1 /* $FreeBSD: src/sys/netinet6/nd6.c,v 1.2.2.15 2003/05/06 06:46:58 suz Exp $ */ 2 /* $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/callout.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/time.h> 44 #include <sys/kernel.h> 45 #include <sys/protosw.h> 46 #include <sys/errno.h> 47 #include <sys/syslog.h> 48 #include <sys/queue.h> 49 #include <sys/sysctl.h> 50 #include <sys/mutex.h> 51 52 #include <sys/thread2.h> 53 #include <sys/mutex2.h> 54 55 #include <net/if.h> 56 #include <net/if_dl.h> 57 #include <net/if_types.h> 58 #include <net/route.h> 59 #include <net/netisr2.h> 60 #include <net/netmsg2.h> 61 62 #include <netinet/in.h> 63 #include <netinet/if_ether.h> 64 #include <netinet6/in6_var.h> 65 #include <netinet6/in6_ifattach.h> 66 #include <netinet/ip6.h> 67 #include <netinet6/ip6_var.h> 68 #include <netinet6/nd6.h> 69 #include <netinet/icmp6.h> 70 71 #include <net/net_osdep.h> 72 73 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 74 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 75 76 #define SIN6(s) ((struct sockaddr_in6 *)s) 77 #define SDL(s) ((struct sockaddr_dl *)s) 78 79 /* 80 * Determine if the route entry is a direct neighbor on the specified 81 * interface. The interface test is not done if ifp is passed as NULL. 82 * The route entry is a neighbor if all of the following are true: 83 * 84 * RTF_GATEWAY is FALSE 85 * LLINFO is TRUE 86 * rt_gateway family is AF_LINK 87 * rt_llinfo is non-NULL 88 * The interfaces matches (or ifp is passed as NULL) 89 * 90 * NOTE: rt_llinfo can be NULL with LLINFO set, so both must be 91 * tested. 92 * 93 * NOTE: We can't use rt->rt_ifp to check for the interface, since 94 * it may be the loopback interface if the entry is for our 95 * own address on a non-loopback interface. Instead, we use 96 * rt->rt_ifa->ifa_ifp which should specify the REAL interface. 97 */ 98 #define ND6_IFP_MATCHES(ifp, ifa_ifp) \ 99 ((ifp) == NULL || \ 100 (ifa_ifp) == (ifp) || \ 101 (((ifp)->if_flags & IFF_ISBRIDGE) && \ 102 (ifa_ifp)->if_bridge == (ifp)->if_softc) \ 103 ) 104 105 #define ND6_RTENTRY_IS_NEIGHBOR(rt, ifp) \ 106 (((rt)->rt_flags & RTF_GATEWAY) == 0 && \ 107 ((rt)->rt_flags & RTF_LLINFO) != 0 && \ 108 (rt)->rt_gateway->sa_family == AF_LINK && \ 109 (rt)->rt_llinfo && \ 110 ND6_IFP_MATCHES((ifp), (rt)->rt_ifa->ifa_ifp) \ 111 ) 112 113 #define ND6_RTENTRY_IS_LLCLONING(rt) \ 114 (((rt)->rt_flags & (RTF_PRCLONING | RTF_LLINFO)) == \ 115 (RTF_PRCLONING | RTF_LLINFO) || \ 116 ((rt)->rt_flags & RTF_CLONING)) 117 118 /* timer values */ 119 int nd6_prune = 1; /* walk list every 1 seconds */ 120 int nd6_delay = 5; /* delay first probe time 5 second */ 121 int nd6_umaxtries = 3; /* maximum unicast query */ 122 int nd6_mmaxtries = 3; /* maximum multicast query */ 123 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 124 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 125 126 /* preventing too many loops in ND option parsing */ 127 int nd6_maxndopt = 10; /* max # of ND options allowed */ 128 129 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 130 131 #ifdef ND6_DEBUG 132 int nd6_debug = 1; 133 #else 134 int nd6_debug = 0; 135 #endif 136 137 /* for debugging? */ 138 static int nd6_inuse, nd6_allocated; 139 140 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 141 struct nd_drhead nd_defrouter; 142 struct nd_prhead nd_prefix = { 0 }; 143 struct mtx nd6_mtx = MTX_INITIALIZER("nd6"); 144 145 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 146 static struct sockaddr_in6 all1_sa; 147 148 static void nd6_setmtu0 (struct ifnet *, struct nd_ifinfo *); 149 static int regen_tmpaddr (struct in6_ifaddr *); 150 static void nd6_slowtimo(void *); 151 static void nd6_slowtimo_dispatch(netmsg_t); 152 static void nd6_timer(void *); 153 static void nd6_timer_dispatch(netmsg_t); 154 155 static struct callout nd6_slowtimo_ch; 156 static struct netmsg_base nd6_slowtimo_netmsg; 157 158 static struct callout nd6_timer_ch; 159 static struct netmsg_base nd6_timer_netmsg; 160 161 void 162 nd6_init(void) 163 { 164 static int nd6_init_done = 0; 165 int i; 166 167 if (nd6_init_done) { 168 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 169 return; 170 } 171 172 all1_sa.sin6_family = AF_INET6; 173 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 174 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 175 all1_sa.sin6_addr.s6_addr[i] = 0xff; 176 177 /* initialization of the default router list */ 178 TAILQ_INIT(&nd_defrouter); 179 180 nd6_init_done = 1; 181 182 /* start timer */ 183 callout_init_mp(&nd6_slowtimo_ch); 184 netmsg_init(&nd6_slowtimo_netmsg, NULL, &netisr_adone_rport, 185 MSGF_PRIORITY, nd6_slowtimo_dispatch); 186 callout_reset_bycpu(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 187 nd6_slowtimo, NULL, 0); 188 } 189 190 struct nd_ifinfo * 191 nd6_ifattach(struct ifnet *ifp) 192 { 193 struct nd_ifinfo *nd; 194 195 nd = (struct nd_ifinfo *)kmalloc(sizeof(*nd), M_IP6NDP, 196 M_WAITOK | M_ZERO); 197 198 nd->initialized = 1; 199 200 nd->chlim = IPV6_DEFHLIM; 201 nd->basereachable = REACHABLE_TIME; 202 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 203 nd->retrans = RETRANS_TIMER; 204 205 /* 206 * Note that the default value of ip6_accept_rtadv is 0, which means 207 * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV 208 * here. 209 */ 210 nd->flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); 211 /* A loopback interface always has link-local address. */ 212 if (ip6_auto_linklocal || (ifp->if_flags & IFF_LOOPBACK)) 213 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 214 215 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 216 nd6_setmtu0(ifp, nd); 217 return nd; 218 } 219 220 void 221 nd6_ifdetach(struct nd_ifinfo *nd) 222 { 223 kfree(nd, M_IP6NDP); 224 } 225 226 /* 227 * Reset ND level link MTU. This function is called when the physical MTU 228 * changes, which means we might have to adjust the ND level MTU. 229 */ 230 void 231 nd6_setmtu(struct ifnet *ifp) 232 { 233 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 234 } 235 236 struct netmsg_nd6setmtu { 237 struct netmsg_base nmsg; 238 struct ifnet *ifp; 239 struct nd_ifinfo *ndi; 240 }; 241 242 /* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */ 243 static void 244 nd6_setmtu0_dispatch(netmsg_t msg) 245 { 246 struct netmsg_nd6setmtu *nmsg = (struct netmsg_nd6setmtu *)msg; 247 struct ifnet *ifp = nmsg->ifp; 248 struct nd_ifinfo *ndi = nmsg->ndi; 249 uint32_t omaxmtu; 250 251 omaxmtu = ndi->maxmtu; 252 253 switch (ifp->if_type) { 254 case IFT_ETHER: 255 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 256 break; 257 case IFT_IEEE1394: /* XXX should be IEEE1394MTU(1500) */ 258 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 259 break; 260 #ifdef IFT_IEEE80211 261 case IFT_IEEE80211: /* XXX should be IEEE80211MTU(1500) */ 262 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 263 break; 264 #endif 265 default: 266 ndi->maxmtu = ifp->if_mtu; 267 break; 268 } 269 270 /* 271 * Decreasing the interface MTU under IPV6 minimum MTU may cause 272 * undesirable situation. We thus notify the operator of the change 273 * explicitly. The check for omaxmtu is necessary to restrict the 274 * log to the case of changing the MTU, not initializing it. 275 */ 276 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 277 log(LOG_NOTICE, "nd6_setmtu0: " 278 "new link MTU on %s (%lu) is too small for IPv6\n", 279 if_name(ifp), (unsigned long)ndi->maxmtu); 280 } 281 282 if (ndi->maxmtu > in6_maxmtu) 283 in6_setmaxmtu(); /* check all interfaces just in case */ 284 285 lwkt_replymsg(&nmsg->nmsg.lmsg, 0); 286 } 287 288 void 289 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 290 { 291 struct netmsg_nd6setmtu nmsg; 292 293 netmsg_init(&nmsg.nmsg, NULL, &curthread->td_msgport, 0, 294 nd6_setmtu0_dispatch); 295 nmsg.ifp = ifp; 296 nmsg.ndi = ndi; 297 lwkt_domsg(netisr_cpuport(0), &nmsg.nmsg.lmsg, 0); 298 } 299 300 void 301 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 302 { 303 bzero(ndopts, sizeof(*ndopts)); 304 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 305 ndopts->nd_opts_last 306 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 307 308 if (icmp6len == 0) { 309 ndopts->nd_opts_done = 1; 310 ndopts->nd_opts_search = NULL; 311 } 312 } 313 314 /* 315 * Take one ND option. 316 */ 317 struct nd_opt_hdr * 318 nd6_option(union nd_opts *ndopts) 319 { 320 struct nd_opt_hdr *nd_opt; 321 int olen; 322 323 if (!ndopts) 324 panic("ndopts == NULL in nd6_option"); 325 if (!ndopts->nd_opts_last) 326 panic("uninitialized ndopts in nd6_option"); 327 if (!ndopts->nd_opts_search) 328 return NULL; 329 if (ndopts->nd_opts_done) 330 return NULL; 331 332 nd_opt = ndopts->nd_opts_search; 333 334 /* make sure nd_opt_len is inside the buffer */ 335 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 336 bzero(ndopts, sizeof(*ndopts)); 337 return NULL; 338 } 339 340 olen = nd_opt->nd_opt_len << 3; 341 if (olen == 0) { 342 /* 343 * Message validation requires that all included 344 * options have a length that is greater than zero. 345 */ 346 bzero(ndopts, sizeof(*ndopts)); 347 return NULL; 348 } 349 350 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 351 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 352 /* option overruns the end of buffer, invalid */ 353 bzero(ndopts, sizeof(*ndopts)); 354 return NULL; 355 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 356 /* reached the end of options chain */ 357 ndopts->nd_opts_done = 1; 358 ndopts->nd_opts_search = NULL; 359 } 360 return nd_opt; 361 } 362 363 /* 364 * Parse multiple ND options. 365 * This function is much easier to use, for ND routines that do not need 366 * multiple options of the same type. 367 */ 368 int 369 nd6_options(union nd_opts *ndopts) 370 { 371 struct nd_opt_hdr *nd_opt; 372 int i = 0; 373 374 if (!ndopts) 375 panic("ndopts == NULL in nd6_options"); 376 if (!ndopts->nd_opts_last) 377 panic("uninitialized ndopts in nd6_options"); 378 if (!ndopts->nd_opts_search) 379 return 0; 380 381 while (1) { 382 nd_opt = nd6_option(ndopts); 383 if (!nd_opt && !ndopts->nd_opts_last) { 384 /* 385 * Message validation requires that all included 386 * options have a length that is greater than zero. 387 */ 388 icmp6stat.icp6s_nd_badopt++; 389 bzero(ndopts, sizeof(*ndopts)); 390 return -1; 391 } 392 393 if (!nd_opt) 394 goto skip1; 395 396 switch (nd_opt->nd_opt_type) { 397 case ND_OPT_SOURCE_LINKADDR: 398 case ND_OPT_TARGET_LINKADDR: 399 case ND_OPT_MTU: 400 case ND_OPT_REDIRECTED_HEADER: 401 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 402 nd6log((LOG_INFO, 403 "duplicated ND6 option found (type=%d)\n", 404 nd_opt->nd_opt_type)); 405 /* XXX bark? */ 406 } else { 407 ndopts->nd_opt_array[nd_opt->nd_opt_type] 408 = nd_opt; 409 } 410 break; 411 case ND_OPT_PREFIX_INFORMATION: 412 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 413 ndopts->nd_opt_array[nd_opt->nd_opt_type] 414 = nd_opt; 415 } 416 ndopts->nd_opts_pi_end = 417 (struct nd_opt_prefix_info *)nd_opt; 418 break; 419 default: 420 /* 421 * Unknown options must be silently ignored, 422 * to accomodate future extension to the protocol. 423 */ 424 nd6log((LOG_DEBUG, 425 "nd6_options: unsupported option %d - " 426 "option ignored\n", nd_opt->nd_opt_type)); 427 } 428 429 skip1: 430 i++; 431 if (i > nd6_maxndopt) { 432 icmp6stat.icp6s_nd_toomanyopt++; 433 nd6log((LOG_INFO, "too many loop in nd opt\n")); 434 break; 435 } 436 437 if (ndopts->nd_opts_done) 438 break; 439 } 440 441 return 0; 442 } 443 444 /* 445 * ND6 timer routine to expire default route list and prefix list 446 */ 447 static void 448 nd6_timer_dispatch(netmsg_t nmsg) 449 { 450 struct llinfo_nd6 *ln; 451 struct nd_defrouter *dr; 452 struct nd_prefix *pr; 453 struct ifnet *ifp; 454 struct in6_ifaddr *ia6, *nia6; 455 456 ASSERT_NETISR0; 457 458 crit_enter(); 459 lwkt_replymsg(&nmsg->lmsg, 0); /* reply ASAP */ 460 crit_exit(); 461 462 mtx_lock(&nd6_mtx); 463 464 ln = llinfo_nd6.ln_next; 465 while (ln && ln != &llinfo_nd6) { 466 struct rtentry *rt; 467 struct sockaddr_in6 *dst; 468 struct llinfo_nd6 *next = ln->ln_next; 469 /* XXX: used for the DELAY case only: */ 470 struct nd_ifinfo *ndi = NULL; 471 472 if ((rt = ln->ln_rt) == NULL) { 473 ln = next; 474 continue; 475 } 476 if ((ifp = rt->rt_ifp) == NULL) { 477 ln = next; 478 continue; 479 } 480 ndi = ND_IFINFO(ifp); 481 dst = (struct sockaddr_in6 *)rt_key(rt); 482 483 if (ln->ln_expire > time_uptime) { 484 ln = next; 485 continue; 486 } 487 488 /* sanity check */ 489 if (!rt) 490 panic("rt=0 in nd6_timer(ln=%p)", ln); 491 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 492 panic("rt_llinfo(%p) is not equal to ln(%p)", 493 rt->rt_llinfo, ln); 494 if (!dst) 495 panic("dst=0 in nd6_timer(ln=%p)", ln); 496 497 switch (ln->ln_state) { 498 case ND6_LLINFO_WAITDELETE: 499 next = nd6_free(rt); 500 break; 501 case ND6_LLINFO_INCOMPLETE: 502 if (ln->ln_asked++ >= nd6_mmaxtries) { 503 struct mbuf *m = ln->ln_hold; 504 if (m) { 505 if (rt->rt_ifp) { 506 /* 507 * Fake rcvif to make ICMP error 508 * more helpful in diagnosing 509 * for the receiver. 510 * XXX: should we consider 511 * older rcvif? 512 */ 513 m->m_pkthdr.rcvif = rt->rt_ifp; 514 } 515 516 /* 517 * mbuf has empty MAC header, remove 518 * for icmp. XXX layer violation. 519 */ 520 m_adj(m, ETHER_HDR_LEN); 521 icmp6_error(m, ICMP6_DST_UNREACH, 522 ICMP6_DST_UNREACH_ADDR, 0); 523 ln->ln_hold = NULL; 524 } 525 ln->ln_state = ND6_LLINFO_WAITDELETE; 526 rt_rtmsg(RTM_MISS, rt, rt->rt_ifp, 0); 527 } 528 ln->ln_expire = time_uptime + 529 ND_IFINFO(ifp)->retrans / 1000; 530 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 531 ln, 0); 532 break; 533 case ND6_LLINFO_REACHABLE: 534 if (ln->ln_expire) { 535 ln->ln_state = ND6_LLINFO_STALE; 536 ln->ln_expire = time_uptime + nd6_gctimer; 537 } 538 break; 539 540 case ND6_LLINFO_STALE: 541 /* Garbage Collection(RFC 2461 5.3) */ 542 if (ln->ln_expire) 543 next = nd6_free(rt); 544 break; 545 546 case ND6_LLINFO_DELAY: 547 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD)) { 548 /* We need NUD */ 549 ln->ln_asked = 1; 550 ln->ln_state = ND6_LLINFO_PROBE; 551 ln->ln_expire = time_uptime + 552 ndi->retrans / 1000; 553 nd6_ns_output(ifp, &dst->sin6_addr, 554 &dst->sin6_addr, 555 ln, 0); 556 } else { 557 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 558 ln->ln_expire = time_uptime + nd6_gctimer; 559 } 560 break; 561 case ND6_LLINFO_PROBE: 562 if (ln->ln_asked < nd6_umaxtries) { 563 ln->ln_asked++; 564 ln->ln_expire = time_uptime + 565 ND_IFINFO(ifp)->retrans / 1000; 566 nd6_ns_output(ifp, &dst->sin6_addr, 567 &dst->sin6_addr, ln, 0); 568 } else { 569 rt_rtmsg(RTM_MISS, rt, rt->rt_ifp, 0); 570 next = nd6_free(rt); 571 } 572 break; 573 } 574 ln = next; 575 } 576 577 /* expire default router list */ 578 dr = TAILQ_FIRST(&nd_defrouter); 579 while (dr) { 580 if (dr->expire && dr->expire < time_uptime) { 581 struct nd_defrouter *t; 582 t = TAILQ_NEXT(dr, dr_entry); 583 defrtrlist_del(dr); 584 dr = t; 585 } else { 586 dr = TAILQ_NEXT(dr, dr_entry); 587 } 588 } 589 590 /* 591 * expire interface addresses. 592 * in the past the loop was inside prefix expiry processing. 593 * However, from a stricter speci-confrmance standpoint, we should 594 * rather separate address lifetimes and prefix lifetimes. 595 */ 596 addrloop: 597 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 598 nia6 = ia6->ia_next; 599 /* check address lifetime */ 600 if (IFA6_IS_INVALID(ia6)) { 601 int regen = 0; 602 603 /* 604 * If the expiring address is temporary, try 605 * regenerating a new one. This would be useful when 606 * we suspended a laptop PC, then turned it on after a 607 * period that could invalidate all temporary 608 * addresses. Although we may have to restart the 609 * loop (see below), it must be after purging the 610 * address. Otherwise, we'd see an infinite loop of 611 * regeneration. 612 */ 613 if (ip6_use_tempaddr && 614 (ia6->ia6_flags & IN6_IFF_TEMPORARY)) { 615 if (regen_tmpaddr(ia6) == 0) 616 regen = 1; 617 } 618 619 in6_purgeaddr(&ia6->ia_ifa); 620 621 if (regen) 622 goto addrloop; /* XXX: see below */ 623 /* ia6 is no longer good, continue on to next */ 624 continue; 625 } 626 if (IFA6_IS_DEPRECATED(ia6)) { 627 int oldflags = ia6->ia6_flags; 628 629 if ((oldflags & IN6_IFF_DEPRECATED) == 0) { 630 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 631 in6_newaddrmsg((struct ifaddr *)ia6); 632 } 633 634 /* 635 * If a temporary address has just become deprecated, 636 * regenerate a new one if possible. 637 */ 638 if (ip6_use_tempaddr && 639 (ia6->ia6_flags & IN6_IFF_TEMPORARY) && 640 !(oldflags & IN6_IFF_DEPRECATED)) { 641 642 if (regen_tmpaddr(ia6) == 0) { 643 /* 644 * A new temporary address is 645 * generated. 646 * XXX: this means the address chain 647 * has changed while we are still in 648 * the loop. Although the change 649 * would not cause disaster (because 650 * it's not a deletion, but an 651 * addition,) we'd rather restart the 652 * loop just for safety. Or does this 653 * significantly reduce performance?? 654 */ 655 goto addrloop; 656 } 657 } 658 } else { 659 /* 660 * A new RA might have made a deprecated address 661 * preferred. 662 */ 663 if (ia6->ia6_flags & IN6_IFF_DEPRECATED) { 664 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 665 in6_newaddrmsg((struct ifaddr *)ia6); 666 } 667 } 668 } 669 670 /* expire prefix list */ 671 pr = nd_prefix.lh_first; 672 while (pr) { 673 /* 674 * check prefix lifetime. 675 * since pltime is just for autoconf, pltime processing for 676 * prefix is not necessary. 677 */ 678 if (pr->ndpr_expire && pr->ndpr_expire < time_uptime) { 679 struct nd_prefix *t; 680 t = pr->ndpr_next; 681 682 /* 683 * address expiration and prefix expiration are 684 * separate. NEVER perform in6_purgeaddr here. 685 */ 686 687 prelist_remove(pr); 688 pr = t; 689 } else 690 pr = pr->ndpr_next; 691 } 692 693 mtx_unlock(&nd6_mtx); 694 695 callout_reset(&nd6_timer_ch, nd6_prune * hz, nd6_timer, NULL); 696 } 697 698 static void 699 nd6_timer(void *arg __unused) 700 { 701 struct lwkt_msg *lmsg = &nd6_timer_netmsg.lmsg; 702 703 KASSERT(mycpuid == 0, ("not on cpu0")); 704 crit_enter(); 705 if (lmsg->ms_flags & MSGF_DONE) 706 lwkt_sendmsg_oncpu(netisr_cpuport(0), lmsg); 707 crit_exit(); 708 } 709 710 void 711 nd6_timer_init(void) 712 { 713 callout_init_mp(&nd6_timer_ch); 714 netmsg_init(&nd6_timer_netmsg, NULL, &netisr_adone_rport, 715 MSGF_PRIORITY, nd6_timer_dispatch); 716 callout_reset_bycpu(&nd6_timer_ch, hz, nd6_timer, NULL, 0); 717 } 718 719 static int 720 regen_tmpaddr(struct in6_ifaddr *ia6) /* deprecated/invalidated temporary 721 address */ 722 { 723 struct ifaddr_container *ifac; 724 struct ifnet *ifp; 725 struct in6_ifaddr *public_ifa6 = NULL; 726 727 ifp = ia6->ia_ifa.ifa_ifp; 728 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 729 struct ifaddr *ifa = ifac->ifa; 730 struct in6_ifaddr *it6; 731 732 if (ifa->ifa_addr->sa_family != AF_INET6) 733 continue; 734 735 it6 = (struct in6_ifaddr *)ifa; 736 737 /* ignore no autoconf addresses. */ 738 if (!(it6->ia6_flags & IN6_IFF_AUTOCONF)) 739 continue; 740 741 /* ignore autoconf addresses with different prefixes. */ 742 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 743 continue; 744 745 /* 746 * Now we are looking at an autoconf address with the same 747 * prefix as ours. If the address is temporary and is still 748 * preferred, do not create another one. It would be rare, but 749 * could happen, for example, when we resume a laptop PC after 750 * a long period. 751 */ 752 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) && 753 !IFA6_IS_DEPRECATED(it6)) { 754 public_ifa6 = NULL; 755 break; 756 } 757 758 /* 759 * This is a public autoconf address that has the same prefix 760 * as ours. If it is preferred, keep it. We can't break the 761 * loop here, because there may be a still-preferred temporary 762 * address with the prefix. 763 */ 764 if (!IFA6_IS_DEPRECATED(it6)) 765 public_ifa6 = it6; 766 } 767 768 if (public_ifa6 != NULL) { 769 int e; 770 771 if ((e = in6_tmpifadd(public_ifa6, 0)) != 0) { 772 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 773 " tmp addr,errno=%d\n", e); 774 return (-1); 775 } 776 return (0); 777 } 778 779 return (-1); 780 } 781 782 /* 783 * Nuke neighbor cache/prefix/default router management table, right before 784 * ifp goes away. 785 */ 786 void 787 nd6_purge(struct ifnet *ifp) 788 { 789 struct llinfo_nd6 *ln, *nln; 790 struct nd_defrouter *dr, *ndr, drany; 791 struct nd_prefix *pr, *npr; 792 793 /* Nuke default router list entries toward ifp */ 794 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 795 /* 796 * The first entry of the list may be stored in 797 * the routing table, so we'll delete it later. 798 */ 799 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = ndr) { 800 ndr = TAILQ_NEXT(dr, dr_entry); 801 if (dr->ifp == ifp) 802 defrtrlist_del(dr); 803 } 804 dr = TAILQ_FIRST(&nd_defrouter); 805 if (dr->ifp == ifp) 806 defrtrlist_del(dr); 807 } 808 809 /* Nuke prefix list entries toward ifp */ 810 for (pr = nd_prefix.lh_first; pr; pr = npr) { 811 npr = pr->ndpr_next; 812 if (pr->ndpr_ifp == ifp) { 813 /* 814 * Previously, pr->ndpr_addr is removed as well, 815 * but I strongly believe we don't have to do it. 816 * nd6_purge() is only called from in6_ifdetach(), 817 * which removes all the associated interface addresses 818 * by itself. 819 * (jinmei@kame.net 20010129) 820 */ 821 prelist_remove(pr); 822 } 823 } 824 825 /* cancel default outgoing interface setting */ 826 if (nd6_defifindex == ifp->if_index) 827 nd6_setdefaultiface(0); 828 829 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 830 /* refresh default router list */ 831 bzero(&drany, sizeof(drany)); 832 defrouter_delreq(&drany, 0); 833 defrouter_select(); 834 } 835 836 /* 837 * Nuke neighbor cache entries for the ifp. 838 * Note that rt->rt_ifp may not be the same as ifp, 839 * due to KAME goto ours hack. See RTM_RESOLVE case in 840 * nd6_rtrequest(), and ip6_input(). 841 */ 842 ln = llinfo_nd6.ln_next; 843 while (ln && ln != &llinfo_nd6) { 844 struct rtentry *rt; 845 struct sockaddr_dl *sdl; 846 847 nln = ln->ln_next; 848 rt = ln->ln_rt; 849 if (rt && rt->rt_gateway && 850 rt->rt_gateway->sa_family == AF_LINK) { 851 sdl = (struct sockaddr_dl *)rt->rt_gateway; 852 if (sdl->sdl_index == ifp->if_index) 853 nln = nd6_free(rt); 854 } 855 ln = nln; 856 } 857 } 858 859 struct rtentry * 860 nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp) 861 { 862 struct rtentry *rt; 863 struct sockaddr_in6 sin6; 864 865 bzero(&sin6, sizeof(sin6)); 866 sin6.sin6_len = sizeof(struct sockaddr_in6); 867 sin6.sin6_family = AF_INET6; 868 sin6.sin6_addr = *addr6; 869 870 if (create) 871 rt = rtlookup((struct sockaddr *)&sin6); 872 else 873 rt = rtpurelookup((struct sockaddr *)&sin6); 874 if (rt && !(rt->rt_flags & RTF_LLINFO)) { 875 /* 876 * This is the case for the default route. 877 * If we want to create a neighbor cache for the address, we 878 * should free the route for the destination and allocate an 879 * interface route. 880 */ 881 if (create) { 882 --rt->rt_refcnt; 883 rt = NULL; 884 } 885 } 886 if (!rt) { 887 if (create && ifp) { 888 int e; 889 890 /* 891 * If no route is available and create is set, 892 * we allocate a host route for the destination 893 * and treat it like an interface route. 894 * This hack is necessary for a neighbor which can't 895 * be covered by our own prefix. 896 */ 897 struct ifaddr *ifa; 898 899 ifa = ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 900 if (ifa == NULL) 901 return (NULL); 902 903 /* 904 * Create a new route. RTF_LLINFO is necessary 905 * to create a Neighbor Cache entry for the 906 * destination in nd6_rtrequest which will be 907 * called in rtrequest via ifa->ifa_rtrequest. 908 */ 909 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 910 ifa->ifa_addr, (struct sockaddr *)&all1_sa, 911 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) & 912 ~RTF_CLONING, &rt)) != 0) { 913 log(LOG_ERR, 914 "nd6_lookup: failed to add route for a " 915 "neighbor(%s), errno=%d\n", 916 ip6_sprintf(addr6), e); 917 } 918 if (rt == NULL) 919 return (NULL); 920 if (rt->rt_llinfo) { 921 struct llinfo_nd6 *ln = 922 (struct llinfo_nd6 *)rt->rt_llinfo; 923 924 ln->ln_state = ND6_LLINFO_NOSTATE; 925 } 926 } else 927 return (NULL); 928 } 929 rt->rt_refcnt--; 930 931 if (!ND6_RTENTRY_IS_NEIGHBOR(rt, ifp)) { 932 if (create) { 933 log(LOG_DEBUG, 934 "nd6_lookup: failed to lookup %s (if = %s)\n", 935 ip6_sprintf(addr6), ifp ? if_name(ifp) : "unspec"); 936 /* xxx more logs... kazu */ 937 } 938 return (NULL); 939 } 940 return (rt); 941 } 942 943 static struct rtentry * 944 nd6_neighbor_lookup(struct in6_addr *addr6, struct ifnet *ifp) 945 { 946 struct rtentry *rt; 947 struct sockaddr_in6 sin6; 948 949 bzero(&sin6, sizeof(sin6)); 950 sin6.sin6_len = sizeof(struct sockaddr_in6); 951 sin6.sin6_family = AF_INET6; 952 sin6.sin6_addr = *addr6; 953 954 rt = rtpurelookup((struct sockaddr *)&sin6); 955 if (rt == NULL) 956 return (NULL); 957 rt->rt_refcnt--; 958 959 if (!ND6_RTENTRY_IS_NEIGHBOR(rt, ifp)) { 960 if (nd6_onlink_ns_rfc4861 && 961 (ND6_RTENTRY_IS_LLCLONING(rt) || /* not cloned yet */ 962 (rt->rt_parent != NULL && /* cloning */ 963 ND6_RTENTRY_IS_LLCLONING(rt->rt_parent)))) { 964 /* 965 * If cloning ever happened or is happening, 966 * rtentry for addr6 would or will become a 967 * neighbor cache. 968 */ 969 } else { 970 rt = NULL; 971 } 972 } 973 return (rt); 974 } 975 976 /* 977 * Detect if a given IPv6 address identifies a neighbor on a given link. 978 * XXX: should take care of the destination of a p2p link? 979 */ 980 int 981 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 982 { 983 struct ifaddr_container *ifac; 984 int i; 985 986 #define IFADDR6(a) ((((struct in6_ifaddr *)(a))->ia_addr).sin6_addr) 987 #define IFMASK6(a) ((((struct in6_ifaddr *)(a))->ia_prefixmask).sin6_addr) 988 989 /* 990 * A link-local address is always a neighbor. 991 * XXX: we should use the sin6_scope_id field rather than the embedded 992 * interface index. 993 */ 994 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 995 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 996 return (1); 997 998 /* 999 * If the address matches one of our addresses, 1000 * it should be a neighbor. 1001 */ 1002 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 1003 struct ifaddr *ifa = ifac->ifa; 1004 1005 if (ifa->ifa_addr->sa_family != AF_INET6) 1006 next: continue; 1007 1008 for (i = 0; i < 4; i++) { 1009 if ((IFADDR6(ifa).s6_addr32[i] ^ 1010 addr->sin6_addr.s6_addr32[i]) & 1011 IFMASK6(ifa).s6_addr32[i]) 1012 goto next; 1013 } 1014 return (1); 1015 } 1016 1017 /* 1018 * Even if the address matches none of our addresses, it might be 1019 * in the neighbor cache. 1020 */ 1021 if (nd6_neighbor_lookup(&addr->sin6_addr, ifp) != NULL) 1022 return (1); 1023 1024 return (0); 1025 #undef IFADDR6 1026 #undef IFMASK6 1027 } 1028 1029 /* 1030 * Free an nd6 llinfo entry. 1031 */ 1032 struct llinfo_nd6 * 1033 nd6_free(struct rtentry *rt) 1034 { 1035 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 1036 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 1037 struct nd_defrouter *dr; 1038 1039 /* 1040 * we used to have kpfctlinput(PRC_HOSTDEAD) here. 1041 * even though it is not harmful, it was not really necessary. 1042 */ 1043 1044 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 1045 mtx_lock(&nd6_mtx); 1046 dr = defrouter_lookup( 1047 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 1048 rt->rt_ifp); 1049 1050 if (ln->ln_router || dr) { 1051 /* 1052 * rt6_flush must be called whether or not the neighbor 1053 * is in the Default Router List. 1054 * See a corresponding comment in nd6_na_input(). 1055 */ 1056 rt6_flush(&in6, rt->rt_ifp); 1057 } 1058 1059 if (dr) { 1060 /* 1061 * Unreachablity of a router might affect the default 1062 * router selection and on-link detection of advertised 1063 * prefixes. 1064 */ 1065 1066 /* 1067 * Temporarily fake the state to choose a new default 1068 * router and to perform on-link determination of 1069 * prefixes correctly. 1070 * Below the state will be set correctly, 1071 * or the entry itself will be deleted. 1072 */ 1073 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1074 1075 /* 1076 * Since defrouter_select() does not affect the 1077 * on-link determination and MIP6 needs the check 1078 * before the default router selection, we perform 1079 * the check now. 1080 */ 1081 pfxlist_onlink_check(); 1082 1083 if (dr == TAILQ_FIRST(&nd_defrouter)) { 1084 /* 1085 * It is used as the current default router, 1086 * so we have to move it to the end of the 1087 * list and choose a new one. 1088 * XXX: it is not very efficient if this is 1089 * the only router. 1090 */ 1091 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 1092 TAILQ_INSERT_TAIL(&nd_defrouter, dr, dr_entry); 1093 1094 defrouter_select(); 1095 } 1096 } 1097 mtx_unlock(&nd6_mtx); 1098 } 1099 1100 /* 1101 * Before deleting the entry, remember the next entry as the 1102 * return value. We need this because pfxlist_onlink_check() above 1103 * might have freed other entries (particularly the old next entry) as 1104 * a side effect (XXX). 1105 */ 1106 next = ln->ln_next; 1107 1108 /* 1109 * Detach the route from the routing tree and the list of neighbor 1110 * caches, and disable the route entry not to be used in already 1111 * cached routes. 1112 * 1113 * ND expiry happens under one big timer. 1114 * To avoid overflowing the route socket, don't report this. 1115 * Now that RTM_MISS is reported when an address is unresolvable 1116 * the benefit of reporting this deletion is questionable. 1117 */ 1118 rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL); 1119 1120 return (next); 1121 } 1122 1123 /* 1124 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1125 * 1126 * XXX cost-effective metods? 1127 */ 1128 void 1129 nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) 1130 { 1131 struct llinfo_nd6 *ln; 1132 1133 /* 1134 * If the caller specified "rt", use that. Otherwise, resolve the 1135 * routing table by supplied "dst6". 1136 */ 1137 if (!rt) { 1138 if (!dst6) 1139 return; 1140 if (!(rt = nd6_lookup(dst6, 0, NULL))) 1141 return; 1142 } 1143 1144 if ((rt->rt_flags & RTF_GATEWAY) || 1145 !(rt->rt_flags & RTF_LLINFO) || 1146 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 1147 rt->rt_gateway->sa_family != AF_LINK) { 1148 /* This is not a host route. */ 1149 return; 1150 } 1151 1152 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1153 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1154 return; 1155 1156 /* 1157 * if we get upper-layer reachability confirmation many times, 1158 * it is possible we have false information. 1159 */ 1160 if (!force) { 1161 ln->ln_byhint++; 1162 if (ln->ln_byhint > nd6_maxnudhint) 1163 return; 1164 } 1165 1166 ln->ln_state = ND6_LLINFO_REACHABLE; 1167 if (ln->ln_expire) 1168 ln->ln_expire = time_uptime + 1169 ND_IFINFO(rt->rt_ifp)->reachable; 1170 } 1171 1172 void 1173 nd6_rtrequest(int req, struct rtentry *rt) 1174 { 1175 struct sockaddr *gate = rt->rt_gateway; 1176 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1177 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1178 struct ifnet *ifp = rt->rt_ifp; 1179 struct ifaddr *ifa; 1180 1181 if ((rt->rt_flags & RTF_GATEWAY)) 1182 return; 1183 1184 if (nd6_need_cache(ifp) == 0 && !(rt->rt_flags & RTF_HOST)) { 1185 /* 1186 * This is probably an interface direct route for a link 1187 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1188 * We do not need special treatment below for such a route. 1189 * Moreover, the RTF_LLINFO flag which would be set below 1190 * would annoy the ndp(8) command. 1191 */ 1192 return; 1193 } 1194 1195 if (req == RTM_RESOLVE && 1196 (nd6_need_cache(ifp) == 0 || /* stf case */ 1197 !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) { 1198 /* 1199 * FreeBSD and BSD/OS often make a cloned host route based 1200 * on a less-specific route (e.g. the default route). 1201 * If the less specific route does not have a "gateway" 1202 * (this is the case when the route just goes to a p2p or an 1203 * stf interface), we'll mistakenly make a neighbor cache for 1204 * the host route, and will see strange neighbor solicitation 1205 * for the corresponding destination. In order to avoid the 1206 * confusion, we check if the destination of the route is 1207 * a neighbor in terms of neighbor discovery, and stop the 1208 * process if not. Additionally, we remove the LLINFO flag 1209 * so that ndp(8) will not try to get the neighbor information 1210 * of the destination. 1211 */ 1212 rt->rt_flags &= ~RTF_LLINFO; 1213 return; 1214 } 1215 1216 switch (req) { 1217 case RTM_ADD: 1218 /* 1219 * There is no backward compatibility :) 1220 * 1221 * if (!(rt->rt_flags & RTF_HOST) && 1222 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1223 * rt->rt_flags |= RTF_CLONING; 1224 */ 1225 if (rt->rt_flags & (RTF_CLONING | RTF_LLINFO)) { 1226 /* 1227 * Case 1: This route should come from 1228 * a route to interface. RTF_LLINFO flag is set 1229 * for a host route whose destination should be 1230 * treated as on-link. 1231 */ 1232 rt_setgate(rt, rt_key(rt), 1233 (struct sockaddr *)&null_sdl); 1234 gate = rt->rt_gateway; 1235 SDL(gate)->sdl_type = ifp->if_type; 1236 SDL(gate)->sdl_index = ifp->if_index; 1237 if (ln) 1238 ln->ln_expire = time_uptime; 1239 if (ln && ln->ln_expire == 0) { 1240 /* kludge for desktops */ 1241 ln->ln_expire = 1; 1242 } 1243 if ((rt->rt_flags & RTF_CLONING)) 1244 break; 1245 } 1246 /* 1247 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1248 * We don't do that here since llinfo is not ready yet. 1249 * 1250 * There are also couple of other things to be discussed: 1251 * - unsolicited NA code needs improvement beforehand 1252 * - RFC2461 says we MAY send multicast unsolicited NA 1253 * (7.2.6 paragraph 4), however, it also says that we 1254 * SHOULD provide a mechanism to prevent multicast NA storm. 1255 * we don't have anything like it right now. 1256 * note that the mechanism needs a mutual agreement 1257 * between proxies, which means that we need to implement 1258 * a new protocol, or a new kludge. 1259 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1260 * we need to check ip6forwarding before sending it. 1261 * (or should we allow proxy ND configuration only for 1262 * routers? there's no mention about proxy ND from hosts) 1263 */ 1264 #if 0 1265 /* XXX it does not work */ 1266 if ((rt->rt_flags & RTF_ANNOUNCE) && mycpuid == 0) { 1267 nd6_na_output(ifp, 1268 &SIN6(rt_key(rt))->sin6_addr, 1269 &SIN6(rt_key(rt))->sin6_addr, 1270 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1271 1, NULL); 1272 } 1273 #endif 1274 /* FALLTHROUGH */ 1275 case RTM_RESOLVE: 1276 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1277 /* 1278 * Address resolution isn't necessary for a point to 1279 * point link, so we can skip this test for a p2p link. 1280 */ 1281 if (gate->sa_family != AF_LINK || 1282 gate->sa_len < sizeof(null_sdl)) { 1283 log(LOG_DEBUG, 1284 "nd6_rtrequest: bad gateway value: %s\n", 1285 if_name(ifp)); 1286 break; 1287 } 1288 SDL(gate)->sdl_type = ifp->if_type; 1289 SDL(gate)->sdl_index = ifp->if_index; 1290 } 1291 if (ln != NULL) 1292 break; /* This happens on a route change */ 1293 /* 1294 * Case 2: This route may come from cloning, or a manual route 1295 * add with a LL address. 1296 */ 1297 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1298 rt->rt_llinfo = (caddr_t)ln; 1299 if (!ln) { 1300 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1301 break; 1302 } 1303 nd6_inuse++; 1304 nd6_allocated++; 1305 bzero(ln, sizeof(*ln)); 1306 ln->ln_rt = rt; 1307 /* this is required for "ndp" command. - shin */ 1308 if (req == RTM_ADD) { 1309 /* 1310 * gate should have some valid AF_LINK entry, 1311 * and ln->ln_expire should have some lifetime 1312 * which is specified by ndp command. 1313 */ 1314 ln->ln_state = ND6_LLINFO_REACHABLE; 1315 ln->ln_byhint = 0; 1316 } else { 1317 /* 1318 * When req == RTM_RESOLVE, rt is created and 1319 * initialized in rtrequest(), so rt_expire is 0. 1320 */ 1321 ln->ln_state = ND6_LLINFO_NOSTATE; 1322 ln->ln_expire = time_uptime; 1323 } 1324 rt->rt_flags |= RTF_LLINFO; 1325 ln->ln_next = llinfo_nd6.ln_next; 1326 llinfo_nd6.ln_next = ln; 1327 ln->ln_prev = &llinfo_nd6; 1328 ln->ln_next->ln_prev = ln; 1329 1330 /* 1331 * check if rt_key(rt) is one of my address assigned 1332 * to the interface. 1333 */ 1334 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1335 &SIN6(rt_key(rt))->sin6_addr); 1336 if (ifa) { 1337 caddr_t macp = nd6_ifptomac(ifp); 1338 ln->ln_expire = 0; 1339 ln->ln_state = ND6_LLINFO_REACHABLE; 1340 ln->ln_byhint = 0; 1341 if (macp) { 1342 bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1343 SDL(gate)->sdl_alen = ifp->if_addrlen; 1344 } 1345 if (nd6_useloopback) { 1346 rt->rt_ifp = loif; /* XXX */ 1347 /* 1348 * Make sure rt_ifa be equal to the ifaddr 1349 * corresponding to the address. 1350 * We need this because when we refer 1351 * rt_ifa->ia6_flags in ip6_input, we assume 1352 * that the rt_ifa points to the address instead 1353 * of the loopback address. 1354 */ 1355 if (ifa != rt->rt_ifa) { 1356 IFAFREE(rt->rt_ifa); 1357 IFAREF(ifa); 1358 rt->rt_ifa = ifa; 1359 } 1360 } 1361 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1362 ln->ln_expire = 0; 1363 ln->ln_state = ND6_LLINFO_REACHABLE; 1364 ln->ln_byhint = 0; 1365 1366 /* 1367 * Join solicited node multicast for proxy ND, and only 1368 * join it once on cpu0. 1369 */ 1370 if ((ifp->if_flags & IFF_MULTICAST) && mycpuid == 0) { 1371 struct in6_addr llsol; 1372 int error; 1373 1374 llsol = SIN6(rt_key(rt))->sin6_addr; 1375 llsol.s6_addr16[0] = htons(0xff02); 1376 llsol.s6_addr16[1] = htons(ifp->if_index); 1377 llsol.s6_addr32[1] = 0; 1378 llsol.s6_addr32[2] = htonl(1); 1379 llsol.s6_addr8[12] = 0xff; 1380 1381 if (!in6_addmulti(&llsol, ifp, &error)) { 1382 nd6log((LOG_ERR, "%s: failed to join " 1383 "%s (errno=%d)\n", if_name(ifp), 1384 ip6_sprintf(&llsol), error)); 1385 } 1386 } 1387 } 1388 break; 1389 1390 case RTM_DELETE: 1391 if (!ln) 1392 break; 1393 /* 1394 * Leave from solicited node multicast for proxy ND, and only 1395 * leave it once on cpu0 (since we joined it once on cpu0). 1396 */ 1397 if ((rt->rt_flags & RTF_ANNOUNCE) && 1398 (ifp->if_flags & IFF_MULTICAST) && mycpuid == 0) { 1399 struct in6_addr llsol; 1400 struct in6_multi *in6m; 1401 1402 llsol = SIN6(rt_key(rt))->sin6_addr; 1403 llsol.s6_addr16[0] = htons(0xff02); 1404 llsol.s6_addr16[1] = htons(ifp->if_index); 1405 llsol.s6_addr32[1] = 0; 1406 llsol.s6_addr32[2] = htonl(1); 1407 llsol.s6_addr8[12] = 0xff; 1408 1409 in6m = IN6_LOOKUP_MULTI(&llsol, ifp); 1410 if (in6m) 1411 in6_delmulti(in6m); 1412 } 1413 nd6_inuse--; 1414 ln->ln_next->ln_prev = ln->ln_prev; 1415 ln->ln_prev->ln_next = ln->ln_next; 1416 ln->ln_prev = NULL; 1417 rt->rt_llinfo = 0; 1418 rt->rt_flags &= ~RTF_LLINFO; 1419 if (ln->ln_hold) 1420 m_freem(ln->ln_hold); 1421 R_Free(ln); 1422 } 1423 } 1424 1425 int 1426 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1427 { 1428 struct in6_drlist *drl = (struct in6_drlist *)data; 1429 struct in6_prlist *prl = (struct in6_prlist *)data; 1430 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1431 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1432 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1433 struct nd_defrouter *dr, any; 1434 struct nd_prefix *pr; 1435 struct rtentry *rt; 1436 int i = 0, error = 0; 1437 1438 switch (cmd) { 1439 case SIOCGDRLST_IN6: 1440 /* 1441 * obsolete API, use sysctl under net.inet6.icmp6 1442 */ 1443 bzero(drl, sizeof(*drl)); 1444 mtx_lock(&nd6_mtx); 1445 dr = TAILQ_FIRST(&nd_defrouter); 1446 while (dr && i < DRLSTSIZ) { 1447 drl->defrouter[i].rtaddr = dr->rtaddr; 1448 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1449 /* XXX: need to this hack for KAME stack */ 1450 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1451 } else 1452 log(LOG_ERR, 1453 "default router list contains a " 1454 "non-linklocal address(%s)\n", 1455 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1456 1457 drl->defrouter[i].flags = dr->flags; 1458 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1459 drl->defrouter[i].expire = dr->expire; 1460 drl->defrouter[i].if_index = dr->ifp->if_index; 1461 i++; 1462 dr = TAILQ_NEXT(dr, dr_entry); 1463 } 1464 mtx_unlock(&nd6_mtx); 1465 break; 1466 case SIOCGPRLST_IN6: 1467 /* 1468 * obsolete API, use sysctl under net.inet6.icmp6 1469 */ 1470 /* 1471 * XXX meaning of fields, especialy "raflags", is very 1472 * differnet between RA prefix list and RR/static prefix list. 1473 * how about separating ioctls into two? 1474 */ 1475 bzero(prl, sizeof(*prl)); 1476 mtx_lock(&nd6_mtx); 1477 pr = nd_prefix.lh_first; 1478 while (pr && i < PRLSTSIZ) { 1479 struct nd_pfxrouter *pfr; 1480 int j; 1481 1482 in6_embedscope(&prl->prefix[i].prefix, 1483 &pr->ndpr_prefix, NULL, NULL); 1484 prl->prefix[i].raflags = pr->ndpr_raf; 1485 prl->prefix[i].prefixlen = pr->ndpr_plen; 1486 prl->prefix[i].vltime = pr->ndpr_vltime; 1487 prl->prefix[i].pltime = pr->ndpr_pltime; 1488 prl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1489 prl->prefix[i].expire = pr->ndpr_expire; 1490 1491 pfr = pr->ndpr_advrtrs.lh_first; 1492 j = 0; 1493 while (pfr) { 1494 if (j < DRLSTSIZ) { 1495 #define RTRADDR prl->prefix[i].advrtr[j] 1496 RTRADDR = pfr->router->rtaddr; 1497 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1498 /* XXX: hack for KAME */ 1499 RTRADDR.s6_addr16[1] = 0; 1500 } else 1501 log(LOG_ERR, 1502 "a router(%s) advertises " 1503 "a prefix with " 1504 "non-link local address\n", 1505 ip6_sprintf(&RTRADDR)); 1506 #undef RTRADDR 1507 } 1508 j++; 1509 pfr = pfr->pfr_next; 1510 } 1511 prl->prefix[i].advrtrs = j; 1512 prl->prefix[i].origin = PR_ORIG_RA; 1513 1514 i++; 1515 pr = pr->ndpr_next; 1516 } 1517 mtx_unlock(&nd6_mtx); 1518 1519 break; 1520 case OSIOCGIFINFO_IN6: 1521 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1522 bzero(&ndi->ndi, sizeof(ndi->ndi)); 1523 ndi->ndi.linkmtu = IN6_LINKMTU(ifp); 1524 ndi->ndi.maxmtu = ND_IFINFO(ifp)->maxmtu; 1525 ndi->ndi.basereachable = ND_IFINFO(ifp)->basereachable; 1526 ndi->ndi.reachable = ND_IFINFO(ifp)->reachable; 1527 ndi->ndi.retrans = ND_IFINFO(ifp)->retrans; 1528 ndi->ndi.flags = ND_IFINFO(ifp)->flags; 1529 ndi->ndi.recalctm = ND_IFINFO(ifp)->recalctm; 1530 ndi->ndi.chlim = ND_IFINFO(ifp)->chlim; 1531 break; 1532 case SIOCGIFINFO_IN6: 1533 ndi->ndi = *ND_IFINFO(ifp); 1534 ndi->ndi.linkmtu = IN6_LINKMTU(ifp); 1535 break; 1536 case SIOCSIFINFO_IN6: 1537 /* 1538 * used to change host variables from userland. 1539 * intented for a use on router to reflect RA configurations. 1540 */ 1541 /* 0 means 'unspecified' */ 1542 if (ndi->ndi.linkmtu != 0) { 1543 if (ndi->ndi.linkmtu < IPV6_MMTU || 1544 ndi->ndi.linkmtu > IN6_LINKMTU(ifp)) { 1545 error = EINVAL; 1546 break; 1547 } 1548 ND_IFINFO(ifp)->linkmtu = ndi->ndi.linkmtu; 1549 } 1550 1551 if (ndi->ndi.basereachable != 0) { 1552 int obasereachable = ND_IFINFO(ifp)->basereachable; 1553 1554 ND_IFINFO(ifp)->basereachable = ndi->ndi.basereachable; 1555 if (ndi->ndi.basereachable != obasereachable) 1556 ND_IFINFO(ifp)->reachable = 1557 ND_COMPUTE_RTIME(ndi->ndi.basereachable); 1558 } 1559 if (ndi->ndi.retrans != 0) 1560 ND_IFINFO(ifp)->retrans = ndi->ndi.retrans; 1561 if (ndi->ndi.chlim != 0) 1562 ND_IFINFO(ifp)->chlim = ndi->ndi.chlim; 1563 /* FALLTHROUGH */ 1564 case SIOCSIFINFO_FLAGS: 1565 if ((ndi->ndi.flags & ND6_IFF_AUTO_LINKLOCAL) && 1566 !(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1567 /* auto_linklocal 0->1 transision */ 1568 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1569 in6_ifattach(ifp, NULL); 1570 } 1571 ND_IFINFO(ifp)->flags = ndi->ndi.flags; 1572 break; 1573 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1574 /* flush default router list */ 1575 /* 1576 * xxx sumikawa: should not delete route if default 1577 * route equals to the top of default router list 1578 */ 1579 bzero(&any, sizeof(any)); 1580 defrouter_delreq(&any, 0); 1581 defrouter_select(); 1582 /* xxx sumikawa: flush prefix list */ 1583 break; 1584 case SIOCSPFXFLUSH_IN6: 1585 { 1586 /* flush all the prefix advertised by routers */ 1587 struct nd_prefix *pr, *next; 1588 1589 mtx_lock(&nd6_mtx); 1590 for (pr = nd_prefix.lh_first; pr; pr = next) { 1591 struct in6_ifaddr *ia, *ia_next; 1592 1593 next = pr->ndpr_next; 1594 1595 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1596 continue; /* XXX */ 1597 1598 /* do we really have to remove addresses as well? */ 1599 for (ia = in6_ifaddr; ia; ia = ia_next) { 1600 /* ia might be removed. keep the next ptr. */ 1601 ia_next = ia->ia_next; 1602 1603 if (!(ia->ia6_flags & IN6_IFF_AUTOCONF)) 1604 continue; 1605 1606 if (ia->ia6_ndpr == pr) 1607 in6_purgeaddr(&ia->ia_ifa); 1608 } 1609 prelist_remove(pr); 1610 } 1611 mtx_unlock(&nd6_mtx); 1612 break; 1613 } 1614 case SIOCSRTRFLUSH_IN6: 1615 { 1616 /* flush all the default routers */ 1617 struct nd_defrouter *dr, *next; 1618 1619 mtx_lock(&nd6_mtx); 1620 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 1621 /* 1622 * The first entry of the list may be stored in 1623 * the routing table, so we'll delete it later. 1624 */ 1625 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = next) { 1626 next = TAILQ_NEXT(dr, dr_entry); 1627 defrtrlist_del(dr); 1628 } 1629 defrtrlist_del(TAILQ_FIRST(&nd_defrouter)); 1630 } 1631 mtx_unlock(&nd6_mtx); 1632 break; 1633 } 1634 case SIOCGNBRINFO_IN6: 1635 { 1636 struct llinfo_nd6 *ln; 1637 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1638 1639 /* 1640 * XXX: KAME specific hack for scoped addresses 1641 * XXXX: for other scopes than link-local? 1642 */ 1643 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1644 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1645 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1646 1647 if (*idp == 0) 1648 *idp = htons(ifp->if_index); 1649 } 1650 1651 mtx_lock(&nd6_mtx); 1652 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL) { 1653 error = EINVAL; 1654 mtx_unlock(&nd6_mtx); 1655 break; 1656 } 1657 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1658 nbi->state = ln->ln_state; 1659 nbi->asked = ln->ln_asked; 1660 nbi->isrouter = ln->ln_router; 1661 nbi->expire = ln->ln_expire; 1662 mtx_unlock(&nd6_mtx); 1663 1664 break; 1665 } 1666 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1667 ndif->ifindex = nd6_defifindex; 1668 break; 1669 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1670 return (nd6_setdefaultiface(ndif->ifindex)); 1671 } 1672 return (error); 1673 } 1674 1675 /* 1676 * Create neighbor cache entry and cache link-layer address, 1677 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1678 */ 1679 struct rtentry * 1680 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1681 int lladdrlen, 1682 int type, /* ICMP6 type */ 1683 int code /* type dependent information */) 1684 { 1685 struct rtentry *rt = NULL; 1686 struct llinfo_nd6 *ln = NULL; 1687 int is_newentry; 1688 struct sockaddr_dl *sdl = NULL; 1689 int do_update; 1690 int olladdr; 1691 int llchange; 1692 int newstate = 0; 1693 1694 if (!ifp) 1695 panic("ifp == NULL in nd6_cache_lladdr"); 1696 if (!from) 1697 panic("from == NULL in nd6_cache_lladdr"); 1698 1699 /* nothing must be updated for unspecified address */ 1700 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1701 return NULL; 1702 1703 /* 1704 * Validation about ifp->if_addrlen and lladdrlen must be done in 1705 * the caller. 1706 * 1707 * XXX If the link does not have link-layer adderss, what should 1708 * we do? (ifp->if_addrlen == 0) 1709 * Spec says nothing in sections for RA, RS and NA. There's small 1710 * description on it in NS section (RFC 2461 7.2.3). 1711 */ 1712 1713 rt = nd6_lookup(from, 0, ifp); 1714 if (!rt) { 1715 #if 0 1716 /* nothing must be done if there's no lladdr */ 1717 if (!lladdr || !lladdrlen) 1718 return NULL; 1719 #endif 1720 1721 rt = nd6_lookup(from, 1, ifp); 1722 is_newentry = 1; 1723 } else { 1724 /* do nothing if static ndp is set */ 1725 if (rt->rt_flags & RTF_STATIC) 1726 return NULL; 1727 is_newentry = 0; 1728 } 1729 1730 if (!rt) 1731 return NULL; 1732 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1733 fail: 1734 nd6_free(rt); 1735 return NULL; 1736 } 1737 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1738 if (!ln) 1739 goto fail; 1740 if (!rt->rt_gateway) 1741 goto fail; 1742 if (rt->rt_gateway->sa_family != AF_LINK) 1743 goto fail; 1744 sdl = SDL(rt->rt_gateway); 1745 1746 olladdr = (sdl->sdl_alen) ? 1 : 0; 1747 if (olladdr && lladdr) { 1748 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1749 llchange = 1; 1750 else 1751 llchange = 0; 1752 } else 1753 llchange = 0; 1754 1755 /* 1756 * newentry olladdr lladdr llchange (*=record) 1757 * 0 n n -- (1) 1758 * 0 y n -- (2) 1759 * 0 n y -- (3) * STALE 1760 * 0 y y n (4) * 1761 * 0 y y y (5) * STALE 1762 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1763 * 1 -- y -- (7) * STALE 1764 */ 1765 1766 if (lladdr) { /* (3-5) and (7) */ 1767 /* 1768 * Record source link-layer address 1769 * XXX is it dependent to ifp->if_type? 1770 */ 1771 sdl->sdl_alen = ifp->if_addrlen; 1772 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1773 } 1774 1775 if (!is_newentry) { 1776 if ((!olladdr && lladdr) || /* (3) */ 1777 (olladdr && lladdr && llchange)) { /* (5) */ 1778 do_update = 1; 1779 newstate = ND6_LLINFO_STALE; 1780 } else { /* (1-2,4) */ 1781 do_update = 0; 1782 } 1783 } else { 1784 do_update = 1; 1785 if (!lladdr) /* (6) */ 1786 newstate = ND6_LLINFO_NOSTATE; 1787 else /* (7) */ 1788 newstate = ND6_LLINFO_STALE; 1789 } 1790 1791 if (do_update) { 1792 /* 1793 * Update the state of the neighbor cache. 1794 */ 1795 ln->ln_state = newstate; 1796 1797 if (ln->ln_state == ND6_LLINFO_STALE) { 1798 /* 1799 * XXX: since nd6_output() below will cause 1800 * state tansition to DELAY and reset the timer, 1801 * we must set the timer now, although it is actually 1802 * meaningless. 1803 */ 1804 ln->ln_expire = time_uptime + nd6_gctimer; 1805 1806 if (ln->ln_hold) { 1807 /* 1808 * we assume ifp is not a p2p here, so just 1809 * set the 2nd argument as the 1st one. 1810 */ 1811 nd6_output(ifp, ifp, ln->ln_hold, 1812 (struct sockaddr_in6 *)rt_key(rt), rt); 1813 ln->ln_hold = NULL; 1814 } 1815 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1816 /* probe right away */ 1817 ln->ln_expire = time_uptime; 1818 } 1819 } 1820 1821 /* 1822 * ICMP6 type dependent behavior. 1823 * 1824 * NS: clear IsRouter if new entry 1825 * RS: clear IsRouter 1826 * RA: set IsRouter if there's lladdr 1827 * redir: clear IsRouter if new entry 1828 * 1829 * RA case, (1): 1830 * The spec says that we must set IsRouter in the following cases: 1831 * - If lladdr exist, set IsRouter. This means (1-5). 1832 * - If it is old entry (!newentry), set IsRouter. This means (7). 1833 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1834 * A quetion arises for (1) case. (1) case has no lladdr in the 1835 * neighbor cache, this is similar to (6). 1836 * This case is rare but we figured that we MUST NOT set IsRouter. 1837 * 1838 * newentry olladdr lladdr llchange NS RS RA redir 1839 * D R 1840 * 0 n n -- (1) c ? s 1841 * 0 y n -- (2) c s s 1842 * 0 n y -- (3) c s s 1843 * 0 y y n (4) c s s 1844 * 0 y y y (5) c s s 1845 * 1 -- n -- (6) c c c s 1846 * 1 -- y -- (7) c c s c s 1847 * 1848 * (c=clear s=set) 1849 */ 1850 switch (type & 0xff) { 1851 case ND_NEIGHBOR_SOLICIT: 1852 /* 1853 * New entry must have is_router flag cleared. 1854 */ 1855 if (is_newentry) /* (6-7) */ 1856 ln->ln_router = 0; 1857 break; 1858 case ND_REDIRECT: 1859 /* 1860 * If the icmp is a redirect to a better router, always set the 1861 * is_router flag. Otherwise, if the entry is newly created, 1862 * clear the flag. [RFC 2461, sec 8.3] 1863 */ 1864 if (code == ND_REDIRECT_ROUTER) 1865 ln->ln_router = 1; 1866 else if (is_newentry) /* (6-7) */ 1867 ln->ln_router = 0; 1868 break; 1869 case ND_ROUTER_SOLICIT: 1870 /* 1871 * is_router flag must always be cleared. 1872 */ 1873 ln->ln_router = 0; 1874 break; 1875 case ND_ROUTER_ADVERT: 1876 /* 1877 * Mark an entry with lladdr as a router. 1878 */ 1879 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1880 (is_newentry && lladdr)) { /* (7) */ 1881 ln->ln_router = 1; 1882 } 1883 break; 1884 } 1885 1886 if (llchange || lladdr) 1887 rt_rtmsg(llchange ? RTM_CHANGE : RTM_ADD, rt, rt->rt_ifp, 0); 1888 1889 /* 1890 * When the link-layer address of a router changes, select the 1891 * best router again. In particular, when the neighbor entry is newly 1892 * created, it might affect the selection policy. 1893 * Question: can we restrict the first condition to the "is_newentry" 1894 * case? 1895 * XXX: when we hear an RA from a new router with the link-layer 1896 * address option, defrouter_select() is called twice, since 1897 * defrtrlist_update called the function as well. However, I believe 1898 * we can compromise the overhead, since it only happens the first 1899 * time. 1900 * XXX: although defrouter_select() should not have a bad effect 1901 * for those are not autoconfigured hosts, we explicitly avoid such 1902 * cases for safety. 1903 */ 1904 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1905 defrouter_select(); 1906 1907 return rt; 1908 } 1909 1910 static void 1911 nd6_slowtimo(void *arg __unused) 1912 { 1913 struct lwkt_msg *lmsg = &nd6_slowtimo_netmsg.lmsg; 1914 1915 KASSERT(mycpuid == 0, ("not on cpu0")); 1916 crit_enter(); 1917 if (lmsg->ms_flags & MSGF_DONE) 1918 lwkt_sendmsg_oncpu(netisr_cpuport(0), lmsg); 1919 crit_exit(); 1920 } 1921 1922 static void 1923 nd6_slowtimo_dispatch(netmsg_t nmsg) 1924 { 1925 const struct ifnet_array *arr; 1926 struct nd_ifinfo *nd6if; 1927 int i; 1928 1929 ASSERT_NETISR0; 1930 1931 crit_enter(); 1932 lwkt_replymsg(&nmsg->lmsg, 0); /* reply ASAP */ 1933 crit_exit(); 1934 1935 arr = ifnet_array_get(); 1936 1937 mtx_lock(&nd6_mtx); 1938 for (i = 0; i < arr->ifnet_count; ++i) { 1939 struct ifnet *ifp = arr->ifnet_arr[i]; 1940 1941 if (ifp->if_afdata[AF_INET6] == NULL) 1942 continue; 1943 nd6if = ND_IFINFO(ifp); 1944 if (nd6if->basereachable && /* already initialized */ 1945 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1946 /* 1947 * Since reachable time rarely changes by router 1948 * advertisements, we SHOULD insure that a new random 1949 * value gets recomputed at least once every few hours. 1950 * (RFC 2461, 6.3.4) 1951 */ 1952 nd6if->recalctm = nd6_recalc_reachtm_interval; 1953 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1954 } 1955 } 1956 mtx_unlock(&nd6_mtx); 1957 1958 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1959 nd6_slowtimo, NULL); 1960 } 1961 1962 int 1963 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m, 1964 struct sockaddr_in6 *dst, struct rtentry *rt) 1965 { 1966 int error; 1967 1968 if (ifp->if_flags & IFF_LOOPBACK) 1969 error = ifp->if_output(origifp, m, (struct sockaddr *)dst, rt); 1970 else 1971 error = ifp->if_output(ifp, m, (struct sockaddr *)dst, rt); 1972 return error; 1973 } 1974 1975 int 1976 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1977 struct sockaddr *dst0, u_char *desten) 1978 { 1979 struct sockaddr_in6 *dst = SIN6(dst0); 1980 struct rtentry *rt = NULL; 1981 struct llinfo_nd6 *ln = NULL; 1982 int error; 1983 1984 if (m->m_flags & M_MCAST) { 1985 switch (ifp->if_type) { 1986 case IFT_ETHER: 1987 #ifdef IFT_L2VLAN 1988 case IFT_L2VLAN: 1989 #endif 1990 #ifdef IFT_IEEE80211 1991 case IFT_IEEE80211: 1992 #endif 1993 ETHER_MAP_IPV6_MULTICAST(&dst->sin6_addr, 1994 desten); 1995 return 0; 1996 case IFT_IEEE1394: 1997 bcopy(ifp->if_broadcastaddr, desten, ifp->if_addrlen); 1998 return 0; 1999 default: 2000 error = EAFNOSUPPORT; 2001 goto bad; 2002 } 2003 } 2004 2005 if (rt0 != NULL) { 2006 error = rt_llroute(dst0, rt0, &rt); 2007 if (error != 0) 2008 goto bad; 2009 ln = rt->rt_llinfo; 2010 } 2011 2012 /* 2013 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2014 * the condition below is not very efficient. But we believe 2015 * it is tolerable, because this should be a rare case. 2016 */ 2017 if (ln == NULL && nd6_is_addr_neighbor(dst, ifp)) { 2018 rt = nd6_lookup(&dst->sin6_addr, 1, ifp); 2019 if (rt != NULL) 2020 ln = rt->rt_llinfo; 2021 } 2022 2023 if (ln == NULL || rt == NULL) { 2024 if (!(ifp->if_flags & IFF_POINTOPOINT) && 2025 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 2026 log(LOG_DEBUG, 2027 "nd6_output: can't allocate llinfo for %s " 2028 "(ln=%p, rt=%p)\n", 2029 ip6_sprintf(&dst->sin6_addr), ln, rt); 2030 error = ENOBUFS; 2031 goto bad; 2032 } 2033 return 0; 2034 } 2035 2036 /* We don't have to do link-layer address resolution on a p2p link. */ 2037 if ((ifp->if_flags & IFF_POINTOPOINT) && 2038 ln->ln_state < ND6_LLINFO_REACHABLE) { 2039 ln->ln_state = ND6_LLINFO_STALE; 2040 ln->ln_expire = time_uptime + nd6_gctimer; 2041 } 2042 2043 /* 2044 * The first time we send a packet to a neighbor whose entry is 2045 * STALE, we have to change the state to DELAY and a sets a timer to 2046 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2047 * neighbor unreachability detection on expiration. 2048 * (RFC 2461 7.3.3) 2049 */ 2050 if (ln->ln_state == ND6_LLINFO_STALE) { 2051 ln->ln_asked = 0; 2052 ln->ln_state = ND6_LLINFO_DELAY; 2053 ln->ln_expire = time_uptime + nd6_delay; 2054 } 2055 2056 /* 2057 * If the neighbor cache entry has a state other than INCOMPLETE 2058 * (i.e. its link-layer address is already resolved), return it. 2059 */ 2060 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 2061 struct sockaddr_dl *sdl = SDL(rt->rt_gateway); 2062 2063 KKASSERT(sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0); 2064 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 2065 return 0; 2066 } 2067 2068 /* 2069 * There is a neighbor cache entry, but no ethernet address 2070 * response yet. Replace the held mbuf (if any) with this 2071 * latest one. 2072 */ 2073 if (ln->ln_hold) 2074 m_freem(ln->ln_hold); 2075 ln->ln_hold = m; 2076 2077 /* 2078 * This code conforms to the rate-limiting rule described in Section 2079 * 7.2.2 of RFC 2461, because the timer is set correctly after sending 2080 * an NS below. 2081 */ 2082 if (ln->ln_state == ND6_LLINFO_NOSTATE || 2083 ln->ln_state == ND6_LLINFO_WAITDELETE) { 2084 /* 2085 * This neighbor cache entry was just created; change its 2086 * state to INCOMPLETE and start its life cycle. 2087 * 2088 * We force an NS output below by setting ln_expire to 1 2089 * (nd6_rtrequest() could set it to the current time_uptime) 2090 * and zeroing out ln_asked (XXX this may not be necessary). 2091 */ 2092 ln->ln_state = ND6_LLINFO_INCOMPLETE; 2093 ln->ln_expire = 1; 2094 ln->ln_asked = 0; 2095 } 2096 if (ln->ln_expire && ln->ln_expire < time_uptime && ln->ln_asked == 0) { 2097 ln->ln_asked++; 2098 ln->ln_expire = time_uptime + ND_IFINFO(ifp)->retrans / 1000; 2099 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 2100 } 2101 2102 if (ln->ln_asked >= nd6_mmaxtries) 2103 return (rt != NULL && rt->rt_flags & RTF_GATEWAY) ? 2104 EHOSTUNREACH : EHOSTDOWN; 2105 return EWOULDBLOCK; 2106 2107 bad: 2108 m_freem(m); 2109 return error; 2110 } 2111 2112 int 2113 nd6_need_cache(struct ifnet *ifp) 2114 { 2115 /* 2116 * XXX: we currently do not make neighbor cache on any interface 2117 * other than Ethernet and GIF. 2118 * 2119 * RFC2893 says: 2120 * - unidirectional tunnels needs no ND 2121 */ 2122 switch (ifp->if_type) { 2123 case IFT_ETHER: 2124 case IFT_IEEE1394: 2125 #ifdef IFT_L2VLAN 2126 case IFT_L2VLAN: 2127 #endif 2128 #ifdef IFT_IEEE80211 2129 case IFT_IEEE80211: 2130 #endif 2131 #ifdef IFT_CARP 2132 case IFT_CARP: 2133 #endif 2134 case IFT_GIF: /* XXX need more cases? */ 2135 return (1); 2136 default: 2137 return (0); 2138 } 2139 } 2140 2141 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2142 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2143 #ifdef SYSCTL_DECL 2144 SYSCTL_DECL(_net_inet6_icmp6); 2145 #endif 2146 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2147 CTLFLAG_RD, nd6_sysctl_drlist, "List default routers"); 2148 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2149 CTLFLAG_RD, nd6_sysctl_prlist, "List prefixes"); 2150 2151 static int 2152 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2153 { 2154 int error; 2155 char buf[1024]; 2156 struct in6_defrouter *d, *de; 2157 struct nd_defrouter *dr; 2158 2159 if (req->newptr) 2160 return EPERM; 2161 error = 0; 2162 2163 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 2164 dr = TAILQ_NEXT(dr, dr_entry)) { 2165 d = (struct in6_defrouter *)buf; 2166 de = (struct in6_defrouter *)(buf + sizeof(buf)); 2167 2168 if (d + 1 <= de) { 2169 bzero(d, sizeof(*d)); 2170 d->rtaddr.sin6_family = AF_INET6; 2171 d->rtaddr.sin6_len = sizeof(d->rtaddr); 2172 if (in6_recoverscope(&d->rtaddr, &dr->rtaddr, 2173 dr->ifp) != 0) 2174 log(LOG_ERR, 2175 "scope error in " 2176 "default router list (%s)\n", 2177 ip6_sprintf(&dr->rtaddr)); 2178 d->flags = dr->flags; 2179 d->rtlifetime = dr->rtlifetime; 2180 d->expire = dr->expire; 2181 d->if_index = dr->ifp->if_index; 2182 } else 2183 panic("buffer too short"); 2184 2185 error = SYSCTL_OUT(req, buf, sizeof(*d)); 2186 if (error) 2187 break; 2188 } 2189 return error; 2190 } 2191 2192 static int 2193 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2194 { 2195 int error; 2196 char buf[1024]; 2197 struct in6_prefix *p, *pe; 2198 struct nd_prefix *pr; 2199 2200 if (req->newptr) 2201 return EPERM; 2202 error = 0; 2203 2204 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2205 u_short advrtrs; 2206 size_t advance; 2207 struct sockaddr_in6 *sin6, *s6; 2208 struct nd_pfxrouter *pfr; 2209 2210 p = (struct in6_prefix *)buf; 2211 pe = (struct in6_prefix *)(buf + sizeof(buf)); 2212 2213 if (p + 1 <= pe) { 2214 bzero(p, sizeof(*p)); 2215 sin6 = (struct sockaddr_in6 *)(p + 1); 2216 2217 p->prefix = pr->ndpr_prefix; 2218 if (in6_recoverscope(&p->prefix, 2219 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0) 2220 log(LOG_ERR, 2221 "scope error in prefix list (%s)\n", 2222 ip6_sprintf(&p->prefix.sin6_addr)); 2223 p->raflags = pr->ndpr_raf; 2224 p->prefixlen = pr->ndpr_plen; 2225 p->vltime = pr->ndpr_vltime; 2226 p->pltime = pr->ndpr_pltime; 2227 p->if_index = pr->ndpr_ifp->if_index; 2228 p->expire = pr->ndpr_expire; 2229 p->refcnt = pr->ndpr_refcnt; 2230 p->flags = pr->ndpr_stateflags; 2231 p->origin = PR_ORIG_RA; 2232 advrtrs = 0; 2233 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; 2234 pfr = pfr->pfr_next) { 2235 if ((void *)&sin6[advrtrs + 1] > (void *)pe) { 2236 advrtrs++; 2237 continue; 2238 } 2239 s6 = &sin6[advrtrs]; 2240 bzero(s6, sizeof(*s6)); 2241 s6->sin6_family = AF_INET6; 2242 s6->sin6_len = sizeof(*sin6); 2243 if (in6_recoverscope(s6, &pfr->router->rtaddr, 2244 pfr->router->ifp) != 0) 2245 log(LOG_ERR, 2246 "scope error in " 2247 "prefix list (%s)\n", 2248 ip6_sprintf(&pfr->router->rtaddr)); 2249 advrtrs++; 2250 } 2251 p->advrtrs = advrtrs; 2252 } else { 2253 panic("buffer too short"); 2254 } 2255 2256 advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2257 error = SYSCTL_OUT(req, buf, advance); 2258 if (error) 2259 break; 2260 } 2261 return error; 2262 } 2263