1 /* $OpenBSD: nd6.c,v 1.282 2024/07/14 18:53:39 bluhm Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 #include <sys/errno.h> 44 #include <sys/ioctl.h> 45 #include <sys/syslog.h> 46 #include <sys/queue.h> 47 #include <sys/stdint.h> 48 #include <sys/task.h> 49 50 #include <net/if.h> 51 #include <net/if_dl.h> 52 #include <net/if_types.h> 53 #include <net/route.h> 54 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_ipsp.h> 58 59 #include <netinet6/in6_var.h> 60 #include <netinet/ip6.h> 61 #include <netinet6/ip6_var.h> 62 #include <netinet6/nd6.h> 63 #include <netinet/icmp6.h> 64 65 /* 66 * Locks used to protect struct members in this file: 67 * a atomic operations 68 * I immutable after creation 69 * K kernel lock 70 * m nd6 mutex, needed when net lock is shared 71 * N net lock 72 */ 73 74 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 75 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 76 77 /* timer values */ 78 int nd6_timer_next = -1; /* at which uptime nd6_timer runs */ 79 time_t nd6_expire_next = -1; /* at which uptime nd6_expire runs */ 80 int nd6_delay = 5; /* delay first probe time 5 second */ 81 int nd6_umaxtries = 3; /* maximum unicast query */ 82 int nd6_mmaxtries = 3; /* maximum multicast query */ 83 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 84 85 /* preventing too many loops in ND option parsing */ 86 int nd6_maxndopt = 10; /* max # of ND options allowed */ 87 88 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 89 90 #ifdef ND6_DEBUG 91 int nd6_debug = 1; 92 #else 93 int nd6_debug = 0; 94 #endif 95 96 /* llinfo_nd6 live time, rt_llinfo and RTF_LLINFO are protected by nd6_mtx */ 97 struct mutex nd6_mtx = MUTEX_INITIALIZER(IPL_SOFTNET); 98 99 TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list = 100 TAILQ_HEAD_INITIALIZER(nd6_list); /* [mN] list of llinfo_nd6 structures */ 101 struct pool nd6_pool; /* [I] pool for llinfo_nd6 structures */ 102 int nd6_inuse; /* [m] limit neigbor discovery routes */ 103 unsigned int ln_hold_total; /* [a] packets currently in the nd6 queue */ 104 105 void nd6_timer(void *); 106 void nd6_slowtimo(void *); 107 void nd6_expire(void *); 108 void nd6_expire_timer(void *); 109 void nd6_invalidate(struct rtentry *); 110 void nd6_free(struct rtentry *, int); 111 int nd6_llinfo_timer(struct rtentry *, int); 112 113 struct timeout nd6_timer_to; 114 struct timeout nd6_slowtimo_ch; 115 struct timeout nd6_expire_timeout; 116 struct task nd6_expire_task; 117 118 void 119 nd6_init(void) 120 { 121 pool_init(&nd6_pool, sizeof(struct llinfo_nd6), 0, 122 IPL_SOFTNET, 0, "nd6", NULL); 123 124 task_set(&nd6_expire_task, nd6_expire, NULL); 125 126 /* start timer */ 127 timeout_set_proc(&nd6_timer_to, nd6_timer, NULL); 128 timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 129 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 130 timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); 131 } 132 133 void 134 nd6_ifattach(struct ifnet *ifp) 135 { 136 struct nd_ifinfo *nd; 137 138 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 139 140 nd->reachable = ND_COMPUTE_RTIME(REACHABLE_TIME); 141 142 ifp->if_nd = nd; 143 } 144 145 void 146 nd6_ifdetach(struct ifnet *ifp) 147 { 148 struct nd_ifinfo *nd = ifp->if_nd; 149 150 free(nd, M_IP6NDP, sizeof(*nd)); 151 } 152 153 /* 154 * Parse multiple ND options. 155 * This function is much easier to use, for ND routines that do not need 156 * multiple options of the same type. 157 */ 158 int 159 nd6_options(void *opt, int icmp6len, struct nd_opts *ndopts) 160 { 161 struct nd_opt_hdr *nd_opt, *next_opt, *last_opt; 162 int i = 0; 163 164 bzero(ndopts, sizeof(*ndopts)); 165 166 if (icmp6len == 0) 167 return 0; 168 169 next_opt = opt; 170 last_opt = (struct nd_opt_hdr *)((u_char *)opt + icmp6len); 171 172 while (next_opt != NULL) { 173 int olen; 174 175 nd_opt = next_opt; 176 177 /* make sure nd_opt_len is inside the buffer */ 178 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)last_opt) 179 goto invalid; 180 181 /* every option must have a length greater than zero */ 182 olen = nd_opt->nd_opt_len << 3; 183 if (olen == 0) 184 goto invalid; 185 186 next_opt = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 187 if (next_opt > last_opt) { 188 /* option overruns the end of buffer */ 189 goto invalid; 190 } else if (next_opt == last_opt) { 191 /* reached the end of options chain */ 192 next_opt = NULL; 193 } 194 195 switch (nd_opt->nd_opt_type) { 196 case ND_OPT_SOURCE_LINKADDR: 197 if (ndopts->nd_opts_src_lladdr != NULL) 198 nd6log((LOG_INFO, "duplicated ND6 option found " 199 "(type=%d)\n", nd_opt->nd_opt_type)); 200 else 201 ndopts->nd_opts_src_lladdr = nd_opt; 202 break; 203 case ND_OPT_TARGET_LINKADDR: 204 if (ndopts->nd_opts_tgt_lladdr != NULL) 205 nd6log((LOG_INFO, "duplicated ND6 option found " 206 "(type=%d)\n", nd_opt->nd_opt_type)); 207 else 208 ndopts->nd_opts_tgt_lladdr = nd_opt; 209 break; 210 case ND_OPT_MTU: 211 case ND_OPT_REDIRECTED_HEADER: 212 case ND_OPT_PREFIX_INFORMATION: 213 case ND_OPT_DNSSL: 214 case ND_OPT_RDNSS: 215 /* Don't warn, not used by kernel */ 216 break; 217 default: 218 /* 219 * Unknown options must be silently ignored, 220 * to accommodate future extension to the protocol. 221 */ 222 nd6log((LOG_DEBUG, 223 "nd6_options: unsupported option %d - " 224 "option ignored\n", nd_opt->nd_opt_type)); 225 break; 226 } 227 228 i++; 229 if (i > nd6_maxndopt) { 230 icmp6stat_inc(icp6s_nd_toomanyopt); 231 nd6log((LOG_INFO, "too many loop in nd opt\n")); 232 break; 233 } 234 } 235 236 return 0; 237 238 invalid: 239 bzero(ndopts, sizeof(*ndopts)); 240 icmp6stat_inc(icp6s_nd_badopt); 241 return -1; 242 } 243 244 /* 245 * ND6 timer routine to handle ND6 entries 246 */ 247 void 248 nd6_llinfo_settimer(const struct llinfo_nd6 *ln, unsigned int secs) 249 { 250 time_t expire = getuptime() + secs; 251 252 NET_ASSERT_LOCKED(); 253 KASSERT(!ISSET(ln->ln_rt->rt_flags, RTF_LOCAL)); 254 255 ln->ln_rt->rt_expire = expire; 256 if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { 257 nd6_timer_next = expire; 258 timeout_add_sec(&nd6_timer_to, secs); 259 } 260 } 261 262 void 263 nd6_timer(void *unused) 264 { 265 struct llinfo_nd6 *ln, *nln; 266 time_t uptime, expire; 267 int i_am_router = (atomic_load_int(&ip6_forwarding) != 0); 268 int secs; 269 270 NET_LOCK(); 271 272 uptime = getuptime(); 273 expire = uptime + nd6_gctimer; 274 275 /* Net lock is exclusive, no nd6 mutex needed for nd6_list here. */ 276 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 277 struct rtentry *rt = ln->ln_rt; 278 279 if (rt->rt_expire && rt->rt_expire <= uptime) 280 if (nd6_llinfo_timer(rt, i_am_router)) 281 continue; 282 283 if (rt->rt_expire && rt->rt_expire < expire) 284 expire = rt->rt_expire; 285 } 286 287 secs = expire - uptime; 288 if (secs < 0) 289 secs = 0; 290 if (!TAILQ_EMPTY(&nd6_list)) { 291 nd6_timer_next = uptime + secs; 292 timeout_add_sec(&nd6_timer_to, secs); 293 } 294 295 NET_UNLOCK(); 296 } 297 298 /* 299 * ND timer state handling. 300 * 301 * Returns 1 if `rt' should no longer be used, 0 otherwise. 302 */ 303 int 304 nd6_llinfo_timer(struct rtentry *rt, int i_am_router) 305 { 306 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 307 struct sockaddr_in6 *dst = satosin6(rt_key(rt)); 308 struct ifnet *ifp; 309 310 NET_ASSERT_LOCKED_EXCLUSIVE(); 311 312 if ((ifp = if_get(rt->rt_ifidx)) == NULL) 313 return 1; 314 315 switch (ln->ln_state) { 316 case ND6_LLINFO_INCOMPLETE: 317 if (ln->ln_asked < nd6_mmaxtries) { 318 ln->ln_asked++; 319 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 320 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 321 &ln->ln_saddr6, 0); 322 } else { 323 struct mbuf_list ml; 324 struct mbuf *m; 325 unsigned int len; 326 327 mq_delist(&ln->ln_mq, &ml); 328 len = ml_len(&ml); 329 while ((m = ml_dequeue(&ml)) != NULL) { 330 /* 331 * Fake rcvif to make the ICMP error 332 * more helpful in diagnosing for the 333 * receiver. 334 * XXX: should we consider older rcvif? 335 */ 336 m->m_pkthdr.ph_ifidx = rt->rt_ifidx; 337 338 icmp6_error(m, ICMP6_DST_UNREACH, 339 ICMP6_DST_UNREACH_ADDR, 0); 340 } 341 342 /* XXXSMP we also discard if other CPU enqueues */ 343 if (mq_len(&ln->ln_mq) > 0) { 344 /* mbuf is back in queue. Discard. */ 345 atomic_sub_int(&ln_hold_total, 346 len + mq_purge(&ln->ln_mq)); 347 } else 348 atomic_sub_int(&ln_hold_total, len); 349 350 nd6_free(rt, i_am_router); 351 ln = NULL; 352 } 353 break; 354 355 case ND6_LLINFO_REACHABLE: 356 if (!ND6_LLINFO_PERMANENT(ln)) { 357 ln->ln_state = ND6_LLINFO_STALE; 358 nd6_llinfo_settimer(ln, nd6_gctimer); 359 } 360 break; 361 362 case ND6_LLINFO_STALE: 363 case ND6_LLINFO_PURGE: 364 /* Garbage Collection(RFC 2461 5.3) */ 365 if (!ND6_LLINFO_PERMANENT(ln)) { 366 nd6_free(rt, i_am_router); 367 ln = NULL; 368 } 369 break; 370 371 case ND6_LLINFO_DELAY: 372 /* We need NUD */ 373 ln->ln_asked = 1; 374 ln->ln_state = ND6_LLINFO_PROBE; 375 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 376 nd6_ns_output(ifp, &dst->sin6_addr, &dst->sin6_addr, 377 &ln->ln_saddr6, 0); 378 break; 379 380 case ND6_LLINFO_PROBE: 381 if (ln->ln_asked < nd6_umaxtries) { 382 ln->ln_asked++; 383 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 384 nd6_ns_output(ifp, &dst->sin6_addr, &dst->sin6_addr, 385 &ln->ln_saddr6, 0); 386 } else { 387 nd6_free(rt, i_am_router); 388 ln = NULL; 389 } 390 break; 391 } 392 393 if_put(ifp); 394 395 return (ln == NULL); 396 } 397 398 void 399 nd6_expire_timer_update(struct in6_ifaddr *ia6) 400 { 401 time_t expire_time = INT64_MAX; 402 403 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) 404 expire_time = ia6->ia6_lifetime.ia6t_expire; 405 406 if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && 407 ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && 408 expire_time > ia6->ia6_lifetime.ia6t_preferred) 409 expire_time = ia6->ia6_lifetime.ia6t_preferred; 410 411 if (expire_time == INT64_MAX) 412 return; 413 414 /* 415 * IFA6_IS_INVALID() and IFA6_IS_DEPRECATED() check for uptime 416 * greater than ia6t_expire or ia6t_preferred, not greater or equal. 417 * Schedule timeout one second later so that either IFA6_IS_INVALID() 418 * or IFA6_IS_DEPRECATED() is true. 419 */ 420 expire_time++; 421 422 if (!timeout_pending(&nd6_expire_timeout) || 423 nd6_expire_next > expire_time) { 424 int secs; 425 426 secs = expire_time - getuptime(); 427 if (secs < 0) 428 secs = 0; 429 430 timeout_add_sec(&nd6_expire_timeout, secs); 431 nd6_expire_next = expire_time; 432 } 433 } 434 435 /* 436 * Expire interface addresses. 437 */ 438 void 439 nd6_expire(void *unused) 440 { 441 struct ifnet *ifp; 442 443 NET_LOCK(); 444 445 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 446 struct ifaddr *ifa, *nifa; 447 struct in6_ifaddr *ia6; 448 449 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrlist, ifa_list, nifa) { 450 if (ifa->ifa_addr->sa_family != AF_INET6) 451 continue; 452 ia6 = ifatoia6(ifa); 453 /* check address lifetime */ 454 if (IFA6_IS_INVALID(ia6)) { 455 in6_purgeaddr(&ia6->ia_ifa); 456 } else { 457 if (IFA6_IS_DEPRECATED(ia6)) 458 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 459 nd6_expire_timer_update(ia6); 460 } 461 } 462 } 463 464 NET_UNLOCK(); 465 } 466 467 void 468 nd6_expire_timer(void *unused) 469 { 470 task_add(net_tq(0), &nd6_expire_task); 471 } 472 473 /* 474 * Nuke neighbor cache/prefix/default router management table, right before 475 * ifp goes away. 476 */ 477 void 478 nd6_purge(struct ifnet *ifp) 479 { 480 struct llinfo_nd6 *ln, *nln; 481 int i_am_router = (atomic_load_int(&ip6_forwarding) != 0); 482 483 NET_ASSERT_LOCKED_EXCLUSIVE(); 484 485 /* 486 * Nuke neighbor cache entries for the ifp. 487 */ 488 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 489 struct rtentry *rt; 490 struct sockaddr_dl *sdl; 491 492 rt = ln->ln_rt; 493 if (rt != NULL && rt->rt_gateway != NULL && 494 rt->rt_gateway->sa_family == AF_LINK) { 495 sdl = satosdl(rt->rt_gateway); 496 if (sdl->sdl_index == ifp->if_index) 497 nd6_free(rt, i_am_router); 498 } 499 } 500 } 501 502 struct rtentry * 503 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp, 504 u_int rtableid) 505 { 506 struct rtentry *rt; 507 struct sockaddr_in6 sin6; 508 int flags; 509 510 bzero(&sin6, sizeof(sin6)); 511 sin6.sin6_len = sizeof(struct sockaddr_in6); 512 sin6.sin6_family = AF_INET6; 513 sin6.sin6_addr = *addr6; 514 flags = (create) ? RT_RESOLVE : 0; 515 516 rt = rtalloc(sin6tosa(&sin6), flags, rtableid); 517 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 518 /* 519 * This is the case for the default route. 520 * If we want to create a neighbor cache for the address, we 521 * should free the route for the destination and allocate an 522 * interface route. 523 */ 524 if (create) { 525 rtfree(rt); 526 rt = NULL; 527 } 528 } 529 if (rt == NULL) { 530 if (create && ifp) { 531 struct rt_addrinfo info; 532 struct llinfo_nd6 *ln; 533 struct ifaddr *ifa; 534 int error; 535 536 /* 537 * If no route is available and create is set, 538 * we allocate a host route for the destination 539 * and treat it like an interface route. 540 * This hack is necessary for a neighbor which can't 541 * be covered by our own prefix. 542 */ 543 ifa = ifaof_ifpforaddr(sin6tosa(&sin6), ifp); 544 if (ifa == NULL) 545 return (NULL); 546 547 /* 548 * Create a new route. RTF_LLINFO is necessary 549 * to create a Neighbor Cache entry for the 550 * destination in nd6_rtrequest which will be 551 * called in rtrequest. 552 */ 553 bzero(&info, sizeof(info)); 554 info.rti_ifa = ifa; 555 info.rti_flags = RTF_HOST | RTF_LLINFO; 556 info.rti_info[RTAX_DST] = sin6tosa(&sin6); 557 info.rti_info[RTAX_GATEWAY] = sdltosa(ifp->if_sadl); 558 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, &rt, 559 rtableid); 560 if (error) 561 return (NULL); 562 mtx_enter(&nd6_mtx); 563 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 564 if (ln != NULL) 565 ln->ln_state = ND6_LLINFO_NOSTATE; 566 mtx_leave(&nd6_mtx); 567 } else 568 return (NULL); 569 } 570 /* 571 * Validation for the entry. 572 * Note that the check for rt_llinfo is necessary because a cloned 573 * route from a parent route that has the L flag (e.g. the default 574 * route to a p2p interface) may have the flag, too, while the 575 * destination is not actually a neighbor. 576 */ 577 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 578 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 579 (ifp != NULL && rt->rt_ifidx != ifp->if_index)) { 580 if (create) { 581 char addr[INET6_ADDRSTRLEN]; 582 nd6log((LOG_DEBUG, "%s: failed to lookup %s (if=%s)\n", 583 __func__, 584 inet_ntop(AF_INET6, addr6, addr, sizeof(addr)), 585 ifp ? ifp->if_xname : "unspec")); 586 } 587 rtfree(rt); 588 return (NULL); 589 } 590 return (rt); 591 } 592 593 /* 594 * Detect if a given IPv6 address identifies a neighbor on a given link. 595 * XXX: should take care of the destination of a p2p link? 596 */ 597 int 598 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 599 { 600 struct in6_ifaddr *ia6; 601 struct ifaddr *ifa; 602 struct rtentry *rt; 603 604 /* 605 * A link-local address is always a neighbor. 606 * XXX: we should use the sin6_scope_id field rather than the embedded 607 * interface index. 608 * XXX: a link does not necessarily specify a single interface. 609 */ 610 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 611 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 612 return (1); 613 614 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 615 if (ifa->ifa_addr->sa_family != AF_INET6) 616 continue; 617 618 ia6 = ifatoia6(ifa); 619 620 /* Prefix check down below. */ 621 if (ia6->ia6_flags & IN6_IFF_AUTOCONF) 622 continue; 623 624 if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr, 625 &ia6->ia_addr.sin6_addr, 626 &ia6->ia_prefixmask.sin6_addr)) 627 return (1); 628 } 629 630 /* 631 * Even if the address matches none of our addresses, it might be 632 * in the neighbor cache. 633 */ 634 rt = nd6_lookup(&addr->sin6_addr, 0, ifp, ifp->if_rdomain); 635 if (rt != NULL) { 636 rtfree(rt); 637 return (1); 638 } 639 640 return (0); 641 } 642 643 void 644 nd6_invalidate(struct rtentry *rt) 645 { 646 struct llinfo_nd6 *ln; 647 struct sockaddr_dl *sdl = satosdl(rt->rt_gateway); 648 649 mtx_enter(&nd6_mtx); 650 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 651 if (ln == NULL) { 652 mtx_leave(&nd6_mtx); 653 return; 654 } 655 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq)); 656 sdl->sdl_alen = 0; 657 ln->ln_state = ND6_LLINFO_INCOMPLETE; 658 ln->ln_asked = 0; 659 mtx_leave(&nd6_mtx); 660 } 661 662 /* 663 * Free an nd6 llinfo entry. 664 */ 665 void 666 nd6_free(struct rtentry *rt, int i_am_router) 667 { 668 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 669 struct in6_addr in6 = satosin6(rt_key(rt))->sin6_addr; 670 struct ifnet *ifp; 671 672 NET_ASSERT_LOCKED_EXCLUSIVE(); 673 674 ifp = if_get(rt->rt_ifidx); 675 676 if (!i_am_router) { 677 if (ln->ln_router) { 678 /* 679 * rt6_flush must be called whether or not the neighbor 680 * is in the Default Router List. 681 * See a corresponding comment in nd6_na_input(). 682 */ 683 rt6_flush(&in6, ifp); 684 } 685 } 686 687 KASSERT(!ISSET(rt->rt_flags, RTF_LOCAL)); 688 nd6_invalidate(rt); 689 690 /* 691 * Detach the route from the routing tree and the list of neighbor 692 * caches, and disable the route entry not to be used in already 693 * cached routes. 694 */ 695 if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) 696 rtdeletemsg(rt, ifp, ifp->if_rdomain); 697 698 if_put(ifp); 699 } 700 701 /* 702 * Upper-layer reachability hint for Neighbor Unreachability Detection. 703 * 704 * XXX cost-effective methods? 705 */ 706 void 707 nd6_nud_hint(struct rtentry *rt) 708 { 709 struct llinfo_nd6 *ln; 710 struct ifnet *ifp; 711 712 NET_ASSERT_LOCKED_EXCLUSIVE(); 713 714 ifp = if_get(rt->rt_ifidx); 715 if (ifp == NULL) 716 return; 717 718 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 719 (rt->rt_flags & RTF_LLINFO) == 0 || 720 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 721 rt->rt_gateway->sa_family != AF_LINK) { 722 /* This is not a host route. */ 723 goto out; 724 } 725 726 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 727 if (ln->ln_state < ND6_LLINFO_REACHABLE) 728 goto out; 729 730 /* 731 * if we get upper-layer reachability confirmation many times, 732 * it is possible we have false information. 733 */ 734 ln->ln_byhint++; 735 if (ln->ln_byhint > nd6_maxnudhint) 736 goto out; 737 738 ln->ln_state = ND6_LLINFO_REACHABLE; 739 if (!ND6_LLINFO_PERMANENT(ln)) 740 nd6_llinfo_settimer(ln, ifp->if_nd->reachable); 741 out: 742 if_put(ifp); 743 } 744 745 void 746 nd6_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 747 { 748 struct sockaddr *gate = rt->rt_gateway; 749 struct llinfo_nd6 *ln; 750 struct ifaddr *ifa; 751 struct in6_ifaddr *ifa6; 752 753 if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS)) 754 return; 755 756 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 757 /* 758 * This is probably an interface direct route for a link 759 * which does not need neighbor caches (e.g. fe80::%lo0/64). 760 * We do not need special treatment below for such a route. 761 * Moreover, the RTF_LLINFO flag which would be set below 762 * would annoy the ndp(8) command. 763 */ 764 return; 765 } 766 767 if (req == RTM_RESOLVE && nd6_need_cache(ifp) == 0) { 768 /* 769 * For routing daemons like ospf6d we allow neighbor discovery 770 * based on the cloning route only. This allows us to send 771 * packets directly into a network without having an address 772 * with matching prefix on the interface. If the cloning 773 * route is used for an 6to4 interface, we would mistakenly 774 * make a neighbor cache for the host route, and would see 775 * strange neighbor solicitation for the corresponding 776 * destination. In order to avoid confusion, we check if the 777 * interface is suitable for neighbor discovery, and stop the 778 * process if not. Additionally, we remove the LLINFO flag 779 * so that ndp(8) will not try to get the neighbor information 780 * of the destination. 781 */ 782 rt->rt_flags &= ~RTF_LLINFO; 783 return; 784 } 785 786 switch (req) { 787 case RTM_ADD: 788 if (rt->rt_flags & RTF_CLONING) { 789 rt->rt_expire = 0; 790 break; 791 } 792 if ((rt->rt_flags & RTF_LOCAL) && rt->rt_llinfo == NULL) 793 rt->rt_expire = 0; 794 /* FALLTHROUGH */ 795 case RTM_RESOLVE: 796 if (gate->sa_family != AF_LINK || 797 gate->sa_len < sizeof(struct sockaddr_dl)) { 798 log(LOG_DEBUG, "%s: bad gateway value: %s\n", 799 __func__, ifp->if_xname); 800 break; 801 } 802 satosdl(gate)->sdl_type = ifp->if_type; 803 satosdl(gate)->sdl_index = ifp->if_index; 804 /* 805 * Case 2: This route may come from cloning, or a manual route 806 * add with a LL address. 807 */ 808 ln = pool_get(&nd6_pool, PR_NOWAIT | PR_ZERO); 809 if (ln == NULL) { 810 log(LOG_DEBUG, "%s: pool get failed\n", __func__); 811 break; 812 } 813 814 mtx_enter(&nd6_mtx); 815 if (rt->rt_llinfo != NULL) { 816 /* we lost the race, another thread has entered it */ 817 mtx_leave(&nd6_mtx); 818 pool_put(&nd6_pool, ln); 819 break; 820 } 821 nd6_inuse++; 822 mq_init(&ln->ln_mq, LN_HOLD_QUEUE, IPL_SOFTNET); 823 rt->rt_llinfo = (caddr_t)ln; 824 ln->ln_rt = rt; 825 rt->rt_flags |= RTF_LLINFO; 826 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 827 /* this is required for "ndp" command. - shin */ 828 if (req == RTM_ADD) { 829 /* 830 * gate should have some valid AF_LINK entry, 831 * and ln expire should have some lifetime 832 * which is specified by ndp command. 833 */ 834 ln->ln_state = ND6_LLINFO_REACHABLE; 835 ln->ln_byhint = 0; 836 } else { 837 /* 838 * When req == RTM_RESOLVE, rt is created and 839 * initialized in rtrequest(), so rt_expire is 0. 840 */ 841 ln->ln_state = ND6_LLINFO_NOSTATE; 842 nd6_llinfo_settimer(ln, 0); 843 } 844 845 /* 846 * If we have too many cache entries, initiate immediate 847 * purging for some "less recently used" entries. Note that 848 * we cannot directly call nd6_free() here because it would 849 * cause re-entering rtable related routines triggering 850 * lock-order-reversal problems. 851 */ 852 if (ip6_neighborgcthresh >= 0 && 853 nd6_inuse >= ip6_neighborgcthresh) { 854 int i; 855 856 for (i = 0; i < 10; i++) { 857 struct llinfo_nd6 *ln_end; 858 859 ln_end = TAILQ_LAST(&nd6_list, llinfo_nd6_head); 860 if (ln_end == ln) 861 break; 862 863 /* Move this entry to the head */ 864 TAILQ_REMOVE(&nd6_list, ln_end, ln_list); 865 TAILQ_INSERT_HEAD(&nd6_list, ln_end, ln_list); 866 867 if (ND6_LLINFO_PERMANENT(ln_end)) 868 continue; 869 870 if (ln_end->ln_state > ND6_LLINFO_INCOMPLETE) 871 ln_end->ln_state = ND6_LLINFO_STALE; 872 else 873 ln_end->ln_state = ND6_LLINFO_PURGE; 874 nd6_llinfo_settimer(ln_end, 0); 875 } 876 } 877 878 /* 879 * check if rt_key(rt) is one of my address assigned 880 * to the interface. 881 */ 882 ifa6 = in6ifa_ifpwithaddr(ifp, 883 &satosin6(rt_key(rt))->sin6_addr); 884 ifa = ifa6 ? &ifa6->ia_ifa : NULL; 885 if (ifa != NULL || 886 (rt->rt_flags & RTF_ANNOUNCE)) { 887 ln->ln_state = ND6_LLINFO_REACHABLE; 888 ln->ln_byhint = 0; 889 rt->rt_expire = 0; 890 } 891 mtx_leave(&nd6_mtx); 892 893 /* join solicited node multicast for proxy ND */ 894 if (ifa == NULL && 895 (rt->rt_flags & RTF_ANNOUNCE) && 896 (ifp->if_flags & IFF_MULTICAST)) { 897 struct in6_addr llsol; 898 int error; 899 900 llsol = satosin6(rt_key(rt))->sin6_addr; 901 llsol.s6_addr16[0] = htons(0xff02); 902 llsol.s6_addr16[1] = htons(ifp->if_index); 903 llsol.s6_addr32[1] = 0; 904 llsol.s6_addr32[2] = htonl(1); 905 llsol.s6_addr8[12] = 0xff; 906 907 KERNEL_LOCK(); 908 if (in6_addmulti(&llsol, ifp, &error)) { 909 char addr[INET6_ADDRSTRLEN]; 910 nd6log((LOG_ERR, "%s: failed to join " 911 "%s (errno=%d)\n", ifp->if_xname, 912 inet_ntop(AF_INET6, &llsol, 913 addr, sizeof(addr)), 914 error)); 915 } 916 KERNEL_UNLOCK(); 917 } 918 break; 919 920 case RTM_DELETE: 921 mtx_enter(&nd6_mtx); 922 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 923 if (ln == NULL) { 924 /* we lost the race, another thread has removed it */ 925 mtx_leave(&nd6_mtx); 926 break; 927 } 928 nd6_inuse--; 929 TAILQ_REMOVE(&nd6_list, ln, ln_list); 930 rt->rt_expire = 0; 931 rt->rt_llinfo = NULL; 932 rt->rt_flags &= ~RTF_LLINFO; 933 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq)); 934 mtx_leave(&nd6_mtx); 935 936 pool_put(&nd6_pool, ln); 937 938 /* leave from solicited node multicast for proxy ND */ 939 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 940 (ifp->if_flags & IFF_MULTICAST) != 0) { 941 struct in6_addr llsol; 942 struct in6_multi *in6m; 943 944 llsol = satosin6(rt_key(rt))->sin6_addr; 945 llsol.s6_addr16[0] = htons(0xff02); 946 llsol.s6_addr16[1] = htons(ifp->if_index); 947 llsol.s6_addr32[1] = 0; 948 llsol.s6_addr32[2] = htonl(1); 949 llsol.s6_addr8[12] = 0xff; 950 951 KERNEL_LOCK(); 952 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 953 if (in6m) 954 in6_delmulti(in6m); 955 KERNEL_UNLOCK(); 956 } 957 break; 958 959 case RTM_INVALIDATE: 960 if (!ISSET(rt->rt_flags, RTF_LOCAL)) 961 nd6_invalidate(rt); 962 break; 963 } 964 } 965 966 int 967 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 968 { 969 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 970 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 971 struct rtentry *rt; 972 973 switch (cmd) { 974 case SIOCGIFINFO_IN6: 975 NET_LOCK_SHARED(); 976 ndi->ndi = *ifp->if_nd; 977 NET_UNLOCK_SHARED(); 978 return (0); 979 case SIOCGNBRINFO_IN6: 980 { 981 struct llinfo_nd6 *ln; 982 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 983 time_t expire; 984 985 NET_LOCK_SHARED(); 986 /* 987 * XXX: KAME specific hack for scoped addresses 988 * XXXX: for other scopes than link-local? 989 */ 990 if (IN6_IS_ADDR_LINKLOCAL(&nb_addr) || 991 IN6_IS_ADDR_MC_LINKLOCAL(&nb_addr)) { 992 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 993 994 if (*idp == 0) 995 *idp = htons(ifp->if_index); 996 } 997 998 rt = nd6_lookup(&nb_addr, 0, ifp, ifp->if_rdomain); 999 mtx_enter(&nd6_mtx); 1000 if (rt == NULL || 1001 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 1002 mtx_leave(&nd6_mtx); 1003 rtfree(rt); 1004 NET_UNLOCK_SHARED(); 1005 return (EINVAL); 1006 } 1007 expire = ln->ln_rt->rt_expire; 1008 if (expire != 0) { 1009 expire -= getuptime(); 1010 expire += gettime(); 1011 } 1012 1013 nbi->state = ln->ln_state; 1014 nbi->asked = ln->ln_asked; 1015 nbi->isrouter = ln->ln_router; 1016 nbi->expire = expire; 1017 mtx_leave(&nd6_mtx); 1018 1019 rtfree(rt); 1020 NET_UNLOCK_SHARED(); 1021 return (0); 1022 } 1023 } 1024 return (0); 1025 } 1026 1027 /* 1028 * Create neighbor cache entry and cache link-layer address, 1029 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1030 * 1031 * type - ICMP6 type 1032 * code - type dependent information 1033 */ 1034 void 1035 nd6_cache_lladdr(struct ifnet *ifp, const struct in6_addr *from, char *lladdr, 1036 int lladdrlen, int type, int code, int i_am_router) 1037 { 1038 struct rtentry *rt; 1039 struct llinfo_nd6 *ln; 1040 int is_newentry; 1041 struct sockaddr_dl *sdl; 1042 int do_update; 1043 int olladdr; 1044 int llchange; 1045 int newstate = 0; 1046 1047 NET_ASSERT_LOCKED_EXCLUSIVE(); 1048 1049 if (!ifp) 1050 panic("%s: ifp == NULL", __func__); 1051 if (!from) 1052 panic("%s: from == NULL", __func__); 1053 1054 /* nothing must be updated for unspecified address */ 1055 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1056 return; 1057 1058 /* 1059 * Validation about ifp->if_addrlen and lladdrlen must be done in 1060 * the caller. 1061 * 1062 * XXX If the link does not have link-layer address, what should 1063 * we do? (ifp->if_addrlen == 0) 1064 * Spec says nothing in sections for RA, RS and NA. There's small 1065 * description on it in NS section (RFC 2461 7.2.3). 1066 */ 1067 1068 rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); 1069 if (rt == NULL) { 1070 rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); 1071 is_newentry = 1; 1072 } else { 1073 /* do not overwrite local or static entry */ 1074 if (ISSET(rt->rt_flags, RTF_STATIC|RTF_LOCAL)) { 1075 rtfree(rt); 1076 return; 1077 } 1078 is_newentry = 0; 1079 } 1080 1081 if (!rt) 1082 return; 1083 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1084 fail: 1085 nd6_free(rt, i_am_router); 1086 rtfree(rt); 1087 return; 1088 } 1089 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1090 if (ln == NULL) 1091 goto fail; 1092 if (rt->rt_gateway == NULL) 1093 goto fail; 1094 if (rt->rt_gateway->sa_family != AF_LINK) 1095 goto fail; 1096 sdl = satosdl(rt->rt_gateway); 1097 1098 olladdr = (sdl->sdl_alen) ? 1 : 0; 1099 if (olladdr && lladdr) { 1100 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1101 llchange = 1; 1102 else 1103 llchange = 0; 1104 } else 1105 llchange = 0; 1106 1107 /* 1108 * newentry olladdr lladdr llchange (*=record) 1109 * 0 n n -- (1) 1110 * 0 y n -- (2) 1111 * 0 n y -- (3) * STALE 1112 * 0 y y n (4) * 1113 * 0 y y y (5) * STALE 1114 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1115 * 1 -- y -- (7) * STALE 1116 */ 1117 1118 if (llchange) { 1119 char addr[INET6_ADDRSTRLEN]; 1120 log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n", 1121 inet_ntop(AF_INET6, from, addr, sizeof(addr)), 1122 ether_sprintf(lladdr), ifp->if_xname); 1123 } 1124 if (lladdr) { /* (3-5) and (7) */ 1125 /* 1126 * Record source link-layer address 1127 * XXX is it dependent to ifp->if_type? 1128 */ 1129 sdl->sdl_alen = ifp->if_addrlen; 1130 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1131 } 1132 1133 if (!is_newentry) { 1134 if ((!olladdr && lladdr) || /* (3) */ 1135 (olladdr && lladdr && llchange)) { /* (5) */ 1136 do_update = 1; 1137 newstate = ND6_LLINFO_STALE; 1138 } else /* (1-2,4) */ 1139 do_update = 0; 1140 } else { 1141 do_update = 1; 1142 if (!lladdr) /* (6) */ 1143 newstate = ND6_LLINFO_NOSTATE; 1144 else /* (7) */ 1145 newstate = ND6_LLINFO_STALE; 1146 } 1147 1148 if (do_update) { 1149 /* 1150 * Update the state of the neighbor cache. 1151 */ 1152 ln->ln_state = newstate; 1153 1154 if (ln->ln_state == ND6_LLINFO_STALE) { 1155 /* 1156 * Since nd6_resolve() in ifp->if_output() will cause 1157 * state transition to DELAY and reset the timer, 1158 * we must set the timer now, although it is actually 1159 * meaningless. 1160 */ 1161 nd6_llinfo_settimer(ln, nd6_gctimer); 1162 if_output_mq(ifp, &ln->ln_mq, &ln_hold_total, 1163 rt_key(rt), rt); 1164 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1165 /* probe right away */ 1166 nd6_llinfo_settimer(ln, 0); 1167 } 1168 } 1169 1170 /* 1171 * ICMP6 type dependent behavior. 1172 * 1173 * NS: clear IsRouter if new entry 1174 * RS: clear IsRouter 1175 * RA: set IsRouter if there's lladdr 1176 * redir: clear IsRouter if new entry 1177 * 1178 * RA case, (1): 1179 * The spec says that we must set IsRouter in the following cases: 1180 * - If lladdr exist, set IsRouter. This means (1-5). 1181 * - If it is old entry (!newentry), set IsRouter. This means (7). 1182 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1183 * A question arises for (1) case. (1) case has no lladdr in the 1184 * neighbor cache, this is similar to (6). 1185 * This case is rare but we figured that we MUST NOT set IsRouter. 1186 * 1187 * newentry olladdr lladdr llchange NS RS RA redir 1188 * D R 1189 * 0 n n -- (1) c ? s 1190 * 0 y n -- (2) c s s 1191 * 0 n y -- (3) c s s 1192 * 0 y y n (4) c s s 1193 * 0 y y y (5) c s s 1194 * 1 -- n -- (6) c c c s 1195 * 1 -- y -- (7) c c s c s 1196 * 1197 * (c=clear s=set) 1198 */ 1199 switch (type & 0xff) { 1200 case ND_NEIGHBOR_SOLICIT: 1201 /* 1202 * New entry must have is_router flag cleared. 1203 */ 1204 if (is_newentry) /* (6-7) */ 1205 ln->ln_router = 0; 1206 break; 1207 case ND_REDIRECT: 1208 /* 1209 * If the icmp is a redirect to a better router, always set the 1210 * is_router flag. Otherwise, if the entry is newly created, 1211 * clear the flag. [RFC 2461, sec 8.3] 1212 */ 1213 if (code == ND_REDIRECT_ROUTER) 1214 ln->ln_router = 1; 1215 else if (is_newentry) /* (6-7) */ 1216 ln->ln_router = 0; 1217 break; 1218 case ND_ROUTER_SOLICIT: 1219 /* 1220 * is_router flag must always be cleared. 1221 */ 1222 ln->ln_router = 0; 1223 break; 1224 case ND_ROUTER_ADVERT: 1225 /* 1226 * Mark an entry with lladdr as a router. 1227 */ 1228 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1229 (is_newentry && lladdr)) { /* (7) */ 1230 ln->ln_router = 1; 1231 } 1232 break; 1233 } 1234 1235 rtfree(rt); 1236 } 1237 1238 void 1239 nd6_slowtimo(void *ignored_arg) 1240 { 1241 struct nd_ifinfo *nd6if; 1242 struct ifnet *ifp; 1243 1244 NET_LOCK(); 1245 1246 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 1247 1248 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 1249 nd6if = ifp->if_nd; 1250 if ((nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1251 /* 1252 * Since reachable time rarely changes by router 1253 * advertisements, we SHOULD insure that a new random 1254 * value gets recomputed at least once every few hours. 1255 * (RFC 2461, 6.3.4) 1256 */ 1257 nd6if->recalctm = ND6_RECALC_REACHTM_INTERVAL; 1258 nd6if->reachable = ND_COMPUTE_RTIME(REACHABLE_TIME); 1259 } 1260 } 1261 NET_UNLOCK(); 1262 } 1263 1264 int 1265 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1266 struct sockaddr *dst, u_char *desten) 1267 { 1268 struct sockaddr_dl *sdl; 1269 struct rtentry *rt; 1270 struct llinfo_nd6 *ln; 1271 struct in6_addr saddr6; 1272 time_t uptime; 1273 int solicit = 0; 1274 1275 if (m->m_flags & M_MCAST) { 1276 ETHER_MAP_IPV6_MULTICAST(&satosin6(dst)->sin6_addr, desten); 1277 return (0); 1278 } 1279 1280 uptime = getuptime(); 1281 rt = rt_getll(rt0); 1282 1283 if (ISSET(rt->rt_flags, RTF_REJECT) && 1284 (rt->rt_expire == 0 || rt->rt_expire > uptime)) { 1285 m_freem(m); 1286 return (rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 1287 } 1288 1289 /* 1290 * Address resolution or Neighbor Unreachability Detection 1291 * for the next hop. 1292 * At this point, the destination of the packet must be a unicast 1293 * or an anycast address(i.e. not a multicast). 1294 */ 1295 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1296 char addr[INET6_ADDRSTRLEN]; 1297 log(LOG_DEBUG, "%s: %s: route contains no ND information\n", 1298 __func__, inet_ntop(AF_INET6, 1299 &satosin6(rt_key(rt))->sin6_addr, addr, sizeof(addr))); 1300 goto bad; 1301 } 1302 1303 if (rt->rt_gateway->sa_family != AF_LINK) { 1304 printf("%s: something odd happens\n", __func__); 1305 goto bad; 1306 } 1307 1308 mtx_enter(&nd6_mtx); 1309 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1310 if (ln == NULL) { 1311 mtx_leave(&nd6_mtx); 1312 goto bad; 1313 } 1314 1315 /* 1316 * Move this entry to the head of the queue so that it is less likely 1317 * for this entry to be a target of forced garbage collection (see 1318 * nd6_rtrequest()). 1319 */ 1320 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1321 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 1322 1323 /* 1324 * The first time we send a packet to a neighbor whose entry is 1325 * STALE, we have to change the state to DELAY and set a timer to 1326 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure we do 1327 * neighbor unreachability detection on expiration. 1328 * (RFC 2461 7.3.3) 1329 */ 1330 if (ln->ln_state == ND6_LLINFO_STALE) { 1331 ln->ln_asked = 0; 1332 ln->ln_state = ND6_LLINFO_DELAY; 1333 nd6_llinfo_settimer(ln, nd6_delay); 1334 } 1335 1336 /* 1337 * If the neighbor cache entry has a state other than INCOMPLETE 1338 * (i.e. its link-layer address is already resolved), just 1339 * send the packet. 1340 */ 1341 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 1342 mtx_leave(&nd6_mtx); 1343 1344 sdl = satosdl(rt->rt_gateway); 1345 if (sdl->sdl_alen != ETHER_ADDR_LEN) { 1346 char addr[INET6_ADDRSTRLEN]; 1347 log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", 1348 __func__, 1349 inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr, 1350 addr, sizeof(addr))); 1351 goto bad; 1352 } 1353 1354 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1355 return (0); 1356 } 1357 1358 /* 1359 * There is a neighbor cache entry, but no ethernet address 1360 * response yet. Insert mbuf in hold queue if below limit. 1361 * If above the limit free the queue without queuing the new packet. 1362 */ 1363 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1364 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1365 /* source address of prompting packet is needed by nd6_ns_output() */ 1366 if (m->m_len >= sizeof(struct ip6_hdr)) { 1367 memcpy(&ln->ln_saddr6, &mtod(m, struct ip6_hdr *)->ip6_src, 1368 sizeof(ln->ln_saddr6)); 1369 } 1370 if (atomic_inc_int_nv(&ln_hold_total) <= LN_HOLD_TOTAL) { 1371 if (mq_push(&ln->ln_mq, m) != 0) 1372 atomic_dec_int(&ln_hold_total); 1373 } else { 1374 atomic_sub_int(&ln_hold_total, mq_purge(&ln->ln_mq) + 1); 1375 m_freem(m); 1376 } 1377 1378 /* 1379 * If there has been no NS for the neighbor after entering the 1380 * INCOMPLETE state, send the first solicitation. 1381 */ 1382 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1383 ln->ln_asked++; 1384 nd6_llinfo_settimer(ln, RETRANS_TIMER / 1000); 1385 saddr6 = ln->ln_saddr6; 1386 solicit = 1; 1387 } 1388 mtx_leave(&nd6_mtx); 1389 1390 if (solicit) 1391 nd6_ns_output(ifp, NULL, &satosin6(dst)->sin6_addr, &saddr6, 0); 1392 return (EAGAIN); 1393 1394 bad: 1395 m_freem(m); 1396 return (EINVAL); 1397 } 1398 1399 int 1400 nd6_need_cache(struct ifnet *ifp) 1401 { 1402 /* 1403 * RFC2893 says: 1404 * - unidirectional tunnels needs no ND 1405 */ 1406 switch (ifp->if_type) { 1407 case IFT_ETHER: 1408 case IFT_IEEE80211: 1409 case IFT_CARP: 1410 return (1); 1411 default: 1412 return (0); 1413 } 1414 } 1415