1 /* 2 * Copyright (c) 2004, 2005 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Jeffrey M. Hsu. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of The DragonFly Project nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific, prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 62 * $FreeBSD: src/sys/netinet/if_ether.c,v 1.64.2.23 2003/04/11 07:23:15 fjoe Exp $ 63 */ 64 65 /* 66 * Ethernet address resolution protocol. 67 * TODO: 68 * add "inuse/lock" bit (or ref. count) along with valid bit 69 */ 70 71 #include "opt_inet.h" 72 #include "opt_carp.h" 73 74 #include <sys/param.h> 75 #include <sys/kernel.h> 76 #include <sys/queue.h> 77 #include <sys/sysctl.h> 78 #include <sys/systm.h> 79 #include <sys/mbuf.h> 80 #include <sys/malloc.h> 81 #include <sys/socket.h> 82 #include <sys/syslog.h> 83 #include <sys/lock.h> 84 85 #include <net/if.h> 86 #include <net/if_dl.h> 87 #include <net/if_types.h> 88 #include <net/route.h> 89 #include <net/netisr.h> 90 #include <net/if_llc.h> 91 92 #include <netinet/in.h> 93 #include <netinet/in_var.h> 94 #include <netinet/if_ether.h> 95 96 #include <sys/thread2.h> 97 #include <sys/msgport2.h> 98 #include <net/netmsg2.h> 99 #include <net/netisr2.h> 100 #include <sys/mplock2.h> 101 102 #ifdef CARP 103 #include <netinet/ip_carp.h> 104 #endif 105 106 #define SIN(s) ((struct sockaddr_in *)s) 107 #define SDL(s) ((struct sockaddr_dl *)s) 108 109 SYSCTL_DECL(_net_link_ether); 110 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 111 112 /* timer values */ 113 static int arpt_prune = (5*60*1); /* walk list every 5 minutes */ 114 static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ 115 static int arpt_down = 20; /* once declared down, don't send for 20 sec */ 116 117 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, prune_intvl, CTLFLAG_RW, 118 &arpt_prune, 0, ""); 119 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, 120 &arpt_keep, 0, ""); 121 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, host_down_time, CTLFLAG_RW, 122 &arpt_down, 0, ""); 123 124 #define rt_expire rt_rmx.rmx_expire 125 126 struct llinfo_arp { 127 LIST_ENTRY(llinfo_arp) la_le; 128 struct rtentry *la_rt; 129 struct mbuf *la_hold; /* last packet until resolved/timeout */ 130 u_short la_preempt; /* countdown for pre-expiry arps */ 131 u_short la_asked; /* #times we QUERIED following expiration */ 132 }; 133 134 static int arp_maxtries = 5; 135 static int useloopback = 1; /* use loopback interface for local traffic */ 136 static int arp_proxyall = 0; 137 static int arp_refresh = 60; /* refresh arp cache ~60 (not impl yet) */ 138 static int arp_restricted_match = 0; 139 static int arp_ignore_probes = 1; 140 141 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, 142 &arp_maxtries, 0, "ARP resolution attempts before returning error"); 143 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, 144 &useloopback, 0, "Use the loopback interface for local traffic"); 145 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, 146 &arp_proxyall, 0, "Enable proxy ARP for all suitable requests"); 147 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, restricted_match, CTLFLAG_RW, 148 &arp_restricted_match, 0, "Only match against the sender"); 149 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, refresh, CTLFLAG_RW, 150 &arp_refresh, 0, "Preemptively refresh the ARP"); 151 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, ignore_probes, CTLFLAG_RW, 152 &arp_ignore_probes, 0, "Ignore ARP probes"); 153 154 static void arp_rtrequest(int, struct rtentry *); 155 static void arprequest(struct ifnet *, const struct in_addr *, 156 const struct in_addr *, const u_char *); 157 static void arprequest_async(struct ifnet *, const struct in_addr *, 158 const struct in_addr *, const u_char *); 159 static void arpintr(netmsg_t msg); 160 static void arptfree(struct llinfo_arp *); 161 static void arptimer(void *); 162 static struct llinfo_arp * 163 arplookup(in_addr_t, boolean_t, boolean_t, boolean_t); 164 #ifdef INET 165 static void in_arpinput(struct mbuf *); 166 static void in_arpreply(struct mbuf *m, in_addr_t, in_addr_t); 167 static void arp_update_msghandler(netmsg_t); 168 static void arp_reply_msghandler(netmsg_t); 169 #endif 170 171 struct arp_pcpu_data { 172 struct callout timer_ch; 173 struct netmsg_base timer_nmsg; 174 LIST_HEAD(, llinfo_arp) llinfo_list; 175 } __cachealign; 176 177 static struct arp_pcpu_data arp_data[MAXCPU]; 178 179 /* 180 * Timeout routine. Age arp_tab entries periodically. 181 */ 182 static void 183 arptimer_dispatch(netmsg_t nmsg) 184 { 185 struct llinfo_arp *la, *nla; 186 struct arp_pcpu_data *ad = &arp_data[mycpuid]; 187 188 ASSERT_NETISR_NCPUS(mycpuid); 189 190 /* Reply ASAP */ 191 crit_enter(); 192 lwkt_replymsg(&nmsg->lmsg, 0); 193 crit_exit(); 194 195 LIST_FOREACH_MUTABLE(la, &ad->llinfo_list, la_le, nla) { 196 if (la->la_rt->rt_expire && la->la_rt->rt_expire <= time_uptime) 197 arptfree(la); 198 } 199 callout_reset(&ad->timer_ch, arpt_prune * hz, arptimer, NULL); 200 } 201 202 static void 203 arptimer(void *arg __unused) 204 { 205 int cpuid = mycpuid; 206 struct lwkt_msg *lmsg = &arp_data[cpuid].timer_nmsg.lmsg; 207 208 crit_enter(); 209 if (lmsg->ms_flags & MSGF_DONE) 210 lwkt_sendmsg_oncpu(netisr_cpuport(cpuid), lmsg); 211 crit_exit(); 212 } 213 214 /* 215 * Parallel to llc_rtrequest. 216 * 217 * Called after a route is successfully added to the tree to fix-up the 218 * route and initiate arp operations if required. 219 */ 220 static void 221 arp_rtrequest(int req, struct rtentry *rt) 222 { 223 struct sockaddr *gate = rt->rt_gateway; 224 struct llinfo_arp *la = rt->rt_llinfo; 225 226 struct sockaddr_dl null_sdl = { sizeof null_sdl, AF_LINK }; 227 228 if (rt->rt_flags & RTF_GATEWAY) 229 return; 230 231 switch (req) { 232 case RTM_ADD: 233 /* 234 * XXX: If this is a manually added route to interface 235 * such as older version of routed or gated might provide, 236 * restore cloning bit. 237 */ 238 if (!(rt->rt_flags & RTF_HOST) && 239 SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 240 rt->rt_flags |= RTF_CLONING; 241 if (rt->rt_flags & RTF_CLONING) { 242 /* 243 * Case 1: This route should come from a route to iface. 244 */ 245 rt_setgate(rt, rt_key(rt), 246 (struct sockaddr *)&null_sdl, 247 RTL_DONTREPORT); 248 gate = rt->rt_gateway; 249 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 250 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 251 rt->rt_expire = time_uptime; 252 break; 253 } 254 /* 255 * Announce a new entry if requested, and only announce it 256 * once on cpu0. 257 */ 258 if ((rt->rt_flags & RTF_ANNOUNCE) && mycpuid == 0) { 259 arprequest(rt->rt_ifp, 260 &SIN(rt_key(rt))->sin_addr, 261 &SIN(rt_key(rt))->sin_addr, 262 LLADDR(SDL(gate))); 263 } 264 /*FALLTHROUGH*/ 265 case RTM_RESOLVE: 266 if (gate->sa_family != AF_LINK || 267 gate->sa_len < sizeof(struct sockaddr_dl)) { 268 log(LOG_DEBUG, "arp_rtrequest: bad gateway value\n"); 269 break; 270 } 271 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 272 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 273 if (la != NULL) 274 break; /* This happens on a route change */ 275 /* 276 * Case 2: This route may come from cloning, or a manual route 277 * add with a LL address. 278 */ 279 R_Malloc(la, struct llinfo_arp *, sizeof *la); 280 rt->rt_llinfo = la; 281 if (la == NULL) { 282 log(LOG_DEBUG, "arp_rtrequest: malloc failed\n"); 283 break; 284 } 285 bzero(la, sizeof *la); 286 la->la_rt = rt; 287 rt->rt_flags |= RTF_LLINFO; 288 LIST_INSERT_HEAD(&arp_data[mycpuid].llinfo_list, la, la_le); 289 290 #ifdef INET 291 /* 292 * This keeps the multicast addresses from showing up 293 * in `arp -a' listings as unresolved. It's not actually 294 * functional. Then the same for broadcast. 295 */ 296 if (IN_MULTICAST(ntohl(SIN(rt_key(rt))->sin_addr.s_addr))) { 297 ETHER_MAP_IP_MULTICAST(&SIN(rt_key(rt))->sin_addr, 298 LLADDR(SDL(gate))); 299 SDL(gate)->sdl_alen = 6; 300 rt->rt_expire = 0; 301 } 302 if (in_broadcast(SIN(rt_key(rt))->sin_addr, rt->rt_ifp)) { 303 memcpy(LLADDR(SDL(gate)), rt->rt_ifp->if_broadcastaddr, 304 rt->rt_ifp->if_addrlen); 305 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen; 306 rt->rt_expire = 0; 307 } 308 #endif 309 310 /* 311 * This fixes up the routing interface for local addresses. 312 * The route is adjusted to point at lo0 and the expiration 313 * timer is disabled. 314 * 315 * NOTE: This prevents locally targetted traffic from going 316 * out the hardware interface, which is inefficient 317 * and might not work if the hardware cannot listen 318 * to its own transmitted packets. Setting 319 * net.link.ether.inet.useloopback to 0 will force 320 * packets for local addresses out the hardware (and 321 * it is expected to receive its own packet). 322 * 323 * XXX We should just be able to test RTF_LOCAL here instead 324 * of having to compare IPs. 325 */ 326 if (SIN(rt_key(rt))->sin_addr.s_addr == 327 (IA_SIN(rt->rt_ifa))->sin_addr.s_addr) { 328 rt->rt_expire = 0; 329 bcopy(IF_LLADDR(rt->rt_ifp), LLADDR(SDL(gate)), 330 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen); 331 if (useloopback) 332 rt->rt_ifp = loif; 333 } 334 break; 335 336 case RTM_DELETE: 337 if (la == NULL) 338 break; 339 LIST_REMOVE(la, la_le); 340 rt->rt_llinfo = NULL; 341 rt->rt_flags &= ~RTF_LLINFO; 342 if (la->la_hold != NULL) 343 m_freem(la->la_hold); 344 Free(la); 345 break; 346 } 347 } 348 349 static struct mbuf * 350 arpreq_alloc(struct ifnet *ifp, const struct in_addr *sip, 351 const struct in_addr *tip, const u_char *enaddr) 352 { 353 struct mbuf *m; 354 struct arphdr *ah; 355 u_short ar_hrd; 356 357 if ((m = m_gethdr(M_NOWAIT, MT_DATA)) == NULL) 358 return NULL; 359 m->m_pkthdr.rcvif = NULL; 360 361 switch (ifp->if_type) { 362 case IFT_ETHER: 363 /* 364 * This may not be correct for types not explicitly 365 * listed, but this is our best guess 366 */ 367 default: 368 ar_hrd = htons(ARPHRD_ETHER); 369 370 m->m_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 371 m->m_pkthdr.len = m->m_len; 372 MH_ALIGN(m, m->m_len); 373 374 ah = mtod(m, struct arphdr *); 375 break; 376 } 377 378 ah->ar_hrd = ar_hrd; 379 ah->ar_pro = htons(ETHERTYPE_IP); 380 ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 381 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 382 ah->ar_op = htons(ARPOP_REQUEST); 383 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 384 memset(ar_tha(ah), 0, ah->ar_hln); 385 memcpy(ar_spa(ah), sip, ah->ar_pln); 386 memcpy(ar_tpa(ah), tip, ah->ar_pln); 387 388 return m; 389 } 390 391 static void 392 arpreq_send(struct ifnet *ifp, struct mbuf *m) 393 { 394 struct sockaddr sa; 395 struct ether_header *eh; 396 397 ASSERT_NETISR_NCPUS(mycpuid); 398 399 switch (ifp->if_type) { 400 case IFT_ETHER: 401 /* 402 * This may not be correct for types not explicitly 403 * listed, but this is our best guess 404 */ 405 default: 406 eh = (struct ether_header *)sa.sa_data; 407 /* if_output() will not swap */ 408 eh->ether_type = htons(ETHERTYPE_ARP); 409 memcpy(eh->ether_dhost, ifp->if_broadcastaddr, ifp->if_addrlen); 410 break; 411 } 412 413 sa.sa_family = AF_UNSPEC; 414 sa.sa_len = sizeof(sa); 415 ifp->if_output(ifp, m, &sa, NULL); 416 } 417 418 static void 419 arpreq_send_handler(netmsg_t msg) 420 { 421 struct mbuf *m = msg->packet.nm_packet; 422 struct ifnet *ifp = msg->lmsg.u.ms_resultp; 423 424 arpreq_send(ifp, m); 425 /* nmsg was embedded in the mbuf, do not reply! */ 426 } 427 428 /* 429 * Broadcast an ARP request. Caller specifies: 430 * - arp header source ip address 431 * - arp header target ip address 432 * - arp header source ethernet address 433 * 434 * NOTE: Caller MUST NOT hold ifp's serializer 435 */ 436 static void 437 arprequest(struct ifnet *ifp, const struct in_addr *sip, 438 const struct in_addr *tip, const u_char *enaddr) 439 { 440 struct mbuf *m; 441 442 ASSERT_NETISR_NCPUS(mycpuid); 443 444 if (enaddr == NULL) { 445 if (ifp->if_bridge) { 446 enaddr = IF_LLADDR(ether_bridge_interface(ifp)); 447 } else { 448 enaddr = IF_LLADDR(ifp); 449 } 450 } 451 452 m = arpreq_alloc(ifp, sip, tip, enaddr); 453 if (m == NULL) 454 return; 455 arpreq_send(ifp, m); 456 } 457 458 /* 459 * Same as arprequest(), except: 460 * - Caller is allowed to hold ifp's serializer 461 * - Network output is done in protocol thead 462 */ 463 static void 464 arprequest_async(struct ifnet *ifp, const struct in_addr *sip, 465 const struct in_addr *tip, const u_char *enaddr) 466 { 467 struct mbuf *m; 468 struct netmsg_packet *pmsg; 469 int cpu; 470 471 if (enaddr == NULL) { 472 if (ifp->if_bridge) { 473 enaddr = IF_LLADDR(ether_bridge_interface(ifp)); 474 } else { 475 enaddr = IF_LLADDR(ifp); 476 } 477 } 478 m = arpreq_alloc(ifp, sip, tip, enaddr); 479 if (m == NULL) 480 return; 481 482 pmsg = &m->m_hdr.mh_netmsg; 483 netmsg_init(&pmsg->base, NULL, &netisr_apanic_rport, 484 0, arpreq_send_handler); 485 pmsg->nm_packet = m; 486 pmsg->base.lmsg.u.ms_resultp = ifp; 487 488 if (mycpuid < netisr_ncpus) 489 cpu = mycpuid; 490 else 491 cpu = 0; 492 lwkt_sendmsg(netisr_cpuport(cpu), &pmsg->base.lmsg); 493 } 494 495 /* 496 * Resolve an IP address into an ethernet address. If success, 497 * desten is filled in. If there is no entry in arptab, 498 * set one up and broadcast a request for the IP address. 499 * Hold onto this mbuf and resend it once the address 500 * is finally resolved. A return value of 1 indicates 501 * that desten has been filled in and the packet should be sent 502 * normally; a 0 return indicates that the packet has been 503 * taken over here, either now or for later transmission. 504 */ 505 int 506 arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 507 struct sockaddr *dst, u_char *desten) 508 { 509 struct rtentry *rt = NULL; 510 struct llinfo_arp *la = NULL; 511 struct sockaddr_dl *sdl; 512 513 if (m->m_flags & M_BCAST) { /* broadcast */ 514 memcpy(desten, ifp->if_broadcastaddr, ifp->if_addrlen); 515 return (1); 516 } 517 if (m->m_flags & M_MCAST) {/* multicast */ 518 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 519 return (1); 520 } 521 if (rt0 != NULL) { 522 if (rt_llroute(dst, rt0, &rt) != 0) { 523 m_freem(m); 524 return 0; 525 } 526 la = rt->rt_llinfo; 527 } 528 if (la == NULL) { 529 la = arplookup(SIN(dst)->sin_addr.s_addr, 530 TRUE, RTL_REPORTMSG, FALSE); 531 if (la != NULL) 532 rt = la->la_rt; 533 } 534 if (la == NULL || rt == NULL) { 535 char addr[INET_ADDRSTRLEN]; 536 537 log(LOG_DEBUG, "arpresolve: can't allocate llinfo for %s%s%s\n", 538 kinet_ntoa(SIN(dst)->sin_addr, addr), la ? "la" : " ", 539 rt ? "rt" : ""); 540 m_freem(m); 541 return (0); 542 } 543 sdl = SDL(rt->rt_gateway); 544 /* 545 * Check the address family and length is valid, the address 546 * is resolved; otherwise, try to resolve. 547 */ 548 if ((rt->rt_expire == 0 || rt->rt_expire > time_uptime) && 549 sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) { 550 /* 551 * If entry has an expiry time and it is approaching, 552 * see if we need to send an ARP request within this 553 * arpt_down interval. 554 */ 555 if ((rt->rt_expire != 0) && 556 (time_uptime + la->la_preempt > rt->rt_expire)) { 557 arprequest(ifp, 558 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 559 &SIN(dst)->sin_addr, 560 NULL); 561 la->la_preempt--; 562 } 563 564 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 565 return 1; 566 } 567 /* 568 * If ARP is disabled or static on this interface, stop. 569 * XXX 570 * Probably should not allocate empty llinfo struct if we are 571 * not going to be sending out an arp request. 572 */ 573 if (ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) { 574 m_freem(m); 575 return (0); 576 } 577 /* 578 * There is an arptab entry, but no ethernet address 579 * response yet. Replace the held mbuf with this 580 * latest one. 581 */ 582 if (la->la_hold != NULL) 583 m_freem(la->la_hold); 584 la->la_hold = m; 585 if (rt->rt_expire || ((rt->rt_flags & RTF_STATIC) && !sdl->sdl_alen)) { 586 rt->rt_flags &= ~RTF_REJECT; 587 if (la->la_asked == 0 || rt->rt_expire != time_uptime) { 588 rt->rt_expire = time_uptime; 589 if (la->la_asked++ < arp_maxtries) { 590 arprequest(ifp, 591 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 592 &SIN(dst)->sin_addr, 593 NULL); 594 } else { 595 rt->rt_flags |= RTF_REJECT; 596 rt->rt_expire += arpt_down; 597 la->la_asked = 0; 598 la->la_preempt = arp_maxtries; 599 } 600 } 601 } 602 return (0); 603 } 604 605 /* 606 * Common length and type checks are done here, 607 * then the protocol-specific routine is called. 608 */ 609 static void 610 arpintr(netmsg_t msg) 611 { 612 struct mbuf *m = msg->packet.nm_packet; 613 struct arphdr *ar; 614 u_short ar_hrd; 615 char hexstr[6]; 616 617 if (m->m_len < sizeof(struct arphdr) && 618 (m = m_pullup(m, sizeof(struct arphdr))) == NULL) { 619 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n"); 620 return; 621 } 622 ar = mtod(m, struct arphdr *); 623 624 ar_hrd = ntohs(ar->ar_hrd); 625 if (ar_hrd != ARPHRD_ETHER && ar_hrd != ARPHRD_IEEE802) { 626 hexncpy((unsigned char *)&ar->ar_hrd, 2, hexstr, 5, NULL); 627 log(LOG_ERR, "arp: unknown hardware address format (0x%s)\n", 628 hexstr); 629 m_freem(m); 630 return; 631 } 632 633 if (m->m_pkthdr.len < arphdr_len(ar)) { 634 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { 635 log(LOG_ERR, "arp: runt packet\n"); 636 return; 637 } 638 ar = mtod(m, struct arphdr *); 639 } 640 641 switch (ntohs(ar->ar_pro)) { 642 #ifdef INET 643 case ETHERTYPE_IP: 644 in_arpinput(m); 645 return; 646 #endif 647 } 648 m_freem(m); 649 /* msg was embedded in the mbuf, do not reply! */ 650 } 651 652 #ifdef INET 653 /* 654 * ARP for Internet protocols on 10 Mb/s Ethernet. 655 * Algorithm is that given in RFC 826. 656 * In addition, a sanity check is performed on the sender 657 * protocol address, to catch impersonators. 658 * We no longer handle negotiations for use of trailer protocol: 659 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 660 * along with IP replies if we wanted trailers sent to us, 661 * and also sent them in response to IP replies. 662 * This allowed either end to announce the desire to receive 663 * trailer packets. 664 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 665 * but formerly didn't normally send requests. 666 */ 667 668 static int log_arp_wrong_iface = 1; 669 static int log_arp_movements = 1; 670 static int log_arp_permanent_modify = 1; 671 static int log_arp_creation_failure = 1; 672 673 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 674 &log_arp_wrong_iface, 0, 675 "Log arp packets arriving on the wrong interface"); 676 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW, 677 &log_arp_movements, 0, 678 "Log arp replies from MACs different than the one in the cache"); 679 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW, 680 &log_arp_permanent_modify, 0, 681 "Log arp replies from MACs different than the one " 682 "in the permanent arp entry"); 683 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_creation_failure, CTLFLAG_RW, 684 &log_arp_creation_failure, 0, "Log arp creation failure"); 685 686 /* 687 * Returns non-zero if the routine updated anything. 688 */ 689 static int 690 arp_update_oncpu(struct mbuf *m, in_addr_t saddr, boolean_t create, 691 boolean_t generate_report, boolean_t dologging) 692 { 693 struct arphdr *ah = mtod(m, struct arphdr *); 694 struct ifnet *ifp = m->m_pkthdr.rcvif; 695 struct llinfo_arp *la; 696 struct sockaddr_dl *sdl; 697 struct rtentry *rt; 698 char hexstr[2][64]; 699 char sbuf[INET_ADDRSTRLEN]; 700 int changed = create; 701 702 KASSERT(curthread->td_type == TD_TYPE_NETISR, 703 ("arp update not in netisr")); 704 705 la = arplookup(saddr, create, generate_report, FALSE); 706 if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { 707 struct in_addr isaddr = { saddr }; 708 709 /* 710 * Normally arps coming in on the wrong interface are ignored, 711 * but if we are bridging and the two interfaces belong to 712 * the same bridge, or one is a member of the bridge which 713 * is the other, then it isn't an error. 714 */ 715 if (rt->rt_ifp != ifp) { 716 /* 717 * (1) ifp and rt_ifp both members of same bridge 718 * (2) rt_ifp member of bridge ifp 719 * (3) ifp member of bridge rt_ifp 720 * 721 * Always replace rt_ifp with the bridge ifc. 722 */ 723 struct ifnet *nifp; 724 725 if (ifp->if_bridge && 726 rt->rt_ifp->if_bridge == ifp->if_bridge) { 727 nifp = ether_bridge_interface(ifp); 728 } else if (rt->rt_ifp->if_bridge && 729 ether_bridge_interface(rt->rt_ifp) == ifp) { 730 nifp = ifp; 731 } else if (ifp->if_bridge && 732 ether_bridge_interface(ifp) == rt->rt_ifp) { 733 nifp = rt->rt_ifp; 734 } else { 735 nifp = NULL; 736 } 737 738 if ((log_arp_wrong_iface == 1 && nifp == NULL) || 739 log_arp_wrong_iface == 2) { 740 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 741 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":"); 742 log(LOG_ERR, 743 "arp: %s is on %s " 744 "but got reply from %s on %s\n", 745 kinet_ntoa(isaddr, sbuf), 746 rt->rt_ifp->if_xname, hexstr[0], 747 ifp->if_xname); 748 } 749 if (nifp == NULL) 750 return 0; 751 752 /* 753 * nifp is our man! Replace rt_ifp and adjust 754 * the sdl. 755 */ 756 ifp = rt->rt_ifp = nifp; 757 if (sdl->sdl_type != ifp->if_type) { 758 sdl->sdl_type = ifp->if_type; 759 changed = 1; 760 } 761 if (sdl->sdl_index != ifp->if_index) { 762 sdl->sdl_index = ifp->if_index; 763 changed = 1; 764 } 765 } 766 if (sdl->sdl_alen && 767 bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) { 768 changed = 1; 769 if (rt->rt_expire != 0) { 770 if (dologging && log_arp_movements) { 771 hexncpy((u_char *)LLADDR(sdl), ifp->if_addrlen, 772 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":"); 773 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 774 hexstr[1], HEX_NCPYLEN(ifp->if_addrlen), ":"); 775 log(LOG_INFO, 776 "arp: %s moved from %s to %s on %s\n", 777 kinet_ntoa(isaddr, sbuf), hexstr[0], hexstr[1], 778 ifp->if_xname); 779 } 780 } else { 781 if (dologging && log_arp_permanent_modify) { 782 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 783 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":"); 784 log(LOG_ERR, 785 "arp: %s attempts to modify " 786 "permanent entry for %s on %s\n", 787 hexstr[0], kinet_ntoa(isaddr, sbuf), ifp->if_xname); 788 } 789 return changed; 790 } 791 } 792 /* 793 * sanity check for the address length. 794 * XXX this does not work for protocols with variable address 795 * length. -is 796 */ 797 if (dologging && sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) { 798 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 799 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":"); 800 log(LOG_WARNING, 801 "arp from %s: new addr len %d, was %d", 802 hexstr[0], ah->ar_hln, sdl->sdl_alen); 803 } 804 if (ifp->if_addrlen != ah->ar_hln) { 805 if (dologging) { 806 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 807 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":"); 808 log(LOG_WARNING, 809 "arp from %s: addr len: new %d, i/f %d " 810 "(ignored)", hexstr[0], 811 ah->ar_hln, ifp->if_addrlen); 812 } 813 return changed; 814 } 815 memcpy(LLADDR(sdl), ar_sha(ah), sdl->sdl_alen = ah->ar_hln); 816 if (rt->rt_expire != 0) { 817 if (rt->rt_expire != time_uptime + arpt_keep && 818 rt->rt_expire != time_uptime + arpt_keep - 1) { 819 rt->rt_expire = time_uptime + arpt_keep; 820 changed = 1; 821 } 822 } 823 if (rt->rt_flags & RTF_REJECT) { 824 rt->rt_flags &= ~RTF_REJECT; 825 changed = 1; 826 } 827 if (la->la_asked != 0) { 828 la->la_asked = 0; 829 changed = 1; 830 } 831 if (la->la_preempt != arp_maxtries) { 832 la->la_preempt = arp_maxtries; 833 changed = 1; 834 } 835 836 /* 837 * This particular cpu might have been holding an mbuf 838 * pending ARP resolution. If so, transmit the mbuf now. 839 */ 840 if (la->la_hold != NULL) { 841 struct mbuf *m = la->la_hold; 842 843 la->la_hold = NULL; 844 m_adj(m, sizeof(struct ether_header)); 845 ifp->if_output(ifp, m, rt_key(rt), rt); 846 changed = 1; 847 } 848 } 849 return changed; 850 } 851 852 /* 853 * Called from arpintr() - this routine is run from a single cpu. 854 */ 855 static void 856 in_arpinput(struct mbuf *m) 857 { 858 struct arphdr *ah; 859 struct ifnet *ifp = m->m_pkthdr.rcvif; 860 struct ifaddr_container *ifac; 861 struct in_ifaddr_container *iac; 862 struct in_ifaddr *ia = NULL; 863 struct in_addr isaddr, itaddr, myaddr; 864 uint8_t *enaddr = NULL; 865 int req_len; 866 int changed; 867 char hexstr[64], sbuf[INET_ADDRSTRLEN]; 868 869 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 870 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { 871 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n"); 872 return; 873 } 874 875 ah = mtod(m, struct arphdr *); 876 memcpy(&isaddr, ar_spa(ah), sizeof isaddr); 877 memcpy(&itaddr, ar_tpa(ah), sizeof itaddr); 878 879 /* 880 * Check both target and sender IP addresses: 881 * 882 * If we receive the packet on the interface owning the address, 883 * then accept the address. 884 * 885 * For a bridge, we accept the address if the receive interface and 886 * the interface owning the address are on the same bridge, and 887 * use the bridge MAC as the is-at response. The bridge will be 888 * responsible for handling the packet. 889 * 890 * (0) Check target IP against CARP IPs 891 */ 892 #ifdef CARP 893 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) { 894 int is_match = 0, is_parent = 0; 895 896 ia = iac->ia; 897 898 /* Skip all ia's which don't match */ 899 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 900 continue; 901 902 if (ia->ia_ifp->if_type != IFT_CARP) 903 continue; 904 905 if (carp_parent(ia->ia_ifp) == ifp) 906 is_parent = 1; 907 if (is_parent || ia->ia_ifp == ifp) 908 is_match = carp_iamatch(ia); 909 910 if (is_match) { 911 if (is_parent) { 912 /* 913 * The parent interface will also receive 914 * the ethernet broadcast packets, e.g. ARP 915 * REQUEST, so if we could find a CARP 916 * interface of the parent that could match 917 * the target IP address, we then drop the 918 * packets, which is delieverd to us through 919 * the parent interface. 920 */ 921 m_freem(m); 922 return; 923 } 924 goto match; 925 } 926 } 927 #endif /* CARP */ 928 929 /* 930 * (1) Check target IP against our local IPs 931 */ 932 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) { 933 ia = iac->ia; 934 935 /* Skip all ia's which don't match */ 936 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 937 continue; 938 939 #ifdef CARP 940 /* CARP interfaces are checked in (0) */ 941 if (ia->ia_ifp->if_type == IFT_CARP) 942 continue; 943 #endif 944 945 if (ifp->if_bridge && ia->ia_ifp && 946 ifp->if_bridge == ia->ia_ifp->if_bridge) { 947 ifp = ether_bridge_interface(ifp); 948 goto match; 949 } 950 if (ia->ia_ifp && ia->ia_ifp->if_bridge && 951 ether_bridge_interface(ia->ia_ifp) == ifp) { 952 goto match; 953 } 954 if (ifp->if_bridge && ether_bridge_interface(ifp) == 955 ia->ia_ifp) { 956 goto match; 957 } 958 if (ia->ia_ifp == ifp) { 959 goto match; 960 } 961 } 962 963 /* 964 * (2) Check sender IP against our local IPs 965 */ 966 LIST_FOREACH(iac, INADDR_HASH(isaddr.s_addr), ia_hash) { 967 ia = iac->ia; 968 969 /* Skip all ia's which don't match */ 970 if (isaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 971 continue; 972 973 if (ifp->if_bridge && ia->ia_ifp && 974 ifp->if_bridge == ia->ia_ifp->if_bridge) { 975 ifp = ether_bridge_interface(ifp); 976 goto match; 977 } 978 if (ia->ia_ifp && ia->ia_ifp->if_bridge && 979 ether_bridge_interface(ia->ia_ifp) == ifp) { 980 goto match; 981 } 982 if (ifp->if_bridge && ether_bridge_interface(ifp) == 983 ia->ia_ifp) { 984 goto match; 985 } 986 987 if (ia->ia_ifp == ifp) 988 goto match; 989 } 990 991 /* 992 * No match, use the first inet address on the receive interface 993 * as a dummy address for the rest of the function. 994 */ 995 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 996 struct ifaddr *ifa = ifac->ifa; 997 998 if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) { 999 ia = ifatoia(ifa); 1000 goto match; 1001 } 1002 } 1003 1004 /* 1005 * If we got here, we didn't find any suitable interface, 1006 * so drop the packet. 1007 */ 1008 m_freem(m); 1009 return; 1010 1011 match: 1012 if (!enaddr) 1013 enaddr = (uint8_t *)IF_LLADDR(ifp); 1014 myaddr = ia->ia_addr.sin_addr; 1015 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) { 1016 m_freem(m); /* it's from me, ignore it. */ 1017 return; 1018 } 1019 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 1020 log(LOG_ERR, 1021 "arp: link address is broadcast for IP address %s!\n", 1022 kinet_ntoa(isaddr, sbuf)); 1023 m_freem(m); 1024 return; 1025 } 1026 if (isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { 1027 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen, 1028 hexstr, HEX_NCPYLEN(ifp->if_addrlen), ":"); 1029 log(LOG_ERR, 1030 "arp: %s is using my IP address %s!\n", 1031 hexstr, kinet_ntoa(isaddr, sbuf)); 1032 itaddr = myaddr; 1033 goto reply; 1034 } 1035 if (ifp->if_flags & IFF_STATICARP) 1036 goto reply; 1037 1038 /* 1039 * When arp_restricted_match is true and the ARP response is not 1040 * specifically targetted to me, ignore it. Otherwise the entry 1041 * timeout may be updated for an old MAC. 1042 */ 1043 if (arp_restricted_match && itaddr.s_addr != myaddr.s_addr) { 1044 m_freem(m); 1045 return; 1046 } 1047 1048 /* 1049 * Update all CPU's routing tables with this ARP packet. 1050 * 1051 * However, we only need to generate rtmsg on CPU0. 1052 */ 1053 ASSERT_NETISR0; 1054 changed = arp_update_oncpu(m, isaddr.s_addr, 1055 itaddr.s_addr == myaddr.s_addr, 1056 RTL_REPORTMSG, TRUE); 1057 1058 if (netisr_ncpus > 1 && changed) { 1059 struct netmsg_inarp *msg = &m->m_hdr.mh_arpmsg; 1060 1061 netmsg_init(&msg->base, NULL, &netisr_apanic_rport, 1062 0, arp_update_msghandler); 1063 msg->m = m; 1064 msg->saddr = isaddr.s_addr; 1065 msg->taddr = itaddr.s_addr; 1066 msg->myaddr = myaddr.s_addr; 1067 lwkt_sendmsg(netisr_cpuport(1), &msg->base.lmsg); 1068 } else { 1069 goto reply; 1070 } 1071 1072 /* 1073 * Just return here; after all CPUs's routing tables are 1074 * properly updated by this ARP packet, an ARP reply will 1075 * be generated if appropriate. 1076 */ 1077 return; 1078 reply: 1079 in_arpreply(m, itaddr.s_addr, myaddr.s_addr); 1080 } 1081 1082 static void 1083 arp_reply_msghandler(netmsg_t msg) 1084 { 1085 struct netmsg_inarp *rmsg = (struct netmsg_inarp *)msg; 1086 1087 in_arpreply(rmsg->m, rmsg->taddr, rmsg->myaddr); 1088 /* Don't reply this netmsg; netmsg_inarp is embedded in mbuf */ 1089 } 1090 1091 static void 1092 arp_update_msghandler(netmsg_t msg) 1093 { 1094 struct netmsg_inarp *rmsg = (struct netmsg_inarp *)msg; 1095 int nextcpu; 1096 1097 ASSERT_NETISR_NCPUS(mycpuid); 1098 1099 /* 1100 * This message handler will be called on all of the APs; 1101 * no need to generate rtmsg on them. 1102 */ 1103 KASSERT(mycpuid > 0, ("arp update msg on cpu%d", mycpuid)); 1104 arp_update_oncpu(rmsg->m, rmsg->saddr, 1105 rmsg->taddr == rmsg->myaddr, 1106 RTL_DONTREPORT, FALSE); 1107 1108 nextcpu = mycpuid + 1; 1109 if (nextcpu < netisr_ncpus) { 1110 lwkt_forwardmsg(netisr_cpuport(nextcpu), &rmsg->base.lmsg); 1111 } else { 1112 struct mbuf *m = rmsg->m; 1113 in_addr_t saddr = rmsg->saddr; 1114 in_addr_t taddr = rmsg->taddr; 1115 in_addr_t myaddr = rmsg->myaddr; 1116 1117 /* 1118 * Dispatch this mbuf to netisr0 to perform ARP reply, 1119 * if appropriate. 1120 * NOTE: netmsg_inarp is embedded in this mbuf. 1121 */ 1122 netmsg_init(&rmsg->base, NULL, &netisr_apanic_rport, 1123 0, arp_reply_msghandler); 1124 rmsg->m = m; 1125 rmsg->saddr = saddr; 1126 rmsg->taddr = taddr; 1127 rmsg->myaddr = myaddr; 1128 lwkt_sendmsg(netisr_cpuport(0), &rmsg->base.lmsg); 1129 } 1130 } 1131 1132 static void 1133 in_arpreply(struct mbuf *m, in_addr_t taddr, in_addr_t myaddr) 1134 { 1135 struct ifnet *ifp = m->m_pkthdr.rcvif; 1136 const uint8_t *enaddr; 1137 struct arphdr *ah; 1138 struct sockaddr sa; 1139 struct ether_header *eh; 1140 1141 ASSERT_NETISR0; 1142 1143 ah = mtod(m, struct arphdr *); 1144 if (ntohs(ah->ar_op) != ARPOP_REQUEST) { 1145 m_freem(m); 1146 return; 1147 } 1148 1149 enaddr = (const uint8_t *)IF_LLADDR(ifp); 1150 if (taddr == myaddr) { 1151 /* I am the target */ 1152 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1153 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 1154 } else { 1155 struct llinfo_arp *la; 1156 struct rtentry *rt; 1157 1158 la = arplookup(taddr, FALSE, RTL_DONTREPORT, SIN_PROXY); 1159 if (la == NULL) { 1160 struct sockaddr_in sin; 1161 #ifdef DEBUG_PROXY 1162 char tbuf[INET_ADDRSTRLEN]; 1163 #endif 1164 1165 if (!arp_proxyall) { 1166 m_freem(m); 1167 return; 1168 } 1169 1170 bzero(&sin, sizeof sin); 1171 sin.sin_family = AF_INET; 1172 sin.sin_len = sizeof sin; 1173 sin.sin_addr.s_addr = taddr; 1174 1175 rt = rtpurelookup((struct sockaddr *)&sin); 1176 if (rt == NULL) { 1177 m_freem(m); 1178 return; 1179 } 1180 --rt->rt_refcnt; 1181 /* 1182 * Don't send proxies for nodes on the same interface 1183 * as this one came out of, or we'll get into a fight 1184 * over who claims what Ether address. 1185 */ 1186 if (rt->rt_ifp == ifp) { 1187 m_freem(m); 1188 return; 1189 } 1190 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1191 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 1192 #ifdef DEBUG_PROXY 1193 kprintf("arp: proxying for %s\n", 1194 kinet_ntoa(itaddr, tbuf)); 1195 #endif 1196 } else { 1197 struct sockaddr_dl *sdl; 1198 1199 rt = la->la_rt; 1200 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1201 sdl = SDL(rt->rt_gateway); 1202 memcpy(ar_sha(ah), LLADDR(sdl), ah->ar_hln); 1203 } 1204 } 1205 1206 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 1207 memcpy(ar_spa(ah), &taddr, ah->ar_pln); 1208 ah->ar_op = htons(ARPOP_REPLY); 1209 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 1210 switch (ifp->if_type) { 1211 case IFT_ETHER: 1212 /* 1213 * May not be correct for types not explictly 1214 * listed, but it is our best guess. 1215 */ 1216 default: 1217 eh = (struct ether_header *)sa.sa_data; 1218 memcpy(eh->ether_dhost, ar_tha(ah), sizeof eh->ether_dhost); 1219 eh->ether_type = htons(ETHERTYPE_ARP); 1220 break; 1221 } 1222 sa.sa_family = AF_UNSPEC; 1223 sa.sa_len = sizeof sa; 1224 ifp->if_output(ifp, m, &sa, NULL); 1225 } 1226 1227 #endif /* INET */ 1228 1229 /* 1230 * Free an arp entry. If the arp entry is actively referenced or represents 1231 * a static entry we only clear it back to an unresolved state, otherwise 1232 * we destroy the entry entirely. 1233 * 1234 * Note that static entries are created when route add ... -interface is used 1235 * to create an interface route to a (direct) destination. 1236 */ 1237 static void 1238 arptfree(struct llinfo_arp *la) 1239 { 1240 struct rtentry *rt = la->la_rt; 1241 struct sockaddr_dl *sdl; 1242 1243 if (rt == NULL) 1244 panic("arptfree"); 1245 sdl = SDL(rt->rt_gateway); 1246 if (sdl != NULL && 1247 ((rt->rt_refcnt > 0 && sdl->sdl_family == AF_LINK) || 1248 (rt->rt_flags & RTF_STATIC))) { 1249 sdl->sdl_alen = 0; 1250 la->la_preempt = la->la_asked = 0; 1251 rt->rt_flags &= ~RTF_REJECT; 1252 return; 1253 } 1254 rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL); 1255 } 1256 1257 /* 1258 * Lookup or enter a new address in arptab. 1259 */ 1260 static struct llinfo_arp * 1261 arplookup(in_addr_t addr, boolean_t create, boolean_t generate_report, 1262 boolean_t proxy) 1263 { 1264 struct rtentry *rt; 1265 struct sockaddr_inarp sin = { sizeof sin, AF_INET }; 1266 const char *why = NULL; 1267 1268 /* Check ARP probes, e.g. from Cisco switches. */ 1269 if (addr == INADDR_ANY && arp_ignore_probes) 1270 return (NULL); 1271 1272 sin.sin_addr.s_addr = addr; 1273 sin.sin_other = proxy ? SIN_PROXY : 0; 1274 if (create) { 1275 rt = _rtlookup((struct sockaddr *)&sin, 1276 generate_report, RTL_DOCLONE); 1277 } else { 1278 rt = rtpurelookup((struct sockaddr *)&sin); 1279 } 1280 if (rt == NULL) 1281 return (NULL); 1282 rt->rt_refcnt--; 1283 1284 if (rt->rt_flags & RTF_GATEWAY) 1285 why = "host is not on local network"; 1286 else if (!(rt->rt_flags & RTF_LLINFO)) 1287 why = "could not allocate llinfo"; 1288 else if (rt->rt_gateway->sa_family != AF_LINK) 1289 why = "gateway route is not ours"; 1290 1291 if (why) { 1292 if (create && log_arp_creation_failure) { 1293 char abuf[INET_ADDRSTRLEN]; 1294 1295 log(LOG_DEBUG, "arplookup %s failed: %s\n", 1296 kinet_ntoa(sin.sin_addr, abuf), why); 1297 } 1298 if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_WASCLONED)) { 1299 /* No references to this route. Purge it. */ 1300 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway, 1301 rt_mask(rt), rt->rt_flags, NULL); 1302 } 1303 return (NULL); 1304 } 1305 return (rt->rt_llinfo); 1306 } 1307 1308 void 1309 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 1310 { 1311 ifa->ifa_rtrequest = arp_rtrequest; 1312 ifa->ifa_flags |= RTF_CLONING; 1313 } 1314 1315 void 1316 arp_gratuitous(struct ifnet *ifp, struct ifaddr *ifa) 1317 { 1318 if (IA_SIN(ifa)->sin_addr.s_addr != INADDR_ANY) { 1319 if (IN_NETISR_NCPUS(mycpuid)) { 1320 arprequest(ifp, &IA_SIN(ifa)->sin_addr, 1321 &IA_SIN(ifa)->sin_addr, NULL); 1322 } else { 1323 arprequest_async(ifp, &IA_SIN(ifa)->sin_addr, 1324 &IA_SIN(ifa)->sin_addr, NULL); 1325 } 1326 } 1327 } 1328 1329 static void 1330 arp_ifaddr(void *arg __unused, struct ifnet *ifp, 1331 enum ifaddr_event event, struct ifaddr *ifa) 1332 { 1333 if (ifa->ifa_rtrequest != arp_rtrequest) /* XXX need a generic way */ 1334 return; 1335 if (ifa->ifa_addr->sa_family != AF_INET) 1336 return; 1337 if (event == IFADDR_EVENT_DELETE) 1338 return; 1339 1340 /* 1341 * - CARP interfaces will take care of gratuitous ARP themselves. 1342 * - If we are the CARP interface's parent, don't send gratuitous 1343 * ARP to avoid unnecessary confusion. 1344 */ 1345 #ifdef CARP 1346 if (ifp->if_type != IFT_CARP && ifp->if_carp == NULL) 1347 #endif 1348 { 1349 arp_gratuitous(ifp, ifa); 1350 } 1351 } 1352 1353 static void 1354 arp_init(void) 1355 { 1356 int cpu; 1357 1358 for (cpu = 0; cpu < netisr_ncpus; cpu++) { 1359 struct arp_pcpu_data *ad = &arp_data[cpu]; 1360 1361 LIST_INIT(&ad->llinfo_list); 1362 netmsg_init(&ad->timer_nmsg, NULL, &netisr_adone_rport, 1363 MSGF_PRIORITY, arptimer_dispatch); 1364 callout_init_mp(&ad->timer_ch); 1365 1366 callout_reset_bycpu(&ad->timer_ch, hz, arptimer, NULL, cpu); 1367 } 1368 1369 netisr_register(NETISR_ARP, arpintr, NULL); 1370 1371 EVENTHANDLER_REGISTER(ifaddr_event, arp_ifaddr, NULL, 1372 EVENTHANDLER_PRI_LAST); 1373 } 1374 1375 SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); 1376