1 /* $FreeBSD: src/sys/netinet6/nd6_rtr.c,v 1.2.2.5 2003/04/05 10:28:53 ume Exp $ */ 2 /* $KAME: nd6_rtr.c,v 1.111 2001/04/27 01:37:15 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/time.h> 43 #include <sys/kernel.h> 44 #include <sys/errno.h> 45 #include <sys/syslog.h> 46 #include <sys/queue.h> 47 #include <sys/globaldata.h> 48 #include <sys/mutex.h> 49 50 #include <sys/thread2.h> 51 #include <sys/mutex2.h> 52 53 #include <net/if.h> 54 #include <net/if_types.h> 55 #include <net/if_dl.h> 56 #include <net/route.h> 57 #include <net/radix.h> 58 59 #include <netinet/in.h> 60 #include <netinet6/in6_var.h> 61 #include <netinet6/in6_ifattach.h> 62 #include <netinet/ip6.h> 63 #include <netinet6/ip6_var.h> 64 #include <netinet6/nd6.h> 65 #include <netinet/icmp6.h> 66 #include <netinet6/scope6_var.h> 67 68 #include <net/net_osdep.h> 69 70 #define SDL(s) ((struct sockaddr_dl *)s) 71 72 static struct nd_defrouter *defrtrlist_update (struct nd_defrouter *); 73 static struct in6_ifaddr *in6_ifadd (struct nd_prefix *, 74 struct in6_addr *); 75 static struct nd_pfxrouter *pfxrtr_lookup (struct nd_prefix *, 76 struct nd_defrouter *); 77 static void pfxrtr_add (struct nd_prefix *, struct nd_defrouter *); 78 static void pfxrtr_del (struct nd_pfxrouter *); 79 static struct nd_pfxrouter *find_pfxlist_reachable_router 80 (struct nd_prefix *); 81 static void defrouter_addifreq (struct ifnet *); 82 83 static void in6_init_address_ltimes(struct nd_prefix *ndpr, 84 struct in6_addrlifetime *lt6); 85 86 static int rt6_deleteroute (struct radix_node *, void *); 87 88 extern int nd6_recalc_reachtm_interval; 89 90 static struct ifnet *nd6_defifp; 91 int nd6_defifindex; 92 93 int ip6_use_tempaddr = 0; 94 95 int ip6_desync_factor; 96 u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; 97 u_int32_t ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; 98 /* 99 * shorter lifetimes for debugging purposes. 100 int ip6_temp_preferred_lifetime = 800; 101 static int ip6_temp_valid_lifetime = 1800; 102 */ 103 int ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; 104 105 /* 106 * Receive Router Solicitation Message - just for routers. 107 * Router solicitation/advertisement is mostly managed by userland program 108 * (rtadvd) so here we have no function like nd6_ra_output(). 109 * 110 * Based on RFC 2461 111 */ 112 void 113 nd6_rs_input(struct mbuf *m, int off, int icmp6len) 114 { 115 struct ifnet *ifp = m->m_pkthdr.rcvif; 116 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 117 struct nd_router_solicit *nd_rs; 118 struct in6_addr saddr6 = ip6->ip6_src; 119 char *lladdr = NULL; 120 int lladdrlen = 0; 121 #if 0 122 struct sockaddr_dl *sdl = NULL; 123 struct llinfo_nd6 *ln = NULL; 124 struct rtentry *rt = NULL; 125 int is_newentry; 126 #endif 127 union nd_opts ndopts; 128 129 /* If I'm not a router, ignore it. */ 130 if (ip6_accept_rtadv != 0 || ip6_forwarding != 1) 131 goto freeit; 132 133 /* Sanity checks */ 134 if (ip6->ip6_hlim != 255) { 135 nd6log((LOG_ERR, 136 "nd6_rs_input: invalid hlim (%d) from %s to %s on %s\n", 137 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 138 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 139 goto bad; 140 } 141 142 /* 143 * Don't update the neighbor cache, if src = ::. 144 * This indicates that the src has no IP address assigned yet. 145 */ 146 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 147 goto freeit; 148 149 #ifndef PULLDOWN_TEST 150 IP6_EXTHDR_CHECK(m, off, icmp6len,); 151 nd_rs = (struct nd_router_solicit *)((caddr_t)ip6 + off); 152 #else 153 IP6_EXTHDR_GET(nd_rs, struct nd_router_solicit *, m, off, icmp6len); 154 if (nd_rs == NULL) { 155 icmp6stat.icp6s_tooshort++; 156 return; 157 } 158 #endif 159 160 icmp6len -= sizeof(*nd_rs); 161 nd6_option_init(nd_rs + 1, icmp6len, &ndopts); 162 if (nd6_options(&ndopts) < 0) { 163 nd6log((LOG_INFO, 164 "nd6_rs_input: invalid ND option, ignored\n")); 165 /* nd6_options have incremented stats */ 166 goto freeit; 167 } 168 169 if (ndopts.nd_opts_src_lladdr) { 170 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 171 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 172 } 173 174 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 175 nd6log((LOG_INFO, 176 "nd6_rs_input: lladdrlen mismatch for %s " 177 "(if %d, RS packet %d)\n", 178 ip6_sprintf(&saddr6), ifp->if_addrlen, lladdrlen - 2)); 179 goto bad; 180 } 181 182 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0); 183 184 freeit: 185 m_freem(m); 186 return; 187 188 bad: 189 icmp6stat.icp6s_badrs++; 190 m_freem(m); 191 } 192 193 /* 194 * Receive Router Advertisement Message. 195 * 196 * Based on RFC 2461 197 * TODO: on-link bit on prefix information 198 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing 199 */ 200 void 201 nd6_ra_input(struct mbuf *m, int off, int icmp6len) 202 { 203 struct ifnet *ifp = m->m_pkthdr.rcvif; 204 struct nd_ifinfo *ndi = ND_IFINFO(ifp); 205 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 206 struct nd_router_advert *nd_ra; 207 struct in6_addr saddr6 = ip6->ip6_src; 208 #if 0 209 struct in6_addr daddr6 = ip6->ip6_dst; 210 int flags; /* = nd_ra->nd_ra_flags_reserved; */ 211 int is_managed = ((flags & ND_RA_FLAG_MANAGED) != 0); 212 int is_other = ((flags & ND_RA_FLAG_OTHER) != 0); 213 #endif 214 union nd_opts ndopts; 215 struct nd_defrouter *dr; 216 217 /* 218 * We only accept RAs only when 219 * the system-wide variable allows the acceptance, and 220 * per-interface variable allows RAs on the receiving interface. 221 */ 222 if (ip6_accept_rtadv == 0) 223 goto freeit; 224 if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV)) 225 goto freeit; 226 227 if (ip6->ip6_hlim != 255) { 228 nd6log((LOG_ERR, 229 "nd6_ra_input: invalid hlim (%d) from %s to %s on %s\n", 230 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 231 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 232 goto bad; 233 } 234 235 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) { 236 nd6log((LOG_ERR, 237 "nd6_ra_input: src %s is not link-local\n", 238 ip6_sprintf(&saddr6))); 239 goto bad; 240 } 241 242 #ifndef PULLDOWN_TEST 243 IP6_EXTHDR_CHECK(m, off, icmp6len,); 244 nd_ra = (struct nd_router_advert *)((caddr_t)ip6 + off); 245 #else 246 IP6_EXTHDR_GET(nd_ra, struct nd_router_advert *, m, off, icmp6len); 247 if (nd_ra == NULL) { 248 icmp6stat.icp6s_tooshort++; 249 return; 250 } 251 #endif 252 253 icmp6len -= sizeof(*nd_ra); 254 nd6_option_init(nd_ra + 1, icmp6len, &ndopts); 255 if (nd6_options(&ndopts) < 0) { 256 nd6log((LOG_INFO, 257 "nd6_ra_input: invalid ND option, ignored\n")); 258 /* nd6_options have incremented stats */ 259 goto freeit; 260 } 261 262 { 263 struct nd_defrouter dr0; 264 u_int32_t advreachable = nd_ra->nd_ra_reachable; 265 266 dr0.rtaddr = saddr6; 267 dr0.flags = nd_ra->nd_ra_flags_reserved; 268 dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime); 269 dr0.expire = time_uptime + dr0.rtlifetime; 270 dr0.ifp = ifp; 271 dr0.advint = 0; /* Mobile IPv6 */ 272 dr0.advint_expire = 0; /* Mobile IPv6 */ 273 dr0.advints_lost = 0; /* Mobile IPv6 */ 274 /* unspecified or not? (RFC 2461 6.3.4) */ 275 if (advreachable) { 276 advreachable = ntohl(advreachable); 277 if (advreachable <= MAX_REACHABLE_TIME && 278 ndi->basereachable != advreachable) { 279 ndi->basereachable = advreachable; 280 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable); 281 ndi->recalctm = nd6_recalc_reachtm_interval; /* reset */ 282 } 283 } 284 if (nd_ra->nd_ra_retransmit) 285 ndi->retrans = ntohl(nd_ra->nd_ra_retransmit); 286 if (nd_ra->nd_ra_curhoplimit) 287 ndi->chlim = nd_ra->nd_ra_curhoplimit; 288 dr = defrtrlist_update(&dr0); 289 } 290 291 /* 292 * prefix 293 */ 294 if (ndopts.nd_opts_pi) { 295 struct nd_opt_hdr *pt; 296 struct nd_opt_prefix_info *pi = NULL; 297 struct nd_prefix pr; 298 299 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi; 300 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end; 301 pt = (struct nd_opt_hdr *)((caddr_t)pt + 302 (pt->nd_opt_len << 3))) { 303 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION) 304 continue; 305 pi = (struct nd_opt_prefix_info *)pt; 306 307 if (pi->nd_opt_pi_len != 4) { 308 nd6log((LOG_INFO, 309 "nd6_ra_input: invalid option " 310 "len %d for prefix information option, " 311 "ignored\n", pi->nd_opt_pi_len)); 312 continue; 313 } 314 315 if (128 < pi->nd_opt_pi_prefix_len) { 316 nd6log((LOG_INFO, 317 "nd6_ra_input: invalid prefix " 318 "len %d for prefix information option, " 319 "ignored\n", pi->nd_opt_pi_prefix_len)); 320 continue; 321 } 322 323 if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix) 324 || IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) { 325 nd6log((LOG_INFO, 326 "nd6_ra_input: invalid prefix " 327 "%s, ignored\n", 328 ip6_sprintf(&pi->nd_opt_pi_prefix))); 329 continue; 330 } 331 332 bzero(&pr, sizeof(pr)); 333 pr.ndpr_prefix.sin6_family = AF_INET6; 334 pr.ndpr_prefix.sin6_len = sizeof(pr.ndpr_prefix); 335 pr.ndpr_prefix.sin6_addr = pi->nd_opt_pi_prefix; 336 pr.ndpr_ifp = (struct ifnet *)m->m_pkthdr.rcvif; 337 338 pr.ndpr_raf_onlink = (pi->nd_opt_pi_flags_reserved & 339 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0; 340 pr.ndpr_raf_auto = (pi->nd_opt_pi_flags_reserved & 341 ND_OPT_PI_FLAG_AUTO) ? 1 : 0; 342 pr.ndpr_plen = pi->nd_opt_pi_prefix_len; 343 pr.ndpr_vltime = ntohl(pi->nd_opt_pi_valid_time); 344 pr.ndpr_pltime = ntohl(pi->nd_opt_pi_preferred_time); 345 if (in6_init_prefix_ltimes(&pr)) 346 continue; /* prefix lifetime init failed */ 347 prelist_update(&pr, dr, m); 348 } 349 } 350 351 /* 352 * MTU 353 */ 354 if (ndopts.nd_opts_mtu && ndopts.nd_opts_mtu->nd_opt_mtu_len == 1) { 355 u_long mtu, maxmtu; 356 357 mtu = ntohl(ndopts.nd_opts_mtu->nd_opt_mtu_mtu); 358 359 /* lower bound */ 360 if (mtu < IPV6_MMTU) { 361 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu option " 362 "mtu=%ld sent from %s, ignoring\n", 363 mtu, ip6_sprintf(&ip6->ip6_src))); 364 goto skip; 365 } 366 367 /* upper bound */ 368 maxmtu = (ndi->maxmtu && ndi->maxmtu < ifp->if_mtu) ? 369 ndi->maxmtu : ifp->if_mtu; 370 if (mtu <= maxmtu) { 371 int change = (ndi->linkmtu != mtu); 372 373 ndi->linkmtu = mtu; 374 if (change) /* in6_maxmtu may change */ 375 in6_setmaxmtu(); 376 } else { 377 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu " 378 "mtu=%lu sent from %s; " 379 "exceeds maxmtu %lu, ignoring\n", 380 mtu, ip6_sprintf(&ip6->ip6_src), maxmtu)); 381 } 382 } 383 384 skip: 385 386 /* 387 * Source link layer address 388 */ 389 { 390 char *lladdr = NULL; 391 int lladdrlen = 0; 392 393 if (ndopts.nd_opts_src_lladdr) { 394 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 395 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 396 } 397 398 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 399 nd6log((LOG_INFO, 400 "nd6_ra_input: lladdrlen mismatch for %s " 401 "(if %d, RA packet %d)\n", 402 ip6_sprintf(&saddr6), ifp->if_addrlen, lladdrlen - 2)); 403 goto bad; 404 } 405 406 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_ADVERT, 0); 407 408 /* 409 * Installing a link-layer address might change the state of the 410 * router's neighbor cache, which might also affect our on-link 411 * detection of adveritsed prefixes. 412 */ 413 pfxlist_onlink_check(); 414 } 415 416 freeit: 417 m_freem(m); 418 return; 419 420 bad: 421 icmp6stat.icp6s_badra++; 422 m_freem(m); 423 } 424 425 /* 426 * default router list proccessing sub routines 427 */ 428 429 #if 0 430 /* tell the change to user processes watching the routing socket. */ 431 static void 432 nd6_rtmsg(int cmd, struct rtentry *rt) 433 { 434 struct rt_addrinfo info; 435 436 bzero((caddr_t)&info, sizeof(info)); 437 info.rti_info[RTAX_DST] = rt_key(rt); 438 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 439 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 440 if (TAILQ_EMPTY(&rt->rt_ifp->if_addrheads[mycpuid])) { 441 info.rti_info[RTAX_IFP] = NULL; 442 } else { 443 info.rti_info[RTAX_IFP] = 444 (struct sockaddr *) 445 TAILQ_FIRST(&rt->rt_ifp->if_addrheads[mycpuid])->ifa; 446 } 447 info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr; 448 449 rt_missmsg(cmd, &info, rt->rt_flags, 0); 450 } 451 #endif 452 453 void 454 defrouter_addreq(struct nd_defrouter *new) 455 { 456 struct sockaddr_in6 def, mask, gate; 457 458 bzero(&def, sizeof(def)); 459 bzero(&mask, sizeof(mask)); 460 bzero(&gate, sizeof(gate)); 461 462 def.sin6_len = mask.sin6_len = gate.sin6_len = 463 sizeof(struct sockaddr_in6); 464 def.sin6_family = mask.sin6_family = gate.sin6_family = AF_INET6; 465 gate.sin6_addr = new->rtaddr; 466 467 rtrequest_global(RTM_ADD, (struct sockaddr *)&def, 468 (struct sockaddr *)&gate, (struct sockaddr *)&mask, RTF_GATEWAY); 469 return; 470 } 471 472 /* Add a route to a given interface as default */ 473 static void 474 defrouter_addifreq(struct ifnet *ifp) 475 { 476 struct sockaddr_in6 def, mask; 477 struct ifaddr *ifa; 478 int error, flags; 479 480 bzero(&def, sizeof(def)); 481 bzero(&mask, sizeof(mask)); 482 483 def.sin6_len = mask.sin6_len = sizeof(struct sockaddr_in6); 484 def.sin6_family = mask.sin6_family = AF_INET6; 485 486 /* 487 * Search for an ifaddr beloging to the specified interface. 488 * XXX: An IPv6 address are required to be assigned on the interface. 489 */ 490 if ((ifa = ifaof_ifpforaddr((struct sockaddr *)&def, ifp)) == NULL) { 491 nd6log((LOG_ERR, /* better error? */ 492 "defrouter_addifreq: failed to find an ifaddr " 493 "to install a route to interface %s\n", 494 if_name(ifp))); 495 return; 496 } 497 498 flags = ifa->ifa_flags; 499 error = rtrequest_global(RTM_ADD, (struct sockaddr *)&def, 500 ifa->ifa_addr, (struct sockaddr *)&mask, flags); 501 if (error != 0) { 502 nd6log((LOG_ERR, 503 "defrouter_addifreq: failed to install a route to " 504 "interface %s (errno = %d)\n", 505 if_name(ifp), error)); 506 } 507 } 508 509 struct nd_defrouter * 510 defrouter_lookup(struct in6_addr *addr, struct ifnet *ifp) 511 { 512 struct nd_defrouter *dr; 513 514 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 515 dr = TAILQ_NEXT(dr, dr_entry)) { 516 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr)) 517 return (dr); 518 } 519 520 return (NULL); /* search failed */ 521 } 522 523 void 524 defrouter_delreq(struct nd_defrouter *dr, int dofree) 525 { 526 struct sockaddr_in6 def, mask, gate; 527 528 bzero(&def, sizeof(def)); 529 bzero(&mask, sizeof(mask)); 530 bzero(&gate, sizeof(gate)); 531 532 def.sin6_len = mask.sin6_len = gate.sin6_len = 533 sizeof(struct sockaddr_in6); 534 def.sin6_family = mask.sin6_family = gate.sin6_family = AF_INET6; 535 gate.sin6_addr = dr->rtaddr; 536 537 rtrequest_global(RTM_DELETE, (struct sockaddr *)&def, 538 (struct sockaddr *)&gate, (struct sockaddr *)&mask, RTF_GATEWAY); 539 if (dofree) /* XXX: necessary? */ 540 kfree(dr, M_IP6NDP); 541 } 542 543 void 544 defrtrlist_del(struct nd_defrouter *dr) 545 { 546 struct nd_defrouter *deldr = NULL; 547 struct nd_prefix *pr; 548 549 /* 550 * Flush all the routing table entries that use the router 551 * as a next hop. 552 */ 553 if (!ip6_forwarding && ip6_accept_rtadv) /* XXX: better condition? */ 554 rt6_flush(&dr->rtaddr, dr->ifp); 555 556 if (dr == TAILQ_FIRST(&nd_defrouter)) 557 deldr = dr; /* The router is primary. */ 558 559 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 560 561 /* 562 * Also delete all the pointers to the router in each prefix lists. 563 */ 564 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 565 struct nd_pfxrouter *pfxrtr; 566 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL) 567 pfxrtr_del(pfxrtr); 568 } 569 pfxlist_onlink_check(); 570 571 /* 572 * If the router is the primary one, choose a new one. 573 * Note that defrouter_select() will remove the current gateway 574 * from the routing table. 575 */ 576 if (deldr) 577 defrouter_select(); 578 579 kfree(dr, M_IP6NDP); 580 } 581 582 /* 583 * Default Router Selection according to Section 6.3.6 of RFC 2461: 584 * 1) Routers that are reachable or probably reachable should be 585 * preferred. 586 * 2) When no routers on the list are known to be reachable or 587 * probably reachable, routers SHOULD be selected in a round-robin 588 * fashion. 589 * 3) If the Default Router List is empty, assume that all 590 * destinations are on-link. 591 */ 592 void 593 defrouter_select(void) 594 { 595 struct nd_defrouter *dr, anydr; 596 struct rtentry *rt = NULL; 597 struct llinfo_nd6 *ln = NULL; 598 599 mtx_lock(&nd6_mtx); 600 601 /* 602 * Search for a (probably) reachable router from the list. 603 */ 604 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 605 dr = TAILQ_NEXT(dr, dr_entry)) { 606 if ((rt = nd6_lookup(&dr->rtaddr, 0, dr->ifp)) && 607 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) && 608 ND6_IS_LLINFO_PROBREACH(ln)) { 609 /* Got it, and move it to the head */ 610 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 611 TAILQ_INSERT_HEAD(&nd_defrouter, dr, dr_entry); 612 break; 613 } 614 } 615 616 if ((dr = TAILQ_FIRST(&nd_defrouter))) { 617 /* 618 * De-install the previous default gateway and install 619 * a new one. 620 * Note that if there is no reachable router in the list, 621 * the head entry will be used anyway. 622 * XXX: do we have to check the current routing table entry? 623 */ 624 bzero(&anydr, sizeof(anydr)); 625 defrouter_delreq(&anydr, 0); 626 defrouter_addreq(dr); 627 } 628 else { 629 /* 630 * The Default Router List is empty, so install the default 631 * route to an inteface. 632 * XXX: The specification does not say this mechanism should 633 * be restricted to hosts, but this would be not useful 634 * (even harmful) for routers. 635 */ 636 if (!ip6_forwarding) { 637 /* 638 * De-install the current default route 639 * in advance. 640 */ 641 bzero(&anydr, sizeof(anydr)); 642 defrouter_delreq(&anydr, 0); 643 if (nd6_defifp) { 644 /* 645 * Install a route to the default interface 646 * as default route. 647 * XXX: we enable this for host only, because 648 * this may override a default route installed 649 * a user process (e.g. routing daemon) in a 650 * router case. 651 */ 652 defrouter_addifreq(nd6_defifp); 653 } else { 654 nd6log((LOG_INFO, "defrouter_select: " 655 "there's no default router and no default" 656 " interface\n")); 657 } 658 } 659 } 660 mtx_unlock(&nd6_mtx); 661 return; 662 } 663 664 static struct nd_defrouter * 665 defrtrlist_update(struct nd_defrouter *new) 666 { 667 struct nd_defrouter *dr, *n; 668 669 mtx_lock(&nd6_mtx); 670 671 if ((dr = defrouter_lookup(&new->rtaddr, new->ifp)) != NULL) { 672 /* entry exists */ 673 if (new->rtlifetime == 0) { 674 defrtrlist_del(dr); 675 dr = NULL; 676 } else { 677 /* override */ 678 dr->flags = new->flags; /* xxx flag check */ 679 dr->rtlifetime = new->rtlifetime; 680 dr->expire = new->expire; 681 } 682 mtx_unlock(&nd6_mtx); 683 return (dr); 684 } 685 686 /* entry does not exist */ 687 if (new->rtlifetime == 0) { 688 mtx_unlock(&nd6_mtx); 689 return (NULL); 690 } 691 692 n = (struct nd_defrouter *)kmalloc(sizeof(*n), M_IP6NDP, 693 M_NOWAIT | M_ZERO); 694 if (n == NULL) { 695 mtx_unlock(&nd6_mtx); 696 return (NULL); 697 } 698 *n = *new; 699 700 /* 701 * Insert the new router at the end of the Default Router List. 702 * If there is no other router, install it anyway. Otherwise, 703 * just continue to use the current default router. 704 */ 705 TAILQ_INSERT_TAIL(&nd_defrouter, n, dr_entry); 706 if (TAILQ_FIRST(&nd_defrouter) == n) 707 defrouter_select(); 708 mtx_unlock(&nd6_mtx); 709 return (n); 710 } 711 712 static struct nd_pfxrouter * 713 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr) 714 { 715 struct nd_pfxrouter *search; 716 717 for (search = pr->ndpr_advrtrs.lh_first; search; search = search->pfr_next) { 718 if (search->router == dr) 719 break; 720 } 721 722 return (search); 723 } 724 725 static void 726 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr) 727 { 728 struct nd_pfxrouter *new; 729 730 new = kmalloc(sizeof(*new), M_IP6NDP, M_INTWAIT | M_ZERO); 731 new->router = dr; 732 733 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry); 734 735 pfxlist_onlink_check(); 736 } 737 738 static void 739 pfxrtr_del(struct nd_pfxrouter *pfr) 740 { 741 LIST_REMOVE(pfr, pfr_entry); 742 kfree(pfr, M_IP6NDP); 743 } 744 745 struct nd_prefix * 746 nd6_prefix_lookup(struct nd_prefix *pr) 747 { 748 struct nd_prefix *search; 749 750 for (search = nd_prefix.lh_first; search; search = search->ndpr_next) { 751 if (pr->ndpr_ifp == search->ndpr_ifp && 752 pr->ndpr_plen == search->ndpr_plen && 753 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, 754 &search->ndpr_prefix.sin6_addr, pr->ndpr_plen)) 755 break; 756 } 757 758 return (search); 759 } 760 761 int 762 nd6_prelist_add(struct nd_prefix *pr, struct nd_defrouter *dr, 763 struct nd_prefix **newp) 764 { 765 struct nd_prefix *new = NULL; 766 int i; 767 768 new = kmalloc(sizeof(*new), M_IP6NDP, M_INTWAIT); 769 *new = *pr; 770 if (newp != NULL) 771 *newp = new; 772 773 /* initialization */ 774 LIST_INIT(&new->ndpr_advrtrs); 775 in6_prefixlen2mask(&new->ndpr_mask, new->ndpr_plen); 776 /* make prefix in the canonical form */ 777 for (i = 0; i < 4; i++) { 778 new->ndpr_prefix.sin6_addr.s6_addr32[i] &= 779 new->ndpr_mask.s6_addr32[i]; 780 } 781 782 mtx_lock(&nd6_mtx); 783 /* link ndpr_entry to nd_prefix list */ 784 LIST_INSERT_HEAD(&nd_prefix, new, ndpr_entry); 785 mtx_unlock(&nd6_mtx); 786 787 /* ND_OPT_PI_FLAG_ONLINK processing */ 788 if (new->ndpr_raf_onlink) { 789 int e; 790 791 if ((e = nd6_prefix_onlink(new)) != 0) { 792 nd6log((LOG_ERR, "nd6_prelist_add: failed to make " 793 "the prefix %s/%d on-link on %s (errno=%d)\n", 794 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 795 pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); 796 /* proceed anyway. XXX: is it correct? */ 797 } 798 } 799 800 if (dr) 801 pfxrtr_add(new, dr); 802 803 return 0; 804 } 805 806 void 807 prelist_remove(struct nd_prefix *pr) 808 { 809 struct nd_pfxrouter *pfr, *next; 810 int e; 811 812 /* make sure to invalidate the prefix until it is really freed. */ 813 pr->ndpr_vltime = 0; 814 pr->ndpr_pltime = 0; 815 #if 0 816 /* 817 * Though these flags are now meaningless, we'd rather keep the value 818 * not to confuse users when executing "ndp -p". 819 */ 820 pr->ndpr_raf_onlink = 0; 821 pr->ndpr_raf_auto = 0; 822 #endif 823 if ((pr->ndpr_stateflags & NDPRF_ONLINK) && 824 (e = nd6_prefix_offlink(pr)) != 0) { 825 nd6log((LOG_ERR, "prelist_remove: failed to make %s/%d offlink " 826 "on %s, errno=%d\n", 827 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 828 pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); 829 /* what should we do? */ 830 } 831 832 if (pr->ndpr_refcnt > 0) 833 return; /* notice here? */ 834 835 mtx_lock(&nd6_mtx); 836 837 /* unlink ndpr_entry from nd_prefix list */ 838 LIST_REMOVE(pr, ndpr_entry); 839 840 /* free list of routers that adversed the prefix */ 841 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; pfr = next) { 842 next = pfr->pfr_next; 843 844 kfree(pfr, M_IP6NDP); 845 } 846 mtx_unlock(&nd6_mtx); 847 848 kfree(pr, M_IP6NDP); 849 850 pfxlist_onlink_check(); 851 } 852 853 /* 854 * Parameters: 855 * dr: may be NULL 856 */ 857 int 858 prelist_update(struct nd_prefix *new, struct nd_defrouter *dr, struct mbuf *m) 859 { 860 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL; 861 struct ifaddr_container *ifac; 862 struct ifnet *ifp = new->ndpr_ifp; 863 struct nd_prefix *pr; 864 int error = 0; 865 int auth; 866 struct in6_addrlifetime lt6_tmp; 867 868 auth = 0; 869 mtx_lock(&nd6_mtx); 870 if (m) { 871 /* 872 * Authenticity for NA consists authentication for 873 * both IP header and IP datagrams, doesn't it ? 874 */ 875 #if defined(M_AUTHIPHDR) && defined(M_AUTHIPDGM) 876 auth = ((m->m_flags & M_AUTHIPHDR) && 877 (m->m_flags & M_AUTHIPDGM)); 878 #endif 879 } 880 881 if ((pr = nd6_prefix_lookup(new)) != NULL) { 882 /* 883 * nd6_prefix_lookup() ensures that pr and new have the same 884 * prefix on a same interface. 885 */ 886 887 /* 888 * Update prefix information. Note that the on-link (L) bit 889 * and the autonomous (A) bit should NOT be changed from 1 890 * to 0. 891 */ 892 if (new->ndpr_raf_onlink == 1) 893 pr->ndpr_raf_onlink = 1; 894 if (new->ndpr_raf_auto == 1) 895 pr->ndpr_raf_auto = 1; 896 if (new->ndpr_raf_onlink) { 897 pr->ndpr_vltime = new->ndpr_vltime; 898 pr->ndpr_pltime = new->ndpr_pltime; 899 pr->ndpr_preferred = new->ndpr_preferred; 900 pr->ndpr_expire = new->ndpr_expire; 901 } 902 903 if (new->ndpr_raf_onlink && 904 !(pr->ndpr_stateflags & NDPRF_ONLINK)) { 905 int e; 906 907 if ((e = nd6_prefix_onlink(pr)) != 0) { 908 nd6log((LOG_ERR, 909 "prelist_update: failed to make " 910 "the prefix %s/%d on-link on %s " 911 "(errno=%d)\n", 912 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 913 pr->ndpr_plen, if_name(pr->ndpr_ifp), e)); 914 /* proceed anyway. XXX: is it correct? */ 915 } 916 } 917 918 if (dr && pfxrtr_lookup(pr, dr) == NULL) 919 pfxrtr_add(pr, dr); 920 } else { 921 struct nd_prefix *newpr = NULL; 922 923 if (new->ndpr_vltime == 0) 924 goto end; 925 if (new->ndpr_raf_onlink == 0 && new->ndpr_raf_auto == 0) 926 goto end; 927 928 bzero(&new->ndpr_addr, sizeof(struct in6_addr)); 929 930 error = nd6_prelist_add(new, dr, &newpr); 931 if (error != 0 || newpr == NULL) { 932 nd6log((LOG_NOTICE, "prelist_update: " 933 "nd6_prelist_add failed for %s/%d on %s " 934 "errno=%d, returnpr=%p\n", 935 ip6_sprintf(&new->ndpr_prefix.sin6_addr), 936 new->ndpr_plen, if_name(new->ndpr_ifp), 937 error, newpr)); 938 goto end; /* we should just give up in this case. */ 939 } 940 941 /* 942 * XXX: from the ND point of view, we can ignore a prefix 943 * with the on-link bit being zero. However, we need a 944 * prefix structure for references from autoconfigured 945 * addresses. Thus, we explicitly make sure that the prefix 946 * itself expires now. 947 */ 948 if (newpr->ndpr_raf_onlink == 0) { 949 newpr->ndpr_vltime = 0; 950 newpr->ndpr_pltime = 0; 951 in6_init_prefix_ltimes(newpr); 952 } 953 954 pr = newpr; 955 } 956 957 /* 958 * Address autoconfiguration based on Section 5.5.3 of RFC 2462. 959 * Note that pr must be non NULL at this point. 960 */ 961 962 /* 5.5.3 (a). Ignore the prefix without the A bit set. */ 963 if (!new->ndpr_raf_auto) 964 goto afteraddrconf; 965 966 /* 967 * 5.5.3 (b). the link-local prefix should have been ignored in 968 * nd6_ra_input. 969 */ 970 971 /* 972 * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. 973 * This should have been done in nd6_ra_input. 974 */ 975 976 /* 977 * 5.5.3 (d). If the prefix advertised does not match the prefix of an 978 * address already in the list, and the Valid Lifetime is not 0, 979 * form an address. Note that even a manually configured address 980 * should reject autoconfiguration of a new address. 981 */ 982 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 983 struct ifaddr *ifa = ifac->ifa; 984 struct in6_ifaddr *ifa6; 985 int ifa_plen; 986 u_int32_t storedlifetime; 987 988 if (ifa->ifa_addr->sa_family != AF_INET6) 989 continue; 990 991 ifa6 = (struct in6_ifaddr *)ifa; 992 993 /* 994 * Spec is not clear here, but I believe we should concentrate 995 * on unicast (i.e. not anycast) addresses. 996 * XXX: other ia6_flags? detached or duplicated? 997 */ 998 if (ifa6->ia6_flags & IN6_IFF_ANYCAST) 999 continue; 1000 1001 ifa_plen = in6_mask2len(&ifa6->ia_prefixmask.sin6_addr, NULL); 1002 if (ifa_plen != new->ndpr_plen || 1003 !in6_are_prefix_equal(&ifa6->ia_addr.sin6_addr, 1004 &new->ndpr_prefix.sin6_addr, ifa_plen)) 1005 continue; 1006 1007 if (ia6_match == NULL) /* remember the first one */ 1008 ia6_match = ifa6; 1009 1010 if (!(ifa6->ia6_flags & IN6_IFF_AUTOCONF)) 1011 continue; 1012 1013 /* 1014 * An already autoconfigured address matched. Now that we 1015 * are sure there is at least one matched address, we can 1016 * proceed to 5.5.3. (e): update the lifetimes according to the 1017 * "two hours" rule and the privacy extension. 1018 */ 1019 #define TWOHOUR (120*60) 1020 lt6_tmp = ifa6->ia6_lifetime; 1021 1022 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME) 1023 storedlifetime = ND6_INFINITE_LIFETIME; 1024 else if (IFA6_IS_INVALID(ifa6)) 1025 storedlifetime = 0; 1026 else 1027 storedlifetime = lt6_tmp.ia6t_expire - time_uptime; 1028 1029 /* when not updating, keep the current stored lifetime. */ 1030 lt6_tmp.ia6t_vltime = storedlifetime; 1031 1032 if (TWOHOUR < new->ndpr_vltime || 1033 storedlifetime < new->ndpr_vltime) { 1034 lt6_tmp.ia6t_vltime = new->ndpr_vltime; 1035 } else if (storedlifetime <= TWOHOUR 1036 #if 0 1037 /* 1038 * This condition is logically redundant, so we just 1039 * omit it. 1040 * See IPng 6712, 6717, and 6721. 1041 */ 1042 && new->ndpr_vltime <= storedlifetime 1043 #endif 1044 ) { 1045 if (auth) { 1046 lt6_tmp.ia6t_vltime = new->ndpr_vltime; 1047 } 1048 } else { 1049 /* 1050 * new->ndpr_vltime <= TWOHOUR && 1051 * TWOHOUR < storedlifetime 1052 */ 1053 lt6_tmp.ia6t_vltime = TWOHOUR; 1054 } 1055 1056 /* The 2 hour rule is not imposed for preferred lifetime. */ 1057 lt6_tmp.ia6t_pltime = new->ndpr_pltime; 1058 1059 in6_init_address_ltimes(pr, <6_tmp); 1060 1061 /* 1062 * When adjusting the lifetimes of an existing temporary 1063 * address, only lower the lifetimes. 1064 * RFC 3041 3.3. (1). 1065 * XXX: how should we modify ia6t_[pv]ltime? 1066 */ 1067 if (ifa6->ia6_flags & IN6_IFF_TEMPORARY) { 1068 if (lt6_tmp.ia6t_expire == 0 || /* no expire */ 1069 lt6_tmp.ia6t_expire > 1070 ifa6->ia6_lifetime.ia6t_expire) { 1071 lt6_tmp.ia6t_expire = 1072 ifa6->ia6_lifetime.ia6t_expire; 1073 } 1074 if (lt6_tmp.ia6t_preferred == 0 || /* no expire */ 1075 lt6_tmp.ia6t_preferred > 1076 ifa6->ia6_lifetime.ia6t_preferred) { 1077 lt6_tmp.ia6t_preferred = 1078 ifa6->ia6_lifetime.ia6t_preferred; 1079 } 1080 } 1081 1082 ifa6->ia6_lifetime = lt6_tmp; 1083 } 1084 if (ia6_match == NULL && new->ndpr_vltime) { 1085 /* 1086 * No address matched and the valid lifetime is non-zero. 1087 * Create a new address. 1088 */ 1089 if ((ia6 = in6_ifadd(new, NULL)) != NULL) { 1090 /* 1091 * note that we should use pr (not new) for reference. 1092 */ 1093 pr->ndpr_refcnt++; 1094 ia6->ia6_ndpr = pr; 1095 1096 /* 1097 * RFC 3041 3.3 (2). 1098 * When a new public address is created as described 1099 * in RFC2462, also create a new temporary address. 1100 * 1101 * RFC 3041 3.5. 1102 * When an interface connects to a new link, a new 1103 * randomized interface identifier should be generated 1104 * immediately together with a new set of temporary 1105 * addresses. Thus, we specifiy 1 as the 2nd arg of 1106 * in6_tmpifadd(). 1107 */ 1108 if (ip6_use_tempaddr) { 1109 int e; 1110 if ((e = in6_tmpifadd(ia6, 1)) != 0) { 1111 nd6log((LOG_NOTICE, "prelist_update: " 1112 "failed to create a temporary " 1113 "address, errno=%d\n", 1114 e)); 1115 } 1116 } 1117 1118 /* 1119 * A newly added address might affect the status 1120 * of other addresses, so we check and update it. 1121 * XXX: what if address duplication happens? 1122 */ 1123 pfxlist_onlink_check(); 1124 } else { 1125 /* just set an error. do not bark here. */ 1126 error = EADDRNOTAVAIL; /* XXX: might be unused. */ 1127 } 1128 } 1129 1130 afteraddrconf: 1131 1132 end: 1133 mtx_unlock(&nd6_mtx); 1134 return error; 1135 } 1136 1137 /* 1138 * A supplement function used in the on-link detection below; 1139 * detect if a given prefix has a (probably) reachable advertising router. 1140 * XXX: lengthy function name... 1141 */ 1142 static struct nd_pfxrouter * 1143 find_pfxlist_reachable_router(struct nd_prefix *pr) 1144 { 1145 struct nd_pfxrouter *pfxrtr; 1146 struct rtentry *rt; 1147 struct llinfo_nd6 *ln; 1148 1149 for (pfxrtr = LIST_FIRST(&pr->ndpr_advrtrs); pfxrtr; 1150 pfxrtr = LIST_NEXT(pfxrtr, pfr_entry)) { 1151 if ((rt = nd6_lookup(&pfxrtr->router->rtaddr, 0, 1152 pfxrtr->router->ifp)) && 1153 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) && 1154 ND6_IS_LLINFO_PROBREACH(ln)) 1155 break; /* found */ 1156 } 1157 1158 return (pfxrtr); 1159 } 1160 1161 /* 1162 * Check if each prefix in the prefix list has at least one available router 1163 * that advertised the prefix (a router is "available" if its neighbor cache 1164 * entry is reachable or probably reachable). 1165 * If the check fails, the prefix may be off-link, because, for example, 1166 * we have moved from the network but the lifetime of the prefix has not 1167 * expired yet. So we should not use the prefix if there is another prefix 1168 * that has an available router. 1169 * But, if there is no prefix that has an available router, we still regards 1170 * all the prefixes as on-link. This is because we can't tell if all the 1171 * routers are simply dead or if we really moved from the network and there 1172 * is no router around us. 1173 */ 1174 void 1175 pfxlist_onlink_check(void) 1176 { 1177 struct nd_prefix *pr; 1178 struct in6_ifaddr *ifa; 1179 1180 /* 1181 * Check if there is a prefix that has a reachable advertising 1182 * router. 1183 */ 1184 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 1185 if (pr->ndpr_raf_onlink && find_pfxlist_reachable_router(pr)) 1186 break; 1187 } 1188 1189 if (pr) { 1190 /* 1191 * There is at least one prefix that has a reachable router. 1192 * Detach prefixes which have no reachable advertising 1193 * router, and attach other prefixes. 1194 */ 1195 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 1196 /* XXX: a link-local prefix should never be detached */ 1197 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1198 continue; 1199 1200 /* 1201 * we aren't interested in prefixes without the L bit 1202 * set. 1203 */ 1204 if (pr->ndpr_raf_onlink == 0) 1205 continue; 1206 1207 if (!(pr->ndpr_stateflags & NDPRF_DETACHED) && 1208 find_pfxlist_reachable_router(pr) == NULL) 1209 pr->ndpr_stateflags |= NDPRF_DETACHED; 1210 if ((pr->ndpr_stateflags & NDPRF_DETACHED) && 1211 find_pfxlist_reachable_router(pr) != NULL) 1212 pr->ndpr_stateflags &= ~NDPRF_DETACHED; 1213 } 1214 } else { 1215 /* there is no prefix that has a reachable router */ 1216 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 1217 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1218 continue; 1219 1220 if (pr->ndpr_raf_onlink == 0) 1221 continue; 1222 1223 if (pr->ndpr_stateflags & NDPRF_DETACHED) 1224 pr->ndpr_stateflags &= ~NDPRF_DETACHED; 1225 } 1226 } 1227 1228 /* 1229 * Remove each interface route associated with a (just) detached 1230 * prefix, and reinstall the interface route for a (just) attached 1231 * prefix. Note that all attempt of reinstallation does not 1232 * necessarily success, when a same prefix is shared among multiple 1233 * interfaces. Such cases will be handled in nd6_prefix_onlink, 1234 * so we don't have to care about them. 1235 */ 1236 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 1237 int e; 1238 1239 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1240 continue; 1241 1242 if (pr->ndpr_raf_onlink == 0) 1243 continue; 1244 1245 if ((pr->ndpr_stateflags & NDPRF_DETACHED) && 1246 (pr->ndpr_stateflags & NDPRF_ONLINK)) { 1247 if ((e = nd6_prefix_offlink(pr)) != 0) { 1248 nd6log((LOG_ERR, 1249 "pfxlist_onlink_check: failed to " 1250 "make %s/%d offlink, errno=%d\n", 1251 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1252 pr->ndpr_plen, e)); 1253 } 1254 } 1255 if (!(pr->ndpr_stateflags & NDPRF_DETACHED) && 1256 !(pr->ndpr_stateflags & NDPRF_ONLINK) && 1257 pr->ndpr_raf_onlink) { 1258 if ((e = nd6_prefix_onlink(pr)) != 0) { 1259 nd6log((LOG_ERR, 1260 "pfxlist_onlink_check: failed to " 1261 "make %s/%d offlink, errno=%d\n", 1262 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1263 pr->ndpr_plen, e)); 1264 } 1265 } 1266 } 1267 1268 /* 1269 * Changes on the prefix status might affect address status as well. 1270 * Make sure that all addresses derived from an attached prefix are 1271 * attached, and that all addresses derived from a detached prefix are 1272 * detached. Note, however, that a manually configured address should 1273 * always be attached. 1274 * The precise detection logic is same as the one for prefixes. 1275 */ 1276 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1277 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF)) 1278 continue; 1279 1280 if (ifa->ia6_ndpr == NULL) { 1281 /* 1282 * This can happen when we first configure the address 1283 * (i.e. the address exists, but the prefix does not). 1284 * XXX: complicated relationships... 1285 */ 1286 continue; 1287 } 1288 1289 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) 1290 break; 1291 } 1292 if (ifa) { 1293 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1294 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF)) 1295 continue; 1296 1297 if (ifa->ia6_ndpr == NULL) /* XXX: see above. */ 1298 continue; 1299 1300 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) 1301 ifa->ia6_flags &= ~IN6_IFF_DETACHED; 1302 else 1303 ifa->ia6_flags |= IN6_IFF_DETACHED; 1304 } 1305 } 1306 else { 1307 for (ifa = in6_ifaddr; ifa; ifa = ifa->ia_next) { 1308 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF)) 1309 continue; 1310 1311 ifa->ia6_flags &= ~IN6_IFF_DETACHED; 1312 } 1313 } 1314 } 1315 1316 int 1317 nd6_prefix_onlink(struct nd_prefix *pr) 1318 { 1319 struct ifaddr *ifa; 1320 struct ifnet *ifp = pr->ndpr_ifp; 1321 struct sockaddr_in6 mask6; 1322 struct nd_prefix *opr; 1323 u_long rtflags; 1324 int error = 0; 1325 1326 /* sanity check */ 1327 if (pr->ndpr_stateflags & NDPRF_ONLINK) { 1328 nd6log((LOG_ERR, 1329 "nd6_prefix_onlink: %s/%d is already on-link\n", 1330 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen); 1331 return (EEXIST)); 1332 } 1333 1334 /* 1335 * Add the interface route associated with the prefix. Before 1336 * installing the route, check if there's the same prefix on another 1337 * interface, and the prefix has already installed the interface route. 1338 * Although such a configuration is expected to be rare, we explicitly 1339 * allow it. 1340 */ 1341 for (opr = nd_prefix.lh_first; opr; opr = opr->ndpr_next) { 1342 if (opr == pr) 1343 continue; 1344 1345 if (!(opr->ndpr_stateflags & NDPRF_ONLINK)) 1346 continue; 1347 1348 if (opr->ndpr_plen == pr->ndpr_plen && 1349 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, 1350 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) 1351 return (0); 1352 } 1353 1354 /* 1355 * We prefer link-local addresses as the associated interface address. 1356 */ 1357 /* search for a link-local addr */ 1358 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 1359 IN6_IFF_NOTREADY| IN6_IFF_ANYCAST); 1360 if (ifa == NULL) { 1361 struct ifaddr_container *ifac; 1362 1363 /* XXX: freebsd does not have ifa_ifwithaf */ 1364 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) { 1365 if (ifac->ifa->ifa_addr->sa_family == AF_INET6) { 1366 ifa = ifac->ifa; 1367 break; 1368 } 1369 } 1370 /* should we care about ia6_flags? */ 1371 } 1372 if (ifa == NULL) { 1373 /* 1374 * This can still happen, when, for example, we receive an RA 1375 * containing a prefix with the L bit set and the A bit clear, 1376 * after removing all IPv6 addresses on the receiving 1377 * interface. This should, of course, be rare though. 1378 */ 1379 nd6log((LOG_NOTICE, 1380 "nd6_prefix_onlink: failed to find any ifaddr" 1381 " to add route for a prefix(%s/%d) on %s\n", 1382 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1383 pr->ndpr_plen, if_name(ifp))); 1384 return (0); 1385 } 1386 1387 /* 1388 * in6_ifinit() sets nd6_rtrequest to ifa_rtrequest for all ifaddrs. 1389 * ifa->ifa_rtrequest = nd6_rtrequest; 1390 */ 1391 bzero(&mask6, sizeof(mask6)); 1392 mask6.sin6_len = sizeof(mask6); 1393 mask6.sin6_addr = pr->ndpr_mask; 1394 rtflags = ifa->ifa_flags | RTF_CLONING | RTF_UP; 1395 if (nd6_need_cache(ifp)) { 1396 /* explicitly set in case ifa_flags does not set the flag. */ 1397 rtflags |= RTF_CLONING; 1398 } else { 1399 /* 1400 * explicitly clear the cloning bit in case ifa_flags sets it. 1401 */ 1402 rtflags &= ~RTF_CLONING; 1403 } 1404 error = rtrequest_global(RTM_ADD, (struct sockaddr *)&pr->ndpr_prefix, 1405 ifa->ifa_addr, (struct sockaddr *)&mask6, rtflags); 1406 if (error == 0) { 1407 pr->ndpr_stateflags |= NDPRF_ONLINK; 1408 } else { 1409 nd6log((LOG_ERR, "nd6_prefix_onlink: failed to add route for a" 1410 " prefix (%s/%d) on %s, gw=%s, mask=%s, flags=%lx " 1411 "errno = %d\n", 1412 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), 1413 pr->ndpr_plen, if_name(ifp), 1414 ip6_sprintf(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr), 1415 ip6_sprintf(&mask6.sin6_addr), rtflags, error)); 1416 } 1417 return (error); 1418 } 1419 1420 int 1421 nd6_prefix_offlink(struct nd_prefix *pr) 1422 { 1423 int error = 0; 1424 struct ifnet *ifp = pr->ndpr_ifp; 1425 struct nd_prefix *opr; 1426 struct sockaddr_in6 sa6, mask6; 1427 1428 /* sanity check */ 1429 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) { 1430 nd6log((LOG_ERR, 1431 "nd6_prefix_offlink: %s/%d is already off-link\n", 1432 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen)); 1433 return (EEXIST); 1434 } 1435 1436 bzero(&sa6, sizeof(sa6)); 1437 sa6.sin6_family = AF_INET6; 1438 sa6.sin6_len = sizeof(sa6); 1439 bcopy(&pr->ndpr_prefix.sin6_addr, &sa6.sin6_addr, 1440 sizeof(struct in6_addr)); 1441 bzero(&mask6, sizeof(mask6)); 1442 mask6.sin6_family = AF_INET6; 1443 mask6.sin6_len = sizeof(sa6); 1444 bcopy(&pr->ndpr_mask, &mask6.sin6_addr, sizeof(struct in6_addr)); 1445 error = rtrequest_global(RTM_DELETE, (struct sockaddr *)&sa6, NULL, 1446 (struct sockaddr *)&mask6, 0); 1447 if (error == 0) { 1448 pr->ndpr_stateflags &= ~NDPRF_ONLINK; 1449 1450 /* 1451 * There might be the same prefix on another interface, 1452 * the prefix which could not be on-link just because we have 1453 * the interface route (see comments in nd6_prefix_onlink). 1454 * If there's one, try to make the prefix on-link on the 1455 * interface. 1456 */ 1457 for (opr = nd_prefix.lh_first; opr; opr = opr->ndpr_next) { 1458 if (opr == pr) 1459 continue; 1460 1461 if (opr->ndpr_stateflags & NDPRF_ONLINK) 1462 continue; 1463 1464 /* 1465 * KAME specific: detached prefixes should not be 1466 * on-link. 1467 */ 1468 if (opr->ndpr_stateflags & NDPRF_DETACHED) 1469 continue; 1470 1471 if (opr->ndpr_plen == pr->ndpr_plen && 1472 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr, 1473 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) { 1474 int e; 1475 1476 if ((e = nd6_prefix_onlink(opr)) != 0) { 1477 nd6log((LOG_ERR, 1478 "nd6_prefix_offlink: failed to " 1479 "recover a prefix %s/%d from %s " 1480 "to %s (errno = %d)\n", 1481 ip6_sprintf(&opr->ndpr_prefix.sin6_addr), 1482 opr->ndpr_plen, if_name(ifp), 1483 if_name(opr->ndpr_ifp), e)); 1484 } 1485 } 1486 } 1487 } else { 1488 /* XXX: can we still set the NDPRF_ONLINK flag? */ 1489 nd6log((LOG_ERR, 1490 "nd6_prefix_offlink: failed to delete route: " 1491 "%s/%d on %s (errno = %d)\n", 1492 ip6_sprintf(&sa6.sin6_addr), pr->ndpr_plen, if_name(ifp), 1493 error)); 1494 } 1495 1496 return (error); 1497 } 1498 1499 /* 1500 * Parameters: 1501 * ifid: Mobile IPv6 addition 1502 */ 1503 static struct in6_ifaddr * 1504 in6_ifadd(struct nd_prefix *pr, struct in6_addr *ifid) 1505 { 1506 struct ifnet *ifp = pr->ndpr_ifp; 1507 struct ifaddr *ifa; 1508 struct in6_aliasreq ifra; 1509 struct in6_ifaddr *ia, *ib; 1510 int error, plen0; 1511 struct in6_addr mask; 1512 int prefixlen = pr->ndpr_plen; 1513 1514 in6_prefixlen2mask(&mask, prefixlen); 1515 1516 /* 1517 * find a link-local address (will be interface ID). 1518 * Is it really mandatory? Theoretically, a global or a site-local 1519 * address can be configured without a link-local address, if we 1520 * have a unique interface identifier... 1521 * 1522 * it is not mandatory to have a link-local address, we can generate 1523 * interface identifier on the fly. we do this because: 1524 * (1) it should be the easiest way to find interface identifier. 1525 * (2) RFC2462 5.4 suggesting the use of the same interface identifier 1526 * for multiple addresses on a single interface, and possible shortcut 1527 * of DAD. we omitted DAD for this reason in the past. 1528 * (3) a user can prevent autoconfiguration of global address 1529 * by removing link-local address by hand (this is partly because we 1530 * don't have other way to control the use of IPv6 on a interface. 1531 * this has been our design choice - cf. NRL's "ifconfig auto"). 1532 * (4) it is easier to manage when an interface has addresses 1533 * with the same interface identifier, than to have multiple addresses 1534 * with different interface identifiers. 1535 * 1536 * Mobile IPv6 addition: allow for caller to specify a wished interface 1537 * ID. This is to not break connections when moving addresses between 1538 * interfaces. 1539 */ 1540 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); /* 0 is OK? */ 1541 if (ifa) 1542 ib = (struct in6_ifaddr *)ifa; 1543 else 1544 return NULL; 1545 1546 #if 0 /* don't care link local addr state, and always do DAD */ 1547 /* if link-local address is not eligible, do not autoconfigure. */ 1548 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) { 1549 kprintf("in6_ifadd: link-local address not ready\n"); 1550 return NULL; 1551 } 1552 #endif 1553 1554 /* prefixlen + ifidlen must be equal to 128 */ 1555 plen0 = in6_mask2len(&ib->ia_prefixmask.sin6_addr, NULL); 1556 if (prefixlen != plen0) { 1557 nd6log((LOG_INFO, "in6_ifadd: wrong prefixlen for %s " 1558 "(prefix=%d ifid=%d)\n", 1559 if_name(ifp), prefixlen, 128 - plen0)); 1560 return NULL; 1561 } 1562 1563 /* make ifaddr */ 1564 1565 bzero(&ifra, sizeof(ifra)); 1566 /* 1567 * in6_update_ifa() does not use ifra_name, but we accurately set it 1568 * for safety. 1569 */ 1570 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 1571 ifra.ifra_addr.sin6_family = AF_INET6; 1572 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 1573 /* prefix */ 1574 bcopy(&pr->ndpr_prefix.sin6_addr, &ifra.ifra_addr.sin6_addr, 1575 sizeof(ifra.ifra_addr.sin6_addr)); 1576 ifra.ifra_addr.sin6_addr.s6_addr32[0] &= mask.s6_addr32[0]; 1577 ifra.ifra_addr.sin6_addr.s6_addr32[1] &= mask.s6_addr32[1]; 1578 ifra.ifra_addr.sin6_addr.s6_addr32[2] &= mask.s6_addr32[2]; 1579 ifra.ifra_addr.sin6_addr.s6_addr32[3] &= mask.s6_addr32[3]; 1580 1581 /* interface ID */ 1582 if (ifid == NULL || IN6_IS_ADDR_UNSPECIFIED(ifid)) 1583 ifid = &ib->ia_addr.sin6_addr; 1584 ifra.ifra_addr.sin6_addr.s6_addr32[0] |= 1585 (ifid->s6_addr32[0] & ~mask.s6_addr32[0]); 1586 ifra.ifra_addr.sin6_addr.s6_addr32[1] |= 1587 (ifid->s6_addr32[1] & ~mask.s6_addr32[1]); 1588 ifra.ifra_addr.sin6_addr.s6_addr32[2] |= 1589 (ifid->s6_addr32[2] & ~mask.s6_addr32[2]); 1590 ifra.ifra_addr.sin6_addr.s6_addr32[3] |= 1591 (ifid->s6_addr32[3] & ~mask.s6_addr32[3]); 1592 1593 /* new prefix mask. */ 1594 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6); 1595 ifra.ifra_prefixmask.sin6_family = AF_INET6; 1596 bcopy(&mask, &ifra.ifra_prefixmask.sin6_addr, 1597 sizeof(ifra.ifra_prefixmask.sin6_addr)); 1598 1599 /* 1600 * lifetime. 1601 * XXX: in6_init_address_ltimes would override these values later. 1602 * We should reconsider this logic. 1603 */ 1604 ifra.ifra_lifetime.ia6t_vltime = pr->ndpr_vltime; 1605 ifra.ifra_lifetime.ia6t_pltime = pr->ndpr_pltime; 1606 1607 /* XXX: scope zone ID? */ 1608 1609 ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */ 1610 /* 1611 * temporarily set the nopfx flag to avoid conflict. 1612 * XXX: we should reconsider the entire mechanism about prefix 1613 * manipulation. 1614 */ 1615 ifra.ifra_flags |= IN6_IFF_NOPFX; 1616 1617 /* 1618 * keep the new address, regardless of the result of in6_update_ifa. 1619 * XXX: this address is now meaningless. 1620 * We should reconsider its role. 1621 */ 1622 pr->ndpr_addr = ifra.ifra_addr.sin6_addr; 1623 1624 /* allocate ifaddr structure, link into chain, etc. */ 1625 if ((error = in6_update_ifa(ifp, &ifra, NULL)) != 0) { 1626 nd6log((LOG_ERR, 1627 "in6_ifadd: failed to make ifaddr %s on %s (errno=%d)\n", 1628 ip6_sprintf(&ifra.ifra_addr.sin6_addr), if_name(ifp), 1629 error)); 1630 return (NULL); /* ifaddr must not have been allocated. */ 1631 } 1632 1633 ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr); 1634 1635 return (ia); /* this is always non-NULL */ 1636 } 1637 1638 /* 1639 * Parameters: 1640 * ia0: corresponding public address 1641 */ 1642 int 1643 in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen) 1644 { 1645 struct ifnet *ifp = ia0->ia_ifa.ifa_ifp; 1646 struct in6_ifaddr *newia; 1647 struct in6_aliasreq ifra; 1648 int i, error; 1649 int trylimit = 3; /* XXX: adhoc value */ 1650 u_int32_t randid[2]; 1651 time_t vltime0, pltime0; 1652 1653 bzero(&ifra, sizeof(ifra)); 1654 strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name)); 1655 ifra.ifra_addr = ia0->ia_addr; 1656 /* copy prefix mask */ 1657 ifra.ifra_prefixmask = ia0->ia_prefixmask; 1658 /* clear the old IFID */ 1659 for (i = 0; i < 4; i++) { 1660 ifra.ifra_addr.sin6_addr.s6_addr32[i] &= 1661 ifra.ifra_prefixmask.sin6_addr.s6_addr32[i]; 1662 } 1663 1664 again: 1665 in6_get_tmpifid(ifp, (u_int8_t *)randid, 1666 (const u_int8_t *)&ia0->ia_addr.sin6_addr.s6_addr[8], forcegen); 1667 ifra.ifra_addr.sin6_addr.s6_addr32[2] |= 1668 (randid[0] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[2])); 1669 ifra.ifra_addr.sin6_addr.s6_addr32[3] |= 1670 (randid[1] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[3])); 1671 1672 /* 1673 * If by chance the new temporary address is the same as an address 1674 * already assigned to the interface, generate a new randomized 1675 * interface identifier and repeat this step. 1676 * RFC 3041 3.3 (4). 1677 */ 1678 if (in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr) != NULL) { 1679 if (trylimit-- == 0) { 1680 nd6log((LOG_NOTICE, "in6_tmpifadd: failed to find " 1681 "a unique random IFID\n")); 1682 return (EEXIST); 1683 } 1684 forcegen = 1; 1685 goto again; 1686 } 1687 1688 /* 1689 * The Valid Lifetime is the lower of the Valid Lifetime of the 1690 * public address or TEMP_VALID_LIFETIME. 1691 * The Preferred Lifetime is the lower of the Preferred Lifetime 1692 * of the public address or TEMP_PREFERRED_LIFETIME - 1693 * DESYNC_FACTOR. 1694 */ 1695 if (ia0->ia6_lifetime.ia6t_expire != 0) { 1696 vltime0 = IFA6_IS_INVALID(ia0) ? 1697 0 : (ia0->ia6_lifetime.ia6t_expire - time_uptime); 1698 if (vltime0 > ip6_temp_valid_lifetime) 1699 vltime0 = ip6_temp_valid_lifetime; 1700 } else 1701 vltime0 = ip6_temp_valid_lifetime; 1702 if (ia0->ia6_lifetime.ia6t_preferred != 0) { 1703 pltime0 = IFA6_IS_DEPRECATED(ia0) ? 1704 0 : (ia0->ia6_lifetime.ia6t_preferred - time_uptime); 1705 if (pltime0 > ip6_temp_preferred_lifetime - ip6_desync_factor) { 1706 pltime0 = ip6_temp_preferred_lifetime - 1707 ip6_desync_factor; 1708 } 1709 } else 1710 pltime0 = ip6_temp_preferred_lifetime - ip6_desync_factor; 1711 ifra.ifra_lifetime.ia6t_vltime = vltime0; 1712 ifra.ifra_lifetime.ia6t_pltime = pltime0; 1713 1714 /* 1715 * A temporary address is created only if this calculated Preferred 1716 * Lifetime is greater than REGEN_ADVANCE time units. 1717 */ 1718 if (ifra.ifra_lifetime.ia6t_pltime <= ip6_temp_regen_advance) 1719 return (0); 1720 1721 /* XXX: scope zone ID? */ 1722 1723 ifra.ifra_flags |= (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY); 1724 1725 /* allocate ifaddr structure, link into chain, etc. */ 1726 if ((error = in6_update_ifa(ifp, &ifra, NULL)) != 0) 1727 return (error); 1728 1729 newia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr); 1730 if (newia == NULL) { /* XXX: can it happen? */ 1731 nd6log((LOG_ERR, 1732 "in6_tmpifadd: ifa update succeeded, but we got " 1733 "no ifaddr\n")); 1734 return (EINVAL); /* XXX */ 1735 } 1736 newia->ia6_ndpr = ia0->ia6_ndpr; 1737 newia->ia6_ndpr->ndpr_refcnt++; 1738 1739 return (0); 1740 } 1741 1742 int 1743 in6_init_prefix_ltimes(struct nd_prefix *ndpr) 1744 { 1745 /* check if preferred lifetime > valid lifetime. RFC2462 5.5.3 (c) */ 1746 if (ndpr->ndpr_pltime > ndpr->ndpr_vltime) { 1747 nd6log((LOG_INFO, "in6_init_prefix_ltimes: preferred lifetime" 1748 "(%d) is greater than valid lifetime(%d)\n", 1749 (u_int)ndpr->ndpr_pltime, (u_int)ndpr->ndpr_vltime)); 1750 return (EINVAL); 1751 } 1752 if (ndpr->ndpr_pltime == ND6_INFINITE_LIFETIME) 1753 ndpr->ndpr_preferred = 0; 1754 else 1755 ndpr->ndpr_preferred = time_uptime + ndpr->ndpr_pltime; 1756 if (ndpr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1757 ndpr->ndpr_expire = 0; 1758 else 1759 ndpr->ndpr_expire = time_uptime + ndpr->ndpr_vltime; 1760 1761 return 0; 1762 } 1763 1764 static void 1765 in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6) 1766 { 1767 /* init ia6t_expire */ 1768 if (lt6->ia6t_vltime == ND6_INFINITE_LIFETIME) 1769 lt6->ia6t_expire = 0; 1770 else { 1771 lt6->ia6t_expire = time_uptime; 1772 lt6->ia6t_expire += lt6->ia6t_vltime; 1773 } 1774 1775 /* init ia6t_preferred */ 1776 if (lt6->ia6t_pltime == ND6_INFINITE_LIFETIME) 1777 lt6->ia6t_preferred = 0; 1778 else { 1779 lt6->ia6t_preferred = time_uptime; 1780 lt6->ia6t_preferred += lt6->ia6t_pltime; 1781 } 1782 } 1783 1784 /* 1785 * Delete all the routing table entries that use the specified gateway. 1786 * 1787 * XXX: this function causes search through all entries of routing table, so 1788 * it shouldn't be called when acting as a router. 1789 */ 1790 void 1791 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp) 1792 { 1793 struct radix_node_head *rnh = rt_tables[mycpuid][AF_INET6]; 1794 1795 /* We'll care only link-local addresses */ 1796 if (!IN6_IS_ADDR_LINKLOCAL(gateway)) 1797 return; 1798 /* XXX: hack for KAME's link-local address kludge */ 1799 gateway->s6_addr16[1] = htons(ifp->if_index); 1800 1801 rnh->rnh_walktree(rnh, rt6_deleteroute, (void *)gateway); 1802 } 1803 1804 static int 1805 rt6_deleteroute(struct radix_node *rn, void *arg) 1806 { 1807 #define SIN6(s) ((struct sockaddr_in6 *)s) 1808 struct rtentry *rt = (struct rtentry *)rn; 1809 struct in6_addr *gate = (struct in6_addr *)arg; 1810 1811 if (rt->rt_gateway == NULL || rt->rt_gateway->sa_family != AF_INET6) 1812 return (0); 1813 1814 if (!IN6_ARE_ADDR_EQUAL(gate, &SIN6(rt->rt_gateway)->sin6_addr)) 1815 return (0); 1816 1817 /* 1818 * Do not delete a static route. 1819 * XXX: this seems to be a bit ad-hoc. Should we consider the 1820 * 'cloned' bit instead? 1821 */ 1822 if (rt->rt_flags & RTF_STATIC) 1823 return (0); 1824 1825 /* 1826 * We delete only host route. This means, in particular, we don't 1827 * delete default route. 1828 */ 1829 if (!(rt->rt_flags & RTF_HOST)) 1830 return (0); 1831 1832 return (rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway, rt_mask(rt), 1833 rt->rt_flags, 0)); 1834 #undef SIN6 1835 } 1836 1837 int 1838 nd6_setdefaultiface(int ifindex) 1839 { 1840 int error = 0; 1841 1842 if (ifindex < 0 || if_index < ifindex) 1843 return (EINVAL); 1844 1845 if (nd6_defifindex != ifindex) { 1846 nd6_defifindex = ifindex; 1847 if (nd6_defifindex > 0) 1848 nd6_defifp = ifindex2ifnet[nd6_defifindex]; 1849 else 1850 nd6_defifp = NULL; 1851 1852 /* 1853 * If the Default Router List is empty, install a route 1854 * to the specified interface as default or remove the default 1855 * route when the default interface becomes canceled. 1856 * The check for the queue is actually redundant, but 1857 * we do this here to avoid re-install the default route 1858 * if the list is NOT empty. 1859 */ 1860 if (TAILQ_FIRST(&nd_defrouter) == NULL) 1861 defrouter_select(); 1862 1863 /* 1864 * Our current implementation assumes one-to-one maping between 1865 * interfaces and links, so it would be natural to use the 1866 * default interface as the default link. 1867 */ 1868 scope6_setdefault(nd6_defifp); 1869 } 1870 1871 return (error); 1872 } 1873