1 /* $FreeBSD: src/sys/netinet6/nd6.c,v 1.2.2.15 2003/05/06 06:46:58 suz Exp $ */ 2 /* $DragonFly: src/sys/netinet6/nd6.c,v 1.10 2004/09/17 00:07:27 dillon Exp $ */ 3 /* $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * XXX 36 * KAME 970409 note: 37 * BSD/OS version heavily modifies this code, related to llinfo. 38 * Since we don't have BSD/OS version of net/route.c in our hand, 39 * I left the code mostly as it was in 970310. -- itojun 40 */ 41 42 #include "opt_inet.h" 43 #include "opt_inet6.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/callout.h> 48 #include <sys/malloc.h> 49 #include <sys/mbuf.h> 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/time.h> 53 #include <sys/kernel.h> 54 #include <sys/protosw.h> 55 #include <sys/errno.h> 56 #include <sys/syslog.h> 57 #include <sys/queue.h> 58 #include <sys/sysctl.h> 59 60 #include <net/if.h> 61 #include <net/if_dl.h> 62 #include <net/if_types.h> 63 #include <net/if_atm.h> 64 #include <net/route.h> 65 66 #include <netinet/in.h> 67 #include <netinet/if_ether.h> 68 #include <netinet/if_fddi.h> 69 #include <netinet6/in6_var.h> 70 #include <netinet/ip6.h> 71 #include <netinet6/ip6_var.h> 72 #include <netinet6/nd6.h> 73 #include <netinet6/in6_prefix.h> 74 #include <netinet/icmp6.h> 75 76 #include "use_loop.h" 77 78 #include <net/net_osdep.h> 79 80 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 81 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 82 83 #define SIN6(s) ((struct sockaddr_in6 *)s) 84 #define SDL(s) ((struct sockaddr_dl *)s) 85 86 /* timer values */ 87 int nd6_prune = 1; /* walk list every 1 seconds */ 88 int nd6_delay = 5; /* delay first probe time 5 second */ 89 int nd6_umaxtries = 3; /* maximum unicast query */ 90 int nd6_mmaxtries = 3; /* maximum multicast query */ 91 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 92 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 93 94 /* preventing too many loops in ND option parsing */ 95 int nd6_maxndopt = 10; /* max # of ND options allowed */ 96 97 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 98 99 #ifdef ND6_DEBUG 100 int nd6_debug = 1; 101 #else 102 int nd6_debug = 0; 103 #endif 104 105 /* for debugging? */ 106 static int nd6_inuse, nd6_allocated; 107 108 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 109 static size_t nd_ifinfo_indexlim = 8; 110 struct nd_ifinfo *nd_ifinfo = NULL; 111 struct nd_drhead nd_defrouter; 112 struct nd_prhead nd_prefix = { 0 }; 113 114 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 115 static struct sockaddr_in6 all1_sa; 116 117 static void nd6_slowtimo (void *); 118 static int regen_tmpaddr (struct in6_ifaddr *); 119 120 struct callout nd6_slowtimo_ch; 121 struct callout nd6_timer_ch; 122 extern struct callout in6_tmpaddrtimer_ch; 123 124 void 125 nd6_init(void) 126 { 127 static int nd6_init_done = 0; 128 int i; 129 130 if (nd6_init_done) { 131 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 132 return; 133 } 134 135 all1_sa.sin6_family = AF_INET6; 136 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 137 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 138 all1_sa.sin6_addr.s6_addr[i] = 0xff; 139 140 /* initialization of the default router list */ 141 TAILQ_INIT(&nd_defrouter); 142 143 nd6_init_done = 1; 144 145 /* start timer */ 146 callout_init(&nd6_slowtimo_ch); 147 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 148 nd6_slowtimo, NULL); 149 } 150 151 void 152 nd6_ifattach(struct ifnet *ifp) 153 { 154 155 /* 156 * We have some arrays that should be indexed by if_index. 157 * since if_index will grow dynamically, they should grow too. 158 */ 159 if (nd_ifinfo == NULL || if_index >= nd_ifinfo_indexlim) { 160 size_t n; 161 caddr_t q; 162 163 while (if_index >= nd_ifinfo_indexlim) 164 nd_ifinfo_indexlim <<= 1; 165 166 /* grow nd_ifinfo */ 167 n = nd_ifinfo_indexlim * sizeof(struct nd_ifinfo); 168 q = (caddr_t)malloc(n, M_IP6NDP, M_WAITOK); 169 bzero(q, n); 170 if (nd_ifinfo) { 171 bcopy((caddr_t)nd_ifinfo, q, n/2); 172 free((caddr_t)nd_ifinfo, M_IP6NDP); 173 } 174 nd_ifinfo = (struct nd_ifinfo *)q; 175 } 176 177 #define ND nd_ifinfo[ifp->if_index] 178 179 /* 180 * Don't initialize if called twice. 181 * XXX: to detect this, we should choose a member that is never set 182 * before initialization of the ND structure itself. We formaly used 183 * the linkmtu member, which was not suitable because it could be 184 * initialized via "ifconfig mtu". 185 */ 186 if (ND.basereachable) 187 return; 188 189 ND.linkmtu = ifindex2ifnet[ifp->if_index]->if_mtu; 190 ND.chlim = IPV6_DEFHLIM; 191 ND.basereachable = REACHABLE_TIME; 192 ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); 193 ND.retrans = RETRANS_TIMER; 194 ND.receivedra = 0; 195 ND.flags = ND6_IFF_PERFORMNUD; 196 nd6_setmtu(ifp); 197 #undef ND 198 } 199 200 /* 201 * Reset ND level link MTU. This function is called when the physical MTU 202 * changes, which means we might have to adjust the ND level MTU. 203 */ 204 void 205 nd6_setmtu(struct ifnet *ifp) 206 { 207 struct nd_ifinfo *ndi = &nd_ifinfo[ifp->if_index]; 208 u_long oldmaxmtu = ndi->maxmtu; 209 u_long oldlinkmtu = ndi->linkmtu; 210 211 switch (ifp->if_type) { 212 case IFT_ARCNET: /* XXX MTU handling needs more work */ 213 ndi->maxmtu = MIN(60480, ifp->if_mtu); 214 break; 215 case IFT_ETHER: 216 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 217 break; 218 case IFT_FDDI: 219 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 220 break; 221 case IFT_ATM: 222 ndi->maxmtu = MIN(ATMMTU, ifp->if_mtu); 223 break; 224 case IFT_IEEE1394: /* XXX should be IEEE1394MTU(1500) */ 225 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 226 break; 227 #ifdef IFT_IEEE80211 228 case IFT_IEEE80211: /* XXX should be IEEE80211MTU(1500) */ 229 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 230 break; 231 #endif 232 default: 233 ndi->maxmtu = ifp->if_mtu; 234 break; 235 } 236 237 if (oldmaxmtu != ndi->maxmtu) { 238 /* 239 * If the ND level MTU is not set yet, or if the maxmtu 240 * is reset to a smaller value than the ND level MTU, 241 * also reset the ND level MTU. 242 */ 243 if (ndi->linkmtu == 0 || 244 ndi->maxmtu < ndi->linkmtu) { 245 ndi->linkmtu = ndi->maxmtu; 246 /* also adjust in6_maxmtu if necessary. */ 247 if (oldlinkmtu == 0) { 248 /* 249 * XXX: the case analysis is grotty, but 250 * it is not efficient to call in6_setmaxmtu() 251 * here when we are during the initialization 252 * procedure. 253 */ 254 if (in6_maxmtu < ndi->linkmtu) 255 in6_maxmtu = ndi->linkmtu; 256 } else 257 in6_setmaxmtu(); 258 } 259 } 260 #undef MIN 261 } 262 263 void 264 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 265 { 266 bzero(ndopts, sizeof(*ndopts)); 267 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 268 ndopts->nd_opts_last 269 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 270 271 if (icmp6len == 0) { 272 ndopts->nd_opts_done = 1; 273 ndopts->nd_opts_search = NULL; 274 } 275 } 276 277 /* 278 * Take one ND option. 279 */ 280 struct nd_opt_hdr * 281 nd6_option(union nd_opts *ndopts) 282 { 283 struct nd_opt_hdr *nd_opt; 284 int olen; 285 286 if (!ndopts) 287 panic("ndopts == NULL in nd6_option"); 288 if (!ndopts->nd_opts_last) 289 panic("uninitialized ndopts in nd6_option"); 290 if (!ndopts->nd_opts_search) 291 return NULL; 292 if (ndopts->nd_opts_done) 293 return NULL; 294 295 nd_opt = ndopts->nd_opts_search; 296 297 /* make sure nd_opt_len is inside the buffer */ 298 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 299 bzero(ndopts, sizeof(*ndopts)); 300 return NULL; 301 } 302 303 olen = nd_opt->nd_opt_len << 3; 304 if (olen == 0) { 305 /* 306 * Message validation requires that all included 307 * options have a length that is greater than zero. 308 */ 309 bzero(ndopts, sizeof(*ndopts)); 310 return NULL; 311 } 312 313 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 314 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 315 /* option overruns the end of buffer, invalid */ 316 bzero(ndopts, sizeof(*ndopts)); 317 return NULL; 318 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 319 /* reached the end of options chain */ 320 ndopts->nd_opts_done = 1; 321 ndopts->nd_opts_search = NULL; 322 } 323 return nd_opt; 324 } 325 326 /* 327 * Parse multiple ND options. 328 * This function is much easier to use, for ND routines that do not need 329 * multiple options of the same type. 330 */ 331 int 332 nd6_options(union nd_opts *ndopts) 333 { 334 struct nd_opt_hdr *nd_opt; 335 int i = 0; 336 337 if (!ndopts) 338 panic("ndopts == NULL in nd6_options"); 339 if (!ndopts->nd_opts_last) 340 panic("uninitialized ndopts in nd6_options"); 341 if (!ndopts->nd_opts_search) 342 return 0; 343 344 while (1) { 345 nd_opt = nd6_option(ndopts); 346 if (!nd_opt && !ndopts->nd_opts_last) { 347 /* 348 * Message validation requires that all included 349 * options have a length that is greater than zero. 350 */ 351 icmp6stat.icp6s_nd_badopt++; 352 bzero(ndopts, sizeof(*ndopts)); 353 return -1; 354 } 355 356 if (!nd_opt) 357 goto skip1; 358 359 switch (nd_opt->nd_opt_type) { 360 case ND_OPT_SOURCE_LINKADDR: 361 case ND_OPT_TARGET_LINKADDR: 362 case ND_OPT_MTU: 363 case ND_OPT_REDIRECTED_HEADER: 364 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 365 nd6log((LOG_INFO, 366 "duplicated ND6 option found (type=%d)\n", 367 nd_opt->nd_opt_type)); 368 /* XXX bark? */ 369 } else { 370 ndopts->nd_opt_array[nd_opt->nd_opt_type] 371 = nd_opt; 372 } 373 break; 374 case ND_OPT_PREFIX_INFORMATION: 375 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 376 ndopts->nd_opt_array[nd_opt->nd_opt_type] 377 = nd_opt; 378 } 379 ndopts->nd_opts_pi_end = 380 (struct nd_opt_prefix_info *)nd_opt; 381 break; 382 default: 383 /* 384 * Unknown options must be silently ignored, 385 * to accomodate future extension to the protocol. 386 */ 387 nd6log((LOG_DEBUG, 388 "nd6_options: unsupported option %d - " 389 "option ignored\n", nd_opt->nd_opt_type)); 390 } 391 392 skip1: 393 i++; 394 if (i > nd6_maxndopt) { 395 icmp6stat.icp6s_nd_toomanyopt++; 396 nd6log((LOG_INFO, "too many loop in nd opt\n")); 397 break; 398 } 399 400 if (ndopts->nd_opts_done) 401 break; 402 } 403 404 return 0; 405 } 406 407 /* 408 * ND6 timer routine to expire default route list and prefix list 409 */ 410 void 411 nd6_timer(void *ignored_arg) 412 { 413 int s; 414 struct llinfo_nd6 *ln; 415 struct nd_defrouter *dr; 416 struct nd_prefix *pr; 417 struct ifnet *ifp; 418 struct in6_ifaddr *ia6, *nia6; 419 struct in6_addrlifetime *lt6; 420 421 s = splnet(); 422 callout_reset(&nd6_timer_ch, nd6_prune * hz, 423 nd6_timer, NULL); 424 425 ln = llinfo_nd6.ln_next; 426 while (ln && ln != &llinfo_nd6) { 427 struct rtentry *rt; 428 struct sockaddr_in6 *dst; 429 struct llinfo_nd6 *next = ln->ln_next; 430 /* XXX: used for the DELAY case only: */ 431 struct nd_ifinfo *ndi = NULL; 432 433 if ((rt = ln->ln_rt) == NULL) { 434 ln = next; 435 continue; 436 } 437 if ((ifp = rt->rt_ifp) == NULL) { 438 ln = next; 439 continue; 440 } 441 ndi = &nd_ifinfo[ifp->if_index]; 442 dst = (struct sockaddr_in6 *)rt_key(rt); 443 444 if (ln->ln_expire > time_second) { 445 ln = next; 446 continue; 447 } 448 449 /* sanity check */ 450 if (!rt) 451 panic("rt=0 in nd6_timer(ln=%p)", ln); 452 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 453 panic("rt_llinfo(%p) is not equal to ln(%p)", 454 rt->rt_llinfo, ln); 455 if (!dst) 456 panic("dst=0 in nd6_timer(ln=%p)", ln); 457 458 switch (ln->ln_state) { 459 case ND6_LLINFO_INCOMPLETE: 460 if (ln->ln_asked < nd6_mmaxtries) { 461 ln->ln_asked++; 462 ln->ln_expire = time_second + 463 nd_ifinfo[ifp->if_index].retrans / 1000; 464 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 465 ln, 0); 466 } else { 467 struct mbuf *m = ln->ln_hold; 468 if (m) { 469 if (rt->rt_ifp) { 470 /* 471 * Fake rcvif to make ICMP error 472 * more helpful in diagnosing 473 * for the receiver. 474 * XXX: should we consider 475 * older rcvif? 476 */ 477 m->m_pkthdr.rcvif = rt->rt_ifp; 478 } 479 icmp6_error(m, ICMP6_DST_UNREACH, 480 ICMP6_DST_UNREACH_ADDR, 0); 481 ln->ln_hold = NULL; 482 } 483 next = nd6_free(rt); 484 } 485 break; 486 case ND6_LLINFO_REACHABLE: 487 if (ln->ln_expire) { 488 ln->ln_state = ND6_LLINFO_STALE; 489 ln->ln_expire = time_second + nd6_gctimer; 490 } 491 break; 492 493 case ND6_LLINFO_STALE: 494 /* Garbage Collection(RFC 2461 5.3) */ 495 if (ln->ln_expire) 496 next = nd6_free(rt); 497 break; 498 499 case ND6_LLINFO_DELAY: 500 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 501 /* We need NUD */ 502 ln->ln_asked = 1; 503 ln->ln_state = ND6_LLINFO_PROBE; 504 ln->ln_expire = time_second + 505 ndi->retrans / 1000; 506 nd6_ns_output(ifp, &dst->sin6_addr, 507 &dst->sin6_addr, 508 ln, 0); 509 } else { 510 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 511 ln->ln_expire = time_second + nd6_gctimer; 512 } 513 break; 514 case ND6_LLINFO_PROBE: 515 if (ln->ln_asked < nd6_umaxtries) { 516 ln->ln_asked++; 517 ln->ln_expire = time_second + 518 nd_ifinfo[ifp->if_index].retrans / 1000; 519 nd6_ns_output(ifp, &dst->sin6_addr, 520 &dst->sin6_addr, ln, 0); 521 } else { 522 next = nd6_free(rt); 523 } 524 break; 525 } 526 ln = next; 527 } 528 529 /* expire default router list */ 530 dr = TAILQ_FIRST(&nd_defrouter); 531 while (dr) { 532 if (dr->expire && dr->expire < time_second) { 533 struct nd_defrouter *t; 534 t = TAILQ_NEXT(dr, dr_entry); 535 defrtrlist_del(dr); 536 dr = t; 537 } else { 538 dr = TAILQ_NEXT(dr, dr_entry); 539 } 540 } 541 542 /* 543 * expire interface addresses. 544 * in the past the loop was inside prefix expiry processing. 545 * However, from a stricter speci-confrmance standpoint, we should 546 * rather separate address lifetimes and prefix lifetimes. 547 */ 548 addrloop: 549 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 550 nia6 = ia6->ia_next; 551 /* check address lifetime */ 552 lt6 = &ia6->ia6_lifetime; 553 if (IFA6_IS_INVALID(ia6)) { 554 int regen = 0; 555 556 /* 557 * If the expiring address is temporary, try 558 * regenerating a new one. This would be useful when 559 * we suspended a laptop PC, then turned it on after a 560 * period that could invalidate all temporary 561 * addresses. Although we may have to restart the 562 * loop (see below), it must be after purging the 563 * address. Otherwise, we'd see an infinite loop of 564 * regeneration. 565 */ 566 if (ip6_use_tempaddr && 567 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 568 if (regen_tmpaddr(ia6) == 0) 569 regen = 1; 570 } 571 572 in6_purgeaddr(&ia6->ia_ifa); 573 574 if (regen) 575 goto addrloop; /* XXX: see below */ 576 } 577 if (IFA6_IS_DEPRECATED(ia6)) { 578 int oldflags = ia6->ia6_flags; 579 580 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 581 582 /* 583 * If a temporary address has just become deprecated, 584 * regenerate a new one if possible. 585 */ 586 if (ip6_use_tempaddr && 587 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 588 (oldflags & IN6_IFF_DEPRECATED) == 0) { 589 590 if (regen_tmpaddr(ia6) == 0) { 591 /* 592 * A new temporary address is 593 * generated. 594 * XXX: this means the address chain 595 * has changed while we are still in 596 * the loop. Although the change 597 * would not cause disaster (because 598 * it's not a deletion, but an 599 * addition,) we'd rather restart the 600 * loop just for safety. Or does this 601 * significantly reduce performance?? 602 */ 603 goto addrloop; 604 } 605 } 606 } else { 607 /* 608 * A new RA might have made a deprecated address 609 * preferred. 610 */ 611 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 612 } 613 } 614 615 /* expire prefix list */ 616 pr = nd_prefix.lh_first; 617 while (pr) { 618 /* 619 * check prefix lifetime. 620 * since pltime is just for autoconf, pltime processing for 621 * prefix is not necessary. 622 */ 623 if (pr->ndpr_expire && pr->ndpr_expire < time_second) { 624 struct nd_prefix *t; 625 t = pr->ndpr_next; 626 627 /* 628 * address expiration and prefix expiration are 629 * separate. NEVER perform in6_purgeaddr here. 630 */ 631 632 prelist_remove(pr); 633 pr = t; 634 } else 635 pr = pr->ndpr_next; 636 } 637 splx(s); 638 } 639 640 static int 641 regen_tmpaddr(struct in6_ifaddr *ia6) /* deprecated/invalidated temporary 642 address */ 643 { 644 struct ifaddr *ifa; 645 struct ifnet *ifp; 646 struct in6_ifaddr *public_ifa6 = NULL; 647 648 ifp = ia6->ia_ifa.ifa_ifp; 649 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_list) { 650 struct in6_ifaddr *it6; 651 652 if (ifa->ifa_addr->sa_family != AF_INET6) 653 continue; 654 655 it6 = (struct in6_ifaddr *)ifa; 656 657 /* ignore no autoconf addresses. */ 658 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 659 continue; 660 661 /* ignore autoconf addresses with different prefixes. */ 662 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 663 continue; 664 665 /* 666 * Now we are looking at an autoconf address with the same 667 * prefix as ours. If the address is temporary and is still 668 * preferred, do not create another one. It would be rare, but 669 * could happen, for example, when we resume a laptop PC after 670 * a long period. 671 */ 672 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 673 !IFA6_IS_DEPRECATED(it6)) { 674 public_ifa6 = NULL; 675 break; 676 } 677 678 /* 679 * This is a public autoconf address that has the same prefix 680 * as ours. If it is preferred, keep it. We can't break the 681 * loop here, because there may be a still-preferred temporary 682 * address with the prefix. 683 */ 684 if (!IFA6_IS_DEPRECATED(it6)) 685 public_ifa6 = it6; 686 } 687 688 if (public_ifa6 != NULL) { 689 int e; 690 691 if ((e = in6_tmpifadd(public_ifa6, 0)) != 0) { 692 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 693 " tmp addr,errno=%d\n", e); 694 return(-1); 695 } 696 return(0); 697 } 698 699 return(-1); 700 } 701 702 /* 703 * Nuke neighbor cache/prefix/default router management table, right before 704 * ifp goes away. 705 */ 706 void 707 nd6_purge(struct ifnet *ifp) 708 { 709 struct llinfo_nd6 *ln, *nln; 710 struct nd_defrouter *dr, *ndr, drany; 711 struct nd_prefix *pr, *npr; 712 713 /* Nuke default router list entries toward ifp */ 714 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 715 /* 716 * The first entry of the list may be stored in 717 * the routing table, so we'll delete it later. 718 */ 719 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = ndr) { 720 ndr = TAILQ_NEXT(dr, dr_entry); 721 if (dr->ifp == ifp) 722 defrtrlist_del(dr); 723 } 724 dr = TAILQ_FIRST(&nd_defrouter); 725 if (dr->ifp == ifp) 726 defrtrlist_del(dr); 727 } 728 729 /* Nuke prefix list entries toward ifp */ 730 for (pr = nd_prefix.lh_first; pr; pr = npr) { 731 npr = pr->ndpr_next; 732 if (pr->ndpr_ifp == ifp) { 733 /* 734 * Previously, pr->ndpr_addr is removed as well, 735 * but I strongly believe we don't have to do it. 736 * nd6_purge() is only called from in6_ifdetach(), 737 * which removes all the associated interface addresses 738 * by itself. 739 * (jinmei@kame.net 20010129) 740 */ 741 prelist_remove(pr); 742 } 743 } 744 745 /* cancel default outgoing interface setting */ 746 if (nd6_defifindex == ifp->if_index) 747 nd6_setdefaultiface(0); 748 749 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 750 /* refresh default router list */ 751 bzero(&drany, sizeof(drany)); 752 defrouter_delreq(&drany, 0); 753 defrouter_select(); 754 } 755 756 /* 757 * Nuke neighbor cache entries for the ifp. 758 * Note that rt->rt_ifp may not be the same as ifp, 759 * due to KAME goto ours hack. See RTM_RESOLVE case in 760 * nd6_rtrequest(), and ip6_input(). 761 */ 762 ln = llinfo_nd6.ln_next; 763 while (ln && ln != &llinfo_nd6) { 764 struct rtentry *rt; 765 struct sockaddr_dl *sdl; 766 767 nln = ln->ln_next; 768 rt = ln->ln_rt; 769 if (rt && rt->rt_gateway && 770 rt->rt_gateway->sa_family == AF_LINK) { 771 sdl = (struct sockaddr_dl *)rt->rt_gateway; 772 if (sdl->sdl_index == ifp->if_index) 773 nln = nd6_free(rt); 774 } 775 ln = nln; 776 } 777 } 778 779 struct rtentry * 780 nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp) 781 { 782 struct rtentry *rt; 783 struct sockaddr_in6 sin6; 784 785 bzero(&sin6, sizeof(sin6)); 786 sin6.sin6_len = sizeof(struct sockaddr_in6); 787 sin6.sin6_family = AF_INET6; 788 sin6.sin6_addr = *addr6; 789 #ifdef SCOPEDROUTING 790 sin6.sin6_scope_id = in6_addr2scopeid(ifp, addr6); 791 #endif 792 rt = rtalloc1((struct sockaddr *)&sin6, create, 0UL); 793 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) { 794 /* 795 * This is the case for the default route. 796 * If we want to create a neighbor cache for the address, we 797 * should free the route for the destination and allocate an 798 * interface route. 799 */ 800 if (create) { 801 RTFREE(rt); 802 rt = 0; 803 } 804 } 805 if (!rt) { 806 if (create && ifp) { 807 int e; 808 809 /* 810 * If no route is available and create is set, 811 * we allocate a host route for the destination 812 * and treat it like an interface route. 813 * This hack is necessary for a neighbor which can't 814 * be covered by our own prefix. 815 */ 816 struct ifaddr *ifa = 817 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 818 if (ifa == NULL) 819 return(NULL); 820 821 /* 822 * Create a new route. RTF_LLINFO is necessary 823 * to create a Neighbor Cache entry for the 824 * destination in nd6_rtrequest which will be 825 * called in rtrequest via ifa->ifa_rtrequest. 826 */ 827 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 828 ifa->ifa_addr, 829 (struct sockaddr *)&all1_sa, 830 (ifa->ifa_flags | 831 RTF_HOST | RTF_LLINFO) & 832 ~RTF_CLONING, 833 &rt)) != 0) 834 log(LOG_ERR, 835 "nd6_lookup: failed to add route for a " 836 "neighbor(%s), errno=%d\n", 837 ip6_sprintf(addr6), e); 838 if (rt == NULL) 839 return(NULL); 840 if (rt->rt_llinfo) { 841 struct llinfo_nd6 *ln = 842 (struct llinfo_nd6 *)rt->rt_llinfo; 843 ln->ln_state = ND6_LLINFO_NOSTATE; 844 } 845 } else 846 return(NULL); 847 } 848 rt->rt_refcnt--; 849 /* 850 * Validation for the entry. 851 * Note that the check for rt_llinfo is necessary because a cloned 852 * route from a parent route that has the L flag (e.g. the default 853 * route to a p2p interface) may have the flag, too, while the 854 * destination is not actually a neighbor. 855 * XXX: we can't use rt->rt_ifp to check for the interface, since 856 * it might be the loopback interface if the entry is for our 857 * own address on a non-loopback interface. Instead, we should 858 * use rt->rt_ifa->ifa_ifp, which would specify the REAL 859 * interface. 860 */ 861 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 862 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 863 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 864 if (create) { 865 log(LOG_DEBUG, "nd6_lookup: failed to lookup %s (if = %s)\n", 866 ip6_sprintf(addr6), ifp ? if_name(ifp) : "unspec"); 867 /* xxx more logs... kazu */ 868 } 869 return(NULL); 870 } 871 return(rt); 872 } 873 874 /* 875 * Detect if a given IPv6 address identifies a neighbor on a given link. 876 * XXX: should take care of the destination of a p2p link? 877 */ 878 int 879 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 880 { 881 struct ifaddr *ifa; 882 int i; 883 884 #define IFADDR6(a) ((((struct in6_ifaddr *)(a))->ia_addr).sin6_addr) 885 #define IFMASK6(a) ((((struct in6_ifaddr *)(a))->ia_prefixmask).sin6_addr) 886 887 /* 888 * A link-local address is always a neighbor. 889 * XXX: we should use the sin6_scope_id field rather than the embedded 890 * interface index. 891 */ 892 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 893 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 894 return(1); 895 896 /* 897 * If the address matches one of our addresses, 898 * it should be a neighbor. 899 */ 900 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 901 if (ifa->ifa_addr->sa_family != AF_INET6) 902 next: continue; 903 904 for (i = 0; i < 4; i++) { 905 if ((IFADDR6(ifa).s6_addr32[i] ^ 906 addr->sin6_addr.s6_addr32[i]) & 907 IFMASK6(ifa).s6_addr32[i]) 908 goto next; 909 } 910 return(1); 911 } 912 913 /* 914 * Even if the address matches none of our addresses, it might be 915 * in the neighbor cache. 916 */ 917 if (nd6_lookup(&addr->sin6_addr, 0, ifp) != NULL) 918 return(1); 919 920 return(0); 921 #undef IFADDR6 922 #undef IFMASK6 923 } 924 925 /* 926 * Free an nd6 llinfo entry. 927 */ 928 struct llinfo_nd6 * 929 nd6_free(struct rtentry *rt) 930 { 931 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 932 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 933 struct nd_defrouter *dr; 934 935 /* 936 * we used to have pfctlinput(PRC_HOSTDEAD) here. 937 * even though it is not harmful, it was not really necessary. 938 */ 939 940 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 941 int s; 942 s = splnet(); 943 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 944 rt->rt_ifp); 945 946 if (ln->ln_router || dr) { 947 /* 948 * rt6_flush must be called whether or not the neighbor 949 * is in the Default Router List. 950 * See a corresponding comment in nd6_na_input(). 951 */ 952 rt6_flush(&in6, rt->rt_ifp); 953 } 954 955 if (dr) { 956 /* 957 * Unreachablity of a router might affect the default 958 * router selection and on-link detection of advertised 959 * prefixes. 960 */ 961 962 /* 963 * Temporarily fake the state to choose a new default 964 * router and to perform on-link determination of 965 * prefixes correctly. 966 * Below the state will be set correctly, 967 * or the entry itself will be deleted. 968 */ 969 ln->ln_state = ND6_LLINFO_INCOMPLETE; 970 971 /* 972 * Since defrouter_select() does not affect the 973 * on-link determination and MIP6 needs the check 974 * before the default router selection, we perform 975 * the check now. 976 */ 977 pfxlist_onlink_check(); 978 979 if (dr == TAILQ_FIRST(&nd_defrouter)) { 980 /* 981 * It is used as the current default router, 982 * so we have to move it to the end of the 983 * list and choose a new one. 984 * XXX: it is not very efficient if this is 985 * the only router. 986 */ 987 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 988 TAILQ_INSERT_TAIL(&nd_defrouter, dr, dr_entry); 989 990 defrouter_select(); 991 } 992 } 993 splx(s); 994 } 995 996 /* 997 * Before deleting the entry, remember the next entry as the 998 * return value. We need this because pfxlist_onlink_check() above 999 * might have freed other entries (particularly the old next entry) as 1000 * a side effect (XXX). 1001 */ 1002 next = ln->ln_next; 1003 1004 /* 1005 * Detach the route from the routing tree and the list of neighbor 1006 * caches, and disable the route entry not to be used in already 1007 * cached routes. 1008 */ 1009 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0, 1010 rt_mask(rt), 0, (struct rtentry **)0); 1011 1012 return(next); 1013 } 1014 1015 /* 1016 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1017 * 1018 * XXX cost-effective metods? 1019 */ 1020 void 1021 nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) 1022 { 1023 struct llinfo_nd6 *ln; 1024 1025 /* 1026 * If the caller specified "rt", use that. Otherwise, resolve the 1027 * routing table by supplied "dst6". 1028 */ 1029 if (!rt) { 1030 if (!dst6) 1031 return; 1032 if (!(rt = nd6_lookup(dst6, 0, NULL))) 1033 return; 1034 } 1035 1036 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 1037 (rt->rt_flags & RTF_LLINFO) == 0 || 1038 !rt->rt_llinfo || !rt->rt_gateway || 1039 rt->rt_gateway->sa_family != AF_LINK) { 1040 /* This is not a host route. */ 1041 return; 1042 } 1043 1044 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1045 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1046 return; 1047 1048 /* 1049 * if we get upper-layer reachability confirmation many times, 1050 * it is possible we have false information. 1051 */ 1052 if (!force) { 1053 ln->ln_byhint++; 1054 if (ln->ln_byhint > nd6_maxnudhint) 1055 return; 1056 } 1057 1058 ln->ln_state = ND6_LLINFO_REACHABLE; 1059 if (ln->ln_expire) 1060 ln->ln_expire = time_second + 1061 nd_ifinfo[rt->rt_ifp->if_index].reachable; 1062 } 1063 1064 void 1065 nd6_rtrequest(int req, struct rtentry *rt, 1066 struct rt_addrinfo *info) /* xxx unused */ 1067 { 1068 struct sockaddr *gate = rt->rt_gateway; 1069 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1070 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1071 struct ifnet *ifp = rt->rt_ifp; 1072 struct ifaddr *ifa; 1073 1074 if ((rt->rt_flags & RTF_GATEWAY)) 1075 return; 1076 1077 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1078 /* 1079 * This is probably an interface direct route for a link 1080 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1081 * We do not need special treatment below for such a route. 1082 * Moreover, the RTF_LLINFO flag which would be set below 1083 * would annoy the ndp(8) command. 1084 */ 1085 return; 1086 } 1087 1088 if (req == RTM_RESOLVE && 1089 (nd6_need_cache(ifp) == 0 || /* stf case */ 1090 !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) { 1091 /* 1092 * FreeBSD and BSD/OS often make a cloned host route based 1093 * on a less-specific route (e.g. the default route). 1094 * If the less specific route does not have a "gateway" 1095 * (this is the case when the route just goes to a p2p or an 1096 * stf interface), we'll mistakenly make a neighbor cache for 1097 * the host route, and will see strange neighbor solicitation 1098 * for the corresponding destination. In order to avoid the 1099 * confusion, we check if the destination of the route is 1100 * a neighbor in terms of neighbor discovery, and stop the 1101 * process if not. Additionally, we remove the LLINFO flag 1102 * so that ndp(8) will not try to get the neighbor information 1103 * of the destination. 1104 */ 1105 rt->rt_flags &= ~RTF_LLINFO; 1106 return; 1107 } 1108 1109 switch (req) { 1110 case RTM_ADD: 1111 /* 1112 * There is no backward compatibility :) 1113 * 1114 * if ((rt->rt_flags & RTF_HOST) == 0 && 1115 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1116 * rt->rt_flags |= RTF_CLONING; 1117 */ 1118 if (rt->rt_flags & (RTF_CLONING | RTF_LLINFO)) { 1119 /* 1120 * Case 1: This route should come from 1121 * a route to interface. RTF_LLINFO flag is set 1122 * for a host route whose destination should be 1123 * treated as on-link. 1124 */ 1125 rt_setgate(rt, rt_key(rt), 1126 (struct sockaddr *)&null_sdl); 1127 gate = rt->rt_gateway; 1128 SDL(gate)->sdl_type = ifp->if_type; 1129 SDL(gate)->sdl_index = ifp->if_index; 1130 if (ln) 1131 ln->ln_expire = time_second; 1132 #if 1 1133 if (ln && ln->ln_expire == 0) { 1134 /* kludge for desktops */ 1135 #if 0 1136 printf("nd6_rtequest: time.tv_sec is zero; " 1137 "treat it as 1\n"); 1138 #endif 1139 ln->ln_expire = 1; 1140 } 1141 #endif 1142 if ((rt->rt_flags & RTF_CLONING)) 1143 break; 1144 } 1145 /* 1146 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1147 * We don't do that here since llinfo is not ready yet. 1148 * 1149 * There are also couple of other things to be discussed: 1150 * - unsolicited NA code needs improvement beforehand 1151 * - RFC2461 says we MAY send multicast unsolicited NA 1152 * (7.2.6 paragraph 4), however, it also says that we 1153 * SHOULD provide a mechanism to prevent multicast NA storm. 1154 * we don't have anything like it right now. 1155 * note that the mechanism needs a mutual agreement 1156 * between proxies, which means that we need to implement 1157 * a new protocol, or a new kludge. 1158 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1159 * we need to check ip6forwarding before sending it. 1160 * (or should we allow proxy ND configuration only for 1161 * routers? there's no mention about proxy ND from hosts) 1162 */ 1163 #if 0 1164 /* XXX it does not work */ 1165 if (rt->rt_flags & RTF_ANNOUNCE) 1166 nd6_na_output(ifp, 1167 &SIN6(rt_key(rt))->sin6_addr, 1168 &SIN6(rt_key(rt))->sin6_addr, 1169 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1170 1, NULL); 1171 #endif 1172 /* FALLTHROUGH */ 1173 case RTM_RESOLVE: 1174 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1175 /* 1176 * Address resolution isn't necessary for a point to 1177 * point link, so we can skip this test for a p2p link. 1178 */ 1179 if (gate->sa_family != AF_LINK || 1180 gate->sa_len < sizeof(null_sdl)) { 1181 log(LOG_DEBUG, 1182 "nd6_rtrequest: bad gateway value: %s\n", 1183 if_name(ifp)); 1184 break; 1185 } 1186 SDL(gate)->sdl_type = ifp->if_type; 1187 SDL(gate)->sdl_index = ifp->if_index; 1188 } 1189 if (ln != NULL) 1190 break; /* This happens on a route change */ 1191 /* 1192 * Case 2: This route may come from cloning, or a manual route 1193 * add with a LL address. 1194 */ 1195 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1196 rt->rt_llinfo = (caddr_t)ln; 1197 if (!ln) { 1198 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1199 break; 1200 } 1201 nd6_inuse++; 1202 nd6_allocated++; 1203 Bzero(ln, sizeof(*ln)); 1204 ln->ln_rt = rt; 1205 /* this is required for "ndp" command. - shin */ 1206 if (req == RTM_ADD) { 1207 /* 1208 * gate should have some valid AF_LINK entry, 1209 * and ln->ln_expire should have some lifetime 1210 * which is specified by ndp command. 1211 */ 1212 ln->ln_state = ND6_LLINFO_REACHABLE; 1213 ln->ln_byhint = 0; 1214 } else { 1215 /* 1216 * When req == RTM_RESOLVE, rt is created and 1217 * initialized in rtrequest(), so rt_expire is 0. 1218 */ 1219 ln->ln_state = ND6_LLINFO_NOSTATE; 1220 ln->ln_expire = time_second; 1221 } 1222 rt->rt_flags |= RTF_LLINFO; 1223 ln->ln_next = llinfo_nd6.ln_next; 1224 llinfo_nd6.ln_next = ln; 1225 ln->ln_prev = &llinfo_nd6; 1226 ln->ln_next->ln_prev = ln; 1227 1228 /* 1229 * check if rt_key(rt) is one of my address assigned 1230 * to the interface. 1231 */ 1232 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1233 &SIN6(rt_key(rt))->sin6_addr); 1234 if (ifa) { 1235 caddr_t macp = nd6_ifptomac(ifp); 1236 ln->ln_expire = 0; 1237 ln->ln_state = ND6_LLINFO_REACHABLE; 1238 ln->ln_byhint = 0; 1239 if (macp) { 1240 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1241 SDL(gate)->sdl_alen = ifp->if_addrlen; 1242 } 1243 if (nd6_useloopback) { 1244 rt->rt_ifp = &loif[0]; /* XXX */ 1245 /* 1246 * Make sure rt_ifa be equal to the ifaddr 1247 * corresponding to the address. 1248 * We need this because when we refer 1249 * rt_ifa->ia6_flags in ip6_input, we assume 1250 * that the rt_ifa points to the address instead 1251 * of the loopback address. 1252 */ 1253 if (ifa != rt->rt_ifa) { 1254 IFAFREE(rt->rt_ifa); 1255 IFAREF(ifa); 1256 rt->rt_ifa = ifa; 1257 } 1258 } 1259 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1260 ln->ln_expire = 0; 1261 ln->ln_state = ND6_LLINFO_REACHABLE; 1262 ln->ln_byhint = 0; 1263 1264 /* join solicited node multicast for proxy ND */ 1265 if (ifp->if_flags & IFF_MULTICAST) { 1266 struct in6_addr llsol; 1267 int error; 1268 1269 llsol = SIN6(rt_key(rt))->sin6_addr; 1270 llsol.s6_addr16[0] = htons(0xff02); 1271 llsol.s6_addr16[1] = htons(ifp->if_index); 1272 llsol.s6_addr32[1] = 0; 1273 llsol.s6_addr32[2] = htonl(1); 1274 llsol.s6_addr8[12] = 0xff; 1275 1276 if (!in6_addmulti(&llsol, ifp, &error)) { 1277 nd6log((LOG_ERR, "%s: failed to join " 1278 "%s (errno=%d)\n", if_name(ifp), 1279 ip6_sprintf(&llsol), error)); 1280 } 1281 } 1282 } 1283 break; 1284 1285 case RTM_DELETE: 1286 if (!ln) 1287 break; 1288 /* leave from solicited node multicast for proxy ND */ 1289 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1290 (ifp->if_flags & IFF_MULTICAST) != 0) { 1291 struct in6_addr llsol; 1292 struct in6_multi *in6m; 1293 1294 llsol = SIN6(rt_key(rt))->sin6_addr; 1295 llsol.s6_addr16[0] = htons(0xff02); 1296 llsol.s6_addr16[1] = htons(ifp->if_index); 1297 llsol.s6_addr32[1] = 0; 1298 llsol.s6_addr32[2] = htonl(1); 1299 llsol.s6_addr8[12] = 0xff; 1300 1301 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1302 if (in6m) 1303 in6_delmulti(in6m); 1304 } 1305 nd6_inuse--; 1306 ln->ln_next->ln_prev = ln->ln_prev; 1307 ln->ln_prev->ln_next = ln->ln_next; 1308 ln->ln_prev = NULL; 1309 rt->rt_llinfo = 0; 1310 rt->rt_flags &= ~RTF_LLINFO; 1311 if (ln->ln_hold) 1312 m_freem(ln->ln_hold); 1313 Free((caddr_t)ln); 1314 } 1315 } 1316 1317 int 1318 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1319 { 1320 struct in6_drlist *drl = (struct in6_drlist *)data; 1321 struct in6_prlist *prl = (struct in6_prlist *)data; 1322 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1323 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1324 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1325 struct nd_defrouter *dr, any; 1326 struct nd_prefix *pr; 1327 struct rtentry *rt; 1328 int i = 0, error = 0; 1329 int s; 1330 1331 switch (cmd) { 1332 case SIOCGDRLST_IN6: 1333 /* 1334 * obsolete API, use sysctl under net.inet6.icmp6 1335 */ 1336 bzero(drl, sizeof(*drl)); 1337 s = splnet(); 1338 dr = TAILQ_FIRST(&nd_defrouter); 1339 while (dr && i < DRLSTSIZ) { 1340 drl->defrouter[i].rtaddr = dr->rtaddr; 1341 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1342 /* XXX: need to this hack for KAME stack */ 1343 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1344 } else 1345 log(LOG_ERR, 1346 "default router list contains a " 1347 "non-linklocal address(%s)\n", 1348 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1349 1350 drl->defrouter[i].flags = dr->flags; 1351 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1352 drl->defrouter[i].expire = dr->expire; 1353 drl->defrouter[i].if_index = dr->ifp->if_index; 1354 i++; 1355 dr = TAILQ_NEXT(dr, dr_entry); 1356 } 1357 splx(s); 1358 break; 1359 case SIOCGPRLST_IN6: 1360 /* 1361 * obsolete API, use sysctl under net.inet6.icmp6 1362 */ 1363 /* 1364 * XXX meaning of fields, especialy "raflags", is very 1365 * differnet between RA prefix list and RR/static prefix list. 1366 * how about separating ioctls into two? 1367 */ 1368 bzero(prl, sizeof(*prl)); 1369 s = splnet(); 1370 pr = nd_prefix.lh_first; 1371 while (pr && i < PRLSTSIZ) { 1372 struct nd_pfxrouter *pfr; 1373 int j; 1374 1375 (void)in6_embedscope(&prl->prefix[i].prefix, 1376 &pr->ndpr_prefix, NULL, NULL); 1377 prl->prefix[i].raflags = pr->ndpr_raf; 1378 prl->prefix[i].prefixlen = pr->ndpr_plen; 1379 prl->prefix[i].vltime = pr->ndpr_vltime; 1380 prl->prefix[i].pltime = pr->ndpr_pltime; 1381 prl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1382 prl->prefix[i].expire = pr->ndpr_expire; 1383 1384 pfr = pr->ndpr_advrtrs.lh_first; 1385 j = 0; 1386 while (pfr) { 1387 if (j < DRLSTSIZ) { 1388 #define RTRADDR prl->prefix[i].advrtr[j] 1389 RTRADDR = pfr->router->rtaddr; 1390 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1391 /* XXX: hack for KAME */ 1392 RTRADDR.s6_addr16[1] = 0; 1393 } else 1394 log(LOG_ERR, 1395 "a router(%s) advertises " 1396 "a prefix with " 1397 "non-link local address\n", 1398 ip6_sprintf(&RTRADDR)); 1399 #undef RTRADDR 1400 } 1401 j++; 1402 pfr = pfr->pfr_next; 1403 } 1404 prl->prefix[i].advrtrs = j; 1405 prl->prefix[i].origin = PR_ORIG_RA; 1406 1407 i++; 1408 pr = pr->ndpr_next; 1409 } 1410 { 1411 struct rr_prefix *rpp; 1412 1413 for (rpp = LIST_FIRST(&rr_prefix); rpp; 1414 rpp = LIST_NEXT(rpp, rp_entry)) { 1415 if (i >= PRLSTSIZ) 1416 break; 1417 (void)in6_embedscope(&prl->prefix[i].prefix, 1418 &pr->ndpr_prefix, NULL, NULL); 1419 prl->prefix[i].raflags = rpp->rp_raf; 1420 prl->prefix[i].prefixlen = rpp->rp_plen; 1421 prl->prefix[i].vltime = rpp->rp_vltime; 1422 prl->prefix[i].pltime = rpp->rp_pltime; 1423 prl->prefix[i].if_index = rpp->rp_ifp->if_index; 1424 prl->prefix[i].expire = rpp->rp_expire; 1425 prl->prefix[i].advrtrs = 0; 1426 prl->prefix[i].origin = rpp->rp_origin; 1427 i++; 1428 } 1429 } 1430 splx(s); 1431 1432 break; 1433 case OSIOCGIFINFO_IN6: 1434 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1435 error = EINVAL; 1436 break; 1437 } 1438 ndi->ndi.linkmtu = nd_ifinfo[ifp->if_index].linkmtu; 1439 ndi->ndi.maxmtu = nd_ifinfo[ifp->if_index].maxmtu; 1440 ndi->ndi.basereachable = 1441 nd_ifinfo[ifp->if_index].basereachable; 1442 ndi->ndi.reachable = nd_ifinfo[ifp->if_index].reachable; 1443 ndi->ndi.retrans = nd_ifinfo[ifp->if_index].retrans; 1444 ndi->ndi.flags = nd_ifinfo[ifp->if_index].flags; 1445 ndi->ndi.recalctm = nd_ifinfo[ifp->if_index].recalctm; 1446 ndi->ndi.chlim = nd_ifinfo[ifp->if_index].chlim; 1447 ndi->ndi.receivedra = nd_ifinfo[ifp->if_index].receivedra; 1448 break; 1449 case SIOCGIFINFO_IN6: 1450 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1451 error = EINVAL; 1452 break; 1453 } 1454 ndi->ndi = nd_ifinfo[ifp->if_index]; 1455 break; 1456 case SIOCSIFINFO_FLAGS: 1457 /* XXX: almost all other fields of ndi->ndi is unused */ 1458 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1459 error = EINVAL; 1460 break; 1461 } 1462 nd_ifinfo[ifp->if_index].flags = ndi->ndi.flags; 1463 break; 1464 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1465 /* flush default router list */ 1466 /* 1467 * xxx sumikawa: should not delete route if default 1468 * route equals to the top of default router list 1469 */ 1470 bzero(&any, sizeof(any)); 1471 defrouter_delreq(&any, 0); 1472 defrouter_select(); 1473 /* xxx sumikawa: flush prefix list */ 1474 break; 1475 case SIOCSPFXFLUSH_IN6: 1476 { 1477 /* flush all the prefix advertised by routers */ 1478 struct nd_prefix *pr, *next; 1479 1480 s = splnet(); 1481 for (pr = nd_prefix.lh_first; pr; pr = next) { 1482 struct in6_ifaddr *ia, *ia_next; 1483 1484 next = pr->ndpr_next; 1485 1486 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1487 continue; /* XXX */ 1488 1489 /* do we really have to remove addresses as well? */ 1490 for (ia = in6_ifaddr; ia; ia = ia_next) { 1491 /* ia might be removed. keep the next ptr. */ 1492 ia_next = ia->ia_next; 1493 1494 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1495 continue; 1496 1497 if (ia->ia6_ndpr == pr) 1498 in6_purgeaddr(&ia->ia_ifa); 1499 } 1500 prelist_remove(pr); 1501 } 1502 splx(s); 1503 break; 1504 } 1505 case SIOCSRTRFLUSH_IN6: 1506 { 1507 /* flush all the default routers */ 1508 struct nd_defrouter *dr, *next; 1509 1510 s = splnet(); 1511 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 1512 /* 1513 * The first entry of the list may be stored in 1514 * the routing table, so we'll delete it later. 1515 */ 1516 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = next) { 1517 next = TAILQ_NEXT(dr, dr_entry); 1518 defrtrlist_del(dr); 1519 } 1520 defrtrlist_del(TAILQ_FIRST(&nd_defrouter)); 1521 } 1522 splx(s); 1523 break; 1524 } 1525 case SIOCGNBRINFO_IN6: 1526 { 1527 struct llinfo_nd6 *ln; 1528 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1529 1530 /* 1531 * XXX: KAME specific hack for scoped addresses 1532 * XXXX: for other scopes than link-local? 1533 */ 1534 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1535 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1536 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1537 1538 if (*idp == 0) 1539 *idp = htons(ifp->if_index); 1540 } 1541 1542 s = splnet(); 1543 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL) { 1544 error = EINVAL; 1545 splx(s); 1546 break; 1547 } 1548 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1549 nbi->state = ln->ln_state; 1550 nbi->asked = ln->ln_asked; 1551 nbi->isrouter = ln->ln_router; 1552 nbi->expire = ln->ln_expire; 1553 splx(s); 1554 1555 break; 1556 } 1557 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1558 ndif->ifindex = nd6_defifindex; 1559 break; 1560 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1561 return(nd6_setdefaultiface(ndif->ifindex)); 1562 break; 1563 } 1564 return(error); 1565 } 1566 1567 /* 1568 * Create neighbor cache entry and cache link-layer address, 1569 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1570 */ 1571 struct rtentry * 1572 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1573 int lladdrlen, 1574 int type, /* ICMP6 type */ 1575 int code /* type dependent information */) 1576 { 1577 struct rtentry *rt = NULL; 1578 struct llinfo_nd6 *ln = NULL; 1579 int is_newentry; 1580 struct sockaddr_dl *sdl = NULL; 1581 int do_update; 1582 int olladdr; 1583 int llchange; 1584 int newstate = 0; 1585 1586 if (!ifp) 1587 panic("ifp == NULL in nd6_cache_lladdr"); 1588 if (!from) 1589 panic("from == NULL in nd6_cache_lladdr"); 1590 1591 /* nothing must be updated for unspecified address */ 1592 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1593 return NULL; 1594 1595 /* 1596 * Validation about ifp->if_addrlen and lladdrlen must be done in 1597 * the caller. 1598 * 1599 * XXX If the link does not have link-layer adderss, what should 1600 * we do? (ifp->if_addrlen == 0) 1601 * Spec says nothing in sections for RA, RS and NA. There's small 1602 * description on it in NS section (RFC 2461 7.2.3). 1603 */ 1604 1605 rt = nd6_lookup(from, 0, ifp); 1606 if (!rt) { 1607 #if 0 1608 /* nothing must be done if there's no lladdr */ 1609 if (!lladdr || !lladdrlen) 1610 return NULL; 1611 #endif 1612 1613 rt = nd6_lookup(from, 1, ifp); 1614 is_newentry = 1; 1615 } else { 1616 /* do nothing if static ndp is set */ 1617 if (rt->rt_flags & RTF_STATIC) 1618 return NULL; 1619 is_newentry = 0; 1620 } 1621 1622 if (!rt) 1623 return NULL; 1624 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1625 fail: 1626 (void)nd6_free(rt); 1627 return NULL; 1628 } 1629 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1630 if (!ln) 1631 goto fail; 1632 if (!rt->rt_gateway) 1633 goto fail; 1634 if (rt->rt_gateway->sa_family != AF_LINK) 1635 goto fail; 1636 sdl = SDL(rt->rt_gateway); 1637 1638 olladdr = (sdl->sdl_alen) ? 1 : 0; 1639 if (olladdr && lladdr) { 1640 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1641 llchange = 1; 1642 else 1643 llchange = 0; 1644 } else 1645 llchange = 0; 1646 1647 /* 1648 * newentry olladdr lladdr llchange (*=record) 1649 * 0 n n -- (1) 1650 * 0 y n -- (2) 1651 * 0 n y -- (3) * STALE 1652 * 0 y y n (4) * 1653 * 0 y y y (5) * STALE 1654 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1655 * 1 -- y -- (7) * STALE 1656 */ 1657 1658 if (lladdr) { /* (3-5) and (7) */ 1659 /* 1660 * Record source link-layer address 1661 * XXX is it dependent to ifp->if_type? 1662 */ 1663 sdl->sdl_alen = ifp->if_addrlen; 1664 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1665 } 1666 1667 if (!is_newentry) { 1668 if ((!olladdr && lladdr) /* (3) */ 1669 || (olladdr && lladdr && llchange)) { /* (5) */ 1670 do_update = 1; 1671 newstate = ND6_LLINFO_STALE; 1672 } else /* (1-2,4) */ 1673 do_update = 0; 1674 } else { 1675 do_update = 1; 1676 if (!lladdr) /* (6) */ 1677 newstate = ND6_LLINFO_NOSTATE; 1678 else /* (7) */ 1679 newstate = ND6_LLINFO_STALE; 1680 } 1681 1682 if (do_update) { 1683 /* 1684 * Update the state of the neighbor cache. 1685 */ 1686 ln->ln_state = newstate; 1687 1688 if (ln->ln_state == ND6_LLINFO_STALE) { 1689 /* 1690 * XXX: since nd6_output() below will cause 1691 * state tansition to DELAY and reset the timer, 1692 * we must set the timer now, although it is actually 1693 * meaningless. 1694 */ 1695 ln->ln_expire = time_second + nd6_gctimer; 1696 1697 if (ln->ln_hold) { 1698 /* 1699 * we assume ifp is not a p2p here, so just 1700 * set the 2nd argument as the 1st one. 1701 */ 1702 nd6_output(ifp, ifp, ln->ln_hold, 1703 (struct sockaddr_in6 *)rt_key(rt), 1704 rt); 1705 ln->ln_hold = NULL; 1706 } 1707 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1708 /* probe right away */ 1709 ln->ln_expire = time_second; 1710 } 1711 } 1712 1713 /* 1714 * ICMP6 type dependent behavior. 1715 * 1716 * NS: clear IsRouter if new entry 1717 * RS: clear IsRouter 1718 * RA: set IsRouter if there's lladdr 1719 * redir: clear IsRouter if new entry 1720 * 1721 * RA case, (1): 1722 * The spec says that we must set IsRouter in the following cases: 1723 * - If lladdr exist, set IsRouter. This means (1-5). 1724 * - If it is old entry (!newentry), set IsRouter. This means (7). 1725 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1726 * A quetion arises for (1) case. (1) case has no lladdr in the 1727 * neighbor cache, this is similar to (6). 1728 * This case is rare but we figured that we MUST NOT set IsRouter. 1729 * 1730 * newentry olladdr lladdr llchange NS RS RA redir 1731 * D R 1732 * 0 n n -- (1) c ? s 1733 * 0 y n -- (2) c s s 1734 * 0 n y -- (3) c s s 1735 * 0 y y n (4) c s s 1736 * 0 y y y (5) c s s 1737 * 1 -- n -- (6) c c c s 1738 * 1 -- y -- (7) c c s c s 1739 * 1740 * (c=clear s=set) 1741 */ 1742 switch (type & 0xff) { 1743 case ND_NEIGHBOR_SOLICIT: 1744 /* 1745 * New entry must have is_router flag cleared. 1746 */ 1747 if (is_newentry) /* (6-7) */ 1748 ln->ln_router = 0; 1749 break; 1750 case ND_REDIRECT: 1751 /* 1752 * If the icmp is a redirect to a better router, always set the 1753 * is_router flag. Otherwise, if the entry is newly created, 1754 * clear the flag. [RFC 2461, sec 8.3] 1755 */ 1756 if (code == ND_REDIRECT_ROUTER) 1757 ln->ln_router = 1; 1758 else if (is_newentry) /* (6-7) */ 1759 ln->ln_router = 0; 1760 break; 1761 case ND_ROUTER_SOLICIT: 1762 /* 1763 * is_router flag must always be cleared. 1764 */ 1765 ln->ln_router = 0; 1766 break; 1767 case ND_ROUTER_ADVERT: 1768 /* 1769 * Mark an entry with lladdr as a router. 1770 */ 1771 if ((!is_newentry && (olladdr || lladdr)) /* (2-5) */ 1772 || (is_newentry && lladdr)) { /* (7) */ 1773 ln->ln_router = 1; 1774 } 1775 break; 1776 } 1777 1778 /* 1779 * When the link-layer address of a router changes, select the 1780 * best router again. In particular, when the neighbor entry is newly 1781 * created, it might affect the selection policy. 1782 * Question: can we restrict the first condition to the "is_newentry" 1783 * case? 1784 * XXX: when we hear an RA from a new router with the link-layer 1785 * address option, defrouter_select() is called twice, since 1786 * defrtrlist_update called the function as well. However, I believe 1787 * we can compromise the overhead, since it only happens the first 1788 * time. 1789 * XXX: although defrouter_select() should not have a bad effect 1790 * for those are not autoconfigured hosts, we explicitly avoid such 1791 * cases for safety. 1792 */ 1793 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1794 defrouter_select(); 1795 1796 return rt; 1797 } 1798 1799 static void 1800 nd6_slowtimo(void *ignored_arg) 1801 { 1802 int s = splnet(); 1803 int i; 1804 struct nd_ifinfo *nd6if; 1805 1806 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1807 nd6_slowtimo, NULL); 1808 for (i = 1; i < if_index + 1; i++) { 1809 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) 1810 continue; 1811 nd6if = &nd_ifinfo[i]; 1812 if (nd6if->basereachable && /* already initialized */ 1813 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1814 /* 1815 * Since reachable time rarely changes by router 1816 * advertisements, we SHOULD insure that a new random 1817 * value gets recomputed at least once every few hours. 1818 * (RFC 2461, 6.3.4) 1819 */ 1820 nd6if->recalctm = nd6_recalc_reachtm_interval; 1821 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1822 } 1823 } 1824 splx(s); 1825 } 1826 1827 #define senderr(e) { error = (e); goto bad;} 1828 int 1829 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 1830 struct sockaddr_in6 *dst, struct rtentry *rt0) 1831 { 1832 struct mbuf *m = m0; 1833 struct rtentry *rt = rt0; 1834 struct sockaddr_in6 *gw6 = NULL; 1835 struct llinfo_nd6 *ln = NULL; 1836 int error = 0; 1837 1838 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1839 goto sendpkt; 1840 1841 if (nd6_need_cache(ifp) == 0) 1842 goto sendpkt; 1843 1844 /* 1845 * next hop determination. This routine is derived from ether_outpout. 1846 */ 1847 if (rt) { 1848 if ((rt->rt_flags & RTF_UP) == 0) { 1849 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst, 1, 0UL)) != 1850 NULL) 1851 { 1852 rt->rt_refcnt--; 1853 if (rt->rt_ifp != ifp) { 1854 /* XXX: loop care? */ 1855 return nd6_output(ifp, origifp, m0, 1856 dst, rt); 1857 } 1858 } else 1859 senderr(EHOSTUNREACH); 1860 } 1861 1862 if (rt->rt_flags & RTF_GATEWAY) { 1863 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 1864 1865 /* 1866 * We skip link-layer address resolution and NUD 1867 * if the gateway is not a neighbor from ND point 1868 * of view, regardless of the value of nd_ifinfo.flags. 1869 * The second condition is a bit tricky; we skip 1870 * if the gateway is our own address, which is 1871 * sometimes used to install a route to a p2p link. 1872 */ 1873 if (!nd6_is_addr_neighbor(gw6, ifp) || 1874 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 1875 /* 1876 * We allow this kind of tricky route only 1877 * when the outgoing interface is p2p. 1878 * XXX: we may need a more generic rule here. 1879 */ 1880 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 1881 senderr(EHOSTUNREACH); 1882 1883 goto sendpkt; 1884 } 1885 1886 if (rt->rt_gwroute == 0) 1887 goto lookup; 1888 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 1889 rtfree(rt); rt = rt0; 1890 lookup: rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1, 0UL); 1891 if ((rt = rt->rt_gwroute) == 0) 1892 senderr(EHOSTUNREACH); 1893 } 1894 } 1895 } 1896 1897 /* 1898 * Address resolution or Neighbor Unreachability Detection 1899 * for the next hop. 1900 * At this point, the destination of the packet must be a unicast 1901 * or an anycast address(i.e. not a multicast). 1902 */ 1903 1904 /* Look up the neighbor cache for the nexthop */ 1905 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 1906 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1907 else { 1908 /* 1909 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1910 * the condition below is not very efficient. But we believe 1911 * it is tolerable, because this should be a rare case. 1912 */ 1913 if (nd6_is_addr_neighbor(dst, ifp) && 1914 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL) 1915 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1916 } 1917 if (!ln || !rt) { 1918 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1919 !(nd_ifinfo[ifp->if_index].flags & ND6_IFF_PERFORMNUD)) { 1920 log(LOG_DEBUG, 1921 "nd6_output: can't allocate llinfo for %s " 1922 "(ln=%p, rt=%p)\n", 1923 ip6_sprintf(&dst->sin6_addr), ln, rt); 1924 senderr(EIO); /* XXX: good error? */ 1925 } 1926 1927 goto sendpkt; /* send anyway */ 1928 } 1929 1930 /* We don't have to do link-layer address resolution on a p2p link. */ 1931 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1932 ln->ln_state < ND6_LLINFO_REACHABLE) { 1933 ln->ln_state = ND6_LLINFO_STALE; 1934 ln->ln_expire = time_second + nd6_gctimer; 1935 } 1936 1937 /* 1938 * The first time we send a packet to a neighbor whose entry is 1939 * STALE, we have to change the state to DELAY and a sets a timer to 1940 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1941 * neighbor unreachability detection on expiration. 1942 * (RFC 2461 7.3.3) 1943 */ 1944 if (ln->ln_state == ND6_LLINFO_STALE) { 1945 ln->ln_asked = 0; 1946 ln->ln_state = ND6_LLINFO_DELAY; 1947 ln->ln_expire = time_second + nd6_delay; 1948 } 1949 1950 /* 1951 * If the neighbor cache entry has a state other than INCOMPLETE 1952 * (i.e. its link-layer address is already resolved), just 1953 * send the packet. 1954 */ 1955 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1956 goto sendpkt; 1957 1958 /* 1959 * There is a neighbor cache entry, but no ethernet address 1960 * response yet. Replace the held mbuf (if any) with this 1961 * latest one. 1962 * 1963 * This code conforms to the rate-limiting rule described in Section 1964 * 7.2.2 of RFC 2461, because the timer is set correctly after sending 1965 * an NS below. 1966 */ 1967 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1968 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1969 if (ln->ln_hold) 1970 m_freem(ln->ln_hold); 1971 ln->ln_hold = m; 1972 if (ln->ln_expire) { 1973 if (ln->ln_asked < nd6_mmaxtries && 1974 ln->ln_expire < time_second) { 1975 ln->ln_asked++; 1976 ln->ln_expire = time_second + 1977 nd_ifinfo[ifp->if_index].retrans / 1000; 1978 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 1979 } 1980 } 1981 return(0); 1982 1983 sendpkt: 1984 1985 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 1986 return((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 1987 rt)); 1988 } 1989 return((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt)); 1990 1991 bad: 1992 if (m) 1993 m_freem(m); 1994 return (error); 1995 } 1996 #undef senderr 1997 1998 int 1999 nd6_need_cache(struct ifnet *ifp) 2000 { 2001 /* 2002 * XXX: we currently do not make neighbor cache on any interface 2003 * other than ARCnet, Ethernet, FDDI and GIF. 2004 * 2005 * RFC2893 says: 2006 * - unidirectional tunnels needs no ND 2007 */ 2008 switch (ifp->if_type) { 2009 case IFT_ARCNET: 2010 case IFT_ETHER: 2011 case IFT_FDDI: 2012 case IFT_IEEE1394: 2013 #ifdef IFT_L2VLAN 2014 case IFT_L2VLAN: 2015 #endif 2016 #ifdef IFT_IEEE80211 2017 case IFT_IEEE80211: 2018 #endif 2019 case IFT_GIF: /* XXX need more cases? */ 2020 return(1); 2021 default: 2022 return(0); 2023 } 2024 } 2025 2026 int 2027 nd6_storelladdr(struct ifnet *ifp, struct rtentry *rt, struct mbuf *m, 2028 struct sockaddr *dst, u_char *desten) 2029 { 2030 struct sockaddr_dl *sdl; 2031 2032 if (m->m_flags & M_MCAST) { 2033 switch (ifp->if_type) { 2034 case IFT_ETHER: 2035 case IFT_FDDI: 2036 #ifdef IFT_L2VLAN 2037 case IFT_L2VLAN: 2038 #endif 2039 #ifdef IFT_IEEE80211 2040 case IFT_IEEE80211: 2041 #endif 2042 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2043 desten); 2044 return(1); 2045 case IFT_IEEE1394: 2046 bcopy(ifp->if_broadcastaddr, desten, ifp->if_addrlen); 2047 return(1); 2048 case IFT_ARCNET: 2049 *desten = 0; 2050 return(1); 2051 default: 2052 m_freem(m); 2053 return(0); 2054 } 2055 } 2056 2057 if (rt == NULL) { 2058 /* this could happen, if we could not allocate memory */ 2059 m_freem(m); 2060 return(0); 2061 } 2062 if (rt->rt_gateway->sa_family != AF_LINK) { 2063 printf("nd6_storelladdr: something odd happens\n"); 2064 m_freem(m); 2065 return(0); 2066 } 2067 sdl = SDL(rt->rt_gateway); 2068 if (sdl->sdl_alen == 0) { 2069 /* this should be impossible, but we bark here for debugging */ 2070 printf("nd6_storelladdr: sdl_alen == 0\n"); 2071 m_freem(m); 2072 return(0); 2073 } 2074 2075 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 2076 return(1); 2077 } 2078 2079 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2080 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2081 #ifdef SYSCTL_DECL 2082 SYSCTL_DECL(_net_inet6_icmp6); 2083 #endif 2084 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2085 CTLFLAG_RD, nd6_sysctl_drlist, ""); 2086 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2087 CTLFLAG_RD, nd6_sysctl_prlist, ""); 2088 2089 static int 2090 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2091 { 2092 int error; 2093 char buf[1024]; 2094 struct in6_defrouter *d, *de; 2095 struct nd_defrouter *dr; 2096 2097 if (req->newptr) 2098 return EPERM; 2099 error = 0; 2100 2101 for (dr = TAILQ_FIRST(&nd_defrouter); 2102 dr; 2103 dr = TAILQ_NEXT(dr, dr_entry)) { 2104 d = (struct in6_defrouter *)buf; 2105 de = (struct in6_defrouter *)(buf + sizeof(buf)); 2106 2107 if (d + 1 <= de) { 2108 bzero(d, sizeof(*d)); 2109 d->rtaddr.sin6_family = AF_INET6; 2110 d->rtaddr.sin6_len = sizeof(d->rtaddr); 2111 if (in6_recoverscope(&d->rtaddr, &dr->rtaddr, 2112 dr->ifp) != 0) 2113 log(LOG_ERR, 2114 "scope error in " 2115 "default router list (%s)\n", 2116 ip6_sprintf(&dr->rtaddr)); 2117 d->flags = dr->flags; 2118 d->rtlifetime = dr->rtlifetime; 2119 d->expire = dr->expire; 2120 d->if_index = dr->ifp->if_index; 2121 } else 2122 panic("buffer too short"); 2123 2124 error = SYSCTL_OUT(req, buf, sizeof(*d)); 2125 if (error) 2126 break; 2127 } 2128 return error; 2129 } 2130 2131 static int 2132 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2133 { 2134 int error; 2135 char buf[1024]; 2136 struct in6_prefix *p, *pe; 2137 struct nd_prefix *pr; 2138 2139 if (req->newptr) 2140 return EPERM; 2141 error = 0; 2142 2143 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2144 u_short advrtrs; 2145 size_t advance; 2146 struct sockaddr_in6 *sin6, *s6; 2147 struct nd_pfxrouter *pfr; 2148 2149 p = (struct in6_prefix *)buf; 2150 pe = (struct in6_prefix *)(buf + sizeof(buf)); 2151 2152 if (p + 1 <= pe) { 2153 bzero(p, sizeof(*p)); 2154 sin6 = (struct sockaddr_in6 *)(p + 1); 2155 2156 p->prefix = pr->ndpr_prefix; 2157 if (in6_recoverscope(&p->prefix, 2158 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0) 2159 log(LOG_ERR, 2160 "scope error in prefix list (%s)\n", 2161 ip6_sprintf(&p->prefix.sin6_addr)); 2162 p->raflags = pr->ndpr_raf; 2163 p->prefixlen = pr->ndpr_plen; 2164 p->vltime = pr->ndpr_vltime; 2165 p->pltime = pr->ndpr_pltime; 2166 p->if_index = pr->ndpr_ifp->if_index; 2167 p->expire = pr->ndpr_expire; 2168 p->refcnt = pr->ndpr_refcnt; 2169 p->flags = pr->ndpr_stateflags; 2170 p->origin = PR_ORIG_RA; 2171 advrtrs = 0; 2172 for (pfr = pr->ndpr_advrtrs.lh_first; 2173 pfr; 2174 pfr = pfr->pfr_next) { 2175 if ((void *)&sin6[advrtrs + 1] > 2176 (void *)pe) { 2177 advrtrs++; 2178 continue; 2179 } 2180 s6 = &sin6[advrtrs]; 2181 bzero(s6, sizeof(*s6)); 2182 s6->sin6_family = AF_INET6; 2183 s6->sin6_len = sizeof(*sin6); 2184 if (in6_recoverscope(s6, 2185 &pfr->router->rtaddr, 2186 pfr->router->ifp) != 0) 2187 log(LOG_ERR, 2188 "scope error in " 2189 "prefix list (%s)\n", 2190 ip6_sprintf(&pfr->router->rtaddr)); 2191 advrtrs++; 2192 } 2193 p->advrtrs = advrtrs; 2194 } else 2195 panic("buffer too short"); 2196 2197 advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2198 error = SYSCTL_OUT(req, buf, advance); 2199 if (error) 2200 break; 2201 } 2202 return error; 2203 } 2204