nd6_rtr.c revision 1.95
1 /* $NetBSD: nd6_rtr.c,v 1.95 2014/12/16 11:42:27 roy Exp $ */ 2 /* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.95 2014/12/16 11:42:27 roy Exp $"); 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/time.h> 43 #include <sys/kernel.h> 44 #include <sys/errno.h> 45 #include <sys/ioctl.h> 46 #include <sys/syslog.h> 47 #include <sys/cprng.h> 48 49 #include <net/if.h> 50 #include <net/if_types.h> 51 #include <net/if_dl.h> 52 #include <net/route.h> 53 #include <net/radix.h> 54 55 #include <netinet/in.h> 56 #include <netinet6/in6_var.h> 57 #include <netinet6/in6_ifattach.h> 58 #include <netinet/ip6.h> 59 #include <netinet6/ip6_var.h> 60 #include <netinet6/nd6.h> 61 #include <netinet/icmp6.h> 62 #include <netinet6/icmp6_private.h> 63 #include <netinet6/scope6_var.h> 64 65 #include <net/net_osdep.h> 66 67 static int rtpref(struct nd_defrouter *); 68 static struct nd_defrouter *defrtrlist_update(struct nd_defrouter *); 69 static int prelist_update(struct nd_prefixctl *, struct nd_defrouter *, 70 struct mbuf *, int); 71 static struct in6_ifaddr *in6_ifadd(struct nd_prefixctl *, int); 72 static struct nd_pfxrouter *pfxrtr_lookup(struct nd_prefix *, 73 struct nd_defrouter *); 74 static void pfxrtr_add(struct nd_prefix *, struct nd_defrouter *); 75 static void pfxrtr_del(struct nd_pfxrouter *); 76 static struct nd_pfxrouter *find_pfxlist_reachable_router 77 (struct nd_prefix *); 78 static void defrouter_delreq(struct nd_defrouter *); 79 80 static int in6_init_prefix_ltimes(struct nd_prefix *); 81 static void in6_init_address_ltimes(struct nd_prefix *, 82 struct in6_addrlifetime *); 83 static void purge_detached(struct ifnet *); 84 85 static int rt6_deleteroute(struct rtentry *, void *); 86 87 extern int nd6_recalc_reachtm_interval; 88 89 static struct ifnet *nd6_defifp; 90 int nd6_defifindex; 91 92 int ip6_use_tempaddr = 0; 93 94 int ip6_desync_factor; 95 u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; 96 u_int32_t ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; 97 int ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; 98 99 int nd6_numroutes = 0; 100 101 /* RTPREF_MEDIUM has to be 0! */ 102 #define RTPREF_HIGH 1 103 #define RTPREF_MEDIUM 0 104 #define RTPREF_LOW (-1) 105 #define RTPREF_RESERVED (-2) 106 #define RTPREF_INVALID (-3) /* internal */ 107 108 /* 109 * Receive Router Solicitation Message - just for routers. 110 * Router solicitation/advertisement is mostly managed by a userland program 111 * (rtadvd) so here we have no function like nd6_ra_output(). 112 * 113 * Based on RFC 2461 114 */ 115 void 116 nd6_rs_input(struct mbuf *m, int off, int icmp6len) 117 { 118 struct ifnet *ifp = m->m_pkthdr.rcvif; 119 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 120 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 121 struct nd_router_solicit *nd_rs; 122 struct in6_addr saddr6 = ip6->ip6_src; 123 char *lladdr = NULL; 124 int lladdrlen = 0; 125 union nd_opts ndopts; 126 127 /* If I'm not a router, ignore it. */ 128 if (nd6_accepts_rtadv(ndi) || !ip6_forwarding) 129 goto freeit; 130 131 /* Sanity checks */ 132 if (ip6->ip6_hlim != 255) { 133 nd6log((LOG_ERR, 134 "nd6_rs_input: invalid hlim (%d) from %s to %s on %s\n", 135 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 136 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 137 goto bad; 138 } 139 140 /* 141 * Don't update the neighbor cache, if src = ::. 142 * This indicates that the src has no IP address assigned yet. 143 */ 144 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 145 goto freeit; 146 147 IP6_EXTHDR_GET(nd_rs, struct nd_router_solicit *, m, off, icmp6len); 148 if (nd_rs == NULL) { 149 ICMP6_STATINC(ICMP6_STAT_TOOSHORT); 150 return; 151 } 152 153 icmp6len -= sizeof(*nd_rs); 154 nd6_option_init(nd_rs + 1, icmp6len, &ndopts); 155 if (nd6_options(&ndopts) < 0) { 156 nd6log((LOG_INFO, 157 "nd6_rs_input: invalid ND option, ignored\n")); 158 /* nd6_options have incremented stats */ 159 goto freeit; 160 } 161 162 if (ndopts.nd_opts_src_lladdr) { 163 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 164 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 165 } 166 167 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 168 nd6log((LOG_INFO, 169 "nd6_rs_input: lladdrlen mismatch for %s " 170 "(if %d, RS packet %d)\n", 171 ip6_sprintf(&saddr6), ifp->if_addrlen, lladdrlen - 2)); 172 goto bad; 173 } 174 175 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0); 176 177 freeit: 178 m_freem(m); 179 return; 180 181 bad: 182 ICMP6_STATINC(ICMP6_STAT_BADRS); 183 m_freem(m); 184 } 185 186 /* 187 * Receive Router Advertisement Message. 188 * 189 * Based on RFC 2461 190 * TODO: on-link bit on prefix information 191 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing 192 */ 193 void 194 nd6_ra_input(struct mbuf *m, int off, int icmp6len) 195 { 196 struct ifnet *ifp = m->m_pkthdr.rcvif; 197 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 198 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 199 struct nd_router_advert *nd_ra; 200 struct in6_addr saddr6 = ip6->ip6_src; 201 #if 0 202 struct in6_addr daddr6 = ip6->ip6_dst; 203 int flags; /* = nd_ra->nd_ra_flags_reserved; */ 204 int is_managed = ((flags & ND_RA_FLAG_MANAGED) != 0); 205 int is_other = ((flags & ND_RA_FLAG_OTHER) != 0); 206 #endif 207 int mcast = 0; 208 union nd_opts ndopts; 209 struct nd_defrouter *dr; 210 211 /* 212 * We only accept RAs when 213 * the system-wide variable allows the acceptance, and the 214 * per-interface variable allows RAs on the receiving interface. 215 */ 216 if (!nd6_accepts_rtadv(ndi)) 217 goto freeit; 218 219 if (ip6->ip6_hlim != 255) { 220 nd6log((LOG_ERR, 221 "nd6_ra_input: invalid hlim (%d) from %s to %s on %s\n", 222 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 223 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 224 goto bad; 225 } 226 227 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) { 228 nd6log((LOG_ERR, 229 "nd6_ra_input: src %s is not link-local\n", 230 ip6_sprintf(&saddr6))); 231 goto bad; 232 } 233 234 IP6_EXTHDR_GET(nd_ra, struct nd_router_advert *, m, off, icmp6len); 235 if (nd_ra == NULL) { 236 ICMP6_STATINC(ICMP6_STAT_TOOSHORT); 237 return; 238 } 239 240 icmp6len -= sizeof(*nd_ra); 241 nd6_option_init(nd_ra + 1, icmp6len, &ndopts); 242 if (nd6_options(&ndopts) < 0) { 243 nd6log((LOG_INFO, 244 "nd6_ra_input: invalid ND option, ignored\n")); 245 /* nd6_options have incremented stats */ 246 goto freeit; 247 } 248 249 { 250 struct nd_defrouter drtr; 251 u_int32_t advreachable = nd_ra->nd_ra_reachable; 252 253 /* remember if this is a multicasted advertisement */ 254 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) 255 mcast = 1; 256 257 memset(&drtr, 0, sizeof(drtr)); 258 drtr.rtaddr = saddr6; 259 drtr.flags = nd_ra->nd_ra_flags_reserved; 260 drtr.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime); 261 drtr.expire = time_second + drtr.rtlifetime; 262 drtr.ifp = ifp; 263 /* unspecified or not? (RFC 2461 6.3.4) */ 264 if (advreachable) { 265 NTOHL(advreachable); 266 if (advreachable <= MAX_REACHABLE_TIME && 267 ndi->basereachable != advreachable) { 268 ndi->basereachable = advreachable; 269 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable); 270 ndi->recalctm = nd6_recalc_reachtm_interval; /* reset */ 271 } 272 } 273 if (nd_ra->nd_ra_retransmit) 274 ndi->retrans = ntohl(nd_ra->nd_ra_retransmit); 275 if (nd_ra->nd_ra_curhoplimit) 276 ndi->chlim = nd_ra->nd_ra_curhoplimit; 277 dr = defrtrlist_update(&drtr); 278 } 279 280 /* 281 * prefix 282 */ 283 if (ndopts.nd_opts_pi) { 284 struct nd_opt_hdr *pt; 285 struct nd_opt_prefix_info *pi = NULL; 286 struct nd_prefixctl prc; 287 288 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi; 289 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end; 290 pt = (struct nd_opt_hdr *)((char *)pt + 291 (pt->nd_opt_len << 3))) { 292 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION) 293 continue; 294 pi = (struct nd_opt_prefix_info *)pt; 295 296 if (pi->nd_opt_pi_len != 4) { 297 nd6log((LOG_INFO, 298 "nd6_ra_input: invalid option " 299 "len %d for prefix information option, " 300 "ignored\n", pi->nd_opt_pi_len)); 301 continue; 302 } 303 304 if (128 < pi->nd_opt_pi_prefix_len) { 305 nd6log((LOG_INFO, 306 "nd6_ra_input: invalid prefix " 307 "len %d for prefix information option, " 308 "ignored\n", pi->nd_opt_pi_prefix_len)); 309 continue; 310 } 311 312 if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix) 313 || IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) { 314 nd6log((LOG_INFO, 315 "nd6_ra_input: invalid prefix " 316 "%s, ignored\n", 317 ip6_sprintf(&pi->nd_opt_pi_prefix))); 318 continue; 319 } 320 321 memset(&prc, 0, sizeof(prc)); 322 sockaddr_in6_init(&prc.ndprc_prefix, 323 &pi->nd_opt_pi_prefix, 0, 0, 0); 324 prc.ndprc_ifp = (struct ifnet *)m->m_pkthdr.rcvif; 325 326 prc.ndprc_raf_onlink = (pi->nd_opt_pi_flags_reserved & 327 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0; 328 prc.ndprc_raf_auto = (pi->nd_opt_pi_flags_reserved & 329 ND_OPT_PI_FLAG_AUTO) ? 1 : 0; 330 prc.ndprc_plen = pi->nd_opt_pi_prefix_len; 331 prc.ndprc_vltime = ntohl(pi->nd_opt_pi_valid_time); 332 prc.ndprc_pltime = ntohl(pi->nd_opt_pi_preferred_time); 333 334 (void)prelist_update(&prc, dr, m, mcast); 335 } 336 } 337 338 /* 339 * MTU 340 */ 341 if (ndopts.nd_opts_mtu && ndopts.nd_opts_mtu->nd_opt_mtu_len == 1) { 342 u_long mtu; 343 u_long maxmtu; 344 345 mtu = ntohl(ndopts.nd_opts_mtu->nd_opt_mtu_mtu); 346 347 /* lower bound */ 348 if (mtu < IPV6_MMTU) { 349 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu option " 350 "mtu=%lu sent from %s, ignoring\n", 351 mtu, ip6_sprintf(&ip6->ip6_src))); 352 goto skip; 353 } 354 355 /* upper bound */ 356 maxmtu = (ndi->maxmtu && ndi->maxmtu < ifp->if_mtu) 357 ? ndi->maxmtu : ifp->if_mtu; 358 if (mtu <= maxmtu) { 359 int change = (ndi->linkmtu != mtu); 360 361 ndi->linkmtu = mtu; 362 if (change) /* in6_maxmtu may change */ 363 in6_setmaxmtu(); 364 } else { 365 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu " 366 "mtu=%lu sent from %s; " 367 "exceeds maxmtu %lu, ignoring\n", 368 mtu, ip6_sprintf(&ip6->ip6_src), maxmtu)); 369 } 370 } 371 372 skip: 373 374 /* 375 * Source link layer address 376 */ 377 { 378 char *lladdr = NULL; 379 int lladdrlen = 0; 380 381 if (ndopts.nd_opts_src_lladdr) { 382 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 383 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 384 } 385 386 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 387 nd6log((LOG_INFO, 388 "nd6_ra_input: lladdrlen mismatch for %s " 389 "(if %d, RA packet %d)\n", ip6_sprintf(&saddr6), 390 ifp->if_addrlen, lladdrlen - 2)); 391 goto bad; 392 } 393 394 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_ADVERT, 0); 395 396 /* 397 * Installing a link-layer address might change the state of the 398 * router's neighbor cache, which might also affect our on-link 399 * detection of adveritsed prefixes. 400 */ 401 pfxlist_onlink_check(); 402 } 403 404 freeit: 405 m_freem(m); 406 return; 407 408 bad: 409 ICMP6_STATINC(ICMP6_STAT_BADRA); 410 m_freem(m); 411 } 412 413 /* 414 * default router list processing sub routines 415 */ 416 417 /* tell the change to user processes watching the routing socket. */ 418 void 419 nd6_rtmsg(int cmd, struct rtentry *rt) 420 { 421 struct rt_addrinfo info; 422 423 memset((void *)&info, 0, sizeof(info)); 424 info.rti_info[RTAX_DST] = rt_getkey(rt); 425 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 426 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 427 if (rt->rt_ifp) { 428 info.rti_info[RTAX_IFP] = rt->rt_ifp->if_dl->ifa_addr; 429 info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; 430 } 431 432 rt_missmsg(cmd, &info, rt->rt_flags, 0); 433 } 434 435 void 436 defrouter_addreq(struct nd_defrouter *newdr) 437 { 438 union { 439 struct sockaddr_in6 sin6; 440 struct sockaddr sa; 441 } def, mask, gate; 442 struct rtentry *newrt = NULL; 443 int s; 444 int error; 445 446 memset(&def, 0, sizeof(def)); 447 memset(&mask, 0, sizeof(mask)); 448 memset(&gate, 0,sizeof(gate)); /* for safety */ 449 450 def.sin6.sin6_len = mask.sin6.sin6_len = gate.sin6.sin6_len = 451 sizeof(struct sockaddr_in6); 452 def.sin6.sin6_family = mask.sin6.sin6_family = gate.sin6.sin6_family = AF_INET6; 453 gate.sin6.sin6_addr = newdr->rtaddr; 454 #ifndef SCOPEDROUTING 455 gate.sin6.sin6_scope_id = 0; /* XXX */ 456 #endif 457 458 s = splsoftnet(); 459 error = rtrequest(RTM_ADD, &def.sa, &gate.sa, &mask.sa, 460 RTF_GATEWAY, &newrt); 461 if (newrt) { 462 nd6_rtmsg(RTM_ADD, newrt); /* tell user process */ 463 newrt->rt_refcnt--; 464 nd6_numroutes++; 465 } 466 if (error == 0) 467 newdr->installed = 1; 468 splx(s); 469 return; 470 } 471 472 struct nd_defrouter * 473 defrouter_lookup(const struct in6_addr *addr, struct ifnet *ifp) 474 { 475 struct nd_defrouter *dr; 476 477 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 478 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr)) 479 break; 480 } 481 482 return dr; /* search failed */ 483 } 484 485 void 486 defrtrlist_del(struct nd_defrouter *dr) 487 { 488 struct nd_ifinfo *ndi = ND_IFINFO(dr->ifp); 489 struct nd_defrouter *deldr = NULL; 490 struct nd_prefix *pr; 491 struct in6_ifextra *ext = dr->ifp->if_afdata[AF_INET6]; 492 493 /* 494 * Flush all the routing table entries that use the router 495 * as a next hop. 496 */ 497 /* XXX: better condition? */ 498 if (!ip6_forwarding && nd6_accepts_rtadv(ndi)) 499 rt6_flush(&dr->rtaddr, dr->ifp); 500 501 if (dr->installed) { 502 deldr = dr; 503 defrouter_delreq(dr); 504 } 505 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 506 507 /* 508 * Also delete all the pointers to the router in each prefix lists. 509 */ 510 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 511 struct nd_pfxrouter *pfxrtr; 512 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL) 513 pfxrtr_del(pfxrtr); 514 } 515 pfxlist_onlink_check(); 516 517 /* 518 * If the router is the primary one, choose a new one. 519 * Note that defrouter_select() will remove the current gateway 520 * from the routing table. 521 */ 522 if (deldr) 523 defrouter_select(); 524 525 ext->ndefrouters--; 526 if (ext->ndefrouters < 0) { 527 log(LOG_WARNING, "defrtrlist_del: negative count on %s\n", 528 dr->ifp->if_xname); 529 } 530 531 free(dr, M_IP6NDP); 532 } 533 534 /* 535 * Remove the default route for a given router. 536 * This is just a subroutine function for defrouter_select(), and should 537 * not be called from anywhere else. 538 */ 539 static void 540 defrouter_delreq(struct nd_defrouter *dr) 541 { 542 union { 543 struct sockaddr_in6 sin6; 544 struct sockaddr sa; 545 } def, mask, gw; 546 struct rtentry *oldrt = NULL; 547 548 #ifdef DIAGNOSTIC 549 if (dr == NULL) 550 panic("dr == NULL in defrouter_delreq"); 551 #endif 552 553 memset(&def, 0, sizeof(def)); 554 memset(&mask, 0, sizeof(mask)); 555 memset(&gw, 0, sizeof(gw)); /* for safety */ 556 557 def.sin6.sin6_len = mask.sin6.sin6_len = gw.sin6.sin6_len = 558 sizeof(struct sockaddr_in6); 559 def.sin6.sin6_family = mask.sin6.sin6_family = gw.sin6.sin6_family = AF_INET6; 560 gw.sin6.sin6_addr = dr->rtaddr; 561 #ifndef SCOPEDROUTING 562 gw.sin6.sin6_scope_id = 0; /* XXX */ 563 #endif 564 565 rtrequest(RTM_DELETE, &def.sa, &gw.sa, &mask.sa, RTF_GATEWAY, &oldrt); 566 if (oldrt) { 567 nd6_rtmsg(RTM_DELETE, oldrt); 568 if (oldrt->rt_refcnt <= 0) { 569 /* 570 * XXX: borrowed from the RTM_DELETE case of 571 * rtrequest(). 572 */ 573 oldrt->rt_refcnt++; 574 rtfree(oldrt); 575 nd6_numroutes--; 576 } 577 } 578 579 dr->installed = 0; 580 } 581 582 /* 583 * remove all default routes from default router list 584 */ 585 void 586 defrouter_reset(void) 587 { 588 struct nd_defrouter *dr; 589 590 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 591 dr = TAILQ_NEXT(dr, dr_entry)) 592 defrouter_delreq(dr); 593 594 /* 595 * XXX should we also nuke any default routers in the kernel, by 596 * going through them by rtalloc1()? 597 */ 598 } 599 600 /* 601 * Default Router Selection according to Section 6.3.6 of RFC 2461 and 602 * draft-ietf-ipngwg-router-selection: 603 * 1) Routers that are reachable or probably reachable should be preferred. 604 * If we have more than one (probably) reachable router, prefer ones 605 * with the highest router preference. 606 * 2) When no routers on the list are known to be reachable or 607 * probably reachable, routers SHOULD be selected in a round-robin 608 * fashion, regardless of router preference values. 609 * 3) If the Default Router List is empty, assume that all 610 * destinations are on-link. 611 * 612 * We assume nd_defrouter is sorted by router preference value. 613 * Since the code below covers both with and without router preference cases, 614 * we do not need to classify the cases by ifdef. 615 * 616 * At this moment, we do not try to install more than one default router, 617 * even when the multipath routing is available, because we're not sure about 618 * the benefits for stub hosts comparing to the risk of making the code 619 * complicated and the possibility of introducing bugs. 620 */ 621 void 622 defrouter_select(void) 623 { 624 struct nd_ifinfo *ndi; 625 int s = splsoftnet(); 626 struct nd_defrouter *dr, *selected_dr = NULL, *installed_dr = NULL; 627 struct rtentry *rt = NULL; 628 struct llinfo_nd6 *ln = NULL; 629 630 /* 631 * This function should be called only when acting as an autoconfigured 632 * host. Although the remaining part of this function is not effective 633 * if the node is not an autoconfigured host, we explicitly exclude 634 * such cases here for safety. 635 */ 636 if (ip6_forwarding) { 637 nd6log((LOG_WARNING, 638 "defrouter_select: called unexpectedly (forwarding=%d, " 639 "accept_rtadv=%d)\n", ip6_forwarding, ip6_accept_rtadv)); 640 splx(s); 641 return; 642 } 643 644 /* 645 * Let's handle easy case (3) first: 646 * If default router list is empty, there's nothing to be done. 647 */ 648 if (!TAILQ_FIRST(&nd_defrouter)) { 649 splx(s); 650 return; 651 } 652 653 /* 654 * Search for a (probably) reachable router from the list. 655 * We just pick up the first reachable one (if any), assuming that 656 * the ordering rule of the list described in defrtrlist_update(). 657 */ 658 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 659 dr = TAILQ_NEXT(dr, dr_entry)) { 660 ndi = ND_IFINFO(dr->ifp); 661 if (nd6_accepts_rtadv(ndi)) 662 continue; 663 664 if (selected_dr == NULL && 665 (rt = nd6_lookup(&dr->rtaddr, 0, dr->ifp)) != NULL && 666 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) != NULL && 667 ND6_IS_LLINFO_PROBREACH(ln)) { 668 selected_dr = dr; 669 } 670 671 if (dr->installed && !installed_dr) 672 installed_dr = dr; 673 else if (dr->installed && installed_dr) { 674 /* this should not happen. warn for diagnosis. */ 675 log(LOG_ERR, "defrouter_select: more than one router" 676 " is installed\n"); 677 } 678 } 679 /* 680 * If none of the default routers was found to be reachable, 681 * round-robin the list regardless of preference. 682 * Otherwise, if we have an installed router, check if the selected 683 * (reachable) router should really be preferred to the installed one. 684 * We only prefer the new router when the old one is not reachable 685 * or when the new one has a really higher preference value. 686 */ 687 if (selected_dr == NULL) { 688 if (installed_dr == NULL || !TAILQ_NEXT(installed_dr, dr_entry)) 689 selected_dr = TAILQ_FIRST(&nd_defrouter); 690 else 691 selected_dr = TAILQ_NEXT(installed_dr, dr_entry); 692 } else if (installed_dr && 693 (rt = nd6_lookup(&installed_dr->rtaddr, 0, installed_dr->ifp)) && 694 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) && 695 ND6_IS_LLINFO_PROBREACH(ln) && 696 rtpref(selected_dr) <= rtpref(installed_dr)) { 697 selected_dr = installed_dr; 698 } 699 700 /* 701 * If the selected router is different than the installed one, 702 * remove the installed router and install the selected one. 703 * Note that the selected router is never NULL here. 704 */ 705 if (installed_dr != selected_dr) { 706 if (installed_dr) 707 defrouter_delreq(installed_dr); 708 defrouter_addreq(selected_dr); 709 } 710 711 splx(s); 712 return; 713 } 714 715 /* 716 * for default router selection 717 * regards router-preference field as a 2-bit signed integer 718 */ 719 static int 720 rtpref(struct nd_defrouter *dr) 721 { 722 switch (dr->flags & ND_RA_FLAG_RTPREF_MASK) { 723 case ND_RA_FLAG_RTPREF_HIGH: 724 return (RTPREF_HIGH); 725 case ND_RA_FLAG_RTPREF_MEDIUM: 726 case ND_RA_FLAG_RTPREF_RSV: 727 return (RTPREF_MEDIUM); 728 case ND_RA_FLAG_RTPREF_LOW: 729 return (RTPREF_LOW); 730 default: 731 /* 732 * This case should never happen. If it did, it would mean a 733 * serious bug of kernel internal. We thus always bark here. 734 * Or, can we even panic? 735 */ 736 log(LOG_ERR, "rtpref: impossible RA flag %x\n", dr->flags); 737 return (RTPREF_INVALID); 738 } 739 /* NOTREACHED */ 740 } 741 742 static struct nd_defrouter * 743 defrtrlist_update(struct nd_defrouter *newdr) 744 { 745 struct nd_defrouter *dr, *n; 746 struct in6_ifextra *ext = newdr->ifp->if_afdata[AF_INET6]; 747 int s = splsoftnet(); 748 749 if ((dr = defrouter_lookup(&newdr->rtaddr, newdr->ifp)) != NULL) { 750 /* entry exists */ 751 if (newdr->rtlifetime == 0) { 752 defrtrlist_del(dr); 753 dr = NULL; 754 } else { 755 int oldpref = rtpref(dr); 756 757 /* override */ 758 dr->flags = newdr->flags; /* xxx flag check */ 759 dr->rtlifetime = newdr->rtlifetime; 760 dr->expire = newdr->expire; 761 762 /* 763 * If the preference does not change, there's no need 764 * to sort the entries. 765 */ 766 if (rtpref(newdr) == oldpref) { 767 splx(s); 768 return (dr); 769 } 770 771 /* 772 * preferred router may be changed, so relocate 773 * this router. 774 * XXX: calling TAILQ_REMOVE directly is a bad manner. 775 * However, since defrtrlist_del() has many side 776 * effects, we intentionally do so here. 777 * defrouter_select() below will handle routing 778 * changes later. 779 */ 780 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 781 n = dr; 782 goto insert; 783 } 784 splx(s); 785 return (dr); 786 } 787 788 if (ip6_maxifdefrouters >= 0 && 789 ext->ndefrouters >= ip6_maxifdefrouters) { 790 splx(s); 791 return (NULL); 792 } 793 794 /* entry does not exist */ 795 if (newdr->rtlifetime == 0) { 796 splx(s); 797 return (NULL); 798 } 799 800 if (ip6_rtadv_maxroutes <= nd6_numroutes) { 801 ICMP6_STATINC(ICMP6_STAT_DROPPED_RAROUTE); 802 splx(s); 803 return (NULL); 804 } 805 806 n = (struct nd_defrouter *)malloc(sizeof(*n), M_IP6NDP, M_NOWAIT); 807 if (n == NULL) { 808 splx(s); 809 return (NULL); 810 } 811 memset(n, 0, sizeof(*n)); 812 *n = *newdr; 813 814 insert: 815 /* 816 * Insert the new router in the Default Router List; 817 * The Default Router List should be in the descending order 818 * of router-preferece. Routers with the same preference are 819 * sorted in the arriving time order. 820 */ 821 822 /* insert at the end of the group */ 823 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 824 dr = TAILQ_NEXT(dr, dr_entry)) { 825 if (rtpref(n) > rtpref(dr)) 826 break; 827 } 828 if (dr) 829 TAILQ_INSERT_BEFORE(dr, n, dr_entry); 830 else 831 TAILQ_INSERT_TAIL(&nd_defrouter, n, dr_entry); 832 833 defrouter_select(); 834 835 ext->ndefrouters++; 836 837 splx(s); 838 839 return (n); 840 } 841 842 static struct nd_pfxrouter * 843 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr) 844 { 845 struct nd_pfxrouter *search; 846 847 LIST_FOREACH(search, &pr->ndpr_advrtrs, pfr_entry) { 848 if (search->router == dr) 849 break; 850 } 851 852 return (search); 853 } 854 855 static void 856 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr) 857 { 858 struct nd_pfxrouter *newpfr; 859 860 newpfr = malloc(sizeof(*newpfr), M_IP6NDP, M_NOWAIT|M_ZERO); 861 if (newpfr == NULL) 862 return; 863 newpfr->router = dr; 864 865 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, newpfr, pfr_entry); 866 867 pfxlist_onlink_check(); 868 } 869 870 static void 871 pfxrtr_del(struct nd_pfxrouter *pfr) 872 { 873 LIST_REMOVE(pfr, pfr_entry); 874 free(pfr, M_IP6NDP); 875 } 876 877 struct nd_prefix * 878 nd6_prefix_lookup(struct nd_prefixctl *key) 879 { 880 struct nd_prefix *search; 881 882 LIST_FOREACH(search, &nd_prefix, ndpr_entry) { 883 if (key->ndprc_ifp == search->ndpr_ifp && 884 key->ndprc_plen == search->ndpr_plen && 885 in6_are_prefix_equal(&key->ndprc_prefix.sin6_addr, 886 &search->ndpr_prefix.sin6_addr, key->ndprc_plen)) { 887 break; 888 } 889 } 890 891 return (search); 892 } 893 894 static void 895 purge_detached(struct ifnet *ifp) 896 { 897 struct nd_prefix *pr, *pr_next; 898 struct in6_ifaddr *ia; 899 struct ifaddr *ifa, *ifa_next; 900 901 for (pr = nd_prefix.lh_first; pr; pr = pr_next) { 902 pr_next = pr->ndpr_next; 903 904 /* 905 * This function is called when we need to make more room for 906 * new prefixes rather than keeping old, possibly stale ones. 907 * Detached prefixes would be a good candidate; if all routers 908 * that advertised the prefix expired, the prefix is also 909 * probably stale. 910 */ 911 if (pr->ndpr_ifp != ifp || 912 IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) || 913 ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 && 914 !LIST_EMPTY(&pr->ndpr_advrtrs))) 915 continue; 916 917 IFADDR_FOREACH_SAFE(ifa, ifp, ifa_next) { 918 if (ifa->ifa_addr->sa_family != AF_INET6) 919 continue; 920 ia = (struct in6_ifaddr *)ifa; 921 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 922 IN6_IFF_AUTOCONF && ia->ia6_ndpr == pr) { 923 in6_purgeaddr(ifa); 924 } 925 } 926 if (pr->ndpr_refcnt == 0) 927 prelist_remove(pr); 928 } 929 } 930 int 931 nd6_prelist_add(struct nd_prefixctl *prc, struct nd_defrouter *dr, 932 struct nd_prefix **newp) 933 { 934 struct nd_prefix *newpr = NULL; 935 int i, s; 936 int error; 937 struct in6_ifextra *ext = prc->ndprc_ifp->if_afdata[AF_INET6]; 938 939 if (ip6_maxifprefixes >= 0) { 940 if (ext->nprefixes >= ip6_maxifprefixes / 2) 941 purge_detached(prc->ndprc_ifp); 942 if (ext->nprefixes >= ip6_maxifprefixes) 943 return ENOMEM; 944 } 945 946 error = 0; 947 newpr = malloc(sizeof(*newpr), M_IP6NDP, M_NOWAIT|M_ZERO); 948 if (newpr == NULL) 949 return ENOMEM; 950 newpr->ndpr_ifp = prc->ndprc_ifp; 951 newpr->ndpr_prefix = prc->ndprc_prefix; 952 newpr->ndpr_plen = prc->ndprc_plen; 953 newpr->ndpr_vltime = prc->ndprc_vltime; 954 newpr->ndpr_pltime = prc->ndprc_pltime; 955 newpr->ndpr_flags = prc->ndprc_flags; 956 if ((error = in6_init_prefix_ltimes(newpr)) != 0) { 957 free(newpr, M_IP6NDP); 958 return(error); 959 } 960 newpr->ndpr_lastupdate = time_second; 961 if (newp != NULL) 962 *newp = newpr; 963 964 /* initialization */ 965 LIST_INIT(&newpr->ndpr_advrtrs); 966 in6_prefixlen2mask(&newpr->ndpr_mask, newpr->ndpr_plen); 967 /* make prefix in the canonical form */ 968 for (i = 0; i < 4; i++) { 969 newpr->ndpr_prefix.sin6_addr.s6_addr32[i] &= 970 newpr->ndpr_mask.s6_addr32[i]; 971 } 972 973 s = splsoftnet(); 974 /* link ndpr_entry to nd_prefix list */ 975 LIST_INSERT_HEAD(&nd_prefix, newpr, ndpr_entry); 976 splx(s); 977 978 /* ND_OPT_PI_FLAG_ONLINK processing */ 979 if (newpr->ndpr_raf_onlink) { 980 int e; 981 982 if ((e = nd6_prefix_onlink(newpr)) != 0) { 983 nd6log((LOG_ERR, "nd6_prelist_add: failed to make " 984 "the prefix %s/%d on-link on %s (errno=%d)\n", 985 ip6_sprintf(&prc->ndprc_prefix.sin6_addr), 986 prc->ndprc_plen, if_name(prc->ndprc_ifp), e)); 987 /* proceed anyway. XXX: is it correct? */ 988 } 989 } 990 991 if (dr) 992 pfxrtr_add(newpr, dr); 993 994 ext->nprefixes++; 995 996 return 0; 997 } 998 999 void 1000 prelist_remove(struct nd_prefix *pr) 1001 { 1002 struct nd_pfxrouter *pfr, *next; 1003 int e, s; 1004 struct in6_ifextra *ext = pr->ndpr_ifp->if_afdata[AF_INET6]; 1005 1006 /* make sure to invalidate the prefix until it is really freed. */ 1007 pr->ndpr_vltime = 0; 1008 pr->ndpr_pltime = 0; 1009 #if 0 1010 /* 1011 * Though these flags are now meaningless, we'd rather keep the value 1012 * not to confuse users when executing "ndp -p". 1013 */ 1014 pr->ndpr_raf_onlink = 0; 1015 pr->ndpr_raf_auto = 0; 1016 #endif 1017 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0 && 1018 (e = nd6_prefix_offlink(pr)) != 0) { 1019 nd6log((LOG_ERR, "prelist_remove: failed to make %s/%d offlink " 1020 "on %s, errno=%d\n", 1021 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1022 pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); 1023 /* what should we do? */ 1024 } 1025 1026 if (pr->ndpr_refcnt > 0) 1027 return; /* notice here? */ 1028 1029 s = splsoftnet(); 1030 /* unlink ndpr_entry from nd_prefix list */ 1031 LIST_REMOVE(pr, ndpr_entry); 1032 1033 /* free list of routers that adversed the prefix */ 1034 for (pfr = LIST_FIRST(&pr->ndpr_advrtrs); pfr != NULL; pfr = next) { 1035 next = LIST_NEXT(pfr, pfr_entry); 1036 1037 free(pfr, M_IP6NDP); 1038 } 1039 1040 if (ext) { 1041 ext->nprefixes--; 1042 if (ext->nprefixes < 0) { 1043 log(LOG_WARNING, "prelist_remove: negative count on " 1044 "%s\n", pr->ndpr_ifp->if_xname); 1045 } 1046 } 1047 splx(s); 1048 1049 free(pr, M_IP6NDP); 1050 1051 pfxlist_onlink_check(); 1052 } 1053 1054 static int 1055 prelist_update(struct nd_prefixctl *newprc, 1056 struct nd_defrouter *dr, /* may be NULL */ 1057 struct mbuf *m, 1058 int mcast) 1059 { 1060 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL; 1061 struct ifaddr *ifa; 1062 struct ifnet *ifp = newprc->ndprc_ifp; 1063 struct nd_prefix *pr; 1064 int s = splsoftnet(); 1065 int error = 0; 1066 int auth; 1067 struct in6_addrlifetime lt6_tmp; 1068 1069 auth = 0; 1070 if (m) { 1071 /* 1072 * Authenticity for NA consists authentication for 1073 * both IP header and IP datagrams, doesn't it ? 1074 */ 1075 #if defined(M_AUTHIPHDR) && defined(M_AUTHIPDGM) 1076 auth = (m->m_flags & M_AUTHIPHDR 1077 && m->m_flags & M_AUTHIPDGM) ? 1 : 0; 1078 #endif 1079 } 1080 1081 if ((pr = nd6_prefix_lookup(newprc)) != NULL) { 1082 /* 1083 * nd6_prefix_lookup() ensures that pr and newprc have the same 1084 * prefix on a same interface. 1085 */ 1086 1087 /* 1088 * Update prefix information. Note that the on-link (L) bit 1089 * and the autonomous (A) bit should NOT be changed from 1 1090 * to 0. 1091 */ 1092 if (newprc->ndprc_raf_onlink == 1) 1093 pr->ndpr_raf_onlink = 1; 1094 if (newprc->ndprc_raf_auto == 1) 1095 pr->ndpr_raf_auto = 1; 1096 if (newprc->ndprc_raf_onlink) { 1097 pr->ndpr_vltime = newprc->ndprc_vltime; 1098 pr->ndpr_pltime = newprc->ndprc_pltime; 1099 (void)in6_init_prefix_ltimes(pr); /* XXX error case? */ 1100 pr->ndpr_lastupdate = time_second; 1101 } 1102 1103 if (newprc->ndprc_raf_onlink && 1104 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0) { 1105 int e; 1106 1107 if ((e = nd6_prefix_onlink(pr)) != 0) { 1108 nd6log((LOG_ERR, 1109 "prelist_update: failed to make " 1110 "the prefix %s/%d on-link on %s " 1111 "(errno=%d)\n", 1112 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1113 pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); 1114 /* proceed anyway. XXX: is it correct? */ 1115 } 1116 } 1117 1118 if (dr && pfxrtr_lookup(pr, dr) == NULL) 1119 pfxrtr_add(pr, dr); 1120 } else { 1121 struct nd_prefix *newpr = NULL; 1122 1123 if (newprc->ndprc_vltime == 0) 1124 goto end; 1125 if (newprc->ndprc_raf_onlink == 0 && newprc->ndprc_raf_auto == 0) 1126 goto end; 1127 1128 if (ip6_rtadv_maxroutes <= nd6_numroutes) { 1129 ICMP6_STATINC(ICMP6_STAT_DROPPED_RAROUTE); 1130 goto end; 1131 } 1132 1133 error = nd6_prelist_add(newprc, dr, &newpr); 1134 if (error != 0 || newpr == NULL) { 1135 nd6log((LOG_NOTICE, "prelist_update: " 1136 "nd6_prelist_add failed for %s/%d on %s " 1137 "errno=%d, returnpr=%p\n", 1138 ip6_sprintf(&newprc->ndprc_prefix.sin6_addr), 1139 newprc->ndprc_plen, if_name(newprc->ndprc_ifp), 1140 error, newpr)); 1141 goto end; /* we should just give up in this case. */ 1142 } 1143 1144 /* 1145 * XXX: from the ND point of view, we can ignore a prefix 1146 * with the on-link bit being zero. However, we need a 1147 * prefix structure for references from autoconfigured 1148 * addresses. Thus, we explicitly make sure that the prefix 1149 * itself expires now. 1150 */ 1151 if (newpr->ndpr_raf_onlink == 0) { 1152 newpr->ndpr_vltime = 0; 1153 newpr->ndpr_pltime = 0; 1154 in6_init_prefix_ltimes(newpr); 1155 } 1156 1157 pr = newpr; 1158 } 1159 1160 /* 1161 * Address autoconfiguration based on Section 5.5.3 of RFC 2462. 1162 * Note that pr must be non NULL at this point. 1163 */ 1164 1165 /* 5.5.3 (a). Ignore the prefix without the A bit set. */ 1166 if (!newprc->ndprc_raf_auto) 1167 goto end; 1168 1169 /* 1170 * 5.5.3 (b). the link-local prefix should have been ignored in 1171 * nd6_ra_input. 1172 */ 1173 1174 /* 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. */ 1175 if (newprc->ndprc_pltime > newprc->ndprc_vltime) { 1176 error = EINVAL; /* XXX: won't be used */ 1177 goto end; 1178 } 1179 1180 /* 1181 * 5.5.3 (d). If the prefix advertised is not equal to the prefix of 1182 * an address configured by stateless autoconfiguration already in the 1183 * list of addresses associated with the interface, and the Valid 1184 * Lifetime is not 0, form an address. We first check if we have 1185 * a matching prefix. 1186 * Note: we apply a clarification in rfc2462bis-02 here. We only 1187 * consider autoconfigured addresses while RFC2462 simply said 1188 * "address". 1189 */ 1190 IFADDR_FOREACH(ifa, ifp) { 1191 struct in6_ifaddr *ifa6; 1192 u_int32_t remaininglifetime; 1193 1194 if (ifa->ifa_addr->sa_family != AF_INET6) 1195 continue; 1196 1197 ifa6 = (struct in6_ifaddr *)ifa; 1198 1199 /* 1200 * We only consider autoconfigured addresses as per rfc2462bis. 1201 */ 1202 if (!(ifa6->ia6_flags & IN6_IFF_AUTOCONF)) 1203 continue; 1204 1205 /* 1206 * Spec is not clear here, but I believe we should concentrate 1207 * on unicast (i.e. not anycast) addresses. 1208 * XXX: other ia6_flags? detached or duplicated? 1209 */ 1210 if ((ifa6->ia6_flags & IN6_IFF_ANYCAST) != 0) 1211 continue; 1212 1213 /* 1214 * Ignore the address if it is not associated with a prefix 1215 * or is associated with a prefix that is different from this 1216 * one. (pr is never NULL here) 1217 */ 1218 if (ifa6->ia6_ndpr != pr) 1219 continue; 1220 1221 if (ia6_match == NULL) /* remember the first one */ 1222 ia6_match = ifa6; 1223 1224 /* 1225 * An already autoconfigured address matched. Now that we 1226 * are sure there is at least one matched address, we can 1227 * proceed to 5.5.3. (e): update the lifetimes according to the 1228 * "two hours" rule and the privacy extension. 1229 * We apply some clarifications in rfc2462bis: 1230 * - use remaininglifetime instead of storedlifetime as a 1231 * variable name 1232 * - remove the dead code in the "two-hour" rule 1233 */ 1234 #define TWOHOUR (120*60) 1235 lt6_tmp = ifa6->ia6_lifetime; 1236 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME) 1237 remaininglifetime = ND6_INFINITE_LIFETIME; 1238 else if (time_second - ifa6->ia6_updatetime > 1239 lt6_tmp.ia6t_vltime) { 1240 /* 1241 * The case of "invalid" address. We should usually 1242 * not see this case. 1243 */ 1244 remaininglifetime = 0; 1245 } else 1246 remaininglifetime = lt6_tmp.ia6t_vltime - 1247 (time_second - ifa6->ia6_updatetime); 1248 1249 /* when not updating, keep the current stored lifetime. */ 1250 lt6_tmp.ia6t_vltime = remaininglifetime; 1251 1252 if (TWOHOUR < newprc->ndprc_vltime || 1253 remaininglifetime < newprc->ndprc_vltime) { 1254 lt6_tmp.ia6t_vltime = newprc->ndprc_vltime; 1255 } else if (remaininglifetime <= TWOHOUR) { 1256 if (auth) 1257 lt6_tmp.ia6t_vltime = newprc->ndprc_vltime; 1258 } else { 1259 /* 1260 * newprc->ndprc_vltime <= TWOHOUR && 1261 * TWOHOUR < remaininglifetime 1262 */ 1263 lt6_tmp.ia6t_vltime = TWOHOUR; 1264 } 1265 1266 /* The 2 hour rule is not imposed for preferred lifetime. */ 1267 lt6_tmp.ia6t_pltime = newprc->ndprc_pltime; 1268 1269 in6_init_address_ltimes(pr, <6_tmp); 1270 1271 /* 1272 * We need to treat lifetimes for temporary addresses 1273 * differently, according to 1274 * draft-ietf-ipv6-privacy-addrs-v2-01.txt 3.3 (1); 1275 * we only update the lifetimes when they are in the maximum 1276 * intervals. 1277 */ 1278 if ((ifa6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 1279 u_int32_t maxvltime, maxpltime; 1280 1281 if (ip6_temp_valid_lifetime > 1282 (u_int32_t)((time_second - ifa6->ia6_createtime) + 1283 ip6_desync_factor)) { 1284 maxvltime = ip6_temp_valid_lifetime - 1285 (time_second - ifa6->ia6_createtime) - 1286 ip6_desync_factor; 1287 } else 1288 maxvltime = 0; 1289 if (ip6_temp_preferred_lifetime > 1290 (u_int32_t)((time_second - ifa6->ia6_createtime) + 1291 ip6_desync_factor)) { 1292 maxpltime = ip6_temp_preferred_lifetime - 1293 (time_second - ifa6->ia6_createtime) - 1294 ip6_desync_factor; 1295 } else 1296 maxpltime = 0; 1297 1298 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME || 1299 lt6_tmp.ia6t_vltime > maxvltime) { 1300 lt6_tmp.ia6t_vltime = maxvltime; 1301 } 1302 if (lt6_tmp.ia6t_pltime == ND6_INFINITE_LIFETIME || 1303 lt6_tmp.ia6t_pltime > maxpltime) { 1304 lt6_tmp.ia6t_pltime = maxpltime; 1305 } 1306 } 1307 1308 ifa6->ia6_lifetime = lt6_tmp; 1309 ifa6->ia6_updatetime = time_second; 1310 } 1311 if (ia6_match == NULL && newprc->ndprc_vltime) { 1312 int ifidlen; 1313 1314 /* 1315 * 5.5.3 (d) (continued) 1316 * No address matched and the valid lifetime is non-zero. 1317 * Create a new address. 1318 */ 1319 1320 /* 1321 * Prefix Length check: 1322 * If the sum of the prefix length and interface identifier 1323 * length does not equal 128 bits, the Prefix Information 1324 * option MUST be ignored. The length of the interface 1325 * identifier is defined in a separate link-type specific 1326 * document. 1327 */ 1328 ifidlen = in6_if2idlen(ifp); 1329 if (ifidlen < 0) { 1330 /* this should not happen, so we always log it. */ 1331 log(LOG_ERR, "prelist_update: IFID undefined (%s)\n", 1332 if_name(ifp)); 1333 goto end; 1334 } 1335 if (ifidlen + pr->ndpr_plen != 128) { 1336 nd6log((LOG_INFO, 1337 "prelist_update: invalid prefixlen " 1338 "%d for %s, ignored\n", 1339 pr->ndpr_plen, if_name(ifp))); 1340 goto end; 1341 } 1342 1343 if ((ia6 = in6_ifadd(newprc, mcast)) != NULL) { 1344 /* 1345 * note that we should use pr (not newprc) for reference. 1346 */ 1347 pr->ndpr_refcnt++; 1348 ia6->ia6_ndpr = pr; 1349 1350 /* 1351 * draft-ietf-ipngwg-temp-addresses-v2-00 3.3 (2). 1352 * When a new public address is created as described 1353 * in RFC2462, also create a new temporary address. 1354 * 1355 * draft-ietf-ipngwg-temp-addresses-v2-00 3.5. 1356 * When an interface connects to a new link, a new 1357 * randomized interface identifier should be generated 1358 * immediately together with a new set of temporary 1359 * addresses. Thus, we specifiy 1 as the 2nd arg of 1360 * in6_tmpifadd(). 1361 */ 1362 if (ip6_use_tempaddr) { 1363 int e; 1364 if ((e = in6_tmpifadd(ia6, 1, 1)) != 0) { 1365 nd6log((LOG_NOTICE, "prelist_update: " 1366 "failed to create a temporary " 1367 "address, errno=%d\n", 1368 e)); 1369 } 1370 } 1371 1372 /* 1373 * A newly added address might affect the status 1374 * of other addresses, so we check and update it. 1375 * XXX: what if address duplication happens? 1376 */ 1377 pfxlist_onlink_check(); 1378 } else { 1379 /* just set an error. do not bark here. */ 1380 error = EADDRNOTAVAIL; /* XXX: might be unused. */ 1381 } 1382 } 1383 1384 end: 1385 splx(s); 1386 return error; 1387 } 1388 1389 /* 1390 * A supplement function used in the on-link detection below; 1391 * detect if a given prefix has a (probably) reachable advertising router. 1392 * XXX: lengthy function name... 1393 */ 1394 static struct nd_pfxrouter * 1395 find_pfxlist_reachable_router(struct nd_prefix *pr) 1396 { 1397 struct nd_pfxrouter *pfxrtr; 1398 struct rtentry *rt; 1399 struct llinfo_nd6 *ln; 1400 1401 for (pfxrtr = LIST_FIRST(&pr->ndpr_advrtrs); pfxrtr; 1402 pfxrtr = LIST_NEXT(pfxrtr, pfr_entry)) { 1403 if (pfxrtr->router->ifp->if_flags & IFF_UP && 1404 pfxrtr->router->ifp->if_link_state != LINK_STATE_DOWN && 1405 (rt = nd6_lookup(&pfxrtr->router->rtaddr, 0, 1406 pfxrtr->router->ifp)) && 1407 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) && 1408 ND6_IS_LLINFO_PROBREACH(ln)) 1409 break; /* found */ 1410 } 1411 1412 return (pfxrtr); 1413 } 1414 1415 /* 1416 * Check if each prefix in the prefix list has at least one available router 1417 * that advertised the prefix (a router is "available" if its neighbor cache 1418 * entry is reachable or probably reachable). 1419 * If the check fails, the prefix may be off-link, because, for example, 1420 * we have moved from the network but the lifetime of the prefix has not 1421 * expired yet. So we should not use the prefix if there is another prefix 1422 * that has an available router. 1423 * But, if there is no prefix that has an available router, we still regards 1424 * all the prefixes as on-link. This is because we can't tell if all the 1425 * routers are simply dead or if we really moved from the network and there 1426 * is no router around us. 1427 */ 1428 void 1429 pfxlist_onlink_check(void) 1430 { 1431 struct nd_prefix *pr; 1432 struct in6_ifaddr *ifa; 1433 struct nd_defrouter *dr; 1434 struct nd_pfxrouter *pfxrtr = NULL; 1435 1436 /* 1437 * Check if there is a prefix that has a reachable advertising 1438 * router. 1439 */ 1440 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1441 if (pr->ndpr_raf_onlink && find_pfxlist_reachable_router(pr)) 1442 break; 1443 } 1444 /* 1445 * If we have no such prefix, check whether we still have a router 1446 * that does not advertise any prefixes. 1447 */ 1448 if (pr == NULL) { 1449 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) { 1450 struct nd_prefix *pr0; 1451 1452 LIST_FOREACH(pr0, &nd_prefix, ndpr_entry) { 1453 if ((pfxrtr = pfxrtr_lookup(pr0, dr)) != NULL) 1454 break; 1455 } 1456 if (pfxrtr) 1457 break; 1458 } 1459 } 1460 if (pr != NULL || (TAILQ_FIRST(&nd_defrouter) && !pfxrtr)) { 1461 /* 1462 * There is at least one prefix that has a reachable router, 1463 * or at least a router which probably does not advertise 1464 * any prefixes. The latter would be the case when we move 1465 * to a new link where we have a router that does not provide 1466 * prefixes and we configure an address by hand. 1467 * Detach prefixes which have no reachable advertising 1468 * router, and attach other prefixes. 1469 */ 1470 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1471 /* XXX: a link-local prefix should never be detached */ 1472 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1473 continue; 1474 1475 /* 1476 * we aren't interested in prefixes without the L bit 1477 * set. 1478 */ 1479 if (pr->ndpr_raf_onlink == 0) 1480 continue; 1481 1482 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 && 1483 find_pfxlist_reachable_router(pr) == NULL) 1484 pr->ndpr_stateflags |= NDPRF_DETACHED; 1485 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 && 1486 find_pfxlist_reachable_router(pr) != 0) 1487 pr->ndpr_stateflags &= ~NDPRF_DETACHED; 1488 } 1489 } else { 1490 /* there is no prefix that has a reachable router */ 1491 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1492 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1493 continue; 1494 1495 if (pr->ndpr_raf_onlink == 0) 1496 continue; 1497 1498 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0) 1499 pr->ndpr_stateflags &= ~NDPRF_DETACHED; 1500 } 1501 } 1502 1503 /* 1504 * Remove each interface route associated with a (just) detached 1505 * prefix, and reinstall the interface route for a (just) attached 1506 * prefix. Note that all attempt of reinstallation does not 1507 * necessarily success, when a same prefix is shared among multiple 1508 * interfaces. Such cases will be handled in nd6_prefix_onlink, 1509 * so we don't have to care about them. 1510 */ 1511 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) { 1512 int e; 1513 1514 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1515 continue; 1516 1517 if (pr->ndpr_raf_onlink == 0) 1518 continue; 1519 1520 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 && 1521 (pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { 1522 if ((e = nd6_prefix_offlink(pr)) != 0) { 1523 nd6log((LOG_ERR, 1524 "pfxlist_onlink_check: failed to " 1525 "make %s/%d offlink, errno=%d\n", 1526 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1527 pr->ndpr_plen, e)); 1528 } 1529 } 1530 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 && 1531 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0 && 1532 pr->ndpr_raf_onlink) { 1533 if ((e = nd6_prefix_onlink(pr)) != 0) { 1534 nd6log((LOG_ERR, 1535 "pfxlist_onlink_check: failed to " 1536 "make %s/%d onlink, errno=%d\n", 1537 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1538 pr->ndpr_plen, e)); 1539 } 1540 } 1541 } 1542 1543 /* 1544 * Changes on the prefix status might affect address status as well. 1545 * Make sure that all addresses derived from an attached prefix are 1546 * attached, and that all addresses derived from a detached prefix are 1547 * detached. Note, however, that a manually configured address should 1548 * always be attached. 1549 * The precise detection logic is same as the one for prefixes. 1550 */ 1551 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1552 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF)) 1553 continue; 1554 1555 if (ifa->ia6_ndpr == NULL) { 1556 /* 1557 * This can happen when we first configure the address 1558 * (i.e. the address exists, but the prefix does not). 1559 * XXX: complicated relationships... 1560 */ 1561 continue; 1562 } 1563 1564 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) 1565 break; 1566 } 1567 if (ifa) { 1568 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1569 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1570 continue; 1571 1572 if (ifa->ia6_ndpr == NULL) /* XXX: see above. */ 1573 continue; 1574 1575 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) { 1576 if (ifa->ia6_flags & IN6_IFF_DETACHED) { 1577 ifa->ia6_flags &= ~IN6_IFF_DETACHED; 1578 ifa->ia6_flags |= IN6_IFF_TENTATIVE; 1579 nd6_dad_start((struct ifaddr *)ifa, 1580 0); 1581 /* We will notify the routing socket 1582 * of the DAD result, so no need to 1583 * here */ 1584 } 1585 } else { 1586 if ((ifa->ia6_flags & IN6_IFF_DETACHED) == 0) { 1587 ifa->ia6_flags |= IN6_IFF_DETACHED; 1588 nd6_newaddrmsg((struct ifaddr *)ifa); 1589 } 1590 } 1591 } 1592 } 1593 else { 1594 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1595 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1596 continue; 1597 1598 if (ifa->ia6_flags & IN6_IFF_DETACHED) { 1599 ifa->ia6_flags &= ~IN6_IFF_DETACHED; 1600 ifa->ia6_flags |= IN6_IFF_TENTATIVE; 1601 /* Do we need a delay in this case? */ 1602 nd6_dad_start((struct ifaddr *)ifa, 0); 1603 } 1604 } 1605 } 1606 } 1607 1608 int 1609 nd6_prefix_onlink(struct nd_prefix *pr) 1610 { 1611 struct ifaddr *ifa; 1612 struct ifnet *ifp = pr->ndpr_ifp; 1613 struct sockaddr_in6 mask6; 1614 struct nd_prefix *opr; 1615 u_long rtflags; 1616 int error = 0; 1617 struct rtentry *rt = NULL; 1618 1619 /* sanity check */ 1620 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { 1621 nd6log((LOG_ERR, 1622 "nd6_prefix_onlink: %s/%d is already on-link\n", 1623 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen)); 1624 return (EEXIST); 1625 } 1626 1627 /* 1628 * Add the interface route associated with the prefix. Before 1629 * installing the route, check if there's the same prefix on another 1630 * interface, and the prefix has already installed the interface route. 1631 * Although such a configuration is expected to be rare, we explicitly 1632 * allow it. 1633 */ 1634 LIST_FOREACH(opr, &nd_prefix, ndpr_entry) { 1635 if (opr == pr) 1636 continue; 1637 1638 if ((opr->ndpr_stateflags & NDPRF_ONLINK) == 0) 1639 continue; 1640 1641 if (opr->ndpr_plen == pr->ndpr_plen && 1642 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, 1643 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) 1644 return (0); 1645 } 1646 1647 /* 1648 * We prefer link-local addresses as the associated interface address. 1649 */ 1650 /* search for a link-local addr */ 1651 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 1652 IN6_IFF_NOTREADY | IN6_IFF_ANYCAST); 1653 if (ifa == NULL) { 1654 /* XXX: freebsd does not have ifa_ifwithaf */ 1655 IFADDR_FOREACH(ifa, ifp) { 1656 if (ifa->ifa_addr->sa_family == AF_INET6) 1657 break; 1658 } 1659 /* should we care about ia6_flags? */ 1660 } 1661 if (ifa == NULL) { 1662 /* 1663 * This can still happen, when, for example, we receive an RA 1664 * containing a prefix with the L bit set and the A bit clear, 1665 * after removing all IPv6 addresses on the receiving 1666 * interface. This should, of course, be rare though. 1667 */ 1668 nd6log((LOG_NOTICE, 1669 "nd6_prefix_onlink: failed to find any ifaddr" 1670 " to add route for a prefix(%s/%d) on %s\n", 1671 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1672 pr->ndpr_plen, if_name(ifp))); 1673 return (0); 1674 } 1675 1676 /* 1677 * in6_ifinit() sets nd6_rtrequest to ifa_rtrequest for all ifaddrs. 1678 * ifa->ifa_rtrequest = nd6_rtrequest; 1679 */ 1680 memset(&mask6, 0, sizeof(mask6)); 1681 mask6.sin6_family = AF_INET6; 1682 mask6.sin6_len = sizeof(mask6); 1683 mask6.sin6_addr = pr->ndpr_mask; 1684 /* rtrequest() will probably set RTF_UP, but we're not sure. */ 1685 rtflags = ifa->ifa_flags | RTF_UP; 1686 if (nd6_need_cache(ifp)) { 1687 /* explicitly set in case ifa_flags does not set the flag. */ 1688 rtflags |= RTF_CLONING; 1689 } else { 1690 /* 1691 * explicitly clear the cloning bit in case ifa_flags sets it. 1692 */ 1693 rtflags &= ~RTF_CLONING; 1694 } 1695 error = rtrequest(RTM_ADD, (struct sockaddr *)&pr->ndpr_prefix, 1696 ifa->ifa_addr, (struct sockaddr *)&mask6, rtflags, &rt); 1697 if (error == 0) { 1698 if (rt != NULL) { /* this should be non NULL, though */ 1699 nd6_rtmsg(RTM_ADD, rt); 1700 nd6_numroutes++; 1701 } 1702 pr->ndpr_stateflags |= NDPRF_ONLINK; 1703 } else { 1704 nd6log((LOG_ERR, "nd6_prefix_onlink: failed to add route for a" 1705 " prefix (%s/%d) on %s, gw=%s, mask=%s, flags=%lx " 1706 "errno = %d\n", 1707 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1708 pr->ndpr_plen, if_name(ifp), 1709 ip6_sprintf(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr), 1710 ip6_sprintf(&mask6.sin6_addr), rtflags, error)); 1711 } 1712 1713 if (rt != NULL) 1714 rt->rt_refcnt--; 1715 1716 return (error); 1717 } 1718 1719 int 1720 nd6_prefix_offlink(struct nd_prefix *pr) 1721 { 1722 int error = 0; 1723 struct ifnet *ifp = pr->ndpr_ifp; 1724 struct nd_prefix *opr; 1725 struct sockaddr_in6 sa6, mask6; 1726 struct rtentry *rt = NULL; 1727 1728 /* sanity check */ 1729 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) { 1730 nd6log((LOG_ERR, 1731 "nd6_prefix_offlink: %s/%d is already off-link\n", 1732 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen)); 1733 return (EEXIST); 1734 } 1735 1736 sockaddr_in6_init(&sa6, &pr->ndpr_prefix.sin6_addr, 0, 0, 0); 1737 sockaddr_in6_init(&mask6, &pr->ndpr_mask, 0, 0, 0); 1738 error = rtrequest(RTM_DELETE, (struct sockaddr *)&sa6, NULL, 1739 (struct sockaddr *)&mask6, 0, &rt); 1740 if (error == 0) { 1741 pr->ndpr_stateflags &= ~NDPRF_ONLINK; 1742 1743 /* report the route deletion to the routing socket. */ 1744 if (rt != NULL) { 1745 nd6_rtmsg(RTM_DELETE, rt); 1746 nd6_numroutes--; 1747 } 1748 1749 /* 1750 * There might be the same prefix on another interface, 1751 * the prefix which could not be on-link just because we have 1752 * the interface route (see comments in nd6_prefix_onlink). 1753 * If there's one, try to make the prefix on-link on the 1754 * interface. 1755 */ 1756 LIST_FOREACH(opr, &nd_prefix, ndpr_entry) { 1757 if (opr == pr) 1758 continue; 1759 1760 if ((opr->ndpr_stateflags & NDPRF_ONLINK) != 0) 1761 continue; 1762 1763 /* 1764 * KAME specific: detached prefixes should not be 1765 * on-link. 1766 */ 1767 if ((opr->ndpr_stateflags & NDPRF_DETACHED) != 0) 1768 continue; 1769 1770 if (opr->ndpr_plen == pr->ndpr_plen && 1771 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, 1772 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) { 1773 int e; 1774 1775 if ((e = nd6_prefix_onlink(opr)) != 0) { 1776 nd6log((LOG_ERR, 1777 "nd6_prefix_offlink: failed to " 1778 "recover a prefix %s/%d from %s " 1779 "to %s (errno = %d)\n", 1780 ip6_sprintf(&opr->ndpr_prefix.sin6_addr), 1781 opr->ndpr_plen, if_name(ifp), 1782 if_name(opr->ndpr_ifp), e)); 1783 } 1784 } 1785 } 1786 } else { 1787 /* XXX: can we still set the NDPRF_ONLINK flag? */ 1788 nd6log((LOG_ERR, 1789 "nd6_prefix_offlink: failed to delete route: " 1790 "%s/%d on %s (errno = %d)\n", 1791 ip6_sprintf(&sa6.sin6_addr), pr->ndpr_plen, if_name(ifp), 1792 error)); 1793 } 1794 1795 if (rt != NULL) { 1796 if (rt->rt_refcnt <= 0) { 1797 /* XXX: we should free the entry ourselves. */ 1798 rt->rt_refcnt++; 1799 rtfree(rt); 1800 } 1801 } 1802 1803 return (error); 1804 } 1805 1806 static struct in6_ifaddr * 1807 in6_ifadd(struct nd_prefixctl *prc, int mcast) 1808 { 1809 struct ifnet *ifp = prc->ndprc_ifp; 1810 struct ifaddr *ifa; 1811 struct in6_aliasreq ifra; 1812 struct in6_ifaddr *ia, *ib; 1813 int error, plen0; 1814 struct in6_addr mask; 1815 int prefixlen = prc->ndprc_plen; 1816 int updateflags; 1817 1818 in6_prefixlen2mask(&mask, prefixlen); 1819 1820 /* 1821 * find a link-local address (will be interface ID). 1822 * Is it really mandatory? Theoretically, a global or a site-local 1823 * address can be configured without a link-local address, if we 1824 * have a unique interface identifier... 1825 * 1826 * it is not mandatory to have a link-local address, we can generate 1827 * interface identifier on the fly. we do this because: 1828 * (1) it should be the easiest way to find interface identifier. 1829 * (2) RFC2462 5.4 suggesting the use of the same interface identifier 1830 * for multiple addresses on a single interface, and possible shortcut 1831 * of DAD. we omitted DAD for this reason in the past. 1832 * (3) a user can prevent autoconfiguration of global address 1833 * by removing link-local address by hand (this is partly because we 1834 * don't have other way to control the use of IPv6 on an interface. 1835 * this has been our design choice - cf. NRL's "ifconfig auto"). 1836 * (4) it is easier to manage when an interface has addresses 1837 * with the same interface identifier, than to have multiple addresses 1838 * with different interface identifiers. 1839 */ 1840 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); /* 0 is OK? */ 1841 if (ifa) 1842 ib = (struct in6_ifaddr *)ifa; 1843 else 1844 return NULL; 1845 1846 #if 0 /* don't care link local addr state, and always do DAD */ 1847 /* if link-local address is not eligible, do not autoconfigure. */ 1848 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) { 1849 printf("in6_ifadd: link-local address not ready\n"); 1850 return NULL; 1851 } 1852 #endif 1853 1854 /* prefixlen + ifidlen must be equal to 128 */ 1855 plen0 = in6_mask2len(&ib->ia_prefixmask.sin6_addr, NULL); 1856 if (prefixlen != plen0) { 1857 nd6log((LOG_INFO, "in6_ifadd: wrong prefixlen for %s " 1858 "(prefix=%d ifid=%d)\n", 1859 if_name(ifp), prefixlen, 128 - plen0)); 1860 return NULL; 1861 } 1862 1863 /* make ifaddr */ 1864 1865 memset(&ifra, 0, sizeof(ifra)); 1866 /* 1867 * in6_update_ifa() does not use ifra_name, but we accurately set it 1868 * for safety. 1869 */ 1870 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 1871 sockaddr_in6_init(&ifra.ifra_addr, &prc->ndprc_prefix.sin6_addr, 0, 0, 0); 1872 /* prefix */ 1873 ifra.ifra_addr.sin6_addr.s6_addr32[0] &= mask.s6_addr32[0]; 1874 ifra.ifra_addr.sin6_addr.s6_addr32[1] &= mask.s6_addr32[1]; 1875 ifra.ifra_addr.sin6_addr.s6_addr32[2] &= mask.s6_addr32[2]; 1876 ifra.ifra_addr.sin6_addr.s6_addr32[3] &= mask.s6_addr32[3]; 1877 1878 /* interface ID */ 1879 ifra.ifra_addr.sin6_addr.s6_addr32[0] |= 1880 (ib->ia_addr.sin6_addr.s6_addr32[0] & ~mask.s6_addr32[0]); 1881 ifra.ifra_addr.sin6_addr.s6_addr32[1] |= 1882 (ib->ia_addr.sin6_addr.s6_addr32[1] & ~mask.s6_addr32[1]); 1883 ifra.ifra_addr.sin6_addr.s6_addr32[2] |= 1884 (ib->ia_addr.sin6_addr.s6_addr32[2] & ~mask.s6_addr32[2]); 1885 ifra.ifra_addr.sin6_addr.s6_addr32[3] |= 1886 (ib->ia_addr.sin6_addr.s6_addr32[3] & ~mask.s6_addr32[3]); 1887 1888 /* new prefix mask. */ 1889 sockaddr_in6_init(&ifra.ifra_prefixmask, &mask, 0, 0, 0); 1890 1891 /* lifetimes */ 1892 ifra.ifra_lifetime.ia6t_vltime = prc->ndprc_vltime; 1893 ifra.ifra_lifetime.ia6t_pltime = prc->ndprc_pltime; 1894 1895 /* XXX: scope zone ID? */ 1896 1897 ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */ 1898 1899 /* 1900 * Make sure that we do not have this address already. This should 1901 * usually not happen, but we can still see this case, e.g., if we 1902 * have manually configured the exact address to be configured. 1903 */ 1904 if (in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr) != NULL) { 1905 /* this should be rare enough to make an explicit log */ 1906 log(LOG_INFO, "in6_ifadd: %s is already configured\n", 1907 ip6_sprintf(&ifra.ifra_addr.sin6_addr)); 1908 return (NULL); 1909 } 1910 1911 /* 1912 * Allocate ifaddr structure, link into chain, etc. 1913 * If we are going to create a new address upon receiving a multicasted 1914 * RA, we need to impose a random delay before starting DAD. 1915 * [draft-ietf-ipv6-rfc2462bis-02.txt, Section 5.4.2] 1916 */ 1917 updateflags = 0; 1918 if (mcast) 1919 updateflags |= IN6_IFAUPDATE_DADDELAY; 1920 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0) { 1921 nd6log((LOG_ERR, 1922 "in6_ifadd: failed to make ifaddr %s on %s (errno=%d)\n", 1923 ip6_sprintf(&ifra.ifra_addr.sin6_addr), if_name(ifp), 1924 error)); 1925 return (NULL); /* ifaddr must not have been allocated. */ 1926 } 1927 1928 ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr); 1929 1930 return (ia); /* this is always non-NULL */ 1931 } 1932 1933 int 1934 in6_tmpifadd( 1935 const struct in6_ifaddr *ia0, /* corresponding public address */ 1936 int forcegen, 1937 int dad_delay) 1938 { 1939 struct ifnet *ifp = ia0->ia_ifa.ifa_ifp; 1940 struct in6_ifaddr *newia, *ia; 1941 struct in6_aliasreq ifra; 1942 int i, error; 1943 int trylimit = 3; /* XXX: adhoc value */ 1944 int updateflags; 1945 u_int32_t randid[2]; 1946 u_int32_t vltime0, pltime0; 1947 1948 memset(&ifra, 0, sizeof(ifra)); 1949 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 1950 ifra.ifra_addr = ia0->ia_addr; 1951 /* copy prefix mask */ 1952 ifra.ifra_prefixmask = ia0->ia_prefixmask; 1953 /* clear the old IFID */ 1954 for (i = 0; i < 4; i++) { 1955 ifra.ifra_addr.sin6_addr.s6_addr32[i] &= 1956 ifra.ifra_prefixmask.sin6_addr.s6_addr32[i]; 1957 } 1958 1959 again: 1960 if (in6_get_tmpifid(ifp, (u_int8_t *)randid, 1961 (const u_int8_t *)&ia0->ia_addr.sin6_addr.s6_addr[8], forcegen)) { 1962 nd6log((LOG_NOTICE, "in6_tmpifadd: failed to find a good " 1963 "random IFID\n")); 1964 return (EINVAL); 1965 } 1966 ifra.ifra_addr.sin6_addr.s6_addr32[2] |= 1967 (randid[0] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[2])); 1968 ifra.ifra_addr.sin6_addr.s6_addr32[3] |= 1969 (randid[1] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[3])); 1970 1971 /* 1972 * in6_get_tmpifid() quite likely provided a unique interface ID. 1973 * However, we may still have a chance to see collision, because 1974 * there may be a time lag between generation of the ID and generation 1975 * of the address. So, we'll do one more sanity check. 1976 */ 1977 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 1978 if (IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, 1979 &ifra.ifra_addr.sin6_addr)) { 1980 if (trylimit-- == 0) { 1981 /* 1982 * Give up. Something strange should have 1983 * happened. 1984 */ 1985 nd6log((LOG_NOTICE, "in6_tmpifadd: failed to " 1986 "find a unique random IFID\n")); 1987 return (EEXIST); 1988 } 1989 forcegen = 1; 1990 goto again; 1991 } 1992 } 1993 1994 /* 1995 * The Valid Lifetime is the lower of the Valid Lifetime of the 1996 * public address or TEMP_VALID_LIFETIME. 1997 * The Preferred Lifetime is the lower of the Preferred Lifetime 1998 * of the public address or TEMP_PREFERRED_LIFETIME - 1999 * DESYNC_FACTOR. 2000 */ 2001 if (ia0->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) { 2002 vltime0 = IFA6_IS_INVALID(ia0) ? 0 : 2003 (ia0->ia6_lifetime.ia6t_vltime - 2004 (time_second - ia0->ia6_updatetime)); 2005 if (vltime0 > ip6_temp_valid_lifetime) 2006 vltime0 = ip6_temp_valid_lifetime; 2007 } else 2008 vltime0 = ip6_temp_valid_lifetime; 2009 if (ia0->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) { 2010 pltime0 = IFA6_IS_DEPRECATED(ia0) ? 0 : 2011 (ia0->ia6_lifetime.ia6t_pltime - 2012 (time_second - ia0->ia6_updatetime)); 2013 if (pltime0 > ip6_temp_preferred_lifetime - ip6_desync_factor){ 2014 pltime0 = ip6_temp_preferred_lifetime - 2015 ip6_desync_factor; 2016 } 2017 } else 2018 pltime0 = ip6_temp_preferred_lifetime - ip6_desync_factor; 2019 ifra.ifra_lifetime.ia6t_vltime = vltime0; 2020 ifra.ifra_lifetime.ia6t_pltime = pltime0; 2021 2022 /* 2023 * A temporary address is created only if this calculated Preferred 2024 * Lifetime is greater than REGEN_ADVANCE time units. 2025 */ 2026 if (ifra.ifra_lifetime.ia6t_pltime <= ip6_temp_regen_advance) 2027 return (0); 2028 2029 /* XXX: scope zone ID? */ 2030 2031 ifra.ifra_flags |= (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY); 2032 2033 /* allocate ifaddr structure, link into chain, etc. */ 2034 updateflags = 0; 2035 if (dad_delay) 2036 updateflags |= IN6_IFAUPDATE_DADDELAY; 2037 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0) 2038 return (error); 2039 2040 newia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr); 2041 if (newia == NULL) { /* XXX: can it happen? */ 2042 nd6log((LOG_ERR, 2043 "in6_tmpifadd: ifa update succeeded, but we got " 2044 "no ifaddr\n")); 2045 return (EINVAL); /* XXX */ 2046 } 2047 newia->ia6_ndpr = ia0->ia6_ndpr; 2048 newia->ia6_ndpr->ndpr_refcnt++; 2049 2050 /* 2051 * A newly added address might affect the status of other addresses. 2052 * XXX: when the temporary address is generated with a new public 2053 * address, the onlink check is redundant. However, it would be safe 2054 * to do the check explicitly everywhere a new address is generated, 2055 * and, in fact, we surely need the check when we create a new 2056 * temporary address due to deprecation of an old temporary address. 2057 */ 2058 pfxlist_onlink_check(); 2059 2060 return (0); 2061 } 2062 2063 static int 2064 in6_init_prefix_ltimes(struct nd_prefix *ndpr) 2065 { 2066 2067 /* check if preferred lifetime > valid lifetime. RFC2462 5.5.3 (c) */ 2068 if (ndpr->ndpr_pltime > ndpr->ndpr_vltime) { 2069 nd6log((LOG_INFO, "in6_init_prefix_ltimes: preferred lifetime" 2070 "(%d) is greater than valid lifetime(%d)\n", 2071 (u_int)ndpr->ndpr_pltime, (u_int)ndpr->ndpr_vltime)); 2072 return (EINVAL); 2073 } 2074 if (ndpr->ndpr_pltime == ND6_INFINITE_LIFETIME) 2075 ndpr->ndpr_preferred = 0; 2076 else 2077 ndpr->ndpr_preferred = time_second + ndpr->ndpr_pltime; 2078 if (ndpr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2079 ndpr->ndpr_expire = 0; 2080 else 2081 ndpr->ndpr_expire = time_second + ndpr->ndpr_vltime; 2082 2083 return 0; 2084 } 2085 2086 static void 2087 in6_init_address_ltimes(struct nd_prefix *newpr, 2088 struct in6_addrlifetime *lt6) 2089 { 2090 2091 /* Valid lifetime must not be updated unless explicitly specified. */ 2092 /* init ia6t_expire */ 2093 if (lt6->ia6t_vltime == ND6_INFINITE_LIFETIME) 2094 lt6->ia6t_expire = 0; 2095 else { 2096 lt6->ia6t_expire = time_second; 2097 lt6->ia6t_expire += lt6->ia6t_vltime; 2098 } 2099 2100 /* init ia6t_preferred */ 2101 if (lt6->ia6t_pltime == ND6_INFINITE_LIFETIME) 2102 lt6->ia6t_preferred = 0; 2103 else { 2104 lt6->ia6t_preferred = time_second; 2105 lt6->ia6t_preferred += lt6->ia6t_pltime; 2106 } 2107 } 2108 2109 /* 2110 * Delete all the routing table entries that use the specified gateway. 2111 * XXX: this function causes search through all entries of routing table, so 2112 * it shouldn't be called when acting as a router. 2113 */ 2114 void 2115 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp) 2116 { 2117 int s = splsoftnet(); 2118 2119 /* We'll care only link-local addresses */ 2120 if (!IN6_IS_ADDR_LINKLOCAL(gateway)) { 2121 splx(s); 2122 return; 2123 } 2124 2125 rt_walktree(AF_INET6, rt6_deleteroute, (void *)gateway); 2126 splx(s); 2127 } 2128 2129 static int 2130 rt6_deleteroute(struct rtentry *rt, void *arg) 2131 { 2132 #define SIN6(s) ((struct sockaddr_in6 *)s) 2133 struct in6_addr *gate = (struct in6_addr *)arg; 2134 2135 if (rt->rt_gateway == NULL || rt->rt_gateway->sa_family != AF_INET6) 2136 return (0); 2137 2138 if (!IN6_ARE_ADDR_EQUAL(gate, &SIN6(rt->rt_gateway)->sin6_addr)) 2139 return (0); 2140 2141 /* 2142 * Do not delete a static route. 2143 * XXX: this seems to be a bit ad-hoc. Should we consider the 2144 * 'cloned' bit instead? 2145 */ 2146 if ((rt->rt_flags & RTF_STATIC) != 0) 2147 return (0); 2148 2149 /* 2150 * We delete only host route. This means, in particular, we don't 2151 * delete default route. 2152 */ 2153 if ((rt->rt_flags & RTF_HOST) == 0) 2154 return (0); 2155 2156 return (rtrequest(RTM_DELETE, rt_getkey(rt), rt->rt_gateway, 2157 rt_mask(rt), rt->rt_flags, 0)); 2158 #undef SIN6 2159 } 2160 2161 int 2162 nd6_setdefaultiface(int ifindex) 2163 { 2164 ifnet_t *ifp; 2165 int error = 0; 2166 2167 if ((ifp = if_byindex(ifindex)) == NULL) { 2168 return EINVAL; 2169 } 2170 if (nd6_defifindex != ifindex) { 2171 nd6_defifindex = ifindex; 2172 nd6_defifp = nd6_defifindex > 0 ? ifp : NULL; 2173 2174 /* 2175 * Our current implementation assumes one-to-one maping between 2176 * interfaces and links, so it would be natural to use the 2177 * default interface as the default link. 2178 */ 2179 scope6_setdefault(nd6_defifp); 2180 } 2181 2182 return (error); 2183 } 2184
Indexes created Fri Sep 26 20:09:58 GMT 2025