1 /* 2 * Copyright (c) 2004, 2005 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Jeffrey M. Hsu. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of The DragonFly Project nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific, prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 66 * $FreeBSD: src/sys/netinet/if_ether.c,v 1.64.2.23 2003/04/11 07:23:15 fjoe Exp $ 67 * $DragonFly: src/sys/netinet/if_ether.c,v 1.59 2008/11/22 11:03:35 sephe Exp $ 68 */ 69 70 /* 71 * Ethernet address resolution protocol. 72 * TODO: 73 * add "inuse/lock" bit (or ref. count) along with valid bit 74 */ 75 76 #include "opt_inet.h" 77 #include "opt_carp.h" 78 79 #include <sys/param.h> 80 #include <sys/kernel.h> 81 #include <sys/queue.h> 82 #include <sys/sysctl.h> 83 #include <sys/systm.h> 84 #include <sys/mbuf.h> 85 #include <sys/malloc.h> 86 #include <sys/socket.h> 87 #include <sys/syslog.h> 88 #include <sys/lock.h> 89 90 #include <net/if.h> 91 #include <net/if_dl.h> 92 #include <net/if_types.h> 93 #include <net/route.h> 94 #include <net/netisr.h> 95 #include <net/if_llc.h> 96 97 #include <netinet/in.h> 98 #include <netinet/in_var.h> 99 #include <netinet/if_ether.h> 100 101 #include <sys/thread2.h> 102 #include <sys/msgport2.h> 103 #include <net/netmsg2.h> 104 #include <sys/mplock2.h> 105 106 #ifdef CARP 107 #include <netinet/ip_carp.h> 108 #endif 109 110 #define SIN(s) ((struct sockaddr_in *)s) 111 #define SDL(s) ((struct sockaddr_dl *)s) 112 113 SYSCTL_DECL(_net_link_ether); 114 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 115 116 /* timer values */ 117 static int arpt_prune = (5*60*1); /* walk list every 5 minutes */ 118 static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ 119 static int arpt_down = 20; /* once declared down, don't send for 20 sec */ 120 121 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, prune_intvl, CTLFLAG_RW, 122 &arpt_prune, 0, ""); 123 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, 124 &arpt_keep, 0, ""); 125 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, host_down_time, CTLFLAG_RW, 126 &arpt_down, 0, ""); 127 128 #define rt_expire rt_rmx.rmx_expire 129 130 struct llinfo_arp { 131 LIST_ENTRY(llinfo_arp) la_le; 132 struct rtentry *la_rt; 133 struct mbuf *la_hold; /* last packet until resolved/timeout */ 134 struct lwkt_port *la_msgport; /* last packet's msgport */ 135 u_short la_preempt; /* countdown for pre-expiry arps */ 136 u_short la_asked; /* #times we QUERIED following expiration */ 137 }; 138 139 static LIST_HEAD(, llinfo_arp) llinfo_arp_list[MAXCPU]; 140 141 static int arp_maxtries = 5; 142 static int useloopback = 1; /* use loopback interface for local traffic */ 143 static int arp_proxyall = 0; 144 static int arp_refresh = 60; /* refresh arp cache ~60 (not impl yet) */ 145 static int arp_restricted_match = 0; 146 147 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, 148 &arp_maxtries, 0, "ARP resolution attempts before returning error"); 149 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, 150 &useloopback, 0, "Use the loopback interface for local traffic"); 151 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, 152 &arp_proxyall, 0, "Enable proxy ARP for all suitable requests"); 153 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, restricted_match, CTLFLAG_RW, 154 &arp_restricted_match, 0, "Only match against the sender"); 155 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, refresh, CTLFLAG_RW, 156 &arp_refresh, 0, "Preemptively refresh the ARP"); 157 158 static void arp_rtrequest(int, struct rtentry *, struct rt_addrinfo *); 159 static void arprequest(struct ifnet *, const struct in_addr *, 160 const struct in_addr *, const u_char *); 161 static void arprequest_async(struct ifnet *, const struct in_addr *, 162 const struct in_addr *, const u_char *); 163 static void arpintr(netmsg_t msg); 164 static void arptfree(struct llinfo_arp *); 165 static void arptimer(void *); 166 static struct llinfo_arp * 167 arplookup(in_addr_t, boolean_t, boolean_t, boolean_t); 168 #ifdef INET 169 static void in_arpinput(struct mbuf *); 170 #endif 171 172 static struct callout arptimer_ch[MAXCPU]; 173 174 /* 175 * Timeout routine. Age arp_tab entries periodically. 176 */ 177 /* ARGSUSED */ 178 static void 179 arptimer(void *ignored_arg) 180 { 181 struct llinfo_arp *la, *nla; 182 183 crit_enter(); 184 LIST_FOREACH_MUTABLE(la, &llinfo_arp_list[mycpuid], la_le, nla) { 185 if (la->la_rt->rt_expire && la->la_rt->rt_expire <= time_second) 186 arptfree(la); 187 } 188 callout_reset(&arptimer_ch[mycpuid], arpt_prune * hz, arptimer, NULL); 189 crit_exit(); 190 } 191 192 /* 193 * Parallel to llc_rtrequest. 194 * 195 * Called after a route is successfully added to the tree to fix-up the 196 * route and initiate arp operations if required. 197 */ 198 static void 199 arp_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) 200 { 201 struct sockaddr *gate = rt->rt_gateway; 202 struct llinfo_arp *la = rt->rt_llinfo; 203 204 struct sockaddr_dl null_sdl = { sizeof null_sdl, AF_LINK }; 205 static boolean_t arpinit_done[MAXCPU]; 206 207 if (!arpinit_done[mycpuid]) { 208 arpinit_done[mycpuid] = TRUE; 209 callout_init(&arptimer_ch[mycpuid]); 210 callout_reset(&arptimer_ch[mycpuid], hz, arptimer, NULL); 211 } 212 if (rt->rt_flags & RTF_GATEWAY) 213 return; 214 215 switch (req) { 216 case RTM_ADD: 217 /* 218 * XXX: If this is a manually added route to interface 219 * such as older version of routed or gated might provide, 220 * restore cloning bit. 221 */ 222 if (!(rt->rt_flags & RTF_HOST) && 223 SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 224 rt->rt_flags |= RTF_CLONING; 225 if (rt->rt_flags & RTF_CLONING) { 226 /* 227 * Case 1: This route should come from a route to iface. 228 */ 229 rt_setgate(rt, rt_key(rt), 230 (struct sockaddr *)&null_sdl, 231 RTL_DONTREPORT); 232 gate = rt->rt_gateway; 233 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 234 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 235 rt->rt_expire = time_second; 236 break; 237 } 238 /* Announce a new entry if requested. */ 239 if (rt->rt_flags & RTF_ANNOUNCE) { 240 arprequest_async(rt->rt_ifp, 241 &SIN(rt_key(rt))->sin_addr, 242 &SIN(rt_key(rt))->sin_addr, 243 LLADDR(SDL(gate))); 244 } 245 /*FALLTHROUGH*/ 246 case RTM_RESOLVE: 247 if (gate->sa_family != AF_LINK || 248 gate->sa_len < sizeof(struct sockaddr_dl)) { 249 log(LOG_DEBUG, "arp_rtrequest: bad gateway value\n"); 250 break; 251 } 252 SDL(gate)->sdl_type = rt->rt_ifp->if_type; 253 SDL(gate)->sdl_index = rt->rt_ifp->if_index; 254 if (la != NULL) 255 break; /* This happens on a route change */ 256 /* 257 * Case 2: This route may come from cloning, or a manual route 258 * add with a LL address. 259 */ 260 R_Malloc(la, struct llinfo_arp *, sizeof *la); 261 rt->rt_llinfo = la; 262 if (la == NULL) { 263 log(LOG_DEBUG, "arp_rtrequest: malloc failed\n"); 264 break; 265 } 266 bzero(la, sizeof *la); 267 la->la_rt = rt; 268 rt->rt_flags |= RTF_LLINFO; 269 LIST_INSERT_HEAD(&llinfo_arp_list[mycpuid], la, la_le); 270 271 #ifdef INET 272 /* 273 * This keeps the multicast addresses from showing up 274 * in `arp -a' listings as unresolved. It's not actually 275 * functional. Then the same for broadcast. 276 */ 277 if (IN_MULTICAST(ntohl(SIN(rt_key(rt))->sin_addr.s_addr))) { 278 ETHER_MAP_IP_MULTICAST(&SIN(rt_key(rt))->sin_addr, 279 LLADDR(SDL(gate))); 280 SDL(gate)->sdl_alen = 6; 281 rt->rt_expire = 0; 282 } 283 if (in_broadcast(SIN(rt_key(rt))->sin_addr, rt->rt_ifp)) { 284 memcpy(LLADDR(SDL(gate)), rt->rt_ifp->if_broadcastaddr, 285 rt->rt_ifp->if_addrlen); 286 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen; 287 rt->rt_expire = 0; 288 } 289 #endif 290 291 /* 292 * This fixes up the routing interface for local addresses. 293 * The route is adjusted to point at lo0 and the expiration 294 * timer is disabled. 295 * 296 * NOTE: This prevents locally targetted traffic from going 297 * out the hardware interface, which is inefficient 298 * and might not work if the hardware cannot listen 299 * to its own transmitted packets. Setting 300 * net.link.ether.inet.useloopback to 0 will force 301 * packets for local addresses out the hardware (and 302 * it is expected to receive its own packet). 303 * 304 * XXX We should just be able to test RTF_LOCAL here instead 305 * of having to compare IPs. 306 */ 307 if (SIN(rt_key(rt))->sin_addr.s_addr == 308 (IA_SIN(rt->rt_ifa))->sin_addr.s_addr) { 309 rt->rt_expire = 0; 310 bcopy(IF_LLADDR(rt->rt_ifp), LLADDR(SDL(gate)), 311 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen); 312 if (useloopback) 313 rt->rt_ifp = loif; 314 } 315 break; 316 317 case RTM_DELETE: 318 if (la == NULL) 319 break; 320 LIST_REMOVE(la, la_le); 321 rt->rt_llinfo = NULL; 322 rt->rt_flags &= ~RTF_LLINFO; 323 if (la->la_hold != NULL) 324 m_freem(la->la_hold); 325 Free(la); 326 break; 327 } 328 } 329 330 static struct mbuf * 331 arpreq_alloc(struct ifnet *ifp, const struct in_addr *sip, 332 const struct in_addr *tip, const u_char *enaddr) 333 { 334 struct mbuf *m; 335 struct arphdr *ah; 336 u_short ar_hrd; 337 338 if ((m = m_gethdr(MB_DONTWAIT, MT_DATA)) == NULL) 339 return NULL; 340 m->m_pkthdr.rcvif = NULL; 341 342 switch (ifp->if_type) { 343 case IFT_ETHER: 344 /* 345 * This may not be correct for types not explicitly 346 * listed, but this is our best guess 347 */ 348 default: 349 ar_hrd = htons(ARPHRD_ETHER); 350 351 m->m_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 352 m->m_pkthdr.len = m->m_len; 353 MH_ALIGN(m, m->m_len); 354 355 ah = mtod(m, struct arphdr *); 356 break; 357 } 358 359 ah->ar_hrd = ar_hrd; 360 ah->ar_pro = htons(ETHERTYPE_IP); 361 ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 362 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 363 ah->ar_op = htons(ARPOP_REQUEST); 364 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 365 memset(ar_tha(ah), 0, ah->ar_hln); 366 memcpy(ar_spa(ah), sip, ah->ar_pln); 367 memcpy(ar_tpa(ah), tip, ah->ar_pln); 368 369 return m; 370 } 371 372 static void 373 arpreq_send(struct ifnet *ifp, struct mbuf *m) 374 { 375 struct sockaddr sa; 376 struct ether_header *eh; 377 378 switch (ifp->if_type) { 379 case IFT_ETHER: 380 /* 381 * This may not be correct for types not explicitly 382 * listed, but this is our best guess 383 */ 384 default: 385 eh = (struct ether_header *)sa.sa_data; 386 /* if_output() will not swap */ 387 eh->ether_type = htons(ETHERTYPE_ARP); 388 memcpy(eh->ether_dhost, ifp->if_broadcastaddr, ifp->if_addrlen); 389 break; 390 } 391 392 sa.sa_family = AF_UNSPEC; 393 sa.sa_len = sizeof(sa); 394 ifp->if_output(ifp, m, &sa, NULL); 395 } 396 397 static void 398 arpreq_send_handler(netmsg_t msg) 399 { 400 struct mbuf *m = msg->packet.nm_packet; 401 struct ifnet *ifp = msg->lmsg.u.ms_resultp; 402 403 arpreq_send(ifp, m); 404 /* nmsg was embedded in the mbuf, do not reply! */ 405 } 406 407 /* 408 * Broadcast an ARP request. Caller specifies: 409 * - arp header source ip address 410 * - arp header target ip address 411 * - arp header source ethernet address 412 * 413 * NOTE: Caller MUST NOT hold ifp's serializer 414 */ 415 static void 416 arprequest(struct ifnet *ifp, const struct in_addr *sip, 417 const struct in_addr *tip, const u_char *enaddr) 418 { 419 struct mbuf *m; 420 421 if (enaddr == NULL) { 422 if (ifp->if_bridge) { 423 enaddr = IF_LLADDR(ether_bridge_interface(ifp)); 424 } else { 425 enaddr = IF_LLADDR(ifp); 426 } 427 } 428 429 m = arpreq_alloc(ifp, sip, tip, enaddr); 430 if (m == NULL) 431 return; 432 arpreq_send(ifp, m); 433 } 434 435 /* 436 * Same as arprequest(), except: 437 * - Caller is allowed to hold ifp's serializer 438 * - Network output is done in protocol thead 439 */ 440 static void 441 arprequest_async(struct ifnet *ifp, const struct in_addr *sip, 442 const struct in_addr *tip, const u_char *enaddr) 443 { 444 struct mbuf *m; 445 struct netmsg_packet *pmsg; 446 447 if (enaddr == NULL) { 448 if (ifp->if_bridge) { 449 enaddr = IF_LLADDR(ether_bridge_interface(ifp)); 450 } else { 451 enaddr = IF_LLADDR(ifp); 452 } 453 } 454 m = arpreq_alloc(ifp, sip, tip, enaddr); 455 if (m == NULL) 456 return; 457 458 pmsg = &m->m_hdr.mh_netmsg; 459 netmsg_init(&pmsg->base, NULL, &netisr_apanic_rport, 460 0, arpreq_send_handler); 461 pmsg->nm_packet = m; 462 pmsg->base.lmsg.u.ms_resultp = ifp; 463 464 lwkt_sendmsg(cpu_portfn(mycpuid), &pmsg->base.lmsg); 465 } 466 467 /* 468 * Resolve an IP address into an ethernet address. If success, 469 * desten is filled in. If there is no entry in arptab, 470 * set one up and broadcast a request for the IP address. 471 * Hold onto this mbuf and resend it once the address 472 * is finally resolved. A return value of 1 indicates 473 * that desten has been filled in and the packet should be sent 474 * normally; a 0 return indicates that the packet has been 475 * taken over here, either now or for later transmission. 476 */ 477 int 478 arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 479 struct sockaddr *dst, u_char *desten) 480 { 481 struct rtentry *rt; 482 struct llinfo_arp *la = NULL; 483 struct sockaddr_dl *sdl; 484 485 if (m->m_flags & M_BCAST) { /* broadcast */ 486 memcpy(desten, ifp->if_broadcastaddr, ifp->if_addrlen); 487 return (1); 488 } 489 if (m->m_flags & M_MCAST) {/* multicast */ 490 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 491 return (1); 492 } 493 if (rt0 != NULL) { 494 if (rt_llroute(dst, rt0, &rt) != 0) { 495 m_freem(m); 496 return 0; 497 } 498 la = rt->rt_llinfo; 499 } 500 if (la == NULL) { 501 la = arplookup(SIN(dst)->sin_addr.s_addr, 502 TRUE, RTL_REPORTMSG, FALSE); 503 if (la != NULL) 504 rt = la->la_rt; 505 } 506 if (la == NULL || rt == NULL) { 507 log(LOG_DEBUG, "arpresolve: can't allocate llinfo for %s%s%s\n", 508 inet_ntoa(SIN(dst)->sin_addr), la ? "la" : " ", 509 rt ? "rt" : ""); 510 m_freem(m); 511 return (0); 512 } 513 sdl = SDL(rt->rt_gateway); 514 /* 515 * Check the address family and length is valid, the address 516 * is resolved; otherwise, try to resolve. 517 */ 518 if ((rt->rt_expire == 0 || rt->rt_expire > time_second) && 519 sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) { 520 /* 521 * If entry has an expiry time and it is approaching, 522 * see if we need to send an ARP request within this 523 * arpt_down interval. 524 */ 525 if ((rt->rt_expire != 0) && 526 (time_second + la->la_preempt > rt->rt_expire)) { 527 arprequest(ifp, 528 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 529 &SIN(dst)->sin_addr, 530 NULL); 531 la->la_preempt--; 532 } 533 534 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 535 return 1; 536 } 537 /* 538 * If ARP is disabled or static on this interface, stop. 539 * XXX 540 * Probably should not allocate empty llinfo struct if we are 541 * not going to be sending out an arp request. 542 */ 543 if (ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) { 544 m_freem(m); 545 return (0); 546 } 547 /* 548 * There is an arptab entry, but no ethernet address 549 * response yet. Replace the held mbuf with this 550 * latest one. 551 */ 552 if (la->la_hold != NULL) 553 m_freem(la->la_hold); 554 la->la_hold = m; 555 la->la_msgport = cur_netport(); 556 if (rt->rt_expire || ((rt->rt_flags & RTF_STATIC) && !sdl->sdl_alen)) { 557 rt->rt_flags &= ~RTF_REJECT; 558 if (la->la_asked == 0 || rt->rt_expire != time_second) { 559 rt->rt_expire = time_second; 560 if (la->la_asked++ < arp_maxtries) { 561 arprequest(ifp, 562 &SIN(rt->rt_ifa->ifa_addr)->sin_addr, 563 &SIN(dst)->sin_addr, 564 NULL); 565 } else { 566 rt->rt_flags |= RTF_REJECT; 567 rt->rt_expire += arpt_down; 568 la->la_asked = 0; 569 la->la_preempt = arp_maxtries; 570 } 571 } 572 } 573 return (0); 574 } 575 576 /* 577 * Common length and type checks are done here, 578 * then the protocol-specific routine is called. 579 */ 580 static void 581 arpintr(netmsg_t msg) 582 { 583 struct mbuf *m = msg->packet.nm_packet; 584 struct arphdr *ar; 585 u_short ar_hrd; 586 587 if (m->m_len < sizeof(struct arphdr) && 588 (m = m_pullup(m, sizeof(struct arphdr))) == NULL) { 589 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n"); 590 return; 591 } 592 ar = mtod(m, struct arphdr *); 593 594 ar_hrd = ntohs(ar->ar_hrd); 595 if (ar_hrd != ARPHRD_ETHER && ar_hrd != ARPHRD_IEEE802) { 596 log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n", 597 (unsigned char *)&ar->ar_hrd, ""); 598 m_freem(m); 599 return; 600 } 601 602 if (m->m_pkthdr.len < arphdr_len(ar)) { 603 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { 604 log(LOG_ERR, "arp: runt packet\n"); 605 return; 606 } 607 ar = mtod(m, struct arphdr *); 608 } 609 610 switch (ntohs(ar->ar_pro)) { 611 #ifdef INET 612 case ETHERTYPE_IP: 613 in_arpinput(m); 614 return; 615 #endif 616 } 617 m_freem(m); 618 /* msg was embedded in the mbuf, do not reply! */ 619 } 620 621 #ifdef INET 622 /* 623 * ARP for Internet protocols on 10 Mb/s Ethernet. 624 * Algorithm is that given in RFC 826. 625 * In addition, a sanity check is performed on the sender 626 * protocol address, to catch impersonators. 627 * We no longer handle negotiations for use of trailer protocol: 628 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 629 * along with IP replies if we wanted trailers sent to us, 630 * and also sent them in response to IP replies. 631 * This allowed either end to announce the desire to receive 632 * trailer packets. 633 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 634 * but formerly didn't normally send requests. 635 */ 636 637 static int log_arp_wrong_iface = 1; 638 static int log_arp_movements = 1; 639 static int log_arp_permanent_modify = 1; 640 641 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 642 &log_arp_wrong_iface, 0, 643 "Log arp packets arriving on the wrong interface"); 644 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW, 645 &log_arp_movements, 0, 646 "Log arp replies from MACs different than the one in the cache"); 647 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW, 648 &log_arp_permanent_modify, 0, 649 "Log arp replies from MACs different than the one " 650 "in the permanent arp entry"); 651 652 653 static void 654 arp_hold_output(netmsg_t msg) 655 { 656 struct mbuf *m = msg->packet.nm_packet; 657 struct rtentry *rt; 658 struct ifnet *ifp; 659 660 rt = msg->lmsg.u.ms_resultp; 661 ifp = m->m_pkthdr.rcvif; 662 m->m_pkthdr.rcvif = NULL; 663 664 ifp->if_output(ifp, m, rt_key(rt), rt); 665 666 /* Drop the reference count bumped by the sender */ 667 RTFREE(rt); 668 669 /* nmsg was embedded in the mbuf, do not reply! */ 670 } 671 672 static void 673 arp_update_oncpu(struct mbuf *m, in_addr_t saddr, boolean_t create, 674 boolean_t generate_report, boolean_t dologging) 675 { 676 struct arphdr *ah = mtod(m, struct arphdr *); 677 struct ifnet *ifp = m->m_pkthdr.rcvif; 678 struct llinfo_arp *la; 679 struct sockaddr_dl *sdl; 680 struct rtentry *rt; 681 682 la = arplookup(saddr, create, generate_report, FALSE); 683 if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { 684 struct in_addr isaddr = { saddr }; 685 686 /* 687 * Normally arps coming in on the wrong interface are ignored, 688 * but if we are bridging and the two interfaces belong to 689 * the same bridge, or one is a member of the bridge which 690 * is the other, then it isn't an error. 691 */ 692 if (rt->rt_ifp != ifp) { 693 /* 694 * (1) ifp and rt_ifp both members of same bridge 695 * (2) rt_ifp member of bridge ifp 696 * (3) ifp member of bridge rt_ifp 697 * 698 * Always replace rt_ifp with the bridge ifc. 699 */ 700 struct ifnet *nifp; 701 702 if (ifp->if_bridge && 703 rt->rt_ifp->if_bridge == ifp->if_bridge) { 704 nifp = ether_bridge_interface(ifp); 705 } else if (rt->rt_ifp->if_bridge && 706 ether_bridge_interface(rt->rt_ifp) == ifp) { 707 nifp = ifp; 708 } else if (ifp->if_bridge && 709 ether_bridge_interface(ifp) == rt->rt_ifp) { 710 nifp = rt->rt_ifp; 711 } else { 712 nifp = NULL; 713 } 714 715 if ((log_arp_wrong_iface == 1 && nifp == NULL) || 716 log_arp_wrong_iface == 2) { 717 log(LOG_ERR, 718 "arp: %s is on %s " 719 "but got reply from %*D on %s\n", 720 inet_ntoa(isaddr), 721 rt->rt_ifp->if_xname, 722 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 723 ifp->if_xname); 724 } 725 if (nifp == NULL) 726 return; 727 728 /* 729 * nifp is our man! Replace rt_ifp and adjust 730 * the sdl. 731 */ 732 ifp = rt->rt_ifp = nifp; 733 sdl->sdl_type = ifp->if_type; 734 sdl->sdl_index = ifp->if_index; 735 } 736 if (sdl->sdl_alen && 737 bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) { 738 if (rt->rt_expire != 0) { 739 if (dologging && log_arp_movements) { 740 log(LOG_INFO, 741 "arp: %s moved from %*D to %*D on %s\n", 742 inet_ntoa(isaddr), 743 ifp->if_addrlen, (u_char *)LLADDR(sdl), 744 ":", ifp->if_addrlen, 745 (u_char *)ar_sha(ah), ":", 746 ifp->if_xname); 747 } 748 } else { 749 if (dologging && log_arp_permanent_modify) { 750 log(LOG_ERR, 751 "arp: %*D attempts to modify " 752 "permanent entry for %s on %s\n", 753 ifp->if_addrlen, (u_char *)ar_sha(ah), 754 ":", inet_ntoa(isaddr), ifp->if_xname); 755 } 756 return; 757 } 758 } 759 /* 760 * sanity check for the address length. 761 * XXX this does not work for protocols with variable address 762 * length. -is 763 */ 764 if (dologging && sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) { 765 log(LOG_WARNING, 766 "arp from %*D: new addr len %d, was %d", 767 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 768 ah->ar_hln, sdl->sdl_alen); 769 } 770 if (ifp->if_addrlen != ah->ar_hln) { 771 if (dologging) { 772 log(LOG_WARNING, 773 "arp from %*D: addr len: new %d, i/f %d " 774 "(ignored)", 775 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 776 ah->ar_hln, ifp->if_addrlen); 777 } 778 return; 779 } 780 memcpy(LLADDR(sdl), ar_sha(ah), sdl->sdl_alen = ah->ar_hln); 781 if (rt->rt_expire != 0) { 782 rt->rt_expire = time_second + arpt_keep; 783 } 784 rt->rt_flags &= ~RTF_REJECT; 785 la->la_asked = 0; 786 la->la_preempt = arp_maxtries; 787 788 /* 789 * This particular cpu might have been holding an mbuf 790 * pending ARP resolution. If so, transmit the mbuf now. 791 */ 792 if (la->la_hold != NULL) { 793 struct mbuf *m = la->la_hold; 794 struct lwkt_port *port = la->la_msgport; 795 struct netmsg_packet *pmsg; 796 797 la->la_hold = NULL; 798 la->la_msgport = NULL; 799 800 m_adj(m, sizeof(struct ether_header)); 801 802 /* 803 * Make sure that this rtentry will not be freed 804 * before the packet is processed on the target 805 * msgport. The reference count will be dropped 806 * in the handler associated with this packet. 807 */ 808 rt->rt_refcnt++; 809 810 pmsg = &m->m_hdr.mh_netmsg; 811 netmsg_init(&pmsg->base, NULL, 812 &netisr_apanic_rport, 813 MSGF_PRIORITY, arp_hold_output); 814 pmsg->nm_packet = m; 815 816 /* Record necessary information */ 817 m->m_pkthdr.rcvif = ifp; 818 pmsg->base.lmsg.u.ms_resultp = rt; 819 820 lwkt_sendmsg(port, &pmsg->base.lmsg); 821 } 822 } 823 } 824 825 #ifdef SMP 826 827 struct netmsg_arp_update { 828 struct netmsg_base base; 829 struct mbuf *m; 830 in_addr_t saddr; 831 boolean_t create; 832 }; 833 834 static void arp_update_msghandler(netmsg_t msg); 835 836 #endif 837 838 /* 839 * Called from arpintr() - this routine is run from a single cpu. 840 */ 841 static void 842 in_arpinput(struct mbuf *m) 843 { 844 struct arphdr *ah; 845 struct ifnet *ifp = m->m_pkthdr.rcvif; 846 struct ether_header *eh; 847 struct rtentry *rt; 848 struct ifaddr_container *ifac; 849 struct in_ifaddr_container *iac; 850 struct in_ifaddr *ia = NULL; 851 struct sockaddr sa; 852 struct in_addr isaddr, itaddr, myaddr; 853 #ifdef SMP 854 struct netmsg_arp_update msg; 855 #endif 856 uint8_t *enaddr = NULL; 857 int op; 858 int req_len; 859 860 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 861 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { 862 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n"); 863 return; 864 } 865 866 ah = mtod(m, struct arphdr *); 867 op = ntohs(ah->ar_op); 868 memcpy(&isaddr, ar_spa(ah), sizeof isaddr); 869 memcpy(&itaddr, ar_tpa(ah), sizeof itaddr); 870 871 myaddr.s_addr = INADDR_ANY; 872 #ifdef CARP 873 if (ifp->if_carp != NULL) { 874 carp_gettok(); 875 if (ifp->if_carp != NULL && 876 carp_iamatch(ifp->if_carp, &itaddr, &isaddr, &enaddr)) { 877 carp_reltok(); 878 myaddr = itaddr; 879 goto match; 880 } 881 carp_reltok(); 882 } 883 #endif 884 885 /* 886 * Check both target and sender IP addresses: 887 * 888 * If we receive the packet on the interface owning the address, 889 * then accept the address. 890 * 891 * For a bridge, we accept the address if the receive interface and 892 * the interface owning the address are on the same bridge, and 893 * use the bridge MAC as the is-at response. The bridge will be 894 * responsible for handling the packet. 895 * 896 * (1) Check target IP against our local IPs 897 */ 898 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) { 899 ia = iac->ia; 900 901 /* Skip all ia's which don't match */ 902 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 903 continue; 904 #ifdef CARP 905 if (ia->ia_ifp->if_type == IFT_CARP) 906 continue; 907 #endif 908 if (ifp->if_bridge && ia->ia_ifp && 909 ifp->if_bridge == ia->ia_ifp->if_bridge) { 910 ifp = ether_bridge_interface(ifp); 911 goto match; 912 } 913 if (ia->ia_ifp && ia->ia_ifp->if_bridge && 914 ether_bridge_interface(ia->ia_ifp) == ifp) { 915 goto match; 916 } 917 if (ifp->if_bridge && ether_bridge_interface(ifp) == 918 ia->ia_ifp) { 919 goto match; 920 } 921 if (ia->ia_ifp == ifp) 922 goto match; 923 924 } 925 926 /* 927 * (2) Check sender IP against our local IPs 928 */ 929 LIST_FOREACH(iac, INADDR_HASH(isaddr.s_addr), ia_hash) { 930 ia = iac->ia; 931 932 /* Skip all ia's which don't match */ 933 if (isaddr.s_addr != ia->ia_addr.sin_addr.s_addr) 934 continue; 935 #ifdef CARP 936 if (ia->ia_ifp->if_type == IFT_CARP) 937 continue; 938 #endif 939 if (ifp->if_bridge && ia->ia_ifp && 940 ifp->if_bridge == ia->ia_ifp->if_bridge) { 941 ifp = ether_bridge_interface(ifp); 942 goto match; 943 } 944 if (ia->ia_ifp && ia->ia_ifp->if_bridge && 945 ether_bridge_interface(ia->ia_ifp) == ifp) { 946 goto match; 947 } 948 if (ifp->if_bridge && ether_bridge_interface(ifp) == 949 ia->ia_ifp) { 950 goto match; 951 } 952 953 if (ia->ia_ifp == ifp) 954 goto match; 955 } 956 957 /* 958 * No match, use the first inet address on the receive interface 959 * as a dummy address for the rest of the function. 960 */ 961 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 962 struct ifaddr *ifa = ifac->ifa; 963 964 if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) { 965 ia = ifatoia(ifa); 966 goto match; 967 } 968 } 969 970 /* 971 * If we got here, we didn't find any suitable interface, 972 * so drop the packet. 973 */ 974 m_freem(m); 975 return; 976 977 match: 978 if (!enaddr) 979 enaddr = (uint8_t *)IF_LLADDR(ifp); 980 if (myaddr.s_addr == INADDR_ANY) 981 myaddr = ia->ia_addr.sin_addr; 982 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) { 983 m_freem(m); /* it's from me, ignore it. */ 984 return; 985 } 986 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 987 log(LOG_ERR, 988 "arp: link address is broadcast for IP address %s!\n", 989 inet_ntoa(isaddr)); 990 m_freem(m); 991 return; 992 } 993 if (isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { 994 log(LOG_ERR, 995 "arp: %*D is using my IP address %s!\n", 996 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 997 inet_ntoa(isaddr)); 998 itaddr = myaddr; 999 goto reply; 1000 } 1001 if (ifp->if_flags & IFF_STATICARP) 1002 goto reply; 1003 1004 /* 1005 * When arp_restricted_match is true and the ARP response is not 1006 * specifically targetted to me, ignore it. Otherwise the entry 1007 * timeout may be updated for an old MAC. 1008 */ 1009 if (arp_restricted_match && itaddr.s_addr != myaddr.s_addr) { 1010 m_freem(m); 1011 return; 1012 } 1013 1014 #ifdef SMP 1015 netmsg_init(&msg.base, NULL, &curthread->td_msgport, 1016 0, arp_update_msghandler); 1017 msg.m = m; 1018 msg.saddr = isaddr.s_addr; 1019 msg.create = (itaddr.s_addr == myaddr.s_addr); 1020 lwkt_domsg(rtable_portfn(0), &msg.base.lmsg, 0); 1021 #else 1022 arp_update_oncpu(m, isaddr.s_addr, (itaddr.s_addr == myaddr.s_addr), 1023 RTL_REPORTMSG, TRUE); 1024 #endif 1025 reply: 1026 if (op != ARPOP_REQUEST) { 1027 m_freem(m); 1028 return; 1029 } 1030 if (itaddr.s_addr == myaddr.s_addr) { 1031 /* I am the target */ 1032 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1033 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 1034 } else { 1035 struct llinfo_arp *la; 1036 1037 la = arplookup(itaddr.s_addr, FALSE, RTL_DONTREPORT, SIN_PROXY); 1038 if (la == NULL) { 1039 struct sockaddr_in sin; 1040 1041 if (!arp_proxyall) { 1042 m_freem(m); 1043 return; 1044 } 1045 1046 bzero(&sin, sizeof sin); 1047 sin.sin_family = AF_INET; 1048 sin.sin_len = sizeof sin; 1049 sin.sin_addr = itaddr; 1050 1051 rt = rtpurelookup((struct sockaddr *)&sin); 1052 if (rt == NULL) { 1053 m_freem(m); 1054 return; 1055 } 1056 --rt->rt_refcnt; 1057 /* 1058 * Don't send proxies for nodes on the same interface 1059 * as this one came out of, or we'll get into a fight 1060 * over who claims what Ether address. 1061 */ 1062 if (rt->rt_ifp == ifp) { 1063 m_freem(m); 1064 return; 1065 } 1066 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1067 memcpy(ar_sha(ah), enaddr, ah->ar_hln); 1068 #ifdef DEBUG_PROXY 1069 kprintf("arp: proxying for %s\n", inet_ntoa(itaddr)); 1070 #endif 1071 } else { 1072 struct sockaddr_dl *sdl; 1073 1074 rt = la->la_rt; 1075 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 1076 sdl = SDL(rt->rt_gateway); 1077 memcpy(ar_sha(ah), LLADDR(sdl), ah->ar_hln); 1078 } 1079 } 1080 1081 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 1082 memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 1083 ah->ar_op = htons(ARPOP_REPLY); 1084 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 1085 switch (ifp->if_type) { 1086 case IFT_ETHER: 1087 /* 1088 * May not be correct for types not explictly 1089 * listed, but it is our best guess. 1090 */ 1091 default: 1092 eh = (struct ether_header *)sa.sa_data; 1093 memcpy(eh->ether_dhost, ar_tha(ah), sizeof eh->ether_dhost); 1094 eh->ether_type = htons(ETHERTYPE_ARP); 1095 break; 1096 } 1097 sa.sa_family = AF_UNSPEC; 1098 sa.sa_len = sizeof sa; 1099 ifp->if_output(ifp, m, &sa, NULL); 1100 } 1101 1102 #ifdef SMP 1103 1104 static void 1105 arp_update_msghandler(netmsg_t msg) 1106 { 1107 struct netmsg_arp_update *rmsg = (struct netmsg_arp_update *)msg; 1108 int nextcpu; 1109 1110 /* 1111 * This message handler will be called on all of the CPUs, 1112 * however, we only need to generate rtmsg on CPU0. 1113 */ 1114 arp_update_oncpu(rmsg->m, rmsg->saddr, rmsg->create, 1115 mycpuid == 0 ? RTL_REPORTMSG : RTL_DONTREPORT, 1116 mycpuid == 0); 1117 1118 nextcpu = mycpuid + 1; 1119 if (nextcpu < ncpus) 1120 lwkt_forwardmsg(rtable_portfn(nextcpu), &rmsg->base.lmsg); 1121 else 1122 lwkt_replymsg(&rmsg->base.lmsg, 0); 1123 } 1124 1125 #endif /* SMP */ 1126 1127 #endif /* INET */ 1128 1129 /* 1130 * Free an arp entry. If the arp entry is actively referenced or represents 1131 * a static entry we only clear it back to an unresolved state, otherwise 1132 * we destroy the entry entirely. 1133 * 1134 * Note that static entries are created when route add ... -interface is used 1135 * to create an interface route to a (direct) destination. 1136 */ 1137 static void 1138 arptfree(struct llinfo_arp *la) 1139 { 1140 struct rtentry *rt = la->la_rt; 1141 struct sockaddr_dl *sdl; 1142 1143 if (rt == NULL) 1144 panic("arptfree"); 1145 sdl = SDL(rt->rt_gateway); 1146 if (sdl != NULL && 1147 ((rt->rt_refcnt > 0 && sdl->sdl_family == AF_LINK) || 1148 (rt->rt_flags & RTF_STATIC))) { 1149 sdl->sdl_alen = 0; 1150 la->la_preempt = la->la_asked = 0; 1151 rt->rt_flags &= ~RTF_REJECT; 1152 return; 1153 } 1154 rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL); 1155 } 1156 1157 /* 1158 * Lookup or enter a new address in arptab. 1159 */ 1160 static struct llinfo_arp * 1161 arplookup(in_addr_t addr, boolean_t create, boolean_t generate_report, 1162 boolean_t proxy) 1163 { 1164 struct rtentry *rt; 1165 struct sockaddr_inarp sin = { sizeof sin, AF_INET }; 1166 const char *why = NULL; 1167 1168 sin.sin_addr.s_addr = addr; 1169 sin.sin_other = proxy ? SIN_PROXY : 0; 1170 if (create) { 1171 rt = _rtlookup((struct sockaddr *)&sin, 1172 generate_report, RTL_DOCLONE); 1173 } else { 1174 rt = rtpurelookup((struct sockaddr *)&sin); 1175 } 1176 if (rt == NULL) 1177 return (NULL); 1178 rt->rt_refcnt--; 1179 1180 if (rt->rt_flags & RTF_GATEWAY) 1181 why = "host is not on local network"; 1182 else if (!(rt->rt_flags & RTF_LLINFO)) 1183 why = "could not allocate llinfo"; 1184 else if (rt->rt_gateway->sa_family != AF_LINK) 1185 why = "gateway route is not ours"; 1186 1187 if (why) { 1188 if (create) { 1189 log(LOG_DEBUG, "arplookup %s failed: %s\n", 1190 inet_ntoa(sin.sin_addr), why); 1191 } 1192 if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_WASCLONED)) { 1193 /* No references to this route. Purge it. */ 1194 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway, 1195 rt_mask(rt), rt->rt_flags, NULL); 1196 } 1197 return (NULL); 1198 } 1199 return (rt->rt_llinfo); 1200 } 1201 1202 void 1203 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 1204 { 1205 if (IA_SIN(ifa)->sin_addr.s_addr != INADDR_ANY) { 1206 arprequest_async(ifp, &IA_SIN(ifa)->sin_addr, 1207 &IA_SIN(ifa)->sin_addr, NULL); 1208 } 1209 ifa->ifa_rtrequest = arp_rtrequest; 1210 ifa->ifa_flags |= RTF_CLONING; 1211 } 1212 1213 void 1214 arp_iainit(struct ifnet *ifp, const struct in_addr *addr, const u_char *enaddr) 1215 { 1216 if (addr->s_addr != INADDR_ANY) 1217 arprequest_async(ifp, addr, addr, enaddr); 1218 } 1219 1220 static void 1221 arp_init(void) 1222 { 1223 int cpu; 1224 1225 for (cpu = 0; cpu < ncpus2; cpu++) 1226 LIST_INIT(&llinfo_arp_list[cpu]); 1227 1228 netisr_register(NETISR_ARP, arpintr, NULL); 1229 } 1230 1231 SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); 1232