is_addr_neighbor(gw6, ifp) || 2306 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 2307 /* 2308 * We allow this kind of tricky route only 2309 * when the outgoing interface is p2p. 2310 * XXX: we may need a more generic rule here. 2311 */ 2312 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 2313 goto hostunreach; 2314 2315 *sendpkt = true; 2316 goto out; 2317 } 2318 2319 /* Try to use a cached nexthop route (gwroute) if exists */ 2320 gwrt = rt_get_gwroute(rt); 2321 if (gwrt == NULL) 2322 goto lookup; 2323 2324 RTFREE_IF_NEEDED(rt); 2325 rt = gwrt; 2326 if ((rt->rt_flags & RTF_UP) == 0) { 2327 RTFREE_IF_NEEDED(rt); 2328 rt = rt0; 2329 lookup: 2330 /* Look up a nexthop route */ 2331 gwrt = rtalloc1(rt->rt_gateway, 1); 2332 rt_set_gwroute(rt, gwrt); 2333 RTFREE_IF_NEEDED(rt); 2334 rt = gwrt; 2335 if (rt == NULL) 2336 goto hostunreach; 2337 /* the "G" test below also prevents rt == rt0 */ 2338 if ((rt->rt_flags & RTF_GATEWAY) || 2339 (rt->rt_ifp != ifp)) { 2340 if (rt0->rt_gwroute != NULL) 2341 rtfree(rt0->rt_gwroute); 2342 rt0->rt_gwroute = NULL; 2343 goto hostunreach; 2344 } 2345 } 2346 2347 out: 2348 *ret_rt = rt; 2349 return 0; 2350 2351 hostunreach: 2352 RTFREE_IF_NEEDED(rt); 2353 2354 return EHOSTUNREACH; 2355 #undef RTFREE_IF_NEEDED 2356 } 2357 2358 #define senderr(e) { error = (e); goto bad;} 2359 int 2360 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 2361 const struct sockaddr_in6 *dst, struct rtentry *rt0) 2362 { 2363 struct mbuf *m = m0; 2364 struct rtentry *rt = rt0; 2365 struct llentry *ln = NULL; 2366 int error = 0; 2367 2368 #define RTFREE_IF_NEEDED(_rt) \ 2369 if ((_rt) != NULL && (_rt) != rt0) \ 2370 rtfree((_rt)); 2371 2372 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 2373 goto sendpkt; 2374 2375 if (nd6_need_cache(ifp) == 0) 2376 goto sendpkt; 2377 2378 if (rt) { 2379 struct rtentry *nexthop = NULL; 2380 bool sendpkt = false; 2381 2382 error = nd6_determine_nexthop(ifp, dst, rt, &nexthop, &sendpkt); 2383 if (error != 0) 2384 senderr(error); 2385 rt = nexthop; 2386 if (sendpkt) 2387 goto sendpkt; 2388 } 2389 2390 /* 2391 * Address resolution or Neighbor Unreachability Detection 2392 * for the next hop. 2393 * At this point, the destination of the packet must be a unicast 2394 * or an anycast address(i.e. not a multicast). 2395 */ 2396 2397 /* Look up the neighbor cache for the nexthop */ 2398 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) != 0) 2399 ln = rt->rt_llinfo; 2400 else { 2401 /* 2402 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2403 * the condition below is not very efficient. But we believe 2404 * it is tolerable, because this should be a rare case. 2405 */ 2406 if (nd6_is_addr_neighbor(dst, ifp)) { 2407 RTFREE_IF_NEEDED(rt); 2408 rt = nd6_lookup(&dst->sin6_addr, 1, ifp); 2409 if (rt != NULL) 2410 ln = rt->rt_llinfo; 2411 } 2412 } 2413 if (ln == NULL || rt == NULL) { 2414 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 2415 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 2416 log(LOG_DEBUG, 2417 "nd6_output: can't allocate llinfo for %s " 2418 "(ln=%p, rt=%p)\n", 2419 ip6_sprintf(&dst->sin6_addr), ln, rt); 2420 senderr(EIO); /* XXX: good error? */ 2421 } 2422 2423 goto sendpkt; /* send anyway */ 2424 } 2425 2426 /* We don't have to do link-layer address resolution on a p2p link. */ 2427 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 2428 ln->ln_state < ND6_LLINFO_REACHABLE) { 2429 ln->ln_state = ND6_LLINFO_STALE; 2430 nd6_llinfo_settimer(ln, nd6_gctimer * hz); 2431 } 2432 2433 /* 2434 * The first time we send a packet to a neighbor whose entry is 2435 * STALE, we have to change the state to DELAY and a sets a timer to 2436 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2437 * neighbor unreachability detection on expiration. 2438 * (RFC 2461 7.3.3) 2439 */ 2440 if (ln->ln_state == ND6_LLINFO_STALE) { 2441 ln->ln_asked = 0; 2442 ln->ln_state = ND6_LLINFO_DELAY; 2443 nd6_llinfo_settimer(ln, nd6_delay * hz); 2444 } 2445 2446 /* 2447 * If the neighbor cache entry has a state other than INCOMPLETE 2448 * (i.e. its link-layer address is already resolved), just 2449 * send the packet. 2450 */ 2451 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 2452 goto sendpkt; 2453 2454 /* 2455 * There is a neighbor cache entry, but no ethernet address 2456 * response yet. Append this latest packet to the end of the 2457 * packet queue in the mbuf, unless the number of the packet 2458 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, 2459 * the oldest packet in the queue will be removed. 2460 */ 2461 if (ln->ln_state == ND6_LLINFO_NOSTATE) 2462 ln->ln_state = ND6_LLINFO_INCOMPLETE; 2463 if (ln->ln_hold) { 2464 struct mbuf *m_hold; 2465 int i; 2466 2467 i = 0; 2468 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold->m_nextpkt) { 2469 i++; 2470 if (m_hold->m_nextpkt == NULL) { 2471 m_hold->m_nextpkt = m; 2472 break; 2473 } 2474 } 2475 while (i >= nd6_maxqueuelen) { 2476 m_hold = ln->ln_hold; 2477 ln->ln_hold = ln->ln_hold->m_nextpkt; 2478 m_freem(m_hold); 2479 i--; 2480 } 2481 } else { 2482 ln->ln_hold = m; 2483 } 2484 2485 /* 2486 * If there has been no NS for the neighbor after entering the 2487 * INCOMPLETE state, send the first solicitation. 2488 */ 2489 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 2490 struct in6_addr src, *psrc; 2491 2492 ln->ln_asked++; 2493 nd6_llinfo_settimer(ln, 2494 ND_IFINFO(ifp)->retrans * hz / 1000); 2495 psrc = nd6_llinfo_get_holdsrc(ln, &src); 2496 nd6_ns_output(ifp, NULL, &dst->sin6_addr, psrc, 0); 2497 } 2498 error = 0; 2499 goto exit; 2500 2501 sendpkt: 2502 /* discard the packet if IPv6 operation is disabled on the interface */ 2503 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2504 error = ENETDOWN; /* better error? */ 2505 goto bad; 2506 } 2507 2508 #ifndef NET_MPSAFE 2509 KERNEL_LOCK(1, NULL); 2510 #endif 2511 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2512 error = (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt); 2513 else 2514 error = (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt); 2515 #ifndef NET_MPSAFE 2516 KERNEL_UNLOCK_ONE(NULL); 2517 #endif 2518 goto exit; 2519 2520 bad: 2521 if (m != NULL) 2522 m_freem(m); 2523 exit: 2524 RTFREE_IF_NEEDED(rt); 2525 2526 return error; 2527 #undef RTFREE_IF_NEEDED 2528 } 2529 #undef senderr 2530 2531 int 2532 nd6_need_cache(struct ifnet *ifp) 2533 { 2534 /* 2535 * XXX: we currently do not make neighbor cache on any interface 2536 * other than ARCnet, Ethernet, FDDI and GIF. 2537 * 2538 * RFC2893 says: 2539 * - unidirectional tunnels needs no ND 2540 */ 2541 switch (ifp->if_type) { 2542 case IFT_ARCNET: 2543 case IFT_ETHER: 2544 case IFT_FDDI: 2545 case IFT_IEEE1394: 2546 case IFT_CARP: 2547 case IFT_GIF: /* XXX need more cases? */ 2548 case IFT_PPP: 2549 case IFT_TUNNEL: 2550 return 1; 2551 default: 2552 return 0; 2553 } 2554 } 2555 2556 int 2557 nd6_storelladdr(const struct ifnet *ifp, const struct rtentry *rt, 2558 struct mbuf *m, const struct sockaddr *dst, uint8_t *lldst, 2559 size_t dstsize) 2560 { 2561 const struct sockaddr_dl *sdl; 2562 2563 if (m->m_flags & M_MCAST) { 2564 switch (ifp->if_type) { 2565 case IFT_ETHER: 2566 case IFT_FDDI: 2567 ETHER_MAP_IPV6_MULTICAST(&satocsin6(dst)->sin6_addr, 2568 lldst); 2569 return 1; 2570 case IFT_IEEE1394: 2571 memcpy(lldst, ifp->if_broadcastaddr, 2572 MIN(dstsize, ifp->if_addrlen)); 2573 return 1; 2574 case IFT_ARCNET: 2575 *lldst = 0; 2576 return 1; 2577 default: 2578 m_freem(m); 2579 return 0; 2580 } 2581 } 2582 2583 if (rt == NULL) { 2584 /* this could happen, if we could not allocate memory */ 2585 m_freem(m); 2586 return 0; 2587 } 2588 if (rt->rt_gateway->sa_family != AF_LINK) { 2589 char gbuf[256]; 2590 char dbuf[LINK_ADDRSTRLEN]; 2591 sockaddr_format(rt->rt_gateway, gbuf, sizeof(gbuf)); 2592 printf("%s: bad gateway address type %s for dst %s" 2593 " through interface %s\n", __func__, gbuf, 2594 IN6_PRINT(dbuf, &satocsin6(dst)->sin6_addr), 2595 if_name(ifp)); 2596 m_freem(m); 2597 return 0; 2598 } 2599 sdl = satocsdl(rt->rt_gateway); 2600 if (sdl->sdl_alen == 0 || sdl->sdl_alen > dstsize) { 2601 char sbuf[INET6_ADDRSTRLEN]; 2602 char dbuf[LINK_ADDRSTRLEN]; 2603 /* this should be impossible, but we bark here for debugging */ 2604 printf("%s: sdl_alen == %" PRIu8 ", if=%s, dst=%s, sdl=%s\n", 2605 __func__, sdl->sdl_alen, if_name(ifp), 2606 IN6_PRINT(sbuf, &satocsin6(dst)->sin6_addr), 2607 DL_PRINT(dbuf, &sdl->sdl_addr)); 2608 m_freem(m); 2609 return 0; 2610 } 2611 2612 memcpy(lldst, CLLADDR(sdl), MIN(dstsize, sdl->sdl_alen)); 2613 return 1; 2614 } 2615 2616 static void 2617 clear_llinfo_pqueue(struct llentry *ln) 2618 { 2619 struct mbuf *m_hold, *m_hold_next; 2620 2621 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold_next) { 2622 m_hold_next = m_hold->m_nextpkt; 2623 m_hold->m_nextpkt = NULL; 2624 m_freem(m_hold); 2625 } 2626 2627 ln->ln_hold = NULL; 2628 return; 2629 } 2630 2631 int 2632 nd6_sysctl( 2633 int name, 2634 void *oldp, /* syscall arg, need copyout */ 2635 size_t *oldlenp, 2636 void *newp, /* syscall arg, need copyin */ 2637 size_t newlen 2638 ) 2639 { 2640 void *p; 2641 size_t ol; 2642 int error; 2643 2644 error = 0; 2645 2646 if (newp) 2647 return EPERM; 2648 if (oldp && !oldlenp) 2649 return EINVAL; 2650 ol = oldlenp ? *oldlenp : 0; 2651 2652 if (oldp) { 2653 p = malloc(*oldlenp, M_TEMP, M_WAITOK); 2654 if (p == NULL) 2655 return ENOMEM; 2656 } else 2657 p = NULL; 2658 switch (name) { 2659 case ICMPV6CTL_ND6_DRLIST: 2660 error = fill_drlist(p, oldlenp, ol); 2661 if (!error && p != NULL && oldp != NULL) 2662 error = copyout(p, oldp, *oldlenp); 2663 break; 2664 2665 case ICMPV6CTL_ND6_PRLIST: 2666 error = fill_prlist(p, oldlenp, ol); 2667 if (!error && p != NULL && oldp != NULL) 2668 error = copyout(p, oldp, *oldlenp); 2669 break; 2670 2671 case ICMPV6CTL_ND6_MAXQLEN: 2672 break; 2673 2674 default: 2675 error = ENOPROTOOPT; 2676 break; 2677 } 2678 if (p) 2679 free(p, M_TEMP); 2680 2681 return error; 2682 } 2683 2684 static int 2685 fill_drlist(void *oldp, size_t *oldlenp, size_t ol) 2686 { 2687 int error = 0, s; 2688 struct in6_defrouter *d = NULL, *de = NULL; 2689 struct nd_defrouter *dr; 2690 size_t l; 2691 2692 s = splsoftnet(); 2693 2694 if (oldp) { 2695 d = (struct in6_defrouter *)oldp; 2696 de = (struct in6_defrouter *)((char *)oldp + *oldlenp); 2697 } 2698 l = 0; 2699 2700 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 2701 2702 if (oldp && d + 1 <= de) { 2703 memset(d, 0, sizeof(*d)); 2704 sockaddr_in6_init(&d->rtaddr, &dr->rtaddr, 0, 0, 0); 2705 if (sa6_recoverscope(&d->rtaddr)) { 2706 log(LOG_ERR, 2707 "scope error in router list (%s)\n", 2708 ip6_sprintf(&d->rtaddr.sin6_addr)); 2709 /* XXX: press on... */ 2710 } 2711 d->flags = dr->flags; 2712 d->rtlifetime = dr->rtlifetime; 2713 d->expire = dr->expire ? 2714 time_mono_to_wall(dr->expire) : 0; 2715 d->if_index = dr->ifp->if_index; 2716 } 2717 2718 l += sizeof(*d); 2719 if (d) 2720 d++; 2721 } 2722 2723 if (oldp) { 2724 if (l > ol) 2725 error = ENOMEM; 2726 } 2727 if (oldlenp) 2728 *oldlenp = l; /* (void *)d - (void *)oldp */ 2729 2730 splx(s); 2731 2732 return error; 2733 } 2734 2735 static int 2736 fill_prlist(void *oldp, size_t *oldlenp, size_t ol) 2737 { 2738 int error = 0, s; 2739 struct nd_prefix *pr; 2740 uint8_t *p = NULL, *ps = NULL; 2741 uint8_t *pe = NULL; 2742 size_t l; 2743 2744 s = splsoftnet(); 2745 2746 if (oldp) { 2747 ps = p = (uint8_t*)oldp; 2748 pe = (uint8_t*)oldp + *oldlenp; 2749 } 2750 l = 0; 2751 2752 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 2753 u_short advrtrs; 2754 struct sockaddr_in6 sin6; 2755 struct nd_pfxrouter *pfr; 2756 struct in6_prefix pfx; 2757 2758 if (oldp && p + sizeof(struct in6_prefix) <= pe) 2759 { 2760 memset(&pfx, 0, sizeof(pfx)); 2761 ps = p; 2762 pfx.prefix = pr->ndpr_prefix; 2763 2764 if (sa6_recoverscope(&pfx.prefix)) { 2765 log(LOG_ERR, 2766 "scope error in prefix list (%s)\n", 2767 ip6_sprintf(&pfx.prefix.sin6_addr)); 2768 /* XXX: press on... */ 2769 } 2770 pfx.raflags = pr->ndpr_raf; 2771 pfx.prefixlen = pr->ndpr_plen; 2772 pfx.vltime = pr->ndpr_vltime; 2773 pfx.pltime = pr->ndpr_pltime; 2774 pfx.if_index = pr->ndpr_ifp->if_index; 2775 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2776 pfx.expire = 0; 2777 else { 2778 time_t maxexpire; 2779 2780 /* XXX: we assume time_t is signed. */ 2781 maxexpire = (-1) & 2782 ~((time_t)1 << 2783 ((sizeof(maxexpire) * 8) - 1)); 2784 if (pr->ndpr_vltime < 2785 maxexpire - pr->ndpr_lastupdate) { 2786 pfx.expire = pr->ndpr_lastupdate + 2787 pr->ndpr_vltime; 2788 } else 2789 pfx.expire = maxexpire; 2790 } 2791 pfx.refcnt = pr->ndpr_refcnt; 2792 pfx.flags = pr->ndpr_stateflags; 2793 pfx.origin = PR_ORIG_RA; 2794 2795 p += sizeof(pfx); l += sizeof(pfx); 2796 2797 advrtrs = 0; 2798 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2799 if (p + sizeof(sin6) > pe) { 2800 advrtrs++; 2801 continue; 2802 } 2803 2804 sockaddr_in6_init(&sin6, &pfr->router->rtaddr, 2805 0, 0, 0); 2806 if (sa6_recoverscope(&sin6)) { 2807 log(LOG_ERR, 2808 "scope error in " 2809 "prefix list (%s)\n", 2810 ip6_sprintf(&pfr->router->rtaddr)); 2811 } 2812 advrtrs++; 2813 memcpy(p, &sin6, sizeof(sin6)); 2814 p += sizeof(sin6); 2815 l += sizeof(sin6); 2816 } 2817 pfx.advrtrs = advrtrs; 2818 memcpy(ps, &pfx, sizeof(pfx)); 2819 } 2820 else { 2821 l += sizeof(pfx); 2822 advrtrs = 0; 2823 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2824 advrtrs++; 2825 l += sizeof(sin6); 2826 } 2827 } 2828 } 2829 2830 if (oldp) { 2831 *oldlenp = l; /* (void *)d - (void *)oldp */ 2832 if (l > ol) 2833 error = ENOMEM; 2834 } else 2835 *oldlenp = l; 2836 2837 splx(s); 2838 2839 return error; 2840 } 2841
Indexes created Thu Sep 25 08:09:54 GMT 2025