1 /* $OpenBSD: mld6.c,v 1.64 2024/08/19 08:07:16 jsg Exp $ */ 2 /* $KAME: mld6.c,v 1.26 2001/02/16 14:50:35 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1988 Stephen Deering. 35 * Copyright (c) 1992, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * This code is derived from software contributed to Berkeley by 39 * Stephen Deering of Stanford University. 40 * 41 * Redistribution and use in source and binary forms, with or without 42 * modification, are permitted provided that the following conditions 43 * are met: 44 * 1. Redistributions of source code must retain the above copyright 45 * notice, this list of conditions and the following disclaimer. 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in the 48 * documentation and/or other materials provided with the distribution. 49 * 3. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)igmp.c 8.1 (Berkeley) 7/19/93 66 */ 67 68 #include <sys/param.h> 69 #include <sys/systm.h> 70 #include <sys/mbuf.h> 71 #include <sys/socket.h> 72 #include <sys/protosw.h> 73 #include <sys/syslog.h> 74 75 #include <net/if.h> 76 #include <net/if_var.h> 77 #include <net/route.h> 78 79 #include <netinet/in.h> 80 #include <netinet6/in6_var.h> 81 #include <netinet/ip6.h> 82 #include <netinet6/ip6_var.h> 83 #include <netinet/icmp6.h> 84 #include <netinet6/mld6.h> 85 #include <netinet6/mld6_var.h> 86 87 static struct ip6_pktopts ip6_opts; 88 int mld6_timers_are_running; /* [a] shortcut for fast timer */ 89 90 int mld6_checktimer(struct ifnet *); 91 static void mld6_sendpkt(struct in6_multi *, int, const struct in6_addr *); 92 93 void 94 mld6_init(void) 95 { 96 static u_int8_t hbh_buf[8]; 97 struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf; 98 u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD); 99 100 mld6_timers_are_running = 0; 101 102 /* ip6h_nxt will be fill in later */ 103 hbh->ip6h_len = 0; /* (8 >> 3) - 1 */ 104 105 /* XXX: grotty hard coding... */ 106 hbh_buf[2] = IP6OPT_PADN; /* 2 byte padding */ 107 hbh_buf[3] = 0; 108 hbh_buf[4] = IP6OPT_ROUTER_ALERT; 109 hbh_buf[5] = IP6OPT_RTALERT_LEN - 2; 110 memcpy(&hbh_buf[6], (caddr_t)&rtalert_code, sizeof(u_int16_t)); 111 112 ip6_initpktopts(&ip6_opts); 113 ip6_opts.ip6po_hbh = hbh; 114 } 115 116 void 117 mld6_start_listening(struct in6_multi *in6m) 118 { 119 /* XXX: These are necessary for KAME's link-local hack */ 120 struct in6_addr all_nodes = IN6ADDR_LINKLOCAL_ALLNODES_INIT; 121 int running = 0; 122 123 /* 124 * RFC2710 page 10: 125 * The node never sends a Report or Done for the link-scope all-nodes 126 * address. 127 * MLD messages are never sent for multicast addresses whose scope is 0 128 * (reserved) or 1 (node-local). 129 */ 130 all_nodes.s6_addr16[1] = htons(in6m->in6m_ifidx); 131 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_nodes) || 132 __IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < 133 __IPV6_ADDR_SCOPE_LINKLOCAL) { 134 in6m->in6m_timer = 0; 135 in6m->in6m_state = MLD_OTHERLISTENER; 136 } else { 137 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 138 in6m->in6m_timer = 139 MLD_RANDOM_DELAY(MLD_V1_MAX_RI * 140 PR_FASTHZ); 141 in6m->in6m_state = MLD_IREPORTEDLAST; 142 running = 1; 143 } 144 145 if (running) { 146 membar_producer(); 147 atomic_store_int(&mld6_timers_are_running, running); 148 } 149 } 150 151 void 152 mld6_stop_listening(struct in6_multi *in6m) 153 { 154 /* XXX: These are necessary for KAME's link-local hack */ 155 struct in6_addr all_nodes = IN6ADDR_LINKLOCAL_ALLNODES_INIT; 156 struct in6_addr all_routers = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; 157 158 all_nodes.s6_addr16[1] = htons(in6m->in6m_ifidx); 159 /* XXX: necessary when mrouting */ 160 all_routers.s6_addr16[1] = htons(in6m->in6m_ifidx); 161 162 if (in6m->in6m_state == MLD_IREPORTEDLAST && 163 (!IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_nodes)) && 164 __IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) > 165 __IPV6_ADDR_SCOPE_INTFACELOCAL) 166 mld6_sendpkt(in6m, MLD_LISTENER_DONE, &all_routers); 167 } 168 169 void 170 mld6_input(struct mbuf *m, int off) 171 { 172 struct ip6_hdr *ip6; 173 struct mld_hdr *mldh; 174 struct ifnet *ifp; 175 struct in6_multi *in6m; 176 struct ifmaddr *ifma; 177 int timer; /* timer value in the MLD query header */ 178 int running = 0; 179 /* XXX: These are necessary for KAME's link-local hack */ 180 struct in6_addr all_nodes = IN6ADDR_LINKLOCAL_ALLNODES_INIT; 181 182 IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); 183 if (mldh == NULL) { 184 icmp6stat_inc(icp6s_tooshort); 185 return; 186 } 187 188 /* source address validation */ 189 ip6 = mtod(m, struct ip6_hdr *);/* in case mpullup */ 190 if (!IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) { 191 #if 0 192 char src[INET6_ADDRSTRLEN], grp[INET6_ADDRSTRLEN]; 193 194 log(LOG_ERR, 195 "mld_input: src %s is not link-local (grp=%s)\n", 196 inet_ntop(AF_INET6, &ip6->ip6_src, src, sizeof(src)), 197 inet_ntop(AF_INET6, &mldh->mld_addr, grp, sizeof(grp))); 198 #endif 199 /* 200 * spec (RFC2710) does not explicitly 201 * specify to discard the packet from a non link-local 202 * source address. But we believe it's expected to do so. 203 */ 204 m_freem(m); 205 return; 206 } 207 208 ifp = if_get(m->m_pkthdr.ph_ifidx); 209 if (ifp == NULL) { 210 m_freem(m); 211 return; 212 } 213 214 /* 215 * In the MLD6 specification, there are 3 states and a flag. 216 * 217 * In Non-Listener state, we simply don't have a membership record. 218 * In Delaying Listener state, our timer is running (in6m->in6m_timer) 219 * In Idle Listener state, our timer is not running (in6m->in6m_timer==0) 220 * 221 * The flag is in6m->in6m_state, it is set to MLD_OTHERLISTENER if 222 * we have heard a report from another member, or MLD_IREPORTEDLAST 223 * if we sent the last report. 224 */ 225 switch(mldh->mld_type) { 226 case MLD_LISTENER_QUERY: 227 if (ifp->if_flags & IFF_LOOPBACK) 228 break; 229 230 if (!IN6_IS_ADDR_UNSPECIFIED(&mldh->mld_addr) && 231 !IN6_IS_ADDR_MULTICAST(&mldh->mld_addr)) 232 break; /* print error or log stat? */ 233 if (IN6_IS_ADDR_MC_LINKLOCAL(&mldh->mld_addr)) 234 mldh->mld_addr.s6_addr16[1] = 235 htons(ifp->if_index); /* XXX */ 236 237 /* 238 * - Start the timers in all of our membership records 239 * that the query applies to for the interface on 240 * which the query arrived excl. those that belong 241 * to the "all-nodes" group (ff02::1). 242 * - Restart any timer that is already running but has 243 * A value longer than the requested timeout. 244 * - Use the value specified in the query message as 245 * the maximum timeout. 246 */ 247 248 /* 249 * XXX: System timer resolution is too low to handle Max 250 * Response Delay, so set 1 to the internal timer even if 251 * the calculated value equals to zero when Max Response 252 * Delay is positive. 253 */ 254 timer = ntohs(mldh->mld_maxdelay)*PR_FASTHZ/MLD_TIMER_SCALE; 255 if (timer == 0 && mldh->mld_maxdelay) 256 timer = 1; 257 all_nodes.s6_addr16[1] = htons(ifp->if_index); 258 259 TAILQ_FOREACH(ifma, &ifp->if_maddrlist, ifma_list) { 260 if (ifma->ifma_addr->sa_family != AF_INET6) 261 continue; 262 in6m = ifmatoin6m(ifma); 263 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_nodes) || 264 __IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < 265 __IPV6_ADDR_SCOPE_LINKLOCAL) 266 continue; 267 268 if (IN6_IS_ADDR_UNSPECIFIED(&mldh->mld_addr) || 269 IN6_ARE_ADDR_EQUAL(&mldh->mld_addr, 270 &in6m->in6m_addr)) 271 { 272 if (timer == 0) { 273 /* send a report immediately */ 274 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, 275 NULL); 276 in6m->in6m_timer = 0; /* reset timer */ 277 in6m->in6m_state = MLD_IREPORTEDLAST; 278 } else if (in6m->in6m_timer == 0 || /* idle */ 279 in6m->in6m_timer > timer) { 280 in6m->in6m_timer = 281 MLD_RANDOM_DELAY(timer); 282 running = 1; 283 } 284 } 285 } 286 287 if (IN6_IS_ADDR_MC_LINKLOCAL(&mldh->mld_addr)) 288 mldh->mld_addr.s6_addr16[1] = 0; /* XXX */ 289 break; 290 case MLD_LISTENER_REPORT: 291 /* 292 * For fast leave to work, we have to know that we are the 293 * last person to send a report for this group. Reports 294 * can potentially get looped back if we are a multicast 295 * router, so discard reports sourced by me. 296 * Note that it is impossible to check IFF_LOOPBACK flag of 297 * ifp for this purpose, since ip6_mloopback pass the physical 298 * interface to if_input_local(). 299 */ 300 if (m->m_flags & M_LOOP) /* XXX: grotty flag, but efficient */ 301 break; 302 303 if (!IN6_IS_ADDR_MULTICAST(&mldh->mld_addr)) 304 break; 305 306 if (IN6_IS_ADDR_MC_LINKLOCAL(&mldh->mld_addr)) 307 mldh->mld_addr.s6_addr16[1] = 308 htons(ifp->if_index); /* XXX */ 309 /* 310 * If we belong to the group being reported, stop 311 * our timer for that group. 312 */ 313 IN6_LOOKUP_MULTI(mldh->mld_addr, ifp, in6m); 314 if (in6m) { 315 in6m->in6m_timer = 0; /* transit to idle state */ 316 in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */ 317 } 318 319 if (IN6_IS_ADDR_MC_LINKLOCAL(&mldh->mld_addr)) 320 mldh->mld_addr.s6_addr16[1] = 0; /* XXX */ 321 break; 322 default: /* this is impossible */ 323 #if 0 324 /* 325 * this case should be impossible because of filtering in 326 * icmp6_input(). But we explicitly disabled this part 327 * just in case. 328 */ 329 log(LOG_ERR, "mld_input: illegal type(%d)", mldh->mld_type); 330 #endif 331 break; 332 } 333 334 if (running) { 335 membar_producer(); 336 atomic_store_int(&mld6_timers_are_running, running); 337 } 338 339 if_put(ifp); 340 m_freem(m); 341 } 342 343 void 344 mld6_fasttimeo(void) 345 { 346 struct ifnet *ifp; 347 int running = 0; 348 349 /* 350 * Quick check to see if any work needs to be done, in order 351 * to minimize the overhead of fasttimo processing. 352 * Variable mld6_timers_are_running is read atomically, but without 353 * lock intentionally. In case it is not set due to MP races, we may 354 * miss to check the timers. Then run the loop at next fast timeout. 355 */ 356 if (!atomic_load_int(&mld6_timers_are_running)) 357 return; 358 membar_consumer(); 359 360 NET_LOCK(); 361 362 TAILQ_FOREACH(ifp, &ifnetlist, if_list) { 363 if (mld6_checktimer(ifp)) 364 running = 1; 365 } 366 367 membar_producer(); 368 atomic_store_int(&mld6_timers_are_running, running); 369 370 NET_UNLOCK(); 371 } 372 373 int 374 mld6_checktimer(struct ifnet *ifp) 375 { 376 struct in6_multi *in6m; 377 struct ifmaddr *ifma; 378 int running = 0; 379 380 NET_ASSERT_LOCKED(); 381 382 TAILQ_FOREACH(ifma, &ifp->if_maddrlist, ifma_list) { 383 if (ifma->ifma_addr->sa_family != AF_INET6) 384 continue; 385 in6m = ifmatoin6m(ifma); 386 if (in6m->in6m_timer == 0) { 387 /* do nothing */ 388 } else if (--in6m->in6m_timer == 0) { 389 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 390 in6m->in6m_state = MLD_IREPORTEDLAST; 391 } else { 392 running = 1; 393 } 394 } 395 396 return (running); 397 } 398 399 static void 400 mld6_sendpkt(struct in6_multi *in6m, int type, const struct in6_addr *dst) 401 { 402 struct mbuf *mh, *md; 403 struct mld_hdr *mldh; 404 struct ip6_hdr *ip6; 405 struct ip6_moptions im6o; 406 struct in6_ifaddr *ia6; 407 struct ifnet *ifp; 408 int ignflags; 409 410 ifp = if_get(in6m->in6m_ifidx); 411 if (ifp == NULL) 412 return; 413 414 /* 415 * At first, find a link local address on the outgoing interface 416 * to use as the source address of the MLD packet. 417 * We do not reject tentative addresses for MLD report to deal with 418 * the case where we first join a link-local address. 419 */ 420 ignflags = IN6_IFF_DUPLICATED|IN6_IFF_ANYCAST; 421 if ((ia6 = in6ifa_ifpforlinklocal(ifp, ignflags)) == NULL) { 422 if_put(ifp); 423 return; 424 } 425 if ((ia6->ia6_flags & IN6_IFF_TENTATIVE)) 426 ia6 = NULL; 427 428 /* 429 * Allocate mbufs to store ip6 header and MLD header. 430 * We allocate 2 mbufs and make chain in advance because 431 * it is more convenient when inserting the hop-by-hop option later. 432 */ 433 MGETHDR(mh, M_DONTWAIT, MT_HEADER); 434 if (mh == NULL) { 435 if_put(ifp); 436 return; 437 } 438 MGET(md, M_DONTWAIT, MT_DATA); 439 if (md == NULL) { 440 m_free(mh); 441 if_put(ifp); 442 return; 443 } 444 mh->m_next = md; 445 446 mh->m_pkthdr.ph_ifidx = 0; 447 mh->m_pkthdr.ph_rtableid = ifp->if_rdomain; 448 mh->m_pkthdr.len = sizeof(struct ip6_hdr) + sizeof(struct mld_hdr); 449 mh->m_len = sizeof(struct ip6_hdr); 450 m_align(mh, sizeof(struct ip6_hdr)); 451 452 /* fill in the ip6 header */ 453 ip6 = mtod(mh, struct ip6_hdr *); 454 ip6->ip6_flow = 0; 455 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 456 ip6->ip6_vfc |= IPV6_VERSION; 457 /* ip6_plen will be set later */ 458 ip6->ip6_nxt = IPPROTO_ICMPV6; 459 /* ip6_hlim will be set by im6o.im6o_hlim */ 460 ip6->ip6_src = ia6 ? ia6->ia_addr.sin6_addr : in6addr_any; 461 ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; 462 463 /* fill in the MLD header */ 464 md->m_len = sizeof(struct mld_hdr); 465 mldh = mtod(md, struct mld_hdr *); 466 mldh->mld_type = type; 467 mldh->mld_code = 0; 468 mldh->mld_cksum = 0; 469 /* XXX: we assume the function will not be called for query messages */ 470 mldh->mld_maxdelay = 0; 471 mldh->mld_reserved = 0; 472 mldh->mld_addr = in6m->in6m_addr; 473 if (IN6_IS_ADDR_MC_LINKLOCAL(&mldh->mld_addr)) 474 mldh->mld_addr.s6_addr16[1] = 0; /* XXX */ 475 mh->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT; 476 477 /* construct multicast option */ 478 bzero(&im6o, sizeof(im6o)); 479 im6o.im6o_ifidx = ifp->if_index; 480 im6o.im6o_hlim = 1; 481 482 /* 483 * Request loopback of the report if we are acting as a multicast 484 * router, so that the process-level routing daemon can hear it. 485 */ 486 #ifdef MROUTING 487 im6o.im6o_loop = (ip6_mrouter[ifp->if_rdomain] != NULL); 488 #endif 489 if_put(ifp); 490 491 icmp6stat_inc(icp6s_outhist + type); 492 ip6_output(mh, &ip6_opts, NULL, ia6 ? 0 : IPV6_UNSPECSRC, &im6o, 493 NULL); 494 } 495