1 /* $FreeBSD: src/sys/netinet6/nd6_nbr.c,v 1.4.2.6 2003/01/23 21:06:47 sam Exp $ */ 2 /* $DragonFly: src/sys/netinet6/nd6_nbr.c,v 1.24 2008/10/03 07:59:20 hasso Exp $ */ 3 /* $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "opt_inet.h" 35 #include "opt_inet6.h" 36 #include "opt_ipsec.h" 37 #include "opt_carp.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/malloc.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/sockio.h> 45 #include <sys/time.h> 46 #include <sys/kernel.h> 47 #include <sys/errno.h> 48 #include <sys/syslog.h> 49 #include <sys/queue.h> 50 #include <sys/callout.h> 51 #include <sys/mutex.h> 52 53 #include <sys/thread2.h> 54 #include <sys/mutex2.h> 55 56 #include <net/if.h> 57 #include <net/if_types.h> 58 #include <net/if_dl.h> 59 #include <net/route.h> 60 61 #include <netinet/in.h> 62 #include <netinet/in_var.h> 63 #include <netinet6/in6_var.h> 64 #include <netinet/ip6.h> 65 #include <netinet6/ip6_var.h> 66 #include <netinet6/nd6.h> 67 #include <netinet/icmp6.h> 68 69 #ifdef IPSEC 70 #include <netinet6/ipsec.h> 71 #ifdef INET6 72 #include <netinet6/ipsec6.h> 73 #endif 74 #endif 75 76 #include <net/net_osdep.h> 77 78 #ifdef CARP 79 #include <netinet/ip_carp.h> 80 #endif 81 82 83 #define SDL(s) ((struct sockaddr_dl *)s) 84 85 struct dadq; 86 static struct dadq *nd6_dad_find (struct ifaddr *); 87 static void nd6_dad_starttimer (struct dadq *, int); 88 static void nd6_dad_stoptimer (struct dadq *); 89 static void nd6_dad_timer (struct ifaddr *); 90 static void nd6_dad_ns_output (struct dadq *, struct ifaddr *); 91 static void nd6_dad_ns_input (struct ifaddr *); 92 static void nd6_dad_na_input (struct ifaddr *); 93 94 static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ 95 static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ 96 97 /* 98 * Input an Neighbor Solicitation Message. 99 * 100 * Based on RFC 2461 101 * Based on RFC 2462 (duplicated address detection) 102 */ 103 void 104 nd6_ns_input(struct mbuf *m, int off, int icmp6len) 105 { 106 struct ifnet *ifp = m->m_pkthdr.rcvif; 107 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 108 struct nd_neighbor_solicit *nd_ns; 109 struct in6_addr saddr6 = ip6->ip6_src; 110 struct in6_addr daddr6 = ip6->ip6_dst; 111 struct in6_addr taddr6; 112 struct in6_addr myaddr6; 113 char *lladdr = NULL; 114 struct ifaddr *ifa = NULL; 115 int lladdrlen = 0; 116 int anycast = 0, proxy = 0, tentative = 0; 117 int tlladdr; 118 union nd_opts ndopts; 119 struct sockaddr_dl *proxydl = NULL; 120 121 #ifndef PULLDOWN_TEST 122 IP6_EXTHDR_CHECK(m, off, icmp6len,); 123 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 124 #else 125 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 126 if (nd_ns == NULL) { 127 icmp6stat.icp6s_tooshort++; 128 return; 129 } 130 #endif 131 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */ 132 taddr6 = nd_ns->nd_ns_target; 133 134 if (ip6->ip6_hlim != 255) { 135 nd6log((LOG_ERR, 136 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 137 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 138 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 139 goto bad; 140 } 141 142 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 143 /* dst has to be solicited node multicast address. */ 144 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL 145 /* don't check ifindex portion */ 146 && daddr6.s6_addr32[1] == 0 147 && daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE 148 && daddr6.s6_addr8[12] == 0xff) { 149 ; /* good */ 150 } else { 151 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 152 "(wrong ip6 dst)\n")); 153 goto bad; 154 } 155 } else { 156 /* 157 * Make sure the source address is from a neighbor's address. 158 */ 159 if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) { 160 nd6log((LOG_INFO, "nd6_ns_input: " 161 "NS packet from non-neighbor\n")); 162 goto bad; 163 } 164 } 165 166 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 167 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 168 goto bad; 169 } 170 171 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6)) 172 taddr6.s6_addr16[1] = htons(ifp->if_index); 173 174 icmp6len -= sizeof(*nd_ns); 175 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 176 if (nd6_options(&ndopts) < 0) { 177 nd6log((LOG_INFO, 178 "nd6_ns_input: invalid ND option, ignored\n")); 179 /* nd6_options have incremented stats */ 180 goto freeit; 181 } 182 183 if (ndopts.nd_opts_src_lladdr) { 184 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 185 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 186 } 187 188 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 189 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 190 "(link-layer address option)\n")); 191 goto bad; 192 } 193 194 /* 195 * Attaching target link-layer address to the NA? 196 * (RFC 2461 7.2.4) 197 * 198 * NS IP dst is unicast/anycast MUST NOT add 199 * NS IP dst is solicited-node multicast MUST add 200 * 201 * In implementation, we add target link-layer address by default. 202 * We do not add one in MUST NOT cases. 203 */ 204 #if 0 /* too much! */ 205 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6); 206 if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)) 207 tlladdr = 0; 208 else 209 #endif 210 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 211 tlladdr = 0; 212 else 213 tlladdr = 1; 214 215 /* 216 * Target address (taddr6) must be either: 217 * (1) Valid unicast/anycast address for my receiving interface, 218 * (2) Unicast address for which I'm offering proxy service, or 219 * (3) "tentative" address on which DAD is being performed. 220 */ 221 /* (1) and (3) check. */ 222 #ifdef CARP 223 if (ifp->if_carp) 224 ifa = carp_iamatch6(ifp->if_carp, &taddr6); 225 if (!ifa) 226 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 227 #else 228 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 229 #endif 230 231 /* (2) check. */ 232 if (!ifa) { 233 struct rtentry *rt; 234 struct sockaddr_in6 tsin6; 235 236 bzero(&tsin6, sizeof tsin6); 237 tsin6.sin6_len = sizeof(struct sockaddr_in6); 238 tsin6.sin6_family = AF_INET6; 239 tsin6.sin6_addr = taddr6; 240 241 rt = rtpurelookup((struct sockaddr *)&tsin6); 242 if (rt != NULL && (rt->rt_flags & RTF_ANNOUNCE) && 243 rt->rt_gateway->sa_family == AF_LINK) { 244 /* 245 * proxy NDP for single entry 246 */ 247 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 248 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 249 if (ifa) { 250 proxy = 1; 251 proxydl = SDL(rt->rt_gateway); 252 } 253 } 254 if (rt != NULL) 255 --rt->rt_refcnt; 256 } 257 if (ifa == NULL) { 258 /* 259 * We've got an NS packet, and we don't have that adddress 260 * assigned for us. We MUST silently ignore it. 261 * See RFC2461 7.2.3. 262 */ 263 goto freeit; 264 } 265 myaddr6 = *IFA_IN6(ifa); 266 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 267 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 268 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 269 goto freeit; 270 271 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 272 nd6log((LOG_INFO, 273 "nd6_ns_input: lladdrlen mismatch for %s " 274 "(if %d, NS packet %d)\n", 275 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2)); 276 goto bad; 277 } 278 279 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 280 nd6log((LOG_INFO, 281 "nd6_ns_input: duplicate IP6 address %s\n", 282 ip6_sprintf(&saddr6))); 283 goto freeit; 284 } 285 286 /* 287 * We have neighbor solicitation packet, with target address equals to 288 * one of my tentative address. 289 * 290 * src addr how to process? 291 * --- --- 292 * multicast of course, invalid (rejected in ip6_input) 293 * unicast somebody is doing address resolution -> ignore 294 * unspec dup address detection 295 * 296 * The processing is defined in RFC 2462. 297 */ 298 if (tentative) { 299 /* 300 * If source address is unspecified address, it is for 301 * duplicated address detection. 302 * 303 * If not, the packet is for addess resolution; 304 * silently ignore it. 305 */ 306 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 307 nd6_dad_ns_input(ifa); 308 309 goto freeit; 310 } 311 312 /* 313 * If the source address is unspecified address, entries must not 314 * be created or updated. 315 * It looks that sender is performing DAD. Output NA toward 316 * all-node multicast address, to tell the sender that I'm using 317 * the address. 318 * S bit ("solicited") must be zero. 319 */ 320 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 321 saddr6 = kin6addr_linklocal_allnodes; 322 saddr6.s6_addr16[1] = htons(ifp->if_index); 323 nd6_na_output(ifp, &saddr6, &taddr6, 324 ((anycast || proxy || !tlladdr) 325 ? 0 : ND_NA_FLAG_OVERRIDE) 326 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 327 tlladdr, (struct sockaddr *)proxydl); 328 goto freeit; 329 } 330 331 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0); 332 333 nd6_na_output(ifp, &saddr6, &taddr6, 334 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) 335 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 336 | ND_NA_FLAG_SOLICITED, 337 tlladdr, (struct sockaddr *)proxydl); 338 freeit: 339 m_freem(m); 340 return; 341 342 bad: 343 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6))); 344 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6))); 345 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6))); 346 icmp6stat.icp6s_badns++; 347 m_freem(m); 348 } 349 350 /* 351 * Output an Neighbor Solicitation Message. Caller specifies: 352 * - ICMP6 header source IP6 address 353 * - ND6 header target IP6 address 354 * - ND6 header source datalink address 355 * 356 * Based on RFC 2461 357 * Based on RFC 2462 (duplicated address detection) 358 */ 359 void 360 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, 361 const struct in6_addr *taddr6, 362 struct llinfo_nd6 *ln, /* for source address determination */ 363 int dad) /* duplicated address detection */ 364 { 365 struct mbuf *m; 366 struct ip6_hdr *ip6; 367 struct nd_neighbor_solicit *nd_ns; 368 struct in6_ifaddr *ia = NULL; 369 struct ip6_moptions im6o; 370 int icmp6len; 371 int maxlen; 372 caddr_t mac; 373 struct ifnet *outif = NULL; 374 375 if (IN6_IS_ADDR_MULTICAST(taddr6)) 376 return; 377 378 /* estimate the size of message */ 379 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 380 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 381 if (max_linkhdr + maxlen >= MCLBYTES) { 382 #ifdef DIAGNOSTIC 383 kprintf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 384 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 385 #endif 386 return; 387 } 388 389 m = m_getb(max_linkhdr + maxlen, MB_DONTWAIT, MT_DATA, M_PKTHDR); 390 if (m == NULL) 391 return; 392 393 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 394 m->m_flags |= M_MCAST; 395 im6o.im6o_multicast_ifp = ifp; 396 im6o.im6o_multicast_hlim = 255; 397 im6o.im6o_multicast_loop = 0; 398 } 399 400 icmp6len = sizeof(*nd_ns); 401 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 402 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 403 404 /* fill neighbor solicitation packet */ 405 ip6 = mtod(m, struct ip6_hdr *); 406 ip6->ip6_flow = 0; 407 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 408 ip6->ip6_vfc |= IPV6_VERSION; 409 /* ip6->ip6_plen will be set later */ 410 ip6->ip6_nxt = IPPROTO_ICMPV6; 411 ip6->ip6_hlim = 255; 412 if (daddr6) 413 ip6->ip6_dst = *daddr6; 414 else { 415 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 416 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index); 417 ip6->ip6_dst.s6_addr32[1] = 0; 418 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 419 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 420 ip6->ip6_dst.s6_addr8[12] = 0xff; 421 } 422 if (!dad) { 423 #if 0 /* KAME way, exact address scope match */ 424 /* 425 * Select a source whose scope is the same as that of the dest. 426 * Typically, the dest is link-local solicitation multicast 427 * (i.e. neighbor discovery) or link-local/global unicast 428 * (i.e. neighbor un-reachability detection). 429 */ 430 ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 431 if (ia == NULL) { 432 m_freem(m); 433 return; 434 } 435 ip6->ip6_src = ia->ia_addr.sin6_addr; 436 #else /* spec-wise correct */ 437 /* 438 * RFC2461 7.2.2: 439 * "If the source address of the packet prompting the 440 * solicitation is the same as one of the addresses assigned 441 * to the outgoing interface, that address SHOULD be placed 442 * in the IP Source Address of the outgoing solicitation. 443 * Otherwise, any one of the addresses assigned to the 444 * interface should be used." 445 * 446 * We use the source address for the prompting packet 447 * (saddr6), if: 448 * - saddr6 is given from the caller (by giving "ln"), and 449 * - saddr6 belongs to the outgoing interface. 450 * Otherwise, we perform a scope-wise match. 451 */ 452 struct ip6_hdr *hip6; /* hold ip6 */ 453 struct in6_addr *saddr6; 454 455 if (ln && ln->ln_hold) { 456 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 457 /* XXX pullup? */ 458 if (sizeof(*hip6) < ln->ln_hold->m_len) 459 saddr6 = &hip6->ip6_src; 460 else 461 saddr6 = NULL; 462 } else 463 saddr6 = NULL; 464 if (saddr6 && in6ifa_ifpwithaddr(ifp, saddr6)) 465 bcopy(saddr6, &ip6->ip6_src, sizeof(*saddr6)); 466 else { 467 ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 468 if (ia == NULL) { 469 m_freem(m); 470 return; 471 } 472 ip6->ip6_src = ia->ia_addr.sin6_addr; 473 } 474 #endif 475 } else { 476 /* 477 * Source address for DAD packet must always be IPv6 478 * unspecified address. (0::0) 479 */ 480 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src)); 481 } 482 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 483 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 484 nd_ns->nd_ns_code = 0; 485 nd_ns->nd_ns_reserved = 0; 486 nd_ns->nd_ns_target = *taddr6; 487 488 if (IN6_IS_SCOPE_LINKLOCAL(&nd_ns->nd_ns_target)) 489 nd_ns->nd_ns_target.s6_addr16[1] = 0; 490 491 /* 492 * Add source link-layer address option. 493 * 494 * spec implementation 495 * --- --- 496 * DAD packet MUST NOT do not add the option 497 * there's no link layer address: 498 * impossible do not add the option 499 * there's link layer address: 500 * Multicast NS MUST add one add the option 501 * Unicast NS SHOULD add one add the option 502 */ 503 if (!dad && (mac = nd6_ifptomac(ifp))) { 504 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 505 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 506 /* 8 byte alignments... */ 507 optlen = (optlen + 7) & ~7; 508 509 m->m_pkthdr.len += optlen; 510 m->m_len += optlen; 511 icmp6len += optlen; 512 bzero((caddr_t)nd_opt, optlen); 513 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 514 nd_opt->nd_opt_len = optlen >> 3; 515 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 516 } 517 518 ip6->ip6_plen = htons((u_short)icmp6len); 519 nd_ns->nd_ns_cksum = 0; 520 nd_ns->nd_ns_cksum 521 = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 522 523 ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif, NULL); 524 if (outif) { 525 icmp6_ifstat_inc(outif, ifs6_out_msg); 526 icmp6_ifstat_inc(outif, ifs6_out_neighborsolicit); 527 } 528 icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++; 529 } 530 531 /* 532 * Neighbor advertisement input handling. 533 * 534 * Based on RFC 2461 535 * Based on RFC 2462 (duplicated address detection) 536 * 537 * the following items are not implemented yet: 538 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 539 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 540 */ 541 void 542 nd6_na_input(struct mbuf *m, int off, int icmp6len) 543 { 544 struct ifnet *ifp = m->m_pkthdr.rcvif; 545 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 546 struct nd_neighbor_advert *nd_na; 547 struct in6_addr saddr6 = ip6->ip6_src; 548 struct in6_addr daddr6 = ip6->ip6_dst; 549 struct in6_addr taddr6; 550 int flags; 551 int is_router; 552 int is_solicited; 553 int is_override; 554 char *lladdr = NULL; 555 int lladdrlen = 0; 556 struct ifaddr *ifa; 557 struct llinfo_nd6 *ln; 558 struct rtentry *rt; 559 struct sockaddr_dl *sdl; 560 union nd_opts ndopts; 561 562 if (ip6->ip6_hlim != 255) { 563 nd6log((LOG_ERR, 564 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 565 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 566 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 567 goto bad; 568 } 569 570 #ifndef PULLDOWN_TEST 571 IP6_EXTHDR_CHECK(m, off, icmp6len,); 572 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 573 #else 574 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 575 if (nd_na == NULL) { 576 icmp6stat.icp6s_tooshort++; 577 return; 578 } 579 #endif 580 taddr6 = nd_na->nd_na_target; 581 flags = nd_na->nd_na_flags_reserved; 582 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 583 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 584 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 585 586 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6)) 587 taddr6.s6_addr16[1] = htons(ifp->if_index); 588 589 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 590 nd6log((LOG_ERR, 591 "nd6_na_input: invalid target address %s\n", 592 ip6_sprintf(&taddr6))); 593 goto bad; 594 } 595 if (IN6_IS_ADDR_MULTICAST(&daddr6)) 596 if (is_solicited) { 597 nd6log((LOG_ERR, 598 "nd6_na_input: a solicited adv is multicasted\n")); 599 goto bad; 600 } 601 602 icmp6len -= sizeof(*nd_na); 603 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 604 if (nd6_options(&ndopts) < 0) { 605 nd6log((LOG_INFO, 606 "nd6_na_input: invalid ND option, ignored\n")); 607 /* nd6_options have incremented stats */ 608 goto freeit; 609 } 610 611 if (ndopts.nd_opts_tgt_lladdr) { 612 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 613 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 614 } 615 616 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 617 618 /* 619 * Target address matches one of my interface address. 620 * 621 * If my address is tentative, this means that there's somebody 622 * already using the same address as mine. This indicates DAD failure. 623 * This is defined in RFC 2462. 624 * 625 * Otherwise, process as defined in RFC 2461. 626 */ 627 if (ifa 628 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 629 nd6_dad_na_input(ifa); 630 goto freeit; 631 } 632 633 /* Just for safety, maybe unnecessary. */ 634 if (ifa) { 635 log(LOG_ERR, 636 "nd6_na_input: duplicate IP6 address %s\n", 637 ip6_sprintf(&taddr6)); 638 goto freeit; 639 } 640 641 /* 642 * Make sure the source address is from a neighbor's address. 643 */ 644 if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) { 645 nd6log((LOG_INFO, "nd6_na_input: " 646 "NA packet from non-neighbor\n")); 647 goto bad; 648 } 649 650 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 651 nd6log((LOG_INFO, 652 "nd6_na_input: lladdrlen mismatch for %s " 653 "(if %d, NA packet %d)\n", 654 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2)); 655 goto bad; 656 } 657 658 /* 659 * If no neighbor cache entry is found, NA SHOULD silently be discarded. 660 */ 661 rt = nd6_lookup(&taddr6, 0, ifp); 662 if ((rt == NULL) || 663 ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) || 664 ((sdl = SDL(rt->rt_gateway)) == NULL)) 665 goto freeit; 666 667 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 668 /* 669 * If the link-layer has address, and no lladdr option came, 670 * discard the packet. 671 */ 672 if (ifp->if_addrlen && !lladdr) 673 goto freeit; 674 675 /* 676 * Record link-layer address, and update the state. 677 */ 678 sdl->sdl_alen = ifp->if_addrlen; 679 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 680 if (is_solicited) { 681 ln->ln_state = ND6_LLINFO_REACHABLE; 682 ln->ln_byhint = 0; 683 if (ln->ln_expire) 684 ln->ln_expire = time_second + 685 ND_IFINFO(rt->rt_ifp)->reachable; 686 } else { 687 ln->ln_state = ND6_LLINFO_STALE; 688 ln->ln_expire = time_second + nd6_gctimer; 689 } 690 if ((ln->ln_router = is_router) != 0) { 691 /* 692 * This means a router's state has changed from 693 * non-reachable to probably reachable, and might 694 * affect the status of associated prefixes.. 695 */ 696 pfxlist_onlink_check(); 697 } 698 } else { 699 int llchange; 700 701 /* 702 * Check if the link-layer address has changed or not. 703 */ 704 if (!lladdr) 705 llchange = 0; 706 else { 707 if (sdl->sdl_alen) { 708 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 709 llchange = 1; 710 else 711 llchange = 0; 712 } else 713 llchange = 1; 714 } 715 716 /* 717 * This is VERY complex. Look at it with care. 718 * 719 * override solicit lladdr llchange action 720 * (L: record lladdr) 721 * 722 * 0 0 n -- (2c) 723 * 0 0 y n (2b) L 724 * 0 0 y y (1) REACHABLE->STALE 725 * 0 1 n -- (2c) *->REACHABLE 726 * 0 1 y n (2b) L *->REACHABLE 727 * 0 1 y y (1) REACHABLE->STALE 728 * 1 0 n -- (2a) 729 * 1 0 y n (2a) L 730 * 1 0 y y (2a) L *->STALE 731 * 1 1 n -- (2a) *->REACHABLE 732 * 1 1 y n (2a) L *->REACHABLE 733 * 1 1 y y (2a) L *->REACHABLE 734 */ 735 if (!is_override && (lladdr && llchange)) { /* (1) */ 736 /* 737 * If state is REACHABLE, make it STALE. 738 * no other updates should be done. 739 */ 740 if (ln->ln_state == ND6_LLINFO_REACHABLE) { 741 ln->ln_state = ND6_LLINFO_STALE; 742 ln->ln_expire = time_second + nd6_gctimer; 743 } 744 goto freeit; 745 } else if (is_override /* (2a) */ 746 || (!is_override && (lladdr && !llchange)) /* (2b) */ 747 || !lladdr) { /* (2c) */ 748 /* 749 * Update link-local address, if any. 750 */ 751 if (lladdr) { 752 sdl->sdl_alen = ifp->if_addrlen; 753 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 754 } 755 756 /* 757 * If solicited, make the state REACHABLE. 758 * If not solicited and the link-layer address was 759 * changed, make it STALE. 760 */ 761 if (is_solicited) { 762 ln->ln_state = ND6_LLINFO_REACHABLE; 763 ln->ln_byhint = 0; 764 if (ln->ln_expire) { 765 ln->ln_expire = time_second + 766 ND_IFINFO(ifp)->reachable; 767 } 768 } else { 769 if (lladdr && llchange) { 770 ln->ln_state = ND6_LLINFO_STALE; 771 ln->ln_expire = time_second + nd6_gctimer; 772 } 773 } 774 } 775 776 if (ln->ln_router && !is_router) { 777 /* 778 * The peer dropped the router flag. 779 * Remove the sender from the Default Router List and 780 * update the Destination Cache entries. 781 */ 782 struct nd_defrouter *dr; 783 struct in6_addr *in6; 784 785 in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 786 787 /* 788 * Lock to protect the default router list. 789 * XXX: this might be unnecessary, since this function 790 * is only called under the network software interrupt 791 * context. However, we keep it just for safety. 792 */ 793 mtx_lock(&nd6_mtx); 794 dr = defrouter_lookup(in6, rt->rt_ifp); 795 if (dr) 796 defrtrlist_del(dr); 797 mtx_unlock(&nd6_mtx); 798 799 if (dr == NULL && !ip6_forwarding && ip6_accept_rtadv) { 800 /* 801 * Even if the neighbor is not in the default 802 * router list, the neighbor may be used 803 * as a next hop for some destinations 804 * (e.g. redirect case). So we must 805 * call rt6_flush explicitly. 806 */ 807 rt6_flush(&ip6->ip6_src, rt->rt_ifp); 808 } 809 } 810 ln->ln_router = is_router; 811 } 812 rt->rt_flags &= ~RTF_REJECT; 813 ln->ln_asked = 0; 814 if (ln->ln_hold) { 815 /* 816 * we assume ifp is not a loopback here, so just set the 2nd 817 * argument as the 1st one. 818 */ 819 nd6_output(ifp, ifp, ln->ln_hold, 820 (struct sockaddr_in6 *)rt_key(rt), rt); 821 ln->ln_hold = 0; 822 } 823 824 freeit: 825 m_freem(m); 826 return; 827 828 bad: 829 icmp6stat.icp6s_badna++; 830 m_freem(m); 831 } 832 833 /* 834 * Neighbor advertisement output handling. 835 * 836 * Based on RFC 2461 837 * 838 * the following items are not implemented yet: 839 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 840 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 841 */ 842 void 843 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6, 844 const struct in6_addr *taddr6, u_long flags, 845 int tlladdr, /* 1 if include target link-layer address */ 846 struct sockaddr *sdl0) /* sockaddr_dl (= proxy NA) or NULL */ 847 { 848 struct mbuf *m; 849 struct ip6_hdr *ip6; 850 struct nd_neighbor_advert *nd_na; 851 struct in6_ifaddr *ia = NULL; 852 struct ip6_moptions im6o; 853 int icmp6len; 854 int maxlen; 855 caddr_t mac; 856 struct ifnet *outif = NULL; 857 858 /* estimate the size of message */ 859 maxlen = sizeof(*ip6) + sizeof(*nd_na); 860 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 861 if (max_linkhdr + maxlen >= MCLBYTES) { 862 #ifdef DIAGNOSTIC 863 kprintf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 864 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 865 #endif 866 return; 867 } 868 869 m = m_getb(max_linkhdr + maxlen, MB_DONTWAIT, MT_DATA, M_PKTHDR); 870 if (m == NULL) 871 return; 872 873 if (IN6_IS_ADDR_MULTICAST(daddr6)) { 874 m->m_flags |= M_MCAST; 875 im6o.im6o_multicast_ifp = ifp; 876 im6o.im6o_multicast_hlim = 255; 877 im6o.im6o_multicast_loop = 0; 878 } 879 880 icmp6len = sizeof(*nd_na); 881 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 882 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 883 884 /* fill neighbor advertisement packet */ 885 ip6 = mtod(m, struct ip6_hdr *); 886 ip6->ip6_flow = 0; 887 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 888 ip6->ip6_vfc |= IPV6_VERSION; 889 ip6->ip6_nxt = IPPROTO_ICMPV6; 890 ip6->ip6_hlim = 255; 891 if (IN6_IS_ADDR_UNSPECIFIED(daddr6)) { 892 /* reply to DAD */ 893 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 894 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index); 895 ip6->ip6_dst.s6_addr32[1] = 0; 896 ip6->ip6_dst.s6_addr32[2] = 0; 897 ip6->ip6_dst.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 898 flags &= ~ND_NA_FLAG_SOLICITED; 899 } else 900 ip6->ip6_dst = *daddr6; 901 902 /* 903 * Select a source whose scope is the same as that of the dest. 904 */ 905 ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 906 if (ia == NULL) { 907 m_freem(m); 908 return; 909 } 910 ip6->ip6_src = ia->ia_addr.sin6_addr; 911 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 912 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 913 nd_na->nd_na_code = 0; 914 nd_na->nd_na_target = *taddr6; 915 if (IN6_IS_SCOPE_LINKLOCAL(&nd_na->nd_na_target)) 916 nd_na->nd_na_target.s6_addr16[1] = 0; 917 918 /* 919 * "tlladdr" indicates NS's condition for adding tlladdr or not. 920 * see nd6_ns_input() for details. 921 * Basically, if NS packet is sent to unicast/anycast addr, 922 * target lladdr option SHOULD NOT be included. 923 */ 924 mac = NULL; 925 if (tlladdr) { 926 /* 927 * sdl0 != NULL indicates proxy NA. If we do proxy, use 928 * lladdr in sdl0. If we are not proxying (sending NA for 929 * my address) use lladdr configured for the interface. 930 */ 931 if (sdl0 == NULL) { 932 #ifdef CARP 933 if (ifp->if_carp) 934 mac = carp_macmatch6(ifp->if_carp, m, taddr6); 935 if (mac == NULL) 936 mac = nd6_ifptomac(ifp); 937 #else 938 mac = nd6_ifptomac(ifp); 939 #endif 940 } else if (sdl0->sa_family == AF_LINK) { 941 struct sockaddr_dl *sdl; 942 sdl = (struct sockaddr_dl *)sdl0; 943 if (sdl->sdl_alen == ifp->if_addrlen) 944 mac = LLADDR(sdl); 945 } 946 } 947 if (mac != NULL) { 948 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 949 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 950 951 /* roundup to 8 bytes alignment! */ 952 optlen = (optlen + 7) & ~7; 953 954 m->m_pkthdr.len += optlen; 955 m->m_len += optlen; 956 icmp6len += optlen; 957 bzero((caddr_t)nd_opt, optlen); 958 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 959 nd_opt->nd_opt_len = optlen >> 3; 960 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 961 } else 962 flags &= ~ND_NA_FLAG_OVERRIDE; 963 964 ip6->ip6_plen = htons((u_short)icmp6len); 965 nd_na->nd_na_flags_reserved = flags; 966 nd_na->nd_na_cksum = 0; 967 nd_na->nd_na_cksum = 968 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 969 970 ip6_output(m, NULL, NULL, 0, &im6o, &outif, NULL); 971 if (outif) { 972 icmp6_ifstat_inc(outif, ifs6_out_msg); 973 icmp6_ifstat_inc(outif, ifs6_out_neighboradvert); 974 } 975 icmp6stat.icp6s_outhist[ND_NEIGHBOR_ADVERT]++; 976 } 977 978 caddr_t 979 nd6_ifptomac(struct ifnet *ifp) 980 { 981 switch (ifp->if_type) { 982 case IFT_ETHER: 983 case IFT_IEEE1394: 984 #ifdef IFT_L2VLAN 985 case IFT_L2VLAN: 986 #endif 987 #ifdef IFT_IEEE80211 988 case IFT_IEEE80211: 989 #endif 990 #ifdef IFT_CARP 991 case IFT_CARP: 992 #endif 993 return ((caddr_t)(ifp + 1)); 994 break; 995 default: 996 return NULL; 997 } 998 } 999 1000 TAILQ_HEAD(dadq_head, dadq); 1001 struct dadq { 1002 TAILQ_ENTRY(dadq) dad_list; 1003 struct ifaddr *dad_ifa; 1004 int dad_count; /* max NS to send */ 1005 int dad_ns_tcount; /* # of trials to send NS */ 1006 int dad_ns_ocount; /* NS sent so far */ 1007 int dad_ns_icount; 1008 int dad_na_icount; 1009 struct callout dad_timer_ch; 1010 }; 1011 1012 static struct dadq_head dadq; 1013 static int dad_init = 0; 1014 1015 static struct dadq * 1016 nd6_dad_find(struct ifaddr *ifa) 1017 { 1018 struct dadq *dp; 1019 1020 TAILQ_FOREACH(dp, &dadq, dad_list) { 1021 if (dp->dad_ifa == ifa) 1022 return dp; 1023 } 1024 return NULL; 1025 } 1026 1027 static void 1028 nd6_dad_starttimer(struct dadq *dp, int ticks) 1029 { 1030 1031 callout_reset(&dp->dad_timer_ch, ticks, 1032 (void (*) (void *))nd6_dad_timer, (void *)dp->dad_ifa); 1033 } 1034 1035 static void 1036 nd6_dad_stoptimer(struct dadq *dp) 1037 { 1038 1039 callout_stop(&dp->dad_timer_ch); 1040 } 1041 1042 /* 1043 * Start Duplicated Address Detection (DAD) for specified interface address. 1044 */ 1045 void 1046 nd6_dad_start(struct ifaddr *ifa, 1047 int *tick) /* minimum delay ticks for IFF_UP event */ 1048 { 1049 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1050 struct dadq *dp; 1051 1052 if (!dad_init) { 1053 TAILQ_INIT(&dadq); 1054 dad_init++; 1055 } 1056 1057 /* 1058 * If we don't need DAD, don't do it. 1059 * There are several cases: 1060 * - DAD is disabled (ip6_dad_count == 0) 1061 * - the interface address is anycast 1062 */ 1063 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1064 log(LOG_DEBUG, 1065 "nd6_dad_start: called with non-tentative address " 1066 "%s(%s)\n", 1067 ip6_sprintf(&ia->ia_addr.sin6_addr), 1068 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1069 return; 1070 } 1071 if (ia->ia6_flags & IN6_IFF_ANYCAST) { 1072 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1073 return; 1074 } 1075 if (!ip6_dad_count) { 1076 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1077 return; 1078 } 1079 if (!ifa->ifa_ifp) 1080 panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1081 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) 1082 return; 1083 if (nd6_dad_find(ifa) != NULL) { 1084 /* DAD already in progress */ 1085 return; 1086 } 1087 1088 dp = kmalloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO); 1089 if (dp == NULL) { 1090 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1091 "%s(%s)\n", 1092 ip6_sprintf(&ia->ia_addr.sin6_addr), 1093 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1094 return; 1095 } 1096 callout_init(&dp->dad_timer_ch); 1097 TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list); 1098 1099 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1100 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1101 1102 /* 1103 * Send NS packet for DAD, ip6_dad_count times. 1104 * Note that we must delay the first transmission, if this is the 1105 * first packet to be sent from the interface after interface 1106 * (re)initialization. 1107 */ 1108 dp->dad_ifa = ifa; 1109 _IFAREF(ifa, 0); /* just for safety */ 1110 dp->dad_count = ip6_dad_count; 1111 dp->dad_ns_icount = dp->dad_na_icount = 0; 1112 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1113 if (tick == NULL) { 1114 nd6_dad_ns_output(dp, ifa); 1115 nd6_dad_starttimer(dp, 1116 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1117 } else { 1118 int ntick; 1119 1120 if (*tick == 0) 1121 ntick = krandom() % (MAX_RTR_SOLICITATION_DELAY * hz); 1122 else 1123 ntick = *tick + krandom() % (hz / 2); 1124 *tick = ntick; 1125 nd6_dad_starttimer(dp, ntick); 1126 } 1127 } 1128 1129 /* 1130 * terminate DAD unconditionally. used for address removals. 1131 */ 1132 void 1133 nd6_dad_stop(struct ifaddr *ifa) 1134 { 1135 struct dadq *dp; 1136 1137 if (!dad_init) 1138 return; 1139 dp = nd6_dad_find(ifa); 1140 if (!dp) { 1141 /* DAD wasn't started yet */ 1142 return; 1143 } 1144 1145 nd6_dad_stoptimer(dp); 1146 1147 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1148 kfree(dp, M_IP6NDP); 1149 dp = NULL; 1150 _IFAFREE(ifa, 0); 1151 } 1152 1153 static void 1154 nd6_dad_timer(struct ifaddr *ifa) 1155 { 1156 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1157 struct dadq *dp; 1158 1159 mtx_lock(&nd6_mtx); 1160 1161 /* Sanity check */ 1162 if (ia == NULL) { 1163 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1164 goto done; 1165 } 1166 dp = nd6_dad_find(ifa); 1167 if (dp == NULL) { 1168 log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n"); 1169 goto done; 1170 } 1171 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1172 log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1173 "%s(%s)\n", 1174 ip6_sprintf(&ia->ia_addr.sin6_addr), 1175 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1176 goto done; 1177 } 1178 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1179 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1180 "%s(%s)\n", 1181 ip6_sprintf(&ia->ia_addr.sin6_addr), 1182 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1183 goto done; 1184 } 1185 1186 /* timeouted with IFF_{RUNNING,UP} check */ 1187 if (dp->dad_ns_tcount > dad_maxtry) { 1188 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n", 1189 if_name(ifa->ifa_ifp))); 1190 1191 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1192 kfree(dp, M_IP6NDP); 1193 dp = NULL; 1194 _IFAFREE(ifa, 0); 1195 goto done; 1196 } 1197 1198 /* Need more checks? */ 1199 if (dp->dad_ns_ocount < dp->dad_count) { 1200 /* 1201 * We have more NS to go. Send NS packet for DAD. 1202 */ 1203 nd6_dad_ns_output(dp, ifa); 1204 nd6_dad_starttimer(dp, 1205 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1206 } else { 1207 /* 1208 * We have transmitted sufficient number of DAD packets. 1209 * See what we've got. 1210 */ 1211 int duplicate; 1212 1213 duplicate = 0; 1214 1215 if (dp->dad_na_icount) { 1216 /* 1217 * the check is in nd6_dad_na_input(), 1218 * but just in case 1219 */ 1220 duplicate++; 1221 } 1222 1223 if (dp->dad_ns_icount) { 1224 #if 0 /* heuristics */ 1225 /* 1226 * if 1227 * - we have sent many(?) DAD NS, and 1228 * - the number of NS we sent equals to the 1229 * number of NS we've got, and 1230 * - we've got no NA 1231 * we may have a faulty network card/driver which 1232 * loops back multicasts to myself. 1233 */ 1234 if (3 < dp->dad_count 1235 && dp->dad_ns_icount == dp->dad_count 1236 && dp->dad_na_icount == 0) { 1237 log(LOG_INFO, "DAD questionable for %s(%s): " 1238 "network card loops back multicast?\n", 1239 ip6_sprintf(&ia->ia_addr.sin6_addr), 1240 if_name(ifa->ifa_ifp)); 1241 /* XXX consider it a duplicate or not? */ 1242 /* duplicate++; */ 1243 } else { 1244 /* We've seen NS, means DAD has failed. */ 1245 duplicate++; 1246 } 1247 #else 1248 /* We've seen NS, means DAD has failed. */ 1249 duplicate++; 1250 #endif 1251 } 1252 1253 if (duplicate) { 1254 /* (*dp) will be freed in nd6_dad_duplicated() */ 1255 dp = NULL; 1256 nd6_dad_duplicated(ifa); 1257 } else { 1258 /* 1259 * We are done with DAD. No NA came, no NS came. 1260 * duplicated address found. 1261 */ 1262 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1263 1264 nd6log((LOG_DEBUG, 1265 "%s: DAD complete for %s - no duplicates found\n", 1266 if_name(ifa->ifa_ifp), 1267 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1268 1269 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1270 kfree(dp, M_IP6NDP); 1271 dp = NULL; 1272 _IFAFREE(ifa, 0); 1273 } 1274 } 1275 1276 done: 1277 mtx_unlock(&nd6_mtx); 1278 } 1279 1280 void 1281 nd6_dad_duplicated(struct ifaddr *ifa) 1282 { 1283 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1284 struct dadq *dp; 1285 1286 dp = nd6_dad_find(ifa); 1287 if (dp == NULL) { 1288 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n"); 1289 return; 1290 } 1291 1292 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1293 "NS in/out=%d/%d, NA in=%d\n", 1294 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr), 1295 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount); 1296 1297 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1298 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1299 1300 /* We are done with DAD, with duplicated address found. (failure) */ 1301 nd6_dad_stoptimer(dp); 1302 1303 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1304 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr)); 1305 log(LOG_ERR, "%s: manual intervention required\n", 1306 if_name(ifa->ifa_ifp)); 1307 1308 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1309 kfree(dp, M_IP6NDP); 1310 dp = NULL; 1311 _IFAFREE(ifa, 0); 1312 } 1313 1314 static void 1315 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa) 1316 { 1317 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1318 struct ifnet *ifp = ifa->ifa_ifp; 1319 1320 dp->dad_ns_tcount++; 1321 if (!(ifp->if_flags & IFF_UP)) { 1322 #if 0 1323 kprintf("%s: interface down?\n", if_name(ifp)); 1324 #endif 1325 return; 1326 } 1327 if (!(ifp->if_flags & IFF_RUNNING)) { 1328 #if 0 1329 kprintf("%s: interface not running?\n", if_name(ifp)); 1330 #endif 1331 return; 1332 } 1333 1334 dp->dad_ns_ocount++; 1335 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1336 } 1337 1338 static void 1339 nd6_dad_ns_input(struct ifaddr *ifa) 1340 { 1341 struct in6_ifaddr *ia; 1342 struct ifnet *ifp; 1343 const struct in6_addr *taddr6; 1344 struct dadq *dp; 1345 int duplicate; 1346 1347 if (!ifa) 1348 panic("ifa == NULL in nd6_dad_ns_input"); 1349 1350 ia = (struct in6_ifaddr *)ifa; 1351 ifp = ifa->ifa_ifp; 1352 taddr6 = &ia->ia_addr.sin6_addr; 1353 duplicate = 0; 1354 dp = nd6_dad_find(ifa); 1355 1356 /* Quickhack - completely ignore DAD NS packets */ 1357 if (dad_ignore_ns) { 1358 nd6log((LOG_INFO, 1359 "nd6_dad_ns_input: ignoring DAD NS packet for " 1360 "address %s(%s)\n", ip6_sprintf(taddr6), 1361 if_name(ifa->ifa_ifp))); 1362 return; 1363 } 1364 1365 /* 1366 * if I'm yet to start DAD, someone else started using this address 1367 * first. I have a duplicate and you win. 1368 */ 1369 if (!dp || dp->dad_ns_ocount == 0) 1370 duplicate++; 1371 1372 /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1373 1374 if (duplicate) { 1375 dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1376 nd6_dad_duplicated(ifa); 1377 } else { 1378 /* 1379 * not sure if I got a duplicate. 1380 * increment ns count and see what happens. 1381 */ 1382 if (dp) 1383 dp->dad_ns_icount++; 1384 } 1385 } 1386 1387 static void 1388 nd6_dad_na_input(struct ifaddr *ifa) 1389 { 1390 struct dadq *dp; 1391 1392 if (!ifa) 1393 panic("ifa == NULL in nd6_dad_na_input"); 1394 1395 dp = nd6_dad_find(ifa); 1396 if (dp) 1397 dp->dad_na_icount++; 1398 1399 /* remove the address. */ 1400 nd6_dad_duplicated(ifa); 1401 } 1402